Mike Christie [Wed, 3 Sep 2014 05:00:39 +0000 (00:00 -0500)]
SCSI: libiscsi: fix potential buffer overrun in __iscsi_conn_send_pdu
commit
db9bfd64b14a3a8f1868d2164518fdeab1b26ad1 upstream.
This patches fixes a potential buffer overrun in __iscsi_conn_send_pdu.
This function is used by iscsi drivers and userspace to send iscsi PDUs/
commands. For login commands, we have a set buffer size. For all other
commands we do not support data buffers.
This was reported by Dan Carpenter here:
http://www.spinics.net/lists/linux-scsi/msg66838.html
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Mike Christie <michaelc@cs.wisc.edu>
Reviewed-by: Sagi Grimberg <sagig@mellanox.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dan Carpenter [Mon, 1 Sep 2014 17:27:29 +0000 (20:27 +0300)]
NFC: microread: Potential overflows in microread_target_discovered()
commit
d07f1e8600ccb885c8f4143402b8912f7d827bcb upstream.
Smatch says that skb->data is untrusted so we need to check to make sure
that the memcpy() doesn't overflow.
Fixes: cfad1ba87150 ('NFC: Initial support for Inside Secure microread')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Nicholas Bellinger [Wed, 17 Sep 2014 18:45:17 +0000 (11:45 -0700)]
iscsi-target: Fix memory corruption in iscsit_logout_post_handler_diffcid
commit
b53b0d99d6fbf7d44330395349a895521cfdbc96 upstream.
This patch fixes a bug in iscsit_logout_post_handler_diffcid() where
a pointer used as storage for list_for_each_entry() was incorrectly
being used to determine if no matching entry had been found.
This patch changes iscsit_logout_post_handler_diffcid() to key off
bool conn_found to determine if the function needs to exit early.
Reported-by: Joern Engel <joern@logfs.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Joern Engel [Tue, 2 Sep 2014 21:49:54 +0000 (17:49 -0400)]
iscsi-target: avoid NULL pointer in iscsi_copy_param_list failure
commit
8ae757d09c45102b347a1bc2867f54ffc1ab8fda upstream.
In iscsi_copy_param_list() a failed iscsi_param_list memory allocation
currently invokes iscsi_release_param_list() to cleanup, and will promptly
trigger a NULL pointer dereference.
Instead, go ahead and return for the first iscsi_copy_param_list()
failure case.
Found by coverity.
Signed-off-by: Joern Engel <joern@logfs.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sebastian Herbszt [Sun, 31 Aug 2014 22:17:53 +0000 (00:17 +0200)]
target: Fix inverted logic in SE_DEV_ALUA_SUPPORT_STATE_STORE
commit
1f0b030c45c781f9fe568e5e2a813d6c8567a051 upstream.
Fix inverted logic in SE_DEV_ALUA_SUPPORT_STATE_STORE for setting
the supported ALUA access states via configfs, originally introduced
in commit
b0a382c5.
A value of 1 should enable the support, not disable it.
Signed-off-by: Sebastian Herbszt <herbszt@gmx.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sagi Grimberg [Wed, 2 Jul 2014 13:19:25 +0000 (16:19 +0300)]
Target/iser: Don't put isert_conn inside disconnected handler
commit
0fc4ea701fcf5bc51ace4e288af5be741465f776 upstream.
disconnected_handler is invoked on several CM events (such
as DISCONNECTED, DEVICE_REMOVAL, TIMEWAIT_EXIT...). Since
multiple events can occur while before isert_free_conn is
invoked, we might put all isert_conn references and free
the connection too early.
Signed-off-by: Sagi Grimberg <sagig@mellanox.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sagi Grimberg [Wed, 2 Jul 2014 13:19:24 +0000 (16:19 +0300)]
Target/iser: Get isert_conn reference once got to connected_handler
commit
c2f88b17a1d97ca4ecd96cc22333a7a4f1407d39 upstream.
In case the connection didn't reach connected state, disconnected
handler will never be invoked thus the second kref_put on
isert_conn will be missing.
Signed-off-by: Sagi Grimberg <sagig@mellanox.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Ludovic Desroches [Thu, 9 Oct 2014 14:02:00 +0000 (15:02 +0100)]
iio: adc: at91: don't use the last converted data register
commit
d4f51956ac8ad302db9b0c4e4232775b1baa7b44 upstream.
If touchscreen mode is enabled and a conversion is requested on another
channel, the result in the last converted data register can be a
touchscreen relative value. Starting a conversion involves to do a
conversion for all active channel. It starts with ADC channels and ends
with touchscreen channels. Then if ADC_LCD register is not read quickly,
its content may be a touchscreen conversion.
To remove this temporal constraint, the conversion value is taken from
the channel data register.
Signed-off-by: Ludovic Desroches <ludovic.desroches@atmel.com>
Acked-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subbaraya Sundeep Bhatta [Sun, 9 Nov 2014 09:55:00 +0000 (09:55 +0000)]
iio: adc: xilinx-xadc: assign auxiliary channels address correctly
commit
1887e724e2b6df06847522fe9dc2ab53639516cc upstream.
This patch fixes incorrect logic for assigning address
to auxiliary channels of xilinx xadc.
Signed-off-by: Subbaraya Sundeep Bhatta <sbhatta@xilinx.com>
Acked-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Johannes Pointner [Mon, 25 Aug 2014 08:04:00 +0000 (09:04 +0100)]
iio:inkern: fix overwritten -EPROBE_DEFER in of_iio_channel_get_by_name
commit
872687f626e033b4ddfaec1e410057cfc6636d77 upstream.
Fixes: a2c12493ed7e ('iio: of_iio_channel_get_by_name() returns non-null pointers for error legs')
which improperly assumes that of_iio_channel_get_by_name must always
return NULL and thus now hides -EPROBE_DEFER.
Signed-off-by: Johannes Pointner <johannes.pointner@br-automation.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Denis CIOCCA [Thu, 9 Oct 2014 12:55:00 +0000 (13:55 +0100)]
iio:magnetometer: bugfix magnetometers gain values
commit
a31d0928999fbf33b3a6042e8bcb7b7f7e07d094 upstream.
This patch fix gains values. The first driver was designed using
engineering samples, in mass production the values are changed.
Signed-off-by: Denis Ciocca <denis.ciocca@st.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Srinivas Pandruvada [Fri, 22 Aug 2014 20:48:00 +0000 (21:48 +0100)]
iio: adc: ad_sigma_delta: Fix indio_dev->trig assignment
commit
9e5846be33277802c0c76e5c12825d0e4d27f639 upstream.
This can result in wrong reference count for trigger device, call
iio_trigger_get to increment reference.
Refer to http://www.spinics.net/lists/linux-iio/msg13669.html for discussion
with Jonathan.
Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Acked-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Srinivas Pandruvada [Fri, 22 Aug 2014 20:48:00 +0000 (21:48 +0100)]
iio: st_sensors: Fix indio_dev->trig assignment
commit
f0e84acd7056e6d7ade551c6439531606ae30a46 upstream.
This can result in wrong reference count for trigger device, call
iio_trigger_get to increment reference.
Refer to http://www.spinics.net/lists/linux-iio/msg13669.html for discussion
with Jonathan.
Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Srinivas Pandruvada [Fri, 22 Aug 2014 20:48:00 +0000 (21:48 +0100)]
iio: meter:
ade7758: Fix indio_dev->trig assignment
commit
0495081179212b758775df752e657ea71dcae020 upstream.
This can result in wrong reference count for trigger device, call
iio_trigger_get to increment reference.
Refer to http://www.spinics.net/lists/linux-iio/msg13669.html for discussion
with Jonathan.
Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Acked-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Srinivas Pandruvada [Fri, 22 Aug 2014 20:48:00 +0000 (21:48 +0100)]
iio: inv_mpu6050: Fix indio_dev->trig assignment
commit
b07e3b3850b2e1f09c19f54d3ed7210d9f529e2c upstream.
This can result in wrong reference count for trigger device, call
iio_trigger_get to increment reference.
Refer to http://www.spinics.net/lists/linux-iio/msg13669.html for discussion
with Jonathan.
Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Srinivas Pandruvada [Fri, 22 Aug 2014 20:48:00 +0000 (21:48 +0100)]
iio: gyro: itg3200: Fix indio_dev->trig assignment
commit
0b4dce2ee694a991ef38203ec5ff91a738518cb3 upstream.
This can result in wrong reference count for trigger device, call
iio_trigger_get to increment reference.
Refer to http://www.spinics.net/lists/linux-iio/msg13669.html for discussion
with Jonathan.
Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Srinivas Pandruvada [Fri, 22 Aug 2014 20:48:00 +0000 (21:48 +0100)]
iio: hid_sensor_hub: Fix indio_dev->trig assignment
commit
55a6f9ddfdea0d2d343cd1b39baf8aa752664b6e upstream.
This can result in wrong reference count for trigger device, call
iio_trigger_get to increment reference.
Refer to http://www.spinics.net/lists/linux-iio/msg13669.html for discussion
with Jonathan.
Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Srinivas Pandruvada [Fri, 22 Aug 2014 20:48:00 +0000 (21:48 +0100)]
iio: accel: bma180: Fix indio_dev->trig assignment
commit
0668a4e4d297328ce08b44d91d160537596115e2 upstream.
This can result in wrong reference count for trigger device, call
iio_trigger_get to increment reference.
Refer to http://www.spinics.net/lists/linux-iio/msg13669.html for discussion
with Jonathan.
Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Srinivas Pandruvada [Fri, 22 Aug 2014 20:48:00 +0000 (21:48 +0100)]
iio:trigger: modify return value for iio_trigger_get
commit
f153566570fb9e32c2f59182883f4f66048788fb upstream.
Instead of a void function, return the trigger pointer.
Whilst not in of itself a fix, this makes the following set of
7 fixes cleaner than they would otherwise be.
Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Steve French [Mon, 15 Sep 2014 04:27:09 +0000 (23:27 -0500)]
SMB3: Fix oops when creating symlinks on smb3
commit
da80659d4aa758dc6935b10ec64513f0b67bc969 upstream.
We were not checking for symlink support properly for SMB2/SMB3
mounts so could oops when mounted with mfsymlinks when try
to create symlink when mfsymlinks on smb2/smb3 mounts
Signed-off-by: Steve French <smfrench@gmail.com>
CC: Sachin Prabhu <sprabhu@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Ujfalusi [Thu, 4 Sep 2014 07:52:53 +0000 (10:52 +0300)]
ASoC: davinci-mcasp: Correct rx format unit configuration
commit
fe0a29e163a5d045c73faab682a8dac71c2f8012 upstream.
In case of capture we should not use rotation. The reverse and mask is
enough to get the data align correctly from the bus to MCU:
Format data from bus after reverse (XRBUF)
S16_LE: |LSB|MSB|xxx|xxx| |xxx|xxx|MSB|LSB|
S24_3LE: |LSB|DAT|MSB|xxx| |xxx|MSB|DAT|LSB|
S24_LE: |LSB|DAT|MSB|xxx| |xxx|MSB|DAT|LSB|
S32_LE: |LSB|DAT|DAT|MSB| |MSB|DAT|DAT|LSB|
With this patch all supported formats will work for playback and capture.
Reported-by: Jyri Sarha <jsarha@ti.com> (broken S24_3LE capture)
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Miklos Szeredi [Wed, 24 Sep 2014 15:56:17 +0000 (17:56 +0200)]
shmem: fix nlink for rename overwrite directory
commit
b928095b0a7cff7fb9fcf4c706348ceb8ab2c295 upstream.
If overwriting an empty directory with rename, then need to drop the extra
nlink.
Test prog:
#include <stdio.h>
#include <fcntl.h>
#include <err.h>
#include <sys/stat.h>
int main(void)
{
const char *test_dir1 = "test-dir1";
const char *test_dir2 = "test-dir2";
int res;
int fd;
struct stat statbuf;
res = mkdir(test_dir1, 0777);
if (res == -1)
err(1, "mkdir(\"%s\")", test_dir1);
res = mkdir(test_dir2, 0777);
if (res == -1)
err(1, "mkdir(\"%s\")", test_dir2);
fd = open(test_dir2, O_RDONLY);
if (fd == -1)
err(1, "open(\"%s\")", test_dir2);
res = rename(test_dir1, test_dir2);
if (res == -1)
err(1, "rename(\"%s\", \"%s\")", test_dir1, test_dir2);
res = fstat(fd, &statbuf);
if (res == -1)
err(1, "fstat(%i)", fd);
if (statbuf.st_nlink != 0) {
fprintf(stderr, "nlink is %lu, should be 0\n", statbuf.st_nlink);
return 1;
}
return 0;
}
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Kees Cook [Thu, 11 Sep 2014 16:19:31 +0000 (09:19 -0700)]
x86/kaslr: Avoid the setup_data area when picking location
commit
0cacbfbeb5077b63d5d3cf6df88b14ac12ad584b upstream.
The KASLR location-choosing logic needs to avoid the setup_data
list memory areas as well. Without this, it would be possible to
have the ASLR position stomp on the memory, ultimately causing
the boot to fail.
Signed-off-by: Kees Cook <keescook@chromium.org>
Tested-by: Baoquan He <bhe@redhat.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Cc: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Cc: Pavel Machek <pavel@ucw.cz>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: http://lkml.kernel.org/r/20140911161931.GA12001@www.outflux.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dave Young [Tue, 26 Aug 2014 09:06:41 +0000 (17:06 +0800)]
x86 early_ioremap: Increase FIX_BTMAPS_SLOTS to 8
commit
3eddc69ffeba092d288c386646bfa5ec0fce25fd upstream.
3.16 kernel boot fail with earlyprintk=efi, it keeps scrolling at the
bottom line of screen.
Bisected, the first bad commit is below:
commit
86dfc6f339886559d80ee0d4bd20fe5ee90450f0
Author: Lv Zheng <lv.zheng@intel.com>
Date: Fri Apr 4 12:38:57 2014 +0800
ACPICA: Tables: Fix table checksums verification before installation.
I did some debugging by enabling both serial and efi earlyprintk, below is
some debug dmesg, seems early_ioremap fails in scroll up function due to
no free slot, see below dmesg output:
WARNING: CPU: 0 PID: 0 at mm/early_ioremap.c:116 __early_ioremap+0x90/0x1c4()
__early_ioremap(
ed00c800,
00000c80) not found slot
Modules linked in:
CPU: 0 PID: 0 Comm: swapper Not tainted 3.17.0-rc1+ #204
Hardware name: Hewlett-Packard HP Z420 Workstation/1589, BIOS J61 v03.15 05/09/2013
Call Trace:
dump_stack+0x4e/0x7a
warn_slowpath_common+0x75/0x8e
? __early_ioremap+0x90/0x1c4
warn_slowpath_fmt+0x47/0x49
__early_ioremap+0x90/0x1c4
? sprintf+0x46/0x48
early_ioremap+0x13/0x15
early_efi_map+0x24/0x26
early_efi_scroll_up+0x6d/0xc0
early_efi_write+0x1b0/0x214
call_console_drivers.constprop.21+0x73/0x7e
console_unlock+0x151/0x3b2
? vprintk_emit+0x49f/0x532
vprintk_emit+0x521/0x532
? console_unlock+0x383/0x3b2
printk+0x4f/0x51
acpi_os_vprintf+0x2b/0x2d
acpi_os_printf+0x43/0x45
acpi_info+0x5c/0x63
? __acpi_map_table+0x13/0x18
? acpi_os_map_iomem+0x21/0x147
acpi_tb_print_table_header+0x177/0x186
acpi_tb_install_table_with_override+0x4b/0x62
acpi_tb_install_standard_table+0xd9/0x215
? early_ioremap+0x13/0x15
? __acpi_map_table+0x13/0x18
acpi_tb_parse_root_table+0x16e/0x1b4
acpi_initialize_tables+0x57/0x59
acpi_table_init+0x50/0xce
acpi_boot_table_init+0x1e/0x85
setup_arch+0x9b7/0xcc4
start_kernel+0x94/0x42d
? early_idt_handlers+0x120/0x120
x86_64_start_reservations+0x2a/0x2c
x86_64_start_kernel+0xf3/0x100
Quote reply from Lv.zheng about the early ioremap slot usage in this case:
"""
In early_efi_scroll_up(), 2 mapping entries will be used for the src/dst screen buffer.
In drivers/acpi/acpica/tbutils.c, we've improved the early table loading code in acpi_tb_parse_root_table().
We now need 2 mapping entries:
1. One mapping entry is used for RSDT table mapping. Each RSDT entry contains an address for another ACPI table.
2. For each entry in RSDP, we need another mapping entry to map the table to perform necessary check/override before installing it.
When acpi_tb_parse_root_table() prints something through EFI earlyprintk console, we'll have 4 mapping entries used.
The current 4 slots setting of early_ioremap() seems to be too small for such a use case.
"""
Thus increase the slot to 8 in this patch to fix this issue.
boot-time mappings become 512 page with this patch.
Signed-off-by: Dave Young <dyoung@redhat.com>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stefan Bader [Tue, 2 Sep 2014 10:16:01 +0000 (11:16 +0100)]
x86/xen: don't copy bogus duplicate entries into kernel page tables
commit
0b5a50635fc916cf46e3de0b819a61fc3f17e7ee upstream.
When RANDOMIZE_BASE (KASLR) is enabled; or the sum of all loaded
modules exceeds 512 MiB, then loading modules fails with a warning
(and hence a vmalloc allocation failure) because the PTEs for the
newly-allocated vmalloc address space are not zero.
WARNING: CPU: 0 PID: 494 at linux/mm/vmalloc.c:128
vmap_page_range_noflush+0x2a1/0x360()
This is caused by xen_setup_kernel_pagetables() copying
level2_kernel_pgt into level2_fixmap_pgt, overwriting many non-present
entries.
Without KASLR, the normal kernel image size only covers the first half
of level2_kernel_pgt and module space starts after that.
L4[511]->level3_kernel_pgt[510]->level2_kernel_pgt[ 0..255]->kernel
[256..511]->module
[511]->level2_fixmap_pgt[ 0..505]->module
This allows 512 MiB of of module vmalloc space to be used before
having to use the corrupted level2_fixmap_pgt entries.
With KASLR enabled, the kernel image uses the full PUD range of 1G and
module space starts in the level2_fixmap_pgt. So basically:
L4[511]->level3_kernel_pgt[510]->level2_kernel_pgt[0..511]->kernel
[511]->level2_fixmap_pgt[0..505]->module
And now no module vmalloc space can be used without using the corrupt
level2_fixmap_pgt entries.
Fix this by properly converting the level2_fixmap_pgt entries to MFNs,
and setting level1_fixmap_pgt as read-only.
A number of comments were also using the the wrong L3 offset for
level2_kernel_pgt. These have been corrected.
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Ross Lagerwall [Mon, 18 Aug 2014 09:41:36 +0000 (10:41 +0100)]
xen/manage: Always freeze/thaw processes when suspend/resuming
commit
61a734d305e16944b42730ef582a7171dc733321 upstream.
Always freeze processes when suspending and thaw processes when resuming
to prevent a race noticeable with HVM guests.
This prevents a deadlock where the khubd kthread (which is designed to
be freezable) acquires a usb device lock and then tries to allocate
memory which requires the disk which hasn't been resumed yet.
Meanwhile, the xenwatch thread deadlocks waiting for the usb device
lock.
Freezing processes fixes this because the khubd thread is only thawed
after the xenwatch thread finishes resuming all the devices.
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Christian Borntraeger [Thu, 28 Aug 2014 21:44:57 +0000 (23:44 +0200)]
KVM: s390/mm: Fix guest storage key corruption in ptep_set_access_flags
commit
1951497d90d6754201af3e65241a06f9ef6755cd upstream.
commit
0944fe3f4a32 ("s390/mm: implement software referenced bits")
triggered another paging/storage key corruption. There is an
unhandled invalid->valid pte change where we have to set the real
storage key from the pgste.
When doing paging a guest page might be swapcache or swap and when
faulted in it might be read-only and due to a parallel scan old.
An do_wp_page will make it writeable and young. Due to software
reference tracking this page was invalid and now becomes valid.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Christian Borntraeger [Thu, 28 Aug 2014 19:21:41 +0000 (21:21 +0200)]
KVM: s390/mm: Fix storage key corruption during swapping
commit
3e03d4c46daa849880837d802e41c14132a03ef9 upstream.
Since 3.12 or more precisely commit
0944fe3f4a32 ("s390/mm:
implement software referenced bits") guest storage keys get
corrupted during paging. This commit added another valid->invalid
translation for page tables - namely ptep_test_and_clear_young.
We have to transfer the storage key into the pgste in that case.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Christian Borntraeger [Tue, 19 Aug 2014 14:19:35 +0000 (16:19 +0200)]
KVM: s390/mm: try a cow on read only pages for key ops
commit
ab3f285f227fec62868037e9b1b1fd18294a83b8 upstream.
The PFMF instruction handler blindly wrote the storage key even if
the page was mapped R/O in the host. Lets try a COW before continuing
and bail out in case of errors.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Christian Borntraeger [Wed, 6 Aug 2014 14:17:58 +0000 (16:17 +0200)]
KVM: s390: Fix user triggerable bug in dead code
commit
614a80e474b227cace52fd6e3c790554db8a396e upstream.
In the early days, we had some special handling for the
KVM_EXIT_S390_SIEIC exit, but this was gone in 2009 with commit
d7b0b5eb3000 (KVM: s390: Make psw available on all exits, not
just a subset).
Now this switch statement is just a sanity check for userspace
not messing with the kvm_run structure. Unfortunately, this
allows userspace to trigger a kernel BUG. Let's just remove
this switch statement.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Zefan Li [Thu, 18 Sep 2014 09:28:46 +0000 (17:28 +0800)]
cgroup: fix unbalanced locking
commit
eb4aec84d6bdf98d00cedb41c18000f7a31e648a upstream.
cgroup_pidlist_start() holds cgrp->pidlist_mutex and then calls
pidlist_array_load(), and cgroup_pidlist_stop() releases the mutex.
It is wrong that we release the mutex in the failure path in
pidlist_array_load(), because cgroup_pidlist_stop() will be called
no matter if cgroup_pidlist_start() returns errno or not.
Fixes: 4bac00d16a8760eae7205e41d2c246477d42a210
Signed-off-by: Zefan Li <lizefan@huawei.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Li Zefan [Thu, 4 Sep 2014 06:43:07 +0000 (14:43 +0800)]
cgroup: delay the clearing of cgrp->kn->priv
commit
a4189487da1b4f8260c6006b9dc47c3c4107a5ae upstream.
Run these two scripts concurrently:
for ((; ;))
{
mkdir /cgroup/sub
rmdir /cgroup/sub
}
for ((; ;))
{
echo $$ > /cgroup/sub/cgroup.procs
echo $$ > /cgroup/cgroup.procs
}
A kernel bug will be triggered:
BUG: unable to handle kernel NULL pointer dereference at
00000038
IP: [<
c10bbd69>] cgroup_put+0x9/0x80
...
Call Trace:
[<
c10bbe19>] cgroup_kn_unlock+0x39/0x50
[<
c10bbe91>] cgroup_kn_lock_live+0x61/0x70
[<
c10be3c1>] __cgroup_procs_write.isra.26+0x51/0x230
[<
c10be5b2>] cgroup_tasks_write+0x12/0x20
[<
c10bb7b0>] cgroup_file_write+0x40/0x130
[<
c11aee71>] kernfs_fop_write+0xd1/0x160
[<
c1148e58>] vfs_write+0x98/0x1e0
[<
c114934d>] SyS_write+0x4d/0xa0
[<
c16f656b>] sysenter_do_call+0x12/0x12
We clear cgrp->kn->priv in the end of cgroup_rmdir(), but another
concurrent thread can access kn->priv after the clearing.
We should move the clearing to css_release_work_fn(). At that time
no one is holding reference to the cgroup and no one can gain a new
reference to access it.
v2:
- move RCU_INIT_POINTER() into the else block. (Tejun)
- remove the cgroup_parent() check. (Tejun)
- update the comment in css_tryget_online_from_dir().
Reported-by: Toralf Förster <toralf.foerster@gmx.de>
Signed-off-by: Zefan Li <lizefan@huawei.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Alban Crequy [Mon, 18 Aug 2014 11:20:20 +0000 (12:20 +0100)]
cgroup: reject cgroup names with '\n'
commit
71b1fb5c4473a5b1e601d41b109bdfe001ec82e0 upstream.
/proc/<pid>/cgroup contains one cgroup path on each line. If cgroup names are
allowed to contain "\n", applications cannot parse /proc/<pid>/cgroup safely.
Signed-off-by: Alban Crequy <alban.crequy@collabora.co.uk>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Mark Brown [Wed, 27 Aug 2014 12:09:12 +0000 (13:09 +0100)]
regmap: Don't attempt block writes when syncing cache on single_rw devices
commit
5c1ebe7f73f9166893c3459915db8a09d6d1d715 upstream.
If the device can't support block writes then don't attempt to use raw
syncing which will automatically generate block writes for adjacent
registers, use the existing _single() block syncing implementation.
Reported-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Tested-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Mark Brown [Tue, 26 Aug 2014 11:12:17 +0000 (12:12 +0100)]
regmap: Fix handling of volatile registers for format_write() chips
commit
5844a8b9d98ec11ce1d77610daacf3f0a0e14715 upstream.
A previous over-zealous factorisation of code means that we only treat
registers as volatile if they are readable. For most devices this is fine
since normally most registers can be read and volatility implies
readability but for format_write() devices where there is no readback from
the hardware and we use volatility to mean simply uncacheability this means
that we end up treating all registers as cacheble.
A bigger refactoring of the code to clarify this is in order but as a fix
make a minimal change and only check readability when checking volatility
if there is no format_write() operation defined for the device.
Signed-off-by: Mark Brown <broonie@linaro.org>
Tested-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Lars-Peter Clausen [Sun, 24 Aug 2014 13:32:27 +0000 (15:32 +0200)]
regmap: Fix regcache debugfs initialization
commit
5e0cbe78762b5f02986bf9e59a188dad2f6e0be1 upstream.
Commit
6cfec04bcc05 ("regmap: Separate regmap dev initialization") moved the
regmap debugfs initialization after regcache initialization. This means
that the regmap debugfs directory is not created yet when the cache
initialization runs and so any debugfs files registered by the regcache are
created in the debugfs root directory rather than the debugfs directory of
the regmap instance. Fix this by adding a separate callback for the
regcache debugfs initialization which will be called after the parent
debugfs entry has been created.
Fixes: 6cfec04bcc05 (regmap: Separate regmap dev initialization)
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Mark Brown <broonie@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tang Chen [Fri, 29 Aug 2014 22:18:31 +0000 (15:18 -0700)]
memblock, memhotplug: fix wrong type in memblock_find_in_range_node().
commit
0cfb8f0c3e21e36d4a6e472e4c419d58ba848698 upstream.
In memblock_find_in_range_node(), we defined ret as int. But it should
be phys_addr_t because it is used to store the return value from
__memblock_find_range_bottom_up().
The bug has not been triggered because when allocating low memory near
the kernel end, the "int ret" won't turn out to be negative. When we
started to allocate memory on other nodes, and the "int ret" could be
minus. Then the kernel will panic.
A simple way to reproduce this: comment out the following code in
numa_init(),
memblock_set_bottom_up(false);
and the kernel won't boot.
Reported-by: Xishi Qiu <qiuxishi@huawei.com>
Signed-off-by: Tang Chen <tangchen@cn.fujitsu.com>
Tested-by: Xishi Qiu <qiuxishi@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Catalin Marinas [Fri, 29 Aug 2014 15:08:02 +0000 (16:08 +0100)]
arm64: Add brackets around user_stack_pointer()
commit
2520d039728b2a3c5ae7f79fe2a0e9d182855b12 upstream.
Commit
5f888a1d33 (ARM64: perf: support dwarf unwinding in compat mode)
changes user_stack_pointer() to return the compat SP for 32-bit tasks
but without brackets around the whole definition, with possible issues
on the call sites (noticed with a subsequent fix for KSTK_ESP).
Fixes: 5f888a1d33c4 (ARM64: perf: support dwarf unwinding in compat mode)
Reported-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Aaron Lu [Fri, 19 Sep 2014 02:01:18 +0000 (10:01 +0800)]
ACPI / video: disable native backlight for ThinkPad X201s
commit
789eeea128925741e0a105357bebf8855d3bcdee upstream.
The ThinkPad X201s has a working ACPI video backlight interface and is
shipped before Win8; then there is BIOS update that starts to query
_OSI("Windows 2012") and that would make our video module stop creating
backlight interface and caused problem for the user. Add it to the DMI
table to disable native backlight to fix this problem.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=81691
Link: https://bugzilla.kernel.org/show_bug.cgi?id=51231
Reported-and-tested-by: Yves-Alexis Perez <corsac@debian.org>
Signed-off-by: Aaron Lu <aaron.lu@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Mika Westerberg [Fri, 12 Sep 2014 08:33:10 +0000 (11:33 +0300)]
ACPI / scan: Correct error return value of create_modalias()
commit
98d28d0e59160d2d6cb3f6a9050723ac40f89669 upstream.
There is a typo, it should be negative -errno instead.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rafael J. Wysocki [Sun, 21 Sep 2014 00:58:18 +0000 (02:58 +0200)]
ACPI / hotplug: Generate online uevents for ACPI containers
commit
8ab17fc92e49bc2b8fff9d220c19bf50ec9c1158 upstream.
Commit
46394fd01 (ACPI / hotplug: Move container-specific code out of
the core) removed the generation of "online" uevents for containers,
because "add" uevents are now generated for them automatically when
container system devices are registered. However, there are user
space tools that need to be notified when the container and all of
its children have been enumerated, which doesn't happen any more.
For this reason, add a mechanism allowing "online" uevents to be
generated for ACPI containers after enumerating the container along
with all of its children.
Fixes: 46394fd01 (ACPI / hotplug: Move container-specific code out of the core)
Reported-and-tested-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fu Zhonghui [Wed, 24 Sep 2014 20:42:26 +0000 (22:42 +0200)]
ACPI / platform / LPSS: disable async suspend/resume of LPSS devices
commit
457920817e645a7dee42c2a75c81c5ed8e12ee1c upstream.
On some systems (Asus T100 in particular) there are strict ordering
dependencies between LPSS devices with respect to power management
that break if they suspend/resume asynchronously.
In theory it should be possible to follow those dependencies in the
async suspend/resume case too (the ACPI tables tell as that the
dependencies are there), but since we're missing infrastructure
for that at the moment, disable async suspend/resume for all of
the LPSS devices for the time being.
Link: http://marc.info/?l=linux-acpi&m=141158962321905&w=2
Fixes: 8ce62f85a81f (ACPI / platform / LPSS: Enable async suspend/resume of LPSS devices)
Signed-off-by: Li Aubrey <aubrey.li@linux.intel.com>
Signed-off-by: Fu Zhonghui <zhonghui.fu@linux.intel.com>
[ rjw: Changelog ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Srinivas Pandruvada [Tue, 23 Sep 2014 02:35:54 +0000 (10:35 +0800)]
gpio / ACPI: Use pin index and bit length
commit
c15d821ddb9dac9ac6b5beb75bf942f3bc3a4004 upstream.
Fix code when the operation region callback is for an gpio, which
is not at index 0 and for partial pins in a GPIO definition.
For example:
Name (GMOD, ResourceTemplate ()
{
//3 Outputs that define the Power mode of the device
GpioIo (Exclusive, PullDown, , , , "\\_SB.GPI2") {10, 11, 12}
})
}
If opregion callback calls is for:
- Set pin 10, then address = 0 and bit length = 1
- Set pin 11, then address = 1 and bit length = 1
- Set for both pin 11 and pin 12, then address = 1, bit length = 2
This change requires updated ACPICA gpio operation handler code to
send the pin index and bit length.
Fixes: 473ed7be0da0 (gpio / ACPI: Add support for ACPI GPIO operation regions)
Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Acked-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bob Moore [Tue, 23 Sep 2014 02:35:47 +0000 (10:35 +0800)]
ACPICA: Update to GPIO region handler interface.
commit
75ec6e55f1384548311a13ce4fcb39c516053314 upstream.
Changes to correct several GPIO issues:
1) The update_rule in a GPIO field definition is now ignored;
a read-modify-write operation is never performed for GPIO fields.
(Internally, this means that the field assembly/disassembly
code is completely bypassed for GPIO.)
2) The Address parameter passed to a GPIO region handler is
now the bit offset of the field from a previous Connection()
operator. Thus, it becomes a "Pin Number Index" into the
Connection() resource descriptor.
3) The bit_width parameter passed to a GPIO region handler is
now the exact bit width of the GPIO field. Thus, it can be
interpreted as "number of pins".
Overall, we can now say that the region handler interface
to GPIO handlers is a raw "bit/pin" addressed interface, not
a byte-addressed interface like the system_memory handler interface.
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Markos Chandras [Tue, 16 Sep 2014 14:55:12 +0000 (15:55 +0100)]
MIPS: mcount: Adjust stack pointer for static trace in MIPS32
commit
8a574cfa2652545eb95595d38ac2a0bb501af0ae upstream.
Every mcount() call in the MIPS 32-bit kernel is done as follows:
[...]
move at, ra
jal _mcount
addiu sp, sp, -8
[...]
but upon returning from the mcount() function, the stack pointer
is not adjusted properly. This is explained in details in
58b69401c797
(MIPS: Function tracer: Fix broken function tracing).
Commit
ad8c396936e3 ("MIPS: Unbreak function tracer for 64-bit kernel.)
fixed the stack manipulation for 64-bit but it didn't fix it completely
for MIPS32.
Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/7792/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Paul Burton [Wed, 24 Sep 2014 09:45:37 +0000 (10:45 +0100)]
MIPS: Fix MFC1 & MFHC1 emulation for 64-bit MIPS systems
commit
c8c0da6bdf0f0d6f59fc23aab6ee373a131df82d upstream.
Commit
bbd426f542cb "MIPS: Simplify FP context access" modified the
SIFROMREG & SIFROMHREG macros such that they return unsigned rather
than signed 32b integers. I had believed that to be fine, but
inadvertently missed the MFC1 & MFHC1 cases which write to a struct
pt_regs regs element. On MIPS32 this is fine, but on 64 bit those
saved regs' fields are 64 bit wide. Using unsigned values caused the
32 bit value from the FP register to be zero rather than sign extended
as the architecture specifies, causing incorrect emulation of the
MFC1 & MFHc1 instructions. Fix by reintroducing the casts to signed
integers, and therefore the sign extension.
Signed-off-by: Paul Burton <paul.burton@imgtec.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/7848/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Aurelien Jarno [Sun, 20 Jul 2014 17:58:23 +0000 (19:58 +0200)]
MIPS: ZBOOT: add missing <linux/string.h> include
commit
29593fd5a8149462ed6fad0d522234facdaee6c8 upstream.
Commit
dc4d7b37 (MIPS: ZBOOT: gather string functions into string.c)
moved the string related functions into a separate file, which might
cause the following build error, depending on the configuration:
| CC arch/mips/boot/compressed/decompress.o
| In file included from linux/arch/mips/boot/compressed/../../../../lib/decompress_unxz.c:234:0,
| from linux/arch/mips/boot/compressed/decompress.c:67:
| linux/arch/mips/boot/compressed/../../../../lib/xz/xz_dec_stream.c: In function 'fill_temp':
| linux/arch/mips/boot/compressed/../../../../lib/xz/xz_dec_stream.c:162:2: error: implicit declaration of function 'memcpy' [-Werror=implicit-function-declaration]
| cc1: some warnings being treated as errors
| linux/scripts/Makefile.build:308: recipe for target 'arch/mips/boot/compressed/decompress.o' failed
| make[6]: *** [arch/mips/boot/compressed/decompress.o] Error 1
| linux/arch/mips/Makefile:308: recipe for target 'vmlinuz' failed
It does not fail with the standard configuration, as when
CONFIG_DYNAMIC_DEBUG is not enabled <linux/string.h> gets included in
include/linux/dynamic_debug.h. There might be other ways for it to
get indirectly included.
We can't add the include directly in xz_dec_stream.c as some
architectures might want to use a different version for the boot/
directory (see for example arch/x86/boot/string.h).
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/7420/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Nathan Lynch [Mon, 29 Sep 2014 18:11:36 +0000 (19:11 +0100)]
ARM: 8178/1: fix set_tls for !CONFIG_KUSER_HELPERS
commit
9cc6d9e5daaa147a9a3e31557efcb331989e77be upstream.
Joachim Eastwood reports that commit
fbfb872f5f41 "ARM: 8148/1: flush
TLS and thumbee register state during exec" causes a boot-time crash
on a Cortex-M4 nommu system:
Freeing unused kernel memory: 68K (
281e5000 -
281f6000)
Unhandled exception: IPSR =
00000005 LR =
fffffff1
CPU: 0 PID: 1 Comm: swapper Not tainted
3.17.0-rc6-00313-gd2205fa30aa7 #191
task:
29834000 ti:
29832000 task.ti:
29832000
PC is at flush_thread+0x2e/0x40
LR is at flush_thread+0x21/0x40
pc : [<
2800954a>] lr : [<
2800953d>] psr:
4100000b
sp :
29833d60 ip :
00000000 fp :
00000001
r10:
00003cf8 r9 :
29b1f000 r8 :
00000000
r7 :
29b0bc00 r6 :
29834000 r5 :
29832000 r4 :
29832000
r3 :
ffff0ff0 r2 :
29832000 r1 :
00000000 r0 :
282121f0
xPSR:
4100000b
CPU: 0 PID: 1 Comm: swapper Not tainted
3.17.0-rc6-00313-gd2205fa30aa7 #191
[<
2800afa5>] (unwind_backtrace) from [<
2800a327>] (show_stack+0xb/0xc)
[<
2800a327>] (show_stack) from [<
2800a963>] (__invalid_entry+0x4b/0x4c)
The problem is that set_tls is attempting to clear the TLS location in
the kernel-user helper page, which isn't set up on V7M.
Fix this by guarding the write to the kuser helper page with
a CONFIG_KUSER_HELPERS ifdef.
Fixes: fbfb872f5f41 ARM: 8148/1: flush TLS and thumbee register state during exec
Reported-by: Joachim Eastwood <manabian@gmail.com>
Tested-by: Joachim Eastwood <manabian@gmail.com>
Signed-off-by: Nathan Lynch <nathan_lynch@mentor.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Robin Murphy [Thu, 25 Sep 2014 10:56:19 +0000 (11:56 +0100)]
ARM: 8165/1: alignment: don't break misaligned NEON load/store
commit
5ca918e5e3f9df4634077c06585c42bc6a8d699a upstream.
The alignment fixup incorrectly decodes faulting ARM VLDn/VSTn
instructions (where the optional alignment hint is given but incorrect)
as LDR/STR, leading to register corruption. Detect these and correctly
treat them as unhandled, so that userspace gets the fault it expects.
Reported-by: Simon Hosie <simon.hosie@arm.com>
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Shawn Guo [Tue, 16 Sep 2014 01:35:33 +0000 (09:35 +0800)]
ARM: imx: fix .is_enabled() of shared gate clock
commit
9e1ac462b982f496ed3b491f02c417dcc8e40347 upstream.
Commit
63288b721a80 ("ARM: imx: fix shared gate clock") attempted to fix
an issue with particular enable/disable sequence from two shared gate
clocks. But unfortunately, while it partially fixed the issue, it also
did something wrong in .is_enabled() function hook. In case of shared
gate, the function shouldn't really query the hardware state via
share_count, because the function is trying to query the enabling state
of the clock in question, not the hardware state which is shared by
multiple clocks.
Fix the issue by returning the enable_count of the clock itself which is
maintained by clock core, in case it's a clock sharing hardware gate
with others. As the result, the initialization of share_count per
hardware state is not needed now. So remove it.
Reported-by: Fabio Estevam <fabio.estevam@freescale.com>
Fixes: 63288b721a80 ("ARM: imx: fix shared gate clock")
Signed-off-by: Shawn Guo <shawn.guo@freescale.com>
Tested-by: Fabio Estevam <fabio.estevam@freescale.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Markus Niebel [Thu, 11 Sep 2014 07:56:56 +0000 (15:56 +0800)]
ARM: DT: imx53: fix lvds channel 1 port
commit
1b134c9c4b555342be667f144ee714af1c3f6a9f upstream.
using LVDS channel 1 on an i.MX53 leads to following error:
imx-ldb
53fa8008.ldb: unable to set di0 parent clock to ldb_di1
This comes from imx_ldb_set_clock with mux = 0. Mux parameter must be "1" for
reparenting di1 clock to ldb_di1. The value of the mux param comes from device
tree port settings.
On i.MX5, the internal two-input-multiplexer is used. Due to hardware limitations,
only one port (port@[0,1]) can be used for each channel (lvds-channel@[0,1],
respectively)
Documentation update suggested by Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Markus Niebel <Markus.Niebel@tq-group.com>
Fixes: e05c8c9a790a ("ARM: dts: imx53: Add IPU DI ports and endpoints, move imx-drm node to dtsi")
Acked-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Shawn Guo <shawn.guo@freescale.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Roger Quadros [Wed, 10 Sep 2014 15:57:11 +0000 (08:57 -0700)]
ARM: dts: dra7-evm: Fix NAND GPMC timings
commit
5990047cef0c6a36eefcb166bd32d99a8f95c75b upstream.
The nand timings were scaled down by 2 to account for
the 2x rate returned by clk_get_rate(gpmc_fclk).
As the clock data got fixed by [1], revert back to actual
timings (i.e. scale them up by 2).
Without this NAND doesn't work on dra7-evm.
[1] - commit
dd94324b983afe114ba9e7ee3649313b451f63ce
ARM: dts: dra7xx-clocks: Fix the l3 and l4 clock rates
Fixes: ff66a3c86e00 ("ARM: dts: dra7: add support for parallel NAND flash")
Signed-off-by: Roger Quadros <rogerq@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stephen Boyd [Thu, 11 Sep 2014 22:25:30 +0000 (23:25 +0100)]
ARM: 8149/1: perf: Don't sleep while atomic when enabling per-cpu interrupts
commit
505013bc9065391f09a51d51cd3bf0b06dfb570a upstream.
Rob Clark reports a sleeping while atomic bug when using perf.
BUG: sleeping function called from invalid context at ../kernel/locking/mutex.c:583
in_atomic(): 1, irqs_disabled(): 128, pid: 0, name: swapper/0
------------[ cut here ]------------
WARNING: CPU: 2 PID: 4828 at ../kernel/locking/mutex.c:479 mutex_lock_nested+0x3a0/0x3e8()
DEBUG_LOCKS_WARN_ON(in_interrupt())
Modules linked in:
CPU: 2 PID: 4828 Comm: Xorg.bin Tainted: G W
3.17.0-rc3-00234-gd535c45-dirty #819
[<
c0216690>] (unwind_backtrace) from [<
c0212174>] (show_stack+0x10/0x14)
[<
c0212174>] (show_stack) from [<
c0867cc0>] (dump_stack+0x98/0xb8)
[<
c0867cc0>] (dump_stack) from [<
c02492a4>] (warn_slowpath_common+0x70/0x8c)
[<
c02492a4>] (warn_slowpath_common) from [<
c02492f0>] (warn_slowpath_fmt+0x30/0x40)
[<
c02492f0>] (warn_slowpath_fmt) from [<
c086a3f8>] (mutex_lock_nested+0x3a0/0x3e8)
[<
c086a3f8>] (mutex_lock_nested) from [<
c0294d08>] (irq_find_host+0x20/0x9c)
[<
c0294d08>] (irq_find_host) from [<
c0769d50>] (of_irq_get+0x28/0x48)
[<
c0769d50>] (of_irq_get) from [<
c057d104>] (platform_get_irq+0x1c/0x8c)
[<
c057d104>] (platform_get_irq) from [<
c021a06c>] (cpu_pmu_enable_percpu_irq+0x14/0x38)
[<
c021a06c>] (cpu_pmu_enable_percpu_irq) from [<
c02b1634>] (flush_smp_call_function_queue+0x88/0x178)
[<
c02b1634>] (flush_smp_call_function_queue) from [<
c0214dc0>] (handle_IPI+0x88/0x160)
[<
c0214dc0>] (handle_IPI) from [<
c0208930>] (gic_handle_irq+0x64/0x68)
[<
c0208930>] (gic_handle_irq) from [<
c0212d04>] (__irq_svc+0x44/0x5c)
Exception stack(0xe63ddea0 to 0xe63ddee8)
dea0:
00000001 00000001 00000000 c2f3b200 c16db380 c032d4a0 e63ddf40 60010013
dec0:
00000000 001fbfd4 00000100 00000000 00000001 e63ddee8 c0284770 c02a2e30
dee0:
20010013 ffffffff
[<
c0212d04>] (__irq_svc) from [<
c02a2e30>] (ktime_get_ts64+0x1c8/0x200)
[<
c02a2e30>] (ktime_get_ts64) from [<
c032d4a0>] (poll_select_set_timeout+0x60/0xa8)
[<
c032d4a0>] (poll_select_set_timeout) from [<
c032df64>] (SyS_select+0xa8/0x118)
[<
c032df64>] (SyS_select) from [<
c020e8e0>] (ret_fast_syscall+0x0/0x48)
---[ end trace
0bb583b46342da6f ]---
INFO: lockdep is turned off.
We don't really need to get the platform irq again when we're
enabling or disabling the per-cpu irq. Furthermore, we don't
really need to set and clear bits in the active_irqs bitmask
because that's only used in the non-percpu irq case to figure out
when the last CPU PMU has been disabled. Just pass the irq
directly to the enable/disable functions to clean all this up.
This should be slightly more efficient and also fix the
scheduling while atomic bug.
Fixes: bbd64559376f "ARM: perf: support percpu irqs for the CPU PMU"
Reported-by: Rob Clark <robdclark@gmail.com>
Acked-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Nathan Lynch [Thu, 11 Sep 2014 01:49:08 +0000 (02:49 +0100)]
ARM: 8148/1: flush TLS and thumbee register state during exec
commit
fbfb872f5f417cea48760c535e0ff027c88b507a upstream.
The TPIDRURO and TPIDRURW registers need to be flushed during exec;
otherwise TLS information is potentially leaked. TPIDRURO in
particular needs careful treatment. Since flush_thread basically
needs the same code used to set the TLS in arm_syscall, pull that into
a common set_tls helper in tls.h and use it in both places.
Similarly, TEEHBR needs to be cleared during exec as well. Clearing
its save slot in thread_info isn't right as there is no guarantee
that a thread switch will occur before the new program runs. Just
setting the register directly is sufficient.
Signed-off-by: Nathan Lynch <nathan_lynch@mentor.com>
Acked-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sudeep Holla [Mon, 1 Sep 2014 16:14:29 +0000 (17:14 +0100)]
ARM: 8133/1: use irq_set_affinity with force=false when migrating irqs
commit
a040803a9d6b8c1876d3487a5cb69602ebcbb82c upstream.
Since commit
1dbfa187dad ("ARM: irq migration: force migration off CPU
going down") the ARM interrupt migration code on cpu offline calls
irqchip.irq_set_affinity() with the argument force=true. At the point
of this change the argument had no effect because it was not used by
any interrupt chip driver and there was no semantics defined.
This changed with commit
01f8fa4f01d8 ("genirq: Allow forcing cpu
affinity of interrupts") which made the force argument useful to route
interrupts to not yet online cpus without checking the target cpu
against the cpu online mask. The following commit
ffde1de64012
("irqchip: gic: Support forced affinity setting") implemented this for
the GIC interrupt controller.
As a consequence the ARM cpu offline irq migration fails if CPU0 is
offlined, because CPU0 is still set in the affinity mask and the
validataion against cpu online mask is skipped to the force argument
being true. The following first_cpu(mask) selection always selects
CPU0 as the target.
Solve the issue by calling irq_set_affinity() with force=false from
the CPU offline irq migration code so the GIC driver validates the
affinity mask against CPU online mask and therefore removes CPU0 from
the possible target candidates.
Tested on TC2 hotpluging CPU0 in and out. Without this patch the system
locks up as the IRQs are not migrated away from CPU0.
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Nishanth Menon [Thu, 4 Sep 2014 13:33:37 +0000 (08:33 -0500)]
ARM: dts: dra7-evm: Fix spi1 mux documentation
commit
68e4d9e58dbae2fb178e8b74806f521adb16f0d3 upstream.
While auditing the various pin ctrl configurations using the following
command:
grep PIN_ arch/arm/boot/dts/dra7-evm.dts|(while read line;
do
v=`echo "$line" | sed -e "s/\s\s*/|/g" | cut -d '|' -f1 |
cut -d 'x' -f2|tr [a-z] [A-Z]`;
HEX=`echo "obase=16;ibase=16;
4A003400+$v"| bc`;
echo "$HEX ===> $line";
done)
against DRA75x/74x NDA TRM revision S(SPRUHI2S August 2014),
documentation errors were found for spi1 pinctrl. Fix the same.
Fixes: 6e58b8f1daaf1af ("ARM: dts: DRA7: Add the dts files for dra7 SoC and dra7-evm board")
Signed-off-by: Nishanth Menon <nm@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Ujfalusi [Mon, 4 Aug 2014 12:26:56 +0000 (15:26 +0300)]
ARM: edma: Fix configuration parsing for SoCs with multiple eDMA3 CC
commit
929a015b1809a30748d487f9d25b16a41434b61a upstream.
The edma_setup_from_hw() should know about the CC number when parsing the
CCCFG register - when it reads the register to be precise. The base
addresses for CCs stored in an array and we need to provide the correct id
to edma_read() in order to read the correct register.
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Signed-off-by: Sekhar Nori <nsekhar@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Nishanth Menon [Mon, 25 Aug 2014 23:15:34 +0000 (16:15 -0700)]
ARM: dts: DRA7: fix interrupt-cells for GPIO
commit
e49d519c456f4fb6f4a0473bc04ba30bb805fce5 upstream.
GPIO modules are also interrupt sources. However, they require both the
GPIO number and IRQ type to function properly.
By declaring that GPIO uses interrupt-cells=<1>, we essentially do not
allow users of the nodes to use the interrupt property appropritely.
With this change, the following now works:
interrupt-parent = <&gpio6>;
interrupts = <5 IRQ_TYPE_LEVEL_LOW>;
Fixes: 6e58b8f1daaf ('ARM: dts: DRA7: Add the dts files for dra7 SoC and dra7-evm board')
Signed-off-by: Nishanth Menon <nm@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rajendra Nayak [Thu, 28 Aug 2014 01:38:23 +0000 (19:38 -0600)]
ARM: DRA7: hwmod: Add dra74x and dra72x specific ocp interface lists
commit
f7f7a29bf0cf25af23f37e5b5bf1368b85705286 upstream.
To deal with IPs which are specific to dra74x and dra72x, maintain seperate
ocp interface lists, while keeping the common list for all common IPs.
Move USB OTG SS4 to dra74x only list since its unavailable in
dra72x and is giving an abort during boot. The dra72x only list
is empty for now and a placeholder for future hwmod additions which
are specific to dra72x.
Fixes: d904b38df0db13 ("ARM: DRA7: hwmod: Add SYSCONFIG for usb_otg_ss")
Reported-by: Keerthy <j-keerthy@ti.com>
Signed-off-by: Rajendra Nayak <rnayak@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Tested-by: Nishanth Menon <nm@ti.com>
[paul@pwsan.com: fixed comment style to conform with CodingStyle]
Signed-off-by: Paul Walmsley <paul@pwsan.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fabio Estevam [Thu, 7 Aug 2014 18:01:33 +0000 (15:01 -0300)]
ARM: dts: imx53-qsrb: Fix suspend/resume
commit
090727b880ff3c56e333f267cc24ab076f3bc096 upstream.
The following error is seen after a suspend/resume cycle on a mx53qsb with a
MC34708 PMIC:
root@freescale /$ echo mem > /sys/power/state
[ 32.630592] PM: Syncing filesystems ... done.
[ 32.643924] Freezing user space processes ... (elapsed 0.001 seconds) done.
[ 32.652384] Freezing remaining freezable tasks ... (elapsed 0.001 seconds) done.
[ 32.679156] PM: suspend of devices complete after 13.113 msecs
[ 32.685128] PM: suspend devices took 0.030 seconds
[ 32.696109] PM: late suspend of devices complete after 6.133 msecs
[ 33.313032] mc13xxx 0-0008: Failed to read IRQ status: -110
[ 33.322009] PM: noirq suspend of devices complete after 619.667 msecs
[ 33.328544] Disabling non-boot CPUs ...
[ 33.335031] PM: noirq resume of devices complete after 2.352 msecs
[ 33.842940] mc13xxx 0-0008: Failed to read IRQ status: -110
[ 33.976095] [sched_delayed] sched: RT throttling activated
[ 33.984804] PM: early resume of devices complete after 642.642 msecs
[ 34.352954] mc13xxx 0-0008: Failed to read IRQ status: -110
[ 34.862910] mc13xxx 0-0008: Failed to read IRQ status: -110
[ 34.996595] PM: resume of devices complete after 1005.367 msecs
[ 35.372925] mc13xxx 0-0008: Failed to read IRQ status: -110
[ 35.882911] mc13xxx 0-0008: Failed to read IRQ status: -110
[ 35.955707] PM: resume devices took 1.970 seconds
[ 35.960445] Restarting tasks ... done.
[ 35.993386] fec
63fec000.ethernet eth0: Link is Down
[ 36.392980] mc13xxx 0-0008: Failed to read IRQ status: -110
[ 36.902908] mc13xxx 0-0008: Failed to read IRQ status: -110
[ 36.953036] ata1: SATA link down (SStatus 0 SControl 300)
[ 37.412922] mc13xxx 0-0008: Failed to read IRQ status: -110
[ 37.922906] mc13xxx 0-0008: Failed to read IRQ status: -110
[ 37.993379] fec
63fec000.ethernet eth0: Link is Up - 100Mbps/Full - flow control rx/tx
[ 38.432938] mc13xxx 0-0008: Failed to read IRQ status: -110
[ 38.942920] mc13xxx 0-0008: Failed to read IRQ status: -110
[ 39.452933] mc13xxx 0-0008: Failed to read IRQ status: -110
(flood of this error message continues forever)
Commit
5169df8be0a432ee ("ARM: dts: i.MX53: add support for MCIMX53-START-R")
missed to configure the IOMUX for the PMIC IRQ pin.
Configure the PMIC IRQ pin so that the suspend/resume sequence behaves cleanly
as expected.
Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Signed-off-by: Shawn Guo <shawn.guo@freescale.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Mark Rutland [Fri, 15 Aug 2014 11:11:50 +0000 (12:11 +0100)]
ARM: 8129/1: errata: work around Cortex-A15 erratum 830321 using dummy strex
commit
2c32c65e3726c773760038910be30cce1b4d4149 upstream.
On revisions of Cortex-A15 prior to r3p3, a CLREX instruction at PL1 may
falsely trigger a watchpoint exception, leading to potential data aborts
during exception return and/or livelock.
This patch resolves the issue in the following ways:
- Replacing our uses of CLREX with a dummy STREX sequence instead (as
we did for v6 CPUs).
- Removing the clrex code from v7_exit_coherency_flush and derivatives,
since this only exists as a minor performance improvement when
non-cached exclusives are in use (Linux doesn't use these).
Benchmarking on a variety of ARM cores revealed no measurable
performance difference with this change applied, so the change is
performed unconditionally and no new Kconfig entry is added.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Mark Rutland [Fri, 15 Aug 2014 11:11:49 +0000 (12:11 +0100)]
ARM: 8128/1: abort: don't clear the exclusive monitors
commit
85868313177700d20644263a782351262d2aff84 upstream.
The ARMv6 and ARMv7 early abort handlers clear the exclusive monitors
upon entry to the kernel, but this is redundant:
- We clear the monitors on every exception return since commit
200b812d0084 ("Clear the exclusive monitor when returning from an
exception"), so this is not necessary to ensure the monitors are
cleared before returning from a fault handler.
- Any dummy STREX will target a temporary scratch area in memory, and
may succeed or fail without corrupting useful data. Its status value
will not be used.
- Any other STREX in the kernel must be preceded by an LDREX, which
will initialise the monitors consistently and will not depend on the
earlier state of the monitors.
Therefore we have no reason to care about the initial state of the
exclusive monitors when a data abort is taken, and clearing the monitors
prior to exception return (as we already do) is sufficient.
This patch removes the redundant clearing of the exclusive monitors from
the early abort handlers.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Acked-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Andy Shevchenko [Wed, 27 Aug 2014 13:21:12 +0000 (16:21 +0300)]
spi: dw-pci: fix bug when regs left uninitialized
commit
c9d5d6fe168fd45a4dfdd0116affe708789b4702 upstream.
The commit
04f421e7 "spi: dw: use managed resources" changes drivers to use
managed functions, but seems wasn't properly tested in PCI case. The regs field
of struct dw_spi left uninitialized. Thus, kernel crashes when tries to access
to the SPI controller registers. This patch fixes the issue.
Fixes: 04f421e7 (spi: dw: use managed resources)
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Andy Shevchenko [Wed, 27 Aug 2014 16:26:08 +0000 (19:26 +0300)]
spi: dw: fix kernel crash due to NULL pointer dereference
commit
08a707b87874eaaa0f336ab604ecd6e5e9f286dd upstream.
The obvious fix after the commit
d9c73bb8a3a5 "spi: dw: add support for gpio
controlled chip select". This patch fixes the issue by using locally defined
temporary variable.
Fixes: d9c73bb8a3a5 (spi: dw: add support for gpio controlled chip select)
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Jorge A. Ventura [Sat, 9 Aug 2014 21:06:58 +0000 (16:06 -0500)]
spi/omap-mcspi: Fix the spi task hangs waiting dma_rx
commit
3d0763c006f8da1b44a9f5f9a21187f5b8f674f4 upstream.
The spi hangs waiting the completion of omap2_mcspi_rx_callback.
Signed-off-by: Jorge A. Ventura <jorge.araujo.ventura@gmail.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Weston Andros Adamson [Mon, 15 Sep 2014 18:14:45 +0000 (14:14 -0400)]
nfs: can_coalesce_requests must enforce contiguity
commit
78270e8fbc2916bfc8305b8f58f33474cce1ec0e upstream.
Commit
6094f83864c1d1296566a282cba05ba613f151ee
"nfs: allow coalescing of subpage requests" got rid of the requirement
that requests cover whole pages, but it made some incorrect assumptions.
It turns out that callers of this interface can map adjacent requests
(by file position as seen by req_offset + req->wb_bytes) to different pages,
even when they could share a page. An example is the direct I/O interface -
iov_iter_get_pages_alloc may return one segment with a partial page filled
and the next segment (which is adjacent in the file position) starts with a
new page.
Reported-by: Toralf Förster <toralf.foerster@gmx.de>
Signed-off-by: Weston Andros Adamson <dros@primarydata.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Weston Andros Adamson [Mon, 15 Sep 2014 18:14:44 +0000 (14:14 -0400)]
nfs: disallow duplicate pages in pgio page vectors
commit
bba5c1887a925a9945d22217d38d58d8b3ba1043 upstream.
Adjacent requests that share the same page are allowed, but should only
use one entry in the page vector. This avoids overruning the page
vector - it is sized based on how many bytes there are, not by
request count.
This fixes issues that manifest as "Redzone overwritten" bugs (the
vector overrun) and hangs waiting on page read / write, as it waits on
the same page more than once.
This also adds bounds checking to the page vector with a graceful failure
(WARN_ON_ONCE and pgio error returned to application).
Reported-by: Toralf Förster <toralf.foerster@gmx.de>
Signed-off-by: Weston Andros Adamson <dros@primarydata.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Weston Andros Adamson [Mon, 15 Sep 2014 18:14:43 +0000 (14:14 -0400)]
nfs: don't sleep with inode lock in lock_and_join_requests
commit
7c3af975257383ece54b83c0505d3e0656cb7daf upstream.
This handles the 'nonblock=false' case in nfs_lock_and_join_requests.
If the group is already locked and blocking is allowed, drop the inode lock
and wait for the group lock to be cleared before trying it all again.
This should fix warnings found in peterz's tree (sched/wait branch), where
might_sleep() checks are added to wait.[ch].
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Weston Andros Adamson <dros@primarydata.com>
Reviewed-by: Peng Tao <tao.peng@primarydata.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Weston Andros Adamson [Mon, 15 Sep 2014 18:14:42 +0000 (14:14 -0400)]
nfs: fix error handling in lock_and_join_requests
commit
94970014c46223cbcdfbfc67b89596a412f9e3dd upstream.
This fixes handling of errors from nfs_page_group_lock in
nfs_lock_and_join_requests. It now releases the inode lock and the
reference to the head request.
Reported-by: Peng Tao <tao.peng@primarydata.com>
Signed-off-by: Weston Andros Adamson <dros@primarydata.com>
Reviewed-by: Peng Tao <tao.peng@primarydata.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Weston Andros Adamson [Mon, 15 Sep 2014 18:14:41 +0000 (14:14 -0400)]
nfs: use blocking page_group_lock in add_request
commit
bfd484a5606d6a0379a0a2f04251b1e5c1f8995c upstream.
__nfs_pageio_add_request was calling nfs_page_group_lock nonblocking, but
this can return -EAGAIN which would end up passing -EIO to the application.
There is no reason not to block in this path, so change the two calls to
do so. Also, there is no need to check the return value of
nfs_page_group_lock when nonblock=false, so remove the error handling code.
Signed-off-by: Weston Andros Adamson <dros@primarydata.com>
Reviewed-by: Peng Tao <tao.peng@primarydata.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Weston Andros Adamson [Mon, 15 Sep 2014 18:14:40 +0000 (14:14 -0400)]
nfs: fix nonblocking calls to nfs_page_group_lock
commit
bc8a309e88a86205fc3e17f06e42a2e56fc6f807 upstream.
nfs_page_group_lock was calling wait_on_bit_lock even when told not to
block. Fix by first trying test_and_set_bit, followed by wait_on_bit_lock
if and only if blocking is allowed. Return -EAGAIN if nonblocking and the
test_and_set of the bit was already locked.
Signed-off-by: Weston Andros Adamson <dros@primarydata.com>
Reviewed-by: Peng Tao <tao.peng@primarydata.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Weston Andros Adamson [Mon, 15 Sep 2014 18:14:39 +0000 (14:14 -0400)]
nfs: change nfs_page_group_lock argument
commit
fd2f3a06d30c85a17cf035ebc60c88c2a13a8ece upstream.
Flip the meaning of the second argument from 'wait' to 'nonblock' to
match related functions. Update all five calls to reflect this change.
Signed-off-by: Weston Andros Adamson <dros@primarydata.com>
Reviewed-by: Peng Tao <tao.peng@primarydata.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Weston Andros Adamson [Mon, 15 Sep 2014 18:14:38 +0000 (14:14 -0400)]
nfs: clear_request_commit while holding i_lock
commit
411a99adffb4f993eee29759f744de01487044ac upstream.
Signed-off-by: Weston Andros Adamson <dros@primarydata.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Weston Andros Adamson [Mon, 15 Sep 2014 18:14:37 +0000 (14:14 -0400)]
pnfs: add pnfs_put_lseg_async
commit
e6cf82d1830f5e16a10d566f58db70f297ba5da8 upstream.
This is useful when lsegs need to be released while holding locks.
Signed-off-by: Weston Andros Adamson <dros@primarydata.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Weston Andros Adamson [Mon, 15 Sep 2014 18:14:36 +0000 (14:14 -0400)]
nfs: check wait_on_bit_lock err in page_group_lock
commit
e7029206ff43f6cf7d6fcb741adb126f47200516 upstream.
Return errors from wait_on_bit_lock from nfs_page_group_lock.
Add a bool argument @wait to nfs_page_group_lock. If true, loop over
wait_on_bit_lock until it returns cleanly. If false, return the error
from wait_on_bit_lock.
Signed-off-by: Weston Andros Adamson <dros@primarydata.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Weston Andros Adamson [Mon, 15 Sep 2014 18:14:35 +0000 (14:14 -0400)]
nfs: remove pgio_header refcount, related cleanup
commit
4714fb51fd03a14d8c73001438283e7f7b752f1e upstream.
The refcounting on nfs_pgio_header was related to there being (possibly)
more than one nfs_pgio_data. Now that nfs_pgio_data has been merged into
nfs_pgio_header, there is no reason to do this ref counting. Just call
the completion callback on nfs_pgio_release/nfs_pgio_error.
Signed-off-by: Weston Andros Adamson <dros@primarydata.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Weston Andros Adamson [Mon, 15 Sep 2014 18:14:34 +0000 (14:14 -0400)]
nfs: merge nfs_pgio_data into _header
commit
d45f60c67848b9f19160692581d78e5b4757a000 upstream.
struct nfs_pgio_data only exists as a member of nfs_pgio_header, but is
passed around everywhere, because there used to be multiple _data structs
per _header. Many of these functions then use the _data to find a pointer
to the _header. This patch cleans this up by merging the nfs_pgio_data
structure into nfs_pgio_header and passing nfs_pgio_header around instead.
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Weston Andros Adamson <dros@primarydata.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Weston Andros Adamson [Mon, 15 Sep 2014 18:14:33 +0000 (14:14 -0400)]
nfs: rename members of nfs_pgio_data
commit
823b0c9d9800e712374cda89ac3565bd29f6701b upstream.
Rename "verf" to "writeverf" and "pages" to "page_array" to prepare for
merge of nfs_pgio_data and nfs_pgio_header.
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Weston Andros Adamson <dros@primarydata.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Weston Andros Adamson [Mon, 15 Sep 2014 18:14:32 +0000 (14:14 -0400)]
nfs: move nfs_pgio_data and remove nfs_rw_header
commit
1e7f3a485922211b6e4a082ebc6bf05810b0b6ea upstream.
nfs_rw_header was used to allocate an nfs_pgio_header along with an
nfs_pgio_data, because a _header would need at least one _data.
Now there is only ever one nfs_pgio_data for each nfs_pgio_header -- move
it to nfs_pgio_header and get rid of nfs_rw_header.
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Weston Andros Adamson <dros@primarydata.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
J. Bruce Fields [Wed, 24 Sep 2014 20:32:34 +0000 (16:32 -0400)]
nfsd4: fix corruption of NFSv4 read data
commit
15b23ef5d348ea51c5e7573e2ef4116fbc7cb099 upstream.
The calculation of page_ptr here is wrong in the case the read doesn't
start at an offset that is a multiple of a page.
The result is that nfs4svc_encode_compoundres sets rq_next_page to a
value one too small, and then the loop in svc_free_res_pages may
incorrectly fail to clear a page pointer in rq_respages[].
Pages left in rq_respages[] are available for the next rpc request to
use, so xdr data may be written to that page, which may hold data still
waiting to be transmitted to the client or data in the page cache.
The observed result was silent data corruption seen on an NFSv4 client.
We tag this as "fixing"
05638dc73af2 because that commit exposed this
bug, though the incorrect calculation predates it.
Particular thanks to Andrea Arcangeli and David Gilbert for analysis and
testing.
Fixes: 05638dc73af2 "nfsd4: simplify server xdr->next_page use"
Reported-by: Andrea Arcangeli <aarcange@redhat.com>
Tested-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Trond Myklebust [Thu, 18 Sep 2014 15:51:32 +0000 (11:51 -0400)]
NFSv4: Fix another bug in the close/open_downgrade code
commit
cd9288ffaea4359d5cfe2b8d264911506aed26a4 upstream.
James Drew reports another bug whereby the NFS client is now sending
an OPEN_DOWNGRADE in a situation where it should really have sent a
CLOSE: the client is opening the file for O_RDWR, but then trying to
do a downgrade to O_RDONLY, which is not allowed by the NFSv4 spec.
Reported-by: James Drews <drews@engr.wisc.edu>
Link: http://lkml.kernel.org/r/541AD7E5.8020409@engr.wisc.edu
Fixes: aee7af356e15 (NFSv4: Fix problems with close in the presence...)
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Steve Dickson [Thu, 18 Sep 2014 13:13:17 +0000 (09:13 -0400)]
NFSv4: nfs4_state_manager() vs. nfs_server_remove_lists()
commit
080af20cc945d110f9912d01cf6b66f94a375b8d upstream.
There is a race between nfs4_state_manager() and
nfs_server_remove_lists() that happens during a nfsv3 mount.
The v3 mount notices there is already a supper block so
nfs_server_remove_lists() called which uses the nfs_client_lock
spin lock to synchronize access to the client list.
At the same time nfs4_state_manager() is running through
the client list looking for work to do, using the same
lock. When nfs4_state_manager() wins the race to the
list, a v3 client pointer is found and not ignored
properly which causes the panic.
Moving some protocol checks before the state checking
avoids the panic.
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Li Zefan [Thu, 4 Sep 2014 06:43:38 +0000 (14:43 +0800)]
cgroup: check cgroup liveliness before unbreaking kernfs
commit
aa32362f011c6e863132b16c1761487166a4bad2 upstream.
When cgroup_kn_lock_live() is called through some kernfs operation and
another thread is calling cgroup_rmdir(), we'll trigger the warning in
cgroup_get().
------------[ cut here ]------------
WARNING: CPU: 1 PID: 1228 at kernel/cgroup.c:1034 cgroup_get+0x89/0xa0()
...
Call Trace:
[<
c16ee73d>] dump_stack+0x41/0x52
[<
c10468ef>] warn_slowpath_common+0x7f/0xa0
[<
c104692d>] warn_slowpath_null+0x1d/0x20
[<
c10bb999>] cgroup_get+0x89/0xa0
[<
c10bbe58>] cgroup_kn_lock_live+0x28/0x70
[<
c10be3c1>] __cgroup_procs_write.isra.26+0x51/0x230
[<
c10be5b2>] cgroup_tasks_write+0x12/0x20
[<
c10bb7b0>] cgroup_file_write+0x40/0x130
[<
c11aee71>] kernfs_fop_write+0xd1/0x160
[<
c1148e58>] vfs_write+0x98/0x1e0
[<
c114934d>] SyS_write+0x4d/0xa0
[<
c16f656b>] sysenter_do_call+0x12/0x12
---[ end trace
6f2e0c38c2108a74 ]---
Fix this by calling css_tryget() instead of cgroup_get().
v2:
- move cgroup_tryget() right below cgroup_get() definition. (Tejun)
Reported-by: Toralf Förster <toralf.foerster@gmx.de>
Signed-off-by: Zefan Li <lizefan@huawei.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
J. Bruce Fields [Wed, 20 Aug 2014 18:49:50 +0000 (14:49 -0400)]
nfsd4: fix rd_dircount enforcement
commit
aee3776441461c14ba6d8ed9e2149933e65abb6e upstream.
Commit
3b299709091b "nfsd4: enforce rd_dircount" totally misunderstood
rd_dircount; it refers to total non-attribute bytes returned, not number
of directory entries returned.
Bring the code into agreement with RFC 3530 section 14.2.24.
Fixes: 3b299709091b "nfsd4: enforce rd_dircount"
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Olav Haugan [Mon, 4 Aug 2014 18:01:02 +0000 (19:01 +0100)]
iommu/arm-smmu: fix programming of SMMU_CBn_TCR for stage 1
commit
1fc870c7efa364862c3bc792cfbdb38afea26742 upstream.
Stage-1 context banks do not have the SMMU_CBn_TCR[SL0] field since it
is only applicable to stage-2 context banks.
This patch ensures that we don't set the reserved TCR bits for stage-1
translations.
Signed-off-by: Olav Haugan <ohaugan@codeaurora.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Varun Sethi [Thu, 4 Sep 2014 11:38:45 +0000 (17:08 +0530)]
iommu/fsl: Fix warning resulting from adding PCI device twice
commit
5a9137a66b521d667236e95c307b92af532fe600 upstream.
iommu_group_get_for_dev determines the iommu group for the PCI device and adds
the device to the group.
In the PAMU driver we were again adding the device to the same group without checking
if the device already had an iommu group. This resulted in the following warning.
sysfs: cannot create duplicate filename '/devices/
ffe200000.pcie/pci0000:00/0000:00:00.0/iommu_group'
------------[ cut here ]------------
WARNING: at fs/sysfs/dir.c:31
Modules linked in:
CPU: 0 PID: 1 Comm: swapper/0 Not tainted
3.17.0-rc3-00002-g7505cea-dirty #126
task:
c0000001fe0a0000 ti:
c0000001fe044000 task.ti:
c0000001fe044000
NIP:
c00000000018879c LR:
c000000000188798 CTR:
c00000000001ea50
REGS:
c0000001fe047040 TRAP: 0700 Not tainted (
3.17.0-rc3-00002-g7505cea-dirty)
MSR:
0000000080029000 <CE,EE,ME> CR:
24ad8e22 XER:
20000000
SOFTE: 1
GPR00:
c000000000188798 c0000001fe0472c0 c0000000009a52e0 0000000000000065
GPR04:
0000000000000001 0000000000000000 3a30303a00000000 0000000027000000
GPR08:
2f696f6d00000000 c0000000008d3830 c0000000009b3938 c0000000009bb3d0
GPR12:
0000000028ad8e24 c00000000fff4000 c00000000000205c 0000000000000000
GPR16:
0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR20:
0000000000000000 0000000000000000 0000000000000000 c0000000008a4c70
GPR24:
c0000000007e9010 c0000001fe0140a8 ffffffffffffffef 0000000000000001
GPR28:
c0000001fe22ebb8 c0000000007e9010 c00000000090bf10 c0000001fe220000
NIP [
c00000000018879c] .sysfs_warn_dup+0x74/0xa4
LR [
c000000000188798] .sysfs_warn_dup+0x70/0xa4
Call Trace:
[
c0000001fe0472c0] [
c000000000188798] .sysfs_warn_dup+0x70/0xa4 (unreliable)
[
c0000001fe047350] [
c000000000188d34] .sysfs_do_create_link_sd.clone.2+0x168/0x174
[
c0000001fe047400] [
c0000000004b3cf8] .iommu_group_add_device+0x78/0x244
[
c0000001fe0474b0] [
c0000000004b6964] .fsl_pamu_add_device+0x88/0x1a8
[
c0000001fe047570] [
c0000000004b3960] .iommu_bus_notifier+0xdc/0x15c
[
c0000001fe047600] [
c000000000059848] .notifier_call_chain+0x8c/0xe8
[
c0000001fe0476a0] [
c000000000059d04] .__blocking_notifier_call_chain+0x58/0x84
[
c0000001fe047750] [
c00000000036619c] .device_add+0x464/0x5c8
[
c0000001fe047820] [
c000000000300ebc] .pci_device_add+0x14c/0x17c
[
c0000001fe0478c0] [
c000000000300fbc] .pci_scan_single_device+0xd0/0xf4
[
c0000001fe047970] [
c00000000030104c] .pci_scan_slot+0x6c/0x18c
[
c0000001fe047a10] [
c00000000030226c] .pci_scan_child_bus+0x40/0x114
[
c0000001fe047ac0] [
c000000000021974] .pcibios_scan_phb+0x240/0x2c8
[
c0000001fe047b70] [
c00000000085a970] .pcibios_init+0x64/0xc8
[
c0000001fe047c00] [
c000000000001884] .do_one_initcall+0xbc/0x224
[
c0000001fe047d00] [
c000000000852d50] .kernel_init_freeable+0x14c/0x21c
[
c0000001fe047db0] [
c000000000002078] .kernel_init+0x1c/0xfa4
[
c0000001fe047e30] [
c000000000000884] .ret_from_kernel_thread+0x58/0xd4
Instruction dump:
7c7f1b79 4182001c 7fe4fb78 7f83e378 38a01000 4bffc905 60000000 7c641b78
e87e8008 7fa5eb78 48482ff5 60000000 <
0fe00000>
7fe3fb78 4bf7bd39 60000000
Signed-off-by: Varun Sethi <Varun.Sethi@freescale.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Joerg Roedel [Thu, 21 Aug 2014 21:06:48 +0000 (23:06 +0200)]
iommu/vt-d: Check return value of acpi_bus_get_device()
commit
c0df975f9045d6b2b13d88746e628ac308ff49ea upstream.
Checking adev == NULL is not sufficient as
acpi_bus_get_device() might not touch the value of this
parameter in an error case, so check the return value
directly.
Fixes: ed40356b5fcf1ce28e026ab39c5b2b6939068b50
Cc: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bjørn Mork [Tue, 9 Sep 2014 08:45:18 +0000 (10:45 +0200)]
Revert "ACPI / battery: fix wrong value of capacity_now reported when fully charged"
commit
508b3c677601797f2d51df3df5caa436dd235cb9 upstream.
This reverts commit
232de5143790 ("ACPI / battery: fix wrong value of
capacity_now reported when fully charged")
There is nothing wrong or unexpected about 'capacity_now' increasing above
the last 'full_charge_capacity' value. Different charging cycles will cause
'full_charge_capacity' to vary, both up and down. Good battery firmwares
will update 'full_charge_capacity' when the current charging cycle is
complete, increasing it if necessary. It might even go above
'design_capacity' on a fresh and healthy battery.
Capping 'capacity_now' to 'full_charge_capacity' is plain wrong, and
printing a warning if this doesn't happen to match the 'design_capacity'
is both annoying and terribly wrong.
This results in bogus warnings on perfectly working systems/firmwares:
[Firmware Bug]: battery: reported current charge level (39800) is higher than reported maximum charge level (39800).
and wrong values being reported for 'capacity_now' and
'full_charge_capacity' after the warning has been triggered.
Fixes: 232de5143790 ("ACPI / battery: fix wrong value of capacity_now reported when fully charged")
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fu Zhonghui [Tue, 9 Sep 2014 14:30:06 +0000 (16:30 +0200)]
ACPI / LPSS: complete PM entries for LPSS power domain
commit
f4168b617ac09986c4333accaff5d8ba5a9db7bf upstream.
PM entries of LPSS power domain were not implemented correctly
in commit
c78b0830667a "ACPI / LPSS: custom power domain for LPSS".
This patch fixes and completes these PM entries.
Fixes: c78b0830667a (ACPI / LPSS: custom power domain for LPSS)
Signed-off-by: Li Aubrey <aubrey.li@linux.intel.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Fu Zhonghui <zhonghui.fu@linux.intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Lee, Chun-Yi [Thu, 4 Sep 2014 07:13:39 +0000 (15:13 +0800)]
ACPI / RTC: Fix CMOS RTC opregion handler accesses to wrong addresses
commit
9389f46e9782ea5e56fbd7b2e59ba7c08f3ba86b upstream.
The value64 parameter is an u64 point that used to transfer the value
for write to CMOS, or used to return the value that's read from CMOS.
The value64 is an u64 point, so don't need get address again. It causes
acpi_cmos_rtc_space_handler always return 0 to reader and didn't write
expected value to CMOS.
Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Robert Baldyga [Tue, 9 Sep 2014 08:44:13 +0000 (10:44 +0200)]
usb: dwc2/gadget: avoid disabling ep0
commit
604eac3c0c69e98f2fd0133305f9e777418f1d3b upstream.
Endpoint 0 should not be disabled, so we start loop counter from number 1.
Signed-off-by: Robert Baldyga <r.baldyga@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Marek Szyprowski [Tue, 9 Sep 2014 08:44:12 +0000 (10:44 +0200)]
usb: dwc2/gadget: delay enabling irq once hardware is configured properly
commit
eb3c56c5ccdd252940cb0ec0541fcdc94894bd8d upstream.
This patch fixes kernel panic/interrupt storm/etc issues if bootloader
left s3c-hsotg module in enabled state. Now interrupt handler is enabled
only after proper configuration of hardware registers.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Robert Baldyga <r.baldyga@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Marek Szyprowski [Tue, 9 Sep 2014 08:44:11 +0000 (10:44 +0200)]
usb: dwc2/gadget: do not call disconnect method in pullup
commit
b510df5a36c066da3a188f4ade3404118b63c6de upstream.
This leads to potential spinlock recursion in composite framework, other
udc drivers also don't call it directly from pullup method.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Robert Baldyga <r.baldyga@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Marek Szyprowski [Tue, 9 Sep 2014 08:44:10 +0000 (10:44 +0200)]
usb: dwc2/gadget: break infinite loop in endpoint disable code
commit
e0cbe595db72b037260bbda77106f6811a1ebb1d upstream.
This patch fixes possible freeze caused by infinite loop in interrupt
context.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Robert Baldyga <r.baldyga@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Kamil Debski [Tue, 9 Sep 2014 08:44:09 +0000 (10:44 +0200)]
usb: dwc2/gadget: fix phy initialization sequence
commit
ca2c5ba80f823a38c4aae506e2f03c1afb076b0a upstream.
In the Generic PHY Framework a NULL phy is considered to be a valid phy
thus the "if (hsotg->phy)" check does not give us the information whether
the Generic PHY Framework is used.
In addition to the above this patch also removes phy_init from probe and
phy_exit from remove. This is not necessary when init/exit is done in the
s3c_hsotg_phy_enable/disable functions.
Signed-off-by: Kamil Debski <k.debski@samsung.com>
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Robert Baldyga <r.baldyga@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Kamil Debski [Tue, 9 Sep 2014 08:44:08 +0000 (10:44 +0200)]
usb: dwc2/gadget: fix phy disable sequence
commit
0655314be0d9c54ad5f63500219485c6a9d9e5e2 upstream.
When the driver is removed s3c_hsotg_phy_disable is called three times
instead of once. This results in decreasing of the phy reference counter
below zero and thus consecutive inserts of the module fails.
This patch removes calls to s3c_hsotg_phy_disable from s3c_hsotg_remove
and s3c_hsotg_udc_stop.
s3c_hsotg_udc_stop is called from udc-core.c only after
usb_gadget_disconnect, which in turn calls s3c_hsotg_pullup, which
already calls s3c_hsotg_phy_disable.
s3c_hsotg_remove must be called only after udc_stop, so there is no
point in disabling phy once again there.
Signed-off-by: Kamil Debski <k.debski@samsung.com>
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Robert Baldyga <r.baldyga@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Felipe Balbi [Wed, 3 Sep 2014 21:42:57 +0000 (16:42 -0500)]
usb: dwc3: omap: fix ordering for runtime pm calls
commit
81a60b7f5c143ab3cdcd9943c9b4b7c63c32fc31 upstream.
we don't to gate clocks until our children are
done with their remove path.
Fixes: af310e9 (usb: dwc3: omap: use runtime API's to enable clocks)
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Felipe Balbi [Wed, 3 Sep 2014 21:13:37 +0000 (16:13 -0500)]
usb: dwc3: core: fix ordering for PHY suspend
commit
dc99f16f076559235c92d3eb66d03d1310faea08 upstream.
We can't suspend the PHYs before dwc3_core_exit_mode()
has been called, that's because the host and/or device
sides might still need to communicate with the far end
link partner.
Fixes: 8ba007a (usb: dwc3: core: enable the USB2 and USB3 phy in probe)
Suggested-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Felipe Balbi [Tue, 2 Sep 2014 19:57:20 +0000 (14:57 -0500)]
usb: dwc3: core: fix order of PM runtime calls
commit
fed33afce0eda44a46ae24d93aec1b5198c0bac4 upstream.
Currently, we disable pm_runtime before all register
accesses are done, this is dangerous and might lead
to abort exceptions due to the driver trying to access
a register which is clocked by a clock which was long
gated.
Fix that by moving pm_runtime_put_sync() and pm_runtime_disable()
as the last thing we do before returning from our ->remove()
method.
Fixes: 72246da (usb: Introduce DesignWare USB3 DRD Driver)
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Alan Stern [Wed, 17 Sep 2014 15:23:54 +0000 (11:23 -0400)]
USB: EHCI: unlink QHs even after the controller has stopped
commit
7312b5ddd47fee2356baa78c5516ef8e04eed452 upstream.
Old code in ehci-hcd tries to expedite disabling endpoints after the
controller has stopped, by destroying the endpoint's associated QH
without first unlinking the QH. This was necessary back when the
driver wasn't so careful about keeping track of the controller's
state.
But now we are careful about it, and the driver knows that when the
controller isn't running, no unlinking delay is needed. Furthermore,
skipping the unlink step will trigger a BUG() in qh_destroy() when the
preceding QH is released, because the link pointer will be non-NULL.
Removing the lines that skip the unlinking step and go directly to
QH_STATE_IDLE fixes the problem.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: Joe Lawrence <joe.lawrence@stratus.com>
Tested-by: Joe Lawrence <joe.lawrence@stratus.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
projects / unionfs-3.12.y.git / log