1. 22 Oct, 2016 2 commits
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · a23b27ae
      Linus Torvalds authored
      Pull KVM fixes from Radim Krčmář:
       "ARM:
         - avoid livelock when walking guest page tables
         - fix HYP mode static keys without CC_HAVE_ASM_GOTO
      
        MIPS:
         - fix a build error without TRACEPOINTS_ENABLED
      
        s390:
         - reject a malformed userspace configuration
      
        x86:
         - suppress a warning without CONFIG_CPU_FREQ
         - initialize whole irq_eoi array"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        arm/arm64: KVM: Map the BSS at HYP
        arm64: KVM: Take S1 walks into account when determining S2 write faults
        KVM: s390: reject invalid modes for runtime instrumentation
        kvm: x86: memset whole irq_eoi
        kvm/x86: Fix unused variable warning in kvm_timer_init()
        KVM: MIPS: Add missing uaccess.h include
      a23b27ae
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-4.9-2' of git://git.linux-nfs.org/projects/anna/linux-nfs · 02593ac6
      Linus Torvalds authored
      Pull NFS client bugfixes from Anna Schumaker:
       "Just two bugfixes this time:
      
        Stable bugfix:
         - Fix last_write_offset incorrectly set to page boundary
      
        Other bugfix:
         - Fix missing-braces warning"
      
      * tag 'nfs-for-4.9-2' of git://git.linux-nfs.org/projects/anna/linux-nfs:
        nfs4: fix missing-braces warning
        pnfs/blocklayout: fix last_write_offset incorrectly set to page boundary
      02593ac6
  2. 21 Oct, 2016 14 commits
    • Linus Torvalds's avatar
      Merge tag 'acpi-4.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 43ef55da
      Linus Torvalds authored
      Pull ACPI fixes from Rafael Wysocki:
       "These fix an issue related to system resume in the new WDAT-based
        watchdog driver and a return value of a stub function in the ACPI CPPC
        framework.
      
        Specifics:
      
         - Update the ACPI WDAT-based watchdog driver to ping the hardware
           during system resume to prevent a reset from occurring after the
           resume is complete (Mika Westerberg).
      
         - Fix the return value of the pcc_mbox_request_channel() stub for
           CONFIG_PCC unset (Hoan Tran)"
      
      * tag 'acpi-4.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        watchdog: wdat_wdt: Ping the watchdog on resume
        mailbox: PCC: Fix return value of pcc_mbox_request_channel()
      43ef55da
    • Rafael J. Wysocki's avatar
      Merge branches 'acpi-wdat' and 'acpi-cppc' · 956c8974
      Rafael J. Wysocki authored
      * acpi-wdat:
        watchdog: wdat_wdt: Ping the watchdog on resume
      
      * acpi-cppc:
        mailbox: PCC: Fix return value of pcc_mbox_request_channel()
      956c8974
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 6edc51a8
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Five small fixes.
      
        Some of these, like the nested spinlock overwriting saved flags and
        the Kasan use after free look serious, but they seem not to have been
        picked up in testing or seen in the field.
      
        The biggest user visible issue is probably the wrong device handler
        for Clariion, which means that alua doesn't bind to the array like it
        should"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: ipr: Fix async error WARN_ON
        scsi: zfcp: spin_lock_irqsave() is not nestable
        scsi: Remove one useless stack variable
        scsi: Fix use-after-free
        scsi: Replace wrong device handler name for CLARiiON arrays
      6edc51a8
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.dk/linux-block · ecd06f28
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
       "A set of fixes that missed the merge window, mostly due to me being
        away around that time.
      
        Nothing major here, a mix of nvme cleanups and fixes, and one fix for
        the badblocks handling"
      
      * 'for-linus' of git://git.kernel.dk/linux-block:
        nvmet: use symbolic constants for CNS values
        nvme: use symbolic constants for CNS values
        nvme.h: add an enum for cns values
        nvme.h: don't use uuid_be
        nvme.h: resync with nvme-cli
        nvme: Add tertiary number to NVME_VS
        nvme : Add sysfs entry for NVMe CMBs when appropriate
        nvme: don't schedule multiple resets
        nvme: Delete created IO queues on reset
        nvme: Stop probing a removed device
        badblocks: fix overlapping check for clearing
      ecd06f28
    • Linus Torvalds's avatar
      Merge tag 'pci-v4.9-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci · e59f30b4
      Linus Torvalds authored
      Pull PCI fixes from Bjorn Helgaas:
       "This includes:
      
         - Fix for a Layerscape driver issue that causes a use-before-set
           crash
      
         - Maintainer update for the Synopsis prototyping device driver"
      
      * tag 'pci-v4.9-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
        PCI: designware-plat: Update author email address
        PCI: layerscape: Fix drvdata usage before assignment
        PCI: designware-plat: Change maintainer to Jose Abreu
      e59f30b4
    • Radim Krčmář's avatar
      Merge tag 'kvm-arm-for-4.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm · 658f7c4b
      Radim Krčmář authored
      KVM/ARM updates for 4.9-rc2
      
      - Handle faults generated by the page table walker as being writes
      - Map the BSS at EL2
      658f7c4b
    • Marc Zyngier's avatar
      arm/arm64: KVM: Map the BSS at HYP · c8ea0395
      Marc Zyngier authored
      When used with a compiler that doesn't implement "asm goto"
      (such as the AArch64 port of GCC 4.8), jump labels generate a
      memory access to find out about the value of the key (instead
      of just patching the code). The key itself is likely to be
      stored in the BSS.
      
      This is perfectly fine, except that we don't map the BSS at HYP,
      leading to an exploding kernel at the first access. The obvious
      fix is simply to map the BSS there (which should have been done
      a long while ago, but hey...).
      Reported-by: default avatarEric Auger <eric.auger@redhat.com>
      Tested-by: default avatarEric Auger <eric.auger@redhat.com>
      Signed-off-by: default avatarMarc Zyngier <marc.zyngier@arm.com>
      c8ea0395
    • Will Deacon's avatar
      arm64: KVM: Take S1 walks into account when determining S2 write faults · 60e21a0e
      Will Deacon authored
      The WnR bit in the HSR/ESR_EL2 indicates whether a data abort was
      generated by a read or a write instruction. For stage 2 data aborts
      generated by a stage 1 translation table walk (i.e. the actual page
      table access faults at EL2), the WnR bit therefore reports whether the
      instruction generating the walk was a load or a store, *not* whether the
      page table walker was reading or writing the entry.
      
      For page tables marked as read-only at stage 2 (e.g. due to KSM merging
      them with the tables from another guest), this could result in livelock,
      where a page table walk generated by a load instruction attempts to
      set the access flag in the stage 1 descriptor, but fails to trigger
      CoW in the host since only a read fault is reported.
      
      This patch modifies the arm64 kvm_vcpu_dabt_iswrite function to
      take into account stage 2 faults in stage 1 walks. Since DBM cannot be
      disabled at EL2 for CPUs that implement it, we assume that these faults
      are always causes by writes, avoiding the livelock situation at the
      expense of occasional, spurious CoWs.
      
      We could, in theory, do a bit better by checking the guest TCR
      configuration and inspecting the page table to see why the PTE faulted.
      However, I doubt this is measurable in practice, and the threat of
      livelock is real.
      
      Cc: <stable@vger.kernel.org>
      Cc: Julien Grall <julien.grall@arm.com>
      Reviewed-by: default avatarMarc Zyngier <marc.zyngier@arm.com>
      Reviewed-by: default avatarChristoffer Dall <christoffer.dall@linaro.org>
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
      60e21a0e
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-for-v4.9-rc2-part2' of git://people.freedesktop.org/~airlied/linux · ec366cd1
      Linus Torvalds authored
      Pull more drm fixes from Dave Airlie:
       "Mainly some vmwgfx fixes, but also some fixes for armada, etnaviv and
        fsl-dcu"
      
      * tag 'drm-fixes-for-v4.9-rc2-part2' of git://people.freedesktop.org/~airlied/linux:
        drm/fsl-dcu: enable pixel clock when enabling CRTC
        drm/fsl-dcu: do not transfer registers in mode_set_nofb
        drm/fsl-dcu: do not transfer registers on plane init
        drm/fsl-dcu: enable TCON bypass mode by default
        drm/vmwgfx: Adjust checks for null pointers in 13 functions
        drm/vmwgfx: Use memdup_user() rather than duplicating its implementation
        drm/vmwgfx: Use kmalloc_array() in vmw_surface_define_ioctl()
        drm/vmwgfx: Avoid validating views on view destruction
        drm/vmwgfx: Limit the user-space command buffer size
        drm/vmwgfx: Remove a leftover debug printout
        drm/vmwgfx: Allow resource relocations on byte boundaries
        drm/vmwgfx: Enable SVGA_3D_CMD_DX_TRANSFER_FROM_BUFFER command
        drm/vmwgfx: Remove call to reservation_object_test_signaled_rcu before wait
        drm/vmwgfx: Replace numeric parameter like 0444 with macro
        drm/etnaviv: block 64K of address space behind each cmdstream
        drm/etnaviv: ensure write caches are flushed at end of user cmdstream
        drm/armada: fix clock counts
      ec366cd1
    • Joao Pinto's avatar
      PCI: designware-plat: Update author email address · 02a1b8f4
      Joao Pinto authored
      Although I am leaving Synopsys, I would like to keep working with the linux
      kernel community and help in what you might find useful.  For that I am
      sending this patch to change my contact e-mail.
      Signed-off-by: default avatarJoao Pinto <jpinto@synopsys.com>
      Signed-off-by: default avatarBjorn Helgaas <bhelgaas@google.com>
      02a1b8f4
    • Dave Airlie's avatar
      Merge branch 'drm-etnaviv-fixes' of git://git.pengutronix.de/lst/linux into drm-fixes · 26beaee9
      Dave Airlie authored
      2 more patches to stabilize the new MMUv2 support.
      
      * 'drm-etnaviv-fixes' of git://git.pengutronix.de/lst/linux:
        drm/etnaviv: block 64K of address space behind each cmdstream
        drm/etnaviv: ensure write caches are flushed at end of user cmdstream
      26beaee9
    • Dave Airlie's avatar
      Merge branch 'drm-vmwgfx-fixes' of ssh://people.freedesktop.org/~syeh/repos_linux into drm-fixes · 96ebf7cb
      Dave Airlie authored
      vmwgfx cleanups and fixes.
      
      * 'drm-vmwgfx-fixes' of ssh://people.freedesktop.org/~syeh/repos_linux:
        drm/vmwgfx: Adjust checks for null pointers in 13 functions
        drm/vmwgfx: Use memdup_user() rather than duplicating its implementation
        drm/vmwgfx: Use kmalloc_array() in vmw_surface_define_ioctl()
        drm/vmwgfx: Avoid validating views on view destruction
        drm/vmwgfx: Limit the user-space command buffer size
        drm/vmwgfx: Remove a leftover debug printout
        drm/vmwgfx: Allow resource relocations on byte boundaries
        drm/vmwgfx: Enable SVGA_3D_CMD_DX_TRANSFER_FROM_BUFFER command
        drm/vmwgfx: Remove call to reservation_object_test_signaled_rcu before wait
        drm/vmwgfx: Replace numeric parameter like 0444 with macro
      96ebf7cb
    • Dave Airlie's avatar
      Merge branch 'drm-armada-fixes' of git://git.armlinux.org.uk/~rmk/linux-arm into drm-fixes · e947f03d
      Dave Airlie authored
      One small fix for Armada, where the clock prepare/enable counts were
      going awry.
      
      * 'drm-armada-fixes' of git://git.armlinux.org.uk/~rmk/linux-arm:
        drm/armada: fix clock counts
      e947f03d
    • Dave Airlie's avatar
      Merge branch 'fixes-for-v4.9-rc2' of http://git.agner.ch/git/linux-drm-fsl-dcu into drm-fixes · 961050d7
      Dave Airlie authored
      This are some fixes which I hoped to still get into v4.9. I used to
      test them here since about 2 weeks and Meng came around to test it
      on the second platform making use of this IP too, so they are well
      tested now.
      
      * 'fixes-for-v4.9-rc2' of http://git.agner.ch/git/linux-drm-fsl-dcu:
        drm/fsl-dcu: enable pixel clock when enabling CRTC
        drm/fsl-dcu: do not transfer registers in mode_set_nofb
        drm/fsl-dcu: do not transfer registers on plane init
        drm/fsl-dcu: enable TCON bypass mode by default
      961050d7
  3. 20 Oct, 2016 24 commits
    • Mika Westerberg's avatar
      watchdog: wdat_wdt: Ping the watchdog on resume · 28e3d700
      Mika Westerberg authored
      It turns out we need to ping the watchdog hardware on resume when we
      re-program it. Otherwise this causes inadvertent reset to trigger
      right after the resume is complete.
      
      Fixes: 058dfc76 (ACPI / watchdog: Add support for WDAT hardware watchdog)
      Signed-off-by: default avatarMika Westerberg <mika.westerberg@linux.intel.com>
      Acked-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      28e3d700
    • Linus Torvalds's avatar
      Merge tag 'pm-4.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 6f33d645
      Linus Torvalds authored
      Pull power management fix from Rafael Wysocki:
       "This fixes the pointer arithmetics mess-up in the cpufreq core
        introduced by one of recent commits and leading to all kinds of
        breakage from kernel crashes to incorrect governor decisions (Sergey
        Senozhatsky)"
      
      * tag 'pm-4.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        cpufreq: fix overflow in cpufreq_table_find_index_dl()
      6f33d645
    • Rafael J. Wysocki's avatar
      Merge branch 'pm-cpufreq' · 350d3239
      Rafael J. Wysocki authored
      * pm-cpufreq:
        cpufreq: fix overflow in cpufreq_table_find_index_dl()
      350d3239
    • Radim Krčmář's avatar
      Merge tag 'kvm-s390-master-4.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux · 3633031d
      Radim Krčmář authored
      KVM: s390: Fix for user-triggerable WARN_ON
      
      A malicious user space can provide an invalid mode for runtime
      instrumentation via the interfaces that are normally used on
      the target host during migration. This would trigger a WARN_ON
      via validity intercept. Let's detect this special case.
      3633031d
    • Christian Borntraeger's avatar
      KVM: s390: reject invalid modes for runtime instrumentation · a5efb6b6
      Christian Borntraeger authored
      Usually a validity intercept is a programming error of the host
      because of invalid entries in the state description.
      We can get a validity intercept if the mode of the runtime
      instrumentation control block is wrong. As the host does not know
      which modes are valid, this can be used by userspace to trigger
      a WARN.
      Instead of printing a WARN let's return an error to userspace as
      this can only happen if userspace provides a malformed initial
      value (e.g. on migration). The kernel should never warn on bogus
      input. Instead let's log it into the s390 debug feature.
      
      While at it, let's return -EINVAL for all validity intercepts as
      this will trigger an error in QEMU like
      
      error: kvm run failed Invalid argument
      PSW=mask 0404c00180000000 addr 000000000063c226 cc 00
      R00=000000000000004f R01=0000000000000004 R02=0000000000760005 R03=000000007fe0a000
      R04=000000000064ba2a R05=000000049db73dd0 R06=000000000082c4b0 R07=0000000000000041
      R08=0000000000000002 R09=000003e0804042a8 R10=0000000496152c42 R11=000000007fe0afb0
      [...]
      
      This will avoid an endless loop of validity intercepts.
      
      Cc: stable@vger.kernel.org # v4.5+
      Fixes: c6e5f166 ("KVM: s390: implement the RI support of guest")
      Acked-by: default avatarFan Zhang <zhangfan@linux.vnet.ibm.com>
      Reviewed-by: default avatarPierre Morel <pmorel@linux.vnet.ibm.com>
      Signed-off-by: default avatarChristian Borntraeger <borntraeger@de.ibm.com>
      a5efb6b6
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · f4814e61
      Linus Torvalds authored
      Pull arm64 fixes from Will Deacon:
       "Most of these are CC'd for stable, but there are a few fixing issues
        introduced during the recent merge window too.
      
        There's also a fix for the xgene PMU driver, but it seemed daft to
        send as a separate pull request, so I've included it here with the
        rest of the fixes.
      
         - Fix ACPI boot due to recent broken NUMA changes
         - Fix remote enabling of CPU features requiring PSTATE bit manipulation
         - Add address range check when emulating user cache maintenance
         - Fix LL/SC loops that allow compiler to introduce memory accesses
         - Fix recently added write_sysreg_s macro
         - Ensure MDCR_EL2 is initialised on qemu targets without a PMU
         - Avoid kaslr breakage due to MODVERSIONs and DYNAMIC_FTRACE
         - Correctly drive recent ld when building relocatable Image
         - Remove junk IS_ERR check from xgene PMU driver added during merge window
         - pr_cont fixes after core changes in the merge window"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: remove pr_cont abuse from mem_init
        arm64: fix show_regs fallout from KERN_CONT changes
        arm64: kernel: force ET_DYN ELF type for CONFIG_RELOCATABLE=y
        arm64: suspend: Reconfigure PSTATE after resume from idle
        arm64: mm: Set PSTATE.PAN from the cpu_enable_pan() call
        arm64: cpufeature: Schedule enable() calls instead of calling them via IPI
        arm64: Cortex-A53 errata workaround: check for kernel addresses
        arm64: percpu: rewrite ll/sc loops in assembly
        arm64: swp emulation: bound LL/SC retries before rescheduling
        arm64: sysreg: Fix use of XZR in write_sysreg_s
        arm64: kaslr: keep modules close to the kernel when DYNAMIC_FTRACE=y
        arm64: kernel: Init MDCR_EL2 even in the absence of a PMU
        perf: xgene: Remove bogus IS_ERR() check
        arm64: kernel: numa: fix ACPI boot cpu numa node mapping
        arm64: kaslr: fix breakage with CONFIG_MODVERSIONS=y
      f4814e61
    • Linus Torvalds's avatar
      Merge tag 'ceph-for-4.9-rc2' of git://github.com/ceph/ceph-client · bdcff415
      Linus Torvalds authored
      Pull Ceph fixes from Ilya Dryomov:
       "An rbd exclusive-lock edge case fix and several filesystem fixups.
      
        Nikolay's error path patch is tagged for stable, everything else but
        readdir vs frags race was introduced in this merge window"
      
      * tag 'ceph-for-4.9-rc2' of git://github.com/ceph/ceph-client:
        ceph: fix non static symbol warning
        ceph: fix uninitialized dentry pointer in ceph_real_mount()
        ceph: fix readdir vs fragmentation race
        ceph: fix error handling in ceph_read_iter
        rbd: don't retry watch reregistration if header object is gone
        rbd: don't wait for the lock forever if blacklisted
      bdcff415
    • Linus Torvalds's avatar
      Merge tag 'mmc-v4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc · 0ea67fae
      Linus Torvalds authored
      Pull MMC fixes from Ulf Hansson:
       "Here are some mmc fixes intended for v4.9 rc2.
      
        This time I have also included a few changes for a memstick driver
        which has a corresponding mmc driver. They use the same USB device as
        parent, hence both needs to play nice with runtime PM, which they
        didn't.
      
        MMC core:
         - Update MAINTAINERS as the mmc tree moved to kernel.org
         - A few fixes for HS400es mode
         - A few other minor fixes
      
        MMC host:
         - sdhci: Fix an issue when dealing with stop commands
         - sdhci-pci: Fix a bus power failure issue
         - sdhci-esdhc-imx: Correct two register accesses
         - sdhci-of-arasan: Fix the 1.8V I/O signal switch behaviour
         - rtsx_usb_sdmmc: Fix runtime PM issues
      
        Other: (Because of no maintainer)
         - memstick: rtsx_usb_ms: Fix runtime PM issues"
      
      * tag 'mmc-v4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
        MAINTAINERS: mmc: Move the mmc tree to kernel.org
        memstick: rtsx_usb_ms: Manage runtime PM when accessing the device
        memstick: rtsx_usb_ms: Runtime resume the device when polling for cards
        mmc: rtsx_usb_sdmmc: Handle runtime PM while changing the led
        mmc: rtsx_usb_sdmmc: Avoid keeping the device runtime resumed when unused
        mmc: sdhci: cast unsigned int to unsigned long long to avoid unexpeted error
        mmc: sdhci-esdhc-imx: Correct two register accesses
        mmc: sdhci-pci: Fix bus power failing to enable for some Intel controllers
        mmc: sdhci-pci: Let devices define their own sdhci_ops
        mmc: sdhci: Rename sdhci_set_power() to sdhci_set_power_noreg()
        mmc: sdhci: Fix SDHCI_QUIRK2_STOP_WITH_TC
        mmc: core: Annotate cmd_hdr as __le32
        mmc: sdhci-of-arasan: add sdhci_arasan_voltage_switch for arasan, 5.1
        mmc: core: changes frequency to hs_max_dtr when selecting hs400es
        mmc: core: switch to 1V8 or 1V2 for hs400es mode
        mmc: block: add missing header dependencies
        mmc: sdhci-of-arasan: Fix non static symbol warning
      0ea67fae
    • Linus Torvalds's avatar
      Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs · a28ad14e
      Linus Torvalds authored
      Pull misc filesystem fixes from Jan Kara:
       "A fix for an isofs change apparently breaking mount(8) in some cases
        and one ext2 warning fix"
      
      * 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
        ext2: avoid bogus -Wmaybe-uninitialized warning
        isofs: Do not return EACCES for unknown filesystems
      a28ad14e
    • Radim Krčmář's avatar
      Merge tag 'kvm_mips_4.9_2' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/kvm-mips · f6bbf1b7
      Radim Krčmář authored
      MIPS KVM fix for v4.9-rc2
      
      - Fix build error introduced during the 4.9 merge window when
        tracepoints are disabled.
      f6bbf1b7
    • Sergey Senozhatsky's avatar
      cpufreq: fix overflow in cpufreq_table_find_index_dl() · c6fe46a7
      Sergey Senozhatsky authored
      'best' is always less or equals to 'pos', so `best - pos' returns
      a negative value which is then getting casted to `unsigned int'
      and passed to __cpufreq_driver_target()->acpi_cpufreq_target()
      for policy->freq_table selection. This results in
      
       BUG: unable to handle kernel paging request at ffff881019b469f8
       IP: [<ffffffffa00356c1>] acpi_cpufreq_target+0x4f/0x190 [acpi_cpufreq]
       PGD 267f067
       PUD 0
      
       Oops: 0000 [#1] PREEMPT SMP
       CPU: 6 PID: 70 Comm: kworker/6:1 Not tainted 4.9.0-rc1-next-20161017-dbg-dirty
       Workqueue: events dbs_work_handler
       task: ffff88041b808000 task.stack: ffff88041b810000
       RIP: 0010:[<ffffffffa00356c1>]  [<ffffffffa00356c1>] acpi_cpufreq_target+0x4f/0x190 [acpi_cpufreq]
       RSP: 0018:ffff88041b813c60  EFLAGS: 00010282
       RAX: ffff880419b46a00 RBX: ffff88041b848400 RCX: ffff880419b20f80
       RDX: 00000000001dff38 RSI: 00000000ffffffff RDI: ffff88041b848400
       RBP: ffff88041b813cb0 R08: 0000000000000006 R09: 0000000000000040
       R10: ffffffff8207f9e0 R11: ffffffff8173595b R12: 0000000000000000
       R13: ffff88041f1dff38 R14: 0000000000262900 R15: 0000000bfffffff4
       FS:  0000000000000000(0000) GS:ffff88041f000000(0000) knlGS:0000000000000000
       CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
       CR2: ffff881019b469f8 CR3: 000000041a2d3000 CR4: 00000000001406e0
       Stack:
        ffff88041b813cb0 ffffffff813347f9 ffff88041b813ca0 ffffffff81334663
        ffff88041f1d4bc0 ffff88041b848400 0000000000000000 0000000000000000
        0000000000262900 0000000000000000 ffff88041b813d00 ffffffff813355dc
       Call Trace:
        [<ffffffff813347f9>] ? cpufreq_freq_transition_begin+0xf1/0xfc
        [<ffffffff81334663>] ? get_cpu_idle_time+0x97/0xa6
        [<ffffffff813355dc>] __cpufreq_driver_target+0x3b6/0x44e
        [<ffffffff81336ca3>] cs_dbs_timer+0x11a/0x135
        [<ffffffff81336fda>] dbs_work_handler+0x39/0x62
        [<ffffffff81057823>] process_one_work+0x280/0x4a5
        [<ffffffff81058719>] worker_thread+0x24f/0x397
        [<ffffffff810584ca>] ? rescuer_thread+0x30b/0x30b
        [<ffffffff81418380>] ? nl80211_get_key+0x29/0x36a
        [<ffffffff8105d2b7>] kthread+0xfc/0x104
        [<ffffffff8107ceea>] ? put_lock_stats.isra.9+0xe/0x20
        [<ffffffff8105d1bb>] ? kthread_create_on_node+0x3f/0x3f
        [<ffffffff814b2092>] ret_from_fork+0x22/0x30
       Code: 56 4d 6b ff 0c 41 55 41 54 53 48 83 ec 28 48 8b 15 ad 1e 00 00 44 8b 41
       08 48 8b 87 c8 00 00 00 49 89 d5 4e 03 2c c5 80 b2 78 81 <46> 8b 74 38 04 45
       3b 75 00 75 11 31 c0 83 39 00 0f 84 1c 01 00
       RIP  [<ffffffffa00356c1>] acpi_cpufreq_target+0x4f/0x190 [acpi_cpufreq]
        RSP <ffff88041b813c60>
       CR2: ffff881019b469f8
       ---[ end trace 16d9fc7a17897d37 ]---
      
      [ rjw: In some cases this bug may also cause incorrect frequencies to
        be selected by cpufreq governors. ]
      
      Fixes: 899bb664 (cpufreq: skip invalid entries when searching the frequency)
      Link: http://marc.info/?l=linux-kernel&m=147672030714331&w=2Reported-and-tested-by: default avatarSedat Dilek <sedat.dilek@gmail.com>
      Reported-and-tested-by: default avatarJörg Otte <jrg.otte@gmail.com>
      Signed-off-by: default avatarSergey Senozhatsky <sergey.senozhatsky@gmail.com>
      Acked-by: default avatarViresh Kumar <viresh.kumar@linaro.org>
      Cc: 4.8+ <stable@vger.kernel.org> # 4.8+
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      c6fe46a7
    • Mark Rutland's avatar
      arm64: remove pr_cont abuse from mem_init · f7881bd6
      Mark Rutland authored
      All the lines printed by mem_init are independent, with each ending with
      a newline. While they logically form a large block, none are actually
      continuations of previous lines.
      
      The kernel-side printk code and the userspace demsg tool differ in their
      handling of KERN_CONT following a newline, and while this isn't always a
      problem kernel-side, it does cause difficulty for userspace. Using
      pr_cont causes the userspace tool to not print line prefix (e.g.
      timestamps) even when following a newline, mis-aligning the output and
      making it harder to read, e.g.
      
      [    0.000000] Virtual kernel memory layout:
      [    0.000000]     modules : 0xffff000000000000 - 0xffff000008000000   (   128 MB)
          vmalloc : 0xffff000008000000 - 0xffff7dffbfff0000   (129022 GB)
            .text : 0xffff000008080000 - 0xffff0000088b0000   (  8384 KB)
          .rodata : 0xffff0000088b0000 - 0xffff000008c50000   (  3712 KB)
            .init : 0xffff000008c50000 - 0xffff000008d50000   (  1024 KB)
            .data : 0xffff000008d50000 - 0xffff000008e25200   (   853 KB)
             .bss : 0xffff000008e25200 - 0xffff000008e6bec0   (   284 KB)
          fixed   : 0xffff7dfffe7fd000 - 0xffff7dfffec00000   (  4108 KB)
          PCI I/O : 0xffff7dfffee00000 - 0xffff7dffffe00000   (    16 MB)
          vmemmap : 0xffff7e0000000000 - 0xffff800000000000   (  2048 GB maximum)
                    0xffff7e0000000000 - 0xffff7e0026000000   (   608 MB actual)
          memory  : 0xffff800000000000 - 0xffff800980000000   ( 38912 MB)
      [    0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=6, Nodes=1
      
      Fix this by using pr_notice consistently for all lines, which both the
      kernel and userspace are happy with.
      Signed-off-by: default avatarMark Rutland <mark.rutland@arm.com>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: James Morse <james.morse@arm.com>
      Cc: Kefeng Wang <wangkefeng.wang@huawei.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
      f7881bd6
    • Mark Rutland's avatar
      arm64: fix show_regs fallout from KERN_CONT changes · db4b0710
      Mark Rutland authored
      Recently in commit 4bcc595c ("printk: reinstate KERN_CONT for
      printing continuation lines"), the behaviour of printk changed w.r.t.
      KERN_CONT. Now, KERN_CONT is mandatory to continue existing lines.
      Without this, prefixes are inserted, making output illegible, e.g.
      
      [ 1007.069010] pc : [<ffff00000871898c>] lr : [<ffff000008718948>] pstate: 40000145
      [ 1007.076329] sp : ffff000008d53ec0
      [ 1007.079606] x29: ffff000008d53ec0 [ 1007.082797] x28: 0000000080c50018
      [ 1007.086160]
      [ 1007.087630] x27: ffff000008e0c7f8 [ 1007.090820] x26: ffff80097631ca00
      [ 1007.094183]
      [ 1007.095653] x25: 0000000000000001 [ 1007.098843] x24: 000000ea68b61cac
      [ 1007.102206]
      
      ... or when dumped with the userpace dmesg tool, which has slightly
      different implicit newline behaviour. e.g.
      
      [ 1007.069010] pc : [<ffff00000871898c>] lr : [<ffff000008718948>] pstate: 40000145
      [ 1007.076329] sp : ffff000008d53ec0
      [ 1007.079606] x29: ffff000008d53ec0
      [ 1007.082797] x28: 0000000080c50018
      [ 1007.086160]
      [ 1007.087630] x27: ffff000008e0c7f8
      [ 1007.090820] x26: ffff80097631ca00
      [ 1007.094183]
      [ 1007.095653] x25: 0000000000000001
      [ 1007.098843] x24: 000000ea68b61cac
      [ 1007.102206]
      
      We can't simply always use KERN_CONT for lines which may or may not be
      continuations. That causes line prefixes (e.g. timestamps) to be
      supressed, and the alignment of all but the first line will be broken.
      
      For even more fun, we can't simply insert some dummy empty-string printk
      calls, as GCC warns for an empty printk string, and even if we pass
      KERN_DEFAULT explcitly to silence the warning, the prefix gets swallowed
      unless there is an additional part to the string.
      
      Instead, we must manually iterate over pairs of registers, which gives
      us the legible output we want in either case, e.g.
      
      [  169.771790] pc : [<ffff00000871898c>] lr : [<ffff000008718948>] pstate: 40000145
      [  169.779109] sp : ffff000008d53ec0
      [  169.782386] x29: ffff000008d53ec0 x28: 0000000080c50018
      [  169.787650] x27: ffff000008e0c7f8 x26: ffff80097631de00
      [  169.792913] x25: 0000000000000001 x24: 00000027827b2cf4
      Signed-off-by: default avatarMark Rutland <mark.rutland@arm.com>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
      db4b0710
    • Jiri Slaby's avatar
      kvm: x86: memset whole irq_eoi · 8678654e
      Jiri Slaby authored
      gcc 7 warns:
      arch/x86/kvm/ioapic.c: In function 'kvm_ioapic_reset':
      arch/x86/kvm/ioapic.c:597:2: warning: 'memset' used with length equal to number of elements without multiplication by element size [-Wmemset-elt-size]
      
      And it is right. Memset whole array using sizeof operator.
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Radim Krčmář <rkrcmar@redhat.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: x86@kernel.org
      Cc: kvm@vger.kernel.org
      Cc: linux-kernel@vger.kernel.org
      Cc: stable@vger.kernel.org
      Reviewed-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      [Added x86 subject tag]
      Signed-off-by: default avatarRadim Krčmář <rkrcmar@redhat.com>
      8678654e
    • Borislav Petkov's avatar
      kvm/x86: Fix unused variable warning in kvm_timer_init() · 758f588d
      Borislav Petkov authored
      When CONFIG_CPU_FREQ is not set, int cpu is unused and gcc rightfully
      warns about it:
      
        arch/x86/kvm/x86.c: In function ‘kvm_timer_init’:
        arch/x86/kvm/x86.c:5697:6: warning: unused variable ‘cpu’ [-Wunused-variable]
          int cpu;
              ^~~
      
      But since it is used only in the CONFIG_CPU_FREQ block, simply move it
      there, thus squashing the warning too.
      Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
      Signed-off-by: default avatarRadim Krčmář <rkrcmar@redhat.com>
      758f588d
    • Ard Biesheuvel's avatar
      arm64: kernel: force ET_DYN ELF type for CONFIG_RELOCATABLE=y · b9dce7f1
      Ard Biesheuvel authored
      GNU ld used to set the ELF file type to ET_DYN for PIE executables, which
      is the same file type used for shared libraries. However, this was changed
      recently, and now PIE executables are emitted as ET_EXEC instead.
      
      The distinction is only relevant for ELF loaders, and so there is little
      reason to care about the difference when building the kernel, which is
      why the change has gone unnoticed until now.
      
      However, debuggers do use the ELF binary, and expect ET_EXEC type files
      to appear in memory at the exact offset described in the ELF metadata.
      This means source level debugging is no longer possible when KASLR is in
      effect or when executing the stub.
      
      So add the -shared LD option when building with CONFIG_RELOCATABLE=y. This
      forces the ELF file type to be set to ET_DYN (which is what you get when
      building with binutils 2.24 and earlier anyway), and has no other ill
      effects.
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
      b9dce7f1
    • James Morse's avatar
      arm64: suspend: Reconfigure PSTATE after resume from idle · d0854412
      James Morse authored
      The suspend/resume path in kernel/sleep.S, as used by cpu-idle, does not
      save/restore PSTATE. As a result of this cpufeatures that were detected
      and have bits in PSTATE get lost when we resume from idle.
      
      UAO gets set appropriately on the next context switch. PAN will be
      re-enabled next time we return from user-space, but on a preemptible
      kernel we may run work accessing user space before this point.
      
      Add code to re-enable theses two features in __cpu_suspend_exit().
      We re-use uao_thread_switch() passing current.
      Signed-off-by: default avatarJames Morse <james.morse@arm.com>
      Cc: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
      d0854412
    • James Morse's avatar
      arm64: mm: Set PSTATE.PAN from the cpu_enable_pan() call · 7209c868
      James Morse authored
      Commit 338d4f49 ("arm64: kernel: Add support for Privileged Access
      Never") enabled PAN by enabling the 'SPAN' feature-bit in SCTLR_EL1.
      This means the PSTATE.PAN bit won't be set until the next return to the
      kernel from userspace. On a preemptible kernel we may schedule work that
      accesses userspace on a CPU before it has done this.
      
      Now that cpufeature enable() calls are scheduled via stop_machine(), we
      can set PSTATE.PAN from the cpu_enable_pan() call.
      
      Add WARN_ON_ONCE(in_interrupt()) to check the PSTATE value we updated
      is not immediately discarded.
      Reported-by: default avatarTony Thompson <anthony.thompson@arm.com>
      Reported-by: default avatarVladimir Murzin <vladimir.murzin@arm.com>
      Signed-off-by: default avatarJames Morse <james.morse@arm.com>
      [will: fixed typo in comment]
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
      7209c868
    • James Morse's avatar
      arm64: cpufeature: Schedule enable() calls instead of calling them via IPI · 2a6dcb2b
      James Morse authored
      The enable() call for a cpufeature/errata is called using on_each_cpu().
      This issues a cross-call IPI to get the work done. Implicitly, this
      stashes the running PSTATE in SPSR when the CPU receives the IPI, and
      restores it when we return. This means an enable() call can never modify
      PSTATE.
      
      To allow PAN to do this, change the on_each_cpu() call to use
      stop_machine(). This schedules the work on each CPU which allows
      us to modify PSTATE.
      
      This involves changing the protype of all the enable() functions.
      
      enable_cpu_capabilities() is called during boot and enables the feature
      on all online CPUs. This path now uses stop_machine(). CPU features for
      hotplug'd CPUs are enabled by verify_local_cpu_features() which only
      acts on the local CPU, and can already modify the running PSTATE as it
      is called from secondary_start_kernel().
      Reported-by: default avatarTony Thompson <anthony.thompson@arm.com>
      Reported-by: default avatarVladimir Murzin <vladimir.murzin@arm.com>
      Signed-off-by: default avatarJames Morse <james.morse@arm.com>
      Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
      2a6dcb2b
    • Andre Przywara's avatar
      arm64: Cortex-A53 errata workaround: check for kernel addresses · 87261d19
      Andre Przywara authored
      Commit 7dd01aef ("arm64: trap userspace "dc cvau" cache operation on
      errata-affected core") adds code to execute cache maintenance instructions
      in the kernel on behalf of userland on CPUs with certain ARM CPU errata.
      It turns out that the address hasn't been checked to be a valid user
      space address, allowing userland to clean cache lines in kernel space.
      Fix this by introducing an address check before executing the
      instructions on behalf of userland.
      
      Since the address doesn't come via a syscall parameter, we can't just
      reject tagged pointers and instead have to remove the tag when checking
      against the user address limit.
      
      Cc: <stable@vger.kernel.org>
      Fixes: 7dd01aef ("arm64: trap userspace "dc cvau" cache operation on errata-affected core")
      Reported-by: default avatarKristina Martsenko <kristina.martsenko@arm.com>
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      [will: rework commit message + replace access_ok with max_user_addr()]
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
      87261d19
    • Stefan Agner's avatar
      drm/fsl-dcu: enable pixel clock when enabling CRTC · 0a70c998
      Stefan Agner authored
      The pixel clock should not be on if the CRTC is not in use, hence
      move clock enable/disable calls into CRTC callbacks.
      Signed-off-by: default avatarStefan Agner <stefan@agner.ch>
      Tested-By: default avatarMeng Yi <meng.yi@nxp.com>
      0a70c998
    • Stefan Agner's avatar
      drm/fsl-dcu: do not transfer registers in mode_set_nofb · 97890376
      Stefan Agner authored
      Do not schedule a transfer of mode settings early. Modes should
      get applied on on CRTC enable where we also enable the pixel clock.
      Signed-off-by: default avatarStefan Agner <stefan@agner.ch>
      Tested-By: default avatarMeng Yi <meng.yi@nxp.com>
      97890376
    • Stefan Agner's avatar
      drm/fsl-dcu: do not transfer registers on plane init · b6ead864
      Stefan Agner authored
      There is no need to explicitly initiate a register transfer and
      turn off the DCU after initializing the plane registers. In fact,
      this is harmful and leads to unnecessary flickers if the DCU has
      been left on by the bootloader.
      Signed-off-by: default avatarStefan Agner <stefan@agner.ch>
      Tested-By: default avatarMeng Yi <meng.yi@nxp.com>
      b6ead864
    • Stefan Agner's avatar
      drm/fsl-dcu: enable TCON bypass mode by default · 8dedefbc
      Stefan Agner authored
      Do not use encoder disable/enable callbacks to control bypass
      mode as this seems to mess with the signals not liked by
      displays. This also makes more sense since the encoder is
      already defined to be parallel RGB/LVDS at creation time.
      Signed-off-by: default avatarStefan Agner <stefan@agner.ch>
      Tested-By: default avatarMeng Yi <meng.yi@nxp.com>
      8dedefbc