Граф коммитов

589104 Коммитов

Автор SHA1 Сообщение Дата
James Hogan 4ac334295e MIPS: KVM: Add missing disable FPU hazard barriers
Add the necessary hazard barriers after disabling the FPU in
kvm_lose_fpu(), just to be safe.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim Krčmář" <rkrcmar@redhat.com>
Cc: linux-mips@linux-mips.org
Cc: kvm@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-05-10 15:56:52 +02:00
James Hogan 556f2a5231 MIPS: KVM: Fix preemption warning reading FPU capability
Reading the KVM_CAP_MIPS_FPU capability returns cpu_has_fpu, however
this uses smp_processor_id() to read the current CPU capabilities (since
some old MIPS systems could have FPUs present on only a subset of CPUs).

We don't support any such systems, so work around the warning by using
raw_cpu_has_fpu instead.

We should probably instead claim not to support FPU at all if any one
CPU is lacking an FPU, but this should do for now.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim Krčmář" <rkrcmar@redhat.com>
Cc: linux-mips@linux-mips.org
Cc: kvm@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-05-10 15:56:51 +02:00
James Hogan f049729c05 MIPS: KVM: Fix preemptable kvm_mips_get_*_asid() calls
There are a couple of places in KVM fault handling code which implicitly
use smp_processor_id() via kvm_mips_get_kernel_asid() and
kvm_mips_get_user_asid() from preemptable context. This is unsafe as a
preemption could cause the guest kernel ASID to be changed, resulting in
a host TLB entry being written with the wrong ASID.

Fix by disabling preemption around the kvm_mips_get_*_asid() call and
the corresponding kvm_mips_host_tlb_write().

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim Krčmář" <rkrcmar@redhat.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Cc: kvm@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-05-10 15:56:51 +02:00
James Hogan b45bacd2d0 MIPS: KVM: Fix timer IRQ race when writing CP0_Compare
Writing CP0_Compare clears the timer interrupt pending bit
(CP0_Cause.TI), but this wasn't being done atomically. If a timer
interrupt raced with the write of the guest CP0_Compare, the timer
interrupt could end up being pending even though the new CP0_Compare is
nowhere near CP0_Count.

We were already updating the hrtimer expiry with
kvm_mips_update_hrtimer(), which used both kvm_mips_freeze_hrtimer() and
kvm_mips_resume_hrtimer(). Close the race window by expanding out
kvm_mips_update_hrtimer(), and clearing CP0_Cause.TI and setting
CP0_Compare between the freeze and resume. Since the pending timer
interrupt should not be cleared when CP0_Compare is written via the KVM
user API, an ack argument is added to distinguish the source of the
write.

Fixes: e30492bbe9 ("MIPS: KVM: Rewrite count/compare timer emulation")
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim Krčmář" <rkrcmar@redhat.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Cc: kvm@vger.kernel.org
Cc: <stable@vger.kernel.org> # 3.16.x-
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-05-10 15:56:50 +02:00
James Hogan 4355c44f06 MIPS: KVM: Fix timer IRQ race when freezing timer
There's a particularly narrow and subtle race condition when the
software emulated guest timer is frozen which can allow a guest timer
interrupt to be missed.

This happens due to the hrtimer expiry being inexact, so very
occasionally the freeze time will be after the moment when the emulated
CP0_Count transitions to the same value as CP0_Compare (so an IRQ should
be generated), but before the moment when the hrtimer is due to expire
(so no IRQ is generated). The IRQ won't be generated when the timer is
resumed either, since the resume CP0_Count will already match CP0_Compare.

With VZ guests in particular this is far more likely to happen, since
the soft timer may be frozen frequently in order to restore the timer
state to the hardware guest timer. This happens after 5-10 hours of
guest soak testing, resulting in an overflow in guest kernel timekeeping
calculations, hanging the guest. A more focussed test case to
intentionally hit the race (with the help of a new hypcall to cause the
timer state to migrated between hardware & software) hits the condition
fairly reliably within around 30 seconds.

Instead of relying purely on the inexact hrtimer expiry to determine
whether an IRQ should be generated, read the guest CP0_Compare and
directly check whether the freeze time is before or after it. Only if
CP0_Count is on or after CP0_Compare do we check the hrtimer expiry to
determine whether the last IRQ has already been generated (which will
have pushed back the expiry by one timer period).

Fixes: e30492bbe9 ("MIPS: KVM: Rewrite count/compare timer emulation")
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim Krčmář" <rkrcmar@redhat.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Cc: kvm@vger.kernel.org
Cc: <stable@vger.kernel.org> # 3.16.x-
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-05-10 15:56:50 +02:00
Borislav Petkov 3dbe345885 x86/kvm: Do not use BIT() in user-exported header
Apparently, we're not exporting BIT() to userspace.

Reported-by: Brooks Moses <bmoses@google.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
2016-05-09 16:38:54 +02:00
Wanpeng Li 35f3fae178 kvm: robustify steal time record
Guest should only trust data to be valid when version haven't changed
before and after reads of steal time. Besides not changing, it has to
be an even number. Hypervisor may write an odd number to version field
to indicate that an update is in progress.

kvm_steal_clock() in guest has already done the read side, make write
side in hypervisor more robust by following the above rule.

Reviewed-by: Wincy Van <fanwenyi0529@gmail.com>
Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
2016-05-03 17:19:05 +02:00
Bruce Rogers f24632475d KVM: x86: fix ordering of cr0 initialization code in vmx_cpu_reset
Commit d28bc9dd25 reversed the order of two lines which initialize cr0,
allowing the current (old) cr0 value to mess up vcpu initialization.
This was observed in the checks for cr0 X86_CR0_WP bit in the context of
kvm_mmu_reset_context(). Besides, setting vcpu->arch.cr0 after vmx_set_cr0()
is completely redundant. Change the order back to ensure proper vcpu
initialization.

The combination of booting with ovmf firmware when guest vcpus > 1 and kvm's
ept=N option being set results in a VM-entry failure. This patch fixes that.

Fixes: d28bc9dd25 ("KVM: x86: INIT and reset sequences are different")
Cc: stable@vger.kernel.org
Signed-off-by: Bruce Rogers <brogers@suse.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
2016-04-29 14:30:41 +02:00
Eric Engestrom 1f644a7373 Documentation: virtual: fix spelling mistake
Signed-off-by: Eric Engestrom <eric@engestrom.ch>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
2016-04-25 16:59:49 +02:00
Paolo Bonzini 2e4682ba2e KVM: add missing memory barrier in kvm_{make,check}_request
kvm_make_request and kvm_check_request imply a producer-consumer
relationship; add implicit memory barriers to them.  There was indeed
already a place that was adding an explicit smp_mb() to order between
kvm_check_request and the processing of the request.  That memory
barrier can be removed (as an added benefit, kvm_check_request can use
smp_mb__after_atomic which is free on x86).

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-20 15:29:17 +02:00
Xiao Guangrong 46971a2f59 KVM: MMU: skip obsolete sp in for_each_gfn_*()
The obsolete sp should not be used on current vCPUs and should not hurt
vCPU's running, so skip it from for_each_gfn_sp() and
for_each_gfn_indirect_valid_sp()

The side effort is we will double check role.invalid in kvm_mmu_get_page()
but i think it is okay as role is well cached

Signed-off-by: Xiao Guangrong <guangrong.xiao@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-20 15:29:17 +02:00
Liang Chen c54cdf141c KVM: x86: optimize steal time calculation
Since accumulate_steal_time is now only called in record_steal_time, it
doesn't quite make sense to put the delta calculation in a separate
function. The function could be called thousands of times before guest
enables the steal time MSR (though the compiler may optimize out this
function call). And after it's enabled, the MSR enable bit is tested twice
every time. Removing the accumulate_steal_time function also avoids the
necessity of having the accum_steal field.

Signed-off-by: Liang Chen <liangchen.linux@gmail.com>
Signed-off-by: Gavin Guo <gavin.guo@canonical.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-20 15:29:17 +02:00
Radim Krčmář 05b1159e64 KVM/s390 patches for 4.7:
- improve perf output
 - cleanup and a new feature in the floating interrupt controller (FLIC)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABAgAGBQJXF3muAAoJEN7Pa5PG8C+vDFkP/Ajh5QP8VmVvdnMkx4lTkcay
 DVqvxVWUeLVSkmzm1gXCLLZgZR1yPFhifZ2+4M+zCgLxxPIzHkSjIjCCSGbS1K6x
 RazQi5zPGShAkagBUVd5cnbIR8v712lviShr4ezwKqkI2Aufst/ETo/EK3sfskR2
 pjydblbv0ls1CiZlWdSs6m4ma8ml+RDbkFNTjloXfb88Bz+OWDGc9IU/GvSopyzm
 0+xTM99aA/pG4XRt0t8u/7JQ7fpYm+vLC/nu930tCuAuMCVsL6SlUpfBf0mrUUBC
 wt25qT3Mjh6Vzj1oN3jrNCfAnq1zDDAX8ss5p4Z2rUZv2JhSLcCf2sZ78JSFFWHZ
 0bso0rKleH4bM35+R9+QBjTkiUMTvPAVBERycr9jbMtuHlvrbdJnG4OfFDOvpWOT
 AHnvuNxjtTyzyvvRUw80vyPAwoGr9KNOtZ6PWkNh3MTOJRPWoI97Z7NFdSit9cGC
 mSIxodhS1XowoFaorbGhT70C2J3ieWjFrI5fa4FsTKyxmKwJUitjcwL7T0pSloNp
 t51HsHkcwEIUB1qq1a7ngJzVJyzuDJxUMwsFRfjv6oXhhUxar+LOebUCTBZ9oCKl
 7kc7ZWCDNN1M0VbqJAyvqpxI0IplHXmf7VHtidXgRlunoYnsFJe6IGClQvhv5PVI
 +hh/JSSdz6kO95rYL0Gq
 =25Bi
 -----END PGP SIGNATURE-----

Merge tag 'kvms390-20160420' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into next

KVM/s390 patches for 4.7:
- improve perf output
- cleanup and a new feature in the floating interrupt controller (FLIC)
2016-04-20 15:28:51 +02:00
Halil Pasic 6d28f789bf KVM: s390: add clear I/O irq operation for FLIC
Introduce a FLIC operation for clearing I/O interrupts for a subchannel.

Rationale: According to the platform specification, pending I/O
interruption requests have to be revoked in certain situations. For
instance, according to the Principles of Operation (page 17-27), a
subchannel put into the installed parameters initialized state is in the
same state as after an I/O system reset (just parameters possibly changed).
This implies that any I/O interrupts for that subchannel are no longer
pending (as I/O system resets clear I/O interrupts). Therefore, we need an
interface to clear pending I/O interrupts.

Signed-off-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-04-20 14:27:32 +02:00
Halil Pasic dad7eefbd0 KVM: s390: document FLIC behavior on unsupported
FLIC behavior deviates from the API documentation in reporting EINVAL
instead of ENXIO for KVM_SET_DEVICE_ATTR/KVM_GET_DEVICE_ATTR when the group
or attribute is unknown/unsupported. Unfortunately this can not be fixed
for historical reasons. Let us at least have it documented.

Signed-off-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-04-20 14:27:32 +02:00
Halil Pasic 4f1298584e KVM: s390: implement has_attr for FLIC
HAS_ATTR is useful for determining the supported attributes; let's
implement it.

Signed-off-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-04-20 14:27:32 +02:00
Christian Borntraeger 9f10b79dad KVM: s390/perf: provide additional sigp events
perf kvm stat can decode sigp events, let's make
the list complete by adding the missing ones.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Acked-by: Alexander Yarygin <yarygin@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-04-20 14:27:32 +02:00
Linus Torvalds 5e1b59abef KVM/ARM fixes:
- Wrong indentation in the PMU code from the merge window
 - A long-time bug occuring with running ntpd on the host, candidate for stable
 - Properly handle (and warn about) the unsupported configuration of running on
    systems with less than 40 bits of PA space
 - More fixes to the PM and hotplug notifier stuff from the merge window
 
 x86:
 - leak of guest xcr0 (typically shows up as SIGILL)
 - new maintainer (who is sending the pull request too)
 - fix for merge window regression
 - fix for guest CPUID
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJXCrBeAAoJEL/70l94x66DHlYIAJseQjhyXMm3J8vkZ1qoPjiM
 IWUV3BoSDpMjIXZdiouDShCBwBE1zDoFCXzkGO8FGNpYTy/4WQ2DF+fQr8OFveOv
 bpLJI6iYpCESh5ihhp8UDTD9oY4ZAxyPfNUx06Rirze2ijDr6rWkM16bKgdIlMpa
 rzGUQWodZO0odCWVMAXSe08uistvqZ71iacpAIJQJrx3MJcq1u2+Y2daZO3df1R6
 GnWxY5SK2ZvrNEwjQPXAYgCPGaJKEVUbr9BvWFoQ2O+qGA4TPv4jrOsAQ7bRh4Rr
 SGOH465Qdj2EA7eJrP2/NAlD5N7H7RWkiLiyIGF4OTS6wJHU8jdnOLbYPx0VmQg=
 =1OKc
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull KVM fixes from Radim Krčmář:
 "ARM fixes:
   - Wrong indentation in the PMU code from the merge window
   - A long-time bug occuring with running ntpd on the host, candidate
     for stable
   - Properly handle (and warn about) the unsupported configuration of
     running on systems with less than 40 bits of PA space
   - More fixes to the PM and hotplug notifier stuff from the merge
     window

  x86:
   - leak of guest xcr0 (typically shows up as SIGILL)
   - new maintainer (who is sending the pull request too)
   - fix for merge window regression
   - fix for guest CPUID"

Paolo Bonzini points out:
 "For the record, this tag is signed by me because I prepared the pull
  request.  Further pull requests for 4.6 will be signed and sent out by
  Radim directly"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: x86: mask CPUID(0xD,0x1).EAX against host value
  kvm: x86: do not leak guest xcr0 into host interrupt handlers
  KVM: MMU: fix permission_fault()
  KVM: new maintainer on the block
  arm64: KVM: unregister notifiers in hyp mode teardown path
  arm64: KVM: Warn when PARange is less than 40 bits
  KVM: arm/arm64: Handle forward time correction gracefully
  arm64: KVM: Add braces to multi-line if statement in virtual PMU code
2016-04-13 08:53:26 -07:00
Linus Torvalds 1c74a7f812 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid
Pull HID fixes from Jiri Kosina:

 - fix for how scaling linearization is computed in wiimote driver, by
   Cyan Ogilvie

 - endless retry loop fix in generic USB HID core reset-resume handling,
   by Alan Stern

 - two functional fixes affecting particular devices, and oops fix for
   wacom driver, by Jason Gerecke

 - multitouch slot numbering fix from Gabriele Mazzotta

 - a couple more small fixes on top

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
  HID: wacom: Support switching from vendor-defined device mode on G9 and G11
  HID: wacom: Initialize hid_data.inputmode to -1
  HID: microsoft: add support for 3 more devices
  HID: multitouch: Synchronize MT frame on reset_resume
  HID: wacom: fix Bamboo ONE oops
  HID: lenovo: Don't use stack variables for DMA buffers
  HID: usbhid: fix inconsistent reset/resume/reset-resume behavior
  HID: wiimote: Fix wiimote mp scale linearization
2016-04-11 12:31:09 -07:00
Linus Torvalds 6c6563a489 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k
Pull m68k update from Geert Uytterhoeven.

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k:
  m68k/defconfig: Update defconfigs for v4.6-rc2
  m68k: Wire up preadv2 and pwritev2
2016-04-11 12:24:59 -07:00
Linus Torvalds a56711fa0b ARC fixes for 4.6-rc4
- Kconfig splat due to pcie rework
  - Making ethernet work again on axs103
  - Provide fb_pgprotect() for future Video driver integration
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJXC1vSAAoJEGnX8d3iisJeRzYP/3XJ8z04XAkQU4k4Ny0UQbHb
 y2sqRHmXUQH2YfEI6qXuDevbk72q9ROu4m49if8/IDhrE3QjCkCOw6M9z2k1mU9B
 e4RWj6pZOYvjfhI/DHAJGqjpDudkX5KGRFx84NEaI4qwFfESwVsdv4oNDkCpP76a
 FbE4cT1yzbUYv9F5BVvZVOL4nJqih3y6n7YBgHf6GpeE2pKNqxPh+leoOq3n4e0w
 Br1rYZnTWbBvEwrfVHi8KOFgo2qrRu7VWbmmcImn+eZFAKhKjbXaExK2ShpAVgdI
 gebt+t8JDhThdN0/DwPuwMlAu7+9EoGk3XTCLWNfTxoaAINWF8JNEDUo9P9PpILd
 uDozzrZKV7NEHPBLiezqNlNs/jH5cMfatX+K4mX42uAH0RSl0iB4R0ODOnnuG8Po
 qqALXoDCNBdALa+yUd8s7VOQp+UoZW4SDcNIBGyhLbrpbYPUKbv80rDTa6fXRlMP
 Dw402DKs0sDc2zgcEVaxxt8KzeIqymATiWs7qUKJo2fNVBjw5XTlb5zl1hHkmCz5
 o1D3YJIQAX/QuqsHGvIj9uVlo8Z+kU7rFuKcv+YwwIJz7fZOaLDkwAHO+A05yHyF
 EP4WE+FOiDwXBGW9Uy/zgQO7AEtAmJtZxAeYwULDNVE6Mz0bQuz6NV0I9vqVWtxF
 VPatTRs8prsGdXc4k7e9
 =O4Nt
 -----END PGP SIGNATURE-----

Merge tag 'arc-4.6-rc4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc

Pull ARC fixes from Vineet Gupta:
 - fix Kconfig splat due to pcie rework
 - make ethernet work again on axs103
 - provide fb_pgprotect() for future video driver integration

* tag 'arc-4.6-rc4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
  ARC: [plat-axs103] Enable loop block devices
  Revert "ARC: [plat-axs10x] add Ethernet PHY description in .dts"
  arc: Add our own implementation of fb_pgprotect()
  ARC: Don't source drivers/pci/pcie/Kconfig ourselves
2016-04-11 12:19:57 -07:00
Linus Torvalds bf16200689 Linux 4.6-rc3 2016-04-10 17:58:30 -07:00
Linus Torvalds 08b15d1386 Merge branch 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm
Pull ARM fixes from Russell King:
 "A couple of small fixes, and wiring up the new syscalls which appeared
  during the merge window"

* 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm:
  ARM: 8550/1: protect idiv patching against undefined gcc behavior
  ARM: wire up preadv2 and pwritev2 syscalls
  ARM: SMP enable of cache maintanence broadcast
2016-04-10 17:48:17 -07:00
Linus Torvalds 2f422f94ee MMC host:
- sdhci: Fix regression setting power on Trats2 board
  - sdhci-pci: Add support and PCI IDs for more Broxton host controllers
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJXChF2AAoJEP4mhCVzWIwp2k0QAI4uB6rcYlYOEwJI+MJElx2U
 jwJ8X2M3hDxK8HdfU455yqibObu8aC2/0M25XqGppa2E20rvopYLNc2XeXSxT1dK
 r6WDk1wlE8paO5zJ+iDWi+NrJ8k0jVjO1LhSnuveWlE2RiB8Xo8tXdh2wdbvOg9v
 Qc1+KFuANVX6DjU7ZGG6LR82xmr8a0aEKp/TgB6RjZXgrf7zE40eVyNk01Ocupyf
 L8M4fk+ua5IUNKcfNRzSIuYC8oIbssmFpgg/fVE3rTPHzoJLVKSI9lKLbnnQseoq
 41g8zEDqo+DpEzgbhp7hOOUiGtkChCDszwIriXfhaGn6AEb29V8I2449apRSyMjf
 Ou4CkxTeQy5hqWFKqZthBsobQL7pCUJFrHiKHnNDPuRTGRsIuihaV9G0Qhy+lgIL
 0EnXHjFc6YaubJmjA72HGpdvlMU9YHlCLMcRPV2cWhaoAV2WdDqoO9sxqPHsnYhD
 fBzduG+fP82UE5VIqr2GnGuYgmwpQ3hvybEj4towOTQpzluQraDeSmbN3HrKdvtR
 7bMOsp+7meTRI0rwSHivVFD8vsK/a5x3IqNeq1FTIX9MoMfgBxMYlrPXQdORH5gN
 idHs4ZSHm91W8059Lkfw86HghjbJnLw/ZvK/IyszQhTqXL6X1/Ez4lwskIiaSB/o
 Ncwo6Lm7GdzL4uS3YWJE
 =J+cN
 -----END PGP SIGNATURE-----

Merge tag 'mmc-v4.6-rc1' of git://git.linaro.org/people/ulf.hansson/mmc

Pull MMC fixes from Ulf Hansson:
 "Here are a couple of mmc fixes intended for v4.6 rc3:

  MMC host:
   - sdhci: Fix regression setting power on Trats2 board
   - sdhci-pci: Add support and PCI IDs for more Broxton host controllers"

* tag 'mmc-v4.6-rc1' of git://git.linaro.org/people/ulf.hansson/mmc:
  mmc: sdhci-pci: Add support and PCI IDs for more Broxton host controllers
  mmc: sdhci: Fix regression setting power on Trats2 board
2016-04-10 17:38:55 -07:00
Linus Torvalds 6a7c924314 Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
Pull i2c fixes from Wolfram Sang:
 "Some bugfixes from I2C:

   - fix a uevent triggered boot problem by removing a useless debug
     print

   - fix sysfs-attributes of the new i2c-demux-pinctrl driver to follow
     standard kernel behaviour

   - fix a potential division-by-zero error (needed two takes)"

* 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
  i2c: jz4780: really prevent potential division by zero
  Revert "i2c: jz4780: prevent potential division by zero"
  i2c: jz4780: prevent potential division by zero
  i2c: mux: demux-pinctrl: Update docs to new sysfs-attributes
  i2c: mux: demux-pinctrl: Clean up sysfs attributes
  i2c: prevent endless uevent loop with CONFIG_I2C_DEBUG_CORE
2016-04-10 17:04:42 -07:00
Linus Torvalds 9f2394c9be Revert "ext4: allow readdir()'s of large empty directories to be interrupted"
This reverts commit 1028b55baf.

It's broken: it makes ext4 return an error at an invalid point, causing
the readdir wrappers to write the the position of the last successful
directory entry into the position field, which means that the next
readdir will now return that last successful entry _again_.

You can only return fatal errors (that terminate the readdir directory
walk) from within the filesystem readdir functions, the "normal" errors
(that happen when the readdir buffer fills up, for example) happen in
the iterorator where we know the position of the actual failing entry.

I do have a very different patch that does the "signal_pending()"
handling inside the iterator function where it is allowable, but while
that one passes all the sanity checks, I screwed up something like four
times while emailing it out, so I'm not going to commit it today.

So my track record is not good enough, and the stars will have to align
better before that one gets committed.  And it would be good to get some
review too, of course, since celestial alignments are always an iffy
debugging model.

IOW, let's just revert the commit that caused the problem for now.

Reported-by: Greg Thelen <gthelen@google.com>
Cc: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2016-04-10 16:52:24 -07:00
Paolo Bonzini 316314cae1 KVM: x86: mask CPUID(0xD,0x1).EAX against host value
This ensures that the guest doesn't see XSAVE extensions
(e.g. xgetbv1 or xsavec) that the host lacks.

Cc: stable@vger.kernel.org
Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-10 21:53:50 +02:00
David Matlack fc5b7f3bf1 kvm: x86: do not leak guest xcr0 into host interrupt handlers
An interrupt handler that uses the fpu can kill a KVM VM, if it runs
under the following conditions:
 - the guest's xcr0 register is loaded on the cpu
 - the guest's fpu context is not loaded
 - the host is using eagerfpu

Note that the guest's xcr0 register and fpu context are not loaded as
part of the atomic world switch into "guest mode". They are loaded by
KVM while the cpu is still in "host mode".

Usage of the fpu in interrupt context is gated by irq_fpu_usable(). The
interrupt handler will look something like this:

if (irq_fpu_usable()) {
        kernel_fpu_begin();

        [... code that uses the fpu ...]

        kernel_fpu_end();
}

As long as the guest's fpu is not loaded and the host is using eager
fpu, irq_fpu_usable() returns true (interrupted_kernel_fpu_idle()
returns true). The interrupt handler proceeds to use the fpu with
the guest's xcr0 live.

kernel_fpu_begin() saves the current fpu context. If this uses
XSAVE[OPT], it may leave the xsave area in an undesirable state.
According to the SDM, during XSAVE bit i of XSTATE_BV is not modified
if bit i is 0 in xcr0. So it's possible that XSTATE_BV[i] == 1 and
xcr0[i] == 0 following an XSAVE.

kernel_fpu_end() restores the fpu context. Now if any bit i in
XSTATE_BV == 1 while xcr0[i] == 0, XRSTOR generates a #GP. The
fault is trapped and SIGSEGV is delivered to the current process.

Only pre-4.2 kernels appear to be vulnerable to this sequence of
events. Commit 653f52c ("kvm,x86: load guest FPU context more eagerly")
from 4.2 forces the guest's fpu to always be loaded on eagerfpu hosts.

This patch fixes the bug by keeping the host's xcr0 loaded outside
of the interrupts-disabled region where KVM switches into guest mode.

Cc: stable@vger.kernel.org
Suggested-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: David Matlack <dmatlack@google.com>
[Move load after goto cancel_injection. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-10 21:53:49 +02:00
Xiao Guangrong 7a98205dee KVM: MMU: fix permission_fault()
kvm-unit-tests complained about the PFEC is not set properly, e.g,:
test pte.rw pte.d pte.nx pde.p pde.rw pde.pse user fetch: FAIL: error code 15
expected 5
Dump mapping: address: 0x123400000000
------L4: 3e95007
------L3: 3e96007
------L2: 2000083

It's caused by the reason that PFEC returned to guest is copied from the
PFEC triggered by shadow page table

This patch fixes it and makes the logic of updating errcode more clean

Signed-off-by: Xiao Guangrong <guangrong.xiao@linux.intel.com>
[Do not assume pfec.p=1. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-10 21:53:49 +02:00
Linus Torvalds 5b5b7fd185 Merge branch 'parisc-4.6-3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux
Pull parisc fixes from Helge Deller:
 "Since commit 0de798584b ("parisc: Use generic extable search and
  sort routines") module loading is boken on parisc, because the parisc
  module loader wasn't prepared for the new R_PARISC_PCREL32 relocations.

  In addition, due to that breakage, Mikulas Patocka noticed that
  handling exceptions from modules probably never worked on parisc.  It
  was just masked by the fact that exceptions from modules don't happen
  during normal use.

  This patch series fixes those issues and survives the tests of the
  lib/test_user_copy kernel module test.  Some patches are tagged for
  stable"

* 'parisc-4.6-3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
  parisc: Update comment regarding relative extable support
  parisc: Unbreak handling exceptions from kernel modules
  parisc: Fix kernel crash with reversed copy_from_user()
  parisc: Avoid function pointers for kernel exception routines
  parisc: Handle R_PARISC_PCREL32 relocations in kernel modules
2016-04-09 14:10:20 -07:00
Linus Torvalds 239467e852 Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm
Pull libnvdimm fixes from Dan Williams:
 "Three fixes, the first two are tagged for -stable:

   - The ndctl utility/library gained expanded unit tests illuminating a
     long standing bug in the libnvdimm SMART data retrieval
     implementation.

     It has been broken since its initial implementation, now fixed.

   - Another one line fix for the detection of stale info blocks.

     Without this change userspace can get into a situation where it is
     unable to reconfigure a namespace.

   - Fix the badblock initialization path in the presence of the new (in
     v4.6-rc1) section alignment workarounds.

     Without this change badblocks will be reported at the wrong offset.

  These have received a build success report from the kbuild robot and
  have appeared in -next with no reported issues"

* 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
  libnvdimm, pfn: fix nvdimm_namespace_add_poison() vs section alignment
  libnvdimm, pfn: fix uuid validation
  libnvdimm: fix smart data retrieval
2016-04-09 14:05:45 -07:00
Linus Torvalds 289b7bfd48 GPIO fixes for the V4.6 series:
Core fixes:
 - Defer GPIO device setup until after gpiolib is initialized.
   It turns out that a few very tightly integrated GPIO platform
   drivers initialize so early (befor core_initcall()) so that
   the gpiolib isn't even initialized itself. That limits what
   the library can do, and we cannot reference uninitialized
   fields until later. Defer some of the initialization until
   right after the gpiolib is initialized in these (rare) cases.
 - As a consequence: do not use devm_* resources when allocating
   the states in the initial set-up of the gpiochip.
 
 Driver fixes:
 - In ACPI retrieveal: ignore GpioInt when looking for output
   GPIOs.
 - Fix legacy builds on the PXA without a backing pin controller.
 - Use correct datatype on pca953x register writes.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJXCVYaAAoJEEEQszewGV1z/MEQALfOdb+7WO/45qEtZCMpU2ih
 LOm60aiIdvVggsibeiGlHRbIF97P9z9GVD5nI3NJ7QPVDgKmqhL9ma+jAxxdUnpt
 AOs3Yd/sdThocfb9UsqHkPxVC/vge7TEU9EUDnLSx5UMaHO6tsBrUB06y3mDM01f
 X1nLtQweuEMYOutIVF9VaOx6DeFbVV4RqpxEHPbzPf4oAJrqreWqduPzxdYbdphs
 +hsm4sCodsjANiNtWjZpdEUFnw+MFRjOS234jKxMiC3xIdp4pO1NlqLxWTcK3N9Y
 WdxiAdrKEPq/5IUlt4R0shOL7e0o60nIJIlczxrAp4Z6jCKw+WYGIB/iIfh0rLq+
 /M4Awgrn3rUAs5jcJ4n7dm9QdCMd0XXw8+maLpYkYXa7rKHrUDyIC55L/DTSuoIY
 XwfdKd0Eyapa+iNhFmxQ6EWqH3JZCOv1IHQ65BbVXGzef2Voy6exCAKScF9vM7bV
 V2ydyrYOt++6stdS2KCbTgipLAeInXqXk0Xag5uPw0zGeJgYfhdYW5+2xfYp2PWD
 v9Z6VNkrF8u9AxGS3tq8Z/RMBR2dCyL2nFUi+TKx0cu3zbjGOEPOHfV45Tid59Jd
 YroHLBpRIB77srsKHcC3ZBtKbtt4idyzbYJHTni7XBT3F7pM/xUV37R1ZpWPrYAS
 JA/fhOSAuy7YnaV1CQFL
 =X4YD
 -----END PGP SIGNATURE-----

Merge tag 'gpio-v4.6-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio

Pull GPIO fixes from Linus Walleij:
 "Here is a set of four GPIO fixes.  The two fixes to the core are
  serious as they are regressing minor architectures.

  Core fixes:

   - Defer GPIO device setup until after gpiolib is initialized.

     It turns out that a few very tightly integrated GPIO platform
     drivers initialize so early (befor core_initcall()) so that the
     gpiolib isn't even initialized itself.  That limits what the
     library can do, and we cannot reference uninitialized fields until
     later.

     Defer some of the initialization until right after the gpiolib is
     initialized in these (rare) cases.

   - As a consequence: do not use devm_* resources when allocating the
     states in the initial set-up of the gpiochip.

  Driver fixes:

   - In ACPI retrieveal: ignore GpioInt when looking for output GPIOs.

   - Fix legacy builds on the PXA without a backing pin controller.

   - Use correct datatype on pca953x register writes"

* tag 'gpio-v4.6-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
  gpio: pca953x: Use correct u16 value for register word write
  gpiolib: Defer gpio device setup until after gpiolib initialization
  gpiolib: Do not use devm functions when registering gpio chip
  gpio: pxa: fix legacy non pinctrl aware builds
  gpio / ACPI: ignore GpioInt() GPIOs when requesting GPIO_OUT_*
2016-04-09 13:28:50 -07:00
Linus Torvalds 183c948a3c TTY fixes for 4.6-rc3
Here are two tty fixes for issues found.  One was due to a merge error
 in 4.6-rc1, and the other a regression fix for UML consoles that broke
 in 4.6-rc1.
 
 Both have been in linux-next for a while.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iEYEABECAAYFAlcJNlUACgkQMUfUDdst+ymVwwCgwEvpbd9cHK/KkaoK7qpjqDu3
 TfwAn0EOY+9DYwBqw8WEAsp/6QVm2R9q
 =4Clt
 -----END PGP SIGNATURE-----

Merge tag 'tty-4.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty

Pull tty fixes from Greg KH:
 "Here are two tty fixes for issues found.

  One was due to a merge error in 4.6-rc1, and the other a regression
  fix for UML consoles that broke in 4.6-rc1.

  Both have been in linux-next for a while"

* tag 'tty-4.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
  tty: Fix merge of "tty: Refactor tty_open()"
  tty: Fix UML console breakage
2016-04-09 12:32:44 -07:00
Linus Torvalds ffb927d1dc USB fixes for 4.6-rc3
Here are some USB fixes and new device ids for 4.6-rc3.
 
 Nothing major, the normal USB gadget fixes and usb-serial driver ids,
 along with some other fixes mixed in.  All except the USB serial ids
 have been tested in linux-next, the id additions should be fine as they
 are "trivial".
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iEYEABECAAYFAlcJLLUACgkQMUfUDdst+ym3wgCeNSzb74ZskDbGsXUooE0XhYRc
 iPoAnRpn/ahoBTzmkKiQXQ1+Br8pAUtN
 =vyU/
 -----END PGP SIGNATURE-----

Merge tag 'usb-4.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb

Pull USB fixes from Greg KH:
 "Here are some USB fixes and new device ids for 4.6-rc3.

  Nothing major, the normal USB gadget fixes and usb-serial driver ids,
  along with some other fixes mixed in.  All except the USB serial ids
  have been tested in linux-next, the id additions should be fine as
  they are 'trivial'"

* tag 'usb-4.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (25 commits)
  USB: option: add "D-Link DWM-221 B1" device id
  USB: serial: cp210x: Adding GE Healthcare Device ID
  USB: serial: ftdi_sio: Add support for ICP DAS I-756xU devices
  usb: dwc3: keystone: drop dma_mask configuration
  usb: gadget: udc-core: remove manual dma configuration
  usb: dwc3: pci: add ID for one more Intel Broxton platform
  usb: renesas_usbhs: fix to avoid using a disabled ep in usbhsg_queue_done()
  usb: dwc2: do not override forced dr_mode in gadget setup
  usb: gadget: f_midi: unlock on error
  USB: digi_acceleport: do sanity checking for the number of ports
  USB: cypress_m8: add endpoint sanity check
  USB: mct_u232: add sanity checking in probe
  usb: fix regression in SuperSpeed endpoint descriptor parsing
  USB: usbip: fix potential out-of-bounds write
  usb: renesas_usbhs: disable TX IRQ before starting TX DMAC transfer
  usb: renesas_usbhs: avoid NULL pointer derefernce in usbhsf_pkt_handler()
  usb: gadget: f_midi: Fixed a bug when buflen was smaller than wMaxPacketSize
  usb: phy: qcom-8x16: fix regulator API abuse
  usb: ch9: Fix SSP Device Cap wFunctionalitySupport type
  usb: gadget: composite: Access SSP Dev Cap fields properly
  ...
2016-04-09 12:23:02 -07:00
Linus Torvalds c6e6e58cc8 Staging / IIO driver fixes for 4.6-rc3
Here are some IIO driver fixes, along with two staging driver fixes for
 4.6-rc3.
 
 One staging driver patch reverts the deletion of a driver that happened
 in 4.6-rc1.  We thought that laptop.org was dead, but it's still alive
 and kicking, and has users that were mad we broke their hardware by
 deleting a driver for their machines.  So that driver is added back and
 everyone is happy again.
 
 All of these have been in linux-next for a while with no reported issues.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iEYEABECAAYFAlcJNwYACgkQMUfUDdst+ynczgCgnrRAIAi5n9h0Y39CzY8OLH0Y
 2qMAnj5gSZGdP6iS6nPsJTX7cENNch3V
 =Z855
 -----END PGP SIGNATURE-----

Merge tag 'staging-4.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging

Pull staging and IIO driver fixes from Greg KH:
 "Here are some IIO driver fixes, along with two staging driver fixes
  for 4.6-rc3.

  One staging driver patch reverts the deletion of a driver that
  happened in 4.6-rc1.  We thought that laptop.org was dead, but it's
  still alive and kicking, and has users that were mad we broke their
  hardware by deleting a driver for their machines.  So that driver is
  added back and everyone is happy again.

  All of these have been in linux-next for a while with no reported
  issues"

* tag 'staging-4.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
  Revert "Staging: olpc_dcon: Remove obsolete driver"
  staging/rdma/hfi1: select CRC32
  iio: gyro: bmg160: fix buffer read values
  iio: gyro: bmg160: fix endianness when reading axes
  iio: accel: bmc150: fix endianness when reading axes
  iio: st_magn: always define ST_MAGN_TRIGGER_SET_STATE
  iio: fix config watermark initial value
  iio: health: max30100: correct FIFO check condition
  iio: imu: Fix inv_mpu6050 dependencies
  iio: adc: Fix build error of missing devm_ioremap_resource on UM
  iio: light: apds9960: correct FIFO check condition
  iio: adc: max1363: correct reference voltage
  iio: adc: max1363: add missing adc to max1363_id
2016-04-09 12:09:37 -07:00
Linus Torvalds fb41b4be00 SCSI fixes on 20160408
This is a set of 8 fixes.  Two are trivial gcc-6 updates (brace
 additions and unused variable removal).  There's a couple of cxlflash
 regressions, a correction for sd being overly chatty on revalidation
 (causing excess log increases).  A VPD issue which could crash USB
 devices because they seem very intolerant to VPD inquiries, an ALUA
 deadlock fix and a mpt3sas buffer overrun fix.
 
 Signed-off-by: James Bottomley <jejb@linux.vnet.ibm.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQEcBAABAgAGBQJXCD7VAAoJEDeqqVYsXL0MFKEH/ixQH8FSz7FYdunmkp4Q2sjT
 7gda6mXOeJN75zBSRDlV0U6wl0jK2B0iHh7ycRpCD72+XslMOOnji3I6Tmt/GU2C
 kkibxN/Iw95cduAOcd04/XqkBMbvjBDeIii/s3xixju3tIR6b4WTGcAHK6zmnWVE
 zDvIVKswhcGesBWBtNw0BvvG0RLujIst3tnLT81MmqYMNlwydHXkhm1OAB4w7Xl1
 2m7gnLhqPCw0HPBWQ9w6j/eGqOc5+YS6mAj/mAUc6qLTbqA1TSGqmD4NfqsqR+MU
 F8bIgESbYBZ3kj//zWBdHkGp6iVsxUhXsE1F62EHD4DOZEtFzkeuMxRmMu5xqmc=
 =v4SO
 -----END PGP SIGNATURE-----

Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "This is a set of eight fixes.

  Two are trivial gcc-6 updates (brace additions and unused variable
  removal).  There's a couple of cxlflash regressions, a correction for
  sd being overly chatty on revalidation (causing excess log increases).
  A VPD issue which could crash USB devices because they seem very
  intolerant to VPD inquiries, an ALUA deadlock fix and a mpt3sas buffer
  overrun fix"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: Do not attach VPD to devices that don't support it
  sd: Fix excessive capacity printing on devices with blocks bigger than 512 bytes
  scsi_dh_alua: Fix a recently introduced deadlock
  scsi: Declare local symbols static
  cxlflash: Move to exponential back-off when cmd_room is not available
  cxlflash: Fix regression issue with re-ordering patch
  mpt3sas: Don't overreach ioc->reply_post[] during initialization
  aacraid: add missing curly braces
2016-04-09 12:00:42 -07:00
Linus Torvalds 63b106a87d Merge tag 'md/4.6-rc2-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md
Pull MD fixes from Shaohua Li:
 "This update mainly fixes bugs:

   - fix error handling (Guoqing)
   - fix a crash when a disk is hotremoved (me)
   - fix a dead loop (Wei Fang)"

* tag 'md/4.6-rc2-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md:
  md/bitmap: clear bitmap if bitmap_create failed
  MD: add rdev reference for super write
  md: fix a trivial typo in comments
  md:raid1: fix a dead loop when read from a WriteMostly disk
2016-04-09 11:23:27 -07:00
Linus Torvalds 40bca9dbab Power management and ACPI material for v4.6-rc3
- intel_pstate fixes for two issues exposed by the recent switch
    over from using timers and for one issue introduced during the
    4.4 cycle plus new comments describing data structures used by
    the driver (Rafael Wysocki, Srinivas Pandruvada).
 
  - intel_idle fixes related to CPU offline/online (Richard Cochran).
 
  - intel_idle support (new CPU IDs and state definitions mostly) for
    Skylake-X and Kabylake processors (Len Brown).
 
  - PCC mailbox driver fix for an out-of-bounds memory access that
    may cause the kernel to panic() (Shanker Donthineni).
 
  - New (missing) CPU ID for one apparently overlooked Haswell model
    in the Intel RAPL power capping driver (Srinivas Pandruvada).
 
  - Fix for the PM core's wakeup IRQs framework to make it work after
    wakeup settings reconfiguration from sysfs (Grygorii Strashko).
 
  - Runtime PM documentation update to make it describe what needs
    to be done during device removal more precisely (Krzysztof
    Kozlowski).
 
  - Stale comment removal cleanup in the cpufreq-dt driver (Viresh
    Kumar).
 
  - turbostat utility fixes and support for Broxton, Skylake-X
    and Kabylake processors (Len Brown).
 
 /
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABCAAGBQJXCBaNAAoJEILEb/54YlRxDrkP/jdCfB3wOcRGp6LN6GHksC3u
 k2yUQl+XJZhggLda+yUK2ovV5tCJwGmP1N1B/MacRr/5MeicGXBvt6ZrHGqOfTKo
 9xAGKOt2xsoAbHkleB733GIRD9TYZpqCTx9n0dka7kRArQA/uhY+TlXYY2Kn+E0B
 1c4lEN3d9j4G2qW55YxnfRUOhwUc03syokOsS2z9ChEAVPSrn7Zv8V+8rPwxIz5w
 uUWphlnEQgaRwzwxACHwE0bht8sl1cJ1UUSVbzf30mzRlGHiteYyI/vuE2hF9SiV
 DEv9mhSB+4U6WuBHr4Cwu+nf9YTlaY1ZaS3r5EDzJaNJb8tMqPZcGitfn+fTGtUz
 9GlCQZIBcP1vWBDybuuPOzAH++QUFrikozuNfUu1d+WFEypRyadMIvUhtmZPG9mh
 9+Vem+ta32eXos07dx4Dvth+yNvmG5bxPnteDp3GPsnCCDlXutcKaaJaaj+1NzHi
 oqHyEynMhJuN/D2h+oIVIUppKBVO55M+lJMJrX891zICs/98K2LwOtFDuNRWQml0
 3yR7Ieoj5gxVfbT6zNeH5z7CxP/MymNAMjbxfiwqtGHhkNoAv92ymMxnptPiLCHn
 Zyycelsve3sneV+iyk1fAOZFvDXbzTUyigxGP7Kc87iia/Yd2TjLlvwJkMNK6x/K
 2OSkjJFqqrqAqcXNIz3G
 =f4MM
 -----END PGP SIGNATURE-----

Merge tag 'pm+acpi-4.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull power management and ACPI fixes from Rafael Wysocki:
 "Fixes for some issues discovered after recent changes and for some
  that have just been found lately regardless of those changes
  (intel_pstate, intel_idle, PM core, mailbox/pcc, turbostat) plus
  support for some new CPU models (intel_idle, Intel RAPL driver,
  turbostat) and documentation updates (intel_pstate, PM core).

  Specifics:

   - intel_pstate fixes for two issues exposed by the recent switch over
     from using timers and for one issue introduced during the 4.4 cycle
     plus new comments describing data structures used by the driver
     (Rafael Wysocki, Srinivas Pandruvada).

   - intel_idle fixes related to CPU offline/online (Richard Cochran).

   - intel_idle support (new CPU IDs and state definitions mostly) for
     Skylake-X and Kabylake processors (Len Brown).

   - PCC mailbox driver fix for an out-of-bounds memory access that may
     cause the kernel to panic() (Shanker Donthineni).

   - New (missing) CPU ID for one apparently overlooked Haswell model in
     the Intel RAPL power capping driver (Srinivas Pandruvada).

   - Fix for the PM core's wakeup IRQs framework to make it work after
     wakeup settings reconfiguration from sysfs (Grygorii Strashko).

   - Runtime PM documentation update to make it describe what needs to
     be done during device removal more precisely (Krzysztof Kozlowski).

   - Stale comment removal cleanup in the cpufreq-dt driver (Viresh
     Kumar).

   - turbostat utility fixes and support for Broxton, Skylake-X and
     Kabylake processors (Len Brown)"

* tag 'pm+acpi-4.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: (28 commits)
  PM / wakeirq: fix wakeirq setting after wakup re-configuration from sysfs
  tools/power turbostat: work around RC6 counter wrap
  tools/power turbostat: initial KBL support
  tools/power turbostat: initial SKX support
  tools/power turbostat: decode BXT TSC frequency via CPUID
  tools/power turbostat: initial BXT support
  tools/power turbostat: print IRTL MSRs
  tools/power turbostat: SGX state should print only if --debug
  intel_idle: Add KBL support
  intel_idle: Add SKX support
  intel_idle: Clean up all registered devices on exit.
  intel_idle: Propagate hot plug errors.
  intel_idle: Don't overreact to a cpuidle registration failure.
  intel_idle: Setup the timer broadcast only on successful driver load.
  intel_idle: Avoid a double free of the per-CPU data.
  intel_idle: Fix dangling registration on error path.
  intel_idle: Fix deallocation order on the driver exit path.
  intel_idle: Remove redundant initialization calls.
  intel_idle: Fix a helper function's return value.
  intel_idle: remove useless return from void function.
  ...
2016-04-09 11:03:48 -07:00
Linus Torvalds 9ef11ceb0d Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:

 1) Stale SKB data pointer access across pskb_may_pull() calls in L2TP,
    from Haishuang Yan.

 2) Fix multicast frame handling in mac80211 AP code, from Felix
    Fietkau.

 3) mac80211 station hashtable insert errors not handled properly, fix
    from Johannes Berg.

 4) Fix TX descriptor count limit handling in e1000, from Alexander
    Duyck.

 5) Revert a buggy netdev refcount fix in netpoll, from Bjorn Helgaas.

 6) Must assign rtnl_link_ops of the device before registering it, fix
    in ip6_tunnel from Thadeu Lima de Souza Cascardo.

 7) Memory leak fix in tc action net exit, from WANG Cong.

 8) Add missing AF_KCM entries to name tables, from Dexuan Cui.

 9) Fix regression in GRE handling of csums wrt.  FOU, from Alexander
    Duyck.

10) Fix memory allocation alignment and congestion map corruption in
    RDS, from Shamir Rabinovitch.

11) Fix default qdisc regression in tuntap driver, from Jason Wang.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (44 commits)
  bridge, netem: mark mailing lists as moderated
  tuntap: restore default qdisc
  mpls: find_outdev: check for err ptr in addition to NULL check
  ipv6: Count in extension headers in skb->network_header
  RDS: fix congestion map corruption for PAGE_SIZE > 4k
  RDS: memory allocated must be align to 8
  GRE: Disable segmentation offloads w/ CSUM and we are encapsulated via FOU
  net: add the AF_KCM entries to family name tables
  MAINTAINERS: intel-wired-lan list is moderated
  lib/test_bpf: Add additional BPF_ADD tests
  lib/test_bpf: Add test to check for result of 32-bit add that overflows
  lib/test_bpf: Add tests for unsigned BPF_JGT
  lib/test_bpf: Fix JMP_JSET tests
  VSOCK: Detach QP check should filter out non matching QPs.
  stmmac: fix adjust link call in case of a switch is attached
  af_packet: tone down the Tx-ring unsupported spew.
  net_sched: fix a memory leak in tc action
  samples/bpf: Enable powerpc support
  samples/bpf: Use llc in PATH, rather than a hardcoded value
  samples/bpf: Fix build breakage with map_perf_test_user.c
  ...
2016-04-09 10:50:44 -07:00
Linus Torvalds 839a3f7657 Merge branch 'for-linus-4.6' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs
Pull btrfs fixes from Chris Mason:
 "These are bug fixes, including a really old fsync bug, and a few trace
  points to help us track down problems in the quota code"

* 'for-linus-4.6' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
  Btrfs: fix file/data loss caused by fsync after rename and new inode
  btrfs: Reset IO error counters before start of device replacing
  btrfs: Add qgroup tracing
  Btrfs: don't use src fd for printk
  btrfs: fallback to vmalloc in btrfs_compare_tree
  btrfs: handle non-fatal errors in btrfs_qgroup_inherit()
  btrfs: Output more info for enospc_debug mount option
  Btrfs: fix invalid reference in replace_path
  Btrfs: Improve FL_KEEP_SIZE handling in fallocate
2016-04-09 10:41:34 -07:00
Linus Torvalds 6759212640 Orangefs: cleanups and a strncpy vulnerability fix.
Cleanups:
 
   - remove an unused variable from orangefs_readdir.
   - clean up printk wrapper used for ofs "gossip" debugging.
   - clean up truncate ctime and mtime setting in inode.c
   - remove a useless null check found by coccinelle.
   - optimize some memcpy/memset boilerplate code.
   - remove some useless sanity checks from xattr.c
 
 Fix:
 
   - fix a potential strncpy vulnerability.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJXCAvtAAoJEM9EDqnrzg2+U3kP/RcypLnTdnOLFI7GtTr7erpc
 4ys4UE3CdvOdIkDNgTeW+qTvy/b7qo3JBdaRqMAAmnWkxWn4cGXDGLhmfKD/6a3Q
 LL9vKxiczYN8gAYgnxoF5rNwoVScFVD7PospKkWMPedkRu00K0dqiJvomPXsvwM7
 MEl4ueewq3KMrXHu1GYSdoZhU8BWtku789Oa5leXRqEO2pRit0amX/qxB9KG6Urz
 Ebz0yCGMPP61nTN9A/Q7IM2imcJO5F0wc5uaSaWimjHeHb040ytMVqFa4GOh4Pky
 oQjjw5OYSsX/O7Hh66wKQ68YqYb762OKE1y5v8K43vRhWQtnQo9pdKpFVEK0An8Z
 wOSaUFd5mhPD2KENcKB/kSiH3eOyGdyD2QamptLJ6Opl/6UdPQMt++1EkuSuYEdW
 wnCFsJM5yam3Ot+REnQiYAVjLsDZ0XhPfNIuAp+d4LIV32JGTQPOBurKECwsJbj5
 fK0lsBNk7b8qgBwG41JjV7XyGlf5HWT2TwpuC2S5PysVXcxsvdfR3oVeUnzdL6aB
 fv0mp7bBqg2lNLKoeEYlxb+vbSiLutOCIPWSNptYjbCWa/q/bqnZMhXOUQjS5XRj
 HIG/91XeRUxOZk+y1gs5N5F8pCT9mfWRTvSCX5ex5x17rUFto/jhn2mQLAhxSyPD
 /AGQgNGz2VmmVBlaCngI
 =ZRlK
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-4.6-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux

Pull orangefs fixes from Mike Marshall:
 "Orangefs cleanups and a strncpy vulnerability fix.

  Cleanups:
   - remove an unused variable from orangefs_readdir.
   - clean up printk wrapper used for ofs "gossip" debugging.
   - clean up truncate ctime and mtime setting in inode.c
   - remove a useless null check found by coccinelle.
   - optimize some memcpy/memset boilerplate code.
   - remove some useless sanity checks from xattr.c

  Fix:
   - fix a potential strncpy vulnerability"

* tag 'for-linus-4.6-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux:
  orangefs: remove unused variable
  orangefs: Add KERN_<LEVEL> to gossip_<level> macros
  orangefs: strncpy -> strscpy
  orangefs: clean up truncate ctime and mtime setting
  Orangefs: fix ifnullfree.cocci warnings
  Orangefs: optimize boilerplate code.
  Orangefs: xattr.c cleanup
2016-04-09 10:33:58 -07:00
Linus Torvalds 1a59c53920 IOMMU Fixes for Linux v4.6-rc2 with:
- Compile-time fixes (warnings and failures)
 
  - A bug in iommu core code which could cause the group->domain pointer
    to be falsly cleared
 
  - Fix in scatterlist handling of the ARM common DMA-API code
 
  - Stall detection fix for the Rockchip IOMMU driver
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJXB7a7AAoJECvwRC2XARrjib0P/2U5k9+atF/rw/Fuk+boZUNe
 46A/aeISnAuoJu4fEid74HV0FkCz1B1y0LnHiadTuiF1ei1Ou9xwmQUDqosP5S9z
 MRhoicYmpQZ/Xkj0FZ0Ahl5NLOXQrre7iazJpWXR0r8owl3tXfSJhIkpqsxZVcxk
 nj/FaJCp94HAyTuYLjM8AipkZpMpGBLxfMr0DsVkFEj/Jh/DIpT7Nwd5yc5Gpc5g
 f7ojiX9km8eudwy1pKEM3Uh4slBbc7VLi4oibN6xDhtpXPfRsexfro8aqxT3A9j1
 9CVfL+RPK8EqJzjpVZCvTTbvYlSms4Jz4jClssObMTu9xXtA94z3kBDyp3oxzKwI
 JdPmNa4VEqSY+isFzab/JYaLaj4PxASFNiki6mQM7yaErRZoXYp78RbaI14Cz47l
 TrCmAuzMFKQ4abvrcO+aWmZxw8jzXJ4B+kNS92uR/jwJ4uK2G30AbVGIASgI4JAf
 HDhctNLZC0Ym4r+mqTDOVpWyuni7e4PinokH26HBBYZH40OkeP8pqLI+0Oyoi/67
 g2rutnpvmXO5q9sS9Zs+RgdRfyybBoDUqwZRFTzAORvVlh81ChNhpb/f/Jx7wxSM
 26walAx2bm254AgvacQ1E58tBdBeNereENvRPv4FZ3Yxxb4kYufHfo2by1i786Xs
 2b20kX/0SxSqaVJUYPGl
 =hCLk
 -----END PGP SIGNATURE-----

Merge tag 'iommu-fixes-v4.6-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu

Pull IOMMU fixes from Joerg Roedel:

 - compile-time fixes (warnings and failures)

 - a bug in iommu core code which could cause the group->domain pointer
   to be falsly cleared

 - fix in scatterlist handling of the ARM common DMA-API code

 - stall detection fix for the Rockchip IOMMU driver

* tag 'iommu-fixes-v4.6-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
  iommu/vt-d: Silence an uninitialized variable warning
  iommu/rockchip: Fix "is stall active" check
  iommu: Don't overwrite domain pointer when there is no default_domain
  iommu/dma: Restore scatterlist offsets correctly
  iommu: provide of_xlate pointer unconditionally
2016-04-09 10:23:45 -07:00
Wolfram Sang caf280800a i2c: jz4780: really prevent potential division by zero
Make sure we avoid a division-by-zero OOPS in case clock-frequency is
set too low in DT. Add missing '\n' while we are here.

Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Acked-by: Axel Lin <axel.lin@ingics.com>
2016-04-09 08:36:44 +02:00
Wolfram Sang 4ececb7d17 Revert "i2c: jz4780: prevent potential division by zero"
This reverts commit 34cf2acdaf. 'ret' is
not set when bailing out. Also, there is a better place to check for 0.

Reported-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
2016-04-09 08:32:37 +02:00
Greg Kroah-Hartman 636c8a8d85 USB-serial fixes for v4.6-rc3
Here are some new device ids.
 
 Signed-off-by: Johan Hovold <johan@kernel.org>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABCAAGBQJXB7dGAAoJEEEN5E/e4bSVmqsQALLjUGRr+eM/JE8XbeyATSE7
 5sYuxgX+9Yzp3+ePCmbxZvmKd/7ZRyrloCsE9e292AT1fx4XynArnJeX0Ad4SSuj
 bNpN9gB2culcZuUQ8T7BOieBwlj+gzYLmsaCrnl7Pf7XwrMcsHhY3fuyWs+YaC6W
 b6hJ9KgWm5CzRKGrBJjV43tOb2LZKemQmFuccu33igsGmdTKuGrPPewrPHriVsgr
 +yUWDdCNs0t00436I8Z18YSRGiKFi1RxmOPleWRL8FVsr9GoZNUV2xlc1cKblqSd
 msgfAgmj5FB/0aUog648K1IV+hdqvpSP4SXD3sytKfFCL4qFCVzy0hzMt9dJMl5A
 WQBZUhN1j2AJ7qMtAyQDjR4Y/QbX+rBIKjBgRgbdB5dLonoQ+lw++zacz4Al9FK2
 vKwCuBl5nr/ReXd7zqZ3YBnlo6Kdu17Ba4HkNurk/zqG8tOZFWyDrqPw/KmrOwQW
 1UPIjjWGR7o4zDJa5H+XIQCTPsGoeQJuncJG3akGAwRzVe0+jmaCWnkwnJRgtXZl
 kwpa41VaP6nXUIty+/xRFvOU/wMo0pVSda+ok/2TWUfifKomkxcju397bIe2MT82
 31aMNmbZyf+Zz/K5Hy+Sg+5Gat+82yDn7og57T+K3i+8m4/eVTFdHSCGf3B5iJxd
 6ALqRa//5lfGa8mkHutv
 =vUqa
 -----END PGP SIGNATURE-----

Merge tag 'usb-serial-4.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-linus

Johan writes:

USB-serial fixes for v4.6-rc3

Here are some new device ids.

Signed-off-by: Johan Hovold <johan@kernel.org>
2016-04-08 15:41:58 -07:00
David S. Miller 30d237a6c2 For the current RC series, we have the following fixes:
* TDLS fixes from Arik and Ilan
  * rhashtable fixes from Ben and myself
  * documentation fixes from Luis
  * U-APSD fixes from Emmanuel
  * a TXQ fix from Felix
  * and a compiler warning suppression from Jeff
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCgAGBQJXBQyAAAoJEGt7eEactAAdymsP/i2zU+VQFpkB8RG+nn/AYogY
 x2RXgKjCWOs6FwUcu+VHMx0whKuMADjqbMABdlsGGK62Xa5aYYcObvY+CgCUAI+m
 unV7kYDIBUHudiTpxXgZYUvylhIvW37VYjc6BDoaq4Jc1rz/L69zSrNHmoNiQv+Y
 113T0Ft5EEmEO1LP4s2GLMZTPqwgi2FnaP6UYFdTr2/ZfaRHlj2xRRG62WiT/q1x
 DMT2KWHvETCftpK3GwwkMSr0Au8CVV1soiQOoioTPRaevYbBFVi60GVXQeDlvFEV
 PqVCOEfsSvsw84phfHrW1bOxBeVsNYHbY/T4eVlC0zssUzz6KNH5jAfpyla1p0lP
 WniSqAaWxMcUYWCEBiOLa5LV2XVpXOuTpI84xcgc/BmprgzNyLgDAiCDtehpxALf
 Qmhc/rPR5BbLhTNY8z5qANG6mhQCHCo+52ypvBLMhZoajkPjgyBabwoqaRGje2ub
 vgzbAfqEguJmCAszw04KZ2UHInBcCDAZ5aOKiinawWvpftkDN0IJmO/HW5vnh4xV
 kawpo1eh1JzDcEyYfSjySHHFmR/5qnaDzaPL2cJthcOY/fGywibJHCQmoDPyH5jz
 Bkk0F0rMEcdQWs9pJLIMMzkA7BAlxYLYip0J9QImHL77sWK0QwUDCoryrgD6lL1D
 v2V31g1TZwPF2Noe9Rk7
 =r3Hr
 -----END PGP SIGNATURE-----

Merge tag 'mac80211-for-davem-2016-04-06' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211

Johannes Berg says:

====================
For the current RC series, we have the following fixes:
 * TDLS fixes from Arik and Ilan
 * rhashtable fixes from Ben and myself
 * documentation fixes from Luis
 * U-APSD fixes from Emmanuel
 * a TXQ fix from Felix
 * and a compiler warning suppression from Jeff
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2016-04-08 16:41:28 -04:00
stephen hemminger 3430284fea bridge, netem: mark mailing lists as moderated
I moderate these (lightly loaded) lists to block spam.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-04-08 16:32:52 -04:00
Helge Deller cb910c1714 parisc: Update comment regarding relative extable support
Update the comment to reflect the changes of commit 0de7985 (parisc: Use
generic extable search and sort routines).

Signed-off-by: Helge Deller <deller@gmx.de>
2016-04-08 22:14:26 +02:00
Helge Deller 2ef4dfd9d9 parisc: Unbreak handling exceptions from kernel modules
Handling exceptions from modules never worked on parisc.
It was just masked by the fact that exceptions from modules
don't happen during normal use.

When a module triggers an exception in get_user() we need to load the
main kernel dp value before accessing the exception_data structure, and
afterwards restore the original dp value of the module on exit.

Noticed-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: stable@vger.kernel.org
2016-04-08 22:14:14 +02:00
Helge Deller ef72f3110d parisc: Fix kernel crash with reversed copy_from_user()
The kernel module testcase (lib/test_user_copy.c) exhibited a kernel
crash on parisc if the parameters for copy_from_user were reversed
("illegal reversed copy_to_user" testcase).

Fix this potential crash by checking the fault handler if the faulting
address is in the exception table.

Signed-off-by: Helge Deller <deller@gmx.de>
Cc: stable@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>
2016-04-08 22:14:04 +02:00