Jouni reported that if a remain-on-channel was active on the
same channel as the current operating channel, then the ROC
would start, but any frames transmitted using mgmt-tx on the
same channel would get delayed until after the ROC.
The reason for this is that the ROC starts, but doesn't have
any handling for "remain on the same channel", so it stops
the interface queues. The later mgmt-tx then puts the frame
on the interface queues (since it's on the current operating
channel) and thus they get delayed until after the ROC.
To fix this, add some logic to handle remaining on the same
channel specially and not stop the queues etc. in this case.
This not only fixes the bug but also improves behaviour in
this case as data frames etc. can continue to flow.
Cc: stable@vger.kernel.org
Reported-by: Jouni Malinen <j@w1.fi>
Tested-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This is a relatively large batch of fixes for the newly added
Haswell/Baytrail drivers from Intel. It's a bit larger than is good for
this point in the cycle but it's all for a newly added driver so not so
worrying as it might otherwise be. Some of it's integration problems,
some of it's the sort of problem usually turned up in stress tests.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJTc1YrAAoJELSic+t+oim9losP/0I50EKB6hrEugvFrNT+vBkR
OQxhcj+WGgIguVQNqaHPBr3rQ1iGG54C5Yf1KDSi2jNIjkHSTIJ1bT2QB40rmclT
14V6LZJL481TadcKcjLux1jgmaMvNO5Fa1gqYdLLVZFUYP/yTCLhqYrVIDO7NC6M
VCKtZ965l4u6TMJACTdz9MzCbAwlhb7OTpgxIiyVQlE4SPq2D7M8W9IceLjiDzGg
rviGK7MejMxc2b4i2vJGi4msaqK8aazDmMhoqrI+HZr/6pZgWkvKJ2S/zZf8AdEH
6KfEQ8vPU/ag8M4UoH72JJtn1gsjphkEY8GyNWCvP7fIXnpcYB34c/cyaaMQ6lGN
fGPfwQpbNobx3sJsPMRj21kFgy61rXM2PcbA4QEhPniHd6UlVPUgjkxBNE2YVM3d
0+tWtgzWVT10F10fcKIkw00/gDohBK+4rViAu0VK5Ml90F0eYLeITWYFVyjmU52f
7Q+0Duwm65LsA4hqFKcH5lRbk6IM29yRte/wGYY8mLWODADO0+cU6WmVRDHTlRFo
35HidtfY8EGcU+rS24XyGd0+GRoO+nghzKTckoD3z9OCPilePkMb/dD5vC7NvmMO
5Q15VbxmJgsus0aTDOPD634XoVTlQ/ESBA6bj5APylZorNKyANorJBphn4rBfZV+
GXtzzjFrllDCOpKtjDzB
=ROtF
-----END PGP SIGNATURE-----
Merge tag 'asoc-v3.15-rc5-intel' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: Intel fixes for v3.15
This is a relatively large batch of fixes for the newly added
Haswell/Baytrail drivers from Intel. It's a bit larger than is good for
this point in the cycle but it's all for a newly added driver so not so
worrying as it might otherwise be. Some of it's integration problems,
some of it's the sort of problem usually turned up in stress tests.
A small set of driver fixes, nothing remarkable in itself or of any
relevance outside of the driver.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJTc1hlAAoJELSic+t+oim9H/sP/A6r/9/qBesBiBvK7q+jXKNo
FW6M6zM2lZpLuAnUlSLNC6nb6e6nQYTvvCV4VIXfuj8r8NPMmxwdreg5Vp2fJdAk
0Qlr3l025B4VmPxqik5wA04jE74G8BW8ttXHpWxxOXdceaUJ4uDzryJBuCpV3vJk
+2gprKcnR4/wgqpzkGBAwNfurkfXOxpqB8DfPj+FcfRdWyxTqFtvZi+9dSwm2bLv
T7z8alaMcG/ZpkH7nF+Q4Vu/0tJhgyHIVRTFsJvBKNYVr8cdGi+VDq++AE/62YOE
v6EGpsrjn243AA8UDBnCznVVZcnwhSf33OpBg44DHb0/1J343x5r4bsGlQkb+19V
FkBBnhiozWRwVjTBU/E6ss5eua+ESNqL6/EFLpCrD7ykduNOxC/qyKJxcWmmYq9K
B7Z3tWjX/EzdQ/tMEt26MTnXWSmtk/Yq8dg2UDkdF5r4zBsGyNgHwpi1nbYDCNcm
alBF7TKkhCV5woJcF+ygG7oFarnQnjSL+J+LTuKRo1gn6k4/NWaVmb/8K9pkN5wS
hZhL12rjySVXcijrbwVJC9HfFYCtGDjJeTC0ifGQ9jTvEan/Hwi/vwk5XocTywbF
PglDm9ygwyLAC3A602RWhd/WdgLdmfCYuyKJEcnlnVlkEFmpa5LyJ7wSi6qYYmAk
j+xPZI2ROuKtebPAP6Es
=0trh
-----END PGP SIGNATURE-----
Merge tag 'asoc-v3.15-rc5-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: Driver fixes for v3.15
A small set of driver fixes, nothing remarkable in itself or of any
relevance outside of the driver.
A few things here:
- Fix the creation of spurious CODEC<->CODEC links which caused DAPM to
have audio paths which shouldn't be present causing spurious powerups
and potential audible issues for users.
- Ensure the suspend->off transition doesn't have spurious transitions
to prepare added to the sequence.
- Fix incorrect skipping of PCM suspension for active audio streams.
- Remove Timur Tabi from the CS4270 maintainers, Cirrus are now doing
this and Timur no longer has the boards that he was using.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJTc1qXAAoJELSic+t+oim9rQsP/0plEA4KmnSUAD5l+LnFLZVI
l4PrbTM9BrjdNpGk/dn0yeF9xAmKvlEa6hcclhPMSF5QIVWUxK5wiNZ4ZN1W64as
VQsh9XHnD0AHSCD1v7ugz3vh4bvDk2cQkQUsJb9CS4Eh4Dgt1T2bjk74K3AnUBCV
3yDkGW+15Yumo7WW8TKB1Qd7fIsuo95qua+caC1btnFz2VLWkdWixZ5D/t7tp4G2
SriITNMqUF6gT0RWCue9sDKyfMkCN8tIOh5mvckHEYWLC5/pSgi7zKabDulUayS9
GgG8mQIto49LL6NmzeyzBsDlf8Gk0O50BZOrEHvHQWw4dMiQ6ml8NTTxuz6oynzE
k/b1aBUlnOf7wFHA1ILIgAHq3rMah9+/XVkxnHqPBxmP9IgIZoL//rc3DwCtqMbs
CiIgHOPONdfiHtxMPJwCiBNqfQKDCerYVq4dmZTwU3m99Zn1keFKSZ2dcEWJK02S
s3kQlYQ6sStpGjPrlrDbS7UcNtX+pqSI2c46GXHHRsLZbAAhHe2kwQ2y/Iry0ntc
eh1ztL8FLZylEiXmYWjC2Sx5azKOhWVMJGdlKBbX3CNtxFTKzG0NXwHjXJXH72Y3
Zm8SS9lK4uuJz4IKr7k2RHXETxFb1vdFlijYN5VvkGmYBoGo69G/dFDv6QAg0Ow/
ANnqLBtrgKir3q49T2YQ
=s9u3
-----END PGP SIGNATURE-----
Merge tag 'asoc-v3.15-rc5-core' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: Core fixes for v3.15
A few things here:
- Fix the creation of spurious CODEC<->CODEC links which caused DAPM to
have audio paths which shouldn't be present causing spurious powerups
and potential audible issues for users.
- Ensure the suspend->off transition doesn't have spurious transitions
to prepare added to the sequence.
- Fix incorrect skipping of PCM suspension for active audio streams.
- Remove Timur Tabi from the CS4270 maintainers, Cirrus are now doing
this and Timur no longer has the boards that he was using.
tot_len does specify the size of struct ipv6_txoptions. We need opt_flen +
opt_nflen to calculate the overall length of additional ipv6 extensions.
I found this while auditing the ipv6 output path for a memory corruption
reported by Alexey Preobrazhensky while he fuzzed an instrumented
AddressSanitizer kernel with trinity. This may or may not be the cause
of the original bug.
Fixes: 4df98e76cd ("ipv6: pmtudisc setting not respected with UFO/CORK")
Reported-by: Alexey Preobrazhensky <preobr@google.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
net_get_random_once depends on the static keys infrastructure to patch up
the branch to the slow path during boot. This was realized by abusing the
static keys api and defining a new initializer to not enable the call
site while still indicating that the branch point should get patched
up. This was needed to have the fast path considered likely by gcc.
The static key initialization during boot up normally walks through all
the registered keys and either patches in ideal nops or enables the jump
site but omitted that step on x86 if ideal nops where already placed at
static_key branch points. Thus net_get_random_once branches not always
became active.
This patch switches net_get_random_once to the ordinary static_key
api and thus places the kernel fast path in the - by gcc considered -
unlikely path. Microbenchmarks on Intel and AMD x86-64 showed that
the unlikely path actually beats the likely path in terms of cycle cost
and that different nop patterns did not make much difference, thus this
switch should not be noticeable.
Fixes: a48e42920f ("net: introduce new macro net_get_random_once")
Reported-by: Tuomas Räsänen <tuomasjjrasanen@tjjr.fi>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
A MIPS64 kernel may support ELF files for all 3 MIPS ABIs
(O32, N32, N64). Furthermore, the AUDIT_ARCH_MIPS{,EL}64 token
does not provide enough information about the ABI for the 64-bit
process. As a result of which, userland needs to use complex
seccomp filters to decide whether a syscall belongs to the o32 or n32
or n64 ABI. Therefore, a new arch token for MIPS64/n32 is added so it
can be used by seccomp to explicitely set syscall filters for this ABI.
Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
Acked-by: Eric Paris <eparis@redhat.com>
Acked-by: Paul Moore <pmoore@redhat.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: linux-mips@linux-mips.org
Link: http://sourceforge.net/p/libseccomp/mailman/message/32239040/
Patchwork: https://patchwork.linux-mips.org/patch/6818/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
The invalidation is required in order to maintain proper semantics
under CoW conditions. In scenarios where a process clones several
threads, a thread operating on a core whose DTLB entry for a
particular hugepage has not been invalidated, will be reading from
the hugepage that belongs to the forked child process, even after
hugetlb_cow().
The thread will not see the updated page as long as the stale DTLB
entry remains cached, the thread attempts to write into the page,
the child process exits, or the thread gets migrated to a different
processor.
Signed-off-by: Anthony Iliopoulos <anthony.iliopoulos@huawei.com>
Link: http://lkml.kernel.org/r/20140514092948.GA17391@server-36.huawei.corp
Suggested-by: Shay Goikhman <shay.goikhman@huawei.com>
Acked-by: Dave Hansen <dave.hansen@intel.com>
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Cc: <stable@vger.kernel.org> # v2.6.16+ (!)
If a struct contains 64-bit fields, it is aligned on 64-bit boundaries
within containing structs in 64-bit compilations. This is the case with
struct v4l2_window, which contains pointers and is embedded into struct
v4l2_format, and that one is embedded into struct v4l2_create_buffers.
Unlike some other structs, used as a part of the kernel ABI as ioctl()
arguments, that are packed, these structs aren't packed. This isn't a
problem per se, but the ioctl-compat code for VIDIOC_CREATE_BUFS contains
a bug, that triggers in such 64-bit builds. That code wrongly assumes,
that in struct v4l2_create_buffers, struct v4l2_format immediately follows
the __u32 memory field, which in fact isn't the case. This bug wasn't
visible until now, because until recently hardly any applications used
this ioctl() and mostly embedded 32-bit only drivers implemented it. This
is changing now with addition of this ioctl() to some USB drivers, e.g.
UVC. This patch fixes the bug by copying parts of struct
v4l2_create_buffers separately.
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
Cc: stable@vger.kernel.org
Commit 75e2bdad89 "ov7670: allow
configuration of image size, clock speed, and I/O method" uses a wrong
index to iterate an array. Apart from being wrong, it also uses an
unchecked value from user-space, which can cause access to unmapped
memory in the kernel, triggered by a normal desktop user with rights to
use V4L2 devices.
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Acked-by: Jonathan Corbet <corbet@lwn.net>
Cc: stable@vger.kernel.org
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
bpf_alloc_binary() adds 128 bytes of room to JITed program image
and rounds it up to the nearest page size. If image size is close
to page size (like 4000), it is rounded to two pages:
round_up(4000 + 4 + 128) == 8192
then 'hole' is computed as 8192 - (4000 + 4) = 4188
If prandom_u32() % hole selects a number >= PAGE_SIZE - sizeof(*header)
then kernel will crash during bpf_jit_free():
kernel BUG at arch/x86/mm/pageattr.c:887!
Call Trace:
[<ffffffff81037285>] change_page_attr_set_clr+0x135/0x460
[<ffffffff81694cc0>] ? _raw_spin_unlock_irq+0x30/0x50
[<ffffffff810378ff>] set_memory_rw+0x2f/0x40
[<ffffffffa01a0d8d>] bpf_jit_free_deferred+0x2d/0x60
[<ffffffff8106bf98>] process_one_work+0x1d8/0x6a0
[<ffffffff8106bf38>] ? process_one_work+0x178/0x6a0
[<ffffffff8106c90c>] worker_thread+0x11c/0x370
since bpf_jit_free() does:
unsigned long addr = (unsigned long)fp->bpf_func & PAGE_MASK;
struct bpf_binary_header *header = (void *)addr;
to compute start address of 'bpf_binary_header'
and header->pages will pass junk to:
set_memory_rw(addr, header->pages);
Fix it by making sure that &header->image[prandom_u32() % hole] and &header
are in the same page
Fixes: 314beb9bca ("x86: bpf_jit_comp: secure bpf jit against spraying attacks")
Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Search for Broadcom specific ibft sign "BIFT"
along with other possible values on UEFI
This patch is fix for regression introduced in
“935a9fee51c945b8942be2d7b4bae069167b4886”.
https://lkml.org/lkml/2011/12/16/353
This impacts Broadcom CNA for iSCSI Boot on UEFI platform.
Signed-off-by: Vikas Chaudhary <vikas.chaudhary@qlogic.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Mike Christie <michaelc@cs.wisc.edu>
The register CLASS_D_CONTROL_1 is marked as volatile because it contains
a bit, DAC_MUTE, which is also mirrored in the ADC_DAC_CONTROL_1
register. This causes problems for the "Speaker Switch" control, which
will report an error if the CODEC is suspended because it relies on a
volatile register.
To resolve this issue mark CLASS_D_CONTROL_1 as non-volatile and
manually keep the register cache in sync by updating both bits when
changing the mute status.
Reported-by: Shawn Guo <shawn.guo@linaro.org>
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
Tested-by: Shawn Guo <shawn.guo@linaro.org>
Signed-off-by: Mark Brown <broonie@linaro.org>
Cc: stable@vger.kernel.org
Commit 10df350977 ("ASoC: Intel: Fix Audio DSP usage when IOMMU is
enabled.") caused following regression in Baytrail SST:
baytrail-pcm-audio baytrail-pcm-audio: error: DMA alloc failed
baytrail-pcm-audio baytrail-pcm-audio: error: failed to load firmware
Fix this by calling dma_coerce_mask_and_coherent() in sst_byt_init() with
the same dma_dev device what is now used in sst_fw_new() when allocating the
DMA buffer.
Signed-off-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
- properly release neigh_ifinfo in batadv_iv_ogm_process_per_outif()
- properly release orig_ifinfo->router when freeing orig_ifinfo
- properly release neigh_node objects during periodic check
- properly release neigh_info objects when the related hard_iface
is free'd
These changes are all very important because they fix some
reference counting imbalances that lead to the
impossibility of releasing the netdev object used by
batman-adv on shutdown.
The consequence is that such object cannot be destroyed by
the networking stack (the refcounter does not reach zero)
thus bringing the system in hanging state during a normal
reboot operation or a network reconfiguration.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABCAAGBQJTbyNlAAoJEEKTMo6mOh1VzeUQAJmcP73MMwdFDGfI+3DUD43Z
ziaWzHK1/NAkERIJMYu/Nj9BPhFJ/JgYNoYGd4eZ+0IVzIidBKffpGvZYLKJaBBb
kVzDt8sHgm7T+bmJdGK5zBCkCrQ66T1/7jF7evzWCtdmzAj9Ld+cJha6sZ6OLY4v
WusFFHH2yQgzOGML52HdM99lIfZJu53sdQtYrMI7FpmObwmoBw1VQsmLsJbbFj0A
XbFWYNOtQ0s8JvuHPnHB2gsczMXG6AdDuYdG1douOUryjsdg4AsKVWbPWaSuIyS9
ED6TiNsxtRt3A2YDgKrYmcGWHIc7CR4TE97DpdaB1xOEe/h0JPy8NEXaTiXifVi0
yWXaDZAl0J1gEKxda5foqIJZEScQyqWnAGFIIMVsxWxMpv9V3C+XaMgpgC5yQdoQ
hgs6lv8U/w7Qevu4oaU2oq64C5ipyzheLuL+l9Ykwig9brJ9pqvBhEr34VDyyLnK
l1VVQP5Y94gsPX2FuBaFgQ6oN3xjAkzFWDVKPtdYhMW7l93ER31KWgyJ53zK0Avk
wl/h5Xvep7vgA1pvyiu7Lom47QX2SVY3Xt6vsJ42qrR9bp1sLZ+piZaSBPTSuNmo
YySwgku6QlQfCFThh09zjuQ8+zwlq5Enjp+fvy/NtzEhTzK1gmknrQo0QF+Fj1Fj
5yz30/XWjUTn1dtBNeBw
=GsPT
-----END PGP SIGNATURE-----
Merge tag 'batman-adv-fix-for-davem' of git://git.open-mesh.org/linux-merge
Included changes:
- properly release neigh_ifinfo in batadv_iv_ogm_process_per_outif()
- properly release orig_ifinfo->router when freeing orig_ifinfo
- properly release neigh_node objects during periodic check
- properly release neigh_info objects when the related hard_iface
is free'd
These changes are all very important because they fix some
reference counting imbalances that lead to the
impossibility of releasing the netdev object used by
batman-adv on shutdown.
The consequence is that such object cannot be destroyed by
the networking stack (the refcounter does not reach zero)
thus bringing the system in hanging state during a normal
reboot operation or a network reconfiguration.
Since commit 7e98056964("ipv6: router reachability probing"), a router falls
into NUD_FAILED will be probed.
Now if function rt6_select() selects a router which neighbour state is NUD_FAILED,
and at the same time function rt6_probe() changes the neighbour state to NUD_PROBE,
then function dst_neigh_output() can directly send packets, but actually the
neighbour still is unreachable. If we set nud_state to NUD_INCOMPLETE instead
NUD_PROBE, packets will not be sent out until the neihbour is reachable.
In addition, because the route should be probes with a single NS, so we must
set neigh->probes to neigh_max_probes(), then the neigh timer timeout and function
neigh_timer_handler() will not send other NS Messages.
Signed-off-by: Duan Jiong <duanj.fnst@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Setting the P state of the core to max at init time is a hold over
from early implementation of intel_pstate where intel_pstate disabled
cpufreq and loaded VERY early in the boot sequence. This was to
ensure that intel_pstate did not affect boot time. This in not needed
now that intel_pstate is a cpufreq driver.
Removing this covers the case where a CPU has gone through a manual
CPU offline/online cycle and the P state is set to MAX on init and the
CPU immediately goes idle. Due to HW coordination the P state request
on the idle CPU will drag all cores to MAX P state until the load is
reevaluated when to core goes non-idle.
Reported-by: Patrick Marlier <patrick.marlier@gmail.com>
Signed-off-by: Dirk Brandewie <dirk.j.brandewie@intel.com>
Cc: 3.14+ <stable@vger.kernel.org> # 3.14+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
While updating cgroup_freezer locking, 68fafb77d827 ("cgroup_freezer:
replace freezer->lock with freezer_mutex") introduced a bug in
update_if_frozen() where it returns with rcu_read_lock() held. Fix it
by adding rcu_read_unlock() before returning.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: kbuild test robot <fengguang.wu@intel.com>
After 96d365e0b8 ("cgroup: make css_set_lock a rwsem and rename it
to css_set_rwsem"), css task iterators requires sleepable context as
it may block on css_set_rwsem. I missed that cgroup_freezer was
iterating tasks under IRQ-safe spinlock freezer->lock. This leads to
errors like the following on freezer state reads and transitions.
BUG: sleeping function called from invalid context at /work
/os/work/kernel/locking/rwsem.c:20
in_atomic(): 0, irqs_disabled(): 0, pid: 462, name: bash
5 locks held by bash/462:
#0: (sb_writers#7){.+.+.+}, at: [<ffffffff811f0843>] vfs_write+0x1a3/0x1c0
#1: (&of->mutex){+.+.+.}, at: [<ffffffff8126d78b>] kernfs_fop_write+0xbb/0x170
#2: (s_active#70){.+.+.+}, at: [<ffffffff8126d793>] kernfs_fop_write+0xc3/0x170
#3: (freezer_mutex){+.+...}, at: [<ffffffff81135981>] freezer_write+0x61/0x1e0
#4: (rcu_read_lock){......}, at: [<ffffffff81135973>] freezer_write+0x53/0x1e0
Preemption disabled at:[<ffffffff81104404>] console_unlock+0x1e4/0x460
CPU: 3 PID: 462 Comm: bash Not tainted 3.15.0-rc1-work+ #10
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
ffff88000916a6d0 ffff88000e0a3da0 ffffffff81cf8c96 0000000000000000
ffff88000e0a3dc8 ffffffff810cf4f2 ffffffff82388040 ffff880013aaf740
0000000000000002 ffff88000e0a3de8 ffffffff81d05974 0000000000000246
Call Trace:
[<ffffffff81cf8c96>] dump_stack+0x4e/0x7a
[<ffffffff810cf4f2>] __might_sleep+0x162/0x260
[<ffffffff81d05974>] down_read+0x24/0x60
[<ffffffff81133e87>] css_task_iter_start+0x27/0x70
[<ffffffff8113584d>] freezer_apply_state+0x5d/0x130
[<ffffffff81135a16>] freezer_write+0xf6/0x1e0
[<ffffffff8112eb88>] cgroup_file_write+0xd8/0x230
[<ffffffff8126d7b7>] kernfs_fop_write+0xe7/0x170
[<ffffffff811f0756>] vfs_write+0xb6/0x1c0
[<ffffffff811f121d>] SyS_write+0x4d/0xc0
[<ffffffff81d08292>] system_call_fastpath+0x16/0x1b
freezer->lock used to be used in hot paths but that time is long gone
and there's no reason for the lock to be IRQ-safe spinlock or even
per-cgroup. In fact, given the fact that a cgroup may contain large
number of tasks, it's not a good idea to iterate over them while
holding IRQ-safe spinlock.
Let's simplify locking by replacing per-cgroup freezer->lock with
global freezer_mutex. This also makes the comments explaining the
intricacies of policy inheritance and the locking around it as the
states are protected by a common mutex.
The conversion is mostly straight-forward. The followings are worth
mentioning.
* freezer_css_online() no longer needs double locking.
* freezer_attach() now performs propagation simply while holding
freezer_mutex. update_if_frozen() race no longer exists and the
comment is removed.
* freezer_fork() now tests whether the task is in root cgroup using
the new task_css_is_root() without doing rcu_read_lock/unlock(). If
not, it grabs freezer_mutex and performs the operation.
* freezer_read() and freezer_change_state() grab freezer_mutex across
the whole operation and pin the css while iterating so that each
descendant processing happens in sleepable context.
Fixes: 96d365e0b8 ("cgroup: make css_set_lock a rwsem and rename it to css_set_rwsem")
Signed-off-by: Tejun Heo <tj@kernel.org>
Acked-by: Li Zefan <lizefan@huawei.com>
Determining the css of a task usually requires RCU read lock as that's
the only thing which keeps the returned css accessible till its
reference is acquired; however, testing whether a task belongs to the
root can be performed without dereferencing the returned css by
comparing the returned pointer against the root one in init_css_set[]
which never changes.
Implement task_css_is_root() which can be invoked in any context.
This will be used by the scheduled cgroup_freezer change.
v2: cgroup no longer supports modular controllers. No need to export
init_css_set. Pointed out by Li.
Signed-off-by: Tejun Heo <tj@kernel.org>
Acked-by: Li Zefan <lizefan@huawei.com>
We need to find a smarter way to switch to 64-bit FADT addresses according
to the bug report. This patch reverts Linux to the original behavior.
Fixes: 0249ed2444 (ACPICA: Add option to favor 32-bit FADT addresses.)
References: https://bugzilla.kernel.org/show_bug.cgi?id=74021
Reported-and-tested-by: Oswald Buddenhagen <ossi@kde.org>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Cc: 3.14+ <stable@vger.kernel.org> # 3.14+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
My commit removing that also removed it from the header file
which can break compilation of userspace that needed it, add
it back for API/ABI compatibility purposes (but no code to
implement anything for it.)
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The DMI tag used to identify Dell Inspiron 7520 should be product name
instead of product version.
Fixes: 0e9f81d3b7 (ACPI / video: Add systems that should favour native backlight interface)
Reported-and-tested-by: Téo Mazars <teomazars@gmail.com>
References: https://bugzilla.redhat.com/show_bug.cgi?id=909552
Cc: All applicable <stable@vger.kernel.org>
Signed-off-by: Aaron Lu <aaron.lu@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Prevent sched scan while not idle (including during association or in AP
mode) instead of while associated only.
This fixes my previous commit which was incomplete:
commit bd5e4744a6
Author: David Spinadel <david.spinadel@intel.com>
Date: Thu Apr 24 13:15:29 2014 +0300
iwlwifi: mvm: do no sched scan while associated
Currently the FW doesn't support sched scan while associated,
Prevent it.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
If the association is in progress while we suspend, the
stack will be in a messed up state. Clean it before we
suspend.
This patch completes Johannes's patch:
1a1cb744de
Author: Johannes Berg <johannes.berg@intel.com>
mac80211: fix suspend vs. authentication race
Cc: <stable@vger.kernel.org>
Fixes: 12e7f51702 ("mac80211: cleanup generic suspend/resume procedures")
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The kernfs open method - kernfs_fop_open() - inherited extra
permission checks from sysfs. While the vfs layer allows ignoring the
read/write permissions checks if the issuer has CAP_DAC_OVERRIDE,
sysfs explicitly denied open regardless of the cap if the file doesn't
have any of the UGO perms of the requested access or doesn't implement
the requested operation. It can be debated whether this was a good
idea or not but the behavior is too subtle and dangerous to change at
this point.
After cgroup got converted to kernfs, this extra perm check also got
applied to cgroup breaking libcgroup which opens write-only files with
O_RDWR as root. This patch gates the extra open permission check with
a new flag KERNFS_ROOT_EXTRA_OPEN_PERM_CHECK and enables it for sysfs.
For sysfs, nothing changes. For cgroup, root now can perform any
operation regardless of the permissions as it was before kernfs
conversion. Note that kernfs still fails unimplemented operations
with -EINVAL.
While at it, add comments explaining KERNFS_ROOT flags.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Andrey Wagin <avagin@gmail.com>
Tested-by: Andrey Wagin <avagin@gmail.com>
Cc: Li Zefan <lizefan@huawei.com>
References: http://lkml.kernel.org/g/CANaxB-xUm3rJ-Cbp72q-rQJO5mZe1qK6qXsQM=vh0U8upJ44+A@mail.gmail.com
Fixes: 2bd59d48eb ("cgroup: convert to kernfs")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
tail should be equal to the last valid index, so
decrease it by one.
This error causes in "a gap" in some cases (as well as
some possible out-of-bound write), finally resulting in
ucode assertion.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
set_device_exclusion_range(u16 devid, struct ivmd_header *m) enables
exclusion range for ONE device. IOMMU does not translate the access
to the exclusion range from the device.
The device is specified by input argument 'devid'. But 'devid' is not
passed to the actual set function set_dev_entry_bit(), instead
'm->devid' is passed. 'm->devid' does not specify the exact device
which needs enable the exclusion range. 'm->devid' represents DeviceID
field of IVMD, which has different meaning depends on IVMD type.
The caller init_exclusion_range() sets 'devid' for ONE device. When
m->type is equal to ACPI_IVMD_TYPE_ALL or ACPI_IVMD_TYPE_RANGE,
'm->devid' is not equal to 'devid'.
This patch fixes 'm->devid' to 'devid'.
Signed-off-by: Su Friendy <friendy.su@sony.com.cn>
Signed-off-by: Tamori Masahiro <Masahiro.Tamori@jp.sony.com>
Signed-off-by: Joerg Roedel <joro@8bytes.org>
get_user_pages requires caller to hold a read lock on mmap_sem.
Signed-off-by: Jay Cornwall <jay.cornwall@amd.com>
Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Signed-off-by: Joerg Roedel <joro@8bytes.org>
An apparent cut and paste error prevents the correct flags from being
set on the alias device resulting in MSI on conventional PCI devices
failing to work. This also produces error events from the IOMMU like:
AMD-Vi: Event logged [INVALID_DEVICE_REQUEST device=00:14.4 address=0x000000fdf8000000 flags=0x0a00]
Where 14.4 is a PCIe-to-PCI bridge with a device behind it trying to
use MSI interrupts.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Joerg Roedel <joro@8bytes.org>
Broadwell display controller has 3 stream DMA engines. DMA0 cannot update DMA
postion buffer properly while DMA1 and DMA2 can work well. So this patch masks
the buggy DMA0 by keeping it as opened.
This is a tentative workaround, so keep the change small as Takashi suggested.
Signed-off-by: Mengdong Lin <mengdong.lin@intel.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Vendor ID 0x10de0071 is used by a yet-to-be-named GPU chip.
Signed-off-by: Aaron Plattner <aplattner@nvidia.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The function ip6_tnl_validate assumes that the rtnl
attribute IFLA_IPTUN_PROTO always be filled . If this
attribute is not filled by the userspace application
kernel get crashed with NULL pointer dereference. This
patch fixes the potential kernel crash when
IFLA_IPTUN_PROTO is missing .
Signed-off-by: Susant Sahani <susant@redhat.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
- fix for regression in handling of F_GETLK commands
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJTcRqbAAoJEAAOaEEZVoIVu4wQALShwSEh77qTKLA7rhJC0AHT
AF/P5u7MW8/r6VDkweproB2jEllBKWaOsehhHB+GGpSDYXEyaPVHn8YjfMxP9aI7
ivOCtR0dxJYTAlU+n3WH2fjLnWtyu8/eKFAUpHqFrU0gZnUUtiWSRZwPeKKSggPD
WXbOCMIZKHSM5ccyJx93wYxLLto1gLRRGU7jKOamQhkdYfLD+W0N26vpz8JfMqL4
RshdqbHrjHzRKGrerWAHun/jjOcjErb6qBjSEpJSHYad1KuMFm4ViOR0QE9LRJnA
4tt1HovYmeZMtsv8f/sQzArbujyZYZzsosbod22pUG1ms3OYnrOXf9yp3gaj1ocf
lRQ9XinnKVkzVi8tdJNchTxx123v8rV1dmU1qC4o/ivR8lhZi+MzdYj66zJi+hlw
11VYcQf+ZfwJxQtOH1lDXMX060QAMTQxDa5v/Cedk2I1oIdG7iYYXW/suyBzwZQs
BlBB/eZGxC4iUELu7WN5AWoDei3ubSJTCR6u3KUXrj5CBtQyf2ZUl7nQl6eaqjnb
LXETL8YjhZSZXRN8O4B/nTwMnIgVSbgXgpmuSL8l0BfuGTD+YHd+Kopqw2BJp6ic
bABwn8NX0Mhaiajd1Qx2QDl4gt23aQM4EUxXnuNk8FZ1f7z9Nc+byetYgOrWvIkn
mAACD3ZvWF+w2IwDp9wZ
=Pr3z
-----END PGP SIGNATURE-----
Merge tag 'locks-v3.15-4' of git://git.samba.org/jlayton/linux
Pull file locking fix from Jeff Layton:
"Fix for regression in handling of F_GETLK commands"
* tag 'locks-v3.15-4' of git://git.samba.org/jlayton/linux:
locks: only validate the lock vs. f_mode in F_SETLK codepaths
and add support for additional chip revisions.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJTcXxbAAoJEMsfJm/On5mBRnIP/1VpgOIpha1dmPTazzRh+Yfn
OCCsMQ3zWOqWfaEUnlih3QCJYI8HlXNQUoCbRAQnTzjEu+ryw8hk4o7mwEHYNRjI
GMtXGsyRicEhzOqxHxburco21MHHFuTClDJAQ1TU3m6F502eCO74GoT3lYwhRnzD
Cy3r9xtum6XohoTtYFagB3X3Fn5uzQAI1v1qlUM6omIHVQVS99q1VSRdQDqPYwq5
GubR728Kwbk2JP4oBh6G1Jg0kMw2b/H32HDGCY4Wxyrw3WTHw9dH7k3nXqMTvlpQ
NYGdH+yaC0cRceB7cahWemXw7rwlqxcGRuCah5jo0Wo20v+CT4wohK1Vg1K5MMI/
xb51j1cUuP3VikonewoYRBXz5vd68a47+EmIwklr7IWJ4W0SJ0pBJXtJFeqOh7M7
iTEwR7vzuV5stam4pRX1tLB60pbcDI83mk1sXpIFcRp9prOFHI7m2ubWbWKPOn2T
TBUGmy6cn+GyAfmaky7vNtT7vnIi+7SV9Ff7lqpZsrC+qEv5tdO94KQOwBwWfMnS
vWiw5LTIQ2qtFqYQQ2tLctXquVV2xo0XrDDzCwi/V2LfAuTEyJi9ytPeJrOR2pbe
qb1H2pe/80OZ6DrHZsjzTsLDYT+YBElaC6n1H7aGNdwzaDimb9E4GjG5P0dwxM81
IuBptyzDzS/glnNqohgI
=PVvi
-----END PGP SIGNATURE-----
Merge tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging
Pull hwmon fixes from Guenter Roeck:
"Fix resource leak as well as broken store function in emc1403 driver,
and add support for additional chip revisions"
* tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
hwmon: (emc1403) Support full range of known chip revision numbers
hwmon: (emc1403) Fix resource leak on module unload
hwmon: (emc1403) fix inverted store_hyst()
Pull a percpu fix from Tejun Heo:
"Fix for a percpu allocator bug where it could try to kfree() a memory
region allocated using vmalloc(). The bug has been there for years
now and is unlikely to have ever triggered given the size of struct
pcpu_chunk. It's still theoretically possible and the fix is simple
and safe enough, so the patch is marked with -stable"
* 'for-3.15-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu:
percpu: make pcpu_alloc_chunk() use pcpu_mem_free() instead of kfree()
Pull workqueue fixes from Tejun Heo:
"Fixes for two bugs in workqueue.
One is exiting with internal mutex held in a failure path of
wq_update_unbound_numa(). The other is a subtle and unlikely
use-after-possible-last-put in the rescuer logic. Both have been
around for quite some time now and are unlikely to have triggered
noticeably often. All patches are marked for -stable backport"
* 'for-3.15-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq:
workqueue: fix a possible race condition between rescuer and pwq-release
workqueue: make rescuer_thread() empty wq->maydays list before exiting
workqueue: fix bugs in wq_update_unbound_numa() failure path
Pull cgroup fixes from Tejun Heo:
"During recent restructuring, device_cgroup unified config input check
and enforcement logic; unfortunately, it turned out to share too much.
Aristeu's patches fix the breakage and marked for -stable backport.
The other two patches are fallouts from kernfs conversion. The blkcg
change is temporary and will go away once kernfs internal locking gets
simplified (patches pending)"
* 'for-3.15-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
blkcg: use trylock on blkcg_pol_mutex in blkcg_reset_stats()
device_cgroup: check if exception removal is allowed
device_cgroup: fix the comment format for recently added functions
device_cgroup: rework device access check and exception checking
cgroup: fix the retry path of cgroup_mount()
Pull cifs fix from Steve French:
"Small cifs fix for metadata caching"
* 'for-linus' of git://git.samba.org/sfrench/cifs-2.6:
cifs: fix actimeo=0 corner case when cifs_i->time == jiffies
Both tagged for -stable.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIVAwUAU3AfITnsnt1WYoG5AQJiqQ/+Pk4n3AQqqtfjPaR5EWmAVwgLgvy7AX8z
yG9UwN9AXqd1IkgaE+PzUwZHEUR1/fYeF52c5cakrHCvluHgxakUX6/T/f9dO8Ht
rXK4Q82aTfm+5lfUsZfOL8aeY9ZheXXo97vbVAfegdIDNC6Il2nktHj6AfBfQWlQ
r0hm3Vz1rgXxXVam7SLlbxa71JUxltlSpLqUoN487iF/hSJx5D04NiLFT8KJwtUh
UtMiyNsUpMJHWfYZjTsX4+o9psLZB2fE+WXJvYy5jB3C/Yy3FB0x38fVTC7+ozej
F0J8bhG/6oO0/0gieW7EXTDWNLlCtG8Z/rUi/Hre+7Lps3vp7V65q/uB1B2VnNjn
TRzbEaCoWdzMjamp5btSzN64MJgvCPRn1TvPwcm+kSDk/IpslYMllwXK7H+UutXZ
GEEw3TVz1jWk7JKxai9raApKtXB7yDpiKREFMjhowBb0rM+VL4/3gvzSpPyVbJxj
4TTj9fUqsXWMG4HzKuyxXlV51hAbcaVnYirf0JrkjzzYkl0d/oBAADQtaApD+NX2
thlfYUW4tjssmMB+X5ok5Zp4A0TV31a1bEmZ8CE63i/IHCf5F8BHsHpyO4P9ITDX
zNEo1lKuIbhn5oVHDoLZjNgIPGi2+lq6jvq8+0POKyEBr++Nrbld2u0GB8Q3/SjE
LAhU+0iUY6A=
=9QhO
-----END PGP SIGNATURE-----
Merge tag 'md/3.15-fixes' of git://neil.brown.name/md
Pull md bugfixes from Neil Brown:
"Two bugfixes for md in 3.15
Both tagged for -stable"
* tag 'md/3.15-fixes' of git://neil.brown.name/md:
md: avoid possible spinning md thread at shutdown.
md/raid10: call wait_barrier() for each request submitted.
Seems like we've had more fixes than usual this release cycle, but
there's nothing in particular that we're doing differently. Perhaps it's
just one of those cycles where more people are finding more regressions
(and/or that the latency of when people actually test what's been in
the tree for a while is catching up so that we get the bug reports now).
The bigger changes here are are for TI and Marvell platforms:
* Timing changes for GPMC (generic localbus) on OMAP causing some largeish
DTS deltas.
* Fixes to window allocation on PCI for mvebu touching drivers/ stuff. Patches
have acks from subsystem maintainers where needed.
* A fix from Thomas for a botched DT conversion in drivers/edma.
There's a handful of other fixes for the above platforms as well as sunxi,
at91, i.MX. I also included a MAINTAINER update for Broadcom, and a trivial
move of a binding doc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQIcBAABAgAGBQJTb4tkAAoJEIwa5zzehBx3BikP/jOrFb9MbjfBjtyiFe9iJtzt
37LCiCXXLpqvB1afdp8Zs4Tp5FLy5Mhc+s8rj/G+s16ijMvQyz4uV/XsyXwPGWHQ
v8gK9yXHja0vPyPZxMCTU9VRUMHHZW6rwUq55h2HI3NcEid+0nEqt7tC5lYjTAmp
v/5p9NAPgWQzDk+MOUwqgDVXVdg8Qui3OnWhWEvoMjDVUWg8c0ettDbu2ztPkf3R
TSJHIvWKoZ5Dyqykvb7RteYwDyZxoEzyPe77U80yrL3f4Y1c2Zj8eZhjKVjKYEOm
H1yJjkDNopkxlCUWKH9ntvmlfZ8fbHMkPW8hKNXWdd0tBNzkfDPbuQ05vnmK4N1o
8nYK6ZiYH9L3YrZ0bupFuf0nt3fL6RaouwofMNqA21v7CG0gkIpI3Or2pUT/lNR4
KuoPMNWR45lUZRWWZPj+3uOpf8WZmqSjG+6AbDJlGF7DBKN3j7N+HHEyrUYZk85o
SzBqIoJrxCPhOWxLyv1IhqLdAZiudDWXaZ3cznjKtLjYrv5I4ZYoArHx13FADic1
zgg4TuG1Rn+gcUZpa+/2+U0LGCg1z0nUtAFs1B+VqQeqOmIeAOpE8+x/4iXv79t/
vIq0jvboQFmv/dGM8f0jFxQqhu5fX0qGQ2OIZOxEiSY5m0ZwyyKWChThBdUklO4D
vlPQu7jhlniYTOxQfMTf
=76ry
-----END PGP SIGNATURE-----
Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Pull ARM SoC fixes from Olof Johansson:
"Seems like we've had more fixes than usual this release cycle, but
there's nothing in particular that we're doing differently. Perhaps
it's just one of those cycles where more people are finding more
regressions (and/or that the latency of when people actually test
what's been in the tree for a while is catching up so that we get the
bug reports now).
The bigger changes here are are for TI and Marvell platforms:
* Timing changes for GPMC (generic localbus) on OMAP causing some
largeish DTS deltas.
* Fixes to window allocation on PCI for mvebu touching drivers/
stuff. Patches have acks from subsystem maintainers where needed.
* A fix from Thomas for a botched DT conversion in drivers/edma.
There's a handful of other fixes for the above platforms as well as
sunxi, at91, i.MX. I also included a MAINTAINER update for Broadcom,
and a trivial move of a binding doc.
I know you said you'd be offline this week, but I might as well post
it for when you return. :)"
I'm not quite offline yet. Doing a few pulls in the last hour before my
internet goes away..
* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (31 commits)
MAINTAINERS: update Broadcom ARM tree location and add an SoC family
ARM: dts: i.MX53: Fix ipu register space size
ARM: dts: kirkwood: fix mislocated pcie-controller nodes
ARM: sunxi: Enable GMAC in sunxi_defconfig
ARM: common: edma: Fix xbar mapping
ARM: sun7i: Fix i2c4 base address
ARM: Kirkwood: T5325: Fix double probe of Codec
ARM: mvebu: enable the SATA interface on Armada 375 DB
ARM: mvebu: specify I2C bus frequency on Armada 370 DB
ARM: mvebu: use qsgmii phy-mode for Armada XP GP interfaces
ARM: mvebu: fix NOR bus-width in Armada XP OpenBlocks AX3 Device Tree
ARM: mvebu: fix NOR bus-width in Armada XP DB Device Tree
ARM: mvebu: fix NOR bus-width in Armada XP GP Device Tree
ARM: dts: AM3517: Disable absent IPs inherited from OMAP3
ARM: dts: OMAP2: Fix interrupts for OMAP2420 mailbox
ARM: dts: OMAP5: Add mailbox dt node to fix boot warning
ARM: OMAP5: Switch to THUMB mode if needed on secondary CPU
ARM: dts: am437x-gp-evm: Do not reset gpio5
ARM: dts: omap3-igep0020: use SMSC9221 timings
PCI: mvebu: split PCIe BARs into multiple MBus windows when needed
...
