1. 14 Dec, 2016 6 commits
    • Paul Moore's avatar
      audit: rework audit_log_start() · 31975424
      Paul Moore authored
      The backlog queue handling in audit_log_start() is a little odd with
      some questionable design decisions, this patch attempts to rectify
      this with the following changes:
      
      * Never make auditd wait, ignore any backlog limits as we need auditd
      awake so it can drain the backlog queue.
      
      * When we hit a backlog limit and start dropping records, don't wake
      all the tasks sleeping on the backlog, that's silly.  Instead, let
      kauditd_thread() take care of waking everyone once it has had a chance
      to drain the backlog queue.
      
      * Don't keep a global backlog timeout countdown, make it per-task.  A
      per-task timer means we won't have all the sleeping tasks waking at
      the same time and hammering on an already stressed backlog queue.
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      31975424
    • Paul Moore's avatar
      audit: rework the audit queue handling · c6480207
      Paul Moore authored
      The audit record backlog queue has always been a bit of a mess, and
      the moving the multicast send into kauditd_thread() from
      audit_log_end() only makes things worse.  This patch attempts to fix
      the backlog queue with a better design that should hold up better
      under load and have less of a performance impact at syscall
      invocation time.
      
      While it looks like there is a log going on in this patch, the main
      change is the move from a single backlog queue to three queues:
      
      * A queue for holding records generated from audit_log_end() that
      haven't been consumed by kauditd_thread() (audit_queue).
      
      * A queue for holding records that have been sent via multicast but
      had a temporary failure when sending via unicast and need a resend
      (audit_retry_queue).
      
      * A queue for holding records that haven't been sent via unicast
      because no one is listening (audit_hold_queue).
      
      Special care is taken in this patch to ensure that the proper
      record ordering is preserved, e.g. we send everything in the hold
      queue first, then the retry queue, and finally the main queue.
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      c6480207
    • Paul Moore's avatar
      audit: rename the queues and kauditd related functions · af8b824f
      Paul Moore authored
      The audit queue names can be shortened and the record sending
      helpers associated with the kauditd task could be named better, do
      these small cleanups now to make life easier once we start reworking
      the queues and kauditd code.
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      af8b824f
    • Paul Moore's avatar
      audit: queue netlink multicast sends just like we do for unicast sends · 4aa83872
      Paul Moore authored
      Sending audit netlink multicast messages is bad for all the same
      reasons that sending audit netlink unicast messages is bad, so this
      patch reworks things so that we don't do the multicast send in
      audit_log_end(), we do it from the dedicated kauditd_thread thread just
      as we do for unicast messages.
      
      See the GitHub issues below for more information/history:
      
       * https://github.com/linux-audit/audit-kernel/issues/23
       * https://github.com/linux-audit/audit-kernel/issues/22Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      4aa83872
    • Paul Moore's avatar
      audit: fixup audit_init() · 6c925564
      Paul Moore authored
      Make sure everything is initialized before we start the kauditd_thread
      and don't emit the "initialized" record until everything is finished.
      We also panic with a descriptive message if we can't start the
      kauditd_thread.
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      6c925564
    • Richard Guy Briggs's avatar
      audit: move kaudit thread start from auditd registration to kaudit init (#2) · 55a6f170
      Richard Guy Briggs authored
      Richard made this change some time ago but Eric backed it out because
      the rest of the supporting code wasn't ready.  In order to move the
      netlink multicast send to kauditd_thread we need to ensure the
      kauditd_thread is always running, so restore commit 6ff5e459 ("audit:
      move kaudit thread start from auditd registration to kaudit init").
      Signed-off-by: default avatarRichard Guy Briggs <rbriggs@redhat.com>
      [PM: brought forward and merged based on Richard's old patch]
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      55a6f170
  2. 29 Nov, 2016 1 commit
  3. 20 Nov, 2016 2 commits
  4. 14 Nov, 2016 1 commit
  5. 03 Nov, 2016 1 commit
  6. 02 Oct, 2016 7 commits
    • Linus Torvalds's avatar
      Linux 4.8 · c8d2bc9b
      Linus Torvalds authored
      c8d2bc9b
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm · f76d9c61
      Linus Torvalds authored
      Pull ARM fixes from Russell King:
       "Three relatively small fixes for ARM:
      
         - Roger noticed that dma_max_pfn() was calculating the upper limit
           wrongly, by adding the PFN offset of memory twice.
      
         - A fix from Robin to correct parsing of MPIDR values when the
           address size is larger than one BE32 unit.
      
         - A fix from Srinivas to ensure that we do not rely on the boot
           loader (or previous Linux kernel) setting the translation table
           base register a certain way in the decompressor, which can lead to
           crashes"
      
      * 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm:
        ARM: 8618/1: decompressor: reset ttbcr fields to use TTBR0 on ARMv7
        ARM: 8617/1: dma: fix dma_max_pfn()
        ARM: 8616/1: dt: Respect property size when parsing CPUs
      f76d9c61
    • Srinivas Ramana's avatar
      ARM: 8618/1: decompressor: reset ttbcr fields to use TTBR0 on ARMv7 · 117e5e9c
      Srinivas Ramana authored
      If the bootloader uses the long descriptor format and jumps to
      kernel decompressor code, TTBCR may not be in a right state.
      Before enabling the MMU, it is required to clear the TTBCR.PD0
      field to use TTBR0 for translation table walks.
      
      The commit dbece458 ("ARM: 7501/1: decompressor:
      reset ttbcr for VMSA ARMv7 cores") does the reset of TTBCR.N, but
      doesn't consider all the bits for the size of TTBCR.N.
      
      Clear TTBCR.PD0 field and reset all the three bits of TTBCR.N to
      indicate the use of TTBR0 and the correct base address width.
      
      Fixes: dbece458 ("ARM: 7501/1: decompressor: reset ttbcr for VMSA ARMv7 cores")
      Acked-by: default avatarRobin Murphy <robin.murphy@arm.com>
      Signed-off-by: default avatarSrinivas Ramana <sramana@codeaurora.org>
      Signed-off-by: default avatarRussell King <rmk+kernel@arm.linux.org.uk>
      117e5e9c
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · be67d60b
      Linus Torvalds authored
      Pull x86 fixes from Thomas Gleixner:
       "The last regression fixes for 4.8 final:
      
         - Two patches addressing the fallout of the CR4 optimizations which
           caused CR4-less machines to fail.
      
         - Fix the VDSO build on big endian machines
      
         - Take care of FPU initialization if no CPUID is available otherwise
           task struct size ends up being zero
      
         - Fix up context tracking in case load_gs_index fails"
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/entry/64: Fix context tracking state warning when load_gs_index fails
        x86/boot: Initialize FPU and X86_FEATURE_ALWAYS even if we don't have CPUID
        x86/vdso: Fix building on big endian host
        x86/boot: Fix another __read_cr4() case on 486
        x86/init: Fix cr4_init_shadow() on CR4-less machines
      be67d60b
    • Linus Torvalds's avatar
      Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus · 66188fb1
      Linus Torvalds authored
      Pull MIPS fixes from Ralf Baechle:
       "Another round of fixes:
      
         - CM: Fix mips_cm_max_vp_width for non-MT kernels on MT systems
         - CPS: Avoid BUG() when offlining pre-r6 CPUs
         - DEC: Avoid gas warnings due to suspicious instruction scheduling by
           manually expanding assembler macros.
         - FTLB: Fix configuration by moving confiuguratoin after probing
         - FTLB: clear execution hazard after changing FTLB enable
         - Highmem: Fix detection of unsupported highmem with cache aliases
         - I6400: Don't touch FTLBP chicken bits
         - microMIPS: Fix BUILD_ROLLBACK_PROLOGUE
         - Malta: Fix IOCU disable switch read for MIPS64
         - Octeon: Fix probing of devices attached to GPIO lines
         - uprobes: Misc small fixes"
      
      * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
        MIPS: CM: Fix mips_cm_max_vp_width for non-MT kernels on MT systems
        MIPS: Fix detection of unsupported highmem with cache aliases
        MIPS: Malta: Fix IOCU disable switch read for MIPS64
        MIPS: Fix BUILD_ROLLBACK_PROLOGUE for microMIPS
        MIPS: clear execution hazard after changing FTLB enable
        MIPS: Configure FTLB after probing TLB sizes from config4
        MIPS: Stop setting I6400 FTLBP
        MIPS: DEC: Avoid la pseudo-instruction in delay slots
        MIPS: Octeon: mark GPIO controller node not populated after IRQ init.
        MIPS: uprobes: fix use of uninitialised variable
        MIPS: uprobes: remove incorrect set_orig_insn
        MIPS: fix uretprobe implementation
        MIPS: smp-cps: Avoid BUG() when offlining pre-r6 CPUs
      66188fb1
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc · 0c7fc30f
      Linus Torvalds authored
      Pull sparc fixes from David Miller:
      
       1) Fix section mismatches in some builds, from Paul Gortmaker.
      
       2) Need to count huge zero page mappings when doing TSB sizing, from
          Mike Kravetz.
      
       3) Fix handing of cpu_possible_mask when nr_cpus module option is
          specified, from Atish Patra.
      
       4) Don't allocate irq stacks until nr_irqs has been processed, also
          from Atish Patra.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
        sparc64: Fix non-SMP build.
        sparc64: Fix irq stack bootmem allocation.
        sparc64: Fix cpu_possible_mask if nr_cpus is set
        sparc64 mm: Fix more TSB sizing issues
        sparc64: fix section mismatch in find_numa_latencies_for_group
      0c7fc30f
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · bb6bbc7c
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Fix wrong TCP checksums on MTU probing when checksum offloading is
          disabled, from Douglas Caetano dos Santos.
      
       2) Fix qdisc backlog updates in qfq and sfb schedulers, from Cong Wang.
      
       3) Route lookup flow key protocol value is wrong in ip6gre_xmit_other(),
          fix from Lance Richardson.
      
       4) Scheduling while atomic in multicast routing code of ipv4 and ipv6,
          fix from Nikolay Aleksandrov.
      
       5) Fix packet alignment in fec driver, from Eric Nelson.
      
       6) Fix perf regression in sctp due to struct layout and cache misses,
          from Xin Long.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
        sctp: fix the issue sctp_diag uses lock_sock in rcu_read_lock
        sctp: change to check peer prsctp_capable when using prsctp polices
        sctp: remove prsctp_param from sctp_chunk
        sctp: move sent_count to the memory hole in sctp_chunk
        tg3: Avoid NULL pointer dereference in tg3_io_error_detected()
        act_ife: Fix false encoding
        act_ife: Fix external mac header on encode
        VSOCK: Don't dec ack backlog twice for rejected connections
        Revert "net: ethernet: bcmgenet: use phydev from struct net_device"
        net: fec: align IP header in hardware
        net: fec: remove QUIRK_HAS_RACC from i.mx27
        net: fec: remove QUIRK_HAS_RACC from i.mx25
        ipmr, ip6mr: fix scheduling while atomic and a deadlock with ipmr_get_route
        ip6_gre: fix flowi6_proto value in ip6gre_xmit_other()
        tcp: fix a compile error in DBGUNDO()
        tcp: fix wrong checksum calculation on MTU probing
        sch_sfb: keep backlog updated with qlen
        sch_qfq: keep backlog updated with qlen
        can: dev: fix deadlock reported after bus-off
      bb6bbc7c
  7. 01 Oct, 2016 3 commits
  8. 30 Sep, 2016 16 commits
    • Linus Torvalds's avatar
      Merge branch 'akpm' (patches from Andrew) · dbd8805b
      Linus Torvalds authored
      Merge more fixes from Andrew Morton:
       "Three fixes"
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>:
        include/linux/property.h: fix typo/compile error
        ocfs2: fix deadlock on mmapped page in ocfs2_write_begin_nolock()
        mm: workingset: fix crash in shadow node shrinker caused by replace_page_cache_page()
      dbd8805b
    • John Youn's avatar
      include/linux/property.h: fix typo/compile error · 37aa7271
      John Youn authored
      This fixes commit d76eebfa ("include/linux/property.h: fix build
      issues with gcc-4.4.4").
      
      With that commit we get the following compile error when using the
      PROPERTY_ENTRY_INTEGER_ARRAY macro.
      
       include/linux/property.h:201:39: error: `u32_data' undeclared (first
                       use in this function)
        PROPERTY_ENTRY_INTEGER_ARRAY(_name_, u32, _val_)
                                             ^
       include/linux/property.h:193:17: note: in definition of macro
                       `PROPERTY_ENTRY_INTEGER_ARRAY'
        { .pointer = { _type_##_data = _val_ } },  \
                       ^
      
      This needs a '.' to reference the union member.  It seems this was just
      overlooked here since it is done correctly in similar constructs in
      other parts of the original commit.
      
      This fix is in preparation of upcoming commits that will use this macro.
      
      Fixes: commit d76eebfa ("include/linux/property.h: fix build issues with gcc-4.4.4")
      Link: http://lkml.kernel.org/r/2de3b929290d88a723ed829a3e3cbd02044714df.1475114627.git.johnyoun@synopsys.comSigned-off-by: default avatarJohn Youn <johnyoun@synopsys.com>
      Cc: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      37aa7271
    • Eric Ren's avatar
      ocfs2: fix deadlock on mmapped page in ocfs2_write_begin_nolock() · c33f0785
      Eric Ren authored
      The testcase "mmaptruncate" of ocfs2-test deadlocks occasionally.
      
      In this testcase, we create a 2*CLUSTER_SIZE file and mmap() on it;
      there are 2 process repeatedly performing the following operations
      respectively: one is doing memset(mmaped_addr + 2*CLUSTER_SIZE - 1, 'a',
      1), while the another is playing ftruncate(fd, 2*CLUSTER_SIZE) and then
      ftruncate(fd, CLUSTER_SIZE) again and again.
      
      This is the backtrace when the deadlock happens:
      
         __wait_on_bit_lock+0x50/0xa0
         __lock_page+0xb7/0xc0
         ocfs2_write_begin_nolock+0x163f/0x1790 [ocfs2]
         ocfs2_page_mkwrite+0x1c7/0x2a0 [ocfs2]
         do_page_mkwrite+0x66/0xc0
         handle_mm_fault+0x685/0x1350
         __do_page_fault+0x1d8/0x4d0
         trace_do_page_fault+0x37/0xf0
         do_async_page_fault+0x19/0x70
         async_page_fault+0x28/0x30
      
      In ocfs2_write_begin_nolock(), we first grab the pages and then allocate
      disk space for this write; ocfs2_try_to_free_truncate_log() will be
      called if -ENOSPC is returned; if we're lucky to get enough clusters,
      which is usually the case, we start over again.
      
      But in ocfs2_free_write_ctxt() the target page isn't unlocked, so we
      will deadlock when trying to grab the target page again.
      
      Also, -ENOMEM might be returned in ocfs2_grab_pages_for_write().
      Another deadlock will happen in __do_page_mkwrite() if
      ocfs2_page_mkwrite() returns non-VM_FAULT_LOCKED, and along with a
      locked target page.
      
      These two errors fail on the same path, so fix them by unlocking the
      target page manually before ocfs2_free_write_ctxt().
      
      Jan Kara helps me clear out the JBD2 part, and suggest the hint for root
      cause.
      
      Changes since v1:
      1. Also put ENOMEM error case into consideration.
      
      Link: http://lkml.kernel.org/r/1474173902-32075-1-git-send-email-zren@suse.comSigned-off-by: default avatarEric Ren <zren@suse.com>
      Reviewed-by: default avatarHe Gang <ghe@suse.com>
      Acked-by: default avatarJoseph Qi <joseph.qi@huawei.com>
      Cc: Mark Fasheh <mfasheh@suse.de>
      Cc: Joel Becker <jlbec@evilplan.org>
      Cc: Junxiao Bi <junxiao.bi@oracle.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      c33f0785
    • Johannes Weiner's avatar
      mm: workingset: fix crash in shadow node shrinker caused by replace_page_cache_page() · 22f2ac51
      Johannes Weiner authored
      Antonio reports the following crash when using fuse under memory pressure:
      
        kernel BUG at /build/linux-a2WvEb/linux-4.4.0/mm/workingset.c:346!
        invalid opcode: 0000 [#1] SMP
        Modules linked in: all of them
        CPU: 2 PID: 63 Comm: kswapd0 Not tainted 4.4.0-36-generic #55-Ubuntu
        Hardware name: System manufacturer System Product Name/P8H67-M PRO, BIOS 3904 04/27/2013
        task: ffff88040cae6040 ti: ffff880407488000 task.ti: ffff880407488000
        RIP: shadow_lru_isolate+0x181/0x190
        Call Trace:
          __list_lru_walk_one.isra.3+0x8f/0x130
          list_lru_walk_one+0x23/0x30
          scan_shadow_nodes+0x34/0x50
          shrink_slab.part.40+0x1ed/0x3d0
          shrink_zone+0x2ca/0x2e0
          kswapd+0x51e/0x990
          kthread+0xd8/0xf0
          ret_from_fork+0x3f/0x70
      
      which corresponds to the following sanity check in the shadow node
      tracking:
      
        BUG_ON(node->count & RADIX_TREE_COUNT_MASK);
      
      The workingset code tracks radix tree nodes that exclusively contain
      shadow entries of evicted pages in them, and this (somewhat obscure)
      line checks whether there are real pages left that would interfere with
      reclaim of the radix tree node under memory pressure.
      
      While discussing ways how fuse might sneak pages into the radix tree
      past the workingset code, Miklos pointed to replace_page_cache_page(),
      and indeed there is a problem there: it properly accounts for the old
      page being removed - __delete_from_page_cache() does that - but then
      does a raw raw radix_tree_insert(), not accounting for the replacement
      page.  Eventually the page count bits in node->count underflow while
      leaving the node incorrectly linked to the shadow node LRU.
      
      To address this, make sure replace_page_cache_page() uses the tracked
      page insertion code, page_cache_tree_insert().  This fixes the page
      accounting and makes sure page-containing nodes are properly unlinked
      from the shadow node LRU again.
      
      Also, make the sanity checks a bit less obscure by using the helpers for
      checking the number of pages and shadows in a radix tree node.
      
      Fixes: 449dd698 ("mm: keep page cache radix tree nodes in check")
      Link: http://lkml.kernel.org/r/20160919155822.29498-1-hannes@cmpxchg.orgSigned-off-by: default avatarJohannes Weiner <hannes@cmpxchg.org>
      Reported-by: default avatarAntonio SJ Musumeci <trapexit@spawn.link>
      Debugged-by: default avatarMiklos Szeredi <miklos@szeredi.hu>
      Cc: <stable@vger.kernel.org>	[3.15+]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      22f2ac51
    • Javi Merino's avatar
      MAINTAINERS: Switch to kernel.org email address for Javi Merino · 9a2172a8
      Javi Merino authored
      Change my email address to my kernel.org account instead of the ARM one.
      Signed-off-by: default avatarJavi Merino <javi.merino@arm.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9a2172a8
    • Wanpeng Li's avatar
      x86/entry/64: Fix context tracking state warning when load_gs_index fails · 2fa5f04f
      Wanpeng Li authored
      This warning:
      
       WARNING: CPU: 0 PID: 3331 at arch/x86/entry/common.c:45 enter_from_user_mode+0x32/0x50
       CPU: 0 PID: 3331 Comm: ldt_gdt_64 Not tainted 4.8.0-rc7+ #13
       Call Trace:
        dump_stack+0x99/0xd0
        __warn+0xd1/0xf0
        warn_slowpath_null+0x1d/0x20
        enter_from_user_mode+0x32/0x50
        error_entry+0x6d/0xc0
        ? general_protection+0x12/0x30
        ? native_load_gs_index+0xd/0x20
        ? do_set_thread_area+0x19c/0x1f0
        SyS_set_thread_area+0x24/0x30
        do_int80_syscall_32+0x7c/0x220
        entry_INT80_compat+0x38/0x50
      
      ... can be reproduced by running the GS testcase of the ldt_gdt test unit in
      the x86 selftests.
      
      do_int80_syscall_32() will call enter_form_user_mode() to convert context
      tracking state from user state to kernel state. The load_gs_index() call
      can fail with user gsbase, gsbase will be fixed up and proceed if this
      happen.
      
      However, enter_from_user_mode() will be called again in the fixed up path
      though it is context tracking kernel state currently.
      
      This patch fixes it by just fixing up gsbase and telling lockdep that IRQs
      are off once load_gs_index() failed with user gsbase.
      Signed-off-by: default avatarWanpeng Li <wanpeng.li@hotmail.com>
      Acked-by: default avatarAndy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Link: http://lkml.kernel.org/r/1475197266-3440-1-git-send-email-wanpeng.li@hotmail.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      2fa5f04f
    • Andy Lutomirski's avatar
      x86/boot: Initialize FPU and X86_FEATURE_ALWAYS even if we don't have CPUID · 05fb3c19
      Andy Lutomirski authored
      Otherwise arch_task_struct_size == 0 and we die.  While we're at it,
      set X86_FEATURE_ALWAYS, too.
      Reported-by: default avatarDavid Saggiorato <david@saggiorato.net>
      Tested-by: default avatarDavid Saggiorato <david@saggiorato.net>
      Signed-off-by: default avatarAndy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Dave Hansen <dave@sr71.net>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: stable@vger.kernel.org
      Fixes: aaeb5c01c5b ("x86/fpu, sched: Introduce CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT and use it on x86")
      Link: http://lkml.kernel.org/r/8de723afbf0811071185039f9088733188b606c9.1475103911.git.luto@kernel.orgSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      05fb3c19
    • Segher Boessenkool's avatar
      x86/vdso: Fix building on big endian host · e4aad645
      Segher Boessenkool authored
      We need to call GET_LE to read hdr->e_type.
      
      Fixes: 57f90c3d ("x86/vdso: Error out if the vDSO isn't a valid DSO")
      Reported-by: default avatarPaul Gortmaker <paul.gortmaker@windriver.com>
      Signed-off-by: default avatarSegher Boessenkool <segher@kernel.crashing.org>
      Acked-by: default avatarAndy Lutomirski <luto@kernel.org>
      Cc: Stephen Rothwell <sfr@canb.auug.org.au>
      Cc: linux-next@vger.kernel.org
      Link: http://lkml.kernel.org/r/20160929193442.GA16617@gate.crashing.orgSigned-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      e4aad645
    • Andy Lutomirski's avatar
      x86/boot: Fix another __read_cr4() case on 486 · 192d1dcc
      Andy Lutomirski authored
      The condition for reading CR4 was wrong: there are some CPUs with
      CPUID but not CR4.  Rather than trying to make the condition exact,
      use __read_cr4_safe().
      
      Fixes: 18bc7bd5 ("x86/boot: Synchronize trampoline_cr4_features and mmu_cr4_features directly")
      Reported-by: david@saggiorato.net
      Signed-off-by: default avatarAndy Lutomirski <luto@kernel.org>
      Reviewed-by: default avatarBorislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Link: http://lkml.kernel.org/r/8c453a61c4f44ab6ff43c29780ba04835234d2e5.1475178369.git.luto@kernel.orgSigned-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      192d1dcc
    • Xin Long's avatar
      sctp: fix the issue sctp_diag uses lock_sock in rcu_read_lock · 1cceda78
      Xin Long authored
      When sctp dumps all the ep->assocs, it needs to lock_sock first,
      but now it locks sock in rcu_read_lock, and lock_sock may sleep,
      which would break rcu_read_lock.
      
      This patch is to get and hold one sock when traversing the list.
      After that and get out of rcu_read_lock, lock and dump it. Then
      it will traverse the list again to get the next one until all
      sctp socks are dumped.
      
      For sctp_diag_dump_one, it fixes this issue by holding asoc and
      moving cb() out of rcu_read_lock in sctp_transport_lookup_process.
      
      Fixes: 8f840e47 ("sctp: add the sctp_diag.c file")
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1cceda78
    • David S. Miller's avatar
      Merge branch 'sctp-fixes' · 75b005b9
      David S. Miller authored
      Xin Long says:
      
      ====================
      sctp: a bunch of fixes for prsctp polices
      
      This patchset is to fix 2 issues for prsctp polices:
      
        1. patch 1 and 2 fix "netperf-Throughput_Mbps -37.2% regression" issue
           when overloading the CPU.
      
        2. patch 3 fix "prsctp polices should check both sides' prsctp_capable,
           instead of only local side".
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      75b005b9
    • Xin Long's avatar
      sctp: change to check peer prsctp_capable when using prsctp polices · be4947bf
      Xin Long authored
      Now before using prsctp polices, sctp uses asoc->prsctp_enable to
      check if prsctp is enabled. However asoc->prsctp_enable is set only
      means local host support prsctp, sctp should not abandon packet if
      peer host doesn't enable prsctp.
      
      So this patch is to use asoc->peer.prsctp_capable to check if prsctp
      is enabled on both side, instead of asoc->prsctp_enable, as asoc's
      peer.prsctp_capable is set only when local and peer both enable prsctp.
      
      Fixes: a6c2f792 ("sctp: implement prsctp TTL policy")
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      be4947bf
    • Xin Long's avatar
      sctp: remove prsctp_param from sctp_chunk · 0605483f
      Xin Long authored
      Now sctp uses chunk->prsctp_param to save the prsctp param for all the
      prsctp polices, we didn't need to introduce prsctp_param to sctp_chunk.
      We can just use chunk->sinfo.sinfo_timetolive for RTX and BUF polices,
      and reuse msg->expires_at for TTL policy, as the prsctp polices and old
      expires policy are mutual exclusive.
      
      This patch is to remove prsctp_param from sctp_chunk, and reuse msg's
      expires_at for TTL and chunk's sinfo.sinfo_timetolive for RTX and BUF
      polices.
      
      Note that sctp can't use chunk's sinfo.sinfo_timetolive for TTL policy,
      as it needs a u64 variables to save the expires_at time.
      
      This one also fixes the "netperf-Throughput_Mbps -37.2% regression"
      issue.
      
      Fixes: a6c2f792 ("sctp: implement prsctp TTL policy")
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0605483f
    • Xin Long's avatar
      sctp: move sent_count to the memory hole in sctp_chunk · 73dca124
      Xin Long authored
      Now pahole sctp_chunk, it has 2 memory holes:
         struct sctp_chunk {
      	struct list_head           list;
      	atomic_t                   refcnt;
      	/* XXX 4 bytes hole, try to pack */
      	...
      	long unsigned int          prsctp_param;
      	int                        sent_count;
      	/* XXX 4 bytes hole, try to pack */
      
      This patch is to move up sent_count to fill the 1st one and eliminate
      the 2nd one.
      
      It's not just another struct compaction, it also fixes the "netperf-
      Throughput_Mbps -37.2% regression" issue when overloading the CPU.
      
      Fixes: a6c2f792 ("sctp: implement prsctp TTL policy")
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      73dca124
    • Milton Miller's avatar
      tg3: Avoid NULL pointer dereference in tg3_io_error_detected() · 1b0ff898
      Milton Miller authored
      While the driver is probing the adapter, an error may occur before the
      netdev structure is allocated and attached to pci_dev. In this case,
      not only netdev isn't available, but the tg3 private structure is also
      not available as it is just math from the NULL pointer, so dereferences
      must be skipped.
      
      The following trace is seen when the error is triggered:
      
        [1.402247] Unable to handle kernel paging request for data at address 0x00001a99
        [1.402410] Faulting instruction address: 0xc0000000007e33f8
        [1.402450] Oops: Kernel access of bad area, sig: 11 [#1]
        [1.402481] SMP NR_CPUS=2048 NUMA PowerNV
        [1.402513] Modules linked in:
        [1.402545] CPU: 0 PID: 651 Comm: eehd Not tainted 4.4.0-36-generic #55-Ubuntu
        [1.402591] task: c000001fe4e42a20 ti: c000001fe4e88000 task.ti: c000001fe4e88000
        [1.402742] NIP: c0000000007e33f8 LR: c0000000007e3164 CTR: c000000000595ea0
        [1.402787] REGS: c000001fe4e8b790 TRAP: 0300   Not tainted  (4.4.0-36-generic)
        [1.402832] MSR: 9000000100009033 <SF,HV,EE,ME,IR,DR,RI,LE>  CR: 28000422  XER: 20000000
        [1.403058] CFAR: c000000000008468 DAR: 0000000000001a99 DSISR: 42000000 SOFTE: 1
        GPR00: c0000000007e3164 c000001fe4e8ba10 c0000000015c5e00 0000000000000000
        GPR04: 0000000000000001 0000000000000000 0000000000000039 0000000000000299
        GPR08: 0000000000000000 0000000000000001 c000001fe4e88000 0000000000000006
        GPR12: 0000000000000000 c00000000fb40000 c0000000000e6558 c000003ca1bffd00
        GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
        GPR20: 0000000000000000 0000000000000000 0000000000000000 c000000000d52768
        GPR24: c000000000d52740 0000000000000100 c000003ca1b52000 0000000000000002
        GPR28: 0000000000000900 0000000000000000 c00000000152a0c0 c000003ca1b52000
        [1.404226] NIP [c0000000007e33f8] tg3_io_error_detected+0x308/0x340
        [1.404265] LR [c0000000007e3164] tg3_io_error_detected+0x74/0x340
      
      This patch avoids the NULL pointer dereference by moving the access after
      the netdev NULL pointer check on tg3_io_error_detected(). Also, we add a
      check for netdev being NULL on tg3_io_resume() [suggested by Michael Chan].
      
      Fixes: 0486a063 ("tg3: prevent ifup/ifdown during PCI error recovery")
      Fixes: dfc8f370 ("net/tg3: Release IRQs on permanent error")
      Tested-by: default avatarGuilherme G. Piccoli <gpiccoli@linux.vnet.ibm.com>
      Signed-off-by: default avatarMilton Miller <miltonm@us.ibm.com>
      Signed-off-by: default avatarGuilherme G. Piccoli <gpiccoli@linux.vnet.ibm.com>
      Acked-by: default avatarMichael Chan <michael.chan@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1b0ff898
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-for-v4.8-final' of git://people.freedesktop.org/~airlied/linux · e3b3656c
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "drm fixes for final 4.8.
      
        One big regression fix for udl, along with two amdgpu fixes and two
        nouveau fixes.
      
        All seems pretty safe and useful"
      
      * tag 'drm-fixes-for-v4.8-final' of git://people.freedesktop.org/~airlied/linux:
        drm/udl: fix line iterator in damage handling
        drm/radeon/si/dpm: add workaround for for Jet parts
        drm/amdgpu: disable CRTCs before teardown
        drm/nouveau: Revert "bus: remove cpu_coherent flag"
        drm/nouveau/fifo/nv04: avoid ramht race against cookie insertion
      e3b3656c
  9. 29 Sep, 2016 3 commits
    • Linus Torvalds's avatar
      Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm · c6169de7
      Linus Torvalds authored
      Pull libnvdimm fixes from Dan Williams:
      
       - Four fixes for "flush hint" support.
      
         Flush hints are addresses advertised by the ACPI 6+ NFIT (NVDIMM
         Firmware Interface Table) that when written and fenced guarantee that
         writes pending in platform write buffers (outside the cpu) have been
         flushed to media.  They might also be used by hypervisors as a
         trigger condition to flush guest-persistent memory ranges to storage.
      
          Fix a potential data corruption issue, a broken definition of the
          hint array, a wrong allocation size for the unit test implementation
          of the flush hint table, and missing NULL check in an error path.
      
          The unit test, while it did not prevent these bugs from being
          merged, at least triggered occasional crashes in advance of
          production usages.
      
       - Fix handling of ACPI DSM error status results.  The DSM mechanism
         allows communication with platform and memory device firmware.  We
         correctly parse known errors, but were silently ignoring others.
      
         Fix it to consistently fail any command with a non-zero status return
         that we otherwise do not interpret / handle.
      
      * 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
        libnvdimm, region: fix flush hint table thinko
        nfit: fail DSMs that return non-zero status by default
        libnvdimm: fix devm_nvdimm_memremap() error path
        tools/testing/nvdimm: fix allocation range for mock flush hint tables
        nvdimm: fix PHYS_PFN/PFN_PHYS mixup
      c6169de7
    • Andy Lutomirski's avatar
      x86/init: Fix cr4_init_shadow() on CR4-less machines · e1bfc11c
      Andy Lutomirski authored
      cr4_init_shadow() will panic on 486-like machines without CR4.  Fix
      it using __read_cr4_safe().
      
      Reported-by: david@saggiorato.net
      Signed-off-by: default avatarAndy Lutomirski <luto@kernel.org>
      Reviewed-by: default avatarBorislav Petkov <bp@suse.de>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: stable@vger.kernel.org
      Fixes: 1e02ce4c ("x86: Store a per-cpu shadow copy of CR4")
      Link: http://lkml.kernel.org/r/43a20f81fb504013bf613913dc25574b45336a61.1475091074.git.luto@kernel.orgSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      e1bfc11c
    • Paul Burton's avatar
      MIPS: Fix detection of unsupported highmem with cache aliases · 058effe7
      Paul Burton authored
      The paging_init() function contains code which detects that highmem is
      in use but unsupported due to dcache aliasing. However this code was
      ineffective because it was being run before the caches are probed,
      meaning that cpu_has_dc_aliases would always evaluate to false (unless a
      platform overrides it to a compile-time constant) and the detection of
      the unsupported case is never triggered. The kernel would then go on to
      attempt to use highmem & either hit coherency issues or trigger the
      BUG_ON in flush_kernel_dcache_page().
      
      Fix this by running paging_init() later than cpu_cache_init(), such that
      the cpu_has_dc_aliases macro will evaluate correctly & the unsupported
      highmem case will be detected successfully.
      
      This then leads to a formerly hidden issue in that
      mem_init_free_highmem() will attempt to free all highmem pages, even
      though we're avoiding use of them & don't have valid page structs for
      them. This leads to an invalid pointer dereference & a TLB exception.
      Avoid this by skipping the loop in mem_init_free_highmem() if
      cpu_has_dc_aliases evaluates true.
      Signed-off-by: default avatarPaul Burton <paul.burton@imgtec.com>
      Cc: Rabin Vincent <rabinv@axis.com>
      Cc: Matt Redfearn <matt.redfearn@imgtec.com>
      Cc: Jerome Marchand <jmarchan@redhat.com>
      Cc: Alexander Sverdlin <alexander.sverdlin@gmail.com>
      Cc: Aurelien Jarno <aurelien@aurel32.net>
      Cc: Jaedon Shin <jaedon.shin@gmail.com>
      Cc: Toshi Kani <toshi.kani@hpe.com>
      Cc: James Hogan <james.hogan@imgtec.com>
      Cc: Sergey Ryazanov <ryazanov.s.a@gmail.com>
      Cc: Jonas Gorski <jogo@openwrt.org>
      Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/14184/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      058effe7