561608 Commits

Author SHA1 Message Date
Paolo Bonzini
e24dea2afc KVM: MTRR: treat memory as writeback if MTRR is disabled in guest CPUID
Virtual machines can be run with CPUID such that there are no MTRRs.
In that case, the firmware will never enable MTRRs and it is obviously
undesirable to run the guest entirely with UC memory.  Check out guest
CPUID, and use WB memory if MTRR do not exist.

Cc: qemu-stable@nongnu.org
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=107561
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-12-22 15:29:00 +01:00
Paolo Bonzini
fa7c4ebd5a KVM: MTRR: observe maxphyaddr from guest CPUID, not host
Conversion of MTRRs to ranges used the maxphyaddr from the boot CPU.
This is wrong, because var_mtrr_range's mask variable then is discontiguous
(like FF00FFFF000, where the first run of 0s corresponds to the bits
between host and guest maxphyaddr).  Instead always set up the masks
to be full 64-bit values---we know that the reserved bits at the top
are zero, and we can restore them when reading the MSR.  This way
var_mtrr_range gets a mask that just works.

Fixes: a13842dc668b40daef4327294a6d3bdc8bd30276
Cc: qemu-stable@nongnu.org
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=107561
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-12-22 15:28:56 +01:00
Alexis Dambricourt
a7f2d78657 KVM: MTRR: fix fixed MTRR segment look up
This fixes the slow-down of VM running with pci-passthrough, since some MTRR
range changed from MTRR_TYPE_WRBACK to MTRR_TYPE_UNCACHABLE.  Memory in the
0K-640K range was incorrectly treated as uncacheable.

Fixes: f7bfb57b3e89ff89c0da9f93dedab89f68d6ca27
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=107561
Cc: qemu-stable@nongnu.org
Signed-off-by: Alexis Dambricourt <alexis.dambricourt@gmail.com>
[Use correct BZ for "Fixes" annotation.  - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-12-22 15:28:37 +01:00
Paolo Bonzini
6fd086214a KVM/ARM fixes for v4.4-rc6
- Fix for the active interrupt detection code, affecting
   the timer interrupt injection.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWc/90AAoJECPQ0LrRPXpDTLgP/1UlFghuA/bi4H+VQh+LXGdG
 r3R8LfeDlj6nkj8cFUL4Dcr/ft/oraqKiWDmsc7oOlcIT1X9cVD3SX7kxr69vRLN
 va9M72Ui+yc2/d6Ko5QZlI+0fVPJLTyuBhjlf9VuO9lODN0xI3iYpghU3uiHfw37
 ohcUNB+Twt1/ZZkyZ05Akr8ASiOgDRCgstwE1em3EGsE61jZyRhYeTI1q7n9yfjV
 6Xt1xDakwpJYr80uCpJiwctik2CWCJ+CwfaArSdxpsK/NZk11PigW/YfJhfXkJUd
 OrEAjBedhlGHyY7VsElR+wOga6tmby0BWIEs0GKp3cMMo9aO4sH+iQ/p7a5oV7d4
 MxlvxjFk/ijsPN7NtHPvmc2dz3rKO1C/KxAbT0uZrDaQP90/GmJRlaIw3JBkvPa0
 rpfT9O5y/Bcylb/5NIyIxW/Ninnu2TP47bitYUmYa6wp1rBXVTGSiK/YnXxXyS9w
 jkyXmiaf1Etzt0oCuC4YLyJBNjz+WEND3ygfx8BDjZey9boNjNw9q8YaP1dIo4HB
 I4SKBSmaz9REU6KJkl5gp+KKv/5LoG7j/t3pIgj4B2aTSFZRp0nM8x7dLIUybEvi
 GQWm653cBdhQ+ZsFpULGc9x41WhFME1lCoUBY+2fVW1QyPxpcMyTRQkoMOGevZgX
 DJE2birTdNx/fOxJ+1XL
 =I1JK
 -----END PGP SIGNATURE-----

Merge tag 'kvm-arm-for-v4.4-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD

KVM/ARM fixes for v4.4-rc6

- Fix for the active interrupt detection code, affecting
  the timer interrupt injection.
2015-12-18 19:14:46 +01:00
Haozhong Zhang
81b1b9ca6d KVM: VMX: Fix host initiated access to guest MSR_TSC_AUX
The current handling of accesses to guest MSR_TSC_AUX returns error if
vcpu does not support rdtscp, though those accesses are initiated by
host. This can result in the reboot failure of some versions of
QEMU. This patch fixes this issue by passing those host initiated
accesses for further handling instead.

Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-12-14 16:24:08 +01:00
Christoffer Dall
fdec12c12e KVM: arm/arm64: vgic: Fix kvm_vgic_map_is_active's dist check
External inputs to the vgic from time to time need to poke into the
state of a virtual interrupt, the prime example is the architected timer
code.

Since the IRQ's active state can be represented in two places; the LR or
the distributor, we first loop over the LRs but if not active in the LRs
we just return if *any* IRQ is active on the VCPU in question.

This is of course bogus, as we should check if the specific IRQ in
quesiton is active on the distributor instead.

Reported-by: Eric Auger <eric.auger@linaro.org>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
2015-12-11 16:33:31 +00:00
Paolo Bonzini
e307beca2e Merge branch 'kvm-ppc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc into kvm-master 2015-12-11 12:26:47 +01:00
Paolo Bonzini
8b89fe1f6c kvm: x86: move tracepoints outside extended quiescent state
Invoking tracepoints within kvm_guest_enter/kvm_guest_exit causes a
lockdep splat.

Reported-by: Borislav Petkov <bp@alien8.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-12-11 12:26:33 +01:00
Linus Torvalds
6764e5ebd5 VFIO fixes for v4.4-rc5
- Various fixes for removing redundancy, const'ifying structs,
    avoiding stack usage, fixing WARN usage (Krzysztof Kozlowski,
    Julia Lawall, Kees Cook, Dan Carpenter)
  - Revert No-IOMMU mode as the intended user has not emerged
    (Alex Williamson)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWaLTPAAoJECObm247sIsi+bcQAJ8YacU2jLM92/m9Ciw5P76A
 fGFrP6Pb9VmCJ2nnyglOI7Puw3EXl/BN6tHnvRUbqIOHR4HmsBxvNmknj984glfH
 FgoE64R1QLmk2AcQOCkgr/eCxWilQ8udh4ztTVQjbynA2jiOxmD97CX87DkFqzeW
 BNGs2TOpnStvLWBJgTITLpmUPApTIyBUAjsMtAKxUc0r+E/9KgnOyXXuq9tNCCrQ
 tDyJng11a9xrYmRDlarpySuJ9A/fUyAcQ1p5+JdTugT8r1rCcbZxk+ofajG5gqI1
 gtlPmmBYi255OOrPjHMVcCbKHgEet6cUNsgC4L+tHBUv0/ZzFZeXCliWM+MLx5iS
 nJ6+fOMxd9lWDCAjgGUHrTObIYxhNq7XykjeT3C9A/4N5MuK7mVqnpR+CTun1y73
 JKByNMEB5KDeVQKdPqTlX9nwG7ki7n+0YR7hEYyq+eAk9s4QUEjGoOb5bavTxCnM
 gn4KFZNDXTn5EIhZZVNG916nYm+gvDasDSzOuuNrhDpGuWWgDH9ZIE0bHcYWaXXE
 lECw5WPmH8zQSuVJLq3wkAG596kNHkBGw4Pg6zRXA/llUFqqGVb6BYY+Tz9Mu+NP
 OfqrKVnK2EExblsUYBKJkBYFIikqAC+D0UVpBsGiCneNFaqDPvCANcfQaObTdzBz
 Y3nt0+FpY+bCqEDge0u+
 =im4y
 -----END PGP SIGNATURE-----

Merge tag 'vfio-v4.4-rc5' of git://github.com/awilliam/linux-vfio

Pull VFIO fixes from Alex Williamson:

 - Various fixes for removing redundancy, const'ifying structs, avoiding
   stack usage, fixing WARN usage (Krzysztof Kozlowski, Julia Lawall,
   Kees Cook, Dan Carpenter)

 - Revert No-IOMMU mode as the intended user has not emerged (Alex
   Williamson)

* tag 'vfio-v4.4-rc5' of git://github.com/awilliam/linux-vfio:
  Revert: "vfio: Include No-IOMMU mode"
  vfio: fix a warning message
  vfio: platform: remove needless stack usage
  vfio-pci: constify pci_error_handlers structures
  vfio: Drop owner assignment from platform_driver
2015-12-09 16:52:12 -08:00
Linus Torvalds
eef121f407 DeviceTree fixes for 4.4-rc4:
- Fix incorrect warning about overlapping memory regions
 
 - Export of_irq_find_parent again which was made static in 4.4, but has
   users pending for 4.5.
 
 - Fix of_msi_map_rid declaration location
 
 - Fix re-entrancy for of_fdt_unflatten_tree
 
 - Clean-up of phys_addr_t printks
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWaEnyAAoJEPr7XbWNvGHDH90P/1JSGowb+SbRcnnsrdC3mm4A
 EhuohOWeF9LYOMLfPm01dDL/165mso61HWs1T7qdZInAWEcwTHGrBz6GVUjzqA5D
 jYL1ONAEC8VaScRQ51JYg9s9be/pDyGqmdDHjTIqB4yFf+JVGkJFWwNi6RLWjAQz
 J0PmNN32GMcRK9MPC02XjcYeEyVWuTFWkX4h1WpG+YnMfZ3M2b4ITOKDZDPx7iKb
 benPM3i2jPeZnkHsMT8sCJ5QpwoTtWyuh3G3l8zfoK1dH4S9e4Egwq0o2+DWXBXU
 bTTn+nrGtiw73h6naWA/gbllo+fuzDj+PqyH8bfNHPW33PBgUIJRNs8ZoBwyFcEg
 2qxIQMK65JXxwXTWOPKwIPajh/2qSj5OgrtRSQp05IAjd4xve4CQHEWMh8R2CO2x
 hcmXwJuALsbU021bWGbsJ23aF7TUrxUrk6cUKisarbPWBVGUOAkblYzC5B14w5+F
 XyoyM2d5R8xPKlN69o/5Sd0/1+gpazYscXUM031udFvq1P7RxKxst/Z9oScYl4fq
 AocQlRERHFu1nfHGoV0Vw4yRuJnZG2xpmN8uGdOfMLErJkgmVeKSQV0RUEBtnRMT
 l4jcAlumGqpuK7Nvqb30+I8FtB0ksNkg49dIpuyyj+fL5dRVHs6yY9hiTqqmk7yH
 wfFq3DubsUxATlq7pqYD
 =Y8J4
 -----END PGP SIGNATURE-----

Merge tag 'devicetree-fixes-for-4.4-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux

Pull DT fixes from Rob Herring:
 "I think this should be all for 4.4:

   - Fix incorrect warning about overlapping memory regions

   - Export of_irq_find_parent again which was made static in 4.4, but
     has users pending for 4.5.

   - Fix of_msi_map_rid declaration location

   - Fix re-entrancy for of_fdt_unflatten_tree

   - Clean-up of phys_addr_t printks"

* tag 'devicetree-fixes-for-4.4-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
  of/irq: move of_msi_map_rid declaration to the correct ifdef section
  of/irq: Export of_irq_find_parent again
  of/fdt: Add mutex protection for calls to __unflatten_device_tree()
  of/address: fix typo in comment block of of_translate_one()
  of: do not use 0x in front of %pa
  of: Fix comparison of reserved memory regions
2015-12-09 16:44:07 -08:00
Linus Torvalds
abb7e2b3f0 One small build fix, a couple do_div() fixes, and a fix for the gpio basic
clock type are the major changes here. There's also a couple fixes for
 the TI, sunxi, and scpi clock drivers.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABCAAGBQJWaI8lAAoJENidgRMleOc9yTUP/0YexYihbhTEFnwc5sI5vPJr
 Men/1Gxmn8K+oL/sSMD5rr8K9bVR9ZVi9o8sBlDPB0jODfWNLvRzsdPTpm9/Fixb
 RnGAZz8EcpZ2inM7HtLAu19m2GcWCxkG2NRjE8/2mDduS6Avxa6ko4bYY5g56wRt
 6EET6yD3EVkTYwf+OG/7QwlccHVNnnOee04yWy7NAgHzSqMpmB3SXGQ/wZGRBkPS
 ivm3cdT91FNjboiJtuI9j8ZkX+cUpiqdK8XBA+IaWnlo8GOeEdcET6yYLha+Pvyg
 /7I0rjs7CvuPFbg/dVsosnXIiBl5RV2e+WnhgDKNHe9ldCfyrC8NaO5JBj6IsSG3
 +0AWGcGzQDl5hztSavy7iUEdNZvj7GHGJctJAD4+wpUceECURniPFNp0sKKHXY7U
 buAWQC9d+GnVwctT9109BVSyu6ON5+c5zoh+zryIfexsudfFopiksgQeA79vIBah
 hAXxo9eXBTAsybvqz/l/COo4VjZUeWXGRfmNfFEqUCZPzIUHqtjITNfsdA4I6zOz
 uOPIpYmxnbdvvw5NTrpHI2SxsOf+1N3gYbN3xJZSrVmjZW8ZGs+43aTghIu0HGWh
 8YSP7OQ9hXdCtaKVnoxWWk5JNpaN7DQ9Yh+HyHfCiXmHDFtBArMXzD7ilKmcP7V/
 YaZftt/eFkg+xhLoMD7W
 =ZGfK
 -----END PGP SIGNATURE-----

Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux

Pull clk fixes from Stephen Boyd:
 "One small build fix, a couple do_div() fixes, and a fix for the gpio
  basic clock type are the major changes here.  There's also a couple
  fixes for the TI, sunxi, and scpi clock drivers"

* tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
  clk: sunxi: pll2: Fix clock running too fast
  clk: scpi: add missing of_node_put
  clk: qoriq: fix memory leak
  imx/clk-pllv2: fix wrong do_div() usage
  imx/clk-pllv1: fix wrong do_div() usage
  clk: mmp: add linux/clk.h includes
  clk: ti: drop locking code from mux/divider drivers
  clk: ti816x: Add missing dmtimer clkdev entries
  clk: ti: fapll: fix wrong do_div() usage
  clk: ti: clkt_dpll: fix wrong do_div() usage
  clk: gpio: Get parent clk names in of_gpio_clk_setup()
2015-12-09 16:36:29 -08:00
Paul Mackerras
c20875a3e6 KVM: PPC: Book3S HV: Prohibit setting illegal transaction state in MSR
Currently it is possible for userspace (e.g. QEMU) to set a value
for the MSR for a guest VCPU which has both of the TS bits set,
which is an illegal combination.  The result of this is that when
we execute a hrfid (hypervisor return from interrupt doubleword)
instruction to enter the guest, the CPU will take a TM Bad Thing
type of program interrupt (vector 0x700).

Now, if PR KVM is configured in the kernel along with HV KVM, we
actually handle this without crashing the host or giving hypervisor
privilege to the guest; instead what happens is that we deliver a
program interrupt to the guest, with SRR0 reflecting the address
of the hrfid instruction and SRR1 containing the MSR value at that
point.  If PR KVM is not configured in the kernel, then we try to
run the host's program interrupt handler with the MMU set to the
guest context, which almost certainly causes a host crash.

This closes the hole by making kvmppc_set_msr_hv() check for the
illegal combination and force the TS field to a safe value (00,
meaning non-transactional).

Cc: stable@vger.kernel.org # v3.9+
Signed-off-by: Paul Mackerras <paulus@samba.org>
2015-12-10 11:34:27 +11:00
Linus Torvalds
9a0f76fde9 Fix an Oops if an interrupt occurs at startup. This can happen on
some hardware.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iEYEABECAAYFAlZof7kACgkQIXnXXONXERehTQCeI3y8x6wza8XwhNFUxrCtG5wc
 0ioAoJS0ybm+wN5tLUjXLUlhwqK9j9jT
 =lJdc
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-4.4-1' of git://git.code.sf.net/p/openipmi/linux-ipmi

Pull IPMI fix from Corey Minyard:
 "Fix an Oops if an interrupt occurs at startup.  This can happen on
  some hardware"

* tag 'for-linus-4.4-1' of git://git.code.sf.net/p/openipmi/linux-ipmi:
  ipmi: move timer init to before irq is setup
2015-12-09 11:57:10 -08:00
Jan Stancek
27f972d3e0 ipmi: move timer init to before irq is setup
We encountered a panic on boot in ipmi_si on a dell per320 due to an
uninitialized timer as follows.

static int smi_start_processing(void       *send_info,
                                ipmi_smi_t intf)
{
        /* Try to claim any interrupts. */
        if (new_smi->irq_setup)
                new_smi->irq_setup(new_smi);

 --> IRQ arrives here and irq handler tries to modify uninitialized timer

    which triggers BUG_ON(!timer->function) in __mod_timer().

 Call Trace:
   <IRQ>
   [<ffffffffa0532617>] start_new_msg+0x47/0x80 [ipmi_si]
   [<ffffffffa053269e>] start_check_enables+0x4e/0x60 [ipmi_si]
   [<ffffffffa0532bd8>] smi_event_handler+0x1e8/0x640 [ipmi_si]
   [<ffffffff810f5584>] ? __rcu_process_callbacks+0x54/0x350
   [<ffffffffa053327c>] si_irq_handler+0x3c/0x60 [ipmi_si]
   [<ffffffff810efaf0>] handle_IRQ_event+0x60/0x170
   [<ffffffff810f245e>] handle_edge_irq+0xde/0x180
   [<ffffffff8100fc59>] handle_irq+0x49/0xa0
   [<ffffffff8154643c>] do_IRQ+0x6c/0xf0
   [<ffffffff8100ba53>] ret_from_intr+0x0/0x11

        /* Set up the timer that drives the interface. */
        setup_timer(&new_smi->si_timer, smi_timeout, (long)new_smi);

The following patch fixes the problem.

To: Openipmi-developer@lists.sourceforge.net
To: Corey Minyard <minyard@acm.org>
CC: linux-kernel@vger.kernel.org

Signed-off-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: Tony Camuso <tcamuso@redhat.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Cc: stable@vger.kernel.org # Applies cleanly to 3.10-, needs small rework before
2015-12-09 13:13:06 -06:00
Sasha Levin
d7e35dfa25 bitops.h: correctly handle rol32 with 0 byte shift
ROL on a 32 bit integer with a shift of 32 or more is undefined and the
result is arch-dependent. Avoid this by handling the trivial case of
roling by 0 correctly.

The trivial solution of checking if shift is 0 breaks gcc's detection
of this code as a ROL instruction, which is unacceptable.

This bug was reported and fixed in GCC
(https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57157):

	The standard rotate idiom,

	  (x << n) | (x >> (32 - n))

	is recognized by gcc (for concreteness, I discuss only the case that x
	is an uint32_t here).

	However, this is portable C only for n in the range 0 < n < 32. For n
	== 0, we get x >> 32 which gives undefined behaviour according to the
	C standard (6.5.7, Bitwise shift operators). To portably support n ==
	0, one has to write the rotate as something like

	  (x << n) | (x >> ((-n) & 31))

	And this is apparently not recognized by gcc.

Note that this is broken on older GCCs and will result in slower ROL.

Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-12-09 10:35:16 -08:00
Linus Torvalds
626d114f46 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull vfs fixes from Al Viro:
 "A couple of fixes, both -stable fodder (9p one all way back to 2.6.32,
  dio - to all branches where "Fix negative return from dio read beyond
  eof" will end up it; it's a fixup to commit marked for -stable)"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  fix the regression from "direct-io: Fix negative return from dio read beyond eof"
  9p: ->evict_inode() should kick out ->i_data, not ->i_mapping
2015-12-09 09:34:26 -08:00
Linus Torvalds
978d6a9041 PCI updates for v4.4:
MSI
     Only use the generic MSI layer when domain is hierarchical (Marc Zyngier)
 
   Altera host bridge driver
     Fix loop in tlp_read_packet() (Dan Carpenter)
     Fix Requester ID for config accesses (Ley Foon Tan)
     Check TLP completion status (Ley Foon Tan)
     Fix error when INTx is 4 (Ley Foon Tan)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWaE7hAAoJEFmIoMA60/r8ttwQAI7sv6+hLB+xSv8j43Xlh/wr
 M58VLpLHhsh0c5bhViIfTj3m56QPb1FqxzD1jD8NB29twPzf/j96UUUFHXZH5Amm
 kVdFVzslgpfBusGJeedL0Nei4R9TCVCaQv1BKODcLGGUZx1f29mlYLmgSVz7n3V0
 oihjN4R352yjsH0goTHxsSHjnwR7mdzKmK6lWFAFgujQK3+eJ8WE+qniP0Rh5IWS
 voqQBE7N9vXzTqrBbEJYS1KZFUn7gBkkVPo1xFtniIHXZoT23in2Cg17eUQdMymN
 6oXzzgiHkcJizuFhcxhtf7KitEbJk+6YWXxH03u5onDZQQNpJpcz17Us+vK3G4bb
 hdCMzOnZ2HAZgNP8W9yGdTB9Px9d6l1Kt3py3Nb9xJemMtl2IWVnxbRk/uu2ddF+
 83eX074U0lZqb8vAkR64EByKi8q+126BV5e+P7t3YgqJ1nA3luvk+bZsEiBFOePb
 hCNSSR2sP6mtYnVW0T3YPnZYJkrM3N28+JrZtP75szLjBNj3vmX2ani/dEJLAlkR
 UA6EoBiyJQvFyoZ2/pRb3dDYuNWoSP4yEAcZYwUFHmfs8AdF87Jl3BGH7HHW4C+8
 sendp2WisODovdUa9/QKA0VX9VAStlzTIy5g+smMgZ340yp1Bl4HHxnZhN2kSR/P
 RZVNePtY/5DX60andYLb
 =3jiK
 -----END PGP SIGNATURE-----

Merge tag 'pci-v4.4-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci

Pull PCI fixes from Bjorn Helgaas:
 "These are more fixes I'd like to have in v4.4.  Several for the Altera
  driver added for v4.4, and one for an MSI domain problem that affects
  several arm64 platforms:

  MSI:
   - Only use the generic MSI layer when domain is hierarchical (Marc
     Zyngier)

  Altera host bridge driver:
   - Fix loop in tlp_read_packet() (Dan Carpenter)
   - Fix Requester ID for config accesses (Ley Foon Tan)
   - Check TLP completion status (Ley Foon Tan)
   - Fix error when INTx is 4 (Ley Foon Tan)"

* tag 'pci-v4.4-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
  PCI: altera: Fix error when INTx is 4
  PCI: altera: Check TLP completion status
  PCI: altera: Fix Requester ID for config accesses
  PCI: altera: Fix loop in tlp_read_packet()
  PCI/MSI: Only use the generic MSI layer when domain is hierarchical
2015-12-09 09:26:06 -08:00
Rob Herring
eaddb57253 of/irq: move of_msi_map_rid declaration to the correct ifdef section
In checking fixes for of_irq_find_parent declaration location, I found
that of_msi_map_rid is also wrong. of_msi_map_rid is not implemented for
Sparc, so it should not be in the Sparc specific section of the header.
Move it to just depend on OF_IRQ.

Cc: Frank Rowand <frowand.list@gmail.com>
Signed-off-by: Rob Herring <robh@kernel.org>
2015-12-09 09:23:28 -06:00
Carlo Caione
4c3141e09c of/irq: Export of_irq_find_parent again
of_irq_find_parent was made static since it had no users outside of
of_irq.c. Export it again since we are going to use it again.

Signed-off-by: Carlo Caione <carlo@endlessm.com>
[robh: move of_irq_find_parent to correct ifdef section]
Signed-off-by: Rob Herring <robh@kernel.org>
2015-12-09 09:08:36 -06:00
Linus Torvalds
aa53685549 Merge branch 'for-linus-4.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml
Pull uml fixes from Richard Weinberger:
 "This contains various bug fixes, most of them are fall out from the
  merge window"

* 'for-linus-4.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml:
  um: fix returns without va_end
  um: Fix fpstate handling
  arch: um: fix error when linking vmlinux.
  um: Fix get_signal() usage
2015-12-08 17:22:45 -08:00
Linus Torvalds
5406812e59 Merge branch 'for-4.4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup
Pull cgroup fixes from Tejun Heo:
 "More change than I'd have liked at this stage.  The pids controller
  and the changes made to cgroup core to support it introduced and
  revealed several important issues.

   - Assigning membership to a newly created task and migrating it can
     race leading to incorrect accounting.  Oleg fixed it by widening
     threadgroup synchronization.  It looks like we'll be able to merge
     it with a different percpu rwsem which is used in fork path making
     things simpler and cheaper.

   - The recent change to extend cgroup membership to zombies (so that
     pid accounting can extend till the pid is actually released) missed
     pinning the underlying data structures leading to use-after-free.
     Fixed.

   - v2 hierarchy was calling subsystem callbacks with the wrong target
     cgroup_subsys_state based on the incorrect assumption that they
     share the same target.  pids is the first controller affected by
     this.  Subsys callbacks updated so that they can deal with
     multi-target migrations"

* 'for-4.4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
  cgroup_pids: don't account for the root cgroup
  cgroup: fix handling of multi-destination migration from subtree_control enabling
  cgroup_freezer: simplify propagation of CGROUP_FROZEN clearing in freezer_attach()
  cgroup: pids: kill pids_fork(), simplify pids_can_fork() and pids_cancel_fork()
  cgroup: pids: fix race between cgroup_post_fork() and cgroup_migrate()
  cgroup: make css_set pin its css's to avoid use-afer-free
  cgroup: fix cftype->file_offset handling
2015-12-08 13:35:52 -08:00
Linus Torvalds
633bb7388b Merge branch 'for-4.4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata
Pull libata fixes from Tejun Heo:
 "Nothing too interesting.  All are device specific additions and
  workarounds"

* 'for-4.4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata:
  ata/sata_fsl.c: add ATA_FLAG_NO_LOG_PAGE to blacklist the controller for log page reads
  libata-eh.c: Introduce new ata port flag for controller which lockup on read log page
  sata_sil: disable trim
  AHCI: Fix softreset failed issue of Port Multiplier
  sata/mvebu: use #ifdef around suspend/resume code
  ahci: Order SATA device IDs for codename Lewisburg
  ahci: Add Device ID for Intel Sunrise Point PCH
2015-12-08 13:29:18 -08:00
Geyslan G. Bem
887a985309 um: fix returns without va_end
When using va_list ensure that va_start will be followed by va_end.

Signed-off-by: Geyslan G. Bem <geyslan@gmail.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
2015-12-08 22:26:00 +01:00
Richard Weinberger
8090bfd2bb um: Fix fpstate handling
The x86 FPU cleanup changed fpstate to a plain integer.
UML on x86 has to deal with that too.

Signed-off-by: Richard Weinberger <richard@nod.at>
2015-12-08 22:25:40 +01:00
Lorenzo Colitti
fb1770aa78 arch: um: fix error when linking vmlinux.
On gcc Ubuntu 4.8.4-2ubuntu1~14.04, linking vmlinux fails with:

arch/um/os-Linux/built-in.o: In function `os_timer_create':
/android/kernel/android/arch/um/os-Linux/time.c:51: undefined reference to `timer_create'
arch/um/os-Linux/built-in.o: In function `os_timer_set_interval':
/android/kernel/android/arch/um/os-Linux/time.c:84: undefined reference to `timer_settime'
arch/um/os-Linux/built-in.o: In function `os_timer_remain':
/android/kernel/android/arch/um/os-Linux/time.c:109: undefined reference to `timer_gettime'
arch/um/os-Linux/built-in.o: In function `os_timer_one_shot':
/android/kernel/android/arch/um/os-Linux/time.c:132: undefined reference to `timer_settime'
arch/um/os-Linux/built-in.o: In function `os_timer_disable':
/android/kernel/android/arch/um/os-Linux/time.c:145: undefined reference to `timer_settime'

This is because -lrt appears in the generated link commandline
after arch/um/os-Linux/built-in.o. Fix this by removing -lrt from
arch/um/Makefile and adding it to the UM-specific section of
scripts/link-vmlinux.sh.

Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
2015-12-08 22:25:13 +01:00
Richard Weinberger
db2f24dc24 um: Fix get_signal() usage
If get_signal() returns us a signal to post
we must not call it again, otherwise the already
posted signal will be overridden.
Before commit a610d6e672d this was the case as we stopped
the while after a successful handle_signal().

Cc: <stable@vger.kernel.org> # 3.10-
Fixes: a610d6e672d ("pull clearing RESTORE_SIGMASK into block_sigmask()")
Signed-off-by: Richard Weinberger <richard@nod.at>
2015-12-08 22:23:30 +01:00
Linus Torvalds
51825c8a86 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull perf fixes from Ingo Molnar:
 "This tree includes four core perf fixes for misc bugs, three fixes to
  x86 PMU drivers, and two updates to old email addresses"

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  perf: Do not send exit event twice
  perf/x86/intel: Fix INTEL_FLAGS_UEVENT_CONSTRAINT_DATALA_NA macro
  perf/x86/intel: Make L1D_PEND_MISS.FB_FULL not constrained on Haswell
  perf: Fix PERF_EVENT_IOC_PERIOD deadlock
  treewide: Remove old email address
  perf/x86: Fix LBR call stack save/restore
  perf: Update email address in MAINTAINERS
  perf/core: Robustify the perf_cgroup_from_task() RCU checks
  perf/core: Fix RCU problem with cgroup context switching code
2015-12-08 13:01:23 -08:00
Al Viro
2d4594acbf fix the regression from "direct-io: Fix negative return from dio read beyond eof"
Sure, it's better to bail out of past-the-eof read and return 0 than return
a bogus negative value on such.  Only we'd better make sure we are bailing out
with 0 and not -ENOMEM...

Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2015-12-08 15:02:42 -05:00
Al Viro
4ad7862844 9p: ->evict_inode() should kick out ->i_data, not ->i_mapping
For block devices the pagecache is associated with the inode
on bdevfs, not with the aliasing ones on the mountable filesystems.
The latter have its own ->i_data empty and ->i_mapping pointing
to the (unique per major/minor) bdevfs inode.  That guarantees
cache coherence between all block device inodes with the same
device number.

Eviction of an alias inode has no business trying to evict the
pages belonging to bdevfs one; moreover, ->i_mapping is only
safe to access when the thing is opened.  At the time of
->evict_inode() the victim is definitely *not* opened.  We are
about to kill the address space embedded into struct inode
(inode->i_data) and that's what we need to empty of any pages.

9p instance tries to empty inode->i_mapping instead, which is
both unsafe and bogus - if we have several device nodes with
the same device number in different places, closing one of them
should not try to empty the (shared) page cache.

Fortunately, other instances in the tree are OK; they are
evicting from &inode->i_data instead, as 9p one should.

Cc: stable@vger.kernel.org # v2.6.32+, ones prior to 2.6.36 need only half of that
Reported-by: "Suzuki K. Poulose" <Suzuki.Poulose@arm.com>
Tested-by: "Suzuki K. Poulose" <Suzuki.Poulose@arm.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2015-12-08 14:51:16 -05:00
Guenter Roeck
f806238667 of/fdt: Add mutex protection for calls to __unflatten_device_tree()
__unflatten_device_tree() calls unflatten_dt_node(), which declares
a static variable. It is therefore not reentrant.

One of the callers of __unflatten_device_tree(), unflatten_device_tree(),
is only called once during early initialization and does not need to be
protected. The other caller, of_fdt_unflatten_tree(), can be called at
any time, possibly multiple times in parallel. This can happen, for
example, if multiple devicetree overlays have to be loaded and installed.

Without this protection, errors such as the following may be seen.

kernel: End of tree marker overwritten: e6a3a458
kernel: find_target_node:
	Failed to find target-indirect node at /fragment@0
kernel: __of_overlay_create: of_build_overlay_info() failed for tree@/

Add a mutex to of_fdt_unflatten_tree() to make the call reentrant.

Cc: Pantelis Antoniou <pantelis.antoniou@konsulko.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Cc: stable@vger.kernel.org # v4.1+
Signed-off-by: Rob Herring <robh@kernel.org>
2015-12-08 09:50:42 -06:00
Linus Torvalds
62ea1ec5e1 virtio: fixes on top of 4.4-rc4
This includes some fixes and cleanups in virtio and vhost code. Most notably,
 shadowing the index fixes the excessive cacheline bouncing observed on AMD
 platforms.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJWZaWhAAoJECgfDbjSjVRpWgkH/27ol7FAizFI6Dli6YjdGk/P
 PJwSE/BR1ki/YohvUAjRZyyb1joBcVXC6rgy/5NFwWW6EfeZoAFaJsEgJO4jcxxw
 UizVUnVVQ2UFmJ+IsCFMQCYf6IaGgFegGABjJNvyVhn+XeHhxkW690Z6GKy/IOx7
 tueq1HaHeXt9Edx7D2cUsp4INmVU51fwrLmS72Z4S87W9pQ0IKG9C8Q1n+pq/9MD
 1PqoqmqVgRjLwndV4YyXCGdJRKIh7SvDTGflm6vyluIbwnFLiz5G59SP4p0GJd6L
 TYhqL8g+kUEjYOyvPqfoFA+aPrOTmCEfsflrpIk6miOwP3QOVbQhEsgauxL/ivo=
 =owan
 -----END PGP SIGNATURE-----

Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost

Pull virtio fixes from Michael Tsirkin:
 "This includes some fixes and cleanups in virtio and vhost code.

  Most notably, shadowing the index fixes the excessive cacheline
  bouncing observed on AMD platforms"

* tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
  virtio_ring: shadow available ring flags & index
  virtio: Do not drop __GFP_HIGH in alloc_indirect
  vhost: replace % with & on data path
  tools/virtio: fix byteswap logic
  tools/virtio: move list macro stubs
  virtio: fix memory leak of virtio ida cache layers
  vhost: relax log address alignment
  virtio-net: Stop doing DMA from the stack
2015-12-07 10:50:07 -08:00
Linus Torvalds
f41683a204 Ext4 bug fixes for v4.4, including fixes for post-2038 time encodings,
some endian conversion problems with ext4 encryption, potential memory
 leaks after truncate in data=journal mode, and an ocfs2 regression
 caused by a jbd2 performance improvement.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQEcBAABCAAGBQJWZP5/AAoJEPL5WVaVDYGjLUwH+wZUMghNAiR+AUEDW5MwbRMd
 XGvPFr1ohs9ep6vrayRLAVU+BDbcSvL7GRddFpUabTfDqH6tyk43IqOFaE2UMefj
 +k61vUnEaD7hTOGtgnfkntAcrE8hngTA1UkEGRTRQjRSqKgt1ku2LB/GfGbgv4Yq
 1grwLbq/MRZ6gSZIv8TwuLC7BOAt6mLtxtJB8ozRuhVJVo1gzy1IvXkqn2mgf/h4
 nIq6i720NxZS9HqncA/o1rxfWb2bwEpLj5MYqdgscwHBGql0riHM0HOebAbgvVqV
 FgLM81p4qVry8N4ACNLIJsqjWu3eMcNUZFW3vaObGTg2tODTj8WSEClb56Z6fpE=
 =iOzG
 -----END PGP SIGNATURE-----

Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4

Pull ext4 fixes from Ted Ts'o:
 "Ext4 bug fixes for v4.4, including fixes for post-2038 time encodings,
  some endian conversion problems with ext4 encryption, potential memory
  leaks after truncate in data=journal mode, and an ocfs2 regression
  caused by a jbd2 performance improvement"

* tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
  jbd2: fix null committed data return in undo_access
  ext4: add "static" to ext4_seq_##name##_fops struct
  ext4: fix an endianness bug in ext4_encrypted_follow_link()
  ext4: fix an endianness bug in ext4_encrypted_zeroout()
  jbd2: Fix unreclaimed pages after truncate in data=journal mode
  ext4: Fix handling of extended tv_sec
2015-12-07 10:25:00 -08:00
Venkatesh Srinivas
f277ec42f3 virtio_ring: shadow available ring flags & index
Improves cacheline transfer flow of available ring header.

Virtqueues are implemented as a pair of rings, one producer->consumer
avail ring and one consumer->producer used ring; preceding the
avail ring in memory are two contiguous u16 fields -- avail->flags
and avail->idx. A producer posts work by writing to avail->idx and
a consumer reads avail->idx.

The flags and idx fields only need to be written by a producer CPU
and only read by a consumer CPU; when the producer and consumer are
running on different CPUs and the virtio_ring code is structured to
only have source writes/sink reads, we can continuously transfer the
avail header cacheline between 'M' states between cores. This flow
optimizes core -> core bandwidth on certain CPUs.

(see: "Software Optimization Guide for AMD Family 15h Processors",
Section 11.6; similar language appears in the 10h guide and should
apply to CPUs w/ exclusive caches, using LLC as a transfer cache)

Unfortunately the existing virtio_ring code issued reads to the
avail->idx and read-modify-writes to avail->flags on the producer.

This change shadows the flags and index fields in producer memory;
the vring code now reads from the shadows and only ever writes to
avail->flags and avail->idx, allowing the cacheline to transfer
core -> core optimally.

In a concurrent version of vring_bench, the time required for
10,000,000 buffer checkout/returns was reduced by ~2% (average
across many runs) on an AMD Piledriver (15h) CPU:

(w/o shadowing):
 Performance counter stats for './vring_bench':
     5,451,082,016      L1-dcache-loads
     ...
       2.221477739 seconds time elapsed

(w/ shadowing):
 Performance counter stats for './vring_bench':
     5,405,701,361      L1-dcache-loads
     ...
       2.168405376 seconds time elapsed

The further away (in a NUMA sense) virtio producers and consumers are
from each other, the more we expect to benefit. Physical implementations
of virtio devices and implementations of virtio where the consumer polls
vring avail indexes (vhost) should also benefit.

Signed-off-by: Venkatesh Srinivas <venkateshs@google.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-07 17:28:11 +02:00
Michal Hocko
82107539bb virtio: Do not drop __GFP_HIGH in alloc_indirect
b92b1b89a33c ("virtio: force vring descriptors to be allocated from
lowmem") tried to exclude highmem pages for descriptors so it cleared
__GFP_HIGHMEM from a given gfp mask. The patch also cleared __GFP_HIGH
which doesn't make much sense for this fix because __GFP_HIGH only
controls access to memory reserves and it doesn't have any influence
on the zone selection. Some of the call paths use GFP_ATOMIC and
dropping __GFP_HIGH will reduce their changes for success because the
lack of access to memory reserves.

Signed-off-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Will Deacon <will.deacon@arm.com>
Reviewed-by: Mel Gorman <mgorman@techsingularity.net>
2015-12-07 17:28:11 +02:00
Michael S. Tsirkin
5fba13b5cf vhost: replace % with & on data path
We know vring num is a power of 2, so use &
to mask the high bits.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-07 17:28:10 +02:00
Michael S. Tsirkin
55564a02b2 tools/virtio: fix byteswap logic
commit cf561f0d2eb74574ad9985a2feab134267a9d298 ("virtio: introduce
virtio_is_little_endian() helper") changed byteswap logic to
skip feature bit checks for LE platforms, but didn't
update tools/virtio, so vring_bench started failing.

Update the copy under tools/virtio/ (TODO: find a way to avoid this code
duplication).

Cc: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-07 17:28:10 +02:00
Michael S. Tsirkin
40c172e5d9 tools/virtio: move list macro stubs
Makes them more generally available.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-07 17:28:09 +02:00
Suman Anna
c13f99b7e9 virtio: fix memory leak of virtio ida cache layers
The virtio core uses a static ida named virtio_index_ida for
assigning index numbers to virtio devices during registration.
The ida core may allocate some internal idr cache layers and
an ida bitmap upon any ida allocation, and all these layers are
truely freed only upon the ida destruction. The virtio_index_ida
is not destroyed at present, leading to a memory leak when using
the virtio core as a module and atleast one virtio device is
registered and unregistered.

Fix this by invoking ida_destroy() in the virtio core module
exit.

Cc: stable@vger.kernel.org
Signed-off-by: Suman Anna <s-anna@ti.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-07 17:28:01 +02:00
Michael S. Tsirkin
d542483876 vhost: relax log address alignment
commit 5d9a07b0de512b77bf28d2401e5fe3351f00a240 ("vhost: relax used
address alignment") fixed the alignment for the used virtual address,
but not for the physical address used for logging.

That's a mistake: alignment should clearly be the same for virtual and
physical addresses,

Cc: stable@vger.kernel.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-07 17:27:54 +02:00
Andreas Werner
4f2568f5cb ata/sata_fsl.c: add ATA_FLAG_NO_LOG_PAGE to blacklist the controller for log page reads
Every attempt to issue a read log page command lockup the controller.
The command is currently sent if the sata device includes the devlsp feature
to read out the timing data.
This attempt to read the data, locks up the controller and the device
is not recognzied correctly (failed to set xfermode) and cannot be accessed.

This was found on Freescale P1013/P1022 and T4240 CPUs
using a ATP IG mSATA 4GB with the devslp feature.

fsl-sata ff718000.sata: Sata FSL Platform/CSB Driver init
[    1.254195] scsi0 : sata_fsl
[    1.256004] ata1: SATA max UDMA/133 irq 74
[    1.370666] fsl-gianfar ethernet.3: enabled errata workarounds, flags: 0x4
[    1.470671] fsl-gianfar ethernet.4: enabled errata workarounds, flags: 0x4
[    1.775584] ata1: Signature Update detected @ 504 msecs
[    1.947594] ata1: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
[    1.948366] ata1.00: ATA-8: ATP IG mSATA, 20150311, max UDMA/133
[    1.948371] ata1.00: 7732368 sectors, multi 0: LBA
[    1.948843] ata1.00: failed to get Identify Device Data, Emask 0x1
[    1.948857] ata1.00: failed to set xfermode (err_mask=0x40)
[    7.467557] ata1: Signature Update detected @ 504 msecs
[    7.639560] ata1: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
[    7.651320] ata1.00: failed to get Identify Device Data, Emask 0x1
[    7.651360] ata1.00: failed to set xfermode (err_mask=0x40)
[    7.655628] ata1: limiting SATA link speed to 1.5 Gbps
[    7.659458] ata1.00: limiting speed to UDMA/133:PIO3
[   13.163554] ata1: Signature Update detected @ 504 msecs
[   13.335558] ata1: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
[   13.347298] ata1.00: failed to get Identify Device Data, Emask 0x1
[   13.347334] ata1.00: failed to set xfermode (err_mask=0x40)
[   13.351601] ata1.00: disabled
[   13.353278] ata1: exception Emask 0x50 SAct 0x0 SErr 0x800 action 0x6 frozen t4
[   13.359281] ata1: SError: { HostInt }
[   13.361644] ata1: hard resetting link

Signed-off-by: Andreas Werner <andreas.werner@men.de>
Signed-off-by: Tejun Heo <tj@kernel.org>
2015-12-07 10:25:57 -05:00
Andreas Werner
ea013a9b20 libata-eh.c: Introduce new ata port flag for controller which lockup on read log page
Some controller lockup on a ata_read_log_page.
Add new ata port flag ATA_FLAG_NO_LOG_PAGE which can used
to blacklist a controller.

If this flag is set, any attempt to read a log page returns an error
without actually issuing the command.

Signed-off-by: Andreas Werner <andreas.werner@men.de>
Signed-off-by: Tejun Heo <tj@kernel.org>
2015-12-07 10:25:57 -05:00
Tejun Heo
0b98f0c042 Merge branch 'master' into for-4.4-fixes
The following commit which went into mainline through networking tree

  3b13758f51de ("cgroups: Allow dynamically changing net_classid")

conflicts in net/core/netclassid_cgroup.c with the following pending
fix in cgroup/for-4.4-fixes.

  1f7dd3e5a6e4 ("cgroup: fix handling of multi-destination migration from subtree_control enabling")

The former separates out update_classid() from cgrp_attach() and
updates it to walk all fds of all tasks in the target css so that it
can be used from both migration and config change paths.  The latter
drops @css from cgrp_attach().

Resolve the conflict by making cgrp_attach() call update_classid()
with the css from the first task.  We can revive @tset walking in
cgrp_attach() but given that net_cls is v1 only where there always is
only one target css during migration, this is fine.

Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: Nina Schiff <ninasc@fb.com>
2015-12-07 10:09:03 -05:00
Michael S. Tsirkin
2ac4603033 virtio-net: Stop doing DMA from the stack
Once virtio starts using the DMA API, we won't be able to safely DMA
from the stack.  virtio-net does a couple of config DMA requests
from small stack buffers -- switch to using dynamically-allocated
memory.

This should have no effect on any performance-critical code paths.

Reported-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Andy Lutomirski <luto@kernel.org>
2015-12-07 16:10:53 +02:00
Linus Torvalds
527e9316f8 Linux 4.4-rc4 v4.4-rc4 2015-12-06 15:43:12 -08:00
James Simmons
d035e33628 staging/lustre: remove IOC_LIBCFS_PING_TEST ioctl
The ioctl IOC_LIBCFS_PING_TEST has not been used in ages.  The recent
nidstring changes which moved all the nidstring operations from libcfs
to the LNet layer but this ioctl code was still using an nidstring
operation that was causing a circular dependency loop between libcfs and
LNet.

Signed-off-by: James Simmons <jsimmons@infradead.org>
Signed-off-by: Oleg Drokin <green@linuxhacker.ru>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-12-06 14:50:59 -08:00
Linus Torvalds
d8cd93ea67 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull vfs fixes from Al Viro:
 "A couple of fixes (-stable fodder) + dead code removal after the
  overlayfs fix.

  I agree that it's better to separate from the fix part to make
  backporting easier, but IMO it's not worth delaying said dead code
  removal until the next window"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  Don't reset ->total_link_count on nested calls of vfs_path_lookup()
  ovl: get rid of the dead code left from broken (and disabled) optimizations
  ovl: fix permission checking for setattr
2015-12-06 13:51:49 -08:00
Al Viro
2788cc47f4 Don't reset ->total_link_count on nested calls of vfs_path_lookup()
we already zero it on outermost set_nameidata(), so initialization in
path_init() is pointless and wrong.  The same DoS exists on pre-4.2
kernels, but there a slightly different fix will be needed.

Cc: stable@vger.kernel.org # v4.2
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2015-12-06 12:33:02 -05:00
Al Viro
0f7ff2dabb ovl: get rid of the dead code left from broken (and disabled) optimizations
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2015-12-06 12:31:07 -05:00
Miklos Szeredi
acff81ec2c ovl: fix permission checking for setattr
[Al Viro] The bug is in being too enthusiastic about optimizing ->setattr()
away - instead of "copy verbatim with metadata" + "chmod/chown/utimes"
(with the former being always safe and the latter failing in case of
insufficient permissions) it tries to combine these two.  Note that copyup
itself will have to do ->setattr() anyway; _that_ is where the elevated
capabilities are right.  Having these two ->setattr() (one to set verbatim
copy of metadata, another to do what overlayfs ->setattr() had been asked
to do in the first place) combined is where it breaks.

Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Cc: <stable@vger.kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2015-12-06 12:28:23 -05:00
Linus Torvalds
fb7b26e47e Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull scheduler fixes from Thomas Gleixner:
 "This updates contains the following changes:

   - Fix a signal handling regression in the bit wait functions.

   - Avoid false positive warnings in the wakeup path.

   - Initialize the scheduler root domain properly.

   - Handle gtime calculations in proc/$PID/stat proper.

   - Add more documentation for the barriers in try_to_wake_up().

   - Fix a subtle race in try_to_wake_up() which might cause a task to
     be scheduled on two cpus

   - Compile static helper function only when it is used"

* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule()
  sched/core: Better document the try_to_wake_up() barriers
  sched/cputime: Fix invalid gtime in proc
  sched/core: Clear the root_domain cpumasks in init_rootdomain()
  sched/core: Remove false-positive warning from wake_up_process()
  sched/wait: Fix signal handling in bit wait helpers
  sched/rt: Hide the push_irq_work_func() declaration
2015-12-06 08:35:05 -08:00