of_pci_iommu_init() tries to be clever and stop its alias walk at the
device represented by master_np, in case of weird PCI topologies where
the bridge to the IOMMU and the rest of the system is not at the root.
It turns out this is a bit short-sighted, since there are plenty of
other callers of pci_for_each_dma_alias() which would also need the same
behaviour in that situation, and the only platform so far with such a
topology (Cavium ThunderX2) already solves it more generally via a PCI
quirk. As this check is effectively redundant, and returning a boolean
value as an int is a bit broken anyway, let's just get rid of it.
Reported-by: Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
Fixes: d87beb7492 ("iommu/of: Handle PCI aliases properly")
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Tested-by: Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
In linux-4.13, Wei worked hard to convert dst to a traditional
refcounted model, removing GC.
We now want to make sure a dst refcount can not transition from 0 back
to 1.
The problem here is that input path attached a not refcounted dst to an
skb. Then later, because packet is forwarded and hits skb_dst_force()
before exiting RCU section, we might try to take a refcount on one dst
that is about to be freed, if another cpu saw 1 -> 0 transition in
dst_release() and queued the dst for freeing after one RCU grace period.
Lets unify skb_dst_force() and skb_dst_force_safe(), since we should
always perform the complete check against dst refcount, and not assume
it is not zero.
Bugzilla : https://bugzilla.kernel.org/show_bug.cgi?id=197005
[ 989.919496] skb_dst_force+0x32/0x34
[ 989.919498] __dev_queue_xmit+0x1ad/0x482
[ 989.919501] ? eth_header+0x28/0xc6
[ 989.919502] dev_queue_xmit+0xb/0xd
[ 989.919504] neigh_connected_output+0x9b/0xb4
[ 989.919507] ip_finish_output2+0x234/0x294
[ 989.919509] ? ipt_do_table+0x369/0x388
[ 989.919510] ip_finish_output+0x12c/0x13f
[ 989.919512] ip_output+0x53/0x87
[ 989.919513] ip_forward_finish+0x53/0x5a
[ 989.919515] ip_forward+0x2cb/0x3e6
[ 989.919516] ? pskb_trim_rcsum.part.9+0x4b/0x4b
[ 989.919518] ip_rcv_finish+0x2e2/0x321
[ 989.919519] ip_rcv+0x26f/0x2eb
[ 989.919522] ? vlan_do_receive+0x4f/0x289
[ 989.919523] __netif_receive_skb_core+0x467/0x50b
[ 989.919526] ? tcp_gro_receive+0x239/0x239
[ 989.919529] ? inet_gro_receive+0x226/0x238
[ 989.919530] __netif_receive_skb+0x4d/0x5f
[ 989.919532] netif_receive_skb_internal+0x5c/0xaf
[ 989.919533] napi_gro_receive+0x45/0x81
[ 989.919536] ixgbe_poll+0xc8a/0xf09
[ 989.919539] ? kmem_cache_free_bulk+0x1b6/0x1f7
[ 989.919540] net_rx_action+0xf4/0x266
[ 989.919543] __do_softirq+0xa8/0x19d
[ 989.919545] irq_exit+0x5d/0x6b
[ 989.919546] do_IRQ+0x9c/0xb5
[ 989.919548] common_interrupt+0x93/0x93
[ 989.919548] </IRQ>
Similarly dst_clone() can use dst_hold() helper to have additional
debugging, as a follow up to commit 44ebe79149 ("net: add debug
atomic_inc_not_zero() in dst_hold()")
In net-next we will convert dst atomic_t to refcount_t for peace of
mind.
Fixes: a4c2fd7f78 ("net: remove DST_NOCACHE flag")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Wei Wang <weiwan@google.com>
Reported-by: Paweł Staszewski <pstaszewski@itcare.pl>
Bisected-by: Paweł Staszewski <pstaszewski@itcare.pl>
Acked-by: Wei Wang <weiwan@google.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Given NR_IRQS is 2048 on sparc64, and even 32784 on alpha, 3 digits is
not enough to represent interrupt numbers on all architectures. Hence
PHY interrupt numbers may be truncated during printing.
Increase the buffer size from 4 to 8 bytes to fix this.
Fixes: 5e369aefdc ("net: stmmac: Delete dead code for MDIO registration")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pull libnvdimm fixes from Dan Williams:
"A crash fix and corresponding regression test enabling for the crash
scenario. The unit test for this crash is available in ndctl-v58.2.
This branch has received a build success notification from the
0day-kbuild robot over 148 configs. The fix is tagged for -stable /
backport to 4.13"
* 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
libnvdimm, namespace: fix btt claim class crash
tools/testing/nvdimm: disable labels for nfit_test.1
The clock-cell size is 1 on stm32h7 plaform.
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@st.com>
Fixes: 3e4d618b07 ("clk: stm32h7: Add stm32h743 clock driver")
Signed-off-by: Rob Herring <robh@kernel.org>
Normally, when input device supporting force feedback effects is being
destroyed, we try to "flush" currently playing effects, so that the
physical device does not continue vibrating (or executing other effects).
Unfortunately this does not work well for uinput as flushing of the effects
deadlocks with the destroy action:
- if device is being destroyed because the file descriptor is being closed,
then there is noone to even service FF requests;
- if device is being destroyed because userspace sent UI_DEV_DESTROY,
while theoretically it could be possible to service FF requests,
userspace is unlikely to do so (they'd need to make sure FF handling
happens on a separate thread) even if kernel solves the issue with FF
ioctls deadlocking with UI_DEV_DESTROY ioctl on udev->mutex.
To avoid lockups like the one below, let's install a custom input device
flush handler, and avoid trying to flush force feedback effects when we
destroying the device, and instead rely on uinput to shut off the device
properly.
NMI watchdog: Watchdog detected hard LOCKUP on cpu 3
...
<<EOE>> [<ffffffff817a0307>] _raw_spin_lock_irqsave+0x37/0x40
[<ffffffff810e633d>] complete+0x1d/0x50
[<ffffffffa00ba08c>] uinput_request_done+0x3c/0x40 [uinput]
[<ffffffffa00ba587>] uinput_request_submit.part.7+0x47/0xb0 [uinput]
[<ffffffffa00bb62b>] uinput_dev_erase_effect+0x5b/0x76 [uinput]
[<ffffffff815d91ad>] erase_effect+0xad/0xf0
[<ffffffff815d929d>] flush_effects+0x4d/0x90
[<ffffffff815d4cc0>] input_flush_device+0x40/0x60
[<ffffffff815daf1c>] evdev_cleanup+0xac/0xc0
[<ffffffff815daf5b>] evdev_disconnect+0x2b/0x60
[<ffffffff815d74ac>] __input_unregister_device+0xac/0x150
[<ffffffff815d75f7>] input_unregister_device+0x47/0x70
[<ffffffffa00bac45>] uinput_destroy_device+0xb5/0xc0 [uinput]
[<ffffffffa00bb2de>] uinput_ioctl_handler.isra.9+0x65e/0x740 [uinput]
[<ffffffff811231ab>] ? do_futex+0x12b/0xad0
[<ffffffffa00bb3f8>] uinput_ioctl+0x18/0x20 [uinput]
[<ffffffff81241248>] do_vfs_ioctl+0x298/0x480
[<ffffffff81337553>] ? security_file_ioctl+0x43/0x60
[<ffffffff812414a9>] SyS_ioctl+0x79/0x90
[<ffffffff817a04ee>] entry_SYSCALL_64_fastpath+0x12/0x71
Reported-by: Rodrigo Rivas Costa <rodrigorivascosta@gmail.com>
Reported-by: Clément VUCHENER <clement.vuchener@gmail.com>
Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=193741
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Ursula Braun says:
====================
net/smc: bug fixes 2017-09-20
here is a collection of small smc-patches built for net fixing
smc problems in different areas.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Usually socket closing is delayed if there is still data available in
the send buffer to be transmitted. If a process is killed, the delay
should be avoided.
Signed-off-by: Ursula Braun <ubraun@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The number of outstanding work requests is limited. If all work
requests are in use, tx processing is postponed to another scheduling
of the tx worker. Switch to a delayed worker to have a gap for tx
completion queue events before the next retry.
Signed-off-by: Ursula Braun <ubraun@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
An out-of-sync condition can just be detected by the client.
If the server receives a CLC DECLINE message indicating an out-of-sync
condition for the link groups, the server must clean up the out-of-sync
link group.
There is no need for an extra third parameter in smc_clc_send_decline().
Signed-off-by: Ursula Braun <ubraun@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Client link group creation always follows the server linkgroup creation.
If peer creates a new server link group, client has to create a new
client link group. If peer reuses a server link group for a new
connection, client has to reuse its client link group as well. This
patch introduces a longer delay for client link group removal to make
sure this link group still exists, once the peer decides to reuse a
server link group. This avoids out-of-sync conditions for link groups.
If already scheduled, modify the delay.
Signed-off-by: Ursula Braun <ubraun@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The solicited flag is meaningful for the receive completion queue.
Ask for next work completion of any type on the send queue.
Signed-off-by: Ursula Braun <ubraun@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
smc_pnet_fill_entry() uses dev_get_by_name() adding a refcount to ndev.
The following smc_pnet_enter() has to reduce the refcount if the entry
to be added exists already in the pnet table.
Signed-off-by: Ursula Braun <ubraun@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
smc_netinfo_by_tcpsk() looks up the routing cache. Such a lookup requires
protection by an RCU read lock.
Signed-off-by: Ursula Braun <ubraun@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The SMC receive function currently lacks a timeout check under the
condition that no data were received and no data are available. This
patch adds such a check.
Signed-off-by: Hans Wippel <hwippel@linux.vnet.ibm.com>
Signed-off-by: Ursula Braun <ubraun@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
In the infiniband part, SMC currently uses get_netdev which calls
dev_hold on the returned net device. However, the SMC code never calls
dev_put on that net device resulting in a wrong reference count.
This patch adds a dev_put after the usage of the net device to fix the
issue.
Signed-off-by: Hans Wippel <hwippel@linux.vnet.ibm.com>
Signed-off-by: Ursula Braun <ubraun@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Make sure (of/i2c/platform)_device_id tables are NULL terminated.
Found by coccinelle spatch "misc/of_table.cocci"
Signed-off-by: Thomas Meyer <thomas@m3y3r.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Nisar Sayed says:
====================
lan78xx: This series of patches are for lan78xx driver.
This series of patches are for lan78xx driver.
These patches fixes potential issues associated with lan78xx driver.
v5
- Updated changes as per comments
v4
- Updated changes to handle return values as per comments
- Updated EEPROM write handling as per comments
v3
- Updated chagnes as per comments
v2
- Added patch version information
- Added fixes tag
- Updated patch description
- Updated chagnes as per comments
v1
- Splitted patches as per comments
- Dropped "fixed_phy device support" and "Fix for system suspend" changes
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Use default value of auto duplex and auto speed values loaded
from EEPROM/OTP after reset. The LAN78xx allows platform
configurations to be loaded from EEPROM/OTP.
Ex: When external phy is connected, the MAC can be configured to
have correct auto speed, auto duplex, auto polarity configured
from the EEPROM/OTP.
Fixes: 55d7de9de6 ("Microchip's LAN7800 family USB 2/3 to 10/100/1000 Ethernet device driver")
Signed-off-by: Nisar Sayed <Nisar.Sayed@microchip.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Allow EEPROM write for less than MAX_EEPROM_SIZE
Fixes: 55d7de9de6 ("Microchip's LAN7800 family USB 2/3 to 10/100/1000 Ethernet device driver")
Signed-off-by: Nisar Sayed <Nisar.Sayed@microchip.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fix for eeprom read/write when device auto suspend
Fixes: 55d7de9de6 ("Microchip's LAN7800 family USB 2/3 to 10/100/1000 Ethernet device driver")
Signed-off-by: Nisar Sayed <Nisar.Sayed@microchip.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Florian Fainelli says:
====================
net: Bring back transceiver type for PHYLIB
With the introduction of the xLINKSETTINGS ethtool APIs, the transceiver type
was deprecated, but in that process we lost some useful information that PHYLIB
was consistently reporting about internal vs. external PHYs.
This brings back transceiver as a read-only field that is only consumed in the
legacy path where ETHTOOL_GET is called but the underlying drivers implement the
new style klink_settings API.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
With commit 2d55173e71 ("phy: add generic function to support
ksetting support"), we lost the ability to report the transceiver type
like we used to. Now that we have added back the transceiver type to
ethtool_link_settings, we can report it back like we used to and have no
loss of information.
Fixes: 3f1ac7a700 ("net: ethtool: add new ETHTOOL_xLINKSETTINGS API")
Fixes: 2d55173e71 ("phy: add generic function to support ksetting support")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit 3f1ac7a700 ("net: ethtool: add new ETHTOOL_xLINKSETTINGS API")
deprecated the ethtool_cmd::transceiver field, which was fine in
premise, except that the PHY library was actually using it to report the
type of transceiver: internal or external.
Use the first word of the reserved field to put this __u8 transceiver
field back in. It is made read-only, and we don't expect the
ETHTOOL_xLINKSETTINGS API to be doing anything with this anyway, so this
is mostly for the legacy path where we do:
ethtool_get_settings()
-> dev->ethtool_ops->get_link_ksettings()
-> convert_link_ksettings_to_legacy_settings()
to have no information loss compared to the legacy get_settings API.
Fixes: 3f1ac7a700 ("net: ethtool: add new ETHTOOL_xLINKSETTINGS API")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The EMAC has the option of sending only a single pause frame when
flow control is enabled and the RX queue is full. Although sending
only one pause frame has little value, this would allow admins to
enable automatic flow control without having to worry about the EMAC
flooding nearby switches with pause frames if the kernel hangs.
The option is enabled by using the single-pause-mode private flag.
Signed-off-by: Timur Tabi <timur@codeaurora.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
If MTU is changed the host would reject the send buffer change.
This problem is result of recent change to allow changing send
buffer size.
Every time we change the MTU, we store the previous net_device section
count before destroying the buffer, but we don’t store the previous
section size. When we reinitialize the buffer, its size is calculated
by multiplying the previous count and previous size. Since we
continuously increase the MTU, the host returns us a decreasing count
value while the section size is reinitialized to 1728 bytes every
time.
This eventually leads to a condition where the calculated buf_size is
so small that the host rejects it.
Fixes: 8b5327975a ("netvsc: allow controlling send/recv buffer size")
Signed-off-by: Alex Ng <alexng@microsoft.com>
Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fixes: c15ab236d6 ("net/sched: Change cls_flower to use IDR")
Cc: Chris Mi <chrism@mellanox.com>
Cc: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
If real-time or fair-share curves are enabled in hfsc_change_class()
class isn't inserted into rb-trees yet. Thus init_ed() and init_vf()
must be called in place of update_ed() and update_vf().
Remove isn't required because for now curves cannot be disabled.
Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
SKB stored in qdisc->gso_skb also counted into backlog.
Some qdiscs don't reset backlog to zero in ->reset(),
for example sfq just dequeue and free all queued skb.
Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Fixes: 2ccccf5fb4 ("net_sched: update hierarchical backlog too")
Signed-off-by: David S. Miller <davem@davemloft.net>
- remove firmware install from rpm-pkg / deb-pkg
- fix mismatch between release number and UTS_VERSION for rpm-pkg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJZw9qWAAoJED2LAQed4NsGfrEQAJud6a4l+hndUFTAojFEjKiY
1utFh3ivGTcuiIW95/xPVFOW3o+klyLXaRpcR78qWYedyLbR6c8uV7RSEMkwC4/C
bbg3tsK0wmRGoK72HdFebnB9Fv5rhh48r6PfXyhJ67eyCfi+alLyy7gBL8wXpO2t
T8ybTa0aOe4Am5+U4dVm/Fy/VkuYcnOUv0LkTZknUUSxmOfQKJ+H0l25DucsbNKO
ARqmrTp7t80zmkGuiOrpZyYJ4tWQXAtCijJSAwAVgAyJhalklklp6yvOOpQ/0PCF
lf5DL8QiZUFxPV4QmNADgT2k771nephhAm++omDGoYq3E1KPEvx5MdWTiAIYOOFa
svk3q5N6MmGnBPjQ5ZMPz/kDE6MHrWQejBuzmc8hVyt5hNkYeq0gUvd0htpOaHtL
ANqMtNKMC7R/5lp2fkyVfmKQ70TZatZkdoXrxRBYF+GfXe7/zdoGS3uhSs/fNvPt
YoR8AVuspfq8+BqK40AkiraWGhOXqRlS9WVSOlKSfdfFed0zjh3B0Qng3EIJFatQ
oePhYPClFA9sVfR77hqZWzaUU/85ni6qWKjaFrnIjU7yEUUAt3ZM13SHtt+iZMNi
yOqUjfOCZzCGxNvMQGQsbdvyf1LE24yIoeDXOa4VeX9zTF6Hkl4Vcg8M5MMcrwkf
fvhUuPfPEsyXy24PEyLp
=Qhfp
-----END PGP SIGNATURE-----
Merge tag 'kbuild-fixes-v4.14' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
Pull Kbuild fixes from Masahiro Yamada:
"Here are some early Kbuild fixes.
The in-kernel firmware was removed during the previous merge window.
Since then, some bug reports of broken rpm building are flying in ML.
We need to fix it now.
Summary:
- remove firmware install from rpm-pkg / deb-pkg
- fix mismatch between release number and UTS_VERSION for rpm-pkg"
* tag 'kbuild-fixes-v4.14' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
kbuild: rpm-pkg: fix version number handling
kbuild: deb-pkg: remove firmware package support
kbuild: rpm-pkg: delete firmware_install to fix build error
Pull misc fixes from Al Viro:
"A couple of regression fixes, one for this merge window, one for the
previous cycle"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
ipc/shm: Fix order of parameters when calling copy_compat_shmid_to_user
iov_iter: fix page_copy_sane for compound pages
* Fix the SFDP parsing code (bugs reported by Geert Uytterhoeven)
NAND:
* Fix a resource leak in the lpc32xx_mlc driver
* Fix a build warning in the core
-----BEGIN PGP SIGNATURE-----
iQJABAABCAAqBQJZw3NuIxxib3Jpcy5icmV6aWxsb25AZnJlZS1lbGVjdHJvbnMu
Y29tAAoJEGXtNgF+CLcAdp8P/R8wm4cZIDqfqEJwee9807uF0TM82XVXw/NSqmBA
+4UiMTeBPsOCsUC+Ti1MZzHJB6jhk9J4bs5N4wZ98f7JhcG5ub8aW0TRQvhF8XIj
AEnQvkY9/2RTNxfnaOVE7fdB/NZz7USQ9A0A6aZB/yZDenIHpUqlpHZIXJGpB5T5
NsMMYo336NtMK7eW3A4b0UIGiXYpLHHllIQZHjNyzgTdK5FSQHoDploesc0ASc7J
8TPfq7gxkUxgEvTMuZKq3van+8ey08zzU5kNL0cwhtJxXny+CG5hOGJ0M0eDanU8
/i9Pqjm7oIOueGAd0ZgKW0IzaOxwuZ+GqYl5bout10Ies2DzT5W6UMyMNFcQj/ET
qH0D1lk4tAhw+7AIMP08O/oURoMrBhNeODKiomYp15O4zByGSprQL8VYcGYCH11x
TnQ/Q6HDEh+m4m+8hTko5hTAQRn8RPAxQHFlIltyiTRUczwKhAydDdQvoT2jChXl
cOOC6E7/KqJoLJYaNslMNNEki8JXeOa3J6+KABDvGFi9uXfvEYTA2u1FGs3h8ImU
JDNYpUYk3zlmCQnWDHLNwVk1ZBRCK3KQpL0V32Lu3PrGe+oGhvIUdbgRT6icX4L2
aK/f5i5NqoK0c+lKEtB87hVqsU/9gEZLNo5sgSqf0OUBy+BkUzm5dEBc5Oafy7VS
3d+a
=mlAt
-----END PGP SIGNATURE-----
Merge tag 'mtd/fixes-for-4.14-rc2' of git://git.infradead.org/linux-mtd
Pull mtd fixes from Boris Brezillon:
"SPI NOR:
- Fix the SFDP parsing code (bugs reported by Geert Uytterhoeven)
NAND:
- Fix a resource leak in the lpc32xx_mlc driver
- Fix a build warning in the core"
* tag 'mtd/fixes-for-4.14-rc2' of git://git.infradead.org/linux-mtd:
mtd: nand: remove unused blockmask variable
mtd: nand: lpc32xx_mlc: Fix an error handling path in lpc32xx_nand_probe()
mtd: spi-nor: fix DMA unsafe buffer issue in spi_nor_read_sfdp()
mtd: spi-nor: Check consistency of the memory size extracted from the SFDP
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJZw3OGAAoJEAx081l5xIa+YtIP/R+lUNQkYsw4hxRyEC0RW6Uj
jtYjp6XG8htaIZbkqI40CS6ZPHCAsi/6+bee286S25pnDns/7RacqgUNniXi+a2L
5mMjUx3hyQssD3uJtA4BpP3lbJ1zE5GrUW/Xvn3uE5PuUh+k7jt+idpdvlhwpRxl
dbjVsvMF9LctKxlul0yrd7ln3ZhWEhVtxCNV2NS9JHYOp5z9GnNvMGZUQrzfmzow
AIXCCWiyVgB+Z2bz14T5+zFcWjmgsNcV910jGFMx3EeceQlNTHkhlXvZCXfAla1j
BSse1qi0W/gs++cZgdmvOVvN9F5YZzsZ4Vmtg2RWFrkCYtWs8hOBm3phWyyAAZeH
bOciAS9arrSUsXX4v2PX50LsBGZ1L0826SSocve1OYsmc849+OVClEc24V9+IItc
6eQey9qCWt44rSX2X7IfjXfS5yjVFwS2W2V+/ddDN4AE0tPVb3S4VQvRGFnShXe3
D3ti20mSxby+6+EpaS7JN4QZrhidCzvUcGnbffTN/gteMkxihDPoIVtv/TqHt5pL
lnfWviM6ftp2mU0M3oAuSxfkHkvGcBKZoDJeDbdEGw5RC2evDl/Cwxb5xRM7DH/A
ElkEQ6fBQOsIdWynWV07VDBXNFtF+9wkGkfRbSY+VkCa4uWhHeEKqlxMOyI7+a8W
XTmhSTz/i+L6OnH1UAyZ
=dx0r
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-for-v4.14-rc2' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie:
"amdkfd, i915 and exynos fixes.
I've ended up on unplanned + planned leave this week, but there were
some fixes I decided to dequeue, some amdkfd bits missed the next pull
but they are pretty trivial, so I included them.
I'm not sure I'll see much else for rc2, lots of people are at XDC"
* tag 'drm-fixes-for-v4.14-rc2' of git://people.freedesktop.org/~airlied/linux:
drm/exynos/hdmi: Fix unsafe list iteration
drm: exynos: include linux/irq.h
drm/exynos: Fix suspend/resume support
drm/exynos: Fix locking in the suspend/resume paths
drm/i915: Remove unused 'in_vbl' from i915_get_crtc_scanoutpos()
drm/i915/cnp: set min brightness from VBT
Revert "drm/i915/bxt: Disable device ready before shutdown command"
drm/i915/bxt: set min brightness from VBT
drm/i915: Fix an error handling in 'intel_framebuffer_init()'
drm/i915/gvt: Fix incorrect PCI BARs reporting
drm/amdkfd: pass queue's mqd when destroying mqd
drm/amdkfd: remove memset before memcpy
uapi linux/kfd_ioctl.h: only use __u32 and __u64
-----BEGIN PGP SIGNATURE-----
iQI/BAABCAApFiEEgdbnc3r/njty3Iq9D55TZVIEUYMFAlnC3C8LHGhjaEBsc3Qu
ZGUACgkQD55TZVIEUYPNMQ//XcJyQHfMFgzlF6xsQ8GdrwtPr3BKO2jGNj+5DSZ6
qaLwmxaLTQ5rovITtV7b88LdxzeyS1z7THhKALZcS+gVTmV51FYHNnWI4U++EIzy
BeupNm3irBmjiTrvrUwqirjVs99xMZPvbQrMW+iSa+FxoXJ7fqQwCqnUpKzDznQH
h2LhvwYzl38UuUggQXmYGTJ8PrToOkaZ4jL26/fN9f6zxBz+M3AzbiqCxuMYDtrA
Et8PaIoWd8TTUoLHL/Jk/SEtEHXYwXPFWiVrib3i4KkSlPPoEdQByGsVr9heCtRq
D59P4hFQzFO7A3OOdHkG99Ts/4YfTs/aGXMatLJ16fHsrVY8Y0UH5TtJx0rD5V6H
713PSPwr+tpT0Vmn7KrYp8yv+UfeL2EI9Nl4vFoF/wjvV4hVp+4vyW2RjWWBjdYW
ABr7ltVGpqZl7DXavMECJiN4PHeuBJJ5G+1ivyp336GBCsduvVRWtxxhH2VK08pG
88DT8iDBhtgTciwSqEYLmBQ/SFmOwVSm0SlZ0+amAtscnGREcioFEOIi9e3m08aD
SGvWkGVXYtzC0D4NeYych1isf/Z1vnVxxR9ov80Diy4ejYt7IM0/GrSpbiUTuBzZ
Hs7FfM5HOrjbkP5BQuVUUaEKqMC5dss4mL9YyLXm755imlXtjShk9q++MGmf5gvf
g/Y=
=hV0Y
-----END PGP SIGNATURE-----
Merge tag 'dma-mapping-4.14-2' of git://git.infradead.org/users/hch/dma-mapping
Pull dma mapping fix from Christoph Hellwig:
"A fix for a fix that went in this merge window from Arnd"
* tag 'dma-mapping-4.14-2' of git://git.infradead.org/users/hch/dma-mapping:
dma-coherent: fix rmem_dma_device_init regression
Drop the __init from pcibios_map_irq() to make this section mis-
match go away:
WARNING: vmlinux.o(.text+0x56acd4): Section mismatch in reference from the function pcibios_scanbus() to the function .init.text:pcibios_map_irq()
The function pcibios_scanbus() references
the function __init pcibios_map_irq().
This is often because pcibios_scanbus lacks a __init
annotation or the annotation of pcibios_map_irq is wrong.
Run-Tested only on Alchemy.
Signed-off-by: Manuel Lauss <manuel.lauss@gmail.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/17267/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
The inline asm in __write_64bit_c0_split() modifies the 64-bit input
operand by shifting the high register left by 32, and constructing the
full 64-bit value in the low register (even on a 32-bit kernel), so if
that value is used again it could cause breakage as GCC would assume the
registers haven't changed when they have.
To quote the GCC extended asm documentation:
> Warning: Do not modify the contents of input-only operands (except for
> inputs tied to outputs). The compiler assumes that on exit from the
> asm statement these operands contain the same values as they had
> before executing the statement.
Avoid modifying the input by using a temporary variable as an output
which is modified instead of the input and not otherwise used. The asm
is always __volatile__ so GCC shouldn't optimise it out. The low
register of the temporary output is written before the high register of
the input is read, so we have two constraint alternatives, one where
both use the same registers (for when the input value isn't subsequently
used), and one with an early clobber on the output in case the low
output uses the same register as the high input. This allows the
resulting assembly to remain mostly unchanged.
A diff of a MIPS32r6 kernel reveals only three differences, two in
relation to write_c0_r10k_diag() in cpu_probe() (register allocation
rearranged slightly but otherwise identical), and one in relation to
write_c0_cvmmemctl2() in kvm_vz_local_flush_guesttlb_all(), but the
octeon CPU is only supported on 64-bit kernels where
__write_64bit_c0_split() isn't used so that shouldn't matter in
practice. So there currently doesn't appear to be anything broken by
this bug.
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/17315/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
msp71xx_defconfig can not be built at the in v4.14-rc1
arch/mips/pmcs-msp71xx/msp_smp.c:72:2: error: implicit declaration of function 'set_vi_handler' [-Werror=implicit-function-declaration]
I don't know what caused the regression, but including the right
header is the obvious fix.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/17309/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
- A GICv3 initialisation fix when some CPUs fail to be brought up
- A GICv4 compile fix for GCC 4.5 (!)
- A MIPS-GIC fix for the PCIe support
-----BEGIN PGP SIGNATURE-----
iQJJBAABCAAzFiEEn9UcU+C1Yxj9lZw9I9DQutE9ekMFAlnBZkIVHG1hcmMuenlu
Z2llckBhcm0uY29tAAoJECPQ0LrRPXpDf2gP/R9+UB0qtNKlaqR82MkBIBSNSYir
MRuKwei5++R6OKwHF7wGQxGLNhEOk2yTkZHn74JMdwXg3Y5s9puLzs3mlkFU2X6k
2hM2oOrvjZTV4CNm6WwYzv15CAMVri9ETTAwXKg3KDHMvuMGhTgKef1TIyHHTHvP
QhrmTW2k84uf+SYLOK3NPowWoNBrUUfO0fASgLLqmmLi2xnUeRR+a48CPuo9dS65
n72zHoJjCyikLLsFbAmNuvEs4MDrDWJt9qF6VpVE0El5cOBqXuatz981i1STcD/U
qJA5qUAZum9OVpIjpLO9lmZEdpW9gA+LHpyojrkqkBbhur2hYprLzIMUxCLSrqaq
/jjW2Qdz7HY7QXBFLOEba3sfPJrp0hR7cNr0uuqaASHZDTEwScDl7ng05Iv8xRWD
STCo2uXRx0WPBAnshtKHlSe7b9giheyoS7KZ0ONbpos+2AKVc6CcfIIutLouavPU
Wg+IOUUxipkUyRCyLzsX+O8cabgrPgDHCC4CRJStTKVy5125okcDimZm/ybQsH7T
1FrXnhTbUf3FWiSnXxj0N6hC7nydm1AtYh41Q4TlyAECLVKjDzKK2O9mekUlvb/d
6iCg3xYzwbXhJLrG/kAgV64kO3/Dp/YyXXeRj+BVsU+SUkbEe5H6w5Imzd91mh8y
JMAHGuEnDWLPryP+
=lOJa
-----END PGP SIGNATURE-----
Merge tag 'irqchip-4.14-2' of git://git.kernel.org/pub/scm/linux/kernel/git/maz/arm-platforms into irq/urgent
Pull irqchip updates from Marc Zyngier
- A GICv3 initialisation fix when some CPUs fail to be brought up
- A GICv4 compile fix for GCC 4.5 (!)
- A MIPS-GIC fix for the PCIe support
This reverts commit 74def747bc.
The change to the helper function is only correct for the /proc/irq/
readout usage, but breaks the existing x86 usage of that function.
Reported-by: Yanko Kaneti <yaneti@declera.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Marc Zyngier <marc.zyngier@arm.com>
A reference to the parent device node is held by add_dt_node() for the
node to be added. If the call to dlpar_configure_connector() fails
add_dt_node() returns ENOENT and that reference is not freed.
Add a call to of_node_put(parent_dn) prior to bailing out after a
failed dlpar_configure_connector() call.
Fixes: 8d5ff32076 ("powerpc/pseries: Make dlpar_configure_connector parent node aware")
Cc: stable@vger.kernel.org # v3.12+
Signed-off-by: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Commit 215ee763f8 ("powerpc: pseries: remove dlpar_attach_node
dependency on full path") reworked dlpar_attach_node() to no longer
look up the parent node "/cpus", but instead to have the parent node
passed by the caller in the function parameter list.
As a result dlpar_attach_node() is no longer responsible for freeing
the reference to the parent node. However, commit 215ee763f8 failed
to remove the of_node_put(parent) call in dlpar_attach_node(), or to
take into account that the reference to the parent in the caller
dlpar_cpu_add() needs to be held until after dlpar_attach_node()
returns.
As a result doing repeated cpu add/remove dlpar operations will
eventually result in the following error:
OF: ERROR: Bad of_node_put() on /cpus
CPU: 0 PID: 10896 Comm: drmgr Not tainted 4.13.0-autotest #1
Call Trace:
dump_stack+0x15c/0x1f8 (unreliable)
of_node_release+0x1a4/0x1c0
kobject_put+0x1a8/0x310
kobject_del+0xbc/0xf0
__of_detach_node_sysfs+0x144/0x210
of_detach_node+0xf0/0x180
dlpar_detach_node+0xc4/0x120
dlpar_cpu_remove+0x280/0x560
dlpar_cpu_release+0xbc/0x1b0
arch_cpu_release+0x6c/0xb0
cpu_release_store+0xa0/0x100
dev_attr_store+0x68/0xa0
sysfs_kf_write+0xa8/0xf0
kernfs_fop_write+0x2cc/0x400
__vfs_write+0x5c/0x340
vfs_write+0x1a8/0x3d0
SyS_write+0xa8/0x1a0
system_call+0x58/0x6c
Fix the issue by removing the of_node_put(parent) call from
dlpar_attach_node(), and ensuring that the reference to the parent
node is properly held and released by the caller dlpar_cpu_add().
Fixes: 215ee763f8 ("powerpc: pseries: remove dlpar_attach_node dependency on full path")
Signed-off-by: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
Reported-by: Abdul Haleem <abdhalee@linux.vnet.ibm.com>
[mpe: Add a comment in the code and frob the change log slightly]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Otherwise we end up not yet having computed the right diag data size
on powernv where EEH initialization is delayed, thus causing memory
corruption later on when calling OPAL.
Fixes: 5cb1f8fddd ("powerpc/powernv/pci: Dynamically allocate PHB diag data")
Cc: stable@vger.kernel.org # v4.13+
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Acked-by: Russell Currey <ruscur@russell.cc>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Commit 553f770ef7 ("ipc: move compat shmctl to native") moved the
compat IPC syscall handling into ipc/shm.c and refactored the struct
accessors in the process. Unfortunately, the call to
copy_compat_shmid_to_user when handling a compat {IPC,SHM}_STAT command
gets the arguments the wrong way round, passing a kernel stack address
as the user buffer (destination) and the user buffer as the kernel stack
address (source).
This patch fixes the parameter ordering so the buffers are accessed
correctly.
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Issue is that if the data crosses a page boundary inside a compound
page, this check will incorrectly trigger a WARN_ON.
To fix this, compute the order using the head of the compound page and
adjust the offset to be relative to that head.
Fixes: 72e809ed81 ("iov_iter: sanity checks for copy to/from page
primitives")
Signed-off-by: Petar Penkov <ppenkov@google.com>
CC: Al Viro <viro@zeniv.linux.org.uk>
CC: Eric Dumazet <edumazet@google.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
As long as signing is supported (ie not a guest user connection) and
connection is SMB3 or SMB3.02, then validate negotiate (protect
against man in the middle downgrade attacks). We had been doing this
only when signing was required, not when signing was just enabled,
but this more closely matches recommended SMB3 behavior and is
better security. Suggested by Metze.
Signed-off-by: Steve French <smfrench@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Acked-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
CC: Stable <stable@vger.kernel.org>
There is a race that cause cifs reconnect in cifs_mount,
- cifs_mount
- cifs_get_tcp_session
- [ start thread cifs_demultiplex_thread
- cifs_read_from_socket: -ECONNABORTED
- DELAY_WORK smb2_reconnect_server ]
- cifs_setup_session
- [ smb2_reconnect_server ]
auth_key.response was allocated in cifs_setup_session, and
will release when the session destoried. So when session re-
connect, auth_key.response should be check and released.
Tested with my system:
CIFS VFS: Free previous auth_key.response = ffff8800320bbf80
A simple auth_key.response allocation call trace:
- cifs_setup_session
- SMB2_sess_setup
- SMB2_sess_auth_rawntlmssp_authenticate
- build_ntlmssp_auth_blob
- setup_ntlmv2_rsp
Signed-off-by: Shu Wang <shuwang@redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
CC: Stable <stable@vger.kernel.org>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
memory leak was found by kmemleak. exit_cifs_spnego
should be called before cifs module removed, or
cifs root_cred will not be released.
kmemleak report:
unreferenced object 0xffff880070a3ce40 (size 192):
backtrace:
kmemleak_alloc+0x4a/0xa0
kmem_cache_alloc+0xc7/0x1d0
prepare_kernel_cred+0x20/0x120
init_cifs_spnego+0x2d/0x170 [cifs]
0xffffffffc07801f3
do_one_initcall+0x51/0x1b0
do_init_module+0x60/0x1fd
load_module+0x161e/0x1b60
SYSC_finit_module+0xa9/0x100
SyS_finit_module+0xe/0x10
Signed-off-by: Shu Wang <shuwang@redhat.com>
Signed-off-by: Steve French <smfrench@gmail.com>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
CC: Stable <stable@vger.kernel.org>
Don't populate the read-only arrays types[] on the stack, instead make
them both static const. Makes the object code smaller by over 200 bytes:
Before:
text data bss dec hex filename
111503 37696 448 149647 2488f fs/cifs/file.o
After:
text data bss dec hex filename
111140 37856 448 149444 247c4 fs/cifs/file.o
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Steve French <smfrench@gmail.com>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Yunsheng Lin says:
====================
TM related bugfixes for the HNS3 Ethernet Driver
This patch set contains a few bugfixes related to hclge_tm module.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
