1. 19 Dec, 2016 1 commit
    • Jan Kara's avatar
      quota: Fix bogus warning in dquot_disable() · 2700e606
      Jan Kara authored
      dquot_disable() was warning when sb_has_quota_loaded() was true when
      invalidating page cache for quota files. The thinking behind this
      warning was that we must have raced with somebody else turning quotas on
      and this should not happen because all places modifying quota state must
      hold s_umount exclusively now. However sb_has_quota_loaded() can be also
      true at this point when we are just suspending quotas on remount
      read-only. Just restore the behavior to situation before commit
      c3b00446 ("quota: Remove dqonoff_mutex") which introduced the
      warning.
      
      The code in dquot_disable() can be further simplified with the new
      locking of quota state changes however let's leave that to a separate
      commit that can get more testing exposure.
      
      Fixes: c3b00446Signed-off-by: default avatarJan Kara <jack@suse.cz>
      2700e606
  2. 13 Dec, 2016 1 commit
    • Jan Kara's avatar
      fsnotify: Fix possible use-after-free in inode iteration on umount · 5716863e
      Jan Kara authored
      fsnotify_unmount_inodes() plays complex tricks to pin next inode in the
      sb->s_inodes list when iterating over all inodes. Furthermore the code has a
      bug that if the current inode is the last on i_sb_list that does not have e.g.
      I_FREEING set, then we leave next_i pointing to inode which may get removed
      from the i_sb_list once we drop s_inode_list_lock thus resulting in
      use-after-free issues (usually manifesting as infinite looping in
      fsnotify_unmount_inodes()).
      
      Fix the problem by keeping current inode pinned somewhat longer. Then we can
      make the code much simpler and standard.
      
      CC: stable@vger.kernel.org
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      5716863e
  3. 07 Dec, 2016 1 commit
  4. 30 Nov, 2016 4 commits
  5. 24 Nov, 2016 2 commits
    • Jan Kara's avatar
      quota: Use s_umount protection for quota operations · 9d1ccbe7
      Jan Kara authored
      Writeback quota is protected by s_umount semaphore held for reading
      because every writeback must be protected by that lock (grabbed either
      by the generic writeback code or by quotactl handler). Getting next
      available ID in quota file, querying quota state, setting quota
      information, getting quota format are all quotactl operations protected
      by s_umount semaphore held for reading grabbed in quotactl handler.
      
      This also fixes lockdep splat about possible deadlock during filesystem
      freezing where sync_filesystem() is called with page-faults already
      blocked but sync_filesystem() calls into dquot_writeback_dquots() which
      grabs dqonoff_mutex which ranks above i_mutex (vfs_load_quota_inode()
      grabs i_mutex under dqonoff_mutex) which clearly ranks below page fault
      freeze protection (e.g. via mmap_sem dependencies). The reported problem
      is not a real deadlock possibility since during quota on we check
      whether filesystem freezing is not in progress but still it is good to
      have this fixed.
      Reported-by: default avatarTed Tso <tytso@mit.edu>
      Reported-by: default avatarEric Whitney <enwlinux@gmail.com>
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      9d1ccbe7
    • Jan Kara's avatar
      quota: Hold s_umount in exclusive mode when enabling / disabling quotas · 7d6cd73d
      Jan Kara authored
      Currently we hold s_umount semaphore only in shared mode when enabling
      or disabling quotas and use dqonoff_mutex for serializing quota state
      changes on a filesystem and also quota state changes with other places
      depending on current quota state. Using dedicated mutex for this causes
      possible deadlocks during filesystem freezing (see following commit for
      details) so we transition to using s_umount semaphore for the necessary
      synchronization whose lock ordering is properly handled by the
      filesystem freezing code. As a start grab s_umount in exclusive mode
      when enabling / disabling quotas.
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      7d6cd73d
  6. 23 Nov, 2016 1 commit
  7. 20 Nov, 2016 7 commits
    • Linus Torvalds's avatar
      Linux 4.9-rc6 · 9c763584
      Linus Torvalds authored
      9c763584
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm · 697ed8d0
      Linus Torvalds authored
      Pull ARM fixes from Russell King:
       "A few more ARM fixes:
      
         - the assembly backtrace code suffers problems with the new printk()
           implementation which assumes that kernel messages without KERN_CONT
           should have newlines inserted between them. Fix this.
         - fix a section naming error - ".init.text" rather than ".text.init"
         - preallocate DMA debug memory at core_initcall() time rather than
           fs_initcall(), as we have some core drivers that need to use DMA
           mapping - and that triggers a kernel warning from the DMA debug
           code.
         - fix XIP kernels after the ro_after_init changes made this data
           permanently read-only"
      
      * 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm:
        ARM: Fix XIP kernels
        ARM: 8628/1: dma-mapping: preallocate DMA-debug hash tables in core_initcall
        ARM: 8624/1: proc-v7m.S: fix init section name
        ARM: fix backtrace
      697ed8d0
    • Linus Torvalds's avatar
      Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc · 77079b13
      Linus Torvalds authored
      Pull ARM SoC fixes from Olof Johansson:
       "Again a set of smaller fixes across several platforms (OMAP, Marvell,
        Allwinner, i.MX, etc).
      
        A handful of typo fixes and smaller missing contents from device
        trees, with some tweaks to OMAP mach files to deal with CPU feature
        print misformatting, potential NULL ptr dereference and one setup
        issue with UARTs"
      
      * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
        ipmi/bt-bmc: change compatible node to 'aspeed, ast2400-ibt-bmc'
        ARM: dts: STiH410-b2260: Fix typo in spi0 chipselect definition
        ARM: dts: omap5: board-common: fix wrong SMPS6 (VDD-DDR3) voltage
        ARM: omap3: Add missing memory node in SOM-LV
        arm64: dts: marvell: add unique identifiers for Armada A8k SPI controllers
        arm64: dts: marvell: fix clocksource for CP110 slave SPI0
        arm64: dts: marvell: Fix typo in label name on Armada 37xx
        ASoC: omap-abe-twl6040: fix typo in bindings documentation
        dts: omap5: board-common: enable twl6040 headset jack detection
        dts: omap5: board-common: add phandle to reference Palmas gpadc
        ARM: OMAP2+: avoid NULL pointer dereference
        ARM: OMAP2+: PRM: initialize en_uart4_mask and grpsel_uart4_mask
        ARM: dts: omap3: Fix memory node in Torpedo board
        ARM: AM43XX: Select OMAP_INTERCONNECT in Kconfig
        ARM: OMAP3: Fix formatting of features printed
        ARM: dts: imx53-qsb: Fix regulator constraints
        ARM: dts: sun8i: fix the pinmux for UART1
      77079b13
    • Linus Torvalds's avatar
      Merge tag 'ext4_for_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 · d117b9ac
      Linus Torvalds authored
      Pull ext4 fixes from Ted Ts'o:
       "A security fix (so a maliciously corrupted file system image won't
        panic the kernel) and some fixes for CONFIG_VMAP_STACK"
      
      * tag 'ext4_for_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
        ext4: sanity check the block and cluster size at mount time
        fscrypto: don't use on-stack buffer for key derivation
        fscrypto: don't use on-stack buffer for filename encryption
      d117b9ac
    • Theodore Ts'o's avatar
      ext4: sanity check the block and cluster size at mount time · 8cdf3372
      Theodore Ts'o authored
      If the block size or cluster size is insane, reject the mount.  This
      is important for security reasons (although we shouldn't be just
      depending on this check).
      
      Ref: http://www.securityfocus.com/archive/1/539661
      Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1332506Reported-by: default avatarBorislav Petkov <bp@alien8.de>
      Reported-by: default avatarNikolay Borisov <kernel@kyup.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      Cc: stable@vger.kernel.org
      8cdf3372
    • Eric Biggers's avatar
      fscrypto: don't use on-stack buffer for key derivation · 0f0909e2
      Eric Biggers authored
      With the new (in 4.9) option to use a virtually-mapped stack
      (CONFIG_VMAP_STACK), stack buffers cannot be used as input/output for
      the scatterlist crypto API because they may not be directly mappable to
      struct page.  get_crypt_info() was using a stack buffer to hold the
      output from the encryption operation used to derive the per-file key.
      Fix it by using a heap buffer.
      
      This bug could most easily be observed in a CONFIG_DEBUG_SG kernel
      because this allowed the BUG in sg_set_buf() to be triggered.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      0f0909e2
    • Eric Biggers's avatar
      fscrypto: don't use on-stack buffer for filename encryption · 3c7018eb
      Eric Biggers authored
      With the new (in 4.9) option to use a virtually-mapped stack
      (CONFIG_VMAP_STACK), stack buffers cannot be used as input/output for
      the scatterlist crypto API because they may not be directly mappable to
      struct page.  For short filenames, fname_encrypt() was encrypting a
      stack buffer holding the padded filename.  Fix it by encrypting the
      filename in-place in the output buffer, thereby making the temporary
      buffer unnecessary.
      
      This bug could most easily be observed in a CONFIG_DEBUG_SG kernel
      because this allowed the BUG in sg_set_buf() to be triggered.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      3c7018eb
  8. 19 Nov, 2016 17 commits
    • Linus Torvalds's avatar
      Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · 50d438fb
      Linus Torvalds authored
      Pull i2c fixes from Wolfram Sang:
       "Some I2C driver bugfixes (and one documentation fix)"
      
      * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
        i2c: i2c-mux-pca954x: fix deselect enabling for device-tree
        i2c: digicolor: use clk_disable_unprepare instead of clk_unprepare
        i2c: mux: fix up dependencies
        i2c: Documentation: i2c-topology: fix minor whitespace nit
        i2c: mux: demux-pinctrl: make drivers with no pinctrl work again
      50d438fb
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · dce9ce36
      Linus Torvalds authored
      Pull KVM fixes from Radim Krčmář:
       "ARM:
         - Fix handling of the 32bit cycle counter
         - Fix cycle counter filtering
      
        x86:
         - Fix a race leading to double unregistering of user notifiers
         - Amend oversight in kvm_arch_set_irq that turned Hyper-V code dead
         - Use SRCU around kvm_lapic_set_vapic_addr
         - Avoid recursive flushing of asynchronous page faults
         - Do not rely on deferred update in KVM_GET_CLOCK, which fixes #GP
         - Let userspace know that KVM_GET_CLOCK is useful with master clock;
           4.9 changed the return value to better match the guest clock, but
           didn't provide means to let guests take advantage of it"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        kvm: x86: merge kvm_arch_set_irq and kvm_arch_set_irq_inatomic
        KVM: x86: fix missed SRCU usage in kvm_lapic_set_vapic_addr
        KVM: async_pf: avoid recursive flushing of work items
        kvm: kvmclock: let KVM_GET_CLOCK return whether the master clock is in use
        KVM: Disable irq while unregistering user notifier
        KVM: x86: do not go through vcpu in __get_kvmclock_ns
        KVM: arm64: Fix the issues when guest PMCCFILTR is configured
        arm64: KVM: pmu: Fix AArch32 cycle counter access
      dce9ce36
    • Alex Hemme's avatar
      i2c: i2c-mux-pca954x: fix deselect enabling for device-tree · ad092de6
      Alex Hemme authored
      Deselect functionality can be ignored for device-trees with
      "i2c-mux-idle-disconnect" entries if no platform_data is available.
      By enabling the deselect functionality outside the platform_data
      block the logic works as it did in previous kernels.
      
      Fixes: 7fcac980 ("i2c: i2c-mux-pca954x: convert to use an explicit i2c mux core")
      Cc: <stable@vger.kernel.org> # v4.7+
      Signed-off-by: default avatarAlex Hemme <ahemme@cisco.com>
      Signed-off-by: default avatarZiyang Wu <ziywu@cisco.com>
      [touched up a few minor issues /peda]
      Signed-off-by: default avatarPeter Rosin <peda@axentia.se>
      Signed-off-by: default avatarWolfram Sang <wsa@the-dreams.de>
      ad092de6
    • Linus Torvalds's avatar
      Merge tag 'powerpc-4.9-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · f6918382
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
       "Fixes marked for stable:
         - fix system reset interrupt winkle wakeups
         - fix setting of AIL in hypervisor mode
      
        Fixes for code merged this cycle:
         - fix exception vector build with 2.23 era binutils
         - fix missing update of HID register on secondary CPUs
      
        Other:
         - fix missing pr_cont()s
         - invalidate ERAT on tlbiel for POWER9 DD1"
      
      * tag 'powerpc-4.9-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/mm: Fix missing update of HID register on secondary CPUs
        powerpc/mm/radix: Invalidate ERAT on tlbiel for POWER9 DD1
        powerpc/64: Fix setting of AIL in hypervisor mode
        powerpc/oops: Fix missing pr_cont()s in instruction dump
        powerpc/oops: Fix missing pr_cont()s in show_regs()
        powerpc/oops: Fix missing pr_cont()s in print_msr_bits() et. al.
        powerpc/oops: Fix missing pr_cont()s in show_stack()
        powerpc: Fix exception vector build with 2.23 era binutils
        powerpc/64s: Fix system reset interrupt winkle wakeups
      f6918382
    • Linus Torvalds's avatar
      Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · 384b0dc4
      Linus Torvalds authored
      Pull crypto fixes from Herbert Xu:
       "This fixes the following issues:
      
         - Compiler warning in caam driver that was the last one remaining
      
         - Do not register aes-xts in caam drivers on unsupported platforms
      
         - Regression in algif_hash interface that may lead to an oops"
      
      * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: algif_hash - Fix NULL hash crash with shash
        crypto: caam - fix type mismatch warning
        crypto: caam - do not register AES-XTS mode on LP units
      384b0dc4
    • Linus Torvalds's avatar
      Merge tag 'leds_4.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds · 67418976
      Linus Torvalds authored
      Pull LED subsystem update from Jacek Anaszewski:
       "I'd like to announce a new co-maintainer - Pavel Machek"
      
      * tag 'leds_4.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds:
        MAINTAINERS: Add LED subsystem co-maintainer
      67418976
    • Linus Torvalds's avatar
      Merge tag 'dmaengine-fix-4.9-rc6' of git://git.infradead.org/users/vkoul/slave-dma · eab8d4bc
      Linus Torvalds authored
      Pull dmaengine fixes from Vinod Koul:
       "Some driver fixes which we pending in my tree:
      
         - return error code fix in edma driver
         - Kconfig fix for genric allocator in mmp_tdma
         - fix uninitialized value in sun6i
         - Runtime pm fixes for cppi"
      
      * tag 'dmaengine-fix-4.9-rc6' of git://git.infradead.org/users/vkoul/slave-dma:
        dmaengine: cppi41: More PM runtime fixes
        dmaengine: cpp41: Fix handling of error path
        dmaengine: cppi41: Fix unpaired pm runtime when only a USB hub is connected
        dmaengine: cppi41: Fix list not empty warning on module removal
        dmaengine: sun6i: fix the uninitialized value for v_lli
        dmaengine: mmp_tdma: add missing select GENERIC_ALLOCATOR in Kconfig
        dmaengine: edma: Fix error return code in edma_alloc_chan_resources()
      eab8d4bc
    • Paolo Bonzini's avatar
      kvm: x86: merge kvm_arch_set_irq and kvm_arch_set_irq_inatomic · a2b07739
      Paolo Bonzini authored
      kvm_arch_set_irq is unused since commit b97e6de9.  Merge
      its functionality with kvm_arch_set_irq_inatomic.
      Reported-by: default avatarJiang Biao <jiang.biao2@zte.com.cn>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      Reviewed-by: default avatarDavid Hildenbrand <david@redhat.com>
      Signed-off-by: default avatarRadim Krčmář <rkrcmar@redhat.com>
      a2b07739
    • Paolo Bonzini's avatar
      KVM: x86: fix missed SRCU usage in kvm_lapic_set_vapic_addr · 7301d6ab
      Paolo Bonzini authored
      Reported by syzkaller:
      
          [ INFO: suspicious RCU usage. ]
          4.9.0-rc4+ #47 Not tainted
          -------------------------------
          ./include/linux/kvm_host.h:536 suspicious rcu_dereference_check() usage!
      
          stack backtrace:
          CPU: 1 PID: 6679 Comm: syz-executor Not tainted 4.9.0-rc4+ #47
          Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
           ffff880039e2f6d0 ffffffff81c2e46b ffff88003e3a5b40 0000000000000000
           0000000000000001 ffffffff83215600 ffff880039e2f700 ffffffff81334ea9
           ffffc9000730b000 0000000000000004 ffff88003c4f8420 ffff88003d3f8000
          Call Trace:
           [<     inline     >] __dump_stack lib/dump_stack.c:15
           [<ffffffff81c2e46b>] dump_stack+0xb3/0x118 lib/dump_stack.c:51
           [<ffffffff81334ea9>] lockdep_rcu_suspicious+0x139/0x180 kernel/locking/lockdep.c:4445
           [<     inline     >] __kvm_memslots include/linux/kvm_host.h:534
           [<     inline     >] kvm_memslots include/linux/kvm_host.h:541
           [<ffffffff8105d6ae>] kvm_gfn_to_hva_cache_init+0xa1e/0xce0 virt/kvm/kvm_main.c:1941
           [<ffffffff8112685d>] kvm_lapic_set_vapic_addr+0xed/0x140 arch/x86/kvm/lapic.c:2217
      Reported-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Fixes: fda4e2e8
      Cc: Andrew Honig <ahonig@google.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      Reviewed-by: default avatarDavid Hildenbrand <david@redhat.com>
      Signed-off-by: default avatarRadim Krčmář <rkrcmar@redhat.com>
      7301d6ab
    • Paolo Bonzini's avatar
      KVM: async_pf: avoid recursive flushing of work items · 22583f0d
      Paolo Bonzini authored
      This was reported by syzkaller:
      
          [ INFO: possible recursive locking detected ]
          4.9.0-rc4+ #49 Not tainted
          ---------------------------------------------
          kworker/2:1/5658 is trying to acquire lock:
           ([ 1644.769018] (&work->work)
          [<     inline     >] list_empty include/linux/compiler.h:243
          [<ffffffff8128dd60>] flush_work+0x0/0x660 kernel/workqueue.c:1511
      
          but task is already holding lock:
           ([ 1644.769018] (&work->work)
          [<ffffffff812916ab>] process_one_work+0x94b/0x1900 kernel/workqueue.c:2093
      
          stack backtrace:
          CPU: 2 PID: 5658 Comm: kworker/2:1 Not tainted 4.9.0-rc4+ #49
          Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
          Workqueue: events async_pf_execute
           ffff8800676ff630 ffffffff81c2e46b ffffffff8485b930 ffff88006b1fc480
           0000000000000000 ffffffff8485b930 ffff8800676ff7e0 ffffffff81339b27
           ffff8800676ff7e8 0000000000000046 ffff88006b1fcce8 ffff88006b1fccf0
          Call Trace:
          ...
          [<ffffffff8128ddf3>] flush_work+0x93/0x660 kernel/workqueue.c:2846
          [<ffffffff812954ea>] __cancel_work_timer+0x17a/0x410 kernel/workqueue.c:2916
          [<ffffffff81295797>] cancel_work_sync+0x17/0x20 kernel/workqueue.c:2951
          [<ffffffff81073037>] kvm_clear_async_pf_completion_queue+0xd7/0x400 virt/kvm/async_pf.c:126
          [<     inline     >] kvm_free_vcpus arch/x86/kvm/x86.c:7841
          [<ffffffff810b728d>] kvm_arch_destroy_vm+0x23d/0x620 arch/x86/kvm/x86.c:7946
          [<     inline     >] kvm_destroy_vm virt/kvm/kvm_main.c:731
          [<ffffffff8105914e>] kvm_put_kvm+0x40e/0x790 virt/kvm/kvm_main.c:752
          [<ffffffff81072b3d>] async_pf_execute+0x23d/0x4f0 virt/kvm/async_pf.c:111
          [<ffffffff8129175c>] process_one_work+0x9fc/0x1900 kernel/workqueue.c:2096
          [<ffffffff8129274f>] worker_thread+0xef/0x1480 kernel/workqueue.c:2230
          [<ffffffff812a5a94>] kthread+0x244/0x2d0 kernel/kthread.c:209
          [<ffffffff831f102a>] ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:433
      
      The reason is that kvm_put_kvm is causing the destruction of the VM, but
      the page fault is still on the ->queue list.  The ->queue list is owned
      by the VCPU, not by the work items, so we cannot just add list_del to
      the work item.
      
      Instead, use work->vcpu to note async page faults that have been resolved
      and will be processed through the done list.  There is no need to flush
      those.
      
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      Signed-off-by: default avatarRadim Krčmář <rkrcmar@redhat.com>
      22583f0d
    • Paolo Bonzini's avatar
      kvm: kvmclock: let KVM_GET_CLOCK return whether the master clock is in use · e3fd9a93
      Paolo Bonzini authored
      Userspace can read the exact value of kvmclock by reading the TSC
      and fetching the timekeeping parameters out of guest memory.  This
      however is brittle and not necessary anymore with KVM 4.11.  Provide
      a mechanism that lets userspace know if the new KVM_GET_CLOCK
      semantics are in effect, and---since we are at it---if the clock
      is stable across all VCPUs.
      
      Cc: Radim Krčmář <rkrcmar@redhat.com>
      Cc: Marcelo Tosatti <mtosatti@redhat.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      Signed-off-by: default avatarRadim Krčmář <rkrcmar@redhat.com>
      e3fd9a93
    • Ignacio Alvarado's avatar
      KVM: Disable irq while unregistering user notifier · 1650b4eb
      Ignacio Alvarado authored
      Function user_notifier_unregister should be called only once for each
      registered user notifier.
      
      Function kvm_arch_hardware_disable can be executed from an IPI context
      which could cause a race condition with a VCPU returning to user mode
      and attempting to unregister the notifier.
      Signed-off-by: default avatarIgnacio Alvarado <ikalvarado@google.com>
      Cc: stable@vger.kernel.org
      Fixes: 18863bdd ("KVM: x86 shared msr infrastructure")
      Reviewed-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      Signed-off-by: default avatarRadim Krčmář <rkrcmar@redhat.com>
      1650b4eb
    • Paolo Bonzini's avatar
      KVM: x86: do not go through vcpu in __get_kvmclock_ns · 8b953440
      Paolo Bonzini authored
      Going through the first VCPU is wrong if you follow a KVM_SET_CLOCK with
      a KVM_GET_CLOCK immediately after, without letting the VCPU run and
      call kvm_guest_time_update.
      
      To fix this, compute the kvmclock value ourselves, using the master
      clock (tsc, nsec) pair as the base and the host CPU frequency as
      the scale.
      Reported-by: default avatarMarcelo Tosatti <mtosatti@redhat.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      Signed-off-by: default avatarRadim Krčmář <rkrcmar@redhat.com>
      8b953440
    • Radim Krčmář's avatar
      Merge tag 'kvm-arm-for-4.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm · e5dbc4bf
      Radim Krčmář authored
      KVM/ARM updates for v4.9-rc6
      
      - Fix handling of the 32bit cycle counter
      - Fix cycle counter filtering
      e5dbc4bf
    • Linus Torvalds's avatar
      Merge tag 'acpi-4.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 20afa6e2
      Linus Torvalds authored
      Pull ACPI fixes from Rafael Wysocki:
       "They fix an ACPI thermal management regression introduced by a recent
        FADT handling cleanup, an ACPI tools build issue introduced by a
        recent ACPICA commit and a PCC mailbox initialization bug causing
        lockdep to complain loudly.
      
        Specifics:
      
         - Revert a recent ACPICA cleanup that attempted to get rid of all
           FADT version 2 legacy, but broke ACPI thermal management on at
           least one system (Rafael Wysocki).
      
         - Fix cross-compiled builds of ACPI tools that stopped working after
           a recent cleanup related to the handling of header files in ACPICA
           (Lv Zheng).
      
         - Fix a locking issue in the PCC channel initialization code that
           invokes devm_request_irq() under a spinlock (among other things)
           and causes lockdep to complain (Hoan Tran)"
      
      * tag 'acpi-4.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        tools/power/acpi: Remove direct kernel source include reference
        mailbox: PCC: Fix lockdep warning when request PCC channel
        Revert "ACPICA: FADT support cleanup"
      20afa6e2
    • Linus Torvalds's avatar
      Merge branch 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild · 04e36857
      Linus Torvalds authored
      Pull kbuild fixes from Michal Marek:
       "Here are some regression fixes for kbuild:
      
         - modversion support for exported asm symbols (Nick Piggin). The
           affected architectures need separate patches adding
           asm-prototypes.h.
      
         - fix rebuilds of lib-ksyms.o (Nick Piggin)
      
         - -fno-PIE builds (Sebastian Siewior and Borislav Petkov). This is
           not a kernel regression, but one of the Debian gcc package.
           Nevertheless, it's quite annoying, so I think it should go into
           mainline and stable now"
      
      * 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
        kbuild: Steal gcc's pie from the very beginning
        kbuild: be more careful about matching preprocessed asm ___EXPORT_SYMBOL
        x86/kexec: add -fno-PIE
        scripts/has-stack-protector: add -fno-PIE
        kbuild: add -fno-PIE
        kbuild: modversions for EXPORT_SYMBOL() for asm
        kbuild: prevent lib-ksyms.o rebuilds
      04e36857
    • Linus Torvalds's avatar
      Merge tag 'nfsd-4.9-2' of git://linux-nfs.org/~bfields/linux · aad931a3
      Linus Torvalds authored
      Pull nfsd bugfix from Bruce Fields:
       "Just one fix for an NFS/RDMA crash"
      
      * tag 'nfsd-4.9-2' of git://linux-nfs.org/~bfields/linux:
        sunrpc: svc_age_temp_xprts_now should not call setsockopt non-tcp transports
      aad931a3
  9. 18 Nov, 2016 6 commits
    • Pavel Machek's avatar
      MAINTAINERS: Add LED subsystem co-maintainer · dbfa048d
      Pavel Machek authored
      Mark me as a co-maintainer of LED subsystem.
      Signed-off-by: default avatarPavel Machek <pavel@ucw.cz>
      Signed-off-by: default avatarJacek Anaszewski <j.anaszewski@samsung.com>
      dbfa048d
    • Rafael J. Wysocki's avatar
      Merge branches 'acpica-fixes', 'acpi-cppc-fixes' and 'acpi-tools-fixes' · aab0b243
      Rafael J. Wysocki authored
      * acpica-fixes:
        Revert "ACPICA: FADT support cleanup"
      
      * acpi-cppc-fixes:
        mailbox: PCC: Fix lockdep warning when request PCC channel
      
      * acpi-tools-fixes:
        tools/power/acpi: Remove direct kernel source include reference
      aab0b243
    • Linus Torvalds's avatar
      Merge tag 'sound-4.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · c1717701
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "Three trivial fixes:
      
        A regression fix for ASRock mobo, a use-after-free fix at hot-unplug
        of USB-audio, and a quirk for new Thinkpad models"
      
      * tag 'sound-4.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
        ALSA: usb-audio: Fix use-after-free of usb_device at disconnect
        ALSA: hda - Fix mic regression by ASRock mobo fixup
        ALSA: hda - add a new condition to check if it is thinkpad
      c1717701
    • Linus Torvalds's avatar
      Merge tag 'gpio-v4.9-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio · bd2bc2b8
      Linus Torvalds authored
      Pull GPIO fixes from Linus Walleij:
       "These are hopefully the last GPIO fixes for v4.9. The most important
        is that it fixes the UML randconfig builds that have been nagging me
        for some time and me being confused about where the problem was really
        sitting, now this fix give this nice feeling that everything is solid
        and builds fine.
      
        Summary:
      
         - Finally, after being puzzled by a bunch of recurrent UML build
           failures on randconfigs from the build robot, Keno Fischer nailed
           it: GPIO_DEVRES is optional and depends on HAS_IOMEM even though
           many users just unconditionally rely on it to be available. And it
           *should* be available: garbage collection is nice for this and it
           *certainly* has nothing to do with having IOMEM. So we got rid of
           it, and now the UML builds should JustWork(TM).
      
         - Do not call .get_direction() on sleeping GPIO chips on the fastpath
           when locking GPIOs for interrupts: it is done from atomic context,
           no way.
      
         - Some driver fixes"
      
      * tag 'gpio-v4.9-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
        gpio: Remove GPIO_DEVRES option
        gpio: tc3589x: fix up .get_direction()
        gpio: do not double-check direction on sleeping chips
        gpio: pca953x: Move memcpy into mutex lock for set multiple
        gpio: pca953x: Fix corruption of other gpios in set_multiple.
      bd2bc2b8
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-for-v4.9-rc6-brown-paper-bag' of git://people.freedesktop.org/~airlied/linux · 12b70ec0
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "i915 fixes + 2 mediatek regressions.
      
        So some i915 fixes came in which I thought they might so I'm sending
        those along with two reverts for two patches to the mediatek driver
        that didn't seem to build so well, I've fixed up my -fixes ARM build
        and .config so I could see it, but yes brown paper bag time"
      
      * tag 'drm-fixes-for-v4.9-rc6-brown-paper-bag' of git://people.freedesktop.org/~airlied/linux:
        Revert "drm/mediatek: set vblank_disable_allowed to true"
        Revert "drm/mediatek: fix a typo of OD_CFG to OD_RELAYMODE"
        drm/i915: Assume non-DP++ port if dvo_port is HDMI and there's no AUX ch specified in the VBT
        drm/i915: Refresh that status of MST capable connectors in ->detect()
        drm/i915: Grab the rotation from the passed plane state for VLV sprites
        drm/i915: Mark CPU cache as dirty when used for rendering
      12b70ec0
    • Herbert Xu's avatar
      crypto: algif_hash - Fix NULL hash crash with shash · a8348bca
      Herbert Xu authored
      Recently algif_hash has been changed to allow null hashes.  This
      triggers a bug when used with an shash algorithm whereby it will
      cause a crash during the digest operation.
      
      This patch fixes it by avoiding the digest operation and instead
      doing an init followed by a final which avoids the buggy code in
      shash.
      
      This patch also ensures that the result buffer is freed after an
      error so that it is not returned as a genuine hash result on the
      next recv call.
      
      The shash/ahash wrapper code will be fixed later to handle this
      case correctly.
      
      Fixes: 493b2ed3 ("crypto: algif_hash - Handle NULL hashes correctly")
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Tested-by: default avatarLaura Abbott <labbott@redhat.com>
      a8348bca