Mirza Krak [Fri, 8 Aug 2014 12:30:50 +0000 (14:30 +0200)]
can: sja1000: Validate initialization state in start method
When sja1000 is not compiled as module the SJA1000 chip is only
initialized during device registration on kernel boot. Should the chip
get a hardware reset there is no way to reinitialize it without re-
booting the Linux kernel.
This patch adds a check in sja1000_start if the chip is initialized, if
not we initialize it.
Linus Torvalds [Wed, 20 Aug 2014 23:33:21 +0000 (18:33 -0500)]
Merge branch 'for-linus' of git://git.samba.org/sfrench/cifs-2.6
Pull cifs fixes from Steve French:
"Most important fixes in this set include three SMB3 fixes for stable
(including fix for possible kernel oops), and a workaround to allow
writes to Mac servers (only cifs dialect, not more current SMB2.1,
worked to Mac servers). Also fallocate support added, and lease fix
from Jeff"
* 'for-linus' of git://git.samba.org/sfrench/cifs-2.6:
[SMB3] Enable fallocate -z support for SMB3 mounts
enable fallocate punch hole ("fallocate -p") for SMB3
Incorrect error returned on setting file compressed on SMB2
CIFS: Fix wrong directory attributes after rename
CIFS: Fix SMB2 readdir error handling
[CIFS] Possible null ptr deref in SMB2_tcon
[CIFS] Workaround MacOS server problem with SMB2.1 write response
cifs: handle lease F_UNLCK requests properly
Cleanup sparse file support by creating worker function for it
Add sparse file support to SMB2/SMB3 mounts
Add missing definitions for CIFS File System Attributes
cifs: remove unused function cifs_oplock_break_wait
Linus Torvalds [Wed, 20 Aug 2014 23:32:16 +0000 (18:32 -0500)]
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
Pull filesystem fixes from Jan Kara:
"udf, isofs, and ext3 bug fixes"
* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
ext3: Count internal journal as bsddf overhead in ext3_statfs
isofs: Fix unbounded recursion when processing relocated directories
udf: avoid unneeded up_write when fail to add entry in ->symlink
Linus Torvalds [Wed, 20 Aug 2014 23:22:10 +0000 (18:22 -0500)]
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull KVM fixes from Paolo Bonzini:
"Reverting a 3.16 patch, fixing two bugs in device assignment (one has
a CVE), and fixing some problems introduced during the merge window
(the CMA bug came in via Andrew, the x86 ones via yours truly)"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
virt/kvm/assigned-dev.c: Set 'dev->irq_source_id' to '-1' after free it
Revert "KVM: x86: Increase the number of fixed MTRR regs to 10"
KVM: x86: do not check CS.DPL against RPL during task switch
KVM: x86: Avoid emulating instructions on #UD mistakenly
PC, KVM, CMA: Fix regression caused by wrong get_order() use
kvm: iommu: fix the third parameter of kvm_iommu_put_pages (CVE-2014-3601)
Linus Torvalds [Wed, 20 Aug 2014 23:20:50 +0000 (18:20 -0500)]
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"These are the two bug fixes I mentioned in the final merge window
pull. One is a reversed logic check in the device busy tests which
can cause a nasty hang and another crash seen in the new SCSI pool
support if the use count ever goes to zero"
[ The device busy test already got merged from a patch earlier, so is
now duplicated. ]
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
[SCSI] save command pool address of Scsi_Host
[SCSI] fix qemu boot hang problem
Pawel Moll [Fri, 13 Jun 2014 15:03:32 +0000 (16:03 +0100)]
perf: Handle compat ioctl
When running a 32-bit userspace on a 64-bit kernel (eg. i386
application on x86_64 kernel or 32-bit arm userspace on arm64
kernel) some of the perf ioctls must be treated with special
care, as they have a pointer size encoded in the command.
For example, PERF_EVENT_IOC_ID in 32-bit world will be encoded
as 0x80042407, but 64-bit kernel will expect 0x80082407. In
result the ioctl will fail returning -ENOTTY.
This patch solves the problem by adding code fixing up the
size as compat_ioctl file operation.
Daniel Drake [Wed, 16 Jul 2014 08:50:06 +0000 (09:50 +0100)]
ARM: dts: ODROID i2c improvements
Increase max i2c bus frequency beyond the default for faster
data transfers. According to the manual, these faster speeds are
only available when the board is wired up the right way. In this case,
the vendor kernel has run at this speed for a long time.
sda-delay is needed for talking to RTC on PMIC, otherwise the i2c
controller never sees an ACK. Strangely the other PMIC i2c slave (the
main one) works fine even without this delay. I Chose value 100 to
match the vendor kernel.
Will Deacon [Tue, 19 Aug 2014 21:05:45 +0000 (22:05 +0100)]
Revert "arm64: Do not invoke audit_syscall_* functions if !CONFIG_AUDIT_SYSCALL"
For some reason, the audit patches didn't make it out of -next this
merge window, so revert our temporary hack and let the audit guys deal
with fixing up -next.
Olof Johansson [Tue, 19 Aug 2014 20:24:37 +0000 (13:24 -0700)]
Merge tag 'imx-fixes-3.17' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into fixes
Merge "ARM: imx: fixes for 3.17" from Shawn Guo:
The i.MX fixes for 3.17:
- A correction on imx6dl gpu axi clock setting
- Fix a compilation error which comes after ARMv6K SMP build is allowed
- Fix a typo with pinctrl_esdhc1 in vf610-twr dts
- Correct i.MX6SX pad setting for UART in dts
- Fix i.MX53 VPU clock settings in dts
- Fix a suspend/resume failure seen on Cubox-i board, which is caused
by TLB missing of IOMUXC base address during suspend
- ARCH_HAS_OPP has been removed by commit 78c5e0bb145d (PM / OPP:
Remove ARCH_HAS_OPP), so we need to kill it for IMX
- A small fix on enet reset pin of edmqmx6 board
* tag 'imx-fixes-3.17' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux:
ARM: dts: imx6sx: fix the pad setting for uart CTS_B
ARM: dts: i.MX53: fix apparent bug in VPU clks
ARM: imx: correct gpu2d_axi and gpu3d_axi clock setting
ARM: dts: imx6: edmqmx6: change enet reset pin
ARM: dts: vf610-twr: Fix pinctrl_esdhc1 pin definitions.
ARM: imx: remove unnecessary ARCH_HAS_OPP select
ARM: imx: fix TLB missing of IOMUXC base address during suspend
ARM: imx6: fix SMP compilation again
arm64: ignore DT memreserve entries when booting in UEFI mode
UEFI provides its own method for marking regions to reserve, via the
memory map which is also used to initialise memblock. So when using the
UEFI memory map, ignore any memreserve entries present in the DT.
Mark Brown [Thu, 14 Aug 2014 19:57:16 +0000 (20:57 +0100)]
arm64: configs: Enable X-Gene SATA and ethernet in defconfig
Currently when run on an APM platform the ARMv8 defconfig has no viable
options for rootfs other than ramdisk which is rather limiting. Since
we already have both SATA and the bits needed for NFS root enabled we just
need to enable the relevant drivers so do that, helping enable direct
testing of upstream.
If the configuration ends up becoming too big we can consider modularising
some of the drivers and asking people to use an initramfs but for now this
is not an issue.
Ard Biesheuvel [Wed, 13 Aug 2014 17:53:03 +0000 (18:53 +0100)]
arm64: align randomized TEXT_OFFSET on 4 kB boundary
When booting via UEFI, the kernel Image is loaded at a 4 kB boundary and
the embedded EFI stub is executed in place. The EFI stub relocates the
Image to reside TEXT_OFFSET bytes above a 2 MB boundary, and jumps into
the kernel proper.
In AArch64, PC relative symbol references are emitted using adrp/add or
adrp/ldr pairs, where the offset into a 4 kB page is resolved using a
separate :lo12: relocation. This implicitly assumes that the code will
always be executed at the same relative offset with respect to a 4 kB
boundary, or the references will point to the wrong address.
This means we should link the kernel at a 4 kB aligned base address in
order to remain compatible with the base address the UEFI loader uses
when doing the initial load of Image. So update the code that generates
TEXT_OFFSET to choose a multiple of 4 kB.
At the same time, update the code so it chooses from the interval [0..2MB)
as the author originally intended.
v2: patch description changes Fixes: f0f6ee1f70c4 ("cbq: incorrect processing of high limits")
Mainstream commit f0f6ee1f70c4 ("cbq: incorrect processing of high limits")
have side effect: if cbq bandwidth setting is less than real interface
throughput non-limited traffic can delay limited traffic for a very long time.
This happen because of q->now changes incorrectly in cbq_dequeue():
in described scenario L2T is much greater than real time delay,
and q->now gets an extra boost for each transmitted packet.
Accumulated boost prevents update q->now, and blocked class can wait
very long time until (q->now >= cl->undertime) will be true again.
More detailed problem description can be found here:
http://www.spinics.net/lists/netdev/msg292493.html
Following patches should fix the problem.
====================
Mainstream commit f0f6ee1f70c4 ("cbq: incorrect processing of high limits")
have side effect: if cbq bandwidth setting is less than real interface
throughput non-limited traffic can delay limited traffic for a very long time.
This happen because of q->now changes incorrectly in cbq_dequeue():
in described scenario L2T is much greater than real time delay,
and q->now gets an extra boost for each transmitted packet.
Accumulated boost prevents update q->now, and blocked class can wait
very long time until (q->now >= cl->undertime) will be true again.
To fix the problem the patch updates q->now on each cbq_update() call.
L2T-related pre-modification q->now was moved to cbq_update().
My testing confirmed that it fixes the problem and did not discover
any side-effects
Fixes: f0f6ee1f70c4 ("cbq: incorrect processing of high limits") Signed-off-by: Vasily Averin <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Guenter Roeck [Sun, 10 Aug 2014 12:54:25 +0000 (05:54 -0700)]
scsi: Fix qemu boot hang problem
The latest kernel fails to boot qemu arm images when using scsi
for disk access. Boot gets stuck after the following messages.
brd: module loaded
sym53c8xx 0000:00:0c.0: enabling device (0100 -> 0103)
sym0: <895a> rev 0x0 at pci 0000:00:0c.0 irq 93
sym0: No NVRAM, ID 7, Fast-40, LVD, parity checking
sym0: SCSI BUS has been reset.
scsi host0: sym-2.2.3
Bisect points to commit 71e75c97f97a ("scsi: convert device_busy to
atomic_t"). Code inspection shows the following suspicious change
in scsi_request_fn.
out_delay:
- if (sdev->device_busy == 0 && !scsi_device_blocked(sdev))
+ if (atomic_read(&sdev->device_busy) && !scsi_device_blocked(sdev))
blk_delay_queue(q, SCSI_QUEUE_DELAY);
}
'sdev->device_busy == 0' was replaced with 'atomic_read(&sdev->device_busy)',
meaning the logic was reversed. Changing this expression to
'!atomic_read(&sdev->device_busy)' fixes the problem.
Jan Kara [Sun, 17 Aug 2014 09:49:57 +0000 (11:49 +0200)]
isofs: Fix unbounded recursion when processing relocated directories
We did not check relocated directory in any way when processing Rock
Ridge 'CL' tag. Thus a corrupted isofs image can possibly have a CL
entry pointing to another CL entry leading to possibly unbounded
recursion in kernel code and thus stack overflow or deadlocks (if there
is a loop created from CL entries).
Fix the problem by not allowing CL entry to point to a directory entry
with CL entry (such use makes no good sense anyway) and by checking
whether CL entry doesn't point to itself.
Aaro Koskinen [Tue, 22 Jul 2014 11:51:08 +0000 (14:51 +0300)]
MIPS: OCTEON: make get_system_type() thread-safe
get_system_type() is not thread-safe on OCTEON. It uses static data,
also more dangerous issue is that it's calling cvmx_fuse_read_byte()
every time without any synchronization. Currently it's possible to get
processes stuck looping forever in kernel simply by launching multiple
readers of /proc/cpuinfo:
(while true; do cat /proc/cpuinfo > /dev/null; done) &
(while true; do cat /proc/cpuinfo > /dev/null; done) &
...
Fix by initializing the system type string only once during the early
boot.
MIPS: CPS: Initialize EVA before bringing up VPEs from secondary cores
The CPS code is doing several memory loads when configuring the VPEs
from secondary cores, so the segmentation control registers must be
initialized in time otherwise the kernel will crash with strange
TLB exceptions.
MIPS: Malta: EVA: Rename 'eva_entry' to 'platform_eva_init'
Rename 'eva_entry' to 'platform_eva_init' as required by the new
'eva_init' macro in the eva.h header. Since this macro is now used
in a platform dependent way, it must not depend on its caller so move
the t1 register initialization inside this macro. Also set the .reorder
assembler option in case the caller may have previously set .noreorder.
This may allow a few assembler optimizations. Finally include missing
headers and document the register usage for this macro.
Generic code may need to perform certain operations when EVA is
enabled, for example, configure the segmentation registers during
boot. In order to avoid using more CONFIG_EVA ifdefs in the arch code,
such functions will be added in this header instead.
Initially this header contains a macro which will be used by generic
code later on during VPEs configuration on secondary cores.
All it does is to call the platform specific EVA init code in case
EVA is enabled.
Commit 4c21b8fd8f14 (MIPS: seccomp: Handle indirect system calls (o32))
added indirect syscall detection for O32 processes running on MIPS64
but it did not work as expected. The reason is the the scall64-o32
implementation differs compared to scall32-o32. In the former, the v0
(syscall number) register contains the absolute syscall number
(4000 + X) whereas in the latter it contains the relative syscall
number (X). Fix the code to avoid doing an extra addition, and load
the v0 register directly to the first argument for syscall_trace_enter.
Moreover, set the .reorder assembler option in order to have better
control on this part of the assembly code.
MIPS: syscall: Fix AUDIT value for O32 processes on MIPS64
On MIPS64, O32 processes set both TIF_32BIT_ADDR and
TIF_32BIT_REGS so the previous condition treated O32 applications
as N32 when evaluating seccomp filters. Fix the condition to check
both TIF_32BIT_{REGS, ADDR} for the N32 AUDIT flag.
Huacai Chen [Mon, 11 Aug 2014 09:10:38 +0000 (17:10 +0800)]
MIPS: Loongson: Fix COP2 usage for preemptible kernel
In preemptible kernel, only TIF_USEDFPU flag is reliable to distinguish
whether _init_fpu()/_restore_fp() is needed. Because the value of the
CP0_Status.CU1 isn't changed during preemption.
Guenter Roeck [Sat, 9 Aug 2014 17:54:03 +0000 (10:54 -0700)]
MIPS: NL: Fix nlm_xlp_defconfig build error
The nlm_xlp_defconfig build fails with
./arch/mips/include/asm/mach-netlogic/topology.h:15:0:
error: "topology_core_id" redefined [-Werror]
In file included from include/linux/smp.h:59:0,
[ ...]
from arch/mips/mm/dma-default.c:12:
./arch/mips/include/asm/smp.h:41:0:
note: this is the location of the previous definition
and similar errors.
This is caused by commit bda4584cd943d7 ("MIPS: Support CPU topology files
in sysfs") which adds the defines to arch/mips/include/asm/smp.h.
Remove the defines from arch/mips/include/asm/mach-netlogic/topology.h
as no longer necessary.
Christian König [Mon, 18 Aug 2014 14:30:12 +0000 (16:30 +0200)]
drm/radeon: Sync ME and PFP after CP semaphore waits v4
Fixes lockups due to CP read GPUVM faults when running piglit on Cape
Verde.
v2 (chk): apply the fix to R600+ as well, on CIK only the GFX CP has
a PFP, add more comments to R600 code, enable flushing again
v3: (agd5f): only apply to 7xx+. r6xx does not have the packet.
v4: (agd5f): split flush change into a separate patch, fix formatting
Alex Deucher [Mon, 18 Aug 2014 15:57:28 +0000 (11:57 -0400)]
drm/radeon: fix pm handling in radeon_gpu_reset
pm_suspend is handled in the radeon_suspend callbacks.
pm_resume has special handling depending on whether
dpm or legacy pm is enabled. Change radeon_gpu_reset
to mirror the behavior in the suspend and resume
pathes.
Lan Tianyu [Fri, 15 Aug 2014 05:38:59 +0000 (13:38 +0800)]
i2c: rework kernel config I2C_ACPI
Commit da3c6647(I2C/ACPI: Clean up I2C ACPI code and Add CONFIG_I2C_ACPI
config) adds a new kernel config I2C_ACPI and make I2C core built in
when the config is selected. This is wrong because distributions
etc generally compile I2C as a module and the commit broken that.
This patch is to rename I2C_ACPI to ACPI_I2C_OPREGION. New config
only controls ACPI I2C operation region code and depends on I2C=y.
Linus Torvalds [Tue, 19 Aug 2014 14:47:01 +0000 (09:47 -0500)]
Merge tag 'md/3.17-fixes' of git://neil.brown.name/md
Pull md bugfixes from Neil Brown:
"Here are the bug-fixes I promised :-)
Funny how you start looking for one and other start appearing.
- raid6 data corruption during recovery
- raid6 livelock
- raid10 memory leaks"
* tag 'md/3.17-fixes' of git://neil.brown.name/md:
md/raid10: always initialise ->state on newly allocated r10_bio
md/raid10: avoid memory leak on error path during reshape.
md/raid10: Fix memory leak when raid10 reshape completes.
md/raid10: fix memory leak when reshaping a RAID10.
md/raid6: avoid data corruption during recovery of double-degraded RAID6
md/raid5: avoid livelock caused by non-aligned writes.
NVIDIA Tegra
- Add debugfs support (Thierry Reding)
Synopsys DesignWare
- Look for configuration space in 'reg', not 'ranges' (Kishon Vijay Abraham I)
- Program ATU with untranslated address (Kishon Vijay Abraham I)
- Add config access-related pcie_host_ops for v3.65 hardware (Murali Karicheri)
- Add MSI-related pcie_host_ops for v3.65 hardware (Murali Karicheri)
TI DRA7xx
- Add TI DR7xx PCIe driver (Kishon Vijay Abraham I)"
* tag 'pci-v3.17-changes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
PCI: designware: Add MSI-related pcie_host_ops for v3.65 hardware
PCI: designware: Add config access-related pcie_host_ops for v3.65 hardware
PCI: dra7xx: Add TI DRA7xx PCIe driver
PCI: designware: Program ATU with untranslated address
PCI: designware: Look for configuration space in 'reg', not 'ranges'
PCI: tegra: Add debugfs support
PCI: mvebu: Remove ARCH_KIRKWOOD dependency
Linus Torvalds [Tue, 19 Aug 2014 14:43:48 +0000 (09:43 -0500)]
Merge tag 'devicetree-for-linus' of git://git.secretlab.ca/git/linux
Pull devicetree fixes from Grant Likely:
"Three more commits needed for v3.17: A bug fix for reserved regions
based at address zero, a clarification on how to interpret existence
of both interrupts and interrupts-extended properties, and a fix to
allow device tree testcases to run on any platform"
* tag 'devicetree-for-linus' of git://git.secretlab.ca/git/linux:
of/irq: Fix lookup to use 'interrupts-extended' property first
Enabling OF selftest to run without machine's devicetree
of: Allow mem_reserve of memory with a base address of zero
Chen Gang [Fri, 8 Aug 2014 15:37:59 +0000 (23:37 +0800)]
virt/kvm/assigned-dev.c: Set 'dev->irq_source_id' to '-1' after free it
As a generic function, deassign_guest_irq() assumes it can be called
even if assign_guest_irq() is not be called successfully (which can be
triggered by ioctl from user mode, indirectly).
So for assign_guest_irq() failure process, need set 'dev->irq_source_id'
to -1 after free 'dev->irq_source_id', or deassign_guest_irq() may free
it again.
SeaBIOS has a limit on the number of MTRRs that it can handle,
and this patch exceeded the limit. Better revert it.
Thanks to Nadav Amit for debugging the cause.
Paolo Bonzini [Mon, 18 Aug 2014 11:15:51 +0000 (13:15 +0200)]
KVM: x86: do not check CS.DPL against RPL during task switch
This reverts the check added by commit 5045b468037d (KVM: x86: check CS.DPL
against RPL during task switch, 2014-05-15). Although the CS.DPL=CS.RPL
check is mentioned in table 7-1 of the SDM as causing a #TSS exception,
it is not mentioned in table 6-6 that lists "invalid TSS conditions"
which cause #TSS exceptions. In fact it causes some tests to fail, which
pass on bare-metal.
Keep the rest of the commit, since we will find new uses for it in 3.18.
Nadav Amit [Wed, 13 Aug 2014 13:50:13 +0000 (16:50 +0300)]
KVM: x86: Avoid emulating instructions on #UD mistakenly
Commit d40a6898e5 mistakenly caused instructions which are not marked as
EmulateOnUD to be emulated upon #UD exception. The commit caused the check of
whether the instruction flags include EmulateOnUD to never be evaluated. As a
result instructions whose emulation is broken may be emulated. This fix moves
the evaluation of EmulateOnUD so it would be evaluated.
Signed-off-by: Nadav Amit <[email protected]>
[Tweak operand order in &&, remove EmulateOnUD where it's now superfluous.
- Paolo] Signed-off-by: Paolo Bonzini <[email protected]>
PC, KVM, CMA: Fix regression caused by wrong get_order() use
fc95ca7284bc54953165cba76c3228bd2cdb9591 claims that there is no
functional change but this is not true as it calls get_order() (which
takes bytes) where it should have called order_base_2() and the kernel
stops on VM_BUG_ON().
This replaces get_order() with order_base_2() (round-up version of ilog2).
kvm: iommu: fix the third parameter of kvm_iommu_put_pages (CVE-2014-3601)
The third parameter of kvm_iommu_put_pages is wrong,
It should be 'gfn - slot->base_gfn'.
By making gfn very large, malicious guest or userspace can cause kvm to
go to this error path, and subsequently to pass a huge value as size.
Alternatively if gfn is small, then pages would be pinned but never
unpinned, causing host memory leak and local DOS.
Passing a reasonable but large value could be the most dangerous case,
because it would unpin a page that should have stayed pinned, and thus
allow the device to DMA into arbitrary memory. However, this cannot
happen because of the condition that can trigger the error:
- out of memory (where you can't allocate even a single page)
should not be possible for the attacker to trigger
- when exceeding the iommu's address space, guest pages after gfn
will also exceed the iommu's address space, and inside
kvm_iommu_put_pages() the iommu_iova_to_phys() will fail. The
page thus would not be unpinned at all.
Fugang Duan [Mon, 18 Aug 2014 08:11:24 +0000 (16:11 +0800)]
ARM: dts: imx6sx: fix the pad setting for uart CTS_B
The current pinfunc define all uart CTS_B IO port for DCE uart 'CTS_B'
IP port. Since uart IP port 'CTS_B' is output, and it don't need to
set 'SELECT_INPUT' bit.
Lars Persson [Fri, 8 Aug 2014 13:47:48 +0000 (15:47 +0200)]
MIPS: Remove race window in page fault handling
Multicore MIPSes without I/D hardware coherency suffered from a race
condition in the page fault handler. The page table entry was
published before any pending lazy D-cache flush was committed, hence
it allowed execution of stale page cache data by other VPEs in the
system.
To make the cache handling safe we need to perform flushing already in
the set_pte_at function. MIPSes without coherent I-caches can get a
small increase in flushes due to the unavailability of the execute
flag in set_pte_at.
[[email protected]: outlining set_pte_at() saves a good k in a test
build, so I moved its definition from pgtable.h to cache.c.]
Markos Chandras [Mon, 18 Aug 2014 14:04:11 +0000 (15:04 +0100)]
MIPS: Malta: Improve system memory detection for '{e, }memsize' >= 2G
Using kstrtol to parse the "{e,}memsize" variables was wrong because this
parses signed long numbers. In case of '{e,}memsize' >= 2G, the top bit
is set, resulting to -ERANGE errors and possibly random system memory
boundaries. We fix this by replacing "kstrtol" with "kstrtoul".
We also improve the code to check the kstrtoul return value and
print a warning if an error was returned.
Hauke Mehrtens [Mon, 18 Aug 2014 20:01:16 +0000 (22:01 +0200)]
MIPS: BCM47XX: Fix reboot problem on BCM4705/BCM4785
This adds some code based on code from the Broadcom GPL tar to fix the
reboot problems on BCM4705/BCM4785. I tried rebooting my device for ~10
times and have never seen a problem. This reverts the changes in the
previous commit and adds the real fix as suggested by Rafał.
Setting bit 22 in Reg 22, sel 4 puts the BIU (Bus Interface Unit) into
async mode.
Libin Yang [Tue, 19 Aug 2014 08:20:12 +0000 (16:20 +0800)]
ALSA: hda/hdmi - apply Valleyview fix-ups to Cherryview display codec
Valleyview and Cherryview have the same behavior on display audio. So this patch
defines is_valleyview_plus() to include codecs for both Valleyview and its successor
Cherryview, and apply Valleyview fix-ups to Cherryview.
NeilBrown [Mon, 18 Aug 2014 04:38:45 +0000 (14:38 +1000)]
md/raid10: always initialise ->state on newly allocated r10_bio
Most places which allocate an r10_bio zero the ->state, some don't.
As the r10_bio comes from a mempool, and the allocation function uses
kzalloc it is often zero anyway. But sometimes it isn't and it is
best to be safe.
I only noticed this because of the bug fixed by an earlier patch
where the r10_bios allocated for a reshape were left around to
be used by a subsequent resync. In that case the R10BIO_IsReshape
flag caused problems.
NeilBrown [Mon, 18 Aug 2014 03:59:50 +0000 (13:59 +1000)]
md/raid10: Fix memory leak when raid10 reshape completes.
When a raid10 commences a resync/recovery/reshape it allocates
some buffer space.
When a resync/recovery completes the buffer space is freed. But not
when the reshape completes.
This can result in a small memory leak.
There is a subtle side-effect of this bug. When a RAID10 is reshaped
to a larger array (more devices), the reshape is immediately followed
by a "resync" of the new space. This "resync" will use the buffer
space which was allocated for "reshape". This can cause problems
including a "BUG" in the SCSI layer. So this is suitable for -stable.
NeilBrown [Mon, 18 Aug 2014 03:56:38 +0000 (13:56 +1000)]
md/raid10: fix memory leak when reshaping a RAID10.
raid10 reshape clears unwanted bits from a bio->bi_flags using
a method which, while clumsy, worked until 3.10 when BIO_OWNS_VEC
was added.
Since then it clears that bit but shouldn't. This results in a
memory leak.
So change to used the approved method of clearing unwanted bits.
As this causes a memory leak which can consume all of memory
the fix is suitable for -stable.
Hui Wang [Tue, 19 Aug 2014 04:07:03 +0000 (12:07 +0800)]
ALSA: hda - restore the gpio led after resume
On some HP laptops, the mute led is controlled by codec gpio.
When some machine resume from s3/s4, the codec gpio data will be
cleared to 0 by BIOS:
Before suspend:
IO[3]: enable=1, dir=1, wake=0, sticky=0, data=1, unsol=0
After resume:
IO[3]: enable=1, dir=1, wake=0, sticky=0, data=0, unsol=0
To skip the AFG node to enter D3 can't fix this problem.
A workaround is to restore the gpio data when the system resume
back from s3/s4. It is safe even on the machines without this
problem.
Tejun Heo [Mon, 18 Aug 2014 21:40:09 +0000 (17:40 -0400)]
libata: widen Crucial M550 blacklist matching
Crucial M550 may cause data corruption on queued trims and is
blacklisted. The pattern used for it fails to match 1TB one as the
capacity section will be four chars instead of three. Widen the
pattern.
[[email protected]: I don't see why based on this register dump the
handler should be marked IRQF_NO_THREAD - but the handler is manipulating
per-CPU resources so we don't want it to be rescheduled to another CPU.]
Imre Deak [Mon, 18 Aug 2014 11:42:46 +0000 (14:42 +0300)]
drm/i915: don't try to retrain a DP link on an inactive CRTC
Atm we may retrain the DP link even if the CRTC is inactive through
HPD work->intel_dp_check_link_status(). This in turn can lock up the PHY
(at least on BYT), since the DP port is disabled.
Imre Deak [Mon, 18 Aug 2014 11:42:45 +0000 (14:42 +0300)]
drm/i915: make sure VDD is turned off during system suspend
Atm we may leave eDP VDD enabled during system suspend after the CRTCs
are disabled through an HPD->DPCD read event. So disable VDD during
suspend at a point when no HPDs can occur.
Note that runtime suspend doesn't have the same problem, since there the
RPM ref held by VDD provides already the needed serialization.
v2:
- add note to commit message about the runtime suspend path (Ville)
- use edp_panel_vdd_off_sync(), so we can keep the WARN in
edp_panel_vdd_off() (Ville)
v3:
- rebased on -fixes (for_each_intel_encoder()->list_for_each_entry())
(Imre)
Imre Deak [Mon, 18 Aug 2014 11:42:44 +0000 (14:42 +0300)]
drm/i915: cancel hotplug and dig_port work during suspend and unload
Make sure these work handlers don't run after we system suspend or
unload the driver. Note that we don't cancel the handlers during runtime
suspend. That could lead to a lockup, since we take a runtime PM ref
from the handlers themselves. Fortunaltely canceling there is not needed
since the RPM ref itself provides for the needed serialization.
v2:
- fix the order of canceling dig_port_work wrt. hotplug_work (Ville)
- zero out {long,short}_hpd_port_mask and hpd_event_bits for speed
(Ville)
Imre Deak [Mon, 18 Aug 2014 12:37:02 +0000 (15:37 +0300)]
drm/i915: fix HPD IRQ reenable work cancelation
Atm, the HPD IRQ reenable timer can get rearmed right after it's
canceled. Also to access the HPD IRQ mask registers we need to wake up
the HW.
Solve both issues by converting the reenable timer to a delayed work and
grabbing a runtime PM reference in the work. By this we can also forgo
canceling the timer during runtime suspend, since the only important
thing there is that the HW is awake when we write the registers and
that's ensured by the RPM ref. So do the cancelation only during driver
unload time; this is also a requirement for an upcoming patch where we
want to cancel all HPD related works only during system suspend and
driver unload time, but not during runtime suspend.
Note that there is still a race between the HPD IRQ reenable work and
drm_irq_uninstall() during driver unload, where the work can reenable
the HPD IRQs disabled by drm_irq_uninstall(). This isn't a problem since
the HPD IRQs will still be effectively masked by the first level
interrupt mask.
v2-3:
- unchanged
v4:
- use proper API for changing the expiration time for an already pending
delayed work (Jani)
Imre Deak [Mon, 18 Aug 2014 11:42:42 +0000 (14:42 +0300)]
drm/i915: take display port power domain in DP HPD handler
Ville noticed that we can call ibx_digital_port_connected() which accesses
the HW without holding any power well/runtime pm reference. Fix this by
holding a display port power domain reference around the whole hpd_pulse
handler.
Dave Airlie [Mon, 18 Aug 2014 13:07:45 +0000 (23:07 +1000)]
Merge branch 'drm-fixes-3.17' of git://people.freedesktop.org/~agd5f/linux
radeon fixes for 3.17, kind of all over the place (dpm, GPUVM, etc.)
* 'drm-fixes-3.17' of git://people.freedesktop.org/~agd5f/linux:
drm/radeon: Remove duplicate include from Makefile
drm/radeon/dpm: select the appropriate vce power state for KV/KB/ML
drm/radeon: Add ability to get and change dpm state when radeon PX card is turned off
drm/radeon: Add missing lines to ci_set_thermal_temperature_range
drm/radeon: Always flush VM again on < CIK
drm/radeon: add a check for allocation failure (v2)
drm/radeon: use pfp for all vm_flush related updates
drm/radeon: add bapm module parameter
Joerg Roedel [Tue, 5 Aug 2014 15:50:15 +0000 (17:50 +0200)]
iommu/amd: Fix cleanup_domain for mass device removal
When multiple devices are detached in __detach_device, they
are also removed from the domains dev_list. This makes it
unsafe to use list_for_each_entry_safe, as the next pointer
might also not be in the list anymore after __detach_device
returns. So just repeatedly remove the first element of the
list until it is empty.
Joerg Roedel [Tue, 5 Aug 2014 10:55:45 +0000 (12:55 +0200)]
iommu/vt-d: Defer domain removal if device is assigned to a driver
When the BUS_NOTIFY_DEL_DEVICE event is received the device
might still be attached to a driver. In this case the domain
can't be released as the mappings might still be in use.
Defer the domain removal in this case until we receivce the
BUS_NOTIFY_UNBOUND_DRIVER event.
pwm: Fix period and polarity in pwm_get() for non-perfect matches
If pwm_get() finds a look-up entry with a perfect match (both dev_id and
con_id match), the loop is aborted, and "p" still points to the correct
struct pwm_lookup.
If only an entry with a matching dev_id or con_id is found, the loop
terminates after traversing the whole list, and "p" now points to
arbitrary memory, not part of the pwm_lookup list.
Then pwm_set_period() and pwm_set_polarity() will set random values for
period resp. polarity.
To fix this, save period and polarity when finding a new best match,
just like is done for chip (for the provider) and index.
This fixes the LCD backlight on r8a7740/armadillo-legacy, which was fed
period 0 and polarity -1068821144 instead of 33333 resp. 1.
Ville Syrjälä [Tue, 12 Aug 2014 16:39:52 +0000 (19:39 +0300)]
drm/i915: Don't try to enable cursor from setplane when crtc is disabled
Make sure the cursor gets fully clipped when enabling it on a disabled
crtc via setplane. This will prevent the lower level code from
attempting to enable the cursor in hardware.
Ville Syrjälä [Mon, 11 Aug 2014 10:15:36 +0000 (13:15 +0300)]
drm/i915: Skip load detect when intel_crtc->new_enable==true
During suspend we turn off the crtcs, but leave the staged config in
place so that we can restore the display(s) to their previous state on
resume.
During resume when we attempt to apply the force pipe A quirk we use the
load detect mechanism. That doesn't check whether there was an already
staged configuration for the crtc since that's not even possible during
normal runtime load detection. But during resume it is possible, and if
we just blindly go and overwrite the staged crtc configuration for the
load detection we can no longer restore the display to the correct
state.
Even worse, we don't even clear all the staged connector->encoder->crtc
links so we may end up using a cloned setup for the load detection, and
after we're done we just clear the links related to the VGA output
leaving the links for the other outputs in place. This will eventually
result in calling intel_set_mode() with mode==NULL but with valid
connector->encoder->crtc links which will result in dereferencing the
NULL mode since the code thinks it will have to a modeset.
To avoid these problems don't use any crtc with new_enabled==true for
load detection.
Ville Syrjälä [Mon, 11 Aug 2014 10:15:35 +0000 (13:15 +0300)]
drm/i915: Fix locking for intel_enable_pipe_a()
intel_enable_pipe_a() gets called with all the modeset locks already
held (by drm_modeset_lock_all()), so trying to grab the same
locks using another drm_modeset_acquire_ctx is going to fail miserably.
Move most of the drm_modeset_acquire_ctx handling (init/drop/fini)
out from intel_{get,release}_load_detect_pipe() into the callers
(intel_{crt,tv}_detect()). Only the actual locking and backoff
handling is left in intel_get_load_detect_pipe(). And in
intel_enable_pipe_a() we just share the mode_config.acquire_ctx from
drm_modeset_lock_all() which is already holding all the relevant locks.
It's perfectly legal to lock the same ww_mutex multiple times using the
same ww_acquire_ctx. drm_modeset_lock() will convert the returned
-EALREADY into 0, so the caller doesn't need to do antyhing special.
Anson Huang [Tue, 12 Aug 2014 09:26:03 +0000 (17:26 +0800)]
ARM: imx: correct gpu2d_axi and gpu3d_axi clock setting
On i.MX6Q, gpu2d_axi and gpu3d_axi are either from AXI or
AHB clock, but on i.MX6DL, gpu2d_axi and gpu3d_axi are
from mmdc_ch0_axi_podf, and they can NOT be gated by mmdc_ch0_axi
's clock gate, the mux option register field(CCM_CBCMR)
is marked as "Reserved" now on i.MX6DL RM, so correct these
two clks setting.
NeilBrown [Tue, 12 Aug 2014 23:57:07 +0000 (09:57 +1000)]
md/raid6: avoid data corruption during recovery of double-degraded RAID6
During recovery of a double-degraded RAID6 it is possible for
some blocks not to be recovered properly, leading to corruption.
If a write happens to one block in a stripe that would be written to a
missing device, and at the same time that stripe is recovering data
to the other missing device, then that recovered data may not be written.
This patch skips, in the double-degraded case, an optimisation that is
only safe for single-degraded arrays.
Bug was introduced in 2.6.32 and fix is suitable for any kernel since
then. In an older kernel with separate handle_stripe5() and
handle_stripe6() functions the patch must change handle_stripe6().
NeilBrown [Tue, 12 Aug 2014 23:48:45 +0000 (09:48 +1000)]
md/raid5: avoid livelock caused by non-aligned writes.
If a stripe in a raid6 array received a write to each data block while
the array is degraded, and if any of these writes to a missing device
are not page-aligned, then a live-lock happens.
In this case the P and Q blocks need to be read so that the part of
the missing block which is *not* being updated by the write can be
constructed. Due to a logic error, these blocks are not loaded, so
the update cannot proceed and the stripe is 'handled' repeatedly in an
infinite loop.
This bug is unlikely as most writes are page aligned. However as it
can lead to a livelock it is suitable for -stable. It was introduced
in 3.16.
Previous version had an extra 'fsl' which made the pins not match
any entry. The console message,
vf610-pinctrl 40048000.iomuxc: no fsl,pins property in node \
/soc/aips-bus@40000000/iomuxc@40048000/vf610-twr/esdhc1grp
is displayed without the fix. The prior version would generally
work as u-boot sets the pins properly for sdhc. This change allows
Linux sdhc use even if u-boot is built without sdhc support.
projects / linux.git / log