Jann Horn [Sat, 26 Dec 2015 05:00:48 +0000 (06:00 +0100)]
seccomp: always propagate NO_NEW_PRIVS on tsync
Before this patch, a process with some permissive seccomp filter
that was applied by root without NO_NEW_PRIVS was able to add
more filters to itself without setting NO_NEW_PRIVS by setting
the new filter from a throwaway thread with NO_NEW_PRIVS.
debugobjects: Allow bigger number of early boot objects
On my bigger s390 systems I always get "Out of memory.
ODEBUG disabled". Since the number of objects is needed at
compile time, we can not change the size dynamically before
the caches etc are available. Doubling the size seems to
do the trick. Since it is init data it will be freed anyway,
this should be ok.
Milo Kim [Wed, 13 Jan 2016 07:19:50 +0000 (16:19 +0900)]
irqchip/atmel-aic: Fix wrong bit operation for IRQ priority
Atmel AIC has common structure for SMR (Source Mode Register).
bit[6:5] Interrupt source type
bit[2:0] Priority level
Other bits are unused.
To update new priority value, bit[2:0] should be cleared first and then
new priority level can be written. However, aic_common_set_priority()
helper clears source type bits instead of priority bits.
This patch fixes wrong mask bit operation.
Wanpeng Li [Wed, 27 Jan 2016 11:26:07 +0000 (19:26 +0800)]
tick/nohz: Set the correct expiry when switching to nohz/lowres mode
commit 0ff53d096422 sets the next tick interrupt to the last jiffies update,
i.e. in the past, because the forward operation is invoked before the set
operation. There is no resulting damage (yet), but we get an extra pointless
tick interrupt.
Revert the order so we get the next tick interrupt in the future.
Peter Hurley [Mon, 11 Jan 2016 06:40:58 +0000 (22:40 -0800)]
staging/speakup: Use tty_ldisc_ref() for paste kworker
As the function documentation for tty_ldisc_ref_wait() notes, it is
only callable from a tty file_operations routine; otherwise there
is no guarantee the ref won't be NULL.
The key difference with the VT's paste_selection() is that is an ioctl,
where __speakup_paste_selection() is completely async kworker, kicked
off from interrupt context.
Fixes: 28a821c30688 ("Staging: speakup: Update __speakup_paste_selection()
tty (ab)usage to match vt") Cc: <[email protected]> Signed-off-by: Peter Hurley <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Peter Hurley [Mon, 11 Jan 2016 06:40:56 +0000 (22:40 -0800)]
n_tty: Fix unsafe reference to "other" ldisc
Although n_tty_check_unthrottle() has a valid ldisc reference (since
the tty core gets the ldisc ref in tty_read() before calling the line
discipline read() method), it does not have a valid ldisc reference to
the "other" pty of a pty pair. Since getting an ldisc reference for
tty->link essentially open-codes tty_wakeup(), just replace with the
equivalent tty_wakeup().
Peter Hurley [Mon, 11 Jan 2016 06:40:55 +0000 (22:40 -0800)]
tty: Fix unsafe ldisc reference via ioctl(TIOCGETD)
ioctl(TIOCGETD) retrieves the line discipline id directly from the
ldisc because the line discipline id (c_line) in termios is untrustworthy;
userspace may have set termios via ioctl(TCSETS*) without actually
changing the line discipline via ioctl(TIOCSETD).
However, directly accessing the current ldisc via tty->ldisc is
unsafe; the ldisc ptr dereferenced may be stale if the line discipline
is changing via ioctl(TIOCSETD) or hangup.
Wait for the line discipline reference (just like read() or write())
to retrieve the "current" line discipline id.
Peter Hurley [Sun, 10 Jan 2016 05:13:45 +0000 (21:13 -0800)]
tty: Retry failed reopen if tty teardown in-progress
A small window exists where a tty reopen will observe the tty
just prior to imminent teardown (tty->count == 0); in this case, open()
returns EIO to userspace.
Instead, retry the open after checking for signals and yielding;
this interruptible retry loop allows teardown to commence and initialize
a new tty on retry. Never retry the BSD master pty reopen; there is no
guarantee the pty pair teardown is imminent since the slave file
descriptors may remain open indefinitely.
Takashi Iwai [Wed, 27 Jan 2016 06:05:56 +0000 (07:05 +0100)]
ALSA: Add missing dependency on CONFIG_SND_TIMER
Since the build of PCM timer may be disabled via Kconfig now, each
driver that provides a timer interface needs to set CONFIG_SND_TIMER
explicitly. Otherwise it may get a build error due to missing
symbol.
Fixes: 90bbaf66ee7b ('ALSA: timer: add config item to export PCM timer disabling for expert') Reported-by: kbuild test robot <[email protected]> Cc: <[email protected]> # v4.4+ Signed-off-by: Takashi Iwai <[email protected]>
Alan Stern [Wed, 20 Jan 2016 16:26:01 +0000 (11:26 -0500)]
SCSI: fix crashes in sd and sr runtime PM
Runtime suspend during driver probe and removal can cause problems.
The driver's runtime_suspend or runtime_resume callbacks may invoked
before the driver has finished binding to the device or after the
driver has unbound from the device.
This problem shows up with the sd and sr drivers, and can cause disk
or CD/DVD drives to become unusable as a result. The fix is simple.
The drivers store a pointer to the scsi_disk or scsi_cd structure as
their private device data when probing is finished, so we simply have
to be sure to clear the private data during removal and test it during
runtime suspend/resume.
Gavin Shan [Wed, 2 Dec 2015 05:25:32 +0000 (16:25 +1100)]
powerpc/eeh: Fix PE location code
In eeh_pe_loc_get(), the PE location code is retrieved from the
"ibm,loc-code" property of the device node for the bridge of the
PE's primary bus. It's not correct because the property indicates
the parent PE's location code.
This reads the correct PE location code from "ibm,io-base-loc-code"
or "ibm,slot-location-code" property of PE parent bus's device node.
Kees Cook [Tue, 26 Jan 2016 00:18:13 +0000 (01:18 +0100)]
ARM: 8500/1: fix atags_to_fdt with stack-protector-strong
Building with CONFIG_CC_STACKPROTECTOR_STRONG triggers protection code
generation under CONFIG_ARM_ATAG_DTB_COMPAT but this is too early for
being able to use any of the stack_chk code. Explicitly disable it for
only the atags_to_fdt bits.
Jan Beulich [Tue, 26 Jan 2016 11:15:18 +0000 (04:15 -0700)]
x86/mm: Fix types used in pgprot cacheability flags translations
For PAE kernels "unsigned long" is not suitable to hold page protection
flags, since _PAGE_NX doesn't fit there. This is the reason for quite a
few W+X pages getting reported as insecure during boot (observed namely
for the entire initrd range).
Lucas Stach [Mon, 25 Jan 2016 14:47:28 +0000 (15:47 +0100)]
drm/etnaviv: call correct function when trying to vmap a DMABUF
When trying to get the vmap address of an imported buffer, we must
call into the appropriate helper function, to allow the exporter to
establish the vmap, instead of trying to vmap the buffer on our own.
Add an indirection through etnaviv_gem_ops to allow the correct
implementation to be called.
Lucas Stach [Tue, 26 Jan 2016 17:10:32 +0000 (18:10 +0100)]
drm/etnaviv: rename etnaviv_gem_vaddr to etnaviv_gem_vmap
This function follows the semantics of vmap() by returning
NULL in case of an error. To make things less confusing
rename it to make make both functions more closely related.
Lucas Stach [Mon, 25 Jan 2016 14:37:28 +0000 (15:37 +0100)]
drm/etnaviv: fix get pages error path in etnaviv_gem_vaddr
In case that etnaviv_gem_get_pages is unable to get the required
pages the object mutex needs to be unlocked. Also return NULL in
this case instead of propagating the error, as callers of this
function might not be prepared to handle a pointer error, but
expect this call to follow the semantics of a plain vmap to return
NULL in case of an error.
Russell King [Thu, 21 Jan 2016 15:19:59 +0000 (15:19 +0000)]
drm/etnaviv: ignore VG GPUs with FE2.0
Ignore GPUs with a 2.0 front end. These have a different register
layout for the front end, which provokes imprecise aborts from the
register accesses in the 'gpu' debugfs file.
Martin Wilck [Mon, 30 Nov 2015 11:50:05 +0000 (12:50 +0100)]
base/platform: Fix platform drivers with no probe callback
Since b8b2c7d845d5, platform_drv_probe() is called for all platform
devices. If drv->probe is NULL, and dev_pm_domain_attach() fails,
platform_drv_probe() will return the error code from dev_pm_domain_attach().
This causes real_probe() to enter the "probe_failed" path and set
dev->driver to NULL. Before b8b2c7d845d5, real_probe() would assume
success if both dev->bus->probe and drv->probe were missing. As a result,
a device and driver could be "bound" together just by matching their names;
this doesn't work any more after b8b2c7d845d5.
This may cause problems later for certain usage of platform_driver_register()
and platform_device_register_simple(). I observed a panic while loading
the tpm_tis driver with parameter "force=1" (i.e. registering tpm_tis as
a platform driver), because tpm_tis_init's assumption that the device
returned by platform_device_register_simple() was bound didn't hold any more
(tpmm_chip_alloc() dereferences chip->pdev->driver, causing panic).
This patch restores the previous (4.3.0 and earlier) behavior of
platform_drv_probe() in the case when the associated platform driver has
no "probe" function.
Mika Penttilä [Tue, 26 Jan 2016 15:47:25 +0000 (15:47 +0000)]
arm64: mm: avoid calling apply_to_page_range on empty range
Calling apply_to_page_range with an empty range results in a BUG_ON
from the core code. This can be triggered by trying to load the st_drv
module with CONFIG_DEBUG_SET_MODULE_RONX enabled:
kernel BUG at mm/memory.c:1874!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
Modules linked in:
CPU: 3 PID: 1764 Comm: insmod Not tainted 4.5.0-rc1+ #2
Hardware name: ARM Juno development board (r0) (DT)
task: ffffffc9763b8000 ti: ffffffc975af8000 task.ti: ffffffc975af8000
PC is at apply_to_page_range+0x2cc/0x2d0
LR is at change_memory_common+0x80/0x108
This patch fixes the issue by making change_memory_common (called by the
set_memory_* functions) a NOP when numpages == 0, therefore avoiding the
erroneous call to apply_to_page_range and bringing us into line with x86
and s390.
Marc Zyngier [Tue, 26 Jan 2016 14:24:15 +0000 (14:24 +0000)]
irqchip/gic-v3-its: Recompute the number of pages on page size change
When the programming of a GITS_BASERn register fails because of
an unsupported ITS page size, we retry it with a smaller page size.
Unfortunately, we don't recompute the number of allocated ITS pages,
indicating the wrong value computed in the original allocation.
A convenient fix is to free the pages we allocated, update the
page size, and restart the allocation. This will ensure that
we always allocate the right amount in the case of a device
table, specially if we have to reduce the allocation order
to stay within the boundaries of the ITS maximum allocation.
The new function platform_msi_domain_{alloc,free}_irqs are meant to be
used in platform drivers, which can be built as modules. Therefore, it
makes sense to export them to be used from kernel modules.
Arnd Bergmann [Mon, 25 Jan 2016 16:02:49 +0000 (17:02 +0100)]
clocksource: Select CLKSRC_MMIO where needed
The Tegra clocksource implementation uses the clocksource_mmio helper
functions, but currently can be configured without them, which fails:
drivers/clocksource/built-in.o: In function `tegra20_init_timer':
:(.init.text+0xac): undefined reference to `clocksource_mmio_init'
:(.init.text+0x140): undefined reference to `clocksource_mmio_readl_up'
The same problem exists for Digicolor:
drivers/clocksource/built-in.o: In function `digicolor_timer_init':
:(.init.text+0xfa): undefined reference to `clocksource_mmio_init'
:(.init.text+0x14c): undefined reference to `clocksource_mmio_readl_down'
I've inspected the Kconfig file to look for other cases that I have not
yet run into, and added an explicit 'select' to each one to ensure we
can successfully link the drivers.
Arnd Bergmann [Mon, 25 Jan 2016 15:41:49 +0000 (16:41 +0100)]
tick/sched: Hide unused oneshot timer code
A couple of functions in kernel/time/tick-sched.c are only
relevant for oneshot timer mode, i.e. when hires-timers or
nohz mode are enabled. If both are disabled, we get gcc warnings
about them:
kernel/time/tick-sched.c:98:16: warning: 'tick_init_jiffy_update' defined but not used [-Wunused-function]
static ktime_t tick_init_jiffy_update(void)
^
kernel/time/tick-sched.c:112:13: warning: 'tick_sched_do_timer' defined but not used [-Wunused-function]
static void tick_sched_do_timer(ktime_t now)
^
kernel/time/tick-sched.c:134:13: warning: 'tick_sched_handle' defined but not used [-Wunused-function]
static void tick_sched_handle(struct tick_sched *ts, struct pt_regs *regs)
^
This encloses the whole set of functions in an appropriate ifdef
to avoid the warning and to make it clearer when they are used.
Marc Zyngier [Tue, 26 Jan 2016 13:52:26 +0000 (13:52 +0000)]
of: MSI: Simplify irqdomain lookup
So far, when trying to associate a device with its MSI domain,
we first lookup the domain using a MSI token, and if this
doesn't return anything useful, we pick up any domain matching
the same node.
This logic is broken for two reasons:
1) Only the generic MSI code (PCI or platform) sets this token
to PCI/MSI or platform MSI. So we're guaranteed that if there
is something to be found, we will find it with the first call.
2) If we have a convoluted situation where:
- a single node implements both wired and MSI interrupts
- MSI support for that HW hasn't been compiled in
we'll end up using the wired domain for MSIs anyway, and things
break badly.
So let's just remove __of_get_msi_domain, and replace it by a direct
call to irq_find_matching_host, because that's what we really want.
Marc Zyngier [Tue, 26 Jan 2016 13:52:25 +0000 (13:52 +0000)]
irqdomain: Allow domain lookup with DOMAIN_BUS_WIRED token
Let's take the (outlandish) example of an interrupt controller
capable of handling both wired interrupts and PCI MSIs.
With the current code, the PCI MSI domain is going to be tagged
with DOMAIN_BUS_PCI_MSI, and the wired domain with DOMAIN_BUS_ANY.
Things get hairy when we start looking up the domain for a wired
interrupt (typically when creating it based on some firmware
information - DT or ACPI).
In irq_create_fwspec_mapping(), we perform the lookup using
DOMAIN_BUS_ANY, which is actually used as a wildcard. This gives
us one chance out of two to end up with the wrong domain, and
we try to configure a wired interrupt with the MSI domain.
Everything grinds to a halt pretty quickly.
What we really need to do is to start looking for a domain that
would uniquely identify a wired interrupt domain, and only use
DOMAIN_BUS_ANY as a fallback.
In order to solve this, let's introduce a new DOMAIN_BUS_WIRED
token, which is going to be used exactly as described above.
Of course, this depends on the irqchip to setup the domain
bus_token, and nobody had to implement this so far.
Arnd Bergmann [Mon, 25 Jan 2016 15:58:08 +0000 (16:58 +0100)]
irqchip/s3c24xx: Mark init_eint as __maybe_unused
The init_eint array in the s3c24xx irqchip driver is used by
every individual chip variant, but Kconfig allows building
the driver when they are all disabled, and that leads to
a harmless compile-time warning:
drivers/irqchip/irq-s3c24xx.c:608:28: error: 'init_eint' defined but not used [-Werror=unused-variable]
This marks the array as __maybe_unused to avoid the warning.
KVM: s390: fix memory overwrites when vx is disabled
The kernel now always uses vector registers when available, however KVM
has special logic if support is really enabled for a guest. If support
is disabled, guest_fpregs.fregs will only contain memory for the fpu.
The kernel, however, will store vector registers into that area,
resulting in crazy memory overwrites.
Simply extending that area is not enough, because the format of the
registers also changes. We would have to do additional conversions, making
the code even more complex. Therefore let's directly use one place for
the vector/fpu registers + fpc (in kvm_run). We just have to convert the
data properly when accessing it. This makes current code much easier.
Please note that vector/fpu registers are now always stored to
vcpu->run->s.regs.vrs. Although this data is visible to QEMU and
used for migration, we only guarantee valid values to user space when
KVM_SYNC_VRS is set. As that is only the case when we have vector
register support, we are on the safe side.
Fixes: b5510d9b68c3 ("s390/fpu: always enable the vector facility if it is available") Cc: [email protected] # v4.4 d9a3a09af54d s390/kvm: remove dependency on struct save_area definition Signed-off-by: David Hildenbrand <[email protected]> Signed-off-by: Christian Borntraeger <[email protected]>
[adopt to d9a3a09af54d]
Dong Jia Shi [Wed, 20 Jan 2016 05:33:42 +0000 (06:33 +0100)]
KVM: s390: Enable the KVM-VFIO device
The KVM-VFIO device is used by the QEMU VFIO device. It is used to
record the list of in-use VFIO groups so that KVM can manipulate
them.
While we don't need this on s390 currently, let's try to be like
everyone else.
This commit merged interval and overall counters reading into single
read_counters function.
The old interval code cleaned the stddev data for some reason (it's
never displayed in interval mode) and the mentioned commit kept on
cleaning the stddev data in merged function, which resulted in the
stddev not being displayed.
Removing the wrong stddev data cleanup init_stats call.
Sebastian Ott [Mon, 25 Jan 2016 09:32:51 +0000 (10:32 +0100)]
s390/cio: update measurement characteristics
Per channel path measurement characteristics are obtained during channel
path registration. However if some properties of a channel path change
we don't update the measurement characteristics.
Make sure to update the characteristics when we change the properties of
a channel path or receive a notification from FW about such a change.
Sebastian Ott [Mon, 25 Jan 2016 09:31:33 +0000 (10:31 +0100)]
s390/cio: ensure consistent measurement state
Make sure that in all cases where we could not obtain measurement
characteristics the associated fields are set to invalid values.
Note: without this change the "shared" capability of a channel path
for which we could not obtain the measurement characteristics was
incorrectly displayed as 0 (not shared). We will now correctly
report "unknown" in this case.
Sebastian Ott [Mon, 25 Jan 2016 09:30:27 +0000 (10:30 +0100)]
s390/cio: fix measurement characteristics memleak
Measurement characteristics are allocated during channel path
registration but not freed during deregistration. Fix this by
embedding these characteristics inside struct channel_path.
Ingo Tuchscherer [Fri, 22 Jan 2016 15:18:29 +0000 (16:18 +0100)]
s390/zcrypt: Fix cryptographic device id in kernel messages
Currently, on card response failures a combination of card domain and
domain id is recorded in the kernel messages.
According to the message description only the card id will be recorded.
The domain id is not relevant, since the whole card including all domains
is set offline.
Sebastian Ott [Fri, 22 Jan 2016 13:11:21 +0000 (14:11 +0100)]
s390/pci: remove iomap sanity checks
Since each iomap_entry handles only one bar of one pci function
(even when disjunct ranges of a bar are mapped) the sanity check
in pci_iomap_range is not needed and can be removed.
Sebastian Ott [Fri, 22 Jan 2016 13:04:18 +0000 (14:04 +0100)]
s390/pci: set error state for unusable functions
We receive special notifications from firmware when an error was detected
and a pci function became unusable. Set the error_state accordingly to give
device drivers a hint that they don't need to try error recovery.
Sebastian Ott [Fri, 22 Jan 2016 13:01:44 +0000 (14:01 +0100)]
s390/pci: resize iomap
On s390 we need to maintain a mapping between iomem addresses
and arch specific function identifiers. Currently the mapping
table is created as such that we could span the whole iomem
address space. Since we can only map each bar space from each
possible function we have an upper bound for the number of
mapping entries.
This reduces the size of the iomap from 256K to less than 4K
(using the defconfig).
Michael Holzheu [Wed, 20 Jan 2016 18:22:16 +0000 (19:22 +0100)]
s390/numa: move numa_init_late() from device to arch_initcall
Commit 3e89e1c5ea ("hugetlb: make mm and fs code explicitly non-modular")
moves hugetlb_init() from module_init to subsys_initcall.
The hugetlb_init()->hugetlb_register_node() code accesses "node->dev.kobj"
which is initialized in numa_init_late().
Since numa_init_late() is a device_initcall which is called *after*
subsys_initcall the above mentioned patch breaks NUMA on s390.
So fix this and move numa_init_late() to arch_initcall.
Fixes: 3e89e1c5ea ("hugetlb: make mm and fs code explicitly non-modular") Reviewed-by: Heiko Carstens <[email protected]> Signed-off-by: Michael Holzheu <[email protected]> Signed-off-by: Martin Schwidefsky <[email protected]>
Will Deacon [Mon, 25 Jan 2016 18:25:59 +0000 (18:25 +0000)]
arm64: defconfig: updates for 4.5
Based on requests, update our defconfig so that:
- We don't build any modules
- PL031 is enabled (RTC emulated by qemu)
- Xen guest support is enabled
- The Uniphier built-in I2C controller is enabled
- PCI host controller drivers for the various arm64 SoCs are enabled
- Device passthrough works on Seattle using SMMU and VFIO
- The Hisilicon IRQ controller (mbigen) is enabled
dann frazier [Mon, 25 Jan 2016 23:52:16 +0000 (16:52 -0700)]
arm64: errata: Add -mpc-relative-literal-loads to build flags
GCC6 (and Linaro's 2015.12 snapshot of GCC5) has a new default that uses
adrp/ldr or adrp/add to address literal pools. When CONFIG_ARM64_ERRATUM_843419
is enabled, modules built with this toolchain fail to load:
module libahci: unsupported RELA relocation: 275
This patch fixes the problem by passing '-mpc-relative-literal-loads'
to the compiler.
William Cohen [Fri, 22 Jan 2016 03:56:26 +0000 (22:56 -0500)]
Eliminate the .eh_frame sections from the aarch64 vmlinux and kernel modules
By default the aarch64 gcc generates .eh_frame sections. Unlike
.debug_frame sections, the .eh_frame sections are loaded into memory
when the associated code is loaded. On an example kernel being built
with this default the .eh_frame section in vmlinux used an extra 1.7MB
of memory. The x86 disables the creation of the .eh_frame section.
The aarch64 should probably do the same to save some memory.
Lucas Tanure [Mon, 25 Jan 2016 21:30:23 +0000 (19:30 -0200)]
ALSA: bebob: Use a signed return type for get_formation_index
The return type "unsigned int" was used by the get_formation_index function
despite of the aspect that it will eventually return a negative error code.
So, change to signed int and get index by reference in the parameters.
Done with the help of Coccinelle.
[Fix the missing braces suggested by Julia Lawall -- tiwai]
This is caused by the following code sequence on CPU1
rcu_read_lock()
x = lookup();
if (x)
spin_lock_irqsave(&x->it_lock);
rcu_read_unlock();
return x;
We could fix that in the posix timer code by keeping rcu read locked across
the spinlocked and irq disabled section, but the above sequence is common and
there is no reason not to support it.
Taking rt_mutex.wait_lock irq safe prevents the deadlock.
This adds micro-benchmarks useful for tuning virtio ring layouts.
Three layouts are currently implemented:
- virtio 0.9 compatible one
- an experimental extension bypassing the ring index, polling ring
itself instead
- an experimental extension bypassing avail and used ring completely
Typical use:
sh run-on-all.sh perf stat -r 10 --log-fd 1 -- ./ring
It doesn't depend on the kernel directly, but it's handy
to have as much virtio stuff as possible in one tree.
KASan detected a use-after-free error in virtio-pci remove code. In
virtio_pci_remove(), vp_dev is still used after being freed in
unregister_virtio_device() (in virtio_pci_release_dev() more
precisely).
Andy Shevchenko [Fri, 15 Jan 2016 20:02:12 +0000 (22:02 +0200)]
i2c: designware-pci: use IRQF_COND_SUSPEND flag
This is effectively reapplies the commit b0898fdaffb2 ("i2c: designware-pci: use
IRQF_COND_SUSPEND flag") after the commit d80d134182ba ("i2c: designware: Move
common probe code into i2c_dw_probe()"). Original message as follows.
The mentioned flag fixes a warning on Intel Edison board since one of the I2C
controller shares IRQ line with watchdog timer.
Fixes: d80d134182ba (i2c: designware: Move common probe code into i2c_dw_probe()) Signed-off-by: Andy Shevchenko <[email protected]> Acked-by: Jarkko Nikula <[email protected]> Signed-off-by: Wolfram Sang <[email protected]>
ALSA: usb-audio: Fix TEAC UD-501/UD-503/NT-503 usb delay
TEAC UD-501/UD-503/NT-503 fail to switch properly between different
rate/format. Similar to 'Playback Design', this patch corrects the
invalid clock source error for TEAC products and avoids complete
freeze of the usb interface of 503 series.
Jean Delvare [Fri, 22 Jan 2016 13:12:02 +0000 (14:12 +0100)]
i2c: piix4: Fix SB800 locking
We need a single mutex for all 4 shared SMBus ports on the SB800. A
per-port mutex doesn't protect us from concurrent access.
In theory the mutex should be per PCI device, however in practice we
know that there's only ever a single instance of the device in a given
system so we can use a global.
Also take the mutex during initialization, as first port may be already
in use when second port is initialized.
Alex Deucher [Tue, 26 Jan 2016 05:30:33 +0000 (00:30 -0500)]
drm/amdgpu: don't init fbdev if we don't have any connectors
Don't init fbdev if we don't have connectors. E.g., if you have
a PX laptop with the displays attached to an IGP with no driver
support, you may end up with a blank screen rather than falling
back to vesa, etc.
Rob Clark [Mon, 25 Jan 2016 23:06:48 +0000 (18:06 -0500)]
drm/radeon: only init fbdev if we have connectors
This fixes an issue that was noticed on an optimus/prime laptop with
a kernel that was old enough to not support the integrated intel gfx
(which was driving all the outputs), but did have support for the
discrete radeon gpu. The end result was not falling back to VESA and
leaving the user with a black screen.
(Plus it is kind of silly to create an framebuffer device if there
are no outputs hooked up to the gpu.)
David Sterba [Mon, 25 Jan 2016 10:02:06 +0000 (11:02 +0100)]
Revert "btrfs: clear PF_NOFREEZE in cleaner_kthread()"
This reverts commit 696249132158014d594896df3a81390616069c5c. The
cleaner thread can block freezing when there's a snapshot cleaning in
progress and the other threads get suspended first. From the logs
provided by Martin we're waiting for reading extent pages:
Filipe Manana [Thu, 21 Jan 2016 10:17:54 +0000 (10:17 +0000)]
Btrfs: fix race between fsync and lockless direct IO writes
An fsync, using the fast path, can race with a concurrent lockless direct
IO write and end up logging a file extent item that points to an extent
that wasn't written to yet. This is because the fast fsync path collects
ordered extents into a local list and then collects all the new extent
maps to log file extent items based on them, while the direct IO write
path creates the new extent map before it creates the corresponding
ordered extent (and submitting the respective bio(s)).
So fix this by making the direct IO write path create ordered extents
before the extent maps and make the fast fsync path collect any new
ordered extents after it collects the extent maps.
Note that making the fsync handler call inode_dio_wait() (after acquiring
the inode's i_mutex) would not work and lead to a deadlock when doing
AIO, as through AIO we end up in a path where the fsync handler is called
(through dio_aio_complete_work() -> dio_complete() -> vfs_fsync_range())
before the inode's dio counter is decremented (inode_dio_wait() waits
for this counter to have a value of zero).
Takashi Iwai [Mon, 25 Jan 2016 12:59:21 +0000 (13:59 +0100)]
ALSA: compress: Disable GET_CODEC_CAPS ioctl for some architectures
Some architectures like PowerPC can handle the maximum struct size in
an ioctl only up to 13 bits, and struct snd_compr_codec_caps used by
SNDRV_COMPRESS_GET_CODEC_CAPS ioctl overflows this limit. This
problem was revealed recently by a powerpc change, as it's now treated
as a fatal build error.
This patch is a stop-gap for that: for architectures with less than 14
bit ioctl struct size, get rid of the handling of the relevant ioctl.
We should provide an alternative equivalent ioctl code later, but for
now just paper over it. Luckily, the compress API hasn't been used on
such architectures, so the impact must be effectively zero.
Lucas Stach [Fri, 22 Jan 2016 11:03:03 +0000 (12:03 +0100)]
drm/etnaviv: hold object lock while getting pages for coredump
While all objects that get coredumped have an active IOVA and thus
pages already populated, etnaviv_gem_get_pages() still requires the
object lock to be held.
John Ernberg [Mon, 25 Jan 2016 12:27:17 +0000 (12:27 +0000)]
USB: option: fix Cinterion AHxx enumeration
In certain kernel configurations where the cdc_ether and option drivers
are compiled as modules there can occur a race condition in enumeration.
This causes the option driver to enumerate the ethernet(wwan) interface
as usb-serial interfaces.
USB: mxu11x0: fix memory leak on usb_serial private data
On nominal execution, private data allocated on port_probe and attach
are never freed. Add port_remove and release callbacks to free them
respectively.
Catalin Marinas [Thu, 7 Jan 2016 16:07:20 +0000 (16:07 +0000)]
arm64: Honour !PTE_WRITE in set_pte_at() for kernel mappings
Currently, set_pte_at() only checks the software PTE_WRITE bit for user
mappings when it sets or clears the hardware PTE_RDONLY accordingly. The
kernel ptes are written directly without any modification, relying
solely on the protection bits in macros like PAGE_KERNEL. However,
modifying kernel pte attributes via pte_wrprotect() would be ignored by
set_pte_at(). Since pte_wrprotect() does not set PTE_RDONLY (it only
clears PTE_WRITE), the new permission is not taken into account.
This patch changes set_pte_at() to adjust the read-only permission for
kernel ptes as well. As a side effect, existing PROT_* definitions used
for kernel ioremap*() need to include PTE_DIRTY | PTE_WRITE.
(additionally, white space fix for PTE_KERNEL_ROX)
The Performance Monitors extension is an optional feature of the
AArch64 architecture, therefore, in order to access Performance
Monitors registers safely, the kernel should detect the architected
PMU unit presence through the ID_AA64DFR0_EL1 register PMUVer field
before accessing them.
This patch implements a guard by reading the ID_AA64DFR0_EL1 register
PMUVer field to detect the architected PMU presence and prevent accessing
PMU system registers if the Performance Monitors extension is not
implemented in the core.
Ard Biesheuvel [Mon, 11 Jan 2016 13:50:21 +0000 (14:50 +0100)]
arm64: kasan: ensure that the KASAN zero page is mapped read-only
When switching from the early KASAN shadow region, which maps the
entire shadow space read-write, to the permanent KASAN shadow region,
which uses a zero page to shadow regions that are not subject to
instrumentation, the lowest level table kasan_zero_pte[] may be
reused unmodified, which means that the mappings of the zero page
that it contains will still be read-write.
So update it explicitly to map the zero page read only when we
activate the permanent mapping.
Ard Biesheuvel [Fri, 15 Jan 2016 12:28:57 +0000 (13:28 +0100)]
arm64: hide __efistub_ aliases from kallsyms
Commit e8f3010f7326 ("arm64/efi: isolate EFI stub from the kernel
proper") isolated the EFI stub code from the kernel proper by prefixing
all of its symbols with __efistub_, and selectively allowing access to
core kernel symbols from the stub by emitting __efistub_ aliases for
functions and variables that the stub can access legally.
As an unintended side effect, these aliases are emitted into the
kallsyms symbol table, which means they may turn up in backtraces,
e.g.,
...
PC is at __efistub_memset+0x108/0x200
LR is at fixup_init+0x3c/0x48
...
[<ffffff8008328608>] __efistub_memset+0x108/0x200
[<ffffff8008094dcc>] free_initmem+0x2c/0x40
[<ffffff8008645198>] kernel_init+0x20/0xe0
[<ffffff8008085cd0>] ret_from_fork+0x10/0x40
The backtrace in question has nothing to do with the EFI stub, but
simply returns one of the several aliases of memset() that have been
recorded in the kallsyms table. This is undesirable, since it may
suggest to people who are not aware of this that the issue they are
seeing is somehow EFI related.
So hide the __efistub_ aliases from kallsyms, by emitting them as
absolute linker symbols explicitly. The distinction between those
and section relative symbols is completely irrelevant to these
definitions, and to the final link we are performing when these
definitions are being taken into account (the distinction is only
relevant to symbols defined inside a section definition when performing
a partial link), and so the resulting values are identical to the
original ones. Since absolute symbols are ignored by kallsyms, this
will result in these values to be omitted from its symbol table.
After this patch, the backtrace generated from the same address looks
like this:
...
PC is at __memset+0x108/0x200
LR is at fixup_init+0x3c/0x48
...
[<ffffff8008328608>] __memset+0x108/0x200
[<ffffff8008094dcc>] free_initmem+0x2c/0x40
[<ffffff8008645198>] kernel_init+0x20/0xe0
[<ffffff8008085cd0>] ret_from_fork+0x10/0x40
Takashi Iwai [Mon, 25 Jan 2016 10:24:56 +0000 (11:24 +0100)]
ALSA: seq: Degrade the error message for too many opens
ALSA OSS sequencer spews a kernel error message ("ALSA: seq_oss: too
many applications") when user-space tries to open more than the
limit. This means that it can easily fill the log buffer.
Since it's merely a normal error, it's safe to suppress it via
pr_debug() instead.
Takashi Iwai [Mon, 25 Jan 2016 10:01:47 +0000 (11:01 +0100)]
ALSA: seq: Fix incorrect sanity check at snd_seq_oss_synth_cleanup()
ALSA sequencer OSS emulation code has a sanity check for currently
opened devices, but there is a thinko there, eventually it spews
warnings and skips the operation wrongly like:
WARNING: CPU: 1 PID: 7573 at sound/core/seq/oss/seq_oss_synth.c:311
projects / linux.git / log