1. 01 Jan, 2016 19 commits
  2. 28 Dec, 2015 7 commits
  3. 27 Dec, 2015 5 commits
    • Al Viro's avatar
      MIPS: Fix bitrot in __get_user_unaligned() · 930c0f70
      Al Viro authored
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      930c0f70
    • Linus Torvalds's avatar
      Merge tag 'pm+acpi-4.4-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 2c96961f
      Linus Torvalds authored
      Pull power management and ACPI fixes from Rafael Wysocki:
       "These fix an ACPI processor driver regression introduced during the
        4.3 cycle and a mistake in the recently added SCPI support in the
        arm_big_little cpufreq driver.
      
        Specifics:
      
         - Fix a thermal management issue introduced by an ACPI processor
           driver change made during the 4.3 development cycle that failed to
           return 0 from a function on success which triggered an error
           cleanup path every time it had been called that deleted useful data
           structures created previously (Srinivas Pandruvada).
      
         - Fix a variable data type issue in the arm_big_little cpufreq
           driver's SCPI support code added recently that prevents error
           handling in there from working correctly (Dan Carpenter)"
      
      * tag 'pm+acpi-4.4-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        cpufreq: scpi-cpufreq: signedness bug in scpi_get_dvfs_info()
        ACPI / processor: Fix thermal cooling device regression
      2c96961f
    • Linus Torvalds's avatar
      Merge tag 'md/4.4-rc6-fix' of git://neil.brown.name/md · f0cf008f
      Linus Torvalds authored
      Pull md bugfix from Neil Brown:
       "One more md fix for 4.4-rc
      
        Fix a regression which causes reshape to not start properly sometimes"
      
      * tag 'md/4.4-rc6-fix' of git://neil.brown.name/md:
        md: remove check for MD_RECOVERY_NEEDED in action_store.
      f0cf008f
    • Linus Torvalds's avatar
      Merge tag 'upstream-4.4-rc7' of git://git.infradead.org/linux-ubifs · 3bef22ee
      Linus Torvalds authored
      Pull UBI bug fixes from Richard Weinberger:
       "This contains four bug fixes for UBI"
      
      * tag 'upstream-4.4-rc7' of git://git.infradead.org/linux-ubifs:
        mtd: ubi: don't leak e if schedule_erase() fails
        mtd: ubi: fixup error correction in do_sync_erase()
        UBI: fix use of "VID" vs. "EC" in header self-check
        UBI: fix return error code
      3bef22ee
    • Linus Torvalds's avatar
      Merge tag 'trace-v4.4-rc4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace · e2b0a161
      Linus Torvalds authored
      Pull ftrace/recordmcount fix from Steven Rostedt:
       "Russell King was reporting lots of warnings when he compiled his
        kernel with ftrace enabled.  With some investigation it was discovered
        that it was his compile setup.  He was using ccache with hard links,
        which allowed recordmcount to process the same .o twice.  When this
        happens, recordmcount will detect that it was already done and give a
        warning about it.
      
        Russell fixed this by having recordmcount detect that the object file
        has more than one hard link, and if it does, it unlinks the object
        file after it maps it and processes then.  This appears to fix the
        issue.
      
        As you did not like the fact that recordmcount modified the file in
        place and thought that it should do the modifications in memory and
        then write it out to disk and move it over the old file to prevent
        other more subtle issues like the one above, a second patch is added
        on top of Russell's to do just that.  Luckily the original code had
        write and lseek wrappers that I was able to modify to not do inplace
        writes, but simply keep track of the changes made in memory.  When a
        write is made, a "update" flag is set, and at the end of processing,
        if the update is set, then it writes the file with changes out to a
        new file, and then renames it over the original one.
      
        The file descriptor is still passed to the write and lseek wrappers
        because removing that would cause the change to be more intrusive.
        That can be removed in a follow up cleanup patch that can wait till
        the next merge window"
      
      * tag 'trace-v4.4-rc4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        ftrace/scripts: Have recordmcount copy the object file
        scripts: recordmcount: break hardlinks
      e2b0a161
  4. 26 Dec, 2015 2 commits
    • Linus Torvalds's avatar
      Merge tag 'arc-4.4-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc · 12261f4e
      Linus Torvalds authored
      Pull ARC fixes from Vineet Gupta:
       "Sorry for this late pull request, but these are all important fixes
        for code introduced/updated in this release which we will otherwise
        end up back porting.
      
         - Unwinder rework (A revert followed by better fix)
         - Build errors: MMUv2, modules with -Os
         - highmem section mismatch build splat"
      
      * tag 'arc-4.4-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
        ARC: dw2 unwind: Catch Dwarf SNAFUs early
        ARC: dw2 unwind: Don't bail for CIE.version != 1
        Revert "ARC: dw2 unwind: Ignore CIE version !=1 gracefully instead of bailing"
        ARC: Fix linking errors with CONFIG_MODULE + CONFIG_CC_OPTIMIZE_FOR_SIZE
        ARC: mm: fix building for MMU v2
        ARC: mm: HIGHMEM: Fix section mismatch splat
      12261f4e
    • Rafael J. Wysocki's avatar
      Merge branches 'acpi-processor' and 'pm-cpufreq' · 43b28ca8
      Rafael J. Wysocki authored
      * acpi-processor:
        ACPI / processor: Fix thermal cooling device regression
      
      * pm-cpufreq:
        cpufreq: scpi-cpufreq: signedness bug in scpi_get_dvfs_info()
      43b28ca8
  5. 25 Dec, 2015 2 commits
    • Linus Torvalds's avatar
      Merge branch 'parisc-4.4-4' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux · 8db7b3c5
      Linus Torvalds authored
      Pull parisc system call restart fix from Helge Deller:
       "The architectural design of parisc always uses two instructions to
        call kernel syscalls (delayed branch feature).  This means that the
        instruction following the branch (located in the delay slot of the
        branch instruction) is executed before control passes to the branch
        destination.
      
        Depending on which assembler instruction and how it is used in
        usersapce in the delay slot, this sometimes made restarted syscalls
        like futex() and poll() failing with -ENOSYS"
      
      * 'parisc-4.4-4' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
        parisc: Fix syscall restarts
      8db7b3c5
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc · 682cb0cd
      Linus Torvalds authored
      Pull sparc fixes from David Miller:
      
       1) Finally make perf stack backtraces stable on sparc, several problems
          (mostly due to the context in which the user copies from the stack
          are done) contributed to this.
      
          From Rob Gardner.
      
       2) Export ADI capability if the cpu supports it.
      
       3) Hook up userfaultfd system call.
      
       4) When faults happen during user copies we really have to clean up and
          restore the FPU state fully.  Also from Rob Gardner
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
        tty/serial: Skip 'NULL' char after console break when sysrq enabled
        sparc64: fix FP corruption in user copy functions
        sparc64: Perf should save/restore fault info
        sparc64: Ensure perf can access user stacks
        sparc64: Don't set %pil in rtrap_nmi too early
        sparc64: Add ADI capability to cpu capabilities
        tty: serial: constify sunhv_ops structs
        sparc: Hook up userfaultfd system call
      682cb0cd
  6. 24 Dec, 2015 5 commits
    • Vijay Kumar's avatar
      tty/serial: Skip 'NULL' char after console break when sysrq enabled · 079317a6
      Vijay Kumar authored
      When sysrq is triggered from console, serial driver for SUN hypervisor
      console receives a console break and enables the sysrq. It expects a valid
      sysrq char following with break. Meanwhile if driver receives 'NULL'
      ASCII char then it disables sysrq and sysrq handler will never be invoked.
      
      This fix skips calling uart sysrq handler when 'NULL' is received while
      sysrq is enabled.
      Signed-off-by: default avatarVijay Kumar <vijay.ac.kumar@oracle.com>
      Acked-by: default avatarKarl Volz <karl.volz@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      079317a6
    • Rob Gardner's avatar
      sparc64: fix FP corruption in user copy functions · a7c5724b
      Rob Gardner authored
      Short story: Exception handlers used by some copy_to_user() and
      copy_from_user() functions do not diligently clean up floating point
      register usage, and this can result in a user process seeing invalid
      values in floating point registers. This sometimes makes the process
      fail.
      
      Long story: Several cpu-specific (NG4, NG2, U1, U3) memcpy functions
      use floating point registers and VIS alignaddr/faligndata to
      accelerate data copying when source and dest addresses don't align
      well. Linux uses a lazy scheme for saving floating point registers; It
      is not done upon entering the kernel since it's a very expensive
      operation. Rather, it is done only when needed. If the kernel ends up
      not using FP regs during the course of some trap or system call, then
      it can return to user space without saving or restoring them.
      
      The various memcpy functions begin their FP code with VISEntry (or a
      variation thereof), which saves the FP regs. They conclude their FP
      code with VISExit (or a variation) which essentially marks the FP regs
      "clean", ie, they contain no unsaved values. fprs.FPRS_FEF is turned
      off so that a lazy restore will be triggered when/if the user process
      accesses floating point regs again.
      
      The bug is that the user copy variants of memcpy, copy_from_user() and
      copy_to_user(), employ an exception handling mechanism to detect faults
      when accessing user space addresses, and when this handler is invoked,
      an immediate return from the function is forced, and VISExit is not
      executed, thus leaving the fprs register in an indeterminate state,
      but often with fprs.FPRS_FEF set and one or more dirty bits. This
      results in a return to user space with invalid values in the FP regs,
      and since fprs.FPRS_FEF is on, no lazy restore occurs.
      
      This bug affects copy_to_user() and copy_from_user() for NG4, NG2,
      U3, and U1. All are fixed by using a new exception handler for those
      loads and stores that are done during the time between VISEnter and
      VISExit.
      
      n.b. In NG4memcpy, the problematic code can be triggered by a copy
      size greater than 128 bytes and an unaligned source address.  This bug
      is known to be the cause of random user process memory corruptions
      while perf is running with the callgraph option (ie, perf record -g).
      This occurs because perf uses copy_from_user() to read user stacks,
      and may fault when it follows a stack frame pointer off to an
      invalid page. Validation checks on the stack address just obscure
      the underlying problem.
      Signed-off-by: default avatarRob Gardner <rob.gardner@oracle.com>
      Signed-off-by: default avatarDave Aldridge <david.j.aldridge@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a7c5724b
    • Rob Gardner's avatar
      sparc64: Perf should save/restore fault info · 83352694
      Rob Gardner authored
      There have been several reports of random processes being killed with
      a bus error or segfault during userspace stack walking in perf.  One
      of the root causes of this problem is an asynchronous modification to
      thread_info fault_address and fault_code, which stems from a perf
      counter interrupt arriving during kernel processing of a "benign"
      fault, such as a TSB miss. Since perf_callchain_user() invokes
      copy_from_user() to read user stacks, a fault is not only possible,
      but probable. Validity checks on the stack address merely cover up the
      problem and reduce its frequency.
      
      The solution here is to save and restore fault_address and fault_code
      in perf_callchain_user() so that the benign fault handler is not
      disturbed by a perf interrupt.
      Signed-off-by: default avatarRob Gardner <rob.gardner@oracle.com>
      Signed-off-by: default avatarDave Aldridge <david.j.aldridge@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      83352694
    • Rob Gardner's avatar
      sparc64: Ensure perf can access user stacks · 3f74306a
      Rob Gardner authored
      When an interrupt (such as a perf counter interrupt) is delivered
      while executing in user space, the trap entry code puts ASI_AIUS in
      %asi so that copy_from_user() and copy_to_user() will access the
      correct memory. But if a perf counter interrupt is delivered while the
      cpu is already executing in kernel space, then the trap entry code
      will put ASI_P in %asi, and this will prevent copy_from_user() from
      reading any useful stack data in either of the perf_callchain_user_X
      functions, and thus no user callgraph data will be collected for this
      sample period. An additional problem is that a fault is guaranteed
      to occur, and though it will be silently covered up, it wastes time
      and could perturb state.
      
      In perf_callchain_user(), we ensure that %asi contains ASI_AIUS
      because we know for a fact that the subsequent calls to
      copy_from_user() are intended to read the user's stack.
      
      [ Use get_fs()/set_fs() -DaveM ]
      Signed-off-by: default avatarRob Gardner <rob.gardner@oracle.com>
      Signed-off-by: default avatarDave Aldridge <david.j.aldridge@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3f74306a
    • Rob Gardner's avatar
      sparc64: Don't set %pil in rtrap_nmi too early · 1ca04a4c
      Rob Gardner authored
      Commit 28a1f533 delays setting %pil to avoid potential
      hardirq stack overflow in the common rtrap_irq path.
      Setting %pil also needs to be delayed in the rtrap_nmi
      path for the same reason.
      Signed-off-by: default avatarRob Gardner <rob.gardner@oracle.com>
      Signed-off-by: default avatarDave Aldridge <david.j.aldridge@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1ca04a4c