1. 10 Aug, 2015 40 commits
    • Kishon Vijay Abraham I's avatar
      mmc: omap_hsmmc: Fix DTO and DCRC handling · 2ebb3722
      Kishon Vijay Abraham I authored
      commit 408806f7 upstream.
      
      DTO/DCRC errors were not being informed to the mmc core since
      commit ae4bf788 ("mmc: omap_hsmmc: consolidate error report handling of
      HSMMC IRQ"). This commit made sure 'end_trans' is never set on DTO/DCRC
      errors. This is because after this commit 'host->data' is checked after
      it has been cleared to NULL by omap_hsmmc_dma_cleanup().
      
      Because 'end_trans' is never set, omap_hsmmc_xfer_done() is never invoked
      making core layer not to be aware of DTO/DCRC errors. Because of this
      any command invoked after DTO/DCRC error leads to a hang.
      
      Fix this by checking for 'host->data' before it is actually cleared.
      
      Fixes: ae4bf788 ("mmc: omap_hsmmc: consolidate error report handling of
      HSMMC IRQ")
      Signed-off-by: default avatarKishon Vijay Abraham I <kishon@ti.com>
      Signed-off-by: default avatarVignesh R <vigneshr@ti.com>
      Tested-by: default avatarAndreas Fenkart <afenkart@gmail.com>
      Signed-off-by: default avatarUlf Hansson <ulf.hansson@linaro.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      2ebb3722
    • Alex Williamson's avatar
      iommu/vt-d: Fix VM domain ID leak · 6cbebdad
      Alex Williamson authored
      commit 46ebb7af upstream.
      
      This continues the attempt to fix commit fb170fb4 ("iommu/vt-d:
      Introduce helper functions to make code symmetric for readability").
      The previous attempt in commit 71684406 ("iommu/vt-d: Detach
      domain *only* from attached iommus") overlooked the fact that
      dmar_domain.iommu_bmp gets cleared for VM domains when devices are
      detached:
      
      intel_iommu_detach_device
        domain_remove_one_dev_info
          domain_detach_iommu
      
      The domain is detached from the iommu, but the iommu is still attached
      to the domain, for whatever reason.  Thus when we get to domain_exit(),
      we can't rely on iommu_bmp for VM domains to find the active iommus,
      we must check them all.  Without that, the corresponding bit in
      intel_iommu.domain_ids doesn't get cleared and repeated VM domain
      creation and destruction will run out of domain IDs.  Meanwhile we
      still can't call iommu_detach_domain() on arbitrary non-VM domains or
      we risk clearing in-use domain IDs, as 71684406 attempted to
      address.
      
      It's tempting to modify iommu_detach_domain() to test the domain
      iommu_bmp, but the call ordering from domain_remove_one_dev_info()
      prevents it being able to work as fb170fb4 seems to have intended.
      Caching of unused VM domains on the iommu object seems to be the root
      of the problem, but this code is far too fragile for that kind of
      rework to be proposed for stable, so we simply revert this chunk to
      its state prior to fb170fb4.
      
      Fixes: fb170fb4 ("iommu/vt-d: Introduce helper functions to make
                            code symmetric for readability")
      Fixes: 71684406 ("iommu/vt-d: Detach domain *only* from attached
                            iommus")
      Signed-off-by: default avatarAlex Williamson <alex.williamson@redhat.com>
      Cc: Jiang Liu <jiang.liu@linux.intel.com>
      Signed-off-by: default avatarJoerg Roedel <jroedel@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      6cbebdad
    • Steven Rostedt (Red Hat)'s avatar
      ftrace: Fix breakage of set_ftrace_pid · 23713b4d
      Steven Rostedt (Red Hat) authored
      commit e3eea140 upstream.
      
      Commit 4104d326 ("ftrace: Remove global function list and call function
      directly") simplified the ftrace code by removing the global_ops list with a
      new design. But this cleanup also broke the filtering of PIDs that are added
      to the set_ftrace_pid file.
      
      Add back the proper hooks to have pid filtering working once again.
      Reported-by: default avatarMatt Fleming <matt@console-pimps.org>
      Reported-by: default avatarRichard Weinberger <richard.weinberger@gmail.com>
      Tested-by: default avatarMatt Fleming <matt@console-pimps.org>
      Signed-off-by: default avatarSteven Rostedt <rostedt@goodmis.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      23713b4d
    • Eric W. Biederman's avatar
      mnt: In detach_mounts detach the appropriate unmounted mount · 3af9ac3e
      Eric W. Biederman authored
      commit fe78fcc8 upstream.
      
      The handling of in detach_mounts of unmounted but connected mounts is
      buggy and can lead to an infinite loop.
      
      Correct the handling of unmounted mounts in detach_mount.  When the
      mountpoint of an unmounted but connected mount is connected to a
      dentry, and that dentry is deleted we need to disconnect that mount
      from the parent mount and the deleted dentry.
      
      Nothing changes for the unmounted and connected children.  They can be
      safely ignored.
      
      Fixes: ce07d891 mnt: Honor MNT_LOCKED when detaching mounts
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      3af9ac3e
    • Eric W. Biederman's avatar
      mnt: Clarify and correct the disconnect logic in umount_tree · 4647b34f
      Eric W. Biederman authored
      commit f2d0a123 upstream.
      
      rmdir mntpoint will result in an infinite loop when there is
      a mount locked on the mountpoint in another mount namespace.
      
      This is because the logic to test to see if a mount should
      be disconnected in umount_tree is buggy.
      
      Move the logic to decide if a mount should remain connected to
      it's mountpoint into it's own function disconnect_mount so that
      clarity of expression instead of terseness of expression becomes
      a virtue.
      
      When the conditions where it is invalid to leave a mount connected
      are first ruled out, the logic for deciding if a mount should
      be disconnected becomes much clearer and simpler.
      
      Fixes: e0c9c0af mnt: Update detach_mounts to leave mounts connected
      Fixes: ce07d891 mnt: Honor MNT_LOCKED when detaching mounts
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      4647b34f
    • Uwe Kleine-König's avatar
      Subject: pinctrl: imx1-core: Fix debug output in .pin_config_set callback · 59366187
      Uwe Kleine-König authored
      commit 9571b25d upstream.
      
      imx1_pinconf_set assumes that the array of pins in struct
      imx1_pinctrl_soc_info can be indexed by pin id to get the
      pinctrl_pin_desc for a pin. This used to be correct up to commit
      607af165 which removed some entries from the array and so made it
      wrong to access the array by pin id.
      
      The result of this bug is a wrong pin name in the output for small pin
      ids and an oops for the bigger ones.
      
      This patch is the result of a discussion that includes patches by Markus
      Pargmann and Chris Ruehl.
      
      Fixes: 607af165 ("pinctrl: i.MX27: Remove nonexistent pad definitions")
      Reported-by: default avatarChris Ruehl <chris.ruehl@gtsys.com.hk>
      Signed-off-by: default avatarUwe Kleine-König <u.kleine-koenig@pengutronix.de>
      Reviewed-by: default avatarMarkus Pargmann <mpa@pengutronix.de>
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      59366187
    • Tom Hughes's avatar
      mac80211: clear subdir_stations when removing debugfs · 848bd661
      Tom Hughes authored
      commit 4479004e upstream.
      
      If we don't do this, and we then fail to recreate the debugfs
      directory during a mode change, then we will fail later trying
      to add stations to this now bogus directory:
      
      BUG: unable to handle kernel NULL pointer dereference at 0000006c
      IP: [<c0a92202>] mutex_lock+0x12/0x30
      Call Trace:
      [<c0678ab4>] start_creating+0x44/0xc0
      [<c0679203>] debugfs_create_dir+0x13/0xf0
      [<f8a938ae>] ieee80211_sta_debugfs_add+0x6e/0x490 [mac80211]
      Signed-off-by: default avatarTom Hughes <tom@compton.nu>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      848bd661
    • Pankaj Dev's avatar
      drivers: clk: st: Incorrect register offset used for lock_status · 8cc9a813
      Pankaj Dev authored
      commit 56551da9 upstream.
      
      Incorrect register offset used for sthi407 clockgenC
      Signed-off-by: default avatarPankaj Dev <pankaj.dev@st.com>
      Signed-off-by: default avatarGabriel Fernandez <gabriel.fernandez@linaro.org>
      Fixes: 51306d56 ("clk: st: STiH407: Support for clockgenC0")
      Signed-off-by: default avatarStephen Boyd <sboyd@codeaurora.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      8cc9a813
    • Gabriel Fernandez's avatar
      drivers: clk: st: Fix mux bit-setting for Cortex A9 clocks · 67912585
      Gabriel Fernandez authored
      commit 3be6d8ce upstream.
      
      This patch fixes the mux bit-setting for ClockgenA9.
      Signed-off-by: default avatarGabriel Fernandez <gabriel.fernandez@linaro.org>
      Fixes: 13e6f2da ("clk: st: STiH407: Support for A9 MUX Clocks")
      Signed-off-by: default avatarStephen Boyd <sboyd@codeaurora.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      67912585
    • Giuseppe Cavallaro's avatar
      drivers: clk: st: Fix flexgen lock init · b7a843d6
      Giuseppe Cavallaro authored
      commit 0f4f2afd upstream.
      
      While proving lock, the following warning happens
      and it is fixed after initializing lock in the setup
      function
      
      INFO: trying to register non-static key.
      the code is fine but needs lockdep annotation.
      turning off the locking correctness validator.
      CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.10.27-02861-g39df285-dirty #33
      [<c00154ac>] (unwind_backtrace+0x0/0xf4) from [<c0011b50>] (show_stack+0x10/0x14)
      [<c0011b50>] (show_stack+0x10/0x14) from [<c00689ac>] (__lock_acquire+0x900/0xb14)
      [<c00689ac>] (__lock_acquire+0x900/0xb14) from [<c0069394>] (lock_acquire+0x68/0x7c)
      [<c0069394>] (lock_acquire+0x68/0x7c) from [<c04958f8>] (_raw_spin_lock_irqsave+0x48/0x5c)
      [<c04958f8>] (_raw_spin_lock_irqsave+0x48/0x5c) from [<c0381e6c>] (clk_gate_endisable+0x28/0x88)
      [<c0381e6c>] (clk_gate_endisable+0x28/0x88) from [<c0381ee0>] (clk_gate_enable+0xc/0x14)
      [<c0381ee0>] (clk_gate_enable+0xc/0x14) from [<c0386c68>] (flexgen_enable+0x28/0x40)
      [<c0386c68>] (flexgen_enable+0x28/0x40) from [<c037f260>] (__clk_enable+0x5c/0x9c)
      [<c037f260>] (__clk_enable+0x5c/0x9c) from [<c037f558>] (clk_enable+0x18/0x2c)
      [<c037f558>] (clk_enable+0x18/0x2c) from [<c064a1dc>] (st_lpc_of_register+0xc0/0x248)
      [<c064a1dc>] (st_lpc_of_register+0xc0/0x248) from [<c0649e44>] (clocksource_of_init+0x34/0x58)
      [<c0649e44>] (clocksource_of_init+0x34/0x58) from [<c0637ddc>] (sti_timer_init+0x10/0x18)
      [<c0637ddc>] (sti_timer_init+0x10/0x18) from [<c06343f8>] (time_init+0x20/0x30)
      [<c06343f8>] (time_init+0x20/0x30) from [<c0632984>] (start_kernel+0x20c/0x2e8)
      [<c0632984>] (start_kernel+0x20c/0x2e8) from [<40008074>] (0x40008074)
      Signed-off-by: default avatarGiuseppe Cavallaro <peppe.cavallaro@st.com>
      Signed-off-by: default avatarGabriel Fernandez <gabriel.fernandez@linaro.org>
      Fixes: b1165170 ("clk: st: STiH407: Support for Flexgen Clocks")
      Signed-off-by: default avatarStephen Boyd <sboyd@codeaurora.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b7a843d6
    • Seymour, Shane M's avatar
      st: null pointer dereference panic caused by use after kref_put by st_open · 78580785
      Seymour, Shane M authored
      commit e7ac6c66 upstream.
      
      Two SLES11 SP3 servers encountered similar crashes simultaneously
      following some kind of SAN/tape target issue:
      
      ...
      qla2xxx [0000:81:00.0]-801c:3: Abort command issued nexus=3:0:2 --  1 2002.
      qla2xxx [0000:81:00.0]-801c:3: Abort command issued nexus=3:0:2 --  1 2002.
      qla2xxx [0000:81:00.0]-8009:3: DEVICE RESET ISSUED nexus=3:0:2 cmd=ffff882f89c2c7c0.
      qla2xxx [0000:81:00.0]-800c:3: do_reset failed for cmd=ffff882f89c2c7c0.
      qla2xxx [0000:81:00.0]-800f:3: DEVICE RESET FAILED: Task management failed nexus=3:0:2 cmd=ffff882f89c2c7c0.
      qla2xxx [0000:81:00.0]-8009:3: TARGET RESET ISSUED nexus=3:0:2 cmd=ffff882f89c2c7c0.
      qla2xxx [0000:81:00.0]-800c:3: do_reset failed for cmd=ffff882f89c2c7c0.
      qla2xxx [0000:81:00.0]-800f:3: TARGET RESET FAILED: Task management failed nexus=3:0:2 cmd=ffff882f89c2c7c0.
      qla2xxx [0000:81:00.0]-8012:3: BUS RESET ISSUED nexus=3:0:2.
      qla2xxx [0000:81:00.0]-802b:3: BUS RESET SUCCEEDED nexus=3:0:2.
      qla2xxx [0000:81:00.0]-505f:3: Link is operational (8 Gbps).
      qla2xxx [0000:81:00.0]-8018:3: ADAPTER RESET ISSUED nexus=3:0:2.
      qla2xxx [0000:81:00.0]-00af:3: Performing ISP error recovery - ha=ffff88bf04d18000.
       rport-3:0-0: blocked FC remote port time out: removing target and saving binding
      qla2xxx [0000:81:00.0]-505f:3: Link is operational (8 Gbps).
      qla2xxx [0000:81:00.0]-8017:3: ADAPTER RESET SUCCEEDED nexus=3:0:2.
       rport-2:0-0: blocked FC remote port time out: removing target and saving binding
      sg_rq_end_io: device detached
      BUG: unable to handle kernel NULL pointer dereference at 00000000000002a8
      IP: [<ffffffff8133b268>] __pm_runtime_idle+0x28/0x90
      PGD 7e6586f067 PUD 7e5af06067 PMD 0 [1739975.390354] Oops: 0002 [#1] SMP
      CPU 0
      ...
      Supported: No, Proprietary modules are loaded [1739975.390463]
      Pid: 27965, comm: ABCD Tainted: PF           X 3.0.101-0.29-default #1 HP ProLiant DL580 Gen8
      RIP: 0010:[<ffffffff8133b268>]  [<ffffffff8133b268>] __pm_runtime_idle+0x28/0x90
      RSP: 0018:ffff8839dc1e7c68  EFLAGS: 00010202
      RAX: 0000000000000000 RBX: ffff883f0592fc00 RCX: 0000000000000090
      RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000138
      RBP: 0000000000000138 R08: 0000000000000010 R09: ffffffff81bd39d0
      R10: 00000000000009c0 R11: ffffffff81025790 R12: 0000000000000001
      R13: ffff883022212b80 R14: 0000000000000004 R15: ffff883022212b80
      FS:  00007f8e54560720(0000) GS:ffff88407f800000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
      CR2: 00000000000002a8 CR3: 0000007e6ced6000 CR4: 00000000001407f0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
      Process ABCD (pid: 27965, threadinfo ffff8839dc1e6000, task ffff883592e0c640)
      Stack:
       ffff883f0592fc00 00000000fffffffa 0000000000000001 ffff883022212b80
       ffff883eff772400 ffffffffa03fa309 0000000000000000 0000000000000000
       ffffffffa04003a0 ffff883f063196c0 ffff887f0379a930 ffffffff8115ea1e
      Call Trace:
       [<ffffffffa03fa309>] st_open+0x129/0x240 [st]
       [<ffffffff8115ea1e>] chrdev_open+0x13e/0x200
       [<ffffffff811588a8>] __dentry_open+0x198/0x310
       [<ffffffff81167d74>] do_last+0x1f4/0x800
       [<ffffffff81168fe9>] path_openat+0xd9/0x420
       [<ffffffff8116946c>] do_filp_open+0x4c/0xc0
       [<ffffffff8115a00f>] do_sys_open+0x17f/0x250
       [<ffffffff81468d92>] system_call_fastpath+0x16/0x1b
       [<00007f8e4f617fd0>] 0x7f8e4f617fcf
      Code: eb d3 90 48 83 ec 28 40 f6 c6 04 48 89 6c 24 08 4c 89 74 24 20 48 89 fd 48 89 1c 24 4c 89 64 24 10 41 89 f6 4c 89 6c 24 18 74 11 <f0> ff 8f 70 01 00 00 0f 94 c0 45 31 ed 84 c0 74 2b 4c 8d a5 a0
      RIP  [<ffffffff8133b268>] __pm_runtime_idle+0x28/0x90
       RSP <ffff8839dc1e7c68>
      CR2: 00000000000002a8
      
      Analysis reveals the cause of the crash to be due to STp->device
      being NULL. The pointer was NULLed via scsi_tape_put(STp) when it
      calls scsi_tape_release(). In st_open() we jump to err_out after
      scsi_block_when_processing_errors() completes and returns the
      device as offline (sdev_state was SDEV_DEL):
      
      1180 /* Open the device. Needs to take the BKL only because of incrementing the SCSI host
      1181    module count. */
      1182 static int st_open(struct inode *inode, struct file *filp)
      1183 {
      1184         int i, retval = (-EIO);
      1185         int resumed = 0;
      1186         struct scsi_tape *STp;
      1187         struct st_partstat *STps;
      1188         int dev = TAPE_NR(inode);
      1189         char *name;
      ...
      1217         if (scsi_autopm_get_device(STp->device) < 0) {
      1218                 retval = -EIO;
      1219                 goto err_out;
      1220         }
      1221         resumed = 1;
      1222         if (!scsi_block_when_processing_errors(STp->device)) {
      1223                 retval = (-ENXIO);
      1224                 goto err_out;
      1225         }
      ...
      1264  err_out:
      1265         normalize_buffer(STp->buffer);
      1266         spin_lock(&st_use_lock);
      1267         STp->in_use = 0;
      1268         spin_unlock(&st_use_lock);
      1269         scsi_tape_put(STp); <-- STp->device = 0 after this
      1270         if (resumed)
      1271                 scsi_autopm_put_device(STp->device);
      1272         return retval;
      
      The ref count for the struct scsi_tape had already been reduced
      to 1 when the .remove method of the st module had been called.
      The kref_put() in scsi_tape_put() caused scsi_tape_release()
      to be called:
      
      0266 static void scsi_tape_put(struct scsi_tape *STp)
      0267 {
      0268         struct scsi_device *sdev = STp->device;
      0269
      0270         mutex_lock(&st_ref_mutex);
      0271         kref_put(&STp->kref, scsi_tape_release); <-- calls this
      0272         scsi_device_put(sdev);
      0273         mutex_unlock(&st_ref_mutex);
      0274 }
      
      In scsi_tape_release() the struct scsi_device in the struct
      scsi_tape gets set to NULL:
      
      4273 static void scsi_tape_release(struct kref *kref)
      4274 {
      4275         struct scsi_tape *tpnt = to_scsi_tape(kref);
      4276         struct gendisk *disk = tpnt->disk;
      4277
      4278         tpnt->device = NULL; <<<---- where the dev is nulled
      4279
      4280         if (tpnt->buffer) {
      4281                 normalize_buffer(tpnt->buffer);
      4282                 kfree(tpnt->buffer->reserved_pages);
      4283                 kfree(tpnt->buffer);
      4284         }
      4285
      4286         disk->private_data = NULL;
      4287         put_disk(disk);
      4288         kfree(tpnt);
      4289         return;
      4290 }
      
      Although the problem was reported on SLES11.3 the problem appears
      in linux-next as well.
      
      The crash is fixed by reordering the code so we no longer access
      the struct scsi_tape after the kref_put() is done on it in st_open().
      Signed-off-by: default avatarShane Seymour <shane.seymour@hp.com>
      Signed-off-by: default avatarDarren Lavender <darren.lavender@hp.com>
      Reviewed-by: default avatarJohannes Thumshirn <jthumshirn@suse.com>
      Acked-by: default avatarKai Mäkisara <kai.makisara@kolumbus.fi>
      Signed-off-by: default avatarJames Bottomley <JBottomley@Odin.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      78580785
    • Tony Battersby's avatar
      scsi: fix memory leak with scsi-mq · cb6fd3e6
      Tony Battersby authored
      commit 0c958ecc upstream.
      
      Fix a memory leak with scsi-mq triggered by commands with large data
      transfer length.
      
      __sg_alloc_table() sets both table->nents and table->orig_nents to the
      same value.  When the scatterlist is DMA-mapped, table->nents is
      overwritten with the (possibly smaller) size of the DMA-mapped
      scatterlist, while table->orig_nents retains the original size of the
      allocated scatterlist.  scsi_free_sgtable() should therefore check
      orig_nents instead of nents, and all code that initializes sdb->table
      without calling __sg_alloc_table() should set both nents and orig_nents.
      
      Fixes: d285203c ("scsi: add support for a blk-mq based I/O path.")
      Signed-off-by: default avatarTony Battersby <tonyb@cybernetics.com>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Reviewed-by: default avatarEwan D. Milne <emilne@redhat.com>
      Signed-off-by: default avatarJames Bottomley <JBottomley@Odin.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      cb6fd3e6
    • Jens Axboe's avatar
      scsi: fix host max depth checking for the 'queue_depth' sysfs interface · a77aa615
      Jens Axboe authored
      commit 1278dd68 upstream.
      
      Commit 1e6f2416 changed the scsi sysfs 'queue_depth' code to
      rejects depths higher than the scsi host template setting. But lots
      of hosts set this to 1, and update the settings in the scsi host
      when the controller/devices probing happens.
      
      This breaks (at least) mpt2sas and mpt3sas runtime setting of queue
      depth, returning EINVAL for all settings but '1'. And once it's set to
      1, there's no way to go back up.
      
      Fixes: 1e6f2416 "scsi: don't allow setting of queue_depth bigger than can_queue"
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      Reviewed-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarJames Bottomley <JBottomley@Odin.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      a77aa615
    • Marc Zyngier's avatar
      irqchip/gicv3-its: Fix mapping of LPIs to collections · dc59806d
      Marc Zyngier authored
      commit 591e5bec upstream.
      
      The GICv3 ITS architecture allows a given [DevID, EventID] pair to be
      translated to a [LPI, Collection] pair, where DevID is the device writing
      the MSI, EventID is the payload being written, LPI is the actual
      interrupt number, and Collection is roughly equivalent to a target CPU.
      
      Each LPI can be mapped to a separate collection, but the ITS driver
      insists on maintaining the collection on a device basis, instead of doing
      it on a per interrupt basis.
      
      This is obviously flawed, and this patch fixes it by adding a per interrupt
      index that indicates which collection number is in use.
      Reported-by: default avatarIan Campbell <ian.campbell@citrix.com>
      Signed-off-by: default avatarMarc Zyngier <marc.zyngier@arm.com>
      Cc: <linux-arm-kernel@lists.infradead.org>
      Cc: Jason Cooper <jason@lakedaemon.net>
      Link: http://lkml.kernel.org/r/1437126402-11677-1-git-send-email-marc.zyngier@arm.comSigned-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      dc59806d
    • Mike Snitzer's avatar
      Revert "dm: only run the queue on completion if congested or no requests pending" · 9bf9f8b0
      Mike Snitzer authored
      commit 621739b0 upstream.
      
      This reverts commit 9a0e609e.
      (Resolved a conflict during revert due to commit bfebd1cd that came
      after)
      
      This revert is motivated by a couple failure reports on request-based DM
      multipath testbeds:
      1) Netapp reported that their multipath fault injection test under heavy
         IO load can stall longer than 300 seconds.
      2) IBM reported elevated lock contention in their testbed (likely due to
         increased back pressure due to IO not being dispatched as quickly):
         https://www.redhat.com/archives/dm-devel/2015-July/msg00057.htmlSigned-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      9bf9f8b0
    • Peter Zijlstra's avatar
      x86, perf: Fix static_key bug in load_mm_cr4() · 68b9e673
      Peter Zijlstra authored
      commit a833581e upstream.
      
      Mikulas reported his K6-3 not booting. This is because the
      static_key API confusion struck and bit Andy, this wants to be
      static_key_false().
      Reported-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Tested-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Valdis Kletnieks <Valdis.Kletnieks@vt.edu>
      Cc: Vince Weaver <vince@deater.net>
      Cc: hillf.zj <hillf.zj@alibaba-inc.com>
      Fixes: a6673429 ("perf/x86: Add /sys/devices/cpu/rdpmc=2 to allow rdpmc for all tasks")
      Link: http://lkml.kernel.org/r/20150709172338.GC19282@twins.programming.kicks-ass.netSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      68b9e673
    • Takashi Iwai's avatar
      ALSA: hda - Fix MacBook Pro 5,2 quirk · dbd7bf99
      Takashi Iwai authored
      commit 649ccd08 upstream.
      
      MacBook Pro 5,2 with ALC889 codec had already a fixup entry, but this
      seems not working correctly, a fix for pin NID 0x15 is needed in
      addition.  It's equivalent with the fixup for MacBook Air 1,1, so use
      this instead.
      
      Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=102131Reported-and-tested-by: default avatarJeffery Miller <jefferym@gmail.com>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      dbd7bf99
    • Yao-Wen Mao's avatar
      ALSA: usb-audio: add dB range mapping for some devices · 574169a1
      Yao-Wen Mao authored
      commit 2d1cb7f6 upstream.
      
      Add the correct dB ranges of Bose Companion 5 and Drangonfly DAC 1.2.
      Signed-off-by: default avatarYao-Wen Mao <yaowen@google.com>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      574169a1
    • Takashi Iwai's avatar
      ALSA: hda - Apply a fixup to Dell Vostro 5480 · 1484f6f9
      Takashi Iwai authored
      commit 3a05d12f upstream.
      
      Dell Vostro 5480 (1028:069a) needs the very same quirk used for Vostro
      5470 model to make bass speakers properly working.
      Reported-and-tested-by: default avatarPaulo Roberto de Oliveira Castro <p.oliveira.castro@gmail.com>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      1484f6f9
    • Takashi Iwai's avatar
      ALSA: hda - Apply fixup for another Toshiba Satellite S50D · 96b9b980
      Takashi Iwai authored
      commit b9d9c9ef upstream.
      
      Toshiba Satellite S50D has another model with a different PCI SSID
      (1179:fa93) while the previous fixup was for 1179:fa91.  Adjust the
      fixup entry with SND_PCI_QUIRK_MASK() to match with both devices.
      Reported-by: default avatarTim Sample <timsample@gmail.com>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      96b9b980
    • David Henningsson's avatar
      ALSA: hda - Add headset mic pin quirk for a Dell device · d1456c43
      David Henningsson authored
      commit cba59972 upstream.
      
      Without this patch, the headset mic will not work on this machine.
      
      BugLink: https://bugs.launchpad.net/bugs/1476987Signed-off-by: default avatarDavid Henningsson <david.henningsson@canonical.com>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      d1456c43
    • Aaron Plattner's avatar
      ALSA: hda - Add new GPU codec ID 0x10de007d to snd-hda · e40f560b
      Aaron Plattner authored
      commit 6c3d9119 upstream.
      
      Vendor ID 0x10de007d is used by a yet-to-be-named GPU chip.
      
      This chip also has the 2-ch audio swapping bug, so patch_nvhdmi is
      appropriate here.
      Signed-off-by: default avatarAaron Plattner <aplattner@nvidia.com>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      e40f560b
    • Maruthi Srinivas Bayyavarapu's avatar
      ALSA: hda: add new AMD PCI IDs with proper driver caps · e7e08353
      Maruthi Srinivas Bayyavarapu authored
      commit 5022813d upstream.
      
      Fixes audio problems on newer asics
      Signed-off-by: default avatarMaruthi Bayyavarapu <maruthi.bayyavarapu@amd.com>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      e7e08353
    • Mateusz Sylwestrzak's avatar
      ALSA: hda - Add headset mic support for Acer Aspire V5-573G · 291603b6
      Mateusz Sylwestrzak authored
      commit 0420694d upstream.
      
      Acer Aspire V5 with the ALC282 codec is given the wrong value for the
      0x19 PIN by the laptop's BIOS. Overriding it with the correct value
      adds support for the headset microphone which would not otherwise be
      visible in the system.
      
      The fix is based on commit 7819717b with a similar quirk for Acer
      Aspire with the ALC269 codec.
      
      Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=96201Signed-off-by: default avatarMateusz Sylwestrzak <matisec7@gmail.com>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      291603b6
    • Takashi Iwai's avatar
      ALSA: pcm: Fix lockdep warning with nonatomic PCM ops · 898dbc10
      Takashi Iwai authored
      commit 67756e31 upstream.
      
      With the nonatomic PCM ops, the system may spew lockdep warnings like:
      
       =============================================
       [ INFO: possible recursive locking detected ]
       4.2.0-rc1-jeejaval3 #12 Not tainted
       ---------------------------------------------
       aplay/4029 is trying to acquire lock:
        (snd_pcm_link_rwsem){.+.+.+}, at: [<ffffffff816fd473>] snd_pcm_stream_lock+0x43/0x60
      
       but task is already holding lock:
        (snd_pcm_link_rwsem){.+.+.+}, at: [<ffffffff816fcf29>] snd_pcm_action_nonatomic+0x29/0x80
      
       other info that might help us debug this:
        Possible unsafe locking scenario:
      
              CPU0
              ----
         lock(snd_pcm_link_rwsem);
         lock(snd_pcm_link_rwsem);
      
      Although this is false-positive as the rwsem is taken always as
      read-only for these code paths, it's certainly annoying to see this at
      any occasion.  A simple fix is to use down_read_nested() in
      snd_pcm_stream_lock() that can be called inside another lock.
      Reported-by: default avatarVinod Koul <vinod.koul@intel.com>
      Reported-by: default avatarJeeja Kp <jeeja.kp@intel.com>
      Tested-by: default avatarJeeja Kp <jeeja.kp@intel.com>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      898dbc10
    • Takashi Iwai's avatar
      ALSA: line6: Fix -EBUSY error during active monitoring · 2b16e01a
      Takashi Iwai authored
      commit 4d0e6775 upstream.
      
      When a monitor stream is active, the next PCM stream access results in
      EBUSY error because of the check in line6_stream_start().  Fix this by
      just skipping the submission of pending URBs when the stream is
      already running instead.
      
      Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=101431Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      2b16e01a
    • Dominic Sacré's avatar
      ALSA: usb-audio: Add MIDI support for Steinberg MI2/MI4 · d1374d7f
      Dominic Sacré authored
      commit 0689a86a upstream.
      
      The Steinberg MI2 and MI4 interfaces are compatible with the USB class
      audio spec, but the MIDI part of the devices is reported as a vendor
      specific interface.
      
      This patch adds entries to quirks-table.h to recognize the MIDI
      endpoints. Audio functionality was already working and is unaffected by
      this change.
      Signed-off-by: default avatarDominic Sacré <dominic.sacre@gmx.de>
      Signed-off-by: default avatarAlbert Huitsing <albert@huitsing.nl>
      Acked-by: default avatarClemens Ladisch <clemens@ladisch.de>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      d1374d7f
    • Thomas Gleixner's avatar
      genirq: Prevent resend to interrupts marked IRQ_NESTED_THREAD · 8ee1239a
      Thomas Gleixner authored
      commit 75a06189 upstream.
      
      The resend mechanism happily calls the interrupt handler of interrupts
      which are marked IRQ_NESTED_THREAD from softirq context. This can
      result in crashes because the interrupt handler is not the proper way
      to invoke the device handlers. They must be invoked via
      handle_nested_irq.
      
      Prevent the resend even if the interrupt has no valid parent irq
      set. Its better to have a lost interrupt than a crashing machine.
      Reported-by: default avatarUwe Kleine-König <u.kleine-koenig@pengutronix.de>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      8ee1239a
    • Haggai Eran's avatar
      dma-debug: skip debug_dma_assert_idle() when disabled · 39a0ac96
      Haggai Eran authored
      commit c9d120b0 upstream.
      
      If dma-debug is disabled due to a memory error, DMA unmaps do not affect
      the dma_active_cacheline radix tree anymore, and debug_dma_assert_idle()
      can print false warnings.
      
      Disable debug_dma_assert_idle() when dma_debug_disabled() is true.
      Signed-off-by: default avatarHaggai Eran <haggaie@mellanox.com>
      Fixes: 0abdd7a8 ("dma-debug: introduce debug_dma_assert_idle()")
      Cc: Dan Williams <dan.j.williams@intel.com>
      Cc: Joerg Roedel <joro@8bytes.org>
      Cc: Vinod Koul <vinod.koul@intel.com>
      Cc: Russell King <rmk+kernel@arm.linux.org.uk>
      Cc: James Bottomley <JBottomley@Parallels.com>
      Cc: Florian Fainelli <f.fainelli@gmail.com>
      Cc: Sebastian Ott <sebott@linux.vnet.ibm.com>
      Cc: Jiri Kosina <jkosina@suse.cz>
      Cc: Horia Geanta <horia.geanta@freescale.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      39a0ac96
    • Mike Snitzer's avatar
      bio integrity: do not assume bio_integrity_pool exists if bioset exists · 62a3fb23
      Mike Snitzer authored
      commit bb8bd38b upstream.
      
      bio_integrity_alloc() and bio_integrity_free() assume that if a bio was
      allocated from a bioset that that bioset also had its bio_integrity_pool
      allocated using bioset_integrity_create().  This is a very bad
      assumption given that bioset_create() and bioset_integrity_create() are
      completely disjoint.  Not all callers of bioset_create() have been
      trained to also call bioset_integrity_create() -- and they may not care
      to be.
      
      Fix this by falling back to kmalloc'ing 'struct bio_integrity_payload'
      rather than force all bioset consumers to (wastefully) preallocate a
      bio_integrity_pool that they very likely won't actually need (given the
      niche nature of the current block integrity support).
      
      Otherwise, a NULL pointer "Kernel BUG" with a trace like the following
      will be observed (as seen on s390x using zfcp storage) because dm-io
      doesn't use bioset_integrity_create() when creating its bioset:
      
          [  791.643338] Call Trace:
          [  791.643339] ([<00000003df98b848>] 0x3df98b848)
          [  791.643341]  [<00000000002c5de8>] bio_integrity_alloc+0x48/0xf8
          [  791.643348]  [<00000000002c6486>] bio_integrity_prep+0xae/0x2f0
          [  791.643349]  [<0000000000371e38>] blk_queue_bio+0x1c8/0x3d8
          [  791.643355]  [<000000000036f8d0>] generic_make_request+0xc0/0x100
          [  791.643357]  [<000000000036f9b2>] submit_bio+0xa2/0x198
          [  791.643406]  [<000003ff801f9774>] dispatch_io+0x15c/0x3b0 [dm_mod]
          [  791.643419]  [<000003ff801f9b3e>] dm_io+0x176/0x2f0 [dm_mod]
          [  791.643423]  [<000003ff8074b28a>] do_reads+0x13a/0x1a8 [dm_mirror]
          [  791.643425]  [<000003ff8074b43a>] do_mirror+0x142/0x298 [dm_mirror]
          [  791.643428]  [<0000000000154fca>] process_one_work+0x18a/0x3f8
          [  791.643432]  [<000000000015598a>] worker_thread+0x132/0x3b0
          [  791.643435]  [<000000000015d49a>] kthread+0xd2/0xd8
          [  791.643438]  [<00000000005bc0ca>] kernel_thread_starter+0x6/0xc
          [  791.643446]  [<00000000005bc0c4>] kernel_thread_starter+0x0/0xc
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      62a3fb23
    • Michal Marek's avatar
      kbuild: Allow arch Makefiles to override {cpp,ld,c}flags · 32469b12
      Michal Marek authored
      commit 61754c18 upstream.
      
      Since commit a1c48bb1 (Makefile: Fix unrecognized cross-compiler command
      line options), the arch Makefile is included earlier by the main
      Makefile, preventing the arc architecture to set its -O3 compiler
      option. Since there might be more use cases for an arch Makefile to
      fine-tune the options, add support for ARCH_CPPFLAGS, ARCH_AFLAGS and
      ARCH_CFLAGS variables that are appended to the respective kbuild
      variables. The user still has the final say via the KCPPFLAGS, KAFLAGS
      and KCFLAGS variables.
      Reported-by: default avatarVineet Gupta <Vineet.Gupta1@synopsys.com>
      Signed-off-by: default avatarMichal Marek <mmarek@suse.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      32469b12
    • Alexey Brodkin's avatar
      ARC: make sure instruction_pointer() returns unsigned value · a783168d
      Alexey Brodkin authored
      commit f51e2f19 upstream.
      
      Currently instruction_pointer() returns pt_regs->ret and so return value
      is of type "long", which implicitly stands for "signed long".
      
      While that's perfectly fine when dealing with 32-bit values if return
      value of instruction_pointer() gets assigned to 64-bit variable sign
      extension may happen.
      
      And at least in one real use-case it happens already.
      In perf_prepare_sample() return value of perf_instruction_pointer()
      (which is an alias to instruction_pointer() in case of ARC) is assigned
      to (struct perf_sample_data)->ip (which type is "u64").
      
      And what we see if instuction pointer points to user-space application
      that in case of ARC lays below 0x8000_0000 "ip" gets set properly with
      leading 32 zeros. But if instruction pointer points to kernel address
      space that starts from 0x8000_0000 then "ip" is set with 32 leadig
      "f"-s. I.e. id instruction_pointer() returns 0x8100_0000, "ip" will be
      assigned with 0xffff_ffff__8100_0000. Which is obviously wrong.
      
      In particular that issuse broke output of perf, because perf was unable
      to associate addresses like 0xffff_ffff__8100_0000 with anything from
      /proc/kallsyms.
      
      That's what we used to see:
       ----------->8----------
        6.27%  ls       [unknown]                [k] 0xffffffff8046c5cc
        2.96%  ls       libuClibc-0.9.34-git.so  [.] memcpy
        2.25%  ls       libuClibc-0.9.34-git.so  [.] memset
        1.66%  ls       [unknown]                [k] 0xffffffff80666536
        1.54%  ls       libuClibc-0.9.34-git.so  [.] 0x000224d6
        1.18%  ls       libuClibc-0.9.34-git.so  [.] 0x00022472
       ----------->8----------
      
      With that change perf output looks much better now:
       ----------->8----------
        8.21%  ls       [kernel.kallsyms]        [k] memset
        3.52%  ls       libuClibc-0.9.34-git.so  [.] memcpy
        2.11%  ls       libuClibc-0.9.34-git.so  [.] malloc
        1.88%  ls       libuClibc-0.9.34-git.so  [.] memset
        1.64%  ls       [kernel.kallsyms]        [k] _raw_spin_unlock_irqrestore
        1.41%  ls       [kernel.kallsyms]        [k] __d_lookup_rcu
       ----------->8----------
      Signed-off-by: default avatarAlexey Brodkin <abrodkin@synopsys.com>
      Cc: arc-linux-dev@synopsys.com
      Cc: linux-kernel@vger.kernel.org
      Signed-off-by: default avatarVineet Gupta <vgupta@synopsys.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      a783168d
    • Vineet Gupta's avatar
      ARC: Override toplevel default -O2 with -O3 · bad8eab0
      Vineet Gupta authored
      commit 97709069 upstream.
      
      ARC kernels have historically been built with -O3, despite top level
      Makefile defaulting to -O2. This was facilitated by implicitly ordering
      of arch makefile include AFTER top level assigned -O2.
      
      An upstream fix to top level a1c48bb1 ("Makefile: Fix unrecognized
      cross-compiler command line options") changed the ordering, making ARC
      -O3 defunct.
      
      Fix that by NOT relying on any ordering whatsoever and use the proper
      arch override facility now present in kbuild (ARCH_*FLAGS)
      
      Depends-on: ("kbuild: Allow arch Makefiles to override {cpp,ld,c}flags")
      Suggested-by: default avatarMichal Marek <mmarek@suse.cz>
      Cc: Geert Uytterhoeven <geert@linux-m68k.org>
      Signed-off-by: default avatarVineet Gupta <vgupta@synopsys.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      bad8eab0
    • Heiko Carstens's avatar
      s390/cachinfo: add missing facility check to init_cache_level() · a2bfecc4
      Heiko Carstens authored
      commit 0b991f5c upstream.
      
      Stephen Powell reported the following crash on a z890 machine:
      
      Kernel BUG at 00000000001219d0 [verbose debug info unavailable]
      illegal operation: 0001 ilc:3 [#1] SMP
      Krnl PSW : 0704e00180000000 00000000001219d0 (init_cache_level+0x38/0xe0)
      	   R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 EA:3
      Krnl Code: 00000000001219c2: a7840056		brc	8,121a6e
      	   00000000001219c6: a7190000		lghi	%r1,0
      	  #00000000001219ca: eb101000004c	ecag	%r1,%r0,0(%r1)
      	  >00000000001219d0: a7390000		lghi	%r3,0
      	   00000000001219d4: e310f0a00024	stg	%r1,160(%r15)
      	   00000000001219da: a7080000		lhi	%r0,0
      	   00000000001219de: a7b9f000		lghi	%r11,-4096
      	   00000000001219e2: c0a0002899d9	larl	%r10,634d94
      Call Trace:
       [<0000000000478ee2>] detect_cache_attributes+0x2a/0x2b8
       [<000000000097c9b0>] cacheinfo_sysfs_init+0x60/0xc8
       [<00000000001001c0>] do_one_initcall+0x98/0x1c8
       [<000000000094fdc2>] kernel_init_freeable+0x212/0x2d8
       [<000000000062352e>] kernel_init+0x26/0x118
       [<000000000062fd2e>] kernel_thread_starter+0x6/0xc
      
      The illegal operation was executed because of a missing facility check,
      which should have made sure that the ECAG execution would only be executed
      on machines which have the general-instructions-extension facility
      installed.
      Reported-and-tested-by: default avatarStephen Powell <zlinuxman@wowway.com>
      Signed-off-by: default avatarHeiko Carstens <heiko.carstens@de.ibm.com>
      Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      a2bfecc4
    • Michael Holzheu's avatar
      s390/bpf: clear correct BPF accumulator register · 19d95928
      Michael Holzheu authored
      commit 30342fe6 upstream.
      
      Currently we assumed the following BPF to eBPF register mapping:
      
       - BPF_REG_A -> BPF_REG_7
       - BPF_REG_X -> BPF_REG_8
      
      Unfortunately this mapping is wrong. The correct mapping is:
      
       - BPF_REG_A -> BPF_REG_0
       - BPF_REG_X -> BPF_REG_7
      
      So clear the correct registers and use the BPF_REG_A and BPF_REG_X
      macros instead of BPF_REG_0/7.
      
      Fixes: 05462310 ("s390/bpf: Add s390x eBPF JIT compiler backend")
      Signed-off-by: default avatarMichael Holzheu <holzheu@linux.vnet.ibm.com>
      Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      19d95928
    • Heiko Carstens's avatar
      s390/nmi: fix vector register corruption · 36566f6d
      Heiko Carstens authored
      commit cad49cfc upstream.
      
      If a machine check happens, the machine has the vector facility installed
      and the extended save area exists, the cpu will save vector register
      contents into the extended save area. This is regardless of control
      register 0 contents, which enables and disables the vector facility during
      runtime.
      
      On each machine check we should validate the vector registers. The current
      code however tries to validate the registers only if the running task is
      using vector registers in user space.
      
      However even the current code is broken and causes vector register
      corruption on machine checks, if user space uses them:
      the prefix area contains a pointer (absolute address) to the machine check
      extended save area. In order to save some space the save area was put into
      an unused area of the second prefix page.
      When validating vector register contents the code uses the absolute address
      of the extended save area, which is wrong. Due to prefixing the vector
      instructions will then access contents using absolute addresses instead
      of real addresses, where the machine stored the contents.
      
      If the above would work there is still the problem that register validition
      would only happen if user space uses vector registers. If kernel space uses
      them also, this may also lead to vector register content corruption:
      if the kernel makes use of vector instructions, but the current running
      user space context does not, the machine check handler will validate
      floating point registers instead of vector registers.
      Given the fact that writing to a floating point register may change the
      upper halve of the corresponding vector register, we also experience vector
      register corruption in this case.
      
      Fix all of these issues, and always validate vector registers on each
      machine check, if the machine has the vector facility installed and the
      extended save area is defined.
      Signed-off-by: default avatarHeiko Carstens <heiko.carstens@de.ibm.com>
      Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      36566f6d
    • Martin Schwidefsky's avatar
      s390/sclp: clear upper register halves in _sclp_print_early · 88b7166f
      Martin Schwidefsky authored
      commit f9c87a6f upstream.
      
      If the kernel is compiled with gcc 5.1 and the XZ compression option
      the decompress_kernel function calls _sclp_print_early in 64-bit mode
      while the content of the upper register half of %r6 is non-zero.
      This causes a specification exception on the servc instruction in
      _sclp_servc.
      
      The _sclp_print_early function saves and restores the upper registers
      halves but it fails to clear them for the 31-bit code of the mini sclp
      driver.
      Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      88b7166f
    • Heiko Carstens's avatar
      s390/process: fix sfpc inline assembly · 5e62f684
      Heiko Carstens authored
      commit e47994dd upstream.
      
      The sfpc inline assembly within execve_tail() may incorrectly set bits
      28-31 of the sfpc instruction to a value which is not zero.
      These bits however are currently unused and therefore should be zero
      so we won't get surprised if these bits will be used in the future.
      
      Therefore remove the second operand from the inline assembly.
      Signed-off-by: default avatarHeiko Carstens <heiko.carstens@de.ibm.com>
      Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      5e62f684
    • Vutla, Lokesh's avatar
      crypto: omap-des - Fix unmapping of dma channels · f662ffe3
      Vutla, Lokesh authored
      commit acb33cc5 upstream.
      
      dma_unmap_sg() is being called twice after completing the
      task. Looks like this is a copy paste error when creating
      des driver.
      With this the following warn appears during boot:
      
      [    4.210457] ------------[ cut here ]------------
      [    4.215114] WARNING: CPU: 0 PID: 0 at lib/dma-debug.c:1080 check_unmap+0x710/0x9a0()
      [    4.222899] omap-des 480a5000.des: DMA-API: device driver tries to free DMA memory it has not allocated [device address=0x00000000ab2ce000] [size=8 bytes]
      [    4.236785] Modules linked in:
      [    4.239860] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.14.39-02999-g1bc045a-dirty #182
      [    4.247918] [<c001678c>] (unwind_backtrace) from [<c0012574>] (show_stack+0x10/0x14)
      [    4.255710] [<c0012574>] (show_stack) from [<c05a37e8>] (dump_stack+0x84/0xb8)
      [    4.262977] [<c05a37e8>] (dump_stack) from [<c0046464>] (warn_slowpath_common+0x68/0x8c)
      [    4.271107] [<c0046464>] (warn_slowpath_common) from [<c004651c>] (warn_slowpath_fmt+0x30/0x40)
      [    4.279854] [<c004651c>] (warn_slowpath_fmt) from [<c02d50a4>] (check_unmap+0x710/0x9a0)
      [    4.287991] [<c02d50a4>] (check_unmap) from [<c02d5478>] (debug_dma_unmap_sg+0x90/0x19c)
      [    4.296128] [<c02d5478>] (debug_dma_unmap_sg) from [<c04a77d8>] (omap_des_done_task+0x1cc/0x3e4)
      [    4.304963] [<c04a77d8>] (omap_des_done_task) from [<c004a090>] (tasklet_action+0x84/0x124)
      [    4.313370] [<c004a090>] (tasklet_action) from [<c004a4ac>] (__do_softirq+0xf0/0x20c)
      [    4.321235] [<c004a4ac>] (__do_softirq) from [<c004a840>] (irq_exit+0x98/0xec)
      [    4.328500] [<c004a840>] (irq_exit) from [<c000f9ac>] (handle_IRQ+0x50/0xb0)
      [    4.335589] [<c000f9ac>] (handle_IRQ) from [<c0008688>] (gic_handle_irq+0x28/0x5c)
      
      Removing the duplicate call to dma_unmap_sg().
      Reported-by: default avatarTomi Valkeinen <tomi.valkeinen@ti.com>
      Signed-off-by: default avatarLokesh Vutla <lokeshvutla@ti.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      f662ffe3
    • Andrey Ryabinin's avatar
      x86/kasan: Fix boot crash on AMD processors · 6b12a75d
      Andrey Ryabinin authored
      commit d4f86bea upstream.
      
      While populating zero shadow wrong bits in upper level page
      tables used. __PAGE_KERNEL_RO that was used for pgd/pud/pmd has
      _PAGE_BIT_GLOBAL set. Global bit is present only in the lowest
      level of the page translation hierarchy (ptes), and it should be
      zero in upper levels.
      
      This bug seems doesn't cause any troubles on Intel cpus, while
      on AMDs it cause kernel crash on boot.
      
      Use _KERNPG_TABLE bits for pgds/puds/pmds to fix this.
      Reported-by: default avatarBorislav Petkov <bp@alien8.de>
      Signed-off-by: default avatarAndrey Ryabinin <a.ryabinin@samsung.com>
      Cc: Alexander Popov <alpopov@ptsecurity.com>
      Cc: Alexander Potapenko <glider@google.com>
      Cc: Andrey Konovalov <adech.fo@gmail.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Link: http://lkml.kernel.org/r/1435828178-10975-5-git-send-email-a.ryabinin@samsung.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      6b12a75d