Reference to the 'np' node is dropped before dereferencing the 'sizep' and
'basep' pointers, which could by then point to junk if the node has been
freed.
Refactor code to call 'of_node_put' later.
Fixes: c5df39262d ("drivers/char/tpm: Add securityfs support for event log")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Acked-by: Peter Huewe <PeterHuewe@gmx.de>
If the probing finishes without success, it will leave the value 15 in
the TPM_IRQ_VECTOR register. If the driver is unloaded and reloaded, it
will "think" that the hardware had been programmed with IRQ 15, and will
not probe again.
This patch restores the original value in the IO memory if no IRQ is
probed.
Signed-off-by: Martin Wilck <Martin.Wilck@ts.fujitsu.com>
Acked-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Acked-by: Peter Huewe <PeterHuewe@gmx.de>
Release IRQs used for probing only. Otherwise the TPM will end up
with all IRQs 3-15 assigned.
Fixes: afb5abc262 ("tpm: two-phase chip management functions")
Signed-off-by: Martin Wilck <Martin.Wilck@ts.fujitsu.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Acked-by: Peter Huewe <PeterHuewe@gmx.de>
This patch fixes a bug introduced by commit 7005c3e. That patch
tries to map a vm range for resource groups, but the calculation
breaks down when the block size is less than the page size.
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
FSCTL_SRV_COPYCHUNK_WRITE only requires that the source and target
be on the same server (not the same volume or same share),
so relax the existing check (which required them to be on
the same share). Note that this works to Windows (and presumably
most other NAS) but Samba requires that the source
and target be on the same share. Moving a file across
shares is a common use case and can be very heplful (100x faster).
Signed-off-by: Steve French <steve.french@primarydata.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
The NUMA balancing code implements delays in scanning by
advancing curr->node_stamp beyond curr->se.sum_exec_runtime.
With unsigned math, that creates an underflow, which results
in task_numa_work being queued all the time, even when we
don't want to.
Avoiding the math underflow makes it possible to reduce CPU
overhead in the NUMA balancing code.
Reported-and-tested-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: Rik van Riel <riel@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: mgorman@suse.de
Link: http://lkml.kernel.org/r/1446756983-28173-2-git-send-email-riel@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Arnaldo reported that tracepoint filters seem to misbehave (ie. not
apply) on inherited events.
The fix is obvious; filters are only set on the actual (parent)
event, use the normal pattern of using this parent event for filters.
This is safe because each child event has a reference to it.
Reported-by: Arnaldo Carvalho de Melo <acme@kernel.org>
Tested-by: Arnaldo Carvalho de Melo <acme@kernel.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Frédéric Weisbecker <fweisbec@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Wang Nan <wangnan0@huawei.com>
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/20151102095051.GN17308@twins.programming.kicks-ass.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
The perf_lock_task_context() function disables preemption across its
RCU read-side critical section because that critical section acquires
a scheduler lock. If there was a preemption during that RCU read-side
critical section, the rcu_read_unlock() could attempt to acquire scheduler
locks, resulting in deadlock.
However, recent optimizations to expedited grace periods mean that IPI
handlers that execute during preemptible RCU read-side critical sections
can now cause the subsequent rcu_read_unlock() to acquire scheduler locks.
Disabling preemption does nothiing to prevent these IPI handlers from
executing, so these optimizations introduced a deadlock. In theory,
this deadlock could be avoided by pulling all wakeups and printk()s out
from rnp->lock critical sections, but in practice this would re-introduce
some RCU CPU stall warning bugs.
Given that acquiring scheduler locks entails disabling interrupts, these
deadlocks can be avoided by disabling interrupts (instead of disabling
preemption) across any RCU read-side critical that acquires scheduler
locks and holds them across the rcu_read_unlock(). This commit therefore
makes this change for perf_lock_task_context().
Reported-by: Dave Jones <davej@codemonkey.org.uk>
Reported-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Stephane Eranian <eranian@gmail.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/20151104134838.GR29027@linux.vnet.ibm.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
The mapping permissions of the FDT are set to 'PAGE_KERNEL | PTE_RDONLY'
in an attempt to map the FDT as read-only. However, not only does this
break at build time under STRICT_MM_TYPECHECKS (since the two terms are
of different types in that case), it also results in both the PTE_WRITE
and PTE_RDONLY attributes to be set, which means the region is still
writable under ARMv8.1 DBM (and an attempted write will simply clear the
PT_RDONLY bit).
So instead, define PAGE_KERNEL_RO (which already has an established
meaning across architectures) and use that instead.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
The new page table code that manipulates the PTE_CONT flags does so
in a way that is inconsistent with STRICT_MM_TYPECHECKS. Fix it by
using the correct combination of __pgprot() and pgprot_val().
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
The uninitialized tuple structure caused incorrect hash calculation
and the lookup failed.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=106441
Signed-off-by: Anthony Lineham <anthony.lineham@alliedtelesis.co.nz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
If we are using the NO_HOLES feature, we have a tiny time window when
running delalloc for a nodatacow inode where we can race with a concurrent
link or xattr add operation leading to a BUG_ON.
This happens because at run_delalloc_nocow() we end up casting a leaf item
of type BTRFS_INODE_[REF|EXTREF]_KEY or of type BTRFS_XATTR_ITEM_KEY to a
file extent item (struct btrfs_file_extent_item) and then analyse its
extent type field, which won't match any of the expected extent types
(values BTRFS_FILE_EXTENT_[REG|PREALLOC|INLINE]) and therefore trigger an
explicit BUG_ON(1).
The following sequence diagram shows how the race happens when running a
no-cow dellaloc range [4K, 8K[ for inode 257 and we have the following
neighbour leafs:
Leaf X (has N items) Leaf Y
[ ... (257 INODE_ITEM 0) (257 INODE_REF 256) ] [ (257 EXTENT_DATA 8192), ... ]
slot N - 2 slot N - 1 slot 0
(Note the implicit hole for inode 257 regarding the [0, 8K[ range)
CPU 1 CPU 2
run_dealloc_nocow()
btrfs_lookup_file_extent()
--> searches for a key with value
(257 EXTENT_DATA 4096) in the
fs/subvol tree
--> returns us a path with
path->nodes[0] == leaf X and
path->slots[0] == N
because path->slots[0] is >=
btrfs_header_nritems(leaf X), it
calls btrfs_next_leaf()
btrfs_next_leaf()
--> releases the path
hard link added to our inode,
with key (257 INODE_REF 500)
added to the end of leaf X,
so leaf X now has N + 1 keys
--> searches for the key
(257 INODE_REF 256), because
it was the last key in leaf X
before it released the path,
with path->keep_locks set to 1
--> ends up at leaf X again and
it verifies that the key
(257 INODE_REF 256) is no longer
the last key in the leaf, so it
returns with path->nodes[0] ==
leaf X and path->slots[0] == N,
pointing to the new item with
key (257 INODE_REF 500)
the loop iteration of run_dealloc_nocow()
does not break out the loop and continues
because the key referenced in the path
at path->nodes[0] and path->slots[0] is
for inode 257, its type is < BTRFS_EXTENT_DATA_KEY
and its offset (500) is less then our delalloc
range's end (8192)
the item pointed by the path, an inode reference item,
is (incorrectly) interpreted as a file extent item and
we get an invalid extent type, leading to the BUG_ON(1):
if (extent_type == BTRFS_FILE_EXTENT_REG ||
extent_type == BTRFS_FILE_EXTENT_PREALLOC) {
(...)
} else if (extent_type == BTRFS_FILE_EXTENT_INLINE) {
(...)
} else {
BUG_ON(1)
}
The same can happen if a xattr is added concurrently and ends up having
a key with an offset smaller then the delalloc's range end.
So fix this by skipping keys with a type smaller than
BTRFS_EXTENT_DATA_KEY.
Cc: stable@vger.kernel.org
Signed-off-by: Filipe Manana <fdmanana@suse.com>
BCM7425 CPU Interface Zephyr Processor, pages 5-309 and 5-310
BCM7428B0 CPU Interface Zephyr Processor, pages 5-337 and 5-338
WAIT instruction:
Thread enters wait state. No instructions are executed until an
interrupt occurs. The processor's clocks are stopped if both threads
are in idle mode.
Description:
Execution of this instruction puts the thread into wait state, an idle
mode in which no instructions are fetched or executed. The thread remains
in wait state until an interrupt occurs that is not masked by the
interrupt mask field in the Status register. Then, if interrupts are
enabled by the IE bit in the Status register, the interrupt is serviced.
The ERET instruction returns to the instruction following the WAIT
instruction. If interrupts are disabled, the processor resumes executing
instructions with the next sequential instruction.
Programming notes:
The WAIT instruction should be executed while interrupts are disabled
by the IE bit in the Status register. This avoids a potential timing
hazard, which occurs if an interrupt is taken between testing the counter
and executing the WAIT instruction. In this hazard case, the interrupt
will have been completed before the WAIT instruction is executed, so
the processor will remain indefinitely in wait state until the next
interrupt.
Signed-off-by: Petri Gynther <pgynther@google.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Cc: cernekee@gmail.com
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/11322/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
PCI_DEVICE_ID_AMD_15H_M60H_NB_F3 is now defined in pci_ids.h
Signed-off-by: Adam Majer <adamm@zombino.com>
Acked-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Jean Delvare <jdelvare@suse.de>
Improve debugging to find out what went wrong during a failed
dma map/unmap operation.
Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Reviewed-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
We use lazy allocation for translation table entries but don't handle
allocation (and other) failures during translation table updates.
Handle these failures and undo translation table updates when it's
meaningful.
Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Reviewed-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Newly allocated translation table entries are flagged as invalid
and protected. If an existing translation table entry is invalidated,
the protection flag is left unchanged.
If a page (with invalid and protection flag set) is accessed it's
undefined which type of exception we'll receive.
Make sure to always set the invalid flag only.
Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Reviewed-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Explicitly write the system call number for each define instead of
calculating it. This makes it easier to parse the file when generating
system call tables for various tools and libraries.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Simplify the css_generate_pgid code by using stap() independent of
CONFIG_SMP. For !CONFIG_SMP builds stap() will deliver the address
of the cpu we IPL'ed from (which can be != 0).
Note: the ifdef was likely added to be compatible with _very_ old
machines which we don't support anyway.
Reviewed-by: Peter Oberparleiter <oberpar@linux.vnet.ibm.com>
Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Documentation/trace/tracepoints.txt states that the naming scheme
for tracepoints is "subsys_event" to avoid collisions. Rename
the 'diagnose' tracepoint to 's390_diagnose'.
Reported-by: Peter Oberparleiter <oberpar@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
startup calls the C function _sclp_print_early() if the machine we're
running on is not supported by the kernel. sclp.c is getting built
with -m64, so _sclp_print_early() expects the zSeries ELF ABI to be
used.
We previously called _sclp_print_early() using the S/390 ELF ABI, with
a stack frame size of 96 bytes and while being in 31-bit address
mode. This caused _sclp_wait_int() (called indirectly from
_sclp_print_early()) to jump to an undefined address. While
_sclp_wait_int() contained some code to deal with being called in
31-bit addressing mode, it didn't quite work. While fixing this is
possible, the code would still only work by chance and could break any
time.
Ensure compliance with the zSeries ELF ABI by switching to 64-bit
addressing mode early and using a minimum stack frame size of 160
bytes.
Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Acked-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Pull liblockdep fixes from Sasha Levin:
" ... three fixes for liblockdep. Just keeping up with kernel
code changes and new gcc versions."
Signed-off-by: Ingo Molnar <mingo@kernel.org>
__HAVE_ARCH_MEMMOVE and __HAVE_ARCH_MEMSET are unconditionally defined
for nios2, so there is no need to protect the function definitions of
memmove() and memset().
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Acked-by: Ley Foon Tan <lftan@altera.com>
The generic __xchg() implementation present in asm-generic/cmpxchg.h is
correct on nios2 and even generates the same code. Switch to this generic
implementation to trim down the amount of ad-hoc copies of the code.
Signed-off-by: Marek Vasut <marex@denx.de>
Acked-by: Ley Foon Tan <lftan@altera.com>
Fix the following compiler splat by adding __maybe_unused annotation to
the variable. Using this particular annotation has the least ugly impact
on the code compared to using ifdeffery.
arch/nios2/kernel/setup.c: In function 'nios2_boot_init':
arch/nios2/kernel/setup.c:107:7: warning: unused variable 'cmdline_passed' [-Wunused-variable]
char cmdline_passed[COMMAND_LINE_SIZE] = { 0, };
^
Signed-off-by: Marek Vasut <marex@denx.de>
Acked-by: Ley Foon Tan <lftan@altera.com>
This patch fixes the RGMII 10/100M mode by reprogramming the clock.
Signed-off-by: Iyappan Subramanian <isubramanian@apm.com>
Tested-by: Fushen Chen <fchen@apm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet says:
====================
net: add skb_to_full_sk() helper
Many contexts need to reach listener socket from skb attached
to a request socket. This patch series add skb_to_full_sk() to
clearly express this need and use it where appropriate.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
SYNACK packets might be attached to request sockets.
Fixes: ca6fb06518 ("tcp: attach SYNACK messages to request sockets instead of listener")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
SYNACK packets might be attached to request sockets.
Fixes: ca6fb06518 ("tcp: attach SYNACK messages to request sockets instead of listener")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
SYNACK packets might be attached to request sockets.
Fixes: ca6fb06518 ("tcp: attach SYNACK messages to request sockets instead of listener")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
SYNACK packets might be attached to a request socket,
xt_owner wants to gte the listener in this case.
Fixes: ca6fb06518 ("tcp: attach SYNACK messages to request sockets instead of listener")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This module wants to access sk->sk_security, which is not
available for request sockets.
Fixes: ca6fb06518 ("tcp: attach SYNACK messages to request sockets instead of listener")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Generalize selinux_skb_sk() added in commit 212cd08953
("selinux: fix random read in selinux_ip_postroute_compat()")
so that we can use it other contexts.
Use it right away in selinux_netlbl_skbuff_setsid()
Fixes: ca6fb06518 ("tcp: attach SYNACK messages to request sockets instead of listener")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This is the 1st NFC fixes pull request for 4.4.
It includes bug fixes and one fix for a build failure, all of them
introduced with the first NFC pull request for 4.4.
We have:
- Fix nfcmrvl SPI driver potential build error due to a broken Kconfig
dependency.
- A few fixes for the firmware download implementation for the nfcmrvl
UART driver.
- A GPIO allocation leak for the nfcmrvl driver.
- One code simplification for the nfcmrvl DT handling.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJWOpm4AAoJEIqAPN1PVmxKPkcP/2JfannhAqAeX6kJeR0tmLDU
/urTpD5EETEpBxvKV+gVViLPbnGUDKxpgiU4o5Edp+vz3uEUN/uzftKHpCac+Gby
AtnCQmoHpP79uiH/mAwMaYC6Ewo7i1rm3URQCdzGorTLx1Z4qlbQuoiXwDms3WzX
kUOPd71S6H5yE4BJZAoMOYtrfp/06VR9TAPvKksyg8S/rcI/BYsl/Kqdfv0US7Em
D2Nz4rUhRjWZpfva5FnHgfuJ7JrtOPa910upuHCVYDzJo/zXRzOAajn9ZpaMNL1d
iyNbwtksJSnYrUZXh9prBhWu41deRPD2dB3M6pcwN0Afw9bAK9NwPbzNHOS9rtkA
97x3hFSV216ukdRNuLljd9cqVgh6KOXBjWjjacYhUFuyGM/3KzSYKqa+sGCZaYv3
NhLMdE9XeT9e7sCIUJLs3OTxIVJGM5igizemQOEbUV2AHth5B2dgLSkb88telTUD
Hb477DgE5lXK1QGtrHW6gQKnhZ8wusZ/YA36IQoRF+rGDroy5fWmH5WIbRTpCThq
BZuQfyznRfAEAfIHvc4FSkt8b1D8GQmsqux6mTDRXoDCdOV7rHP1InBAmpUUe8oO
05ieetfpXv4sW7VGSU6j+yJ7bw9zfgOVfJD556xEUYKgBfo743Yrbgk+wL+m3F0t
+Tk2mISmjEpTzFOSB6dM
=NK80
-----END PGP SIGNATURE-----
Merge tag 'nfc-fixes-4.4-1' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/nfc-fixes
Samuel Ortiz says:
====================
NFC 4.4 fixes
This is the 1st NFC fixes pull request for 4.4.
It includes bug fixes and one fix for a build failure, all of them
introduced with the first NFC pull request for 4.4.
We have:
- Fix nfcmrvl SPI driver potential build error due to a broken Kconfig
dependency.
- A few fixes for the firmware download implementation for the nfcmrvl
UART driver.
- A GPIO allocation leak for the nfcmrvl driver.
- One code simplification for the nfcmrvl DT handling.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
aarch64 and s390x support eBPF JIT too, correct document to reflect this and
avoid any confusion.
Signed-off-by: Yang Shi <yang.shi@linaro.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
- fix remaining issues with noMMU cores;
- fix build for cores w/o cache or zero overhead loop options;
- fix boot of secondary cores in SMP configuration;
- add support for DMA to high memory pages;
- add dma_to_phys and phys_to_dma functions.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJWP82xAAoJEFH5zJH4P6BEu9kP/179zxCGNMDTdVEhOgSL/Mce
3Mlvx57Vlu5sbsvs4z4dh6tZI4ShDRCfU8j79/abEjmkMShLTCNvr5PDa54+FM74
8Yry+h2fpEZFMF4qc2U1Oork21WMacexN80iq9r0HDIx/2m57nG804c5egHtoKgU
ga/TieYWGr7tPf6xZaEWZguDVvDWLLQxaB/Xv6Vo4OCJo7y//b/zCaOOEAU5sGxd
BKugpxd+1RaNie2ATHKPwrRt9AAE2FvPyQwnX21BZJEngOHR3mIDarYDh3PH26k2
rzNSywAA7Oilw/reDe6THHJkDcR6d9WFX6upfUVwOsy9FMMG97pk3roj0muyKkMB
DsVK9vbERTh1ebAxWfny42nnyd8Dysa4Q5kdzb4l7vNE3y7CUFtJGM//HIFVnjfI
W1DZH2CYctIgJuOT077Jx5ilgMkFaVdP3c1OGPwKJc3unvI9dfeJXuRRmcx0Ke6e
mdiVF6RQY9OsFlJmzhQMC12ci21BDHnTe8iYFr2Ed7RvgJGQ1c7sKpgn0wo00JRB
IszeL+n5yD1zJQfqAtAKzK+GbeR41rpqqY0ni1A+/5csr0Xd4AyphrRREj1Wl/Id
kEnazEcCr7rez1NMKmhwoCq5+F77CvN7TQsbSo3+lb3dDuipOIpZQP1JVF686Yc4
hJ0/BamxZo+3HxAzUYnW
=UZaP
-----END PGP SIGNATURE-----
Merge tag 'xtensa-for-next-20151109' of git://github.com/jcmvbkbc/linux-xtensa
Xtensa improvements for 4.4:
- fix remaining issues with noMMU cores;
- fix build for cores w/o cache or zero overhead loop options;
- fix boot of secondary cores in SMP configuration;
- add support for DMA to high memory pages;
- add dma_to_phys and phys_to_dma functions.
Jozsef Kadlecsik says:
====================
Please apply the next bugfixes against the nf tree.
- Fix extensions alignment in ipset: Gerhard Wiesinger reported
that the missing data aligments lead to crash on non-intel
architecture. The patch was tested on armv7h by Gerhard Wiesinger
and on x86_64 and sparc64 by me.
- An incorrect index at the hash:* types could lead to
falsely early expired entries and memory leak when the comment
extension was used too.
- Release empty hash bucket block when all entries are expired or
all slots are empty instead of shrinkig the data part to zero.
====================
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This fixes the following build error seen in -next:
drivers/gpu/drm/nouveau/nvkm/subdev/instmem/gk20a.c:143:2: error:
implicit declaration of function 'dma_to_phys'
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
- don't bugcheck if high memory page is passed to xtensa_map_page;
- turn empty dcache flush macros into functions so that they could be
passed as function parameters;
- use kmap_atomic to map high memory pages for cache invalidation/
flushing performed by xtensa_sync_single_for_{cpu,device}.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
The recent change of the raid5-cache code to use crc32c instead
of crc32 causes link errors when CONFIG_LIBCRC32C is disabled:
drivers/built-in.o: In function crc32c'
core.c:(.text+0x1c6060): undefined reference to `crc32c'
This adds an explicit 'select' statement like all other users
of this function do.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: 5cb2fbd6ea ("raid5-cache: use crc32c checksum")
Signed-off-by: NeilBrown <neilb@suse.com>
While running a stress test I got the following warning triggered:
[191627.672810] ------------[ cut here ]------------
[191627.673949] WARNING: CPU: 8 PID: 8447 at fs/btrfs/file.c:779 __btrfs_drop_extents+0x391/0xa50 [btrfs]()
(...)
[191627.701485] Call Trace:
[191627.702037] [<ffffffff8145f077>] dump_stack+0x4f/0x7b
[191627.702992] [<ffffffff81095de5>] ? console_unlock+0x356/0x3a2
[191627.704091] [<ffffffff8104b3b0>] warn_slowpath_common+0xa1/0xbb
[191627.705380] [<ffffffffa0664499>] ? __btrfs_drop_extents+0x391/0xa50 [btrfs]
[191627.706637] [<ffffffff8104b46d>] warn_slowpath_null+0x1a/0x1c
[191627.707789] [<ffffffffa0664499>] __btrfs_drop_extents+0x391/0xa50 [btrfs]
[191627.709155] [<ffffffff8115663c>] ? cache_alloc_debugcheck_after.isra.32+0x171/0x1d0
[191627.712444] [<ffffffff81155007>] ? kmemleak_alloc_recursive.constprop.40+0x16/0x18
[191627.714162] [<ffffffffa06570c9>] insert_reserved_file_extent.constprop.40+0x83/0x24e [btrfs]
[191627.715887] [<ffffffffa065422b>] ? start_transaction+0x3bb/0x610 [btrfs]
[191627.717287] [<ffffffffa065b604>] btrfs_finish_ordered_io+0x273/0x4e2 [btrfs]
[191627.728865] [<ffffffffa065b888>] finish_ordered_fn+0x15/0x17 [btrfs]
[191627.730045] [<ffffffffa067d688>] normal_work_helper+0x14c/0x32c [btrfs]
[191627.731256] [<ffffffffa067d96a>] btrfs_endio_write_helper+0x12/0x14 [btrfs]
[191627.732661] [<ffffffff81061119>] process_one_work+0x24c/0x4ae
[191627.733822] [<ffffffff810615b0>] worker_thread+0x206/0x2c2
[191627.734857] [<ffffffff810613aa>] ? process_scheduled_works+0x2f/0x2f
[191627.736052] [<ffffffff810613aa>] ? process_scheduled_works+0x2f/0x2f
[191627.737349] [<ffffffff810669a6>] kthread+0xef/0xf7
[191627.738267] [<ffffffff810f3b3a>] ? time_hardirqs_on+0x15/0x28
[191627.739330] [<ffffffff810668b7>] ? __kthread_parkme+0xad/0xad
[191627.741976] [<ffffffff81465592>] ret_from_fork+0x42/0x70
[191627.743080] [<ffffffff810668b7>] ? __kthread_parkme+0xad/0xad
[191627.744206] ---[ end trace bbfddacb7aaada8d ]---
$ cat -n fs/btrfs/file.c
691 int __btrfs_drop_extents(struct btrfs_trans_handle *trans,
(...)
758 btrfs_item_key_to_cpu(leaf, &key, path->slots[0]);
759 if (key.objectid > ino ||
760 key.type > BTRFS_EXTENT_DATA_KEY || key.offset >= end)
761 break;
762
763 fi = btrfs_item_ptr(leaf, path->slots[0],
764 struct btrfs_file_extent_item);
765 extent_type = btrfs_file_extent_type(leaf, fi);
766
767 if (extent_type == BTRFS_FILE_EXTENT_REG ||
768 extent_type == BTRFS_FILE_EXTENT_PREALLOC) {
(...)
774 } else if (extent_type == BTRFS_FILE_EXTENT_INLINE) {
(...)
778 } else {
779 WARN_ON(1);
780 extent_end = search_start;
781 }
(...)
This happened because the item we were processing did not match a file
extent item (its key type != BTRFS_EXTENT_DATA_KEY), and even on this
case we cast the item to a struct btrfs_file_extent_item pointer and
then find a type field value that does not match any of the expected
values (BTRFS_FILE_EXTENT_[REG|PREALLOC|INLINE]). This scenario happens
due to a tiny time window where a race can happen as exemplified below.
For example, consider the following scenario where we're using the
NO_HOLES feature and we have the following two neighbour leafs:
Leaf X (has N items) Leaf Y
[ ... (257 INODE_ITEM 0) (257 INODE_REF 256) ] [ (257 EXTENT_DATA 8192), ... ]
slot N - 2 slot N - 1 slot 0
Our inode 257 has an implicit hole in the range [0, 8K[ (implicit rather
than explicit because NO_HOLES is enabled). Now if our inode has an
ordered extent for the range [4K, 8K[ that is finishing, the following
can happen:
CPU 1 CPU 2
btrfs_finish_ordered_io()
insert_reserved_file_extent()
__btrfs_drop_extents()
Searches for the key
(257 EXTENT_DATA 4096) through
btrfs_lookup_file_extent()
Key not found and we get a path where
path->nodes[0] == leaf X and
path->slots[0] == N
Because path->slots[0] is >=
btrfs_header_nritems(leaf X), we call
btrfs_next_leaf()
btrfs_next_leaf() releases the path
inserts key
(257 INODE_REF 4096)
at the end of leaf X,
leaf X now has N + 1 keys,
and the new key is at
slot N
btrfs_next_leaf() searches for
key (257 INODE_REF 256), with
path->keep_locks set to 1,
because it was the last key it
saw in leaf X
finds it in leaf X again and
notices it's no longer the last
key of the leaf, so it returns 0
with path->nodes[0] == leaf X and
path->slots[0] == N (which is now
< btrfs_header_nritems(leaf X)),
pointing to the new key
(257 INODE_REF 4096)
__btrfs_drop_extents() casts the
item at path->nodes[0], slot
path->slots[0], to a struct
btrfs_file_extent_item - it does
not skip keys for the target
inode with a type less than
BTRFS_EXTENT_DATA_KEY
(BTRFS_INODE_REF_KEY < BTRFS_EXTENT_DATA_KEY)
sees a bogus value for the type
field triggering the WARN_ON in
the trace shown above, and sets
extent_end = search_start (4096)
does the if-then-else logic to
fixup 0 length extent items created
by a past bug from hole punching:
if (extent_end == key.offset &&
extent_end >= search_start)
goto delete_extent_item;
that evaluates to true and it ends
up deleting the key pointed to by
path->slots[0], (257 INODE_REF 4096),
from leaf X
The same could happen for example for a xattr that ends up having a key
with an offset value that matches search_start (very unlikely but not
impossible).
So fix this by ensuring that keys smaller than BTRFS_EXTENT_DATA_KEY are
skipped, never casted to struct btrfs_file_extent_item and never deleted
by accident. Also protect against the unexpected case of getting a key
for a lower inode number by skipping that key and issuing a warning.
Cc: stable@vger.kernel.org
Signed-off-by: Filipe Manana <fdmanana@suse.com>
resource_size_t may be 32-bit wide on some architectures, which causes
this warning when building the NTB code:
drivers/ntb/ntb_transport.c: In function 'ntb_transport_link_work':
drivers/ntb/ntb_transport.c:828:46: warning: right shift count >= width of type [-Wshift-count-overflow]
The warning is harmless but can be avoided by using the upper_32_bits()
macro.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: e26a5843f7 ("NTB: Split ntb_hw_intel and ntb_transport drivers")
Signed-off-by: Jon Mason <jdmason@kudzu.us>
There is no need for the upstream and downstream addresses to be different
for the NTB configs. Go to using a single set of address. It is still
possible to configure them differently using module parameter override
however.
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Acked and Tested-by: Allen Hubbe <Allen.Hubbe@emc.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Order of operations issue with the QP Num and MW count, which would
result in the receive buffer pointer being invalid if there are more
than 1 MW. Corrected with parenthesis to enforce the proper order of
operations.
Reported-by: John I. Kading <John.Kading@gd-ms.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
These variables were not used anywhere. So remove them.
Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
We were accessing nt->mw_vec after freeing it. Fix the error path so
that we free nt->mw_vec after we have finished using it.
Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
smatch detected an issue in the function ntb_transport_max_size() where
we could be dereferencing a dma channel pointer when it is NULL.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
This patch fixes some bugs and partly cleans up the parisc uapi header
files to what glibc defined:
- compat_semid64_ds was wrong and did not take the endianess into
account
- ipc64_perm exported userspace types which broke building userspace
packages on debian (e.g. trinity)
- ipc64_perm needs to use a 32bit mode_t on 64bit kernel
- msqid64_ds and semid64_ds needs unsigned longs for various struct members
- shmid64_ds exported size_t instead of __kernel_size_t
And finally add some compile-time checks for the sizes of those structs
to avoid future breakage.
Runtime-tested with the Linux Test Project (LTP) testsuite.
Cc: <stable@vger.kernel.org> # 3.18+
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Helge Deller <deller@gmx.de>
