summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-10-25Linux 4.3-rc7v4.3-rc7Linus Torvalds
2015-10-24Merge tag 'usb-4.3-rc7' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB fixes from Greg KH: "Here are three xhci driver fixes for reported issues for 4.3-rc7 All have been in linux-next for a while with no problems" * tag 'usb-4.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: xhci: Add spurious wakeup quirk for LynxPoint-LP controllers xhci: handle no ping response error properly xhci: don't finish a TD if we get a short transfer event mid TD
2015-10-24Merge tag 'tty-4.3-rc7' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty Pull tty/serial fixes from Greg KH: "Here are two fixes that resolve reported issues, one with the 8250 driver, and the other with the generic fbcon driver. Both have been in linux-next for a while" * tag 'tty-4.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: fbcon: initialize blink interval before calling fb_set_par Revert "serial: 8250_dma: don't bother DMA with small transfers"
2015-10-24Merge tag 'staging-4.3-rc7' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging Pull staging driver fixes from Greg KH: "Here are four iio driver fixes for 4.3-rc7, fixing some reported issues. All of these have been in linux-next for a while" * tag 'staging-4.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: iio: mxs-lradc: Fix temperature offset iio: accel: sca3000: memory corruption in sca3000_read_first_n_hw_rb() iio: st_accel: fix interrupt handling on LIS3LV02 iio: adc: twl4030: Fix ADC[3:6] readings
2015-10-24Merge tag 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma Pull infiniband fixes from Doug Ledford: "It's late in the game, I know, but these fixes seemed important enough to warrant a late pull request. They all involve oopses or use after frees or corruptions. Six serious fixes: - Hold the mutex around the find and corresponding update of our gid - The ifa list is rcu protected, copy its contents under rcu to avoid using a freed structure - On error, netdev might be null, so check it before trying to release it - On init, if workqueue alloc fails, fail init - The new demux patches exposed a bug in mlx5 and ipath drivers, we need to use the payload P_Key to determine the P_Key the packet arrived on because the hardware doesn't tell us the truth - Due to a couple convoluted error flows, it is possible for the CM to trigger a use_after_free and a double_free of rb nodes. Add two checks to prevent that. This code has worked for 10+ years. It is likely that some of the recent changes have caused this issue to surface. The current patch will protect us from nasty events for now while we track down why this is just now showing up" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma: IB/cm: Fix rb-tree duplicate free and use-after-free IB/cma: Use inner P_Key to determine netdev IB/ucma: check workqueue allocation before usage IB/cma: Potential NULL dereference in cma_id_from_event IB/core: Fix use after free of ifa IB/core: Fix memory corruption in ib_cache_gid_set_default_gid
2015-10-24Merge tag 'dm-4.3-fixes-4' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm Pull device mapper fixes from Mike Snitzer: "Three stable fixes (two in btree code used by DM thinp and one to properly store flags in DM cache metadata's superblock)" * tag 'dm-4.3-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: dm cache: the CLEAN_SHUTDOWN flag was not being set dm btree: fix leak of bufio-backed block in btree_split_beneath error path dm btree remove: fix a bug when rebalancing nodes after removal
2015-10-24Merge branch 'for-linus' of git://git.kernel.dk/linux-blockLinus Torvalds
Pull block layer fixes from Jens Axboe: "A final set of fixes for 4.3. It is (again) bigger than I would have liked, but it's all been through the testing mill and has been carefully reviewed by multiple parties. Each fix is either a regression fix for this cycle, or is marked stable. You can scold me at KS. The pull request contains: - Three simple fixes for NVMe, fixing regressions since 4.3. From Arnd, Christoph, and Keith. - A single xen-blkfront fix from Cathy, fixing a NULL dereference if an error is returned through the staste change callback. - Fixup for some bad/sloppy code in nbd that got introduced earlier in this cycle. From Markus Pargmann. - A blk-mq tagset use-after-free fix from Junichi. - A backing device lifetime fix from Tejun, fixing a crash. - And finally, a set of regression/stable fixes for cgroup writeback from Tejun" * 'for-linus' of git://git.kernel.dk/linux-block: writeback: remove broken rbtree_postorder_for_each_entry_safe() usage in cgwb_bdi_destroy() NVMe: Fix memory leak on retried commands block: don't release bdi while request_queue has live references nvme: use an integer value to Linux errno values blk-mq: fix use-after-free in blk_mq_free_tag_set() nvme: fix 32-bit build warning writeback: fix incorrect calculation of available memory for memcg domains writeback: memcg dirty_throttle_control should be initialized with wb->memcg_completions writeback: bdi_writeback iteration must not skip dying ones writeback: fix bdi_writeback iteration in wakeup_dirtytime_writeback() writeback: laptop_mode_timer_fn() needs rcu_read_lock() around bdi_writeback iteration nbd: Add locking for tasks xen-blkfront: check for null drvdata in blkback_changed (XenbusStateClosing)
2015-10-24Merge branch 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client Pull Ceph fixes from Sage Weil: "Two fixes. One is a stopgap to prevent a stack blowout when users have a deep chain of image clones. (We'll rewrite this code to be non-recursive for the next window, but in the meantime this is a simple fix that avoids a crash.) The second fixes a refcount underflow" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client: rbd: prevent kernel stack blow up on rbd map rbd: don't leak parent_spec in rbd_dev_probe_parent()
2015-10-24Merge branch 'for-linus-4.3' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs Pull btrfs fixes from Chris Mason: "I have two more small fixes this week: Qu's fix avoids unneeded COW during fallocate, and Christian found a memory leak in the error handling of an earlier fix" * 'for-linus-4.3' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs: btrfs: fix possible leak in btrfs_ioctl_balance() btrfs: Avoid truncate tailing page if fallocate range doesn't exceed inode size
2015-10-23dm cache: the CLEAN_SHUTDOWN flag was not being setJoe Thornber
If the CLEAN_SHUTDOWN flag is not set when a cache is loaded then all cache blocks are marked as dirty and a full writeback occurs. __commit_transaction() is responsible for setting/clearing CLEAN_SHUTDOWN (based the flags_mutator that is passed in). Fix this issue, of the cache's on-disk flags being wrong, by making sure __commit_transaction() does not reset the flags after the mutator has altered the flags in preparation for them being serialized to disk. before: sb_flags = mutator(le32_to_cpu(disk_super->flags)); disk_super->flags = cpu_to_le32(sb_flags); disk_super->flags = cpu_to_le32(cmd->flags); after: disk_super->flags = cpu_to_le32(cmd->flags); sb_flags = mutator(le32_to_cpu(disk_super->flags)); disk_super->flags = cpu_to_le32(sb_flags); Reported-by: Bogdan Vasiliev <bogdan.vasiliev@gmail.com> Signed-off-by: Joe Thornber <ejt@redhat.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com> Cc: stable@vger.kernel.org
2015-10-23dm btree: fix leak of bufio-backed block in btree_split_beneath error pathMike Snitzer
btree_split_beneath()'s error path had an outstanding FIXME that speaks directly to the potential for _not_ cleaning up a previously allocated bufio-backed block. Fix this by releasing the previously allocated bufio block using unlock_block(). Reported-by: Mikulas Patocka <mpatocka@redhat.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com> Acked-by: Joe Thornber <thornber@redhat.com> Cc: stable@vger.kernel.org
2015-10-23dm btree remove: fix a bug when rebalancing nodes after removalJoe Thornber
Commit 4c7e309340ff ("dm btree remove: fix bug in redistribute3") wasn't a complete fix for redistribute3(). The redistribute3 function takes 3 btree nodes and shares out the entries evenly between them. If the three nodes in total contained (MAX_ENTRIES * 3) - 1 entries between them then this was erroneously getting rebalanced as (MAX_ENTRIES - 1) on the left and right, and (MAX_ENTRIES + 1) in the center. Fix this issue by being more careful about calculating the target number of entries for the left and right nodes. Unit tested in userspace using this program: https://github.com/jthornber/redistribute3-test/blob/master/redistribute3_t.c Signed-off-by: Joe Thornber <ejt@redhat.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com> Cc: stable@vger.kernel.org
2015-10-23rbd: prevent kernel stack blow up on rbd mapIlya Dryomov
Mapping an image with a long parent chain (e.g. image foo, whose parent is bar, whose parent is baz, etc) currently leads to a kernel stack overflow, due to the following recursion in the reply path: rbd_osd_req_callback() rbd_obj_request_complete() rbd_img_obj_callback() rbd_img_parent_read_callback() rbd_obj_request_complete() ... Limit the parent chain to 16 images, which is ~5K worth of stack. When the above recursion is eliminated, this limit can be lifted. Fixes: http://tracker.ceph.com/issues/12538 Cc: stable@vger.kernel.org # 3.10+, needs backporting for < 4.2 Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Reviewed-by: Josh Durgin <jdurgin@redhat.com>
2015-10-23rbd: don't leak parent_spec in rbd_dev_probe_parent()Ilya Dryomov
Currently we leak parent_spec and trigger a "parent reference underflow" warning if rbd_dev_create() in rbd_dev_probe_parent() fails. The problem is we take the !parent out_err branch and that only drops refcounts; parent_spec that would've been freed had we called rbd_dev_unparent() remains and triggers rbd_warn() in rbd_dev_parent_put() - at that point we have parent_spec != NULL and parent_ref == 0, so counter ends up being -1 after the decrement. Redo rbd_dev_probe_parent() to fix this. Cc: stable@vger.kernel.org # 3.10+, needs backporting for < 4.2 Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Reviewed-by: Alex Elder <elder@linaro.org>
2015-10-23Merge branch 'x86-urgent-for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Ingo Molnar: "Misc fixes: two KASAN fixes, two EFI boot fixes, two boot-delay optimization fixes, and a fix for a IRQ handling hang observed on virtual platforms" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/mm, kasan: Silence KASAN warnings in get_wchan() compiler, atomics, kasan: Provide READ_ONCE_NOCHECK() x86, kasan: Fix build failure on KASAN=y && KMEMCHECK=y kernels x86/smpboot: Fix CPU #1 boot timeout x86/smpboot: Fix cpu_init_udelay=10000 corner case boot parameter misbehavior x86/ioapic: Disable interrupts when re-routing legacy IRQs x86/setup: Extend low identity map to cover whole kernel range x86/efi: Fix multiple GOP device support
2015-10-23Merge branch 'sched-urgent-for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull scheduler fixes from Ingo Molnar: "Misc fixes all around the map: an instrumentation fix, a nohz usability fix, a lockdep annotation fix and two task group scheduling fixes" * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched/core: Add missing lockdep_unpin() annotations sched/deadline: Fix migration of SCHED_DEADLINE tasks nohz: Revert "nohz: Set isolcpus when nohz_full is set" sched/fair: Update task group's load_avg after task migration sched/fair: Fix overly small weight for interactive group entities sched, tracing: Stop/start critical timings around the idle=poll idle loop
2015-10-23Merge branch 'akpm' (patches from Andrew)Linus Torvalds
Merge fixes from Andrew Morton: "9 fixes" * emailed patches from Andrew Morton <akpm@linux-foundation.org>: ocfs2/dlm: unlock lockres spinlock before dlm_lockres_put fault-inject: fix inverted interval/probability values in printk lib/Kconfig.debug: disable -Wframe-larger-than warnings with KASAN=y mm: make sendfile(2) killable thp: use is_zero_pfn() only after pte_present() check mailmap: update Javier Martinez Canillas' email MAINTAINERS: add Sergey as zsmalloc reviewer mm: cma: fix incorrect type conversion for size during dma allocation kmod: don't run async usermode helper as a child of kworker thread
2015-10-23sched/core: Add missing lockdep_unpin() annotationsPeter Zijlstra
Luca and Wanpeng reported two missing annotations that led to false lockdep complaints. Add the missing annotations. Reported-by: Luca Abeni <luca.abeni@unitn.it> Reported-by: Wanpeng Li <wanpeng.li@hotmail.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Juri Lelli <juri.lelli@arm.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mike Galbraith <efault@gmx.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Fixes: cbce1a686700 ("sched,lockdep: Employ lock pinning") Link: http://lkml.kernel.org/r/20151023095008.GY17308@twins.programming.kicks-ass.net Signed-off-by: Ingo Molnar <mingo@kernel.org>
2015-10-23Merge tag 'powerpc-4.3-5' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fixes from Michael Ellerman: - Revert "Use the POWER8 Micro Partition Prefetch Engine in KVM HV on POWER8" from Paul - Handle irq_happened flag correctly in off-line loop from Paul - Validate rtas.entry before calling enter_rtas() from Vasant * tag 'powerpc-4.3-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/rtas: Validate rtas.entry before calling enter_rtas() powerpc/powernv: Handle irq_happened flag correctly in off-line loop powerpc: Revert "Use the POWER8 Micro Partition Prefetch Engine in KVM HV on POWER8"
2015-10-23Merge tag 'fixes-for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC fixes from Arnd Bergmann: "Most of the changes this time are for incorrect device nodes in various ways, on on imx, berlin, exynos, ux500, uniphier, omap and meson. Chen-Yu Tsai now co-maintains mach-sunxi (Allwinner). Other bug fixes include - a partial revert of a broken tegra gpio patch - irq affinity for arm ccn - suspend on one Armada 385 machine - enable ZONE_DMA to avoid an OMAP crash for over 2GB RAM - turning on a regulator on beagleboard-x15 for HDMI - making the omap gpmc debug code visible - setup of orion network switch - a rare build regression for pxa" * tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (22 commits) ARM: OMAP2+: Fix imprecise external abort caused by bogus SRAM init thermal: exynos: Fix register read in TMU ARM: OMAP2+: Fix oops with LPAE and more than 2GB of memory ARM: tegra: Comment out gpio-ranges properties ARM: dts: uniphier: fix IRQ number for devices on PH1-LD6b ref board drivers/perf: arm_pmu: avoid CPU device_node reference leak bus: arm-ccn: Fix irq affinity setting on CPU migration bus: arm-ccn: Handle correctly no-more-cpus case ARM: mvebu: correct a385-db-ap compatible string ARM: meson6: DTS: Fix wrong reg mapping and IRQ numbers MAINTAINERS: Update Allwinner entry and add new maintainer ARM: ux500: modify initial levelshifter status ARM: pxa: fix pxa3xx DFI lockup hack Documentation: ARM: List new omap MMC requirements memory: omap-gpmc: dump "before" state before first modification memory: omap-gpmc: Fix unselectable debug option for GPMC ARM: dts: am57xx-beagle-x15: set VDD_SD to always-on ARM: dts: Fix audio card detection on Peach boards ARM: EXYNOS: Fix double of_node_put() when parsing child power domains ARM: orion: Fix DSA platform device after mvmdio conversion ...
2015-10-23Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvmLinus Torvalds
Pull KVM bugfixes from Paolo Bonzini: "Bug fixes for ARM, mostly 4.3 regressions related to virtual interrupt controller changes" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: arm/arm64: KVM: Fix disabled distributor operation arm/arm64: KVM: Clear map->active on pend/active clear arm/arm64: KVM: Fix arch timer behavior for disabled interrupts KVM: arm: use GIC support unconditionally KVM: arm/arm64: Fix memory leak if timer initialization fails KVM: arm/arm64: Do not inject spurious interrupts
2015-10-23Merge tag 'trace-fixes-v4.3-rc6' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull tracing fixes from Steven Rostedt: "Running tests on other changes, the system locked up due to lots of warnings. It was caused by the stack tracer triggering a warning about using rcu_dereference() when RCU was not watching. This can happen due to the fact that the stack tracer uses the function tracer to check each function, and there are functions that may be called and traced when RCU stopped watching. Namely when a function is called just before going idle or to userspace and after RCU stopped watching that current CPU. The first patch makes sure that RCU is watching when the stack tracer uses RCU. The second patch is to make sure that the stack tracer does not get called by functions in NMI, as it's not NMI safe" * tag 'trace-fixes-v4.3-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: tracing: Do not allow stack_tracer to record stack in NMI tracing: Have stack tracer force RCU to be watching
2015-10-23Merge tag 'sound-4.3-rc7' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "There is nothing to worry you much, only a few small & stable patches are found for usual stuff, HD-audio (a Lenovo laptop quirk, a fix for minor error handling) and ASoC (trivial fixes for RT298 and WM codecs). The only remaining major change is the fix for ASoC SX_TLV control that was overseen during refactoring, but the fix itself is trivial and safe" * tag 'sound-4.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ASoC: wm8962: mark cache_dirty flag after software reset in pm_resume ASoC: rt298: fix wrong setting of gpio2_en ASoC: wm8904: Correct number of EQ registers ALSA: hda - Fix deadlock at error in building PCM ASoC: Add info callback for SX_TLV controls ASoC: rt298: correct index default value ALSA: hda - Fix inverted internal mic on Lenovo G50-80 ALSA: hdac: Explicitly add io.h
2015-10-23Merge tag 'media/v4.3-4' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media Pull media fixes from Mauro Carvalho Chehab: "Some regression fixes and potential security issues: - netup_unidvb: fix potential crash when spi is NULL - rtl28xxu: fix control message flaws - m88ds3103: fix a regression on Kernel 4.2 - c8sectpfe: fix some issues on this new driver - v4l2-flash-led-class: fix a Kbuild dependency - si2157 and si2158: check for array boundary when uploading firmware files - horus3a and lnbh25: fix some building troubles when some options aren't selected - ir-hix5hd2: drop the use of IRQF_NO_SUSPEND" * tag 'media/v4.3-4' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: [media] m88ds3103: use own reg update_bits() implementation [media] rtl28xxu: fix control message flaws [media] v4l2-flash-led-class: Add missing VIDEO_V4L2 Kconfig dependency [media] netup_unidvb: fix potential crash when spi is NULL [media] si2168: Bounds check firmware [media] si2157: Bounds check firmware [media] ir-hix5hd2: drop the use of IRQF_NO_SUSPEND [media] c8sectpfe: fix return of garbage [media] c8sectpfe: fix ininitialized error return on firmware load failure [media] lnbh25: Fix lnbh25_attach() function return type [media] horus3a: Fix horus3a_attach() function parameters
2015-10-23Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linuxLinus Torvalds
Pull drm fixes from Dave Airlie: "I've been a bit slow gathering these: - drm/mst: one mutex leak in a fail path - radeon: two oops fixes, one dpm fix - i915: one messy set of fixes, where we revert the original fix, and pull back the proper set of fixes from -next on top. - nouveau: one fix for an illegal buffer placement. Doesn't look too bad, hopefully shouldn't be too much more" * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: drm/nouveau/gem: return only valid domain when there's only one drm: fix mutex leak in drm_dp_get_mst_branch_device drm/amdgpu: add missing dpm check for KV dpm late init drm/amdgpu/dpm: don't add pwm attributes if DPM is disabled drm/radeon/dpm: don't add pwm attributes if DPM is disabled drm/i915: Add primary plane to mask if it's visible drm/i915: Move sprite/cursor plane disable to intel_sanitize_crtc() drm/i915: Assign hwmode after encoder state readout Revert "drm/i915: Add primary plane to mask if it's visible" drm/i915: Deny wrapping an userptr into a framebuffer drm/i915: Enable DPLL VGA mode before P1/P2 divider write drm/i915: Restore lost DPLL register write on gen2-4 drm/i915: Flush pipecontrol post-sync writes drm/i915: Fix kerneldoc for i915_gem_shrink_all
2015-10-23ocfs2/dlm: unlock lockres spinlock before dlm_lockres_putJoseph Qi
dlm_lockres_put will call dlm_lockres_release if it is the last reference, and then it may call dlm_print_one_lock_resource and take lockres spinlock. So unlock lockres spinlock before dlm_lockres_put to avoid deadlock. Signed-off-by: Joseph Qi <joseph.qi@huawei.com> Cc: Mark Fasheh <mfasheh@suse.de> Cc: Joel Becker <jlbec@evilplan.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-10-23fault-inject: fix inverted interval/probability values in printkFlorian Westphal
interval displays the probability and vice versa. Fixes: 6adc4a22f20bb ("fault-inject: add ratelimit option") Acked-by: Akinobu Mita <akinobu.mita@gmail.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-10-23lib/Kconfig.debug: disable -Wframe-larger-than warnings with KASAN=yAndrey Ryabinin
When the kernel compiled with KASAN=y, GCC adds redzones for each variable on stack. This enlarges function's stack frame and causes: 'warning: the frame size of X bytes is larger than Y bytes' The worst case I've seen for now is following: ../net/wireless/nl80211.c: In function `nl80211_send_wiphy': ../net/wireless/nl80211.c:1731:1: warning: the frame size of 5448 bytes is larger than 2048 bytes [-Wframe-larger-than=] That kind of warning becomes useless with KASAN=y. It doesn't necessarily indicate that there is some problem in the code, thus we should turn it off. (The KASAN=y stack size in increased from 16k to 32k for this reason) Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Reported-by: Fengguang Wu <fengguang.wu@intel.com> Acked-by: Abylay Ospan <aospan@netup.ru> Cc: Andi Kleen <andi@firstfloor.org> Cc: Ingo Molnar <mingo@kernel.org> Cc: Mauro Carvalho Chehab <m.chehab@samsung.com> Cc: Kozlov Sergey <serjk@netup.ru> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-10-23mm: make sendfile(2) killableJan Kara
Currently a simple program below issues a sendfile(2) system call which takes about 62 days to complete in my test KVM instance. int fd; off_t off = 0; fd = open("file", O_RDWR | O_TRUNC | O_SYNC | O_CREAT, 0644); ftruncate(fd, 2); lseek(fd, 0, SEEK_END); sendfile(fd, fd, &off, 0xfffffff); Now you should not ask kernel to do a stupid stuff like copying 256MB in 2-byte chunks and call fsync(2) after each chunk but if you do, sysadmin should have a way to stop you. We actually do have a check for fatal_signal_pending() in generic_perform_write() which triggers in this path however because we always succeed in writing something before the check is done, we return value > 0 from generic_perform_write() and thus the information about signal gets lost. Fix the problem by doing the signal check before writing anything. That way generic_perform_write() returns -EINTR, the error gets propagated up and the sendfile loop terminates early. Signed-off-by: Jan Kara <jack@suse.com> Reported-by: Dmitry Vyukov <dvyukov@google.com> Cc: Al Viro <viro@ZenIV.linux.org.uk> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-10-23thp: use is_zero_pfn() only after pte_present() checkMinchan Kim
Use is_zero_pfn() on pteval only after pte_present() check on pteval (It might be better idea to introduce is_zero_pte() which checks pte_present() first). Otherwise when working on a swap or migration entry and if pte_pfn's result is equal to zero_pfn by chance, we lose user's data in __collapse_huge_page_copy(). So if you're unlucky, the application segfaults and finally you could see below message on exit: BUG: Bad rss-counter state mm:ffff88007f099300 idx:2 val:3 Fixes: ca0984caa823 ("mm: incorporate zero pages into transparent huge pages") Signed-off-by: Minchan Kim <minchan@kernel.org> Reviewed-by: Andrea Arcangeli <aarcange@redhat.com> Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: Mel Gorman <mgorman@suse.de> Acked-by: Vlastimil Babka <vbabka@suse.cz> Cc: Hugh Dickins <hughd@google.com> Cc: Rik van Riel <riel@redhat.com> Cc: <stable@vger.kernel.org> [4.1+] Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-10-23mailmap: update Javier Martinez Canillas' emailJavier Martinez Canillas
The get_maintainer script still reports my old Collabora email based on old commits but that address no longer exist so update mailmap to report my current email and avoid people sending to the old address. Signed-off-by: Javier Martinez Canillas <javier@osg.samsung.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-10-23MAINTAINERS: add Sergey as zsmalloc reviewerSergey Senozhatsky
Nominate myself as a zsmalloc reviewer. Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Cc: Minchan Kim <minchan@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-10-23mm: cma: fix incorrect type conversion for size during dma allocationRohit Vaswani
This was found during userspace fuzzing test when a large size dma cma allocation is made by driver(like ion) through userspace. show_stack+0x10/0x1c dump_stack+0x74/0xc8 kasan_report_error+0x2b0/0x408 kasan_report+0x34/0x40 __asan_storeN+0x15c/0x168 memset+0x20/0x44 __dma_alloc_coherent+0x114/0x18c Signed-off-by: Rohit Vaswani <rvaswani@codeaurora.org> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Marek Szyprowski <m.szyprowski@samsung.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-10-23kmod: don't run async usermode helper as a child of kworker threadOleg Nesterov
call_usermodehelper_exec_sync() does fork() + wait() with "unignored" SIGCHLD. What we have missed is that this worker thread can have other children previously forked by call_usermodehelper_exec_work() without UMH_WAIT_PROC. If such a child exits in between it becomes a zombie because auto-reaping only works if SIGCHLD is ignored, and nobody can reap it (unless/until this worker thread exits too). Change the !UMH_WAIT_PROC case to use CLONE_PARENT. Note: this is only first step. All PF_KTHREAD tasks, even created by kernel_thread() should have ->parent == kthreadd by default. Fixes: bb304a5c6fc63d8506c ("kmod: handle UMH_WAIT_PROC from system unbound workqueue") Signed-off-by: Oleg Nesterov <oleg@redhat.com> Acked-by: Frederic Weisbecker <fweisbec@gmail.com> Cc: Rik van Riel <riel@redhat.com> Cc: Christoph Lameter <cl@linux.com> Cc: Tejun Heo <tj@kernel.org> Cc: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-10-23Merge tag 'asoc-fix-v4.3-rc6' of ↵Takashi Iwai
git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus ASoC: Fixes for v4.3 A bunch of driver fixes plus one core fix which fixes problems with misreporting values from _SX controls following a recent refactoring. This had gone unnoticed as such controls are quite rare.
2015-10-23Merge remote-tracking branches 'asoc/fix/rt298', 'asoc/fix/sx', ↵Mark Brown
'asoc/fix/wm8904' and 'asoc/fix/wm8962' into asoc-linus
2015-10-23Merge remote-tracking branch 'asoc/fix/rt5645' into asoc-linusMark Brown
2015-10-22[media] m88ds3103: use own reg update_bits() implementationAntti Palosaari
Device stopped to tuning some channels after regmap conversion. Reason is that regmap_update_bits() works a bit differently for partially volatile registers than old homemade routine. Return back to old routine in order to fix issue. Fixes: 478932b16052f5ded74685d096ae920cd17d6424 Cc: <stable@kernel.org> # 4.2+ Reported-by: Mark Clarkstone <hello@markclarkstone.co.uk> Tested-by: Mark Clarkstone <hello@markclarkstone.co.uk> Signed-off-by: Antti Palosaari <crope@iki.fi> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
2015-10-22[media] rtl28xxu: fix control message flawsAntti Palosaari
Add lock to prevent concurrent access for control message as control message function uses shared buffer. Without the lock there may be remote control polling which messes the buffer causing IO errors. Increase buffer size and add check for maximum supported message length. Link: https://bugzilla.kernel.org/show_bug.cgi?id=103391 Fixes: c56222a6b25c ("[media] rtl28xxu: move usb buffers to state") Cc: <stable@vger.kernel.org> # 4.0+ Signed-off-by: Antti Palosaari <crope@iki.fi>
2015-10-22[media] v4l2-flash-led-class: Add missing VIDEO_V4L2 Kconfig dependencyJacek Anaszewski
Fixes the following randconfig problem: drivers/built-in.o: In function `v4l2_flash_release': (.text+0x12204f): undefined reference to `v4l2_async_unregister_subdev' drivers/built-in.o: In function `v4l2_flash_release': (.text+0x122057): undefined reference to `v4l2_ctrl_handler_free' drivers/built-in.o: In function `v4l2_flash_close': v4l2-flash-led-class.c:(.text+0x12208f): undefined reference to `v4l2_fh_is_singular' v4l2-flash-led-class.c:(.text+0x1220c8): undefined reference to `__v4l2_ctrl_s_ctrl' drivers/built-in.o: In function `v4l2_flash_open': v4l2-flash-led-class.c:(.text+0x12227f): undefined reference to `v4l2_fh_is_singular' drivers/built-in.o: In function `v4l2_flash_init_controls': v4l2-flash-led-class.c:(.text+0x12274e): undefined reference to `v4l2_ctrl_handler_init_class' v4l2-flash-led-class.c:(.text+0x122797): undefined reference to `v4l2_ctrl_new_std_menu' v4l2-flash-led-class.c:(.text+0x1227e0): undefined reference to `v4l2_ctrl_new_std' v4l2-flash-led-class.c:(.text+0x122826): undefined reference to `v4l2_ctrl_handler_setup' v4l2-flash-led-class.c:(.text+0x122839): undefined reference to `v4l2_ctrl_handler_free' drivers/built-in.o: In function `v4l2_flash_init': (.text+0x1228e2): undefined reference to `v4l2_subdev_init' drivers/built-in.o: In function `v4l2_flash_init': (.text+0x12293b): undefined reference to `v4l2_async_register_subdev' drivers/built-in.o: In function `v4l2_flash_init': (.text+0x122949): undefined reference to `v4l2_ctrl_handler_free' drivers/built-in.o:(.rodata+0x20ef8): undefined reference to `v4l2_subdev_queryctrl' drivers/built-in.o:(.rodata+0x20f10): undefined reference to `v4l2_subdev_querymenu' Signed-off-by: Jacek Anaszewski <j.anaszewski@samsung.com> Reported-by: kbuild test robot <fengguang.wu@intel.com> Cc: Sakari Ailus <sakari.ailus@iki.fi> Cc: Hans Verkuil <hans.verkuil@cisco.com>
2015-10-22[media] netup_unidvb: fix potential crash when spi is NULLAbylay Ospan
Signed-off-by: Abylay Ospan <aospan@netup.ru> Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
2015-10-22[media] si2168: Bounds check firmwareLaura Abbott
When reading the firmware and sending commands, the length must be bounds checked to avoid overrunning the size of the command buffer and smashing the stack if the firmware is not in the expected format: si2168 11-0064: found a 'Silicon Labs Si2168-B40' si2168 11-0064: downloading firmware from file 'dvb-demod-si2168-b40-01.fw' si2168 11-0064: firmware download failed -95 Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffffa085708f Add the proper check. Cc: stable@kernel.org Reported-by: Stuart Auchterlonie <sauchter@redhat.com> Reviewed-by: Antti Palosaari <crope@iki.fi> Signed-off-by: Laura Abbott <labbott@fedoraproject.org> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
2015-10-22[media] si2157: Bounds check firmwareLaura Abbott
When reading the firmware and sending commands, the length must be bounds checked to avoid overrunning the size of the command buffer and smashing the stack if the firmware is not in the expected format. Add the proper check. Cc: stable@kernel.org Signed-off-by: Laura Abbott <labbott@fedoraproject.org> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
2015-10-22[media] ir-hix5hd2: drop the use of IRQF_NO_SUSPENDSudeep Holla
This driver doesn't claim the IR transmitter to be wakeup source. It even disables the clock and the IR during suspend-resume cycle. This patch removes yet another misuse of IRQF_NO_SUSPEND. Cc: Patrice Chotard <patrice.chotard@st.com> Cc: Fabio Estevam <fabio.estevam@freescale.com> Cc: Guoxiong Yan <yanguoxiong@huawei.com> Signed-off-by: Sudeep Holla <sudeep.holla@arm.com> Acked-by: Zhangfei Gao <zhangfei.gao@linaro.org> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
2015-10-22[media] c8sectpfe: fix return of garbageSudip Mukherjee
The variable err was never initialized, that means we had been checking a garbage value in the for loop. Moreover if the segment is not outside the firmware file then also we have been returning the garbage. Initialize it to 0 so that on success we return the value and no need to check in the for loop also as it is initially 0 and whenever that value changes we have done a break from the loop. Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
2015-10-22[media] c8sectpfe: fix ininitialized error return on firmware load failureColin Ian King
static analysis with cppcheck detected the following error: [drivers/media/platform/sti/c8sectpfe/c8sectpfe-core.c:1210]: (error) Uninitialized variable: ret ret is never initialised, so garbage is being returned. Instead return the error return from the call of request_firmware_nowait Signed-off-by: Colin Ian King <colin.king@canonical.com>
2015-10-22[media] lnbh25: Fix lnbh25_attach() function return typeJavier Martinez Canillas
If CONFIG_DVB_LNBH25 is disabled, a stub static inline function is defined that just prints a warning about the driver being disabled but the function return type was wrong which caused a build error. Fixes: e025273b86fb ("[media] lnbh25: LNBH25 SEC controller driver") Reported-by: Fengguang Wu <fengguang.wu@intel.com> Signed-off-by: Javier Martinez Canillas <javier@osg.samsung.com>
2015-10-22[media] horus3a: Fix horus3a_attach() function parametersJavier Martinez Canillas
If CONFIG_DVB_HORUS3A is disabled a stub static inline function is defined that just prints a warning about the driver being disabled but the function parameters were wrong which caused a build error. Fixes: a5d32b358254f ("[media] horus3a: Sony Horus3A DVB-S/S2 tuner driver") Reported-by: Fengguang Wu <fengguang.wu@intel.com> Signed-off-by: Javier Martinez Canillas <javier@osg.samsung.com>
2015-10-22ASoC: wm8962: mark cache_dirty flag after software reset in pm_resumeJiada Wang
By doing software reset of wm8962 in pm_resume, all registers which have already been set will be reset to default value without regmap interface be involved, thus driver need to mark cache_dirty flag, to let regcache can be updated by regcache_sync(). Signed-off-by: Jiada Wang <jiada_wang@mentor.com> Acked-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com> Signed-off-by: Mark Brown <broonie@kernel.org>
2015-10-21btrfs: fix possible leak in btrfs_ioctl_balance()Christian Engelmayer
Commit 8eb934591f8b ("btrfs: check unsupported filters in balance arguments") adds a jump to exit label out_bargs in case the argument check fails. At this point in addition to the bargs memory, the memory for struct btrfs_balance_control has already been allocated. Ownership of bctl is passed to btrfs_balance() in the good case, thus the memory is not freed due to the introduced jump. Make sure that the memory gets freed in any case as necessary. Detected by Coverity CID 1328378. Signed-off-by: Christian Engelmayer <cengelma@gmx.at> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: Chris Mason <clm@fb.com>