Commit Graph

575167 Commits

Author SHA1 Message Date
Christoph Hellwig
4d6af73d9e block: support large requests in blk_rq_map_user_iov
This patch adds support for larger requests in blk_rq_map_user_iov by
allowing it to build multiple bios for a request.  This functionality
used to exist for the non-vectored blk_rq_map_user in the past, and
this patch reuses the existing functionality for it on the unmap side,
which stuck around.  Thanks to the iov_iter API supporting multiple
bios is fairly trivial, as we can just iterate the iov until we've
consumed the whole iov_iter.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reported-by: Jeff Lien <Jeff.Lien@hgst.com>
Tested-by: Jeff Lien <Jeff.Lien@hgst.com>
Reviewed-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
2016-03-03 14:45:02 -07:00
Christoph Hellwig
f21018427c block: fix blk_rq_get_max_sectors for driver private requests
Driver private request types should not get the artifical cap for the
FS requests.  This is important to use the full device capabilities
for internal command or NVMe pass through commands.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reported-by: Jeff Lien <Jeff.Lien@hgst.com>
Tested-by: Jeff Lien <Jeff.Lien@hgst.com>
Reviewed-by: Keith Busch <keith.busch@intel.com>

Updated by me to use an explicit check for the one command type that
does support extended checking, instead of relying on the ordering
of the enum command values - as suggested by Keith.

Signed-off-by: Jens Axboe <axboe@fb.com>
2016-03-03 14:43:45 -07:00
Christoph Hellwig
45686b6198 nvme: fix max_segments integer truncation
The block layer uses an unsigned short for max_segments.  The way we
calculate the value for NVMe tends to generate very large 32-bit values,
which after integer truncation may lead to a zero value instead of
the desired outcome.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reported-by: Jeff Lien <Jeff.Lien@hgst.com>
Tested-by: Jeff Lien <Jeff.Lien@hgst.com>
Reviewed-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
2016-03-03 14:43:10 -07:00
Christoph Hellwig
da35825d9a nvme: set queue limits for the admin queue
Factor out a helper to set all the device specific queue limits and apply
them to the admin queue in addition to the I/O queues.  Without this the
command size on the admin queue is arbitrarily low, and the missing
other limitations are just minefields waiting for victims.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reported-by: Jeff Lien <Jeff.Lien@hgst.com>
Tested-by: Jeff Lien <Jeff.Lien@hgst.com>
Reviewed-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
2016-03-03 14:42:50 -07:00
Tejun Heo
a1a0e23e49 writeback: flush inode cgroup wb switches instead of pinning super_block
If cgroup writeback is in use, inodes can be scheduled for
asynchronous wb switching.  Before 5ff8eaac16 ("writeback: keep
superblock pinned during cgroup writeback association switches"), this
could race with umount leading to super_block being destroyed while
inodes are pinned for wb switching.  5ff8eaac16 fixed it by bumping
s_active while wb switches are in flight; however, this allowed
in-flight wb switches to make umounts asynchronous when the userland
expected synchronosity - e.g. fsck immediately following umount may
fail because the device is still busy.

This patch removes the problematic super_block pinning and instead
makes generic_shutdown_super() flush in-flight wb switches.  wb
switches are now executed on a dedicated isw_wq so that they can be
flushed and isw_nr_in_flight keeps track of the number of in-flight wb
switches so that flushing can be avoided in most cases.

v2: Move cgroup_writeback_umount() further below and add MS_ACTIVE
    check in inode_switch_wbs() as Jan an Al suggested.

Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Tahsin Erdogan <tahsin@google.com>
Cc: Jan Kara <jack@suse.cz>
Cc: Al Viro <viro@ZenIV.linux.org.uk>
Link: http://lkml.kernel.org/g/CAAeU0aNCq7LGODvVGRU-oU_o-6enii5ey0p1c26D1ZzYwkDc5A@mail.gmail.com
Fixes: 5ff8eaac16 ("writeback: keep superblock pinned during cgroup writeback association switches")
Cc: stable@vger.kernel.org #v4.5
Reviewed-by: Jan Kara <jack@suse.cz>
Tested-by: Tahsin Erdogan <tahsin@google.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
2016-03-03 14:42:50 -07:00
Keith Busch
e9fc63d682 NVMe: Fix 0-length integrity payload
A user could send a passthrough IO command with a metadata pointer to a
namespace without metadata. With metadata length of 0, kmalloc returns
ZERO_SIZE_PTR. Since that is not NULL, the driver would have set this as
the bio's integrity payload, which causes an access fault on completion.

This patch ignores the users metadata buffer if the namespace format
does not support separate metadata.

Reported-by: Stephen Bates <stephen.bates@microsemi.com>
Signed-off-by: Keith Busch <keith.busch@intel.com>
Reviewed-by: Sagi Grimberg <sagig@mellanox.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Jens Axboe <axboe@fb.com>
2016-03-03 14:42:50 -07:00
Keith Busch
63088ec7c8 NVMe: Don't allow unsupported flags
The command flags can change the meaning of other fields in the command
that the driver is not prepared to handle. Specifically, the user could
passthrough an SGL flag, causing the controller to misinterpret the PRP
list the driver created, potentially corrupting memory or data.

Signed-off-by: Keith Busch <keith.busch@intel.com>
Reviewed-by: Jon Derrick <jonathan.derrick@intel.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Jens Axboe <axboe@fb.com>
2016-03-03 14:42:50 -07:00
Keith Busch
69d9a99c25 NVMe: Move error handling to failed reset handler
This moves failed queue handling out of the namespace removal path and
into the reset failure path, fixing a hanging condition if the controller
fails or link down during del_gendisk. Previously the driver had to see
the controller as degraded prior to calling del_gendisk to setup the
queues to fail. But, if the controller happened to fail after this,
there was no task to end outstanding requests.

On failure, all namespace states are set to dead. This has capacity
revalidate to 0, and ends all new requests with error status.

Signed-off-by: Keith Busch <keith.busch@intel.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Jens Axboe <axboe@fb.com>
2016-03-03 14:42:50 -07:00
Keith Busch
f58944e265 NVMe: Simplify device reset failure
A reset failure schedules the device to unbind from the driver through
the pci driver's remove. This cleans up all intialization, so there is
no need to duplicate the potentially racy cleanup.

To help understand why a reset failed, the status is logged with the
existing warning message.

Signed-off-by: Keith Busch <keith.busch@intel.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@fb.com>
2016-03-03 14:42:49 -07:00
Keith Busch
646017a612 NVMe: Fix namespace removal deadlock
This patch makes nvme namespace removal lockless. It is up to the caller
to ensure no active namespace scanning is occuring. To ensure no scan
work occurs, the nvme pci driver adds a removing state to the controller
device to avoid queueing scan work during removal. The work is flushed
after setting the state, so no new scan work can be queued.

The lockless removal allows the driver to cleanup a namespace
request_queue if the controller fails during removal. Previously this
could deadlock trying to acquire the namespace mutex in order to handle
such events.

Signed-off-by: Keith Busch <keith.busch@intel.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@fb.com>
2016-03-03 14:42:49 -07:00
Keith Busch
075790ebba NVMe: Use IDA for namespace disk naming
A namespace may be detached from a controller, but a user may be holding
a reference to it. Attaching a new namespace with the same NSID will create
duplicate names when using the NSID to name the disk.

This patch uses an IDA that is released only when the last reference is
released instead of using the namespace ID.

Signed-off-by: Keith Busch <keith.busch@intel.com>
Reviewed-by: Sagi Grimberg <sagig@mellanox.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Jens Axboe <axboe@fb.com>
2016-03-03 14:42:49 -07:00
Keith Busch
b00a726a9f NVMe: Don't unmap controller registers on reset
Unmapping the registers on reset or shutdown is not necessary. Keeping
the mapping simplifies reset handling.

Signed-off-by: Keith Busch <keith.busch@intel.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@fb.com>
2016-03-03 14:42:49 -07:00
Ming Lei
e827091cb1 block: merge: get the 1st and last bvec via helpers
This patch applies the two introduced helpers to
figure out the 1st and last bvec.

Reviewed-by: Sagi Grimberg <sagig@mellanox.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
2016-03-03 14:42:49 -07:00
Ming Lei
25e71a99f1 block: get the 1st and last bvec via helpers
This patch applies the two introduced helpers to
figure out the 1st and last bvec, and fixes the
original way after bio splitting.

Cc: stable@vger.kernel.org
Reported-by: Sagi Grimberg <sagig@dev.mellanox.co.il>
Reviewed-by: Sagi Grimberg <sagig@mellanox.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
2016-03-03 14:42:49 -07:00
Ming Lei
e0af29171a block: check virt boundary in bio_will_gap()
In the following patch, the way for figuring out
the last bvec will be changed with a bit cost introduced,
so return immediately if the queue doesn't have virt
boundary limit. Actually most of devices have not
this limit.

Reviewed-by: Sagi Grimberg <sagig@mellanox.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
2016-03-03 14:42:49 -07:00
Ming Lei
7bcd79ac50 block: bio: introduce helpers to get the 1st and last bvec
The bio passed to bio_will_gap() may be fast cloned from upper
layer(dm, md, bcache, fs, ...), or from bio splitting in block
core.

Unfortunately bio_will_gap() just figures out the last bvec via
'bi_io_vec[prev->bi_vcnt - 1]' directly, and this way is obviously
wrong.

This patch introduces two helpers for getting the first and last
bvec of one bio for fixing the issue.

Cc: stable@vger.kernel.org
Reported-by: Sagi Grimberg <sagig@dev.mellanox.co.il>
Reviewed-by: Sagi Grimberg <sagig@mellanox.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
2016-03-03 14:42:49 -07:00
Linus Torvalds
e3c2ef41f8 PCI updates for v4.5:
Freescale Layerscape host bridge driver
     Fix MSG TLP drop setting (Minghuan Lian)
 
   TI Keystone host bridge driver
     Fix MSI code that retrieves struct pcie_port pointer (Murali Karicheri)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJW2Ha2AAoJEFmIoMA60/r8Fg0P/2MAV3FUJfTdG+FdmSQu5TOh
 EncQbwTR8SDnMtPa1H8+eIE7n6CXA56OeGMfRMhEDhbGWyJEMnPM1h/NKYLkcNPS
 lNPwboMfxlmPClulMg012e7/clzwVbBlSndxkjkZVzmcstuTrzXKFcN8pmFMzaN1
 tOnuEPIQZuvyqCU2R+6krT/aUG7+xUjULk4m349lVqbr3z1635YgnrIe57gCYBY6
 meAfgEEewU/XgjFKviy7wC30gViUaZA+CdvwxZpROH+RIhX3kUYKep31KPXiyIVn
 3SPDF9gkW5s5RullIQQiNygMRs4e7rrdAT3LF1kEQWDyfZ6AJfHduMC6CdXUzkzB
 WHvi7rtKtubo+pTGq+fSXTXlESQp8C1fTzeUJLlUrEj/5j1VL0J9uOOk3QtDQVGP
 QMD4YzKYjfJbmtSzE/mL9GIpYIb9fXeOCGfdsdndynU6QDIZ2RN+9jSR82gLMZZj
 PUUDixtH9+jUMxSARp3ftX9/8VbINbJFT2NtMCSRRXLGrIohekhgpFhpQw8wdaiX
 TuJdSOVaWYIJS+mT2T7/8ZAuB48a4sd6vW+1/31itEGPkhh1XdPp6Fa46eBeGTCq
 /hs5xlgohmW89HOLj0u7W0feTRwQe5tcph+GgfH4/SrFOlVtbL7kGtzkjc4dCJmw
 8TySu5pOthybKAp+dDVn
 =ASQ6
 -----END PGP SIGNATURE-----

Merge tag 'pci-v4.5-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci

Pull PCI fixes from Bjorn Helgaas:
 "Freescale Layerscape host bridge driver:
    Fix MSG TLP drop setting (Minghuan Lian)

  TI Keystone host bridge driver:
    Fix MSI code that retrieves struct pcie_port pointer (Murali Karicheri)"

* tag 'pci-v4.5-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
  PCI: layerscape: Fix MSG TLP drop setting
  PCI: keystone: Fix MSI code that retrieves struct pcie_port pointer
2016-03-03 12:54:39 -08:00
Linus Torvalds
c2687cf950 * ARM/MIPS: Fixes for ioctls when copy_from_user returns nonzero
* x86: Small fix for Skylake TSC scaling
 * x86: Improved fix for last week's missed hardware breakpoint bug
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJW2Fi+AAoJEL/70l94x66DN0IH/RdRqc22D9gRKmBi0WmlHxYf
 IwwKoR7U6esszkFkDeRQ5f97ghHoQVo1HWloEV9r9M0+ghS33hrxdbWIncxImvS0
 xCMCA9hON4UwpZ5Afi7XJkW6Ih7XF23+VozfK7J0ZJNGV3wHUXZQftEpF1SBeQrx
 jjngwMJzZQTsv91a5n+tcJh05NkgU2E0XeXpOPM0EX74mF3ldk66uRRyJu3iXRkt
 gA9fFWSR5BO3tAjvwhIy9xh1cmNqDw4F1cVQQaigQiQsFO62QLx0cPKsMP8gtMO9
 YZrldOuKmxt3w+zd5U//6yR476UFF2Rj6uZzrT2iO3XS7dlM/Eex2rD+eRdgBeU=
 =BOxa
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull KVM fixes from Paolo Bonzini:
 - ARM/MIPS: Fixes for ioctls when copy_from_user returns nonzero
 - x86: Small fix for Skylake TSC scaling
 - x86: Improved fix for last week's missed hardware breakpoint bug

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  kvm: x86: Update tsc multiplier on change.
  mips/kvm: fix ioctl error handling
  arm/arm64: KVM: Fix ioctl error handling
  KVM: x86: fix root cause for missed hardware breakpoints
2016-03-03 11:54:56 -08:00
Linus Torvalds
4237b2e6c6 Late GPIO fix:
- Fix a runtime PM suspend/resume bug in the RCAR driver
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJW2EMyAAoJEEEQszewGV1zyccQAITkJRDI4loy9EJLuOZqbYBG
 zmKuLJeempbH3o5dtBIcEia7UI+c0jrVrFehfUTPfPAduuHx6Thg6awuOwnoeBBY
 K6cVispZfXL6ZpeQW7I7ykcxSW3tSzLRMaNuzG75Uq7hkFuaRXJsi0K0TfB1B8Yn
 A3qwrldlxP5y/rHff7Xz7sCfuwjaf60MYFEjQr0/pa9uVhgpXmEDWGWuT9WzoqTG
 InX4D6YIrAYbG1RKIbZnc8e2BdwJsCD70ldKIPlHUtORu/iyfObcadl0AT6xD3uB
 mHq9cooHwq+cMsH44DqF2i7KwzQjh2goujCO3eXW2E1CzYTjO9gRxXb3KoTgbkxn
 BEj08+tByBMwuiiwqqcACiAMQk5MlWzM8qQwQehxo6bnYmxzS9N+NJOq7btnxwmC
 yHIjyjYs1IWb0gwlSehkKFT6JLiP4pbCBt34dcJbfSUwpHAwzQzzsYymNHDkwQzJ
 pqGIU9JX/dWc1uvp6tLSmXuOh8YQvzj7sowSNkIiW9aX1OQpH+7xCE3b7vKZRZgt
 jibAfDKCPq/5bLEKbvGZggkTz6AqW56utaovTLnN7FiMbMEnATBXKP3MRrltDBj/
 +rll1hDbPYc8wL6qvGEI5V5wcCGxr6vL8GBloQbjxQfywN0F/+wcnJKl9cWE5xOf
 KCH97QpF+N9ZsuDPJIPZ
 =5Ovl
 -----END PGP SIGNATURE-----

Merge tag 'gpio-v4.5-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio

Pull late GPIO fix from Linus Walleij:
 "Regressions never arrive when you want them to, so here is a late fix
  for the Renesas RCAR GPIO driver.  It only affects that driver on the
  very specific Renesas platforms:

   - Fix a runtime PM suspend/resume bug in the RCAR driver"

* tag 'gpio-v4.5-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
  gpio: rcar: Add Runtime PM handling for interrupts
2016-03-03 11:39:11 -08:00
Linus Torvalds
19eab220e7 IOMMU Fixes for Linux v4.5-rc6
Including one fix for Intel VT-d:
 
 	* Use BUS_NOTIFY_REMOVED_DEVICE notifier to unbind a device from
 	  its domain _after_ it has been unbound from its driver. This
 	  fixes a BUG_ON being triggered in the PCI hotplug path.
 
 And three for AMD IOMMU:
 
 	* Add a workaround for a hardware issue with ATS in use
 
 	* Fix ATS enable/disable balance when a device is removed
 
 	* Fix a boot warning being triggered when the system has IOMMU
 	  performance counters and PCI device 00:00.0 is not covered by
 	  the IOMMU
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJW2D+vAAoJECvwRC2XARrj3m8QAL8oDvVQp12r6MeT/Mre4JPb
 5Y572a7kaA1Sp6b1ymnrMKsOATdxEJ7+P4OCkHDWjEZTGWvyDS/+latvPMTI0djf
 fzof5eB+OeGc1nI3z050Y2hKcC17gNs+cy6RoEDmWA8WRCYOh2FV8pgAFAqz/RNt
 qOA/8tdzbFyGk/A7GQV4N2ox30eGZwNHfMZDTNYkcAtf5BiKObyUDnkLk98hig5o
 bv2oEGckMDv35rOlpe6ToVPKe8hwy+uJLxBSvQKn3+d0Bu/4ZNVq2FVmcn1+DWbY
 sSqM6fFfEGyKK1moEOD2tuPJD5cr5qsqpN0GIbk8CRldSG6xYekJxUjY85aFeziS
 pARSu9LB+lOdi7yYbZu8zpfvN/G+gbRByqWaXBI1SHvmrx2ZS1VGHvHPel8aBQBz
 PLIF+z3ij3sCJwZnim4Tg2pyCAccz2sEiR7O0xBx5kDQKB8ZSeNKVhTz2d9cH5AZ
 gP4I7BmlSWaYXXi5FX6BMin3dYzHYuE/wcprQ98v1MIAk4AcqZGtOgX7CeQWABuC
 pBpdCYUiSIDQg+pDA6SSx7IJOxwVLhbQg/cxmJB5SWAMsNwnWqy7G2HWNvIJLrwT
 Bq++MmOYEwGH7g5xd8Q+rXszmaoVjzMhGojaAZg3gRmIe9AsaFSb9umoLvO1lNy0
 u3aOUVDZM3eIrhTHtmB7
 =uPsu
 -----END PGP SIGNATURE-----

Merge tag 'iommu-fixes-v4.5-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu

Pull IOMMU fixes from Joerg Roedel:
 "One fix for Intel VT-d:

   - Use BUS_NOTIFY_REMOVED_DEVICE notifier to unbind a device from its
     domain _after_ it has been unbound from its driver.  This fixes a
     BUG_ON being triggered in the PCI hotplug path.

  And three for AMD IOMMU:

   - Add a workaround for a hardware issue with ATS in use

   - Fix ATS enable/disable balance when a device is removed

   - Fix a boot warning being triggered when the system has IOMMU
     performance counters and PCI device 00:00.0 is not covered by the
     IOMMU"

* tag 'iommu-fixes-v4.5-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
  iommu/vt-d: Use BUS_NOTIFY_REMOVED_DEVICE in hotplug path
  iommu/amd: Detach device from domain before removal
  iommu/amd: Apply workaround for ATS write permission check
  iommu/amd: Fix boot warning when device 00:00.0 is not iommu covered
2016-03-03 11:32:13 -08:00
Linus Torvalds
f4bd982208 virtio/vhost: minor fixes
This fixes two minor bugs: error handling in vhost,
 and capability processing in virtio.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJW1w/9AAoJECgfDbjSjVRpOwMH/10g1iyVAF7FR3RgAgcutROy
 mt7RNRGhcJrccB3imWvA5llHfpEQe6b2IGRRjLpy3cHOqoytSJ8F9GbAv/Ya6rBY
 ZNsapZkEacLX3Byi/Tll9C6pP7eCHswveBwreXVYpxerTuViorqU0RQXHQCY1nBa
 jAHr7eHp7PlSjAKlwUX181/cDKF35VMchCE+NfSmgDFnkOMb8E3TVXqV1wuSZSaf
 Ci2IgULrQQC2rzxFg/ZQePweSP9cBrhpX3c3VkVa/N0Io4DOQWLg2KUbwzrs/mel
 i4rlKngwwRO0rIsWU+J5hMq4Vqg+Zv6mVQGm3FFAJWle03rUOZPYFCPwbKA6HNU=
 =HeDc
 -----END PGP SIGNATURE-----

Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost

Pull minor virtio/vhost fixes from Michael Tsirkin:
 "This fixes two minor bugs: error handling in vhost, and capability
  processing in virtio"

* tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
  vhost: fix error path in vhost_init_used()
  virtio-pci: read the right virtio_pci_notify_cap field
2016-03-03 11:07:32 -08:00
Linus Torvalds
52ad12966b VFIO fixes for v4.5-rc7
- Use -EFAULT for copy_to_user error in ioctl (Michael Tsirkin)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.14 (GNU/Linux)
 
 iQIcBAABAgAGBQJW2DJhAAoJECObm247sIsiJTsQAIi3+YtDniobxNqGSGlevqp+
 Dyx1FTNpu1k7Pc82+7lQkL95+WL5Xi6UevyrKXpKP3GjTbMC+1MgnHRnitweRwNM
 lTfLkep7/ExPazWLQ/+UYRBds+WjdTgQpc5DHorN/Ole3oIvizOT3+gqwEpfAW4Z
 enO+TjoQFWPZMg5JVNmZ/s5t+KYtavPXMlTvwOd09bLDpIgbMSZb6P+vsVWdBVi3
 fLfCXsSfIOETq7vcpMJFZiX9VjSz5xpiLhnZbjz90tWdy1rL9aP9ocrixoPecSbp
 RWe4tzlCtNOaoGliuhYoImgTp/mJAxsxv8qdGYeLf+vElufcB0mu16lmRxmTR7Xr
 WjHsRfcN3cvdIK06XMwgegmin8Xyqlk+nXo6oD1x3OdU1pgggI9gGMBZgR+2hvuQ
 Sp1Q8wPXc5MrcFefK9dN/2Pl94XaZ9VODX7QJ7HFl24Rp0RqF0ERo1vcRHEGb8Wn
 v4PW6GhbaAAu8PBiAuCUpFJM1SJgr2ZLfAeGyNvOEahcslYV73/UApWocIdjTva1
 YjxJaw32OaMhcMTgz+zA+uH6QfSS25Tl5M7vsWM8tdtDsQKKl+TolyhaWM5rLehJ
 vy80ISXSRL87bHaqPTCNWSEaNseCP0pQZXdqIRsIeQftHyyLZQm/6Sl2W1DFLmtK
 lxB/HUrFJQlZpNe/iO1t
 =cYvr
 -----END PGP SIGNATURE-----

Merge tag 'vfio-v4.5-rc7' of git://github.com/awilliam/linux-vfio

Pull VFIO fix from Alex Williamson:
 "Use -EFAULT for copy_to_user error in ioctl (Michael Tsirkin)"

* tag 'vfio-v4.5-rc7' of git://github.com/awilliam/linux-vfio:
  vfio: fix ioctl error handling
2016-03-03 10:56:17 -08:00
Linus Torvalds
215b031b97 fbdev fixes for v4.5
* fix hang caused by fbconsole blink timer
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJW2CSsAAoJEPo9qoy8lh71hjcQAK071t3TPSzKc1+GmLy2yVnV
 suaT3C+0uY1yha/V8kRUrwUA4p3wRSHDvr/jF1SSSTgc4J8mY/1mxXYIFmAxfCyb
 t/6fKTvHqDFHtCTMCM5RXK+3cR/zTu74KqLmMRllkMa4da7Iyr5fBBnfdryo1yjg
 Brj++PANYKXT1B7HR9vrUAL7sU+2y976/oGtAtqTSfRuo4rppXh3PFaNZHJFgdwI
 T8wkVIOPJHt9WdSnmXkVzMYeeXRp4mHNev2+tD7OvcH/b21Y+b1aO/ebIbeXWk+T
 Or3SWj/5Ckje368NMvIZKywuGcRA9QHMDNqDhBU+pIF8D8Z0TcSd9spV0v94/Z/l
 1DK1NROcE0rjcJvCFjhLcgXX9upsVlEQKDR94SsbkgJAv/ToXP2umoUCu8VXlO7Y
 tqvW8aU06cpi4/UXBq61riqVP2pOz6mYGWMFHw26tFpmAq3+NvFvW/Zp1UI0pMW/
 k4hbWDetmxPJA0T1UJcRHLHeumkEsyHTUgMFbD9UcM6YGs6tbsHw2aWgbEAGYMIa
 TMnM+vi+xRWThmUN558SBj7fZ17x/H7pJJllNvL6myn514BPBTmpmGCXQFxqOlc3
 /6AQEdYOMhG5z3axqCT+Hbjg8SQMeY7gAROU/Ql7VETJZZsRtIdl2Q/bynsjO06S
 8HOemQdC2DZbXRHCdb5t
 =8zQX
 -----END PGP SIGNATURE-----

Merge tag 'fbdev-fixes-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux

Pull fbdev fix from Tomi Valkeinen:
 "Fix hang caused by fbconsole blink timer"

* tag 'fbdev-fixes-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux:
  fbcon: set a default value to blink interval
2016-03-03 10:46:18 -08:00
Linus Torvalds
f983cd32cd Merge branch 'parisc-4.5-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux
Pull parisc fixes from Helge Deller:
 "We wire up the copy_file_range syscall, fix two bugs in the parisc
  ptrace code and have a trivial fix for floppy.h to clarify an
  expression with parentheses"

* 'parisc-4.5-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
  parisc: Wire up copy_file_range syscall
  parisc: Fix ptrace syscall number and return value modification
  parisc: Use parentheses around expression in floppy.h
2016-03-02 09:46:19 -08:00
Linus Torvalds
12f1d7e493 Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6
Pull cifs fixes from Steve French:
 "Various small CIFS/SMB3 fixes for stable:

  Fixes address oops that can occur when accessing Macs with SMB3, and
  another problem found to Samba when read responses queued (e.g. with
  gluster under Samba)"

* 'for-next' of git://git.samba.org/sfrench/cifs-2.6:
  CIFS: Fix duplicate line introduced by clone_file_range patch
  Fix cifs_uniqueid_to_ino_t() function for s390x
  CIFS: Fix SMB2+ interim response processing for read requests
  cifs: fix out-of-bounds access in lease parsing
2016-03-02 09:15:21 -08:00
Linus Torvalds
39680f50ae userfaultfd: don't block on the last VM updates at exit time
The exit path will do some final updates to the VM of an exiting process
to inform others of the fact that the process is going away.

That happens, for example, for robust futex state cleanup, but also if
the parent has asked for a TID update when the process exits (we clear
the child tid field in user space).

However, at the time we do those final VM accesses, we've already
stopped accepting signals, so the usual "stop waiting for userfaults on
signal" code in fs/userfaultfd.c no longer works, and the process can
become an unkillable zombie waiting for something that will never
happen.

To solve this, just make handle_userfault() abort any user fault
handling if we're already in the exit path past the signal handling
state being dead (marked by PF_EXITING).

This VM special case is pretty ugly, and it is possible that we should
look at finalizing signals later (or move the VM final accesses
earlier).  But in the meantime this is a fairly minimally intrusive fix.

Reported-and-tested-by: Dmitry Vyukov <dvyukov@google.com>
Acked-by: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2016-03-02 09:03:18 -08:00
Greg Kurz
e1f33be918 vhost: fix error path in vhost_init_used()
We don't want side effects. If something fails, we rollback vq->is_le to
its previous value.

Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-03-02 17:01:49 +02:00
Ladi Prosek
4e94ebdd06 virtio-pci: read the right virtio_pci_notify_cap field
Looks like a copy-paste bug. The value is used as an optimization and a
wrong value probably isn't causing any serious damage. Found when
porting this code to Windows.

Signed-off-by: Ladi Prosek <lprosek@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-03-02 17:01:49 +02:00
Owen Hofmann
2680d6da45 kvm: x86: Update tsc multiplier on change.
vmx.c writes the TSC_MULTIPLIER field in vmx_vcpu_load, but only when a
vcpu has migrated physical cpus. Record the last value written and
update in vmx_vcpu_load on any change, otherwise a cpu migration must
occur for TSC frequency scaling to take effect.

Cc: stable@vger.kernel.org
Fixes: ff2c3a1803
Signed-off-by: Owen Hofmann <osh@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-03-02 10:37:32 +01:00
Michael S. Tsirkin
0178fd7dcc mips/kvm: fix ioctl error handling
Returning directly whatever copy_to_user(...) or copy_from_user(...)
returns may not do the right thing if there's a pagefault:
copy_to_user/copy_from_user return the number of bytes not copied in
this case, but ioctls need to return -EFAULT instead.

Fix up kvm on mips to do
	return copy_to_user(...)) ?  -EFAULT : 0;
and
	return copy_from_user(...)) ?  -EFAULT : 0;

everywhere.

Cc: stable@vger.kernel.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-03-02 10:34:52 +01:00
Paolo Bonzini
2b097e9bc3 KVM/ARM fixes for 4.5-rc7
- Fix ioctl error handling on the timer path
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJW1byRAAoJECPQ0LrRPXpDXdoQAIh1BNeIxUhC58UrydqZ6wjw
 o+mLrQwTAVN3FBprAH/63NHwcBhq+i1G3vjfz4KoKc4KNe+48bGqvMKK1KktHfDf
 txOCl7va2sz1xbvY36oNw/OpHUpTMQBDYfq2SxxqXDTOnz6I+mdqxbCH+NZs0GyR
 AR1/XB0C++5GaRS4WqPb/v539Fj4MRLrFjz0GQJxmhzWJkP0uil87vLsQspWxoAX
 f1VcqJujC/BFCNNGoKi4h7BG7YaIM6EEHBFZRa9MsxpGElsxDGJug/qRfycRMuSf
 HIZJGh8EbM7ff9diPRTyk1aO3vFxlb+Q40VR6P+/BGvxnulOZCFaJX9987/LlHtS
 Sdk99rDY530qZTrF/yy7syNQhj4yb6K24LA6ADbWbtCW+WNQHaqAEDWwpEPpBvdu
 xwIRcxND9kUbbyA+f9IPhePHnTl5OXcclv+3CBSlGGCQSXXve214wBs36W4hKs8X
 VEXTij2FfHtSCJG5kPPpezx5wuDtzrdW5wKmWNN22dVey0CfQLa3WkcwhvhgbLpk
 qtp9j7/GcVDj42bqvXwfo8RBibZQW7PHCUynBmrcFkk4IZ6MiMAnkpe6s9fYD36i
 UrDfMSwwtyDDct0Piu9GL/qVaMU6LeGkSBC/Rz60xzIScpYGk/sDHNw+avaNvs21
 PU9hWF58rPjK1fdKnZ1U
 =9wEl
 -----END PGP SIGNATURE-----

Merge tag 'kvm-arm-for-4.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into kvm-master

KVM/ARM fixes for 4.5-rc7

- Fix ioctl error handling on the timer path
2016-03-02 10:31:30 +01:00
Linus Torvalds
f691b77b1f Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull d_inode/d_flags race fix from Al Viro.

I love this fix.  Not only does it fix the race in the dentry type
handling, it entirely gets rid of the nasty and subtle memory ordering
rules for d_type and d_inode, and replaces them with the basic dentry
locking rules (sequence numbers under RCU, d_lock elsewhere).

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  use ->d_seq to get coherency between ->d_inode and ->d_flags
2016-03-01 15:30:45 -08:00
Helge Deller
b4f09ae6db parisc: Wire up copy_file_range syscall
Signed-off-by: Helge Deller <deller@gmx.de>
2016-03-01 23:21:11 +01:00
Helge Deller
98e8b6c9ac parisc: Fix ptrace syscall number and return value modification
Mike Frysinger reported that his ptrace testcase showed strange
behaviour on parisc: It was not possible to avoid a syscall and the
return value of a syscall couldn't be changed.

To modify a syscall number, we were missing to save the new syscall
number to gr20 which is then picked up later in assembly again.

The effect that the return value couldn't be changed is a side-effect of
another bug in the assembly code. When a process is ptraced, userspace
expects each syscall to report entrance and exit of a syscall.  If a
syscall number was given which doesn't exist, we jumped to the normal
syscall exit code instead of informing userspace that the (non-existant)
syscall exits. This unexpected behaviour confuses userspace and thus the
bug was misinterpreted as if we can't change the return value.

This patch fixes both problems and was tested on 64bit kernel with
32bit userspace.

Signed-off-by: Helge Deller <deller@gmx.de>
Cc: Mike Frysinger <vapier@gentoo.org>
Cc: stable@vger.kernel.org  # v4.0+
Tested-by: Mike Frysinger <vapier@gentoo.org>
2016-03-01 23:06:07 +01:00
Helge Deller
9a334d39da parisc: Use parentheses around expression in floppy.h
David Binderman reported a style issue in the floppy.h header file:
arch/parisc/include/asm/floppy.h:221: (style) Boolean result is used in bitwise
  operation. Clarify expression with parentheses.

Reported-by: David Binderman <dcb314@hotmail.com>
Cc: David Binderman <dcb314@hotmail.com>
Signed-off-by: Helge Deller <deller@gmx.de>
2016-03-01 22:51:04 +01:00
Linus Torvalds
7d46af2084 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc
Pull sparc fixes from David Miller:

 1) System call tracing doesn't handle register contents properly across
    the trace.  From Mike Frysinger.

 2) Hook up copy_file_range

 3) Build fix for 32-bit with newer tools.

 4) New sun4v watchdog driver, from Wim Coekaerts.

 5) Set context system call has to allow for servicable faults when we
    flush the register windows to memory

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
  sparc64: Fix sparc64_set_context stack handling.
  sparc32: Add -Wa,-Av8 to KBUILD_CFLAGS.
  Add sun4v_wdt watchdog driver
  sparc: Fix system call tracing register handling.
  sparc: Hook up copy_file_range syscall.
2016-03-01 08:57:34 -08:00
Steve French
9589995e46 CIFS: Fix duplicate line introduced by clone_file_range patch
Commit 04b38d6012 ("vfs: pull btrfs clone API to vfs layer")
added a duplicated line (in cifsfs.c) which causes a sparse compile
warning.

Signed-off-by: Steve French <steve.french@primarydata.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
2016-03-01 09:38:00 -06:00
David S. Miller
397d1533b6 sparc64: Fix sparc64_set_context stack handling.
Like a signal return, we should use synchronize_user_stack() rather
than flush_user_windows().

Reported-by: Ilya Malakhov <ilmalakhovthefirst@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-03-01 00:25:32 -05:00
David S. Miller
22be3b1055 sparc32: Add -Wa,-Av8 to KBUILD_CFLAGS.
Binutils used to be (erroneously) extremely permissive about
instruction usage.  But that got fixed and if you don't properly tell
it to accept classes of instructions it will fail.

This uncovered a specs bug on sparc in gcc where it wouldn't pass the
proper options to binutils options.

Deal with this in the kernel build by adding -Wa,-Av8 to KBUILD_CFLAGS.

Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-03-01 00:24:04 -05:00
Minghuan Lian
1195c103f6 PCI: layerscape: Fix MSG TLP drop setting
Some kinds of Layerscape PCIe controllers will forward the received message
TLPs to system application address space, which could corrupt system memory
or lead to a system hang.  Enable MSG_DROP to fix this issue.

Signed-off-by: Minghuan Lian <Minghuan.Lian@nxp.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
2016-02-29 17:24:15 -06:00
Murali Karicheri
79e3f4a853 PCI: keystone: Fix MSI code that retrieves struct pcie_port pointer
Commit cbce790059 ("PCI: designware: Make driver arch-agnostic") changed
the host bridge sysdata pointer from the ARM pci_sys_data to the DesignWare
pcie_port structure, and changed pcie-designware.c to reflect that.  But it
did not change the corresponding code in pci-keystone-dw.c, so it caused
crashes on Keystone:

  Unable to handle kernel NULL pointer dereference at virtual address 00000030
  pgd = c0003000
  [00000030] *pgd=80000800004003, *pmd=00000000
  Internal error: Oops: 206 [#1] PREEMPT SMP ARM
  CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.4.2-00139-gb74f926 #2
  Hardware name: Keystone
  PC is at ks_dw_pcie_msi_irq_unmask+0x24/0x58

Change pci-keystone-dw.c to expect sysdata to be the struct pcie_port
pointer.

[bhelgaas: changelog]
Fixes: cbce790059 ("PCI: designware: Make driver arch-agnostic")
Signed-off-by: Murali Karicheri <m-karicheri2@ti.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
CC: stable@vger.kernel.org	# v4.4+
CC: Zhou Wang <wangzhou1@hisilicon.com>
2016-02-29 17:18:22 -06:00
Joerg Roedel
e6a8c9b337 iommu/vt-d: Use BUS_NOTIFY_REMOVED_DEVICE in hotplug path
In the PCI hotplug path of the Intel IOMMU driver, replace
the usage of the BUS_NOTIFY_DEL_DEVICE notifier, which is
executed before the driver is unbound from the device, with
BUS_NOTIFY_REMOVED_DEVICE, which runs after that.

This fixes a kernel BUG being triggered in the VT-d code
when the device driver tries to unmap DMA buffers and the
VT-d driver already destroyed all mappings.

Reported-by: Stefani Seibold <stefani@seibold.net>
Cc: stable@vger.kernel.org # v4.3+
Signed-off-by: Joerg Roedel <jroedel@suse.de>
2016-02-29 23:55:16 +01:00
Al Viro
a528aca7f3 use ->d_seq to get coherency between ->d_inode and ->d_flags
Games with ordering and barriers are way too brittle.  Just
bump ->d_seq before and after updating ->d_inode and ->d_flags
type bits, so that verifying ->d_seq would guarantee they are
coherent.

Cc: stable@vger.kernel.org # v3.13+
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-02-29 12:16:43 -05:00
Joerg Roedel
b6809ee573 iommu/amd: Detach device from domain before removal
Detach the device that is about to be removed from its
domain (if it has one) to clear any related state like DTE
entry and device's ATS state.

Reported-by: Kelly Zytaruk <Kelly.Zytaruk@amd.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
2016-02-29 17:25:25 +01:00
Michael S. Tsirkin
4cad67fca3 arm/arm64: KVM: Fix ioctl error handling
Calling return copy_to_user(...) in an ioctl will not
do the right thing if there's a pagefault:
copy_to_user returns the number of bytes not copied
in this case.

Fix up kvm to do
	return copy_to_user(...)) ?  -EFAULT : 0;

everywhere.

Cc: stable@vger.kernel.org
Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
2016-02-29 09:56:40 +00:00
Yadan Fan
1ee9f4bd1a Fix cifs_uniqueid_to_ino_t() function for s390x
This issue is caused by commit 02323db17e ("cifs: fix
cifs_uniqueid_to_ino_t not to ever return 0"), when BITS_PER_LONG
is 64 on s390x, the corresponding cifs_uniqueid_to_ino_t()
function will cast 64-bit fileid to 32-bit by using (ino_t)fileid,
because ino_t (typdefed __kernel_ino_t) is int type.

It's defined in arch/s390/include/uapi/asm/posix_types.h

    #ifndef __s390x__

    typedef unsigned long   __kernel_ino_t;
    ...
    #else /* __s390x__ */

    typedef unsigned int    __kernel_ino_t;

So the #ifdef condition is wrong for s390x, we can just still use
one cifs_uniqueid_to_ino_t() function with comparing sizeof(ino_t)
and sizeof(u64) to choose the correct execution accordingly.

Signed-off-by: Yadan Fan <ydfan@suse.com>
CC: stable <stable@vger.kernel.org>
Signed-off-by: Steve French <smfrench@gmail.com>
2016-02-29 00:46:55 -06:00
Pavel Shilovsky
6cc3b24235 CIFS: Fix SMB2+ interim response processing for read requests
For interim responses we only need to parse a header and update
a number credits. Now it is done for all SMB2+ command except
SMB2_READ which is wrong. Fix this by adding such processing.

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Tested-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Steve French <smfrench@gmail.com>
2016-02-29 00:21:36 -06:00
Justin Maggard
deb7deff2f cifs: fix out-of-bounds access in lease parsing
When opening a file, SMB2_open() attempts to parse the lease state from the
SMB2 CREATE Response.  However, the parsing code was not careful to ensure
that the create contexts are not empty or invalid, which can lead to out-
of-bounds memory access.  This can be seen easily by trying
to read a file from a OSX 10.11 SMB3 server.  Here is sample crash output:

BUG: unable to handle kernel paging request at ffff8800a1a77cc6
IP: [<ffffffff8828a734>] SMB2_open+0x804/0x960
PGD 8f77067 PUD 0
Oops: 0000 [#1] SMP
Modules linked in:
CPU: 3 PID: 2876 Comm: cp Not tainted 4.5.0-rc3.x86_64.1+ #14
Hardware name: NETGEAR ReadyNAS 314          /ReadyNAS 314          , BIOS 4.6.5 10/11/2012
task: ffff880073cdc080 ti: ffff88005b31c000 task.ti: ffff88005b31c000
RIP: 0010:[<ffffffff8828a734>]  [<ffffffff8828a734>] SMB2_open+0x804/0x960
RSP: 0018:ffff88005b31fa08  EFLAGS: 00010282
RAX: 0000000000000015 RBX: 0000000000000000 RCX: 0000000000000006
RDX: 0000000000000000 RSI: 0000000000000246 RDI: ffff88007eb8c8b0
RBP: ffff88005b31fad8 R08: 666666203d206363 R09: 6131613030383866
R10: 3030383866666666 R11: 00000000000002b0 R12: ffff8800660fd800
R13: ffff8800a1a77cc2 R14: 00000000424d53fe R15: ffff88005f5a28c0
FS:  00007f7c8a2897c0(0000) GS:ffff88007eb80000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: ffff8800a1a77cc6 CR3: 000000005b281000 CR4: 00000000000006e0
Stack:
 ffff88005b31fa70 ffffffff88278789 00000000000001d3 ffff88005f5a2a80
 ffffffff00000003 ffff88005d029d00 ffff88006fde05a0 0000000000000000
 ffff88005b31fc78 ffff88006fde0780 ffff88005b31fb2f 0000000100000fe0
Call Trace:
 [<ffffffff88278789>] ? cifsConvertToUTF16+0x159/0x2d0
 [<ffffffff8828cf68>] smb2_open_file+0x98/0x210
 [<ffffffff8811e80c>] ? __kmalloc+0x1c/0xe0
 [<ffffffff882685f4>] cifs_open+0x2a4/0x720
 [<ffffffff88122cef>] do_dentry_open+0x1ff/0x310
 [<ffffffff88268350>] ? cifsFileInfo_get+0x30/0x30
 [<ffffffff88123d92>] vfs_open+0x52/0x60
 [<ffffffff88131dd0>] path_openat+0x170/0xf70
 [<ffffffff88097d48>] ? remove_wait_queue+0x48/0x50
 [<ffffffff88133a29>] do_filp_open+0x79/0xd0
 [<ffffffff8813f2ca>] ? __alloc_fd+0x3a/0x170
 [<ffffffff881240c4>] do_sys_open+0x114/0x1e0
 [<ffffffff881241a9>] SyS_open+0x19/0x20
 [<ffffffff8896e257>] entry_SYSCALL_64_fastpath+0x12/0x6a
Code: 4d 8d 6c 07 04 31 c0 4c 89 ee e8 47 6f e5 ff 31 c9 41 89 ce 44 89 f1 48 c7 c7 28 b1 bd 88 31 c0 49 01 cd 4c 89 ee e8 2b 6f e5 ff <45> 0f b7 75 04 48 c7 c7 31 b1 bd 88 31 c0 4d 01 ee 4c 89 f6 e8
RIP  [<ffffffff8828a734>] SMB2_open+0x804/0x960
 RSP <ffff88005b31fa08>
CR2: ffff8800a1a77cc6
---[ end trace d9f69ba64feee469 ]---

Signed-off-by: Justin Maggard <jmaggard@netgear.com>
Signed-off-by: Steve French <smfrench@gmail.com>
CC: Stable <stable@vger.kernel.org>
2016-02-29 00:21:31 -06:00
Linus Torvalds
fc77dbd34c Linux 4.5-rc6 2016-02-28 08:41:20 -08:00
Linus Torvalds
1b9540ce03 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull perf fixes from Thomas Gleixner:
 "A rather largish series of 12 patches addressing a maze of race
  conditions in the perf core code from Peter Zijlstra"

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  perf: Robustify task_function_call()
  perf: Fix scaling vs. perf_install_in_context()
  perf: Fix scaling vs. perf_event_enable()
  perf: Fix scaling vs. perf_event_enable_on_exec()
  perf: Fix ctx time tracking by introducing EVENT_TIME
  perf: Cure event->pending_disable race
  perf: Fix race between event install and jump_labels
  perf: Fix cloning
  perf: Only update context time when active
  perf: Allow perf_release() with !event->ctx
  perf: Do not double free
  perf: Close install vs. exit race
2016-02-28 07:52:00 -08:00