Commit Graph

617637 Commits

Author SHA1 Message Date
Mickaël Salaün
972939e285 um/ptrace: Fix the syscall_trace_leave call
Keep the same semantic as before the commit 26703c636c: deallocate
audit context and fake a proper syscall exit.

This fix a kernel panic triggered by the seccomp_bpf test:
> [ RUN      ] global.ERRNO_valid
> BUG: failure at kernel/auditsc.c:1504/__audit_syscall_entry()!
> Kernel panic - not syncing: BUG!

Fixes: 26703c636c ("um/ptrace: run seccomp after ptrace")

Signed-off-by: Mickaël Salaün <mic@digikod.net>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Jeff Dike <jdike@addtoit.com>
Cc: Richard Weinberger <richard@nod.at>
Cc: James Morris <jmorris@namei.org>
Cc: user-mode-linux-devel@lists.sourceforge.net
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
2016-09-07 09:25:04 -07:00
Arend Van Spriel
ded8991215 brcmfmac: avoid potential stack overflow in brcmf_cfg80211_start_ap()
User-space can choose to omit NL80211_ATTR_SSID and only provide raw
IE TLV data. When doing so it can provide SSID IE with length exceeding
the allowed size. The driver further processes this IE copying it
into a local variable without checking the length. Hence stack can be
corrupted and used as exploit.

Cc: stable@vger.kernel.org # v4.7
Reported-by: Daxing Guo <freener.gdx@gmail.com>
Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com>
Reviewed-by: Franky Lin <franky.lin@broadcom.com>
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2016-09-07 16:43:50 +03:00
Giedrius Statkevičius
e34f2ff40e ath9k: bring back direction setting in ath9k_{start_stop}
A regression was introduced in commit id 79d4db1214 ("ath9k: cleanup
led_pin initial") that broken the WLAN status led on my laptop with
AR9287 after suspending and resuming.

Steps to reproduce:
* Suspend (laptop)
* Resume (laptop)
* Observe that the WLAN led no longer turns ON/OFF depending on the
  status and is always red

Even though for my case it only needs to be set to OUT in ath9k_start
but for consistency bring back the IN direction setting as well.

Fixes: 79d4db1214 ("ath9k: cleanup led_pin initial")
Cc: Miaoqing Pan <miaoqing@codeaurora.org>
Cc: Kalle Valo <kvalo@qca.qualcomm.com>
Cc: <stable@vger.kernel.org> # 4.7+
Link: https://bugzilla.kernel.org/show_bug.cgi?id=151711
Signed-off-by: Giedrius Statkevičius <giedrius.statkevicius@gmail.com>
[kvalo@qca.qualcomm.com: improve commit log]
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2016-09-07 16:21:04 +03:00
Felipe Balbi
696118c016 usb: dwc3: pci: fix build warning on !PM_SLEEP
When building a kernel with CONFIG_PM_SLEEP=n, we
get the following warning:

drivers/usb/dwc3/dwc3-pci.c:253:12: warning: 'dwc3_pci_pm_dummy' defined but not used

In order to fix this, we should only define
dwc3_pci_pm_dummy() when CONFIG_PM_SLEEP is defined.

Fixes: f6c274e11e ("usb: dwc3: pci: runtime_resume child device")
Reported-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
2016-09-07 15:37:36 +03:00
Wei Yongjun
751eb6b604 ipv6: addrconf: fix dev refcont leak when DAD failed
In general, when DAD detected IPv6 duplicate address, ifp->state
will be set to INET6_IFADDR_STATE_ERRDAD and DAD is stopped by a
delayed work, the call tree should be like this:

ndisc_recv_ns
  -> addrconf_dad_failure        <- missing ifp put
     -> addrconf_mod_dad_work
       -> schedule addrconf_dad_work()
         -> addrconf_dad_stop()  <- missing ifp hold before call it

addrconf_dad_failure() called with ifp refcont holding but not put.
addrconf_dad_work() call addrconf_dad_stop() without extra holding
refcount. This will not cause any issue normally.

But the race between addrconf_dad_failure() and addrconf_dad_work()
may cause ifp refcount leak and netdevice can not be unregister,
dmesg show the following messages:

IPv6: eth0: IPv6 duplicate address fe80::XX:XXXX:XXXX:XX detected!
...
unregister_netdevice: waiting for eth0 to become free. Usage count = 1

Cc: stable@vger.kernel.org
Fixes: c15b1ccadb ("ipv6: move DAD and addrconf_verify processing
to workqueue")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-06 14:17:49 -07:00
Michael Chan
9d13744bb7 bnxt_en: Fix TX push operation on ARM64.
There is a code path where we are calling __iowrite64_copy() on
an address that is not 64-bit aligned.  This causes an exception on
some architectures such as arm64.  Fix that code path by using
__iowrite32_copy().

Reported-by: JD Zheng <jiandong.zheng@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-06 13:59:17 -07:00
Mark Tomlinson
5a56a0b3a4 net: Don't delete routes in different VRFs
When deleting an IP address from an interface, there is a clean-up of
routes which refer to this local address. However, there was no check to
see that the VRF matched. This meant that deletion wasn't confined to
the VRF it should have been.

To solve this, a new field has been added to fib_info to hold a table
id. When removing fib entries corresponding to a local ip address, this
table id is also used in the comparison.

The table id is populated when the fib_info is created. This was already
done in some places, but not in ip_rt_ioctl(). This has now been fixed.

Fixes: 021dd3b8a1 ("net: Add routes to the table associated with the device")
Acked-by: David Ahern <dsa@cumulusnetworks.com>
Tested-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: Mark Tomlinson <mark.tomlinson@alliedtelesis.co.nz>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-06 13:56:13 -07:00
Sudip Mukherjee
daa7ee8dfa net: smsc: remove build warning of duplicate definition
The build of m32r was giving warning:

In file included from drivers/net/ethernet/smsc/smc91x.c:92:0:
drivers/net/ethernet/smsc/smc91x.h:448:0: warning: "SMC_inb" redefined
 #define SMC_inb(ioaddr, reg)  ({ BUG(); 0; })

drivers/net/ethernet/smsc/smc91x.h:106:0:
	note: this is the location of the previous definition
 #define SMC_inb(a, r)  inb(((u32)a) + (r))

drivers/net/ethernet/smsc/smc91x.h:449:0: warning: "SMC_outb" redefined
 #define SMC_outb(x, ioaddr, reg) BUG()

drivers/net/ethernet/smsc/smc91x.h:108:0:
	note: this is the location of the previous definition
 #define SMC_outb(v, a, r) outb(v, ((u32)a) + (r))

Signed-off-by: Sudip Mukherjee <sudip.mukherjee@codethink.co.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-06 13:44:33 -07:00
Helmut Buchsbaum
007e4ba3ee net: macb: initialize checksum when using checksum offloading
I'm still struggling to get this fix right..

Changes since v2:
 - do not blindly modify SKB contents according to Dave's legitimate
   objection

Changes since v1:
 - dropped disabling HW checksum offload for Zynq
 - initialize checksum similar to net/ethernet/freescale/fec_main.c

-- >8 --
MACB/GEM needs the checksum field initialized to 0 to get correct
results on transmit in all cases, e.g. on Zynq, UDP packets with
payload <= 2 otherwise contain a wrong checksums.

Signed-off-by: Helmut Buchsbaum <helmut.buchsbaum@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-06 13:43:39 -07:00
Dave Jones
03c2778a93 ipv6: release dst in ping_v6_sendmsg
Neither the failure or success paths of ping_v6_sendmsg release
the dst it acquires.  This leads to a flood of warnings from
"net/core/dst.c:288 dst_release" on older kernels that
don't have 8bf4ada2e2 backported.

That patch optimistically hoped this had been fixed post 3.10, but
it seems at least one case wasn't, where I've seen this triggered
a lot from machines doing unprivileged icmp sockets.

Cc: Martin Lau <kafai@fb.com>
Signed-off-by: Dave Jones <davej@codemonkey.org.uk>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-06 12:54:17 -07:00
Linus Torvalds
d060e0f603 Round two of 4.8 rc fixes
- A smattering of small fixes across the core, ipoib, i40iw, isert, cxgb4,
   and mlx4
 - A slightly larger group of fixes to each of mlx5 and hfi1
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJXycWuAAoJELgmozMOVy/dAS0P/2rmT4Qz5heNyvWuvixdQL6F
 JkTHCCykU8WJsYweieQyhLaLuQrkZloV63rr5ignWR4J0BCwo2i95MZkBrhG+04c
 0EZrBvXoSdPKp/hXoX/yJD3aZgFHeh1A2xJnqn4doP6Ld23qNysRyEykzc3SJlMe
 0sGdLoT4jhxKG+23Qus0m1eNprmpZKV7hVkI7xfVMUjQti2/GBJ9qUKiTO9TFwZE
 3JGwpBDUoIF6LZ33H8KPeUM+PELjIbGdW+Vatvn+5Rj7By5yUYd2smfmVJ5mpoVd
 j5alX5p8j+eT81z+gskv/9i5E0WolCeYm+raMrovcGtOYwAOdcULjQwrxxR95R/D
 xhUglGckuPKMze5CjuGHpmJPgCfD3jhGA40iueUCauogK0jl2y9fkvTMem9GJSPC
 O03JRz12Yp/5z1YkU2rHq6dun5zDM6fHS2w1dNkGo19u4NdbiW+WJlJ3WANXNqrB
 RC7G73QUu5qBtZjR8DaiMVzhUoQdTCd1+/yDToNKeCpZBpdkzXTrBMtvUze+wKrc
 sBg4KjdGSM0hFI1JQqBWEJ0VRks7RKu8h0XA4M0IIxFQKXU/h+7LrdMmoth47YrN
 A4QcnUbe1JCoGREFDf+n7uAsAt24gAkS4+J3WW+pVV4zYb/hyonFVQaAPrmfjSLe
 FxUeTxcH0O8mALpSuxbh
 =Gf66
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma

Pull rdma fixes from Doug Ledford:
 "This is the second pull request for the rdma subsystem.  Most of the
  patches are small and obvious.  I took two patches in that are larger
  than I wanted this late in the cycle.

  The first is the hfi1 patch that implements a work queue to test the
  QSFP read state.  I originally rejected the first patch for this
  (which would have place up to 20 seconds worth of udelays in their
  probe routine).  They then rewrote it the way I wanted (use delayed
  work tasks to wait asynchronously up to 20 seconds for the QSFP to
  come alive), so I can't really complain about the size of getting what
  I asked for :-/.

  The second is large because it switches the rcu locking in the debugfs
  code.  Since a locking change like this is done all at once, the size
  it what it is.  It resolves a litany of debug messages from the
  kernel, so I pulled it in for -rc.

  The rest are all typical -rc worthy patches I think.

  There will still be a third -rc pull request from the rdma subsystem
  this release.  I hope to have that one ready to go by the end of this
  week or early next.

  Summary:

   - a smattering of small fixes across the core, ipoib, i40iw, isert,
     cxgb4, and mlx4

   - a slightly larger group of fixes to each of mlx5 and hfi1"

* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma:
  IB/hfi1: Rework debugfs to use SRCU
  IB/hfi1: Make n_krcvqs be an unsigned long integer
  IB/hfi1: Add QSFP sanity pre-check
  IB/hfi1: Fix AHG KDETH Intr shift
  IB/hfi1: Fix SGE length for misaligned PIO copy
  IB/mlx5: Don't return errors from poll_cq
  IB/mlx5: Use TIR number based on selector
  IB/mlx5: Simplify code by removing return variable
  IB/mlx5: Return EINVAL when caller specifies too many SGEs
  IB/mlx4: Don't return errors from poll_cq
  Revert "IB/mlx4: Return EAGAIN for any error in mlx4_ib_poll_one"
  IB/ipoib: Fix memory corruption in ipoib cm mode connect flow
  IB/core: Fix use after free in send_leave function
  IB/cxgb4: Make _free_qp static to silence build warning
  IB/isert: Properly release resources on DEVICE_REMOVAL
  IB/hfi1: Fix the size parameter to find_first_bit
  IB/mlx5: Fix the size parameter to find_first_bit
  IB/hfi1: Clean up type used and casting
  i40iw: Receive notification events correctly
  i40iw: Update hw_iwarp_state
2016-09-06 12:33:12 -07:00
Kees Cook
3c17648c28 lkdtm: adjust usercopy tests to bypass const checks
The hardened usercopy is now consistently avoiding checks against const
sizes, since we really only want to perform runtime bounds checking
on lengths that weren't known at build time. To test the hardened usercopy
code, we must force the length arguments to be seen as non-const.

Signed-off-by: Kees Cook <keescook@chromium.org>
2016-09-06 12:17:30 -07:00
Kees Cook
81409e9e28 usercopy: fold builtin_const check into inline function
Instead of having each caller of check_object_size() need to remember to
check for a const size parameter, move the check into check_object_size()
itself. This actually matches the original implementation in PaX, though
this commit cleans up the now-redundant builtin_const() calls in the
various architectures.

Signed-off-by: Kees Cook <keescook@chromium.org>
2016-09-06 12:17:29 -07:00
Kees Cook
e6971009a9 x86/uaccess: force copy_*_user() to be inlined
As already done with __copy_*_user(), mark copy_*_user() as __always_inline.
Without this, the checks for things like __builtin_const_p() won't work
consistently in either hardened usercopy nor the recent adjustments for
detecting usercopy overflows at compile time.

The change in kernel text size is detectable, but very small:

 text      data     bss     dec      hex     filename
12118735  5768608 14229504 32116847 1ea106f vmlinux.before
12120207  5768608 14229504 32118319 1ea162f vmlinux.after

Signed-off-by: Kees Cook <keescook@chromium.org>
2016-09-06 12:16:42 -07:00
Linus Torvalds
46738ab31f Merge branch 'mailbox-devel' of git://git.linaro.org/landing-teams/working/fujitsu/integration
Pull mailbox fixes from Jassi Brar:
 "Misc fixes for BCM mailbox driver

   - Fix build warnings by making static functions used within the file.
   - Check for potential NULL before dereferencing
   - Fix link error by defining HAS_DMA dependency"

* 'mailbox-devel' of git://git.linaro.org/landing-teams/working/fujitsu/integration:
  fix📫bcm-pdc-mailbox:mark symbols static where possible
  mailbox: bcm-pdc: potential NULL dereference in pdc_shutdown()
  mailbox: Add HAS_DMA Kconfig dependency to BCM_PDC_MBOX
2016-09-06 11:15:07 -07:00
Linus Torvalds
6296c41259 SCSI fixes on 20160906
This is really three fixes, but the SES one comes in a bundle of three
 (making the replacement API available properly, using it and removing
 the non-working one).  The SES problem causes an oops on hpsa devices
 because they attach virtual disks to the host which aren't SAS
 attached (the replacement API ignores them).  The other two fixes are
 fairly minor: the sense key one means we actually resolve a newly
 added sense key and the RDAC device blacklisting is needed to prevent
 us annoying the universal XPORT lun of various RDAC arrays.
 
 Signed-off-by: James Bottomley <jejb@linux.vnet.ibm.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABAgAGBQJXztXJAAoJEAVr7HOZEZN4Ix4QAKEfme48bS9+5qsDodwzK1tR
 FZqC7/itkmQ295yzppw0Gp4Tbod+LflBd3o321JCQiAZ5YF3PeDINYDj3X0JkgLW
 2dMd9dcDogigGCkosmr4V8WtCdWj6UXXvbzqLu8PSX9Ji0Fhi4S4mSuQkBWwq2nb
 232i/fV+RP/5l/XjJtEjV/bCbbsfLA76SmcKx6Q8j+OmF+Nap/KhtP4JYtbErS0C
 gE4WRidoCRjCurLTHn5srqYHmqG5kewxgtAyJEYUi5YxP0LHD0h5NhDd/n8ZB1oY
 6f+MfIkIbMmMs/ILnjpVFtLD8iRma1X8APcF4x2m+w+BH839fqefzXjpcMoE3laf
 h6BHys7mDgVTcHStML61OzC4vPbwRsJX+YTLcC0fO1pftl3q/qCqTBy0hlohfX9Q
 iHCjY4qaQz/ufYtQjAG+z6JWKswlKiHUzRt69TWc5tYQM3vvhUZ9+bd0oU+q0UUv
 OJlht505QA41lMssMo49QgjZIXO9HIFKsg99J9zBtYUwbanwkIhLNc+6xZIb09BG
 0JYNXbSoUHlW8nniXHIPQzK/5qs11IV7vued+SoqNU9z9koSBuf5Im1L2tZDzbgz
 he0w+paGfskAIXIQD2LzP8YmIWOb28Nq/DgeQ4/iJRXrhvw20XxbbGZQgzQdPyN7
 oFjaMEDIbve0XbNEQXwr
 =HBmE
 -----END PGP SIGNATURE-----

Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "This is really three fixes, but the SES one comes in a bundle of three
  (making the replacement API available properly, using it and removing
  the non-working one).  The SES problem causes an oops on hpsa devices
  because they attach virtual disks to the host which aren't SAS
  attached (the replacement API ignores them).

  The other two fixes are fairly minor: the sense key one means we
  actually resolve a newly added sense key and the RDAC device
  blacklisting is needed to prevent us annoying the universal XPORT lun
  of various RDAC arrays"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: sas: remove is_sas_attached()
  scsi: ses: use scsi_is_sas_rphy instead of is_sas_attached
  scsi: sas: provide stub implementation for scsi_is_sas_rphy
  scsi: blacklist all RDAC devices for BLIST_NO_ULD_ATTACH
  scsi: fix upper bounds check of sense key in scsi_sense_key_string()
2016-09-06 11:06:52 -07:00
Linus Torvalds
ec9a03d47e regmap: Fixes for v4.8
Several fixes here, the main one being the change from Lars-Peter which
 I'd been letting soak in -next since the merge window in case it
 uncovered further issues as it's a minimal fix rather than a change
 addressing the root cause of the problems (which would've been too
 invasive for -rc):
 
  - The biggest change is a fix from Lars-Peter to ensure that we don't
    create overlapping rbtree nodes which in turn avoids returning
    corrupt cache values to users, fixing some issues that were exposed
    by some recent optimisations with certain access patterns but had
    been present for a long time.
  - A fix from Elaine Zhang to stop us updating the cache if we get an
    I/O error when writing to the hardware.
  - A fix fromm Maarten ter Huurne to avoid uninitialized defaults in
    cases where we have non-readable registers but are initializing the
    cache by reading from the device.
 -----BEGIN PGP SIGNATURE-----
 
 iQEwBAABCAAaBQJXzrAXExxicm9vbmllQGtlcm5lbC5vcmcACgkQJNaLcl1Uh9DK
 6Af/eRh/gD5Bp6DheOkrCNNj/jx0QlkAlgtkFzZBVp4AetirO3UZ3hwUyFCGyLWw
 n2Ohmt54s3BHsvqy+YTrVD57AueI+chAOvKWJ6sYHxiPByy8KuVH+KmffhDHXjyd
 gpIHPAMYnlYknTwitagbyWPA1vuAd4JWCqmJ7Nd/Fxl+Q9fY3PhsXSBXdcejWTtm
 Su8XIhCtykTCTGijg4I/ZNeOLk1xPEWMiX+P/0knOpgE+9ATWq33UIWInoXe02bs
 xITHse40BQUKCfoJKZjJGX3uSnluKpOvojIbcJhcHFYjJpeoU+4kj1Gd4UHMQ8vB
 n8OpZYDKU3KdEHjIZBqbk0wFDw==
 =cYjC
 -----END PGP SIGNATURE-----

Merge tag 'regmap-fix-v4.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap

Pull regmap fixes from Mark Brown:
 "Several fixes here, the main one being the change from Lars-Peter
  which I'd been letting soak in -next since the merge window in case it
  uncovered further issues as it's a minimal fix rather than a change
  addressing the root cause of the problems (which would've been too
  invasive for -rc):

   - The biggest change is a fix from Lars-Peter to ensure that we don't
     create overlapping rbtree nodes which in turn avoids returning
     corrupt cache values to users, fixing some issues that were exposed
     by some recent optimisations with certain access patterns but had
     been present for a long time.

   - A fix from Elaine Zhang to stop us updating the cache if we get an
     I/O error when writing to the hardware.

   - A fix fromm Maarten ter Huurne to avoid uninitialized defaults in
     cases where we have non-readable registers but are initializing the
     cache by reading from the device"

* tag 'regmap-fix-v4.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap:
  regmap: drop cache if the bus transfer error
  regmap: rbtree: Avoid overlapping nodes
  regmap: cache: Fix num_reg_defaults computation from reg_defaults_raw
2016-09-06 11:02:36 -07:00
Linus Torvalds
8ded8f0030 spi: Fixes for v4.8
As well as the usual driver fixes there's a couple of non-trivial core
 fixes in here:
 
  - Fixes for issues reported by Julia Lawall in the changes that were
    sent last time to fix interaction between the bus lock and the
    locking done for the SPI thread.  I'd let this one cook for a while
    to make sure nothing else came up in testing.
  - A fix from Sien Wu arithmetic overflows when calculating the timeout
    for larger transfers (espcially common with slow buses with flashes
    on them).
 -----BEGIN PGP SIGNATURE-----
 
 iQEwBAABCAAaBQJXzq2lExxicm9vbmllQGtlcm5lbC5vcmcACgkQJNaLcl1Uh9A1
 wQf/Vpu3Yjc54vHrjhCKj0Obps0uNontCjmWlBPLb4WskJ9OMtsmDtKaO5xVJPKE
 d3786Bb3xnKxJXfb8FJlWI4zH19JYxycZUqc7C77TwDtY/tFFtjRdwe30nv1JqOE
 87ieyTSvJX4qYSjidf4aB+zQCz0V3lakP2CB9vte/hHbThFGBZ9PY7M7EdINubi6
 DhT+g8ra3X6IOl8HnojfHDQIfTJB77vrblDyUcL6gI5O7Ol6k5R5m7pTlOp8zkPN
 qMkHkqafX0x0ntcDanRhfhxJTXh8CkNfpWl/nj1fZ2wYIQQVHsOuAeKmZ9+pDrYB
 oJX+BVmK3hzNGuRyH6/1UqGs6Q==
 =idNX
 -----END PGP SIGNATURE-----

Merge tag 'spi-fix-v4.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi

Pull spi fixes from Mark Brown:
 "As well as the usual driver fixes there's a couple of non-trivial core
  fixes in here:

   - Fixes for issues reported by Julia Lawall in the changes that were
     sent last time to fix interaction between the bus lock and the
     locking done for the SPI thread.  I'd let this one cook for a while
     to make sure nothing else came up in testing.

   - A fix from Sien Wu for arithmetic overflows when calculating the
     timeout for larger transfers (espcially common with slow buses with
     flashes on them)"

* tag 'spi-fix-v4.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
  spi: Prevent unexpected SPI time out due to arithmetic overflow
  spi: pxa2xx-pci: fix ACPI-based enumeration of SPI devices
  MAINTAINERS: add myself as Samsung SPI maintainer
  spi: Drop io_mutex in error paths
  spi: sh-msiof: Avoid invalid clock generator parameters
  spi: img-spfi: Remove spi_master_put in img_spfi_remove()
  spi: mediatek: remove spi_master_put in mtk_spi_remove()
  spi: qup: Remove spi_master_put in spi_qup_remove()
2016-09-06 10:59:44 -07:00
Linus Torvalds
8fa5729dc2 regulator: Fixes for v4.8
Two things here, one an e-mail update for Krzysztof Kozlowski and the
 other a couple of fixes for issues with incorrectly described voltages
 in a couple of the Qualcomm regulator drivers that were breaking MMC on
 some platforms.
 -----BEGIN PGP SIGNATURE-----
 
 iQEwBAABCAAaBQJXzqufExxicm9vbmllQGtlcm5lbC5vcmcACgkQJNaLcl1Uh9CP
 DQf/RNBJQVXb3Zr0ehM+/sNJBBhYQhoK8sbsKjL1y47mXttcP5LfiOEazM8VfoET
 33tkGvGVbtIvdI/iHu9QAQmqSYTLzFEmlvKOqWtVG+AjDFzT1MfQzUHTpTJfAXO0
 IDRxXULK9SLl5lUGF3CnhE2yzqACBcDDrVrso+y86jTAguP+MMYobk2GMUflMW5l
 UQbT5UJ3LcBCrw+vVNSKPZWup0CMnvpXVgFJcM4LOWv5fkzXkPQt0ky6AwPjoGB0
 IVRExi9UtcQxAzeQRDBfj2os+fhYxcf+2zBmLdlRXGIvcZ9Hg9ZdroCq4/hBqLs/
 yopZOW9OO8oun2i67eWsHo0YJw==
 =S9iL
 -----END PGP SIGNATURE-----

Merge tag 'regulator-fix-v4.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator

Pull regulator fixes from Mark Brown:
 "Two things here, one an e-mail update for Krzysztof Kozlowski and the
  other a couple of fixes for issues with incorrectly described voltages
  in a couple of the Qualcomm regulator drivers that were breaking MMC
  on some platforms"

* tag 'regulator-fix-v4.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
  regulator: Change Krzysztof Kozlowski's email to kernel.org
  regulator: qcom_smd: Fix voltage ranges for pma8084 ftsmps and pldo
  regulator: qcom_smd: Fix voltage ranges for pm8x41
2016-09-06 10:43:54 -07:00
Linus Torvalds
4c601e0df7 Pin control fixes for the v4.8 development cycle, all
SoC-specific driver fixes:
 - Fix routing problems in pistachio (Imagination) and
   sunxi (AllWinner)
 - Fix an interrupt problem in the Cherryview (Intel)
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJXzngKAAoJEEEQszewGV1zDX0P+wUhZ0tYyr6yG3e3eAC50tU2
 QuBCcFfoI4j11pxFEwyfcYgzKPR31igL/W1r8t4AmoXVqvkd/9Rbmndfm4+uTMnx
 Y95TkD5krSOUceQMTO9FAimeTRQtLdDYS7oN3SWDLwCSRl2bchdTDHpMgP5ngt1m
 Grju6x20s6DoKtkmaWIJPUoz0hQQ1t4mhPH7gH6Ik6McG9tdia7BdOkRNcb6+6nW
 R7o02vvVXVdYcjyvohu97eUDovUGGrWn3Z7YmfJV6gEjotLI/IoLFhDqI/BxV6Dg
 E3KTaDLFvSefPMzCnQq1mK13pffk9YSwM5K2IReyLTqtD4e5nR5QxBjasKMy4VYV
 0safWOgVH4BAejqSUYkRDMmWgOEIBG/nugL0kmKhbJ8aFtWZCqxLkBVFIMZC6sFB
 evQqen969xt/ByFsfeJFCgcl9lKUstZz4jK/c5ZH45+HjRPD3IhZAYiqbD/ZQD/0
 Qy92xwAIPyqwNOCA7OOTmuO8/P2wShU2hYTahMgKiLJxAmxijo8N11lwrrWnH2Zm
 7P2cKeW9z0UcIO8Mm97720QueRYoOK0QAbxZIGryaeEdhPn4ZolejxThNdJuBabB
 aOtnQPkQOYhx6cfzWL4awqm4PzcXjCaueBvKQdUhCx+YCOPJDCKJLURUQbwD+qZK
 Izqb2OchSakRkowIe9Rn
 =uncw
 -----END PGP SIGNATURE-----

Merge tag 'pinctrl-v4.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl

Pull pin control fixes from Linus Walleij:
 "Nothing special at all, just three SoC-specific driver fixes:

   - Fix routing problems in pistachio (Imagination) and sunxi
     (AllWinner)

   - Fix an interrupt problem in the Cherryview (Intel)"

* tag 'pinctrl-v4.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
  pinctrl: sunxi: fix uart1 CTS/RTS pins at PG on A23/A33
  pinctrl: cherryview: Do not mask all interrupts in probe
  pinctrl: pistachio: fix mfio pll_lock pinmux
2016-09-06 10:36:12 -07:00
Liping Zhang
d1a6cba576 netfilter: nft_chain_route: re-route before skb is queued to userspace
Imagine such situation, user add the following nft rules, and queue
the packets to userspace for further check:
  # ip rule add fwmark 0x0/0x1 lookup eth0
  # ip rule add fwmark 0x1/0x1 lookup eth1
  # nft add table filter
  # nft add chain filter output {type route hook output priority 0 \;}
  # nft add rule filter output mark set 0x1
  # nft add rule filter output queue num 0

But after we reinject the skbuff, the packet will be sent via the
wrong route, i.e. in this case, the packet will be routed via eth0
table, not eth1 table. Because we skip to do re-route when verdict
is NF_QUEUE, even if the mark was changed.

Acctually, we should not touch sk_buff if verdict is NF_DROP or
NF_STOLEN, and when re-route fails, return NF_DROP with error code.
This is consistent with the mangle table in iptables.

Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2016-09-06 18:02:37 +02:00
Wang Xiaoguang
ce129655c9 btrfs: introduce tickets_id to determine whether asynchronous metadata reclaim work makes progress
In btrfs_async_reclaim_metadata_space(), we use ticket's address to
determine whether asynchronous metadata reclaim work is making progress.

	ticket = list_first_entry(&space_info->tickets,
				  struct reserve_ticket, list);
	if (last_ticket == ticket) {
		flush_state++;
	} else {
		last_ticket = ticket;
		flush_state = FLUSH_DELAYED_ITEMS_NR;
		if (commit_cycles)
			commit_cycles--;
	}

But indeed it's wrong, we should not rely on local variable's address to
do this check, because addresses may be same. In my test environment, I
dd one 168MB file in a 256MB fs, found that for this file, every time
wait_reserve_ticket() called, local variable ticket's address is same,

For above codes, assume a previous ticket's address is addrA, last_ticket
is addrA. Btrfs_async_reclaim_metadata_space() finished this ticket and
wake up it, then another ticket is added, but with the same address addrA,
now last_ticket will be same to current ticket, then current ticket's flush
work will start from current flush_state, not initial FLUSH_DELAYED_ITEMS_NR,
which may result in some enospc issues(I have seen this in my test machine).

Signed-off-by: Wang Xiaoguang <wangxg.fnst@cn.fujitsu.com>
Reviewed-by: Josef Bacik <jbacik@fb.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2016-09-06 16:31:43 +02:00
Chris Mason
cbd60aa7cd Btrfs: remove root_log_ctx from ctx list before btrfs_sync_log returns
We use a btrfs_log_ctx structure to pass information into the
tree log commit, and get error values out.  It gets added to a per
log-transaction list which we walk when things go bad.

Commit d1433debe added an optimization to skip waiting for the log
commit, but didn't take root_log_ctx out of the list.  This
patch makes sure we remove things before exiting.

Signed-off-by: Chris Mason <clm@fb.com>
Fixes: d1433debe7
cc: stable@vger.kernel.org # 3.15+
2016-09-06 05:57:25 -07:00
Dirk Behme
87260d3f7a thermal: rcar_thermal: Fix priv->zone error handling
In case thermal_zone_xxx_register() returns an error, priv->zone
isn't NULL any more, but contains the error code.

This is passed to thermal_zone_device_unregister(), then. This checks
for priv->zone being NULL, but the error code is != NULL. So it works
with the error code as a pointer. Crashing immediately.

To fix this, reset priv->zone to NULL before entering
rcar_gen3_thermal_remove().

Signed-off-by: Dirk Behme <dirk.behme@de.bosch.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
2016-09-06 20:46:06 +08:00
Mark Brown
ae4860b533 Merge remote-tracking branches 'spi/fix/lock', 'spi/fix/maintainers', 'spi/fix/put', 'spi/fix/pxa2xx', 'spi/fix/sh-msiof' and 'spi/fix/timeout' into spi-linus 2016-09-06 12:32:09 +01:00
Mark Brown
78cefcbe60 Merge remote-tracking branches 'regulator/fix/email' and 'regulator/fix/qcom-smd' into regulator-linus 2016-09-06 12:31:34 +01:00
Colin Ian King
3ff488ab60 usb: gadget: prevent potenial null pointer dereference on skb->len
An earlier fix partially fixed the null pointer dereference on skb->len
by moving the assignment of len after the check on skb being non-null,
however it failed to remove the erroneous dereference when assigning len.
Correctly fix this by removing the initialisation of len as was
originally intended.

Fixes: 70237dc8ef ("usb: gadget: function: f_eem: socket buffer may be NULL")
Acked-by: Peter Chen <peter.chen@nxp.com>
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
2016-09-06 10:44:03 +03:00
Gavin Shan
b314427a52 powerpc/powernv: Fix crash on releasing compound PE
The compound PE is created to accommodate the devices attached to
one specific PCI bus that consume multiple M64 segments. The compound
PE is made up of one master PE and possibly multiple slave PEs. The
slave PEs should be destroyed when releasing the master PE. A kernel
crash happens when derferencing @pe->pdev on releasing the slave PE
in pnv_ioda_deconfigure_pe().

  # echo 0 > /sys/bus/pci/slots/C7/power
  iommu: Removing device 0000:01:00.1 from group 0
  iommu: Removing device 0000:01:00.0 from group 0
  Unable to handle kernel paging request for data at address 0x00000010
  Faulting instruction address: 0xc00000000005d898
  cpu 0x1: Vector: 300 (Data Access) at [c000000fe8217620]
      pc: c00000000005d898: pnv_ioda_release_pe+0x288/0x610
      lr: c00000000005dbdc: pnv_ioda_release_pe+0x5cc/0x610
      sp: c000000fe82178a0
     msr: 9000000000009033
     dar: 10
   dsisr: 40000000
    current = 0xc000000fe815ab80
    paca    = 0xc00000000ff00400	 softe: 0	 irq_happened: 0x01
      pid   = 2709, comm = sh
  Linux version 4.8.0-rc5-gavin-00006-g745efdb (gwshan@gwshan) \
  (gcc version 4.9.3 (Buildroot 2016.02-rc2-00093-g5ea3bce) ) #586 SMP \
  Tue Sep 6 13:37:29 AEST 2016
  enter ? for help
  [c000000fe8217940] c00000000005d684 pnv_ioda_release_pe+0x74/0x610
  [c000000fe82179e0] c000000000034460 pcibios_release_device+0x50/0x70
  [c000000fe8217a10] c0000000004aba80 pci_release_dev+0x50/0xa0
  [c000000fe8217a40] c000000000704898 device_release+0x58/0xf0
  [c000000fe8217ac0] c000000000470510 kobject_release+0x80/0xf0
  [c000000fe8217b00] c000000000704dd4 put_device+0x24/0x40
  [c000000fe8217b20] c0000000004af94c pci_remove_bus_device+0x12c/0x150
  [c000000fe8217b60] c000000000034244 pci_hp_remove_devices+0x94/0xd0
  [c000000fe8217ba0] c0000000004ca444 pnv_php_disable_slot+0x64/0xb0
  [c000000fe8217bd0] c0000000004c88c0 power_write_file+0xa0/0x190
  [c000000fe8217c50] c0000000004c248c pci_slot_attr_store+0x3c/0x60
  [c000000fe8217c70] c0000000002d6494 sysfs_kf_write+0x94/0xc0
  [c000000fe8217cb0] c0000000002d50f0 kernfs_fop_write+0x180/0x260
  [c000000fe8217d00] c0000000002334a0 __vfs_write+0x40/0x190
  [c000000fe8217d90] c000000000234738 vfs_write+0xc8/0x240
  [c000000fe8217de0] c000000000236250 SyS_write+0x60/0x110
  [c000000fe8217e30] c000000000009524 system_call+0x38/0x108

It fixes the kernel crash by bypassing releasing resources (DMA,
IO and memory segments, PELTM) because there are no resources assigned
to the slave PE.

Fixes: c5f7700bbd ("powerpc/powernv: Dynamically release PE")
Reported-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2016-09-06 14:54:46 +10:00
Benjamin Herrenschmidt
f8e33475b0 powerpc/xics/opal: Fix processor numbers in OPAL ICP
When using the OPAL ICP backend we incorrectly pass Linux CPU numbers
rather than HW CPU numbers to OPAL.

Fixes: d74361881f ("powerpc/xics: Add ICP OPAL backend")
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2016-09-06 14:54:45 +10:00
Thiago Jung Bauermann
d81d825821 powerpc/pseries: Fix little endian build with CONFIG_KEXEC=n
On ppc64le, builds with CONFIG_KEXEC=n fail with:

arch/powerpc/platforms/pseries/setup.c: In function ‘pseries_big_endian_exceptions’:
arch/powerpc/platforms/pseries/setup.c:403:13: error: implicit declaration of function ‘kdump_in_progress’
  if (rc && !kdump_in_progress())

This is because pseries/setup.c includes <linux/kexec.h>, but
kdump_in_progress() is defined in <asm/kexec.h>. This is a problem
because the former only includes the latter if CONFIG_KEXEC_CORE=y.

Fix it by including <asm/kexec.h> directly, as is done in powernv/setup.c.

Fixes: d3cbff1b5a ("powerpc: Put exception configuration in a common place")
Signed-off-by: Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2016-09-06 14:54:08 +10:00
Gregor Boirie
171c009183 iio:core: fix IIO_VAL_FRACTIONAL sign handling
7985e7c100 ("iio: Introduce a new fractional value type") introduced a
new IIO_VAL_FRACTIONAL value type meant to represent rational type numbers
expressed by a numerator and denominator combination.

Formating of IIO_VAL_FRACTIONAL values relies upon do_div() usage. This
fails handling negative values properly since parameters are reevaluated
as unsigned values.
Fix this by using div_s64_rem() instead. Computed integer part will carry
properly signed value. Formatted fractional part will always be positive.

Fixes: 7985e7c100 ("iio: Introduce a new fractional value type")
Signed-off-by: Gregor Boirie <gregor.boirie@parrot.com>
Reviewed-by: Lars-Peter Clausen <lars@metafoo.de>
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
2016-09-05 21:21:32 +01:00
Colin Ian King
5dba4b14ba iio: ensure ret is initialized to zero before entering do loop
A recent fix to iio_buffer_read_first_n_outer removed ret from being set by
a return from wait_event_interruptible and also added a continue in a loop
which causes the variable ret to not be set when it reaches the end of the
loop.  Fix this by initializing ret to zero.

Also remove extraneous white space at the end of the loop.

Fixes: fcf68f3c0b ("fix sched WARNING "do not call blocking ops when !TASK_RUNNING")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
2016-09-05 21:00:14 +01:00
Linus Torvalds
bc4dee5aa7 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto fixes from Herbert Xu:
 "This fixes a regression in the cryptd code that breaks certain
  accelerated AED algorithms as well as an older regression in the
  caam driver that breaks IPsec"

* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  crypto: caam - fix IV loading for authenc (giv)decryption
  crypto: cryptd - Use correct tfm object for AEAD tracking
2016-09-05 11:10:00 -07:00
Linus Torvalds
56291b271b Merge branch 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild
Pull kbuild fix from Michal Marek:
 "Fix for 'make deb-pkg'.  The bug got introduced in v4.8-rc1"

* 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
  builddeb: Skip gcc-plugins when not configured
2016-09-05 10:55:55 -07:00
Liping Zhang
5210d393ef netfilter: nf_tables_trace: fix endiness when dump chain policy
NFTA_TRACE_POLICY attribute is big endian, but we forget to call
htonl to convert it. Fortunately, this attribute is parsed as big
endian in libnftnl.

Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2016-09-05 19:28:23 +02:00
Wang Xiaoguang
ed7a694839 btrfs: do not decrease bytes_may_use when replaying extents
When replaying extents, there is no need to update bytes_may_use
in btrfs_alloc_logged_file_extent(), otherwise it'll trigger a
WARN_ON about bytes_may_use.

Fixes: ("btrfs: update btrfs_space_info's bytes_may_use timely")
Signed-off-by: Wang Xiaoguang <wangxg.fnst@cn.fujitsu.com>
Reviewed-by: Josef Bacik <jbacik@fb.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2016-09-05 17:40:41 +02:00
Tejun Heo
c86d06ba28 PM / QoS: avoid calling cancel_delayed_work_sync() during early boot
of_clk_init() ends up calling into pm_qos_update_request() very early
during boot where irq is expected to stay disabled.
pm_qos_update_request() uses cancel_delayed_work_sync() which
correctly assumes that irq is enabled on invocation and
unconditionally disables and re-enables it.

Gate cancel_delayed_work_sync() invocation with kevented_up() to avoid
enabling irq unexpectedly during early boot.

Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-and-tested-by: Qiao Zhou <qiaozhou@asrmicro.com>
Link: http://lkml.kernel.org/r/d2501c4c-8e7b-bea3-1b01-000b36b5dfe9@asrmicro.com
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2016-09-05 15:07:53 +02:00
Nicolas Iooss
0f5aa88a7b ceph: do not modify fi->frag in need_reset_readdir()
Commit f3c4ebe65e ("ceph: using hash value to compose dentry offset")
modified "if (fpos_frag(new_pos) != fi->frag)" to "if (fi->frag |=
fpos_frag(new_pos))" in need_reset_readdir(), thus replacing a
comparison operator with an assignment one.

This looks like a typo which is reported by clang when building the
kernel with some warning flags:

    fs/ceph/dir.c:600:22: error: using the result of an assignment as a
    condition without parentheses [-Werror,-Wparentheses]
            } else if (fi->frag |= fpos_frag(new_pos)) {
                       ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~
    fs/ceph/dir.c:600:22: note: place parentheses around the assignment
    to silence this warning
            } else if (fi->frag |= fpos_frag(new_pos)) {
                                ^
                       (                             )
    fs/ceph/dir.c:600:22: note: use '!=' to turn this compound
    assignment into an inequality comparison
            } else if (fi->frag |= fpos_frag(new_pos)) {
                                ^~
                                !=

Fixes: f3c4ebe65e ("ceph: using hash value to compose dentry offset")
Signed-off-by: Nicolas Iooss <nicolas.iooss_linux@m4x.org>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2016-09-05 14:30:35 +02:00
Miklos Szeredi
e1ff3dd1ae ovl: fix workdir creation
Workdir creation fails in latest kernel.

Fix by allowing EOPNOTSUPP as a valid return value from
vfs_removexattr(XATTR_NAME_POSIX_ACL_*).  Upper filesystem may not support
ACL and still be perfectly able to support overlayfs.

Reported-by: Martin Ziegler <ziegler@uni-freiburg.de>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Fixes: c11b9fdd6a ("ovl: remove posix_acl_default from workdir")
Cc: <stable@vger.kernel.org>
2016-09-05 13:55:20 +02:00
Yoshihiro Shimoda
519d8bd4b5 usb: renesas_usbhs: fix clearing the {BRDY,BEMP}STS condition
The previous driver is possible to stop the transfer wrongly.
For example:
 1) An interrupt happens, but not BRDY interruption.
 2) Read INTSTS0. And than state->intsts0 is not set to BRDY.
 3) BRDY is set to 1 here.
 4) Read BRDYSTS.
 5) Clear the BRDYSTS. And then. the BRDY is cleared wrongly.

Remarks:
 - The INTSTS0.BRDY is read only.
  - If any bits of BRDYSTS are set to 1, the BRDY is set to 1.
  - If BRDYSTS is 0, the BRDY is set to 0.

So, this patch adds condition to avoid such situation. (And about
NRDYSTS, this is not used for now. But, avoiding any side effects,
this patch doesn't touch it.)

Fixes: d5c6a1e024 ("usb: renesas_usbhs: fixup interrupt status clear method")
Cc: <stable@vger.kernel.org> # v3.8+
Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
2016-09-05 13:39:23 +03:00
Fabio Estevam
7c113f7df7 usb: phy: phy-generic: Check clk_prepare_enable() error
clk_prepare_enable() may fail, so we should better check its return
value and propagate it in the case of failure.

Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
2016-09-05 13:39:23 +03:00
Yoshihiro Shimoda
b2f1eaaee5 usb: gadget: udc: renesas-usb3: clear VBOUT bit in DRD_CON
This driver should clear the bit. Otherwise, the VBUS will output
wrongly if the usb port on a board has VBUS output capability.

Fixes: 746bfe63bb ("usb: gadget: renesas_usb3: add support for
		      Renesas USB3.0 peripheral controller")
Cc: <stable@vger.kernel.org> # v4.5+
Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
2016-09-05 13:39:23 +03:00
John Youn
9d7aba7786 Revert "usb: dwc3: gadget: always decrement by 1"
This reverts commit 6f8245b4e3 ("usb: dwc3: gadget: always decrement
by 1").

We can't always decrement this value.

We should decrement only if the calculation of free slots results in a
LINK TRB being among one of the free slots (dequeue < enqueue).

Otherwise, if the LINK TRB is not among the free slots then it should
not be decremented.

Signed-off-by: John Youn <johnyoun@synopsys.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
2016-09-05 13:39:23 +03:00
Fabio Estevam
f065e9e4ad ARM: dts: imx6qdl: Fix SPDIF regression
Commit 833f2cbf70 ("ARM: dts: imx6: change the core clock of spdif")
changed many more clocks than only the SPDIF core clock as stated in
the commit message.

The MLB clock has been added and this causes SPDIF regression as
reported by Xavi Drudis Ferran and also in this forum post:
https://forum.digikey.com/thread/34240

The MX6Q Reference Manual does not mention that MLB is a clock related
to SPDIF, so change it back to a dummy clock to restore SPDIF
functionality.

Thanks to Ambika for providing the fix at:
https://community.nxp.com/thread/387131

Fixes: 833f2cbf70 ("ARM: dts: imx6: change the core clock of spdif")
Cc: <stable@vger.kernel.org> # 4.4.x
Reported-by: Xavi Drudis Ferran <xdrudis@tinet.cat>
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Tested-by:  Xavi Drudis Ferran <xdrudis@tinet.cat>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
2016-09-05 10:30:58 +08:00
Linus Torvalds
c6935931c1 Linux 4.8-rc5 2016-09-04 14:31:46 -07:00
Linus Torvalds
6e1ce3c345 af_unix: split 'u->readlock' into two: 'iolock' and 'bindlock'
Right now we use the 'readlock' both for protecting some of the af_unix
IO path and for making the bind be single-threaded.

The two are independent, but using the same lock makes for a nasty
deadlock due to ordering with regards to filesystem locking.  The bind
locking would want to nest outside the VSF pathname locking, but the IO
locking wants to nest inside some of those same locks.

We tried to fix this earlier with commit c845acb324 ("af_unix: Fix
splice-bind deadlock") which moved the readlock inside the vfs locks,
but that caused problems with overlayfs that will then call back into
filesystem routines that take the lock in the wrong order anyway.

Splitting the locks means that we can go back to having the bind lock be
the outermost lock, and we don't have any deadlocks with lock ordering.

Acked-by: Rainer Weikusat <rweikusat@cyberadapt.com>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-04 13:29:29 -07:00
Linus Torvalds
38f7bd94a9 Revert "af_unix: Fix splice-bind deadlock"
This reverts commit c845acb324.

It turns out that it just replaces one deadlock with another one: we can
still get the wrong lock ordering with the readlock due to overlayfs
calling back into the filesystem layer and still taking the vfs locks
after the readlock.

The proper solution ends up being to just split the readlock into two
pieces: the bind lock (taken *outside* the vfs locks) and the IO lock
(taken *inside* the filesystem locks).  The two locks are independent
anyway.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Reviewed-by: Shmulik Ladkani <shmulik.ladkani@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-04 13:29:29 -07:00
David S. Miller
2f83a53a81 Merge branch 'vxlan-fixes'
Jiri Benc says:

====================
vxlan: fix error reporting

This patchset improves checking for invalid configuration in VXLAN and
fixes problems with duplicated and inappropriate error messages.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-04 11:42:57 -07:00
Jiri Benc
3555621de7 vxlan: fix duplicated and wrong error messages
vxlan_dev_configure outputs error messages before returning, no need to
print again the same mesages in vxlan_newlink. Also, vxlan_dev_configure may
return a particular error code for a different reason than vxlan_newlink
thinks.

Move the remaining error messages into vxlan_dev_configure and let
vxlan_newlink just pass on the error code.

Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-04 11:42:56 -07:00
Jiri Benc
9b4cdd516d vxlan: reject multicast destination without an interface
Currently, kernel accepts configurations such as:

  ip l a type vxlan dstport 4789 id 1 group 239.192.0.1
  ip l a type vxlan dstport 4789 id 1 group ff0e::110

However, neither of those really works. In the IPv4 case, the interface
cannot be brought up ("RTNETLINK answers: No such device"). This is because
multicast join will be rejected without the interface being specified.

In the IPv6 case, multicast wil be joined on the first interface found. This
is not what the user wants as it depends on random factors (order of
interfaces).

Note that it's possible to add a local address but it doesn't solve
anything. For IPv4, it's not considered in the multicast join (thus the same
error as above is returned on ifup). This could be added but it wouldn't
help for IPv6 anyway. For IPv6, we do need the interface.

Just reject a configuration that sets multicast address and does not provide
an interface. Nobody can depend on the previous behavior as it never worked.

Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-04 11:42:56 -07:00