Add periodictimer to net/MRP to enable retries #48

Closed
wants to merge 3 commits into
from

Conversation

Projects
None yet
2 participants
Contributor

noelbk commented Sep 16, 2013

Added periodic timer from [802.1Q-2011] to retry if MRP loses messages. MRP used to lose JoinIn messages and never retry if it sent messages before the interface became ready.

The periodic timer from the 802.1Q spec never turns off. It fires every second, causing MRP to bounce from state QA to AA and back. You might think that would stop when the registrar responds with an JoinIn, but there's no state in the MRP state table to ignore the periodic timer after getting a reply. The result is MRP sends a JoinIn message every second. This may not be desirable, but it's what the spec requires.

[802.1Q-2011]
http://standards.ieee.org/findstds/standard/802.1Q-2011.html

Owner

torvalds commented Sep 16, 2013

This is not how to do kernel development. You need to talk to the
maintainers of the code in question, which in this case would be

./scripts/get_maintainer.pl -f net/802/mrp.c:

"David S. Miller" davem@davemloft.net (maintainer:NETWORKING
[GENERAL],commit_signer:4/4=100%)
David Ward david.ward@ll.mit.edu (commit_signer:2/4=50%)
Patrick McHardy kaber@trash.net (commit_signer:1/4=25%)
Stephen Hemminger stephen@networkplumber.org (commit_signer:1/4=25%)
Eric Dumazet edumazet@google.com (commit_signer:1/4=25%)
netdev@vger.kernel.org (open list:NETWORKING [GENERAL])

and I'm pretty sure that they don't want just some random github pull
request either. Patches, explanations, background. And then when
they trust you, you can use the proper git "request-pull" script to
generate a high-quality pull request that you send from a real email
address, not the random stuff github generates. That said, for a
single small commit, an actual emailed patch is probably the way to
go.

github people - is there really no way to turn off Pull requests like
this and have an explanation pointing to
Documentation/SubmittingPatches or something? The kernel doesn't take
github pull requests, and never will. They don't contain enough
information, and they don't have the proper context.

                 Linus

On Mon, Sep 16, 2013 at 1:34 PM, noelbk notifications@github.com wrote:

Added periodic timer from [802.1Q-2011] to retry if MRP loses messages. MRP
used to lose JoinIn messages and never retry if it sent messages before the
interface became ready.

The periodic timer from the 802.1Q spec never turns off. It fires every
second, causing MRP to bounce from state QA to AA and back. You might think
that would stop when the registrar responds with an JoinIn, but there's no
state in the MRP state table to ignore the periodic timer after getting a
reply. The result is MRP sends a JoinIn message every second. This may not
be desirable, but it's what the spec requires.

[802.1Q-2011]
http://standards.ieee.org/findstds/standard/802.1Q-2011.html


You can merge this Pull Request by running

git pull https://github.com/noelbk/linux master

Or view, comment on, or merge it at:

#48

Commit Summary

added periodictimer to mrp to allow retries when packets get lost
cleaned up debug prints before committing back to master
clean up before pull request

File Changes

M include/net/mrp.h (1)
M net/802/mrp.c (45)

Patch Links:

https://github.com/torvalds/linux/pull/48.patch
https://github.com/torvalds/linux/pull/48.diff

Contributor

noelbk commented Sep 16, 2013

Oops, sorry for wasting your time. I tried looking for a HOWTO to submit
this, but totally missed Documentation/SubmittingPatches. Duh.

Cheers,

Noel

On Mon, Sep 16, 2013 at 12:53 PM, Linus Torvalds
notifications@github.comwrote:

This is not how to do kernel development. You need to talk to the
maintainers of the code in question, which in this case would be

./scripts/get_maintainer.pl -f net/802/mrp.c:

"David S. Miller" davem@davemloft.net (maintainer:NETWORKING
[GENERAL],commit_signer:4/4=100%)
David Ward david.ward@ll.mit.edu (commit_signer:2/4=50%)
Patrick McHardy kaber@trash.net (commit_signer:1/4=25%)
Stephen Hemminger stephen@networkplumber.org (commit_signer:1/4=25%)
Eric Dumazet edumazet@google.com (commit_signer:1/4=25%)
netdev@vger.kernel.org (open list:NETWORKING [GENERAL])

and I'm pretty sure that they don't want just some random github pull
request either. Patches, explanations, background. And then when
they trust you, you can use the proper git "request-pull" script to
generate a high-quality pull request that you send from a real email
address, not the random stuff github generates. That said, for a
single small commit, an actual emailed patch is probably the way to
go.

github people - is there really no way to turn off Pull requests like
this and have an explanation pointing to
Documentation/SubmittingPatches or something? The kernel doesn't take
github pull requests, and never will. They don't contain enough
information, and they don't have the proper context.

Linus

On Mon, Sep 16, 2013 at 1:34 PM, noelbk notifications@github.com wrote:

Added periodic timer from [802.1Q-2011] to retry if MRP loses messages.
MRP
used to lose JoinIn messages and never retry if it sent messages before
the
interface became ready.

The periodic timer from the 802.1Q spec never turns off. It fires every
second, causing MRP to bounce from state QA to AA and back. You might
think
that would stop when the registrar responds with an JoinIn, but there's
no
state in the MRP state table to ignore the periodic timer after getting a
reply. The result is MRP sends a JoinIn message every second. This may
not
be desirable, but it's what the spec requires.

[802.1Q-2011]
http://standards.ieee.org/findstds/standard/802.1Q-2011.html


You can merge this Pull Request by running

git pull https://github.com/noelbk/linux master

Or view, comment on, or merge it at:

#48

Commit Summary

added periodictimer to mrp to allow retries when packets get lost
cleaned up debug prints before committing back to master
clean up before pull request

File Changes

M include/net/mrp.h (1)
M net/802/mrp.c (45)

Patch Links:

https://github.com/torvalds/linux/pull/48.patch
https://github.com/torvalds/linux/pull/48.diff


Reply to this email directly or view it on GitHubhttps://github.com/torvalds/linux/pull/48#issuecomment-24539030
.

@swarren swarren pushed a commit to swarren/linux-tegra that referenced this pull request Oct 14, 2013

Borislav Petkov + Ingo Molnar x86: Improve the printout of the SMP bootup CPU table
As the new x86 CPU bootup printout format code maintainer, I am
taking immediate action to improve and clean (and thus indulge
my OCD) the reporting of the cores when coming up online.

Fix padding to a right-hand alignment, cleanup code and bind
reporting width to the max number of supported CPUs on the
system, like this:

 [    0.074509] smpboot: Booting Node   0, Processors:      #1  #2  #3  #4  #5  #6  #7 OK
 [    0.644008] smpboot: Booting Node   1, Processors:  #8  #9 #10 #11 #12 #13 #14 #15 OK
 [    1.245006] smpboot: Booting Node   2, Processors: #16 #17 #18 #19 #20 #21 #22 #23 OK
 [    1.864005] smpboot: Booting Node   3, Processors: #24 #25 #26 #27 #28 #29 #30 #31 OK
 [    2.489005] smpboot: Booting Node   4, Processors: #32 #33 #34 #35 #36 #37 #38 #39 OK
 [    3.093005] smpboot: Booting Node   5, Processors: #40 #41 #42 #43 #44 #45 #46 #47 OK
 [    3.698005] smpboot: Booting Node   6, Processors: #48 #49 #50 #51 #52 #53 #54 #55 OK
 [    4.304005] smpboot: Booting Node   7, Processors: #56 #57 #58 #59 #60 #61 #62 #63 OK
 [    4.961413] Brought up 64 CPUs

and this:

 [    0.072367] smpboot: Booting Node   0, Processors:    #1 #2 #3 #4 #5 #6 #7 OK
 [    0.686329] Brought up 8 CPUs

Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Libin <huawei.libin@huawei.com>
Cc: wangyijing@huawei.com
Cc: fenghua.yu@intel.com
Cc: guohanjun@huawei.com
Cc: paul.gortmaker@windriver.com
Link: http://lkml.kernel.org/r/20130927143554.GF4422@pd.tnic
Signed-off-by: Ingo Molnar <mingo@kernel.org>
646e29a

@swarren swarren pushed a commit to swarren/linux-tegra that referenced this pull request Oct 14, 2013

Borislav Petkov + Ingo Molnar x86/boot: Further compress CPUs bootup message
Turn it into (for example):

[    0.073380] x86: Booting SMP configuration:
[    0.074005] .... node   #0, CPUs:          #1   #2   #3   #4   #5   #6   #7
[    0.603005] .... node   #1, CPUs:     #8   #9  #10  #11  #12  #13  #14  #15
[    1.200005] .... node   #2, CPUs:    #16  #17  #18  #19  #20  #21  #22  #23
[    1.796005] .... node   #3, CPUs:    #24  #25  #26  #27  #28  #29  #30  #31
[    2.393005] .... node   #4, CPUs:    #32  #33  #34  #35  #36  #37  #38  #39
[    2.996005] .... node   #5, CPUs:    #40  #41  #42  #43  #44  #45  #46  #47
[    3.600005] .... node   #6, CPUs:    #48  #49  #50  #51  #52  #53  #54  #55
[    4.202005] .... node   #7, CPUs:    #56  #57  #58  #59  #60  #61  #62  #63
[    4.811005] .... node   #8, CPUs:    #64  #65  #66  #67  #68  #69  #70  #71
[    5.421006] .... node   #9, CPUs:    #72  #73  #74  #75  #76  #77  #78  #79
[    6.032005] .... node  #10, CPUs:    #80  #81  #82  #83  #84  #85  #86  #87
[    6.648006] .... node  #11, CPUs:    #88  #89  #90  #91  #92  #93  #94  #95
[    7.262005] .... node  #12, CPUs:    #96  #97  #98  #99 #100 #101 #102 #103
[    7.865005] .... node  #13, CPUs:   #104 #105 #106 #107 #108 #109 #110 #111
[    8.466005] .... node  #14, CPUs:   #112 #113 #114 #115 #116 #117 #118 #119
[    9.073006] .... node  #15, CPUs:   #120 #121 #122 #123 #124 #125 #126 #127
[    9.679901] x86: Booted up 16 nodes, 128 CPUs

and drop useless elements.

Change num_digits() to hpa's division-avoiding, cell-phone-typed
version which he went at great lengths and pains to submit on a
Saturday evening.

Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: huawei.libin@huawei.com
Cc: wangyijing@huawei.com
Cc: fenghua.yu@intel.com
Cc: guohanjun@huawei.com
Cc: paul.gortmaker@windriver.com
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/20130930095624.GB16383@pd.tnic
Signed-off-by: Ingo Molnar <mingo@kernel.org>
a17bce4

@rjwysocki rjwysocki pushed a commit to rjwysocki/linux-pm that referenced this pull request Jan 9, 2014

Jiang Liu + Rafael J. Wysocki Revert "intel_idle: mark states tables with __initdata tag"
This reverts commit 9d046cc.

Commit 9d046cc marks all state tables with __initdata, but
the state table may be accessed when doing CPU online, which then
causing system crash as below:

[  204.188841] BUG: unable to handle kernel paging request at ffffffff8227cce8
[  204.196844] IP: [<ffffffff814aa1c0>] intel_idle_cpu_init+0x40/0x130
[  204.203996] PGD 1e11067 PUD 1e12063 PMD 455859063 PTE 800000000227c062
[  204.211638] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
[  204.216975] Modules linked in: x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd gpio_ich microcode joydev sb_edac edac_core ipmi_si lpc_ich ipmi_msghandler lp tpm_tis parport wmi mac_hid acpi_pad hid_generic ixgbe isci usbhid dca hid libsas ptp ahci libahci scsi_transport_sas megaraid_sas pps_core mdio
[  204.262815] CPU: 11 PID: 1489 Comm: bash Not tainted 3.13.0-rc7+ #48
[  204.269993] Hardware name: Intel Corporation BRICKLAND/BRICKLAND, BIOS BRIVTIN1.86B.0047.L09.1312061514 12/06/2013
[  204.281646] task: ffff8804303a24a0 ti: ffff880440fac000 task.ti: ffff880440fac000
[  204.290311] RIP: 0010:[<ffffffff814aa1c0>]  [<ffffffff814aa1c0>] intel_idle_cpu_init+0x40/0x130
[  204.300184] RSP: 0018:ffff880440fadd28  EFLAGS: 00010286
[  204.306192] RAX: ffffffff8227cca0 RBX: ffffe8fff1a03400 RCX: 0000000000000007
[  204.314244] RDX: ffff88045f400000 RSI: 0000000000000009 RDI: 0000000000001120
[  204.322296] RBP: ffff880440fadd38 R08: 0000000000000000 R09: 0000000000000001
[  204.330411] R10: 0000000000000001 R11: 0000000000000000 R12: 000000000000001e
[  204.338482] R13: 00000000ffffffdb R14: 0000000000000001 R15: 0000000000000000
[  204.346743] FS:  00007f64f7b0c740(0000) GS:ffff88045ce00000(0000) knlGS:0000000000000000
[  204.355919] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  204.362449] CR2: ffffffff8227cce8 CR3: 0000000444ab0000 CR4: 00000000001407e0
[  204.370520] Stack:
[  204.372853]  000000000000001e ffffffff81f10240 ffff880440fadd50 ffffffff814aa307
[  204.381519]  ffffffff81ea80e0 ffff880440fadda0 ffffffff8185a230 0000000000000000
[  204.390196]  000000000000001e 0000000000000002 0000000000000002 0000000000000000
[  204.398856] Call Trace:
[  204.401683]  [<ffffffff814aa307>] cpu_hotplug_notify+0x57/0x70
[  204.408638]  [<ffffffff8185a230>] notifier_call_chain+0x100/0x150
[  204.415553]  [<ffffffff810a7dae>] __raw_notifier_call_chain+0xe/0x10
[  204.422772]  [<ffffffff81072163>] cpu_notify+0x23/0x50
[  204.428616]  [<ffffffff810723b2>] _cpu_up+0x132/0x1a0
[  204.434361]  [<ffffffff8107249d>] cpu_up+0x7d/0xa0
[  204.439819]  [<ffffffff81836c9c>] cpu_subsys_online+0x3c/0x90
[  204.446345]  [<ffffffff81554625>] device_online+0x45/0xa0
[  204.452471]  [<ffffffff815546ce>] online_store+0x4e/0x80
[  204.458511]  [<ffffffff815519a8>] dev_attr_store+0x18/0x30
[  204.464744]  [<ffffffff812a68f1>] sysfs_write_file+0x151/0x1c0
[  204.471681]  [<ffffffff81217ef1>] vfs_write+0xe1/0x160
[  204.477524]  [<ffffffff8121889c>] SyS_write+0x4c/0x90
[  204.483270]  [<ffffffff8185f2ed>] system_call_fastpath+0x1a/0x1f
[  204.490081] Code: 41 54 41 89 fc 8b 3d 48 25 85 01 53 48 8b 1d 30 25 85 01 48 03 1c c5 40 90 fb 81 48 8b 05 19 25 85 01 c7 43 0c 01 00 00 00 66 90 <48> 83 78 48 00 74 4f 41 83 c0 01 41 39 f0 7e 10 48 c7 c7 38 79
[  204.515723] RIP  [<ffffffff814aa1c0>] intel_idle_cpu_init+0x40/0x130
[  204.522996]  RSP <ffff880440fadd28>
[  204.526976] CR2: ffffffff8227cce8
[  204.530766] ---[ end trace 336f56cc3d1cfc8c ]---

Fixes: 9d046cc (intel_idle: mark states tables with __initdata tag)
Signed-off-by: Jiang Liu <jiang.liu@linux.intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
ba0dc81

@andy-shev andy-shev pushed a commit to andy-shev/linux that referenced this pull request Jan 24, 2015

Andrew Morton + Stephen Rothwell fanotify-dont-set-fan_ondir-implicitly-on-a-marks-ignored-mask-checkp…
…atch-fixes

WARNING: Missing a blank line after declarations
#48: FILE: fs/notify/fanotify/fanotify_user.c:495:
+		__u32 tmask = fsn_mark->mask & ~mask;
+		if (flags & FAN_MARK_ONDIR)

WARNING: Missing a blank line after declarations
#67: FILE: fs/notify/fanotify/fanotify_user.c:579:
+		__u32 tmask = fsn_mark->mask | mask;
+		if (flags & FAN_MARK_ONDIR)

total: 0 errors, 2 warnings, 54 lines checked

./patches/fanotify-dont-set-fan_ondir-implicitly-on-a-marks-ignored-mask.patch has style problems, please review.

If any of these errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Lino Sanfilippo <LinoSanfilippo@gmx.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
5ff9c83

noelbk closed this Feb 6, 2015

@Reichl Reichl pushed a commit to Reichl/linux-odroid that referenced this pull request Mar 5, 2015

Andrew Morton + Stephen Rothwell tomoyo-reduce-mmap_sem-hold-for-mm-exe_file-checkpatch-fixes
Sumeone needs to buy a tab key.

WARNING: please, no spaces at the start of a line
#29: FILE: security/tomoyo/util.c:951:
+       struct file *exe_file;$

WARNING: please, no spaces at the start of a line
#30: FILE: security/tomoyo/util.c:952:
+       const char *cp;$

WARNING: please, no spaces at the start of a line
#31: FILE: security/tomoyo/util.c:953:
+       struct mm_struct *mm = current->mm;$

WARNING: please, no spaces at the start of a line
#40: FILE: security/tomoyo/util.c:955:
+       if (!mm)$

WARNING: suspect code indent for conditional statements (7, 15)
#40: FILE: security/tomoyo/util.c:955:
+       if (!mm)
+	       return NULL;

WARNING: please, no spaces at the start of a line
#42: FILE: security/tomoyo/util.c:957:
+       exe_file = get_mm_exe_file(mm);$

WARNING: please, no spaces at the start of a line
#43: FILE: security/tomoyo/util.c:958:
+       if (!exe_file)$

WARNING: suspect code indent for conditional statements (7, 15)
#43: FILE: security/tomoyo/util.c:958:
+       if (!exe_file)
+	       return NULL;

WARNING: please, no spaces at the start of a line
#46: FILE: security/tomoyo/util.c:961:
+       cp = tomoyo_realpath_from_path(&exe_file->f_path);$

WARNING: please, no spaces at the start of a line
#47: FILE: security/tomoyo/util.c:962:
+       fput(exe_file);$

WARNING: please, no spaces at the start of a line
#48: FILE: security/tomoyo/util.c:963:
+       return cp;$

total: 0 errors, 11 warnings, 28 lines checked

./patches/tomoyo-reduce-mmap_sem-hold-for-mm-exe_file.patch has style problems, please review.

If any of these errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Davidlohr Bueso <dbueso@suse.de>
Cc: James Morris <jmorris@namei.org>
Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
5cd36a6

@Reichl Reichl pushed a commit to Reichl/linux-odroid that referenced this pull request Mar 9, 2015

Andrew Morton + Stephen Rothwell tomoyo-reduce-mmap_sem-hold-for-mm-exe_file-checkpatch-fixes
Sumeone needs to buy a tab key.

WARNING: please, no spaces at the start of a line
#29: FILE: security/tomoyo/util.c:951:
+       struct file *exe_file;$

WARNING: please, no spaces at the start of a line
#30: FILE: security/tomoyo/util.c:952:
+       const char *cp;$

WARNING: please, no spaces at the start of a line
#31: FILE: security/tomoyo/util.c:953:
+       struct mm_struct *mm = current->mm;$

WARNING: please, no spaces at the start of a line
#40: FILE: security/tomoyo/util.c:955:
+       if (!mm)$

WARNING: suspect code indent for conditional statements (7, 15)
#40: FILE: security/tomoyo/util.c:955:
+       if (!mm)
+	       return NULL;

WARNING: please, no spaces at the start of a line
#42: FILE: security/tomoyo/util.c:957:
+       exe_file = get_mm_exe_file(mm);$

WARNING: please, no spaces at the start of a line
#43: FILE: security/tomoyo/util.c:958:
+       if (!exe_file)$

WARNING: suspect code indent for conditional statements (7, 15)
#43: FILE: security/tomoyo/util.c:958:
+       if (!exe_file)
+	       return NULL;

WARNING: please, no spaces at the start of a line
#46: FILE: security/tomoyo/util.c:961:
+       cp = tomoyo_realpath_from_path(&exe_file->f_path);$

WARNING: please, no spaces at the start of a line
#47: FILE: security/tomoyo/util.c:962:
+       fput(exe_file);$

WARNING: please, no spaces at the start of a line
#48: FILE: security/tomoyo/util.c:963:
+       return cp;$

total: 0 errors, 11 warnings, 28 lines checked

./patches/tomoyo-reduce-mmap_sem-hold-for-mm-exe_file.patch has style problems, please review.

If any of these errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Davidlohr Bueso <dbueso@suse.de>
Cc: James Morris <jmorris@namei.org>
Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
d4565bc

@Reichl Reichl pushed a commit to Reichl/linux-odroid that referenced this pull request Mar 10, 2015

Andrew Morton + Stephen Rothwell tomoyo-reduce-mmap_sem-hold-for-mm-exe_file-checkpatch-fixes
Sumeone needs to buy a tab key.

WARNING: please, no spaces at the start of a line
#29: FILE: security/tomoyo/util.c:951:
+       struct file *exe_file;$

WARNING: please, no spaces at the start of a line
#30: FILE: security/tomoyo/util.c:952:
+       const char *cp;$

WARNING: please, no spaces at the start of a line
#31: FILE: security/tomoyo/util.c:953:
+       struct mm_struct *mm = current->mm;$

WARNING: please, no spaces at the start of a line
#40: FILE: security/tomoyo/util.c:955:
+       if (!mm)$

WARNING: suspect code indent for conditional statements (7, 15)
#40: FILE: security/tomoyo/util.c:955:
+       if (!mm)
+	       return NULL;

WARNING: please, no spaces at the start of a line
#42: FILE: security/tomoyo/util.c:957:
+       exe_file = get_mm_exe_file(mm);$

WARNING: please, no spaces at the start of a line
#43: FILE: security/tomoyo/util.c:958:
+       if (!exe_file)$

WARNING: suspect code indent for conditional statements (7, 15)
#43: FILE: security/tomoyo/util.c:958:
+       if (!exe_file)
+	       return NULL;

WARNING: please, no spaces at the start of a line
#46: FILE: security/tomoyo/util.c:961:
+       cp = tomoyo_realpath_from_path(&exe_file->f_path);$

WARNING: please, no spaces at the start of a line
#47: FILE: security/tomoyo/util.c:962:
+       fput(exe_file);$

WARNING: please, no spaces at the start of a line
#48: FILE: security/tomoyo/util.c:963:
+       return cp;$

total: 0 errors, 11 warnings, 28 lines checked

./patches/tomoyo-reduce-mmap_sem-hold-for-mm-exe_file.patch has style problems, please review.

If any of these errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Davidlohr Bueso <dbueso@suse.de>
Cc: James Morris <jmorris@namei.org>
Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
ccedd34

@Reichl Reichl pushed a commit to Reichl/linux-odroid that referenced this pull request Mar 12, 2015

Andrew Morton + Stephen Rothwell tomoyo-reduce-mmap_sem-hold-for-mm-exe_file-checkpatch-fixes
Sumeone needs to buy a tab key.

WARNING: please, no spaces at the start of a line
#29: FILE: security/tomoyo/util.c:951:
+       struct file *exe_file;$

WARNING: please, no spaces at the start of a line
#30: FILE: security/tomoyo/util.c:952:
+       const char *cp;$

WARNING: please, no spaces at the start of a line
#31: FILE: security/tomoyo/util.c:953:
+       struct mm_struct *mm = current->mm;$

WARNING: please, no spaces at the start of a line
#40: FILE: security/tomoyo/util.c:955:
+       if (!mm)$

WARNING: suspect code indent for conditional statements (7, 15)
#40: FILE: security/tomoyo/util.c:955:
+       if (!mm)
+	       return NULL;

WARNING: please, no spaces at the start of a line
#42: FILE: security/tomoyo/util.c:957:
+       exe_file = get_mm_exe_file(mm);$

WARNING: please, no spaces at the start of a line
#43: FILE: security/tomoyo/util.c:958:
+       if (!exe_file)$

WARNING: suspect code indent for conditional statements (7, 15)
#43: FILE: security/tomoyo/util.c:958:
+       if (!exe_file)
+	       return NULL;

WARNING: please, no spaces at the start of a line
#46: FILE: security/tomoyo/util.c:961:
+       cp = tomoyo_realpath_from_path(&exe_file->f_path);$

WARNING: please, no spaces at the start of a line
#47: FILE: security/tomoyo/util.c:962:
+       fput(exe_file);$

WARNING: please, no spaces at the start of a line
#48: FILE: security/tomoyo/util.c:963:
+       return cp;$

total: 0 errors, 11 warnings, 28 lines checked

./patches/tomoyo-reduce-mmap_sem-hold-for-mm-exe_file.patch has style problems, please review.

If any of these errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Davidlohr Bueso <dbueso@suse.de>
Cc: James Morris <jmorris@namei.org>
Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
45e86ad

@gthelen gthelen pushed a commit to gthelen/linux that referenced this pull request Apr 1, 2015

Andrew Morton + Stephen Rothwell tomoyo-reduce-mmap_sem-hold-for-mm-exe_file-checkpatch-fixes
Sumeone needs to buy a tab key.

WARNING: please, no spaces at the start of a line
#29: FILE: security/tomoyo/util.c:951:
+       struct file *exe_file;$

WARNING: please, no spaces at the start of a line
#30: FILE: security/tomoyo/util.c:952:
+       const char *cp;$

WARNING: please, no spaces at the start of a line
#31: FILE: security/tomoyo/util.c:953:
+       struct mm_struct *mm = current->mm;$

WARNING: please, no spaces at the start of a line
#40: FILE: security/tomoyo/util.c:955:
+       if (!mm)$

WARNING: suspect code indent for conditional statements (7, 15)
#40: FILE: security/tomoyo/util.c:955:
+       if (!mm)
+	       return NULL;

WARNING: please, no spaces at the start of a line
#42: FILE: security/tomoyo/util.c:957:
+       exe_file = get_mm_exe_file(mm);$

WARNING: please, no spaces at the start of a line
#43: FILE: security/tomoyo/util.c:958:
+       if (!exe_file)$

WARNING: suspect code indent for conditional statements (7, 15)
#43: FILE: security/tomoyo/util.c:958:
+       if (!exe_file)
+	       return NULL;

WARNING: please, no spaces at the start of a line
#46: FILE: security/tomoyo/util.c:961:
+       cp = tomoyo_realpath_from_path(&exe_file->f_path);$

WARNING: please, no spaces at the start of a line
#47: FILE: security/tomoyo/util.c:962:
+       fput(exe_file);$

WARNING: please, no spaces at the start of a line
#48: FILE: security/tomoyo/util.c:963:
+       return cp;$

total: 0 errors, 11 warnings, 28 lines checked

./patches/tomoyo-reduce-mmap_sem-hold-for-mm-exe_file.patch has style problems, please review.

If any of these errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Davidlohr Bueso <dbueso@suse.de>
Cc: James Morris <jmorris@namei.org>
Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
007cca1

@torvalds torvalds added a commit that referenced this pull request Apr 14, 2015

@krzk @torvalds krzk + torvalds ACPI / battery: Fix doubly added battery on system suspend
Commit 297d716 ("power_supply: Change ownership from driver to
core") inverted the logic in battery_notify().  As an effect already
present battery was re-added on each system suspend or hibernation.

    WARNING: CPU: 0 PID: 303 at ../fs/sysfs/dir.c:31 sysfs_warn_dup+0x68/0x80()
    sysfs: cannot create duplicate filename '/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/PNP0C0A:00/power_supply/BAT0'
    CPU: 0 PID: 303 Comm: rtcwake Not tainted 4.0.0-ARCH-02621-g07e6253af953 #48
    Call Trace:
      sysfs_create_dir_ns+0x8d/0xa0
      kobject_add_internal+0xb6/0x370
      kobject_add+0x6f/0xd0
      device_add+0x120/0x6c0
      __power_supply_register+0x145/0x290
      power_supply_register_no_ws+0x10/0x20
      sysfs_add_battery+0x84/0xc5 [battery]
      battery_notify+0x45/0x6b [battery]
      notifier_call_chain+0x4f/0x80
      __blocking_notifier_call_chain+0x4b/0x70
      blocking_notifier_call_chain+0x16/0x20
      pm_notifier_call_chain+0x1a/0x40
      pm_suspend+0x3ed/0x4e0

Signed-off-by: Krzysztof Kozlowski <k.kozlowski.k@gmail.com>
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Reviewed-By: Sebastian Reichel <sre@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
31f7dc7

@ghost ghost pushed a commit to 0day-ci/linux that referenced this pull request Oct 22, 2015

@fengguang Li RongQing + fengguang net: sysctl: fix a kmemleak warning
the returned buffer of register_sysctl() is stored into net_header
variable, but net_header is not used after, and compiler maybe
optimise the variable out, and lead kmemleak reported the below warning

	comm "swapper/0", pid 1, jiffies 4294937448 (age 267.270s)
	hex dump (first 32 bytes):
	90 38 8b 01 c0 ff ff ff 00 00 00 00 01 00 00 00 .8..............
	01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
	backtrace:
	[<ffffffc00020f134>] create_object+0x10c/0x2a0
	[<ffffffc00070ff44>] kmemleak_alloc+0x54/0xa0
	[<ffffffc0001fe378>] __kmalloc+0x1f8/0x4f8
	[<ffffffc00028e984>] __register_sysctl_table+0x64/0x5a0
	[<ffffffc00028eef0>] register_sysctl+0x30/0x40
	[<ffffffc00099c304>] net_sysctl_init+0x20/0x58
	[<ffffffc000994dd8>] sock_init+0x10/0xb0
	[<ffffffc0000842e0>] do_one_initcall+0x90/0x1b8
	[<ffffffc000966bac>] kernel_init_freeable+0x218/0x2f0
	[<ffffffc00070ed6c>] kernel_init+0x1c/0xe8
	[<ffffffc000083bfc>] ret_from_fork+0xc/0x50
	[<ffffffffffffffff>] 0xffffffffffffffff <<end check kmemleak>>

Before fix, the objdump result on ARM64:
0000000000000000 <net_sysctl_init>:
   0:   a9be7bfd        stp     x29, x30, [sp,#-32]!
   4:   90000001        adrp    x1, 0 <net_sysctl_init>
   8:   90000000        adrp    x0, 0 <net_sysctl_init>
   c:   910003fd        mov     x29, sp
  10:   91000021        add     x1, x1, #0x0
  14:   91000000        add     x0, x0, #0x0
  18:   a90153f3        stp     x19, x20, [sp,#16]
  1c:   12800174        mov     w20, #0xfffffff4                // #-12
  20:   94000000        bl      0 <register_sysctl>
  24:   b4000120        cbz     x0, 48 <net_sysctl_init+0x48>
  28:   90000013        adrp    x19, 0 <net_sysctl_init>
  2c:   91000273        add     x19, x19, #0x0
  30:   9101a260        add     x0, x19, #0x68
  34:   94000000        bl      0 <register_pernet_subsys>
  38:   2a0003f4        mov     w20, w0
  3c:   35000060        cbnz    w0, 48 <net_sysctl_init+0x48>
  40:   aa1303e0        mov     x0, x19
  44:   94000000        bl      0 <register_sysctl_root>
  48:   2a1403e0        mov     w0, w20
  4c:   a94153f3        ldp     x19, x20, [sp,#16]
  50:   a8c27bfd        ldp     x29, x30, [sp],#32
  54:   d65f03c0        ret
After:
0000000000000000 <net_sysctl_init>:
   0:   a9bd7bfd        stp     x29, x30, [sp,#-48]!
   4:   90000000        adrp    x0, 0 <net_sysctl_init>
   8:   910003fd        mov     x29, sp
   c:   a90153f3        stp     x19, x20, [sp,#16]
  10:   90000013        adrp    x19, 0 <net_sysctl_init>
  14:   91000000        add     x0, x0, #0x0
  18:   91000273        add     x19, x19, #0x0
  1c:   f90013f5        str     x21, [sp,#32]
  20:   aa1303e1        mov     x1, x19
  24:   12800175        mov     w21, #0xfffffff4                // #-12
  28:   94000000        bl      0 <register_sysctl>
  2c:   f9002260        str     x0, [x19,#64]
  30:   b40001c0        cbz     x0, 68 <net_sysctl_init+0x68>
  34:   90000014        adrp    x20, 0 <net_sysctl_init>
  38:   91000294        add     x20, x20, #0x0
  3c:   9101a280        add     x0, x20, #0x68
  40:   94000000        bl      0 <register_pernet_subsys>
  44:   2a0003f5        mov     w21, w0
  48:   35000080        cbnz    w0, 58 <net_sysctl_init+0x58>
  4c:   aa1403e0        mov     x0, x20
  50:   94000000        bl      0 <register_sysctl_root>
  54:   14000005        b       68 <net_sysctl_init+0x68>
  58:   f9402260        ldr     x0, [x19,#64]
  5c:   94000000        bl      0 <unregister_sysctl_table>
  60:   f9402260        ldr     x0, [x19,#64]
  64:   94000000        bl      0 <kfree>
  68:   2a1503e0        mov     w0, w21
  6c:   f94013f5        ldr     x21, [sp,#32]
  70:   a94153f3        ldp     x19, x20, [sp,#16]
  74:   a8c37bfd        ldp     x29, x30, [sp],#48
  78:   d65f03c0        ret

Add the possible error handle to free the net_header to remove the
kmemleak warning

Signed-off-by: Li RongQing <roy.qing.li@gmail.com>
f699d50

@ghost ghost pushed a commit to 0day-ci/linux that referenced this pull request Oct 23, 2015

@fengguang Li RongQing + fengguang net: sysctl: fix a kmemleak warning
the returned buffer of register_sysctl() is stored into net_header
variable, but net_header is not used after, and compiler maybe
optimise the variable out, and lead kmemleak reported the below warning

	comm "swapper/0", pid 1, jiffies 4294937448 (age 267.270s)
	hex dump (first 32 bytes):
	90 38 8b 01 c0 ff ff ff 00 00 00 00 01 00 00 00 .8..............
	01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
	backtrace:
	[<ffffffc00020f134>] create_object+0x10c/0x2a0
	[<ffffffc00070ff44>] kmemleak_alloc+0x54/0xa0
	[<ffffffc0001fe378>] __kmalloc+0x1f8/0x4f8
	[<ffffffc00028e984>] __register_sysctl_table+0x64/0x5a0
	[<ffffffc00028eef0>] register_sysctl+0x30/0x40
	[<ffffffc00099c304>] net_sysctl_init+0x20/0x58
	[<ffffffc000994dd8>] sock_init+0x10/0xb0
	[<ffffffc0000842e0>] do_one_initcall+0x90/0x1b8
	[<ffffffc000966bac>] kernel_init_freeable+0x218/0x2f0
	[<ffffffc00070ed6c>] kernel_init+0x1c/0xe8
	[<ffffffc000083bfc>] ret_from_fork+0xc/0x50
	[<ffffffffffffffff>] 0xffffffffffffffff <<end check kmemleak>>

Before fix, the objdump result on ARM64:
0000000000000000 <net_sysctl_init>:
   0:   a9be7bfd        stp     x29, x30, [sp,#-32]!
   4:   90000001        adrp    x1, 0 <net_sysctl_init>
   8:   90000000        adrp    x0, 0 <net_sysctl_init>
   c:   910003fd        mov     x29, sp
  10:   91000021        add     x1, x1, #0x0
  14:   91000000        add     x0, x0, #0x0
  18:   a90153f3        stp     x19, x20, [sp,#16]
  1c:   12800174        mov     w20, #0xfffffff4                // #-12
  20:   94000000        bl      0 <register_sysctl>
  24:   b4000120        cbz     x0, 48 <net_sysctl_init+0x48>
  28:   90000013        adrp    x19, 0 <net_sysctl_init>
  2c:   91000273        add     x19, x19, #0x0
  30:   9101a260        add     x0, x19, #0x68
  34:   94000000        bl      0 <register_pernet_subsys>
  38:   2a0003f4        mov     w20, w0
  3c:   35000060        cbnz    w0, 48 <net_sysctl_init+0x48>
  40:   aa1303e0        mov     x0, x19
  44:   94000000        bl      0 <register_sysctl_root>
  48:   2a1403e0        mov     w0, w20
  4c:   a94153f3        ldp     x19, x20, [sp,#16]
  50:   a8c27bfd        ldp     x29, x30, [sp],#32
  54:   d65f03c0        ret
After:
0000000000000000 <net_sysctl_init>:
   0:   a9bd7bfd        stp     x29, x30, [sp,#-48]!
   4:   90000000        adrp    x0, 0 <net_sysctl_init>
   8:   910003fd        mov     x29, sp
   c:   a90153f3        stp     x19, x20, [sp,#16]
  10:   90000013        adrp    x19, 0 <net_sysctl_init>
  14:   91000000        add     x0, x0, #0x0
  18:   91000273        add     x19, x19, #0x0
  1c:   f90013f5        str     x21, [sp,#32]
  20:   aa1303e1        mov     x1, x19
  24:   12800175        mov     w21, #0xfffffff4                // #-12
  28:   94000000        bl      0 <register_sysctl>
  2c:   f9002260        str     x0, [x19,#64]
  30:   b40001a0        cbz     x0, 64 <net_sysctl_init+0x64>
  34:   90000014        adrp    x20, 0 <net_sysctl_init>
  38:   91000294        add     x20, x20, #0x0
  3c:   9101a280        add     x0, x20, #0x68
  40:   94000000        bl      0 <register_pernet_subsys>
  44:   2a0003f5        mov     w21, w0
  48:   35000080        cbnz    w0, 58 <net_sysctl_init+0x58>
  4c:   aa1403e0        mov     x0, x20
  50:   94000000        bl      0 <register_sysctl_root>
  54:   14000004        b       64 <net_sysctl_init+0x64>
  58:   f9402260        ldr     x0, [x19,#64]
  5c:   94000000        bl      0 <unregister_sysctl_table>
  60:   f900227f        str     xzr, [x19,#64]
  64:   2a1503e0        mov     w0, w21
  68:   f94013f5        ldr     x21, [sp,#32]
  6c:   a94153f3        ldp     x19, x20, [sp,#16]
  70:   a8c37bfd        ldp     x29, x30, [sp],#48
  74:   d65f03c0        ret

Add the possible error handle to free the net_header to remove the
kmemleak warning

Signed-off-by: Li RongQing <roy.qing.li@gmail.com>
4972774

@ghost ghost pushed a commit to 0day-ci/linux that referenced this pull request Oct 23, 2015

@davem330 Li RongQing + davem330 net: sysctl: fix a kmemleak warning
the returned buffer of register_sysctl() is stored into net_header
variable, but net_header is not used after, and compiler maybe
optimise the variable out, and lead kmemleak reported the below warning

	comm "swapper/0", pid 1, jiffies 4294937448 (age 267.270s)
	hex dump (first 32 bytes):
	90 38 8b 01 c0 ff ff ff 00 00 00 00 01 00 00 00 .8..............
	01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
	backtrace:
	[<ffffffc00020f134>] create_object+0x10c/0x2a0
	[<ffffffc00070ff44>] kmemleak_alloc+0x54/0xa0
	[<ffffffc0001fe378>] __kmalloc+0x1f8/0x4f8
	[<ffffffc00028e984>] __register_sysctl_table+0x64/0x5a0
	[<ffffffc00028eef0>] register_sysctl+0x30/0x40
	[<ffffffc00099c304>] net_sysctl_init+0x20/0x58
	[<ffffffc000994dd8>] sock_init+0x10/0xb0
	[<ffffffc0000842e0>] do_one_initcall+0x90/0x1b8
	[<ffffffc000966bac>] kernel_init_freeable+0x218/0x2f0
	[<ffffffc00070ed6c>] kernel_init+0x1c/0xe8
	[<ffffffc000083bfc>] ret_from_fork+0xc/0x50
	[<ffffffffffffffff>] 0xffffffffffffffff <<end check kmemleak>>

Before fix, the objdump result on ARM64:
0000000000000000 <net_sysctl_init>:
   0:   a9be7bfd        stp     x29, x30, [sp,#-32]!
   4:   90000001        adrp    x1, 0 <net_sysctl_init>
   8:   90000000        adrp    x0, 0 <net_sysctl_init>
   c:   910003fd        mov     x29, sp
  10:   91000021        add     x1, x1, #0x0
  14:   91000000        add     x0, x0, #0x0
  18:   a90153f3        stp     x19, x20, [sp,#16]
  1c:   12800174        mov     w20, #0xfffffff4                // #-12
  20:   94000000        bl      0 <register_sysctl>
  24:   b4000120        cbz     x0, 48 <net_sysctl_init+0x48>
  28:   90000013        adrp    x19, 0 <net_sysctl_init>
  2c:   91000273        add     x19, x19, #0x0
  30:   9101a260        add     x0, x19, #0x68
  34:   94000000        bl      0 <register_pernet_subsys>
  38:   2a0003f4        mov     w20, w0
  3c:   35000060        cbnz    w0, 48 <net_sysctl_init+0x48>
  40:   aa1303e0        mov     x0, x19
  44:   94000000        bl      0 <register_sysctl_root>
  48:   2a1403e0        mov     w0, w20
  4c:   a94153f3        ldp     x19, x20, [sp,#16]
  50:   a8c27bfd        ldp     x29, x30, [sp],#32
  54:   d65f03c0        ret
After:
0000000000000000 <net_sysctl_init>:
   0:   a9bd7bfd        stp     x29, x30, [sp,#-48]!
   4:   90000000        adrp    x0, 0 <net_sysctl_init>
   8:   910003fd        mov     x29, sp
   c:   a90153f3        stp     x19, x20, [sp,#16]
  10:   90000013        adrp    x19, 0 <net_sysctl_init>
  14:   91000000        add     x0, x0, #0x0
  18:   91000273        add     x19, x19, #0x0
  1c:   f90013f5        str     x21, [sp,#32]
  20:   aa1303e1        mov     x1, x19
  24:   12800175        mov     w21, #0xfffffff4                // #-12
  28:   94000000        bl      0 <register_sysctl>
  2c:   f9002260        str     x0, [x19,#64]
  30:   b40001a0        cbz     x0, 64 <net_sysctl_init+0x64>
  34:   90000014        adrp    x20, 0 <net_sysctl_init>
  38:   91000294        add     x20, x20, #0x0
  3c:   9101a280        add     x0, x20, #0x68
  40:   94000000        bl      0 <register_pernet_subsys>
  44:   2a0003f5        mov     w21, w0
  48:   35000080        cbnz    w0, 58 <net_sysctl_init+0x58>
  4c:   aa1403e0        mov     x0, x20
  50:   94000000        bl      0 <register_sysctl_root>
  54:   14000004        b       64 <net_sysctl_init+0x64>
  58:   f9402260        ldr     x0, [x19,#64]
  5c:   94000000        bl      0 <unregister_sysctl_table>
  60:   f900227f        str     xzr, [x19,#64]
  64:   2a1503e0        mov     w0, w21
  68:   f94013f5        ldr     x21, [sp,#32]
  6c:   a94153f3        ldp     x19, x20, [sp,#16]
  70:   a8c37bfd        ldp     x29, x30, [sp],#48
  74:   d65f03c0        ret

Add the possible error handle to free the net_header to remove the
kmemleak warning

Signed-off-by: Li RongQing <roy.qing.li@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
ce9d9b8

@ghost ghost pushed a commit to 0day-ci/linux that referenced this pull request Dec 8, 2015

Borislav Petkov EDAC, mc_sysfs: Fix freeing bus' name
I get the splat below when modprobing/rmmoding EDAC drivers. It happens
because bus->name is invalid after bus_unregister() has run. The Code: section
below corresponds to:

  .loc 1 1108 0
  movq    672(%rbx), %rax # mci_1(D)->bus, mci_1(D)->bus
  .loc 1 1109 0
  popq    %rbx    #

  .loc 1 1108 0
  movq    (%rax), %rdi    # _7->name,
  jmp     kfree   #

and %rax has some funky stuff 2030203020312030 which looks a lot like
something walked over it.

Fix that by saving the name ptr before doing stuff to string it points to.

  general protection fault: 0000 [#1] SMP
  Modules linked in: ...
  CPU: 4 PID: 10318 Comm: modprobe Tainted: G          I EN  3.12.51-11-default+ #48
  Hardware name: HP ProLiant DL380 G7, BIOS P67 05/05/2011
  task: ffff880311320280 ti: ffff88030da3e000 task.ti: ffff88030da3e000
  RIP: 0010:[<ffffffffa019da92>]  [<ffffffffa019da92>] edac_unregister_sysfs+0x22/0x30 [edac_core]
  RSP: 0018:ffff88030da3fe28  EFLAGS: 00010292
  RAX: 2030203020312030 RBX: ffff880311b4e000 RCX: 000000000000095c
  RDX: 0000000000000001 RSI: ffff880327bb9600 RDI: 0000000000000286
  RBP: ffff880311b4e750 R08: 0000000000000000 R09: ffffffff81296110
  R10: 0000000000000400 R11: 0000000000000000 R12: ffff88030ba1ac68
  R13: 0000000000000001 R14: 00000000011b02f0 R15: 0000000000000000
  FS:  00007fc9bf8f5700(0000) GS:ffff8801a7c40000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
  CR2: 0000000000403c90 CR3: 000000019ebdf000 CR4: 00000000000007e0
  Stack:
  Call Trace:
    i7core_unregister_mci.isra.9
    i7core_remove
    pci_device_remove
    __device_release_driver
    driver_detach
    bus_remove_driver
    pci_unregister_driver
    i7core_exit
    SyS_delete_module
    system_call_fastpath
    0x7fc9bf426536
  Code: 2e 0f 1f 84 00 00 00 00 00 66 66 66 66 90 53 48 89 fb e8 52 2a 1f e1 48 8b bb a0 02 00 00 e8 46 59 1f e1 48 8b 83 a0 02 00 00 5b <48> 8b 38 e9 26 9a fe e0 66 0f 1f 44 00 00 66 66 66 66 90 48 8b
  RIP  [<ffffffffa019da92>] edac_unregister_sysfs+0x22/0x30 [edac_core]
   RSP <ffff88030da3fe28>

Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Cc: <stable@vger.kernel.org> # v3.6..
Fixes: 7a623c0 ("edac: rewrite the sysfs code to use struct device")
138500d

@ddstreet ddstreet pushed a commit to ddstreet/linux that referenced this pull request Dec 10, 2015

@hnaz mmotm auto import + hnaz linux-next
GIT 4e757c85baca72dda85112d53a2d8e799a640f48

commit 4675390a9e7183bf45590e84a183e22e32c485a7
Author: Geert Uytterhoeven <geert@linux-m68k.org>
Date:   Mon Dec 7 10:09:06 2015 +0100

    ethernet: aurora: AURORA_NB8800 should depend on HAS_DMA
    
    If NO_DMA=y:
    
        ERROR: "dma_map_single" [drivers/net/ethernet/aurora/nb8800.ko] undefined!
        ERROR: "dma_unmap_page" [drivers/net/ethernet/aurora/nb8800.ko] undefined!
        ERROR: "dma_sync_single_for_cpu" [drivers/net/ethernet/aurora/nb8800.ko] undefined!
        ERROR: "dma_unmap_single" [drivers/net/ethernet/aurora/nb8800.ko] undefined!
        ERROR: "dma_alloc_coherent" [drivers/net/ethernet/aurora/nb8800.ko] undefined!
        ERROR: "dma_mapping_error" [drivers/net/ethernet/aurora/nb8800.ko] undefined!
        ERROR: "dma_map_page" [drivers/net/ethernet/aurora/nb8800.ko] undefined!
        ERROR: "dma_free_coherent" [drivers/net/ethernet/aurora/nb8800.ko] undefined!
    
    Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
    Acked-by: Mans Rullgard <mans@mansr.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 668dda06d48fc16a5b40e6a32057bd18589e3f95
Author: Sunil Goutham <sgoutham@cavium.com>
Date:   Mon Dec 7 10:30:33 2015 +0530

    net, thunderx: Remove unnecessary rcv buffer start address management
    
    Since we have moved on to using allocated pages to carve receive
    buffers instead of netdev_alloc_skb() there is no need to store
    any pointers for later retrieval. Earlier we had to store
    skb and skb->data pointers which later are used to handover
    received packet to network stack.
    
    This will avoid an unnecessary cache miss as well.
    
    Signed-off-by: Sunil Goutham <sgoutham@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit b45ceb406e4fd3045180b8d70bff60b1d43c7ff4
Author: Yury Norov <yury.norov@auriga.com>
Date:   Mon Dec 7 10:30:32 2015 +0530

    net: thunderx: nicvf_queues: nivc_*_intr: remove duplication
    
    The same switch-case repeates for nivc_*_intr functions.
    In this patch it is moved to a helper nicvf_int_type_to_mask().
    
    By the way:
     - Unneeded write to NICVF register dropped if int_type is unknown.
     - netdev_dbg() is used instead of netdev_err().
    
    Signed-off-by: Yury Norov <yury.norov@auriga.com>
    Signed-off-by: Aleksey Makarov <aleksey.makarov@caviumnetworks.com>
    Acked-by: Vadim Lomovtsev <Vadim.Lomovtsev@caiumnetworks.com>
    Signed-off-by: Sunil Goutham <sgoutham@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 2dc487b6ebe8593d694034680389579edc7c1bd6
Author: Andrew Lunn <andrew@lunn.ch>
Date:   Wed Dec 2 00:33:32 2015 +0100

    ARM: mvebu: update v5 defconfig for Orion5x machines
    
    Now that Orion5x is part of the multiarch kernel, add it to
    mvebu_v5_defconfig.
    
    Signed-off-by: Andrew Lunn <andrew@lunn.ch>
    Signed-off-by: Gregory CLEMENT <gregory.clement@free-electrons.com>

commit 5ff2a92d4e131a846fdb0aa91b50c46efc7d94c9
Author: Andrew Lunn <andrew@lunn.ch>
Date:   Wed Dec 2 00:33:31 2015 +0100

    ARM: mvebu: Reenable DSA in mvebu_v5_defconfig
    
    DSA now depends on switchdev. Enable it, and re-enable DSA and its
    drivers, which were removed when mvebu_v5_defconfig was regenerated.
    
    Signed-off-by: Andrew Lunn <andrew@lunn.ch>
    Signed-off-by: Gregory CLEMENT <gregory.clement@free-electrons.com>

commit f549707af5650162434a8627c95482a829555450
Author: Borislav Petkov <bp@suse.de>
Date:   Mon Nov 30 19:02:01 2015 +0100

    EDAC: Rework workqueue handling
    
    Hide the EDAC workqueue pointer in a separate compilation unit and add
    accessors for the workqueue manipulations needed.
    
    Remove edac_pci_reset_delay_period() which wasn't used by anything. It
    seems it got added without a user with
    
      91b99041c1d5 ("drivers/edac: updated PCI monitoring")
    
    Signed-off-by: Borislav Petkov <bp@suse.de>

commit 56fb0cc3b7b6a02b90f2e3457702f014259b1e24
Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date:   Tue Nov 17 04:38:15 2015 +0300

    video: fbdev: rivafb: unlock chip before probiding EDID
    
    At least NV3 requires for chip to be unlocked before it is possible to
    access I2C registers. Without it, it is not possible to read EDID.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
    Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>

commit c5fec49f4208f67ef4574af956091093b11c566a
Author: Arnd Bergmann <arnd@arndb.de>
Date:   Fri Nov 20 22:48:36 2015 +0100

    fbdev: sm712fb: avoid unused function warnings
    
    The sm712fb framebuffer driver encloses the power-management
    functions in #ifdef CONFIG_PM, but the smtcfb_pci_suspend/resume
    functions are only really used when CONFIG_PM_SLEEP is also
    set, as a frequent gcc warning shows:
    
    fbdev/sm712fb.c:1549:12: warning: 'smtcfb_pci_suspend' defined but not used
    fbdev/sm712fb.c:1572:12: warning: 'smtcfb_pci_resume' defined but not used
    
    The driver also avoids using the SIMPLE_DEV_PM_OPS macro when
    CONFIG_PM is unset, which is redundant.
    
    This changes the driver to remove the #ifdef and instead mark
    the functions as __maybe_unused, which is a nicer anyway, as it
    provides build testing for all the code in all configurations
    and is harder to get wrong.
    
    Signed-off-by: Arnd Bergmann <arnd@arndb.de>
    Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>

commit 0f08cf9f7bdf80ebe1ec366de43cd251e39d1e2d
Author: Arnd Bergmann <arnd@arndb.de>
Date:   Fri Nov 20 22:47:41 2015 +0100

    fbdev: auo_k190x: avoid unused function warnings
    
    The auo_k190x framebuffer driver encloses the power-management
    functions in #ifdef CONFIG_PM, but the auok190x_suspend/resume
    functions are only really used when CONFIG_PM_SLEEP is also
    set, as a frequent gcc warning shows:
    
    drivers/video/fbdev/auo_k190x.c:859:12: warning: 'auok190x_suspend' defined but not used
    drivers/video/fbdev/auo_k190x.c:899:12: warning: 'auok190x_resume' defined but not used
    
    This changes the driver to remove the #ifdef and instead mark
    the functions as __maybe_unused, which is a nicer anyway, as it
    provides build testing for all the code in all configurations
    and is harder to get wrong.
    
    Signed-off-by: Arnd Bergmann <arnd@arndb.de>
    Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>

commit 2a48fd5f89910ed6ed45a953f886de249b496b6c
Author: Tejun Heo <tj@kernel.org>
Date:   Mon Dec 7 10:58:57 2015 -0500

    workqueue: warn if memory reclaim tries to flush !WQ_MEM_RECLAIM workqueue
    
    Task or work item involved in memory reclaim trying to flush a
    non-WQ_MEM_RECLAIM workqueue or one of its work items can lead to
    deadlock.  Trigger WARN_ONCE() if such conditions are detected.
    
    Signed-off-by: Tejun Heo <tj@kernel.org>
    Cc: Peter Zijlstra <peterz@infradead.org>

commit 1add6cb735c5a8e9f411d16680b60c0b6a66de49
Author: Arnd Bergmann <arnd@arndb.de>
Date:   Fri Nov 27 15:33:11 2015 +0100

    fbdev: sis: enforce selection of at least one backend
    
    The sis framebuffer driver complains with a compile-time warning
    if neither the FB_SIS_300 nor FB_SIS_315 symbols are selected:
    
    drivers/video/fbdev/sis/sis_main.c:61:2: warning: #warning Neither CONFIG_FB_SIS_300 nor CONFIG_FB_SIS_315 is se
    
    This is reasonable because it doesn't work in that case, but it's
    also annoying for randconfig builds and is one of the most common
    warnings I'm seeing on ARM now.
    
    This changes the Kconfig logic to prevent the silly configuration,
    by always selecting the FB_SIS_300 variant if the other one is
    not set.
    
    Signed-off-by: Arnd Bergmann <arnd@arndb.de>
    Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>

commit bfc98c9c2e0ced00b79771bb65f1a79fd02041dd
Author: Dan Carpenter <dan.carpenter@oracle.com>
Date:   Fri Dec 4 16:14:58 2015 +0300

    OMAPDSS: DSS: fix a warning message
    
    The WARN() macro has to take a condition.  The current code will just
    print the stack trace and the function name instead of the intended
    warning message.
    
    Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
    Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>

commit b79f09261174f0782f6d6b7b3fe48eb4b0ec9d06
Author: Geert Uytterhoeven <geert+renesas@glider.be>
Date:   Fri Dec 4 17:01:43 2015 +0100

    fbdev: Remove unused SH-Mobile HDMI driver
    
    As of commit 44d88c754e57a6d9 ("ARM: shmobile: Remove legacy SoC code
    for R-Mobile A1"), the SH-Mobile HDMI driver is no longer used.
    In theory it could still be used on R-Mobile A1 SoCs, but that requires
    adding DT support to the driver, which is not planned.
    
    Remove the driver, it can be resurrected from git history when needed.
    
    Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
    Acked-by: Simon Horman <horms+renesas@verge.net.au>
    Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>

commit e11362bb25d97ea1cbe9e3b1e5f3d32aa4e75e13
Author: Yuan Sun <sunyuan3@huawei.com>
Date:   Mon Dec 7 10:28:46 2015 -0500

    Subject: cgroup: Fix incomplete dd command in blkio documentation
    
    Signed-off-by: Yuan Sun <sunyuan3@huawei.com>
    Signed-off-by: Tejun Heo <tj@kernel.org>

commit 2286bbcb6bd3823311279f04a7962941f94f8c58
Author: Michael S. Tsirkin <mst@redhat.com>
Date:   Sun Dec 6 13:31:30 2015 +0200

    virtio: drop heuristics on ring full
    
    Old hypervisors used tricks for selecting signalling, but modern ones
    use event index to detect ring full.
    Drop heuristics in this case.
    
    Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

commit a05c3fb05e2e46e46eeca5aff2d387d63f58665a
Author: Michael S. Tsirkin <mst@redhat.com>
Date:   Sun Dec 6 13:30:59 2015 +0200

    virtio_ring: check used idx correctly on interrupt
    
    squash ino RING_POLL
    
    Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

commit 5d04cdb6377659237591e932086128b22e2047e8
Author: Michael S. Tsirkin <mst@redhat.com>
Date:   Sun Nov 29 12:44:43 2015 +0200

    vring_bench: simple vring benchmark with poll support
    
    Integrate the benchmark that Rusty wrote.
    Add ring poll support.
    
    Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

commit 7b064765a864030d8f65ad6d2a274b39591418f2
Author: Michael S. Tsirkin <mst@redhat.com>
Date:   Mon Nov 30 11:13:18 2015 +0200

    virtio: skip avail/used index reads
    
    This adds a new vring feature bit: when enabled, host and guest poll the
    available/used ring directly instead of looking at the index field
    first.
    
    To guarantee it is possible to detect updates, the high bits (above
    vring.num - 1) in the ring head ID value are modified to match the index
    bits - these change on each wrap-around.  Writer also XORs this with
    0x8000 such that rings can be zero-initialized.
    
    Reader is modified to ignore these high bits when looking
    up descriptors.
    
    The point is to reduce the number of cacheline misses
    for both reads and writes.
    
    I see a performance improvement of about 20% on multithreaded benchmarks
    (e.g. virtio-test), but regression of about 2% on vring_bench.
    I think this has to do with the fact that complete_multi_user
    is implemented suboptimally.
    
    TODO:
    	investigate single-threaded regression
    	look at more aggressive ring layout changes
    	better name for a feature flag
    	split the patch to make it easier to review
    
    This is on top of the following patches in my tree:
    	virtio_ring: Shadow available ring flags & index
    	vhost: replace % with & on data path
    	tools/virtio: fix byteswap logic
    	tools/virtio: move list macro stubs
    
    Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

commit 8ce47633e652f2df54b7495a716bc4b5f4574da1
Author: Borislav Petkov <bp@suse.de>
Date:   Mon Nov 30 15:07:28 2015 +0100

    EDAC: Make edac_device workqueue setup/teardown functions static
    
    They're not used anywhere else.
    
    Signed-off-by: Borislav Petkov <bp@suse.de>

commit 4f2568f5cb475529aa2894adc7c7912517c83cb0
Author: Andreas Werner <andreas.werner@men.de>
Date:   Fri Dec 4 18:14:14 2015 +0100

    ata/sata_fsl.c: add ATA_FLAG_NO_LOG_PAGE to blacklist the controller for log page reads
    
    Every attempt to issue a read log page command lockup the controller.
    The command is currently sent if the sata device includes the devlsp feature
    to read out the timing data.
    This attempt to read the data, locks up the controller and the device
    is not recognzied correctly (failed to set xfermode) and cannot be accessed.
    
    This was found on Freescale P1013/P1022 and T4240 CPUs
    using a ATP IG mSATA 4GB with the devslp feature.
    
    fsl-sata ff718000.sata: Sata FSL Platform/CSB Driver init
    [    1.254195] scsi0 : sata_fsl
    [    1.256004] ata1: SATA max UDMA/133 irq 74
    [    1.370666] fsl-gianfar ethernet.3: enabled errata workarounds, flags: 0x4
    [    1.470671] fsl-gianfar ethernet.4: enabled errata workarounds, flags: 0x4
    [    1.775584] ata1: Signature Update detected @ 504 msecs
    [    1.947594] ata1: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
    [    1.948366] ata1.00: ATA-8: ATP IG mSATA, 20150311, max UDMA/133
    [    1.948371] ata1.00: 7732368 sectors, multi 0: LBA
    [    1.948843] ata1.00: failed to get Identify Device Data, Emask 0x1
    [    1.948857] ata1.00: failed to set xfermode (err_mask=0x40)
    [    7.467557] ata1: Signature Update detected @ 504 msecs
    [    7.639560] ata1: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
    [    7.651320] ata1.00: failed to get Identify Device Data, Emask 0x1
    [    7.651360] ata1.00: failed to set xfermode (err_mask=0x40)
    [    7.655628] ata1: limiting SATA link speed to 1.5 Gbps
    [    7.659458] ata1.00: limiting speed to UDMA/133:PIO3
    [   13.163554] ata1: Signature Update detected @ 504 msecs
    [   13.335558] ata1: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
    [   13.347298] ata1.00: failed to get Identify Device Data, Emask 0x1
    [   13.347334] ata1.00: failed to set xfermode (err_mask=0x40)
    [   13.351601] ata1.00: disabled
    [   13.353278] ata1: exception Emask 0x50 SAct 0x0 SErr 0x800 action 0x6 frozen t4
    [   13.359281] ata1: SError: { HostInt }
    [   13.361644] ata1: hard resetting link
    
    Signed-off-by: Andreas Werner <andreas.werner@men.de>
    Signed-off-by: Tejun Heo <tj@kernel.org>

commit ea013a9b205b47b1fcbc72522146fad560af0712
Author: Andreas Werner <andreas.werner@men.de>
Date:   Fri Dec 4 18:12:49 2015 +0100

    libata-eh.c: Introduce new ata port flag for controller which lockup on read log page
    
    Some controller lockup on a ata_read_log_page.
    Add new ata port flag ATA_FLAG_NO_LOG_PAGE which can used
    to blacklist a controller.
    
    If this flag is set, any attempt to read a log page returns an error
    without actually issuing the command.
    
    Signed-off-by: Andreas Werner <andreas.werner@men.de>
    Signed-off-by: Tejun Heo <tj@kernel.org>

commit f2000f11fc88b8030962ea6aa6e06dfc3df8bb10
Author: Borislav Petkov <bp@suse.de>
Date:   Mon Nov 30 14:20:41 2015 +0100

    EDAC: Remove edac_get_sysfs_subsys() error handling
    
    It cannot fail now. We either load EDAC core after having successfully
    initialized edac_subsys or we don't.
    
    Signed-off-by: Borislav Petkov <bp@suse.de>

commit ab77579321508e4234213c71d0a187bca67e550b
Author: Borislav Petkov <bp@suse.de>
Date:   Mon Nov 30 14:15:31 2015 +0100

    EDAC: Unexport and make edac_subsys static
    
    ... and use the accessor instead.
    
    Signed-off-by: Borislav Petkov <bp@suse.de>

commit f893180b79f6ada44068e4fe764eb2de70ee6bea
Author: Dan Williams <dan.j.williams@intel.com>
Date:   Sat Dec 5 16:18:44 2015 -0800

    ahci: compile out msi/msix infrastructure
    
    Quoting Arnd:
        The AHCI driver is used for some on-chip devices that do not use PCI
        for probing, and it can be built even when CONFIG_PCI is disabled, but
        that now results in a build failure:
    
        ata/libahci.c: In function 'ahci_host_activate_multi_irqs':
        ata/libahci.c:2475:4: error: invalid use of undefined type 'struct msix_entry'
        ata/libahci.c:2475:21: error: dereferencing pointer to incomplete type 'struct msix_entry'
    
    Add ifdef CONFIG_PCI_MSI infrastructure to compile out the multi-msi and
    multi-msix code.
    
    Reported-by: Arnd Bergmann <arnd@arndb.de>
    Tested--by: Arnd Bergmann <arnd@arndb.de>
    [arnd: fix up pci enabled case]
    Reported-by: Paul Gortmaker <paul.gortmaker@windriver.com>
    Fixes: d684a90d38e2 ("ahci: per-port msix support")
    Signed-off-by: Dan Williams <dan.j.williams@intel.com>
    Signed-off-by: Tejun Heo <tj@kernel.org>

commit 7e22c0024cf89404407f19955eab39b6d66de7b6
Author: Heiner Kallweit <hkallweit1@gmail.com>
Date:   Sun Dec 6 21:56:33 2015 +0100

    ata: core: fix irq description on AHCI single irq systems
    
    On my machine with single irq AHCI just the PCI id is printed as
    description in /proc/interrupts.
    I found a related discussion from beginning of this year:
    http://www.gossamer-threads.com/lists/linux/kernel/2117335
    
    Seems like 4f37b504768c ("libata: Use dev_name() for request_irq() to
    distinguish devices") tried to fix displaying a proper interrupt
    description for one scenario but broke it for another one.
    
    The mentioned discussion ended in the current situation being
    considered as broken but w/o a patch to fix it.
    
    The following patch is based on a proposal in this mail thread.
    Now the interrupt is properly described as:
    PCI-MSI 512000-edge      ahci[0000:00:1f.2]
    
    By combining both values also the scenario that commit 4f37b504768c
    ("libata: Use dev_name() for request_irq() to distinguish devices")
    refers to should still be fine. There it should look like this now:
    ahci[20100000.ide]
    
    Using managed memory allocation ensures that the irq description
    lives at least as long as the interrupt.
    
    Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
    Signed-off-by: Tejun Heo <tj@kernel.org>
    Cc: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>

commit 8d8fcba6d1eabcb11ea0a6027d150a7f2cd0e019
Author: Borislav Petkov <bp@suse.de>
Date:   Fri Nov 27 11:40:43 2015 +0100

    EDAC: Rip out the edac_subsys reference counting
    
    This was really dumb - reference counting for the main EDAC sysfs
    object. While we could've simply registered it as the first thing in the
    module init path and then hand it around to what needs it.
    
    Do that and rip out all the code around it, thus simplifying the whole
    handling significantly.
    
    Move the edac_subsys node back to edac_module.c.
    
    Signed-off-by: Borislav Petkov <bp@suse.de>

commit 6d1a2adef782d26113d4f18a617ccb33c4774d54
Author: Alexey Brodkin <abrodkin@synopsys.com>
Date:   Mon Dec 7 14:21:37 2015 +0300

    ARC: [axs10x] cap ethernet phy to 100 Mbit/sec
    
    Current ARC SDP boards cannot reliably handle 1Gbit
    Ethernet connections due to limitations in hardware.
    
    To make sure networking is stable on the board we're
    limiting phy to 100 Mbit.
    
    Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
    Signed-off-by: Vineet Gupta <vgupta@synopsys.com>

commit 4c835b57b8de88aef8446867701034128a8a3522
Author: Nicolas Iooss <nicolas.iooss_linux@m4x.org>
Date:   Wed Nov 18 19:07:15 2015 +0100

    fixdep: constify strrcmp arguments
    
    strrcmp only performs read access to the memory addressed by its
    arguments so make them const pointers.
    
    Signed-off-by: Nicolas Iooss <nicolas.iooss_linux@m4x.org>
    Signed-off-by: Michal Marek <mmarek@suse.com>

commit b46ae2f3e2882fad71630a6b7c5ea23fa8bc9b84
Author: Borislav Petkov <bp@suse.de>
Date:   Fri Nov 27 10:38:38 2015 +0100

    EDAC: Robustify workqueues destruction
    
    EDAC workqueue destruction is really fragile. We cancel delayed work
    but if it is still running and requeues itself, we still go ahead and
    destroy the workqueue and the queued work explodes when workqueue core
    attempts to run it.
    
    Make the destruction more robust by switching op_state to offline so
    that requeuing stops. Cancel any pending work *synchronously* too.
    
      EDAC i7core: Driver loaded.
      general protection fault: 0000 [#1] SMP
      CPU 12
      Modules linked in:
      Supported: Yes
      Pid: 0, comm: kworker/0:1 Tainted: G          IE   3.0.101-0-default #1 HP ProLiant DL380 G7
      RIP: 0010:[<ffffffff8107dcd7>]  [<ffffffff8107dcd7>] __queue_work+0x17/0x3f0
      < ... regs ...>
      Process kworker/0:1 (pid: 0, threadinfo ffff88019def6000, task ffff88019def4600)
      Stack:
       ...
      Call Trace:
       call_timer_fn
       run_timer_softirq
       __do_softirq
       call_softirq
       do_softirq
       irq_exit
       smp_apic_timer_interrupt
       apic_timer_interrupt
       intel_idle
       cpuidle_idle_call
       cpu_idle
      Code: ...
      RIP  __queue_work
       RSP <...>
    
    Signed-off-by: Borislav Petkov <bp@suse.de>
    Cc: <stable@vger.kernel.org>

commit 138500d1da4ec2a24025891ddc345151189ece5e
Author: Borislav Petkov <bp@suse.de>
Date:   Tue Dec 1 15:52:36 2015 +0100

    EDAC, mc_sysfs: Fix freeing bus' name
    
    I get the splat below when modprobing/rmmoding EDAC drivers. It happens
    because bus->name is invalid after bus_unregister() has run. The Code: section
    below corresponds to:
    
      .loc 1 1108 0
      movq    672(%rbx), %rax # mci_1(D)->bus, mci_1(D)->bus
      .loc 1 1109 0
      popq    %rbx    #
    
      .loc 1 1108 0
      movq    (%rax), %rdi    # _7->name,
      jmp     kfree   #
    
    and %rax has some funky stuff 2030203020312030 which looks a lot like
    something walked over it.
    
    Fix that by saving the name ptr before doing stuff to string it points to.
    
      general protection fault: 0000 [#1] SMP
      Modules linked in: ...
      CPU: 4 PID: 10318 Comm: modprobe Tainted: G          I EN  3.12.51-11-default+ #48
      Hardware name: HP ProLiant DL380 G7, BIOS P67 05/05/2011
      task: ffff880311320280 ti: ffff88030da3e000 task.ti: ffff88030da3e000
      RIP: 0010:[<ffffffffa019da92>]  [<ffffffffa019da92>] edac_unregister_sysfs+0x22/0x30 [edac_core]
      RSP: 0018:ffff88030da3fe28  EFLAGS: 00010292
      RAX: 2030203020312030 RBX: ffff880311b4e000 RCX: 000000000000095c
      RDX: 0000000000000001 RSI: ffff880327bb9600 RDI: 0000000000000286
      RBP: ffff880311b4e750 R08: 0000000000000000 R09: ffffffff81296110
      R10: 0000000000000400 R11: 0000000000000000 R12: ffff88030ba1ac68
      R13: 0000000000000001 R14: 00000000011b02f0 R15: 0000000000000000
      FS:  00007fc9bf8f5700(0000) GS:ffff8801a7c40000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
      CR2: 0000000000403c90 CR3: 000000019ebdf000 CR4: 00000000000007e0
      Stack:
      Call Trace:
        i7core_unregister_mci.isra.9
        i7core_remove
        pci_device_remove
        __device_release_driver
        driver_detach
        bus_remove_driver
        pci_unregister_driver
        i7core_exit
        SyS_delete_module
        system_call_fastpath
        0x7fc9bf426536
      Code: 2e 0f 1f 84 00 00 00 00 00 66 66 66 66 90 53 48 89 fb e8 52 2a 1f e1 48 8b bb a0 02 00 00 e8 46 59 1f e1 48 8b 83 a0 02 00 00 5b <48> 8b 38 e9 26 9a fe e0 66 0f 1f 44 00 00 66 66 66 66 90 48 8b
      RIP  [<ffffffffa019da92>] edac_unregister_sysfs+0x22/0x30 [edac_core]
       RSP <ffff88030da3fe28>
    
    Signed-off-by: Borislav Petkov <bp@suse.de>
    Cc: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
    Cc: <stable@vger.kernel.org> # v3.6..
    Fixes: 7a623c039075 ("edac: rewrite the sysfs code to use struct device")

commit 02f6ff90400d055f08b0ba0b5f0707630b6faed7
Author: David Henningsson <david.henningsson@canonical.com>
Date:   Mon Dec 7 11:29:31 2015 +0100

    ALSA: hda - Add inverted dmic for Packard Bell DOTS
    
    On the internal mic of the Packard Bell DOTS, one channel
    has an inverted signal. Add a quirk to fix this up.
    
    Cc: stable@vger.kernel.org
    BugLink: https://bugs.launchpad.net/bugs/1523232
    Signed-off-by: David Henningsson <david.henningsson@canonical.com>
    Signed-off-by: Takashi Iwai <tiwai@suse.de>

commit 1b894521e60c1b91db1e8ba1278660e5c89f1b5f
Author: Ilan Peer <ilan.peer@intel.com>
Date:   Sun Dec 6 21:19:15 2015 +0200

    mac80211: handle HW ROC expired properly
    
    In case of HW ROC, when the driver reports that the ROC expired,
    it is not sufficient to purge the ROCs based on the remaining
    time, as it possible that the device finished the ROC session
    before the actual requested duration.
    
    To handle such cases, in case of ROC expired notification from
    the driver, complete all the ROCs which are marked with hw_begun,
    regardless of the remaining duration.
    
    Signed-off-by: Ilan Peer <ilan.peer@intel.com>
    Signed-off-by: Johannes Berg <johannes.berg@intel.com>

commit 0d014ff344abc9c8e56cf1870ab3a144d2e2e37a
Author: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Date:   Thu Nov 19 16:07:17 2015 +0100

    drm/i915: Remove double wait_for_vblank on broadwell.
    
    wait_vblank is already set in intel_plane_atomic_calc_changes
    for broadwell, waiting for a double vblank is overkill.
    
    Signed-off-by: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
    Link: http://patchwork.freedesktop.org/patch/msgid/1447945645-32005-5-git-send-email-maarten.lankhorst@linux.intel.com

commit b900111459e2f4a538697f75b63478f3a6acec3c
Author: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Date:   Thu Nov 19 16:07:16 2015 +0100

    drm/i915/skl: Update watermarks before the crtc is disabled.
    
    On skylake some of the registers are only writable when the correct
    power wells are enabled. Because of this watermarks have to be updated
    before the crtc turns off, or you get unclaimed register read and write
    warnings.
    
    This patch needs to be modified slightly to apply to -fixes.
    
    Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=92181
    Signed-off-by: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
    Cc: stable@vger.kernel.org
    Cc: Matt Roper <matthew.d.roper@intel.com>
    Link: http://patchwork.freedesktop.org/patch/msgid/1447945645-32005-4-git-send-email-maarten.lankhorst@linux.intel.com
    Reviewed-by: Ander Conselvan de Oliveira <conselvan2@gmail.com>

commit 526c0ab13672fa2ec0fddb7efa9a7797e11fddea
Author: Damien Riegel <damien.riegel@savoirfairelinux.com>
Date:   Mon Nov 30 10:59:47 2015 -0500

    mfd: syscon: Add a DT property to set value width
    
    Currently syscon has a fixed configuration of 32 bits for register and
    values widths. In some cases, it would be desirable to be able to
    customize the value width.
    
    For example, certain boards (like the ones manufactured by Technologic
    Systems) have a FPGA that is memory-mapped, but its registers are only
    16-bit wide.
    
    This patch adds an optional "reg-io-width" DT binding for syscon that
    allows to change the width for the data bus (i.e. val_bits). If this
    property is provided, it will also set the register stride to
    reg-io-width's value. If not provided, the default configuration is
    used.
    
    Signed-off-by: Damien Riegel <damien.riegel@savoirfairelinux.com>
    Acked-by: Rob Herring <robh@kernel.org>
    Acked-by: Arnd Bergmann <arnd@arndb.de>
    Signed-off-by: Lee Jones <lee.jones@linaro.org>

commit 92826fcdfc147a7d16766e987c12a9dfe1860c3f
Author: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Date:   Thu Dec 3 13:49:13 2015 +0100

    drm/i915: Calculate watermark related members in the crtc_state, v4.
    
    This removes pre/post_wm_update from intel_crtc->atomic, and
    creates atomic state for it in intel_crtc.
    
    Changes since v1:
    - Rebase on top of wm changes.
    Changes since v2:
    - Split disable_cxsr into a separate patch.
    Changes since v3:
    - Move some of the changes to intel_wm_need_update.
    
    Signed-off-by: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
    Link: http://patchwork.freedesktop.org/patch/msgid/56603A49.5000507@linux.intel.com
    Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>

commit ab1d3a0e5a44f5b1a8d1f811e925c8519b56fba4
Author: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Date:   Thu Nov 19 16:07:14 2015 +0100

    drm/i915: Move disable_cxsr to the crtc_state.
    
    intel_crtc->atomic will be removed later on, move this member
    to intel_crtc_state.
    
    Signed-off-by: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
    Link: http://patchwork.freedesktop.org/patch/msgid/1447945645-32005-2-git-send-email-maarten.lankhorst@linux.intel.com
    Reviewed-by: Ander Conselvan de Oliveira <conselvan2@gmail.com>

commit c10368897e104c008c610915a218f0fe5fa4ec96
Author: Ravindra Lokhande <rlokhande@nvidia.com>
Date:   Mon Dec 7 12:08:31 2015 +0530

    ALSA: compress: add support for 32bit calls in a 64bit kernel
    
    Compress offload does not support ioctl calls from a 32bit userspace
    in a 64 bit kernel. This patch adds support for ioctls from a 32bit
    userspace in a 64bit kernel
    
    Signed-off-by: Ravindra Lokhande <rlokhande@nvidia.com>
    Acked-by: Vinod Koul <vinod.koul@intel.com>
    Signed-off-by: Takashi Iwai <tiwai@suse.de>

commit ee65ad0e2a9e5c1a61f86be9365c17f4fddb3818
Author: Philipp Zabel <p.zabel@pengutronix.de>
Date:   Wed Nov 18 18:12:25 2015 +0100

    backlight: pwm_bl: Avoid backlight flicker when probed from DT
    
    If the driver is probed from the device tree, and there is a phandle
    property set on it, and the enable GPIO is already configured as output,
    and the backlight is currently disabled, keep it disabled.
    If all these conditions are met, assume there will be some other driver
    that can enable the backlight at the appropriate time.
    
    Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
    Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>
    Tested-by: Heiko Stuebner <heiko@sntech.de>
    Signed-off-by: Lee Jones <lee.jones@linaro.org>

commit 7c23b7c1996597dd9d60bb282fb5fa1be6ebd18b
Author: Lu, Han <han.lu@intel.com>
Date:   Mon Dec 7 15:59:13 2015 +0800

    ALSA: hda - Fix playback noise with 24/32 bit sample size on BXT
    
    In BXT-P A0, HD-Audio DMA requests is later than expected,
    and makes an audio stream sensitive to system latencies when
    24/32 bits are playing.
    Adjusting threshold of DMA fifo to force the DMA request
    sooner to improve latency tolerance at the expense of power.
    
    v2: move Intel specific code to hda_intel.c
    
    Signed-off-by: Lu, Han <han.lu@intel.com>
    Signed-off-by: Takashi Iwai <tiwai@suse.de>

commit a4d8a0fe4500b87817eebdb363c116922de87453
Author: Zeng Zhaoxiu <zhaoxiu.zeng@gmail.com>
Date:   Sun Dec 6 18:26:30 2015 +0800

    i915: Replace "hweight8(dev_priv->info.subslice_7eu[i]) != 1" with "!is_power_of_2(dev_priv->info.subslice_7eu[i])"
    
    Signed-off-by: Zeng Zhaoxiu <zhaoxiu.zeng@gmail.com>
    Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
    Link: http://patchwork.freedesktop.org/patch/msgid/1449397590-14292-1-git-send-email-zhaoxiu.zeng@gmail.com

commit f00be687f5fd2b626aa975dc4513cad525823c05
Author: Simon Horman <horms+renesas@verge.net.au>
Date:   Thu Nov 26 13:26:20 2015 +0900

    ARM: shmobile: r8a7793: remove deprecated #gpio-range-cells
    
    Commit a1bc260bb5f5d9 ("gpio: clean up gpio-ranges documentation")
    declares the above property deprecated. That was more than 2 years ago.
    Remove it, so it doesn't get copied around needlessly.
    
    Based on similar work for the r8a7791 and r8a7794 by Wolfram Sang.
    
    Cc: Wolfram Sang <wsa+renesas@sang-engineering.com>
    Signed-off-by: Simon Horman <horms+renesas@verge.net.au>
    Reported-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
    Acked-by: Wolfram Sang <wsa+renesas@sang-engineering.com>

commit 46ece349aa54f6e55b5f8d30bbecbaf2884ba869
Author: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Date:   Thu Dec 3 01:23:03 2015 +0300

    ARM: shmobile: r8a7791: add EtherAVB DT support
    
    Define the generic R8A7791 part of the EtherAVB device node.
    
    Based on the commit f25d6b977240 ("ARM: shmobile: r8a7790: add EtherAVB DT
    support").
    
    Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
    Signed-off-by: Simon Horman <horms+renesas@verge.net.au>

commit eaa870b3055384092d8fc075bca3a3a819f73c43
Author: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Date:   Thu Dec 3 01:21:49 2015 +0300

    ARM: shmobile: r8a7791: add EtherAVB clock
    
    Add the EtherAVB clock to the R8A7791 device tree.
    
    Based on the commit 63d2d750c902 ("ARM: shmobile: r8a7790: add EtherAVB
    clocks").
    
    Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
    Signed-off-by: Simon Horman <horms+renesas@verge.net.au>

commit 64874280889e7c0b2c9266705363627d4c92cf01
Author: Rainer Weikusat <rweikusat@mobileactivedefense.com>
Date:   Sun Dec 6 21:11:38 2015 +0000

    af_unix: fix unix_dgram_recvmsg entry locking
    
    The current unix_dgram_recvsmg code acquires the u->readlock mutex in
    order to protect access to the peek offset prior to calling
    __skb_recv_datagram for actually receiving data. This implies that a
    blocking reader will go to sleep with this mutex held if there's
    presently no data to return to userspace. Two non-desirable side effects
    of this are that a later non-blocking read call on the same socket will
    block on the ->readlock mutex until the earlier blocking call releases it
    (or the readers is interrupted) and that later blocking read calls
    will wait longer than the effective socket read timeout says they
    should: The timeout will only start 'ticking' once such a reader hits
    the schedule_timeout in wait_for_more_packets (core.c) while the time it
    already had to wait until it could acquire the mutex is unaccounted for.
    
    The patch avoids both by using the __skb_try_recv_datagram and
    __skb_wait_for_more packets functions created by the first patch to
    implement a unix_dgram_recvmsg read loop which releases the readlock
    mutex prior to going to sleep and reacquires it as needed
    afterwards. Non-blocking readers will thus immediately return with
    -EAGAIN if there's no data available regardless of any concurrent
    blocking readers and all blocking readers will end up sleeping via
    schedule_timeout, thus honouring the configured socket receive timeout.
    
    Signed-off-by: Rainer Weikusat <rweikusat@mobileactivedefense.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit ea3793ee29d3621faf857fa8ef5425e9ff9a756d
Author: Rainer Weikusat <rweikusat@mobileactivedefense.com>
Date:   Sun Dec 6 21:11:34 2015 +0000

    core: enable more fine-grained datagram reception control
    
    The __skb_recv_datagram routine in core/ datagram.c provides a general
    skb reception factility supposed to be utilized by protocol modules
    providing datagram sockets. It encompasses both the actual recvmsg code
    and a surrounding 'sleep until data is available' loop. This is
    inconvenient if a protocol module has to use additional locking in order
    to maintain some per-socket state the generic datagram socket code is
    unaware of (as the af_unix code does). The patch below moves the recvmsg
    proper code into a new __skb_try_recv_datagram routine which doesn't
    sleep and renames wait_for_more_packets to
    __skb_wait_for_more_packets, both routines being exported interfaces. The
    original __skb_recv_datagram routine is reimplemented on top of these
    two functions such that its user-visible behaviour remains unchanged.
    
    Signed-off-by: Rainer Weikusat <rweikusat@mobileactivedefense.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit dc15c60e39a3092df845f9bfc29b9c40cc63934d
Author: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Date:   Sun Dec 6 20:20:14 2015 -0800

    rcutorture: Don't keep empty console.log.diags files
    
    Currently, an error-free run produces an empty console.log.diags file.
    This can be annoying when using "vi */console.log.diags" to see a full
    summary of the errors.  This commit therefore removes any empty files
    during the analysis process.
    
    Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>

commit 0485e1b35866693ff3ec975ca4c3c8ea8db63678
Author: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Date:   Sun Dec 6 20:18:37 2015 -0800

    rcutorture: Add checks for rcutorture writer starvation
    
    This commit adds checks for rcutorture writer starvation, so that
    instances will be added to the test summary.
    
    Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>

commit 7bf9ae016efc0cf08263fbee5ac708c23b90792e
Author: Andrew Lunn <andrew@lunn.ch>
Date:   Mon Dec 7 04:38:58 2015 +0100

    PHY: DP83867: Remove looking in parent device for OF properties
    
    Device tree properties for a phy device are expected to be in the phy
    node. The current code for the DP83867 also tries to look in the
    parent node. The devices binding documentation does not mention this,
    no current device tree file makes use of this, and it is not behaviour
    we want. So remove looking in the parent device.
    
    Signed-off-by: Andrew Lunn <andrew@lunn.ch>
    Acked-by: Florian Fainelli <f.fainelli@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 404814af69d4732276319b90886b81fb2884ae1b
Author: Bjørn Mork <bjorn@mork.no>
Date:   Sun Dec 6 22:47:15 2015 +0100

    net: cdc_ncm: add "ndp_to_end" sysfs attribute
    
    Adding a writable sysfs attribute for the "NDP to end"
    quirk flag.
    
    This makes it easier for end users to test new devices for
    this firmware bug.  We've been lucky so far, but we should
    not depend on reporters capable of rebuilding the driver.
    
    Cc: Enrico Mioso <mrkiko.rs@gmail.com>
    Signed-off-by: Bjørn Mork <bjorn@mork.no>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit e57968a10bc1b3da6d2b8b0bdbbe4c5a43de2ad1
Author: Moni Shoua <monis@mellanox.com>
Date:   Sun Dec 6 18:07:43 2015 +0200

    net/mlx4_core: Support the HA mode for SRIOV VFs too
    
    When the mlx4 driver runs in HA mode, and all VFs are single ported
    ones, we make their single port Highly-Available.
    
    This is done by taking advantage of the HA mode properties (following
    bonding changes with programming the port V2P map, etc) and adding
    the missing parts which are unique to SRIOV such as mirroring VF
    steering rules on both ports.
    
    Due to limits on the MAC and VLAN table this mode is enabled only when
    number of total VFs is under 64.
    
    Signed-off-by: Moni Shoua <monis@mellanox.com>
    Reviewed-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
    Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit f1b4e12a9ab6cc08b1a047bf021d90c7e07b1517
Author: Or Gerlitz <ogerlitz@mellanox.com>
Date:   Sun Dec 6 18:07:42 2015 +0200

    IB/mlx4: Use the VF base-port when demuxing mad from wire
    
    Under HA mode, it's possible that the VF registered its GID
    (and expects to get mads through the PV scheme) on a port which is
    different from the one this mad arrived on, due to HA fail over.
    
    Therefore, if the gid is not matched on the port that the packet arrived
    on, check for a match on the other port if HA mode is active -- and if a
    match is found on the other port, continue processing the mad using that
    other port.
    
    Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
    Reviewed-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 5f61385d2ebc2bd62bc389c7da0d8d2f263be1eb
Author: Moni Shoua <monis@mellanox.com>
Date:   Sun Dec 6 18:07:41 2015 +0200

    net/mlx4_core: Keep VLAN/MAC tables mirrored in multifunc HA mode
    
    Due to HW limitations, indexes to MAC and VLAN tables are always taken
    from the table of the actual port. So, if a resource holds an index to
    a table, it may refer to different values during the lifetime of the
    resource,  unless the tables are mirrored. Also, even when
    driver is not in HA mode the policy of allocating an index to these
    tables is such to make sure, as much as possible, that when the time
    comes the mirroring will be successful. This means that in multifunction
    mode the allocation of a free index in a port's table tries to make sure
    that the same index in the other's port table is also free.
    
    Signed-off-by: Moni Shoua <monis@mellanox.com>
    Reviewed-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
    Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 78efed275117b189f06f8937798eab5cba53ed18
Author: Moni Shoua <monis@mellanox.com>
Date:   Sun Dec 6 18:07:40 2015 +0200

    net/mlx4_core: Support mirroring VF DMFS rules on both ports
    
    Under HA mode, steering rules set by VFs should be mirrored on both
    ports of the device so packets will be accepted no matter on which
    port they arrived.
    
    Since getting into HA mode is done dynamically when the user bonds mlx4
    Ethernet netdevs, we keep hold of the VF DMFS rule mbox with the port
    value flipped (1->2,2->1) and execute the mirroring when getting into
    HA mode. Later, when going out of HA mode, we unset the mirrored rules.
    In that context note that mirrored rules cannot be removed explicitly.
    
    Signed-off-by: Moni Shoua <monis@mellanox.com>
    Reviewed-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
    Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 8d80d04a521d4acf949a449403040c38ec648f57
Author: Moni Shoua <monis@mellanox.com>
Date:   Sun Dec 6 18:07:39 2015 +0200

    net/mlx4_core: Use both physical ports to dispatch link state events to VF
    
    Under HA mode, the link down event should be sent to VFs only if both
    ports are down.
    
    Signed-off-by: Moni Shoua <monis@mellanox.com>
    Reviewed-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
    Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit e34305c85f86112838cb332696513bed8e04a211
Author: Or Gerlitz <ogerlitz@mellanox.com>
Date:   Sun Dec 6 18:07:38 2015 +0200

    net/mlx4_core: Use both physical ports to set the VF link state
    
    In HA mode, the link state for VFs for which the policy is "auto"
    (i.e. follow the physical link state) should be ORed from both ports.
    
    Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
    Reviewed-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 0d76d6e8b2507983a2cae4c09880798079007421
Author: Julia Lawall <julia.lawall@lip6.fr>
Date:   Sun Dec 6 06:56:23 2015 +0100

    VSOCK: fix returnvar.cocci warnings
    
    Remove unneeded variable used to store return value.
    
    Generated by: scripts/coccinelle/misc/returnvar.cocci
    
    CC: Asias He <asias@redhat.com>
    Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
    Signed-off-by: Julia Lawall <julia.lawall@lip6.fr>
    Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit eeaef728978bc4da94d04d5e44bb81221279c418
Author: Loic Poulain <loic.poulain@intel.com>
Date:   Sun Dec 6 16:18:34 2015 +0100

    Bluetooth: btintel: Create common Intel Version Read function
    
    The Intel Version Read command is used to retrieve information
    about hardware and firmware version/revision of Intel Bluetooth
    controllers. This is an Intel generic command used in USB and
    UART drivers.
    
    Signed-off-by: Loic Poulain <loic.poulain@intel.com>
    Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

commit 326fcfa5acca446b3f71e99f6d19881145556e5c
Author: Felix Fietkau <nbd@openwrt.org>
Date:   Sat Dec 5 13:58:11 2015 +0100

    net: remove unnecessary semicolon in netdev_alloc_pcpu_stats()
    
    This semicolon causes a build error if the function call is wrapped in
    parentheses.
    
    Fixes: aabc92bbe3cf ("net: add __netdev_alloc_pcpu_stats() to indicate gfp flags")
    Reported-by: Imre Kaloz <kaloz@openwrt.org>
    Signed-off-by: Felix Fietkau <nbd@openwrt.org>
    Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 8a0d19c5ed417c78d03f4e0fa7215e58c40896d8
Author: lucien <lucien.xin@gmail.com>
Date:   Sat Dec 5 15:35:36 2015 +0800

    sctp: start t5 timer only when peer rwnd is 0 and local state is SHUTDOWN_PENDING
    
    when A sends a data to B, then A close() and enter into SHUTDOWN_PENDING
    state, if B neither claim his rwnd is 0 nor send SACK for this data, A
    will keep retransmitting this data until t5 timeout, Max.Retrans times
    can't work anymore, which is bad.
    
    if B's rwnd is not 0, it should send abort after Max.Retrans times, only
    when B's rwnd == 0 and A's retransmitting beyonds Max.Retrans times, A
    will start t5 timer, which is also commit f8d960524328 ("sctp: Enforce
    retransmission limit during shutdown") means, but it lacks the condition
    peer rwnd == 0.
    
    so fix it by adding a bit (zero_window_announced) in peer to record if
    the last rwnd is 0. If it was, zero_window_announced will be set. and use
    this bit to decide if start t5 timer when local.state is SHUTDOWN_PENDING.
    
    Fixes: commit f8d960524328 ("sctp: Enforce retransmission limit during shutdown")
    Signed-off-by: Xin Long <lucien.xin@gmail.com>
    Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 6c730080e663b1d629f8aa89348291fbcdc46cd9
Author: Bjørn Mork <bjorn@mork.no>
Date:   Sun Dec 6 21:25:50 2015 +0100

    net: qmi_wwan: should hold RTNL while changing netdev type
    
    The notifier calls were thrown in as a last-minute fix for an
    imagined "this device could be part of a bridge" problem. That
    revealed a certain lack of locking.  Not to mention testing...
    
    Avoid this splat:
    
    RTNL: assertion failed at net/core/dev.c (1639)
    CPU: 0 PID: 4293 Comm: bash Not tainted 4.4.0-rc3+ #358
    Hardware name: LENOVO 2776LEG/2776LEG, BIOS 6EET55WW (3.15 ) 12/19/2011
     0000000000000000 ffff8800ad253d60 ffffffff8122f7cf ffff8800ad253d98
     ffff8800ad253d88 ffffffff813833ab 0000000000000002 ffff880230f48560
     ffff880230a12900 ffff8800ad253da0 ffffffff813833da 0000000000000002
    Call Trace:
     [<ffffffff8122f7cf>] dump_stack+0x4b/0x63
     [<ffffffff813833ab>] call_netdevice_notifiers_info+0x3d/0x59
     [<ffffffff813833da>] call_netdevice_notifiers+0x13/0x15
     [<ffffffffa09be227>] raw_ip_store+0x81/0x193 [qmi_wwan]
     [<ffffffff8131e149>] dev_attr_store+0x20/0x22
     [<ffffffff811d858b>] sysfs_kf_write+0x49/0x50
     [<ffffffff811d8027>] kernfs_fop_write+0x10a/0x151
     [<ffffffff8117249a>] __vfs_write+0x26/0xa5
     [<ffffffff81085ed4>] ? percpu_down_read+0x53/0x7f
     [<ffffffff81174c9e>] ? __sb_start_write+0x5f/0xb0
     [<ffffffff81174c9e>] ? __sb_start_write+0x5f/0xb0
     [<ffffffff81172c37>] vfs_write+0xa3/0xe7
     [<ffffffff811734ad>] SyS_write+0x50/0x7e
     [<ffffffff8145c517>] entry_SYSCALL_64_fastpath+0x12/0x6f
    
    Fixes: 32f7adf633b9 ("net: qmi_wwan: support "raw IP" mode")
    Signed-off-by: Bjørn Mork <bjorn@mork.no>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit dc085392a3a760b5788db368c1b2c116be08b201
Author: Inki Dae <inki.dae@samsung.com>
Date:   Thu Dec 3 14:35:23 2015 +0900

    drm/exynos: dsi: modify a error type when getting a node failed
    
    This patch makes it to return -EINVAL instead of -ENXIO
    when getting a port or remote node failed.
    
    Signed-off-by: Inki Dae <inki.dae@samsung.com>
    Reviewed-by: Javier Martinez Canillas <javier@osg.samsung.com>

commit 5e4500d8dba16d88b528cf037566b84747ec23f0
Author: Viresh Kumar <viresh.kumar@linaro.org>
Date:   Thu Dec 3 09:37:52 2015 +0530

    cpufreq: governor: initialize/destroy timer_mutex with 'shared'
    
    timer_mutex is required to be initialized only while memory for 'shared'
    is allocated and in a similar way it is required to be destroyed only
    when memory for 'shared' is freed.
    
    There is no need to do the same every time we start/stop the governor.
    Move code to initialize/destroy timer_mutex to the relevant places.
    
    Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
    Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>

commit affde5d06af1e39c2929e36a063e3912f02fc58f
Author: Viresh Kumar <viresh.kumar@linaro.org>
Date:   Thu Dec 3 09:37:51 2015 +0530

    cpufreq: governor: Pass policy as argument to ->gov_dbs_timer()
    
    Pass 'policy' as argument to ->gov_dbs_timer() instead of cdbs and
    dbs_data.
    
    Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
    Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>

commit e68fe18c5b5442baca162ccf3b273326e6132a51
Author: Viresh Kumar <viresh.kumar@linaro.org>
Date:   Thu Dec 3 09:37:50 2015 +0530

    cpufreq: ondemand: Work is guaranteed to be pending
    
    We are guaranteed to have works scheduled for policy->cpus, as the
    policy isn't stopped yet. And so there is no need to check that again.
    Drop it.
    
    Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
    Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>

commit e128c864070055e062f6c90c64c03aad18452ac3
Author: Viresh Kumar <viresh.kumar@linaro.org>
Date:   Thu Dec 3 09:37:49 2015 +0530

    cpufreq: ondemand: Update sampling rate only for concerned policies
    
    We are comparing policy->governor against cpufreq_gov_ondemand to make
    sure that we update sampling rate only for the concerned CPUs. But that
    isn't enough.
    
    In case of governor_per_policy, there can be multiple instances of
    ondemand governor and we will always end up updating all of them with
    current code. What we rather need to do, is to compare dbs_data with
    poilcy->governor_data, which will match only for the policies governed
    by dbs_data.
    
    This code is also racy as the governor might be getting stopped at that
    time and we may end up scheduling work for a policy, which we have just
    disabled.
    
    Fix that by protecting the entire function with &od_dbs_cdata.mutex,
    which will prevent against races with policy START/STOP/etc.
    
    After these locks are in place, we can safely get the policy via per-cpu
    dbs_info.
    
    Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
    Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>

commit 7b06a6d7bff563d82ddf8769617632f26793a83e
Author: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Date:   Sat Dec 5 01:54:47 2015 +0100

    MAINTAINERS: Add an entry for the PM core
    
    Add a MAINTAINERS entry for the PM core with myself as the maintainer
    and linux-pm as the mailing list.
    
    This actually documents the current state of things.
    
    Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
    Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit ce657b1cddf1f88c56ae683efa7130341c92808b
Author: Russell King <rmk+kernel@arm.linux.org.uk>
Date:   Tue Nov 17 12:08:01 2015 +0000

    component: add support for releasing match data
    
    The component helper treats the void match data pointer as an opaque
    object which needs no further management.  When device nodes being
    passed, this is not true: the caller should pass its refcount to the
    component helper, and there should be a way to drop the refcount when
    the matching information is destroyed.
    
    This patch provides a per-match release method in addition to the match
    method to solve this issue.  Rather than using component_match_add(),
    users should use component_match_add_release() which takes an additional
    function pointer for releasing this reference.
    
    Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>

commit ffc30b74fd6d01588bd3fdebc3b1acc0857e6fc8
Author: Russell King <rmk+kernel@arm.linux.org.uk>
Date:   Fri Apr 18 23:05:53 2014 +0100

    component: track components via array rather than list
    
    Since we now have an array which defines each component, maintain the
    components to be bound in the array rather than a separate list.  We
    also need duplicate tracking so we can eliminate multiple bind calls
    for the same component: we preserve the list-based component order in
    that the first match which adds the component determines its position.
    
    Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>

commit 29f1c7fd61a31e0335ce41d4b2788959ad7c468d
Author: Russell King <rmk+kernel@arm.linux.org.uk>
Date:   Wed Apr 23 10:46:11 2014 +0100

    component: move check for unbound master into try_to_bring_up_masters()
    
    Clean up the code a little; we don't need to check that the master is
    unbound for every invocation of try_to_bring_up_master(), so let's move
    it to where it's really needed - try_to_bring_up_masters(), where we may
    encounter already bound masters.
    
    Reviewed-by: Thierry Reding <treding@nvidia.com>
    Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>

commit fae9e2e07af07baabb8c26a31b3f7d8fdf89809e
Author: Russell King <rmk+kernel@arm.linux.org.uk>
Date:   Fri Apr 18 22:10:32 2014 +0100

    component: remove old add_components method
    
    Now that drivers create an array of component matches at probe time, we
    can retire the old methods.  This involves removing the add_components
    master method, and removing component_master_add_child() from public
    view.  We also remove component_add_master() as that interface is no
    longer useful.
    
    Acked-by: Andrew Lunn <andrew@lunn.ch>
    Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>

commit 072151bb01547816d82ec06565de5559d679fbeb
Author: Jordan Hargrave <jharg93@gmail.com>
Date:   Mon Dec 7 10:07:15 2015 +1100

    firmware: dmi_scan: Save SMBIOS Type 9 System Slots
    
    Save SMBIOS Type 9 System Slots during DMI scan. PCI address of
    onboard devices was already saved but not for slots.
    
    Signed-off-by: Jordan Hargrave <jordan_hargrave@dell.com>
    Signed-off-by: Jean Delvare <jdelvare@suse.de>

commit c625c7eb2eb48f21aaab5bc762e063f770eee479
Author: Jean Delvare <jdelvare@suse.de>
Date:   Mon Dec 7 10:07:15 2015 +1100

    firmware: dmi_scan: Fix dmi_find_device description
    
    The description of dmi_find_device was apparently copied from a
    similar function in a different subsystem, but the parameter names
    were not adjusted as needed.
    
    Signed-off-by: Jean Delvare <jdelvare@suse.de>
    Cc: Andrey Panin <pazke@donpac.ru>

commit d40ad8376edb951737111330e8fba087e5c1d831
Author: Jean Delvare <jdelvare@suse.de>
Date:   Mon Dec 7 10:07:15 2015 +1100

    firmware: dmi_scan: Clarify dmi_save_extended_devices
    
    Get rid of the arbitrary 5-byte pointer offset, it served no purpose
    and made it harder to match the code with the SMBIOS specification.
    
    Signed-off-by: Jean Delvare <jdelvare@suse.de>
    Cc: Jordan Hargrave <jordan_hargrave@dell.com>
    Cc: Narendra K <narendra_k@dell.com>

commit af94859f09787d2b782743812c61032ddfd6f987
Author: Jean Delvare <jdelvare@suse.de>
Date:   Mon Dec 7 10:07:14 2015 +1100

    firmware: dmi_scan: Optimize dmi_save_extended_devices
    
    Calling dmi_string_nosave isn't cheap, so avoid calling it twice in a
    row for the same string.
    
    Signed-off-by: Jean Delvare <jdelvare@suse.de>
    Cc: Jordan Hargrave <jordan_hargrave@dell.com>
    Cc: Narendra K <narendra_k@dell.com>

commit 54046148cf6826a5a3f61e571b131e0224580d53
Author: Helge Deller <deller@gmx.de>
Date:   Sun Dec 6 21:56:26 2015 +0100

    parisc: Wire up mlock2 syscall
    
    Signed-off-by: Helge Deller <deller@gmx.de>

commit 73c5e2661b712bb63408555037e6ac38b39e04dc
Author: Bjorn Helgaas <bhelgaas@google.com>
Date:   Tue Dec 1 10:41:47 2015 -0600

    parisc: Remove unused pcibios_init_bus()
    
    There are no callers of pcibios_init_bus(), so remove it.
    
    Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
    Signed-off-by: Helge Deller <deller@gmx.de>

commit f316cb0a60c29cb00a42d6da8d42c48fe067901b
Author: Mikulas Patocka <mpatocka@redhat.com>
Date:   Mon Nov 30 14:47:46 2015 -0500

    parisc iommu: fix panic due to trying to allocate too large region
    
    When using the Promise TX2+ SATA controller on PA-RISC, the system often
    crashes with kernel panic, for example just writing data with the dd
    utility will make it crash.
    
    Kernel panic - not syncing: drivers/parisc/sba_iommu.c: I/O MMU @ 000000000000a000 is out of mapping resources
    
    CPU: 0 PID: 18442 Comm: mkspadfs Not tainted 4.4.0-rc2 #2
    Backtrace:
     [<000000004021497c>] show_stack+0x14/0x20
     [<0000000040410bf0>] dump_stack+0x88/0x100
     [<000000004023978c>] panic+0x124/0x360
     [<0000000040452c18>] sba_alloc_range+0x698/0x6a0
     [<0000000040453150>] sba_map_sg+0x260/0x5b8
     [<000000000c18dbb4>] ata_qc_issue+0x264/0x4a8 [libata]
     [<000000000c19535c>] ata_scsi_translate+0xe4/0x220 [libata]
     [<000000000c19a93c>] ata_scsi_queuecmd+0xbc/0x320 [libata]
     [<0000000040499bbc>] scsi_dispatch_cmd+0xfc/0x130
     [<000000004049da34>] scsi_request_fn+0x6e4/0x970
     [<00000000403e95a8>] __blk_run_queue+0x40/0x60
     [<00000000403e9d8c>] blk_run_queue+0x3c/0x68
     [<000000004049a534>] scsi_run_queue+0x2a4/0x360
     [<000000004049be68>] scsi_end_request+0x1a8/0x238
     [<000000004049de84>] scsi_io_completion+0xfc/0x688
     [<0000000040493c74>] scsi_finish_command+0x17c/0x1d0
    
    The cause of the crash is not exhaustion of the IOMMU space, there is
    plenty of free pages. The function sba_alloc_range is called with size
    0x11000, thus the pages_needed variable is 0x11. The function
    sba_search_bitmap is called with bits_wanted 0x11 and boundary size is
    0x10 (because dma_get_seg_boundary(dev) returns 0xffff).
    
    The function sba_search_bitmap attempts to allocate 17 pages that must not
    cross 16-page boundary - it can't satisfy this requirement
    (iommu_is_span_boundary always returns true) and fails even if there are
    many free entries in the IOMMU space.
    
    How did it happen that we try to allocate 17 pages that don't cross
    16-page boundary? The cause is in the function iommu_coalesce_chunks. This
    function tries to coalesce adjacent entries in the scatterlist. The
    function does several checks if it may coalesce one entry with the next,
    one of those checks is this:
    
    	if (startsg->length + dma_len > max_seg_size)
    		break;
    
    When it finishes coalescing adjacent entries, it allocates the mapping:
    
    sg_dma_len(contig_sg) = dma_len;
    dma_len = ALIGN(dma_len + dma_offset, IOVP_SIZE);
    sg_dma_address(contig_sg) =
    	PIDE_FLAG
    	| (iommu_alloc_range(ioc, dev, dma_len) << IOVP_SHIFT)
    	| dma_offset;
    
    It is possible that (startsg->length + dma_len > max_seg_size) is false
    (we are just near the 0x10000 max_seg_size boundary), so the funcion
    decides to coalesce this entry with the next entry. When the coalescing
    succeeds, the function performs
    	dma_len = ALIGN(dma_len + dma_offset, IOVP_SIZE);
    And now, because of non-zero dma_offset, dma_len is greater than 0x10000.
    iommu_alloc_range (a pointer to sba_alloc_range) is called and it attempts
    to allocate 17 pages for a device that must not cross 16-page boundary.
    
    To fix the bug, we must make sure that dma_len after addition of
    dma_offset and alignment doesn't cross the segment boundary. I.e. change
    	if (startsg->length + dma_len > max_seg_size)
    		break;
    to
    	if (ALIGN(dma_len + dma_offset + startsg->length, IOVP_SIZE) > max_seg_size)
    		break;
    
    This patch makes this change (it precalculates max_seg_boundary at the
    beginning of the function iommu_coalesce_chunks). I also added a check
    that the mapping length doesn't exceed dma_get_seg_boundary(dev) (it is
    not needed for Promise TX2+ SATA, but it may be needed for other devices
    that have dma_get_seg_boundary lower than dma_get_max_seg_size).
    
    Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
    Cc: stable@vger.kernel.org
    Signed-off-by: Helge Deller <deller@gmx.de>

commit 9fa547b2b7c37507fb04c93fa2d0ccddf7d4d234
Author: Helge Deller <deller@gmx.de>
Date:   Thu Nov 26 21:14:02 2015 +0100

    parisc: protect huge pte changes with spinlocks
    
    Protect all changes of huge page pte entries with purge_tlb_start() and
    purge_tlb_end() spinlocks.
    
    Signed-off-by: Helge Deller <deller@gmx.de>

commit 63424eeaab1e61af0c3eecc0f85fb9ee4877f219
Author: Helge Deller <deller@gmx.de>
Date:   Wed Nov 25 15:39:38 2015 +0100

    parisc: Disable tlb flush optimization with huge pages
    
    It seems calling flush_tlb_all() doesn't reliable flush the tlb on all
    CPUs. Disable it when used with huge pages.
    
    Signed-off-by: Helge Deller <deller@gmx.de>

commit d17fad0a588f399dcda8c6c0c77be0527d85fdd5
Author: Helge Deller <deller@gmx.de>
Date:   Sun Dec 6 21:25:20 2015 +0100

    parisc: Disable huge pages on Mako machines
    
    Mako-based machines (PA8800 and PA8900 CPUs) don't allow aliasing on
    non-equaivalent addresses.
    
    Signed-off-by: Helge Deller <deller@gmx.de>

commit 7fdc06ab013ec847cd25a66208f403e124e6371b
Author: Masahiro Yamada <yamada.masahiro@socionext.com>
Date:   Tue Nov 24 22:10:26 2015 +0900

    of/irq: optimize device node matching loop in of_irq_init()
    
    Currently, of_irq_init() iterates over interrupt controller nodes
    with for_each_matching_node(), and then gets each init function with
    of_match_node() later.
    
    This routine can be optimized with for_each_matching_node_and_match().
    It allows to get the interrupt controller node and its init function
    at the same time, saving __of_match_node() callings.
    
    Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
    Signed-off-by: Rob Herring <robh@kernel.org>

commit 5e2bfc010f63b3ede1746c53052064fa8fcd7622
Author: Liviu Dudau <Liviu.Dudau@arm.com>
Date:   Wed Dec 2 11:35:39 2015 +0000

    dt-bindings: tda998x: Document the required 'port' node.
    
    All the users of the tda998x driver are component based and bind the
    driver via the device graph method described in
    Documentation/devicetree/bindings/graph.txt. Add the fact that the
    'port' node is required to the bindings.
    
    Signed-off-by: Liviu Dudau <Liviu.Dudau@arm.com>
    Signed-off-by: Rob Herring <robh@kernel.org>

commit 8b570dc9f7b634e853866ce40097c0342ac5bb81
Author: lucien <lucien.xin@gmail.com>
Date:   Sat Dec 5 15:19:27 2015 +0800

    sctp: only drop the reference on the datamsg after sending a msg
    
    If the chunks are enqueued successfully but sctp_cmd_interpreter()
    return err to sctp_sendmsg() (mainly because of no mem), the chunks will
    get re-queued, but we are dropping the reference and freeing them.
    
    The fix is to just drop the reference on the datamsg just as it had
    succeeded, as:
     - if the chunks weren't queued, this is enough to get them freed.
     - if they were queued, they will get freed when they finally get out or
     discarded.
    
    Signed-off-by: Xin Long <lucien.xin@gmail.com>
    Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
    Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 69b5777f2e5779bb987d4a25a33401d5ac257c14
Author: lucien <lucien.xin@gmail.com>
Date:   Sat Dec 5 15:15:17 2015 +0800

    sctp: hold the chunks only after the chunk is enqueued in outq
    
    When a msg is sent, sctp will hold the chunks of this msg and then try
    to enqueue them. But if the chunks are not enqueued in sctp_outq_tail()
    because of the invalid state, sctp_cmd_interpreter() may still return
    success to sctp_sendmsg() after calling sctp_outq_flush(), these chunks
    will become orphans and will leak.
    
    So we fix them by moving sctp_chunk_hold() to sctp_outq_tail(), where we
    are sure that the chunk is going to get queued.
    
    Signed-off-by: Xin Long <lucien.xin@gmail.com>
    Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit aa1c25666a0c5a37073e06c8308ae93916b1e6df
Author: Guenter Roeck <linux@roeck-us.net>
Date:…
cf4aa1e

@ghost ghost pushed a commit to 0day-ci/linux that referenced this pull request Dec 14, 2015

Borislav Petkov EDAC, mc_sysfs: Fix freeing bus' name
I get the splat below when modprobing/rmmoding EDAC drivers. It happens
because bus->name is invalid after bus_unregister() has run. The Code: section
below corresponds to:

  .loc 1 1108 0
  movq    672(%rbx), %rax # mci_1(D)->bus, mci_1(D)->bus
  .loc 1 1109 0
  popq    %rbx    #

  .loc 1 1108 0
  movq    (%rax), %rdi    # _7->name,
  jmp     kfree   #

and %rax has some funky stuff 2030203020312030 which looks a lot like
something walked over it.

Fix that by saving the name ptr before doing stuff to string it points to.

  general protection fault: 0000 [#1] SMP
  Modules linked in: ...
  CPU: 4 PID: 10318 Comm: modprobe Tainted: G          I EN  3.12.51-11-default+ #48
  Hardware name: HP ProLiant DL380 G7, BIOS P67 05/05/2011
  task: ffff880311320280 ti: ffff88030da3e000 task.ti: ffff88030da3e000
  RIP: 0010:[<ffffffffa019da92>]  [<ffffffffa019da92>] edac_unregister_sysfs+0x22/0x30 [edac_core]
  RSP: 0018:ffff88030da3fe28  EFLAGS: 00010292
  RAX: 2030203020312030 RBX: ffff880311b4e000 RCX: 000000000000095c
  RDX: 0000000000000001 RSI: ffff880327bb9600 RDI: 0000000000000286
  RBP: ffff880311b4e750 R08: 0000000000000000 R09: ffffffff81296110
  R10: 0000000000000400 R11: 0000000000000000 R12: ffff88030ba1ac68
  R13: 0000000000000001 R14: 00000000011b02f0 R15: 0000000000000000
  FS:  00007fc9bf8f5700(0000) GS:ffff8801a7c40000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
  CR2: 0000000000403c90 CR3: 000000019ebdf000 CR4: 00000000000007e0
  Stack:
  Call Trace:
    i7core_unregister_mci.isra.9
    i7core_remove
    pci_device_remove
    __device_release_driver
    driver_detach
    bus_remove_driver
    pci_unregister_driver
    i7core_exit
    SyS_delete_module
    system_call_fastpath
    0x7fc9bf426536
  Code: 2e 0f 1f 84 00 00 00 00 00 66 66 66 66 90 53 48 89 fb e8 52 2a 1f e1 48 8b bb a0 02 00 00 e8 46 59 1f e1 48 8b 83 a0 02 00 00 5b <48> 8b 38 e9 26 9a fe e0 66 0f 1f 44 00 00 66 66 66 66 90 48 8b
  RIP  [<ffffffffa019da92>] edac_unregister_sysfs+0x22/0x30 [edac_core]
   RSP <ffff88030da3fe28>

Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Cc: <stable@vger.kernel.org> # v3.6..
Fixes: 7a623c0 ("edac: rewrite the sysfs code to use struct device")
12e2696

@ghost ghost pushed a commit to 0day-ci/linux that referenced this pull request Jan 12, 2016

@Srinivas-Kandagatla @fengguang Srinivas-Kandagatla + fengguang usb: phy: msm: fix error handling in probe.
This driver registers for extcon events as part of its probe, but
never unregisters them in case of error in the probe path.

There were multiple issues noticed due to this missing error handling.
One of them is random crashes if the regulators are not ready yet by the
time probe is invoked.

Ivan's previous attempt [1] to fix this issue, did not really address
all the failure cases like regualtor failures.

[1] https://lkml.org/lkml/2015/9/7/62

Without this patch the kernel would carsh with log:
...
Unable to handle kernel paging request at virtual address 17d78410
pgd = ffffffc001a5c000
[17d78410] *pgd=00000000b6806003, *pud=00000000b6806003, *pmd=0000000000000000
Internal error: Oops: 96000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 6 Comm: kworker/u8:0 Not tainted 4.4.0+ #48
Hardware name: Qualcomm Technologies, Inc. APQ 8016 SBC (DT)
Workqueue: deferwq deferred_probe_work_func
task: ffffffc03686e900 ti: ffffffc0368b0000 task.ti: ffffffc0368b0000
PC is at raw_notifier_chain_register+0x1c/0x44
LR is at extcon_register_notifier+0x88/0xc8
pc : [<ffffffc0000da43c>] lr : [<ffffffc000606298>] pstate: 80000085
sp : ffffffc0368b3a70
x29: ffffffc0368b3a70 x28: ffffffc03680c310
x27: ffffffc035518000 x26: ffffffc035518000
x25: ffffffc03bfa20e0 x24: ffffffc035580a18
x23: 0000000000000000 x22: ffffffc035518458
x21: ffffffc0355e9a60 x20: ffffffc035518000
x19: 0000000000000000 x18: 0000000000000028
x17: 0000000000000003 x16: ffffffc0018153c8
x15: 0000000000000001 x14: ffffffc03686f0f8
x13: ffffffc03686f0f8 x12: 0000000000000003
x11: 0000000000000001 x10: 0000000000000001
x9 : ffffffc03686f0f8 x8 : 0000e3872014c1a1
x7 : 0000000000000028 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000000
x3 : 00000000354fb170 x2 : 0000000017d78400
x1 : ffffffc0355e9a60 x0 : ffffffc0354fb268

Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
1569f9f

@ghost ghost pushed a commit to 0day-ci/linux that referenced this pull request Jan 13, 2016

@Srinivas-Kandagatla @fengguang Srinivas-Kandagatla + fengguang usb: phy: msm: fix error handling in probe.
This driver registers for extcon events as part of its probe, but
never unregisters them in case of error in the probe path.

There were multiple issues noticed due to this missing error handling.
One of them is random crashes if the regulators are not ready yet by the
time probe is invoked.

Ivan's previous attempt [1] to fix this issue, did not really address
all the failure cases like regualtor/get_irq failures.

[1] https://lkml.org/lkml/2015/9/7/62

Without this patch the kernel would carsh with log:
...
Unable to handle kernel paging request at virtual address 17d78410
pgd = ffffffc001a5c000
[17d78410] *pgd=00000000b6806003, *pud=00000000b6806003, *pmd=0000000000000000
Internal error: Oops: 96000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 6 Comm: kworker/u8:0 Not tainted 4.4.0+ #48
Hardware name: Qualcomm Technologies, Inc. APQ 8016 SBC (DT)
Workqueue: deferwq deferred_probe_work_func
task: ffffffc03686e900 ti: ffffffc0368b0000 task.ti: ffffffc0368b0000
PC is at raw_notifier_chain_register+0x1c/0x44
LR is at extcon_register_notifier+0x88/0xc8
pc : [<ffffffc0000da43c>] lr : [<ffffffc000606298>] pstate: 80000085
sp : ffffffc0368b3a70
x29: ffffffc0368b3a70 x28: ffffffc03680c310
x27: ffffffc035518000 x26: ffffffc035518000
x25: ffffffc03bfa20e0 x24: ffffffc035580a18
x23: 0000000000000000 x22: ffffffc035518458
x21: ffffffc0355e9a60 x20: ffffffc035518000
x19: 0000000000000000 x18: 0000000000000028
x17: 0000000000000003 x16: ffffffc0018153c8
x15: 0000000000000001 x14: ffffffc03686f0f8
x13: ffffffc03686f0f8 x12: 0000000000000003
x11: 0000000000000001 x10: 0000000000000001
x9 : ffffffc03686f0f8 x8 : 0000e3872014c1a1
x7 : 0000000000000028 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000000
x3 : 00000000354fb170 x2 : 0000000017d78400
x1 : ffffffc0355e9a60 x0 : ffffffc0354fb268

Fixes: 	591fc11 ("usb: phy: msm: Use extcon framework for VBUS and ID detection")
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
85a1643

@nkskjames nkskjames referenced this pull request in nkskjames/linux Jan 13, 2016

@nkskjames Li RongQing + nkskjames net: sysctl: fix a kmemleak warning
the returned buffer of register_sysctl() is stored into net_header
variable, but net_header is not used after, and compiler maybe
optimise the variable out, and lead kmemleak reported the below warning

	comm "swapper/0", pid 1, jiffies 4294937448 (age 267.270s)
	hex dump (first 32 bytes):
	90 38 8b 01 c0 ff ff ff 00 00 00 00 01 00 00 00 .8..............
	01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
	backtrace:
	[<ffffffc00020f134>] create_object+0x10c/0x2a0
	[<ffffffc00070ff44>] kmemleak_alloc+0x54/0xa0
	[<ffffffc0001fe378>] __kmalloc+0x1f8/0x4f8
	[<ffffffc00028e984>] __register_sysctl_table+0x64/0x5a0
	[<ffffffc00028eef0>] register_sysctl+0x30/0x40
	[<ffffffc00099c304>] net_sysctl_init+0x20/0x58
	[<ffffffc000994dd8>] sock_init+0x10/0xb0
	[<ffffffc0000842e0>] do_one_initcall+0x90/0x1b8
	[<ffffffc000966bac>] kernel_init_freeable+0x218/0x2f0
	[<ffffffc00070ed6c>] kernel_init+0x1c/0xe8
	[<ffffffc000083bfc>] ret_from_fork+0xc/0x50
	[<ffffffffffffffff>] 0xffffffffffffffff <<end check kmemleak>>

Before fix, the objdump result on ARM64:
0000000000000000 <net_sysctl_init>:
   0:   a9be7bfd        stp     x29, x30, [sp,#-32]!
   4:   90000001        adrp    x1, 0 <net_sysctl_init>
   8:   90000000        adrp    x0, 0 <net_sysctl_init>
   c:   910003fd        mov     x29, sp
  10:   91000021        add     x1, x1, #0x0
  14:   91000000        add     x0, x0, #0x0
  18:   a90153f3        stp     x19, x20, [sp,#16]
  1c:   12800174        mov     w20, #0xfffffff4                // #-12
  20:   94000000        bl      0 <register_sysctl>
  24:   b4000120        cbz     x0, 48 <net_sysctl_init+0x48>
  28:   90000013        adrp    x19, 0 <net_sysctl_init>
  2c:   91000273        add     x19, x19, #0x0
  30:   9101a260        add     x0, x19, #0x68
  34:   94000000        bl      0 <register_pernet_subsys>
  38:   2a0003f4        mov     w20, w0
  3c:   35000060        cbnz    w0, 48 <net_sysctl_init+0x48>
  40:   aa1303e0        mov     x0, x19
  44:   94000000        bl      0 <register_sysctl_root>
  48:   2a1403e0        mov     w0, w20
  4c:   a94153f3        ldp     x19, x20, [sp,#16]
  50:   a8c27bfd        ldp     x29, x30, [sp],#32
  54:   d65f03c0        ret
After:
0000000000000000 <net_sysctl_init>:
   0:   a9bd7bfd        stp     x29, x30, [sp,#-48]!
   4:   90000000        adrp    x0, 0 <net_sysctl_init>
   8:   910003fd        mov     x29, sp
   c:   a90153f3        stp     x19, x20, [sp,#16]
  10:   90000013        adrp    x19, 0 <net_sysctl_init>
  14:   91000000        add     x0, x0, #0x0
  18:   91000273        add     x19, x19, #0x0
  1c:   f90013f5        str     x21, [sp,#32]
  20:   aa1303e1        mov     x1, x19
  24:   12800175        mov     w21, #0xfffffff4                // #-12
  28:   94000000        bl      0 <register_sysctl>
  2c:   f9002260        str     x0, [x19,#64]
  30:   b40001a0        cbz     x0, 64 <net_sysctl_init+0x64>
  34:   90000014        adrp    x20, 0 <net_sysctl_init>
  38:   91000294        add     x20, x20, #0x0
  3c:   9101a280        add     x0, x20, #0x68
  40:   94000000        bl      0 <register_pernet_subsys>
  44:   2a0003f5        mov     w21, w0
  48:   35000080        cbnz    w0, 58 <net_sysctl_init+0x58>
  4c:   aa1403e0        mov     x0, x20
  50:   94000000        bl      0 <register_sysctl_root>
  54:   14000004        b       64 <net_sysctl_init+0x64>
  58:   f9402260        ldr     x0, [x19,#64]
  5c:   94000000        bl      0 <unregister_sysctl_table>
  60:   f900227f        str     xzr, [x19,#64]
  64:   2a1503e0        mov     w0, w21
  68:   f94013f5        ldr     x21, [sp,#32]
  6c:   a94153f3        ldp     x19, x20, [sp,#16]
  70:   a8c37bfd        ldp     x29, x30, [sp],#48
  74:   d65f03c0        ret

Add the possible error handle to free the net_header to remove the
kmemleak warning

Signed-off-by: Li RongQing <roy.qing.li@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
e15a2ec

@ghost ghost pushed a commit to 0day-ci/linux that referenced this pull request Feb 4, 2016

@Srinivas-Kandagatla @felipebalbi Srinivas-Kandagatla + felipebalbi usb: phy: msm: fix error handling in probe.
This driver registers for extcon events as part of its probe, but
never unregisters them in case of error in the probe path.

There were multiple issues noticed due to this missing error handling.
One of them is random crashes if the regulators are not ready yet by the
time probe is invoked.

Ivan's previous attempt [1] to fix this issue, did not really address
all the failure cases like regualtor/get_irq failures.

[1] https://lkml.org/lkml/2015/9/7/62

Without this patch the kernel would carsh with log:
...
Unable to handle kernel paging request at virtual address 17d78410
pgd = ffffffc001a5c000
[17d78410] *pgd=00000000b6806003, *pud=00000000b6806003, *pmd=0000000000000000
Internal error: Oops: 96000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 6 Comm: kworker/u8:0 Not tainted 4.4.0+ #48
Hardware name: Qualcomm Technologies, Inc. APQ 8016 SBC (DT)
Workqueue: deferwq deferred_probe_work_func
task: ffffffc03686e900 ti: ffffffc0368b0000 task.ti: ffffffc0368b0000
PC is at raw_notifier_chain_register+0x1c/0x44
LR is at extcon_register_notifier+0x88/0xc8
pc : [<ffffffc0000da43c>] lr : [<ffffffc000606298>] pstate: 80000085
sp : ffffffc0368b3a70
x29: ffffffc0368b3a70 x28: ffffffc03680c310
x27: ffffffc035518000 x26: ffffffc035518000
x25: ffffffc03bfa20e0 x24: ffffffc035580a18
x23: 0000000000000000 x22: ffffffc035518458
x21: ffffffc0355e9a60 x20: ffffffc035518000
x19: 0000000000000000 x18: 0000000000000028
x17: 0000000000000003 x16: ffffffc0018153c8
x15: 0000000000000001 x14: ffffffc03686f0f8
x13: ffffffc03686f0f8 x12: 0000000000000003
x11: 0000000000000001 x10: 0000000000000001
x9 : ffffffc03686f0f8 x8 : 0000e3872014c1a1
x7 : 0000000000000028 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000000
x3 : 00000000354fb170 x2 : 0000000017d78400
x1 : ffffffc0355e9a60 x0 : ffffffc0354fb268

Fixes: 	591fc11 ("usb: phy: msm: Use extcon framework for VBUS and ID detection")
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
a38a08d

@rsalveti rsalveti pushed a commit to rsalveti/linux that referenced this pull request Feb 9, 2016

@Srinivas-Kandagatla Srinivas-Kandagatla usb: phy: msm: fix error handling in probe.
This driver registers for extcon events as part of its probe, but
never unregisters them in case of error in the probe path.

There were multiple issues noticed due to this missing error handling.
One of them is random crashes if the regulators are not ready yet by the
time probe is invoked.

Ivan's previous attempt [1] to fix this issue, did not really address
all the failure cases like regualtor failures.

[1] https://lkml.org/lkml/2015/9/7/62

Without this patch the kernel would carsh with log:
...
Unable to handle kernel paging request at virtual address 17d78410
pgd = ffffffc001a5c000
[17d78410] *pgd=00000000b6806003, *pud=00000000b6806003, *pmd=0000000000000000
Internal error: Oops: 96000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 6 Comm: kworker/u8:0 Not tainted 4.4.0+ #48
Hardware name: Qualcomm Technologies, Inc. APQ 8016 SBC (DT)
Workqueue: deferwq deferred_probe_work_func
task: ffffffc03686e900 ti: ffffffc0368b0000 task.ti: ffffffc0368b0000
PC is at raw_notifier_chain_register+0x1c/0x44
LR is at extcon_register_notifier+0x88/0xc8
pc : [<ffffffc0000da43c>] lr : [<ffffffc000606298>] pstate: 80000085
sp : ffffffc0368b3a70
x29: ffffffc0368b3a70 x28: ffffffc03680c310
x27: ffffffc035518000 x26: ffffffc035518000
x25: ffffffc03bfa20e0 x24: ffffffc035580a18
x23: 0000000000000000 x22: ffffffc035518458
x21: ffffffc0355e9a60 x20: ffffffc035518000
x19: 0000000000000000 x18: 0000000000000028
x17: 0000000000000003 x16: ffffffc0018153c8
x15: 0000000000000001 x14: ffffffc03686f0f8
x13: ffffffc03686f0f8 x12: 0000000000000003
x11: 0000000000000001 x10: 0000000000000001
x9 : ffffffc03686f0f8 x8 : 0000e3872014c1a1
x7 : 0000000000000028 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000000
x3 : 00000000354fb170 x2 : 0000000017d78400
x1 : ffffffc0355e9a60 x0 : ffffffc0354fb268

Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
43ca9cb

@rperier rperier pushed a commit to rperier/linux that referenced this pull request Feb 13, 2016

Andrew Morton + Stephen Rothwell fanotify-dont-set-fan_ondir-implicitly-on-a-marks-ignored-mask-checkp…
…atch-fixes

WARNING: Missing a blank line after declarations
#48: FILE: fs/notify/fanotify/fanotify_user.c:495:
+		__u32 tmask = fsn_mark->mask & ~mask;
+		if (flags & FAN_MARK_ONDIR)

WARNING: Missing a blank line after declarations
#67: FILE: fs/notify/fanotify/fanotify_user.c:579:
+		__u32 tmask = fsn_mark->mask | mask;
+		if (flags & FAN_MARK_ONDIR)

total: 0 errors, 2 warnings, 54 lines checked

./patches/fanotify-dont-set-fan_ondir-implicitly-on-a-marks-ignored-mask.patch has style problems, please review.

If any of these errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Lino Sanfilippo <LinoSanfilippo@gmx.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
b6fab44

@Noltari Noltari pushed a commit to Noltari/linux that referenced this pull request Feb 16, 2016

@sashalevin Borislav Petkov + sashalevin EDAC, mc_sysfs: Fix freeing bus' name
[ Upstream commit 12e2696 ]

I get the splat below when modprobing/rmmoding EDAC drivers. It happens
because bus->name is invalid after bus_unregister() has run. The Code: section
below corresponds to:

  .loc 1 1108 0
  movq    672(%rbx), %rax # mci_1(D)->bus, mci_1(D)->bus
  .loc 1 1109 0
  popq    %rbx    #

  .loc 1 1108 0
  movq    (%rax), %rdi    # _7->name,
  jmp     kfree   #

and %rax has some funky stuff 2030203020312030 which looks a lot like
something walked over it.

Fix that by saving the name ptr before doing stuff to string it points to.

  general protection fault: 0000 [#1] SMP
  Modules linked in: ...
  CPU: 4 PID: 10318 Comm: modprobe Tainted: G          I EN  3.12.51-11-default+ #48
  Hardware name: HP ProLiant DL380 G7, BIOS P67 05/05/2011
  task: ffff880311320280 ti: ffff88030da3e000 task.ti: ffff88030da3e000
  RIP: 0010:[<ffffffffa019da92>]  [<ffffffffa019da92>] edac_unregister_sysfs+0x22/0x30 [edac_core]
  RSP: 0018:ffff88030da3fe28  EFLAGS: 00010292
  RAX: 2030203020312030 RBX: ffff880311b4e000 RCX: 000000000000095c
  RDX: 0000000000000001 RSI: ffff880327bb9600 RDI: 0000000000000286
  RBP: ffff880311b4e750 R08: 0000000000000000 R09: ffffffff81296110
  R10: 0000000000000400 R11: 0000000000000000 R12: ffff88030ba1ac68
  R13: 0000000000000001 R14: 00000000011b02f0 R15: 0000000000000000
  FS:  00007fc9bf8f5700(0000) GS:ffff8801a7c40000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
  CR2: 0000000000403c90 CR3: 000000019ebdf000 CR4: 00000000000007e0
  Stack:
  Call Trace:
    i7core_unregister_mci.isra.9
    i7core_remove
    pci_device_remove
    __device_release_driver
    driver_detach
    bus_remove_driver
    pci_unregister_driver
    i7core_exit
    SyS_delete_module
    system_call_fastpath
    0x7fc9bf426536
  Code: 2e 0f 1f 84 00 00 00 00 00 66 66 66 66 90 53 48 89 fb e8 52 2a 1f e1 48 8b bb a0 02 00 00 e8 46 59 1f e1 48 8b 83 a0 02 00 00 5b <48> 8b 38 e9 26 9a fe e0 66 0f 1f 44 00 00 66 66 66 66 90 48 8b
  RIP  [<ffffffffa019da92>] edac_unregister_sysfs+0x22/0x30 [edac_core]
   RSP <ffff88030da3fe28>

Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Cc: <stable@vger.kernel.org> # v3.6..
Fixes: 7a623c0 ("edac: rewrite the sysfs code to use struct device")
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
eddf977

@Noltari Noltari pushed a commit to Noltari/linux that referenced this pull request Feb 17, 2016

@Srinivas-Kandagatla @gregkh Srinivas-Kandagatla + gregkh usb: phy: msm: fix error handling in probe.
commit a38a08d upstream.

This driver registers for extcon events as part of its probe, but
never unregisters them in case of error in the probe path.

There were multiple issues noticed due to this missing error handling.
One of them is random crashes if the regulators are not ready yet by the
time probe is invoked.

Ivan's previous attempt [1] to fix this issue, did not really address
all the failure cases like regualtor/get_irq failures.

[1] https://lkml.org/lkml/2015/9/7/62

Without this patch the kernel would carsh with log:
...
Unable to handle kernel paging request at virtual address 17d78410
pgd = ffffffc001a5c000
[17d78410] *pgd=00000000b6806003, *pud=00000000b6806003, *pmd=0000000000000000
Internal error: Oops: 96000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 6 Comm: kworker/u8:0 Not tainted 4.4.0+ #48
Hardware name: Qualcomm Technologies, Inc. APQ 8016 SBC (DT)
Workqueue: deferwq deferred_probe_work_func
task: ffffffc03686e900 ti: ffffffc0368b0000 task.ti: ffffffc0368b0000
PC is at raw_notifier_chain_register+0x1c/0x44
LR is at extcon_register_notifier+0x88/0xc8
pc : [<ffffffc0000da43c>] lr : [<ffffffc000606298>] pstate: 80000085
sp : ffffffc0368b3a70
x29: ffffffc0368b3a70 x28: ffffffc03680c310
x27: ffffffc035518000 x26: ffffffc035518000
x25: ffffffc03bfa20e0 x24: ffffffc035580a18
x23: 0000000000000000 x22: ffffffc035518458
x21: ffffffc0355e9a60 x20: ffffffc035518000
x19: 0000000000000000 x18: 0000000000000028
x17: 0000000000000003 x16: ffffffc0018153c8
x15: 0000000000000001 x14: ffffffc03686f0f8
x13: ffffffc03686f0f8 x12: 0000000000000003
x11: 0000000000000001 x10: 0000000000000001
x9 : ffffffc03686f0f8 x8 : 0000e3872014c1a1
x7 : 0000000000000028 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000000
x3 : 00000000354fb170 x2 : 0000000017d78400
x1 : ffffffc0355e9a60 x0 : ffffffc0354fb268

Fixes: 	591fc11 ("usb: phy: msm: Use extcon framework for VBUS and ID detection")
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
7ab0e9d

@damentz damentz referenced this pull request in zen-kernel/zen-kernel Feb 20, 2016

@Srinivas-Kandagatla @gregkh Srinivas-Kandagatla + gregkh usb: phy: msm: fix error handling in probe.
commit a38a08d upstream.

This driver registers for extcon events as part of its probe, but
never unregisters them in case of error in the probe path.

There were multiple issues noticed due to this missing error handling.
One of them is random crashes if the regulators are not ready yet by the
time probe is invoked.

Ivan's previous attempt [1] to fix this issue, did not really address
all the failure cases like regualtor/get_irq failures.

[1] https://lkml.org/lkml/2015/9/7/62

Without this patch the kernel would carsh with log:
...
Unable to handle kernel paging request at virtual address 17d78410
pgd = ffffffc001a5c000
[17d78410] *pgd=00000000b6806003, *pud=00000000b6806003, *pmd=0000000000000000
Internal error: Oops: 96000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 6 Comm: kworker/u8:0 Not tainted 4.4.0+ #48
Hardware name: Qualcomm Technologies, Inc. APQ 8016 SBC (DT)
Workqueue: deferwq deferred_probe_work_func
task: ffffffc03686e900 ti: ffffffc0368b0000 task.ti: ffffffc0368b0000
PC is at raw_notifier_chain_register+0x1c/0x44
LR is at extcon_register_notifier+0x88/0xc8
pc : [<ffffffc0000da43c>] lr : [<ffffffc000606298>] pstate: 80000085
sp : ffffffc0368b3a70
x29: ffffffc0368b3a70 x28: ffffffc03680c310
x27: ffffffc035518000 x26: ffffffc035518000
x25: ffffffc03bfa20e0 x24: ffffffc035580a18
x23: 0000000000000000 x22: ffffffc035518458
x21: ffffffc0355e9a60 x20: ffffffc035518000
x19: 0000000000000000 x18: 0000000000000028
x17: 0000000000000003 x16: ffffffc0018153c8
x15: 0000000000000001 x14: ffffffc03686f0f8
x13: ffffffc03686f0f8 x12: 0000000000000003
x11: 0000000000000001 x10: 0000000000000001
x9 : ffffffc03686f0f8 x8 : 0000e3872014c1a1
x7 : 0000000000000028 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000000
x3 : 00000000354fb170 x2 : 0000000017d78400
x1 : ffffffc0355e9a60 x0 : ffffffc0354fb268

Fixes: 	591fc11 ("usb: phy: msm: Use extcon framework for VBUS and ID detection")
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
bbad7eb

@ddstreet ddstreet pushed a commit to ddstreet/linux that referenced this pull request Feb 29, 2016

@bjf Borislav Petkov + bjf EDAC, mc_sysfs: Fix freeing bus' name
BugLink: http://bugs.launchpad.net/bugs/1540532

commit 12e2696 upstream.

I get the splat below when modprobing/rmmoding EDAC drivers. It happens
because bus->name is invalid after bus_unregister() has run. The Code: section
below corresponds to:

  .loc 1 1108 0
  movq    672(%rbx), %rax # mci_1(D)->bus, mci_1(D)->bus
  .loc 1 1109 0
  popq    %rbx    #

  .loc 1 1108 0
  movq    (%rax), %rdi    # _7->name,
  jmp     kfree   #

and %rax has some funky stuff 2030203020312030 which looks a lot like
something walked over it.

Fix that by saving the name ptr before doing stuff to string it points to.

  general protection fault: 0000 [#1] SMP
  Modules linked in: ...
  CPU: 4 PID: 10318 Comm: modprobe Tainted: G          I EN  3.12.51-11-default+ #48
  Hardware name: HP ProLiant DL380 G7, BIOS P67 05/05/2011
  task: ffff880311320280 ti: ffff88030da3e000 task.ti: ffff88030da3e000
  RIP: 0010:[<ffffffffa019da92>]  [<ffffffffa019da92>] edac_unregister_sysfs+0x22/0x30 [edac_core]
  RSP: 0018:ffff88030da3fe28  EFLAGS: 00010292
  RAX: 2030203020312030 RBX: ffff880311b4e000 RCX: 000000000000095c
  RDX: 0000000000000001 RSI: ffff880327bb9600 RDI: 0000000000000286
  RBP: ffff880311b4e750 R08: 0000000000000000 R09: ffffffff81296110
  R10: 0000000000000400 R11: 0000000000000000 R12: ffff88030ba1ac68
  R13: 0000000000000001 R14: 00000000011b02f0 R15: 0000000000000000
  FS:  00007fc9bf8f5700(0000) GS:ffff8801a7c40000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
  CR2: 0000000000403c90 CR3: 000000019ebdf000 CR4: 00000000000007e0
  Stack:
  Call Trace:
    i7core_unregister_mci.isra.9
    i7core_remove
    pci_device_remove
    __device_release_driver
    driver_detach
    bus_remove_driver
    pci_unregister_driver
    i7core_exit
    SyS_delete_module
    system_call_fastpath
    0x7fc9bf426536
  Code: 2e 0f 1f 84 00 00 00 00 00 66 66 66 66 90 53 48 89 fb e8 52 2a 1f e1 48 8b bb a0 02 00 00 e8 46 59 1f e1 48 8b 83 a0 02 00 00 5b <48> 8b 38 e9 26 9a fe e0 66 0f 1f 44 00 00 66 66 66 66 90 48 8b
  RIP  [<ffffffffa019da92>] edac_unregister_sysfs+0x22/0x30 [edac_core]
   RSP <ffff88030da3fe28>

Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Fixes: 7a623c0 ("edac: rewrite the sysfs code to use struct device")
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
665e7bd

@Noltari Noltari pushed a commit to Noltari/linux that referenced this pull request Mar 4, 2016

@gregkh Borislav Petkov + gregkh EDAC, mc_sysfs: Fix freeing bus' name
commit 12e2696 upstream.

I get the splat below when modprobing/rmmoding EDAC drivers. It happens
because bus->name is invalid after bus_unregister() has run. The Code: section
below corresponds to:

  .loc 1 1108 0
  movq    672(%rbx), %rax # mci_1(D)->bus, mci_1(D)->bus
  .loc 1 1109 0
  popq    %rbx    #

  .loc 1 1108 0
  movq    (%rax), %rdi    # _7->name,
  jmp     kfree   #

and %rax has some funky stuff 2030203020312030 which looks a lot like
something walked over it.

Fix that by saving the name ptr before doing stuff to string it points to.

  general protection fault: 0000 [#1] SMP
  Modules linked in: ...
  CPU: 4 PID: 10318 Comm: modprobe Tainted: G          I EN  3.12.51-11-default+ #48
  Hardware name: HP ProLiant DL380 G7, BIOS P67 05/05/2011
  task: ffff880311320280 ti: ffff88030da3e000 task.ti: ffff88030da3e000
  RIP: 0010:[<ffffffffa019da92>]  [<ffffffffa019da92>] edac_unregister_sysfs+0x22/0x30 [edac_core]
  RSP: 0018:ffff88030da3fe28  EFLAGS: 00010292
  RAX: 2030203020312030 RBX: ffff880311b4e000 RCX: 000000000000095c
  RDX: 0000000000000001 RSI: ffff880327bb9600 RDI: 0000000000000286
  RBP: ffff880311b4e750 R08: 0000000000000000 R09: ffffffff81296110
  R10: 0000000000000400 R11: 0000000000000000 R12: ffff88030ba1ac68
  R13: 0000000000000001 R14: 00000000011b02f0 R15: 0000000000000000
  FS:  00007fc9bf8f5700(0000) GS:ffff8801a7c40000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
  CR2: 0000000000403c90 CR3: 000000019ebdf000 CR4: 00000000000007e0
  Stack:
  Call Trace:
    i7core_unregister_mci.isra.9
    i7core_remove
    pci_device_remove
    __device_release_driver
    driver_detach
    bus_remove_driver
    pci_unregister_driver
    i7core_exit
    SyS_delete_module
    system_call_fastpath
    0x7fc9bf426536
  Code: 2e 0f 1f 84 00 00 00 00 00 66 66 66 66 90 53 48 89 fb e8 52 2a 1f e1 48 8b bb a0 02 00 00 e8 46 59 1f e1 48 8b 83 a0 02 00 00 5b <48> 8b 38 e9 26 9a fe e0 66 0f 1f 44 00 00 66 66 66 66 90 48 8b
  RIP  [<ffffffffa019da92>] edac_unregister_sysfs+0x22/0x30 [edac_core]
   RSP <ffff88030da3fe28>

Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Fixes: 7a623c0 ("edac: rewrite the sysfs code to use struct device")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
b49777c

@Noltari Noltari pushed a commit to Noltari/linux that referenced this pull request Mar 9, 2016

Borislav Petkov + Jiri Slaby EDAC, mc_sysfs: Fix freeing bus' name
commit 12e2696 upstream.

I get the splat below when modprobing/rmmoding EDAC drivers. It happens
because bus->name is invalid after bus_unregister() has run. The Code: section
below corresponds to:

  .loc 1 1108 0
  movq    672(%rbx), %rax # mci_1(D)->bus, mci_1(D)->bus
  .loc 1 1109 0
  popq    %rbx    #

  .loc 1 1108 0
  movq    (%rax), %rdi    # _7->name,
  jmp     kfree   #

and %rax has some funky stuff 2030203020312030 which looks a lot like
something walked over it.

Fix that by saving the name ptr before doing stuff to string it points to.

  general protection fault: 0000 [#1] SMP
  Modules linked in: ...
  CPU: 4 PID: 10318 Comm: modprobe Tainted: G          I EN  3.12.51-11-default+ #48
  Hardware name: HP ProLiant DL380 G7, BIOS P67 05/05/2011
  task: ffff880311320280 ti: ffff88030da3e000 task.ti: ffff88030da3e000
  RIP: 0010:[<ffffffffa019da92>]  [<ffffffffa019da92>] edac_unregister_sysfs+0x22/0x30 [edac_core]
  RSP: 0018:ffff88030da3fe28  EFLAGS: 00010292
  RAX: 2030203020312030 RBX: ffff880311b4e000 RCX: 000000000000095c
  RDX: 0000000000000001 RSI: ffff880327bb9600 RDI: 0000000000000286
  RBP: ffff880311b4e750 R08: 0000000000000000 R09: ffffffff81296110
  R10: 0000000000000400 R11: 0000000000000000 R12: ffff88030ba1ac68
  R13: 0000000000000001 R14: 00000000011b02f0 R15: 0000000000000000
  FS:  00007fc9bf8f5700(0000) GS:ffff8801a7c40000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
  CR2: 0000000000403c90 CR3: 000000019ebdf000 CR4: 00000000000007e0
  Stack:
  Call Trace:
    i7core_unregister_mci.isra.9
    i7core_remove
    pci_device_remove
    __device_release_driver
    driver_detach
    bus_remove_driver
    pci_unregister_driver
    i7core_exit
    SyS_delete_module
    system_call_fastpath
    0x7fc9bf426536
  Code: 2e 0f 1f 84 00 00 00 00 00 66 66 66 66 90 53 48 89 fb e8 52 2a 1f e1 48 8b bb a0 02 00 00 e8 46 59 1f e1 48 8b 83 a0 02 00 00 5b <48> 8b 38 e9 26 9a fe e0 66 0f 1f 44 00 00 66 66 66 66 90 48 8b
  RIP  [<ffffffffa019da92>] edac_unregister_sysfs+0x22/0x30 [edac_core]
   RSP <ffff88030da3fe28>

Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Fixes: 7a623c0 ("edac: rewrite the sysfs code to use struct device")
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
1e71941

@Noltari Noltari pushed a commit to Noltari/linux that referenced this pull request Mar 10, 2016

@gregkh Borislav Petkov + gregkh EDAC, mc_sysfs: Fix freeing bus' name
commit 12e2696 upstream.

I get the splat below when modprobing/rmmoding EDAC drivers. It happens
because bus->name is invalid after bus_unregister() has run. The Code: section
below corresponds to:

  .loc 1 1108 0
  movq    672(%rbx), %rax # mci_1(D)->bus, mci_1(D)->bus
  .loc 1 1109 0
  popq    %rbx    #

  .loc 1 1108 0
  movq    (%rax), %rdi    # _7->name,
  jmp     kfree   #

and %rax has some funky stuff 2030203020312030 which looks a lot like
something walked over it.

Fix that by saving the name ptr before doing stuff to string it points to.

  general protection fault: 0000 [#1] SMP
  Modules linked in: ...
  CPU: 4 PID: 10318 Comm: modprobe Tainted: G          I EN  3.12.51-11-default+ #48
  Hardware name: HP ProLiant DL380 G7, BIOS P67 05/05/2011
  task: ffff880311320280 ti: ffff88030da3e000 task.ti: ffff88030da3e000
  RIP: 0010:[<ffffffffa019da92>]  [<ffffffffa019da92>] edac_unregister_sysfs+0x22/0x30 [edac_core]
  RSP: 0018:ffff88030da3fe28  EFLAGS: 00010292
  RAX: 2030203020312030 RBX: ffff880311b4e000 RCX: 000000000000095c
  RDX: 0000000000000001 RSI: ffff880327bb9600 RDI: 0000000000000286
  RBP: ffff880311b4e750 R08: 0000000000000000 R09: ffffffff81296110
  R10: 0000000000000400 R11: 0000000000000000 R12: ffff88030ba1ac68
  R13: 0000000000000001 R14: 00000000011b02f0 R15: 0000000000000000
  FS:  00007fc9bf8f5700(0000) GS:ffff8801a7c40000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
  CR2: 0000000000403c90 CR3: 000000019ebdf000 CR4: 00000000000007e0
  Stack:
  Call Trace:
    i7core_unregister_mci.isra.9
    i7core_remove
    pci_device_remove
    __device_release_driver
    driver_detach
    bus_remove_driver
    pci_unregister_driver
    i7core_exit
    SyS_delete_module
    system_call_fastpath
    0x7fc9bf426536
  Code: 2e 0f 1f 84 00 00 00 00 00 66 66 66 66 90 53 48 89 fb e8 52 2a 1f e1 48 8b bb a0 02 00 00 e8 46 59 1f e1 48 8b 83 a0 02 00 00 5b <48> 8b 38 e9 26 9a fe e0 66 0f 1f 44 00 00 66 66 66 66 90 48 8b
  RIP  [<ffffffffa019da92>] edac_unregister_sysfs+0x22/0x30 [edac_core]
   RSP <ffff88030da3fe28>

Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Fixes: 7a623c0 ("edac: rewrite the sysfs code to use struct device")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
42b5732

@Noltari Noltari pushed a commit to Noltari/linux that referenced this pull request Mar 10, 2016

@gregkh Borislav Petkov + gregkh EDAC, mc_sysfs: Fix freeing bus' name
commit 12e2696 upstream.

I get the splat below when modprobing/rmmoding EDAC drivers. It happens
because bus->name is invalid after bus_unregister() has run. The Code: section
below corresponds to:

  .loc 1 1108 0
  movq    672(%rbx), %rax # mci_1(D)->bus, mci_1(D)->bus
  .loc 1 1109 0
  popq    %rbx    #

  .loc 1 1108 0
  movq    (%rax), %rdi    # _7->name,
  jmp     kfree   #

and %rax has some funky stuff 2030203020312030 which looks a lot like
something walked over it.

Fix that by saving the name ptr before doing stuff to string it points to.

  general protection fault: 0000 [#1] SMP
  Modules linked in: ...
  CPU: 4 PID: 10318 Comm: modprobe Tainted: G          I EN  3.12.51-11-default+ #48
  Hardware name: HP ProLiant DL380 G7, BIOS P67 05/05/2011
  task: ffff880311320280 ti: ffff88030da3e000 task.ti: ffff88030da3e000
  RIP: 0010:[<ffffffffa019da92>]  [<ffffffffa019da92>] edac_unregister_sysfs+0x22/0x30 [edac_core]
  RSP: 0018:ffff88030da3fe28  EFLAGS: 00010292
  RAX: 2030203020312030 RBX: ffff880311b4e000 RCX: 000000000000095c
  RDX: 0000000000000001 RSI: ffff880327bb9600 RDI: 0000000000000286
  RBP: ffff880311b4e750 R08: 0000000000000000 R09: ffffffff81296110
  R10: 0000000000000400 R11: 0000000000000000 R12: ffff88030ba1ac68
  R13: 0000000000000001 R14: 00000000011b02f0 R15: 0000000000000000
  FS:  00007fc9bf8f5700(0000) GS:ffff8801a7c40000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
  CR2: 0000000000403c90 CR3: 000000019ebdf000 CR4: 00000000000007e0
  Stack:
  Call Trace:
    i7core_unregister_mci.isra.9
    i7core_remove
    pci_device_remove
    __device_release_driver
    driver_detach
    bus_remove_driver
    pci_unregister_driver
    i7core_exit
    SyS_delete_module
    system_call_fastpath
    0x7fc9bf426536
  Code: 2e 0f 1f 84 00 00 00 00 00 66 66 66 66 90 53 48 89 fb e8 52 2a 1f e1 48 8b bb a0 02 00 00 e8 46 59 1f e1 48 8b 83 a0 02 00 00 5b <48> 8b 38 e9 26 9a fe e0 66 0f 1f 44 00 00 66 66 66 66 90 48 8b
  RIP  [<ffffffffa019da92>] edac_unregister_sysfs+0x22/0x30 [edac_core]
   RSP <ffff88030da3fe28>

Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Fixes: 7a623c0 ("edac: rewrite the sysfs code to use struct device")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
9f2c4c9

@ghost ghost pushed a commit to 0day-ci/linux that referenced this pull request Apr 26, 2016

Andrew Morton + Stephen Rothwell kernel-padata-hide-unused-functions-checkpatch-fixes
ERROR: spaces required around that '=' (ctx:WxO)
#48: FILE: kernel/padata.c:689:
+		err =-EINVAL;
 		    ^

ERROR: space required before that '-' (ctx:OxV)
#48: FILE: kernel/padata.c:689:
+		err =-EINVAL;
 		     ^

total: 2 errors, 0 warnings, 86 lines checked

./patches/kernel-padata-hide-unused-functions.patch has style problems, please review.

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
e7da40e

@ghost ghost pushed a commit to 0day-ci/linux that referenced this pull request Apr 28, 2016

Andrew Morton + Stephen Rothwell kernel-padata-hide-unused-functions-checkpatch-fixes
ERROR: spaces required around that '=' (ctx:WxO)
#48: FILE: kernel/padata.c:689:
+		err =-EINVAL;
 		    ^

ERROR: space required before that '-' (ctx:OxV)
#48: FILE: kernel/padata.c:689:
+		err =-EINVAL;
 		     ^

total: 2 errors, 0 warnings, 86 lines checked

./patches/kernel-padata-hide-unused-functions.patch has style problems, please review.

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
0d1d769

@sashalevin sashalevin added a commit to sashalevin/linux-stable-security that referenced this pull request Apr 29, 2016

@Srinivas-Kandagatla @sashalevin Srinivas-Kandagatla + sashalevin usb: phy: msm: fix error handling in probe.
commit a38a08d upstream.

This driver registers for extcon events as part of its probe, but
never unregisters them in case of error in the probe path.

There were multiple issues noticed due to this missing error handling.
One of them is random crashes if the regulators are not ready yet by the
time probe is invoked.

Ivan's previous attempt [1] to fix this issue, did not really address
all the failure cases like regualtor/get_irq failures.

[1] https://lkml.org/lkml/2015/9/7/62

Without this patch the kernel would carsh with log:
...
Unable to handle kernel paging request at virtual address 17d78410
pgd = ffffffc001a5c000
[17d78410] *pgd=00000000b6806003, *pud=00000000b6806003, *pmd=0000000000000000
Internal error: Oops: 96000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 6 Comm: kworker/u8:0 Not tainted 4.4.0+ #48
Hardware name: Qualcomm Technologies, Inc. APQ 8016 SBC (DT)
Workqueue: deferwq deferred_probe_work_func
task: ffffffc03686e900 ti: ffffffc0368b0000 task.ti: ffffffc0368b0000
PC is at raw_notifier_chain_register+0x1c/0x44
LR is at extcon_register_notifier+0x88/0xc8
pc : [<ffffffc0000da43c>] lr : [<ffffffc000606298>] pstate: 80000085
sp : ffffffc0368b3a70
x29: ffffffc0368b3a70 x28: ffffffc03680c310
x27: ffffffc035518000 x26: ffffffc035518000
x25: ffffffc03bfa20e0 x24: ffffffc035580a18
x23: 0000000000000000 x22: ffffffc035518458
x21: ffffffc0355e9a60 x20: ffffffc035518000
x19: 0000000000000000 x18: 0000000000000028
x17: 0000000000000003 x16: ffffffc0018153c8
x15: 0000000000000001 x14: ffffffc03686f0f8
x13: ffffffc03686f0f8 x12: 0000000000000003
x11: 0000000000000001 x10: 0000000000000001
x9 : ffffffc03686f0f8 x8 : 0000e3872014c1a1
x7 : 0000000000000028 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000000
x3 : 00000000354fb170 x2 : 0000000017d78400
x1 : ffffffc0355e9a60 x0 : ffffffc0354fb268

Fixes: 	591fc11 ("usb: phy: msm: Use extcon framework for VBUS and ID detection")
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
6ab39e3

@sashalevin sashalevin added a commit to sashalevin/linux-stable-security that referenced this pull request Apr 29, 2016

@Srinivas-Kandagatla @sashalevin Srinivas-Kandagatla + sashalevin usb: phy: msm: fix error handling in probe.
commit a38a08d upstream.

This driver registers for extcon events as part of its probe, but
never unregisters them in case of error in the probe path.

There were multiple issues noticed due to this missing error handling.
One of them is random crashes if the regulators are not ready yet by the
time probe is invoked.

Ivan's previous attempt [1] to fix this issue, did not really address
all the failure cases like regualtor/get_irq failures.

[1] https://lkml.org/lkml/2015/9/7/62

Without this patch the kernel would carsh with log:
...
Unable to handle kernel paging request at virtual address 17d78410
pgd = ffffffc001a5c000
[17d78410] *pgd=00000000b6806003, *pud=00000000b6806003, *pmd=0000000000000000
Internal error: Oops: 96000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 6 Comm: kworker/u8:0 Not tainted 4.4.0+ #48
Hardware name: Qualcomm Technologies, Inc. APQ 8016 SBC (DT)
Workqueue: deferwq deferred_probe_work_func
task: ffffffc03686e900 ti: ffffffc0368b0000 task.ti: ffffffc0368b0000
PC is at raw_notifier_chain_register+0x1c/0x44
LR is at extcon_register_notifier+0x88/0xc8
pc : [<ffffffc0000da43c>] lr : [<ffffffc000606298>] pstate: 80000085
sp : ffffffc0368b3a70
x29: ffffffc0368b3a70 x28: ffffffc03680c310
x27: ffffffc035518000 x26: ffffffc035518000
x25: ffffffc03bfa20e0 x24: ffffffc035580a18
x23: 0000000000000000 x22: ffffffc035518458
x21: ffffffc0355e9a60 x20: ffffffc035518000
x19: 0000000000000000 x18: 0000000000000028
x17: 0000000000000003 x16: ffffffc0018153c8
x15: 0000000000000001 x14: ffffffc03686f0f8
x13: ffffffc03686f0f8 x12: 0000000000000003
x11: 0000000000000001 x10: 0000000000000001
x9 : ffffffc03686f0f8 x8 : 0000e3872014c1a1
x7 : 0000000000000028 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000000
x3 : 00000000354fb170 x2 : 0000000017d78400
x1 : ffffffc0355e9a60 x0 : ffffffc0354fb268

Fixes: 	591fc11 ("usb: phy: msm: Use extcon framework for VBUS and ID detection")
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
22b681c

@Reichl Reichl pushed a commit to Reichl/linux-odroid that referenced this pull request Apr 29, 2016

Andrew Morton + Stephen Rothwell kernel-padata-hide-unused-functions-checkpatch-fixes
ERROR: spaces required around that '=' (ctx:WxO)
#48: FILE: kernel/padata.c:689:
+		err =-EINVAL;
 		    ^

ERROR: space required before that '-' (ctx:OxV)
#48: FILE: kernel/padata.c:689:
+		err =-EINVAL;
 		     ^

total: 2 errors, 0 warnings, 86 lines checked

./patches/kernel-padata-hide-unused-functions.patch has style problems, please review.

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
09c4328

@ghost ghost pushed a commit to 0day-ci/linux that referenced this pull request May 2, 2016

Andrew Morton + Stephen Rothwell kernel-padata-hide-unused-functions-checkpatch-fixes
ERROR: spaces required around that '=' (ctx:WxO)
#48: FILE: kernel/padata.c:689:
+		err =-EINVAL;
 		    ^

ERROR: space required before that '-' (ctx:OxV)
#48: FILE: kernel/padata.c:689:
+		err =-EINVAL;
 		     ^

total: 2 errors, 0 warnings, 86 lines checked

./patches/kernel-padata-hide-unused-functions.patch has style problems, please review.

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
53bb518

@ddstreet ddstreet pushed a commit to ddstreet/linux that referenced this pull request May 3, 2016

@hnaz Andrew Morton + hnaz kernel-padata-hide-unused-functions-checkpatch-fixes
ERROR: spaces required around that '=' (ctx:WxO)
#48: FILE: kernel/padata.c:689:
+		err =-EINVAL;
 		    ^

ERROR: space required before that '-' (ctx:OxV)
#48: FILE: kernel/padata.c:689:
+		err =-EINVAL;
 		     ^

total: 2 errors, 0 warnings, 86 lines checked

./patches/kernel-padata-hide-unused-functions.patch has style problems, please review.

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2c9a9c1

@ghost ghost pushed a commit to 0day-ci/linux that referenced this pull request May 6, 2016

Andrew Morton + Stephen Rothwell kernel-padata-hide-unused-functions-checkpatch-fixes
ERROR: spaces required around that '=' (ctx:WxO)
#48: FILE: kernel/padata.c:689:
+		err =-EINVAL;
 		    ^

ERROR: space required before that '-' (ctx:OxV)
#48: FILE: kernel/padata.c:689:
+		err =-EINVAL;
 		     ^

total: 2 errors, 0 warnings, 86 lines checked

./patches/kernel-padata-hide-unused-functions.patch has style problems, please review.

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
c4f1932

@ddstreet ddstreet pushed a commit to ddstreet/linux that referenced this pull request May 6, 2016

@hnaz Andrew Morton + hnaz kernel-padata-hide-unused-functions-checkpatch-fixes
ERROR: spaces required around that '=' (ctx:WxO)
#48: FILE: kernel/padata.c:689:
+		err =-EINVAL;
 		    ^

ERROR: space required before that '-' (ctx:OxV)
#48: FILE: kernel/padata.c:689:
+		err =-EINVAL;
 		     ^

total: 2 errors, 0 warnings, 86 lines checked

./patches/kernel-padata-hide-unused-functions.patch has style problems, please review.

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
de4486e

@ghost ghost pushed a commit to 0day-ci/linux that referenced this pull request May 9, 2016

Andrew Morton + Stephen Rothwell kernel-padata-hide-unused-functions-checkpatch-fixes
ERROR: spaces required around that '=' (ctx:WxO)
#48: FILE: kernel/padata.c:689:
+		err =-EINVAL;
 		    ^

ERROR: space required before that '-' (ctx:OxV)
#48: FILE: kernel/padata.c:689:
+		err =-EINVAL;
 		     ^

total: 2 errors, 0 warnings, 86 lines checked

./patches/kernel-padata-hide-unused-functions.patch has style problems, please review.

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
a5c9456

@ghost ghost pushed a commit to 0day-ci/linux that referenced this pull request May 11, 2016

Andrew Morton + Stephen Rothwell kernel-padata-hide-unused-functions-checkpatch-fixes
ERROR: spaces required around that '=' (ctx:WxO)
#48: FILE: kernel/padata.c:689:
+		err =-EINVAL;
 		    ^

ERROR: space required before that '-' (ctx:OxV)
#48: FILE: kernel/padata.c:689:
+		err =-EINVAL;
 		     ^

total: 2 errors, 0 warnings, 86 lines checked

./patches/kernel-padata-hide-unused-functions.patch has style problems, please review.

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
f3e9d7d

@ghost ghost pushed a commit to 0day-ci/linux that referenced this pull request May 13, 2016

Andrew Morton + Stephen Rothwell kernel-padata-hide-unused-functions-checkpatch-fixes
ERROR: spaces required around that '=' (ctx:WxO)
#48: FILE: kernel/padata.c:689:
+		err =-EINVAL;
 		    ^

ERROR: space required before that '-' (ctx:OxV)
#48: FILE: kernel/padata.c:689:
+		err =-EINVAL;
 		     ^

total: 2 errors, 0 warnings, 86 lines checked

./patches/kernel-padata-hide-unused-functions.patch has style problems, please review.

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
7a2b267

@ddstreet ddstreet pushed a commit to ddstreet/linux that referenced this pull request May 19, 2016

@hnaz Andrew Morton + hnaz kernel-padata-hide-unused-functions-checkpatch-fixes
ERROR: spaces required around that '=' (ctx:WxO)
#48: FILE: kernel/padata.c:689:
+		err =-EINVAL;
 		    ^

ERROR: space required before that '-' (ctx:OxV)
#48: FILE: kernel/padata.c:689:
+		err =-EINVAL;
 		     ^

total: 2 errors, 0 warnings, 86 lines checked

./patches/kernel-padata-hide-unused-functions.patch has style problems, please review.

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
e27528b

@fengguang fengguang added a commit to 0day-ci/linux that referenced this pull request Sep 29, 2016

@aik @fengguang aik + fengguang PCI: Enable access to custom VPD for Chelsio devices (cxgb3)
There is at least one Chelsio 10Gb card which uses VPD area to store
some custom blocks (example below). However pci_vpd_size() returns
the length of the first block only assuming that there can be only
one VPD "End Tag" and VFIO blocks access beyond that offset
(since 4e1a635) which leads to the situation when the guest "cxgb3"
driver fails to probe the device. The host system does not have this
problem as the drives accesses the config space directly without
pci_read_vpd()/...

This adds a quirk to override the VPD size to a bigger value.
The maximum size is taken from EEPROMSIZE in
drivers/net/ethernet/chelsio/cxgb3/common.h. We do not read the tag
as the cxgb3 driver does as the driver supports writing to EEPROM/VPD
and when it writes, it only checks for 8192 bytes boundary. The quirk
is registerted for all devices supported by the cxgb3 driver.

This adds a quirk to the PCI layer (not to the cxgb3 driver) as
the cxgb3 driver itself accesses VPD directly and the problem only exists
with the vfio-pci driver (when cxgb3 is not running on the host and
may not be even loaded) which blocks accesses beyond the first block
of VPD data. However vfio-pci itself does not have quirks mechanism so
we add it to PCI.

Tested on:
Ethernet controller [0200]: Chelsio Communications Inc T310 10GbE Single Port Adapter [1425:0030]

This is its VPD:
0000 Large item 42 bytes; name 0x2 Identifier String
	b'10 Gigabit Ethernet-SR PCI Express Adapter'
	#00 [EC] len=7: b'D76809 '
	#0a [FN] len=7: b'46K7897'
	#14 [PN] len=7: b'46K7897'
	#1e [MN] len=4: b'1037'
	#25 [FC] len=4: b'5769'
	#2c [SN] len=12: b'YL102035603V'
	#3b [NA] len=12: b'00145E992ED1'

0c00 Large item 16 bytes; name 0x2 Identifier String
        b'S310E-SR-X      '
0c13 Large item 234 bytes; name 0x10
        #00 [PN] len=16: b'TBD             '
        #13 [EC] len=16: b'110107730D2     '
        #26 [SN] len=16: b'97YL102035603V  '
        #39 [NA] len=12: b'00145E992ED1'
        #48 [V0] len=6: b'175000'
        #51 [V1] len=6: b'266666'
        #5a [V2] len=6: b'266666'
        #63 [V3] len=6: b'2000  '
        #6c [V4] len=2: b'1 '
        #71 [V5] len=6: b'c2    '
        #7a [V6] len=6: b'0     '
        #83 [V7] len=2: b'1 '
        #88 [V8] len=2: b'0 '
        #8d [V9] len=2: b'0 '
        #92 [VA] len=2: b'0 '
        #97 [RV] len=80: b's\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'...
0d00 Large item 252 bytes; name 0x11
        #00 [VC] len=16: b'122310_1222 dp  '
        #13 [VD] len=16: b'610-0001-00 H1\x00\x00'
        #26 [VE] len=16: b'122310_1353 fp  '
        #39 [VF] len=16: b'610-0001-00 H1\x00\x00'
        #4c [RW] len=173: b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'...
0dff Small item 0 bytes; name 0xf End Tag

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
bb36046

@fengguang fengguang added a commit to 0day-ci/linux that referenced this pull request Oct 24, 2016

@aik @fengguang aik + fengguang PCI: Enable access to custom VPD for Chelsio devices (cxgb3)
There is at least one Chelsio 10Gb card which uses VPD area to store
some custom blocks (example below). However pci_vpd_size() returns
the length of the first block only assuming that there can be only
one VPD "End Tag" and VFIO blocks access beyond that offset
(since 4e1a635) which leads to the situation when the guest "cxgb3"
driver fails to probe the device. The host system does not have this
problem as the drives accesses the config space directly without
pci_read_vpd()/...

This adds a quirk to override the VPD size to a bigger value.
The maximum size is taken from EEPROMSIZE in
drivers/net/ethernet/chelsio/cxgb3/common.h. We do not read the tag
as the cxgb3 driver does as the driver supports writing to EEPROM/VPD
and when it writes, it only checks for 8192 bytes boundary. The quirk
is registerted for all devices supported by the cxgb3 driver.

This adds a quirk to the PCI layer (not to the cxgb3 driver) as
the cxgb3 driver itself accesses VPD directly and the problem only exists
with the vfio-pci driver (when cxgb3 is not running on the host and
may not be even loaded) which blocks accesses beyond the first block
of VPD data. However vfio-pci itself does not have quirks mechanism so
we add it to PCI.

This is the controller:
Ethernet controller [0200]: Chelsio Communications Inc T310 10GbE Single Port Adapter [1425:0030]

This is what I parsed from its vpd:
===
b'\x82*\x0010 Gigabit Ethernet-SR PCI Express Adapter\x90J\x00EC\x07D76809 FN\x0746K'
 0000 Large item 42 bytes; name 0x2 Identifier String
	b'10 Gigabit Ethernet-SR PCI Express Adapter'
 002d Large item 74 bytes; name 0x10
	#00 [EC] len=7: b'D76809 '
	#0a [FN] len=7: b'46K7897'
	#14 [PN] len=7: b'46K7897'
	#1e [MN] len=4: b'1037'
	#25 [FC] len=4: b'5769'
	#2c [SN] len=12: b'YL102035603V'
	#3b [NA] len=12: b'00145E992ED1'
 007a Small item 1 bytes; name 0xf End Tag

 0c00 Large item 16 bytes; name 0x2 Identifier String
	b'S310E-SR-X      '
 0c13 Large item 234 bytes; name 0x10
	#00 [PN] len=16: b'TBD             '
	#13 [EC] len=16: b'110107730D2     '
	#26 [SN] len=16: b'97YL102035603V  '
	#39 [NA] len=12: b'00145E992ED1'
	#48 [V0] len=6: b'175000'
	#51 [V1] len=6: b'266666'
	#5a [V2] len=6: b'266666'
	#63 [V3] len=6: b'2000  '
	#6c [V4] len=2: b'1 '
	#71 [V5] len=6: b'c2    '
	#7a [V6] len=6: b'0     '
	#83 [V7] len=2: b'1 '
	#88 [V8] len=2: b'0 '
	#8d [V9] len=2: b'0 '
	#92 [VA] len=2: b'0 '
	#97 [RV] len=80: b's\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'...
 0d00 Large item 252 bytes; name 0x11
	#00 [VC] len=16: b'122310_1222 dp  '
	#13 [VD] len=16: b'610-0001-00 H1\x00\x00'
	#26 [VE] len=16: b'122310_1353 fp  '
	#39 [VF] len=16: b'610-0001-00 H1\x00\x00'
	#4c [RW] len=173: b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'...
 0dff Small item 0 bytes; name 0xf End Tag

10f3 Large item 13315 bytes; name 0x62
!!! unknown item name 98: b'\xd0\x03\x00@`\x0c\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00'
===

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
0e7a349

@fengguang fengguang added a commit to 0day-ci/linux that referenced this pull request Nov 16, 2016

@fengguang Yanjiang Jin + fengguang edac: mpc85xx: implement "remove" for mpc85xx_pci_err_driver
Tested on a T4240QDS board.

If we execute the below steps without this patch:

1. modprobe mpc85xx_edac [The first insmod, everything is well.]
2. modprobe -r mpc85xx_edac
3. modprobe mpc85xx_edac [insmod again, error happens.]

We would get the below error:

BUG: recent printk recursion!
Oops: Kernel access of bad area, sig: 11 [#48]
PREEMPT SMP NR_CPUS=24 CoreNet Generic
Modules linked in: mpc85xx_edac edac_core softdog [last unloaded: mpc85xx_edac]
CPU: 5 PID: 14773 Comm: modprobe Tainted: G D C 4.8.3-rt2
task: c0000005cdc40d40 task.stack: c0000005c8814000
NIP: c0000000005c5b60 LR: c0000000005c895c CTR: c0000000005c8940
REGS: c0000005c8816e20 TRAP: 0300 Tainted: G D C (4.8.3-rt2-WR9.0.0.0_preempt-rt)
MSR: 0000000080029000 <CE,EE,ME> CR: 28222828 XER: 20000000
DEAR: 80000000005392d8 ESR: 0000000000000100 SOFTE: 0
GPR00: c0000000005c8844 c0000005c88170a0 c0000000011db400 c000000001220496
GPR04: c000000001220838 c000000001220838 04ffffff000affff 80000000005392d8
GPR08: c0000000005cb400 c0000000005c8940 fffffffffffffffe 80000000004c9108
GPR12: c000000000bdad80 c00000003fff7300 000000000000fff1 c000000000d1c7f0
GPR16: 0000000000000001 000000000000003f c0000005c8817c20 c000000000bed4e0
GPR20: 0000000000000000 c0000000011fdaa0 0000000000000002 80000000004ccafe
GPR24: c0000005c8817390 0000000000000025 c000000001220458 0000000000000020
GPR28: 00000000000003e0 c000000001220838 80000000004ccafe c000000001220496
NIP [c0000000005c5b60] .string+0x20/0xa0
LR [c0000000005c895c] .vsnprintf+0x1ac/0x490
Call Trace:
[c0000005c88170a0] [c0000000005c8844] .vsnprintf+0x94/0x490 (unreliable)
[c0000005c8817170] [c0000000005c8c58] .vscnprintf+0x18/0x70
[c0000005c88171f0] [c0000000000d5920] .vprintk_emit+0x120/0x600
[c0000005c88172c0] [c000000000bdae44] .printk+0xc4/0xe0
[c0000005c8817340] [80000000004c6f5c] .edac_pci_add_device+0x2fc/0x350 [edac_core]
[c0000005c88173e0] [8000000000759d64] .mpc85xx_pci_err_probe+0x344/0x550 [mpc85xx_edac]
[c0000005c88174c0] [c0000000006952b4] .platform_drv_probe+0x84/0x120
[c0000005c8817550] [c000000000692294] .driver_probe_device+0x2f4/0x3d0
[c0000005c88175f0] [c00000000069248c] .__driver_attach+0x11c/0x120
[c0000005c8817680] [c00000000068f034] .bus_for_each_dev+0x94/0x100
[c0000005c8817720] [c000000000691624] .driver_attach+0x34/0x50
[c0000005c88177a0] [c000000000690e88] .bus_add_driver+0x1b8/0x310
[c0000005c8817840] [c000000000693404] .driver_register+0x94/0x170
[c0000005c88178c0] [c0000000006954b0] .__platform_register_drivers+0xa0/0x150
[c0000005c8817980] [800000000075b51c] .mpc85xx_mc_init+0x60/0xd0 [mpc85xx_edac]
[c0000005c8817a00] [c000000000001a68] .do_one_initcall+0x68/0x1e0
[c0000005c8817ae0] [c000000000bdb2e8] .do_init_module+0x88/0x24c
[c0000005c8817b80] [c00000000011961c] .load_module+0x1e3c/0x2840
[c0000005c8817d20] [c00000000011a320] .SyS_finit_module+0x100/0x130
[c0000005c8817e30] [c000000000000698] system_call+0x38/0xe8
Instruction dump:
4ba71abd 60000000 7ffff214 4bffff20 2ba50fff 7ca72b78 7cca0734 7c852378
40dd0030 2faa0000 394affff 41de0014 <89070000> 38e70001 2fa80000 40fe002c
---[ end trace 0000000000000031 ]---

Signed-off-by: Yanjiang Jin <yanjiang.jin@windriver.com>
ed5ed52

@fengguang fengguang added a commit to 0day-ci/linux that referenced this pull request Nov 17, 2016

@fengguang Yanjiang Jin + fengguang edac: mpc85xx: implement "remove" for mpc85xx_pci_err_driver
Tested on a T4240QDS board.

If we execute the below steps without this patch:

1. modprobe mpc85xx_edac [The first insmod, everything is well.]
2. modprobe -r mpc85xx_edac
3. modprobe mpc85xx_edac [insmod again, error happens.]

We would get the error messages as below:

BUG: recent printk recursion!
Oops: Kernel access of bad area, sig: 11 [#48]
Modules linked in: mpc85xx_edac edac_core softdog [last unloaded: mpc85xx_edac]
CPU: 5 PID: 14773 Comm: modprobe Tainted: G D C 4.8.3-rt2

 .vsnprintf
 .vscnprintf
 .vprintk_emit
 .printk
 .edac_pci_add_device
 .mpc85xx_pci_err_probe
 .platform_drv_probe
 .driver_probe_device
 .__driver_attach
 .bus_for_each_dev
 .driver_attach
 .bus_add_driver
 .driver_register
 .__platform_register_drivers
 .mpc85xx_mc_init
 .do_one_initcall
 .do_init_module
 .load_module
 .SyS_finit_module
 system_call

Signed-off-by: Yanjiang Jin <yanjiang.jin@windriver.com>
e3c95fc

@Reichl Reichl pushed a commit to Reichl/linux-odroid that referenced this pull request Nov 22, 2016

Yanjiang Jin + Borislav Petkov EDAC, mpc85xx: Implement remove method for the platform driver
If we execute the below steps without this patch:

  modprobe mpc85xx_edac [The first insmod, everything is well.]
  modprobe -r mpc85xx_edac
  modprobe mpc85xx_edac [insmod again, error happens.]

We would get the error messages as below:

  BUG: recent printk recursion!
  Oops: Kernel access of bad area, sig: 11 [#48]
  Modules linked in: mpc85xx_edac edac_core softdog [last unloaded: mpc85xx_edac]
  CPU: 5 PID: 14773 Comm: modprobe Tainted: G D C 4.8.3-rt2
   .vsnprintf
   .vscnprintf
   .vprintk_emit
   .printk
   .edac_pci_add_device
   .mpc85xx_pci_err_probe
   .platform_drv_probe
   .driver_probe_device
   .__driver_attach
   .bus_for_each_dev
   .driver_attach
   .bus_add_driver
   .driver_register
   .__platform_register_drivers
   .mpc85xx_mc_init
   .do_one_initcall
   .do_init_module
   .load_module
   .SyS_finit_module
   system_call

Address this by cleaning up properly when removing the platform driver.

Tested on a T4240QDS board.

Signed-off-by: Yanjiang Jin <yanjiang.jin@windriver.com>
Acked-by: Johannes Thumshirn <jthumshirn@suse.de>
Cc: linux-edac <linux-edac@vger.kernel.org>
Cc: york.sun@nxp.com
Link: http://lkml.kernel.org/r/1479351380-17109-2-git-send-email-yanjiang.jin@windriver.com
[ Boris: massage commit message. ]
Signed-off-by: Borislav Petkov <bp@suse.de>
27bda20

@fengguang fengguang pushed a commit to 0day-ci/linux that referenced this pull request Dec 4, 2016

Kim Phillips + Arnaldo Carvalho de Melo perf annotate: AArch64 support
This is a regex converted version from the original:

	https://lkml.org/lkml/2016/5/19/461

Add basic support to recognise AArch64 assembly. This allows perf to
identify AArch64 instructions that branch to other parts within the
same function, thereby properly annotating them.

Rebased onto new cross-arch annotation bits:

	https://lkml.org/lkml/2016/11/25/546

Sample output:

security_file_permission  vmlinux
  5.80 │    ← ret                                                  ▒
       │70:   ldr    w0, [x21,#68]                                 ▒
  4.44 │    ↓ tbnz   d0                                            ▒
       │      mov    w0, #0x24                       // #36        ▒
  1.37 │      ands   w0, w22, w0                                   ▒
       │    ↑ b.eq   60                                            ▒
  1.37 │    ↓ tbnz   e4                                            ▒
       │      mov    w19, #0x20000                   // #131072    ▒
  1.02 │    ↓ tbz    ec                                            ▒
       │90:┌─→ldr    x3, [x21,#24]                                 ▒
  1.37 │   │  add    x21, x21, #0x10                               ▒
       │   │  mov    w2, w19                                       ▒
  1.02 │   │  mov    x0, x21                                       ▒
       │   │  mov    x1, x3                                        ▒
  1.71 │   │  ldr    x20, [x3,#48]                                 ▒
       │   │→ bl     __fsnotify_parent                             ▒
  0.68 │   │↑ cbnz   60                                            ▒
       │   │  mov    x2, x21                                       ▒
  1.37 │   │  mov    w1, w19                                       ▒
       │   │  mov    x0, x20                                       ▒
  0.68 │   │  mov    w5, #0x0                        // #0         ▒
       │   │  mov    x4, #0x0                        // #0         ▒
  1.71 │   │  mov    w3, #0x1                        // #1         ▒
       │   │→ bl     fsnotify                                      ▒
  1.37 │   │↑ b      60                                            ▒
       │d0:│  mov    w0, #0x0                        // #0         ▒
       │   │  ldp    x19, x20, [sp,#16]                            ▒
       │   │  ldp    x21, x22, [sp,#32]                            ▒
       │   │  ldp    x29, x30, [sp],#48                            ▒
       │   │← ret                                                  ▒
       │e4:│  mov    w19, #0x10000                   // #65536     ▒
       │   └──b      90                                            ◆
       │ec:   brk    #0x800                                        ▒
Press 'h' for help on key bindings

Signed-off-by: Kim Phillips <kim.phillips@arm.com>
Signed-off-by: Chris Ryder <chris.ryder@arm.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Pawel Moll <pawel.moll@arm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Will Deacon <will.deacon@arm.com>
Link: http://lkml.kernel.org/r/20161130092344.012e18e3e623bea395162f95@arm.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
0fcb1da

@fengguang fengguang pushed a commit to 0day-ci/linux that referenced this pull request Dec 8, 2016

@aik @bjorn-helgaas aik + bjorn-helgaas PCI: Enable access to non-standard VPD for Chelsio devices (cxgb3)
There is at least one Chelsio 10Gb card which uses VPD area to store some
non-standard blocks (example below).  However pci_vpd_size() returns the
length of the first block only assuming that there can be only one VPD "End
Tag".

Since 4e1a635 ("vfio/pci: Use kernel VPD access functions"), VFIO
blocks access beyond that offset, which prevents the guest "cxgb3" driver
from probing the device.  The host system does not have this problem as its
driver accesses the config space directly without pci_read_vpd().

Add a quirk to override the VPD size to a bigger value.  The maximum size
is taken from EEPROMSIZE in drivers/net/ethernet/chelsio/cxgb3/common.h.
We do not read the tag as the cxgb3 driver does as the driver supports
writing to EEPROM/VPD and when it writes, it only checks for 8192 bytes
boundary.  The quirk is registered for all devices supported by the cxgb3
driver.

This adds a quirk to the PCI layer (not to the cxgb3 driver) as the cxgb3
driver itself accesses VPD directly and the problem only exists with the
vfio-pci driver (when cxgb3 is not running on the host and may not be even
loaded) which blocks accesses beyond the first block of VPD data.  However
vfio-pci itself does not have quirks mechanism so we add it to PCI.

This is the controller:
Ethernet controller [0200]: Chelsio Communications Inc T310 10GbE Single Port Adapter [1425:0030]

This is what I parsed from its VPD:
===
b'\x82*\x0010 Gigabit Ethernet-SR PCI Express Adapter\x90J\x00EC\x07D76809 FN\x0746K'
 0000 Large item 42 bytes; name 0x2 Identifier String
	b'10 Gigabit Ethernet-SR PCI Express Adapter'
 002d Large item 74 bytes; name 0x10
	#00 [EC] len=7: b'D76809 '
	#0a [FN] len=7: b'46K7897'
	#14 [PN] len=7: b'46K7897'
	#1e [MN] len=4: b'1037'
	#25 [FC] len=4: b'5769'
	#2c [SN] len=12: b'YL102035603V'
	#3b [NA] len=12: b'00145E992ED1'
 007a Small item 1 bytes; name 0xf End Tag

 0c00 Large item 16 bytes; name 0x2 Identifier String
	b'S310E-SR-X      '
 0c13 Large item 234 bytes; name 0x10
	#00 [PN] len=16: b'TBD             '
	#13 [EC] len=16: b'110107730D2     '
	#26 [SN] len=16: b'97YL102035603V  '
	#39 [NA] len=12: b'00145E992ED1'
	#48 [V0] len=6: b'175000'
	#51 [V1] len=6: b'266666'
	#5a [V2] len=6: b'266666'
	#63 [V3] len=6: b'2000  '
	#6c [V4] len=2: b'1 '
	#71 [V5] len=6: b'c2    '
	#7a [V6] len=6: b'0     '
	#83 [V7] len=2: b'1 '
	#88 [V8] len=2: b'0 '
	#8d [V9] len=2: b'0 '
	#92 [VA] len=2: b'0 '
	#97 [RV] len=80: b's\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'...
 0d00 Large item 252 bytes; name 0x11
	#00 [VC] len=16: b'122310_1222 dp  '
	#13 [VD] len=16: b'610-0001-00 H1\x00\x00'
	#26 [VE] len=16: b'122310_1353 fp  '
	#39 [VF] len=16: b'610-0001-00 H1\x00\x00'
	#4c [RW] len=173: b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'...
 0dff Small item 0 bytes; name 0xf End Tag

10f3 Large item 13315 bytes; name 0x62
!!! unknown item name 98: b'\xd0\x03\x00@`\x0c\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00'
===

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
33c27bc

@fengguang fengguang pushed a commit to 0day-ci/linux that referenced this pull request Dec 12, 2016

@aik @bjorn-helgaas aik + bjorn-helgaas PCI: Enable access to non-standard VPD for Chelsio devices (cxgb3)
There is at least one Chelsio 10Gb card which uses VPD area to store some
non-standard blocks (example below).  However pci_vpd_size() returns the
length of the first block only assuming that there can be only one VPD "End
Tag".

Since 4e1a635 ("vfio/pci: Use kernel VPD access functions"), VFIO
blocks access beyond that offset, which prevents the guest "cxgb3" driver
from probing the device.  The host system does not have this problem as its
driver accesses the config space directly without pci_read_vpd().

Add a quirk to override the VPD size to a bigger value.  The maximum size
is taken from EEPROMSIZE in drivers/net/ethernet/chelsio/cxgb3/common.h.
We do not read the tag as the cxgb3 driver does as the driver supports
writing to EEPROM/VPD and when it writes, it only checks for 8192 bytes
boundary.  The quirk is registered for all devices supported by the cxgb3
driver.

This adds a quirk to the PCI layer (not to the cxgb3 driver) as the cxgb3
driver itself accesses VPD directly and the problem only exists with the
vfio-pci driver (when cxgb3 is not running on the host and may not be even
loaded) which blocks accesses beyond the first block of VPD data.  However
vfio-pci itself does not have quirks mechanism so we add it to PCI.

This is the controller:
Ethernet controller [0200]: Chelsio Communications Inc T310 10GbE Single Port Adapter [1425:0030]

This is what I parsed from its VPD:
===
b'\x82*\x0010 Gigabit Ethernet-SR PCI Express Adapter\x90J\x00EC\x07D76809 FN\x0746K'
 0000 Large item 42 bytes; name 0x2 Identifier String
	b'10 Gigabit Ethernet-SR PCI Express Adapter'
 002d Large item 74 bytes; name 0x10
	#00 [EC] len=7: b'D76809 '
	#0a [FN] len=7: b'46K7897'
	#14 [PN] len=7: b'46K7897'
	#1e [MN] len=4: b'1037'
	#25 [FC] len=4: b'5769'
	#2c [SN] len=12: b'YL102035603V'
	#3b [NA] len=12: b'00145E992ED1'
 007a Small item 1 bytes; name 0xf End Tag

 0c00 Large item 16 bytes; name 0x2 Identifier String
	b'S310E-SR-X      '
 0c13 Large item 234 bytes; name 0x10
	#00 [PN] len=16: b'TBD             '
	#13 [EC] len=16: b'110107730D2     '
	#26 [SN] len=16: b'97YL102035603V  '
	#39 [NA] len=12: b'00145E992ED1'
	#48 [V0] len=6: b'175000'
	#51 [V1] len=6: b'266666'
	#5a [V2] len=6: b'266666'
	#63 [V3] len=6: b'2000  '
	#6c [V4] len=2: b'1 '
	#71 [V5] len=6: b'c2    '
	#7a [V6] len=6: b'0     '
	#83 [V7] len=2: b'1 '
	#88 [V8] len=2: b'0 '
	#8d [V9] len=2: b'0 '
	#92 [VA] len=2: b'0 '
	#97 [RV] len=80: b's\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'...
 0d00 Large item 252 bytes; name 0x11
	#00 [VC] len=16: b'122310_1222 dp  '
	#13 [VD] len=16: b'610-0001-00 H1\x00\x00'
	#26 [VE] len=16: b'122310_1353 fp  '
	#39 [VF] len=16: b'610-0001-00 H1\x00\x00'
	#4c [RW] len=173: b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'...
 0dff Small item 0 bytes; name 0xf End Tag

10f3 Large item 13315 bytes; name 0x62
!!! unknown item name 98: b'\xd0\x03\x00@`\x0c\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00'
===

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
1c7de2b

@megous megous pushed a commit to megous/linux that referenced this pull request Jan 12, 2017

@aik @gregkh aik + gregkh PCI: Enable access to non-standard VPD for Chelsio devices (cxgb3)
commit 1c7de2b upstream.

There is at least one Chelsio 10Gb card which uses VPD area to store some
non-standard blocks (example below).  However pci_vpd_size() returns the
length of the first block only assuming that there can be only one VPD "End
Tag".

Since 4e1a635 ("vfio/pci: Use kernel VPD access functions"), VFIO
blocks access beyond that offset, which prevents the guest "cxgb3" driver
from probing the device.  The host system does not have this problem as its
driver accesses the config space directly without pci_read_vpd().

Add a quirk to override the VPD size to a bigger value.  The maximum size
is taken from EEPROMSIZE in drivers/net/ethernet/chelsio/cxgb3/common.h.
We do not read the tag as the cxgb3 driver does as the driver supports
writing to EEPROM/VPD and when it writes, it only checks for 8192 bytes
boundary.  The quirk is registered for all devices supported by the cxgb3
driver.

This adds a quirk to the PCI layer (not to the cxgb3 driver) as the cxgb3
driver itself accesses VPD directly and the problem only exists with the
vfio-pci driver (when cxgb3 is not running on the host and may not be even
loaded) which blocks accesses beyond the first block of VPD data.  However
vfio-pci itself does not have quirks mechanism so we add it to PCI.

This is the controller:
Ethernet controller [0200]: Chelsio Communications Inc T310 10GbE Single Port Adapter [1425:0030]

This is what I parsed from its VPD:
===
b'\x82*\x0010 Gigabit Ethernet-SR PCI Express Adapter\x90J\x00EC\x07D76809 FN\x0746K'
 0000 Large item 42 bytes; name 0x2 Identifier String
	b'10 Gigabit Ethernet-SR PCI Express Adapter'
 002d Large item 74 bytes; name 0x10
	#00 [EC] len=7: b'D76809 '
	#0a [FN] len=7: b'46K7897'
	#14 [PN] len=7: b'46K7897'
	#1e [MN] len=4: b'1037'
	#25 [FC] len=4: b'5769'
	#2c [SN] len=12: b'YL102035603V'
	#3b [NA] len=12: b'00145E992ED1'
 007a Small item 1 bytes; name 0xf End Tag

 0c00 Large item 16 bytes; name 0x2 Identifier String
	b'S310E-SR-X      '
 0c13 Large item 234 bytes; name 0x10
	#00 [PN] len=16: b'TBD             '
	#13 [EC] len=16: b'110107730D2     '
	#26 [SN] len=16: b'97YL102035603V  '
	#39 [NA] len=12: b'00145E992ED1'
	#48 [V0] len=6: b'175000'
	#51 [V1] len=6: b'266666'
	#5a [V2] len=6: b'266666'
	#63 [V3] len=6: b'2000  '
	#6c [V4] len=2: b'1 '
	#71 [V5] len=6: b'c2    '
	#7a [V6] len=6: b'0     '
	#83 [V7] len=2: b'1 '
	#88 [V8] len=2: b'0 '
	#8d [V9] len=2: b'0 '
	#92 [VA] len=2: b'0 '
	#97 [RV] len=80: b's\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'...
 0d00 Large item 252 bytes; name 0x11
	#00 [VC] len=16: b'122310_1222 dp  '
	#13 [VD] len=16: b'610-0001-00 H1\x00\x00'
	#26 [VE] len=16: b'122310_1353 fp  '
	#39 [VF] len=16: b'610-0001-00 H1\x00\x00'
	#4c [RW] len=173: b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'...
 0dff Small item 0 bytes; name 0xf End Tag

10f3 Large item 13315 bytes; name 0x62
!!! unknown item name 98: b'\xd0\x03\x00@`\x0c\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00'
===

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1aaa777

@Reichl Reichl pushed a commit to Reichl/linux-odroid that referenced this pull request Apr 5, 2017

Andrew Morton + Stephen Rothwell ptrace-fix-ptrace_listen-race-corrupting-task-state-checkpatch-fixes
ERROR: code indent should use tabs where possible
#39: FILE: kernel/ptrace.c:188:
+        * PTRACE_LISTEN can allow ptrace_trap_notify to wake us up$

ERROR: code indent should use tabs where possible
#40: FILE: kernel/ptrace.c:189:
+        * remotely. Recheck state under the lock to close this race.$

ERROR: code indent should use tabs where possible
#41: FILE: kernel/ptrace.c:190:
+        */$

WARNING: please, no spaces at the start of a line
#47: FILE: kernel/ptrace.c:192:
+       if (task->state == __TASK_TRACED) {$

WARNING: suspect code indent for conditional statements (7, 15)
#47: FILE: kernel/ptrace.c:192:
+       if (task->state == __TASK_TRACED) {
+               if (__fatal_signal_pending(task))

ERROR: code indent should use tabs where possible
#48: FILE: kernel/ptrace.c:193:
+               if (__fatal_signal_pending(task))$

WARNING: please, no spaces at the start of a line
#48: FILE: kernel/ptrace.c:193:
+               if (__fatal_signal_pending(task))$

WARNING: suspect code indent for conditional statements (15, 23)
#48: FILE: kernel/ptrace.c:193:
+               if (__fatal_signal_pending(task))
+                       wake_up_state(task, __TASK_TRACED);

ERROR: code indent should use tabs where possible
#49: FILE: kernel/ptrace.c:194:
+                       wake_up_state(task, __TASK_TRACED);$

WARNING: please, no spaces at the start of a line
#49: FILE: kernel/ptrace.c:194:
+                       wake_up_state(task, __TASK_TRACED);$

ERROR: code indent should use tabs where possible
#50: FILE: kernel/ptrace.c:195:
+               else$

WARNING: please, no spaces at the start of a line
#50: FILE: kernel/ptrace.c:195:
+               else$

ERROR: code indent should use tabs where possible
#51: FILE: kernel/ptrace.c:196:
+                       task->state = TASK_TRACED;$

WARNING: please, no spaces at the start of a line
#51: FILE: kernel/ptrace.c:196:
+                       task->state = TASK_TRACED;$

WARNING: please, no spaces at the start of a line
#52: FILE: kernel/ptrace.c:197:
+       }$

total: 7 errors, 8 warnings, 21 lines checked

NOTE: For some of the reported defects, checkpatch may be able to
      mechanically convert to the typical style using --fix or --fix-inplace.

NOTE: Whitespace errors detected.
      You may wish to use scripts/cleanpatch or scripts/cleanfile

./patches/ptrace-fix-ptrace_listen-race-corrupting-task-state.patch has style problems, please review.

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Ben Segall <bsegall@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
15743a3

@fengguang fengguang pushed a commit to 0day-ci/linux that referenced this pull request Apr 8, 2017

@hnaz Andrew Morton + hnaz ptrace-fix-ptrace_listen-race-corrupting-task-state-checkpatch-fixes
ERROR: code indent should use tabs where possible
#39: FILE: kernel/ptrace.c:188:
+        * PTRACE_LISTEN can allow ptrace_trap_notify to wake us up$

ERROR: code indent should use tabs where possible
#40: FILE: kernel/ptrace.c:189:
+        * remotely. Recheck state under the lock to close this race.$

ERROR: code indent should use tabs where possible
#41: FILE: kernel/ptrace.c:190:
+        */$

WARNING: please, no spaces at the start of a line
#47: FILE: kernel/ptrace.c:192:
+       if (task->state == __TASK_TRACED) {$

WARNING: suspect code indent for conditional statements (7, 15)
#47: FILE: kernel/ptrace.c:192:
+       if (task->state == __TASK_TRACED) {
+               if (__fatal_signal_pending(task))

ERROR: code indent should use tabs where possible
#48: FILE: kernel/ptrace.c:193:
+               if (__fatal_signal_pending(task))$

WARNING: please, no spaces at the start of a line
#48: FILE: kernel/ptrace.c:193:
+               if (__fatal_signal_pending(task))$

WARNING: suspect code indent for conditional statements (15, 23)
#48: FILE: kernel/ptrace.c:193:
+               if (__fatal_signal_pending(task))
+                       wake_up_state(task, __TASK_TRACED);

ERROR: code indent should use tabs where possible
#49: FILE: kernel/ptrace.c:194:
+                       wake_up_state(task, __TASK_TRACED);$

WARNING: please, no spaces at the start of a line
#49: FILE: kernel/ptrace.c:194:
+                       wake_up_state(task, __TASK_TRACED);$

ERROR: code indent should use tabs where possible
#50: FILE: kernel/ptrace.c:195:
+               else$

WARNING: please, no spaces at the start of a line
#50: FILE: kernel/ptrace.c:195:
+               else$

ERROR: code indent should use tabs where possible
#51: FILE: kernel/ptrace.c:196:
+                       task->state = TASK_TRACED;$

WARNING: please, no spaces at the start of a line
#51: FILE: kernel/ptrace.c:196:
+                       task->state = TASK_TRACED;$

WARNING: please, no spaces at the start of a line
#52: FILE: kernel/ptrace.c:197:
+       }$

total: 7 errors, 8 warnings, 21 lines checked

NOTE: For some of the reported defects, checkpatch may be able to
      mechanically convert to the typical style using --fix or --fix-inplace.

NOTE: Whitespace errors detected.
      You may wish to use scripts/cleanpatch or scripts/cleanfile

./patches/ptrace-fix-ptrace_listen-race-corrupting-task-state.patch has style problems, please review.

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Ben Segall <bsegall@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
a0ead2f

@idosch idosch pushed a commit to idosch/linux that referenced this pull request May 2, 2017

@borkmann @davem330 borkmann + davem330 bpf, arm64: fix jit branch offset related to ldimm64
When the instruction right before the branch destination is
a 64 bit load immediate, we currently calculate the wrong
jump offset in the ctx->offset[] array as we only account
one instruction slot for the 64 bit load immediate although
it uses two BPF instructions. Fix it up by setting the offset
into the right slot after we incremented the index.

Before (ldimm64 test 1):

  [...]
  00000020:  52800007  mov w7, #0x0 // #0
  00000024:  d2800060  mov x0, #0x3 // #3
  00000028:  d2800041  mov x1, #0x2 // #2
  0000002c:  eb01001f  cmp x0, x1
  00000030:  54ffff82  b.cs 0x00000020
  00000034:  d29fffe7  mov x7, #0xffff // #65535
  00000038:  f2bfffe7  movk x7, #0xffff, lsl #16
  0000003c:  f2dfffe7  movk x7, #0xffff, lsl #32
  00000040:  f2ffffe7  movk x7, #0xffff, lsl #48
  00000044:  d29dddc7  mov x7, #0xeeee // #61166
  00000048:  f2bdddc7  movk x7, #0xeeee, lsl #16
  0000004c:  f2ddddc7  movk x7, #0xeeee, lsl #32
  00000050:  f2fdddc7  movk x7, #0xeeee, lsl #48
  [...]

After (ldimm64 test 1):

  [...]
  00000020:  52800007  mov w7, #0x0 // #0
  00000024:  d2800060  mov x0, #0x3 // #3
  00000028:  d2800041  mov x1, #0x2 // #2
  0000002c:  eb01001f  cmp x0, x1
  00000030:  540000a2  b.cs 0x00000044
  00000034:  d29fffe7  mov x7, #0xffff // #65535
  00000038:  f2bfffe7  movk x7, #0xffff, lsl #16
  0000003c:  f2dfffe7  movk x7, #0xffff, lsl #32
  00000040:  f2ffffe7  movk x7, #0xffff, lsl #48
  00000044:  d29dddc7  mov x7, #0xeeee // #61166
  00000048:  f2bdddc7  movk x7, #0xeeee, lsl #16
  0000004c:  f2ddddc7  movk x7, #0xeeee, lsl #32
  00000050:  f2fdddc7  movk x7, #0xeeee, lsl #48
  [...]

Also, add a couple of test cases to make sure JITs pass
this test. Tested on Cavium ThunderX ARMv8. The added
test cases all pass after the fix.

Fixes: 8eee539 ("arm64: bpf: fix out-of-bounds read in bpf2a64_offset()")
Reported-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Cc: Xi Wang <xi.wang@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
ddc665a

@fengguang fengguang pushed a commit to 0day-ci/linux that referenced this pull request May 5, 2017

@hnaz Andrew Morton + hnaz origin
GIT 46f0537b1ecf672052007c97f102a7e6bf0791e4

commit ec8a09fbbeff252c80daf62c7a78342003dddf9c
Author: Jon Paul Maloy <jon.maloy@ericsson.com>
Date:   Tue May 2 18:16:54 2017 +0200

    tipc: refactor function tipc_sk_recv_stream()
    
    We try to make this function more readable by improving variable names
    and comments, using more stack variables, and doing some smaller changes
    to the logics. We also rename the function to make it consistent with
    naming conventions used elsewhere in the code.
    
    Reviewed-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com>
    Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit e9f8b10101c6da3ab000a2fb17162374c9bd2c69
Author: Jon Paul Maloy <jon.maloy@ericsson.com>
Date:   Tue May 2 18:16:53 2017 +0200

    tipc: refactor function tipc_sk_recvmsg()
    
    We try to make this function more readable by improving variable names
    and comments, plus some minor changes to the logics.
    
    Reviewed-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com>
    Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 773225388dae15e72790d6f573e2e70e96292b6b
Author: Sunil Goutham <sgoutham@cavium.com>
Date:   Tue May 2 18:36:58 2017 +0530

    net: thunderx: Optimize page recycling for XDP
    
    Driver follows a method of taking one extra reference on the
    page for recycling which is fine in usual packet path where
    each 64KB page is segmented into multiple receive buffers.
    
    But in XDP mode since there is just one receive buffer per
    page taking extra page reference itself becomes big bottleneck
    consuming ~50% of CPU cycles due to atomic operations.
    
    This patch adds a internal ref count in pgcache for each
    page and additional page references are taken in a batch
    instead of just one at a time. Internal i.e 'pgcache->ref_count'
    and page's i.e 'page->_refcount' counters are compared to check
    page's recyclability.
    
    Signed-off-by: Sunil Goutham <sgoutham@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit e3d06ff9ec9400b93bacf8fa92f3985c9412e282
Author: Sunil Goutham <sgoutham@cavium.com>
Date:   Tue May 2 18:36:57 2017 +0530

    net: thunderx: Support for XDP header adjustment
    
    When in XDP mode reserve XDP_PACKET_HEADROOM bytes at the start
    of receive buffer for XDP program to modify headers and adjust
    packet start. Additional code changes done to handle such packets.
    
    Signed-off-by: Sunil Goutham <sgoutham@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 16f2bccda75da48888772c4829a468be620c5d79
Author: Sunil Goutham <sgoutham@cavium.com>
Date:   Tue May 2 18:36:56 2017 +0530

    net: thunderx: Add support for XDP_TX
    
    Adds support for XDP_TX i.e transmits packet out of
    the XDP TX queue mapped to the corresponding Rx queue
    on which packet is received.
    
    Since SQ for XDP TX will be used only on a single cpu i.e
    SQ description creation and freeing, using atomic free count
    is not necessary and will become a bottleneck. Hence added
    a separate 'xdp_free_cnt' used for SQs designated for XDP
    to track descriptor free count.
    
    Changes also include
    - A new entry 'xdp_page' is added to save transmitted packet's
      page pointer for later cleanup.
    - XDP Tx SQ's doorbell is ringed once per NAPI instance.
    - Retrieving designated SQ for packets being sent out by stack
      via 'nicvf_xmit'.
    
    Signed-off-by: Sunil Goutham <sgoutham@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit c56d91ce38d54c0c0dd8d0e4c6a9e0cfa557152f
Author: Sunil Goutham <sgoutham@cavium.com>
Date:   Tue May 2 18:36:55 2017 +0530

    net: thunderx: Add support for XDP_DROP
    
    Adds support for XDP_DROP.
    Also since in XDP mode there is just a single buffer per page,
    made changes to recycle DMA mapping info as well along with pages.
    
    Signed-off-by: Sunil Goutham <sgoutham@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 05c773f52b96ef3fbc7d9bfa21caadc6247ef7a8
Author: Sunil Goutham <sgoutham@cavium.com>
Date:   Tue May 2 18:36:54 2017 +0530

    net: thunderx: Add basic XDP support
    
    Adds basic XDP support i.e attaching a BPF program to an
    interface. Also takes care of allocating separate Tx queues
    for XDP path and for network stack packet transmission.
    
    This patch doesn't support handling of any of the XDP actions,
    all are treated as XDP_PASS i.e packets will be handed over to
    the network stack.
    
    Changes also involve allocating one receive buffer per page in XDP
    mode and multiple in normal mode i.e when no BPF program is attached.
    
    Signed-off-by: Sunil Goutham <sgoutham@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 927987f39f116db477fcd74ced2a2aea940e585c
Author: Sunil Goutham <sgoutham@cavium.com>
Date:   Tue May 2 18:36:53 2017 +0530

    net: thunderx: Cleanup receive buffer allocation
    
    Get rid of unnecessary double pointer references and type casting
    in receive buffer allocation code.
    
    Signed-off-by: Sunil Goutham <sgoutham@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 0dada88b8cd74569abc3dda50f1b268a5868f6f2
Author: Sunil Goutham <sgoutham@cavium.com>
Date:   Tue May 2 18:36:52 2017 +0530

    net: thunderx: Optimize CQE_TX handling
    
    Optimized CQE handling with below changes
    - Feeing descriptors back to SQ in bulk i.e once per NAPI
      instance instead for every CQE_TX, this will reduce number
      of atomic updates to 'sq->free_cnt'.
    - Checking errors in CQE_TX and CQE_RX before calling appropriate
      fn()s to update error stats i.e reduce branching.
    
    Also removed debug messages in packet handling path which otherwise
    causes issues if DEBUG is enabled.
    
    Signed-off-by: Sunil Goutham <sgoutham@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 5e848e4c5d77438e126c97702ec3bea477f550a9
Author: Sunil Goutham <sgoutham@cavium.com>
Date:   Tue May 2 18:36:51 2017 +0530

    net: thunderx: Optimize RBDR descriptor handling
    
    Receive buffer's physical address or iova will anyway not
    go beyond 49bits, since it is the max supported HW address.
    As per perf, updating bitfields i.e buf_addr:42 in RBDR
    descriptor entry consumes lots of cpu cycles, hence changed
    it to a 64bit field with alignment requirements taken care of.
    
    Signed-off-by: Sunil Goutham <sgoutham@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 5836b4429777bf57ca8fc02b154263aa54d97508
Author: Sunil Goutham <sgoutham@cavium.com>
Date:   Tue May 2 18:36:50 2017 +0530

    net: thunderx: Support for page recycling
    
    Adds support for page recycling for allocating receive buffers
    to reduce cost of refilling RBDR ring. Also got rid of using
    compound pages when pagesize is 4K, only order-0 pages now.
    
    Only page is recycled, DMA mappings still needs to be done for
    every receive buffer allocated due to following constraints
    - Cannot have just one receive buffer per 64KB page.
    - There is just one buffer ring shared across 8 Rx queues, so
      buffers of same page can go to any Rx queue.
    - HW gives buffer address where packet has been DMA'ed and not
      the index into buffer ring.
    This makes it not possible to resue DMA mapping info. So unfortunately
    have to go through costly mapping route for every buffer.
    
    Signed-off-by: Sunil Goutham <sgoutham@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit ee0d8d8482345ff97a75a7d747efc309f13b0d80
Author: Dan Carpenter <dan.carpenter@oracle.com>
Date:   Tue May 2 13:58:53 2017 +0300

    ipx: call ipxitf_put() in ioctl error path
    
    We should call ipxitf_put() if the copy_to_user() fails.
    
    Reported-by: 李强 <liqiang6-s@360.cn>
    Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 9da3242e6a83b6f315aa9c394c939da8e4ad7774
Author: Jiri Pirko <jiri@mellanox.com>
Date:   Tue May 2 10:12:00 2017 +0200

    net: sched: add helpers to handle extended actions
    
    Jump is now the only one using value action opcode. This is going to
    change soon. So introduce helpers to work with this. Convert TC_ACT_JUMP.
    
    This also fixes the TC_ACT_JUMP check, which is incorrectly done as a
    bit check, not a value check.
    
    Fixes: e0ee84ded796 ("net sched actions: Complete the JUMPX opcode")
    Signed-off-by: Jiri Pirko <jiri@mellanox.com>
    Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 8d3f87d8cd0a16c58ae7e4410938528866c1c0db
Author: sudarsana.kalluru@cavium.com <sudarsana.kalluru@cavium.com>
Date:   Tue May 2 01:11:03 2017 -0700

    qed*: Fix issues in the ptp filter config implementation.
    
    PTP hardware filter configuration performed by the driver for a given
    user requested config is not correct for some of the PTP modes.
    Following changes are needed for PTP config-filter implementation.
     1. NIG_REG_TX_PTP_EN register - Bits 0/1/2 respectively enables
        TimeSync/"V1 frame format support"/"V2 frame format support" on
        the TX side. Set the associated bits based on the user request.
     2. ptp4l application fails to operate in Peer Delay mode. Following
        changes are needed to fix this,
        a. Driver should enable (set to 0) DA #1-related bits for IPv4,
           IPv6 and MAC destination addresses in these registers:
             NIG_REG_TX_LLH_PTP_RULE_MASK
             NIG_REG_LLH_PTP_RULE_MASK
        b. NIG_REG_LLH_PTP_PARAM_MASK/NIG_REG_TX_LLH_PTP_PARAM_MASK should
           be set to 0x0 in all modes.
    
    Signed-off-by: Sudarsana Reddy Kalluru <Sudarsana.Kalluru@cavium.com>
    Signed-off-by: Yuval Mintz <Yuval.Mintz@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 461eec12012c29b66525c270208d30be8f6da8e7
Author: sudarsana.kalluru@cavium.com <sudarsana.kalluru@cavium.com>
Date:   Tue May 2 01:11:02 2017 -0700

    qede: Fix concurrency issue in PTP Tx path processing.
    
    PTP Tx timestamping data structures are not protected against the
    concurrent access in the Tx paths. Protecting the same using atomic
    bit locks.
    
    Signed-off-by: Sudarsana Reddy Kalluru <Sudarsana.Kalluru@cavium.com>
    Signed-off-by: Yuval Mintz <Yuval.Mintz@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 212c7fd614377fef4415d94856a59e9f484aa439
Author: Jan Kiszka <jan.kiszka@siemens.com>
Date:   Tue May 2 09:58:00 2017 +0200

    stmmac: Add support for SIMATIC IOT2000 platform
    
    The IOT2000 is industrial controller platform, derived from the Intel
    Galileo Gen2 board. The variant IOT2020 comes with one LAN port, the
    IOT2040 has two of them. They can be told apart based on the board asset
    tag in the DMI table.
    
    Based on patch by Sascha Weisenberger.
    
    Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
    Signed-off-by: Sascha Weisenberger <sascha.weisenberger@siemens.com>
    Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 412b65d15a7f8a93794653968308fc100f2aa87c
Author: Timmy Li <lixiaoping3@huawei.com>
Date:   Tue May 2 10:46:52 2017 +0800

    net: hns: fix ethtool_get_strings overflow in hns driver
    
    hns_get_sset_count() returns HNS_NET_STATS_CNT and the data space allocated
    is not enough for ethtool_get_strings(), which will cause random memory
    corruption.
    
    When SLAB and DEBUG_SLAB are both enabled, memory corruptions like the
    the following can be observed without this patch:
    [   43.115200] Slab corruption (Not tainted): Acpi-ParseExt start=ffff801fb0b69030, len=80
    [   43.115206] Redzone: 0x9f911029d006462/0x5f78745f31657070.
    [   43.115208] Last user: [<5f7272655f746b70>](0x5f7272655f746b70)
    [   43.115214] 010: 70 70 65 31 5f 74 78 5f 70 6b 74 00 6b 6b 6b 6b  ppe1_tx_pkt.kkkk
    [   43.115217] 030: 70 70 65 31 5f 74 78 5f 70 6b 74 5f 6f 6b 00 6b  ppe1_tx_pkt_ok.k
    [   43.115218] Next obj: start=ffff801fb0b69098, len=80
    [   43.115220] Redzone: 0x706d655f6f666966/0x9f911029d74e35b.
    [   43.115229] Last user: [<ffff0000084b11b0>](acpi_os_release_object+0x28/0x38)
    [   43.115231] 000: 74 79 00 6b 6b 6b 6b 6b 70 70 65 31 5f 74 78 5f  ty.kkkkkppe1_tx_
    [   43.115232] 010: 70 6b 74 5f 65 72 72 5f 63 73 75 6d 5f 66 61 69  pkt_err_csum_fai
    
    Signed-off-by: Timmy Li <lixiaoping3@huawei.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit a9f11f963a546fea9144f6a6d1a307e814a387e7
Author: Eric Dumazet <edumazet@google.com>
Date:   Mon May 1 15:29:48 2017 -0700

    tcp: fix wraparound issue in tcp_lp
    
    Be careful when comparing tcp_time_stamp to some u32 quantity,
    otherwise result can be surprising.
    
    Fixes: 7c106d7e782b ("[TCP]: TCP Low Priority congestion control")
    Signed-off-by: Eric Dumazet <edumazet@google.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit ddc665a4bb4b728b4e6ecec8db1b64efa9184b9c
Author: Daniel Borkmann <daniel@iogearbox.net>
Date:   Tue May 2 20:34:54 2017 +0200

    bpf, arm64: fix jit branch offset related to ldimm64
    
    When the instruction right before the branch destination is
    a 64 bit load immediate, we currently calculate the wrong
    jump offset in the ctx->offset[] array as we only account
    one instruction slot for the 64 bit load immediate although
    it uses two BPF instructions. Fix it up by setting the offset
    into the right slot after we incremented the index.
    
    Before (ldimm64 test 1):
    
      [...]
      00000020:  52800007  mov w7, #0x0 // #0
      00000024:  d2800060  mov x0, #0x3 // #3
      00000028:  d2800041  mov x1, #0x2 // #2
      0000002c:  eb01001f  cmp x0, x1
      00000030:  54ffff82  b.cs 0x00000020
      00000034:  d29fffe7  mov x7, #0xffff // #65535
      00000038:  f2bfffe7  movk x7, #0xffff, lsl #16
      0000003c:  f2dfffe7  movk x7, #0xffff, lsl #32
      00000040:  f2ffffe7  movk x7, #0xffff, lsl #48
      00000044:  d29dddc7  mov x7, #0xeeee // #61166
      00000048:  f2bdddc7  movk x7, #0xeeee, lsl #16
      0000004c:  f2ddddc7  movk x7, #0xeeee, lsl #32
      00000050:  f2fdddc7  movk x7, #0xeeee, lsl #48
      [...]
    
    After (ldimm64 test 1):
    
      [...]
      00000020:  52800007  mov w7, #0x0 // #0
      00000024:  d2800060  mov x0, #0x3 // #3
      00000028:  d2800041  mov x1, #0x2 // #2
      0000002c:  eb01001f  cmp x0, x1
      00000030:  540000a2  b.cs 0x00000044
      00000034:  d29fffe7  mov x7, #0xffff // #65535
      00000038:  f2bfffe7  movk x7, #0xffff, lsl #16
      0000003c:  f2dfffe7  movk x7, #0xffff, lsl #32
      00000040:  f2ffffe7  movk x7, #0xffff, lsl #48
      00000044:  d29dddc7  mov x7, #0xeeee // #61166
      00000048:  f2bdddc7  movk x7, #0xeeee, lsl #16
      0000004c:  f2ddddc7  movk x7, #0xeeee, lsl #32
      00000050:  f2fdddc7  movk x7, #0xeeee, lsl #48
      [...]
    
    Also, add a couple of test cases to make sure JITs pass
    this test. Tested on Cavium ThunderX ARMv8. The added
    test cases all pass after the fix.
    
    Fixes: 8eee539ddea0 ("arm64: bpf: fix out-of-bounds read in bpf2a64_offset()")
    Reported-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Acked-by: Alexei Starovoitov <ast@kernel.org>
    Cc: Xi Wang <xi.wang@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 85f68fe89832057584a9e66e1e7e53d53e50faff
Author: Daniel Borkmann <daniel@iogearbox.net>
Date:   Mon May 1 02:57:20 2017 +0200

    bpf, arm64: implement jiting of BPF_XADD
    
    This work adds BPF_XADD for BPF_W/BPF_DW to the arm64 JIT and therefore
    completes JITing of all BPF instructions, meaning we can thus also remove
    the 'notyet' label and do not need to fall back to the interpreter when
    BPF_XADD is used in a program!
    
    This now also brings arm64 JIT in line with x86_64, s390x, ppc64, sparc64,
    where all current eBPF features are supported.
    
    BPF_W example from test_bpf:
    
      .u.insns_int = {
        BPF_ALU32_IMM(BPF_MOV, R0, 0x12),
        BPF_ST_MEM(BPF_W, R10, -40, 0x10),
        BPF_STX_XADD(BPF_W, R10, R0, -40),
        BPF_LDX_MEM(BPF_W, R0, R10, -40),
        BPF_EXIT_INSN(),
      },
    
      [...]
      00000020:  52800247  mov w7, #0x12 // #18
      00000024:  928004eb  mov x11, #0xffffffffffffffd8 // #-40
      00000028:  d280020a  mov x10, #0x10 // #16
      0000002c:  b82b6b2a  str w10, [x25,x11]
      // start of xadd mapping:
      00000030:  928004ea  mov x10, #0xffffffffffffffd8 // #-40
      00000034:  8b19014a  add x10, x10, x25
      00000038:  f9800151  prfm pstl1strm, [x10]
      0000003c:  885f7d4b  ldxr w11, [x10]
      00000040:  0b07016b  add w11, w11, w7
      00000044:  880b7d4b  stxr w11, w11, [x10]
      00000048:  35ffffab  cbnz w11, 0x0000003c
      // end of xadd mapping:
      [...]
    
    BPF_DW example from test_bpf:
    
      .u.insns_int = {
        BPF_ALU32_IMM(BPF_MOV, R0, 0x12),
        BPF_ST_MEM(BPF_DW, R10, -40, 0x10),
        BPF_STX_XADD(BPF_DW, R10, R0, -40),
        BPF_LDX_MEM(BPF_DW, R0, R10, -40),
        BPF_EXIT_INSN(),
      },
    
      [...]
      00000020:  52800247  mov w7,  #0x12 // #18
      00000024:  928004eb  mov x11, #0xffffffffffffffd8 // #-40
      00000028:  d280020a  mov x10, #0x10 // #16
      0000002c:  f82b6b2a  str x10, [x25,x11]
      // start of xadd mapping:
      00000030:  928004ea  mov x10, #0xffffffffffffffd8 // #-40
      00000034:  8b19014a  add x10, x10, x25
      00000038:  f9800151  prfm pstl1strm, [x10]
      0000003c:  c85f7d4b  ldxr x11, [x10]
      00000040:  8b07016b  add x11, x11, x7
      00000044:  c80b7d4b  stxr w11, x11, [x10]
      00000048:  35ffffab  cbnz w11, 0x0000003c
      // end of xadd mapping:
      [...]
    
    Tested on Cavium ThunderX ARMv8, test suite results after the patch:
    
      No JIT:   [ 3751.855362] test_bpf: Summary: 311 PASSED, 0 FAILED, [0/303 JIT'ed]
      With JIT: [ 3573.759527] test_bpf: Summary: 311 PASSED, 0 FAILED, [303/303 JIT'ed]
    
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Acked-by: Alexei Starovoitov <ast@kernel.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 586f8525979ad9574bf61637fd58c98d5077f29d
Author: David Miller <davem@davemloft.net>
Date:   Tue May 2 11:36:45 2017 -0400

    bpf: Align packet data properly in program testing framework.
    
    Make sure we apply NET_IP_ALIGN when reserving headroom for SKB
    and XDP test runs, just like a real driver would.
    
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Acked-by: Daniel Borkmann <daniel@iogearbox.net>

commit 78e5227237cae9172dd50c3ebb08d4fb31530676
Author: David Miller <davem@davemloft.net>
Date:   Tue May 2 11:36:33 2017 -0400

    bpf: Do not dereference user pointer in bpf_test_finish().
    
    Instead, pass the kattr in which has a kernel side copy of this
    data structure from userspace already.
    
    Fix based upon a suggestion from Alexei Starovoitov.
    
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Acked-by: Daniel Borkmann <daniel@iogearbox.net>

commit 4e9c3a667135799d50f2778a8a8dae2ca13aafd0
Author: David S. Miller <davem@davemloft.net>
Date:   Tue May 2 07:52:01 2017 -0700

    selftests: bpf: Use bpf_endian.h in test_xdp.c
    
    This fixes the testcase on big-endian.
    
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 48d0e023af9799cd7220335baf8e3ba61eeafbeb
Author: Paul Moore <paul@paul-moore.com>
Date:   Tue May 2 10:16:05 2017 -0400

    audit: fix the RCU locking for the auditd_connection structure
    
    Cong Wang correctly pointed out that the RCU read locking of the
    auditd_connection struct was wrong, this patch correct this by
    adopting a more traditional, and correct RCU locking model.
    
    This patch is heavily based on an earlier prototype by Cong Wang.
    
    Cc: <stable@vger.kernel.org> # 4.11.x-
    Reported-by: Cong Wang <xiyou.wangcong@gmail.com>
    Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
    Signed-off-by: Paul Moore <paul@paul-moore.com>

commit 8cc96382d9a7fe1746286670dd5140c3b12638ae
Author: Paul Moore <paul@paul-moore.com>
Date:   Tue May 2 10:16:05 2017 -0400

    audit: use kmem_cache to manage the audit_buffer cache
    
    The audit subsystem implemented its own buffer cache mechanism which
    is a bit silly these days when we could use the kmem_cache construct.
    
    Some credit is due to Florian Westphal for originally proposing that
    we remove the audit cache implementation in favor of simple
    kmalloc()/kfree() calls, but I would rather have a dedicated slab
    cache to ease debugging and future stats/performance work.
    
    Cc: Florian Westphal <fw@strlen.de>
    Reviewed-by: Richard Guy Briggs <rgb@redhat.com>
    Signed-off-by: Paul Moore <paul@paul-moore.com>

commit 2115bb250f260089743e26decfb5f271ba71ca37
Author: Deepa Dinamani <deepa.kernel@gmail.com>
Date:   Tue May 2 10:16:05 2017 -0400

    audit: Use timespec64 to represent audit timestamps
    
    struct timespec is not y2038 safe.
    Audit timestamps are recorded in string format into
    an audit buffer for a given context.
    These mark the entry timestamps for the syscalls.
    Use y2038 safe struct timespec64 to represent the times.
    The log strings can handle this transition as strings can
    hold upto 1024 characters.
    
    Signed-off-by: Deepa Dinamani <deepa.kernel@gmail.com>
    Reviewed-by: Arnd Bergmann <arnd@arndb.de>
    Acked-by: Paul Moore <paul@paul-moore.com>
    Acked-by: Richard Guy Briggs <rgb@redhat.com>
    Signed-off-by: Paul Moore <paul@paul-moore.com>

commit b6c7c115c2ce679ac536f0adf0ff518fcd939196
Author: Paul Moore <paul@paul-moore.com>
Date:   Tue May 2 10:16:05 2017 -0400

    audit: store the auditd PID as a pid struct instead of pid_t
    
    This is arguably the right thing to do, and will make it easier when
    we start supporting multiple audit daemons in different namespaces.
    
    Signed-off-by: Paul Moore <paul@paul-moore.com>

commit 45a0642b4d021a2f50d5db9c191b5bfe60bfa1c7
Author: Paul Moore <paul@paul-moore.com>
Date:   Tue May 2 10:16:05 2017 -0400

    audit: kernel generated netlink traffic should have a portid of 0
    
    We were setting the portid incorrectly in the netlink message headers,
    fix that to always be 0 (nlmsg_pid = 0).
    
    Signed-off-by: Paul Moore <paul@paul-moore.com>
    Reviewed-by: Richard Guy Briggs <rgb@redhat.com>

commit a9d1620877748375cf60b43ef3fa5f61ab6d9f24
Author: Paul Moore <paul@paul-moore.com>
Date:   Tue May 2 10:16:05 2017 -0400

    audit: combine audit_receive() and audit_receive_skb()
    
    There is no reason to have both of these functions, combine the two.
    
    Signed-off-by: Paul Moore <paul@paul-moore.com>
    Reviewed-by: Richard Guy Briggs <rgb@redhat.com>

commit bd120ded6a6af61ad342a8a95b36b64bd1e2f9e6
Author: Elena Reshetova <elena.reshetova@intel.com>
Date:   Tue May 2 10:16:05 2017 -0400

    audit: convert audit_watch.count from atomic_t to refcount_t
    
    refcount_t type and corresponding API should be
    used instead of atomic_t when the variable is used as
    a reference counter. This allows to avoid accidental
    refcounter overflows that might lead to use-after-free
    situations.
    
    Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
    Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
    Signed-off-by: Kees Cook <keescook@chromium.org>
    Signed-off-by: David Windsor <dwindsor@gmail.com>
    [PM: fix subject line, add #include]
    Signed-off-by: Paul Moore <paul@paul-moore.com>

commit 9d2378f8c8f1a3fcfab681fd90c139d90dca7b69
Author: Elena Reshetova <elena.reshetova@intel.com>
Date:   Tue May 2 10:16:04 2017 -0400

    audit: convert audit_tree.count from atomic_t to refcount_t
    
    refcount_t type and corresponding API should be
    used instead of atomic_t when the variable is used as
    a reference counter. This allows to avoid accidental
    refcounter overflows that might lead to use-after-free
    situations.
    
    Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
    Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
    Signed-off-by: Kees Cook <keescook@chromium.org>
    Signed-off-by: David Windsor <dwindsor@gmail.com>
    [PM: fix subject line, add #include]
    Signed-off-by: Paul Moore <paul@paul-moore.com>

commit 2173c519d5e912a6e2934bb04255fcd36c1591c8
Author: Richard Guy Briggs <rgb@redhat.com>
Date:   Tue May 2 10:16:04 2017 -0400

    audit: normalize NETFILTER_PKT
    
    Eliminate flipping in and out of message fields, dropping fields in the
    process.
    
    Sample raw message format IPv4 UDP:
    type=NETFILTER_PKT msg=audit(1487874761.386:228):  mark=0xae8a2732 saddr=127.0.0.1 daddr=127.0.0.1 proto=17^]
    Sample raw message format IPv6 ICMP6:
    type=NETFILTER_PKT msg=audit(1487874761.381:227):  mark=0x223894b7 saddr=::1 daddr=::1 proto=58^]
    
    Issue: https://github.com/linux-audit/audit-kernel/issues/11
    Test case: https://github.com/linux-audit/audit-testsuite/issues/43
    
    Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
    Signed-off-by: Paul Moore <paul@paul-moore.com>

commit 0cb88b6ff054ccfa30e0fd7f7b42ee9f088db432
Author: Richard Guy Briggs <rgb@redhat.com>
Date:   Tue May 2 10:16:04 2017 -0400

    netfilter: use consistent ipv4 network offset in xt_AUDIT
    
    Even though the skb->data pointer has been moved from the link layer
    header to the network layer header, use the same method to calculate the
    offset in ipv4 and ipv6 routines.
    
    Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
    [PM: munged subject line]
    Signed-off-by: Paul Moore <paul@paul-moore.com>

commit f6276ac95bde4312251535904af32b1de9d54949
Author: Richard Guy Briggs <rgb@redhat.com>
Date:   Tue May 2 10:16:04 2017 -0400

    audit: log module name on delete_module
    
    When a sysadmin wishes to monitor module unloading with a syscall rule such as:
     -a always,exit -F arch=x86_64 -S delete_module -F key=mod-unload
    the SYSCALL record doesn't tell us what module was requested for unloading.
    
    Use the new KERN_MODULE auxiliary record to record it.
    The SYSCALL record result code will list the return code.
    
    See: https://github.com/linux-audit/audit-kernel/issues/37
        https://github.com/linux-audit/audit-kernel/issues/7
        https://github.com/linux-audit/audit-kernel/wiki/RFE-Module-Load-Record-Format
    
    Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
    Acked-by: Jessica Yu <jeyu@redhat.com>
    Signed-off-by: Paul Moore <paul@paul-moore.com>

commit 9aab4f4ea7a4ca80ec3e0269ce2eb71a24f6fef9
Author: Nicholas Mc Guire <der.herr@hofr.at>
Date:   Tue May 2 10:16:04 2017 -0400

    audit: remove unnecessary semicolon in audit_watch_handle_event()
    
    The excess ; after the closing parenthesis is just code-noise it has no
    and can be removed.
    
    Signed-off-by: Nicholas Mc Guire <der.herr@hofr.at>
    [PM: tweaked subject line]
    Signed-off-by: Paul Moore <paul@paul-moore.com>

commit b5239fba69949a44290d4af517fc1c2eff3e36f6
Author: Nicholas Mc Guire <der.herr@hofr.at>
Date:   Tue May 2 10:16:04 2017 -0400

    audit: remove unnecessary semicolon in audit_mark_handle_event()
    
    The excess ; after the closing parenthesis is just code-noise it has no
    and can be removed.
    
    Signed-off-by: Nicholas Mc Guire <der.herr@hofr.at>
    [PM: tweaked subject line]
    Signed-off-by: Paul Moore <paul@paul-moore.com>

commit b7a84deaf8d1b0e62b437a290a40d6380975f126
Author: Nicholas Mc Guire <der.herr@hofr.at>
Date:   Tue May 2 10:16:03 2017 -0400

    audit: remove unnecessary semicolon in audit_field_valid()
    
    The excess ; after the closing parenthesis is just code-noise it has no
    and can be removed.
    
    Signed-off-by: Nicholas Mc Guire <der.herr@hofr.at>
    [PM: tweak subject line]
    Signed-off-by: Paul Moore <paul@paul-moore.com>

commit b5d60989c6f7501af72cb65893c02621dd16fd84
Author: Jakub Kicinski <jakub.kicinski@netronome.com>
Date:   Mon May 1 15:53:43 2017 -0700

    xdp: fix parameter kdoc for extack
    
    Fix kdoc parameter spelling from extact to extack.
    
    Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit eb6211d3606971a957fea28f7532687f9d0f93f2
Author: Daniel Borkmann <daniel@iogearbox.net>
Date:   Tue May 2 00:47:09 2017 +0200

    bpf, samples: fix build warning in cookie_uid_helper_example
    
    Fix the following warnings triggered by 51570a5ab2b7 ("A Sample of
    using socket cookie and uid for traffic monitoring"):
    
      In file included from /home/foo/net-next/samples/bpf/cookie_uid_helper_example.c:54:0:
      /home/foo/net-next/samples/bpf/cookie_uid_helper_example.c: In function 'prog_load':
      /home/foo/net-next/samples/bpf/cookie_uid_helper_example.c:119:27: warning: overflow in implicit constant conversion [-Woverflow]
         -32 + offsetof(struct stats, uid)),
                               ^
      /home/foo/net-next/samples/bpf/libbpf.h:135:12: note: in definition of macro 'BPF_STX_MEM'
       .off   = OFF,     \
                ^
      /home/foo/net-next/samples/bpf/cookie_uid_helper_example.c:121:27: warning: overflow in implicit constant conversion [-Woverflow]
         -32 + offsetof(struct stats, packets), 1),
                               ^
      /home/foo/net-next/samples/bpf/libbpf.h:155:12: note: in definition of macro 'BPF_ST_MEM'
       .off   = OFF,     \
                ^
      /home/foo/net-next/samples/bpf/cookie_uid_helper_example.c:129:27: warning: overflow in implicit constant conversion [-Woverflow]
         -32 + offsetof(struct stats, bytes)),
                               ^
      /home/foo/net-next/samples/bpf/libbpf.h:135:12: note: in definition of macro 'BPF_STX_MEM'
       .off   = OFF,     \
                ^
      HOSTLD  /home/foo/net-next/samples/bpf/per_socket_stats_example
    
    Fixes: 51570a5ab2b7 ("A Sample of using socket cookie and uid for traffic monitoring")
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit e3bf4c61da801c7967d0efff0c3f6b22d2c0e544
Author: David S. Miller <davem@davemloft.net>
Date:   Mon May 1 20:26:02 2017 -0700

    sparc64: Fix BPF JIT wrt. branches and ldimm64 instructions.
    
    Like other JITs, sparc64 maintains an array of instruction offsets but
    stores the entries off by one.  This is done because jumps to the
    exit block are indexed to one past the last BPF instruction.
    
    So if we size the array by the program length, we need to record
    the previous instruction in order to stay within the array bounds.
    
    This is explained in ARM JIT commit 8eee539ddea0 ("arm64: bpf: fix
    out-of-bounds read in bpf2a64_offset()").
    
    But this scheme requires a little bit of careful handling when
    the instruction before the branch destination is a 64-bit load
    immediate.  It takes up 2 BPF instruction slots.
    
    Therefore, we have to fill in the array entry for the second
    half of the 64-bit load immediate instruction rather than for
    the one for the beginning of that instruction.
    
    Fixes: 7a12b5031c6b ("sparc64: Add eBPF JIT.")
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit a25fb8508c1b80dce742dbeaa4d75a1e9f2c5617
Author: Sergei Trofimovich <slyfox@gentoo.org>
Date:   Mon May 1 11:51:55 2017 -0700

    ia64: fix module loading for gcc-5.4
    
    Starting from gcc-5.4+ gcc generates MLX instructions in more cases to
    refer local symbols:
    
        https://gcc.gnu.org/PR60465
    
    That caused ia64 module loader to choke on such instructions:
    
        fuse: invalid slot number 1 for IMM64
    
    The Linux kernel used to handle only case where relocation pointed to
    slot=2 instruction in the bundle.  That limitation was fixed in linux by
    commit 9c184a073bfd ("[IA64] Fix 2.6 kernel for the new ia64 assembler")
    See
    
        http://sources.redhat.com/bugzilla/show_bug.cgi?id=1433
    
    This change lifts the slot=2 restriction from the kernel module loader.
    
    Tested on 'fuse' and 'btrfs' kernel modules.
    
    Cc: Markus Elfring <elfring@users.sourceforge.net>
    Cc: H J Lu <hjl.tools@gmail.com>
    Cc: Fenghua Yu <fenghua.yu@intel.com>
    Cc: Andrew Morton <akpm@linux-foundation.org>
    Bug: https://bugs.gentoo.org/601014
    Tested-by: Émeric MASCHINO <emeric.maschino@gmail.com>
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
    Signed-off-by: Tony Luck <tony.luck@intel.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

commit 48e75b430670ebdbb00ba008e1d3690f61ab9824
Author: Florian Westphal <fw@strlen.de>
Date:   Mon May 1 22:18:01 2017 +0200

    rhashtable: compact struct rhashtable_params
    
    By using smaller datatypes this (rather large) struct shrinks considerably
    (80 -> 48 bytes on x86_64).
    
    As this is embedded in other structs, this also rerduces size of several
    others, e.g. cls_fl_head or nft_hash.
    
    Signed-off-by: Florian Westphal <fw@strlen.de>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit e06422c43968916dc945018fd9220f60866470b1
Author: David S. Miller <davem@davemloft.net>
Date:   Mon May 1 12:58:21 2017 -0700

    bpf: Include bpf_endian.h in test_progs.c too.
    
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit bc1bafbbe9b3558d7789ff151ef4f185b6ad21f3
Author: David S. Miller <davem@davemloft.net>
Date:   Mon May 1 12:43:49 2017 -0700

    bpf: Move endianness BPF helpers out of bpf_util.h
    
    We do not want to include things like stdio.h and friends into
    eBPF program builds.  bpf_util.h is for host compiled programs,
    so eBPF C-code helpers don't really belong there.
    
    Add a new bpf_endian.h as a quick fix for this for now.
    
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 310b4816a5d8082416b4ab83e5a7b3cb92883a4d
Author: Tejun Heo <tj@kernel.org>
Date:   Mon May 1 15:24:14 2017 -0400

    cgroup: mark cgroup_get() with __maybe_unused
    
    a590b90d472f ("cgroup: fix spurious warnings on cgroup_is_dead() from
    cgroup_sk_alloc()") converted most cgroup_get() usages to
    cgroup_get_live() leaving cgroup_sk_alloc() the sole user of
    cgroup_get().  When !CONFIG_SOCK_CGROUP_DATA, this ends up triggering
    unused warning for cgroup_get().
    
    Silence the warning by adding __maybe_unused to cgroup_get().
    
    Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
    Link: http://lkml.kernel.org/r/20170501145340.17e8ef86@canb.auug.org.au
    Signed-off-by: Tejun Heo <tj@kernel.org>

commit 5b8481fa42ac58484d633b558579e302aead64c1
Author: David S. Miller <davem@davemloft.net>
Date:   Mon May 1 15:10:20 2017 -0400

    ipv6: Need to export ipv6_push_frag_opts for tunneling now.
    
    Since that change also made the nfrag function not necessary
    for exports, remove it.
    
    Fixes: 89a23c8b528b ("ip6_tunnel: Fix missing tunnel encapsulation limit option")
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 931d18223998c5360b960d1ce247579f6152ad8f
Author: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Date:   Mon May 1 14:05:27 2017 -0400

    net: dsa: mv88e6xxx: add VTU support for 88E6390
    
    The 6390 family of chips use only 2 of the 3 VTU Data registers to pack
    the MemberTag and PortState VLAN data. This means that they must be
    written or read before or after each VTU/STU operations.
    
    Implement this variant to add support for VTU with such chips. These
    chips have a 13th bit for the VID thus set their max_vid to 8191.
    
    Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
    Reviewed-by: Andrew Lunn <andrew@lunn.ch>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 1ac758648b574d3d01a648fc7018fc8b0bb7454a
Author: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Date:   Mon May 1 14:05:26 2017 -0400

    net: dsa: mv88e6xxx: support the VTU Page bit
    
    Newer chips such as the 88E6390 have a VTU Page bit in the VTU VID
    register to specify a 13th bit for the VID. This can be used to support
    8K VLANs.
    
    When dumping the whole VTU, all VID bits must be set to one, including
    this VTU Page bit. Add support for VID greater than 4095.
    
    Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 567aa59a8b055bb5853bc7e5d5f8ac191216c9c7
Author: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Date:   Mon May 1 14:05:25 2017 -0400

    net: dsa: mv88e6xxx: simplify VTU entry getter
    
    Make the code which fetches or initializes a new VTU entry more concise.
    This allows us the get rid of the old underscore prefix naming.
    
    Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
    Reviewed-by: Andrew Lunn <andrew@lunn.ch>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit bf7d71c0451776143cdbd9a42a5bcbd6478da3c8
Author: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Date:   Mon May 1 14:05:24 2017 -0400

    net: dsa: mv88e6xxx: make VTU helpers static
    
    Now that we have chip operations for VTU accesses, mark all helpers from
    global1_vtu.c as static. Only the various implementations of the
    GetNext, LoadPurge and Flush operations need to be exposed.
    
    Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
    Reviewed-by: Andrew Lunn <andrew@lunn.ch>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 0ad5daf6ba80af4a8d72b4284079357c4e3b9e4a
Author: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Date:   Mon May 1 14:05:23 2017 -0400

    net: dsa: mv88e6xxx: add VTU Load/Purge operation
    
    Add a new vtu_loadpurge operation to the chip info structure to differ
    the various implementations of the VTU accesses.
    
    Now that the STU handling is abstracted behind VTU operations, kill the
    obsolete MV88E6XXX_FLAG_STU flag.
    
    Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
    Reviewed-by: Andrew Lunn <andrew@lunn.ch>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit f1394b78a602bae124a9b8473465ba48f4a5d5b2
Author: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Date:   Mon May 1 14:05:22 2017 -0400

    net: dsa: mv88e6xxx: add VTU GetNext operation
    
    Add a new vtu_getnext operation to the chip info structure to differ the
    various implementations of the VTU accesses.
    
    Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
    Reviewed-by: Andrew Lunn <andrew@lunn.ch>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 021e64ff7676ad5183c1845d4b316df20175702a
Author: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Date:   Mon May 1 14:05:21 2017 -0400

    net: dsa: mv88e6xxx: load STU entry with VTU entry
    
    Now that the code writes both VTU and STU data when loading a VTU entry,
    load the corresponding STU entry at the same time.
    
    This allows us to get rid of the STU management in the
    _mv88e6xxx_vtu_new helper and thus remove the separate implementations
    of STU Load/Purge and STU GetNext, as well as the unused family checks.
    
    Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
    Reviewed-by: Andrew Lunn <andrew@lunn.ch>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit ef6fcea37f014ec54a0a9f7eaecc78cdb6ffc71e
Author: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Date:   Mon May 1 14:05:20 2017 -0400

    net: dsa: mv88e6xxx: get STU entry on VTU GetNext
    
    Now that the code reads both VTU and STU data on VTU GetNext operation,
    fetch the STU entry data of a VTU entry at the same time.
    
    The STU data bits are masked with the VTU data bits and they are now all
    read at the same time a VTU GetNext operation is issued.
    
    Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
    Reviewed-by: Andrew Lunn <andrew@lunn.ch>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 66a8e1f93319b8e3f5b6e81c06a2534c1491157c
Author: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Date:   Mon May 1 14:05:19 2017 -0400

    net: dsa: mv88e6xxx: move STU GetNext operation
    
    Extract the generic portion of code to issue an STU GetNext operation,
    which will be used in other implementations.
    
    Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
    Reviewed-by: Andrew Lunn <andrew@lunn.ch>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit c499a64f349d063d8cdb40c0b96e84c35bbc414c
Author: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Date:   Mon May 1 14:05:18 2017 -0400

    net: dsa: mv88e6xxx: move VTU Data accessors
    
    The code to access the VTU Data registers currently only supports the
    88E6185 family and alike: 2-bit membership adjacent to 2-bit port state.
    
    Even though the 88E6352 family introduced an indirect table to program
    the VLAN Spanning Tree states, the usage of the VTU Data registers
    remains the same regardless the VTU or STU operation.
    
    Now that the mv88e6xxx_vtu_entry structure contains both port membership
    and states data, factorize the code to access them in global1_vtu.c.
    
    Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
    Reviewed-by: Andrew Lunn <andrew@lunn.ch>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit f169e5ee5f29f81c1c8d647fa6fb5387ee793131
Author: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Date:   Mon May 1 14:05:17 2017 -0400

    net: dsa: mv88e6xxx: move generic VTU GetNext
    
    Even though every switch model has a different way to access the VTU
    Data bits, the base implementation of the VTU GetNext operation remains
    the same: wait, write the first VID to iterate from, start the
    operation, and read the next VID.
    
    Move this generic implementation into global1_vtu.c and abstract the
    handling of the start VID (similarly to the ATU GetNext implementation),
    before introducing a new chip operation for specific chips.
    
    Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 3afb4bde6fe8f2d43b2153cc2672d07477729cca
Author: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Date:   Mon May 1 14:05:16 2017 -0400

    net: dsa: mv88e6xxx: move VTU VID accessors
    
    Add helpers to access the VTU VID register in the global1_vtu.c file.
    
    At the same time, move mv88e6xxx_g1_vtu_vid_write at the beginning of
    _mv88e6xxx_vtu_loadpurge, which adds no functional changes but makes
    future patches simpler.
    
    Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
    Reviewed-by: Andrew Lunn <andrew@lunn.ch>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit d2ca1ea18db6a90475b983e65e8435632fe3d57e
Author: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Date:   Mon May 1 14:05:15 2017 -0400

    net: dsa: mv88e6xxx: move VTU SID accessors
    
    Add helpers to access the VTU SID register in the global1_vtu.c file.
    
    Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
    Reviewed-by: Andrew Lunn <andrew@lunn.ch>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 8ee51f6b4f0819fd3d6a4143222be796779cf501
Author: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Date:   Mon May 1 14:05:14 2017 -0400

    net: dsa: mv88e6xxx: move VTU FID accessors
    
    Add helpers to access the VTU FID register in the global1_vtu.c file.
    
    Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
    Reviewed-by: Andrew Lunn <andrew@lunn.ch>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit b486d7c95cc8336aa91813a156f9385439bde2fc
Author: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Date:   Mon May 1 14:05:13 2017 -0400

    net: dsa: mv88e6xxx: move VTU flush
    
    Move the VTU flush operation to global1_vtu.c and call it from a
    mv88e6xxx_vtu_setup helper, similarly to the ATU and PVT setup.
    
    Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
    Reviewed-by: Andrew Lunn <andrew@lunn.ch>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 332aa5ccc82005de9441c1b65ca546488c7f8730
Author: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Date:   Mon May 1 14:05:12 2017 -0400

    net: dsa: mv88e6xxx: move VTU Operation accessors
    
    Move the helper functions to access the Global 1 VTU Operation register
    to a new global1_vtu.c file, and get rid of the old underscore prefix
    naming convention. This file will be extended will all VTU/STU related
    code.
    
    Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
    Reviewed-by: Andrew Lunn <andrew@lunn.ch>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit bd00e053ae29d3215a9085b5c0add7298bbc417c
Author: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Date:   Mon May 1 14:05:11 2017 -0400

    net: dsa: mv88e6xxx: split VTU entry data member
    
    VLAN aware Marvell chips can program 802.1Q VLAN membership as well as
    802.1s per VLAN Spanning Tree state using the same 3 VTU Data registers.
    
    Some chips such as 88E6185 use different Data registers offsets for
    ports state and membership, and program them in a single operation.
    
    Other chips such as 88E6352 use the same register layout but program
    them in distinct operations (an indirect table is used for 802.1s.)
    
    Newer chips such as 88E6390 use the same offsets for both state and
    membership in distinct operations, thus require multiple data accesses.
    
    To correctly abstract this, split the "data" structure member of
    mv88e6xxx_vtu_entry in two "state" and "member" members, before adding
    VTU support for newer chips.
    
    Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
    Reviewed-by: Andrew Lunn <andrew@lunn.ch>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 3cf3c8469f70d18f8bbcdf8361e62812ebc571cd
Author: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Date:   Mon May 1 14:05:10 2017 -0400

    net: dsa: mv88e6xxx: add max VID to info
    
    Some chips don't have a VLAN Table Unit, most of them do have a 4K
    table, some others as the 88E6390 family has a 13th bit for the VID.
    
    Add a new max_vid member to the info structure, used to check the
    presence of a VTU as well as the value used to iterate from in VTU
    GetNext operations.
    
    This makes the MV88E6XXX_FLAG_VTU obsolete, thus remove it.
    
    Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
    Reviewed-by: Andrew Lunn <andrew@lunn.ch>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 152afb9b45a8af4a93699a15925c392a28182a26
Author: Ilan Tayari <ilant@mellanox.com>
Date:   Sun Apr 30 16:51:19 2017 +0300

    xfrm: Indicate xfrm_state offload errors
    
    Current code silently ignores driver errors when configuring
    IPSec offload xfrm_state, and falls back to host-based crypto.
    
    Fail the xfrm_state creation if the driver has an error, because
    the NIC offloading was explicitly requested by the user program.
    
    This will communicate back to the user that there was an error.
    
    Fixes: d77e38e612a0 ("xfrm: Add an IPsec hardware offloading API")
    Signed-off-by: Ilan Tayari <ilant@mellanox.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 67d349ed603d5ce4a6f1722b1736e2bcef0e8690
Author: Ilan Tayari <ilant@mellanox.com>
Date:   Sun Apr 30 16:34:38 2017 +0300

    net/esp4: Fix invalid esph pointer crash
    
    Both esp_output and esp_xmit take a pointer to the ESP header
    and place it in esp_info struct prior to calling esp_output_head.
    
    Inside esp_output_head, the call to esp_output_udp_encap
    makes sure to update the pointer if it gets invalid.
    However, if esp_output_head itself calls skb_cow_data, the
    pointer is not updated and stays invalid, causing a crash
    after esp_output_head returns.
    
    Update the pointer if it becomes invalid in esp_output_head
    
    Fixes: fca11ebde3f0 ("esp4: Reorganize esp_output")
    Signed-off-by: Ilan Tayari <ilant@mellanox.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 89a23c8b528bd2c89f3981573d6cd7d23840c8a6
Author: Craig Gallek <cgallek@google.com>
Date:   Wed Apr 26 14:37:45 2017 -0400

    ip6_tunnel: Fix missing tunnel encapsulation limit option
    
    The IPv6 tunneling code tries to insert IPV6_TLV_TNL_ENCAP_LIMIT and
    IPV6_TLV_PADN options when an encapsulation limit is defined (the
    default is a limit of 4).  An MTU adjustment is done to account for
    these options as well.  However, the options are never present in the
    generated packets.
    
    The issue appears to be a subtlety between IPV6_DSTOPTS and
    IPV6_RTHDRDSTOPTS defined in RFC 3542.  When the IPIP tunnel driver was
    written, the encap limit options were included as IPV6_RTHDRDSTOPTS in
    dst0opt of struct ipv6_txoptions.  Later, ipv6_push_nfrags_opts was
    (correctly) updated to require IPV6_RTHDR options when IPV6_RTHDRDSTOPTS
    are to be used.  This caused the options to no longer be included in v6
    encapsulated packets.
    
    The fix is to use IPV6_DSTOPTS (in dst1opt of struct ipv6_txoptions)
    instead.  IPV6_DSTOPTS do not have the additional IPV6_RTHDR requirement.
    
    Fixes: 1df64a8569c7: ("[IPV6]: Add ip6ip6 tunnel driver.")
    Fixes: 333fad5364d6: ("[IPV6]: Support several new sockopt / ancillary data in Advanced API (RFC3542)")
    Signed-off-by: Craig Gallek <kraig@google.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit a6a5993243550b09f620941dea741b7421fdf79c
Author: Ding Tianhong <dingtianhong@huawei.com>
Date:   Sat Apr 29 10:38:48 2017 +0800

    iov_iter: don't revert iov buffer if csum error
    
    The patch 327868212381 (make skb_copy_datagram_msg() et.al. preserve
    ->msg_iter on error) will revert the iov buffer if copy to iter
    failed, but it didn't copy any datagram if the skb_checksum_complete
    error, so no need to revert any data at this place.
    
    v2: Sabrina notice that return -EFAULT when checksum error is not correct
        here, it would confuse the caller about the return value, so fix it.
    
    Fixes: 327868212381 ("make skb_copy_datagram_msg() et.al. preserve->msg_iter on error")
    Cc: stable@vger.kernel.org # v4.11
    Signed-off-by: Ding Tianhong <dingtianhong@huawei.com>
    Acked-by: Al Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
    Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

commit d5066c467ee3b8eb8716e776584b3953a0bb218a
Author: Liam Beguin <lbeguin@tycoint.com>
Date:   Mon May 1 11:02:01 2017 -0400

    switchdev: documentation: fix whitespace issues
    
    Figure 1 is full of whitespaces; fix it
    
    Signed-off-by: Liam Beguin <lbeguin@tycoint.com>
    Signed-off-by: Sylvain Lemieux <slemieux@tycoint.com>
    Acked-by: Ivan Vecera <ivecera@redhat.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit b1e455260c9187b16dd4ebc428b817ebac322043
Author: Ido Schimmel <idosch@mellanox.com>
Date:   Sun Apr 30 19:47:14 2017 +0300

    mlxsw: spectrum_router: Simplify VRF enslavement
    
    When a netdev is enslaved to a VRF master, its router interface (RIF)
    needs to be destroyed (if exists) and a new one created using the
    corresponding virtual router (VR).
    
    >From the driver's perspective, the above is equivalent to an inetaddr
    event sent for this netdev. Therefore, when a port netdev (or its
    uppers) are enslaved to a VRF master, call the same function that
    would've been called had a NETDEV_UP was sent for this netdev in the
    inetaddr notification chain.
    
    This patch also fixes a bug when a LAG netdev with an existing RIF is
    enslaved to a VRF. Before this patch, each LAG port would drop the
    reference on the RIF, but would re-join the same one (in the wrong VR)
    soon after. With this patch, the corresponding RIF is first destroyed
    and a new one is created using the correct VR.
    
    Fixes: 7179eb5acd59 ("mlxsw: spectrum_router: Add support for VRFs")
    Signed-off-by: Ido Schimmel <idosch@mellanox.com>
    Reviewed-by: Jiri Pirko <jiri@mellanox.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 07ff2ed03bb874a5bb97361a5a07ee28f1afa574
Author: Mintz, Yuval <Yuval.Mintz@cavium.com>
Date:   Sun Apr 30 12:14:44 2017 +0300

    qed: Prevent warning without CONFIG_RFS_ACCEL
    
    After removing the PTP related initialization from slowpath start,
    the remaining PTT entry is required only in case CONFIG_RFS_ACCEL is set.
    Otherwise, it leads to a warning due to it being unused.
    
    Fixes: d179bd1699fc ("qed: Acquire/release ptt_ptp lock when enabling/disabling PTP")
    Signed-off-by: Yuval Mintz <Yuval.Mintz@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 20b1bd96e9f4feeffc9206284df3c6a4438e9ca8
Author: Ram Amrani <Ram.Amrani@cavium.com>
Date:   Sun Apr 30 11:49:10 2017 +0300

    qed: output the DPM status and WID count
    
    Output to the RDMA driver whether DPM mode is enabled or disabled in
    the HW and if so what is the number of WIDs it supports
    
    Signed-off-by: Ram Amrani <Ram.Amrani@cavium.com>
    Signed-off-by: Yuval Mintz <Yuval.Mintz@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 107392b75ffc96a2418d5382e52b08c598575e1b
Author: Ram Amrani <Ram.Amrani@cavium.com>
Date:   Sun Apr 30 11:49:09 2017 +0300

    qed: align DPI configuration to HW requirements
    
    When calculating doorbell BAR partitioning round up the number of
    CPUs to the nearest power of 2 so the size of the DPI (per user
    section) configured in the hardware will be stored properly and
    not truncated.
    
    Signed-off-by: Ram Amrani <Ram.Amrani@cavium.com>
    Signed-off-by: Yuval Mintz <Yuval.Mintz@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit e015d58b44a93a3fd89ed910d68659dfdc57237c
Author: Ram Amrani <Ram.Amrani@cavium.com>
Date:   Sun Apr 30 11:49:08 2017 +0300

    qed: verify RoCE resource bitmaps are released
    
    Add mechanism to verify RoCE resources are released prior to freeing the
    bitmaps. If this is not the case, print what resources were not released.
    
    Signed-off-by: Ram Amrani <Ram.Amrani@cavium.com>
    Signed-off-by: Yuval Mintz <Yuval.Mintz@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 105361943d3036f00f70a6621983b98673839591
Author: Ram Amrani <Ram.Amrani@cavium.com>
Date:   Sun Apr 30 11:49:07 2017 +0300

    qed: add error handling flow to TID deregistratin posting failure
    
    If the posting of the ramrod for the purpose of TID deregistration
    fails, abort the deregistration operation without using the FW's
    return code.
    
    Signed-off-by: Ram Amrani <Ram.Amrani@cavium.com>
    Signed-off-by: Yuval Mintz <Yuval.Mintz@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit ba0154e96449a5be3360d3a07bc4b6d476e2667e
Author: Ram Amrani <Ram.Amrani@cavium.com>
Date:   Sun Apr 30 11:49:06 2017 +0300

    qed: remove unused SQ error state
    
    The internal RoCE SQE QP state isn't being used. Instead we mark the
    QP as in regular error state.
    
    Signed-off-by: Ram Amrani <Ram.Amrani@cavium.com>
    Signed-off-by: Yuval Mintz <Yuval.Mintz@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 793ea8a9c7b4b4383348a717cb5c86c1bbdba30a
Author: Ram Amrani <Ram.Amrani@cavium.com>
Date:   Sun Apr 30 11:49:05 2017 +0300

    qed: configure the RoCE max message size
    
    Signed-off-by: Ram Amrani <Ram.Amrani@cavium.com>
    Signed-off-by: Yuval Mintz <Yuval.Mintz@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 332270fdc8b6fba07d059a9ad44df9e1a2ad4529
Author: Yonghong Song <yhs@fb.com>
Date:   Sat Apr 29 22:52:42 2017 -0700

    bpf: enhance verifier to understand stack pointer arithmetic
    
    llvm 4.0 and above generates the code like below:
    ....
    440: (b7) r1 = 15
    441: (05) goto pc+73
    515: (79) r6 = *(u64 *)(r10 -152)
    516: (bf) r7 = r10
    517: (07) r7 += -112
    518: (bf) r2 = r7
    519: (0f) r2 += r1
    520: (71) r1 = *(u8 *)(r8 +0)
    521: (73) *(u8 *)(r2 +45) = r1
    ....
    and the verifier complains "R2 invalid mem access 'inv'" for insn #521.
    This is because verifier marks register r2 as unknown value after #519
    where r2 is a stack pointer and r1 holds a constant value.
    
    Teach verifier to recognize "stack_ptr + imm" and
    "stack_ptr + reg with const val" as valid stack_ptr with new offset.
    
    Signed-off-by: Yonghong Song <yhs@fb.com>
    Acked-by: Martin KaFai Lau <kafai@fb.com>
    Acked-by: Daniel Borkmann <daniel@iogearbox.net>
    Signed-off-by: Alexei Starovoitov <ast@kernel.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 2faf26575350e49c1e242b7a464e9302f78b9b15
Author: Karim Eshapa <karim.eshapa@gmail.com>
Date:   Mon May 1 15:58:08 2017 +0200

    benet: Use time_before_eq for time comparison
    
    Use time_before_eq for time comparison more safe and dealing
    with timer wrapping to be future-proof.
    
    Signed-off-by: Karim Eshapa <karim.eshapa@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 1a7fca63cd405fc77a9c9ce9291792f2a7d222a4
Author: Benjamin LaHaise <benjamin.lahaise@netronome.com>
Date:   Mon May 1 09:58:40 2017 -0400

    flower: check unused bits in MPLS fields
    
    Since several of the the netlink attributes used to configure the flower
    classifier's MPLS TC, BOS and Label fields have additional bits which are
    unused, check those bits to ensure that they are actually 0 as suggested
    by Jamal.
    
    Signed-off-by: Benjamin LaHaise <benjamin.lahaise@netronome.com>
    Cc: David Miller <davem@davemloft.net>
    Cc: Jamal Hadi Salim <jhs@mojatatu.com>
    Cc: Simon Horman <simon.horman@netronome.com>
    Cc: Jakub Kicinski <kubakici@wp.pl>
    Cc: Jiri Pirko <jiri@resnulli.us>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit f76254a845a661ccdb9fa246ee72197f90a8d3dd
Author: Jesper Dangaard Brouer <brouer@redhat.com>
Date:   Mon May 1 11:26:20 2017 +0200

    samples/bpf: fix XDP_FLAGS_SKB_MODE detach for xdp_tx_iptunnel
    
    The xdp_tx_iptunnel program can be terminated in two ways, after
    N-seconds or via Ctrl-C SIGINT.  The SIGINT code path does not
    handle detatching the correct XDP program, in-case the program
    was attached with XDP_FLAGS_SKB_MODE.
    
    Fix this by storing the XDP flags as a global variable, which is
    available for the SIGINT handler function.
    
    Fixes: 3993f2cb983b ("samples/bpf: Add support for SKB_MODE to xdp1 and xdp_tx_iptunnel")
    Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
    Acked-by: Daniel Borkmann <daniel@iogearbox.net>
    Reviewed-by: Andy Gospodarek <andy@greyhouse.net>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 6387d0111ca4740b69a082a92fc373185af11133
Author: Jesper Dangaard Brouer <brouer@redhat.com>
Date:   Mon May 1 11:26:15 2017 +0200

    samples/bpf: fix SKB_MODE flag to be a 32-bit unsigned int
    
    The kernel side of XDP_FLAGS_SKB_MODE is unsigned, and the rtnetlink
    IFLA_XDP_FLAGS is defined as NLA_U32. Thus, userspace programs under
    samples/bpf/ should use the correct type.
    
    Fixes: 3993f2cb983b ("samples/bpf: Add support for SKB_MODE to xdp1 and xdp_tx_iptunnel")
    Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
    Acked-by: Daniel Borkmann <daniel@iogearbox.net>
    Reviewed-by: Andy Gospodarek <andy@greyhouse.net>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 9861ce039c2a4ff3e50eb7c679dadc15a8469e3f
Author: Jakub Kicinski <jakub.kicinski@netronome.com>
Date:   Sun Apr 30 21:46:48 2017 -0700

    virtio_net: make use of extended ack message reporting
    
    Try to carry error messages to the user via the netlink extended
    ack message attribute.
    
    Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit d957c0f711aaeaac6bbffd82098737ac10b7985d
Author: Jakub Kicinski <jakub.kicinski@netronome.com>
Date:   Sun Apr 30 21:46:47 2017 -0700

    nfp: make use of extended ack message reporting
    
    Try to carry error messages to the user via the netlink extended
    ack message attribute.
    
    Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
    Acked-by: Daniel Borkmann <daniel@iogearbox.net>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit ddf9f970764f4390aba767e77fddaaced4a6760d
Author: Jakub Kicinski <jakub.kicinski@netronome.com>
Date:   Sun Apr 30 21:46:46 2017 -0700

    xdp: propagate extended ack to XDP setup
    
    Drivers usually have a number of restrictions for running XDP
    - most common being buffer sizes, LRO and number of rings.
    Even though some drivers try to be helpful and print error
    messages experience shows that users don't often consult
    kernel logs on netlink errors.  Try to use the new extended
    ack mechanism to carry the message back to user space.
    
    Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
    Acked-by: Daniel Borkmann <daniel@iogearbox.net>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 45d9b378e85f1b00ac047626827c68589168936c
Author: Jakub Kicinski <jakub.kicinski@netronome.com>
Date:   Sun Apr 30 21:46:45 2017 -0700

    netlink: add NULL-friendly helper for setting extended ACK message
    
    As we propagate extended ack reporting throughout various paths in
    the kernel it may be that the same function is called with the
    extended ack parameter passed as NULL.  One place where that happens
    is in drivers which have a centralized reconfiguration function
    called both from ndos and from ethtool_ops.  Add a new helper for
    setting the error message in such conditions.
    
    Existing helper is left as is to encourage propagating the ext act
    fully wherever possible.  It also makes it clear in the code which
    messages may be lost due to ext ack being NULL.
    
    Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
    Acked-by: Daniel Borkmann <daniel@iogearbox.net>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 8eeef2350453aa012d846457eb6ecd012a35d99b
Author: Liping Zhang <zlpnobody@gmail.com>
Date:   Sat Apr 29 21:59:49 2017 +0800

    netfilter: nf_ct_ext: invoke destroy even when ext is not attached
    
    For NF_NAT_MANIP_SRC, we will insert the ct to the nat_bysource_table,
    then remove it from the nat_bysource_table via nat_extend->destroy.
    
    But now, the nat extension is attached on demand, so if the nat extension
    is not attached, we will not be notified when the ct is destroyed, i.e.
    we may fail to remove ct from the nat_bysource_table.
    
    So just keep it simple, even if the extension is not attached, we will
    still invoke the related ext->destroy. And this will also preserve the
    flexibility for the future extension.
    
    Fixes: 9a08ecfe74d7 ("netfilter: don't attach a nat extension by default")
    Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit 0e72f55f3510e722e725c54678800e99853faa3b
Author: Florian Westphal <fw@strlen.de>
Date:   Thu Apr 27 16:39:43 2017 +0200

    netfilter: snmp: avoid stack size warning
    
    net/ipv4/netfilter/nf_nat_snmp_basic.c:1158:1: warning: the frame size
    of 1160 bytes is larger than 1024 bytes
    
    Signed-off-by: Florian Westphal <fw@strlen.de>
    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit 039b40ee5854dc733cf786fee4a88e240a012115
Author: Florian Westphal <fw@strlen.de>
Date:   Mon Apr 24 15:37:41 2017 +0200

    netfilter: nf_queue: only call synchronize_net twice if nf_queue is active
    
    nf_unregister_net_hook(s) can avoid a second call to synchronize_net,
    provided there is no nfqueue active in that net namespace (which is
    the common case).
    
    This also gets rid of the extra arg to nf_queue_nf_hook_drop(), normally
    this gets called during netns cleanup so no packets should be queued.
    
    For the rare case of base chain being u…
bb8c486

@fengguang fengguang pushed a commit to 0day-ci/linux that referenced this pull request May 5, 2017

@hnaz Andrew Morton + hnaz linux-next
GIT d979d0dd9ff332bf1106a60e3841430fc2cbd9ef

commit 3a158a62da0673db918b53ac1440845a5b64fd90
Author: James Hogan <james.hogan@imgtec.com>
Date:   Tue May 2 19:41:06 2017 +0100

    metag/uaccess: Check access_ok in strncpy_from_user
    
    The metag implementation of strncpy_from_user() doesn't validate the src
    pointer, which could allow reading of arbitrary kernel memory. Add a
    short access_ok() check to prevent that.
    
    Its still possible for it to read across the user/kernel boundary, but
    it will invariably reach a NUL character after only 9 bytes, leaking
    only a static kernel address being loaded into D0Re0 at the beginning of
    __start, which is acceptable for the immediate fix.
    
    Reported-by: Al Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: James Hogan <james.hogan@imgtec.com>
    Cc: linux-metag@vger.kernel.org
    Cc: stable@vger.kernel.org

commit ec8a09fbbeff252c80daf62c7a78342003dddf9c
Author: Jon Paul Maloy <jon.maloy@ericsson.com>
Date:   Tue May 2 18:16:54 2017 +0200

    tipc: refactor function tipc_sk_recv_stream()
    
    We try to make this function more readable by improving variable names
    and comments, using more stack variables, and doing some smaller changes
    to the logics. We also rename the function to make it consistent with
    naming conventions used elsewhere in the code.
    
    Reviewed-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com>
    Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit e9f8b10101c6da3ab000a2fb17162374c9bd2c69
Author: Jon Paul Maloy <jon.maloy@ericsson.com>
Date:   Tue May 2 18:16:53 2017 +0200

    tipc: refactor function tipc_sk_recvmsg()
    
    We try to make this function more readable by improving variable names
    and comments, plus some minor changes to the logics.
    
    Reviewed-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com>
    Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 2da711ac3f6dfa379ccac427a435a558284eab1d
Author: Marcel Holtmann <marcel@holtmann.org>
Date:   Tue May 2 12:43:31 2017 -0700

    Bluetooth: Skip vendor diagnostic configuration for HCI User Channel
    
    When the HCI User Channel access is requested, then do not try to
    undermine it with vendor diagnostic configuration. The exclusive user
    is required to configure its own vendor diagnostic in that case and
    can not rely on the host stack support.
    
    Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
    Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>

commit 773225388dae15e72790d6f573e2e70e96292b6b
Author: Sunil Goutham <sgoutham@cavium.com>
Date:   Tue May 2 18:36:58 2017 +0530

    net: thunderx: Optimize page recycling for XDP
    
    Driver follows a method of taking one extra reference on the
    page for recycling which is fine in usual packet path where
    each 64KB page is segmented into multiple receive buffers.
    
    But in XDP mode since there is just one receive buffer per
    page taking extra page reference itself becomes big bottleneck
    consuming ~50% of CPU cycles due to atomic operations.
    
    This patch adds a internal ref count in pgcache for each
    page and additional page references are taken in a batch
    instead of just one at a time. Internal i.e 'pgcache->ref_count'
    and page's i.e 'page->_refcount' counters are compared to check
    page's recyclability.
    
    Signed-off-by: Sunil Goutham <sgoutham@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit e3d06ff9ec9400b93bacf8fa92f3985c9412e282
Author: Sunil Goutham <sgoutham@cavium.com>
Date:   Tue May 2 18:36:57 2017 +0530

    net: thunderx: Support for XDP header adjustment
    
    When in XDP mode reserve XDP_PACKET_HEADROOM bytes at the start
    of receive buffer for XDP program to modify headers and adjust
    packet start. Additional code changes done to handle such packets.
    
    Signed-off-by: Sunil Goutham <sgoutham@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 16f2bccda75da48888772c4829a468be620c5d79
Author: Sunil Goutham <sgoutham@cavium.com>
Date:   Tue May 2 18:36:56 2017 +0530

    net: thunderx: Add support for XDP_TX
    
    Adds support for XDP_TX i.e transmits packet out of
    the XDP TX queue mapped to the corresponding Rx queue
    on which packet is received.
    
    Since SQ for XDP TX will be used only on a single cpu i.e
    SQ description creation and freeing, using atomic free count
    is not necessary and will become a bottleneck. Hence added
    a separate 'xdp_free_cnt' used for SQs designated for XDP
    to track descriptor free count.
    
    Changes also include
    - A new entry 'xdp_page' is added to save transmitted packet's
      page pointer for later cleanup.
    - XDP Tx SQ's doorbell is ringed once per NAPI instance.
    - Retrieving designated SQ for packets being sent out by stack
      via 'nicvf_xmit'.
    
    Signed-off-by: Sunil Goutham <sgoutham@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit c56d91ce38d54c0c0dd8d0e4c6a9e0cfa557152f
Author: Sunil Goutham <sgoutham@cavium.com>
Date:   Tue May 2 18:36:55 2017 +0530

    net: thunderx: Add support for XDP_DROP
    
    Adds support for XDP_DROP.
    Also since in XDP mode there is just a single buffer per page,
    made changes to recycle DMA mapping info as well along with pages.
    
    Signed-off-by: Sunil Goutham <sgoutham@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 05c773f52b96ef3fbc7d9bfa21caadc6247ef7a8
Author: Sunil Goutham <sgoutham@cavium.com>
Date:   Tue May 2 18:36:54 2017 +0530

    net: thunderx: Add basic XDP support
    
    Adds basic XDP support i.e attaching a BPF program to an
    interface. Also takes care of allocating separate Tx queues
    for XDP path and for network stack packet transmission.
    
    This patch doesn't support handling of any of the XDP actions,
    all are treated as XDP_PASS i.e packets will be handed over to
    the network stack.
    
    Changes also involve allocating one receive buffer per page in XDP
    mode and multiple in normal mode i.e when no BPF program is attached.
    
    Signed-off-by: Sunil Goutham <sgoutham@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 927987f39f116db477fcd74ced2a2aea940e585c
Author: Sunil Goutham <sgoutham@cavium.com>
Date:   Tue May 2 18:36:53 2017 +0530

    net: thunderx: Cleanup receive buffer allocation
    
    Get rid of unnecessary double pointer references and type casting
    in receive buffer allocation code.
    
    Signed-off-by: Sunil Goutham <sgoutham@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 0dada88b8cd74569abc3dda50f1b268a5868f6f2
Author: Sunil Goutham <sgoutham@cavium.com>
Date:   Tue May 2 18:36:52 2017 +0530

    net: thunderx: Optimize CQE_TX handling
    
    Optimized CQE handling with below changes
    - Feeing descriptors back to SQ in bulk i.e once per NAPI
      instance instead for every CQE_TX, this will reduce number
      of atomic updates to 'sq->free_cnt'.
    - Checking errors in CQE_TX and CQE_RX before calling appropriate
      fn()s to update error stats i.e reduce branching.
    
    Also removed debug messages in packet handling path which otherwise
    causes issues if DEBUG is enabled.
    
    Signed-off-by: Sunil Goutham <sgoutham@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 5e848e4c5d77438e126c97702ec3bea477f550a9
Author: Sunil Goutham <sgoutham@cavium.com>
Date:   Tue May 2 18:36:51 2017 +0530

    net: thunderx: Optimize RBDR descriptor handling
    
    Receive buffer's physical address or iova will anyway not
    go beyond 49bits, since it is the max supported HW address.
    As per perf, updating bitfields i.e buf_addr:42 in RBDR
    descriptor entry consumes lots of cpu cycles, hence changed
    it to a 64bit field with alignment requirements taken care of.
    
    Signed-off-by: Sunil Goutham <sgoutham@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 5836b4429777bf57ca8fc02b154263aa54d97508
Author: Sunil Goutham <sgoutham@cavium.com>
Date:   Tue May 2 18:36:50 2017 +0530

    net: thunderx: Support for page recycling
    
    Adds support for page recycling for allocating receive buffers
    to reduce cost of refilling RBDR ring. Also got rid of using
    compound pages when pagesize is 4K, only order-0 pages now.
    
    Only page is recycled, DMA mappings still needs to be done for
    every receive buffer allocated due to following constraints
    - Cannot have just one receive buffer per 64KB page.
    - There is just one buffer ring shared across 8 Rx queues, so
      buffers of same page can go to any Rx queue.
    - HW gives buffer address where packet has been DMA'ed and not
      the index into buffer ring.
    This makes it not possible to resue DMA mapping info. So unfortunately
    have to go through costly mapping route for every buffer.
    
    Signed-off-by: Sunil Goutham <sgoutham@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit ee0d8d8482345ff97a75a7d747efc309f13b0d80
Author: Dan Carpenter <dan.carpenter@oracle.com>
Date:   Tue May 2 13:58:53 2017 +0300

    ipx: call ipxitf_put() in ioctl error path
    
    We should call ipxitf_put() if the copy_to_user() fails.
    
    Reported-by: 李强 <liqiang6-s@360.cn>
    Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 9da3242e6a83b6f315aa9c394c939da8e4ad7774
Author: Jiri Pirko <jiri@mellanox.com>
Date:   Tue May 2 10:12:00 2017 +0200

    net: sched: add helpers to handle extended actions
    
    Jump is now the only one using value action opcode. This is going to
    change soon. So introduce helpers to work with this. Convert TC_ACT_JUMP.
    
    This also fixes the TC_ACT_JUMP check, which is incorrectly done as a
    bit check, not a value check.
    
    Fixes: e0ee84ded796 ("net sched actions: Complete the JUMPX opcode")
    Signed-off-by: Jiri Pirko <jiri@mellanox.com>
    Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 8d3f87d8cd0a16c58ae7e4410938528866c1c0db
Author: sudarsana.kalluru@cavium.com <sudarsana.kalluru@cavium.com>
Date:   Tue May 2 01:11:03 2017 -0700

    qed*: Fix issues in the ptp filter config implementation.
    
    PTP hardware filter configuration performed by the driver for a given
    user requested config is not correct for some of the PTP modes.
    Following changes are needed for PTP config-filter implementation.
     1. NIG_REG_TX_PTP_EN register - Bits 0/1/2 respectively enables
        TimeSync/"V1 frame format support"/"V2 frame format support" on
        the TX side. Set the associated bits based on the user request.
     2. ptp4l application fails to operate in Peer Delay mode. Following
        changes are needed to fix this,
        a. Driver should enable (set to 0) DA #1-related bits for IPv4,
           IPv6 and MAC destination addresses in these registers:
             NIG_REG_TX_LLH_PTP_RULE_MASK
             NIG_REG_LLH_PTP_RULE_MASK
        b. NIG_REG_LLH_PTP_PARAM_MASK/NIG_REG_TX_LLH_PTP_PARAM_MASK should
           be set to 0x0 in all modes.
    
    Signed-off-by: Sudarsana Reddy Kalluru <Sudarsana.Kalluru@cavium.com>
    Signed-off-by: Yuval Mintz <Yuval.Mintz@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 461eec12012c29b66525c270208d30be8f6da8e7
Author: sudarsana.kalluru@cavium.com <sudarsana.kalluru@cavium.com>
Date:   Tue May 2 01:11:02 2017 -0700

    qede: Fix concurrency issue in PTP Tx path processing.
    
    PTP Tx timestamping data structures are not protected against the
    concurrent access in the Tx paths. Protecting the same using atomic
    bit locks.
    
    Signed-off-by: Sudarsana Reddy Kalluru <Sudarsana.Kalluru@cavium.com>
    Signed-off-by: Yuval Mintz <Yuval.Mintz@cavium.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 212c7fd614377fef4415d94856a59e9f484aa439
Author: Jan Kiszka <jan.kiszka@siemens.com>
Date:   Tue May 2 09:58:00 2017 +0200

    stmmac: Add support for SIMATIC IOT2000 platform
    
    The IOT2000 is industrial controller platform, derived from the Intel
    Galileo Gen2 board. The variant IOT2020 comes with one LAN port, the
    IOT2040 has two of them. They can be told apart based on the board asset
    tag in the DMI table.
    
    Based on patch by Sascha Weisenberger.
    
    Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
    Signed-off-by: Sascha Weisenberger <sascha.weisenberger@siemens.com>
    Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 412b65d15a7f8a93794653968308fc100f2aa87c
Author: Timmy Li <lixiaoping3@huawei.com>
Date:   Tue May 2 10:46:52 2017 +0800

    net: hns: fix ethtool_get_strings overflow in hns driver
    
    hns_get_sset_count() returns HNS_NET_STATS_CNT and the data space allocated
    is not enough for ethtool_get_strings(), which will cause random memory
    corruption.
    
    When SLAB and DEBUG_SLAB are both enabled, memory corruptions like the
    the following can be observed without this patch:
    [   43.115200] Slab corruption (Not tainted): Acpi-ParseExt start=ffff801fb0b69030, len=80
    [   43.115206] Redzone: 0x9f911029d006462/0x5f78745f31657070.
    [   43.115208] Last user: [<5f7272655f746b70>](0x5f7272655f746b70)
    [   43.115214] 010: 70 70 65 31 5f 74 78 5f 70 6b 74 00 6b 6b 6b 6b  ppe1_tx_pkt.kkkk
    [   43.115217] 030: 70 70 65 31 5f 74 78 5f 70 6b 74 5f 6f 6b 00 6b  ppe1_tx_pkt_ok.k
    [   43.115218] Next obj: start=ffff801fb0b69098, len=80
    [   43.115220] Redzone: 0x706d655f6f666966/0x9f911029d74e35b.
    [   43.115229] Last user: [<ffff0000084b11b0>](acpi_os_release_object+0x28/0x38)
    [   43.115231] 000: 74 79 00 6b 6b 6b 6b 6b 70 70 65 31 5f 74 78 5f  ty.kkkkkppe1_tx_
    [   43.115232] 010: 70 6b 74 5f 65 72 72 5f 63 73 75 6d 5f 66 61 69  pkt_err_csum_fai
    
    Signed-off-by: Timmy Li <lixiaoping3@huawei.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit a9f11f963a546fea9144f6a6d1a307e814a387e7
Author: Eric Dumazet <edumazet@google.com>
Date:   Mon May 1 15:29:48 2017 -0700

    tcp: fix wraparound issue in tcp_lp
    
    Be careful when comparing tcp_time_stamp to some u32 quantity,
    otherwise result can be surprising.
    
    Fixes: 7c106d7e782b ("[TCP]: TCP Low Priority congestion control")
    Signed-off-by: Eric Dumazet <edumazet@google.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit ddc665a4bb4b728b4e6ecec8db1b64efa9184b9c
Author: Daniel Borkmann <daniel@iogearbox.net>
Date:   Tue May 2 20:34:54 2017 +0200

    bpf, arm64: fix jit branch offset related to ldimm64
    
    When the instruction right before the branch destination is
    a 64 bit load immediate, we currently calculate the wrong
    jump offset in the ctx->offset[] array as we only account
    one instruction slot for the 64 bit load immediate although
    it uses two BPF instructions. Fix it up by setting the offset
    into the right slot after we incremented the index.
    
    Before (ldimm64 test 1):
    
      [...]
      00000020:  52800007  mov w7, #0x0 // #0
      00000024:  d2800060  mov x0, #0x3 // #3
      00000028:  d2800041  mov x1, #0x2 // #2
      0000002c:  eb01001f  cmp x0, x1
      00000030:  54ffff82  b.cs 0x00000020
      00000034:  d29fffe7  mov x7, #0xffff // #65535
      00000038:  f2bfffe7  movk x7, #0xffff, lsl #16
      0000003c:  f2dfffe7  movk x7, #0xffff, lsl #32
      00000040:  f2ffffe7  movk x7, #0xffff, lsl #48
      00000044:  d29dddc7  mov x7, #0xeeee // #61166
      00000048:  f2bdddc7  movk x7, #0xeeee, lsl #16
      0000004c:  f2ddddc7  movk x7, #0xeeee, lsl #32
      00000050:  f2fdddc7  movk x7, #0xeeee, lsl #48
      [...]
    
    After (ldimm64 test 1):
    
      [...]
      00000020:  52800007  mov w7, #0x0 // #0
      00000024:  d2800060  mov x0, #0x3 // #3
      00000028:  d2800041  mov x1, #0x2 // #2
      0000002c:  eb01001f  cmp x0, x1
      00000030:  540000a2  b.cs 0x00000044
      00000034:  d29fffe7  mov x7, #0xffff // #65535
      00000038:  f2bfffe7  movk x7, #0xffff, lsl #16
      0000003c:  f2dfffe7  movk x7, #0xffff, lsl #32
      00000040:  f2ffffe7  movk x7, #0xffff, lsl #48
      00000044:  d29dddc7  mov x7, #0xeeee // #61166
      00000048:  f2bdddc7  movk x7, #0xeeee, lsl #16
      0000004c:  f2ddddc7  movk x7, #0xeeee, lsl #32
      00000050:  f2fdddc7  movk x7, #0xeeee, lsl #48
      [...]
    
    Also, add a couple of test cases to make sure JITs pass
    this test. Tested on Cavium ThunderX ARMv8. The added
    test cases all pass after the fix.
    
    Fixes: 8eee539ddea0 ("arm64: bpf: fix out-of-bounds read in bpf2a64_offset()")
    Reported-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Acked-by: Alexei Starovoitov <ast@kernel.org>
    Cc: Xi Wang <xi.wang@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 85f68fe89832057584a9e66e1e7e53d53e50faff
Author: Daniel Borkmann <daniel@iogearbox.net>
Date:   Mon May 1 02:57:20 2017 +0200

    bpf, arm64: implement jiting of BPF_XADD
    
    This work adds BPF_XADD for BPF_W/BPF_DW to the arm64 JIT and therefore
    completes JITing of all BPF instructions, meaning we can thus also remove
    the 'notyet' label and do not need to fall back to the interpreter when
    BPF_XADD is used in a program!
    
    This now also brings arm64 JIT in line with x86_64, s390x, ppc64, sparc64,
    where all current eBPF features are supported.
    
    BPF_W example from test_bpf:
    
      .u.insns_int = {
        BPF_ALU32_IMM(BPF_MOV, R0, 0x12),
        BPF_ST_MEM(BPF_W, R10, -40, 0x10),
        BPF_STX_XADD(BPF_W, R10, R0, -40),
        BPF_LDX_MEM(BPF_W, R0, R10, -40),
        BPF_EXIT_INSN(),
      },
    
      [...]
      00000020:  52800247  mov w7, #0x12 // #18
      00000024:  928004eb  mov x11, #0xffffffffffffffd8 // #-40
      00000028:  d280020a  mov x10, #0x10 // #16
      0000002c:  b82b6b2a  str w10, [x25,x11]
      // start of xadd mapping:
      00000030:  928004ea  mov x10, #0xffffffffffffffd8 // #-40
      00000034:  8b19014a  add x10, x10, x25
      00000038:  f9800151  prfm pstl1strm, [x10]
      0000003c:  885f7d4b  ldxr w11, [x10]
      00000040:  0b07016b  add w11, w11, w7
      00000044:  880b7d4b  stxr w11, w11, [x10]
      00000048:  35ffffab  cbnz w11, 0x0000003c
      // end of xadd mapping:
      [...]
    
    BPF_DW example from test_bpf:
    
      .u.insns_int = {
        BPF_ALU32_IMM(BPF_MOV, R0, 0x12),
        BPF_ST_MEM(BPF_DW, R10, -40, 0x10),
        BPF_STX_XADD(BPF_DW, R10, R0, -40),
        BPF_LDX_MEM(BPF_DW, R0, R10, -40),
        BPF_EXIT_INSN(),
      },
    
      [...]
      00000020:  52800247  mov w7,  #0x12 // #18
      00000024:  928004eb  mov x11, #0xffffffffffffffd8 // #-40
      00000028:  d280020a  mov x10, #0x10 // #16
      0000002c:  f82b6b2a  str x10, [x25,x11]
      // start of xadd mapping:
      00000030:  928004ea  mov x10, #0xffffffffffffffd8 // #-40
      00000034:  8b19014a  add x10, x10, x25
      00000038:  f9800151  prfm pstl1strm, [x10]
      0000003c:  c85f7d4b  ldxr x11, [x10]
      00000040:  8b07016b  add x11, x11, x7
      00000044:  c80b7d4b  stxr w11, x11, [x10]
      00000048:  35ffffab  cbnz w11, 0x0000003c
      // end of xadd mapping:
      [...]
    
    Tested on Cavium ThunderX ARMv8, test suite results after the patch:
    
      No JIT:   [ 3751.855362] test_bpf: Summary: 311 PASSED, 0 FAILED, [0/303 JIT'ed]
      With JIT: [ 3573.759527] test_bpf: Summary: 311 PASSED, 0 FAILED, [303/303 JIT'ed]
    
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Acked-by: Alexei Starovoitov <ast@kernel.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 59b5c13899989e3d8f68a3d19c68044cce8254c0
Author: Tobias Regnery <tobias.regnery@gmail.com>
Date:   Tue May 2 15:15:01 2017 +0200

    Bluetooth: hci_uart: fix kconfig dependency
    
    We see the following link error with CONFIG_BT_HCIUART=y,
    CONFIG_BT_HCIUART_LL=y and CONFIG_SERIAL_DEV_BUS=m:
    
    drivers/built-in.o: In function 'll_close':
    supp.c:(.text+0x55add4): undefined reference to 'serdev_device_close'
    supp.c:(.text+0x55add4): relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol 'serdev_device_close'
    drivers/built-in.o: In function 'll_open':
    supp.c:(.text+0x55aed0): undefined reference to 'serdev_device_open'
    supp.c:(.text+0x55aed0): relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol 'serdev_device_open'
    drivers/built-in.o: In function `hci_ti_probe':
    supp.c:(.text+0x55b00c): undefined reference to 'hci_uart_register_device'
    supp.c:(.text+0x55b00c): relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol 'hci_uart_register_device'
    drivers/built-in.o: In function `ll_setup':
    supp.c:(.text+0x55b08c): undefined reference to 'serdev_device_set_flow_control'
    supp.c:(.text+0x55b08c): relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol 'serdev_device_set_flow_control'
    supp.c:(.text+0x55b324): undefined reference to 'serdev_device_set_baudrate'
    supp.c:(.text+0x55b324): relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol 'serdev_device_set_baudrate'
    drivers/built-in.o: In function 'll_init':
    supp.c:(.init.text+0x1b508): undefined reference to '__serdev_device_driver_register'
    supp.c:(.init.text+0x1b508): relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol '__serdev_device_driver_register'
    
    Fix this by dependig BT_HCIUART_LL on the BT_HCIUART_SERDEV symbol.
    This implies a dependency on BT_HCIUART and hci_ll.c is only compiled in
    if SERIAl_DEV_BUS is built in or SERIAL_DEV_BUS and BT_HCIUART are
    modules.
    
    Fixes: 371805522f87 ("bluetooth: hci_uart: add LL protocol serdev driver support")
    Signed-off-by: Tobias Regnery <tobias.regnery@gmail.com>
    Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

commit 8a8b56638bcac4e64cccc88bf95a0f9f4b19a2fb
Author: James Hogan <james.hogan@imgtec.com>
Date:   Fri Apr 28 10:50:26 2017 +0100

    metag/uaccess: Fix access_ok()
    
    The __user_bad() macro used by access_ok() has a few corner cases
    noticed by Al Viro where it doesn't behave correctly:
    
     - The kernel range check has off by 1 errors which permit access to the
       first and last byte of the kernel mapped range.
    
     - The kernel range check ends at LINCORE_BASE rather than
       META_MEMORY_LIMIT, which is ineffective when the kernel is in global
       space (an extremely uncommon configuration).
    
    There are a couple of other shortcomings here too:
    
     - Access to the whole of the other address space is permitted (i.e. the
       global half of the address space when the kernel is in local space).
       This isn't ideal as it could theoretically still contain privileged
       mappings set up by the bootloader.
    
     - The size argument is unused, permitting user copies which start on
       valid pages at the end of the user address range and cross the
       boundary into the kernel address space (e.g. addr = 0x3ffffff0, size
       > 0x10).
    
    It isn't very convenient to add size checks when disallowing certain
    regions, and it seems far safer to be sure and explicit about what
    userland is able to access, so invert the logic to allow certain regions
    instead, and fix the off by 1 errors and missing size checks. This also
    allows the get_fs() == KERNEL_DS check to be more easily optimised into
    the user address range case.
    
    We now have 3 such allowed regions:
    
     - The user address range (incorporating the get_fs() == KERNEL_DS
       check).
    
     - NULL (some kernel code expects this to work, and we'll always catch
       the fault anyway).
    
     - The core code memory region.
    
    Fixes: 373cd784d0fc ("metag: Memory handling")
    Reported-by: Al Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: James Hogan <james.hogan@imgtec.com>
    Cc: linux-metag@vger.kernel.org
    Cc: stable@vger.kernel.org

commit a3a8e90a11e7d5245fc985c2e920b196b388022e
Author: Javier Martinez Canillas <javier@dowhile0.org>
Date:   Fri Apr 28 00:22:15 2017 -0400

    MAINTAINERS: Remove myself as reviewer for Exynos
    
    I left Samsung and lost access to most Exynos hardware and documentation.
    Also, I likely won't be able to keep an eye on the platform anymore in the
    short term so remove myself as a reviewer for Exynos.
    
    Signed-off-by: Javier Martinez Canillas <javier@dowhile0.org>
    Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>

commit 1dbdcc810928a2c1acdd0bbfce9495f63610a0d1
Author: Timur Tabi <timur@codeaurora.org>
Date:   Mon May 1 14:23:04 2017 -0500

    selftests: watchdog: accept multiple params on command line
    
    Watchdog drivers are not required to retain programming information,
    such as timeouts, after the watchdog device is closed.  Therefore,
    the watchdog test should be able to perform multiple actions after
    opening the watchdog device.
    
    For example, to set the timeout to 10s and ping every 5s:
    
            watchdog-test -t 10 -p 5 -e
    
    Also, display the periodic decimal point only if the keep-alive call
    succeeds.
    
    Signed-off-by: Timur Tabi <timur@codeaurora.org>
    Reviewed-by: Guenter Roeck <linux@roeck-us.net>
    Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>

commit 933dfbd7c437bbbf65caae785dfa105fbfaa8485
Author: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Date:   Tue May 2 08:48:33 2017 -0700

    rcu: Open-code the rcu_cblist_n_lazy_cbs() function
    
    Because the rcu_cblist_n_lazy_cbs() just samples the ->len_lazy counter,
    and because the rcu_cblist structure is quite straightforward, it makes
    sense to open-code rcu_cblist_n_lazy_cbs(p) as p->len_lazy, cutting out
    a level of indirection.  This commit makes this change.
    
    Reported-by: Ingo Molnar <mingo@kernel.org>
    Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>

commit 4b27f20b40a23f03df682eb1f69e9dc3da7d3b93
Author: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Date:   Tue May 2 08:45:25 2017 -0700

    rcu: Open-code the rcu_cblist_n_cbs() function
    
    Because the rcu_cblist_n_cbs() just samples the ->len counter, and
    because the rcu_cblist structure is quite straightforward, it makes
    sense to open-code rcu_cblist_n_cbs(p) as p->len, cutting out a level
    of indirection.  This commit makes this change.
    
    Reported-by: Ingo Molnar <mingo@kernel.org>
    Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>

commit 586f8525979ad9574bf61637fd58c98d5077f29d
Author: David Miller <davem@davemloft.net>
Date:   Tue May 2 11:36:45 2017 -0400

    bpf: Align packet data properly in program testing framework.
    
    Make sure we apply NET_IP_ALIGN when reserving headroom for SKB
    and XDP test runs, just like a real driver would.
    
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Acked-by: Daniel Borkmann <daniel@iogearbox.net>

commit 78e5227237cae9172dd50c3ebb08d4fb31530676
Author: David Miller <davem@davemloft.net>
Date:   Tue May 2 11:36:33 2017 -0400

    bpf: Do not dereference user pointer in bpf_test_finish().
    
    Instead, pass the kattr in which has a kernel side copy of this
    data structure from userspace already.
    
    Fix based upon a suggestion from Alexei Starovoitov.
    
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Acked-by: Daniel Borkmann <daniel@iogearbox.net>

commit 8ef0f37efb7863a04b1e4102d42b7c0b1a59d40f
Author: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Date:   Tue May 2 08:18:40 2017 -0700

    rcu: Open-code the rcu_cblist_empty() function
    
    Because the rcu_cblist_empty() just samples the ->head pointer, and
    because the rcu_cblist structure is quite straightforward, it makes
    sense to open-code rcu_cblist_empty(p) as !p->head, cutting out a
    level of indirection.  This commit makes this change.
    
    Reported-by: Ingo Molnar <mingo@kernel.org>
    Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>

commit 4e9c3a667135799d50f2778a8a8dae2ca13aafd0
Author: David S. Miller <davem@davemloft.net>
Date:   Tue May 2 07:52:01 2017 -0700

    selftests: bpf: Use bpf_endian.h in test_xdp.c
    
    This fixes the testcase on big-endian.
    
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 24b43c99647bf9be4995e6a6c9c3a923c147770a
Author: Paolo Abeni <pabeni@redhat.com>
Date:   Tue May 2 16:03:58 2017 +0200

    infiniband: avoid dereferencing uninitialized dst on error path
    
    With commit eea40b8f624f ("infiniband: call ipv6 route lookup
    via the stub interface"), if the route lookup fails due to
    ipv6 being disabled, the dst variable is left untouched, and
    the following dst_release() may access uninitialized memory.
    
    Since ipv6_dst_lookup() always sets dst to NULL in case of
    lookup failure with ipv6 enabled, fix the above just
    returning the error code if the lookup fails.
    
    Fixes: eea40b8f624 ("infiniband: call ipv6 route lookup via the stub interface")
    Reported-by: Sabrina Dubroca <sd@queasysnail.net>
    Signed-off-by: Paolo Abeni <pabeni@redhat.com>
    Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
    Signed-off-by: Doug Ledford <dledford@redhat.com>

commit 98059b98619d093366462ff0a4e1258e946accb9
Author: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Date:   Tue May 2 06:30:12 2017 -0700

    rcu: Separately compile large rcu_segcblist functions
    
    This commit creates a new kernel/rcu/rcu_segcblist.c file that
    contains non-trivial segcblist functions.  Trivial functions
    remain as static inline functions in kernel/rcu/rcu_segcblist.h
    
    Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Thomas Gleixner <tglx@linutronix.de>

commit 534c01ecdc458bf67e33b3815f1445025ab43719
Author: Paul Moore <paul@paul-moore.com>
Date:   Tue May 2 10:16:05 2017 -0400

    audit: the fix RCU locking for the auditd_connection structure
    
    Cong Wang correctly pointed out that the RCU read locking of the
    auditd_connection struct was wrong, this patch correct this by
    adopting a more traditional, and correct RCU locking model.
    
    This patch is heavily based on an earlier prototype by Cong Wang.
    
    Cc: <stable@vger.kernel.org> # 4.11.x-
    Reported-by: Cong Wang <xiyou.wangcong@gmail.com>
    Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
    Signed-off-by: Paul Moore <paul@paul-moore.com>

commit 8cc96382d9a7fe1746286670dd5140c3b12638ae
Author: Paul Moore <paul@paul-moore.com>
Date:   Tue May 2 10:16:05 2017 -0400

    audit: use kmem_cache to manage the audit_buffer cache
    
    The audit subsystem implemented its own buffer cache mechanism which
    is a bit silly these days when we could use the kmem_cache construct.
    
    Some credit is due to Florian Westphal for originally proposing that
    we remove the audit cache implementation in favor of simple
    kmalloc()/kfree() calls, but I would rather have a dedicated slab
    cache to ease debugging and future stats/performance work.
    
    Cc: Florian Westphal <fw@strlen.de>
    Reviewed-by: Richard Guy Briggs <rgb@redhat.com>
    Signed-off-by: Paul Moore <paul@paul-moore.com>

commit 2115bb250f260089743e26decfb5f271ba71ca37
Author: Deepa Dinamani <deepa.kernel@gmail.com>
Date:   Tue May 2 10:16:05 2017 -0400

    audit: Use timespec64 to represent audit timestamps
    
    struct timespec is not y2038 safe.
    Audit timestamps are recorded in string format into
    an audit buffer for a given context.
    These mark the entry timestamps for the syscalls.
    Use y2038 safe struct timespec64 to represent the times.
    The log strings can handle this transition as strings can
    hold upto 1024 characters.
    
    Signed-off-by: Deepa Dinamani <deepa.kernel@gmail.com>
    Reviewed-by: Arnd Bergmann <arnd@arndb.de>
    Acked-by: Paul Moore <paul@paul-moore.com>
    Acked-by: Richard Guy Briggs <rgb@redhat.com>
    Signed-off-by: Paul Moore <paul@paul-moore.com>

commit b6c7c115c2ce679ac536f0adf0ff518fcd939196
Author: Paul Moore <paul@paul-moore.com>
Date:   Tue May 2 10:16:05 2017 -0400

    audit: store the auditd PID as a pid struct instead of pid_t
    
    This is arguably the right thing to do, and will make it easier when
    we start supporting multiple audit daemons in different namespaces.
    
    Signed-off-by: Paul Moore <paul@paul-moore.com>

commit 45a0642b4d021a2f50d5db9c191b5bfe60bfa1c7
Author: Paul Moore <paul@paul-moore.com>
Date:   Tue May 2 10:16:05 2017 -0400

    audit: kernel generated netlink traffic should have a portid of 0
    
    We were setting the portid incorrectly in the netlink message headers,
    fix that to always be 0 (nlmsg_pid = 0).
    
    Signed-off-by: Paul Moore <paul@paul-moore.com>
    Reviewed-by: Richard Guy Briggs <rgb@redhat.com>

commit a9d1620877748375cf60b43ef3fa5f61ab6d9f24
Author: Paul Moore <paul@paul-moore.com>
Date:   Tue May 2 10:16:05 2017 -0400

    audit: combine audit_receive() and audit_receive_skb()
    
    There is no reason to have both of these functions, combine the two.
    
    Signed-off-by: Paul Moore <paul@paul-moore.com>
    Reviewed-by: Richard Guy Briggs <rgb@redhat.com>

commit bd120ded6a6af61ad342a8a95b36b64bd1e2f9e6
Author: Elena Reshetova <elena.reshetova@intel.com>
Date:   Tue May 2 10:16:05 2017 -0400

    audit: convert audit_watch.count from atomic_t to refcount_t
    
    refcount_t type and corresponding API should be
    used instead of atomic_t when the variable is used as
    a reference counter. This allows to avoid accidental
    refcounter overflows that might lead to use-after-free
    situations.
    
    Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
    Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
    Signed-off-by: Kees Cook <keescook@chromium.org>
    Signed-off-by: David Windsor <dwindsor@gmail.com>
    [PM: fix subject line, add #include]
    Signed-off-by: Paul Moore <paul@paul-moore.com>

commit 9d2378f8c8f1a3fcfab681fd90c139d90dca7b69
Author: Elena Reshetova <elena.reshetova@intel.com>
Date:   Tue May 2 10:16:04 2017 -0400

    audit: convert audit_tree.count from atomic_t to refcount_t
    
    refcount_t type and corresponding API should be
    used instead of atomic_t when the variable is used as
    a reference counter. This allows to avoid accidental
    refcounter overflows that might lead to use-after-free
    situations.
    
    Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
    Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
    Signed-off-by: Kees Cook <keescook@chromium.org>
    Signed-off-by: David Windsor <dwindsor@gmail.com>
    [PM: fix subject line, add #include]
    Signed-off-by: Paul Moore <paul@paul-moore.com>

commit 2173c519d5e912a6e2934bb04255fcd36c1591c8
Author: Richard Guy Briggs <rgb@redhat.com>
Date:   Tue May 2 10:16:04 2017 -0400

    audit: normalize NETFILTER_PKT
    
    Eliminate flipping in and out of message fields, dropping fields in the
    process.
    
    Sample raw message format IPv4 UDP:
    type=NETFILTER_PKT msg=audit(1487874761.386:228):  mark=0xae8a2732 saddr=127.0.0.1 daddr=127.0.0.1 proto=17^]
    Sample raw message format IPv6 ICMP6:
    type=NETFILTER_PKT msg=audit(1487874761.381:227):  mark=0x223894b7 saddr=::1 daddr=::1 proto=58^]
    
    Issue: https://github.com/linux-audit/audit-kernel/issues/11
    Test case: https://github.com/linux-audit/audit-testsuite/issues/43
    
    Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
    Signed-off-by: Paul Moore <paul@paul-moore.com>

commit 0cb88b6ff054ccfa30e0fd7f7b42ee9f088db432
Author: Richard Guy Briggs <rgb@redhat.com>
Date:   Tue May 2 10:16:04 2017 -0400

    netfilter: use consistent ipv4 network offset in xt_AUDIT
    
    Even though the skb->data pointer has been moved from the link layer
    header to the network layer header, use the same method to calculate the
    offset in ipv4 and ipv6 routines.
    
    Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
    [PM: munged subject line]
    Signed-off-by: Paul Moore <paul@paul-moore.com>

commit f6276ac95bde4312251535904af32b1de9d54949
Author: Richard Guy Briggs <rgb@redhat.com>
Date:   Tue May 2 10:16:04 2017 -0400

    audit: log module name on delete_module
    
    When a sysadmin wishes to monitor module unloading with a syscall rule such as:
     -a always,exit -F arch=x86_64 -S delete_module -F key=mod-unload
    the SYSCALL record doesn't tell us what module was requested for unloading.
    
    Use the new KERN_MODULE auxiliary record to record it.
    The SYSCALL record result code will list the return code.
    
    See: https://github.com/linux-audit/audit-kernel/issues/37
        https://github.com/linux-audit/audit-kernel/issues/7
        https://github.com/linux-audit/audit-kernel/wiki/RFE-Module-Load-Record-Format
    
    Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
    Acked-by: Jessica Yu <jeyu@redhat.com>
    Signed-off-by: Paul Moore <paul@paul-moore.com>

commit 9aab4f4ea7a4ca80ec3e0269ce2eb71a24f6fef9
Author: Nicholas Mc Guire <der.herr@hofr.at>
Date:   Tue May 2 10:16:04 2017 -0400

    audit: remove unnecessary semicolon in audit_watch_handle_event()
    
    The excess ; after the closing parenthesis is just code-noise it has no
    and can be removed.
    
    Signed-off-by: Nicholas Mc Guire <der.herr@hofr.at>
    [PM: tweaked subject line]
    Signed-off-by: Paul Moore <paul@paul-moore.com>

commit b5239fba69949a44290d4af517fc1c2eff3e36f6
Author: Nicholas Mc Guire <der.herr@hofr.at>
Date:   Tue May 2 10:16:04 2017 -0400

    audit: remove unnecessary semicolon in audit_mark_handle_event()
    
    The excess ; after the closing parenthesis is just code-noise it has no
    and can be removed.
    
    Signed-off-by: Nicholas Mc Guire <der.herr@hofr.at>
    [PM: tweaked subject line]
    Signed-off-by: Paul Moore <paul@paul-moore.com>

commit b7a84deaf8d1b0e62b437a290a40d6380975f126
Author: Nicholas Mc Guire <der.herr@hofr.at>
Date:   Tue May 2 10:16:03 2017 -0400

    audit: remove unnecessary semicolon in audit_field_valid()
    
    The excess ; after the closing parenthesis is just code-noise it has no
    and can be removed.
    
    Signed-off-by: Nicholas Mc Guire <der.herr@hofr.at>
    [PM: tweak subject line]
    Signed-off-by: Paul Moore <paul@paul-moore.com>

commit b5d60989c6f7501af72cb65893c02621dd16fd84
Author: Jakub Kicinski <jakub.kicinski@netronome.com>
Date:   Mon May 1 15:53:43 2017 -0700

    xdp: fix parameter kdoc for extack
    
    Fix kdoc parameter spelling from extact to extack.
    
    Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit eb6211d3606971a957fea28f7532687f9d0f93f2
Author: Daniel Borkmann <daniel@iogearbox.net>
Date:   Tue May 2 00:47:09 2017 +0200

    bpf, samples: fix build warning in cookie_uid_helper_example
    
    Fix the following warnings triggered by 51570a5ab2b7 ("A Sample of
    using socket cookie and uid for traffic monitoring"):
    
      In file included from /home/foo/net-next/samples/bpf/cookie_uid_helper_example.c:54:0:
      /home/foo/net-next/samples/bpf/cookie_uid_helper_example.c: In function 'prog_load':
      /home/foo/net-next/samples/bpf/cookie_uid_helper_example.c:119:27: warning: overflow in implicit constant conversion [-Woverflow]
         -32 + offsetof(struct stats, uid)),
                               ^
      /home/foo/net-next/samples/bpf/libbpf.h:135:12: note: in definition of macro 'BPF_STX_MEM'
       .off   = OFF,     \
                ^
      /home/foo/net-next/samples/bpf/cookie_uid_helper_example.c:121:27: warning: overflow in implicit constant conversion [-Woverflow]
         -32 + offsetof(struct stats, packets), 1),
                               ^
      /home/foo/net-next/samples/bpf/libbpf.h:155:12: note: in definition of macro 'BPF_ST_MEM'
       .off   = OFF,     \
                ^
      /home/foo/net-next/samples/bpf/cookie_uid_helper_example.c:129:27: warning: overflow in implicit constant conversion [-Woverflow]
         -32 + offsetof(struct stats, bytes)),
                               ^
      /home/foo/net-next/samples/bpf/libbpf.h:135:12: note: in definition of macro 'BPF_STX_MEM'
       .off   = OFF,     \
                ^
      HOSTLD  /home/foo/net-next/samples/bpf/per_socket_stats_example
    
    Fixes: 51570a5ab2b7 ("A Sample of using socket cookie and uid for traffic monitoring")
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Signed-off-by: David S. Miller <davem@davemloft.net>

commit 45753c5f315749711b935a2506ee5c10eef5c23d
Author: Ingo Molnar <mingo@kernel.org>
Date:   Tue May 2 10:31:18 2017 +0200

    srcu: Debloat the <linux/rcu_segcblist.h> header
    
    Linus noticed that the <linux/rcu_segcblist.h> has huge inline functions
    which should not be inline at all.
    
    As a first step in cleaning this up, move them all to kernel/rcu/ and
    only keep an absolute minimum of data type defines in the header:
    
      before:   -rw-r--r-- 1 mingo mingo 22284 May  2 10:25 include/linux/rcu_segcblist.h
       after:   -rw-r--r-- 1 mingo mingo  3180 May  2 10:22 include/linux/rcu_segcblist.h
    
    More can be done, such as uninlining the large functions, which inlining
    is unjustified even if it's an RCU internal matter.
    
    Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Signed-off-by: Ingo Molnar <mingo@kernel.org>
    Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>

commit 5c9cfda13dc503f4b25b486a57974e0414adb6f1
Author: Karim Eshapa <karim.eshapa@gmail.com>
Date:   Tue May 2 13:47:54 2017 +0200

    drivers/video/fbdev/omap/lcd_mipid.c: Use time comparison kernel macros
    
    Use time_before_eq time comparison defind kernel macro
    that has safety check.
    
    Signed-off-by: Karim Eshapa <karim.eshapa@gmail.com>
    Cc: Tomi Valkeinen <tomi.valkeinen@ti.com>
    Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>

commit dc85e9a87420613b3129d5cc5ecd79c58351c546
Author: Alexey Khoroshilov <khoroshilov@ispras.ru>
Date:   Tue May 2 13:47:53 2017 +0200

    sm501fb: don't return zero on failure path in sm501fb_start()
    
    If fbmem iomemory mapping failed, sm501fb_start() breaks off
    initialization, deallocates resources, but returns zero.
    As a result, double deallocation can happen in sm501fb_stop().
    
    Found by Linux Driver Verification project (linuxtesting.org).
    
    Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
    Cc: Tomi Valkeinen <tomi.valkeinen@ti.com>
    Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>

commit 45f580c42e5c125d55dbd8099750a1998de3d917
Author: Maksim Salau <maksim.salau@gmail.com>
Date:   Tue May 2 13:47:53 2017 +0200

    video: fbdev: udlfb: Fix buffer on stack
    
    Allocate buffers on HEAP instead of STACK for local array
    that is to be sent using usb_control_msg().
    
    Signed-off-by: Maksim Salau <maksim.salau@gmail.com>
    Cc: Bernie Thompson <bernie@plugable.com>
    Cc: Geert Uytterhoeven <geert@linux-m68k.org>
    Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>

commit 2f9d31b67ed3342e7297878716196bcb5e88ab64
Author: Marcel Holtmann <marcel@holtmann.org>
Date:   Mon May 1 23:54:19 2017 -0700

    Bluetooth: Set LE Default PHY preferences
    
    If the LE Set Default PHY command is supported, the indicate to the
    controller that the host has no preferences for transmitter PHY or
    receiver PHY selection.
    
    Issuing this command gives the controller a clear indication that other
    PHY can be selected if available.
    
    Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
    Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>

commit d284f54e7ab1598b23dff8593401c3c497672ec9
Author: Marcel Holtmann <marcel@holtmann.org>
Date:   Mon May 1 23:54:18 2017 -0700

    Bluetooth: Enable LE PHY Update Complete event
    
    If either LE Set Default PHY command or LE Set PHY commands is
    supported, then enable the LE PHY Update Complete event.
    
    Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
    Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>

commit 606f8eefacb58d3754a89d453744f78b0714f0b4
Author: Marcel Holtmann <marcel@holtmann.org>
Date:   Mon May 1 23:54:17 2017 -0700

    Bluetooth: Enable LE Channel Selection Algorithm event
    
    If the Channel Selection Algorithm #2 feature is supported, then enable
    the new LE Channel Selection Algorithm event.
    
    Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
    Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>

commit e371fd7607999fabbd955b4d22c8e912594a7997
Author: Julien Grall <julien.grall@arm.com>
Date:   Mon Apr 24 18:58:39 2017 +0100

    xen: Implement EFI reset_system callback
    
    When rebooting DOM0 with ACPI on ARM64, the kernel is crashing with the stack
    trace [1].
    
    This is happening because when EFI runtimes are enabled, the reset code
    (see machine_restart) will first try to use EFI restart method.
    
    However, the EFI restart code is expecting the reset_system callback to
    be always set. This is not the case for Xen and will lead to crash.
    
    The EFI restart helper is used in multiple places and some of them don't
    not have fallback (see machine_power_off). So implement reset_system
    callback as a call to xen_reboot when using EFI Xen.
    
    [   36.999270] reboot: Restarting system
    [   37.002921] Internal error: Attempting to execute userspace memory: 86000004 [#1] PREEMPT SMP
    [   37.011460] Modules linked in:
    [   37.014598] CPU: 0 PID: 1 Comm: systemd-shutdow Not tainted 4.11.0-rc1-00003-g1e248b60a39b-dirty #506
    [   37.023903] Hardware name: (null) (DT)
    [   37.027734] task: ffff800902068000 task.stack: ffff800902064000
    [   37.033739] PC is at 0x0
    [   37.036359] LR is at efi_reboot+0x94/0xd0
    [   37.040438] pc : [<0000000000000000>] lr : [<ffff00000880f2c4>] pstate: 404001c5
    [   37.047920] sp : ffff800902067cf0
    [   37.051314] x29: ffff800902067cf0 x28: ffff800902068000
    [   37.056709] x27: ffff000008992000 x26: 000000000000008e
    [   37.062104] x25: 0000000000000123 x24: 0000000000000015
    [   37.067499] x23: 0000000000000000 x22: ffff000008e6e250
    [   37.072894] x21: ffff000008e6e000 x20: 0000000000000000
    [   37.078289] x19: ffff000008e5d4c8 x18: 0000000000000010
    [   37.083684] x17: 0000ffffa7c27470 x16: 00000000deadbeef
    [   37.089079] x15: 0000000000000006 x14: ffff000088f42bef
    [   37.094474] x13: ffff000008f42bfd x12: ffff000008e706c0
    [   37.099870] x11: ffff000008e70000 x10: 0000000005f5e0ff
    [   37.105265] x9 : ffff800902067a50 x8 : 6974726174736552
    [   37.110660] x7 : ffff000008cc6fb8 x6 : ffff000008cc6fb0
    [   37.116055] x5 : ffff000008c97dd8 x4 : 0000000000000000
    [   37.121453] x3 : 0000000000000000 x2 : 0000000000000000
    [   37.126845] x1 : 0000000000000000 x0 : 0000000000000000
    [   37.132239]
    [   37.133808] Process systemd-shutdow (pid: 1, stack limit = 0xffff800902064000)
    [   37.141118] Stack: (0xffff800902067cf0 to 0xffff800902068000)
    [   37.146949] 7ce0:                                   ffff800902067d40 ffff000008085334
    [   37.154869] 7d00: 0000000000000000 ffff000008f3b000 ffff800902067d40 ffff0000080852e0
    [   37.162787] 7d20: ffff000008cc6fb0 ffff000008cc6fb8 ffff000008c7f580 ffff000008c97dd8
    [   37.170706] 7d40: ffff800902067d60 ffff0000080e2c2c 0000000000000000 0000000001234567
    [   37.178624] 7d60: ffff800902067d80 ffff0000080e2ee8 0000000000000000 ffff0000080e2df4
    [   37.186544] 7d80: 0000000000000000 ffff0000080830f0 0000000000000000 00008008ff1c1000
    [   37.194462] 7da0: ffffffffffffffff 0000ffffa7c4b1cc 0000000000000000 0000000000000024
    [   37.202380] 7dc0: ffff800902067dd0 0000000000000005 0000fffff24743c8 0000000000000004
    [   37.210299] 7de0: 0000fffff2475f03 0000000000000010 0000fffff2474418 0000000000000005
    [   37.218218] 7e00: 0000fffff2474578 000000000000000a 0000aaaad6b722c0 0000000000000001
    [   37.226136] 7e20: 0000000000000123 0000000000000038 ffff800902067e50 ffff0000081e7294
    [   37.234055] 7e40: ffff800902067e60 ffff0000081e935c ffff800902067e60 ffff0000081e9388
    [   37.241973] 7e60: ffff800902067eb0 ffff0000081ea388 0000000000000000 00008008ff1c1000
    [   37.249892] 7e80: ffffffffffffffff 0000ffffa7c4a79c 0000000000000000 ffff000000020000
    [   37.257810] 7ea0: 0000010000000004 0000000000000000 0000000000000000 ffff0000080830f0
    [   37.265729] 7ec0: fffffffffee1dead 0000000028121969 0000000001234567 0000000000000000
    [   37.273651] 7ee0: ffffffffffffffff 8080000000800000 0000800000008080 feffa9a9d4ff2d66
    [   37.281567] 7f00: 000000000000008e feffa9a9d5b60e0f 7f7fffffffff7f7f 0101010101010101
    [   37.289485] 7f20: 0000000000000010 0000000000000008 000000000000003a 0000ffffa7ccf588
    [   37.297404] 7f40: 0000aaaad6b87d00 0000ffffa7c4b1b0 0000fffff2474be0 0000aaaad6b88000
    [   37.305326] 7f60: 0000fffff2474fb0 0000000001234567 0000000000000000 0000000000000000
    [   37.313240] 7f80: 0000000000000000 0000000000000001 0000aaaad6b70d4d 0000000000000000
    [   37.321159] 7fa0: 0000000000000001 0000fffff2474ea0 0000aaaad6b5e2e0 0000fffff2474e80
    [   37.329078] 7fc0: 0000ffffa7c4b1cc 0000000000000000 fffffffffee1dead 000000000000008e
    [   37.336997] 7fe0: 0000000000000000 0000000000000000 9ce839cffee77eab fafdbf9f7ed57f2f
    [   37.344911] Call trace:
    [   37.347437] Exception stack(0xffff800902067b20 to 0xffff800902067c50)
    [   37.353970] 7b20: ffff000008e5d4c8 0001000000000000 0000000080f82000 0000000000000000
    [   37.361883] 7b40: ffff800902067b60 ffff000008e17000 ffff000008f44c68 00000001081081b4
    [   37.369802] 7b60: ffff800902067bf0 ffff000008108478 0000000000000000 ffff000008c235b0
    [   37.377721] 7b80: ffff800902067ce0 0000000000000000 0000000000000000 0000000000000015
    [   37.385643] 7ba0: 0000000000000123 000000000000008e ffff000008992000 ffff800902068000
    [   37.393557] 7bc0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
    [   37.401477] 7be0: 0000000000000000 ffff000008c97dd8 ffff000008cc6fb0 ffff000008cc6fb8
    [   37.409396] 7c00: 6974726174736552 ffff800902067a50 0000000005f5e0ff ffff000008e70000
    [   37.417318] 7c20: ffff000008e706c0 ffff000008f42bfd ffff000088f42bef 0000000000000006
    [   37.425234] 7c40: 00000000deadbeef 0000ffffa7c27470
    [   37.430190] [<          (null)>]           (null)
    [   37.434982] [<ffff000008085334>] machine_restart+0x6c/0x70
    [   37.440550] [<ffff0000080e2c2c>] kernel_restart+0x6c/0x78
    [   37.446030] [<ffff0000080e2ee8>] SyS_reboot+0x130/0x228
    [   37.451337] [<ffff0000080830f0>] el0_svc_naked+0x24/0x28
    [   37.456737] Code: bad PC value
    [   37.459891] ---[ end trace 76e2fc17e050aecd ]---
    
    Signed-off-by: Julien Grall <julien.grall@arm.com>
    
    --
    
    Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
    Cc: Juergen Gross <jgross@suse.com>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: Ingo Molnar <mingo@redhat.com>
    Cc: "H. Peter Anvin" <hpa@zytor.com>
    Cc: x86@kernel.org
    
    The x86 code has theoritically a similar issue, altought EFI does not
    seem to be the preferred method. I have only built test it on x86.
    
    This should also probably be fixed in stable tree.
    
        Changes in v2:
            - Implement xen_efi_reset_system using xen_reboot
            - Move xen_efi_reset_system in drivers/xen/efi.c
    Signed-off-by: Juergen Gross <jgross@suse.com>

commit fa12a870a9d594ba458242a04a4d17a76fc816a4
Author: Julien Grall <julien.grall@arm.com>
Date:   Mon Apr 24 18:58:38 2017 +0100

    arm/xen: Consolidate calls to shutdown hypercall in a single helper
    
    Signed-off-by: Julien Grall <julien.grall@arm.com>
    Signed-off-by: Juergen Gross <jgross@suse.com>

commit 5d9404e1185de8d508cd042761306495f727d7eb
Author: Julien Grall <julien.grall@arm.com>
Date:   Mon Apr 24 18:58:37 2017 +0100

    xen: Export xen_reboot
    
    The helper xen_reboot will be called by the EFI code in a later patch.
    
    Note that the ARM version does not yet exist and will be added in a
    later patch too.
    
    Signed-off-by: Julien Grall <julien.grall@arm.com>
    Signed-off-by: Juergen Gross <jgross@suse.com>

commit f31b969217b42df605b2e0e64aa6b3e03e781a4f
Author: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Date:   Wed Apr 26 09:42:48 2017 -0400

    xen/x86: Call xen_smp_intr_init_pv() on BSP
    
    Recent code rework that split handling ov PV, HVM and PVH guests into
    separate files missed calling xen_smp_intr_init_pv() on CPU0.
    
    Add this call.
    
    Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
    Reported-by: Sander Eikelenboom <linux@eikelenboom.it>
    Signed-off-by: Juergen Gross <jgross@suse.com>

commit 84d582d236dc1f9085e741affc72e9ba061a67c2
Author: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Date:   Mon Apr 24 15:04:53 2017 -0400

    xen: Revert commits da72ff5bfcb0 and 72a9b186292d
    
    Recent discussion (http://marc.info/?l=xen-devel&m=149192184523741)
    established that commit 72a9b186292d ("xen: Remove event channel
    notification through Xen PCI platform device") (and thus commit
    da72ff5bfcb0 ("partially revert "xen: Remove event channel
    notification through Xen PCI platform device"")) are unnecessary and,
    in fact, prevent HVM guests from booting on Xen releases prior to 4.0
    
    Therefore we revert both of those commits.
    
    The summary of that discussion is below:
    
      Here is the brief summary of the current situation:
    
      Before the offending commit (72a9b186292):
    
      1) INTx does not work because of the reset_watches path.
      2) The reset_watches path is only taken if you have Xen > 4.0
      3) The Linux Kernel by default will use vector inject if the hypervisor
         support. So even INTx does not work no body running the kernel with
         Xen > 4.0 would notice. Unless he explicitly disabled this feature
         either in the kernel or in Xen (and this can only be disabled by
         modifying the code, not user-supported way to do it).
    
      After the offending commit (+ partial revert):
    
      1) INTx is no longer support for HVM (only for PV guests).
      2) Any HVM guest The kernel will not boot on Xen < 4.0 which does
         not have vector injection support. Since the only other mode
         supported is INTx which.
    
      So based on this summary, I think before commit (72a9b186292) we were
      in much better position from a user point of view.
    
    Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
    Reviewed-by: Juergen Gross <jgross@suse.com>
    Signed-off-by: Juergen Gross <jgross@suse.com>

commit 5f6a1614fab801834e32b420b60acdc27acfcdec
Author: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Date:   Fri Apr 21 11:13:14 2017 -0400

    xen/pvh: Do not fill kernel's e820 map in init_pvh_bootparams()
    
    e820 map is updated with information from the zeropage (i.e. pvh_bootparams)
    by default_machine_specific_memory_setup(). With the way things are done
    now,  we end up with a duplicated e820 map.
    
    Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
    Reviewed-by: Juergen Gross <jgross@suse.com>
    Signed-off-by: Juergen Gross <jgross@suse.com>

commit 6483e3135a693548874429db901c0544d3a9b4cd
Author: Geliang Tang <geliangtang@gmail.com>
Date:   Sat Apr 22 09:21:13 2017 +0800

    xen/scsifront: use offset_in_page() macro
    
    Use offset_in_page() macro instead of open-coding.
    
    Signed-off-by: Geliang Tang <geliangtang@gmail.com>
    Reviewed-by: Juergen Gross <jgross@suse.com>
    Signed-off-by: Juergen Gross <jgross@suse.com>

commit d5ff5061c35448525fcb38950f06af6b9ae12c04
Author: Stefano Stabellini <sstabellini@kernel.org>
Date:   Thu Apr 13 14:04:22 2017 -0700

    xen/arm,arm64: rename __generic_dma_ops to xen_get_dma_ops
    
    Now that __generic_dma_ops is a xen specific function, rename it to
    xen_get_dma_ops. Change all the call sites appropriately.
    
    Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
    Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
    Acked-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
    CC: linux@armlinux.org.uk
    CC: catalin.marinas@arm.com
    CC: will.deacon@arm.com
    CC: boris.ostrovsky@oracle.com
    CC: jgross@suse.com
    CC: Julien Grall <julien.grall@arm.com>

commit e058632670b709145730a134acc3f83f392f7aa7
Author: Stefano Stabellini <sstabellini@kernel.org>
Date:   Thu Apr 13 14:04:21 2017 -0700

    xen/arm,arm64: fix xen_dma_ops after 815dd18 "Consolidate get_dma_ops..."
    
    The following commit:
    
      commit 815dd18788fe0d41899f51b91d0560279cf16b0d
      Author: Bart Van Assche <bart.vanassche@sandisk.com>
      Date:   Fri Jan 20 13:04:04 2017 -0800
    
          treewide: Consolidate get_dma_ops() implementations
    
    rearranges get_dma_ops in a way that xen_dma_ops are not returned when
    running on Xen anymore, dev->dma_ops is returned instead (see
    arch/arm/include/asm/dma-mapping.h:get_arch_dma_ops and
    include/linux/dma-mapping.h:get_dma_ops).
    
    Fix the problem by storing dev->dma_ops in dev_archdata, and setting
    dev->dma_ops to xen_dma_ops. This way, xen_dma_ops is returned naturally
    by get_dma_ops. The Xen code can retrieve the original dev->dma_ops from
    dev_archdata when needed. It also allows us to remove __generic_dma_ops
    from common headers.
    
    Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
    Tested-by: Julien Grall <julien.grall@arm.com>
    Suggested-by: Catalin Marinas <catalin.marinas@arm.com>
    Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
    Cc: <stable@vger.kernel.org>        [4.11+]
    CC: linux@armlinux.org.uk
    CC: catalin.marinas@arm.com
    CC: will.deacon@arm.com
    CC: boris.ostrovsky@oracle.com
    CC: jgross@suse.com
    CC: Julien Grall <julien.grall@arm.com>

commit 4a806016223c6df131280c82f1ed69c820b6a9ff
Author: Arnd Bergmann <arnd@arndb.de>
Date:   Wed Apr 19 19:06:39 2017 +0200

    xen/9pfs: select CONFIG_XEN_XENBUS_FRONTEND
    
    All Xen frontends need to select this symbol to avoid a link error:
    
    net/built-in.o: In function `p9_trans_xen_init':
    :(.text+0x149e9c): undefined reference to `__xenbus_register_frontend'
    
    Fixes: d4b40a02f837 ("xen/9pfs: build 9pfs Xen transport driver")
    Signed-off-by: Arnd Bergmann <arnd@arndb.de>
    Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>

commit 65f9d65443b5512f74248a3eb56731fbb0b337b8
Author: Juergen Gross <jgross@suse.com>
Date:   Thu Apr 13 09:42:03 2017 +0200

    x86/cpu: remove hypervisor specific set_cpu_features
    
    There is no user of x86_hyper->set_cpu_features() any more. Remove it.
    
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: Ingo Molnar <mingo@redhat.com>
    Cc: "H. Peter Anvin" <hpa@zytor.com>
    Cc: x86@kernel.org
    Signed-off-by: Juergen Gross <jgross@suse.com>
    Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
    Signed-off-by: Juergen Gross <jgross@suse.com>

commit d40342a2ac035444897e5952ea72a50440a2a028
Author: Juergen Gross <jgross@suse.com>
Date:   Thu Apr 13 09:37:20 2017 +0200

    vmware: set cpu capabilities during platform initialization
    
    There is no need to set the same capabilities for each cpu
    individually. This can be done for all cpus in platform initialization.
    
    Cc: Alok Kataria <akataria@vmware.com>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: Ingo Molnar <mingo@redhat.com>
    Cc: "H. Peter Anvin" <hpa@zytor.com>
    Cc: x86@kernel.org
    Cc: virtualization@lists.linux-foundation.org
    Signed-off-by: Juergen Gross <jgross@suse.com>
    Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
    Acked-by: Alok Kataria <akataria@vmware.com>
    Signed-off-by: Juergen Gross <jgross@suse.com>

commit 6807cf65f5ba6f2902ab64355d71506b9c14a9dd
Author: Juergen Gross <jgross@suse.com>
Date:   Wed Apr 12 15:12:09 2017 +0200

    x86/xen: use capabilities instead of fake cpuid values for xsave
    
    When running as pv domain xen_cpuid() is being used instead of
    native_cpuid(). In xen_cpuid() the xsave feature availability is
    indicated by special casing the related cpuid leaf.
    
    Instead of delivering fake cpuid values set or clear the cpu
    capability bits for xsave instead.
    
    Signed-off-by: Juergen Gross <jgross@suse.com>
    Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
    Signed-off-by: Juergen Gross <jgross@suse.com>

commit e657fccb799b970bd1f152e22e13f20e0de7adb5
Author: Juergen Gross <jgross@suse.com>
Date:   Wed Apr 12 12:45:57 2017 +0200

    x86/xen: use capabilities instead of fake cpuid values for x2apic
    
    When running as pv domain xen_cpuid() is being used instead of
    native_cpuid(). In xen_cpuid() the x2apic feature is indicated as not
    being present by special casing the related cpuid leaf.
    
    Instead of delivering fake cpuid values clear the cpu capability bit
    for x2apic instead.
    
    Signed-off-by: Juergen Gross <jgross@suse.com>
    Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
    Signed-off-by: Juergen Gross <jgross@suse.com>

commit ea01598b4bc453ed513e9d482a43c14557042ec9
Author: Juergen Gross <jgross@suse.com>
Date:   Wed Apr 12 12:37:00 2017 +0200

    x86/xen: use capabilities instead of fake cpuid values for mwait
    
    When running as pv domain xen_cpuid() is being used instead of
    native_cpuid(). In xen_cpuid() the mwait feature is indicated to be
    present or not by special casing the related cpuid leaf.
    
    Instead of delivering fake cpuid values use the cpu capability bit
    for mwait instead.
    
    Signed-off-by: Juergen Gross <jgross@suse.com>
    Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
    Signed-off-by: Juergen Gross <jgross@suse.com>

commit b778d6bf63e0a07ceb2258ce9bd996dbaaa11bfa
Author: Juergen Gross <jgross@suse.com>
Date:   Wed Apr 12 09:27:47 2017 +0200

    x86/xen: use capabilities instead of fake cpuid values for acpi
    
    When running as pv domain xen_cpuid() is being used instead of
    native_cpuid(). In xen_cpuid() the acpi feature is indicated as not
    being present by special casing the related cpuid leaf in case we
    are not the initial domain.
    
    Instead of delivering fake cpuid values clear the cpu capability bit
    for acpi instead.
    
    Signed-off-by: Juergen Gross <jgross@suse.com>
    Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
    Signed-off-by: Juergen Gross <jgross@suse.com>

commit aa1071562937d1b66b07db48e3dbafe136027f01
Author: Juergen Gross <jgross@suse.com>
Date:   Wed Apr 12 09:24:01 2017 +0200

    x86/xen: use capabilities instead of fake cpuid values for acc
    
    When running as pv domain xen_cpuid() is being used instead of
    native_cpuid(). In xen_cpuid() the acc feature (thermal monitoring)
    is indicated as not being present by special casing the related
    cpuid leaf.
    
    Instead of delivering fake cpuid values clear the cpu capability bit
    for acc instead.
    
    Signed-off-by: Juergen Gross <jgross@suse.com>
    Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
    Signed-off-by: Juergen Gross <jgross@suse.com>

commit 88f3256f21d958d0773bf93523ad12d2ddaf3006
Author: Juergen Gross <jgross@suse.com>
Date:   Wed Apr 12 09:21:05 2017 +0200

    x86/xen: use capabilities instead of fake cpuid values for mtrr
    
    When running as pv domain xen_cpuid() is being used instead of
    native_cpuid(). In xen_cpuid() the mtrr feature is indicated as not
    being present by special casing the related cpuid leaf.
    
    Instead of delivering fake cpuid values clear the cpu capability bit
    for mtrr instead.
    
    Signed-off-by: Juergen Gross <jgro…
c1d6a71

@rarbab rarbab pushed a commit to rarbab/linux that referenced this pull request May 11, 2017

Andrew Morton + Michal Hocko ptrace-fix-ptrace_listen-race-corrupting-task-state-checkpatch-fixes
ERROR: code indent should use tabs where possible
#39: FILE: kernel/ptrace.c:188:
+        * PTRACE_LISTEN can allow ptrace_trap_notify to wake us up$

ERROR: code indent should use tabs where possible
#40: FILE: kernel/ptrace.c:189:
+        * remotely. Recheck state under the lock to close this race.$

ERROR: code indent should use tabs where possible
#41: FILE: kernel/ptrace.c:190:
+        */$

WARNING: please, no spaces at the start of a line
#47: FILE: kernel/ptrace.c:192:
+       if (task->state == __TASK_TRACED) {$

WARNING: suspect code indent for conditional statements (7, 15)
#47: FILE: kernel/ptrace.c:192:
+       if (task->state == __TASK_TRACED) {
+               if (__fatal_signal_pending(task))

ERROR: code indent should use tabs where possible
#48: FILE: kernel/ptrace.c:193:
+               if (__fatal_signal_pending(task))$

WARNING: please, no spaces at the start of a line
#48: FILE: kernel/ptrace.c:193:
+               if (__fatal_signal_pending(task))$

WARNING: suspect code indent for conditional statements (15, 23)
#48: FILE: kernel/ptrace.c:193:
+               if (__fatal_signal_pending(task))
+                       wake_up_state(task, __TASK_TRACED);

ERROR: code indent should use tabs where possible
#49: FILE: kernel/ptrace.c:194:
+                       wake_up_state(task, __TASK_TRACED);$

WARNING: please, no spaces at the start of a line
#49: FILE: kernel/ptrace.c:194:
+                       wake_up_state(task, __TASK_TRACED);$

ERROR: code indent should use tabs where possible
#50: FILE: kernel/ptrace.c:195:
+               else$

WARNING: please, no spaces at the start of a line
#50: FILE: kernel/ptrace.c:195:
+               else$

ERROR: code indent should use tabs where possible
#51: FILE: kernel/ptrace.c:196:
+                       task->state = TASK_TRACED;$

WARNING: please, no spaces at the start of a line
#51: FILE: kernel/ptrace.c:196:
+                       task->state = TASK_TRACED;$

WARNING: please, no spaces at the start of a line
#52: FILE: kernel/ptrace.c:197:
+       }$

total: 7 errors, 8 warnings, 21 lines checked

NOTE: For some of the reported defects, checkpatch may be able to
      mechanically convert to the typical style using --fix or --fix-inplace.

NOTE: Whitespace errors detected.
      You may wish to use scripts/cleanpatch or scripts/cleanfile

./patches/ptrace-fix-ptrace_listen-race-corrupting-task-state.patch has style problems, please review.

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Ben Segall <bsegall@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
249d1df

@Noltari Noltari pushed a commit to Noltari/linux that referenced this pull request May 14, 2017

@borkmann @gregkh borkmann + gregkh bpf, arm64: fix jit branch offset related to ldimm64
[ Upstream commit ddc665a ]

When the instruction right before the branch destination is
a 64 bit load immediate, we currently calculate the wrong
jump offset in the ctx->offset[] array as we only account
one instruction slot for the 64 bit load immediate although
it uses two BPF instructions. Fix it up by setting the offset
into the right slot after we incremented the index.

Before (ldimm64 test 1):

  [...]
  00000020:  52800007  mov w7, #0x0 // #0
  00000024:  d2800060  mov x0, #0x3 // #3
  00000028:  d2800041  mov x1, #0x2 // #2
  0000002c:  eb01001f  cmp x0, x1
  00000030:  54ffff82  b.cs 0x00000020
  00000034:  d29fffe7  mov x7, #0xffff // #65535
  00000038:  f2bfffe7  movk x7, #0xffff, lsl #16
  0000003c:  f2dfffe7  movk x7, #0xffff, lsl #32
  00000040:  f2ffffe7  movk x7, #0xffff, lsl #48
  00000044:  d29dddc7  mov x7, #0xeeee // #61166
  00000048:  f2bdddc7  movk x7, #0xeeee, lsl #16
  0000004c:  f2ddddc7  movk x7, #0xeeee, lsl #32
  00000050:  f2fdddc7  movk x7, #0xeeee, lsl #48
  [...]

After (ldimm64 test 1):

  [...]
  00000020:  52800007  mov w7, #0x0 // #0
  00000024:  d2800060  mov x0, #0x3 // #3
  00000028:  d2800041  mov x1, #0x2 // #2
  0000002c:  eb01001f  cmp x0, x1
  00000030:  540000a2  b.cs 0x00000044
  00000034:  d29fffe7  mov x7, #0xffff // #65535
  00000038:  f2bfffe7  movk x7, #0xffff, lsl #16
  0000003c:  f2dfffe7  movk x7, #0xffff, lsl #32
  00000040:  f2ffffe7  movk x7, #0xffff, lsl #48
  00000044:  d29dddc7  mov x7, #0xeeee // #61166
  00000048:  f2bdddc7  movk x7, #0xeeee, lsl #16
  0000004c:  f2ddddc7  movk x7, #0xeeee, lsl #32
  00000050:  f2fdddc7  movk x7, #0xeeee, lsl #48
  [...]

Also, add a couple of test cases to make sure JITs pass
this test. Tested on Cavium ThunderX ARMv8. The added
test cases all pass after the fix.

Fixes: 8eee539 ("arm64: bpf: fix out-of-bounds read in bpf2a64_offset()")
Reported-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Cc: Xi Wang <xi.wang@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
6003cc5

@Noltari Noltari pushed a commit to Noltari/linux that referenced this pull request May 14, 2017

@borkmann @gregkh borkmann + gregkh bpf, arm64: fix jit branch offset related to ldimm64
[ Upstream commit ddc665a ]

When the instruction right before the branch destination is
a 64 bit load immediate, we currently calculate the wrong
jump offset in the ctx->offset[] array as we only account
one instruction slot for the 64 bit load immediate although
it uses two BPF instructions. Fix it up by setting the offset
into the right slot after we incremented the index.

Before (ldimm64 test 1):

  [...]
  00000020:  52800007  mov w7, #0x0 // #0
  00000024:  d2800060  mov x0, #0x3 // #3
  00000028:  d2800041  mov x1, #0x2 // #2
  0000002c:  eb01001f  cmp x0, x1
  00000030:  54ffff82  b.cs 0x00000020
  00000034:  d29fffe7  mov x7, #0xffff // #65535
  00000038:  f2bfffe7  movk x7, #0xffff, lsl #16
  0000003c:  f2dfffe7  movk x7, #0xffff, lsl #32
  00000040:  f2ffffe7  movk x7, #0xffff, lsl #48
  00000044:  d29dddc7  mov x7, #0xeeee // #61166
  00000048:  f2bdddc7  movk x7, #0xeeee, lsl #16
  0000004c:  f2ddddc7  movk x7, #0xeeee, lsl #32
  00000050:  f2fdddc7  movk x7, #0xeeee, lsl #48
  [...]

After (ldimm64 test 1):

  [...]
  00000020:  52800007  mov w7, #0x0 // #0
  00000024:  d2800060  mov x0, #0x3 // #3
  00000028:  d2800041  mov x1, #0x2 // #2
  0000002c:  eb01001f  cmp x0, x1
  00000030:  540000a2  b.cs 0x00000044
  00000034:  d29fffe7  mov x7, #0xffff // #65535
  00000038:  f2bfffe7  movk x7, #0xffff, lsl #16
  0000003c:  f2dfffe7  movk x7, #0xffff, lsl #32
  00000040:  f2ffffe7  movk x7, #0xffff, lsl #48
  00000044:  d29dddc7  mov x7, #0xeeee // #61166
  00000048:  f2bdddc7  movk x7, #0xeeee, lsl #16
  0000004c:  f2ddddc7  movk x7, #0xeeee, lsl #32
  00000050:  f2fdddc7  movk x7, #0xeeee, lsl #48
  [...]

Also, add a couple of test cases to make sure JITs pass
this test. Tested on Cavium ThunderX ARMv8. The added
test cases all pass after the fix.

Fixes: 8eee539 ("arm64: bpf: fix out-of-bounds read in bpf2a64_offset()")
Reported-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Cc: Xi Wang <xi.wang@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
493d0a7

@Icenowy Icenowy pushed a commit to Icenowy/linux that referenced this pull request May 15, 2017

@borkmann @gregkh borkmann + gregkh bpf, arm64: fix jit branch offset related to ldimm64
[ Upstream commit ddc665a ]

When the instruction right before the branch destination is
a 64 bit load immediate, we currently calculate the wrong
jump offset in the ctx->offset[] array as we only account
one instruction slot for the 64 bit load immediate although
it uses two BPF instructions. Fix it up by setting the offset
into the right slot after we incremented the index.

Before (ldimm64 test 1):

  [...]
  00000020:  52800007  mov w7, #0x0 // #0
  00000024:  d2800060  mov x0, #0x3 // #3
  00000028:  d2800041  mov x1, #0x2 // #2
  0000002c:  eb01001f  cmp x0, x1
  00000030:  54ffff82  b.cs 0x00000020
  00000034:  d29fffe7  mov x7, #0xffff // #65535
  00000038:  f2bfffe7  movk x7, #0xffff, lsl #16
  0000003c:  f2dfffe7  movk x7, #0xffff, lsl #32
  00000040:  f2ffffe7  movk x7, #0xffff, lsl #48
  00000044:  d29dddc7  mov x7, #0xeeee // #61166
  00000048:  f2bdddc7  movk x7, #0xeeee, lsl #16
  0000004c:  f2ddddc7  movk x7, #0xeeee, lsl #32
  00000050:  f2fdddc7  movk x7, #0xeeee, lsl #48
  [...]

After (ldimm64 test 1):

  [...]
  00000020:  52800007  mov w7, #0x0 // #0
  00000024:  d2800060  mov x0, #0x3 // #3
  00000028:  d2800041  mov x1, #0x2 // #2
  0000002c:  eb01001f  cmp x0, x1
  00000030:  540000a2  b.cs 0x00000044
  00000034:  d29fffe7  mov x7, #0xffff // #65535
  00000038:  f2bfffe7  movk x7, #0xffff, lsl #16
  0000003c:  f2dfffe7  movk x7, #0xffff, lsl #32
  00000040:  f2ffffe7  movk x7, #0xffff, lsl #48
  00000044:  d29dddc7  mov x7, #0xeeee // #61166
  00000048:  f2bdddc7  movk x7, #0xeeee, lsl #16
  0000004c:  f2ddddc7  movk x7, #0xeeee, lsl #32
  00000050:  f2fdddc7  movk x7, #0xeeee, lsl #48
  [...]

Also, add a couple of test cases to make sure JITs pass
this test. Tested on Cavium ThunderX ARMv8. The added
test cases all pass after the fix.

Fixes: 8eee539 ("arm64: bpf: fix out-of-bounds read in bpf2a64_offset()")
Reported-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Cc: Xi Wang <xi.wang@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
f94cc32

@cuinutanix cuinutanix pushed a commit to NXPower/linux that referenced this pull request May 16, 2017

@borkmann @gregkh borkmann + gregkh bpf, arm64: fix jit branch offset related to ldimm64
[ Upstream commit ddc665a ]

When the instruction right before the branch destination is
a 64 bit load immediate, we currently calculate the wrong
jump offset in the ctx->offset[] array as we only account
one instruction slot for the 64 bit load immediate although
it uses two BPF instructions. Fix it up by setting the offset
into the right slot after we incremented the index.

Before (ldimm64 test 1):

  [...]
  00000020:  52800007  mov w7, #0x0 // #0
  00000024:  d2800060  mov x0, #0x3 // #3
  00000028:  d2800041  mov x1, #0x2 // #2
  0000002c:  eb01001f  cmp x0, x1
  00000030:  54ffff82  b.cs 0x00000020
  00000034:  d29fffe7  mov x7, #0xffff // #65535
  00000038:  f2bfffe7  movk x7, #0xffff, lsl #16
  0000003c:  f2dfffe7  movk x7, #0xffff, lsl #32
  00000040:  f2ffffe7  movk x7, #0xffff, lsl #48
  00000044:  d29dddc7  mov x7, #0xeeee // #61166
  00000048:  f2bdddc7  movk x7, #0xeeee, lsl #16
  0000004c:  f2ddddc7  movk x7, #0xeeee, lsl #32
  00000050:  f2fdddc7  movk x7, #0xeeee, lsl #48
  [...]

After (ldimm64 test 1):

  [...]
  00000020:  52800007  mov w7, #0x0 // #0
  00000024:  d2800060  mov x0, #0x3 // #3
  00000028:  d2800041  mov x1, #0x2 // #2
  0000002c:  eb01001f  cmp x0, x1
  00000030:  540000a2  b.cs 0x00000044
  00000034:  d29fffe7  mov x7, #0xffff // #65535
  00000038:  f2bfffe7  movk x7, #0xffff, lsl #16
  0000003c:  f2dfffe7  movk x7, #0xffff, lsl #32
  00000040:  f2ffffe7  movk x7, #0xffff, lsl #48
  00000044:  d29dddc7  mov x7, #0xeeee // #61166
  00000048:  f2bdddc7  movk x7, #0xeeee, lsl #16
  0000004c:  f2ddddc7  movk x7, #0xeeee, lsl #32
  00000050:  f2fdddc7  movk x7, #0xeeee, lsl #48
  [...]

Also, add a couple of test cases to make sure JITs pass
this test. Tested on Cavium ThunderX ARMv8. The added
test cases all pass after the fix.

Fixes: 8eee539 ("arm64: bpf: fix out-of-bounds read in bpf2a64_offset()")
Reported-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Cc: Xi Wang <xi.wang@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
3890407

@kimphill kimphill pushed a commit to kimphill/linux that referenced this pull request May 25, 2017

Kim Phillips