The well-spotted fallocate undo fix is good in most cases, but not when
fallocate failed on the very first page. index 0 then passes lend -1
to shmem_undo_range(), and that has two bad effects: (a) that it will
undo every fallocation throughout the file, unrestricted by the current
range; but more importantly (b) it can cause the undo to hang, because
lend -1 is treated as truncation, which makes it keep on retrying until
every page has gone, but those already fully instantiated will never go
away. Big thank you to xfstests generic/269 which demonstrates this.
Fixes: b9b4bb26af ("tmpfs: don't undo fallocate past its last page")
Cc: stable@vger.kernel.org
Signed-off-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The EFI firmware on Macs contains a full-fledged network stack for
downloading OS X images from osrecovery.apple.com. Unfortunately
on Macs introduced 2011 and 2012, EFI brings up the Broadcom 4331
wireless card on every boot and leaves it enabled even after
ExitBootServices has been called. The card continues to assert its IRQ
line, causing spurious interrupts if the IRQ is shared. It also corrupts
memory by DMAing received packets, allowing for remote code execution
over the air. This only stops when a driver is loaded for the wireless
card, which may be never if the driver is not installed or blacklisted.
The issue seems to be constrained to the Broadcom 4331. Chris Milsted
has verified that the newer Broadcom 4360 built into the MacBookPro11,3
(2013/2014) does not exhibit this behaviour. The chances that Apple will
ever supply a firmware fix for the older machines appear to be zero.
The solution is to reset the card on boot by writing to a reset bit in
its mmio space. This must be done as an early quirk and not as a plain
vanilla PCI quirk to successfully combat memory corruption by DMAed
packets: Matthew Garrett found out in 2012 that the packets are written
to EfiBootServicesData memory (http://mjg59.dreamwidth.org/11235.html).
This type of memory is made available to the page allocator by
efi_free_boot_services(). Plain vanilla PCI quirks run much later, in
subsys initcall level. In-between a time window would be open for memory
corruption. Random crashes occurring in this time window and attributed
to DMAed packets have indeed been observed in the wild by Chris
Bainbridge.
When Matthew Garrett analyzed the memory corruption issue in 2012, he
sought to fix it with a grub quirk which transitions the card to D3hot:
http://git.savannah.gnu.org/cgit/grub.git/commit/?id=9d34bb85da56
This approach does not help users with other bootloaders and while it
may prevent DMAed packets, it does not cure the spurious interrupts
emanating from the card. Unfortunately the card's mmio space is
inaccessible in D3hot, so to reset it, we have to undo the effect of
Matthew's grub patch and transition the card back to D0.
Note that the quirk takes a few shortcuts to reduce the amount of code:
The size of BAR 0 and the location of the PM capability is identical
on all affected machines and therefore hardcoded. Only the address of
BAR 0 differs between models. Also, it is assumed that the BCMA core
currently mapped is the 802.11 core. The EFI driver seems to always take
care of this.
Michael Büsch, Bjorn Helgaas and Matt Fleming contributed feedback
towards finding the best solution to this problem.
The following should be a comprehensive list of affected models:
iMac13,1 2012 21.5" [Root Port 00:1c.3 = 8086:1e16]
iMac13,2 2012 27" [Root Port 00:1c.3 = 8086:1e16]
Macmini5,1 2011 i5 2.3 GHz [Root Port 00:1c.1 = 8086:1c12]
Macmini5,2 2011 i5 2.5 GHz [Root Port 00:1c.1 = 8086:1c12]
Macmini5,3 2011 i7 2.0 GHz [Root Port 00:1c.1 = 8086:1c12]
Macmini6,1 2012 i5 2.5 GHz [Root Port 00:1c.1 = 8086:1e12]
Macmini6,2 2012 i7 2.3 GHz [Root Port 00:1c.1 = 8086:1e12]
MacBookPro8,1 2011 13" [Root Port 00:1c.1 = 8086:1c12]
MacBookPro8,2 2011 15" [Root Port 00:1c.1 = 8086:1c12]
MacBookPro8,3 2011 17" [Root Port 00:1c.1 = 8086:1c12]
MacBookPro9,1 2012 15" [Root Port 00:1c.1 = 8086:1e12]
MacBookPro9,2 2012 13" [Root Port 00:1c.1 = 8086:1e12]
MacBookPro10,1 2012 15" [Root Port 00:1c.1 = 8086:1e12]
MacBookPro10,2 2012 13" [Root Port 00:1c.1 = 8086:1e12]
For posterity, spurious interrupts caused by the Broadcom 4331 wireless
card resulted in splats like this (stacktrace omitted):
irq 17: nobody cared (try booting with the "irqpoll" option)
handlers:
[<ffffffff81374370>] pcie_isr
[<ffffffffc0704550>] sdhci_irq [sdhci] threaded [<ffffffffc07013c0>] sdhci_thread_irq [sdhci]
[<ffffffffc0a0b960>] azx_interrupt [snd_hda_codec]
Disabling IRQ #17
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=79301
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=111781
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=728916
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=895951#c16
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1009819
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1098621
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1149632#c5
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1279130
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1332732
Tested-by: Konstantin Simanov <k.simanov@stlk.ru> # [MacBookPro8,1]
Tested-by: Lukas Wunner <lukas@wunner.de> # [MacBookPro9,1]
Tested-by: Bryan Paradis <bryan.paradis@gmail.com> # [MacBookPro9,2]
Tested-by: Andrew Worsley <amworsley@gmail.com> # [MacBookPro10,1]
Tested-by: Chris Bainbridge <chris.bainbridge@gmail.com> # [MacBookPro10,2]
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Acked-by: Rafał Miłecki <zajec5@gmail.com>
Acked-by: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Chris Milsted <cmilsted@redhat.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Michael Buesch <m@bues.ch>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: b43-dev@lists.infradead.org
Cc: linux-pci@vger.kernel.org
Cc: linux-wireless@vger.kernel.org
Cc: stable@vger.kernel.org
Cc: stable@vger.kernel.org # 123456789abc: x86/quirks: Apply nvidia_bugs quirk only on root bus
Cc: stable@vger.kernel.org # 123456789abc: x86/quirks: Reintroduce scanning of secondary buses
Link: http://lkml.kernel.org/r/48d0972ac82a53d460e5fce77a07b2560db95203.1465690253.git.lukas@wunner.de
[ Did minor readability edits. ]
Signed-off-by: Ingo Molnar <mingo@kernel.org>
We used to scan secondary buses until the following commit that
was applied in 2009:
8659c406ad ("x86: only scan the root bus in early PCI quirks")
which commit constrained early quirks to the root bus only. Its
motivation was to prevent application of the nvidia_bugs quirk
on secondary buses.
We're about to add a quirk to reset the Broadcom 4331 wireless card on
2011/2012 Macs, which is located on a secondary bus behind a PCIe root
port. To facilitate that, reintroduce scanning of secondary buses.
The commit message of 8659c406ad notes that scanning only the root bus
"saves quite some unnecessary scanning work". The algorithm used prior
to 8659c406ad was particularly time consuming because it scanned
buses 0 to 31 brute force. To avoid lengthening boot time, employ a
recursive strategy which only scans buses that are actually reachable
from the root bus.
Yinghai Lu pointed out that the secondary bus number read from a
bridge's config space may be invalid, in particular a value of 0 would
cause an infinite loop. The PCI core goes beyond that and recurses to a
child bus only if its bus number is greater than the parent bus number
(see pci_scan_bridge()). Since the root bus is numbered 0, this implies
that secondary buses may not be 0. Do the same on early scanning.
If this algorithm is found to significantly impact boot time or cause
infinite loops on broken hardware, it would be possible to limit its
recursion depth: The Broadcom 4331 quirk applies at depth 1, all others
at depth 0, so the bus need not be scanned deeper than that for now. An
alternative approach would be to revert to scanning only the root bus,
and apply the Broadcom 4331 quirk to the root ports 8086:1c12, 8086:1e12
and 8086:1e16. Apple always positioned the card behind either of these
three ports. The quirk would then check presence of the card in slot 0
below the root port and do its deed.
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: linux-pci@vger.kernel.org
Link: http://lkml.kernel.org/r/f0daa70dac1a9b2483abdb31887173eb6ab77bdf.1465690253.git.lukas@wunner.de
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Since the following commit:
8659c406ad ("x86: only scan the root bus in early PCI quirks")
... early quirks are only applied to devices on the root bus.
The motivation was to prevent application of the nvidia_bugs quirk on
secondary buses.
We're about to reintroduce scanning of secondary buses for a quirk to
reset the Broadcom 4331 wireless card on 2011/2012 Macs. To prevent
regressions, open code the requirement to apply nvidia_bugs only on the
root bus.
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Yinghai Lu <yinghai@kernel.org>
Link: http://lkml.kernel.org/r/4d5477c1d76b2f0387a780f2142bbcdd9fee869b.1465690253.git.lukas@wunner.de
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Pull MIPS fix from Ralf Baechle:
"Another week with just a single 4.7 fix.
This fixes a possible 'loss' of the huge page bit from pmd on
permission change"
* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
MIPS: Fix page table corruption on THP permission changes.
Mathieu Desnoyers reported that the STACK_FRAME_NON_STANDARD macro
wasn't working with the lttng_filter_interpret_bytecode() function in
the lttng-modules code.
Usually the relocation created by STACK_FRAME_NON_STANDARD creates a
reference to a section symbol like this:
Offset Type Value Addend Name
000000000000000000 X86_64_64 000000000000000000 +3136 .text
But in this case it created a reference to a function symbol:
Offset Type Value Addend Name
000000000000000000 X86_64_64 0x00000000000003a0 +0 lttng_filter_interpret_bytecode
To be honest I have no idea what causes gcc to decide to do one over the
other. But both are valid ELF, so add support for the function symbol.
Reported-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: lttng-dev@lists.lttng.org
Link: http://lkml.kernel.org/r/9cee42843bc6d94e990a152e4e0319cfdf6756ef.1466023450.git.jpoimboe@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
In the prep work I did before enabling BH while handling socket backlog,
I missed two points in DCCP :
1) dccp_v4_ctl_send_reset() uses bh_lock_sock(), assuming BH were
blocked. It is not anymore always true.
2) dccp_v4_route_skb() was using __IP_INC_STATS() instead of
IP_INC_STATS()
A similar fix was done for TCP, in commit 47dcc20a39
("ipv4: tcp: ip_send_unicast_reply() is not BH safe")
Fixes: 7309f8821f ("dccp: do not assume DCCP code is non preemptible")
Fixes: 5413d1babe ("net: do not block BH while processing socket backlog")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Falcon says:
====================
ibmvnic driver bugfixes and improvements
Miscellaneous fixes and improvements on the ibmvnic driver.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
In some cases, if there is no VNIC server available during the driver
probe, the driver should wait until it receives an initialization
request from the VNIC Server to start the login process. Recent testing
has show that this is incorrectly handled in the current driver.
The proposed solution handles this initialization request by scheduling
a task in the shared workqueue that completes the login process and
registers the net device.
Signed-off-by: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This patch creates a function that handles sub-CRQ IRQ creation
separately from sub-CRQ initialization. Another function is then needed
to release sub-CRQ resources prior to sub-CRQ IRQ creation.
These additions allow the driver probe function to be simplified,
specifically during the VNIC Server login process. A timeout is also
included while waiting for completion of the login process in case
the VNIC Server is not available or some other error occurs.
Signed-off-by: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
IRQ mappings were not being properly disposed when releasing sub-CRQ's.
Signed-off-by: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Since ibmvnic uses multiple tx queues, start and stop all queues when
opening and closing devices.
Signed-off-by: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
cpufeatures.h currently defines X86_BUG(9) twice on 32-bit:
#define X86_BUG_NULL_SEG X86_BUG(9) /* Nulling a selector preserves the base */
...
#ifdef CONFIG_X86_32
#define X86_BUG_ESPFIX X86_BUG(9) /* "" IRET to 16-bit SS corrupts ESP/RSP high bits */
#endif
I think what happened was that this added the X86_BUG_ESPFIX, but
in an #ifdef below most of the bugs:
58a5aac533 x86/entry/32: Introduce and use X86_BUG_ESPFIX instead of paravirt_enabled
Then this came along and added X86_BUG_NULL_SEG, but collided
with the earlier one that did the bug below the main block
defining all the X86_BUG()s.
7a5d670487 x86/cpu: Probe the behavior of nulling out a segment at boot time
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Acked-by: Andy Lutomirski <luto@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Hansen <dave@sr71.net>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/20160618001503.CEE1B141@viggo.jf.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
The LAN_WAKE_EN is not used to determine if the device could support
WOL. It is used to signal a GPIO pin when a WOL event occurs. The WOL
still works even though it is disabled.
Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Matt reported that we have a NULL pointer dereference
in ppp_pernet() from ppp_connect_channel(),
i.e. pch->chan_net is NULL.
This is due to that a parallel ppp_unregister_channel()
could happen while we are in ppp_connect_channel(), during
which pch->chan_net set to NULL. Since we need a reference
to net per channel, it makes sense to sync the refcnt
with the life time of the channel, therefore we should
release this reference when we destroy it.
Fixes: 1f461dcdd2 ("ppp: take reference on channels netns")
Reported-by: Matt Bennett <Matt.Bennett@alliedtelesis.co.nz>
Cc: Paul Mackerras <paulus@samba.org>
Cc: linux-ppp@vger.kernel.org
Cc: Guillaume Nault <g.nault@alphalink.fr>
Cc: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Reviewed-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit aebea2ba0f ("net: mvneta: fix Tx interrupt delay") intended to
set coalescing threshold to a value guaranteeing interrupt generation
per each sent packet, so that buffers can be released with no delay.
In fact setting threshold to '1' was wrong, because it causes interrupt
every two packets. According to the documentation a reason behind it is
following - interrupt occurs once sent buffers counter reaches a value,
which is higher than one specified in MVNETA_TXQ_SIZE_REG(q). This
behavior was confirmed during tests. Also when testing the SoC working
as a NAS device, better performance was observed with int-per-packet,
as it strongly depends on the fact that all transmitted packets are
released immediately.
This commit enables NETA controller work in interrupt per sent packet mode
by setting coalescing threshold to 0.
Signed-off-by: Dmitri Epshtein <dima@marvell.com>
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
Cc: <stable@vger.kernel.org> # v3.10+
Fixes aebea2ba0f ("net: mvneta: fix Tx interrupt delay")
Acked-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Three fixes. One is the qla24xx MSI regression, one is a theoretical
problem over blacklist matching, which would bite USB badly if it ever
triggered and one is a system hang with a particular type of IPR
device.
Signed-off-by: James E.J. Bottomley <jejb@linux.vnet.ibm.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABAgAGBQJXgAriAAoJEAVr7HOZEZN40VcP/R65ZYezkobZDVR+xQfCwDnn
cCaFSl4a+FtsGnzs2hb88ZZWA2hn4xWDAdjwoPxRwD7yq8KB1Oxb2wEOiJMjIgJH
N/NU6zEIjMvVei8jDuAJJ13c1Xa1/y59ptD1nykm1dJlLGjwAE1jBiAuDs1OOm27
SnvIj+mOSRiesGqp2Srg6+w+QmOJ0biXiSf5EUhj7rFKayIaM3yLrQZ2E4a5oUfc
EZYzCBagObQoYwABw/6Nd1HhFdpptRnOvIr8xk+ch5w2m+AEiw1xAf+/B9ws25fB
EB4O7fQcNzIEbjRRIehGhtp83Q7ST77kq5mE7CHDLeu/v93ZzKBmEZXIM2Bdg2x5
TBEvFrkIFe1ECITHInegvG4/V/mNLFYcad9Ygdbdt6ndXWoJ5l1a8BRcNMCX0smQ
g7jXqMz0vYKW+JSZvP1fHtqsJR6t6CHAFOKtwwb5xlhRvbZRMB311pr3UfbMqlTx
qZOfGMqF/ta51RWkenNlRZHvg8WeeTxGioNexS8qU9j+9CUvvj5eIemEpBEBiblN
8BnbEAAnjSTSMGPFuOMQ8Njh3umC4ozzc8WcaXNjHnUMcIXaOY3PkcjUf65pi5S+
fPjV18350LAhiIlneHSCcGBO+Z+D5OjPJdQGywMb3fs9HICNfi41QsJrJVAkA3e5
vc2XZhSAfEQuwniuGJU3
=0CCg
-----END PGP SIGNATURE-----
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"Three fixes. One is the qla24xx MSI regression, one is a theoretical
problem over blacklist matching, which would bite USB badly if it ever
triggered and one is a system hang with a particular type of IPR
device"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
qla2xxx: Fix NULL pointer deref in QLA interrupt
SCSI: fix new bug in scsi_dev_info_list string matching
ipr: Clear interrupt on croc/crocodile when running with LSI
There is an order issue in ec_remove_handlers() that acpi_ec_stop()
is called before removing the operation region handler. That is
incorrect, because the operation region handler removal triggers
_REG(DISCONNECT) which may result in new EC transactions to carry
out.
That existing issue has been triggered by the following commit:
Commit: dcf15cbded
Subject: ACPI / EC: Fix a boot EC regresion by restoring boot EC
which changed the driver to call ec_remove_handlers() after invoking
_REG(CONNECT), so the issue has become visible.
Fixes: dcf15cbded (ACPI / EC: Fix a boot EC regresion by restoring boot EC)
Link: https://bugzilla.kernel.org/show_bug.cgi?id=102421
Reported-and-tested-by: Wolfram Sang <wsa@the-dreams.de>
Reported-by: Nicholas <nkudriavtsev@gmail.com>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
[ rjw: Changelog ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
- Provide a more concise fix for CVE-2016-1583
+ Additionally fixes linux-stable regressions caused by the cherry-picking of
the original fix
- Some very minor changes that have queued up
+ Fix typos in code comments
+ Remove unnecessary check for NULL before destroying kmem_cache
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCgAGBQJXf8nnAAoJENaSAD2qAscKwXgP/0awhY1z40dL/igP6fPv2ack
HbqrOjUVO2DzxinvKB3vRLNy93zwESxe8UpwPsl84IJ85zOQjkUkJ8PYk1oyBf0N
dVWqO11g6AKNZ+VQFspconvMhZATwSrsv8z3BzvwNGLsPhPuUQ+JmbBe8xMdrsZ5
qVaWswsMtMlhM3p/zFh57vWO64fT1xiabpxSkKpG2LHJN6h6QAQxkfBfa2FuXCsN
hZIw+ULcUJfdawXGq8lAfcYzbDmFpNt70fFquJgfJHrXFrOuensYfLcWUvhrSNbc
HZ6imRK9LCG4IKjJTBNmCmBR8ho71yGzdKuup81Eap+2zx2kC7twokS1d5fha8iL
Kzkx0NMDriY2N+tIfufHYk2IIenFzWG6Yuj0STswtJX4YhQGBc0H6VxcgrxE0PgW
k1iKUV7jnJGxxN+d6lmV4+fX0vKGgBMsQq1Q76CkYLN1BAvdwz6GnWSfqP8hWz3o
sNVyNtYh+/TXY8JMWKDBlps7Ib8W88qDW3K7YcAf2VPYAqIWm5Va1MR5m5s+UIeR
QiCD32X/0PfDp13QRiKAHJ6C9CInyu0r+fF/g8ZMqLuWgLxoahxpr6ML/CnHoGl5
IcDydJO3/bLBq9If8WxYsOQvVKCa4e7N7o7ZHPKd8U7O39mCGNfbQx7/FlMjtvf6
+4HAxamUC1ogpLTkpWxI
=Bt4P
-----END PGP SIGNATURE-----
Merge tag 'ecryptfs-4.7-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs
Pull eCryptfs fixes from Tyler Hicks:
"Provide a more concise fix for CVE-2016-1583:
- Additionally fixes linux-stable regressions caused by the
cherry-picking of the original fix
Some very minor changes that have queued up:
- Fix typos in code comments
- Remove unnecessary check for NULL before destroying kmem_cache"
* tag 'ecryptfs-4.7-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs:
ecryptfs: don't allow mmap when the lower fs doesn't support it
Revert "ecryptfs: forbid opening files without mmap handler"
ecryptfs: fix spelling mistakes
eCryptfs: fix typos in comment
ecryptfs: drop null test before destroy functions
Two Fixes:
* Intel VT-d fix for a suspend/resume issue, introduced with the
scalability improvements in this cycle.
* AMD IOMMU fix for systems that have unity mappings defined. There was
a race where translation got enabled before the unity mappings were
in place. This issue was seen on some HP servers.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABAgAGBQJXf7bkAAoJECvwRC2XARrjzYoP/AvvkL955TW0pSdMWZqQ0o9j
kL3jSl75Te1EwaSyJxR9nOK8azSsfYcG4NdzMxnFUCK6ydDA6Ogz0cMtcd6s2skd
unQuCSpjOJiMQU426ssQrsW+KoTxi5utpapMY3Ayh94/BbEDuVtv/iUIBE1Ca9eE
H/SQUl4l8c3Cwe//1Kwrzm6O0pslrLBoOABTpFhl4GZ5pWCcv7bwbSEjVfSY5X8x
//trqhgsACdh+Qlp5dA56BeMVyEblOvnY5XO2ODeWOG2vlEbqH9MiUeuDBNoXxtM
MqhLTSKijZ1wp2a1iaCuyBLKFlaW7zChU41YyQmYJ8B60u6CwVuFwGs+XltnkOha
iYBK56xZ8npFKOs4iauBmsVZZnNrAY0mxCYg28KtNh2uUT4sQdqUCnT/SxA9Z0RC
bRtudpoX5I3NZrlDlt6OzWqCjxFj8Zq57RwrhDuQm+ijqAAor4C7NhH7cT0QTC4k
l1srxnLtSM/iiqWgs2hNIC2GzNbdhix8YU98kIxpT2iNB99qlqPXK9ve0bJIb03N
oECjKBu+d0I7ApdfOlL6N/RHgZJ01O+6gK1neArtVnviBgN7tmTxgWvcioJd+JuL
bmjytsExfP/Z2p7iy9yQCiIDicAo0+wpMOzZRG8jAXvHHCj8laZ8PhL74voWc2wH
Mn+iaXAXUysLblaXzpEx
=axsu
-----END PGP SIGNATURE-----
Merge tag 'iommu-fixes-v4.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu
Pull IOMMU fixes from Joerg Roedel:
"Two Fixes:
- Intel VT-d fix for a suspend/resume issue, introduced with the
scalability improvements in this cycle.
- AMD IOMMU fix for systems that have unity mappings defined. There
was a race where translation got enabled before the unity mappings
were in place. This issue was seen on some HP servers"
* tag 'iommu-fixes-v4.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
iommu/amd: Fix unity mapping initialization race
iommu/vt-d: Fix infinite loop in free_all_cpu_cached_iovas
- Fix two bugs in the handling of xenbus transactions.
- Make the xen acpi driver compatible with Xen 4.7.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJXf7GHAAoJEFxbo/MsZsTRYksH/0F+xZZQQiO3WPSzL0muu5Fn
wLmmSyBv6Ak76vZ6z7+ku095OagA0LgS1eISnKlP86HTaRl8eQ6AyChjKux3cX9T
+X1hHwBN39rfF6mZO4pXhu/7SKVmcOvVY7SHvKca8Lx31Y58eLB4+6ycnrGI+XQ7
oon7KrmqSAg/3r1/CLvwTE6/PPxj/T38g0QoegN6ua26O79OFY5GWmdc+ucfR76i
NIOubaVX93s8dF0YcvVBL1HIs64AkUkk6i5DiyJ1r05kCTy2sYlZ3e6abCFhqMj+
jcf4aCTI4sCzbZRHID5mEMxfiGAHFo5MPuoRpo08orMbGZu/0+ytnkJ/hYb+H7c=
=YMOM
-----END PGP SIGNATURE-----
Merge tag 'for-linus-4.7b-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip
Pull xen bug fixes from David Vrabel:
- Fix two bugs in the handling of xenbus transactions.
- Make the xen acpi driver compatible with Xen 4.7.
* tag 'for-linus-4.7b-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
xen/acpi: allow xen-acpi-processor driver to load on Xen 4.7
xenbus: simplify xenbus_dev_request_and_reply()
xenbus: don't bail early from xenbus_dev_request_and_reply()
xenbus: don't BUG() on user mode induced condition
- Enforce USER_DS on exception entry from EL1
- Apply workaround for Cavium errata #27456 on Thunderx-81xx parts
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABCgAGBQJXf5pkAAoJELescNyEwWM0CrwH/RTFmTDzlvwJbcmVKLeabfSb
8AUphL7+D8gRLBRy1l+pdjqHli4EuxA34peaIHs91ziPl85wI+l37juTZ08MqYUM
W3lLbKPmJGa39WKYq5rtKqaohCGHRA0SwLSq78kbRFb3GgWUvNbrUaC5oBoEOBkc
x2vEpsVVhAWezly1CaX0zf8yfBuGp5O8rkw2yFqPuD7MKh3D0DLK4F8UCmZ9OqQM
nI10nq9GBdbus8yA/2kIHSvtkGC9l0Cyiu8iJ/Gf4HQnSqVopPAzvP0FdNs5cj9o
5m/BOJUED/pEdps7+PZMlJHYrHpB+VTqrZ/HdFFI4M5EsIltw3OSKp/lA6cA/Xc=
=iKFx
-----END PGP SIGNATURE-----
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 fixes from Will Deacon:
"A couple of late fixes here, but one that we've been sitting on for a
few weeks while the details were worked out. Specifically, we now
enforce USER_DS on taking exceptions whilst in the kernel, which
avoids leaking kernel data to userspace through things like perf. The
other patch is an update to a workaround for a hardware erratum on
some Cavium SoCs.
Summary:
- Enforce USER_DS on exception entry from EL1
- Apply workaround for Cavium errata #27456 on Thunderx-81xx parts"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: Enable workaround for Cavium erratum 27456 on thunderx-81xx
arm64: kernel: Save and restore UAO and addr_limit on exception entry
Pull x86 fixes from Ingo Molnar:
"Three fixes:
- A boot crash fix with certain configs
- a MAINTAINERS entry update
- Documentation typo fixes"
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/Documentation: Fix various typos in Documentation/x86/ files
x86/amd_nb: Fix boot crash on non-AMD systems
MAINTAINERS: Update the Calgary IOMMU entry
Pull perf fixes from Ingo Molnar:
"Various fixes:
- 32-bit callgraph bug fix
- suboptimal event group scheduling bug fix
- event constraint fixes for Broadwell/Skylake
- RAPL module name collision fix"
* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf/core: Fix pmu::filter_match for SW-led groups
x86/perf/intel/rapl: Fix module name collision with powercap intel-rapl
perf/x86: Fix 32-bit perf user callgraph collection
perf/x86/intel: Update event constraints when HT is off
Pull irq fixes from Ingo Molnar:
"Two MIPS-GIC irqchip driver fixes to unbreak certain MIPS boards"
* 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
irqchip/mips-gic: Match IPI IRQ domain by bus token only
irqchip/mips-gic: Map to VPs using HW VPNum
- Fix an oops on the Asus Eee PC 1201
- Revert a patch trying to split GPIO parsing and GPIO configuration
- Revert a too liberal compile testing thing
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJXf460AAoJEEEQszewGV1zelEQAKGzur1ClwQx4PzF5W+6hAkJ
a7DDMOA2jBWgh+fnGRGq1yKNpeF1famLB4EVYvr4fzsTZDMFnFmHLAomc42wzfPM
ZDgPBcpNN9/603vXrW32c84SbNKUt3liC0VGBiQns0ixRnl/z07HcFIcQgLWjSjc
02VtYQVXlBtEvgpCSovfcly2hvoSB8onDKhF7/gaI5d+k0Ngq4MtIMueMEYaJY/z
16NZl5Sapn58gAUhElUy+9gBeIA+xPx/VXhBlP+g6pSAHiRudaHNAMEFEDiAWEOQ
Iedzy/vXtLdRV6w3ZZJ99OGSTYrGtBBMbIKOWA98IW9s2h98B3r7+267VzFMd5f2
Avcdg8emkQP6iN1hWCtT3YKKgK6L0Iwi7FIqgaHzFyg32tIc42Ej8EoD+HyzT4MU
NzAXg/0E3b0vgtxzXcWUNEJ3K4P7xlgcFRiuwGAE1C2c1RxxKLSTyvDBANRSKSLt
ADNYioWr4vAQEE+id3SZFkbxOOlTSD+nAjcE1NzXCJcGpwinpPWADfQxwn6TEvp/
KodH7eItpJsWs8z7mqnCFC6lox133phXqPvs2ECRMFi6p4OYaTRX+MSeoLv9t9w/
e/KVl9Wpnx9ImvFurr3TsPaAtjsAPlnlUxrNrY3mngAfKEm+YKoJBgen6KrHiGPI
fewQGrZr4xhtDn0AOKNm
=9+1I
-----END PGP SIGNATURE-----
Merge tag 'gpio-v4.7-5' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio
Pull GPIO fixes from Linus Walleij:
"I don't like to toss in last minute patches, but these are all for
things that are broken, and have bitten people for real. Two of them
go into stable. Maybe all of them if the compile test problem is a
pain in the ass also for stable folks.
Final (hopefully) GPIO fixes for v4.7:
- Fix an oops on the Asus Eee PC 1201
- Revert a patch trying to split GPIO parsing and GPIO configuration
- Revert a too liberal compile testing thing"
* tag 'gpio-v4.7-5' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
Revert "gpio: gpiolib-of: Allow compile testing"
Revert "gpiolib: Split GPIO flags parsing and GPIO configuration"
gpio: sch: Fix Oops on module load on Asus Eee PC 1201
Pull drm fixes from Dave Airlie:
"One nouveau fix, and a few AMD Polaris fixes and some Allwinner fixes.
I've got some vmware fixes that I might send separate over the
weekend, they fix some black screens, but I'm still debating them"
* tag 'drm-fixes-for-v4.7-rc7' of git://people.freedesktop.org/~airlied/linux:
drm/amd/powerplay: Update CKS on/ CKS off voltage offset calculation.
drm/amd/powerplay: fix bug that get wrong polaris evv voltage.
drm/amd/powerplay: incorrectly use of the function return value
drm/amd/powerplay: fix incorrect voltage table value for tonga
drm/amd/powerplay: fix incorrect voltage table value for polaris10
drm/nouveau/disp/sor/gf119: select correct sor when poking training pattern
gpu: drm: sun4i_drv: add missing of_node_put after calling of_parse_phandle
drm/sun4i: Send vblank event when the CRTC is disabled
drm/sun4i: Report proper vblank
There are legitimate reasons to disallow mmap on certain files, notably
in sysfs or procfs. We shouldn't emulate mmap support on file systems
that don't offer support natively.
CVE-2016-1583
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Cc: stable@vger.kernel.org
[tyhicks: clean up f_op check by using ecryptfs_file_to_lower()]
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Rather than returning immediately, make sure to unlock the
mutexes first.
Signed-off-by: Sinclair Yeh <syeh@vmware.com>
Reviewed-by: Charmaine Lee <charmainel@vmware.com>
Reported-by: Emil Velikov <emil.l.velikov@gmail.com>
Cc: <stable@vger.kernel.org>
As of Xen 4.7 PV CPUID doesn't expose either of CPUID[1].ECX[7] and
CPUID[0x80000007].EDX[7] anymore, causing the driver to fail to load on
both Intel and AMD systems. Doing any kind of hardware capability
checks in the driver as a prerequisite was wrong anyway: With the
hypervisor being in charge, all such checking should be done by it. If
ACPI data gets uploaded despite some missing capability, the hypervisor
is free to ignore part or all of that data.
Ditch the entire check_prereq() function, and do the only valid check
(xen_initial_domain()) in the caller in its place.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
We need to compute timeout.expires - jiffies, not the other way around.
Add a helper, another patch can then later change more places in
conntrack code where we currently open-code this.
Will allow us to only change one place later when we remove per-ct timer.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
No need to retain a local copy of the full request message, only the
type is really needed.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
xenbus_dev_request_and_reply() needs to track whether a transaction is
open. For XS_TRANSACTION_START messages it calls transaction_start()
and for XS_TRANSACTION_END messages it calls transaction_end().
If sending an XS_TRANSACTION_START message fails or responds with an
an error, the transaction is not open and transaction_end() must be
called.
If sending an XS_TRANSACTION_END message fails, the transaction is
still open, but if an error response is returned the transaction is
closed.
Commit 027bd7e899 ("xen/xenbus: Avoid synchronous wait on XenBus
stalling shutdown/restart") introduced a regression where failed
XS_TRANSACTION_START messages were leaving the transaction open. This
can cause problems with suspend (and migration) as all transactions
must be closed before suspending.
It appears that the problematic change was added accidentally, so just
remove it.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
The chmap ctls assigned to PCM streams are freed in the PCM disconnect
callback. However, since the disconnect callback isn't called when
the card gets freed before registering, the chmap ctls may still be
left assigned. They are eventually freed together with other ctls,
but it may cause an Oops at pcm_chmap_ctl_private_free(), as the
function refers to the assigned PCM stream, while the PCM objects have
been already freed beforehand.
The fix is to free the chmap ctls also at PCM free callback, not only
at PCM disconnect.
Reported-by: Laxminath Kasam <b_lkasam@codeaurora.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
snd_ctl_remove() has a notification for the removal event. It's
superfluous when done during the device got disconnected. Although
the notification itself is mostly harmless, it may potentially be
harmful, and should be suppressed. Actually some components PCM may
free ctl elements during the disconnect or free callbacks, thus it's
no theoretical issue.
This patch adds the check of card->shutdown flag for avoiding
unnecessary notifications after (or during) the disconnect.
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
We have some Dell laptops which can't detect headset mic, the machines
use the codec ALC225, they have some new pin configuration values,
after adding them in the alc225 pin quirk table, they work well.
Cc: <stable@vger.kernel.org>
Signed-off-by: Hui Wang <hui.wang@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Pull apparmor fix from James Morris.
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
apparmor: fix oops, validate buffer size in apparmor_setprocattr()
- Fix a lock ordering issue in ACPICA introduced by a recent commit
that attempted to fix a deadlock in the dynamic table loading code
which in turn appeared after changes related to the handling of
module-level AML also made in this cycle (Lv Zheng).
- Fix a recent regression in the ACPI IRQ management code that may
cause PCI drivers to be unable to register an IRQ if that IRQ
happens to be shared with a device on the ISA bus, like the
parallel port, by reverting one commit entirely and restoring the
previous behavior in two other places (Sinan Kaya).
- Fix a recent regression in the ACPI AML debugger introduced by
the commit that removed incorrect usage of IS_ERR_VALUE() from
multiple places (Lv Zheng).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABCAAGBQJXfuIeAAoJEILEb/54YlRxWbIP/iLT8J15RhFOoRYX4HXyULym
UxeqEHVySKaqQLYhkBRz0opclW6sJQ7GaKYpVR31V4eeoll1+iQeYBYWdyuezjwp
em3LvtLXTiLWWfRVNHg9AUOv4wc4q41m98MZ5ZScgTsUcexv2R1tt0KzLE/HNy1T
NU/7JyWBEF4AiFsfYBuqtknWudV7JF3/siJO+Q1o+HSA9DW5cdqR0K9oM+Sl9pTD
3yLpVY8DNJGLSA/7MyJlyLmZ6eJmTQbxcLO7oCQliqJ9jjBKkC4r3fgfQcOcoltT
S6O7ODcJwvqCA1sv271VyOckkhJmyT7zJi/L/yJOgiGRU1//0Vfyg6iRVou9OZmE
VcQT79W+6W6saWucoNDX1CLm6GzLIHP2e6leooL710nNmtTUgrSc6C4FT1KGGs0R
UTNPYKYtiaK54krsa48XonSCdGFIszeK8sa3DIjf6C/5AYX/eGBuGFm5dZlU/qzs
BNv+GyT/Vt/Cu3cNJUrsMugwDL5sp31u44mfM1c99LMXmnwzkPylRGR1aaO4TYOy
jE5LDwMryi5gpAF8/Es0AiU4Xa8O3p+AlD7PjZIUSEyMd9zr3fdpvF6dZwaiHP26
FX6paRbXi10mkXYGnRCbTOBV8i3PuNiplaZUT+XotHlEXOvAyMhVCVSM2XCAo1Wm
3IWSGzc5gwq1Pl4fihWi
=vKn9
-----END PGP SIGNATURE-----
Merge tag 'acpi-4.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI fixes from Rafael Wysocki:
"All of these fix recent regressions in ACPICA, in the ACPI PCI IRQ
management code and in the ACPI AML debugger.
Specifics:
- Fix a lock ordering issue in ACPICA introduced by a recent commit
that attempted to fix a deadlock in the dynamic table loading code
which in turn appeared after changes related to the handling of
module-level AML also made in this cycle (Lv Zheng).
- Fix a recent regression in the ACPI IRQ management code that may
cause PCI drivers to be unable to register an IRQ if that IRQ
happens to be shared with a device on the ISA bus, like the
parallel port, by reverting one commit entirely and restoring the
previous behavior in two other places (Sinan Kaya).
- Fix a recent regression in the ACPI AML debugger introduced by the
commit that removed incorrect usage of IS_ERR_VALUE() from multiple
places (Lv Zheng)"
* tag 'acpi-4.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI / debugger: Fix regression introduced by IS_ERR_VALUE() removal
ACPICA: Namespace: Fix namespace/interpreter lock ordering
ACPI,PCI,IRQ: separate ISA penalty calculation
Revert "ACPI, PCI, IRQ: remove redundant code in acpi_irq_penalty_init()"
ACPI,PCI,IRQ: factor in PCI possible
- Fix a recent performance regression on Power systems (powernv
and pseries) introduced by a core cpuidle commit that decreased
the precision of the last_residency conversion from nano- to
microseconds, which should not matter in theory, but turned out
to play not-so-well with the special "snooze" idle state on Power
(Shreyas B Prabhu).
- Fix a crash during resume from hibernation on x86-64 caused by
possible corruption of the kernel text part of page tables in the
last phase of image restoration exposed by a security-related
change during the 4.3 development cycle (Rafael Wysocki).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABCAAGBQJXfuVmAAoJEILEb/54YlRx/TUQALIrIgVMtNpPhC0Mu0DQp+1y
S2t/vWfLnMqfl1lzH/scDi4OC3cqEbEsYB5CUJPRysc1KB0fjJbW+BEuQuJyEhgf
ac95mv1IU7DKiJ1Rp4qWvvBoovY3fjb1rhHMzvo9uh6HmKrSlWLL4PmnbGw/BaFL
PgqEazsy/a9FgGT7VnvamVL6bGXgVMEf8VqoBeZFd0krH4qvBZHrS97OLqU685vT
VW0IDZr0sI3u0pG9ropJ5b8ETtnyZ4lmTO5D4TzD9P8kZyjl2TBnSZ/ls/1YLh4N
WdBZXbsfmFFt4jyDnOjilWOBA8R3IDteCDmG1l8XhK4Smbl7TRh2XVuRAHHEjG6b
oMPHTeqIil3ExBS2gdzVEFNzYfHsyg3N9cXSochqnp3vboyZOiKaxIPCiVeBOZ+t
bDPwtbovIly1aEnsJKUbHvBxJ4A9uPUqw99YbBtMK1VpQXZFg+s/0mBVNynkuu/k
EUOuU6KcY6Br4JJPsqfb26NmARgLrrI+gTJbC3pFDHARtALnCbkkbmNZRRVRS3Zs
7CzGaYqgZ0ejMv/46jFPsHYKXU52AJ5HDhfXfELd8X3AvdhtmIszfqTkBgKx4gto
fyTVzi2c6+RJJr5Jc07msYawaz86nEUjeXFsM59g6jC5dguSWnRxUuWV2zUM/ENb
GDkzNdzif0t2DheJ4bKc
=XL6s
-----END PGP SIGNATURE-----
Merge tag 'pm-4.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull power management fixes from Rafael Wysocki:
"One fix for a recent cpuidle core change that, against all odds,
introduced a functional regression on Power systems and the fix for
the crash during resume from hibernation on x86-64 that has been in
the works for the last few weeks (it actually was ready last week, but
I wanted to allow the reporters to test if for some more time).
Specifics:
- Fix a recent performance regression on Power systems (powernv and
pseries) introduced by a core cpuidle commit that decreased the
precision of the last_residency conversion from nano- to
microseconds, which should not matter in theory, but turned out to
play not-so-well with the special "snooze" idle state on Power
(Shreyas B Prabhu).
- Fix a crash during resume from hibernation on x86-64 caused by
possible corruption of the kernel text part of page tables in the
last phase of image restoration exposed by a security-related
change during the 4.3 development cycle (Rafael Wysocki)"
* tag 'pm-4.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
cpuidle: Fix last_residency division
x86/power/64: Fix kernel text mapping corruption during image restoration
A new set of fixes for the sun4i driver, mostly related to vblank handling,
and a minor fix to release a reference on the device tree nodes we're
parsing in the probe logic.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJXfBEjAAoJEBx+YmzsjxAg614P/Ak3zQiSfzdr3W95cttFN3Vj
uI5kSFJjW96KzmS3EaqJYSrVZ0gtLkofB5lS0ElsrulYKcKBmYnjCvw+f0a8gM2K
OY+y3pu17s5o3TJKWle2Sf8bW+rhA4dLaKHKBolrT2J9wFiQGTL0sOvq5ZvsCKqC
j5Vp2sEEeGopO6ZOp6lKcRT4FVB7y9A7/7UVnizsqn3ZrUqERa9ofWp9OS8p+P2H
cftyVxDgfA5Ve6bS7C0iqjfSVsSqbc/NexKHvbp3ZOLiuLUehZoFQb9fvrzZYoPK
uFTl29BEhxHEgqwAF7/iLjggBOmzzxKSaQP4/1567r+uYW+xF857yCl82JbilYiO
/laUdl4GK2B+yeJ+617THaCi5V+zdRQID0FPFcGNbDzjpw9WFN8ok7MY9iuoPfF7
30hEDwZYcGlbiNoCTs+1TKO8NQO85gNPgQ6MxfcJ+9nxR6OugkRGjltBrKJdGbSP
MafUG8FEDXnHbpNEQ7ruA+EebJZAHxjjMUvsCJlGKTIIUuw+vMfrKhexd0JKx2s2
el5Xmb2kKtl6+88xSTglPxugt0w6lM2VA1n52ZNEVkcgG4jdOPj/NVoGMmKL9/sJ
oUFIlzua06MA3fjoYMiLGmpNhls008pzs9nDPTrF7cuot5xCNnW/P/CkI7ODTB1P
khj8gD2QtIgNDGnQg/Mh
=oFqB
-----END PGP SIGNATURE-----
Merge tag 'sunxi-drm-fixes-for-4.7-2' of https://git.kernel.org/pub/scm/linux/kernel/git/mripard/linux into drm-fixes
Allwinner DRM driver fixes for 4.7, take 2
A new set of fixes for the sun4i driver, mostly related to vblank handling,
and a minor fix to release a reference on the device tree nodes we're
parsing in the probe logic.
* tag 'sunxi-drm-fixes-for-4.7-2' of https://git.kernel.org/pub/scm/linux/kernel/git/mripard/linux:
gpu: drm: sun4i_drv: add missing of_node_put after calling of_parse_phandle
drm/sun4i: Send vblank event when the CRTC is disabled
drm/sun4i: Report proper vblank
When proc_pid_attr_write() was changed to use memdup_user apparmor's
(interface violating) assumption that the setprocattr buffer was always
a single page was violated.
The size test is not strictly speaking needed as proc_pid_attr_write()
will reject anything larger, but for the sake of robustness we can keep
it in.
SMACK and SELinux look safe to me, but somebody else should probably
have a look just in case.
Based on original patch from Vegard Nossum <vegard.nossum@oracle.com>
modified for the case that apparmor provides null termination.
Fixes: bb646cdb12
Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: John Johansen <john.johansen@canonical.com>
Cc: Paul Moore <paul@paul-moore.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Eric Paris <eparis@parisplace.org>
Cc: Casey Schaufler <casey@schaufler-ca.com>
Cc: stable@kernel.org
Signed-off-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
This reverts commit 2f36db7100.
It fixed a local root exploit but also introduced a dependency on
the lower file system implementing an mmap operation just to open a file,
which is a bit of a heavy hammer. The right fix is to have mmap depend
on the existence of the mmap handler instead.
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Cc: stable@vger.kernel.org
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Pull block IO fixes from Jens Axboe:
"Three small fixes that have been queued up and tested for this series:
- A bug fix for xen-blkfront from Bob Liu, fixing an issue with
incomplete requests during migration.
- A fix for an ancient issue in retrieving the IO priority of a
different PID than self, preventing that task from going away while
we access it. From Omar.
- A writeback fix from Tahsin, fixing a case where we'd call ihold()
with a zero ref count inode"
* 'for-linus' of git://git.kernel.dk/linux-block:
block: fix use-after-free in sys_ioprio_get()
writeback: inode cgroup wb switch should not call ihold()
xen-blkfront: save uncompleted reqs in blkfront_resume()
- a fix from Marek for ppos handling in configfs_write_bin_file,
which was introduced in Linux 4.5, but didn't have any users
until recently.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJXfjK1AAoJEA+eU2VSBFGDJ0kQAMZHONK7pHwM+IxDUeTsDTfa
FX+EplF1rLEtmUGOl01XbjgQp7acsP19YWikQfC09+ZjF6Vn1zFAFlNoU3qM+i/2
zdukzIRBaSM+4w4HFDQ548zGGc8e9mesIIUHrHt6n/nL0OLKTU0XzbmRMXmvXAUJ
u0nuB0OYlFJEVQFIlDYfG6E2rJy37FPilToonfw+AryVDenRm9iiUt0iMFoA8wPG
EpogUinelxrKZ+ysOEeibaTGxxLLbd3AbWeUQbkhmsk4FfxuV7GFSfGPbhmJ1LeU
n5X3LbK8lixG8goGdAW1NYulLnTjprZ6emUL0jwxYmI+MzOP7DUcsLqsGmdh5LEa
Uw5gzQnzNDOUFR8XFt5CgARUHRXeDyJfzKeWvKFd4JUink6wE9R0yQJ2bPBXu3pY
7t0P4qQSKWdeGjmYg54/JBamMba7BLQOLZuuiAplTTAt5Dg4tEi9Zuje2sUmBcDn
3YnG4dnGxPeP9EKCElh1WWtwiRItUKT+YtaqSinL1Rh2j1aWu9WJQ3M1C+s3hFQ3
vGR/CchllLtP4xmpY9TXEpUbBp4ZnTercWAxLRczi1/kOm3SdMIMUak26U6pTBmN
QfkEzSx+K5F1wGaoqa2j7MuTMSNsxfT1R0xA6aBid4oOyCoPyHOVJ3mqV0AziyOl
c7B92HgR/aGFMEevVA1G
=mZ2H
-----END PGP SIGNATURE-----
Merge tag 'configfs-for-4.7' of git://git.infradead.org/users/hch/configfs
Pull configfs fix from Christoph Hellwig:
"A fix from Marek for ppos handling in configfs_write_bin_file, which
was introduced in Linux 4.5, but didn't have any users until recently"
* tag 'configfs-for-4.7' of git://git.infradead.org/users/hch/configfs:
configfs: Remove ppos increment in configfs_write_bin_file
When using HEAD from
https://git.kernel.org/cgit/utils/kernel/ipvsadm/ipvsadm.git/,
the command:
ipvsadm --start-daemon backup --mcast-interface eth0.60 \
--mcast-group ff02::1:81
fails with the error message:
Argument list too long
whereas both:
ipvsadm --start-daemon master --mcast-interface eth0.60 \
--mcast-group ff02::1:81
and:
ipvsadm --start-daemon backup --mcast-interface eth0.60 \
--mcast-group 224.0.0.81
are successful.
The error message "Argument list too long" isn't helpful. The error occurs
because an IPv6 address is given in backup mode.
The error is in make_receive_sock() in net/netfilter/ipvs/ip_vs_sync.c,
since it fails to set the interface on the address or the socket before
calling inet6_bind() (via sock->ops->bind), where the test
'if (!sk->sk_bound_dev_if)' failed.
Setting sock->sk->sk_bound_dev_if on the socket before calling
inet6_bind() resolves the issue.
Fixes: d33288172e ("ipvs: add more mcast parameters for the sync daemon")
Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
Acked-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
