AgeCommit message (Collapse)AuthorFilesLines
2016-05-10Merge branch 'nps_enet-fixes'David S. Miller2-8/+24
Elad Kanfi says: ==================== nps_enet: Net driver bugs fix v3: tx_packet_sent flag is not necessary, use socket buffer pointer instead. Use wmb() instead of smp_wmb(). v2: Remove code style commit for now. Code style commit will be added after the bugs fix will be approved. Summary: 1. Bug description: TX done interrupts that arrives while interrupts are masked, during NAPI poll, will not trigger an interrupt handling. Since TX interrupt is of level edge we will lose the TX done interrupt. As a result all pending tx frames will get no service. Solution: Check if there is a pending tx request after unmasking the interrupt and if answer is yes then re-add ourselves to the NAPI poll list. 2. Bug description: CPU-A before sending a frame will set a variable to true. CPU-B that executes the tx done interrupt service routine might read a non valid value of that variable. Solution: Use the socket buffer pointer instead of the variable, and add a write memory barrier at the tx sending function after the pointer is set. ==================== Signed-off-by: David S. Miller <>
2016-05-10net: nps_enet: bug fix - handle lost tx interruptsElad Kanfi1-0/+15
The tx interrupt is of edge type, and in case such interrupt is triggered while it is masked it will not be handled even after tx interrupts are re-enabled in the end of NAPI poll. This will cause tx network to stop in the following scenario: * Rx is being handled, hence interrupts are masked. * Tx interrupt is triggered after checking if there is some tx to handle and before re-enabling the interrupts. In this situation only rx transaction will release tx requests. In order to handle the tx that was missed( if there was one ), a NAPI reschdule was added after enabling the interrupts. Signed-off-by: Elad Kanfi <> Acked-by: Noam Camus <> Acked-by: Gilad Ben-Yossef <> Signed-off-by: David S. Miller <>
2016-05-10net: nps_enet: Tx handler synchronizationElad Kanfi2-8/+9
Below is a description of a possible problematic sequence. CPU-A is sending a frame and CPU-B handles the interrupt that indicates the frame was sent. CPU-B reads an invalid value of tx_packet_sent. CPU-A CPU-B ----- ----- nps_enet_send_frame . . tx_skb = skb tx_packet_sent = true order HW to start tx . . HW complete tx ------> get tx complete interrupt . . if(tx_packet_sent == true) handle tx_skb end memory transaction (tx_packet_sent actually written) Furthermore there is a dependency between tx_skb and tx_packet_sent. There is no assurance that tx_skb contains a valid pointer at CPU B when it sees tx_packet_sent == true. Solution: Initialize tx_skb to NULL and use it to indicate that packet was sent, in this way tx_packet_sent can be removed. Add a write memory barrier after setting tx_skb in order to make sure that it is valid before HW is informed and IRQ is fired. Fixed sequence will be: CPU-A CPU-B ----- ----- tx_skb = skb wmb() . . order HW to start tx . . HW complete tx ------> get tx complete interrupt . . if(tx_skb != NULL) handle tx_skb tx_skb = NULL Signed-off-by: Elad Kanfi <> Acked-by: Noam Camus <> Acked-by: Gilad Ben-Yossef <> Signed-off-by: David S. Miller <>
2016-05-10Merge tag 'pci-v4.6-fixes-3' of ↵Linus Torvalds1-2/+4
git:// Pull PCI fixes from Bjorn Helgaas: "Since v4.5, we've WARNed during resume if a PCI device, including a Thunderbolt device, was added while we were suspended. A change we merged for v4.6-rc1 turned that warning into a system hang. These enumeration patches from Lukas Wunner fix this issue: - Fix BUG on device attach failure - Do not treat EPROBE_DEFER as device attach failure" * tag 'pci-v4.6-fixes-3' of git:// PCI: Do not treat EPROBE_DEFER as device attach failure PCI: Fix BUG on device attach failure
2016-05-10regulator: da9063: Correct module alias prefix to fix module autoloadingGeert Uytterhoeven1-1/+1
s/paltform/platform/ Signed-off-by: Geert Uytterhoeven <> Signed-off-by: Mark Brown <>
2016-05-10Merge branch 'x86-urgent-for-linus' of ↵Linus Torvalds3-1/+20
git:// Pull x86 fixes from Ingo Molnar: "Two topology corner case fixes, and a MAINTAINERS file update for mmiotrace maintenance" * 'x86-urgent-for-linus' of git:// x86/topology: Set x86_max_cores to 1 for CONFIG_SMP=n MAINTAINERS: Add mmiotrace entry x86/topology: Handle CPUID bogosity gracefully
2016-05-10Merge branch 'sched-urgent-for-linus' of ↵Linus Torvalds3-1/+10
git:// Pull scheduler fixes from Ingo Molnar: "A UP kernel cpufreq fix and a rt/dl scheduler corner case fix" * 'sched-urgent-for-linus' of git:// sched/rt, sched/dl: Don't push if task's scheduling class was changed sched/fair: Fix !CONFIG_SMP kernel cpufreq governor breakage
2016-05-10kvmconfig: add more virtio driversAndrey Utkin1-0/+3
"make defconfig kvmconfig" is supposed to end up with usable kernel for KVM guest. In practice, it won't work for e.g. Hetzner VPS (KVM-based) unless you add these options. Signed-off-by: Andrey Utkin <> Signed-off-by: Paolo Bonzini <>
2016-05-10x86/kvm: Add stack frame dependency to fastop() inline asmJosh Poimboeuf1-1/+5
The kbuild test robot reported this objtool warning [1]: arch/x86/kvm/emulate.o: warning: objtool: fastop()+0x69: call without frame pointer save/setup The issue seems to be caused by CONFIG_PROFILE_ALL_BRANCHES. With that option, for some reason gcc decides not to create a stack frame in fastop() before doing the inline asm call, which can result in a bad stack trace. Force a stack frame to be created if CONFIG_FRAME_POINTER is enabled by listing the stack pointer as an output operand for the inline asm statement. This change has no effect for !CONFIG_PROFILE_ALL_BRANCHES. [1] Reported-by: kbuild test robot <> Signed-off-by: Josh Poimboeuf <> Acked-by: Ingo Molnar <> Signed-off-by: Paolo Bonzini <>
2016-05-10ALSA: hda - Fix subwoofer pin on ASUS N751 and N551Yura Pakhuchiy1-0/+12
Subwoofer does not work out of the box on ASUS N751/N551 laptops. This patch fixes it. Patch tested on N751 laptop. N551 part is not tested, but according to [1] and [2] this laptop requires similar changes, so I included them in the patch. 1. 2. Bugzilla: Signed-off-by: Yura Pakhuchiy <> Cc: <> Signed-off-by: Takashi Iwai <>
2016-05-10Merge tag 'at91-fixes' of ↵Arnd Bergmann1-1/+1
git:// into fixes Merge "at91: fixes for 4.6 #1" from Nicolas Ferre: Here is a late fix for AT91. Sorry to have figure it out so late in the development cycle but we had to confirm it was an error with the documentation of two products. So, as the compatibility string is in since 4.6-rc1 and that the previous one works okay, it's a good opportunity to switch back to the one that works without introducing a intermediary bug. The revert on driver code and the removal of the useless additional compatibility string will be queued for 4.7 through NAND/MTD. * tag 'at91-fixes' of git:// ARM: dts: at91: sama5d2: use "atmel,sama5d3-nfc" compatible for nfc
2016-05-10ALSA: hda - Fix broken reconfigTakashi Iwai1-8/+0
The HD-audio reconfig function got broken in the recent kernels, typically resulting in a failure like: snd_hda_intel 0000:00:1b.0: control 3:0:0:Playback Channel Map:0 is already present This is because of the code restructuring to move the PCM and control instantiation into the codec drive probe, by the commit [bcd96557bd0a: ALSA: hda - Build PCMs and controls at codec driver probe]. Although the commit above removed the calls of snd_hda_codec_build_pcms() and *_build_controls() at the controller driver probe, the similar calls in the reconfig were still left forgotten. This caused the conflicting and duplicated PCMs and controls. The fix is trivial: just remove these superfluous calls from reconfig_codec(). Fixes: bcd96557bd0a ('ALSA: hda - Build PCMs and controls at codec driver probe') Reported-by: Jochen Henneberg <> Cc: <> # v4.1+ Signed-off-by: Takashi Iwai <>
2016-05-10sched/rt, sched/dl: Don't push if task's scheduling class was changedXunlei Pang2-0/+2
We got this warning: WARNING: CPU: 1 PID: 2468 at kernel/sched/core.c:1161 set_task_cpu+0x1af/0x1c0 [...] Call Trace: dump_stack+0x63/0x87 __warn+0xd1/0xf0 warn_slowpath_null+0x1d/0x20 set_task_cpu+0x1af/0x1c0 push_dl_task.part.34+0xea/0x180 push_dl_tasks+0x17/0x30 __balance_callback+0x45/0x5c __sched_setscheduler+0x906/0xb90 SyS_sched_setattr+0x150/0x190 do_syscall_64+0x62/0x110 entry_SYSCALL64_slow_path+0x25/0x25 This corresponds to: WARN_ON_ONCE(p->state == TASK_RUNNING && p->sched_class == &fair_sched_class && (p->on_rq && !task_on_rq_migrating(p))) It happens because in find_lock_later_rq(), the task whose scheduling class was changed to fair class is still pushed away as if it were a deadline task ... So, check in find_lock_later_rq() after double_lock_balance(), if the scheduling class of the deadline task was changed, break and retry. Apply the same logic to RT tasks. Signed-off-by: Xunlei Pang <> Reviewed-by: Steven Rostedt <> Acked-by: Peter Zijlstra <> Cc: Peter Zijlstra <> Cc: Steven Rostedt <> Cc: Juri Lelli <> Link: Signed-off-by: Ingo Molnar <>
2016-05-10drm/i915: Bail out of pipe config compute loop on LPTDaniel Vetter1-1/+7
LPT is pch, so might run into the fdi bandwidth constraint (especially since it has only 2 lanes). But right now we just force pipe_bpp back to 24, resulting in a nice loop (which we bail out with a loud WARN_ON). Fix this. Cc: Chris Wilson <> Cc: Maarten Lankhorst <> References: Signed-off-by: Daniel Vetter <> Tested-by: Chris Wilson <> Signed-off-by: Maarten Lankhorst <> Cc: Signed-off-by: Daniel Vetter <> Link: (cherry picked from commit f58a1acc7e4a1f37d26124ce4c875c647fbcc61f) Signed-off-by: Jani Nikula <>
2016-05-10x86/topology: Set x86_max_cores to 1 for CONFIG_SMP=nThomas Gleixner1-1/+1
Josef reported that the uncore driver trips over with CONFIG_SMP=n because x86_max_cores is 16 instead of 12. The reason is, that for SMP=n the extended topology detection is a NOOP and the cache leaf is used to determine the number of cores. That's wrong in two aspects: 1) The cache leaf enumerates the maximum addressable number of cores in the package, which is obviously not correct 2) UP has no business with topology bits at all. Make intel_num_cpu_cores() return 1 for CONFIG_SMP=n Reported-by: Josef Bacik <> Signed-off-by: Thomas Gleixner <> Cc: Peter Zijlstra <> Cc: kernel-team <> Cc: Kan Liang <> Link:
2016-05-10ARM: dts: at91: sama5d2: use "atmel,sama5d3-nfc" compatible for nfcWenyou Yang1-1/+1
An error in documentation of the NAND Flash Controller (NFC) led to choose another compatibility string for sama5d2 with an impact on the NAND flash ready/busy information. It was producing the error message: atmel_nand 80000000.nand: Time out to wait for interrupt: 0x08000000 and had an impact on performance. So, switch back to the classical "atmel,sama5d3-nfc" compatibility string for this SoC which gives the proper ready/busy bit information. The NAND flash driver will be updated to remove the support for this different implementation. Signed-off-by: Wenyou Yang <> Acked-by: Romain Izard <> [ change commit message] Signed-off-by: Nicolas Ferre <>
2016-05-10export tc ife uapi headerJamal Hadi Salim1-0/+1
Signed-off-by: Jamal Hadi Salim <> Signed-off-by: David S. Miller <>
2016-05-10Merge tag 'wireless-drivers-for-davem-2016-05-09' of ↵David S. Miller1-35/+48
git:// Kalle Valo says: ==================== wireless-drivers fixes for 4.6 iwlwifi * fix P2P rates (and possibly other issues) ==================== Signed-off-by: David S. Miller <>
2016-05-10Merge git:// S. Miller3-1/+4
Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contain Netfilter simple fixes for your net tree, two one-liner and one two-liner: 1) Oneliner to fix missing spinlock definition that triggers 'BUG: spinlock bad magic on CPU#' when spinlock debugging is enabled, from Florian Westphal. 2) Fix missing workqueue cancelation on IDLETIMER removal, from Liping Zhang. 3) Fix insufficient validation of netlink of NFACCT_QUOTA in nfnetlink_acct, from Phil Turnbull. ==================== Signed-off-by: David S. Miller <>
2016-05-10net: thunderx: avoid exposing kernel stackxypron.glpk@gmx.de1-0/+4
Reserved fields should be set to zero to avoid exposing bits from the kernel stack. Signed-off-by: Heinrich Schuchardt <> Signed-off-by: David S. Miller <>
2016-05-09net: fix a kernel infoleak in x25 moduleKangjie Lu1-0/+1
Stack object "dte_facilities" is allocated in x25_rx_call_request(), which is supposed to be initialized in x25_negotiate_facilities. However, 5 fields (8 bytes in total) are not initialized. This object is then copied to userland via copy_to_user, thus infoleak occurs. Signed-off-by: Kangjie Lu <> Signed-off-by: David S. Miller <>
2016-05-09ravb: Add missing free_irq() call to ravb_close()Geert Uytterhoeven1-0/+2
When reopening the network device on ra7795/salvator-x, e.g. after a DHCP timeout: IP-Config: Reopening network devices... genirq: Flags mismatch irq 139. 00000000 (eth0:ch24:emac) vs. 00000000 (eth0:ch24:emac) ravb e6800000.ethernet eth0: cannot request IRQ eth0:ch24:emac IP-Config: Failed to open eth0 IP-Config: No network devices available The "mismatch" is due to requesting an IRQ that is already in use, while IRQF_PROBE_SHARED wasn't set. However, the real cause is that ravb_close() doesn't release the R-Car Gen3-specific secondary IRQ. Add the missing free_irq() call to fix this. Fixes: 22d4df8ff3a3cc72 ("ravb: Add support for r8a7795 SoC") Signed-off-by: Geert Uytterhoeven <> Acked-by: Sergei Shtylyov <> Signed-off-by: David S. Miller <>
2016-05-09uapi glibc compat: fix compile errors when glibc net/if.h included before ↵Mikko Rapeli2-0/+72
linux/if.h glibc's net/if.h contains copies of definitions from linux/if.h and these conflict and cause build failures if both files are included by application source code. Changes in uapi headers, which fixed header file dependencies to include linux/if.h when it was needed, e.g. commit 1ffad83d, made the net/if.h and linux/if.h incompatibilities visible as build failures for userspace applications like iproute2 and xtables-addons. This patch fixes compile errors when glibc net/if.h is included before linux/if.h: ./linux/if.h:99:21: error: redeclaration of enumerator ‘IFF_NOARP’ ./linux/if.h:98:23: error: redeclaration of enumerator ‘IFF_RUNNING’ ./linux/if.h:97:26: error: redeclaration of enumerator ‘IFF_NOTRAILERS’ ./linux/if.h:96:27: error: redeclaration of enumerator ‘IFF_POINTOPOINT’ ./linux/if.h:95:24: error: redeclaration of enumerator ‘IFF_LOOPBACK’ ./linux/if.h:94:21: error: redeclaration of enumerator ‘IFF_DEBUG’ ./linux/if.h:93:25: error: redeclaration of enumerator ‘IFF_BROADCAST’ ./linux/if.h:92:19: error: redeclaration of enumerator ‘IFF_UP’ ./linux/if.h:252:8: error: redefinition of ‘struct ifconf’ ./linux/if.h:203:8: error: redefinition of ‘struct ifreq’ ./linux/if.h:169:8: error: redefinition of ‘struct ifmap’ ./linux/if.h:107:23: error: redeclaration of enumerator ‘IFF_DYNAMIC’ ./linux/if.h:106:25: error: redeclaration of enumerator ‘IFF_AUTOMEDIA’ ./linux/if.h:105:23: error: redeclaration of enumerator ‘IFF_PORTSEL’ ./linux/if.h:104:25: error: redeclaration of enumerator ‘IFF_MULTICAST’ ./linux/if.h:103:21: error: redeclaration of enumerator ‘IFF_SLAVE’ ./linux/if.h:102:22: error: redeclaration of enumerator ‘IFF_MASTER’ ./linux/if.h:101:24: error: redeclaration of enumerator ‘IFF_ALLMULTI’ ./linux/if.h:100:23: error: redeclaration of enumerator ‘IFF_PROMISC’ The cases where linux/if.h is included before net/if.h need a similar fix in the glibc side, or the order of include files can be changed userspace code as a workaround. This change was tested in x86 userspace on Debian unstable with scripts/ $ make headers_install && \ cd usr/include && ../../scripts/ -l -k ... cc -Wall -c -nostdinc -I /usr/lib/gcc/i586-linux-gnu/5/include -I /usr/lib/gcc/i586-linux-gnu/5/include-fixed -I . -I /home/mcfrisk/src/linux-2.6/usr/headers_compile_test_include.2uX2zH -I /home/mcfrisk/src/linux-2.6/usr/headers_compile_test_include.2uX2zH/i586-linux-gnu -o /dev/null ./linux/if.h_libc_before_kernel.h PASSED libc before kernel test: ./linux/if.h Reported-by: Jan Engelhardt <> Reported-by: Josh Boyer <> Reported-by: Stephen Hemminger <> Reported-by: Waldemar Brodkorb <> Cc: Gabriel Laskar <> Signed-off-by: Mikko Rapeli <> Signed-off-by: David S. Miller <>
2016-05-09Merge branch 'libnvdimm-fixes' of ↵Linus Torvalds1-2/+2
git:// Pull libnvdimm build fix from Dan Williams: "A build fix for the usage of HPAGE_SIZE in the last libnvdimm pull request. I have taken note that the kbuild robot build success test does not include results for alpha_allmodconfig. Thanks to Guenter for the report. It's tagged for -stable since the original fix will land there and cause build problems" * 'libnvdimm-fixes' of git:// libnvdimm, pfn: fix ARCH=alpha allmodconfig build failure
2016-05-09perf/core: Change the default paranoia level to 2Andy Lutomirski2-2/+2
Allowing unprivileged kernel profiling lets any user dump follow kernel control flow and dump kernel registers. This most likely allows trivial kASLR bypassing, and it may allow other mischief as well. (Off the top of my head, the PERF_SAMPLE_REGS_INTR output during /dev/urandom reads could be quite interesting.) Signed-off-by: Andy Lutomirski <> Acked-by: Kees Cook <> Signed-off-by: Linus Torvalds <>
2016-05-09Merge branch 'akpm' (patches from Andrew)Linus Torvalds2-3/+6
Merge fixes from Andrew Morton: "2 fixes" * emailed patches from Andrew Morton <>: zsmalloc: fix zs_can_compact() integer overflow Revert "proc/base: make prompt shell start from new line after executing "cat /proc/$pid/wchan""
2016-05-09zsmalloc: fix zs_can_compact() integer overflowSergey Senozhatsky1-2/+5
zs_can_compact() has two race conditions in its core calculation: unsigned long obj_wasted = zs_stat_get(class, OBJ_ALLOCATED) - zs_stat_get(class, OBJ_USED); 1) classes are not locked, so the numbers of allocated and used objects can change by the concurrent ops happening on other CPUs 2) shrinker invokes it from preemptible context Depending on the circumstances, thus, OBJ_ALLOCATED can become less than OBJ_USED, which can result in either very high or negative `total_scan' value calculated later in do_shrink_slab(). do_shrink_slab() has some logic to prevent those cases: vmscan: shrink_slab: zs_shrinker_scan+0x0/0x28 [zsmalloc] negative objects to delete nr=-62 vmscan: shrink_slab: zs_shrinker_scan+0x0/0x28 [zsmalloc] negative objects to delete nr=-62 vmscan: shrink_slab: zs_shrinker_scan+0x0/0x28 [zsmalloc] negative objects to delete nr=-64 vmscan: shrink_slab: zs_shrinker_scan+0x0/0x28 [zsmalloc] negative objects to delete nr=-62 vmscan: shrink_slab: zs_shrinker_scan+0x0/0x28 [zsmalloc] negative objects to delete nr=-62 vmscan: shrink_slab: zs_shrinker_scan+0x0/0x28 [zsmalloc] negative objects to delete nr=-62 However, due to the way `total_scan' is calculated, not every shrinker->count_objects() overflow can be spotted and handled. To demonstrate the latter, I added some debugging code to do_shrink_slab() (x86_64) and the results were: vmscan: OVERFLOW: shrinker->count_objects() == -1 [18446744073709551615] vmscan: but total_scan > 0: 92679974445502 vmscan: resulting total_scan: 92679974445502 [..] vmscan: OVERFLOW: shrinker->count_objects() == -1 [18446744073709551615] vmscan: but total_scan > 0: 22634041808232578 vmscan: resulting total_scan: 22634041808232578 Even though shrinker->count_objects() has returned an overflowed value, the resulting `total_scan' is positive, and, what is more worrisome, it is insanely huge. This value is getting used later on in shrinker->scan_objects() loop: while (total_scan >= batch_size || total_scan >= freeable) { unsigned long ret; unsigned long nr_to_scan = min(batch_size, total_scan); shrinkctl->nr_to_scan = nr_to_scan; ret = shrinker->scan_objects(shrinker, shrinkctl); if (ret == SHRINK_STOP) break; freed += ret; count_vm_events(SLABS_SCANNED, nr_to_scan); total_scan -= nr_to_scan; cond_resched(); } `total_scan >= batch_size' is true for a very-very long time and 'total_scan >= freeable' is also true for quite some time, because `freeable < 0' and `total_scan' is large enough, for example, 22634041808232578. The only break condition, in the given scheme of things, is shrinker->scan_objects() == SHRINK_STOP test, which is a bit too weak to rely on, especially in heavy zsmalloc-usage scenarios. To fix the issue, take a pool stat snapshot and use it instead of racy zs_stat_get() calls. Link: Signed-off-by: Sergey Senozhatsky <> Cc: Minchan Kim <> Cc: <> [4.3+] Signed-off-by: Andrew Morton <> Signed-off-by: Linus Torvalds <>
2016-05-09Revert "proc/base: make prompt shell start from new line after executing ↵Robin Humble1-1/+1
"cat /proc/$pid/wchan"" This reverts the 4.6-rc1 commit 7e2bc81da333 ("proc/base: make prompt shell start from new line after executing "cat /proc/$pid/wchan") because it breaks /proc/$PID/whcan formatting in ps and top. Revert also because the patch is inconsistent - it adds a newline at the end of only the '0' wchan, and does not add a newline when /proc/$PID/wchan contains a symbol name. eg. $ ps -eo pid,stat,wchan,comm PID STAT WCHAN COMMAND ... 1189 S - dbus-launch 1190 Ssl 0 dbus-daemon 1198 Sl 0 lightdm 1299 Ss ep_pol systemd 1301 S - (sd-pam) 1304 Ss wait sh Signed-off-by: Robin Humble <> Cc: Minfei Huang <> Signed-off-by: Andrew Morton <> Signed-off-by: Linus Torvalds <>
2016-05-09Input: twl6040-vibra - fix DT node memory managementH. Nikolaus Schaller1-0/+1
commit e7ec014a47e4 ("Input: twl6040-vibra - update for device tree support") made the separate vibra DT node to a subnode of the twl6040. It now calls of_find_node_by_name() to locate the "vibra" subnode. This function has a side effect to call of_node_put on() for the twl6040 parent node passed in as a parameter. This causes trouble later on. Solution: we must call of_node_get() before of_find_node_by_name() Signed-off-by: H. Nikolaus Schaller <> Signed-off-by: Dmitry Torokhov <>
2016-05-09Merge branch 'linus' of ↵Linus Torvalds5-11/+36
git:// Pull crypto fixes from Herbert Xu: "This fixes the following issues: - bug in ahash SG list walking that may lead to crashes - resource leak in qat - missing RSA dependency that causes it to fail" * 'linus' of git:// crypto: rsa - select crypto mgr dependency crypto: hash - Fix page length clamping in hash walk crypto: qat - fix adf_ctl_drv.c:undefined reference to adf_init_pf_wq crypto: qat - fix invalid pf2vf_resp_wq logic
2016-05-09Merge git:// Torvalds36-100/+190
Pull networking fixes from David Miller: 1) Check klogctl failure correctly, from Colin Ian King. 2) Prevent OOM when under memory pressure in flowcache, from Steffen Klassert. 3) Fix info leak in llc and rtnetlink ifmap code, from Kangjie Lu. 4) Memory barrier and multicast handling fixes in bnxt_en, from Michael Chan. 5) Endianness bug in mlx5, from Daniel Jurgens. 6) Fix disconnect handling in VSOCK, from Ian Campbell. 7) Fix locking of netdev list walking in get_bridge_ifindices(), from Nikolay Aleksandrov. 8) Bridge multicast MLD parser can look at wrong packet offsets, fix from Linus Lüssing. 9) Fix chip hang in qede driver, from Sudarsana Reddy Kalluru. 10) Fix missing setting of encapsulation before inner handling completes in udp_offload code, from Jarno Rajahalme. 11) Missing rollbacks during LAG join and flood configuration failures in mlxsw driver, from Ido Schimmel. 12) Fix error code checks in netxen driver, from Dan Carpenter. 13) Fix key size in new macsec driver, from Sabrina Dubroca. 14) Fix mlx5/VXLAN dependencies, from Arnd Bergmann. * git:// (29 commits) net/mlx5e: make VXLAN support conditional Revert "net/mlx5: Kconfig: Fix MLX5_EN/VXLAN build issue" macsec: key identifier is 128 bits, not 64 Documentation/networking: more accurate LCO explanation macvtap: segmented packet is consumed tools: bpf_jit_disasm: check for klogctl failure qede: uninitialized variable in qede_start_xmit() netxen: netxen_rom_fast_read() doesn't return -1 netxen: reversed condition in netxen_nic_set_link_parameters() netxen: fix error handling in netxen_get_flash_block() mlxsw: spectrum: Add missing rollback in flood configuration mlxsw: spectrum: Fix rollback order in LAG join failure udp_offload: Set encapsulation before inner completes. udp_tunnel: Remove redundant udp_tunnel_gro_complete(). qede: prevent chip hang when increasing channels net: ipv6: tcp reset, icmp need to consider L3 domain bridge: fix igmp / mld query parsing net: bridge: fix old ioctl unlocked net device walk VSOCK: do not disconnect socket when peer has shutdown SEND only net/mlx4_en: Fix endianness bug in IPV6 csum calculation ...
2016-05-09compiler-gcc: require gcc 4.8 for powerpc __builtin_bswap16()Josh Poimboeuf1-1/+1
gcc support for __builtin_bswap16() was supposedly added for powerpc in gcc 4.6, and was then later added for other architectures in gcc 4.8. However, Stephen Rothwell reported that attempting to use it on powerpc in gcc 4.6 fails with: lib/vsprintf.c:160:2: error: initializer element is not constant lib/vsprintf.c:160:2: error: (near initialization for 'decpair[0]') lib/vsprintf.c:160:2: error: initializer element is not constant lib/vsprintf.c:160:2: error: (near initialization for 'decpair[1]') ... I'm not entirely sure what those errors mean, but I don't see them on gcc 4.8. So let's consider gcc 4.8 to be the official starting point for __builtin_bswap16(). Arnd Bergmann adds: "I found the commit in gcc-4.8 that replaced the powerpc-specific implementation of __builtin_bswap16 with an architecture-independent one. Apparently the powerpc version (gcc-4.6 and 4.7) just mapped to the lhbrx/sthbrx instructions, so it ended up not being a constant, though the intent of the patch was mainly to add support for the builtin to x86: has the patch that went into gcc-4.8 and more information." Fixes: 7322dd755e7d ("byteswap: try to avoid __builtin_constant_p gcc bug") Reported-by: Stephen Rothwell <> Tested-by: Stephen Rothwell <> Acked-by: Arnd Bergmann <> Signed-off-by: Josh Poimboeuf <> Signed-off-by: Stephen Rothwell <> Signed-off-by: Linus Torvalds <>
2016-05-09Input: max8997-haptic - fix NULL pointer dereferenceMarek Szyprowski1-2/+4
NULL pointer derefence happens when booting with DTB because the platform data for haptic device is not set in supplied data from parent MFD device. The MFD device creates only platform data (from Device Tree) for itself, not for haptic child. Unable to handle kernel NULL pointer dereference at virtual address 0000009c pgd = c0004000 [0000009c] *pgd=00000000 Internal error: Oops: 5 [#1] PREEMPT SMP ARM (max8997_haptic_probe) from [<c03f9cec>] (platform_drv_probe+0x4c/0xb0) (platform_drv_probe) from [<c03f8440>] (driver_probe_device+0x214/0x2c0) (driver_probe_device) from [<c03f8598>] (__driver_attach+0xac/0xb0) (__driver_attach) from [<c03f67ac>] (bus_for_each_dev+0x68/0x9c) (bus_for_each_dev) from [<c03f7a38>] (bus_add_driver+0x1a0/0x218) (bus_add_driver) from [<c03f8db0>] (driver_register+0x78/0xf8) (driver_register) from [<c0101774>] (do_one_initcall+0x90/0x1d8) (do_one_initcall) from [<c0a00dbc>] (kernel_init_freeable+0x15c/0x1fc) (kernel_init_freeable) from [<c06bb5b4>] (kernel_init+0x8/0x114) (kernel_init) from [<c0107938>] (ret_from_fork+0x14/0x3c) Signed-off-by: Marek Szyprowski <> Cc: <> Fixes: 104594b01ce7 ("Input: add driver support for MAX8997-haptic") [k.kozlowski: Write commit message, add CC-stable] Signed-off-by: Krzysztof Kozlowski <> Signed-off-by: Dmitry Torokhov <>
2016-05-09Input: byd - update copyright headerChris Diamand1-0/+4
As pointed out by Richard, the changes to the comment got missed off the absolute mode patch somehow. Signed-off-by: Chris Diamand <> Signed-off-by: Dmitry Torokhov <>
2016-05-09cgroup, kernfs: make mountinfo show properly scoped path for cgroup namespacesSerge E. Hallyn3-0/+79
Patch summary: When showing a cgroupfs entry in mountinfo, show the path of the mount root dentry relative to the reader's cgroup namespace root. Short explanation (courtesy of mkerrisk): If we create a new cgroup namespace, then we want both /proc/self/cgroup and /proc/self/mountinfo to show cgroup paths that are correctly virtualized with respect to the cgroup mount point. Previous to this patch, /proc/self/cgroup shows the right info, but /proc/self/mountinfo does not. Long version: When a uid 0 task which is in freezer cgroup /a/b, unshares a new cgroup namespace, and then mounts a new instance of the freezer cgroup, the new mount will be rooted at /a/b. The root dentry field of the mountinfo entry will show '/a/b'. cat > /tmp/do1 << EOF mount -t cgroup -o freezer freezer /mnt grep freezer /proc/self/mountinfo EOF unshare -Gm bash /tmp/do1 > 330 160 0:34 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,freezer > 355 133 0:34 /a/b /mnt rw,relatime - cgroup freezer rw,freezer The task's freezer cgroup entry in /proc/self/cgroup will simply show '/': grep freezer /proc/self/cgroup 9:freezer:/ If instead the same task simply bind mounts the /a/b cgroup directory, the resulting mountinfo entry will again show /a/b for the dentry root. However in this case the task will find its own cgroup at /mnt/a/b, not at /mnt: mount --bind /sys/fs/cgroup/freezer/a/b /mnt 130 25 0:34 /a/b /mnt rw,nosuid,nodev,noexec,relatime shared:21 - cgroup cgroup rw,freezer In other words, there is no way for the task to know, based on what is in mountinfo, which cgroup directory is its own. Example (by mkerrisk): First, a little script to save some typing and verbiage: echo -e "\t/proc/self/cgroup:\t$(cat /proc/self/cgroup | grep freezer)" cat /proc/self/mountinfo | grep freezer | awk '{print "\tmountinfo:\t\t" $4 "\t" $5}' Create cgroup, place this shell into the cgroup, and look at the state of the /proc files: 2653 2653 # Our shell 14254 # cat(1) /proc/self/cgroup: 10:freezer:/a/b mountinfo: / /sys/fs/cgroup/freezer Create a shell in new cgroup and mount namespaces. The act of creating a new cgroup namespace causes the process's current cgroups directories to become its cgroup root directories. (Here, I'm using my own version of the "unshare" utility, which takes the same options as the util-linux version): Look at the state of the /proc files: /proc/self/cgroup: 10:freezer:/ mountinfo: / /sys/fs/cgroup/freezer The third entry in /proc/self/cgroup (the pathname of the cgroup inside the hierarchy) is correctly virtualized w.r.t. the cgroup namespace, which is rooted at /a/b in the outer namespace. However, the info in /proc/self/mountinfo is not for this cgroup namespace, since we are seeing a duplicate of the mount from the old mount namespace, and the info there does not correspond to the new cgroup namespace. However, trying to create a new mount still doesn't show us the right information in mountinfo: # propagating to other mountns /proc/self/cgroup: 7:freezer:/ mountinfo: /a/b /mnt/freezer The act of creating a new cgroup namespace caused the process's current freezer directory, "/a/b", to become its cgroup freezer root directory. In other words, the pathname directory of the directory within the newly mounted cgroup filesystem should be "/", but mountinfo wrongly shows us "/a/b". The consequence of this is that the process in the cgroup namespace cannot correctly construct the pathname of its cgroup root directory from the information in /proc/PID/mountinfo. With this patch, the dentry root field in mountinfo is shown relative to the reader's cgroup namespace. So the same steps as above: /proc/self/cgroup: 10:freezer:/a/b mountinfo: / /sys/fs/cgroup/freezer /proc/self/cgroup: 10:freezer:/ mountinfo: /../.. /sys/fs/cgroup/freezer /proc/self/cgroup: 10:freezer:/ mountinfo: / /mnt/freezer cgroup.clone_children freezer.parent_freezing freezer.state tasks cgroup.procs freezer.self_freezing notify_on_release 3164 2653 # First shell that placed in this cgroup 3164 # Shell started by 'unshare' 14197 # cat(1) Signed-off-by: Serge Hallyn <> Tested-by: Michael Kerrisk <> Acked-by: Michael Kerrisk <> Signed-off-by: Tejun Heo <>
2016-05-09crypto: testmgr - Use kmalloc memory for RSA inputHerbert Xu1-5/+22
As akcipher uses an SG interface, you must not use vmalloc memory as input for it. This patch fixes testmgr to copy the vmalloc test vectors to kmalloc memory before running the test. This patch also removes a superfluous sg_virt call in do_test_rsa. Cc: <> Reported-by: Anatoly Pugachev <> Signed-off-by: Herbert Xu <>
2016-05-09ALSA: hda - Fix white noise on Asus UX501VW headsetKaho Ng1-0/+1
For reducing the noise from the headset output on ASUS UX501VW, call the existing fixup, alc_fixup_headset_mode_alc668(), additionally. Thread: Signed-off-by: Kaho Ng <> Cc: <> Signed-off-by: Takashi Iwai <>
2016-05-09Merge branch 'mlx5-build-fix'David S. Miller5-4/+24
Saeed Mahameed says: ==================== net/mlx5e: Kconfig fixes for VxLAN Reposting to net the build errors fixes posted by Arnd last week. Originally Arnd posted those fixes to net-next, while the issue is also seen in net. For net-next a different approach is required for fixing the issue as VXLAN and Device Drivers are no longer dependent, but there is no harm for those fixes to get into net-next. Optionally, once net is merged into net-next we can Revert "net/mlx5e: make VXLAN support conditional" as the CONFIG_MLX5_CORE_EN_VXLAN will no longer be required. Applied on top: 288928658583 ('mlxsw: spectrum: Add missing rollback in flood configuration') ==================== Signed-off-by: David S. Miller <>
2016-05-09net/mlx5e: make VXLAN support conditionalArnd Bergmann5-3/+24
VXLAN can be disabled at compile-time or it can be a loadable module while mlx5 is built-in, which leads to a link error: drivers/net/built-in.o: In function `mlx5e_create_netdev': ntb_netdev.c:(.text+0x106de4): undefined reference to `vxlan_get_rx_port' This avoids the link error and makes the vxlan code optional, like the other ethernet drivers do as well. Link: Fixes: b3f63c3d5e2c ("net/mlx5e: Add netdev support for VXLAN tunneling") Signed-off-by: Arnd Bergmann <> Signed-off-by: Saeed Mahameed <> Signed-off-by: David S. Miller <>
2016-05-09Revert "net/mlx5: Kconfig: Fix MLX5_EN/VXLAN build issue"Arnd Bergmann1-1/+0
This reverts commit 69976fb1045850a742deb9790ea49cbc6f497531. We cannot select VXLAN when IPv4 support is disabled, that just gives us additional build errors, including: warning: (MLX5_CORE_EN) selects VXLAN which has unmet direct dependencies (NETDEVICES && NET_CORE && INET) In file included from ../drivers/net/vxlan.c:36:0: include/net/udp_tunnel.h: In function 'udp_tunnel_handle_offloads': include/net/udp_tunnel.h:112:9: error: implicit declaration of function 'iptunnel_handle_offloads' [-Werror=implicit-function-declaration] return iptunnel_handle_offloads(skb, type); ^~~~~~~~~~~~~~~~~~~~~~~~ I'm sending a proper fix for the original bug in a separate patch. Signed-off-by: Arnd Bergmann <> Signed-off-by: Saeed Mahameed <> Signed-off-by: David S. Miller <>
2016-05-09macsec: key identifier is 128 bits, not 64Sabrina Dubroca2-7/+16
The MACsec standard mentions a key identifier for each key, but doesn't specify anything about it, so I arbitrarily chose 64 bits. IEEE 802.1X-2010 specifies MKA (MACsec Key Agreement), and defines the key identifier to be 128 bits (96 bits "member identifier" + 32 bits "key number"). Signed-off-by: Sabrina Dubroca <> Acked-by: Hannes Frederic Sowa <> Signed-off-by: David S. Miller <>
2016-05-08Documentation/networking: more accurate LCO explanationShmulik Ladkani1-7/+7
In few places the term "ones-complement sum" was used but the actual meaning is "the complement of the ones-complement sum". Also, avoid enclosing long statements with underscore, to ease readability. Signed-off-by: Shmulik Ladkani <> Acked-by: Edward Cree <> Signed-off-by: David S. Miller <>
2016-05-08macvtap: segmented packet is consumedEric Dumazet1-1/+1
If GSO packet is segmented and its segments are properly queued, we call consume_skb() instead of kfree_skb() to be drop monitor friendly. Fixes: 3e4f8b7873709 ("macvtap: Perform GSO on forwarding path.") Signed-off-by: Eric Dumazet <> Cc: Vlad Yasevich <> Reviewed-by: Shmulik Ladkani <> Signed-off-by: David S. Miller <>
2016-05-08tools: bpf_jit_disasm: check for klogctl failureColin Ian King1-0/+3
klogctl can fail and return -ve len, so check for this and return NULL to avoid passing a (size_t)-1 to malloc. Signed-off-by: Colin Ian King <> Acked-by: Daniel Borkmann <> Signed-off-by: David S. Miller <>
2016-05-08qede: uninitialized variable in qede_start_xmit()Dan Carpenter1-1/+1
"data_split" was never set to false. It's just uninitialized. Fixes: 2950219d87b0 ('qede: Add basic network device support') Signed-off-by: Dan Carpenter <> Signed-off-by: David S. Miller <>
2016-05-08Linux 4.6-rc7Linus Torvalds1-1/+1
2016-05-08MAINTAINERS: Add mmiotrace entryIngo Molnar1-0/+14
The Nouveau maintainers would like to follow and review mmiotrace changes as well, so create a separate entry for that code. The high level bits are living in the tracing code, the low level bits in the x86 code. Acked-by: Steven Rostedt <> Acked-by: Pekka Paalanen <> Acked-by: karol herbst <> Cc: Cc: Linus Torvalds <> Cc: Andrew Morton <> Cc: Thomas Gleixner <> Cc: Peter Zijlstra <> Signed-off-by: Ingo Molnar <>
2016-05-07get_rock_ridge_filename(): handle malformed NM entriesAl Viro1-3/+10
Payloads of NM entries are not supposed to contain NUL. When we run into such, only the part prior to the first NUL goes into the concatenation (i.e. the directory entry name being encoded by a bunch of NM entries). We do stop when the amount collected so far + the claimed amount in the current NM entry exceed 254. So far, so good, but what we return as the total length is the sum of *claimed* sizes, not the actual amount collected. And that can grow pretty large - not unlimited, since you'd need to put CE entries in between to be able to get more than the maximum that could be contained in one isofs directory entry / continuation chunk and we are stop once we'd encountered 32 CEs, but you can get about 8Kb easily. And that's what will be passed to readdir callback as the name length. 8Kb __copy_to_user() from a buffer allocated by __get_free_page() Cc: # 0.98pl6+ (yes, really) Signed-off-by: Al Viro <>
2016-05-07netxen: netxen_rom_fast_read() doesn't return -1Dan Carpenter1-1/+2
The error handling is broken here. netxen_rom_fast_read() returns zero on success and -EIO on error. It never returns -1. Signed-off-by: Dan Carpenter <> Signed-off-by: David S. Miller <>
2016-05-07netxen: reversed condition in netxen_nic_set_link_parameters()Dan Carpenter1-1/+1
My static checker complains that we are using "autoneg" without initializing it. The problem is the ->phy_read() condition is reversed so we only set this on error instead of success. Signed-off-by: Dan Carpenter <> Signed-off-by: David S. Miller <>