1. 03 Feb, 2017 16 commits
    • Michal Hocko's avatar
      mm, fs: check for fatal signals in do_generic_file_read() · 5abf186a
      Michal Hocko authored
      do_generic_file_read() can be told to perform a large request from
      userspace.  If the system is under OOM and the reading task is the OOM
      victim then it has an access to memory reserves and finishing the full
      request can lead to the full memory depletion which is dangerous.  Make
      sure we rather go with a short read and allow the killed task to
      terminate.
      
      Link: http://lkml.kernel.org/r/20170201092706.9966-3-mhocko@kernel.orgSigned-off-by: default avatarMichal Hocko <mhocko@suse.com>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      5abf186a
    • Michal Hocko's avatar
      fs: break out of iomap_file_buffered_write on fatal signals · d1908f52
      Michal Hocko authored
      Tetsuo has noticed that an OOM stress test which performs large write
      requests can cause the full memory reserves depletion.  He has tracked
      this down to the following path
      
      	__alloc_pages_nodemask+0x436/0x4d0
      	alloc_pages_current+0x97/0x1b0
      	__page_cache_alloc+0x15d/0x1a0          mm/filemap.c:728
      	pagecache_get_page+0x5a/0x2b0           mm/filemap.c:1331
      	grab_cache_page_write_begin+0x23/0x40   mm/filemap.c:2773
      	iomap_write_begin+0x50/0xd0             fs/iomap.c:118
      	iomap_write_actor+0xb5/0x1a0            fs/iomap.c:190
      	? iomap_write_end+0x80/0x80             fs/iomap.c:150
      	iomap_apply+0xb3/0x130                  fs/iomap.c:79
      	iomap_file_buffered_write+0x68/0xa0     fs/iomap.c:243
      	? iomap_write_end+0x80/0x80
      	xfs_file_buffered_aio_write+0x132/0x390 [xfs]
      	? remove_wait_queue+0x59/0x60
      	xfs_file_write_iter+0x90/0x130 [xfs]
      	__vfs_write+0xe5/0x140
      	vfs_write+0xc7/0x1f0
      	? syscall_trace_enter+0x1d0/0x380
      	SyS_write+0x58/0xc0
      	do_syscall_64+0x6c/0x200
      	entry_SYSCALL64_slow_path+0x25/0x25
      
      the oom victim has access to all memory reserves to make a forward
      progress to exit easier.  But iomap_file_buffered_write and other
      callers of iomap_apply loop to complete the full request.  We need to
      check for fatal signals and back off with a short write instead.
      
      As the iomap_apply delegates all the work down to the actor we have to
      hook into those.  All callers that work with the page cache are calling
      iomap_write_begin so we will check for signals there.  dax_iomap_actor
      has to handle the situation explicitly because it copies data to the
      userspace directly.  Other callers like iomap_page_mkwrite work on a
      single page or iomap_fiemap_actor do not allocate memory based on the
      given len.
      
      Fixes: 68a9f5e7 ("xfs: implement iomap based buffered write path")
      Link: http://lkml.kernel.org/r/20170201092706.9966-2-mhocko@kernel.orgSigned-off-by: default avatarMichal Hocko <mhocko@suse.com>
      Reported-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: <stable@vger.kernel.org>	[4.8+]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      d1908f52
    • Toshi Kani's avatar
      base/memory, hotplug: fix a kernel oops in show_valid_zones() · a96dfddb
      Toshi Kani authored
      Reading a sysfs "memoryN/valid_zones" file leads to the following oops
      when the first page of a range is not backed by struct page.
      show_valid_zones() assumes that 'start_pfn' is always valid for
      page_zone().
      
       BUG: unable to handle kernel paging request at ffffea017a000000
       IP: show_valid_zones+0x6f/0x160
      
      This issue may happen on x86-64 systems with 64GiB or more memory since
      their memory block size is bumped up to 2GiB.  [1] An example of such
      systems is desribed below.  0x3240000000 is only aligned by 1GiB and
      this memory block starts from 0x3200000000, which is not backed by
      struct page.
      
       BIOS-e820: [mem 0x0000003240000000-0x000000603fffffff] usable
      
      Since test_pages_in_a_zone() already checks holes, fix this issue by
      extending this function to return 'valid_start' and 'valid_end' for a
      given range.  show_valid_zones() then proceeds with the valid range.
      
      [1] 'Commit bdee237c ("x86: mm: Use 2GB memory block size on
          large-memory x86-64 systems")'
      
      Link: http://lkml.kernel.org/r/20170127222149.30893-3-toshi.kani@hpe.comSigned-off-by: default avatarToshi Kani <toshi.kani@hpe.com>
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: Zhang Zhen <zhenzhang.zhang@huawei.com>
      Cc: Reza Arbab <arbab@linux.vnet.ibm.com>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Dan Williams <dan.j.williams@intel.com>
      Cc: <stable@vger.kernel.org>	[4.4+]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      a96dfddb
    • Toshi Kani's avatar
      mm/memory_hotplug.c: check start_pfn in test_pages_in_a_zone() · deb88a2a
      Toshi Kani authored
      Patch series "fix a kernel oops when reading sysfs valid_zones", v2.
      
      A sysfs memory file is created for each 2GiB memory block on x86-64 when
      the system has 64GiB or more memory.  [1] When the start address of a
      memory block is not backed by struct page, i.e.  a memory range is not
      aligned by 2GiB, reading its 'valid_zones' attribute file leads to a
      kernel oops.  This issue was observed on multiple x86-64 systems with
      more than 64GiB of memory.  This patch-set fixes this issue.
      
      Patch 1 first fixes an issue in test_pages_in_a_zone(), which does not
      test the start section.
      
      Patch 2 then fixes the kernel oops by extending test_pages_in_a_zone()
      to return valid [start, end).
      
      Note for stable kernels: The memory block size change was made by commit
      bdee237c ("x86: mm: Use 2GB memory block size on large-memory x86-64
      systems"), which was accepted to 3.9.  However, this patch-set depends
      on (and fixes) the change to test_pages_in_a_zone() made by commit
      5f0f2887 ("mm/memory_hotplug.c: check for missing sections in
      test_pages_in_a_zone()"), which was accepted to 4.4.
      
      So, I recommend that we backport it up to 4.4.
      
      [1] 'Commit bdee237c ("x86: mm: Use 2GB memory block size on
          large-memory x86-64 systems")'
      
      This patch (of 2):
      
      test_pages_in_a_zone() does not check 'start_pfn' when it is aligned by
      section since 'sec_end_pfn' is set equal to 'pfn'.  Since this function
      is called for testing the range of a sysfs memory file, 'start_pfn' is
      always aligned by section.
      
      Fix it by properly setting 'sec_end_pfn' to the next section pfn.
      
      Also make sure that this function returns 1 only when the range belongs
      to a zone.
      
      Link: http://lkml.kernel.org/r/20170127222149.30893-2-toshi.kani@hpe.comSigned-off-by: default avatarToshi Kani <toshi.kani@hpe.com>
      Cc: Andrew Banman <abanman@sgi.com>
      Cc: Reza Arbab <arbab@linux.vnet.ibm.com>
      Cc: Greg KH <greg@kroah.com>
      Cc: <stable@vger.kernel.org>	[4.4+]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      deb88a2a
    • David Lin's avatar
      jump label: pass kbuild_cflags when checking for asm goto support · 35f860f9
      David Lin authored
      Some versions of ARM GCC compiler such as Android toolchain throws in a
      '-fpic' flag by default.  This causes the gcc-goto check script to fail
      although some config would have '-fno-pic' flag in the KBUILD_CFLAGS.
      
      This patch passes the KBUILD_CFLAGS to the check script so that the
      script does not rely on the default config from different compilers.
      
      Link: http://lkml.kernel.org/r/20170120234329.78868-1-dtwlin@google.comSigned-off-by: default avatarDavid Lin <dtwlin@google.com>
      Acked-by: default avatarSteven Rostedt <rostedt@goodmis.org>
      Cc: Michal Marek <mmarek@suse.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      35f860f9
    • Kirill A. Shutemov's avatar
      shmem: fix sleeping from atomic context · 253fd0f0
      Kirill A. Shutemov authored
      Syzkaller fuzzer managed to trigger this:
      
          BUG: sleeping function called from invalid context at mm/shmem.c:852
          in_atomic(): 1, irqs_disabled(): 0, pid: 529, name: khugepaged
          3 locks held by khugepaged/529:
           #0:  (shrinker_rwsem){++++..}, at: [<ffffffff818d7ef1>] shrink_slab.part.59+0x121/0xd30 mm/vmscan.c:451
           #1:  (&type->s_umount_key#29){++++..}, at: [<ffffffff81a63630>] trylock_super+0x20/0x100 fs/super.c:392
           #2:  (&(&sbinfo->shrinklist_lock)->rlock){+.+.-.}, at: [<ffffffff818fd83e>] spin_lock include/linux/spinlock.h:302 [inline]
           #2:  (&(&sbinfo->shrinklist_lock)->rlock){+.+.-.}, at: [<ffffffff818fd83e>] shmem_unused_huge_shrink+0x28e/0x1490 mm/shmem.c:427
          CPU: 2 PID: 529 Comm: khugepaged Not tainted 4.10.0-rc5+ #201
          Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
          Call Trace:
             shmem_undo_range+0xb20/0x2710 mm/shmem.c:852
             shmem_truncate_range+0x27/0xa0 mm/shmem.c:939
             shmem_evict_inode+0x35f/0xca0 mm/shmem.c:1030
             evict+0x46e/0x980 fs/inode.c:553
             iput_final fs/inode.c:1515 [inline]
             iput+0x589/0xb20 fs/inode.c:1542
             shmem_unused_huge_shrink+0xbad/0x1490 mm/shmem.c:446
             shmem_unused_huge_scan+0x10c/0x170 mm/shmem.c:512
             super_cache_scan+0x376/0x450 fs/super.c:106
             do_shrink_slab mm/vmscan.c:378 [inline]
             shrink_slab.part.59+0x543/0xd30 mm/vmscan.c:481
             shrink_slab mm/vmscan.c:2592 [inline]
             shrink_node+0x2c7/0x870 mm/vmscan.c:2592
             shrink_zones mm/vmscan.c:2734 [inline]
             do_try_to_free_pages+0x369/0xc80 mm/vmscan.c:2776
             try_to_free_pages+0x3c6/0x900 mm/vmscan.c:2982
             __perform_reclaim mm/page_alloc.c:3301 [inline]
             __alloc_pages_direct_reclaim mm/page_alloc.c:3322 [inline]
             __alloc_pages_slowpath+0xa24/0x1c30 mm/page_alloc.c:3683
             __alloc_pages_nodemask+0x544/0xae0 mm/page_alloc.c:3848
             __alloc_pages include/linux/gfp.h:426 [inline]
             __alloc_pages_node include/linux/gfp.h:439 [inline]
             khugepaged_alloc_page+0xc2/0x1b0 mm/khugepaged.c:750
             collapse_huge_page+0x182/0x1fe0 mm/khugepaged.c:955
             khugepaged_scan_pmd+0xfdf/0x12a0 mm/khugepaged.c:1208
             khugepaged_scan_mm_slot mm/khugepaged.c:1727 [inline]
             khugepaged_do_scan mm/khugepaged.c:1808 [inline]
             khugepaged+0xe9b/0x1590 mm/khugepaged.c:1853
             kthread+0x326/0x3f0 kernel/kthread.c:227
             ret_from_fork+0x31/0x40 arch/x86/entry/entry_64.S:430
      
      The iput() from atomic context was a bad idea: if after igrab() somebody
      else calls iput() and we left with the last inode reference, our iput()
      would lead to inode eviction and therefore sleeping.
      
      This patch should fix the situation.
      
      Link: http://lkml.kernel.org/r/20170131093141.GA15899@node.shutemov.nameSigned-off-by: default avatarKirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Reported-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      253fd0f0
    • Peter Zijlstra's avatar
      kasan: respect /proc/sys/kernel/traceoff_on_warning · 4f40c6e5
      Peter Zijlstra authored
      After much waiting I finally reproduced a KASAN issue, only to find my
      trace-buffer empty of useful information because it got spooled out :/
      
      Make kasan_report honour the /proc/sys/kernel/traceoff_on_warning
      interface.
      
      Link: http://lkml.kernel.org/r/20170125164106.3514-1-aryabinin@virtuozzo.comSigned-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
      Signed-off-by: default avatarAndrey Ryabinin <aryabinin@virtuozzo.com>
      Acked-by: default avatarAlexander Potapenko <glider@google.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Steven Rostedt <rostedt@goodmis.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      4f40c6e5
    • Dan Streetman's avatar
      zswap: disable changing params if init fails · d7b028f5
      Dan Streetman authored
      Add zswap_init_failed bool that prevents changing any of the module
      params, if init_zswap() fails, and set zswap_enabled to false.  Change
      'enabled' param to a callback, and check zswap_init_failed before
      allowing any change to 'enabled', 'zpool', or 'compressor' params.
      
      Any driver that is built-in to the kernel will not be unloaded if its
      init function returns error, and its module params remain accessible for
      users to change via sysfs.  Since zswap uses param callbacks, which
      assume that zswap has been initialized, changing the zswap params after
      a failed initialization will result in WARNING due to the param
      callbacks expecting a pool to already exist.  This prevents that by
      immediately exiting any of the param callbacks if initialization failed.
      
      This was reported here:
        https://marc.info/?l=linux-mm&m=147004228125528&w=4
      
      And fixes this WARNING:
        [  429.723476] WARNING: CPU: 0 PID: 5140 at mm/zswap.c:503 __zswap_pool_current+0x56/0x60
      
      The warning is just noise, and not serious.  However, when init fails,
      zswap frees all its percpu dstmem pages and its kmem cache.  The kmem
      cache might be serious, if kmem_cache_alloc(NULL, gfp) has problems; but
      the percpu dstmem pages are definitely a problem, as they're used as
      temporary buffer for compressed pages before copying into place in the
      zpool.
      
      If the user does get zswap enabled after an init failure, then zswap
      will likely Oops on the first page it tries to compress (or worse, start
      corrupting memory).
      
      Fixes: 90b0fc26 ("zswap: change zpool/compressor at runtime")
      Link: http://lkml.kernel.org/r/20170124200259.16191-2-ddstreet@ieee.orgSigned-off-by: default avatarDan Streetman <dan.streetman@canonical.com>
      Reported-by: default avatarMarcin Miroslaw <marcin@mejor.pl>
      Cc: Seth Jennings <sjenning@redhat.com>
      Cc: Michal Hocko <mhocko@kernel.org>
      Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
      Cc: Minchan Kim <minchan@kernel.org>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      d7b028f5
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-for-v4.10-rc7' of git://people.freedesktop.org/~airlied/linux · 79c9089f
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Another fixes pull for v4.10, it's a bit big due to the backport of
        the VMA fixes for i915 that should fix the oops on shutdown problems
        that you've worked around.
      
        There are also two drm core connector registration fixes, a bunch of
        nouveau regression fixes and two AMD fixes"
      
      * tag 'drm-fixes-for-v4.10-rc7' of git://people.freedesktop.org/~airlied/linux:
        drm/radeon: Fix vram_size/visible values in DRM_RADEON_GEM_INFO ioctl
        drm/amdgpu/si: fix crash on headless asics
        drm/i915: Track pinned vma in intel_plane_state
        drm/atomic: Unconditionally call prepare_fb.
        drm/atomic: Fix double free in drm_atomic_state_default_clear
        drm/nouveau/kms/nv50: request vblank events for commits that send completion events
        drm/nouveau/nv1a,nv1f/disp: fix memory clock rate retrieval
        drm/nouveau/disp/gt215: Fix HDA ELD handling (thus, HDMI audio) on gt215
        drm/nouveau/nouveau/led: prevent compiling the led-code if nouveau=y and leds=m
        drm/nouveau/disp/mcp7x: disable dptmds workaround
        drm/nouveau: prevent userspace from deleting client object
        drm/nouveau/fence/g84-: protect against concurrent access to semaphore buffers
        drm: Don't race connector registration
        drm: prevent double-(un)registration for connectors
      79c9089f
    • Linus Torvalds's avatar
      Merge tag 'powerpc-4.10-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · 57480b98
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
       "The main change is we're reverting the initial stack protector support
        we merged this cycle. It turns out to not work on toolchains built
        with libc support, and fixing it will be need to wait for another
        release.
      
        And the rest are all fairly minor:
      
         - Some pasemi machines were not booting due to a missing error check
           in prom_find_boot_cpu()
      
         - In EEH we were checking a pointer rather than the bool it pointed
           to
      
         - The clang build was broken by a BUILD_BUG_ON() we added.
      
         - The radix (Power9 only) version of map_kernel_page() was broken if
           our memory size was a multiple of 2MB, which it generally isn't
      
        Thanks to: Darren Stevens, Gavin Shan, Reza Arbab"
      
      * tag 'powerpc-4.10-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/mm: Use the correct pointer when setting a 2MB pte
        powerpc: Fix build failure with clang due to BUILD_BUG_ON()
        powerpc: Revert the initial stack protector support
        powerpc/eeh: Fix wrong flag passed to eeh_unfreeze_pe()
        powerpc: Add missing error check to prom_find_boot_cpu()
      57480b98
    • Linus Torvalds's avatar
      Merge tag 'trace-v4.10-rc2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace · 2d47b8aa
      Linus Torvalds authored
      Pull tracing fix from Steven Rostedt:
       "Simple fix of s/static struct __init/static __init struct/"
      
      * tag 'trace-v4.10-rc2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        tracing/kprobes: Fix __init annotation
      2d47b8aa
    • Linus Torvalds's avatar
      Merge branch 'modversions' (modversions fixes for powerpc from Ard) · 2cb54ce9
      Linus Torvalds authored
      Merge kcrctab entry fixes from Ard Biesheuvel:
       "This is a followup to [0] 'modversions: redefine kcrctab entries as
        relative CRC pointers', but since relative CRC pointers do not work in
        modules, and are actually only needed by powerpc with
        CONFIG_RELOCATABLE=y, I have made it a Kconfig selectable feature
        instead.
      
        First it introduces the MODULE_REL_CRCS Kconfig symbol, and adds the
        kbuild handling of it, i.e., modpost, genksyms and kallsyms.
      
        Then it switches all architectures to 32-bit CRC entries in kcrctab,
        where all architectures except powerpc with CONFIG_RELOCATABLE=y use
        absolute ELF symbol references as before"
      
      [0] http://marc.info/?l=linux-arch&m=148493613415294&w=2
      
      * emailed patches from Ard Biesheuvel:
        module: unify absolute krctab definitions for 32-bit and 64-bit
        modversions: treat symbol CRCs as 32 bit quantities
        kbuild: modversions: add infrastructure for emitting relative CRCs
      2cb54ce9
    • Ard Biesheuvel's avatar
      log2: make order_base_2() behave correctly on const input value zero · 29905b52
      Ard Biesheuvel authored
      The function order_base_2() is defined (according to the comment block)
      as returning zero on input zero, but subsequently passes the input into
      roundup_pow_of_two(), which is explicitly undefined for input zero.
      
      This has gone unnoticed until now, but optimization passes in GCC 7 may
      produce constant folded function instances where a constant value of
      zero is passed into order_base_2(), resulting in link errors against the
      deliberately undefined '____ilog2_NaN'.
      
      So update order_base_2() to adhere to its own documented interface.
      
      [ See
      
           http://marc.info/?l=linux-kernel&m=147672952517795&w=2
      
        and follow-up discussion for more background. The gcc "optimization
        pass" is really just broken, but now the GCC trunk problem seems to
        have escaped out of just specially built daily images, so we need to
        work around it in mainline.    - Linus ]
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      29905b52
    • Ard Biesheuvel's avatar
      module: unify absolute krctab definitions for 32-bit and 64-bit · 4b9eee96
      Ard Biesheuvel authored
      The previous patch introduced a separate inline asm version of the
      krcrctab declaration template for use with 64-bit architectures, which
      cannot refer to ELF symbols using 32-bit quantities.
      
      This declaration should be equivalent to the C one for 32-bit
      architectures, but just in case - unify them in a separate patch, which
      can simply be dropped if it turns out to break anything.
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      4b9eee96
    • Ard Biesheuvel's avatar
      modversions: treat symbol CRCs as 32 bit quantities · 71810db2
      Ard Biesheuvel authored
      The modversion symbol CRCs are emitted as ELF symbols, which allows us
      to easily populate the kcrctab sections by relying on the linker to
      associate each kcrctab slot with the correct value.
      
      This has a couple of downsides:
      
       - Given that the CRCs are treated as memory addresses, we waste 4 bytes
         for each CRC on 64 bit architectures,
      
       - On architectures that support runtime relocation, a R_<arch>_RELATIVE
         relocation entry is emitted for each CRC value, which identifies it
         as a quantity that requires fixing up based on the actual runtime
         load offset of the kernel. This results in corrupted CRCs unless we
         explicitly undo the fixup (and this is currently being handled in the
         core module code)
      
       - Such runtime relocation entries take up 24 bytes of __init space
         each, resulting in a x8 overhead in [uncompressed] kernel size for
         CRCs.
      
      Switching to explicit 32 bit values on 64 bit architectures fixes most
      of these issues, given that 32 bit values are not treated as quantities
      that require fixing up based on the actual runtime load offset.  Note
      that on some ELF64 architectures [such as PPC64], these 32-bit values
      are still emitted as [absolute] runtime relocatable quantities, even if
      the value resolves to a build time constant.  Since relative relocations
      are always resolved at build time, this patch enables MODULE_REL_CRCS on
      powerpc when CONFIG_RELOCATABLE=y, which turns the absolute CRC
      references into relative references into .rodata where the actual CRC
      value is stored.
      
      So redefine all CRC fields and variables as u32, and redefine the
      __CRC_SYMBOL() macro for 64 bit builds to emit the CRC reference using
      inline assembler (which is necessary since 64-bit C code cannot use
      32-bit types to hold memory addresses, even if they are ultimately
      resolved using values that do not exceed 0xffffffff).  To avoid
      potential problems with legacy 32-bit architectures using legacy
      toolchains, the equivalent C definition of the kcrctab entry is retained
      for 32-bit architectures.
      
      Note that this mostly reverts commit d4703aef ("module: handle ppc64
      relocating kcrctabs when CONFIG_RELOCATABLE=y")
      Acked-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      71810db2
    • Ard Biesheuvel's avatar
      kbuild: modversions: add infrastructure for emitting relative CRCs · 56067812
      Ard Biesheuvel authored
      This add the kbuild infrastructure that will allow architectures to emit
      vmlinux symbol CRCs as 32-bit offsets to another location in the kernel
      where the actual value is stored. This works around problems with CRCs
      being mistaken for relocatable symbols on kernels that self relocate at
      runtime (i.e., powerpc with CONFIG_RELOCATABLE=y)
      
      For the kbuild side of things, this comes down to the following:
      
       - introducing a Kconfig symbol MODULE_REL_CRCS
      
       - adding a -R switch to genksyms to instruct it to emit the CRC symbols
         as references into the .rodata section
      
       - making modpost distinguish such references from absolute CRC symbols
         by the section index (SHN_ABS)
      
       - making kallsyms disregard non-absolute symbols with a __crc_ prefix
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      56067812
  2. 02 Feb, 2017 12 commits
  3. 01 Feb, 2017 12 commits
    • Ard Biesheuvel's avatar
      efi/fdt: Avoid FDT manipulation after ExitBootServices() · c8f325a5
      Ard Biesheuvel authored
      Some AArch64 UEFI implementations disable the MMU in ExitBootServices(),
      after which unaligned accesses to RAM are no longer supported.
      
      Commit:
      
        abfb7b68 ("efi/libstub/arm*: Pass latest memory map to the kernel")
      
      fixed an issue in the memory map handling of the stub FDT code, but
      inadvertently created an issue with such firmware, by moving some
      of the FDT manipulation to after the invocation of ExitBootServices().
      
      Given that the stub's libfdt implementation uses the ordinary, accelerated
      string functions, which rely on hardware handling of unaligned accesses,
      manipulating the FDT with the MMU off may result in alignment faults.
      
      So fix the situation by moving the update_fdt_memmap() call into the
      callback function invoked by efi_exit_boot_services() right before it
      calls the ExitBootServices() UEFI service (which is arguably a better
      place for it anyway)
      
      Note that disabling the MMU in ExitBootServices() is not compliant with
      the UEFI spec, and carries great risk due to the fact that switching from
      cached to uncached memory accesses halfway through compiler generated code
      (i.e., involving a stack) can never be done in a way that is architecturally
      safe.
      
      Fixes: abfb7b68 ("efi/libstub/arm*: Pass latest memory map to the kernel")
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Tested-by: default avatarRiku Voipio <riku.voipio@linaro.org>
      Cc: <stable@vger.kernel.org>
      Cc: mark.rutland@arm.com
      Cc: linux-efi@vger.kernel.org
      Cc: matt@codeblueprint.co.uk
      Cc: leif.lindholm@linaro.org
      Cc: linux-arm-kernel@lists.infradead.org
      Link: http://lkml.kernel.org/r/1485971102-23330-2-git-send-email-ard.biesheuvel@linaro.orgSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      c8f325a5
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 6d04dfc8
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Fix handling of interrupt status in stmmac driver. Just because we
          have masked the event from generating interrupts, doesn't mean the
          bit won't still be set in the interrupt status register. From Alexey
          Brodkin.
      
       2) Fix DMA API debugging splats in gianfar driver, from Arseny Solokha.
      
       3) Fix off-by-one error in __ip6_append_data(), from Vlad Yasevich.
      
       4) cls_flow does not match on icmpv6 codes properly, from Simon Horman.
      
       5) Initial MAC address can be set incorrectly in some scenerios, from
          Ivan Vecera.
      
       6) Packet header pointer arithmetic fix in ip6_tnl_parse_tlv_end_lim(),
          from Dan Carpenter.
      
       7) Fix divide by zero in __tcp_select_window(), from Eric Dumazet.
      
       8) Fix crash in iwlwifi when unregistering thermal zone, from Jens
          Axboe.
      
       9) Check for DMA mapping errors in starfire driver, from Alexey
          Khoroshilov.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (31 commits)
        tcp: fix 0 divide in __tcp_select_window()
        ipv6: pointer math error in ip6_tnl_parse_tlv_enc_lim()
        net: fix ndo_features_check/ndo_fix_features comment ordering
        net/sched: matchall: Fix configuration race
        be2net: fix initial MAC setting
        ipv6: fix flow labels when the traffic class is non-0
        net: thunderx: avoid dereferencing xcv when NULL
        net/sched: cls_flower: Correct matching on ICMPv6 code
        ipv6: Paritially checksum full MTU frames
        net/mlx4_core: Avoid command timeouts during VF driver device shutdown
        gianfar: synchronize DMA API usage by free_skb_rx_queue w/ gfar_new_page
        net: ethtool: add support for 2500BaseT and 5000BaseT link modes
        can: bcm: fix hrtimer/tasklet termination in bcm op removal
        net: adaptec: starfire: add checks for dma mapping errors
        net: phy: micrel: KSZ8795 do not set SUPPORTED_[Asym_]Pause
        can: Fix kernel panic at security_sock_rcv_skb
        net: macb: Fix 64 bit addressing support for GEM
        stmmac: Discard masked flags in interrupt status register
        net/mlx5e: Check ets capability before ets query FW command
        net/mlx5e: Fix update of hash function/key via ethtool
        ...
      6d04dfc8
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 2883aaea
      Linus Torvalds authored
      Pull fscache fixes from Al Viro.
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        fscache: Fix dead object requeue
        fscache: Clear outstanding writes when disabling a cookie
        FS-Cache: Initialise stores_lock in netfs cookie
      2883aaea
    • Eric Dumazet's avatar
      tcp: fix 0 divide in __tcp_select_window() · 06425c30
      Eric Dumazet authored
      syszkaller fuzzer was able to trigger a divide by zero, when
      TCP window scaling is not enabled.
      
      SO_RCVBUF can be used not only to increase sk_rcvbuf, also
      to decrease it below current receive buffers utilization.
      
      If mss is negative or 0, just return a zero TCP window.
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarDmitry Vyukov  <dvyukov@google.com>
      Acked-by: default avatarNeal Cardwell <ncardwell@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      06425c30
    • Dan Carpenter's avatar
      ipv6: pointer math error in ip6_tnl_parse_tlv_enc_lim() · 63117f09
      Dan Carpenter authored
      Casting is a high precedence operation but "off" and "i" are in terms of
      bytes so we need to have some parenthesis here.
      
      Fixes: fbfa743a ("ipv6: fix ip6_tnl_parse_tlv_enc_lim()")
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      63117f09
    • Linus Torvalds's avatar
      Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · e387dc12
      Linus Torvalds authored
      Pull crypto fixes from Herbert Xu:
       "This fixes a bug in CBC/CTR on ARM64 that breaks chaining as well as a
        bug in the core API that causes registration failures when a driver
        unloads and then reloads an algorithm"
      
      * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: arm64/aes-blk - honour iv_out requirement in CBC and CTR modes
        crypto: api - Clear CRYPTO_ALG_DEAD bit before registering an alg
      e387dc12
    • Linus Torvalds's avatar
      Merge tag 'dmaengine-fix-4.10-rc7' of git://git.infradead.org/users/vkoul/slave-dma · 35609502
      Linus Torvalds authored
      Pull dmaengine fixes from Vinod Koul:
       "A couple of fixes showed up late in the cycle so sending them up and
        sending early in the week and not on Friday :).
      
        They fix a double lock in pl330 driver and runtime pm fixes for cppi
        driver"
      
      * tag 'dmaengine-fix-4.10-rc7' of git://git.infradead.org/users/vkoul/slave-dma:
        dmaengine: pl330: fix double lock
        dmaengine: cppi41: Clean up pointless warnings
        dmaengine: cppi41: Fix oops in cppi41_runtime_resume
        dmaengine: cppi41: Fix runtime PM timeouts with USB mass storage
      35609502
    • Dimitris Michailidis's avatar
      net: fix ndo_features_check/ndo_fix_features comment ordering · 1a2a1444
      Dimitris Michailidis authored
      Commit cdba756f ("net: move ndo_features_check() close to
      ndo_start_xmit()") inadvertently moved the doc comment for
      .ndo_fix_features instead of .ndo_features_check. Fix the comment
      ordering.
      
      Fixes: cdba756f ("net: move ndo_features_check() close to ndo_start_xmit()")
      Signed-off-by: default avatarDimitris Michailidis <dmichail@google.com>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1a2a1444
    • Yotam Gigi's avatar
      net/sched: matchall: Fix configuration race · fd62d9f5
      Yotam Gigi authored
      In the current version, the matchall internal state is split into two
      structs: cls_matchall_head and cls_matchall_filter. This makes little
      sense, as matchall instance supports only one filter, and there is no
      situation where one exists and the other does not. In addition, that led
      to some races when filter was deleted while packet was processed.
      
      Unify that two structs into one, thus simplifying the process of matchall
      creation and deletion. As a result, the new, delete and get callbacks have
      a dummy implementation where all the work is done in destroy and change
      callbacks, as was done in cls_cgroup.
      
      Fixes: bf3994d2 ("net/sched: introduce Match-all classifier")
      Reported-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: default avatarYotam Gigi <yotamg@mellanox.com>
      Acked-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fd62d9f5
    • Linus Torvalds's avatar
      Merge tag 'pinctrl-v4.10-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl · c325b353
      Linus Torvalds authored
      Pull pin control fixes from Linus Walleij:
       "Another week, another set of pin control fixes. The subsystem has seen
        high patch-spot activity recently.
      
        The majority of the patches are for Intel, I vaguely think it mostly
        concern phones, tablets and maybe chromebooks and even laptops with
        this Intel Atom family chips.
      
        Driver fixes only:
      
         - one fix to the Berlin driver making the SD card work fully again.
      
         - one fix to the Allwinner/sunxi bias function: one premature change
           needs to be partially reverted.
      
         - the remaining four patches are to Intel embedded SoCs: baytrail
           (three patches) and merrifield (one patch): register access
           debounce fixes and a missing spinlock"
      
      * tag 'pinctrl-v4.10-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
        pinctrl: baytrail: Add missing spinlock usage in byt_gpio_irq_handler
        pinctrl: baytrail: Debounce register is one per community
        pinctrl: baytrail: Rectify debounce support (part 2)
        pinctrl: intel: merrifield: Add missed check in mrfld_config_set()
        pinctrl: sunxi: Don't enforce bias disable (for now)
        pinctrl: berlin-bg4ct: fix the value for "sd1a" of pin SCRD0_CRD_PRES
      c325b353
    • Ivan Vecera's avatar
      be2net: fix initial MAC setting · 4993b39a
      Ivan Vecera authored
      Recent commit 34393529 ("be2net: fix MAC addr setting on privileged
      BE3 VFs") allows privileged BE3 VFs to set its MAC address during
      initialization. Although the initial MAC for such VFs is already
      programmed by parent PF the subsequent setting performed by VF is OK,
      but in certain cases (after fresh boot) this command in VF can fail.
      
      The MAC should be initialized only when:
      1) no MAC is programmed (always except BE3 VFs during first init)
      2) programmed MAC is different from requested (e.g. MAC is set when
         interface is down). In this case the initial MAC programmed by PF
         needs to be deleted.
      
      The adapter->dev_mac contains MAC address currently programmed in HW so
      it should be zeroed when the MAC is deleted from HW and should not be
      filled when MAC is set when interface is down in be_mac_addr_set() as
      no programming is performed in this case.
      
      Example of failure without the fix (immediately after fresh boot):
      
      # ip link set eth0 up  <- eth0 is BE3 PF
      be2net 0000:01:00.0 eth0: Link is Up
      
      # echo 1 > /sys/class/net/eth0/device/sriov_numvfs  <- Create 1 VF
      ...
      be2net 0000:01:04.0: Emulex OneConnect(be3): VF  port 0
      
      # ip link set eth8 up  <- eth8 is created privileged VF
      be2net 0000:01:04.0: opcode 59-1 failed:status 1-76
      RTNETLINK answers: Input/output error
      
      # echo 0 > /sys/class/net/eth0/device/sriov_numvfs  <- Delete VF
      iommu: Removing device 0000:01:04.0 from group 33
      ...
      
      # echo 1 > /sys/class/net/eth0/device/sriov_numvfs  <- Create it again
      iommu: Removing device 0000:01:04.0 from group 33
      ...
      
      # ip link set eth8 up
      be2net 0000:01:04.0 eth8: Link is Up
      
      Initialization is now OK.
      
      v2 - Corrected the comment and condition check suggested by Suresh & Harsha
      
      Fixes: 34393529 ("be2net: fix MAC addr setting on privileged BE3 VFs")
      Cc: Sathya Perla <sathya.perla@broadcom.com>
      Cc: Ajit Khaparde <ajit.khaparde@broadcom.com>
      Cc: Sriharsha Basavapatna <sriharsha.basavapatna@broadcom.com>
      Cc: Somnath Kotur <somnath.kotur@broadcom.com>
      Signed-off-by: default avatarIvan Vecera <cera@cera.cz>
      Acked-by: default avatarSriharsha Basavapatna <sriharsha.basavapatna@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4993b39a
    • Chris Wilson's avatar
      drm/i915: Track pinned vma in intel_plane_state · e8fe4f4b
      Chris Wilson authored
      With atomic plane states we are able to track an allocation right from
      preparation, during use and through to the final free after being
      swapped out for a new plane. We can couple the VMA we pin for the
      framebuffer (and its rotation) to this lifetime and avoid all the clumsy
      lookups in between.
      
      v2: Remove residual vma on plane cleanup (Chris)
      v3: Add a description for the vma destruction in
          intel_plane_destroy_state (Maarten)
      
      References: https://bugs.freedesktop.org/show_bug.cgi?id=98829Signed-off-by: default avatarChris Wilson <chris@chris-wilson.co.uk>
      Signed-off-by: default avatarMaarten Lankhorst <maarten.lankhorst@linux.intel.com>
      Link: http://patchwork.freedesktop.org/patch/msgid/20170116152131.18089-1-chris@chris-wilson.co.ukAcked-by: default avatarJoonas Lahtinen <joonas.lahtinen@linux.intel.com>
      (cherry picked from commit be1e3415)
      Signed-off-by: default avatarJani Nikula <jani.nikula@intel.com>
      Link: http://patchwork.freedesktop.org/patch/msgid/1485854491-27389-3-git-send-email-maarten.lankhorst@linux.intel.com
      e8fe4f4b