Commit graph

596750 commits

Author SHA1 Message Date
Linux Build Service Account
188160bd85 Merge "leds: qpnp-flash-v2: Return error code separately during current prediction" 2017-12-20 22:30:16 -08:00
Linux Build Service Account
1d6b8c1ae8 Merge "icnss: Do not send uevent when driver is unloading" 2017-12-20 22:30:15 -08:00
Linux Build Service Account
d781e6dd24 Merge "ARM: dts: msm: Enable LDO26 for CDP targets" 2017-12-20 22:30:14 -08:00
Linux Build Service Account
6f4dbe6457 Merge "usb: gadget: ffs: change gfp_flags to GFP_ATOMIC" 2017-12-20 22:30:11 -08:00
Aditya Bavanari
7448b5c257 ASoC: msm: qdsp6v2: Update audio effects driver to support Instance ID
Add support to set and get audio effects module params with
Instance ID support. Maintain support for non
Instance ID set and get param structures as well.
Use common pack and set param functions to set and
get parameters to DSP instead of handling them at an
individual module level.

CRs-Fixed: 2151551
Change-Id: I62342d434fc5bd58c06d22913683d7d0fd602da9
Signed-off-by: Siena Richard <sienar@codeaurora.org>
Signed-off-by: Aditya Bavanari <abavanar@codeaurora.org>
2017-12-21 11:27:46 +05:30
Aditya Bavanari
7a5f4a39ac ASoC: msm: qdsp6v2: Update ASM driver to support Instance ID
Add support to set and get ASM module params with
Instance ID support. Maintain support for non
Instance ID set and get param structures as well.
Use common pack and set param functions to set and
get parameters to DSP instead of handling them at an
individual module level.

CRs_Fixed: 2151551
Change-Id: I48a0f0f856d8b8b59b7e7361fae63283e0f87948
Signed-off-by: Siena Richard <sienar@codeaurora.org>
Signed-off-by: Aditya Bavanari <abavanar@codeaurora.org>
2017-12-21 11:24:22 +05:30
Aditya Bavanari
c0e1cac7ec ASoC: msm: qdsp6v2: Update dap driver to support Instance ID
Add support to set and get dap modules params with
Instance ID support for both Dolby and DS2.
Maintain support for non Instance ID set and get param
structures as well. Use common pack and set param
functions to set and get parameters to DSP instead of
handling them at an individual module level.

CRs-Fixed: 2151551
Change-Id: Ic2722cf5d686a7b10c682ca7866f7900da9d0cdb
Signed-off-by: Siena Richard <sienar@codeaurora.org>
Signed-off-by: Aditya Bavanari <abavanar@codeaurora.org>
2017-12-21 11:17:53 +05:30
Aditya Bavanari
2ee870a5d5 ASoC: msm: qdsp6v2: Update ADM driver to support Instance ID
Add support to set and get ADM module params with
Instance ID support. Maintain support for non
Instance ID set and get param structures as well.
Use common pack and set param functions to set and
get parameters to DSP instead of handling them at an
individual module level.

CRs-Fixed: 2151551
Change-Id: Ida9591e96501a2edbffe080eb8531c860bde8539
Signed-off-by: Siena Richard <sienar@codeaurora.org>
Signed-off-by: Aditya Bavanari <abavanar@codeaurora.org>
2017-12-21 11:16:58 +05:30
Aditya Bavanari
36ed1afb56 ASoC: msm: qdsp6v2: Update rtac driver to support Instance ID
Add support to set and get rtac params with
Instance ID support. Maintain support for non
Instance ID set and get param structures as well.
Use common pack and set param functions to set and
get parameters to DSP instead of handling them at an
individual module level.

CRs-Fixed: 2151551
Change-Id: Ic07cb109b9e469dccf510f89ba9917e8c9eccbd8
Signed-off-by: Siena Richard <sienar@codeaurora.org>
Signed-off-by: Aditya Bavanari <abavanar@codeaurora.org>
2017-12-21 11:11:41 +05:30
Aditya Bavanari
43f8fb6053 ASoC: msm: qdsp6v2: Update AFE driver to support Instance ID
Add support to set and get AFE module params with
Instance ID support. Maintain support for non
Instance ID set and get param structures as well.
Use common pack and set param functions to set and
get parameters to DSP instead of handling them at an
individual module level.

CRs-Fixed: 2151551
Change-Id: I9f2cc097a0f1a99a4639bb0cd636500b41a41b1b
Signed-off-by: Siena Richard <sienar@codeaurora.org>
Signed-off-by: Aditya Bavanari <abavanar@codeaurora.org>
2017-12-21 11:10:35 +05:30
Aditya Bavanari
cd9c139d62 ASoC: msm: qdsp6v2: Update voice driver to support Instance ID
Add support to set and get voice module params with
Instance ID support. Maintain support for non
Instance ID set and get param structures as well.
Use common pack and set param functions to set and
get parameters to DSP instead of handling them at an
individual module level.

CRs-Fixed: 2151551
Change-Id: If18c89ef6e0e98419d271923387eae10d45cb7f3
Signed-off-by: Siena Richard <sienar@codeaurora.org>
Signed-off-by: Aditya Bavanari <abavanar@codeaurora.org>
2017-12-21 11:09:15 +05:30
Aditya Bavanari
d17e5ec06a ASoC: msm: qdsp6v2: Update LSM driver to support Instance ID
Add support to set and get LSM module params with
Instance ID support. Maintain support for non
Instance ID set and get param structures as well.

CRs-Fixed: 2151551
Change-Id: I138cceb5165443da899e7c152fd6c8a05a6efe98
Signed-off-by: Siena Richard <sienar@codeaurora.org>
Signed-off-by: Aditya Bavanari <abavanar@codeaurora.org>
2017-12-21 11:08:50 +05:30
Aditya Bavanari
067a92850f ASoC: msm: qdsp6v2: Add common items needed for Instance ID
Add common headers and functions needed to support instance ID.

CRs-Fixed: 2151551
Change-Id: I8a167be29cdb5c365ac957530789007e90a91a97
Signed-off-by: Siena Richard <sienar@codeaurora.org>
Signed-off-by: Aditya Bavanari <abavanar@codeaurora.org>
2017-12-21 11:07:50 +05:30
Vijayavardhan Vennapusa
3fbe237e3c usb: gadget: Update default class subclass and protocol for rndis
This allows Host to load NDIS 6.0 driver for RNDIS over ethernet.
Design objectives of NDIS 6.0 is to enhance driver performance
and scalability. Observing higher peak tput (308Mbps --> 480Mbps)
for FTP transfer on live network. It resolves the data stall that
is being caused by the sudden transfer abort coming from the NDIS
5.0 Host driver.

Change-Id: I062d07ff3bd63b8a610166cf77714424055d962c
Signed-off-by: Vijayavardhan Vennapusa <vvreddy@codeaurora.org>
2017-12-21 10:59:51 +05:30
Clint Taylor
0edcc2c261 drm/edid: CEA mode 64 1080p100 vsync pulse width incorrect
In the CEA-861 specification VIC 64 specifies a vsync pulse of 5 and
a backporch of 36. Adjust vsync pulse width to match specification.

Change-Id: Ie8bf016d0f8b89eb1ad990f50a8c058acdabb94d
Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
Signed-off-by: Clint Taylor <clinton.a.taylor@intel.com>
Signed-off-by: Sean Paul <seanpaul@chromium.org>
Link: http://patchwork.freedesktop.org/patch/msgid/1471282288-30909-1-git-send-email-clinton.a.taylor@intel.com
Git-commit: 8f0e4907a8e7545850ae093a0286833f3949e4cb
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Signed-off-by: Navid Bahrani <nbahrani@codeaurora.org>
2017-12-20 16:22:47 -08:00
Subbaraman Narayanamurthy
b5ef1a8168 power: qpnp-fg-gen3: Improve ESR accuracy at cold temperature with Qnovo
When the battery is in cold temperature for a certain amount of
time and device is charged with Qnovo enabled charging, ESR pulse
will fire less frequently. This along with ESR pulses not getting
qualified can cause the ESR to be less accurate. To improve ESR
accuracy, add change to apply relaxed filter coefficients once
the battery temperature starts ramping up after hitting a lower
threshold of say 6 C after charging begins.

CRs-Fixed: 2151708
Change-Id: Iff6c2ffbab1f327dfefcf1550213c37df4a8ad42
Signed-off-by: Subbaraman Narayanamurthy <subbaram@codeaurora.org>
2017-12-20 15:42:23 -08:00
Subbaraman Narayanamurthy
9c228c4a81 power: qpnp-fg-gen3: add support for configuring cutoff current
Add support to configure cutoff current that will be used for
cutoff SOC estimate.

CRs-Fixed: 2160773
Change-Id: I26730f35659a227717a33682683746f13f1175eb
Signed-off-by: Subbaraman Narayanamurthy <subbaram@codeaurora.org>
2017-12-20 15:39:28 -08:00
Subbaraman Narayanamurthy
3615693f74 leds: qpnp-wled: add stepper algorithm using brightness map
Add stepper algorithm support with dynamically calculated step
size or delay based on the brightness level change using the
brightness map table.

To help with running the algorithm efficiently, use a separate
workqueue with high priority to process the brightness levels.

Change-Id: Iea2a8da73b6bee3eaa7b28a12fd82c2a1507db99
Signed-off-by: Subbaraman Narayanamurthy <subbaram@codeaurora.org>
2017-12-20 15:06:21 -08:00
Linux Build Service Account
0c6a32296a Merge "defconfig: msm8998: Enable kernel AIO support" 2017-12-20 12:37:48 -08:00
Linux Build Service Account
a5d34c6937 Merge "msm: ipa: add new IP filtering bitmaps" 2017-12-20 12:37:46 -08:00
Linux Build Service Account
a3cf98624f Merge "msm: ipa: Change error value for set quota" 2017-12-20 12:37:45 -08:00
Linux Build Service Account
86451b3a26 Merge "ARM: dts: msm: Remove blsp1_uart2 on msm8996 telematics vplatform" 2017-12-20 12:37:44 -08:00
Yuanyuan Liu
daee03cd52 icnss: Do not send uevent when driver is unloading
If modem crashed during wlan driver unloading, icnss driver
will call driver uevent callback to send FW down uevent when
it receives BEFORE_SHUTDOWN notification. If wlan driver is
de-initialized just before the callback is called, kernel will
panic as driver's context is freed. This can be avoid by not
sending uevent when wlan host driver is unloading. Instead,
icnss driver will provide an API to host driver to check if
WLAN FW is down or not.

CRs-Fixed: 2161425
Change-Id: I569fd85366522606ececeda74df85c51b9b2fc28
Signed-off-by: Yuanyuan Liu <yuanliu@codeaurora.org>
2017-12-20 10:53:14 -08:00
Martijn Coenen
610c835673 ANDROID: binder: Remove obsolete proc waitqueue.
It was no longer being used.

Change-Id: I7fc42b76f688a459ad990f59fbd7006b96bb91a6
Signed-off-by: Martijn Coenen <maco@android.com>
2017-12-20 16:22:05 +01:00
Rahul Sharma
ecb925ac1e ARM: dts: msm: Enable LDO26 for CDP targets
Camera bridge chip is not getting detected on CDP for automotive platform.
Defined and added regulator LDO26 which needs to be turned on for the chip
to be detected.

Change-Id: I0400bf1430d588852d4143e7b28f33927614ee90
Signed-off-by: Rahul Sharma <sharah@codeaurora.org>
2017-12-20 02:41:51 -08:00
Greg Kroah-Hartman
79f138ac8c This is the 4.4.107 stable release
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlo6J9YACgkQONu9yGCS
 aT7Cdg/8D7+btjAJPjk/suKUBSOpfSkYIoakaVSGf7r7gFv7SkMF023SikLUK+vN
 xa0FL1bYASzXuKgcxY9vB7ZkCDShrglqTCIpbWwHJhwS0fRGTGrMN2MM+opVgeoG
 4ngnEPLue5TqZs3LVrpTySQFODlxnY3C4lpKopN7QNrcr1M5iiMELXCJu/qy6JhC
 ZBsRGUY8GHbouqC0YSqNlrv+C7zbfAlaawIBDSmYm0R4F+TuqoKZlBGAJ9lbALcZ
 pM8OaOXx9v471RhE7Tcsl3Eiz3vKHFKWxG/ZujkSqB21wPq6gd4VuP/wMuelX0GC
 rDTb/nn9Zhmv7UCOn62htlRLrAnSaJ9FlEK+u3TJ+XBGE9gmanH9IjIljCehEZeI
 55Vm7q6IwQT2WvgTzqUoco4AYI37T9pqJ++I1E3jY/zk+bfCIQ1ZMpMXmwAUx738
 m7boO38eRnyXMxqf4hfVQ4BFPkwaxdW/I3LDanE6U85Hw2nI2uZIPHRbVrC6gAPS
 aY9EUFEancxu4mW92mWWKrEnEWs5Jsb313ISAKSU75WwWmZ/tgsUtSzvY7XNPwYr
 G//HbPA5zNFdM1zSO4HQiLYjOqAiwNNAbDEWKoYr8MQpgYbTB4/SgT15mJzw6uTo
 WtKZsIWMYiXVW8cNhQiWAVUJVf66GMlc6kHcyHU7YHH3obZAYXU=
 =DNsf
 -----END PGP SIGNATURE-----

Merge 4.4.107 into android-4.4

Changes in 4.4.107
	crypto: hmac - require that the underlying hash algorithm is unkeyed
	crypto: salsa20 - fix blkcipher_walk API usage
	autofs: fix careless error in recent commit
	tracing: Allocate mask_str buffer dynamically
	USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID
	USB: core: prevent malicious bNumInterfaces overflow
	usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer
	ceph: drop negative child dentries before try pruning inode's alias
	Bluetooth: btusb: driver to enable the usb-wakeup feature
	xhci: Don't add a virt_dev to the devs array before it's fully allocated
	sched/rt: Do not pull from current CPU if only one CPU to pull
	dmaengine: dmatest: move callback wait queue to thread context
	ext4: fix fdatasync(2) after fallocate(2) operation
	ext4: fix crash when a directory's i_size is too small
	KEYS: add missing permission check for request_key() destination
	mac80211: Fix addition of mesh configuration element
	usb: phy: isp1301: Add OF device ID table
	md-cluster: free md_cluster_info if node leave cluster
	userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE
	userfaultfd: selftest: vm: allow to build in vm/ directory
	net: initialize msg.msg_flags in recvfrom
	net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values
	net: bcmgenet: correct MIB access of UniMAC RUNT counters
	net: bcmgenet: reserved phy revisions must be checked first
	net: bcmgenet: power down internal phy if open or resume fails
	net: bcmgenet: Power up the internal PHY before probing the MII
	NFSD: fix nfsd_minorversion(.., NFSD_AVAIL)
	NFSD: fix nfsd_reset_versions for NFSv4.
	Input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list
	drm/omap: fix dmabuf mmap for dma_alloc'ed buffers
	netfilter: bridge: honor frag_max_size when refragmenting
	writeback: fix memory leak in wb_queue_work()
	net: wimax/i2400m: fix NULL-deref at probe
	dmaengine: Fix array index out of bounds warning in __get_unmap_pool()
	net: Resend IGMP memberships upon peer notification.
	mlxsw: reg: Fix SPVM max record count
	mlxsw: reg: Fix SPVMLR max record count
	intel_th: pci: Add Gemini Lake support
	openrisc: fix issue handling 8 byte get_user calls
	scsi: hpsa: update check for logical volume status
	scsi: hpsa: limit outstanding rescans
	fjes: Fix wrong netdevice feature flags
	drm/radeon/si: add dpm quirk for Oland
	sched/deadline: Make sure the replenishment timer fires in the next period
	sched/deadline: Throttle a constrained deadline task activated after the deadline
	sched/deadline: Use deadline instead of period when calculating overflow
	mmc: mediatek: Fixed bug where clock frequency could be set wrong
	drm/radeon: reinstate oland workaround for sclk
	afs: Fix missing put_page()
	afs: Populate group ID from vnode status
	afs: Adjust mode bits processing
	afs: Flush outstanding writes when an fd is closed
	afs: Migrate vlocation fields to 64-bit
	afs: Prevent callback expiry timer overflow
	afs: Fix the maths in afs_fs_store_data()
	afs: Populate and use client modification time
	afs: Fix page leak in afs_write_begin()
	afs: Fix afs_kill_pages()
	net/mlx4_core: Avoid delays during VF driver device shutdown
	perf symbols: Fix symbols__fixup_end heuristic for corner cases
	efi/esrt: Cleanup bad memory map log messages
	NFSv4.1 respect server's max size in CREATE_SESSION
	btrfs: add missing memset while reading compressed inline extents
	target: Use system workqueue for ALUA transitions
	target: fix ALUA transition timeout handling
	target: fix race during implicit transition work flushes
	sfc: don't warn on successful change of MAC
	fbdev: controlfb: Add missing modes to fix out of bounds access
	video: udlfb: Fix read EDID timeout
	video: fbdev: au1200fb: Release some resources if a memory allocation fails
	video: fbdev: au1200fb: Return an error code if a memory allocation fails
	rtc: pcf8563: fix output clock rate
	dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type
	PCI/PME: Handle invalid data when reading Root Status
	powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo
	netfilter: ipvs: Fix inappropriate output of procfs
	powerpc/opal: Fix EBUSY bug in acquiring tokens
	powerpc/ipic: Fix status get and status clear
	target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd()
	iscsi-target: fix memory leak in lio_target_tiqn_addtpg()
	target:fix condition return in core_pr_dump_initiator_port()
	target/file: Do not return error for UNMAP if length is zero
	arm-ccn: perf: Prevent module unload while PMU is in use
	crypto: tcrypt - fix buffer lengths in test_aead_speed()
	mm: Handle 0 flags in _calc_vm_trans() macro
	clk: mediatek: add the option for determining PLL source clock
	clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU
	clk: tegra: Fix cclk_lp divisor register
	ppp: Destroy the mutex when cleanup
	thermal/drivers/step_wise: Fix temperature regulation misbehavior
	GFS2: Take inode off order_write list when setting jdata flag
	bcache: explicitly destroy mutex while exiting
	bcache: fix wrong cache_misses statistics
	l2tp: cleanup l2tp_tunnel_delete calls
	xfs: fix log block underflow during recovery cycle verification
	xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real
	PCI: Detach driver before procfs & sysfs teardown on device remove
	scsi: hpsa: cleanup sas_phy structures in sysfs when unloading
	scsi: hpsa: destroy sas transport properties before scsi_host
	powerpc/perf/hv-24x7: Fix incorrect comparison in memord
	tty fix oops when rmmod 8250
	usb: musb: da8xx: fix babble condition handling
	pinctrl: adi2: Fix Kconfig build problem
	raid5: Set R5_Expanded on parity devices as well as data.
	scsi: scsi_devinfo: Add REPORTLUN2 to EMC SYMMETRIX blacklist entry
	vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend
	scsi: sd: change manage_start_stop to bool in sysfs interface
	scsi: sd: change allow_restart to bool in sysfs interface
	scsi: bfa: integer overflow in debugfs
	udf: Avoid overflow when session starts at large offset
	macvlan: Only deliver one copy of the frame to the macvlan interface
	RDMA/cma: Avoid triggering undefined behavior
	IB/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop
	ath9k: fix tx99 potential info leak
	Linux 4.4.107

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2017-12-20 10:49:07 +01:00
Greg Kroah-Hartman
96c00ece76 Linux 4.4.107 2017-12-20 10:05:01 +01:00
Miaoqing Pan
a815c0a370 ath9k: fix tx99 potential info leak
[ Upstream commit ee0a47186e2fa9aa1c56cadcea470ca0ba8c8692 ]

When the user sets count to zero the string buffer would remain
completely uninitialized which causes the kernel to parse its
own stack data, potentially leading to an info leak. In addition
to that, the string might be not terminated properly when the
user data does not contain a 0-terminator.

Signed-off-by: Miaoqing Pan <miaoqing@codeaurora.org>
Reviewed-by: Christoph Böhmwalder <christoph@boehmwalder.at>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-20 10:05:01 +01:00
Alex Vesker
26c66554d7 IB/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop
[ Upstream commit b4b678b06f6eef18bff44a338c01870234db0bc9 ]

When ndo_open and ndo_stop are called RTNL lock should be held.
In this specific case ipoib_ib_dev_open calls the offloaded ndo_open
which re-sets the number of TX queue assuming RTNL lock is held.
Since RTNL lock is not held, RTNL assert will fail.

Signed-off-by: Alex Vesker <valex@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-20 10:05:01 +01:00
Bart Van Assche
112814db6e RDMA/cma: Avoid triggering undefined behavior
[ Upstream commit c0b64f58e8d49570aa9ee55d880f92c20ff0166b ]

According to the C standard the behavior of computations with
integer operands is as follows:
* A computation involving unsigned operands can never overflow,
  because a result that cannot be represented by the resulting
  unsigned integer type is reduced modulo the number that is one
  greater than the largest value that can be represented by the
  resulting type.
* The behavior for signed integer underflow and overflow is
  undefined.

Hence only use unsigned integers when checking for integer
overflow.

This patch is what I came up with after having analyzed the
following smatch warnings:

drivers/infiniband/core/cma.c:3448: cma_resolve_ib_udp() warn: signed overflow undefined. 'offset + conn_param->private_data_len < conn_param->private_data_len'
drivers/infiniband/core/cma.c:3505: cma_connect_ib() warn: signed overflow undefined. 'offset + conn_param->private_data_len < conn_param->private_data_len'

Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com>
Acked-by: Sean Hefty <sean.hefty@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-20 10:05:01 +01:00
Alexander Duyck
4bbb49138f macvlan: Only deliver one copy of the frame to the macvlan interface
[ Upstream commit dd6b9c2c332b40f142740d1b11fb77c653ff98ea ]

This patch intoduces a slight adjustment for macvlan to address the fact
that in source mode I was seeing two copies of any packet addressed to the
macvlan interface being delivered where there should have been only one.

The issue appears to be that one copy was delivered based on the source MAC
address and then the second copy was being delivered based on the
destination MAC address. To fix it I am just treating a unicast address
match as though it is not a match since source based macvlan isn't supposed
to be matching based on the destination MAC anyway.

Fixes: 79cf79abce ("macvlan: add source mode")
Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-20 10:05:01 +01:00
Jan Kara
b8d510ff71 udf: Avoid overflow when session starts at large offset
[ Upstream commit abdc0eb06964fe1d2fea6dd1391b734d0590365d ]

When session starts beyond offset 2^31 the arithmetics in
udf_check_vsd() would overflow. Make sure the computation is done in
large enough type.

Reported-by: Cezary Sliwa <sliwa@ifpan.edu.pl>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-20 10:05:01 +01:00
Dan Carpenter
a114af87c0 scsi: bfa: integer overflow in debugfs
[ Upstream commit 3e351275655d3c84dc28abf170def9786db5176d ]

We could allocate less memory than intended because we do:

	bfad->regdata = kzalloc(len << 2, GFP_KERNEL);

The shift can overflow leading to a crash.  This is debugfs code so the
impact is very small.  I fixed the network version of this in March with
commit 13e2d5187f6b ("bna: integer overflow bug in debugfs").

Fixes: ab2a9ba189 ("[SCSI] bfa: add debugfs support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-20 10:05:01 +01:00
weiping zhang
798f085014 scsi: sd: change allow_restart to bool in sysfs interface
[ Upstream commit 658e9a6dc1126f21fa417cd213e1cdbff8be0ba2 ]

/sys/class/scsi_disk/0:2:0:0/allow_restart can be changed to 0
unexpectedly by writing an invalid string such as the following:

echo asdf > /sys/class/scsi_disk/0:2:0:0/allow_restart

Signed-off-by: weiping zhang <zhangweiping@didichuxing.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-20 10:05:01 +01:00
weiping zhang
c387c02d60 scsi: sd: change manage_start_stop to bool in sysfs interface
[ Upstream commit 623401ee33e42cee64d333877892be8db02951eb ]

/sys/class/scsi_disk/0:2:0:0/manage_start_stop can be changed to 0
unexpectly by writing an invalid string.

Signed-off-by: weiping zhang <zhangweiping@didichuxing.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-20 10:05:01 +01:00
Jia-Ju Bai
2e03af22f6 vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend
[ Upstream commit 42c8eb3f6e15367981b274cb79ee4657e2c6949d ]

The driver may sleep under a spinlock, and the function call path is:
vt6655_suspend (acquire the spinlock)
  pci_set_power_state
    __pci_start_power_transition (drivers/pci/pci.c)
      msleep --> may sleep

To fix it, pci_set_power_state is called without having a spinlock.

This bug is found by my static analysis tool and my code review.

Signed-off-by: Jia-Ju Bai <baijiaju1990@163.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-20 10:05:01 +01:00
Kurt Garloff
930fb06d16 scsi: scsi_devinfo: Add REPORTLUN2 to EMC SYMMETRIX blacklist entry
[ Upstream commit 909cf3e16a5274fe2127cf3cea5c8dba77b2c412 ]

All EMC SYMMETRIX support REPORT_LUNS, even if configured to report
SCSI-2 for whatever reason.

Signed-off-by: Kurt Garloff <garloff@suse.de>
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-20 10:05:00 +01:00
NeilBrown
24bc48af0a raid5: Set R5_Expanded on parity devices as well as data.
[ Upstream commit 235b6003fb28f0dd8e7ed8fbdb088bb548291766 ]

When reshaping a fully degraded raid5/raid6 to a larger
nubmer of devices, the new device(s) are not in-sync
and so that can make the newly grown stripe appear to be
"failed".
To avoid this, we set the R5_Expanded flag to say "Even though
this device is not fully in-sync, this block is safe so
don't treat the device as failed for this stripe".
This flag is set for data devices, not not for parity devices.

Consequently, if you have a RAID6 with two devices that are partly
recovered and a spare, and start a reshape to include the spare,
then when the reshape gets past the point where the recovery was
up to, it will think the stripes are failed and will get into
an infinite loop, failing to make progress.

So when contructing parity on an EXPAND_READY stripe,
set R5_Expanded.

Reported-by: Curt <lightspd@gmail.com>
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Shaohua Li <shli@fb.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-20 10:05:00 +01:00
Linus Walleij
09379498af pinctrl: adi2: Fix Kconfig build problem
[ Upstream commit 1c363531dd814dc4fe10865722bf6b0f72ce4673 ]

The build robot is complaining on Blackfin:

drivers/pinctrl/pinctrl-adi2.c: In function 'port_setup':
>> drivers/pinctrl/pinctrl-adi2.c:221:21: error: dereferencing
   pointer to incomplete type 'struct gpio_port_t'
      writew(readw(&regs->port_fer) & ~BIT(offset),
                        ^~
drivers/pinctrl/pinctrl-adi2.c: In function 'adi_gpio_ack_irq':
>> drivers/pinctrl/pinctrl-adi2.c:266:18: error: dereferencing
pointer to incomplete type 'struct bfin_pint_regs'
      if (readl(&regs->invert_set) & pintbit)
                     ^~
It seems the driver need to include <asm/gpio.h> and <asm/irq.h>
to compile.

The Blackfin architecture was re-defining the Kconfig
PINCTRL symbol which is not OK, so replaced this with
PINCTRL_BLACKFIN_ADI2 which selects PINCTRL and PINCTRL_ADI2
just like most arches do.

Further, the old GPIO driver symbol GPIO_ADI was possible to
select at the same time as selecting PINCTRL. This was not
working because the arch-local <asm/gpio.h> header contains
an explicit #ifndef PINCTRL clause making compilation break
if you combine them. The same is true for DEBUG_MMRS.

Make sure the ADI2 pinctrl driver is not selected at the same
time as the old GPIO implementation. (This should be converted
to use gpiolib or pincontrol and move to drivers/...) Also make
sure the old GPIO_ADI driver or DEBUG_MMRS is not selected at
the same time as the new PINCTRL implementation, and only make
PINCTRL_ADI2 selectable for the Blackfin families that actually
have it.

This way it is still possible to add e.g. I2C-based pin
control expanders on the Blackfin.

Cc: Steven Miao <realmz6@gmail.com>
Cc: Huanhuan Feng <huanhuan.feng@analog.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-20 10:05:00 +01:00
Bin Liu
5f2dbdff20 usb: musb: da8xx: fix babble condition handling
commit bd3486ded7a0c313a6575343e6c2b21d14476645 upstream.

When babble condition happens, the musb controller might automatically
turns off VBUS. On DA8xx platform, the controller generates drvvbus
interrupt for turning off VBUS along with the babble interrupt.

In this case, we should handle the babble interrupt first and recover
from the babble condition.

This change ignores the drvvbus interrupt if babble interrupt is also
generated at the same time, so the babble recovery routine works
properly.

Signed-off-by: Bin Liu <b-liu@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-20 10:05:00 +01:00
nixiaoming
68d3bc40f5 tty fix oops when rmmod 8250
[ Upstream commit c79dde629d2027ca80329c62854a7635e623d527 ]

After rmmod 8250.ko
tty_kref_put starts kwork (release_one_tty) to release proc interface
oops when accessing driver->driver_name in proc_tty_unregister_driver

Use jprobe, found driver->driver_name point to 8250.ko
static static struct uart_driver serial8250_reg
.driver_name= serial,

Use name in proc_dir_entry instead of driver->driver_name to fix oops

test on linux 4.1.12:

BUG: unable to handle kernel paging request at ffffffffa01979de
IP: [<ffffffff81310f40>] strchr+0x0/0x30
PGD 1a0d067 PUD 1a0e063 PMD 851c1f067 PTE 0
Oops: 0000 [#1] PREEMPT SMP
Modules linked in: ... ...  [last unloaded: 8250]
CPU: 7 PID: 116 Comm: kworker/7:1 Tainted: G           O    4.1.12 #1
Hardware name: Insyde RiverForest/Type2 - Board Product Name1, BIOS NE5KV904 12/21/2015
Workqueue: events release_one_tty
task: ffff88085b684960 ti: ffff880852884000 task.ti: ffff880852884000
RIP: 0010:[<ffffffff81310f40>]  [<ffffffff81310f40>] strchr+0x0/0x30
RSP: 0018:ffff880852887c90  EFLAGS: 00010282
RAX: ffffffff81a5eca0 RBX: ffffffffa01979de RCX: 0000000000000004
RDX: ffff880852887d10 RSI: 000000000000002f RDI: ffffffffa01979de
RBP: ffff880852887cd8 R08: 0000000000000000 R09: ffff88085f5d94d0
R10: 0000000000000195 R11: 0000000000000000 R12: ffffffffa01979de
R13: ffff880852887d00 R14: ffffffffa01979de R15: ffff88085f02e840
FS:  0000000000000000(0000) GS:ffff88085f5c0000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffa01979de CR3: 0000000001a0c000 CR4: 00000000001406e0
Stack:
 ffffffff812349b1 ffff880852887cb8 ffff880852887d10 ffff88085f5cd6c2
 ffff880852800a80 ffffffffa01979de ffff880852800a84 0000000000000010
 ffff88085bb28bd8 ffff880852887d38 ffffffff812354f0 ffff880852887d08
Call Trace:
 [<ffffffff812349b1>] ? __xlate_proc_name+0x71/0xd0
 [<ffffffff812354f0>] remove_proc_entry+0x40/0x180
 [<ffffffff815f6811>] ? _raw_spin_lock_irqsave+0x41/0x60
 [<ffffffff813be520>] ? destruct_tty_driver+0x60/0xe0
 [<ffffffff81237c68>] proc_tty_unregister_driver+0x28/0x40
 [<ffffffff813be548>] destruct_tty_driver+0x88/0xe0
 [<ffffffff813be5bd>] tty_driver_kref_put+0x1d/0x20
 [<ffffffff813becca>] release_one_tty+0x5a/0xd0
 [<ffffffff81074159>] process_one_work+0x139/0x420
 [<ffffffff810745a1>] worker_thread+0x121/0x450
 [<ffffffff81074480>] ? process_scheduled_works+0x40/0x40
 [<ffffffff8107a16c>] kthread+0xec/0x110
 [<ffffffff81080000>] ? tg_rt_schedulable+0x210/0x220
 [<ffffffff8107a080>] ? kthread_freezable_should_stop+0x80/0x80
 [<ffffffff815f7292>] ret_from_fork+0x42/0x70
 [<ffffffff8107a080>] ? kthread_freezable_should_stop+0x80/0x80

Signed-off-by: nixiaoming <nixiaoming@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-20 10:05:00 +01:00
Michael Ellerman
afa8f0a7af powerpc/perf/hv-24x7: Fix incorrect comparison in memord
[ Upstream commit 05c14c03138532a3cb2aa29c2960445c8753343b ]

In the hv-24x7 code there is a function memord() which tries to
implement a sort function return -1, 0, 1. However one of the
conditions is incorrect, such that it can never be true, because we
will have already returned.

I don't believe there is a bug in practice though, because the
comparisons are an optimisation prior to calling memcmp().

Fix it by swapping the second comparision, so it can be true.

Reported-by: David Binderman <dcb314@hotmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-20 10:05:00 +01:00
Martin Wilck
28a5b0e438 scsi: hpsa: destroy sas transport properties before scsi_host
[ Upstream commit dfb2e6f46b3074eb85203d8f0888b71ec1c2e37a ]

This patch cleans up a lot of warnings when unloading the driver.

A current example of the stack trace starts with:
    [  142.570715] sysfs group 'power' not found for kobject 'port-5:0'
There can be hundreds of these messages during a driver unload.

I am resubmitting this patch on behalf of Martin Wilck with his
permission.

His original patch can be found here:
https://www.spinics.net/lists/linux-scsi/msg102085.html

This patch did not help until Hannes's
commit 9441284fbc39 ("scsi-fixup-kernel-warning-during-rmmod")
was applied to the kernel.

---------------------------
Original patch description:
---------------------------

Unloading the hpsa driver causes warnings

[ 1063.793652] WARNING: CPU: 1 PID: 4850 at ../fs/sysfs/group.c:237 device_del+0x54/0x240()
[ 1063.793659] sysfs group ffffffff81cf21a0 not found for kobject 'port-2:0'

with two different stacks:
1)
[ 1063.793774]  [<ffffffff81448af4>] device_del+0x54/0x240
[ 1063.793780]  [<ffffffff8145178a>] transport_remove_classdev+0x4a/0x60
[ 1063.793784]  [<ffffffff81451216>] attribute_container_device_trigger+0xa6/0xb0
[ 1063.793802]  [<ffffffffa0105d46>] sas_port_delete+0x126/0x160 [scsi_transport_sas]
[ 1063.793819]  [<ffffffffa036ebcc>] hpsa_free_sas_port+0x3c/0x70 [hpsa]

2)
[ 1063.797103]  [<ffffffff81448af4>] device_del+0x54/0x240
[ 1063.797118]  [<ffffffffa0105d4e>] sas_port_delete+0x12e/0x160 [scsi_transport_sas]
[ 1063.797134]  [<ffffffffa036ebcc>] hpsa_free_sas_port+0x3c/0x70 [hpsa]

This is caused by the fact that host device hostX is deleted before the
SAS transport devices hostX/port-a:b.

This patch fixes this by reverting the order of device deletions.

Tested-by: Don Brace <don.brace@microsemi.com>
Reviewed-by: Don Brace <don.brace@microsemi.com>
Signed-off-by: Martin Wilck <mwilck@suse.de>
Signed-off-by: Don Brace <don.brace@microsemi.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-20 10:05:00 +01:00
Martin Wilck
942eb7dd5e scsi: hpsa: cleanup sas_phy structures in sysfs when unloading
[ Upstream commit 55ca38b4255bb336c2d35990bdb2b368e19b435a ]

I am resubmitting this patch on behalf of Martin Wilck with his
permission.

The original patch can be found here:
https://www.spinics.net/lists/linux-scsi/msg102083.html

This patch did not help until Hannes's
commit 9441284fbc39 ("scsi-fixup-kernel-warning-during-rmmod")
was applied to the kernel.

--------------------------------------
Original patch description from Martin:
--------------------------------------

When the hpsa module is unloaded using rmmod, dangling
symlinks remain under /sys/class/sas_phy. Fix this by
calling sas_phy_delete() rather than sas_phy_free (which,
according to comments, should not be called for PHYs that
have been set up successfully, anyway).

Tested-by: Don Brace <don.brace@microsemi.com>
Reviewed-by: Don Brace <don.brace@microsemi.com>
Signed-off-by: Martin Wilck <mwilck@suse.de>
Signed-off-by: Don Brace <don.brace@microsemi.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-20 10:05:00 +01:00
Alex Williamson
ec662d6560 PCI: Detach driver before procfs & sysfs teardown on device remove
[ Upstream commit 16b6c8bb687cc3bec914de09061fcb8411951fda ]

When removing a device, for example a VF being removed due to SR-IOV
teardown, a "soft" hot-unplug via 'echo 1 > remove' in sysfs, or an actual
hot-unplug, we first remove the procfs and sysfs attributes for the device
before attempting to release the device from any driver bound to it.
Unbinding the driver from the device can take time.  The device might need
to write out data or it might be actively in use.  If it's in use by
userspace through a vfio driver, the unbind might block until the user
releases the device.  This leads to a potentially non-trivial amount of
time where the device exists, but we've torn down the interfaces that
userspace uses to examine devices, for instance lspci might generate this
sort of error:

  pcilib: Cannot open /sys/bus/pci/devices/0000:01:0a.3/config
  lspci: Unable to read the standard configuration space header of device 0000:01:0a.3

We don't seem to have any dependence on this teardown ordering in the
kernel, so let's unbind the driver first, which is also more symmetric with
the instantiation of the device in pci_bus_add_device().

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-20 10:05:00 +01:00
Christoph Hellwig
02922f3bb3 xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real
[ Upstream commit 5e422f5e4fd71d18bc6b851eeb3864477b3d842e ]

There was one spot in xfs_bmap_add_extent_unwritten_real that didn't use the
passed in new extent state but always converted to normal, leading to wrong
behavior when converting from normal to unwritten.

Only found by code inspection, it seems like this code path to move partial
extent from written to unwritten while merging it with the next extent is
rarely exercised.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-20 10:05:00 +01:00
Brian Foster
f267a1390b xfs: fix log block underflow during recovery cycle verification
[ Upstream commit 9f2a4505800607e537e9dd9dea4f55c4b0c30c7a ]

It is possible for mkfs to format very small filesystems with too
small of an internal log with respect to the various minimum size
and block count requirements. If this occurs when the log happens to
be smaller than the scan window used for cycle verification and the
scan wraps the end of the log, the start_blk calculation in
xlog_find_head() underflows and leads to an attempt to scan an
invalid range of log blocks. This results in log recovery failure
and a failed mount.

Since there may be filesystems out in the wild with this kind of
geometry, we cannot simply refuse to mount. Instead, cap the scan
window for cycle verification to the size of the physical log. This
ensures that the cycle verification proceeds as expected when the
scan wraps the end of the log.

Reported-by: Zorro Lang <zlang@redhat.com>
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-20 10:04:59 +01:00
Jiri Slaby
92eff81ad9 l2tp: cleanup l2tp_tunnel_delete calls
[ Upstream commit 4dc12ffeaeac939097a3f55c881d3dc3523dff0c ]

l2tp_tunnel_delete does not return anything since commit 62b982eeb458
("l2tp: fix race condition in l2tp_tunnel_delete").  But call sites of
l2tp_tunnel_delete still do casts to void to avoid unused return value
warnings.

Kill these now useless casts.

Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Cc: Sabrina Dubroca <sd@queasysnail.net>
Cc: Guillaume Nault <g.nault@alphalink.fr>
Cc: David S. Miller <davem@davemloft.net>
Cc: netdev@vger.kernel.org
Acked-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-20 10:04:59 +01:00
tang.junhui
230c4ba404 bcache: fix wrong cache_misses statistics
[ Upstream commit c157313791a999646901b3e3c6888514ebc36d62 ]

Currently, Cache missed IOs are identified by s->cache_miss, but actually,
there are many situations that missed IOs are not assigned a value for
s->cache_miss in cached_dev_cache_miss(), for example, a bypassed IO
(s->iop.bypass = 1), or the cache_bio allocate failed. In these situations,
it will go to out_put or out_submit, and s->cache_miss is null, which leads
bch_mark_cache_accounting() to treat this IO as a hit IO.

[ML: applied by 3-way merge]

Signed-off-by: tang.junhui <tang.junhui@zte.com.cn>
Reviewed-by: Michael Lyle <mlyle@lyle.org>
Reviewed-by: Coly Li <colyli@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-20 10:04:59 +01:00
Liang Chen
2712523730 bcache: explicitly destroy mutex while exiting
[ Upstream commit 330a4db89d39a6b43f36da16824eaa7a7509d34d ]

mutex_destroy does nothing most of time, but it's better to call
it to make the code future proof and it also has some meaning
for like mutex debug.

As Coly pointed out in a previous review, bcache_exit() may not be
able to handle all the references properly if userspace registers
cache and backing devices right before bch_debug_init runs and
bch_debug_init failes later. So not exposing userspace interface
until everything is ready to avoid that issue.

Signed-off-by: Liang Chen <liangchen.linux@gmail.com>
Reviewed-by: Michael Lyle <mlyle@lyle.org>
Reviewed-by: Coly Li <colyli@suse.de>
Reviewed-by: Eric Wheeler <bcache@linux.ewheeler.net>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-20 10:04:59 +01:00