| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching
Pull livepatching fix from Jiri Kosina:
- fix for potential race with module loading, from Petr Mladek.
The race is very unlikely to be seen in real world and has been found
by code inspection, but should be fixed for 4.0 anyway.
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching:
livepatch: Fix subtle race with coming and going modules
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid
Pull HID fixes from Jiri Kosina:
- fixes for pen pen proximity / touch events in wacom driver, from Ping
Cheng and Benjamin Tissoires
- two new device-specific quirks from Oliver Neukum and Forest
Wilkinson
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
HID: wacom: check for wacom->shared before following the pointer
HID: tivo: enable all buttons on the TiVo Slide Pro remote
HID: add ALWAYS_POLL quirk for a Logitech 0xc007
HID: wacom: rely on actual touch down count to decide touch_down
HID: wacom: do not send pen events before touch is up/forced out
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Ingo Molnar:
"Misc fixes from all around the place:
- a KASLR related revert where we ran out of time to get a fix - this
represents a substantial portion of the diffstat,
- two FPU fixes,
- two x86 platform fixes: an ACPI reduced-hw fix and a NumaChip fix,
- an entry code fix,
- and a VDSO build fix"
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
Revert "x86/mm/ASLR: Propagate base load address calculation"
x86/fpu: Drop_fpu() should not assume that tsk equals current
x86/fpu: Avoid math_state_restore() without used_math() in __restore_xstate_sig()
x86/apic/numachip: Fix sibling map with NumaChip
x86/platform, acpi: Bypass legacy PIC and PIT in ACPI hardware reduced mode
x86/asm/entry/32: Fix user_mode() misuses
x86/vdso: Fix the build on GCC5
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull perf and timer fixes from Ingo Molnar:
"Two small perf fixes:
- kernel side context leak fix
- tooling crash fix
And two clocksource driver fixes"
* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf: Fix context leak in put_event()
perf annotate: Fix fallback to unparsed disassembler line
* 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
clockevents: sun5i: Fix setup_irq init sequence
clocksource: efm32: Fix a NULL pointer dereference
|
|
486b908 (HID: wacom: do not send pen events before touch is up/forced out)
introduces a kernel oops when plugging a tablet without touch.
wacom->shared is null for these devices so this leads to a null pointer
exception.
Change the condition to make it clear that what we need is wacom->shared
not NULL.
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator
Pull regulator fixes from Mark Brown:
"The two main fixes here from Javier and Doug both fix issues seen on
the Exynos-based ARM Chromebooks with reference counting of GPIO
regulators over system suspend. The GPIO enable code didn't properly
take account of this case (a full analysis is in Doug's commit log).
This is fixed by both fixing the reference counting directly and by
making the resume code skip enables it doesn't need to do. We could
skip the change in the resume code but it's a very simple change and
adds extra robustness against problems in other drivers"
* tag 'regulator-fix-v4.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
regulator: tps65910: Add missing #include <linux/of.h>
regulator: core: Fix enable GPIO reference counting
regulator: Only enable disabled regulators on resume
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap
Pull regmap fixes from Mark Brown:
"A few things here:
- a change from Lars to fix insertion of cache values at the start of
rather than end of a rbtree block. This hadn't been noticed before
since almost everything lists registers in ascending order.
- a fix from Takashi for spurious warnings during cache sync with
read once registers, a problem which can be very noticeable on
devices that it affects.
- a fix from Valentin for a tighening of the oneshot IRQ request
interface which would have broken affected devices"
* tag 'regmap-v4.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap:
regmap: regcache-rbtree: Fix present bitmap resize
regmap: Skip read-only registers in regcache_sync()
regmap-irq: set IRQF_ONESHOT flag to ensure IRQ request
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux
Pull virtio fixes from Rusty Russell:
"Not entirely surprising: the ongoing QEMU work on virtio 1.0 has
revealed more minor issues with our virtio 1.0 drivers just introduced
in the kernel.
(I would normally use my fixes branch for this, but there were a batch
of them...)"
* tag 'virtio-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux:
virtio_mmio: fix access width for mmio
uapi/virtio_scsi: allow overriding CDB/SENSE size
virtio_mmio: generation support
virtio_rpmsg: set DRIVER_OK before using device
9p/trans_virtio: fix hot-unplug
virtio-balloon: do not call blocking ops when !TASK_RUNNING
virtio_blk: fix comment for virtio 1.0
virtio_blk: typo fix
virtio_balloon: set DRIVER_OK before using device
virtio_console: avoid config access from irq
virtio_console: init work unconditionally
|
|
Pull kvm fixes from Marcelo Tosatti:
"KVM bug fixes (ARM and x86)"
* git://git.kernel.org/pub/scm/virt/kvm/kvm:
arm/arm64: KVM: Keep elrsr/aisr in sync with software model
KVM: VMX: Set msr bitmap correctly if vcpu is in guest mode
arm/arm64: KVM: fix missing unlock on error in kvm_vgic_create()
kvm: x86: i8259: return initialized data on invalid-size read
arm64: KVM: Fix outdated comment about VTCR_EL2.PS
arm64: KVM: Do not use pgd_index to index stage-2 pgd
arm64: KVM: Fix stage-2 PGD allocation to have per-page refcounting
kvm: move advertising of KVM_CAP_IRQFD to common code
|
|
As pointed by recent post[1] on exploiting DRAM physical imperfection,
/proc/PID/pagemap exposes sensitive information which can be used to do
attacks.
This disallows anybody without CAP_SYS_ADMIN to read the pagemap.
[1] http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
[ Eventually we might want to do anything more finegrained, but for now
this is the simple model. - Linus ]
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Acked-by: Konstantin Khlebnikov <khlebnikov@openvz.org>
Acked-by: Andy Lutomirski <luto@amacapital.net>
Cc: Pavel Emelyanov <xemul@parallels.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Mark Seaborn <mseaborn@chromium.org>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
There is a notifier that handles live patches for coming and going modules.
It takes klp_mutex lock to avoid races with coming and going patches but
it does not keep the lock all the time. Therefore the following races are
possible:
1. The notifier is called sometime in STATE_MODULE_COMING. The module
is visible by find_module() in this state all the time. It means that
new patch can be registered and enabled even before the notifier is
called. It might create wrong order of stacked patches, see below
for an example.
2. New patch could still see the module in the GOING state even after
the notifier has been called. It will try to initialize the related
object structures but the module could disappear at any time. There
will stay mess in the structures. It might even cause an invalid
memory access.
This patch solves the problem by adding a boolean variable into struct module.
The value is true after the coming and before the going handler is called.
New patches need to be applied when the value is true and they need to ignore
the module when the value is false.
Note that we need to know state of all modules on the system. The races are
related to new patches. Therefore we do not know what modules will get
patched.
Also note that we could not simply ignore going modules. The code from the
module could be called even in the GOING state until mod->exit() finishes.
If we start supporting patches with semantic changes between function
calls, we need to apply new patches to any still usable code.
See below for an example.
Finally note that the patch solves only the situation when a new patch is
registered. There are no such problems when the patch is being removed.
It does not matter who disable the patch first, whether the normal
disable_patch() or the module notifier. There is nothing to do
once the patch is disabled.
Alternative solutions:
======================
+ reject new patches when a patched module is coming or going; this is ugly
+ wait with adding new patch until the module leaves the COMING and GOING
states; this might be dangerous and complicated; we would need to release
kgr_lock in the middle of the patch registration to avoid a deadlock
with the coming and going handlers; also we might need a waitqueue for
each module which seems to be even bigger overhead than the boolean
+ stop modules from entering COMING and GOING states; wait until modules
leave these states when they are already there; looks complicated; we would
need to ignore the module that asked to stop the others to avoid a deadlock;
also it is unclear what to do when two modules asked to stop others and
both are in COMING state (situation when two new patches are applied)
+ always register/enable new patches and fix up the potential mess (registered
patches order) in klp_module_init(); this is nasty and prone to regressions
in the future development
+ add another MODULE_STATE where the kallsyms are visible but the module is not
used yet; this looks too complex; the module states are checked on "many"
locations
Example of patch stacking breakage:
===================================
The notifier could _not_ _simply_ ignore already initialized module objects.
For example, let's have three patches (P1, P2, P3) for functions a() and b()
where a() is from vmcore and b() is from a module M. Something like:
a() b()
P1 a1() b1()
P2 a2() b2()
P3 a3() b3(3)
If you load the module M after all patches are registered and enabled.
The ftrace ops for function a() and b() has listed the functions in this
order:
ops_a->func_stack -> list(a3,a2,a1)
ops_b->func_stack -> list(b3,b2,b1)
, so the pointer to b3() is the first and will be used.
Then you might have the following scenario. Let's start with state when patches
P1 and P2 are registered and enabled but the module M is not loaded. Then ftrace
ops for b() does not exist. Then we get into the following race:
CPU0 CPU1
load_module(M)
complete_formation()
mod->state = MODULE_STATE_COMING;
mutex_unlock(&module_mutex);
klp_register_patch(P3);
klp_enable_patch(P3);
# STATE 1
klp_module_notify(M)
klp_module_notify_coming(P1);
klp_module_notify_coming(P2);
klp_module_notify_coming(P3);
# STATE 2
The ftrace ops for a() and b() then looks:
STATE1:
ops_a->func_stack -> list(a3,a2,a1);
ops_b->func_stack -> list(b3);
STATE2:
ops_a->func_stack -> list(a3,a2,a1);
ops_b->func_stack -> list(b2,b1,b3);
therefore, b2() is used for the module but a3() is used for vmcore
because they were the last added.
Example of the race with going modules:
=======================================
CPU0 CPU1
delete_module() #SYSCALL
try_stop_module()
mod->state = MODULE_STATE_GOING;
mutex_unlock(&module_mutex);
klp_register_patch()
klp_enable_patch()
#save place to switch universe
b() # from module that is going
a() # from core (patched)
mod->exit();
Note that the function b() can be called until we call mod->exit().
If we do not apply patch against b() because it is in MODULE_STATE_GOING,
it will call patched a() with modified semantic and things might get wrong.
[jpoimboe@redhat.com: use one boolean instead of two]
Signed-off-by: Petr Mladek <pmladek@suse.cz>
Acked-by: Josh Poimboeuf <jpoimboe@redhat.com>
Acked-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
|
|
Going over the virtio mmio code, I noticed that it doesn't correctly
access modern device config values using "natural" accessors: it uses
readb to get/set them byte by byte, while the virtio 1.0 spec explicitly states:
4.2.2.2 Driver Requirements: MMIO Device Register Layout
...
The driver MUST only use 32 bit wide and aligned reads and writes to
access the control registers described in table 4.1.
For the device-specific configuration space, the driver MUST use
8 bit wide accesses for 8 bit wide fields, 16 bit wide and aligned
accesses for 16 bit wide fields and 32 bit wide and aligned accesses for
32 and 64 bit wide fields.
Borrow code from virtio_pci_modern to do this correctly.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm
Fixes for KVM/ARM for 4.0-rc5.
Fixes page refcounting issues in our Stage-2 page table management code,
fixes a missing unlock in a gicv3 error path, and fixes a race that can
cause lost interrupts if signals are pending just prior to entering the
guest.
|
|
'regulator/fix/tps65910' into regulator-linus
|
|
drivers/regulator/tps65910-regulator.c: In function ‘tps65910_parse_dt_reg_data’:
drivers/regulator/tps65910-regulator.c:1018: error: implicit declaration of function ‘of_get_child_by_name’
drivers/regulator/tps65910-regulator.c:1018: warning: assignment makes pointer from integer without a cast
drivers/regulator/tps65910-regulator.c:1034: error: implicit declaration of function ‘of_node_put’
drivers/regulator/tps65910-regulator.c:1056: error: implicit declaration of function ‘of_property_read_u32’
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Mark Brown <broonie@kernel.org>
|
|
This reverts commit:
f47233c2d34f ("x86/mm/ASLR: Propagate base load address calculation")
The main reason for the revert is that the new boot flag does not work
at all currently, and in order to make this work, we need non-trivial
changes to the x86 boot code which we didn't manage to get done in
time for merging.
And even if we did, they would've been too risky so instead of
rushing things and break booting 4.1 on boxes left and right, we
will be very strict and conservative and will take our time with
this to fix and test it properly.
Reported-by: Yinghai Lu <yinghai@kernel.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Baoquan He <bhe@redhat.com>
Cc: H. Peter Anvin <hpa@linux.intel.com
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Josh Triplett <josh@joshtriplett.org>
Cc: Junjie Mao <eternal.n08@gmail.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Fleming <matt.fleming@intel.com>
Link: http://lkml.kernel.org/r/20150316100628.GD22995@pd.tnic
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
|
|
|
Pull drm fix from Dave Airlie:
"An oops snuck in in an -rc3 patch, this fixes it"
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
[PATCH] drm/mm: Fix support 4 GiB and larger ranges
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux
Pull clock framework fixes from Michael Turquette:
"The clk fixes for 4.0-rc4 comprise three themes.
First are the usual driver fixes for new regressions since v3.19.
Second are fixes to the common clock divider type caused by recent
changes to how we round clock rates. This affects many clock drivers
that use this common code.
Finally there are fixes for drivers that improperly compared struct
clk pointers (drivers must not deref these pointers). While some of
these drivers have done this for a long time, this did not cause a
problem until we started generating unique struct clk pointers for
every consumer. A new function, clk_is_match was introduced to get
these drivers working again and they are fixed up to no longer deref
the pointers themselves"
* tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
ASoC: kirkwood: fix struct clk pointer comparing
ASoC: fsl_spdif: fix struct clk pointer comparing
ARM: imx: fix struct clk pointer comparing
clk: introduce clk_is_match
clk: don't export static symbol
clk: divider: fix calculation of initial best divider when rounding to closest
clk: divider: fix selection of divider when rounding to closest
clk: divider: fix calculation of maximal parent rate for a given divider
clk: divider: return real rate instead of divider value
clk: qcom: fix platform_no_drv_owner.cocci warnings
clk: qcom: fix platform_no_drv_owner.cocci warnings
clk: qcom: Add PLL4 vote clock
clk: qcom: lcc-msm8960: Fix PLL rate detection
clk: qcom: Fix slimbus n and m val offsets
clk: ti: Fix FAPLL parent enable bit handling
|
|
bad argument if(tmp)... in check_free_hole
fix oops: kernel BUG at drivers/gpu/drm/drm_mm.c:305!
[airlied: excellent, this was my task for today].
Signed-off-by: Krzysztof Kolasa <kkolasa@winsoft.pl>
Reviewed-by: Chris wilson <chris@chris-wilson.co.uk>
Signed-off-by: Dave Airlie <airlied@redhat.com>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Pull ARM SoC fixes from Arnd Bergmann:
"This is a rather unpleasantly large set of bug fixes for arm-soc, Most
of them because of cross-tree dependencies for Exynos where we should
have figured out the right path to merge things before the merge
window, and then the maintainer being unable to sort things out in
time during a business trip.
The other changes contained here are the usual collection:
MAINTAINERS file updates
- Gregory Clement is now a co-maintainer for the legacy Marvell EBU
platforms
- A MAINTAINERS entry for the Freescale Vybrid platform that was
added last year
- Matt Porter no longer works as a maintainer on Broadcom SoCs
Build-time issues
- A compile-time error for at91
- Several minor DT fixes on at91, imx, exynos, socfpga, and omap
- The new digicolor platform was not correctly enabled at all
Configuration issues
- Two defconfig fix for regressions using USB on versatile express
and on OMAP3
- Enabling all 8 CPUs on Allwinner/SUNxi
- Enabling the new STiH410 platform to be usable
Bug fixes in platform code
- A missing barrier for socfpga
- Fixing LPDDR1 self-refresh mode on at91
- Fixing RTC interrupt numbers on Exynos3250
- Fixing a cache-coherency issues in CPU power-down on Exynos5
- Multiple small OMAP power management fixes"
* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (69 commits)
MAINTAINERS: Add myself as co-maintainer to the legacy support of the mvebu SoCs
ARM: at91: pm_slowclock: fix the compilation error
ARM: at91/dt: fix USB high-speed clock to select UTMI
ARM: at91/dt: fix at91 udc compatible strings
ARM: at91/dt: declare matrix node as a syscon device
ARM: vexpress: update CONFIG_USB_ISP1760 option
ARM: digicolor: add the machine directory to Makefile
ARM: STi: Add STiH410 SoC support
MAINTAINERS: add Freescale Vybrid SoC
MAINTAINERS: Remove self as ARM mach-bcm co-maintainer
ARM: imx6sl-evk: set swbst_reg as vbus's parent reg
ARM: imx6qdl-sabresd: set swbst_reg as vbus's parent reg
ARM: at91/dt: at91sam9261: fix clocks and clock-names in udc definition
ARM: OMAP2+: Fix wl12xx on dm3730-evm with mainline u-boot
ARM: OMAP: enable TWL4030_USB in omap2plus_defconfig
ARM: dts: dra7x-evm: avoid possible contention while muxing on CAN lines
ARM: dts: dra7x-evm: Don't use dcan1_rx.gpio1_15 in DCAN pinctrl
ARM: dts: am43xx: fix SLEWCTRL_FAST pinctrl binding
ARM: dts: am33xx: fix SLEWCTRL_FAST pinctrl binding
ARM: dts: OMAP5: fix polling intervals for thermal zones
...
|
|
Pull irqchip fixes from Jason Cooper:
"armada-370-xp:
- Chained per-cpu interrupts
gic{,-v3,v3-its}"
- Various fixes for safer operation"
* tag 'irqchip-fixes-4.0' of git://git.infradead.org/users/jcooper/linux:
irqchip: gicv3-its: Support safe initialization
irqchip: gicv3-its: Define macros for GITS_CTLR fields
irqchip: gicv3-its: Add limitation to page order
irqchip: gicv3-its: Use 64KB page as default granule
irqchip: gicv3-its: Zero itt before handling to hardware
irqchip: gic-v3: Fix out of bounds access to cpu_logical_map
irqchip: gic: Fix unsafe locking reported by lockdep
irqchip: gicv3-its: Fix unsafe locking reported by lockdep
irqchip: gicv3-its: Iterate over PCI aliases to generate ITS configuration
irqchip: gicv3-its: Allocate enough memory for the full range of DeviceID
irqchip: gicv3-its: Fix ITS CPU init
irqchip: armada-370-xp: Fix chained per-cpu interrupts
|
|
The linux kernel has supported the TiVo Slide remote control for some time, but
does not recognize the USB ID of the newer Slide Pro. This patch adds the
missing data structures so the newer remote will be recognized by the driver,
thereby allowing the TiVo, LiveTV, and Thumbs Up/Down buttons to be
mapped with a hwdb file.
Signed-off-by: Forest Wilkinson <web11.forest@tibit.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
|
|
|
|
Pull drm fixes from Dave Airlie:
"Misc i915, vmwgfx and radeon fixes along with a fix for one of those
recursive sleep mutex debug cases in the mst code"
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
drm/vmwgfx: Fix an issue with the device losing its irq line on module unload
drm/vmwgfx: Correctly NULLify dma buffer pointer on failure
drm/vmwgfx: Reorder device takedown somewhat
drm/vmwgfx: Fix a couple of lock dependency violations
drm/radeon: drop setting UPLL to sleep mode
drm/radeon: fix wait to actually occur after the signaling callback
drm/i915: Prevent TLB error on first execution on SNB
drm/i915: Do both mt and gen6 style forcewake reset on ivb probe
drm/i915: Make WAIT_IOCTL negative timeouts be indefinite again
drm/i915: use in_interrupt() not in_irq() to check context
drm/mst: fix recursive sleep warning on qlock
drm: Don't assign fbs for universal cursor support to files
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fix from James Bottomley:
"This is a simple fix for a domain revalidation crash which has
recently turned up in the libsas code (applies to mvsas, isc and
aic94xx)"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
libsas: Fix Kernel Crash in smp_execute_task
|
|
Pull file locking bugfix from Jeff Layton:
"Just a small fix for a potential problem in one of the lease
tracepoints"
* tag 'locks-v4.0-4' of git://git.samba.org/jlayton/linux:
locks: fix generic_delete_lease tracepoint to use victim pointer
|
|
Pull VFIO fix from Alex Williamson:
"Add missing break to avoid clobbering ioctl (Alexey Kardashevskiy)"
* tag 'vfio-v4.0-rc4' of git://github.com/awilliam/linux-vfio:
vfio-pci: Add missing break to enable VFIO_PCI_ERR_IRQ_INDEX
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 fixes from Catalin Marinas:
- add TLB invalidation for page table tear-down which was missed when
support for CONFIG_HAVE_RCU_TABLE_FREE was added (assuming page table
freeing was always deferred)
- use UEFI for system and reset poweroff if available
- fix asm label placement in relation to the alignment statement
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: put __boot_cpu_mode label after alignment instead of before
efi/arm64: use UEFI for system reset and poweroff
arm64: Invalidate the TLB corresponding to intermediate page table levels
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
Pull Kselftest fix from Shuah Khan:
"selftests/exec: Check if the syscall exists and bail if not"
* tag 'linux-kselftest-4.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
selftests/exec: Check if the syscall exists and bail if not
|
|
It's possible that "fl" won't point at a valid lock at this point, so
use "victim" instead which is either a valid lock or NULL.
Signed-off-by: Jeff Layton <jeff.layton@primarydata.com>
|
|
There is an interesting bug in the vgic code, which manifests itself
when the KVM run loop has a signal pending or needs a vmid generation
rollover after having disabled interrupts but before actually switching
to the guest.
In this case, we flush the vgic as usual, but we sync back the vgic
state and exit to userspace before entering the guest. The consequence
is that we will be syncing the list registers back to the software model
using the GICH_ELRSR and GICH_EISR from the last execution of the guest,
potentially overwriting a list register containing an interrupt.
This showed up during migration testing where we would capture a state
where the VM has masked the arch timer but there were no interrupts,
resulting in a hung test.
Cc: Marc Zyngier <marc.zyngier@arm.com>
Reported-by: Alex Bennee <alex.bennee@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
|
|
Another one for the big head.S spring cleaning: the label should
be after the .align or it may point to the padding.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
|
|
If UEFI Runtime Services are available, they are preferred over direct
PSCI calls or other methods to reset the system.
For the reset case, we need to hook into machine_restart(), as the
arm_pm_restart function pointer may be overwritten by modules.
Tested-by: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Matt Fleming <matt.fleming@intel.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
|
|
The ARM architecture allows the caching of intermediate page table
levels and page table freeing requires a sequence like:
pmd_clear()
TLB invalidation
pte page freeing
With commit 5e5f6dc10546 (arm64: mm: enable HAVE_RCU_TABLE_FREE logic),
the page table freeing batching was moved from tlb_remove_page() to
tlb_remove_table(). The former takes care of TLB invalidation as this is
also shared with pte clearing and page cache page freeing. The latter,
however, does not invalidate the TLBs for intermediate page table levels
as it probably relies on the architecture code to do it if required.
When the mm->mm_users < 2, tlb_remove_table() does not do any batching
and page table pages are freed before tlb_finish_mmu() which performs
the actual TLB invalidation.
This patch introduces __tlb_flush_pgtable() for arm64 and calls it from
the {pte,pmd,pud}_free_tlb() directly without relying on deferred page
table freeing.
Fixes: 5e5f6dc10546 arm64: mm: enable HAVE_RCU_TABLE_FREE logic
Reported-by: Jon Masters <jcm@redhat.com>
Tested-by: Jon Masters <jcm@redhat.com>
Tested-by: Steve Capper <steve.capper@linaro.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull power management and ACPI fixes from Rafael Wysocki:
"Just two fixes, one for an ACPI LPSS driver issue introduced during
the 3.17 cycle and one revert of a recent commit that sort of broke
the cpupower tool.
Specifics:
- Fix an ACPI LPSS (Low-Power Subsystem) driver issue causing the
8250_dw driver to confuse an LPSS clock with another one it is
supposed to handle due to the lack of identification allowing it to
tell those clocks apart (Heikki Krogerus).
- Revert a recent commit that was supposed to improve the usability
of the cpupower tool, but clearly did the opposite (Josh Boyer)"
* tag 'pm+acpi-4.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
Revert "cpupower Makefile change to help run the tool without 'make install'"
ACPI / LPSS: provide con_id for the clkdev
|
|
I will also take care of the legacy support(not fully converted to DT)
of the mvebu SoCs.
Signed-off-by: Gregory CLEMENT <gregory.clement@free-electrons.com>
Acked-by: Andrew Lunn <andrew@lunn.ch>
Acked-by: Jason Cooper <jason@lakedaemon.net>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
* pm-tools:
Revert "cpupower Makefile change to help run the tool without 'make install'"
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip
Pull xen bug fixes from David Vrabel:
- fix a PV regression in 3.19.
- fix a dom0 crash on hosts with large numbers of PIRQs.
- prevent pcifront from disabling memory or I/O port access, which may
trigger host crashes.
* tag 'stable/for-linus-4.0-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
xen-pciback: limit guest control of command register
xen/events: avoid NULL pointer dereference in dom0 on large machines
xen: Remove trailing semicolon from xenbus_register_frontend() definition
x86/xen: correct bug in p2m list initialization
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"This is a round of HD-audio fixes: there are a long-standing
regression fix and a few more device/codec-specific quirks.
In addition, a couple of FireWire regression fixes, a USB-audio quirk
for Roland UA-22 and a sanity check in API for user-defined control
elements"
* tag 'sound-4.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda - Don't access stereo amps for mono channel widgets
ALSA: hda - Add workaround for MacBook Air 5,2 built-in mic
ALSA: hda - Set single_adc_amp flag for CS420x codecs
ALSA: snd-usb: add quirks for Roland UA-22
ALSA: control: Add sanity checks for user ctl id name string
ALSA: hda - Fix built-in mic on Compaq Presario CQ60
ALSA: firewire-lib: leave unit reference counting completely
Revert "ALSA: dice: fix wrong offsets for Dice interface"
ALSA: hda - Fix regression of HD-audio controller fallback modes
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux
Pull DeviceTree fixes from Rob Herring:
- fix for stdout-path option parsing with added unittest
- fix for stdout-path interaction with earlycon
- several DT unittest fixes
- fix Sparc allmodconfig build error on of_platform_register_reconfig_notifier
- several DT overlay kconfig and build warning fixes
- several DT binding documentation updates
* tag 'devicetree-fixes-for-4.0' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
of/platform: Fix sparc:allmodconfig build
of: unittest: Add options string testcase variants
of: fix handling of '/' in options for of_find_node_by_path()
of/unittest: Fix the wrong expected value in of_selftest_property_string
of/unittest: remove the duplicate of_changeset_init
dt: submitting-patches: clarify that DT maintainers are to be cced on bindings
of: unittest: fix I2C dependency
of/overlay: Remove unused variable
Documentation: DT: Renamed of-serial.txt to 8250.txt
of: Fix premature bootconsole disable with 'stdout-path'
serial: add device tree binding documentation for ETRAX FS UART
of/overlay: Directly include idr.h
of: Drop superfluous dependance for OF_OVERLAY
of: Add vendor prefix for Arasan
of: Add prompt for OF_OVERLAY config
|
|
Pull gadgetfs fixes from Al Viro:
"Assorted fixes around AIO on gadgetfs: leaks, use-after-free, troubles
caused by ->f_op flipping"
* 'gadget' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
gadgetfs: really get rid of switching ->f_op
gadgetfs: get rid of flipping ->f_op in ep_config()
gadget: switch ep_io_operations to ->read_iter/->write_iter
gadgetfs: use-after-free in ->aio_read()
gadget/function/f_fs.c: switch to ->{read,write}_iter()
gadget/function/f_fs.c: use put iov_iter into io_data
gadget/function/f_fs.c: close leaks
move iov_iter.c from mm/ to lib/
new helper: dup_iter()
|
|
sparc:allmodconfig fails to build with:
drivers/built-in.o: In function `platform_bus_init':
(.init.text+0x3684): undefined reference to `of_platform_register_reconfig_notifier'
of_platform_register_reconfig_notifier is only declared if both OF_ADDRESS
and OF_DYNAMIC are configured. Yet, the include file only declares a dummy
function if OF_DYNAMIC is not configured. The sparc architecture does not
configure OF_ADDRESS, but does configure OF_DYNAMIC, causing above error.
Fixes: 801d728c10db ("of/reconfig: Add OF_DYNAMIC notifier for platform_bus_type")
Cc: Pantelis Antoniou <pantelis.antoniou@konsulko.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Rob Herring <robh@kernel.org>
|
|
In commit 3af18d9c5fe9 ("KVM: nVMX: Prepare for using hardware MSR bitmap"),
we are setting MSR_BITMAP in prepare_vmcs02 if we should use hardware. This
is not enough since the field will be modified by following vmx_set_efer.
Fix this by setting vmx_msr_bitmap_nested in vmx_set_msr_bitmap if vcpu is
in guest mode.
Signed-off-by: Wincy Van <fanwenyi0529@gmail.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
|
|
drop_fpu() does clear_used_math() and usually this is correct
because tsk == current.
However switch_fpu_finish()->restore_fpu_checking() is called before
__switch_to() updates the "current_task" variable. If it fails,
we will wrongly clear the PF_USED_MATH flag of the previous task.
So use clear_stopped_child_used_math() instead.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Rik van Riel <riel@redhat.com>
Cc: <stable@vger.kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Pekka Riikonen <priikone@iki.fi>
Cc: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Cc: Suresh Siddha <sbsiddha@gmail.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/20150309171041.GB11388@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
|
__restore_xstate_sig()
math_state_restore() assumes it is called with irqs disabled,
but this is not true if the caller is __restore_xstate_sig().
This means that if ia32_fxstate == T and __copy_from_user()
fails, __restore_xstate_sig() returns with irqs disabled too.
This triggers:
BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:41
dump_stack
___might_sleep
? _raw_spin_unlock_irqrestore
__might_sleep
down_read
? _raw_spin_unlock_irqrestore
print_vma_addr
signal_fault
sys32_rt_sigreturn
Change __restore_xstate_sig() to call set_used_math()
unconditionally. This avoids enabling and disabling interrupts
in math_state_restore(). If copy_from_user() fails, we can
simply do fpu_finit() by hand.
[ Note: this is only the first step. math_state_restore() should
not check used_math(), it should set this flag. While
init_fpu() should simply die. ]
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: <stable@vger.kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Pekka Riikonen <priikone@iki.fi>
Cc: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Suresh Siddha <sbsiddha@gmail.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/20150307153844.GB25954@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
|
Add the missing unlock before return from function kvm_vgic_create()
in the error handling case.
Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
|
|
Commit:
a83fe28e2e45 ("perf: Fix put_event() ctx lock")
changed the locking logic in put_event() by replacing mutex_lock_nested()
with perf_event_ctx_lock_nested(), but didn't fix the subsequent
mutex_unlock() with a correct counterpart, perf_event_ctx_unlock().
Contexts are thus leaked as a result of incremented refcount
in perf_event_ctx_lock_nested().
Signed-off-by: Leon Yu <chianglungyu@gmail.com>
Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Fixes: a83fe28e2e45 ("perf: Fix put_event() ctx lock")
Link: http://lkml.kernel.org/r/1424954613-5034-1-git-send-email-chianglungyu@gmail.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
|
The current HDA generic parser initializes / modifies the amp values
always in stereo, but this seems causing the problem on ALC3229 codec
that has a few mono channel widgets: namely, these mono widgets react
to actions for both channels equally.
In the driver code, we do care the mono channel and create a control
only for the left channel (as defined in HD-audio spec) for such a
node. When the control is updated, only the left channel value is
changed. However, in the resume, the right channel value is also
restored from the initial value we took as stereo, and this overwrites
the left channel value. This ends up being the silent output as the
right channel has been never touched and remains muted.
This patch covers the places where unconditional stereo amp accesses
are done and converts to the conditional accesses.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=94581
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
|
QEMU wants to use virtio scsi structures with
a different VIRTIO_SCSI_CDB_SIZE/VIRTIO_SCSI_SENSE_SIZE,
let's add ifdefs to allow overriding them.
Keep the old defines under new names:
VIRTIO_SCSI_CDB_DEFAULT_SIZE/VIRTIO_SCSI_SENSE_DEFAULT_SIZE,
since that's what these values really are:
defaults for cdb/sense size fields.
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
