- 08 Jul, 2016 1 commit
-
-
Vegard Nossum authored
When proc_pid_attr_write() was changed to use memdup_user apparmor's (interface violating) assumption that the setprocattr buffer was always a single page was violated. The size test is not strictly speaking needed as proc_pid_attr_write() will reject anything larger, but for the sake of robustness we can keep it in. SMACK and SELinux look safe to me, but somebody else should probably have a look just in case. Based on original patch from Vegard Nossum <vegard.nossum@oracle.com> modified for the case that apparmor provides null termination. Fixes: bb646cdbReported-by: Vegard Nossum <vegard.nossum@oracle.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: John Johansen <john.johansen@canonical.com> Cc: Paul Moore <paul@paul-moore.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Eric Paris <eparis@parisplace.org> Cc: Casey Schaufler <casey@schaufler-ca.com> Cc: stable@kernel.org Signed-off-by: John Johansen <john.johansen@canonical.com> Reviewed-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
-
- 07 Jul, 2016 2 commits
-
-
git://git.kernel.dk/linux-blockLinus Torvalds authored
Pull block IO fixes from Jens Axboe: "Three small fixes that have been queued up and tested for this series: - A bug fix for xen-blkfront from Bob Liu, fixing an issue with incomplete requests during migration. - A fix for an ancient issue in retrieving the IO priority of a different PID than self, preventing that task from going away while we access it. From Omar. - A writeback fix from Tahsin, fixing a case where we'd call ihold() with a zero ref count inode" * 'for-linus' of git://git.kernel.dk/linux-block: block: fix use-after-free in sys_ioprio_get() writeback: inode cgroup wb switch should not call ihold() xen-blkfront: save uncompleted reqs in blkfront_resume()
-
git://git.infradead.org/users/hch/configfsLinus Torvalds authored
Pull configfs fix from Christoph Hellwig: "A fix from Marek for ppos handling in configfs_write_bin_file, which was introduced in Linux 4.5, but didn't have any users until recently" * tag 'configfs-for-4.7' of git://git.infradead.org/users/hch/configfs: configfs: Remove ppos increment in configfs_write_bin_file
-
- 06 Jul, 2016 4 commits
-
-
Randy Dunlap authored
The "expert" menu was broken (split) such that all entries in it after KALLSYMS were displayed in the "General setup" area instead of in the "Expert users" area. Fix this by adding one kconfig dependency. Yes, the Expert users menu is fragile. Problems like this have happened several times in the past. I will attempt to isolate the Expert users menu if there is interest in that. Fixes: 4d5d5664 ("x86: kallsyms: disable absolute percpu symbols on !SMP") Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: stable@vger.kernel.org # 4.6 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds authored
Pull networking fixes from David Miller: 1) All users of AF_PACKET's fanout feature want a symmetric packet header hash for load balancing purposes, so give it to them. 2) Fix vlan state synchronization in e1000e, from Jarod Wilson. 3) Use correct socket pointer in ip_skb_dst_mtu(), from Shmulik Ladkani. 4) mlx5 bug fixes from Mohamad Haj Yahia, Daniel Jurgens, Matthew Finlay, Rana Shahout, and Shaker Daibes. Mostly to do with operation timeouts and PCI error handling. 5) Fix checksum handling in mirred packet action, from WANG Cong. 6) Set skb->dev correctly when transmitting in !protect_frames case of macsec driver, from Daniel Borkmann. 7) Fix MTU calculation in geneve driver, from Haishuang Yan. 8) Missing netif_napi_del() in unregister path of qeth driver, from Ursula Braun. 9) Handle malformed route netlink messages in decnet properly, from Vergard Nossum. 10) Memory leak of percpu data in ipv6 routing code, from Martin KaFai Lau. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (41 commits) ipv6: Fix mem leak in rt6i_pcpu net: fix decnet rtnexthop parsing cxgb4: update latest firmware version supported net/mlx5: Avoid setting unused var when modifying vport node GUID bonding: fix enslavement slave link notifications r8152: fix runtime function for RTL8152 qeth: delete napi struct when removing a qeth device Revert "fsl/fman: fix error handling" fsl/fman: fix error handling cdc_ncm: workaround for EM7455 "silent" data interface RDS: fix rds_tcp_init() error path geneve: fix max_mtu setting net: phy: dp83867: Fix initialization of PHYCR register enc28j60: Fix race condition in enc28j60 driver net: stmmac: Fix null-function call in ISR on stmmac1000 tipc: fix nl compat regression for link statistics net: bcmsysport: Device stats are unsigned long macsec: set actual real device for xmit when !protect_frames net_sched: fix mirrored packets checksum packet: Use symmetric hash for PACKET_FANOUT_HASH. ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/soundLinus Torvalds authored
Pull sound fixes from Takashi Iwai: "Here are a collection of small fixes: at this time, we've got a slightly high amount, but all small and trivial fixes, and nothing scary can be seen there" * tag 'sound-4.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (21 commits) ALSA: hda/realtek: Add Lenovo L460 to docking unit fixup ALSA: timer: Fix negative queue usage by racy accesses ASoC: rt5645: fix reg-2f default value. ASoC: fsl_ssi: Fix number of words per frame for I2S-slave mode ALSA: au88x0: Fix calculation in vortex_wtdma_bufshift() ALSA: hda - Add PCI ID for Kabylake-H ALSA: echoaudio: Fix memory allocation ASoC: Intel: atom: fix missing breaks that would cause the wrong operation to execute ALSA: hda - fix read before array start ASoC: cx20442: set tty->receiver_room in v253_open ASoC: ak4613: Enable cache usage to fix crashes on resume ASoC: wm8940: Enable cache usage to fix crashes on resume ASoC: Intel: Skylake: Initialize module list for Broxton ASoC: wm5102: Correct supported channels on trace compressed DAI ASoC: wm5110: Add missing route from OUT3R to SYSCLK ASoC: rt5670: fix HP Playback Volume control ASoC: hdmi-codec: select CONFIG_HDMI ASoC: davinci-mcasp: Fix dra7 DMA offset when using CFG port ASoC: hdac_hdmi: Fix potential NULL dereference ASoC: ak4613: Remove owner assignment from platform_driver ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/olof/chrome-platformLinus Torvalds authored
Pull chrome platform fix from Olof Johansson: "A single fix this time, closing a window where ioctl args are fetched twice" * tag 'chrome-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/olof/chrome-platform: platform/chrome: cros_ec_dev - double fetch bug in ioctl
-
- 05 Jul, 2016 11 commits
-
-
Martin KaFai Lau authored
It was first reported and reproduced by Petr (thanks!) in https://bugzilla.kernel.org/show_bug.cgi?id=119581 free_percpu(rt->rt6i_pcpu) used to always happen in ip6_dst_destroy(). However, after fixing a deadlock bug in commit 9c7370a1 ("ipv6: Fix a potential deadlock when creating pcpu rt"), free_percpu() is not called before setting non_pcpu_rt->rt6i_pcpu to NULL. It is worth to note that rt6i_pcpu is protected by table->tb6_lock. kmemleak somehow did not report it. We nailed it down by observing the pcpu entries in /proc/vmallocinfo (first suggested by Hannes, thanks!). Signed-off-by: Martin KaFai Lau <kafai@fb.com> Fixes: 9c7370a1 ("ipv6: Fix a potential deadlock when creating pcpu rt") Reported-by: Petr Novopashenniy <pety@rusnet.ru> Tested-by: Petr Novopashenniy <pety@rusnet.ru> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Cc: Hannes Frederic Sowa <hannes@stressinduktion.org> Cc: Petr Novopashenniy <pety@rusnet.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Vegard Nossum authored
dn_fib_count_nhs() could enter an infinite loop if nhp->rtnh_len == 0 (i.e. if userspace passes a malformed netlink message). Let's use the helpers from net/nexthop.h which take care of all this stuff. We can do exactly the same as e.g. fib_count_nexthops() and fib_get_nhs() from net/ipv4/fib_semantics.c. This fixes the softlockup for me. Cc: Thomas Graf <tgraf@suug.ch> Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Dan Carpenter authored
We verify "u_cmd.outsize" and "u_cmd.insize" but we need to make sure that those values have not changed between the two copy_from_user() calls. Otherwise it could lead to a buffer overflow. Additionally, cros_ec_cmd_xfer() can set s_cmd->insize to a lower value. We should use the new smaller value so we don't copy too much data to the user. Reported-by: Pengfei Wang <wpengfeinudt@gmail.com> Fixes: a8411784 ('mfd: cros_ec: Use a zero-length array for command data') Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Kees Cook <keescook@chromium.org> Tested-by: Gwendal Grignou <gwendal@chromium.org> Cc: <stable@vger.kernel.org> # v4.2+ Signed-off-by: Olof Johansson <olof@lixom.net>
-
Ganesh Goudar authored
Change t4fw_version.h to update latest firmware version number Signed-off-by: Ganesh Goudar <ganeshgr@chelsio.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Or Gerlitz authored
GCC complains on unused-but-set-variable, clean this up. Fixes: 23898c76 ('net/mlx5: E-Switch, Modify node guid on vf set MAC') Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Acked-by: Saeed Mahameed <saeedm@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Aviv Heller authored
Currently, link notifications are not sent by bond_set_slave_link_state() upon enslavement if the slave is enslaved when up. This happens because slave->link default init value is 0, which is the same as BOND_LINK_UP, resulting in bond_set_slave_link_state() ignoring this transition. This patch sets the default value of slave->link to BOND_LINK_NOCHANGE, assuring it will count as a state transition and thus trigger notification logic. Signed-off-by: Aviv Heller <avivh@mellanox.com> Reviewed-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
hayeswang authored
The RTL8152 doesn't have U1U2 and U2P3 features, so use different runtime functions for RTL812 and RTL8153 by adding autosuspend_en() to rtl_ops. Signed-off-by: Hayes Wang <hayeswang@realtek.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Torsten Hilbrich authored
This solves the issue that a headphone is not working on the docking unit. Signed-off-by: Torsten Hilbrich <torsten.hilbrich@secunet.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
Ursula Braun authored
A qeth_card contains a napi_struct linked to the net_device during device probing. This struct must be deleted when removing the qeth device, otherwise Panic on oops can occur when qeth devices are repeatedly removed and added. Fixes: a1c3ed4c ("qeth: NAPI support for l2 and l3 discipline") Cc: stable@vger.kernel.org # v2.6.37+ Signed-off-by: Ursula Braun <ubraun@linux.vnet.ibm.com> Tested-by: Alexander Klein <ALKL@de.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
This reverts commit a788a4a0. This patch is wrong, the type returned doesn't fit what the error pointer macros expect. Signed-off-by: David S. Miller <davem@davemloft.net>
-
Christophe Jaillet authored
This is likely that checking 'fman->fifo_offset' instead of 'fman->cam_offset' is expected here. Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 04 Jul, 2016 5 commits
-
-
Bjørn Mork authored
Several Lenovo users have reported problems with their Sierra Wireless EM7455 modem. The driver has loaded successfully and the MBIM management channel has appeared to work, including establishing a connection to the mobile network. But no frames have been received over the data interface. The problem affects all EM7455 and MC7455, and is assumed to affect other modems based on the same Qualcomm chipset and baseband firmware. Testing narrowed the problem down to what seems to be a firmware timing bug during initialization. Adding a short sleep while probing is sufficient to make the problem disappear. Experiments have shown that 1-2 ms is too little to have any effect, while 10-20 ms is enough to reliably succeed. Reported-by: Stefan Armbruster <ml001@armbruster-it.de> Reported-by: Ralph Plawetzki <ralph@purejava.org> Reported-by: Andreas Fett <andreas.fett@secunet.com> Reported-by: Rasmus Lerdorf <rasmus@lerdorf.com> Reported-by: Samo Ratnik <samo.ratnik@gmail.com> Reported-and-tested-by: Aleksander Morgado <aleksander@aleksander.es> Signed-off-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Vegard Nossum authored
If register_pernet_subsys() fails, we shouldn't try to call unregister_pernet_subsys(). Fixes: 467fa153 ("RDS-TCP: Support multiple RDS-TCP listen endpoints, one per netns.") Cc: stable@vger.kernel.org Cc: Sowmini Varadhan <sowmini.varadhan@oracle.com> Cc: David S. Miller <davem@davemloft.net> Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com> Acked-by: Sowmini Varadhan <sowmini.varadhan@oracle.com> Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Haishuang Yan authored
For ipv6+udp+geneve encapsulation data, the max_mtu should subtract sizeof(ipv6hdr), instead of sizeof(iphdr). Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Takashi Iwai authored
The user timer tu->qused counter may go to a negative value when multiple concurrent reads are performed since both the check and the decrement of tu->qused are done in two individual locked contexts. This results in bogus read outs, and the endless loop in the user-space side. The fix is to move the decrement of the tu->qused counter into the same spinlock context as the zero-check of the counter. Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
Linus Torvalds authored
-
- 03 Jul, 2016 5 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuseLinus Torvalds authored
Pull fuse fix from Miklos Szeredi: "This makes sure userspace filesystems are not broken by the parallel lookups and readdir feature" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse: fuse: serialize dirops by default
-
git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfsLinus Torvalds authored
Pull overlayfs fixes from Miklos Szeredi: "This contains fixes for a dentry leak, a regression in 4.6 noticed by Docker users and missing write access checking in truncate" * 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs: ovl: warn instead of error if d_type is not supported ovl: get_write_access() in truncate ovl: fix dentry leak for default_permissions
-
Vivek Goyal authored
overlay needs underlying fs to support d_type. Recently I put in a patch in to detect this condition and started failing mount if underlying fs did not support d_type. But this breaks existing configurations over kernel upgrade. Those who are running docker (partially broken configuration) with xfs not supporting d_type, are surprised that after kernel upgrade docker does not run anymore. https://github.com/docker/docker/issues/22937#issuecomment-229881315 So instead of erroring out, detect broken configuration and warn about it. This should allow existing docker setups to continue working after kernel upgrade. Signed-off-by: Vivek Goyal <vgoyal@redhat.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Fixes: 45aebeaf ("ovl: Ensure upper filesystem supports d_type") Cc: <stable@vger.kernel.org> 4.6
-
git://git.linux-mips.org/pub/scm/ralf/upstream-linusLinus Torvalds authored
Pull MIPS fix from Ralf Baechle: "Only a single fix for 4.7 pending at this point. It fixes an issue that may lead to corruption of the cache mode bits in the page table" * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: MIPS: Fix possible corruption of cache mode by mprotect.
-
git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linuxLinus Torvalds authored
Pull powerpc fixes from Michael Ellerman: - tm: Always reclaim in start_thread() for exec() class syscalls from Cyril Bur - tm: Avoid SLB faults in treclaim/trecheckpoint when RI=0 from Michael Neuling - eeh: Fix wrong argument passed to eeh_rmv_device() from Gavin Shan - Initialise pci_io_base as early as possible from Darren Stevens * tag 'powerpc-4.7-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc: Initialise pci_io_base as early as possible powerpc/tm: Avoid SLB faults in treclaim/trecheckpoint when RI=0 powerpc/eeh: Fix wrong argument passed to eeh_rmv_device() powerpc/tm: Always reclaim in start_thread() for exec() class syscalls
-
- 02 Jul, 2016 10 commits
-
-
Stefan Hauser authored
When initializing the PHY control register, the FIFO depth bits are written without reading the previous register value, i.e. all other bits are overwritten with zero. This disables automatic MDI-X configuration, which is enabled by default. Fix initialization by doing a read/modify/write operation. Signed-off-by: Stefan Hauser <stefan@shauser.net> Reviewed-by: Florian Fainelli <f.fainelli@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Sergio Valverde authored
The interrupt worker code for the enc28j60 relies only on the TXIF flag to determinate if the packet transmission was completed. However the datasheet specifies in section 12.1.3 that TXERIF will clear the TXRTS after a transmit abort. Also in section 12.1.4 that TXIF will be set when TXRTS transitions from '1' to '0'. Therefore the TXIF flag is enabled during transmission errors. This causes a race condition, since the worker code will invoke enc28j60_tx_clear() -> netif_wake_queue(), potentially invoking the ndo_start_xmit function to send a new packet. The enc28j60_send_packet function uses a workqueue that invokes enc28j60_hw_tx(). In between this function is called, the worker from the interrupt handler will enter the path for error handler because of the TXERIF flag, causing to invoke enc28j60_tx_clear() again and releasing the packet scheduled for transmission, causing a kernel crash with due a NULL pointer. These crashes due a NULL pointer were observed under stress conditions of the device. A BUG_ON() sequence was used to validate the issue was fixed, and has been running without problems for 2 years now. Signed-off-by: Diego Dompe <dompe@hpe.com> Acked-by: Sergio Valverde <sergio.valverde@hpe.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Matt Corallo authored
(resent due to overhelpful mail client corrupting patch) At least on Meson GXBB, the CORE_IRQ_MTL_RX_OVERFLOW interrupt is thrown with the stmmac1000 driver, which does not support set_rx_tail_ptr. With this patch and the clock fixes, 1G ethernet works on ODROID-C2. Signed-off-by: Matt Corallo <git@bluematt.me> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://people.freedesktop.org/~airlied/linuxLinus Torvalds authored
Pull drm fixes frlm Dave Airlie: "Just some AMD and Intel fixes, the AMD ones are further production Polaris fixes, and the Intel ones fix some early timeouts, some PCI ID changes and a couple of other fixes. Still a bit Internet challenged here, hopefully end of next week will solve it" * tag 'drm-fixes-for-v4.7-rc6' of git://people.freedesktop.org/~airlied/linux: drm/i915: Fix missing unlock on error in i915_ppgtt_info() drm/amd/powerplay: workaround for UVD clock issue drm/amdgpu: add ACLK_CNTL setting for polaris10 drm/amd/powerplay: fix issue uvd dpm can't enabled on Polaris11. drm/amd/powerplay: Workaround for Memory EDC Error on Polaris10. drm/i915: Removing PCI IDs that are no longer listed as Kabylake. drm/i915: Add more Kabylake PCI IDs. drm/i915: Avoid early timeout during AUX transfers drm/i915/hsw: Avoid early timeout during LCPLL disable/restore drm/i915/lpt: Avoid early timeout during FDI PHY reset drm/i915/bxt: Avoid early timeout during PLL enable drm/i915: Refresh cached DP port register value on resume drm/amd/powerplay: Update CKS on/ CKS off voltage offset calculation drm/amd/powerplay: disable FFC. drm/amd/powerplay: add some definition for FFC feature on polaris.
-
git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spiLinus Torvalds authored
Pull spi fixes from Mark Brown: "A few small driver-specific fixes for SPI, all in the normal important if you hit them category especially the rockchip driver fix which addresses a race which has been exposed more frequently with some recent performance improvements" * tag 'spi-fix-v4.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi: spi: sunxi: fix transfer timeout spi: sun4i: fix FIFO limit spi: rockchip: Signal unfinished DMA transfers spi: spi-ti-qspi: Suspend the queue before removing the device
-
Linus Torvalds authored
Merge tag 'regulator-fix-v4.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator Pull regulator fixes from Mark Brown: "Two small fixes for the regulator subsystem - one fixing a crash with one of the devices supported by the max77620 driver, another fixing startup for the anatop regulator when it starts up with the regulator in bypass mode" * tag 'regulator-fix-v4.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator: regulator: max77620: check for valid regulator info regulator: anatop: allow regulator to be in bypass mode
-
git://git.kernel.org/pub/scm/linux/kernel/git/clk/linuxLinus Torvalds authored
Pull clk fixes from Stephen Boyd: "A small fix for the newly added oxnas clk driver and a handful of rockchip clk driver fixes for newly added rk3399 support" * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: clk: Fix return value check in oxnas_stdclk_probe() clk: rockchip: release io resource when failing to init clk on rk3399 clk: rockchip: fix cpuclk registration error handling clk: rockchip: Revert "clk: rockchip: reset init state before mmc card initialization" clk: rockchip: fix incorrect parent for rk3399's {c,g}pll_aclk_perihp_src clk: rockchip: mark rk3399 GIC clocks as critical clk: rockchip: initialize flags of clk_init_data in mmc-phase clock
-
Takashi Iwai authored
Merge tag 'asoc-fix-v4.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus ASoC: Fixes for v4.7 A small clutch of hardware specific fixes for various ASoC devices, all small individually and important if you have that device but not otherwise.
-
git://anongit.freedesktop.org/drm-intelDave Airlie authored
here's a batch of i915 fixes for 4.7. * tag 'drm-intel-fixes-2016-06-30' of git://anongit.freedesktop.org/drm-intel: drm/i915: Fix missing unlock on error in i915_ppgtt_info() drm/i915: Removing PCI IDs that are no longer listed as Kabylake. drm/i915: Add more Kabylake PCI IDs. drm/i915: Avoid early timeout during AUX transfers drm/i915/hsw: Avoid early timeout during LCPLL disable/restore drm/i915/lpt: Avoid early timeout during FDI PHY reset drm/i915/bxt: Avoid early timeout during PLL enable drm/i915: Refresh cached DP port register value on resume
-
git://people.freedesktop.org/~agd5f/linuxDave Airlie authored
Just a few more late fixes for Polaris cards. * 'drm-fixes-4.7' of git://people.freedesktop.org/~agd5f/linux: drm/amd/powerplay: workaround for UVD clock issue drm/amdgpu: add ACLK_CNTL setting for polaris10 drm/amd/powerplay: fix issue uvd dpm can't enabled on Polaris11. drm/amd/powerplay: Workaround for Memory EDC Error on Polaris10. drm/amd/powerplay: Update CKS on/ CKS off voltage offset calculation drm/amd/powerplay: disable FFC. drm/amd/powerplay: add some definition for FFC feature on polaris.
-
- 01 Jul, 2016 2 commits
-
-
Ralf Baechle authored
The following testcase may result in a page table entries with a invalid CCA field being generated: static void *bindstack; static int sysrqfd; static void protect_low(int protect) { mprotect(bindstack, BINDSTACK_SIZE, protect); } static void sigbus_handler(int signal, siginfo_t * info, void *context) { void *addr = info->si_addr; write(sysrqfd, "x", 1); printf("sigbus, fault address %p (should not happen, but might)\n", addr); abort(); } static void run_bind_test(void) { unsigned int *p = bindstack; p[0] = 0xf001f001; write(sysrqfd, "x", 1); /* Set trap on access to p[0] */ protect_low(PROT_NONE); write(sysrqfd, "x", 1); /* Clear trap on access to p[0] */ protect_low(PROT_READ | PROT_WRITE | PROT_EXEC); write(sysrqfd, "x", 1); /* Check the contents of p[0] */ if (p[0] != 0xf001f001) { write(sysrqfd, "x", 1); /* Reached, but shouldn't be */ printf("badness, shouldn't happen but does\n"); abort(); } } int main(void) { struct sigaction sa; sysrqfd = open("/proc/sysrq-trigger", O_WRONLY); if (sigprocmask(SIG_BLOCK, NULL, &sa.sa_mask)) { perror("sigprocmask"); return 0; } sa.sa_sigaction = sigbus_handler; sa.sa_flags = SA_SIGINFO | SA_NODEFER | SA_RESTART; if (sigaction(SIGBUS, &sa, NULL)) { perror("sigaction"); return 0; } bindstack = mmap(NULL, BINDSTACK_SIZE, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); if (bindstack == MAP_FAILED) { perror("mmap bindstack"); return 0; } printf("bindstack: %p\n", bindstack); run_bind_test(); printf("done\n"); return 0; } There are multiple ingredients for this: 1) PAGE_NONE is defined to _CACHE_CACHABLE_NONCOHERENT, which is CCA 3 on all platforms except SB1 where it's CCA 5. 2) _page_cachable_default must have bits set which are not set _CACHE_CACHABLE_NONCOHERENT. 3) Either the defective version of pte_modify for XPA or the standard version must be in used. However pte_modify for the 36 bit address space support is no affected. In that case additional bits in the final CCA mode may generate an invalid value for the CCA field. On the R10000 system where this was tracked down for example a CCA 7 has been observed, which is Uncached Accelerated. Fixed by: 1) Using the proper CCA mode for PAGE_NONE just like for all the other PAGE_* pte/pmd bits. 2) Fix the two affected variants of pte_modify. Further code inspection also shows the same issue to exist in pmd_modify which would affect huge page systems. Issue in pte_modify tracked down by Alastair Bridgewater, PAGE_NONE and pmd_modify issue found by me. The history of this goes back beyond Linus' git history. Chris Dearman's commit 35133692 ("[MIPS] Allow setting of the cache attribute at run time.") missed the opportunity to fix this but it was originally introduced in lmo commit d523832cf12007b3242e50bb77d0c9e63e0b6518 ("Missing from last commit.") and 32cc38229ac7538f2346918a09e75413e8861f87 ("New configuration option CONFIG_MIPS_UNCACHED.") Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Reported-by: Alastair Bridgewater <alastair.bridgewater@gmail.com>
-
git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pmLinus Torvalds authored
Pull ACPI fix from Rafael Wysocki: "Fix an expression in the ACPI PCI IRQ management code added by a recent commit that overlooked missing parens in it, so the result of the computation is incorrect in some cases (Sinan Kaya)" * tag 'acpi-4.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI,PCI,IRQ: correct operator precedence
-