1. 04 May, 2016 12 commits
  2. 20 Apr, 2016 28 commits
    • Greg Kroah-Hartman's avatar
      Linux 4.5.2 · 92b8a3b2
      Greg Kroah-Hartman authored
      92b8a3b2
    • Liviu Dudau's avatar
      staging: android: ion: Set the length of the DMA sg entries in buffer · 9378a3b5
      Liviu Dudau authored
      commit 70bc916b upstream.
      
      ion_buffer_create() will allocate a buffer and then create a DMA
      mapping for it, but it forgot to set the length of the page entries.
      Signed-off-by: default avatarLiviu Dudau <Liviu.Dudau@arm.com>
      Signed-off-by: default avatarJon Medhurst <tixy@linaro.org>
      Acked-by: default avatarLaura Abbott <labbott@redhat.com>
      Cc: Shawn Guo <shawnguo@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      9378a3b5
    • Alan Stern's avatar
      HID: usbhid: fix inconsistent reset/resume/reset-resume behavior · 383b59f1
      Alan Stern authored
      commit 972e6a99 upstream.
      
      The usbhid driver has inconsistently duplicated code in its post-reset,
      resume, and reset-resume pathways.
      
      	reset-resume doesn't check HID_STARTED before trying to
      	restart the I/O queues.
      
      	resume fails to clear the HID_SUSPENDED flag if HID_STARTED
      	isn't set.
      
      	resume calls usbhid_restart_queues() with usbhid->lock held
      	and the others call it without holding the lock.
      
      The first item in particular causes a problem following a reset-resume
      if the driver hasn't started up its I/O.  URB submission fails because
      usbhid->urbin is NULL, and this triggers an unending reset-retry loop.
      
      This patch fixes the problem by creating a new subroutine,
      hid_restart_io(), to carry out all the common activities.  It also
      adds some checks that were missing in the original code:
      
      	After a reset, there's no need to clear any halted endpoints.
      
      	After a resume, if a reset is pending there's no need to
      	restart any I/O until the reset is finished.
      
      	After a resume, if the interrupt-IN endpoint is halted there's
      	no need to submit the input URB until the halt has been
      	cleared.
      Signed-off-by: default avatarAlan Stern <stern@rowland.harvard.edu>
      Reported-by: default avatarDaniel Fraga <fragabr@gmail.com>
      Tested-by: default avatarDaniel Fraga <fragabr@gmail.com>
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      383b59f1
    • Benjamin Tissoires's avatar
      HID: wacom: fix Bamboo ONE oops · 2fa2fc16
      Benjamin Tissoires authored
      commit 580549ef upstream.
      
      Looks like recent changes in the Wacom driver made the Bamboo ONE crashes.
      The tablet behaves as if it was a regular Bamboo device with pen, touch
      and pad, but there is no physical pad connected to it.
      The weird part is that the pad is still sending events and given that
      there is no input node connected to it, we get  anull pointer exception.
      
      Link: https://bugzilla.redhat.com/show_bug.cgi?id=1317116Signed-off-by: default avatarBenjamin Tissoires <benjamin.tissoires@redhat.com>
      Acked-by: default avatarPing Cheng <pingc@wacom.com>
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      2fa2fc16
    • Kailang Yang's avatar
      ALSA: usb-audio: Skip volume controls triggers hangup on Dell USB Dock · 9bfe5a57
      Kailang Yang authored
      commit adcdd0d5 upstream.
      
      This is Dell usb dock audio workaround.
      It was fixed the master volume keep lower.
      
      [Some background: the patch essentially skips the controls of a couple
       of FU volumes.  Although the firmware exposes the dB and the value
       information via the usb descriptor, changing the values (we set the
       min volume as default) screws up the device.  Although this has been
       fixed in the newer firmware, the devices are shipped with the old
       firmware, thus we need the workaround in the driver side.  -- tiwai]
      Signed-off-by: default avatarKailang Yang <kailang@realtek.com>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      9bfe5a57
    • Dennis Kadioglu's avatar
      ALSA: usb-audio: Add a quirk for Plantronics BT300 · 1b040b32
      Dennis Kadioglu authored
      commit b4203ff5 upstream.
      
      Plantronics BT300 does not support reading the sample rate which leads
      to many lines of "cannot get freq at ep 0x1". This patch adds the USB
      ID of the BT300 to quirks.c and avoids those error messages.
      Signed-off-by: default avatarDennis Kadioglu <denk@post.com>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      1b040b32
    • Takashi Iwai's avatar
      ALSA: usb-audio: Add a sample rate quirk for Phoenix Audio TMX320 · 4e088a69
      Takashi Iwai authored
      commit f03b24a8 upstream.
      
      Phoenix Audio TMX320 gives the similar error when the sample rate is
      asked:
        usb 2-1.3: 2:1: cannot get freq at ep 0x85
        usb 2-1.3: 1:1: cannot get freq at ep 0x2
        ....
      
      Add the corresponding USB-device ID (1de7:0014) to
      snd_usb_get_sample_rate_quirk() list.
      
      Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=110221Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      4e088a69
    • Sven Eckelmann's avatar
      ALSA: hda/realtek - Enable the ALC292 dock fixup on the Thinkpad T460s · 0e3d5c4d
      Sven Eckelmann authored
      commit c636b95e upstream.
      
      The Lenovo Thinkpad T460s requires the alc_fixup_tpt440_dock as well in
      order to get working sound output on the docking stations headphone jack.
      
      Patch tested on a Thinkpad T460s (20F9CT01WW) using a ThinkPad Ultradock
      on kernel 4.4.6.
      Signed-off-by: default avatarSven Eckelmann <sven@narfation.org>
      Tested-by: default avatarSimon Wunderlich <sw@simonwunderlich.de>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      0e3d5c4d
    • Hyungwon Hwang's avatar
      ALSA: hda - Fix regression of monitor_present flag in eld proc file · 285947f3
      Hyungwon Hwang authored
      commit 023d8218 upstream.
      
      The commit [bd481285: ALSA: hda - Fix forgotten HDMI
      monitor_present update] covered the missing update of monitor_present
      flag, but this caused a regression for devices without the i915 eld
      notifier.  Since the old code supposed that pin_eld->monitor_present
      was updated by the caller side, the hdmi_present_sense_via_verbs()
      doesn't update the temporary eld->monitor_present but only
      pin_eld->monitor_present, which is now overridden in update_eld().
      
      The fix is to update pin_eld->monitor_present as well before calling
      update_eld().
      
      Note that this may still leave monitor_present flag in an inconsistent
      state when the driver repolls, but this is at least the old behavior.
      More proper fix will follow in the later patch.
      
      Fixes: bd481285 ('ALSA: hda - Fix forgotten HDMI monitor_present update')
      Signed-off-by: default avatarHyungwon Hwang <hyungwon.hwang7@gmail.com>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      285947f3
    • Adrian Hunter's avatar
      mmc: sdhci-pci: Add support and PCI IDs for more Broxton host controllers · 9e91bf33
      Adrian Hunter authored
      commit 01d6b2a4 upstream.
      
      Add support and PCI IDs for more Broxton host controllers
      
      Other BXT IDs were added in v4.4 so cc'ing stable. This patch
      is dependent on commit 163cbe31 ("mmc: sdhci-pci: Fix card
      detect race for Intel BXT/APL") but that is already in stable
      since v4.4.4.
      Signed-off-by: default avatarAdrian Hunter <adrian.hunter@intel.com>
      Signed-off-by: default avatarUlf Hansson <ulf.hansson@linaro.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      9e91bf33
    • Adrian Hunter's avatar
      mmc: sdhci: Fix regression setting power on Trats2 board · 46d75c0b
      Adrian Hunter authored
      commit 1dceb041 upstream.
      
      Several commits relating to setting power have been introducing
      problems by putting driver-specific rules into generic SDHCI code.
      
      Krzysztof Kozlowski reported that after commit 918f4cbd ("mmc:
      sdhci: restore behavior when setting VDD via external regulator")
      on Trats2 board there are warnings for invalid VDD  value (2.8V):
      
      [    3.119656] ------------[ cut here ]------------
      [    3.119666] WARNING: CPU: 3 PID: 90 at
      ../drivers/mmc/host/sdhci.c:1234 sdhci_do_set_ios+0x4cc/0x5e0
      [    3.119669] mmc0: Invalid vdd 0x10
      [    3.119673] Modules linked in:
      [    3.119679] CPU: 3 PID: 90 Comm: kworker/3:1 Tainted: G        W
         4.5.0-next-20160324 #23
      [    3.119681] Hardware name: SAMSUNG EXYNOS (Flattened Device Tree)
      [    3.119690] Workqueue: events_freezable mmc_rescan
      [    3.119708] [<c010e0ac>] (unwind_backtrace) from [<c010ae10>]
      (show_stack+0x10/0x14)
      [    3.119719] [<c010ae10>] (show_stack) from [<c0323260>]
      (dump_stack+0x88/0x9c)
      [    3.119728] [<c0323260>] (dump_stack) from [<c011b754>] (__warn+0xe8/0x100)
      [    3.119734] [<c011b754>] (__warn) from [<c011b7a4>]
      (warn_slowpath_fmt+0x38/0x48)
      [    3.119740] [<c011b7a4>] (warn_slowpath_fmt) from [<c0527d28>]
      (sdhci_do_set_ios+0x4cc/0x5e0)
      [    3.119748] [<c0527d28>] (sdhci_do_set_ios) from [<c0528018>]
      (sdhci_runtime_resume_host+0x60/0x114)
      [    3.119758] [<c0528018>] (sdhci_runtime_resume_host) from
      [<c0402570>] (__rpm_callback+0x2c/0x60)
      [    3.119767] [<c0402570>] (__rpm_callback) from [<c04025c4>]
      (rpm_callback+0x20/0x80)
      [    3.119773] [<c04025c4>] (rpm_callback) from [<c04034b8>]
      (rpm_resume+0x36c/0x558)
      [    3.119780] [<c04034b8>] (rpm_resume) from [<c04036f0>]
      (__pm_runtime_resume+0x4c/0x64)
      [    3.119788] [<c04036f0>] (__pm_runtime_resume) from [<c0512728>]
      (__mmc_claim_host+0x170/0x1b0)
      [    3.119795] [<c0512728>] (__mmc_claim_host) from [<c0514e2c>]
      (mmc_rescan+0x54/0x348)
      [    3.119807] [<c0514e2c>] (mmc_rescan) from [<c0130dac>]
      (process_one_work+0x120/0x3f4)
      [    3.119815] [<c0130dac>] (process_one_work) from [<c01310b8>]
      (worker_thread+0x38/0x554)
      [    3.119823] [<c01310b8>] (worker_thread) from [<c01365a4>]
      (kthread+0xdc/0xf4)
      [    3.119831] [<c01365a4>] (kthread) from [<c0107878>]
      (ret_from_fork+0x14/0x3c)
      [    3.119834] ---[ end trace a22d652aa3276886 ]---
      
      Fix by adding a 'set_power' callback and restoring the default
      behaviour prior to commit 918f4cbd ("mmc: sdhci: restore
      behavior when setting VDD via external regulator").  The desired
      behaviour of that commit is gotten by having sdhci-pxav3 provide
      its own set_power callback.
      Reported-by: default avatarKrzysztof Kozlowski <k.kozlowski@samsung.com>
      Link: http://lkml.kernel.org/r/CAJKOXPcGDnPm-Ykh6wHqV1YxfTaov5E8iVqBoBn4OJc7BnhgEQ@mail.gmail.com
      Fixes: 918f4cbd ("mmc: sdhci: restore behavior when setting VDD...)
      Tested-by: default avatarKrzysztof Kozlowski <k.kozlowski@samsung.com>
      Tested-by: default avatarLudovic Desroches <ludovic.desroches@atmel.com>
      Signed-off-by: default avatarAdrian Hunter <adrian.hunter@intel.com>
      Reviewed-by: default avatarJisheng Zhang <jszhang@marvell.com>
      Tested-by: default avatarJisheng Zhang <jszhang@marvell.com>
      Tested-by: default avatarJaehoon Chung <jh80.chung@samsung.com>
      Tested-by: default avatarAnand Moon <linux.amoon@gmail.com>
      Signed-off-by: default avatarUlf Hansson <ulf.hansson@linaro.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      46d75c0b
    • Yang Shi's avatar
      arm64: replace read_lock to rcu lock in call_step_hook · c8ed2251
      Yang Shi authored
      commit cf0a2543 upstream.
      
      BUG: sleeping function called from invalid context at kernel/locking/rtmutex.c:917
      in_atomic(): 1, irqs_disabled(): 128, pid: 383, name: sh
      Preemption disabled at:[<ffff800000124c18>] kgdb_cpu_enter+0x158/0x6b8
      
      CPU: 3 PID: 383 Comm: sh Tainted: G        W       4.1.13-rt13 #2
      Hardware name: Freescale Layerscape 2085a RDB Board (DT)
      Call trace:
      [<ffff8000000885e8>] dump_backtrace+0x0/0x128
      [<ffff800000088734>] show_stack+0x24/0x30
      [<ffff80000079a7c4>] dump_stack+0x80/0xa0
      [<ffff8000000bd324>] ___might_sleep+0x18c/0x1a0
      [<ffff8000007a20ac>] __rt_spin_lock+0x2c/0x40
      [<ffff8000007a2268>] rt_read_lock+0x40/0x58
      [<ffff800000085328>] single_step_handler+0x38/0xd8
      [<ffff800000082368>] do_debug_exception+0x58/0xb8
      Exception stack(0xffff80834a1e7c80 to 0xffff80834a1e7da0)
      7c80: ffffff9c ffffffff 92c23ba0 0000ffff 4a1e7e40 ffff8083 001bfcc4 ffff8000
      7ca0: f2000400 00000000 00000000 00000000 4a1e7d80 ffff8083 0049501c ffff8000
      7cc0: 00005402 00000000 00aaa210 ffff8000 4a1e7ea0 ffff8083 000833f4 ffff8000
      7ce0: ffffff9c ffffffff 92c23ba0 0000ffff 4a1e7ea0 ffff8083 001bfcc0 ffff8000
      7d00: 4a0fc400 ffff8083 00005402 00000000 4a1e7d40 ffff8083 00490324 ffff8000
      7d20: ffffff9c 00000000 92c23ba0 0000ffff 000a0000 00000000 00000000 00000000
      7d40: 00000008 00000000 00080000 00000000 92c23b8b 0000ffff 92c23b8e 0000ffff
      7d60: 00000038 00000000 00001cb2 00000000 00000005 00000000 92d7b498 0000ffff
      7d80: 01010101 01010101 92be9000 0000ffff 00000000 00000000 00000030 00000000
      [<ffff8000000833f4>] el1_dbg+0x18/0x6c
      
      This issue is similar with 62c6c61a("arm64: replace read_lock to rcu lock in
      call_break_hook"), but comes to single_step_handler.
      
      This also solves kgdbts boot test silent hang issue on 4.4 -rt kernel.
      Signed-off-by: default avatarYang Shi <yang.shi@linaro.org>
      Acked-by: default avatarWill Deacon <will.deacon@arm.com>
      Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      c8ed2251
    • Filipe Manana's avatar
      Btrfs: fix file/data loss caused by fsync after rename and new inode · ff440e91
      Filipe Manana authored
      commit 56f23fdb upstream.
      
      If we rename an inode A (be it a file or a directory), create a new
      inode B with the old name of inode A and under the same parent directory,
      fsync inode B and then power fail, at log tree replay time we end up
      removing inode A completely. If inode A is a directory then all its files
      are gone too.
      
      Example scenarios where this happens:
      This is reproducible with the following steps, taken from a couple of
      test cases written for fstests which are going to be submitted upstream
      soon:
      
         # Scenario 1
      
         mkfs.btrfs -f /dev/sdc
         mount /dev/sdc /mnt
         mkdir -p /mnt/a/x
         echo "hello" > /mnt/a/x/foo
         echo "world" > /mnt/a/x/bar
         sync
         mv /mnt/a/x /mnt/a/y
         mkdir /mnt/a/x
         xfs_io -c fsync /mnt/a/x
         <power failure happens>
      
         The next time the fs is mounted, log tree replay happens and
         the directory "y" does not exist nor do the files "foo" and
         "bar" exist anywhere (neither in "y" nor in "x", nor the root
         nor anywhere).
      
         # Scenario 2
      
         mkfs.btrfs -f /dev/sdc
         mount /dev/sdc /mnt
         mkdir /mnt/a
         echo "hello" > /mnt/a/foo
         sync
         mv /mnt/a/foo /mnt/a/bar
         echo "world" > /mnt/a/foo
         xfs_io -c fsync /mnt/a/foo
         <power failure happens>
      
         The next time the fs is mounted, log tree replay happens and the
         file "bar" does not exists anymore. A file with the name "foo"
         exists and it matches the second file we created.
      
      Another related problem that does not involve file/data loss is when a
      new inode is created with the name of a deleted snapshot and we fsync it:
      
         mkfs.btrfs -f /dev/sdc
         mount /dev/sdc /mnt
         mkdir /mnt/testdir
         btrfs subvolume snapshot /mnt /mnt/testdir/snap
         btrfs subvolume delete /mnt/testdir/snap
         rmdir /mnt/testdir
         mkdir /mnt/testdir
         xfs_io -c fsync /mnt/testdir # or fsync some file inside /mnt/testdir
         <power failure>
      
         The next time the fs is mounted the log replay procedure fails because
         it attempts to delete the snapshot entry (which has dir item key type
         of BTRFS_ROOT_ITEM_KEY) as if it were a regular (non-root) entry,
         resulting in the following error that causes mount to fail:
      
         [52174.510532] BTRFS info (device dm-0): failed to delete reference to snap, inode 257 parent 257
         [52174.512570] ------------[ cut here ]------------
         [52174.513278] WARNING: CPU: 12 PID: 28024 at fs/btrfs/inode.c:3986 __btrfs_unlink_inode+0x178/0x351 [btrfs]()
         [52174.514681] BTRFS: Transaction aborted (error -2)
         [52174.515630] Modules linked in: btrfs dm_flakey dm_mod overlay crc32c_generic ppdev xor raid6_pq acpi_cpufreq parport_pc tpm_tis sg parport tpm evdev i2c_piix4 proc
         [52174.521568] CPU: 12 PID: 28024 Comm: mount Tainted: G        W       4.5.0-rc6-btrfs-next-27+ #1
         [52174.522805] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS by qemu-project.org 04/01/2014
         [52174.524053]  0000000000000000 ffff8801df2a7710 ffffffff81264e93 ffff8801df2a7758
         [52174.524053]  0000000000000009 ffff8801df2a7748 ffffffff81051618 ffffffffa03591cd
         [52174.524053]  00000000fffffffe ffff88015e6e5000 ffff88016dbc3c88 ffff88016dbc3c88
         [52174.524053] Call Trace:
         [52174.524053]  [<ffffffff81264e93>] dump_stack+0x67/0x90
         [52174.524053]  [<ffffffff81051618>] warn_slowpath_common+0x99/0xb2
         [52174.524053]  [<ffffffffa03591cd>] ? __btrfs_unlink_inode+0x178/0x351 [btrfs]
         [52174.524053]  [<ffffffff81051679>] warn_slowpath_fmt+0x48/0x50
         [52174.524053]  [<ffffffffa03591cd>] __btrfs_unlink_inode+0x178/0x351 [btrfs]
         [52174.524053]  [<ffffffff8118f5e9>] ? iput+0xb0/0x284
         [52174.524053]  [<ffffffffa0359fe8>] btrfs_unlink_inode+0x1c/0x3d [btrfs]
         [52174.524053]  [<ffffffffa038631e>] check_item_in_log+0x1fe/0x29b [btrfs]
         [52174.524053]  [<ffffffffa0386522>] replay_dir_deletes+0x167/0x1cf [btrfs]
         [52174.524053]  [<ffffffffa038739e>] fixup_inode_link_count+0x289/0x2aa [btrfs]
         [52174.524053]  [<ffffffffa038748a>] fixup_inode_link_counts+0xcb/0x105 [btrfs]
         [52174.524053]  [<ffffffffa038a5ec>] btrfs_recover_log_trees+0x258/0x32c [btrfs]
         [52174.524053]  [<ffffffffa03885b2>] ? replay_one_extent+0x511/0x511 [btrfs]
         [52174.524053]  [<ffffffffa034f288>] open_ctree+0x1dd4/0x21b9 [btrfs]
         [52174.524053]  [<ffffffffa032b753>] btrfs_mount+0x97e/0xaed [btrfs]
         [52174.524053]  [<ffffffff8108e1b7>] ? trace_hardirqs_on+0xd/0xf
         [52174.524053]  [<ffffffff8117bafa>] mount_fs+0x67/0x131
         [52174.524053]  [<ffffffff81193003>] vfs_kern_mount+0x6c/0xde
         [52174.524053]  [<ffffffffa032af81>] btrfs_mount+0x1ac/0xaed [btrfs]
         [52174.524053]  [<ffffffff8108e1b7>] ? trace_hardirqs_on+0xd/0xf
         [52174.524053]  [<ffffffff8108c262>] ? lockdep_init_map+0xb9/0x1b3
         [52174.524053]  [<ffffffff8117bafa>] mount_fs+0x67/0x131
         [52174.524053]  [<ffffffff81193003>] vfs_kern_mount+0x6c/0xde
         [52174.524053]  [<ffffffff8119590f>] do_mount+0x8a6/0x9e8
         [52174.524053]  [<ffffffff811358dd>] ? strndup_user+0x3f/0x59
         [52174.524053]  [<ffffffff81195c65>] SyS_mount+0x77/0x9f
         [52174.524053]  [<ffffffff814935d7>] entry_SYSCALL_64_fastpath+0x12/0x6b
         [52174.561288] ---[ end trace 6b53049efb1a3ea6 ]---
      
      Fix this by forcing a transaction commit when such cases happen.
      This means we check in the commit root of the subvolume tree if there
      was any other inode with the same reference when the inode we are
      fsync'ing is a new inode (created in the current transaction).
      
      Test cases for fstests, covering all the scenarios given above, were
      submitted upstream for fstests:
      
        * fstests: generic test for fsync after renaming directory
          https://patchwork.kernel.org/patch/8694281/
      
        * fstests: generic test for fsync after renaming file
          https://patchwork.kernel.org/patch/8694301/
      
        * fstests: add btrfs test for fsync after snapshot deletion
          https://patchwork.kernel.org/patch/8670671/Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarChris Mason <clm@fb.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      ff440e91
    • Joerg Roedel's avatar
      iommu: Don't overwrite domain pointer when there is no default_domain · dccfd02d
      Joerg Roedel authored
      commit eebb8034 upstream.
      
      IOMMU drivers that do not support default domains, but make
      use of the the group->domain pointer can get that pointer
      overwritten with NULL on device add/remove.
      
      Make sure this can't happen by only overwriting the domain
      pointer when it is NULL.
      
      Fixes: 1228236d ('iommu: Move default domain allocation to iommu_group_get_for_dev()')
      Signed-off-by: default avatarJoerg Roedel <jroedel@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      dccfd02d
    • Theodore Ts'o's avatar
      ext4: ignore quota mount options if the quota feature is enabled · 9b77d0df
      Theodore Ts'o authored
      commit c325a67c upstream.
      
      Previously, ext4 would fail the mount if the file system had the quota
      feature enabled and quota mount options (used for the older quota
      setups) were present.  This broke xfstests, since xfs silently ignores
      the usrquote and grpquota mount options if they are specified.  This
      commit changes things so that we are consistent with xfs; having the
      mount options specified is harmless, so no sense break users by
      forbidding them.
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      9b77d0df
    • Theodore Ts'o's avatar
      ext4: add lockdep annotations for i_data_sem · 0f1aafe3
      Theodore Ts'o authored
      commit daf647d2 upstream.
      
      With the internal Quota feature, mke2fs creates empty quota inodes and
      quota usage tracking is enabled as soon as the file system is mounted.
      Since quotacheck is no longer preallocating all of the blocks in the
      quota inode that are likely needed to be written to, we are now seeing
      a lockdep false positive caused by needing to allocate a quota block
      from inside ext4_map_blocks(), while holding i_data_sem for a data
      inode.  This results in this complaint:
      
        Possible unsafe locking scenario:
      
              CPU0                    CPU1
              ----                    ----
         lock(&ei->i_data_sem);
                                      lock(&s->s_dquot.dqio_mutex);
                                      lock(&ei->i_data_sem);
         lock(&s->s_dquot.dqio_mutex);
      
      Google-Bug-Id: 27907753
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      0f1aafe3
    • Filipe Manana's avatar
      btrfs: fix crash/invalid memory access on fsync when using overlayfs · dcc6f2dd
      Filipe Manana authored
      commit de17e793 upstream.
      
      If the lower or upper directory of an overlayfs mount belong to a btrfs
      file system and we fsync the file through the overlayfs' merged directory
      we ended up accessing an inode that didn't belong to btrfs as if it were
      a btrfs inode at btrfs_sync_file() resulting in a crash like the following:
      
      [ 7782.588845] BUG: unable to handle kernel NULL pointer dereference at 0000000000000544
      [ 7782.590624] IP: [<ffffffffa030b7ab>] btrfs_sync_file+0x11b/0x3e9 [btrfs]
      [ 7782.591931] PGD 4d954067 PUD 1e878067 PMD 0
      [ 7782.592016] Oops: 0002 [#6] PREEMPT SMP DEBUG_PAGEALLOC
      [ 7782.592016] Modules linked in: btrfs overlay ppdev crc32c_generic evdev xor raid6_pq psmouse pcspkr sg serio_raw acpi_cpufreq parport_pc parport tpm_tis i2c_piix4 tpm i2c_core processor button loop autofs4 ext4 crc16 mbcache jbd2 sr_mod cdrom sd_mod ata_generic virtio_scsi ata_piix virtio_pci libata virtio_ring virtio scsi_mod e1000 floppy [last unloaded: btrfs]
      [ 7782.592016] CPU: 10 PID: 16437 Comm: xfs_io Tainted: G      D         4.5.0-rc6-btrfs-next-26+ #1
      [ 7782.592016] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS by qemu-project.org 04/01/2014
      [ 7782.592016] task: ffff88001b8d40c0 ti: ffff880137488000 task.ti: ffff880137488000
      [ 7782.592016] RIP: 0010:[<ffffffffa030b7ab>]  [<ffffffffa030b7ab>] btrfs_sync_file+0x11b/0x3e9 [btrfs]
      [ 7782.592016] RSP: 0018:ffff88013748be40  EFLAGS: 00010286
      [ 7782.592016] RAX: 0000000080000000 RBX: ffff880133b30c88 RCX: 0000000000000001
      [ 7782.592016] RDX: 0000000000000001 RSI: ffffffff8148fec0 RDI: 00000000ffffffff
      [ 7782.592016] RBP: ffff88013748bec0 R08: 0000000000000001 R09: 0000000000000000
      [ 7782.624248] R10: ffff88013748be40 R11: 0000000000000246 R12: 0000000000000000
      [ 7782.624248] R13: 0000000000000000 R14: 00000000009305a0 R15: ffff880015e3be40
      [ 7782.624248] FS:  00007fa83b9cb700(0000) GS:ffff88023ed40000(0000) knlGS:0000000000000000
      [ 7782.624248] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [ 7782.624248] CR2: 0000000000000544 CR3: 00000001fa652000 CR4: 00000000000006e0
      [ 7782.624248] Stack:
      [ 7782.624248]  ffffffff8108b5cc ffff88013748bec0 0000000000000246 ffff8800b005ded0
      [ 7782.624248]  ffff880133b30d60 8000000000000000 7fffffffffffffff 0000000000000246
      [ 7782.624248]  0000000000000246 ffffffff81074f9b ffffffff8104357c ffff880015e3be40
      [ 7782.624248] Call Trace:
      [ 7782.624248]  [<ffffffff8108b5cc>] ? arch_local_irq_save+0x9/0xc
      [ 7782.624248]  [<ffffffff81074f9b>] ? ___might_sleep+0xce/0x217
      [ 7782.624248]  [<ffffffff8104357c>] ? __do_page_fault+0x3c0/0x43a
      [ 7782.624248]  [<ffffffff811a2351>] vfs_fsync_range+0x8c/0x9e
      [ 7782.624248]  [<ffffffff811a237f>] vfs_fsync+0x1c/0x1e
      [ 7782.624248]  [<ffffffff811a24d6>] do_fsync+0x31/0x4a
      [ 7782.624248]  [<ffffffff811a2700>] SyS_fsync+0x10/0x14
      [ 7782.624248]  [<ffffffff81493617>] entry_SYSCALL_64_fastpath+0x12/0x6b
      [ 7782.624248] Code: 85 c0 0f 85 e2 02 00 00 48 8b 45 b0 31 f6 4c 29 e8 48 ff c0 48 89 45 a8 48 8d 83 d8 00 00 00 48 89 c7 48 89 45 a0 e8 fc 43 18 e1 <f0> 41 ff 84 24 44 05 00 00 48 8b 83 58 ff ff ff 48 c1 e8 07 83
      [ 7782.624248] RIP  [<ffffffffa030b7ab>] btrfs_sync_file+0x11b/0x3e9 [btrfs]
      [ 7782.624248]  RSP <ffff88013748be40>
      [ 7782.624248] CR2: 0000000000000544
      [ 7782.661994] ---[ end trace 721e14960eb939bc ]---
      
      This started happening since commit 4bacc9c9 (overlayfs: Make f_path
      always point to the overlay and f_inode to the underlay) and even though
      after this change we could still access the btrfs inode through
      struct file->f_mapping->host or struct file->f_inode, we would end up
      resulting in more similar issues later on at check_parent_dirs_for_sync()
      because the dentry we got (from struct file->f_path.dentry) was from
      overlayfs and not from btrfs, that is, we had no way of getting the dentry
      that belonged to btrfs (we always got the dentry that belonged to
      overlayfs).
      
      The new patch from Miklos Szeredi, titled "vfs: add file_dentry()" and
      recently submitted to linux-fsdevel, adds a file_dentry() API that allows
      us to get the btrfs dentry from the input file and therefore being able
      to fsync when the upper and lower directories belong to btrfs filesystems.
      
      This issue has been reported several times by users in the mailing list
      and bugzilla. A test case for xfstests is being submitted as well.
      
      Fixes: 4bacc9c9 ("overlayfs: Make f_path always point to the overlay and f_inode to the underlay")
      Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=101951
      Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=109791Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarChris Mason <clm@fb.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      dcc6f2dd
    • Miklos Szeredi's avatar
      ext4: use file_dentry() · 846b2696
      Miklos Szeredi authored
      commit c0a37d48 upstream.
      
      EXT4 may be used as lower layer of overlayfs and accessing f_path.dentry
      can lead to a crash.
      
      Fix by replacing direct access of file->f_path.dentry with the
      file_dentry() accessor, which will always return a native object.
      Reported-by: default avatarDaniel Axtens <dja@axtens.net>
      Fixes: 4bacc9c9 ("overlayfs: Make f_path always point to the overlay and f_inode to the underlay")
      Fixes: ff978b09 ("ext4 crypto: move context consistency check to ext4_file_open()")
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      Cc: David Howells <dhowells@redhat.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      846b2696
    • Miklos Szeredi's avatar
      ext4: use dget_parent() in ext4_file_open() · 7222d930
      Miklos Szeredi authored
      commit 9dd78d8c upstream.
      
      In f_op->open() lock on parent is not held, so there's no guarantee that
      parent dentry won't go away at any time.
      
      Even after this patch there's no guarantee that 'dir' will stay the parent
      of 'inode', but at least it won't be freed while being used.
      
      Fixes: ff978b09 ("ext4 crypto: move context consistency check to ext4_file_open()")
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      7222d930
    • Theodore Ts'o's avatar
      ext4 crypto: use dget_parent() in ext4_d_revalidate() · 022cb938
      Theodore Ts'o authored
      commit 3d43bcfe upstream.
      
      This avoids potential problems caused by a race where the inode gets
      renamed out from its parent directory and the parent directory is
      deleted while ext4_d_revalidate() is running.
      
      Fixes: 28b4c263Reported-by: default avatarAl Viro <viro@ZenIV.linux.org.uk>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      022cb938
    • Miklos Szeredi's avatar
      nfs: use file_dentry() · 385e5edc
      Miklos Szeredi authored
      commit be62a1a8 upstream.
      
      NFS may be used as lower layer of overlayfs and accessing f_path.dentry can
      lead to a crash.
      
      Fix by replacing direct access of file->f_path.dentry with the
      file_dentry() accessor, which will always return a native object.
      
      Fixes: 4bacc9c9 ("overlayfs: Make f_path always point to the overlay and f_inode to the underlay")
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      Tested-by: default avatarGoldwyn Rodrigues <rgoldwyn@suse.com>
      Acked-by: default avatarTrond Myklebust <trond.myklebust@primarydata.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      Cc: David Howells <dhowells@redhat.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      385e5edc
    • Miklos Szeredi's avatar
      fs: add file_dentry() · 0a20aeaa
      Miklos Szeredi authored
      commit d101a125 upstream.
      
      This series fixes bugs in nfs and ext4 due to 4bacc9c9 ("overlayfs:
      Make f_path always point to the overlay and f_inode to the underlay").
      
      Regular files opened on overlayfs will result in the file being opened on
      the underlying filesystem, while f_path points to the overlayfs
      mount/dentry.
      
      This confuses filesystems which get the dentry from struct file and assume
      it's theirs.
      
      Add a new helper, file_dentry() [*], to get the filesystem's own dentry
      from the file.  This checks file->f_path.dentry->d_flags against
      DCACHE_OP_REAL, and returns file->f_path.dentry if DCACHE_OP_REAL is not
      set (this is the common, non-overlayfs case).
      
      In the uncommon case it will call into overlayfs's ->d_real() to get the
      underlying dentry, matching file_inode(file).
      
      The reason we need to check against the inode is that if the file is copied
      up while being open, d_real() would return the upper dentry, while the open
      file comes from the lower dentry.
      
      [*] If possible, it's better simply to use file_inode() instead.
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      Tested-by: default avatarGoldwyn Rodrigues <rgoldwyn@suse.com>
      Reviewed-by: default avatarTrond Myklebust <trond.myklebust@primarydata.com>
      Cc: David Howells <dhowells@redhat.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Daniel Axtens <dja@axtens.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      0a20aeaa
    • Martin K. Petersen's avatar
      sd: Fix excessive capacity printing on devices with blocks bigger than 512 bytes · 0cfb108d
      Martin K. Petersen authored
      commit f08bb1e0 upstream.
      
      During revalidate we check whether device capacity has changed before we
      decide whether to output disk information or not.
      
      The check for old capacity failed to take into account that we scaled
      sdkp->capacity based on the reported logical block size. And therefore
      the capacity test would always fail for devices with sectors bigger than
      512 bytes and we would print several copies of the same discovery
      information.
      
      Avoid scaling sdkp->capacity and instead adjust the value on the fly
      when setting the block device capacity and generating fake C/H/S
      geometry.
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      Reported-by: default avatarHannes Reinecke <hare@suse.de>
      Reviewed-by: default avatarHannes Reinicke <hare@suse.de>
      Reviewed-by: default avatarEwan Milne <emilne@redhat.com>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      0cfb108d
    • Irina Tirdea's avatar
      iio: gyro: bmg160: fix endianness when reading axes · 91b77964
      Irina Tirdea authored
      commit 95e7ff03 upstream.
      
      For big endian platforms, reading the axes will return
      invalid values.
      
      The device stores each axis value in a 16 bit little
      endian register. The driver uses regmap_read_bulk to get
      the axis value, resulting in a 16 bit little endian value.
      This needs to be converted to cpu endianness to work
      on big endian platforms.
      
      Fix endianness for big endian platforms by converting
      the values for the axes read from little endian to
      cpu.
      
      This is also partially fixed in commit 82d8e5da1a33 ("iio:
      accel: bmg160: optimize transfers in trigger handler").
      Signed-off-by: default avatarIrina Tirdea <irina.tirdea@intel.com>
      Signed-off-by: default avatarJonathan Cameron <jic23@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      91b77964
    • Irina Tirdea's avatar
      iio: gyro: bmg160: fix buffer read values · a18addcc
      Irina Tirdea authored
      commit b475c59b upstream.
      
      When reading gyroscope axes using iio buffers, the values
      returned are always 0. In the interrupt handler, the return
      value of the read operation is returned to the user instead
      of the value read. Return the value read to the user.
      
      This is also fixed in commit 82d8e5da1a33 ("iio:
      accel: bmg160: optimize transfers in trigger handler").
      Signed-off-by: default avatarIrina Tirdea <irina.tirdea@intel.com>
      Signed-off-by: default avatarJonathan Cameron <jic23@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      a18addcc
    • Irina Tirdea's avatar
      iio: accel: bmc150: fix endianness when reading axes · 0fad138b
      Irina Tirdea authored
      commit 2215f31d upstream.
      
      For big endian platforms, reading the axes will return
      invalid values.
      
      The device stores each axis value in a 16 bit little
      endian register. The driver uses regmap_read_bulk to get
      the axis value, resulting in a 16 bit little endian value.
      This needs to be converted to cpu endianness to work
      on big endian platforms.
      
      Fix endianness for big endian platforms by converting
      the values for the axes read from little endian to
      cpu.
      
      This is also partially fixed in commit b6fb9b6d6552 ("iio:
      accel: bmc150: optimize transfers in trigger handler").
      Signed-off-by: default avatarIrina Tirdea <irina.tirdea@intel.com>
      Signed-off-by: default avatarJonathan Cameron <jic23@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      0fad138b
    • Arnd Bergmann's avatar
      iio: st_magn: always define ST_MAGN_TRIGGER_SET_STATE · 3f241a3b
      Arnd Bergmann authored
      commit 9b090a98 upstream.
      
      When CONFIG_IIO_TRIGGER is enabled but CONFIG_IIO_BUFFER is
      not, we get a build error in the st_magn driver:
      
      drivers/iio/magnetometer/st_magn_core.c:573:23: error: 'ST_MAGN_TRIGGER_SET_STATE' undeclared here (not in a function)
        .set_trigger_state = ST_MAGN_TRIGGER_SET_STATE,
                             ^~~~~~~~~~~~~~~~~~~~~~~~~
      
      Apparently, this ST_MAGN_TRIGGER_SET_STATE macro was meant to
      be set to NULL when the definition is not available because
      st_magn_buffer.c is not compiled, but the alternative definition
      was not included in the original patch. This adds it.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Fixes: 74f5683f ("iio: st_magn: Add irq trigger handling")
      Acked-by: default avatarDenis Ciocca <denis.ciocca@st.com>
      Signed-off-by: default avatarJonathan Cameron <jic23@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      3f241a3b
    • Irina Tirdea's avatar
      iio: fix config watermark initial value · 9f1aedb4
      Irina Tirdea authored
      commit 1bef2c1d upstream.
      
      config structure is set to 0 when updating the buffers, so by
      default config->watermark will be 0. When computing the minimum
      between config->watermark and the buffer->watermark or
      insert_buffer-watermark, this will always be 0 regardless of the
      value set by the user for the buffer.
      
      Set as initial value for config->watermark the maximum allowed
      value so that the minimum value will always be set from one of the
      buffers.
      Signed-off-by: default avatarIrina Tirdea <irina.tirdea@intel.com>
      Fixes: f0566c0c ("iio: Set device watermark based on watermark of all
      attached buffers")
      Signed-off-by: default avatarJonathan Cameron <jic23@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      9f1aedb4