1. 06 Jun, 2015 40 commits
    • Christoph Hellwig's avatar
      nfsd: fix the check for confirmed openowner in nfs4_preprocess_stateid_op · 4ddaddda
      Christoph Hellwig authored
      commit ebe9cb3b upstream.
      
      If we find a non-confirmed openowner we jump to exit the function, but do
      not set an error value.  Fix this by factoring out a helper to do the
      check and properly set the error from nfsd4_validate_stateid.
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      4ddaddda
    • Christoph Hellwig's avatar
      nfsd/blocklayout: pretend we can send deviceid notifications · 070f7419
      Christoph Hellwig authored
      commit 40cdc7a5 upstream.
      
      Commit df52699e ("NFSv4.1: Don't cache deviceids that have no
      notifications") causes the Linux NFS client to stop caching deviceid's
      unless a server pretends to support deviceid notifications.  While this
      behavior is stupid and the language around this area in rfc5661 is a
      mess carified by an errata that I submittted, Trond insists on this
      behavior.  Not caching deviceids degrades block layout performance
      massively as a GETDEVICEINFO is fairly expensive.
      
      So add this hack to make the Linux client happy again.
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      070f7419
    • Mel Gorman's avatar
      mm, numa: really disable NUMA balancing by default on single node machines · f138997c
      Mel Gorman authored
      commit b0dc2b9b upstream.
      
      NUMA balancing is meant to be disabled by default on UMA machines but
      the check is using nr_node_ids (highest node) instead of
      num_online_nodes (online nodes).
      
      The consequences are that a UMA machine with a node ID of 1 or higher
      will enable NUMA balancing.  This will incur useless overhead due to
      minor faults with the impact depending on the workload.  These are the
      impact on the stats when running a kernel build on a single node machine
      whose node ID happened to be 1:
      
        			       vanilla     patched
        NUMA base PTE updates          5113158           0
        NUMA huge PMD updates              643           0
        NUMA page range updates        5442374           0
        NUMA hint faults               2109622           0
        NUMA hint local faults         2109622           0
        NUMA hint local percent            100         100
        NUMA pages migrated                  0           0
      Signed-off-by: default avatarMel Gorman <mgorman@suse.de>
      Reviewed-by: default avatarRik van Riel <riel@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      f138997c
    • Andi Kleen's avatar
      tools/vm: fix page-flags build · 54651d44
      Andi Kleen authored
      commit 4933f55f upstream.
      
      libabikfs.a doesn't exist anymore, so we now need to link with libapi.a.
      Signed-off-by: default avatarAndi Kleen <ak@linux.intel.com>
      Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      54651d44
    • Vladimir Davydov's avatar
      kernfs: do not account ino_ida allocations to memcg · e54fa19a
      Vladimir Davydov authored
      commit 499611ed upstream.
      
      root->ino_ida is used for kernfs inode number allocations. Since IDA has
      a layered structure, different IDs can reside on the same layer, which
      is currently accounted to some memory cgroup. The problem is that each
      kmem cache of a memory cgroup has its own directory on sysfs (under
      /sys/fs/kernel/<cache-name>/cgroup). If the inode number of such a
      directory or any file in it gets allocated from a layer accounted to the
      cgroup which the cache is created for, the cgroup will get pinned for
      good, because one has to free all kmem allocations accounted to a cgroup
      in order to release it and destroy all its kmem caches. That said we
      must not account layers of ino_ida to any memory cgroup.
      
      Since per net init operations may create new sysfs entries directly
      (e.g. lo device) or indirectly (nf_conntrack creates a new kmem cache
      per each namespace, which, in turn, creates new sysfs entries), an easy
      way to reproduce this issue is by creating network namespace(s) from
      inside a kmem-active memory cgroup.
      Signed-off-by: default avatarVladimir Davydov <vdavydov@parallels.com>
      Acked-by: default avatarTejun Heo <tj@kernel.org>
      Cc: Johannes Weiner <hannes@cmpxchg.org>
      Cc: Michal Hocko <mhocko@suse.cz>
      Cc: Christoph Lameter <cl@linux.com>
      Cc: Pekka Enberg <penberg@kernel.org>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
      Cc: Greg Thelen <gthelen@google.com>
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      e54fa19a
    • Vladimir Davydov's avatar
      gfp: add __GFP_NOACCOUNT · 4d039741
      Vladimir Davydov authored
      commit 8f4fc071 upstream.
      
      Not all kmem allocations should be accounted to memcg.  The following
      patch gives an example when accounting of a certain type of allocations to
      memcg can effectively result in a memory leak.  This patch adds the
      __GFP_NOACCOUNT flag which if passed to kmalloc and friends will force the
      allocation to go through the root cgroup.  It will be used by the next
      patch.
      
      Note, since in case of kmemleak enabled each kmalloc implies yet another
      allocation from the kmemleak_object cache, we add __GFP_NOACCOUNT to
      gfp_kmemleak_mask.
      
      Alternatively, we could introduce a per kmem cache flag disabling
      accounting for all allocations of a particular kind, but (a) we would not
      be able to bypass accounting for kmalloc then and (b) a kmem cache with
      this flag set could not be merged with a kmem cache without this flag,
      which would increase the number of global caches and therefore
      fragmentation even if the memory cgroup controller is not used.
      
      Despite its generic name, currently __GFP_NOACCOUNT disables accounting
      only for kmem allocations while user page allocations are always charged.
      To catch abusing of this flag, a warning is issued on an attempt of
      passing it to mem_cgroup_try_charge.
      Signed-off-by: default avatarVladimir Davydov <vdavydov@parallels.com>
      Cc: Tejun Heo <tj@kernel.org>
      Cc: Johannes Weiner <hannes@cmpxchg.org>
      Cc: Michal Hocko <mhocko@suse.cz>
      Cc: Christoph Lameter <cl@linux.com>
      Cc: Pekka Enberg <penberg@kernel.org>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
      Cc: Greg Thelen <gthelen@google.com>
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      4d039741
    • Helge Deller's avatar
      parisc,metag: Fix crashes due to stack randomization on stack-grows-upwards architectures · a9996d15
      Helge Deller authored
      commit d045c77c upstream.
      
      On architectures where the stack grows upwards (CONFIG_STACK_GROWSUP=y,
      currently parisc and metag only) stack randomization sometimes leads to crashes
      when the stack ulimit is set to lower values than STACK_RND_MASK (which is 8 MB
      by default if not defined in arch-specific headers).
      
      The problem is, that when the stack vm_area_struct is set up in fs/exec.c, the
      additional space needed for the stack randomization (as defined by the value of
      STACK_RND_MASK) was not taken into account yet and as such, when the stack
      randomization code added a random offset to the stack start, the stack
      effectively got smaller than what the user defined via rlimit_max(RLIMIT_STACK)
      which then sometimes leads to out-of-stack situations and crashes.
      
      This patch fixes it by adding the maximum possible amount of memory (based on
      STACK_RND_MASK) which theoretically could be added by the stack randomization
      code to the initial stack size. That way, the user-defined stack size is always
      guaranteed to be at minimum what is defined via rlimit_max(RLIMIT_STACK).
      
      This bug is currently not visible on the metag architecture, because on metag
      STACK_RND_MASK is defined to 0 which effectively disables stack randomization.
      
      The changes to fs/exec.c are inside an "#ifdef CONFIG_STACK_GROWSUP"
      section, so it does not affect other platformws beside those where the
      stack grows upwards (parisc and metag).
      Signed-off-by: default avatarHelge Deller <deller@gmx.de>
      Cc: linux-parisc@vger.kernel.org
      Cc: James Hogan <james.hogan@imgtec.com>
      Cc: linux-metag@vger.kernel.org
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      a9996d15
    • Russell King's avatar
      ARM: fix missing syscall trace exit · eeb50f81
      Russell King authored
      commit 1b979372 upstream.
      
      Josh Stone reports:
      
        I've discovered a case where both arm and arm64 will miss a ptrace
        syscall-exit that they should report.  If the syscall is entered
        without TIF_SYSCALL_TRACE set, then it goes on the fast path.  It's
        then possible to have TIF_SYSCALL_TRACE added in the middle of the
        syscall, but ret_fast_syscall doesn't check this flag again.
      
      Fix this by always checking for a syscall trace in the fast exit path.
      Reported-by: default avatarJosh Stone <jistone@redhat.com>
      Signed-off-by: default avatarRussell King <rmk+kernel@arm.linux.org.uk>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      eeb50f81
    • Inki Dae's avatar
      ARM: dts: set display clock correctly for exynos4412-trats2 · d341d828
      Inki Dae authored
      commit 242ddf04 upstream.
      
      This patch sets display clock correctly. If Display clock isn't set
      correctly then you would find below messages and Display controller
      doesn't work correctly.
      
       exynos-drm: No connectors reported connected with modes
       [drm] Cannot find any crtc or sizes - going 1024x768
      
      Fixes: abc0b144 ("drm: Perform basic sanity checks on probed modes")
      Signed-off-by: default avatarInki Dae <inki.dae@samsung.com>
      Reviewed-by: default avatarKrzysztof Kozlowski <k.kozlowski@samsung.com>
      Tested-by: default avatarKrzysztof Kozlowski <k.kozlowski@samsung.com>
      Signed-off-by: default avatarKukjin Kim <kgene@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      d341d828
    • Shawn Guo's avatar
      ARM: dts: fix imx27 dtb build rule · 4fd61a1c
      Shawn Guo authored
      commit e46b5a64 upstream.
      
      The i.MX27 dtb build should be controlled by CONFIG_SOC_IMX27 rather
      than CONFIG_SOC_IMX31.
      Signed-off-by: default avatarShawn Guo <shawn.guo@linaro.org>
      Fixes: cb612390 ("ARM: dts: Only build dtb if associated Arch and/or SoC is enabled")
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      4fd61a1c
    • Philippe Reynes's avatar
      ARM: dts: imx27: only map 4 Kbyte for fec registers · 824cc6b4
      Philippe Reynes authored
      commit a29ef819 upstream.
      
      According to the imx27 documentation, fec has a 4 Kbyte
      memory space map. Moreover, the actual 16 Kbyte mapping
      overlaps the SCC (Security Controller) memory register
      space. So, we reduce the memory register space to 4 Kbyte.
      Signed-off-by: default avatarPhilippe Reynes <tremyfr@gmail.com>
      Acked-by: default avatarUwe Kleine-König <u.kleine-koenig@pengutronix.de>
      Fixes: 9f0749e3 ("ARM i.MX27: Add devicetree support")
      Signed-off-by: default avatarShawn Guo <shawn.guo@linaro.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      824cc6b4
    • Krzysztof Kozlowski's avatar
      ARM: EXYNOS: Fix dereference of ERR_PTR returned by of_genpd_get_from_provider · 653a1273
      Krzysztof Kozlowski authored
      commit 0b7dc0ff upstream.
      
      ERR_PTR was dereferenced during sub domain parsing, if parent domain
      could not be obtained (because of invalid phandle or deferred
      registration of parent domain).
      
      The Exynos power domain code checked whether
      of_genpd_get_from_provider() returned NULL and in that case it skipped
      that power domain node. However this function returns ERR_PTR or valid
      pointer, not NULL.
      
      Fixes: 0f780751 ("ARM: EXYNOS: add support for sub-power domains")
      Signed-off-by: default avatarKrzysztof Kozlowski <k.kozlowski@samsung.com>
      Signed-off-by: default avatarKukjin Kim <kgene@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      653a1273
    • Mark Rutland's avatar
      ARM: 8356/1: mm: handle non-pmd-aligned end of RAM · 4d7b5527
      Mark Rutland authored
      commit 965278dc upstream.
      
      At boot time we round the memblock limit down to section size in an
      attempt to ensure that we will have mapped this RAM with section
      mappings prior to allocating from it. When mapping RAM we iterate over
      PMD-sized chunks, creating these section mappings.
      
      Section mappings are only created when the end of a chunk is aligned to
      section size. Unfortunately, with classic page tables (where PMD_SIZE is
      2 * SECTION_SIZE) this means that if a chunk is between 1M and 2M in
      size the first 1M will not be mapped despite having been accounted for
      in the memblock limit. This has been observed to result in page tables
      being allocated from unmapped memory, causing boot-time hangs.
      
      This patch modifies the memblock limit rounding to always round down to
      PMD_SIZE instead of SECTION_SIZE. For classic MMU this means that we
      will round the memblock limit down to a 2M boundary, matching the limits
      on section mappings, and preventing allocations from unmapped memory.
      For LPAE there should be no change as PMD_SIZE == SECTION_SIZE.
      Signed-off-by: default avatarMark Rutland <mark.rutland@arm.com>
      Reported-by: default avatarStefan Agner <stefan@agner.ch>
      Tested-by: default avatarStefan Agner <stefan@agner.ch>
      Acked-by: default avatarLaura Abbott <labbott@redhat.com>
      Tested-by: default avatarHans de Goede <hdegoede@redhat.com>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Steve Capper <steve.capper@linaro.org>
      Signed-off-by: default avatarRussell King <rmk+kernel@arm.linux.org.uk>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      4d7b5527
    • Shaohua Li's avatar
      sched: always use blk_schedule_flush_plug in io_schedule_out · 22f546a3
      Shaohua Li authored
      commit 10d784ea upstream.
      
      block plug callback could sleep, so we introduce a parameter
      'from_schedule' and corresponding drivers can use it to destinguish a
      schedule plug flush or a plug finish. Unfortunately io_schedule_out
      still uses blk_flush_plug(). This causes below output (Note, I added a
      might_sleep() in raid1_unplug to make it trigger faster, but the whole
      thing doesn't matter if I add might_sleep). In raid1/10, this can cause
      deadlock.
      
      This patch makes io_schedule_out always uses blk_schedule_flush_plug.
      This should only impact drivers (as far as I know, raid 1/10) which are
      sensitive to the 'from_schedule' parameter.
      
      [  370.817949] ------------[ cut here ]------------
      [  370.817960] WARNING: CPU: 7 PID: 145 at ../kernel/sched/core.c:7306 __might_sleep+0x7f/0x90()
      [  370.817969] do not call blocking ops when !TASK_RUNNING; state=2 set at [<ffffffff81092fcf>] prepare_to_wait+0x2f/0x90
      [  370.817971] Modules linked in: raid1
      [  370.817976] CPU: 7 PID: 145 Comm: kworker/u16:9 Tainted: G        W       4.0.0+ #361
      [  370.817977] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140709_153802- 04/01/2014
      [  370.817983] Workqueue: writeback bdi_writeback_workfn (flush-9:1)
      [  370.817985]  ffffffff81cd83be ffff8800ba8cb298 ffffffff819dd7af 0000000000000001
      [  370.817988]  ffff8800ba8cb2e8 ffff8800ba8cb2d8 ffffffff81051afc ffff8800ba8cb2c8
      [  370.817990]  ffffffffa00061a8 000000000000041e 0000000000000000 ffff8800ba8cba28
      [  370.817993] Call Trace:
      [  370.817999]  [<ffffffff819dd7af>] dump_stack+0x4f/0x7b
      [  370.818002]  [<ffffffff81051afc>] warn_slowpath_common+0x8c/0xd0
      [  370.818004]  [<ffffffff81051b86>] warn_slowpath_fmt+0x46/0x50
      [  370.818006]  [<ffffffff81092fcf>] ? prepare_to_wait+0x2f/0x90
      [  370.818008]  [<ffffffff81092fcf>] ? prepare_to_wait+0x2f/0x90
      [  370.818010]  [<ffffffff810776ef>] __might_sleep+0x7f/0x90
      [  370.818014]  [<ffffffffa0000c03>] raid1_unplug+0xd3/0x170 [raid1]
      [  370.818024]  [<ffffffff81421d9a>] blk_flush_plug_list+0x8a/0x1e0
      [  370.818028]  [<ffffffff819e3550>] ? bit_wait+0x50/0x50
      [  370.818031]  [<ffffffff819e21b0>] io_schedule_timeout+0x130/0x140
      [  370.818033]  [<ffffffff819e3586>] bit_wait_io+0x36/0x50
      [  370.818034]  [<ffffffff819e31b5>] __wait_on_bit+0x65/0x90
      [  370.818041]  [<ffffffff8125b67c>] ? ext4_read_block_bitmap_nowait+0xbc/0x630
      [  370.818043]  [<ffffffff819e3550>] ? bit_wait+0x50/0x50
      [  370.818045]  [<ffffffff819e3302>] out_of_line_wait_on_bit+0x72/0x80
      [  370.818047]  [<ffffffff810935e0>] ? autoremove_wake_function+0x40/0x40
      [  370.818050]  [<ffffffff811de744>] __wait_on_buffer+0x44/0x50
      [  370.818053]  [<ffffffff8125ae80>] ext4_wait_block_bitmap+0xe0/0xf0
      [  370.818058]  [<ffffffff812975d6>] ext4_mb_init_cache+0x206/0x790
      [  370.818062]  [<ffffffff8114bc6c>] ? lru_cache_add+0x1c/0x50
      [  370.818064]  [<ffffffff81297c7e>] ext4_mb_init_group+0x11e/0x200
      [  370.818066]  [<ffffffff81298231>] ext4_mb_load_buddy+0x341/0x360
      [  370.818068]  [<ffffffff8129a1a3>] ext4_mb_find_by_goal+0x93/0x2f0
      [  370.818070]  [<ffffffff81295b54>] ? ext4_mb_normalize_request+0x1e4/0x5b0
      [  370.818072]  [<ffffffff8129ab67>] ext4_mb_regular_allocator+0x67/0x460
      [  370.818074]  [<ffffffff81295b54>] ? ext4_mb_normalize_request+0x1e4/0x5b0
      [  370.818076]  [<ffffffff8129ca4b>] ext4_mb_new_blocks+0x4cb/0x620
      [  370.818079]  [<ffffffff81290956>] ext4_ext_map_blocks+0x4c6/0x14d0
      [  370.818081]  [<ffffffff812a4d4e>] ? ext4_es_lookup_extent+0x4e/0x290
      [  370.818085]  [<ffffffff8126399d>] ext4_map_blocks+0x14d/0x4f0
      [  370.818088]  [<ffffffff81266fbd>] ext4_writepages+0x76d/0xe50
      [  370.818094]  [<ffffffff81149691>] do_writepages+0x21/0x50
      [  370.818097]  [<ffffffff811d5c00>] __writeback_single_inode+0x60/0x490
      [  370.818099]  [<ffffffff811d630a>] writeback_sb_inodes+0x2da/0x590
      [  370.818103]  [<ffffffff811abf4b>] ? trylock_super+0x1b/0x50
      [  370.818105]  [<ffffffff811abf4b>] ? trylock_super+0x1b/0x50
      [  370.818107]  [<ffffffff811d665f>] __writeback_inodes_wb+0x9f/0xd0
      [  370.818109]  [<ffffffff811d69db>] wb_writeback+0x34b/0x3c0
      [  370.818111]  [<ffffffff811d70df>] bdi_writeback_workfn+0x23f/0x550
      [  370.818116]  [<ffffffff8106bbd8>] process_one_work+0x1c8/0x570
      [  370.818117]  [<ffffffff8106bb5b>] ? process_one_work+0x14b/0x570
      [  370.818119]  [<ffffffff8106c09b>] worker_thread+0x11b/0x470
      [  370.818121]  [<ffffffff8106bf80>] ? process_one_work+0x570/0x570
      [  370.818124]  [<ffffffff81071868>] kthread+0xf8/0x110
      [  370.818126]  [<ffffffff81071770>] ? kthread_create_on_node+0x210/0x210
      [  370.818129]  [<ffffffff819e9322>] ret_from_fork+0x42/0x70
      [  370.818131]  [<ffffffff81071770>] ? kthread_create_on_node+0x210/0x210
      [  370.818132] ---[ end trace 7b4deb71e68b6605 ]---
      
      V2: don't change ->in_iowait
      
      Cc: NeilBrown <neilb@suse.de>
      Signed-off-by: default avatarShaohua Li <shli@fb.com>
      Reviewed-by: default avatarJeff Moyer <jmoyer@redhat.com>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      Cc: poma <pomidorabelisima@gmail.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      22f546a3
    • Thomas Gleixner's avatar
      sched: Handle priority boosted tasks proper in setscheduler() · 31f17ffd
      Thomas Gleixner authored
      commit 0782e63b upstream.
      
      Ronny reported that the following scenario is not handled correctly:
      
      	T1 (prio = 10)
      	   lock(rtmutex);
      
      	T2 (prio = 20)
      	   lock(rtmutex)
      	      boost T1
      
      	T1 (prio = 20)
      	   sys_set_scheduler(prio = 30)
      	   T1 prio = 30
      	   ....
      	   sys_set_scheduler(prio = 10)
      	   T1 prio = 30
      
      The last step is wrong as T1 should now be back at prio 20.
      
      Commit c365c292 ("sched: Consider pi boosting in setscheduler()")
      only handles the case where a boosted tasks tries to lower its
      priority.
      
      Fix it by taking the new effective priority into account for the
      decision whether a change of the priority is required.
      Reported-by: default avatarRonny Meeus <ronny.meeus@gmail.com>
      Tested-by: default avatarSteven Rostedt <rostedt@goodmis.org>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
      Reviewed-by: default avatarSteven Rostedt <rostedt@goodmis.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Mike Galbraith <umgwanakikbuti@gmail.com>
      Fixes: c365c292 ("sched: Consider pi boosting in setscheduler()")
      Link: http://lkml.kernel.org/r/alpine.DEB.2.11.1505051806060.4225@nanosSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      31f17ffd
    • Martin Schwidefsky's avatar
      s390/mm: correct return value of pmd_pfn · 4c266d18
      Martin Schwidefsky authored
      commit 7cded342 upstream.
      
      Git commit 152125b7
      "s390/mm: implement dirty bits for large segment table entries"
      broke the pmd_pfn function, it changed the return value from
      'unsigned long' to 'int'. This breaks all machine configurations
      with memory above the 8TB line.
      Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      4c266d18
    • Johannes Berg's avatar
      mac80211: don't use napi_gro_receive() outside NAPI context · 9e1182c1
      Johannes Berg authored
      commit 22d3a3c8 upstream.
      
      No matter how the driver manages its NAPI context, there's no way
      sending frames to it from a timer can be correct, since it would
      corrupt the internal GRO lists.
      
      To avoid that, always use the non-NAPI path when releasing frames
      from the timer.
      Reported-by: default avatarJean Trivelly <jean.trivelly@intel.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      9e1182c1
    • Janusz Dziedzic's avatar
      mac80211: move WEP tailroom size check · 510cfd98
      Janusz Dziedzic authored
      commit 47b4e1fc upstream.
      
      Remove checking tailroom when adding IV as it uses only
      headroom, and move the check to the ICV generation that
      actually needs the tailroom.
      
      In other case I hit such warning and datapath don't work,
      when testing:
      - IBSS + WEP
      - ath9k with hw crypt enabled
      - IPv6 data (ping6)
      
      WARNING: CPU: 3 PID: 13301 at net/mac80211/wep.c:102 ieee80211_wep_add_iv+0x129/0x190 [mac80211]()
      [...]
      Call Trace:
      [<ffffffff817bf491>] dump_stack+0x45/0x57
      [<ffffffff8107746a>] warn_slowpath_common+0x8a/0xc0
      [<ffffffff8107755a>] warn_slowpath_null+0x1a/0x20
      [<ffffffffc09ae109>] ieee80211_wep_add_iv+0x129/0x190 [mac80211]
      [<ffffffffc09ae7ab>] ieee80211_crypto_wep_encrypt+0x6b/0xd0 [mac80211]
      [<ffffffffc09d3fb1>] invoke_tx_handlers+0xc51/0xf30 [mac80211]
      [...]
      Signed-off-by: default avatarJanusz Dziedzic <janusz.dziedzic@tieto.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      510cfd98
    • Harald Freudenberger's avatar
      crypto: s390/ghash - Fix incorrect ghash icv buffer handling. · 3da3b251
      Harald Freudenberger authored
      commit a1cae34e upstream.
      
      Multitheaded tests showed that the icv buffer in the current ghash
      implementation is not handled correctly. A move of this working ghash
      buffer value to the descriptor context fixed this. Code is tested and
      verified with an multithreaded application via af_alg interface.
      Signed-off-by: default avatarHarald Freudenberger <freude@linux.vnet.ibm.com>
      Signed-off-by: default avatarGerald Schaefer <geraldsc@linux.vnet.ibm.com>
      Reported-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      3da3b251
    • Michael Brunner's avatar
      gpio: gpio-kempld: Fix get_direction return value · 130eaf0a
      Michael Brunner authored
      commit f230e8ff upstream.
      
      This patch fixes an inverted return value of the gpio get_direction
      function.
      
      The wrong value causes the direction sysfs entry and GPIO debugfs file
      to indicate incorrect GPIO direction settings. In some cases it also
      prevents setting GPIO output values.
      
      The problem is also present in all other stable kernel versions since
      linux-3.12.
      Reported-by: default avatarJochen Henneberg <jh@henneberg-systemdesign.com>
      Signed-off-by: default avatarMichael Brunner <michael.brunner@kontron.com>
      Reviewed-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      130eaf0a
    • Ard Biesheuvel's avatar
      ARM: 8325/1: exynos: move resume code to .text section · 00c1814a
      Ard Biesheuvel authored
      commit 12833bac upstream.
      
      This code calls cpu_resume() using a straight branch (b), so
      now that we have moved cpu_resume() back to .text, this should
      be moved there as well. Any direct references to symbols that will
      remain in the .data section are replaced with explicit PC-relative
      references.
      Acked-by: default avatarNicolas Pitre <nico@linaro.org>
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarRussell King <rmk+kernel@arm.linux.org.uk>
      Signed-off-by: default avatarKevin Hilman <khilman@linaro.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      00c1814a
    • Scott Branden's avatar
      rt2x00: add new rt2800usb device DWA 130 · f651c412
      Scott Branden authored
      commit ea345c14 upstream.
      
      Add the USB Id to link the D-Link DWA 130 USB Wifi adapter
      to the rt2830 driver.
      Signed-off-by: default avatarScott Branden <sbranden@broadcom.com>
      Signed-off-by: default avatarPieter Truter <ptruter@broadcom.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      Cc: Larry Finger <Larry.Finger@lwfinger.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      f651c412
    • Xi Wang's avatar
      arm64: bpf: fix signedness bug in loading 64-bit immediate · ed1525f3
      Xi Wang authored
      commit 1e4df6b7 upstream.
      
      Consider "(u64)insn1.imm << 32 | imm" in the arm64 JIT.  Since imm is
      signed 32-bit, it is sign-extended to 64-bit, losing the high 32 bits.
      The fix is to convert imm to u32 first, which will be zero-extended to
      u64 implicitly.
      
      Cc: Zi Shen Lim <zlim.lnx@gmail.com>
      Cc: Alexei Starovoitov <ast@plumgrid.com>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Fixes: 30d3d94c ("arm64: bpf: add 'load 64-bit immediate' instruction")
      Signed-off-by: default avatarXi Wang <xi.wang@gmail.com>
      [will: removed non-arm64 bits and redundant casting]
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      ed1525f3
    • Martin K. Petersen's avatar
      libata: Blacklist queued TRIM on all Samsung 800-series · 484cdf4c
      Martin K. Petersen authored
      commit 9a9324d3 upstream.
      
      The queued TRIM problems appear to be generic to Samsung's firmware and
      not tied to a particular model. A recent update to the 840 EVO firmware
      introduced the same issue as we saw on 850 Pro.
      
      Blacklist queued TRIM on all 800-series drives while we work this issue
      with Samsung.
      Reported-by: default avatarGünter Waller <g.wal@web.de>
      Reported-by: default avatarSven Köhler <sven.koehler@gmail.com>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      484cdf4c
    • Gabriele Mazzotta's avatar
      libata: Ignore spurious PHY event on LPM policy change · 8a2c2f84
      Gabriele Mazzotta authored
      commit 09c5b480 upstream.
      
      When the LPM policy is set to ATA_LPM_MAX_POWER, the device might
      generate a spurious PHY event that cuases errors on the link.
      Ignore this event if it occured within 10s after the policy change.
      
      The timeout was chosen observing that on a Dell XPS13 9333 these
      spurious events can occur up to roughly 6s after the policy change.
      
      Link: http://lkml.kernel.org/g/3352987.ugV1Ipy7Z5@xps13Signed-off-by: default avatarGabriele Mazzotta <gabriele.mzt@gmail.com>
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      8a2c2f84
    • Gabriele Mazzotta's avatar
      libata: Add helper to determine when PHY events should be ignored · 38f91fb4
      Gabriele Mazzotta authored
      commit 8393b811 upstream.
      
      This is a preparation commit that will allow to add other criteria
      according to which PHY events should be dropped.
      Signed-off-by: default avatarGabriele Mazzotta <gabriele.mzt@gmail.com>
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      38f91fb4
    • Dan Williams's avatar
      ahci: avoton port-disable reset-quirk · 2d00e908
      Dan Williams authored
      commit dbfe8ef5 upstream.
      
      Avoton AHCI occasionally sees drive probe timeouts at driver load time.
      When this happens SCR_STATUS indicates device detected, but no D2H FIS
      reception.  Reset the internal link state machines by bouncing
      port-enable in the PCS register when this occurs.
      Signed-off-by: default avatarDan Williams <dan.j.williams@intel.com>
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      2d00e908
    • Darrick J. Wong's avatar
      jbd2: fix r_count overflows leading to buffer overflow in journal recovery · 447ceaa3
      Darrick J. Wong authored
      commit e531d0bc upstream.
      
      The journal revoke block recovery code does not check r_count for
      sanity, which means that an evil value of r_count could result in
      the kernel reading off the end of the revoke table and into whatever
      garbage lies beyond.  This could crash the kernel, so fix that.
      
      However, in testing this fix, I discovered that the code to write
      out the revoke tables also was not correctly checking to see if the
      block was full -- the current offset check is fine so long as the
      revoke table space size is a multiple of the record size, but this
      is not true when either journal_csum_v[23] are set.
      Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      Reviewed-by: default avatarJan Kara <jack@suse.cz>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      447ceaa3
    • Eryu Guan's avatar
      ext4: check for zero length extent explicitly · fcfd96db
      Eryu Guan authored
      commit 2f974865 upstream.
      
      The following commit introduced a bug when checking for zero length extent
      
      5946d089 ext4: check for overlapping extents in ext4_valid_extent_entries()
      
      Zero length extent could pass the check if lblock is zero.
      
      Adding the explicit check for zero length back.
      Signed-off-by: default avatarEryu Guan <guaneryu@gmail.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      fcfd96db
    • Lukas Czerner's avatar
      ext4: fix NULL pointer dereference when journal restart fails · 69814155
      Lukas Czerner authored
      commit 9d506594 upstream.
      
      Currently when journal restart fails, we'll have the h_transaction of
      the handle set to NULL to indicate that the handle has been effectively
      aborted. We handle this situation quietly in the jbd2_journal_stop() and just
      free the handle and exit because everything else has been done before we
      attempted (and failed) to restart the journal.
      
      Unfortunately there are a number of problems with that approach
      introduced with commit
      
      41a5b913 "jbd2: invalidate handle if jbd2_journal_restart()
      fails"
      
      First of all in ext4 jbd2_journal_stop() will be called through
      __ext4_journal_stop() where we would try to get a hold of the superblock
      by dereferencing h_transaction which in this case would lead to NULL
      pointer dereference and crash.
      
      In addition we're going to free the handle regardless of the refcount
      which is bad as well, because others up the call chain will still
      reference the handle so we might potentially reference already freed
      memory.
      
      Moreover it's expected that we'll get aborted handle as well as detached
      handle in some of the journalling function as the error propagates up
      the stack, so it's unnecessary to call WARN_ON every time we get
      detached handle.
      
      And finally we might leak some memory by forgetting to free reserved
      handle in jbd2_journal_stop() in the case where handle was detached from
      the transaction (h_transaction is NULL).
      
      Fix the NULL pointer dereference in __ext4_journal_stop() by just
      calling jbd2_journal_stop() quietly as suggested by Jan Kara. Also fix
      the potential memory leak in jbd2_journal_stop() and use proper
      handle refcounting before we attempt to free it to avoid use-after-free
      issues.
      
      And finally remove all WARN_ON(!transaction) from the code so that we do
      not get random traces when something goes wrong because when journal
      restart fails we will get to some of those functions.
      Signed-off-by: default avatarLukas Czerner <lczerner@redhat.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      Reviewed-by: default avatarJan Kara <jack@suse.cz>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      69814155
    • Theodore Ts'o's avatar
      ext4: fix lazytime optimization · 11395c8b
      Theodore Ts'o authored
      commit 8f4d8558 upstream.
      
      We had a fencepost error in the lazytime optimization which means that
      timestamp would get written to the wrong inode.
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      11395c8b
    • Peter Hurley's avatar
      pty: Fix input race when closing · 250fcae7
      Peter Hurley authored
      commit 1a48632f upstream.
      
      A read() from a pty master may mistakenly indicate EOF (errno == -EIO)
      after the pty slave has closed, even though input data remains to be read.
      For example,
      
             pty slave       |        input worker        |    pty master
                             |                            |
                             |                            |   n_tty_read()
      pty_write()            |                            |     input avail? no
        add data             |                            |     sleep
        schedule worker  --->|                            |     .
                             |---> flush_to_ldisc()       |     .
      pty_close()            |       fill read buffer     |     .
        wait for worker      |       wakeup reader    --->|     .
                             |       read buffer full?    |---> input avail ? yes
                             |<---   yes - exit worker    |     copy 4096 bytes to user
        TTY_OTHER_CLOSED <---|                            |<--- kick worker
                             |                            |
      
      		                **** New read() before worker starts ****
      
                             |                            |   n_tty_read()
                             |                            |     input avail? no
                             |                            |     TTY_OTHER_CLOSED? yes
                             |                            |     return -EIO
      
      Several conditions are required to trigger this race:
      1. the ldisc read buffer must become full so the input worker exits
      2. the read() count parameter must be >= 4096 so the ldisc read buffer
         is empty
      3. the subsequent read() occurs before the kicked worker has processed
         more input
      
      However, the underlying cause of the race is that data is pipelined, while
      tty state is not; ie., data already written by the pty slave end is not
      yet visible to the pty master end, but state changes by the pty slave end
      are visible to the pty master end immediately.
      
      Pipeline the TTY_OTHER_CLOSED state through input worker to the reader.
      1. Introduce TTY_OTHER_DONE which is set by the input worker when
         TTY_OTHER_CLOSED is set and either the input buffers are flushed or
         input processing has completed. Readers/polls are woken when
         TTY_OTHER_DONE is set.
      2. Reader/poll checks TTY_OTHER_DONE instead of TTY_OTHER_CLOSED.
      3. A new input worker is started from pty_close() after setting
         TTY_OTHER_CLOSED, which ensures the TTY_OTHER_DONE state will be
         set if the last input worker is already finished (or just about to
         exit).
      
      Remove tty_flush_to_ldisc(); no in-tree callers.
      
      Fixes: 52bce7f8 ("pty, n_tty: Simplify input processing on final close")
      Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=96311
      BugLink: http://bugs.launchpad.net/bugs/1429756Reported-by: default avatarAndy Whitcroft <apw@canonical.com>
      Reported-by: default avatarH.J. Lu <hjl.tools@gmail.com>
      Signed-off-by: default avatarPeter Hurley <peter@hurleysoftware.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      250fcae7
    • Pan Xinhui's avatar
      tty/n_gsm.c: fix a memory leak when gsmtty is removed · a2cdf4d4
      Pan Xinhui authored
      commit 8f9cfeed upstream.
      
      when gsmtty_remove put dlci, it will cause memory leak if dlci->port's refcount is zero.
      So we do the cleanup work in .cleanup callback instead.
      
      dlci will be last put in two call chains.
      1) gsmld_close -> gsm_cleanup_mux -> gsm_dlci_release -> dlci_put
      2) gsmld_remove -> dlci_put
      so there is a race. the memory leak depends on the race.
      
      In call chain 2. we hit the memory leak. below comment tells.
      
      release_tty -> tty_driver_remove_tty -> gsmtty_remove -> dlci_put -> tty_port_destructor (WARN_ON(port->itty) and return directly)
                               |
                      tty->port->itty = NULL;
                               |
                      tty_kref_put ---> release_one_tty -> gsmtty_cleanup (added by our patch)
      
      So our patch fix the memory leak by doing the cleanup work after tty core did.
      Signed-off-by: default avatarPan Xinhui <xinhuix.pan@intel.com>
      Fixes: dfabf7ffAcked-by: default avatarJiri Slaby <jslaby@suse.cz>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      a2cdf4d4
    • Ludovic Desroches's avatar
      mmc: atmel-mci: fix bad variable type for clkdiv · f7f9c2b1
      Ludovic Desroches authored
      commit 60c8f783 upstream.
      
      clkdiv is declared as an u32 but it can be set to a negative value
      causing a huge divisor value. Change its type to int to avoid this case.
      Signed-off-by: default avatarLudovic Desroches <ludovic.desroches@atmel.com>
      Signed-off-by: default avatarUlf Hansson <ulf.hansson@linaro.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      f7f9c2b1
    • Anton Blanchard's avatar
      powerpc: Align TOC to 256 bytes · 22c2549f
      Anton Blanchard authored
      commit 5e95235c upstream.
      
      Recent toolchains force the TOC to be 256 byte aligned. We need
      to enforce this alignment in our linker script, otherwise pointers
      to our TOC variables (__toc_start, __prom_init_toc_start) could
      be incorrect.
      
      If they are bad, we die a few hundred instructions into boot.
      Signed-off-by: default avatarAnton Blanchard <anton@samba.org>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      22c2549f
    • Daniel Axtens's avatar
      powerpc/mce: fix off by one errors in mce event handling · d9169e25
      Daniel Axtens authored
      commit ffb2d78e upstream.
      
      Before 69111bac ("powerpc: Replace __get_cpu_var uses"), in
      save_mce_event, index got the value of mce_nest_count, and
      mce_nest_count was incremented *after* index was set.
      
      However, that patch changed the behaviour so that mce_nest count was
      incremented *before* setting index.
      
      This causes an off-by-one error, as get_mce_event sets index as
      mce_nest_count - 1 before reading mce_event.  Thus get_mce_event reads
      bogus data, causing warnings like
      "Machine Check Exception, Unknown event version 0 !"
      and breaking MCEs handling.
      
      Restore the old behaviour and unbreak MCE handling by subtracting one
      from the newly incremented value.
      
      The same broken change occured in machine_check_queue_event (which set
      a queue read by machine_check_process_queued_event).  Fix that too,
      unbreaking printing of MCE information.
      
      Fixes: 69111bac ("powerpc: Replace __get_cpu_var uses")
      CC: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
      CC: Christoph Lameter <cl@linux.com>
      Signed-off-by: default avatarDaniel Axtens <dja@axtens.net>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      d9169e25
    • Krzysztof Opasiak's avatar
      usb: gadget: configfs: Fix interfaces array NULL-termination · 9db6a884
      Krzysztof Opasiak authored
      commit 903124fe upstream.
      
      memset() to 0 interfaces array before reusing
      usb_configuration structure.
      
      This commit fix bug:
      
      ln -s functions/acm.1 configs/c.1
      ln -s functions/acm.2 configs/c.1
      ln -s functions/acm.3 configs/c.1
      echo "UDC name" > UDC
      echo "" > UDC
      rm configs/c.1/acm.*
      rmdir functions/*
      mkdir functions/ecm.usb0
      ln -s functions/ecm.usb0 configs/c.1
      echo "UDC name" > UDC
      
      [   82.220969] Unable to handle kernel NULL pointer dereference at virtual address 00000000
      [   82.229009] pgd = c0004000
      [   82.231698] [00000000] *pgd=00000000
      [   82.235260] Internal error: Oops: 17 [#1] PREEMPT SMP ARM
      [   82.240638] Modules linked in:
      [   82.243681] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.0.0-rc2 #39
      [   82.249926] Hardware name: SAMSUNG EXYNOS (Flattened Device Tree)
      [   82.256003] task: c07cd2f0 ti: c07c8000 task.ti: c07c8000
      [   82.261393] PC is at composite_setup+0xe3c/0x1674
      [   82.266073] LR is at composite_setup+0xf20/0x1674
      [   82.270760] pc : [<c03510d4>]    lr : [<c03511b8>]    psr: 600001d3
      [   82.270760] sp : c07c9df0  ip : c0806448  fp : ed8c9c9c
      [   82.282216] r10: 00000001  r9 : 00000000  r8 : edaae918
      [   82.287425] r7 : ed551cc0  r6 : 00007fff  r5 : 00000000  r4 : ed799634
      [   82.293934] r3 : 00000003  r2 : 00010002  r1 : edaae918  r0 : 0000002e
      [   82.300446] Flags: nZCv  IRQs off  FIQs off  Mode SVC_32  ISA ARM  Segment kernel
      [   82.307910] Control: 10c5387d  Table: 6bc1804a  DAC: 00000015
      [   82.313638] Process swapper/0 (pid: 0, stack limit = 0xc07c8210)
      [   82.319627] Stack: (0xc07c9df0 to 0xc07ca000)
      [   82.323969] 9de0:                                     00000000 c06e65f4 00000000 c07c9f68
      [   82.332130] 9e00: 00000067 c07c59ac 000003f7 edaae918 ed8c9c98 ed799690 eca2f140 200001d3
      [   82.340289] 9e20: ee79a2d8 c07c9e88 c07c5304 ffff55db 00010002 edaae810 edaae860 eda96d50
      [   82.348448] 9e40: 00000009 ee264510 00000007 c07ca444 edaae860 c0340890 c0827a40 ffff55e0
      [   82.356607] 9e60: c0827a40 eda96e40 ee264510 edaae810 00000000 edaae860 00000007 c07ca444
      [   82.364766] 9e80: edaae860 c0354170 c03407dc c033db4c edaae810 00000000 00000000 00000010
      [   82.372925] 9ea0: 00000032 c0341670 00000000 00000000 00000001 eda96e00 00000000 00000000
      [   82.381084] 9ec0: 00000000 00000032 c0803a23 ee1aa840 00000001 c005d54c 249e2450 00000000
      [   82.389244] 9ee0: 200001d3 ee1aa840 ee1aa8a0 ed84f4c0 00000000 c07c9f68 00000067 c07c59ac
      [   82.397403] 9f00: 00000000 c005d688 ee1aa840 ee1aa8a0 c07db4b4 c006009c 00000032 00000000
      [   82.405562] 9f20: 00000001 c005ce20 c07c59ac c005cf34 f002000c c07ca780 c07c9f68 00000057
      [   82.413722] 9f40: f0020000 413fc090 00000001 c00086b4 c000f804 60000053 ffffffff c07c9f9c
      [   82.421880] 9f60: c0803a20 c0011fc0 00000000 00000000 c07c9fb8 c001bee0 c07ca4f0 c057004c
      [   82.430040] 9f80: c07ca4fc c0803a20 c0803a20 413fc090 00000001 00000000 01000000 c07c9fb0
      [   82.438199] 9fa0: c000f800 c000f804 60000053 ffffffff 00000000 c0050e70 c0803bc0 c0783bd8
      [   82.446358] 9fc0: ffffffff ffffffff c0783664 00000000 00000000 c07b13e8 00000000 c0803e54
      [   82.454517] 9fe0: c07ca480 c07b13e4 c07ce40c 4000406a 00000000 40008074 00000000 00000000
      [   82.462689] [<c03510d4>] (composite_setup) from [<c0340890>] (s3c_hsotg_complete_setup+0xb4/0x418)
      [   82.471626] [<c0340890>] (s3c_hsotg_complete_setup) from [<c0354170>] (usb_gadget_giveback_request+0xc/0x10)
      [   82.481429] [<c0354170>] (usb_gadget_giveback_request) from [<c033db4c>] (s3c_hsotg_complete_request+0xcc/0x12c)
      [   82.491583] [<c033db4c>] (s3c_hsotg_complete_request) from [<c0341670>] (s3c_hsotg_irq+0x4fc/0x558)
      [   82.500614] [<c0341670>] (s3c_hsotg_irq) from [<c005d54c>] (handle_irq_event_percpu+0x50/0x150)
      [   82.509291] [<c005d54c>] (handle_irq_event_percpu) from [<c005d688>] (handle_irq_event+0x3c/0x5c)
      [   82.518145] [<c005d688>] (handle_irq_event) from [<c006009c>] (handle_fasteoi_irq+0xd4/0x18c)
      [   82.526650] [<c006009c>] (handle_fasteoi_irq) from [<c005ce20>] (generic_handle_irq+0x20/0x30)
      [   82.535242] [<c005ce20>] (generic_handle_irq) from [<c005cf34>] (__handle_domain_irq+0x6c/0xdc)
      [   82.543923] [<c005cf34>] (__handle_domain_irq) from [<c00086b4>] (gic_handle_irq+0x2c/0x6c)
      [   82.552256] [<c00086b4>] (gic_handle_irq) from [<c0011fc0>] (__irq_svc+0x40/0x74)
      [   82.559716] Exception stack(0xc07c9f68 to 0xc07c9fb0)
      [   82.564753] 9f60:                   00000000 00000000 c07c9fb8 c001bee0 c07ca4f0 c057004c
      [   82.572913] 9f80: c07ca4fc c0803a20 c0803a20 413fc090 00000001 00000000 01000000 c07c9fb0
      [   82.581069] 9fa0: c000f800 c000f804 60000053 ffffffff
      [   82.586113] [<c0011fc0>] (__irq_svc) from [<c000f804>] (arch_cpu_idle+0x30/0x3c)
      [   82.593491] [<c000f804>] (arch_cpu_idle) from [<c0050e70>] (cpu_startup_entry+0x128/0x1a4)
      [   82.601740] [<c0050e70>] (cpu_startup_entry) from [<c0783bd8>] (start_kernel+0x350/0x3bc)
      [   82.609890] Code: 0a000002 e3530005 05975010 15975008 (e5953000)
      [   82.615965] ---[ end trace f57d5f599a5f1bfa ]---
      
      Most of kernel code assume that interface array in
      struct usb_configuration is NULL terminated.
      
      When gadget is composed with configfs configuration
      structure may be reused for different functions set.
      
      This bug happens because purge_configs_funcs() sets
      only next_interface_id to 0. Interface array still
      contains pointers to already freed interfaces. If in
      second try we add less interfaces than earlier we
      may access unallocated memory when trying to get
      interface descriptors.
      Signed-off-by: default avatarKrzysztof Opasiak <k.opasiak@samsung.com>
      Signed-off-by: default avatarFelipe Balbi <balbi@ti.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      9db6a884
    • Hans de Goede's avatar
      usb-storage: Add NO_WP_DETECT quirk for Lacie 059f:0651 devices · be3baab6
      Hans de Goede authored
      commit 17211509 upstream.
      
      Without this flag some versions of these enclosures do not work.
      Reported-and-tested-by: default avatarChristian Schaller <cschalle@redhat.com>
      Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      be3baab6
    • Mark Edwards's avatar
      USB: cp210x: add ID for KCF Technologies PRN device · b6b5f5e3
      Mark Edwards authored
      commit c735ed74 upstream.
      
      Added the USB serial console device ID for KCF Technologies PRN device
      which has a USB port for its serial console.
      Signed-off-by: default avatarMark Edwards <sonofaforester@gmail.com>
      Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b6b5f5e3
    • Jason A. Donenfeld's avatar
      USB: pl2303: Remove support for Samsung I330 · b60af713
      Jason A. Donenfeld authored
      commit 48ef23a4 upstream.
      
      This phone is already supported by the visor driver.
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      Fixes: 1da177e4 ("Linux-2.6.12-rc2")
      Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b60af713