1. 31 Mar, 2016 40 commits
    • Andreas Färber's avatar
      clk: meson: Fix meson_clk_register_clks() signature type mismatch · aa33c436
      Andreas Färber authored
      commit bb473593 upstream.
      
      As preparation for arm64 based mesongxbb, which pulls in this code once
      enabling ARCH_MESON, fix a size_t vs. unsigned int type mismatch.
      The loop uses a local unsigned int variable, so adopt that type,
      matching the header.
      
      Fixes: 7a29a869 ("clk: meson: Add support for Meson clock controller")
      Signed-off-by: default avatarAndreas Färber <afaerber@suse.de>
      Acked-by: default avatarCarlo Caione <carlo@endlessm.com>
      Signed-off-by: default avatarStephen Boyd <sboyd@codeaurora.org>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      aa33c436
    • Arnd Bergmann's avatar
      mlx4: add missing braces in verify_qp_parameters · 9290ae0c
      Arnd Bergmann authored
      commit baefd701 upstream.
      
      The implementation of QP paravirtualization back in linux-3.7 included
      some code that looks very dubious, and gcc-6 has grown smart enough
      to warn about it:
      
      drivers/net/ethernet/mellanox/mlx4/resource_tracker.c: In function 'verify_qp_parameters':
      drivers/net/ethernet/mellanox/mlx4/resource_tracker.c:3154:5: error: statement is indented as if it were guarded by... [-Werror=misleading-indentation]
           if (optpar & MLX4_QP_OPTPAR_ALT_ADDR_PATH) {
           ^~
      drivers/net/ethernet/mellanox/mlx4/resource_tracker.c:3144:4: note: ...this 'if' clause, but it is not
          if (slave != mlx4_master_func_num(dev))
      
      >From looking at the context, I'm reasonably sure that the indentation
      is correct but that it should have contained curly braces from the
      start, as the update_gid() function in the same patch correctly does.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Fixes: 54679e14 ("mlx4: Implement QP paravirtualization and maintain phys_pkey_cache for smp_snoop")
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      9290ae0c
    • Arnd Bergmann's avatar
      ASoC: s3c24xx: use const snd_soc_component_driver pointer · ca1b29f4
      Arnd Bergmann authored
      commit ba4bc32e upstream.
      
      An older patch to convert the API in the s3c i2s driver
      ended up passing a const pointer into a function that takes
      a non-const pointer, so we now get a warning:
      
      sound/soc/samsung/s3c2412-i2s.c: In function 's3c2412_iis_dev_probe':
      sound/soc/samsung/s3c2412-i2s.c:172:9: error: passing argument 3 of 's3c_i2sv2_register_component' discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
      
      However, the s3c_i2sv2_register_component() function again
      passes the pointer into another function taking a const, so
      we just need to change its prototype.
      
      Fixes: eca3b01d ("ASoC: switch over to use snd_soc_register_component() on s3c i2s")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Reviewed-by: default avatarKrzysztof Kozlowski <k.kozlowski@samsung.com>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      ca1b29f4
    • Huibin Hong's avatar
      spi/rockchip: Make sure spi clk is on in rockchip_spi_set_cs · c6f4e0d7
      Huibin Hong authored
      commit b920cc31 upstream.
      
      Rockchip_spi_set_cs could be called by spi_setup, but
      spi_setup may be called by device driver after runtime suspend.
      Then the spi clock is closed, rockchip_spi_set_cs may access the
      spi registers, which causes cpu block in some socs.
      
      Fixes: 64e36824 ("spi/rockchip: add driver for Rockchip RK3xxx")
      Signed-off-by: default avatarHuibin Hong <huibin.hong@rock-chips.com>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      c6f4e0d7
    • Jesse Gross's avatar
      ipip: Properly mark ipip GRO packets as encapsulated. · 15865662
      Jesse Gross authored
      commit b8cba75b upstream.
      
      ipip encapsulated packets can be merged together by GRO but the result
      does not have the proper GSO type set or even marked as being
      encapsulated at all. Later retransmission of these packets will likely
      fail if the device does not support ipip offloads. This is similar to
      the issue resolved in IPv6 sit in feec0cb3
      ("ipv6: gro: support sit protocol").
      Reported-by: default avatarPatrick Boutilier <boutilpj@ednet.ns.ca>
      Fixes: 9667e9bb ("ipip: Add gro callbacks to ipip offload")
      Tested-by: default avatarPatrick Boutilier <boutilpj@ednet.ns.ca>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarJesse Gross <jesse@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      15865662
    • David Hildenbrand's avatar
      sched/preempt, sh: kmap_coherent relies on disabled preemption · 297cb985
      David Hildenbrand authored
      commit b15d53d0 upstream.
      
      kmap_coherent needs disabled preemption to not schedule in the critical
      section, just like kmap_coherent on mips and kmap_atomic in general.
      
      Fixes: 8222dbe2 "sched/preempt, mm/fault: Decouple preemption from the page fault logic"
      Reported-by: default avatarHans Verkuil <hverkuil@xs4all.nl>
      Signed-off-by: default avatarDavid Hildenbrand <dahi@linux.vnet.ibm.com>
      Tested-by: default avatarHans Verkuil <hans.verkuil@cisco.com>
      Signed-off-by: default avatarRich Felker <dalias@libc.org>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      297cb985
    • Arnd Bergmann's avatar
      lpfc: fix misleading indentation · 1723fd01
      Arnd Bergmann authored
      commit aeb6641f upstream.
      
      gcc-6 complains about the indentation of the lpfc_destroy_vport_work_array()
      call in lpfc_online(), which clearly doesn't look right:
      
      drivers/scsi/lpfc/lpfc_init.c: In function 'lpfc_online':
      drivers/scsi/lpfc/lpfc_init.c:2880:3: warning: statement is indented as if it were guarded by... [-Wmisleading-indentation]
         lpfc_destroy_vport_work_array(phba, vports);
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      drivers/scsi/lpfc/lpfc_init.c:2863:2: note: ...this 'if' clause, but it is not
        if (vports != NULL)
        ^~
      
      Looking at the patch that introduced this code, it's clear that the
      behavior is correct and the indentation is wrong.
      
      This fixes the indentation and adds curly braces around the previous
      if() block for clarity, as that is most likely what caused the code
      to be misindented in the first place.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Fixes: 549e55cd ("[SCSI] lpfc 8.2.2 : Fix locking around HBA's port_list")
      Reviewed-by: default avatarSebastian Herbszt <herbszt@gmx.de>
      Reviewed-by: default avatarHannes Reinecke <hare@suse.com>
      Reviewed-by: default avatarEwan D. Milne <emilne@redhat.com>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      1723fd01
    • Paolo Abeni's avatar
      ipv4: fix broadcast packets reception · ffca9ff5
      Paolo Abeni authored
      commit ad0ea198 upstream.
      
      Currently, ingress ipv4 broadcast datagrams are dropped since,
      in udp_v4_early_demux(), ip_check_mc_rcu() is invoked even on
      bcast packets.
      
      This patch addresses the issue, invoking ip_check_mc_rcu()
      only for mcast packets.
      
      Fixes: 6e540309 ("ipv4/udp: Verify multicast group is ours in upd_v4_early_demux()")
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Acked-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      ffca9ff5
    • NeilBrown's avatar
      sunrpc/cache: drop reference when sunrpc_cache_pipe_upcall() detects a race · 413a039e
      NeilBrown authored
      commit a6ab1e81 upstream.
      
      sunrpc_cache_pipe_upcall() can detect a race if CACHE_PENDING is no longer
      set.  In this case it aborts the queuing of the upcall.
      However it has already taken a new counted reference on "h" and
      doesn't "put" it, even though it frees the data structure holding the reference.
      
      So let's delay the "cache_get" until we know we need it.
      
      Fixes: f9e1aedc ("sunrpc/cache: remove races with queuing an upcall.")
      Signed-off-by: default avatarNeilBrown <neilb@suse.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      413a039e
    • Geert Uytterhoeven's avatar
      rtc: vr41xx: Wire up alarm_irq_enable · ae8eef7c
      Geert Uytterhoeven authored
      commit a25f4a95 upstream.
      
      drivers/rtc/rtc-vr41xx.c:229: warning: ‘vr41xx_rtc_alarm_irq_enable’ defined but not used
      
      Apparently the conversion to alarm_irq_enable forgot to wire up the
      callback.
      
      Fixes: 16380c15 ("RTC: Convert rtc drivers to use the alarm_irq_enable method")
      Signed-off-by: default avatarGeert Uytterhoeven <geert@linux-m68k.org>
      Signed-off-by: default avatarAlexandre Belloni <alexandre.belloni@free-electrons.com>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      ae8eef7c
    • Ard Biesheuvel's avatar
      efi: Expose non-blocking set_variable() wrapper to efivars · 7a5dd31f
      Ard Biesheuvel authored
      commit 9c6672ac upstream.
      
      Commit 6d80dba1 ("efi: Provide a non-blocking SetVariable()
      operation") implemented a non-blocking alternative for the UEFI
      SetVariable() invocation performed by efivars, since it may
      occur in atomic context. However, this version of the function
      was never exposed via the efivars struct, so the non-blocking
      versions was not actually callable. Fix that.
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarMatt Fleming <matt@codeblueprint.co.uk>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: linux-efi@vger.kernel.org
      Fixes: 6d80dba1 ("efi: Provide a non-blocking SetVariable() operation")
      Link: http://lkml.kernel.org/r/1454364428-494-2-git-send-email-matt@codeblueprint.co.ukSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      7a5dd31f
    • Pali Rohár's avatar
      ARM: OMAP3: Add cpuidle parameters table for omap3430 · e7c4a301
      Pali Rohár authored
      commit 98f42221 upstream.
      
      Based on CPU type choose generic omap3 or omap3430 specific cpuidle
      parameters. Parameters for omap3430 were measured on Nokia N900 device and
      added by commit 5a1b1d3a ("OMAP3: RX-51: Pass cpu idle parameters")
      which were later removed by commit 231900af ("ARM: OMAP3: cpuidle -
      remove rx51 cpuidle parameters table") due to huge code complexity.
      
      This patch brings cpuidle parameters for omap3430 devices again, but uses
      simple condition based on CPU type.
      
      Fixes: 231900af ("ARM: OMAP3: cpuidle - remove rx51 cpuidle
      parameters table")
      Signed-off-by: default avatarPali Rohár <pali.rohar@gmail.com>
      Acked-by: default avatarDaniel Lezcano <daniel.lezcano@linaro.org>
      Signed-off-by: default avatarTony Lindgren <tony@atomide.com>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      e7c4a301
    • Linus Walleij's avatar
      mtd: map: fix .set_vpp() documentation · c9b0be50
      Linus Walleij authored
      commit 95a001f2 upstream.
      
      As of commit 876fe76d
      "mtd: maps: physmap: Add reference counter to set_vpp()"
      the comment in the header file is incorrect and misleading.
      Fix it up.
      
      Cc: Russell King <linux@arm.linux.org.uk>
      Cc: Paul Parsons <lost.distance@yahoo.com>
      Fixes: 876fe76d ("mtd: maps: physmap: Add reference counter to set_vpp()")
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      Signed-off-by: default avatarBrian Norris <computersforpeace@gmail.com>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      c9b0be50
    • Dan Carpenter's avatar
      drm/amdkfd: uninitialized variable in dbgdev_wave_control_set_registers() · 2d4a884f
      Dan Carpenter authored
      commit 93fce954 upstream.
      
      At the end of the function we expect "status" to be zero, but it's
      either -EINVAL or uninitialized.
      
      Fixes: 788bf83d ('drm/amdkfd: Add wave control operation to debugger')
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarOded Gabbay <oded.gabbay@gmail.com>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      2d4a884f
    • Arnd Bergmann's avatar
      ARM: davinci: make I2C support optional · 24f9c786
      Arnd Bergmann authored
      commit 8e580411 upstream.
      
      The davinci platform has tried to get support for the EEPROM right,
      but failed to get a clean build so far. At the moment, we get
      a warning whenever CONFIG_SYSFS is disabled, as that is needed by
      EEPROM_AT24:
      
      warning: (MACH_DAVINCI_EVM && MACH_SFFSDR && MACH_DAVINCI_DM6467_EVM && MACH_DAVINCI_DM365_EVM && MACH_DAVINCI_DA830_EVM && MACH_MITYOMAPL138 && MACH_MINI2440) selects EEPROM_AT24 which has unmet direct dependencies (I2C && SYSFS)
      
      Kevin Hilman initially added the 'select' to ensure that EEPROM_AT24
      is always enabled in machines that really want it for normal operation
      (i.e. for reading the MAC address). This broke when I2C was disabled,
      and Russell King followed up with another patch to select that as
      well.
      
      I now see that the SYSFS dependency is still missing, which leaves
      us with three options:
      
      a) add 'select SYSFS' in addition to the others
      b) change AT24_EEPPROM to work without sysfs (should be possible)
      c) remove all those selects again and get the files to build when
         I2C is disabled.
      
      I would really hate to do a) because adding select statements that
      hardwire user-selectable symbols is generally a bad idea. I first
      tried b) but then ended up redoing the patch from scratch to approach
      c), so we can also remove the other selects.
      
      I checked that CONFIG_I2C is still enabled with davinci_all_defconfig,
      so that does not have to change.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Fixes: 45b146d7 ("ARM: Davinci: Fix I2C build errors")
      Fixes: 22ca4668 ("davinci: kconfig: select at24 eeprom for selected boards")
      Signed-off-by: default avatarSekhar Nori <nsekhar@ti.com>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      24f9c786
    • Dan Carpenter's avatar
      rtc: ds1685: passing bogus values to irq_restore · cc715b07
      Dan Carpenter authored
      commit 8c09b9fd upstream.
      
      We call spin_lock_irqrestore with "flags" set to zero instead of to the
      value from spin_lock_irqsave().
      
      Fixes: aaaf5fbf ('rtc: add driver for DS1685 family of real time clocks')
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarAlexandre Belloni <alexandre.belloni@free-electrons.com>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      cc715b07
    • Marcin Ślusarz's avatar
      perf tools: handle spaces in file names obtained from /proc/pid/maps · 774c371e
      Marcin Ślusarz authored
      commit 89fee59b upstream.
      
      Steam frequently puts game binaries in folders with spaces.
      
      Note: "(deleted)" markers are now treated as part of the file name.
      Signed-off-by: default avatarMarcin Ślusarz <marcin.slusarz@gmail.com>
      Acked-by: default avatarNamhyung Kim <namhyung@kernel.org>
      Fixes: 60648033 ("perf tools: Use sscanf for parsing /proc/pid/maps")
      Link: http://lkml.kernel.org/r/20160119190303.GA17579@marcin-Inspiron-7720Signed-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      774c371e
    • Arnd Bergmann's avatar
      ath9k: fix buffer overrun for ar9287 · 6221b57f
      Arnd Bergmann authored
      commit 83d6f1f1 upstream.
      
      Code that was added back in 2.6.38 has an obvious overflow
      when accessing a static array, and at the time it was added
      only a code comment was put in front of it as a reminder
      to have it reviewed properly.
      
      This has not happened, but gcc-6 now points to the specific
      overflow:
      
      drivers/net/wireless/ath/ath9k/eeprom.c: In function 'ath9k_hw_get_gain_boundaries_pdadcs':
      drivers/net/wireless/ath/ath9k/eeprom.c:483:44: error: array subscript is above array bounds [-Werror=array-bounds]
           maxPwrT4[i] = data_9287[idxL].pwrPdg[i][4];
                         ~~~~~~~~~~~~~~~~~~~~~~~~~^~~
      
      It turns out that the correct array length exists in the local
      'intercepts' variable of this function, so we can just use that
      instead of hardcoding '4', so this patch changes all three
      instances to use that variable. The other two instances were
      already correct, but it's more consistent this way.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Fixes: 940cd2c1 ("ath9k_hw: merge the ar9287 version of ath9k_hw_get_gain_boundaries_pdadcs")
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      6221b57f
    • Dan Carpenter's avatar
      ata: ahci_xgene: dereferencing uninitialized pointer in probe · f011636f
      Dan Carpenter authored
      commit 8134233e upstream.
      
      If the call to acpi_get_object_info() fails then "info" hasn't been
      initialized.  In that situation, we already know that "version" should
      be XGENE_AHCI_V1 so we don't actually need to dereference "info".
      
      Fixes: c9802a4b ('ata: ahci_xgene: Add AHCI Support for 2nd HW version of APM X-Gene SoC AHCI SATA Host controller.')
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      f011636f
    • Addy Ke's avatar
      spi: rockchip: modify DMA max burst to 1 · 86766cbb
      Addy Ke authored
      commit 80abf888 upstream.
      
      Generic dma controller on Rockchips' platform cannot support
      DMAFLUSHP instruction which make dma to flush the req of non-aligned
      or non-multiple of what we need. That will cause an unrecoverable
      dma bus error. The saftest way is to set dma max burst to 1.
      Signed-off-by: default avatarAddy ke <addy.ke@rock-chips.com>
      Fixes: 64e36824 ("spi/rockchip: add driver for Rockchip...")
      Signed-off-by: default avatarShawn Lin <shawn.lin@rock-chips.com>
      cc: Heiko Stuebner <heiko@sntech.de>
      cc: Olof Johansson <olof@lixom.net>
      cc: Doug Anderson <dianders@chromium.org>
      cc: Sonny Rao <sonnyrao@chromium.org>
      Acked-by: default avatarMark Brown <broonie@kernel.org>
      Signed-off-by: default avatarCaesar Wang <wxt@rock-chips.com>
      Signed-off-by: default avatarVinod Koul <vinod.koul@intel.com>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      86766cbb
    • Ville Syrjälä's avatar
      drm/i915: Cleanup phys status page too · b81ebc22
      Ville Syrjälä authored
      commit 7d3fdfff upstream.
      
      Restore the lost phys status page cleanup.
      
      Fixes the following splat with DMA_API_DEBUG=y:
      
      WARNING: CPU: 0 PID: 21615 at ../lib/dma-debug.c:974 dma_debug_device_change+0x190/0x1f0()
      pci 0000:00:02.0: DMA-API: device driver has pending DMA allocations while released from device [count=1]
                     One of leaked entries details: [device address=0x0000000023163000] [size=4096 bytes] [mapped with DMA_BIDIRECTIONAL] [mapped as coherent]
      Modules linked in: i915(-) i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops drm sha256_generic hmac drbg ctr ccm sch_fq_codel binfmt_misc joydev mousedev arc4 ath5k iTCO_wdt mac80211 smsc_ircc2 ath snd_intel8x0m snd_intel8x0 snd_ac97_codec ac97_bus psmouse snd_pcm input_leds i2c_i801 pcspkr snd_timer cfg80211 snd soundcore i2c_core ehci_pci firewire_ohci ehci_hcd firewire_core lpc_ich 8139too rfkill crc_itu_t mfd_core mii usbcore rng_core intel_agp intel_gtt usb_common agpgart irda crc_ccitt fujitsu_laptop led_class parport_pc video parport evdev backlight
      CPU: 0 PID: 21615 Comm: rmmod Tainted: G     U          4.4.0-rc4-mgm-ovl+ #4
      Hardware name: FUJITSU SIEMENS LIFEBOOK S6120/FJNB16C, BIOS Version 1.26  05/10/2004
       e31a3de0 e31a3de0 e31a3d9c c128d4bd e31a3dd0 c1045a0c c15e00c4 e31a3dfc
       0000546f c15dfad2 000003ce c12b3740 000003ce c12b3740 00000000 00000001
       f61fb8a0 e31a3de8 c1045a83 00000009 e31a3de0 c15e00c4 e31a3dfc e31a3e4c
      Call Trace:
       [<c128d4bd>] dump_stack+0x16/0x19
       [<c1045a0c>] warn_slowpath_common+0x8c/0xd0
       [<c12b3740>] ? dma_debug_device_change+0x190/0x1f0
       [<c12b3740>] ? dma_debug_device_change+0x190/0x1f0
       [<c1045a83>] warn_slowpath_fmt+0x33/0x40
       [<c12b3740>] dma_debug_device_change+0x190/0x1f0
       [<c1065499>] notifier_call_chain+0x59/0x70
       [<c10655af>] __blocking_notifier_call_chain+0x3f/0x80
       [<c106560f>] blocking_notifier_call_chain+0x1f/0x30
       [<c134cfb3>] __device_release_driver+0xc3/0xf0
       [<c134d0d7>] driver_detach+0x97/0xa0
       [<c134c440>] bus_remove_driver+0x40/0x90
       [<c134db18>] driver_unregister+0x28/0x60
       [<c1079e8c>] ? trace_hardirqs_on_caller+0x12c/0x1d0
       [<c12c0618>] pci_unregister_driver+0x18/0x80
       [<f83e96e7>] drm_pci_exit+0x87/0xb0 [drm]
       [<f8b3be2d>] i915_exit+0x1b/0x1ee [i915]
       [<c10b999c>] SyS_delete_module+0x14c/0x210
       [<c1079e8c>] ? trace_hardirqs_on_caller+0x12c/0x1d0
       [<c115a9bd>] ? ____fput+0xd/0x10
       [<c1002014>] do_fast_syscall_32+0xa4/0x450
       [<c149f6fa>] sysenter_past_esp+0x3b/0x5d
      ---[ end trace c2ecbc77760f10a0 ]---
      Mapped at:
       [<c12b3183>] debug_dma_alloc_coherent+0x33/0x90
       [<f83e989c>] drm_pci_alloc+0x18c/0x1e0 [drm]
       [<f8acd59f>] intel_init_ring_buffer+0x2af/0x490 [i915]
       [<f8acd8b0>] intel_init_render_ring_buffer+0x130/0x750 [i915]
       [<f8aaea4e>] i915_gem_init_rings+0x1e/0x110 [i915]
      
      v2: s/BUG_ON/WARN_ON/ since dim doens't like the former anymore
      
      Cc: Chris Wilson <chris@chris-wilson.co.uk>
      Fixes: 5c6c6003 ("drm/i915: Remove DRI1 ring accessors and API")
      Signed-off-by: default avatarVille Syrjälä <ville.syrjala@linux.intel.com>
      Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk> (v1)
      Link: http://patchwork.freedesktop.org/patch/msgid/1452538112-5331-1-git-send-email-ville.syrjala@linux.intel.comReviewed-by: default avatarDaniel Vetter <daniel.vetter@ffwll.ch>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      b81ebc22
    • Marco Angaroni's avatar
      ipvs: correct initial offset of Call-ID header search in SIP persistence engine · d753cb88
      Marco Angaroni authored
      commit 7617a24f upstream.
      
      The IPVS SIP persistence engine is not able to parse the SIP header
      "Call-ID" when such header is inserted in the first positions of
      the SIP message.
      
      When IPVS is configured with "--pe sip" option, like for example:
      ipvsadm -A -u 1.2.3.4:5060 -s rr --pe sip -p 120 -o
      some particular messages (see below for details) do not create entries
      in the connection template table, which can be listed with:
      ipvsadm -Lcn --persistent-conn
      
      Problematic SIP messages are SIP responses having "Call-ID" header
      positioned just after message first line:
      SIP/2.0 200 OK
      [Call-ID header here]
      [rest of the headers]
      
      When "Call-ID" header is positioned down (after a few other headers)
      it is correctly recognized.
      
      This is due to the data offset used in get_callid function call inside
      ip_vs_pe_sip.c file: since dptr already points to the start of the
      SIP message, the value of dataoff should be initially 0.
      Otherwise the header is searched starting from some bytes after the
      first character of the SIP message.
      
      Fixes: 758ff033 ("IPVS: sip persistence engine")
      Signed-off-by: default avatarMarco Angaroni <marcoangaroni@gmail.com>
      Acked-by: default avatarJulian Anastasov <ja@ssi.bg>
      Signed-off-by: default avatarSimon Horman <horms@verge.net.au>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      d753cb88
    • Srinivas Kandagatla's avatar
      clk: qcom: msm8960: fix ce3_core clk enable register · d77dd6c7
      Srinivas Kandagatla authored
      commit 732d6913 upstream.
      
      This patch corrects the enable register offset which is actually 0x36cc
      instead of 0x36c4
      Signed-off-by: default avatarSrinivas Kandagatla <srinivas.kandagatla@linaro.org>
      Fixes: 5f775498 ("clk: qcom: Fully support apq8064 global clock control")
      Signed-off-by: default avatarStephen Boyd <sboyd@codeaurora.org>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      d77dd6c7
    • Sushaanth Srirangapathi's avatar
      fbdev: da8xx-fb: fix videomodes of lcd panels · 4c50185e
      Sushaanth Srirangapathi authored
      commit 713fced8 upstream.
      
      Commit 028cd86b ("video: da8xx-fb: fix the polarities of the
      hsync/vsync pulse") fixes polarities of HSYNC/VSYNC pulse but
      forgot to update known_lcd_panels[] which had sync values
      according to old logic. This breaks LCD at least on DA850 EVM.
      
      This patch fixes this issue and I have tested this for panel
      "Sharp_LK043T1DG01" using DA850 EVM board.
      
      Fixes: 028cd86b ("video: da8xx-fb: fix the polarities of the hsync/vsync pulse")
      Signed-off-by: default avatarSushaanth Srirangapathi <sushaanth.s@ti.com>
      Signed-off-by: default avatarTomi Valkeinen <tomi.valkeinen@ti.com>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      4c50185e
    • Lars-Peter Clausen's avatar
      ASoC: ssm4567: Reset device before regcache_sync() · ee08b7fb
      Lars-Peter Clausen authored
      commit 712a8038 upstream.
      
      When the ssm4567 is powered up the driver calles regcache_sync() to restore
      the register map content. regcache_sync() assumes that the device is in its
      power-on reset state. Make sure that this is the case by explicitly
      resetting the ssm4567 register map before calling regcache_sync() otherwise
      we might end up with a incorrect register map which leads to undefined
      behaviour.
      
      One such undefined behaviour was observed when returning from system
      suspend while a playback stream is active, in that case the ssm4567 was
      kept muted after resume.
      
      Fixes: 1ee44ce0 ("ASoC: ssm4567: Add driver for Analog Devices SSM4567 amplifier")
      Reported-by: default avatarHarsha Priya <harshapriya.n@intel.com>
      Tested-by: default avatarFang, Yang A <yang.a.fang@intel.com>
      Signed-off-by: default avatarLars-Peter Clausen <lars@metafoo.de>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      ee08b7fb
    • Or Gerlitz's avatar
      net/mlx5: Make command timeout way shorter · e9e88e89
      Or Gerlitz authored
      commit 6b6c07bd upstream.
      
      The command timeout is terribly long, whole two hours. Make it 60s so if
      things do go wrong, the user gets feedback in relatively short time, so
      they can take corrective actions and/or investigate using tools and such.
      
      Fixes: e126ba97 ('mlx5: Add driver for Mellanox Connect-IB adapters')
      Signed-off-by: default avatarOr Gerlitz <ogerlitz@mellanox.com>
      Signed-off-by: default avatarLeon Romanovsky <leonro@mellanox.com>
      Signed-off-by: default avatarSaeed Mahameed <saeedm@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      e9e88e89
    • Grazvydas Ignotas's avatar
      HID: logitech: fix Dual Action gamepad support · c4a11f51
      Grazvydas Ignotas authored
      commit 5d74325a upstream.
      
      The patch that added Logitech Dual Action gamepad support forgot to
      update the special driver list for the device. This caused the logitech
      driver not to probe unless kernel module load order was favorable.
      Update the special driver list to fix it. Thanks to Simon Wood for the
      idea.
      
      Cc: Vitaly Katraew <zawullon@gmail.com>
      Fixes: 56d0c8b7 ("HID: add support for Logitech Dual Action gamepads")
      Signed-off-by: default avatarGrazvydas Ignotas <notasas@gmail.com>
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      c4a11f51
    • Ben Hutchings's avatar
      misc/bmp085: Enable building as a module · feb8cd8c
      Ben Hutchings authored
      commit 50e6315d upstream.
      
      Commit 985087db 'misc: add support for bmp18x chips to the bmp085
      driver' changed the BMP085 config symbol to a boolean.  I see no
      reason why the shared code cannot be built as a module, so change it
      back to tristate.
      
      Fixes: 985087db ("misc: add support for bmp18x chips to the bmp085 driver")
      Cc: Eric Andersson <eric.andersson@unixphere.com>
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      Acked-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      feb8cd8c
    • Heiko Stuebner's avatar
      clk-divider: make sure read-only dividers do not write to their register · fef94aaf
      Heiko Stuebner authored
      commit 50359819 upstream.
      
      Commit e6d5e7d9 ("clk-divider: Fix READ_ONLY when divider > 1") removed
      the special ops struct for read-only clocks and instead opted to handle
      them inside the regular ops.
      
      On the rk3368 this results in breakage as aclkm now gets set a value.
      While it is the same divider value, the A53 core still doesn't like it,
      which can result in the cpu ending up in a hang.
      The reason being that "ACLKENMasserts one clock cycle before the rising
      edge of ACLKM" and the clock should only be touched when STANDBYWFIL2
      is asserted.
      
      To fix this, reintroduce the read-only ops but do include the round_rate
      callback. That way no writes that may be unsafe are done to the divider
      register in any case.
      
      The Rockchip use of the clk_divider_ops is adapted to this split again,
      as is the nxp, lpc18xx-ccu driver that was included since the original
      commit. On lpc18xx-ccu the divider seems to always be read-only
      so only uses the new ops now.
      
      Fixes: e6d5e7d9 ("clk-divider: Fix READ_ONLY when divider > 1")
      Reported-by: default avatarZhang Qing <zhangqing@rock-chips.com>
      Signed-off-by: default avatarHeiko Stuebner <heiko@sntech.de>
      Signed-off-by: default avatarStephen Boyd <sboyd@codeaurora.org>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      fef94aaf
    • Arnd Bergmann's avatar
      megaraid_sas: add missing curly braces in ioctl handler · 7978bbdb
      Arnd Bergmann authored
      commit 3deb9438 upstream.
      
      gcc-6 found a dubious indentation in the megasas_mgmt_fw_ioctl
      function:
      
      drivers/scsi/megaraid/megaraid_sas_base.c: In function 'megasas_mgmt_fw_ioctl':
      drivers/scsi/megaraid/megaraid_sas_base.c:6658:4: warning: statement is indented as if it were guarded by... [-Wmisleading-indentation]
          kbuff_arr[i] = NULL;
          ^~~~~~~~~
      drivers/scsi/megaraid/megaraid_sas_base.c:6653:3: note: ...this 'if' clause, but it is not
         if (kbuff_arr[i])
         ^~
      
      The code is actually correct, as there is no downside in clearing a NULL
      pointer again.
      
      This clarifies the code and avoids the warning by adding extra curly
      braces.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Fixes: 90dc9d98 ("megaraid_sas : MFI MPT linked list corruption fix")
      Reviewed-by: default avatarHannes Reinecke <hare@suse.com>
      Acked-by: default avatarSumit Saxena <sumit.saxena@broadcom.com>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      7978bbdb
    • Dan Carpenter's avatar
      ethernet: micrel: fix some error codes · 0840c269
      Dan Carpenter authored
      commit 3af0d554 upstream.
      
      There were two issues here:
      1) dma_mapping_error() return true/false but we want to return -ENOMEM
      2) If dmaengine_prep_slave_sg() failed then "err" wasn't set but
         presumably that should be -ENOMEM as well.
      
      I changed the success path to "return 0;" instead of "return ret;" for
      clarity.
      
      Fixes: 94fe8c68 ('ks8842: Support DMA when accessed via timberdale')
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      0840c269
    • Xin Long's avatar
      sctp: fix the transports round robin issue when init is retransmitted · c56f6820
      Xin Long authored
      commit 39d2adeb upstream.
      
      prior to this patch, at the beginning if we have two paths in one assoc,
      they may have the same params other than the last_time_heard, it will try
      the paths like this:
      
      1st cycle
        try trans1 fail.
        then trans2 is selected.(cause it's last_time_heard is after trans1).
      
      2nd cycle:
        try  trans2 fail
        then trans2 is selected.(cause it's last_time_heard is after trans1).
      
      3rd cycle:
        try  trans2 fail
        then trans2 is selected.(cause it's last_time_heard is after trans1).
      
      ....
      
      trans1 will never have change to be selected, which is not what we expect.
      we should keeping round robin all the paths if they are just added at the
      beginning.
      
      So at first every tranport's last_time_heard should be initialized 0, so
      that we ensure they have the same value at the beginning, only by this,
      all the transports could get equal chance to be selected.
      
      Then for sctp_trans_elect_best, it should return the trans_next one when
      *trans == *trans_next, so that we can try next if it fails,  but now it
      always return trans. so we can fix it by exchanging these two params when
      we calls sctp_trans_elect_tie().
      
      Fixes: 4c47af4d ('net: sctp: rework multihoming retransmission path selection to rfc4960')
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Acked-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Acked-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      c56f6820
    • Arnd Bergmann's avatar
      ath9k: fix misleading indentation · fcb1bd78
      Arnd Bergmann authored
      commit 362210e0 upstream.
      
      A cleanup patch in linux-3.18 moved around some code in the ath9k
      driver and left some code to be indented in a misleading way,
      made worse by the addition of some new code for p2p mode, as
      discovered by a new gcc-6 warning:
      
      drivers/net/wireless/ath/ath9k/init.c: In function 'ath9k_set_hw_capab':
      drivers/net/wireless/ath/ath9k/init.c:851:4: warning: statement is indented as if it were guarded by... [-Wmisleading-indentation]
          hw->wiphy->iface_combinations = if_comb;
          ^~
      drivers/net/wireless/ath/ath9k/init.c:847:3: note: ...this 'if' clause, but it is not
         if (ath9k_is_chanctx_enabled())
         ^~
      
      The code is in fact correct, but the indentation is not, so I'm
      reformatting it as it should have been after the original cleanup.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Fixes: 499afacc ("ath9k: Isolate ath9k_use_chanctx module parameter")
      Fixes: eb61f9f6 ("ath9k: advertise p2p dev support when chanctx")
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      fcb1bd78
    • Arnaldo Carvalho de Melo's avatar
      net: Fix use after free in the recvmmsg exit path · 23d651a6
      Arnaldo Carvalho de Melo authored
      commit 34b88a68 upstream.
      
      The syzkaller fuzzer hit the following use-after-free:
      
        Call Trace:
         [<ffffffff8175ea0e>] __asan_report_load8_noabort+0x3e/0x40 mm/kasan/report.c:295
         [<ffffffff851cc31a>] __sys_recvmmsg+0x6fa/0x7f0 net/socket.c:2261
         [<     inline     >] SYSC_recvmmsg net/socket.c:2281
         [<ffffffff851cc57f>] SyS_recvmmsg+0x16f/0x180 net/socket.c:2270
         [<ffffffff86332bb6>] entry_SYSCALL_64_fastpath+0x16/0x7a
        arch/x86/entry/entry_64.S:185
      
      And, as Dmitry rightly assessed, that is because we can drop the
      reference and then touch it when the underlying recvmsg calls return
      some packets and then hit an error, which will make recvmmsg to set
      sock->sk->sk_err, oops, fix it.
      Reported-and-Tested-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Cc: Alexander Potapenko <glider@google.com>
      Cc: Eric Dumazet <edumazet@google.com>
      Cc: Kostya Serebryany <kcc@google.com>
      Cc: Sasha Levin <sasha.levin@oracle.com>
      Fixes: a2e27255 ("net: Introduce recvmmsg socket syscall")
      http://lkml.kernel.org/r/20160122211644.GC2470@redhat.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      23d651a6
    • Michal Kazior's avatar
      mac80211: fix txq queue related crashes · fa88268d
      Michal Kazior authored
      commit 2a58d42c upstream.
      
      The driver can access the queue simultanously
      while mac80211 tears down the interface. Without
      spinlock protection this could lead to corrupting
      sk_buff_head and subsequently to an invalid
      pointer dereference.
      
      Fixes: ba8c3d6f ("mac80211: add an intermediate software queue implementation")
      Signed-off-by: default avatarMichal Kazior <michal.kazior@tieto.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      fa88268d
    • Vineet Gupta's avatar
      ARC: bitops: Remove non relevant comments · a31d8e0e
      Vineet Gupta authored
      commit 2a41b6dc upstream.
      
      commit 80f42084 removed the ARC bitops microoptimization but failed
      to prune the comments to same effect
      
      Fixes: 80f42084 ("ARC: Make ARC bitops "safer" (add anti-optimization)")
      Signed-off-by: default avatarVineet Gupta <vgupta@synopsys.com>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      a31d8e0e
    • Shawn Lin's avatar
      clk: rockchip: free memory in error cases when registering clock branches · 9c6b50ce
      Shawn Lin authored
      commit 2467b674 upstream.
      
      Add free memeory if rockchip_clk_register_branch fails.
      
      Fixes: a245fecb ("clk: rockchip: add basic infrastructure...")
      Signed-off-by: default avatarShawn Lin <shawn.lin@rock-chips.com>
      Signed-off-by: default avatarHeiko Stuebner <heiko@sntech.de>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      9c6b50ce
    • Dan Carpenter's avatar
      mdio-sun4i: oops in error handling in probe · c8fd1825
      Dan Carpenter authored
      commit 227f33be upstream.
      
      We could end up dereferencing an error pointer when we call
      regulator_disable().
      
      Fixes: 4bdcb1dd ('net: Add MDIO bus driver for the Allwinner EMAC')
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Acked-by: default avatarChen-Yu Tsai <wens@csie.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      c8fd1825
    • Guillaume Nault's avatar
      ppp: take reference on channels netns · 181e4533
      Guillaume Nault authored
      commit 1f461dcd upstream.
      
      Let channels hold a reference on their network namespace.
      Some channel types, like ppp_async and ppp_synctty, can have their
      userspace controller running in a different namespace. Therefore they
      can't rely on them to preclude their netns from being removed from
      under them.
      
      ==================================================================
      BUG: KASAN: use-after-free in ppp_unregister_channel+0x372/0x3a0 at
      addr ffff880064e217e0
      Read of size 8 by task syz-executor/11581
      =============================================================================
      BUG net_namespace (Not tainted): kasan: bad access detected
      -----------------------------------------------------------------------------
      
      Disabling lock debugging due to kernel taint
      INFO: Allocated in copy_net_ns+0x6b/0x1a0 age=92569 cpu=3 pid=6906
      [<      none      >] ___slab_alloc+0x4c7/0x500 kernel/mm/slub.c:2440
      [<      none      >] __slab_alloc+0x4c/0x90 kernel/mm/slub.c:2469
      [<     inline     >] slab_alloc_node kernel/mm/slub.c:2532
      [<     inline     >] slab_alloc kernel/mm/slub.c:2574
      [<      none      >] kmem_cache_alloc+0x23a/0x2b0 kernel/mm/slub.c:2579
      [<     inline     >] kmem_cache_zalloc kernel/include/linux/slab.h:597
      [<     inline     >] net_alloc kernel/net/core/net_namespace.c:325
      [<      none      >] copy_net_ns+0x6b/0x1a0 kernel/net/core/net_namespace.c:360
      [<      none      >] create_new_namespaces+0x2f6/0x610 kernel/kernel/nsproxy.c:95
      [<      none      >] copy_namespaces+0x297/0x320 kernel/kernel/nsproxy.c:150
      [<      none      >] copy_process.part.35+0x1bf4/0x5760 kernel/kernel/fork.c:1451
      [<     inline     >] copy_process kernel/kernel/fork.c:1274
      [<      none      >] _do_fork+0x1bc/0xcb0 kernel/kernel/fork.c:1723
      [<     inline     >] SYSC_clone kernel/kernel/fork.c:1832
      [<      none      >] SyS_clone+0x37/0x50 kernel/kernel/fork.c:1826
      [<      none      >] entry_SYSCALL_64_fastpath+0x16/0x7a kernel/arch/x86/entry/entry_64.S:185
      
      INFO: Freed in net_drop_ns+0x67/0x80 age=575 cpu=2 pid=2631
      [<      none      >] __slab_free+0x1fc/0x320 kernel/mm/slub.c:2650
      [<     inline     >] slab_free kernel/mm/slub.c:2805
      [<      none      >] kmem_cache_free+0x2a0/0x330 kernel/mm/slub.c:2814
      [<     inline     >] net_free kernel/net/core/net_namespace.c:341
      [<      none      >] net_drop_ns+0x67/0x80 kernel/net/core/net_namespace.c:348
      [<      none      >] cleanup_net+0x4e5/0x600 kernel/net/core/net_namespace.c:448
      [<      none      >] process_one_work+0x794/0x1440 kernel/kernel/workqueue.c:2036
      [<      none      >] worker_thread+0xdb/0xfc0 kernel/kernel/workqueue.c:2170
      [<      none      >] kthread+0x23f/0x2d0 kernel/drivers/block/aoe/aoecmd.c:1303
      [<      none      >] ret_from_fork+0x3f/0x70 kernel/arch/x86/entry/entry_64.S:468
      INFO: Slab 0xffffea0001938800 objects=3 used=0 fp=0xffff880064e20000
      flags=0x5fffc0000004080
      INFO: Object 0xffff880064e20000 @offset=0 fp=0xffff880064e24200
      
      CPU: 1 PID: 11581 Comm: syz-executor Tainted: G    B           4.4.0+
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
      rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014
       00000000ffffffff ffff8800662c7790 ffffffff8292049d ffff88003e36a300
       ffff880064e20000 ffff880064e20000 ffff8800662c77c0 ffffffff816f2054
       ffff88003e36a300 ffffea0001938800 ffff880064e20000 0000000000000000
      Call Trace:
       [<     inline     >] __dump_stack kernel/lib/dump_stack.c:15
       [<ffffffff8292049d>] dump_stack+0x6f/0xa2 kernel/lib/dump_stack.c:50
       [<ffffffff816f2054>] print_trailer+0xf4/0x150 kernel/mm/slub.c:654
       [<ffffffff816f875f>] object_err+0x2f/0x40 kernel/mm/slub.c:661
       [<     inline     >] print_address_description kernel/mm/kasan/report.c:138
       [<ffffffff816fb0c5>] kasan_report_error+0x215/0x530 kernel/mm/kasan/report.c:236
       [<     inline     >] kasan_report kernel/mm/kasan/report.c:259
       [<ffffffff816fb4de>] __asan_report_load8_noabort+0x3e/0x40 kernel/mm/kasan/report.c:280
       [<     inline     >] ? ppp_pernet kernel/include/linux/compiler.h:218
       [<ffffffff83ad71b2>] ? ppp_unregister_channel+0x372/0x3a0 kernel/drivers/net/ppp/ppp_generic.c:2392
       [<     inline     >] ppp_pernet kernel/include/linux/compiler.h:218
       [<ffffffff83ad71b2>] ppp_unregister_channel+0x372/0x3a0 kernel/drivers/net/ppp/ppp_generic.c:2392
       [<     inline     >] ? ppp_pernet kernel/drivers/net/ppp/ppp_generic.c:293
       [<ffffffff83ad6f26>] ? ppp_unregister_channel+0xe6/0x3a0 kernel/drivers/net/ppp/ppp_generic.c:2392
       [<ffffffff83ae18f3>] ppp_asynctty_close+0xa3/0x130 kernel/drivers/net/ppp/ppp_async.c:241
       [<ffffffff83ae1850>] ? async_lcp_peek+0x5b0/0x5b0 kernel/drivers/net/ppp/ppp_async.c:1000
       [<ffffffff82c33239>] tty_ldisc_close.isra.1+0x99/0xe0 kernel/drivers/tty/tty_ldisc.c:478
       [<ffffffff82c332c0>] tty_ldisc_kill+0x40/0x170 kernel/drivers/tty/tty_ldisc.c:744
       [<ffffffff82c34943>] tty_ldisc_release+0x1b3/0x260 kernel/drivers/tty/tty_ldisc.c:772
       [<ffffffff82c1ef21>] tty_release+0xac1/0x13e0 kernel/drivers/tty/tty_io.c:1901
       [<ffffffff82c1e460>] ? release_tty+0x320/0x320 kernel/drivers/tty/tty_io.c:1688
       [<ffffffff8174de36>] __fput+0x236/0x780 kernel/fs/file_table.c:208
       [<ffffffff8174e405>] ____fput+0x15/0x20 kernel/fs/file_table.c:244
       [<ffffffff813595ab>] task_work_run+0x16b/0x200 kernel/kernel/task_work.c:115
       [<     inline     >] exit_task_work kernel/include/linux/task_work.h:21
       [<ffffffff81307105>] do_exit+0x8b5/0x2c60 kernel/kernel/exit.c:750
       [<ffffffff813fdd20>] ? debug_check_no_locks_freed+0x290/0x290 kernel/kernel/locking/lockdep.c:4123
       [<ffffffff81306850>] ? mm_update_next_owner+0x6f0/0x6f0 kernel/kernel/exit.c:357
       [<ffffffff813215e6>] ? __dequeue_signal+0x136/0x470 kernel/kernel/signal.c:550
       [<ffffffff8132067b>] ? recalc_sigpending_tsk+0x13b/0x180 kernel/kernel/signal.c:145
       [<ffffffff81309628>] do_group_exit+0x108/0x330 kernel/kernel/exit.c:880
       [<ffffffff8132b9d4>] get_signal+0x5e4/0x14f0 kernel/kernel/signal.c:2307
       [<     inline     >] ? kretprobe_table_lock kernel/kernel/kprobes.c:1113
       [<ffffffff8151d355>] ? kprobe_flush_task+0xb5/0x450 kernel/kernel/kprobes.c:1158
       [<ffffffff8115f7d3>] do_signal+0x83/0x1c90 kernel/arch/x86/kernel/signal.c:712
       [<ffffffff8151d2a0>] ? recycle_rp_inst+0x310/0x310 kernel/include/linux/list.h:655
       [<ffffffff8115f750>] ? setup_sigcontext+0x780/0x780 kernel/arch/x86/kernel/signal.c:165
       [<ffffffff81380864>] ? finish_task_switch+0x424/0x5f0 kernel/kernel/sched/core.c:2692
       [<     inline     >] ? finish_lock_switch kernel/kernel/sched/sched.h:1099
       [<ffffffff81380560>] ? finish_task_switch+0x120/0x5f0 kernel/kernel/sched/core.c:2678
       [<     inline     >] ? context_switch kernel/kernel/sched/core.c:2807
       [<ffffffff85d794e9>] ? __schedule+0x919/0x1bd0 kernel/kernel/sched/core.c:3283
       [<ffffffff81003901>] exit_to_usermode_loop+0xf1/0x1a0 kernel/arch/x86/entry/common.c:247
       [<     inline     >] prepare_exit_to_usermode kernel/arch/x86/entry/common.c:282
       [<ffffffff810062ef>] syscall_return_slowpath+0x19f/0x210 kernel/arch/x86/entry/common.c:344
       [<ffffffff85d88022>] int_ret_from_sys_call+0x25/0x9f kernel/arch/x86/entry/entry_64.S:281
      Memory state around the buggy address:
       ffff880064e21680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
       ffff880064e21700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
      >ffff880064e21780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                                             ^
       ffff880064e21800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
       ffff880064e21880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
      ==================================================================
      
      Fixes: 273ec51d ("net: ppp_generic - introduce net-namespace functionality v2")
      Reported-by: default avatarBaozeng Ding <sploving1@gmail.com>
      Signed-off-by: default avatarGuillaume Nault <g.nault@alphalink.fr>
      Reviewed-by: default avatarCyrill Gorcunov <gorcunov@openvz.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      181e4533
    • Arnd Bergmann's avatar
      xen kconfig: don't "select INPUT_XEN_KBDDEV_FRONTEND" · 09adbef4
      Arnd Bergmann authored
      commit 13aa38e2 upstream.
      
      The Xen framebuffer driver selects the xen keyboard driver, so the latter
      will be built-in if XEN_FBDEV_FRONTEND=y. However, when CONFIG_INPUT
      is a loadable module, this configuration cannot work. On mainline kernels,
      the symbol will be enabled but not used, while in combination with
      a patch I have to detect such useless configurations, we get the
      expected link failure:
      
      drivers/input/built-in.o: In function `xenkbd_remove':
      xen-kbdfront.c:(.text+0x2f0): undefined reference to `input_unregister_device'
      xen-kbdfront.c:(.text+0x30e): undefined reference to `input_unregister_device'
      
      This removes the extra "select", as it just causes more trouble than
      it helps. In theory, some defconfig file might break if it has
      XEN_FBDEV_FRONTEND in it but not INPUT_XEN_KBDDEV_FRONTEND. The Kconfig
      fragment we ship in the kernel (kernel/configs/xen.config) however
      already enables both, and anyone using an old .config file would
      keep having both enabled.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Suggested-by: default avatarDavid Vrabel <david.vrabel@citrix.com>
      Fixes: 36c1132e ("xen kconfig: fix select INPUT_XEN_KBDDEV_FRONTEND")
      Acked-by: default avatarStefano Stabellini <stefano.stabellini@eu.citrix.com>
      Signed-off-by: default avatarTomi Valkeinen <tomi.valkeinen@ti.com>
      Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
      09adbef4