[PATCH 4.4 00/74] 4.4.5-stable review

classic Classic list List threaded Threaded
86 messages Options
12345
Reply | Threaded
Open this post in threaded view
|

[PATCH 4.4 00/74] 4.4.5-stable review

Greg KH-4
This is the start of the stable review cycle for the 4.4.5 release.
There are 74 patches in this series, all will be posted as a response
to this one.  If anyone has any issues with these being applied, please
let me know.

Responses should be made by Thu Mar 10 00:02:56 UTC 2016.
Anything received after that time might be too late.

The whole patch series can be found in one patch at:
        kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.5-rc1.gz
and the diffstat can be found below.

thanks,

greg k-h

-------------
Pseudo-Shortlog of commits:

Greg Kroah-Hartman <[hidden email]>
    Linux 4.4.5-rc1

Alex Deucher <[hidden email]>
    drm/amdgpu: fix topaz/tonga gmc assignment in 4.4 stable

Rusty Russell <[hidden email]>
    modules: fix longstanding /proc/kallsyms vs module insertion race.

Gerd Hoffmann <[hidden email]>
    drm/i915: refine qemu south bridge detection

Gerd Hoffmann <[hidden email]>
    drm/i915: more virtual south bridge detection

Ming Lei <[hidden email]>
    block: get the 1st and last bvec via helpers

Ming Lei <[hidden email]>
    block: check virt boundary in bio_will_gap()

Michel Dänzer <[hidden email]>
    drm/amdgpu: Use drm_calloc_large for VM page_tables array

Javi Merino <[hidden email]>
    thermal: cpu_cooling: fix out of bounds access in time_in_idle

Wolfram Sang <[hidden email]>
    i2c: brcmstb: allocate correct amount of memory for regmap

Richard Weinberger <[hidden email]>
    ubi: Fix out of bounds write in volume update code

Frederic Barrat <[hidden email]>
    cxl: Fix PSL timebase synchronization detection

Maciej W. Rozycki <[hidden email]>
    MIPS: traps: Fix SIGFPE information leak from `do_ov' and `do_trap_or_bp'

Govindraj Raja <[hidden email]>
    MIPS: scache: Fix scache init with invalid line size.

Yegor Yefremov <[hidden email]>
    USB: serial: option: add support for Quectel UC20

Daniele Palmas <[hidden email]>
    USB: serial: option: add support for Telit LE922 PID 0x1045

Bjørn Mork <[hidden email]>
    USB: qcserial: add Sierra Wireless EM74xx device ID

Patrik Halfar <[hidden email]>
    USB: qcserial: add Dell Wireless 5809e Gobi 4G HSPA+ (rev3)

Vittorio Alfieri <[hidden email]>
    USB: cp210x: Add ID for Parrot NMEA GPS Flight Recorder

Peter Chen <[hidden email]>
    usb: chipidea: otg: change workqueue ci_otg as freezable

Takashi Iwai <[hidden email]>
    ALSA: timer: Fix broken compat timer user status ioctl

Takashi Iwai <[hidden email]>
    ALSA: hdspm: Fix zero-division

Takashi Iwai <[hidden email]>
    ALSA: hdsp: Fix wrong boolean ctl value accesses

Takashi Iwai <[hidden email]>
    ALSA: hdspm: Fix wrong boolean ctl value accesses

Takashi Iwai <[hidden email]>
    ALSA: seq: oss: Don't drain at closing a client

Takashi Iwai <[hidden email]>
    ALSA: pcm: Fix ioctls for X32 ABI

Takashi Iwai <[hidden email]>
    ALSA: timer: Fix ioctls for X32 ABI

Takashi Iwai <[hidden email]>
    ALSA: rawmidi: Fix ioctls X32 ABI

Simon South <[hidden email]>
    ALSA: hda - Fix mic issues on Acer Aspire E1-472

Takashi Iwai <[hidden email]>
    ALSA: ctl: Fix ioctls for X32 ABI

Dennis Kadioglu <[hidden email]>
    ALSA: usb-audio: Add a quirk for Plantronics DA45

Hans Verkuil <[hidden email]>
    adv7604: fix tx 5v detect regression

Robert Jarzmik <[hidden email]>
    dmaengine: pxa_dma: fix cyclic transfers

David Woodhouse <[hidden email]>
    Fix directory hardlinks from deleted directories

David Woodhouse <[hidden email]>
    jffs2: Fix page lock / f->sem deadlock

Thomas Betker <[hidden email]>
    Revert "jffs2: Fix lock acquisition order bug in jffs2_write_begin"

Filipe Manana <[hidden email]>
    Btrfs: fix loading of orphan roots leading to BUG_ON

Gabor Juhos <[hidden email]>
    pata-rb532-cf: get rid of the irq_to_gpio() call

Steven Rostedt (Red Hat) <[hidden email]>
    tracing: Do not have 'comm' filter override event 'comm' field

Manuel Lauss <[hidden email]>
    ata: ahci: don't mark HotPlugCapable Ports as external/removable

Todd E Brandt <[hidden email]>
    PM / sleep / x86: Fix crash on graph trace through x86 suspend

Ard Biesheuvel <[hidden email]>
    arm64: vmemmap: use virtual projection of linear region

Alexandra Yates <[hidden email]>
    Adding Intel Lewisburg device IDs for SATA

Tejun Heo <[hidden email]>
    writeback: flush inode cgroup wb switches instead of pinning super_block

Ming Lei <[hidden email]>
    block: bio: introduce helpers to get the 1st and last bvec

Harvey Hunt <[hidden email]>
    libata: Align ata_device's id on a cacheline

Arnd Bergmann <[hidden email]>
    libata: fix HDIO_GET_32BIT ioctl

Arindam Nath <[hidden email]>
    drm/amdgpu: return from atombios_dp_get_dpcd only when error

Chunming Zhou <[hidden email]>
    drm/amdgpu/gfx8: specify which engine to wait before vm flush

Christian König <[hidden email]>
    drm/amdgpu: apply gfx_v8 fixes to gfx_v7 as well

Alex Deucher <[hidden email]>
    drm/amdgpu/pm: update current crtc info after setting the powerstate

Alex Deucher <[hidden email]>
    drm/radeon/pm: update current crtc info after setting the powerstate

Timothy Pearson <[hidden email]>
    drm/ast: Fix incorrect register check for DRAM width

Mike Christie <[hidden email]>
    target: Fix WRITE_SAME/DISCARD conversion to linux 512b sectors

Joerg Roedel <[hidden email]>
    iommu/vt-d: Use BUS_NOTIFY_REMOVED_DEVICE in hotplug path

Suravee Suthikulpanit <[hidden email]>
    iommu/amd: Fix boot warning when device 00:00.0 is not iommu covered

Jay Cornwall <[hidden email]>
    iommu/amd: Apply workaround for ATS write permission check

Michael S. Tsirkin <[hidden email]>
    arm/arm64: KVM: Fix ioctl error handling

Paolo Bonzini <[hidden email]>
    KVM: x86: fix root cause for missed hardware breakpoints

Michael S. Tsirkin <[hidden email]>
    vfio: fix ioctl error handling

Yadan Fan <[hidden email]>
    Fix cifs_uniqueid_to_ino_t() function for s390x

Pavel Shilovsky <[hidden email]>
    CIFS: Fix SMB2+ interim response processing for read requests

Justin Maggard <[hidden email]>
    cifs: fix out-of-bounds access in lease parsing

Jean-Philippe Brucker <[hidden email]>
    fbcon: set a default value to blink interval

Owen Hofmann <[hidden email]>
    kvm: x86: Update tsc multiplier on change.

Michael S. Tsirkin <[hidden email]>
    mips/kvm: fix ioctl error handling

Helge Deller <[hidden email]>
    parisc: Fix ptrace syscall number and return value modification

Murali Karicheri <[hidden email]>
    PCI: keystone: Fix MSI code that retrieves struct pcie_port pointer

Keith Busch <[hidden email]>
    block: Initialize max_dev_sectors to 0

Oded Gabbay <[hidden email]>
    drm/amdgpu: mask out WC from BO on unsupported arches

Qu Wenruo <[hidden email]>
    btrfs: async-thread: Fix a use-after-free error for trace

Zhao Lei <[hidden email]>
    btrfs: Fix no_space in write and rm loop

Filipe Manana <[hidden email]>
    Btrfs: fix deadlock running delayed iputs at transaction commit time

Geert Uytterhoeven <[hidden email]>
    drivers: sh: Restore legacy clock domain on SuperH platforms

Al Viro <[hidden email]>
    use ->d_seq to get coherency between ->d_inode and ->d_flags


-------------

Diffstat:

 Makefile                                       |   4 +-
 arch/arm/kvm/guest.c                           |   2 +-
 arch/arm64/include/asm/pgtable.h               |   7 +-
 arch/arm64/kvm/guest.c                         |   2 +-
 arch/arm64/mm/init.c                           |   4 +-
 arch/mips/kernel/traps.c                       |  13 +-
 arch/mips/kvm/mips.c                           |   4 +-
 arch/mips/mm/sc-mips.c                         |  13 +-
 arch/parisc/kernel/ptrace.c                    |  16 ++-
 arch/parisc/kernel/syscall.S                   |   5 +-
 arch/x86/kernel/acpi/sleep.c                   |   7 +
 arch/x86/kvm/vmx.c                             |  14 +-
 arch/x86/kvm/x86.c                             |   9 +-
 block/blk-settings.c                           |   4 +-
 drivers/ata/ahci.c                             |   6 +
 drivers/ata/libahci.c                          |   3 +-
 drivers/ata/libata-scsi.c                      |  11 +-
 drivers/ata/pata_rb532_cf.c                    |  11 +-
 drivers/dma/pxa_dma.c                          |   8 +-
 drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c |   2 +-
 drivers/gpu/drm/amd/amdgpu/amdgpu_object.c     |   8 ++
 drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c         |   6 +-
 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c         |   7 +-
 drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c          |  13 ++
 drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c          |   3 +-
 drivers/gpu/drm/amd/amdgpu/vi.c                |  12 +-
 drivers/gpu/drm/ast/ast_main.c                 |   2 +-
 drivers/gpu/drm/i915/i915_drv.c                |   5 +-
 drivers/gpu/drm/i915/i915_drv.h                |   1 +
 drivers/gpu/drm/radeon/radeon_pm.c             |   8 +-
 drivers/i2c/busses/i2c-brcmstb.c               |   3 +-
 drivers/iommu/amd_iommu_init.c                 |  63 +++++++--
 drivers/iommu/dmar.c                           |   5 +-
 drivers/iommu/intel-iommu.c                    |   4 +-
 drivers/media/i2c/adv7604.c                    |   3 +-
 drivers/misc/cxl/pci.c                         |   2 +-
 drivers/mtd/ubi/upd.c                          |   2 +-
 drivers/pci/host/pci-keystone-dw.c             |  11 +-
 drivers/sh/pm_runtime.c                        |   2 +-
 drivers/target/target_core_device.c            |  43 ++++++
 drivers/target/target_core_file.c              |  29 ++--
 drivers/target/target_core_iblock.c            |  56 ++------
 drivers/thermal/cpu_cooling.c                  |  14 +-
 drivers/usb/chipidea/otg.c                     |   2 +-
 drivers/usb/serial/cp210x.c                    |   1 +
 drivers/usb/serial/option.c                    |   5 +
 drivers/usb/serial/qcserial.c                  |   7 +-
 drivers/vfio/pci/vfio_pci.c                    |   9 +-
 drivers/vfio/platform/vfio_platform_common.c   |   9 +-
 drivers/vfio/vfio_iommu_type1.c                |   6 +-
 drivers/video/console/fbcon.c                  |   2 +
 fs/btrfs/async-thread.c                        |   2 +-
 fs/btrfs/ctree.h                               |   2 +-
 fs/btrfs/disk-io.c                             |   5 +-
 fs/btrfs/extent-tree.c                         |  13 +-
 fs/btrfs/inode.c                               |   4 -
 fs/btrfs/root-tree.c                           |  10 +-
 fs/cifs/cifsfs.h                               |  12 +-
 fs/cifs/cifssmb.c                              |  21 ++-
 fs/cifs/smb2pdu.c                              |  24 ++--
 fs/dcache.c                                    |  20 +--
 fs/fs-writeback.c                              |  54 ++++++--
 fs/jffs2/README.Locking                        |   5 +-
 fs/jffs2/build.c                               |  75 ++++++++---
 fs/jffs2/file.c                                |  39 +++---
 fs/jffs2/gc.c                                  |  17 ++-
 fs/jffs2/nodelist.h                            |   6 +-
 fs/super.c                                     |   1 +
 include/linux/ata.h                            |   4 +-
 include/linux/bio.h                            |  37 ++++++
 include/linux/blkdev.h                         |  23 +++-
 include/linux/dcache.h                         |   4 +-
 include/linux/libata.h                         |   2 +-
 include/linux/module.h                         |  17 +--
 include/linux/trace_events.h                   |   2 +
 include/linux/writeback.h                      |   5 +
 include/target/target_core_backend.h           |   3 +
 kernel/module.c                                | 112 ++++++++++------
 kernel/trace/trace_events.c                    |  14 +-
 kernel/trace/trace_events_filter.c             |  13 +-
 sound/core/control_compat.c                    |  90 ++++++++++---
 sound/core/pcm_compat.c                        | 177 ++++++++++++++++++++++++-
 sound/core/rawmidi_compat.c                    |  53 ++++++++
 sound/core/seq/oss/seq_oss.c                   |   2 -
 sound/core/seq/oss/seq_oss_device.h            |   1 -
 sound/core/seq/oss/seq_oss_init.c              |  16 ---
 sound/core/timer_compat.c                      |  18 ++-
 sound/pci/hda/patch_realtek.c                  |   1 +
 sound/pci/rme9652/hdsp.c                       |   4 +-
 sound/pci/rme9652/hdspm.c                      |  16 ++-
 sound/usb/quirks.c                             |   1 +
 91 files changed, 1000 insertions(+), 413 deletions(-)


Reply | Threaded
Open this post in threaded view
|

[PATCH 4.4 15/74] Fix cifs_uniqueid_to_ino_t() function for s390x

Greg KH-4
4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Yadan Fan <[hidden email]>

commit 1ee9f4bd1a97026a7b2d7ae9f1f74b45680d0003 upstream.

This issue is caused by commit 02323db17e3a7 ("cifs: fix
cifs_uniqueid_to_ino_t not to ever return 0"), when BITS_PER_LONG
is 64 on s390x, the corresponding cifs_uniqueid_to_ino_t()
function will cast 64-bit fileid to 32-bit by using (ino_t)fileid,
because ino_t (typdefed __kernel_ino_t) is int type.

It's defined in arch/s390/include/uapi/asm/posix_types.h

    #ifndef __s390x__

    typedef unsigned long   __kernel_ino_t;
    ...
    #else /* __s390x__ */

    typedef unsigned int    __kernel_ino_t;

So the #ifdef condition is wrong for s390x, we can just still use
one cifs_uniqueid_to_ino_t() function with comparing sizeof(ino_t)
and sizeof(u64) to choose the correct execution accordingly.

Signed-off-by: Yadan Fan <[hidden email]>
Signed-off-by: Steve French <[hidden email]>
Signed-off-by: Greg Kroah-Hartman <[hidden email]>

---
 fs/cifs/cifsfs.h |   12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

--- a/fs/cifs/cifsfs.h
+++ b/fs/cifs/cifsfs.h
@@ -31,19 +31,15 @@
  * so that it will fit. We use hash_64 to convert the value to 31 bits, and
  * then add 1, to ensure that we don't end up with a 0 as the value.
  */
-#if BITS_PER_LONG == 64
 static inline ino_t
 cifs_uniqueid_to_ino_t(u64 fileid)
 {
+ if ((sizeof(ino_t)) < (sizeof(u64)))
+ return (ino_t)hash_64(fileid, (sizeof(ino_t) * 8) - 1) + 1;
+
  return (ino_t)fileid;
+
 }
-#else
-static inline ino_t
-cifs_uniqueid_to_ino_t(u64 fileid)
-{
- return (ino_t)hash_64(fileid, (sizeof(ino_t) * 8) - 1) + 1;
-}
-#endif
 
 extern struct file_system_type cifs_fs_type;
 extern const struct address_space_operations cifs_addr_ops;


Reply | Threaded
Open this post in threaded view
|

[PATCH 4.4 14/74] CIFS: Fix SMB2+ interim response processing for read requests

Greg KH-4
In reply to this post by Greg KH-4
4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Pavel Shilovsky <[hidden email]>

commit 6cc3b24235929b54acd5ecc987ef11a425bd209e upstream.

For interim responses we only need to parse a header and update
a number credits. Now it is done for all SMB2+ command except
SMB2_READ which is wrong. Fix this by adding such processing.

Signed-off-by: Pavel Shilovsky <[hidden email]>
Tested-by: Shirish Pargaonkar <[hidden email]>
Signed-off-by: Steve French <[hidden email]>
Signed-off-by: Greg Kroah-Hartman <[hidden email]>

---
 fs/cifs/cifssmb.c |   21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -1396,11 +1396,10 @@ openRetry:
  * current bigbuf.
  */
 static int
-cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid)
+discard_remaining_data(struct TCP_Server_Info *server)
 {
  unsigned int rfclen = get_rfc1002_length(server->smallbuf);
  int remaining = rfclen + 4 - server->total_read;
- struct cifs_readdata *rdata = mid->callback_data;
 
  while (remaining > 0) {
  int length;
@@ -1414,10 +1413,20 @@ cifs_readv_discard(struct TCP_Server_Inf
  remaining -= length;
  }
 
- dequeue_mid(mid, rdata->result);
  return 0;
 }
 
+static int
+cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid)
+{
+ int length;
+ struct cifs_readdata *rdata = mid->callback_data;
+
+ length = discard_remaining_data(server);
+ dequeue_mid(mid, rdata->result);
+ return length;
+}
+
 int
 cifs_readv_receive(struct TCP_Server_Info *server, struct mid_q_entry *mid)
 {
@@ -1446,6 +1455,12 @@ cifs_readv_receive(struct TCP_Server_Inf
  return length;
  server->total_read += length;
 
+ if (server->ops->is_status_pending &&
+    server->ops->is_status_pending(buf, server, 0)) {
+ discard_remaining_data(server);
+ return -1;
+ }
+
  /* Was the SMB read successful? */
  rdata->result = server->ops->map_error(buf, false);
  if (rdata->result != 0) {


Reply | Threaded
Open this post in threaded view
|

[PATCH 4.4 13/74] cifs: fix out-of-bounds access in lease parsing

Greg KH-4
In reply to this post by Greg KH-4
4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Justin Maggard <[hidden email]>

commit deb7deff2f00bdbbcb3d560dad2a89ef37df837d upstream.

When opening a file, SMB2_open() attempts to parse the lease state from the
SMB2 CREATE Response.  However, the parsing code was not careful to ensure
that the create contexts are not empty or invalid, which can lead to out-
of-bounds memory access.  This can be seen easily by trying
to read a file from a OSX 10.11 SMB3 server.  Here is sample crash output:

BUG: unable to handle kernel paging request at ffff8800a1a77cc6
IP: [<ffffffff8828a734>] SMB2_open+0x804/0x960
PGD 8f77067 PUD 0
Oops: 0000 [#1] SMP
Modules linked in:
CPU: 3 PID: 2876 Comm: cp Not tainted 4.5.0-rc3.x86_64.1+ #14
Hardware name: NETGEAR ReadyNAS 314          /ReadyNAS 314          , BIOS 4.6.5 10/11/2012
task: ffff880073cdc080 ti: ffff88005b31c000 task.ti: ffff88005b31c000
RIP: 0010:[<ffffffff8828a734>]  [<ffffffff8828a734>] SMB2_open+0x804/0x960
RSP: 0018:ffff88005b31fa08  EFLAGS: 00010282
RAX: 0000000000000015 RBX: 0000000000000000 RCX: 0000000000000006
RDX: 0000000000000000 RSI: 0000000000000246 RDI: ffff88007eb8c8b0
RBP: ffff88005b31fad8 R08: 666666203d206363 R09: 6131613030383866
R10: 3030383866666666 R11: 00000000000002b0 R12: ffff8800660fd800
R13: ffff8800a1a77cc2 R14: 00000000424d53fe R15: ffff88005f5a28c0
FS:  00007f7c8a2897c0(0000) GS:ffff88007eb80000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: ffff8800a1a77cc6 CR3: 000000005b281000 CR4: 00000000000006e0
Stack:
 ffff88005b31fa70 ffffffff88278789 00000000000001d3 ffff88005f5a2a80
 ffffffff00000003 ffff88005d029d00 ffff88006fde05a0 0000000000000000
 ffff88005b31fc78 ffff88006fde0780 ffff88005b31fb2f 0000000100000fe0
Call Trace:
 [<ffffffff88278789>] ? cifsConvertToUTF16+0x159/0x2d0
 [<ffffffff8828cf68>] smb2_open_file+0x98/0x210
 [<ffffffff8811e80c>] ? __kmalloc+0x1c/0xe0
 [<ffffffff882685f4>] cifs_open+0x2a4/0x720
 [<ffffffff88122cef>] do_dentry_open+0x1ff/0x310
 [<ffffffff88268350>] ? cifsFileInfo_get+0x30/0x30
 [<ffffffff88123d92>] vfs_open+0x52/0x60
 [<ffffffff88131dd0>] path_openat+0x170/0xf70
 [<ffffffff88097d48>] ? remove_wait_queue+0x48/0x50
 [<ffffffff88133a29>] do_filp_open+0x79/0xd0
 [<ffffffff8813f2ca>] ? __alloc_fd+0x3a/0x170
 [<ffffffff881240c4>] do_sys_open+0x114/0x1e0
 [<ffffffff881241a9>] SyS_open+0x19/0x20
 [<ffffffff8896e257>] entry_SYSCALL_64_fastpath+0x12/0x6a
Code: 4d 8d 6c 07 04 31 c0 4c 89 ee e8 47 6f e5 ff 31 c9 41 89 ce 44 89 f1 48 c7 c7 28 b1 bd 88 31 c0 49 01 cd 4c 89 ee e8 2b 6f e5 ff <45> 0f b7 75 04 48 c7 c7 31 b1 bd 88 31 c0 4d 01 ee 4c 89 f6 e8
RIP  [<ffffffff8828a734>] SMB2_open+0x804/0x960
 RSP <ffff88005b31fa08>
CR2: ffff8800a1a77cc6
---[ end trace d9f69ba64feee469 ]---

Signed-off-by: Justin Maggard <[hidden email]>
Signed-off-by: Steve French <[hidden email]>
Signed-off-by: Greg Kroah-Hartman <[hidden email]>

---
 fs/cifs/smb2pdu.c |   24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -1109,21 +1109,25 @@ parse_lease_state(struct TCP_Server_Info
 {
  char *data_offset;
  struct create_context *cc;
- unsigned int next = 0;
+ unsigned int next;
+ unsigned int remaining;
  char *name;
 
  data_offset = (char *)rsp + 4 + le32_to_cpu(rsp->CreateContextsOffset);
+ remaining = le32_to_cpu(rsp->CreateContextsLength);
  cc = (struct create_context *)data_offset;
- do {
- cc = (struct create_context *)((char *)cc + next);
+ while (remaining >= sizeof(struct create_context)) {
  name = le16_to_cpu(cc->NameOffset) + (char *)cc;
- if (le16_to_cpu(cc->NameLength) != 4 ||
-    strncmp(name, "RqLs", 4)) {
- next = le32_to_cpu(cc->Next);
- continue;
- }
- return server->ops->parse_lease_buf(cc, epoch);
- } while (next != 0);
+ if (le16_to_cpu(cc->NameLength) == 4 &&
+    strncmp(name, "RqLs", 4) == 0)
+ return server->ops->parse_lease_buf(cc, epoch);
+
+ next = le32_to_cpu(cc->Next);
+ if (!next)
+ break;
+ remaining -= next;
+ cc = (struct create_context *)((char *)cc + next);
+ }
 
  return 0;
 }


Reply | Threaded
Open this post in threaded view
|

[PATCH 4.4 11/74] kvm: x86: Update tsc multiplier on change.

Greg KH-4
In reply to this post by Greg KH-4
4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Owen Hofmann <[hidden email]>

commit 2680d6da455b636dd006636780c0f235c6561d70 upstream.

vmx.c writes the TSC_MULTIPLIER field in vmx_vcpu_load, but only when a
vcpu has migrated physical cpus. Record the last value written and
update in vmx_vcpu_load on any change, otherwise a cpu migration must
occur for TSC frequency scaling to take effect.

Fixes: ff2c3a1803775cc72dc6f624b59554956396b0ee
Signed-off-by: Owen Hofmann <[hidden email]>
Signed-off-by: Paolo Bonzini <[hidden email]>
Signed-off-by: Greg Kroah-Hartman <[hidden email]>

---
 arch/x86/kvm/vmx.c |   14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -595,6 +595,8 @@ struct vcpu_vmx {
  /* Support for PML */
 #define PML_ENTITY_NUM 512
  struct page *pml_pg;
+
+ u64 current_tsc_ratio;
 };
 
 enum segment_cache_field {
@@ -2062,14 +2064,16 @@ static void vmx_vcpu_load(struct kvm_vcp
  rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp);
  vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */
 
- /* Setup TSC multiplier */
- if (cpu_has_vmx_tsc_scaling())
- vmcs_write64(TSC_MULTIPLIER,
-     vcpu->arch.tsc_scaling_ratio);
-
  vmx->loaded_vmcs->cpu = cpu;
  }
 
+ /* Setup TSC multiplier */
+ if (kvm_has_tsc_control &&
+    vmx->current_tsc_ratio != vcpu->arch.tsc_scaling_ratio) {
+ vmx->current_tsc_ratio = vcpu->arch.tsc_scaling_ratio;
+ vmcs_write64(TSC_MULTIPLIER, vmx->current_tsc_ratio);
+ }
+
  vmx_vcpu_pi_load(vcpu, cpu);
 }
 


Reply | Threaded
Open this post in threaded view
|

[PATCH 4.4 01/74] use ->d_seq to get coherency between ->d_inode and ->d_flags

Greg KH-4
In reply to this post by Greg KH-4
4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Al Viro <[hidden email]>

commit a528aca7f359f4b0b1d72ae406097e491a5ba9ea upstream.

Games with ordering and barriers are way too brittle.  Just
bump ->d_seq before and after updating ->d_inode and ->d_flags
type bits, so that verifying ->d_seq would guarantee they are
coherent.

Signed-off-by: Al Viro <[hidden email]>
Signed-off-by: Greg Kroah-Hartman <[hidden email]>

---
 fs/dcache.c            |   20 +++++---------------
 include/linux/dcache.h |    4 +---
 2 files changed, 6 insertions(+), 18 deletions(-)

--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -269,9 +269,6 @@ static inline int dname_external(const s
  return dentry->d_name.name != dentry->d_iname;
 }
 
-/*
- * Make sure other CPUs see the inode attached before the type is set.
- */
 static inline void __d_set_inode_and_type(struct dentry *dentry,
   struct inode *inode,
   unsigned type_flags)
@@ -279,28 +276,18 @@ static inline void __d_set_inode_and_typ
  unsigned flags;
 
  dentry->d_inode = inode;
- smp_wmb();
  flags = READ_ONCE(dentry->d_flags);
  flags &= ~(DCACHE_ENTRY_TYPE | DCACHE_FALLTHRU);
  flags |= type_flags;
  WRITE_ONCE(dentry->d_flags, flags);
 }
 
-/*
- * Ideally, we want to make sure that other CPUs see the flags cleared before
- * the inode is detached, but this is really a violation of RCU principles
- * since the ordering suggests we should always set inode before flags.
- *
- * We should instead replace or discard the entire dentry - but that sucks
- * performancewise on mass deletion/rename.
- */
 static inline void __d_clear_type_and_inode(struct dentry *dentry)
 {
  unsigned flags = READ_ONCE(dentry->d_flags);
 
  flags &= ~(DCACHE_ENTRY_TYPE | DCACHE_FALLTHRU);
  WRITE_ONCE(dentry->d_flags, flags);
- smp_wmb();
  dentry->d_inode = NULL;
 }
 
@@ -370,9 +357,11 @@ static void dentry_unlink_inode(struct d
  __releases(dentry->d_inode->i_lock)
 {
  struct inode *inode = dentry->d_inode;
+
+ raw_write_seqcount_begin(&dentry->d_seq);
  __d_clear_type_and_inode(dentry);
  hlist_del_init(&dentry->d_u.d_alias);
- dentry_rcuwalk_invalidate(dentry);
+ raw_write_seqcount_end(&dentry->d_seq);
  spin_unlock(&dentry->d_lock);
  spin_unlock(&inode->i_lock);
  if (!inode->i_nlink)
@@ -1757,8 +1746,9 @@ static void __d_instantiate(struct dentr
  spin_lock(&dentry->d_lock);
  if (inode)
  hlist_add_head(&dentry->d_u.d_alias, &inode->i_dentry);
+ raw_write_seqcount_begin(&dentry->d_seq);
  __d_set_inode_and_type(dentry, inode, add_flags);
- dentry_rcuwalk_invalidate(dentry);
+ raw_write_seqcount_end(&dentry->d_seq);
  spin_unlock(&dentry->d_lock);
  fsnotify_d_instantiate(dentry, inode);
 }
--- a/include/linux/dcache.h
+++ b/include/linux/dcache.h
@@ -409,9 +409,7 @@ static inline bool d_mountpoint(const st
  */
 static inline unsigned __d_entry_type(const struct dentry *dentry)
 {
- unsigned type = READ_ONCE(dentry->d_flags);
- smp_rmb();
- return type & DCACHE_ENTRY_TYPE;
+ return dentry->d_flags & DCACHE_ENTRY_TYPE;
 }
 
 static inline bool d_is_miss(const struct dentry *dentry)


Reply | Threaded
Open this post in threaded view
|

[PATCH 4.4 71/74] drm/i915: more virtual south bridge detection

Greg KH-4
In reply to this post by Greg KH-4
4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Gerd Hoffmann <[hidden email]>

commit 39bfcd5235e07e95ad3e70eab8e0b85db181de9e upstream.

Commit "30c964a drm/i915: Detect virtual south bridge" detects and
handles the southbridge emulated by vmware esx.  Add the ich9 south
bridge emulated by 'qemu -M q35'.

Signed-off-by: Gerd Hoffmann <[hidden email]>
Signed-off-by: Daniel Vetter <[hidden email]>
Signed-off-by: Greg Kroah-Hartman <[hidden email]>

---
 drivers/gpu/drm/i915/i915_drv.c |    3 ++-
 drivers/gpu/drm/i915/i915_drv.h |    1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

--- a/drivers/gpu/drm/i915/i915_drv.c
+++ b/drivers/gpu/drm/i915/i915_drv.c
@@ -531,7 +531,8 @@ void intel_detect_pch(struct drm_device
  dev_priv->pch_type = PCH_SPT;
  DRM_DEBUG_KMS("Found SunrisePoint LP PCH\n");
  WARN_ON(!IS_SKYLAKE(dev));
- } else if (id == INTEL_PCH_P2X_DEVICE_ID_TYPE) {
+ } else if ((id == INTEL_PCH_P2X_DEVICE_ID_TYPE) ||
+   (id == INTEL_PCH_QEMU_DEVICE_ID_TYPE)) {
  dev_priv->pch_type = intel_virt_detect_pch(dev);
  } else
  continue;
--- a/drivers/gpu/drm/i915/i915_drv.h
+++ b/drivers/gpu/drm/i915/i915_drv.h
@@ -2614,6 +2614,7 @@ struct drm_i915_cmd_table {
 #define INTEL_PCH_SPT_DEVICE_ID_TYPE 0xA100
 #define INTEL_PCH_SPT_LP_DEVICE_ID_TYPE 0x9D00
 #define INTEL_PCH_P2X_DEVICE_ID_TYPE 0x7100
+#define INTEL_PCH_QEMU_DEVICE_ID_TYPE 0x2900 /* qemu q35 has 2918 */
 
 #define INTEL_PCH_TYPE(dev) (__I915__(dev)->pch_type)
 #define HAS_PCH_SPT(dev) (INTEL_PCH_TYPE(dev) == PCH_SPT)


Reply | Threaded
Open this post in threaded view
|

[PATCH 4.4 69/74] block: check virt boundary in bio_will_gap()

Greg KH-4
In reply to this post by Greg KH-4
4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Ming Lei <[hidden email]>

commit e0af29171aa8912e1ca95023b75ef336cd70d661 upstream.

In the following patch, the way for figuring out
the last bvec will be changed with a bit cost introduced,
so return immediately if the queue doesn't have virt
boundary limit. Actually most of devices have not
this limit.

Reviewed-by: Sagi Grimberg <[hidden email]>
Reviewed-by: Christoph Hellwig <[hidden email]>
Signed-off-by: Ming Lei <[hidden email]>
Signed-off-by: Jens Axboe <[hidden email]>
Signed-off-by: Greg Kroah-Hartman <[hidden email]>

---
 include/linux/blkdev.h |   16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
@@ -1367,6 +1367,13 @@ static inline void put_dev_sector(Sector
  page_cache_release(p.v);
 }
 
+static inline bool __bvec_gap_to_prev(struct request_queue *q,
+ struct bio_vec *bprv, unsigned int offset)
+{
+ return offset ||
+ ((bprv->bv_offset + bprv->bv_len) & queue_virt_boundary(q));
+}
+
 /*
  * Check if adding a bio_vec after bprv with offset would create a gap in
  * the SG list. Most drivers don't care about this, but some do.
@@ -1376,18 +1383,17 @@ static inline bool bvec_gap_to_prev(stru
 {
  if (!queue_virt_boundary(q))
  return false;
- return offset ||
- ((bprv->bv_offset + bprv->bv_len) & queue_virt_boundary(q));
+ return __bvec_gap_to_prev(q, bprv, offset);
 }
 
 static inline bool bio_will_gap(struct request_queue *q, struct bio *prev,
  struct bio *next)
 {
- if (!bio_has_data(prev))
+ if (!bio_has_data(prev) || !queue_virt_boundary(q))
  return false;
 
- return bvec_gap_to_prev(q, &prev->bi_io_vec[prev->bi_vcnt - 1],
- next->bi_io_vec[0].bv_offset);
+ return __bvec_gap_to_prev(q, &prev->bi_io_vec[prev->bi_vcnt - 1],
+  next->bi_io_vec[0].bv_offset);
 }
 
 static inline bool req_gap_back_merge(struct request *req, struct bio *bio)


Reply | Threaded
Open this post in threaded view
|

[PATCH 4.4 70/74] block: get the 1st and last bvec via helpers

Greg KH-4
In reply to this post by Greg KH-4
4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Ming Lei <[hidden email]>

commit 25e71a99f10e444cd00bb2ebccb11e1c9fb672b1 upstream.

This patch applies the two introduced helpers to
figure out the 1st and last bvec, and fixes the
original way after bio splitting.

Reported-by: Sagi Grimberg <[hidden email]>
Reviewed-by: Sagi Grimberg <[hidden email]>
Reviewed-by: Christoph Hellwig <[hidden email]>
Signed-off-by: Ming Lei <[hidden email]>
Signed-off-by: Jens Axboe <[hidden email]>
Signed-off-by: Greg Kroah-Hartman <[hidden email]>

---
 include/linux/blkdev.h |   13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
@@ -1389,11 +1389,16 @@ static inline bool bvec_gap_to_prev(stru
 static inline bool bio_will_gap(struct request_queue *q, struct bio *prev,
  struct bio *next)
 {
- if (!bio_has_data(prev) || !queue_virt_boundary(q))
- return false;
+ if (bio_has_data(prev) && queue_virt_boundary(q)) {
+ struct bio_vec pb, nb;
 
- return __bvec_gap_to_prev(q, &prev->bi_io_vec[prev->bi_vcnt - 1],
-  next->bi_io_vec[0].bv_offset);
+ bio_get_last_bvec(prev, &pb);
+ bio_get_first_bvec(next, &nb);
+
+ return __bvec_gap_to_prev(q, &pb, nb.bv_offset);
+ }
+
+ return false;
 }
 
 static inline bool req_gap_back_merge(struct request *req, struct bio *bio)


Reply | Threaded
Open this post in threaded view
|

[PATCH 4.4 67/74] thermal: cpu_cooling: fix out of bounds access in time_in_idle

Greg KH-4
In reply to this post by Greg KH-4
4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Javi Merino <[hidden email]>

commit a53b8394ec3c67255928df6ee9cc99dd1cd452e3 upstream.

In __cpufreq_cooling_register() we allocate the arrays for time_in_idle
and time_in_idle_timestamp to be as big as the number of cpus in this
cpufreq device.  However, in get_load() we access this array using the
cpu number as index, which can result in an out of bound access.

Index time_in_idle{,_timestamp} using the index in the cpufreq_device's
allowed_cpus mask, as we do for the load_cpu array in
cpufreq_get_requested_power()

Reported-by: Nicolas Boichat <[hidden email]>
Cc: Amit Daniel Kachhap <[hidden email]>
Cc: Zhang Rui <[hidden email]>
Cc: Eduardo Valentin <[hidden email]>
Tested-by: Nicolas Boichat <[hidden email]>
Acked-by: Viresh Kumar <[hidden email]>
Signed-off-by: Javi Merino <[hidden email]>
Signed-off-by: Eduardo Valentin <[hidden email]>
Signed-off-by: Greg Kroah-Hartman <[hidden email]>

---
 drivers/thermal/cpu_cooling.c |   14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

--- a/drivers/thermal/cpu_cooling.c
+++ b/drivers/thermal/cpu_cooling.c
@@ -377,26 +377,28 @@ static u32 cpu_power_to_freq(struct cpuf
  * get_load() - get load for a cpu since last updated
  * @cpufreq_device: &struct cpufreq_cooling_device for this cpu
  * @cpu: cpu number
+ * @cpu_idx: index of the cpu in cpufreq_device->allowed_cpus
  *
  * Return: The average load of cpu @cpu in percentage since this
  * function was last called.
  */
-static u32 get_load(struct cpufreq_cooling_device *cpufreq_device, int cpu)
+static u32 get_load(struct cpufreq_cooling_device *cpufreq_device, int cpu,
+    int cpu_idx)
 {
  u32 load;
  u64 now, now_idle, delta_time, delta_idle;
 
  now_idle = get_cpu_idle_time(cpu, &now, 0);
- delta_idle = now_idle - cpufreq_device->time_in_idle[cpu];
- delta_time = now - cpufreq_device->time_in_idle_timestamp[cpu];
+ delta_idle = now_idle - cpufreq_device->time_in_idle[cpu_idx];
+ delta_time = now - cpufreq_device->time_in_idle_timestamp[cpu_idx];
 
  if (delta_time <= delta_idle)
  load = 0;
  else
  load = div64_u64(100 * (delta_time - delta_idle), delta_time);
 
- cpufreq_device->time_in_idle[cpu] = now_idle;
- cpufreq_device->time_in_idle_timestamp[cpu] = now;
+ cpufreq_device->time_in_idle[cpu_idx] = now_idle;
+ cpufreq_device->time_in_idle_timestamp[cpu_idx] = now;
 
  return load;
 }
@@ -598,7 +600,7 @@ static int cpufreq_get_requested_power(s
  u32 load;
 
  if (cpu_online(cpu))
- load = get_load(cpufreq_device, cpu);
+ load = get_load(cpufreq_device, cpu, i);
  else
  load = 0;
 


Reply | Threaded
Open this post in threaded view
|

[PATCH 4.4 66/74] i2c: brcmstb: allocate correct amount of memory for regmap

Greg KH-4
In reply to this post by Greg KH-4
4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Wolfram Sang <[hidden email]>

commit 7314d22a2f5bd40468d57768be368c3d9b4bd726 upstream.

We want the size of the struct, not of a pointer to it. To be future
proof, just dereference the pointer to get the desired type.

Fixes: dd1aa2524bc5 ("i2c: brcmstb: Add Broadcom settop SoC i2c controller driver")
Acked-by: Gregory Fong <[hidden email]>
Acked-by: Florian Fainelli <[hidden email]>
Reviewed-by: Kamal Dasu <[hidden email]>
Signed-off-by: Wolfram Sang <[hidden email]>
Signed-off-by: Greg Kroah-Hartman <[hidden email]>

---
 drivers/i2c/busses/i2c-brcmstb.c |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

--- a/drivers/i2c/busses/i2c-brcmstb.c
+++ b/drivers/i2c/busses/i2c-brcmstb.c
@@ -562,8 +562,7 @@ static int brcmstb_i2c_probe(struct plat
  if (!dev)
  return -ENOMEM;
 
- dev->bsc_regmap = devm_kzalloc(&pdev->dev, sizeof(struct bsc_regs *),
-       GFP_KERNEL);
+ dev->bsc_regmap = devm_kzalloc(&pdev->dev, sizeof(*dev->bsc_regmap), GFP_KERNEL);
  if (!dev->bsc_regmap)
  return -ENOMEM;
 


Reply | Threaded
Open this post in threaded view
|

[PATCH 4.4 17/74] KVM: x86: fix root cause for missed hardware breakpoints

Greg KH-4
In reply to this post by Greg KH-4
4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Paolo Bonzini <[hidden email]>

commit 70e4da7a8ff62f2775337b705f45c804bb450454 upstream.

Commit 172b2386ed16 ("KVM: x86: fix missed hardware breakpoints",
2016-02-10) worked around a case where the debug registers are not loaded
correctly on preemption and on the first entry to KVM_RUN.

However, Xiao Guangrong pointed out that the root cause must be that
KVM_DEBUGREG_BP_ENABLED is not being set correctly.  This can indeed
happen due to the lazy debug exit mechanism, which does not call
kvm_update_dr7.  Fix it by replacing the existing loop (more or less
equivalent to kvm_update_dr0123) with calls to all the kvm_update_dr*
functions.

Fixes: 172b2386ed16a9143d9a456aae5ec87275c61489
Reviewed-by: Xiao Guangrong <[hidden email]>
Signed-off-by: Paolo Bonzini <[hidden email]>
Signed-off-by: Greg Kroah-Hartman <[hidden email]>

---
 arch/x86/kvm/x86.c |    9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -2736,7 +2736,6 @@ void kvm_arch_vcpu_load(struct kvm_vcpu
  }
 
  kvm_make_request(KVM_REQ_STEAL_UPDATE, vcpu);
- vcpu->arch.switch_db_regs |= KVM_DEBUGREG_RELOAD;
 }
 
 void kvm_arch_vcpu_put(struct kvm_vcpu *vcpu)
@@ -6545,12 +6544,12 @@ static int vcpu_enter_guest(struct kvm_v
  * KVM_DEBUGREG_WONT_EXIT again.
  */
  if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)) {
- int i;
-
  WARN_ON(vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP);
  kvm_x86_ops->sync_dirty_debug_regs(vcpu);
- for (i = 0; i < KVM_NR_DB_REGS; i++)
- vcpu->arch.eff_db[i] = vcpu->arch.db[i];
+ kvm_update_dr0123(vcpu);
+ kvm_update_dr6(vcpu);
+ kvm_update_dr7(vcpu);
+ vcpu->arch.switch_db_regs &= ~KVM_DEBUGREG_RELOAD;
  }
 
  /*


Reply | Threaded
Open this post in threaded view
|

[PATCH 4.4 22/74] target: Fix WRITE_SAME/DISCARD conversion to linux 512b sectors

Greg KH-4
In reply to this post by Greg KH-4
4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Mike Christie <[hidden email]>

commit 8a9ebe717a133ba7bc90b06047f43cc6b8bcb8b3 upstream.

In a couple places we are not converting to/from the Linux
block layer 512 bytes sectors.

1.

The request queue values and what we do are a mismatch of
things:

max_discard_sectors - This is in linux block layer 512 byte
sectors. We are just copying this to max_unmap_lba_count.

discard_granularity - This is in bytes. We are converting it
to Linux block layer 512 byte sectors.

discard_alignment - This is in bytes. We are just copying
this over.

The problem is that the core LIO code exports these values in
spc_emulate_evpd_b0 and we use them to test request arguments
in sbc_execute_unmap, but we never convert to the block size
we export to the initiator. If we are not using 512 byte sectors
then we are exporting the wrong values or are checks are off.
And, for the discard_alignment/bytes case we are just plain messed
up.

2.

blkdev_issue_discard's start and number of sector arguments
are supposed to be in linux block layer 512 byte sectors. We are
currently passing in the values we get from the initiator which
might be based on some other sector size.

There is a similar problem in iblock_execute_write_same where
the bio functions want values in 512 byte sectors but we are
passing in what we got from the initiator.

Signed-off-by: Mike Christie <[hidden email]>
Signed-off-by: Nicholas Bellinger <[hidden email]>
[ kamal: backport to 4.4-stable: no unmap_zeroes_data ]
Signed-off-by: Kamal Mostafa <[hidden email]>
Signed-off-by: Greg Kroah-Hartman <[hidden email]>
---
 drivers/target/target_core_device.c  |   43 ++++++++++++++++++++++++++
 drivers/target/target_core_file.c    |   29 +++++-------------
 drivers/target/target_core_iblock.c  |   56 ++++++++---------------------------
 include/target/target_core_backend.h |    3 +
 4 files changed, 69 insertions(+), 62 deletions(-)

--- a/drivers/target/target_core_device.c
+++ b/drivers/target/target_core_device.c
@@ -826,6 +826,49 @@ struct se_device *target_alloc_device(st
  return dev;
 }
 
+/*
+ * Check if the underlying struct block_device request_queue supports
+ * the QUEUE_FLAG_DISCARD bit for UNMAP/WRITE_SAME in SCSI + TRIM
+ * in ATA and we need to set TPE=1
+ */
+bool target_configure_unmap_from_queue(struct se_dev_attrib *attrib,
+       struct request_queue *q, int block_size)
+{
+ if (!blk_queue_discard(q))
+ return false;
+
+ attrib->max_unmap_lba_count = (q->limits.max_discard_sectors << 9) /
+ block_size;
+ /*
+ * Currently hardcoded to 1 in Linux/SCSI code..
+ */
+ attrib->max_unmap_block_desc_count = 1;
+ attrib->unmap_granularity = q->limits.discard_granularity / block_size;
+ attrib->unmap_granularity_alignment = q->limits.discard_alignment /
+ block_size;
+ return true;
+}
+EXPORT_SYMBOL(target_configure_unmap_from_queue);
+
+/*
+ * Convert from blocksize advertised to the initiator to the 512 byte
+ * units unconditionally used by the Linux block layer.
+ */
+sector_t target_to_linux_sector(struct se_device *dev, sector_t lb)
+{
+ switch (dev->dev_attrib.block_size) {
+ case 4096:
+ return lb << 3;
+ case 2048:
+ return lb << 2;
+ case 1024:
+ return lb << 1;
+ default:
+ return lb;
+ }
+}
+EXPORT_SYMBOL(target_to_linux_sector);
+
 int target_configure_device(struct se_device *dev)
 {
  struct se_hba *hba = dev->se_hba;
--- a/drivers/target/target_core_file.c
+++ b/drivers/target/target_core_file.c
@@ -160,25 +160,11 @@ static int fd_configure_device(struct se
  " block_device blocks: %llu logical_block_size: %d\n",
  dev_size, div_u64(dev_size, fd_dev->fd_block_size),
  fd_dev->fd_block_size);
- /*
- * Check if the underlying struct block_device request_queue supports
- * the QUEUE_FLAG_DISCARD bit for UNMAP/WRITE_SAME in SCSI + TRIM
- * in ATA and we need to set TPE=1
- */
- if (blk_queue_discard(q)) {
- dev->dev_attrib.max_unmap_lba_count =
- q->limits.max_discard_sectors;
- /*
- * Currently hardcoded to 1 in Linux/SCSI code..
- */
- dev->dev_attrib.max_unmap_block_desc_count = 1;
- dev->dev_attrib.unmap_granularity =
- q->limits.discard_granularity >> 9;
- dev->dev_attrib.unmap_granularity_alignment =
- q->limits.discard_alignment;
+
+ if (target_configure_unmap_from_queue(&dev->dev_attrib, q,
+      fd_dev->fd_block_size))
  pr_debug("IFILE: BLOCK Discard support available,"
- " disabled by default\n");
- }
+ " disabled by default\n");
  /*
  * Enable write same emulation for IBLOCK and use 0xFFFF as
  * the smaller WRITE_SAME(10) only has a two-byte block count.
@@ -490,9 +476,12 @@ fd_execute_unmap(struct se_cmd *cmd, sec
  if (S_ISBLK(inode->i_mode)) {
  /* The backend is block device, use discard */
  struct block_device *bdev = inode->i_bdev;
+ struct se_device *dev = cmd->se_dev;
 
- ret = blkdev_issue_discard(bdev, lba,
- nolb, GFP_KERNEL, 0);
+ ret = blkdev_issue_discard(bdev,
+   target_to_linux_sector(dev, lba),
+   target_to_linux_sector(dev,  nolb),
+   GFP_KERNEL, 0);
  if (ret < 0) {
  pr_warn("FILEIO: blkdev_issue_discard() failed: %d\n",
  ret);
--- a/drivers/target/target_core_iblock.c
+++ b/drivers/target/target_core_iblock.c
@@ -121,27 +121,11 @@ static int iblock_configure_device(struc
  dev->dev_attrib.hw_max_sectors = queue_max_hw_sectors(q);
  dev->dev_attrib.hw_queue_depth = q->nr_requests;
 
- /*
- * Check if the underlying struct block_device request_queue supports
- * the QUEUE_FLAG_DISCARD bit for UNMAP/WRITE_SAME in SCSI + TRIM
- * in ATA and we need to set TPE=1
- */
- if (blk_queue_discard(q)) {
- dev->dev_attrib.max_unmap_lba_count =
- q->limits.max_discard_sectors;
-
- /*
- * Currently hardcoded to 1 in Linux/SCSI code..
- */
- dev->dev_attrib.max_unmap_block_desc_count = 1;
- dev->dev_attrib.unmap_granularity =
- q->limits.discard_granularity >> 9;
- dev->dev_attrib.unmap_granularity_alignment =
- q->limits.discard_alignment;
-
+ if (target_configure_unmap_from_queue(&dev->dev_attrib, q,
+      dev->dev_attrib.hw_block_size))
  pr_debug("IBLOCK: BLOCK Discard support available,"
- " disabled by default\n");
- }
+ " disabled by default\n");
+
  /*
  * Enable write same emulation for IBLOCK and use 0xFFFF as
  * the smaller WRITE_SAME(10) only has a two-byte block count.
@@ -413,9 +397,13 @@ static sense_reason_t
 iblock_execute_unmap(struct se_cmd *cmd, sector_t lba, sector_t nolb)
 {
  struct block_device *bdev = IBLOCK_DEV(cmd->se_dev)->ibd_bd;
+ struct se_device *dev = cmd->se_dev;
  int ret;
 
- ret = blkdev_issue_discard(bdev, lba, nolb, GFP_KERNEL, 0);
+ ret = blkdev_issue_discard(bdev,
+   target_to_linux_sector(dev, lba),
+   target_to_linux_sector(dev,  nolb),
+   GFP_KERNEL, 0);
  if (ret < 0) {
  pr_err("blkdev_issue_discard() failed: %d\n", ret);
  return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
@@ -431,8 +419,10 @@ iblock_execute_write_same(struct se_cmd
  struct scatterlist *sg;
  struct bio *bio;
  struct bio_list list;
- sector_t block_lba = cmd->t_task_lba;
- sector_t sectors = sbc_get_write_same_sectors(cmd);
+ struct se_device *dev = cmd->se_dev;
+ sector_t block_lba = target_to_linux_sector(dev, cmd->t_task_lba);
+ sector_t sectors = target_to_linux_sector(dev,
+ sbc_get_write_same_sectors(cmd));
 
  if (cmd->prot_op) {
  pr_err("WRITE_SAME: Protection information with IBLOCK"
@@ -646,12 +636,12 @@ iblock_execute_rw(struct se_cmd *cmd, st
   enum dma_data_direction data_direction)
 {
  struct se_device *dev = cmd->se_dev;
+ sector_t block_lba = target_to_linux_sector(dev, cmd->t_task_lba);
  struct iblock_req *ibr;
  struct bio *bio, *bio_start;
  struct bio_list list;
  struct scatterlist *sg;
  u32 sg_num = sgl_nents;
- sector_t block_lba;
  unsigned bio_cnt;
  int rw = 0;
  int i;
@@ -677,24 +667,6 @@ iblock_execute_rw(struct se_cmd *cmd, st
  rw = READ;
  }
 
- /*
- * Convert the blocksize advertised to the initiator to the 512 byte
- * units unconditionally used by the Linux block layer.
- */
- if (dev->dev_attrib.block_size == 4096)
- block_lba = (cmd->t_task_lba << 3);
- else if (dev->dev_attrib.block_size == 2048)
- block_lba = (cmd->t_task_lba << 2);
- else if (dev->dev_attrib.block_size == 1024)
- block_lba = (cmd->t_task_lba << 1);
- else if (dev->dev_attrib.block_size == 512)
- block_lba = cmd->t_task_lba;
- else {
- pr_err("Unsupported SCSI -> BLOCK LBA conversion:"
- " %u\n", dev->dev_attrib.block_size);
- return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
- }
-
  ibr = kzalloc(sizeof(struct iblock_req), GFP_KERNEL);
  if (!ibr)
  goto fail;
--- a/include/target/target_core_backend.h
+++ b/include/target/target_core_backend.h
@@ -94,5 +94,8 @@ sense_reason_t passthrough_parse_cdb(str
  sense_reason_t (*exec_cmd)(struct se_cmd *cmd));
 
 bool target_sense_desc_format(struct se_device *dev);
+sector_t target_to_linux_sector(struct se_device *dev, sector_t lb);
+bool target_configure_unmap_from_queue(struct se_dev_attrib *attrib,
+       struct request_queue *q, int block_size);
 
 #endif /* TARGET_CORE_BACKEND_H */


Reply | Threaded
Open this post in threaded view
|

[PATCH 4.4 62/74] MIPS: scache: Fix scache init with invalid line size.

Greg KH-4
In reply to this post by Greg KH-4
4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Govindraj Raja <[hidden email]>

commit 56fa81fc9a5445938f3aa2e63d15ab63dc938ad6 upstream.

In current scache init cache line_size is determined from
cpu config register, however if there there no scache
then mips_sc_probe_cm3 function populates a invalid line_size of 2.

The invalid line_size can cause a NULL pointer deference
during r4k_dma_cache_inv as r4k_blast_scache is populated
based on line_size. Scache line_size of 2 is invalid option in
r4k_blast_scache_setup.

This issue was faced during a MIPS I6400 based virtual platform bring up
where scache was not available in virtual platform model.

Signed-off-by: Govindraj Raja <[hidden email]>
Fixes: 7d53e9c4cd21("MIPS: CM3: Add support for CM3 L2 cache.")
Cc: Paul Burton <[hidden email]>
Cc: James Hogan <[hidden email]>
Cc: Ralf Baechle <[hidden email]>
Cc: James Hartley <[hidden email]>
Cc: [hidden email]
Patchwork: https://patchwork.linux-mips.org/patch/12710/
Signed-off-by: Ralf Baechle <[hidden email]>
Signed-off-by: Greg Kroah-Hartman <[hidden email]>

---
 arch/mips/mm/sc-mips.c |   13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

--- a/arch/mips/mm/sc-mips.c
+++ b/arch/mips/mm/sc-mips.c
@@ -164,11 +164,13 @@ static int __init mips_sc_probe_cm3(void
 
  sets = cfg & CM_GCR_L2_CONFIG_SET_SIZE_MSK;
  sets >>= CM_GCR_L2_CONFIG_SET_SIZE_SHF;
- c->scache.sets = 64 << sets;
+ if (sets)
+ c->scache.sets = 64 << sets;
 
  line_sz = cfg & CM_GCR_L2_CONFIG_LINE_SIZE_MSK;
  line_sz >>= CM_GCR_L2_CONFIG_LINE_SIZE_SHF;
- c->scache.linesz = 2 << line_sz;
+ if (line_sz)
+ c->scache.linesz = 2 << line_sz;
 
  assoc = cfg & CM_GCR_L2_CONFIG_ASSOC_MSK;
  assoc >>= CM_GCR_L2_CONFIG_ASSOC_SHF;
@@ -176,9 +178,12 @@ static int __init mips_sc_probe_cm3(void
  c->scache.waysize = c->scache.sets * c->scache.linesz;
  c->scache.waybit = __ffs(c->scache.waysize);
 
- c->scache.flags &= ~MIPS_CACHE_NOT_PRESENT;
+ if (c->scache.linesz) {
+ c->scache.flags &= ~MIPS_CACHE_NOT_PRESENT;
+ return 1;
+ }
 
- return 1;
+ return 0;
 }
 
 void __weak platform_early_l2_init(void)


Reply | Threaded
Open this post in threaded view
|

[PATCH 4.4 61/74] USB: serial: option: add support for Quectel UC20

Greg KH-4
In reply to this post by Greg KH-4
4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Yegor Yefremov <[hidden email]>

commit c0992d0f54847d0d1d85c60fcaa054f175ab1ccd upstream.

Add support for Quectel UC20 and blacklist the QMI interface.

Signed-off-by: Yegor Yefremov <[hidden email]>
[johan: amend commit message ]
Signed-off-by: Johan Hovold <[hidden email]>
Signed-off-by: Greg Kroah-Hartman <[hidden email]>

---
 drivers/usb/serial/option.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -1133,6 +1133,8 @@ static const struct usb_device_id option
  { USB_DEVICE(QUALCOMM_VENDOR_ID, 0x6613)}, /* Onda H600/ZTE MF330 */
  { USB_DEVICE(QUALCOMM_VENDOR_ID, 0x0023)}, /* ONYX 3G device */
  { USB_DEVICE(QUALCOMM_VENDOR_ID, 0x9000)}, /* SIMCom SIM5218 */
+ { USB_DEVICE(QUALCOMM_VENDOR_ID, 0x9003), /* Quectel UC20 */
+  .driver_info = (kernel_ulong_t)&net_intf4_blacklist },
  { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6001) },
  { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_CMU_300) },
  { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6003),


Reply | Threaded
Open this post in threaded view
|

[PATCH 4.4 60/74] USB: serial: option: add support for Telit LE922 PID 0x1045

Greg KH-4
In reply to this post by Greg KH-4
4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Daniele Palmas <[hidden email]>

commit 5deef5551c77e488922cc4bf4bc76df63be650d0 upstream.

This patch adds support for 0x1045 PID of Telit LE922.

Signed-off-by: Daniele Palmas <[hidden email]>
Signed-off-by: Johan Hovold <[hidden email]>
Signed-off-by: Greg Kroah-Hartman <[hidden email]>

---
 drivers/usb/serial/option.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -270,6 +270,7 @@ static void option_instat_callback(struc
 #define TELIT_PRODUCT_UE910_V2 0x1012
 #define TELIT_PRODUCT_LE922_USBCFG0 0x1042
 #define TELIT_PRODUCT_LE922_USBCFG3 0x1043
+#define TELIT_PRODUCT_LE922_USBCFG5 0x1045
 #define TELIT_PRODUCT_LE920 0x1200
 #define TELIT_PRODUCT_LE910 0x1201
 
@@ -1183,6 +1184,8 @@ static const struct usb_device_id option
  .driver_info = (kernel_ulong_t)&telit_le922_blacklist_usbcfg0 },
  { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE922_USBCFG3),
  .driver_info = (kernel_ulong_t)&telit_le922_blacklist_usbcfg3 },
+ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, TELIT_PRODUCT_LE922_USBCFG5, 0xff),
+ .driver_info = (kernel_ulong_t)&telit_le922_blacklist_usbcfg0 },
  { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE910),
  .driver_info = (kernel_ulong_t)&telit_le910_blacklist },
  { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE920),


Reply | Threaded
Open this post in threaded view
|

[PATCH 4.4 57/74] USB: cp210x: Add ID for Parrot NMEA GPS Flight Recorder

Greg KH-4
In reply to this post by Greg KH-4
4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Vittorio Alfieri <[hidden email]>

commit 3c4c615d70c8cbdc8ba8c79ed702640930652a79 upstream.

The Parrot NMEA GPS Flight Recorder is a USB composite device
consisting of hub, flash storage, and cp210x usb to serial chip.
It is an accessory to the mass-produced Parrot AR Drone 2.
The device emits standard NMEA messages which make the it compatible
with NMEA compatible software. It was tested using gpsd version 3.11-3
as an NMEA interpreter and using the official Parrot Flight Recorder.

Signed-off-by: Vittorio Alfieri <[hidden email]>
Signed-off-by: Johan Hovold <[hidden email]>
Signed-off-by: Greg Kroah-Hartman <[hidden email]>

---
 drivers/usb/serial/cp210x.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/usb/serial/cp210x.c
+++ b/drivers/usb/serial/cp210x.c
@@ -164,6 +164,7 @@ static const struct usb_device_id id_tab
  { USB_DEVICE(0x18EF, 0xE025) }, /* ELV Marble Sound Board 1 */
  { USB_DEVICE(0x1901, 0x0190) }, /* GE B850 CP2105 Recorder interface */
  { USB_DEVICE(0x1901, 0x0193) }, /* GE B650 CP2104 PMC interface */
+ { USB_DEVICE(0x19CF, 0x3000) }, /* Parrot NMEA GPS Flight Recorder */
  { USB_DEVICE(0x1ADB, 0x0001) }, /* Schweitzer Engineering C662 Cable */
  { USB_DEVICE(0x1B1C, 0x1C00) }, /* Corsair USB Dongle */
  { USB_DEVICE(0x1BA4, 0x0002) }, /* Silicon Labs 358x factory default */


Reply | Threaded
Open this post in threaded view
|

[PATCH 4.4 21/74] iommu/vt-d: Use BUS_NOTIFY_REMOVED_DEVICE in hotplug path

Greg KH-4
In reply to this post by Greg KH-4
4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Joerg Roedel <[hidden email]>

commit e6a8c9b337eed56eb481e1b4dd2180c25a1e5310 upstream.

In the PCI hotplug path of the Intel IOMMU driver, replace
the usage of the BUS_NOTIFY_DEL_DEVICE notifier, which is
executed before the driver is unbound from the device, with
BUS_NOTIFY_REMOVED_DEVICE, which runs after that.

This fixes a kernel BUG being triggered in the VT-d code
when the device driver tries to unmap DMA buffers and the
VT-d driver already destroyed all mappings.

Reported-by: Stefani Seibold <[hidden email]>
Signed-off-by: Joerg Roedel <[hidden email]>
Signed-off-by: Greg Kroah-Hartman <[hidden email]>

---
 drivers/iommu/dmar.c        |    5 +++--
 drivers/iommu/intel-iommu.c |    4 ++--
 2 files changed, 5 insertions(+), 4 deletions(-)

--- a/drivers/iommu/dmar.c
+++ b/drivers/iommu/dmar.c
@@ -329,7 +329,8 @@ static int dmar_pci_bus_notifier(struct
  /* Only care about add/remove events for physical functions */
  if (pdev->is_virtfn)
  return NOTIFY_DONE;
- if (action != BUS_NOTIFY_ADD_DEVICE && action != BUS_NOTIFY_DEL_DEVICE)
+ if (action != BUS_NOTIFY_ADD_DEVICE &&
+    action != BUS_NOTIFY_REMOVED_DEVICE)
  return NOTIFY_DONE;
 
  info = dmar_alloc_pci_notify_info(pdev, action);
@@ -339,7 +340,7 @@ static int dmar_pci_bus_notifier(struct
  down_write(&dmar_global_lock);
  if (action == BUS_NOTIFY_ADD_DEVICE)
  dmar_pci_bus_add_dev(info);
- else if (action == BUS_NOTIFY_DEL_DEVICE)
+ else if (action == BUS_NOTIFY_REMOVED_DEVICE)
  dmar_pci_bus_del_dev(info);
  up_write(&dmar_global_lock);
 
--- a/drivers/iommu/intel-iommu.c
+++ b/drivers/iommu/intel-iommu.c
@@ -4367,7 +4367,7 @@ int dmar_iommu_notify_scope_dev(struct d
  rmrru->devices_cnt);
  if(ret < 0)
  return ret;
- } else if (info->event == BUS_NOTIFY_DEL_DEVICE) {
+ } else if (info->event == BUS_NOTIFY_REMOVED_DEVICE) {
  dmar_remove_dev_scope(info, rmrr->segment,
  rmrru->devices, rmrru->devices_cnt);
  }
@@ -4387,7 +4387,7 @@ int dmar_iommu_notify_scope_dev(struct d
  break;
  else if(ret < 0)
  return ret;
- } else if (info->event == BUS_NOTIFY_DEL_DEVICE) {
+ } else if (info->event == BUS_NOTIFY_REMOVED_DEVICE) {
  if (dmar_remove_dev_scope(info, atsr->segment,
  atsru->devices, atsru->devices_cnt))
  break;


Reply | Threaded
Open this post in threaded view
|

[PATCH 4.4 56/74] usb: chipidea: otg: change workqueue ci_otg as freezable

Greg KH-4
In reply to this post by Greg KH-4
4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Peter Chen <[hidden email]>

commit d144dfea8af7108f613139623e63952ed7e69c0c upstream.

If we use USB ID pin as wakeup source, and there is a USB block
device on this USB OTG (ID) cable, the system will be deadlock
after system resume.

The root cause for this problem is: the workqueue ci_otg may try
to remove hcd before the driver resume has finished, and hcd will
disconnect the device on it, then, it will call device_release_driver,
and holds the device lock "dev->mutex", but it is never unlocked since
it waits workqueue writeback to run to flush the block information, but
the workqueue writeback is freezable, it is not thawed before driver
resume has finished.

When the driver (device: sd 0:0:0:0:) resume goes to dpm_complete, it
tries to get its device lock "dev->mutex", but it can't get it forever,
then the deadlock occurs. Below call stacks show the situation.

So, in order to fix this problem, we need to change workqueue ci_otg
as freezable, then the work item in this workqueue will be run after
driver's resume, this workqueue will not be blocked forever like above
case since the workqueue writeback has been thawed too.

Tested at: i.mx6qdl-sabresd and i.mx6sx-sdb.

[  555.178869] kworker/u2:13   D c07de74c     0   826      2 0x00000000
[  555.185310] Workqueue: ci_otg ci_otg_work
[  555.189353] Backtrace:
[  555.191849] [<c07de4fc>] (__schedule) from [<c07dec6c>] (schedule+0x48/0xa0)
[  555.198912]  r10:ee471ba0 r9:00000000 r8:00000000 r7:00000002 r6:ee470000 r5:ee471ba4
[  555.206867]  r4:ee470000
[  555.209453] [<c07dec24>] (schedule) from [<c07e2fc4>] (schedule_timeout+0x15c/0x1e0)
[  555.217212]  r4:7fffffff r3:edc2b000
[  555.220862] [<c07e2e68>] (schedule_timeout) from [<c07df6c8>] (wait_for_common+0x94/0x144)
[  555.229140]  r8:00000000 r7:00000002 r6:ee470000 r5:ee471ba4 r4:7fffffff
[  555.235980] [<c07df634>] (wait_for_common) from [<c07df790>] (wait_for_completion+0x18/0x1c)
[  555.244430]  r10:00000001 r9:c0b5563c r8:c0042e48 r7:ef086000 r6:eea4372c r5:ef131b00
[  555.252383]  r4:00000000
[  555.254970] [<c07df778>] (wait_for_completion) from [<c0043cb8>] (flush_work+0x19c/0x234)
[  555.263177] [<c0043b1c>] (flush_work) from [<c0043fac>] (flush_delayed_work+0x48/0x4c)
[  555.271106]  r8:ed5b5000 r7:c0b38a3c r6:eea439cc r5:eea4372c r4:eea4372c
[  555.277958] [<c0043f64>] (flush_delayed_work) from [<c00eae18>] (bdi_unregister+0x84/0xec)
[  555.286236]  r4:eea43520 r3:20000153
[  555.289885] [<c00ead94>] (bdi_unregister) from [<c02c2154>] (blk_cleanup_queue+0x180/0x29c)
[  555.298250]  r5:eea43808 r4:eea43400
[  555.301909] [<c02c1fd4>] (blk_cleanup_queue) from [<c0417914>] (__scsi_remove_device+0x48/0xb8)
[  555.310623]  r7:00000000 r6:20000153 r5:ededa950 r4:ededa800
[  555.316403] [<c04178cc>] (__scsi_remove_device) from [<c0415e90>] (scsi_forget_host+0x64/0x68)
[  555.325028]  r5:ededa800 r4:ed5b5000
[  555.328689] [<c0415e2c>] (scsi_forget_host) from [<c0409828>] (scsi_remove_host+0x78/0x104)
[  555.337054]  r5:ed5b5068 r4:ed5b5000
[  555.340709] [<c04097b0>] (scsi_remove_host) from [<c04cdfcc>] (usb_stor_disconnect+0x50/0xb4)
[  555.349247]  r6:ed5b56e4 r5:ed5b5818 r4:ed5b5690 r3:00000008
[  555.355025] [<c04cdf7c>] (usb_stor_disconnect) from [<c04b3bc8>] (usb_unbind_interface+0x78/0x25c)
[  555.363997]  r8:c13919b4 r7:edd3c000 r6:edd3c020 r5:ee551c68 r4:ee551c00 r3:c04cdf7c
[  555.371892] [<c04b3b50>] (usb_unbind_interface) from [<c03dc248>] (__device_release_driver+0x8c/0x118)
[  555.381213]  r10:00000001 r9:edd90c00 r8:c13919b4 r7:ee551c68 r6:c0b546e0 r5:c0b5563c
[  555.389167]  r4:edd3c020
[  555.391752] [<c03dc1bc>] (__device_release_driver) from [<c03dc2fc>] (device_release_driver+0x28/0x34)
[  555.401071]  r5:edd3c020 r4:edd3c054
[  555.404721] [<c03dc2d4>] (device_release_driver) from [<c03db304>] (bus_remove_device+0xe0/0x110)
[  555.413607]  r5:edd3c020 r4:ef17f04c
[  555.417253] [<c03db224>] (bus_remove_device) from [<c03d8128>] (device_del+0x114/0x21c)
[  555.425270]  r6:edd3c028 r5:edd3c020 r4:ee551c00 r3:00000000
[  555.431045] [<c03d8014>] (device_del) from [<c04b1560>] (usb_disable_device+0xa4/0x1e8)
[  555.439061]  r8:edd3c000 r7:eded8000 r6:00000000 r5:00000001 r4:ee551c00
[  555.445906] [<c04b14bc>] (usb_disable_device) from [<c04a8e54>] (usb_disconnect+0x74/0x224)
[  555.454271]  r9:edd90c00 r8:ee551000 r7:ee551c68 r6:ee551c9c r5:ee551c00 r4:00000001
[  555.462156] [<c04a8de0>] (usb_disconnect) from [<c04a8fb8>] (usb_disconnect+0x1d8/0x224)
[  555.470259]  r10:00000001 r9:edd90000 r8:ee471e2c r7:ee551468 r6:ee55149c r5:ee551400
[  555.478213]  r4:00000001
[  555.480797] [<c04a8de0>] (usb_disconnect) from [<c04ae5ec>] (usb_remove_hcd+0xa0/0x1ac)
[  555.488813]  r10:00000001 r9:ee471eb0 r8:00000000 r7:ef3d9500 r6:eded810c r5:eded80b0
[  555.496765]  r4:eded8000
[  555.499351] [<c04ae54c>] (usb_remove_hcd) from [<c04d4158>] (host_stop+0x28/0x64)
[  555.506847]  r6:eeb50010 r5:eded8000 r4:eeb51010
[  555.511563] [<c04d4130>] (host_stop) from [<c04d09b8>] (ci_otg_work+0xc4/0x124)
[  555.518885]  r6:00000001 r5:eeb50010 r4:eeb502a0 r3:c04d4130
[  555.524665] [<c04d08f4>] (ci_otg_work) from [<c00454f0>] (process_one_work+0x194/0x420)
[  555.532682]  r6:ef086000 r5:eeb502a0 r4:edc44480
[  555.537393] [<c004535c>] (process_one_work) from [<c00457b0>] (worker_thread+0x34/0x514)
[  555.545496]  r10:edc44480 r9:ef086000 r8:c0b1a100 r7:ef086034 r6:00000088 r5:edc44498
[  555.553450]  r4:ef086000
[  555.556032] [<c004577c>] (worker_thread) from [<c004bab4>] (kthread+0xdc/0xf8)
[  555.563268]  r10:00000000 r9:00000000 r8:00000000 r7:c004577c r6:edc44480 r5:eddc15c0
[  555.571221]  r4:00000000
[  555.573804] [<c004b9d8>] (kthread) from [<c000fef0>] (ret_from_fork+0x14/0x24)
[  555.581040]  r7:00000000 r6:00000000 r5:c004b9d8 r4:eddc15c0

[  553.429383] sh              D c07de74c     0   694    691 0x00000000
[  553.435801] Backtrace:
[  553.438295] [<c07de4fc>] (__schedule) from [<c07dec6c>] (schedule+0x48/0xa0)
[  553.445358]  r10:edd3c054 r9:edd3c078 r8:edddbd50 r7:edcbbc00 r6:c1377c34 r5:60000153
[  553.453313]  r4:eddda000
[  553.455896] [<c07dec24>] (schedule) from [<c07deff8>] (schedule_preempt_disabled+0x10/0x14)
[  553.464261]  r4:edd3c058 r3:0000000a
[  553.467910] [<c07defe8>] (schedule_preempt_disabled) from [<c07e0bbc>] (mutex_lock_nested+0x1a0/0x3e8)
[  553.477254] [<c07e0a1c>] (mutex_lock_nested) from [<c03e927c>] (dpm_complete+0xc0/0x1b0)
[  553.485358]  r10:00561408 r9:edd3c054 r8:c0b4863c r7:edddbd90 r6:c0b485d8 r5:edd3c020
[  553.493313]  r4:edd3c0d0
[  553.495896] [<c03e91bc>] (dpm_complete) from [<c03e9388>] (dpm_resume_end+0x1c/0x20)
[  553.503652]  r9:00000000 r8:c0b1a9d0 r7:c1334ec0 r6:c1334edc r5:00000003 r4:00000010
[  553.511544] [<c03e936c>] (dpm_resume_end) from [<c0079894>] (suspend_devices_and_enter+0x158/0x504)
[  553.520604]  r4:00000000 r3:c1334efc
[  553.524250] [<c007973c>] (suspend_devices_and_enter) from [<c0079e74>] (pm_suspend+0x234/0x2cc)
[  553.532961]  r10:00561408 r9:ed6b7300 r8:00000004 r7:c1334eec r6:00000000 r5:c1334ee8
[  553.540914]  r4:00000003
[  553.543493] [<c0079c40>] (pm_suspend) from [<c0078a6c>] (state_store+0x6c/0xc0)

[  555.703684] 7 locks held by kworker/u2:13/826:
[  555.708140]  #0:  ("%s""ci_otg"){++++.+}, at: [<c0045484>] process_one_work+0x128/0x420
[  555.716277]  #1:  ((&ci->work)){+.+.+.}, at: [<c0045484>] process_one_work+0x128/0x420
[  555.724317]  #2:  (usb_bus_list_lock){+.+.+.}, at: [<c04ae5e4>] usb_remove_hcd+0x98/0x1ac
[  555.732626]  #3:  (&dev->mutex){......}, at: [<c04a8e28>] usb_disconnect+0x48/0x224
[  555.740403]  #4:  (&dev->mutex){......}, at: [<c04a8e28>] usb_disconnect+0x48/0x224
[  555.748179]  #5:  (&dev->mutex){......}, at: [<c03dc2f4>] device_release_driver+0x20/0x34
[  555.756487]  #6:  (&shost->scan_mutex){+.+.+.}, at: [<c04097d0>] scsi_remove_host+0x20/0x104

Cc: Jun Li <[hidden email]>
Signed-off-by: Peter Chen <[hidden email]>
Signed-off-by: Greg Kroah-Hartman <[hidden email]>

---
 drivers/usb/chipidea/otg.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/usb/chipidea/otg.c
+++ b/drivers/usb/chipidea/otg.c
@@ -158,7 +158,7 @@ static void ci_otg_work(struct work_stru
 int ci_hdrc_otg_init(struct ci_hdrc *ci)
 {
  INIT_WORK(&ci->work, ci_otg_work);
- ci->wq = create_singlethread_workqueue("ci_otg");
+ ci->wq = create_freezable_workqueue("ci_otg");
  if (!ci->wq) {
  dev_err(ci->dev, "can't create workqueue\n");
  return -ENODEV;


Reply | Threaded
Open this post in threaded view
|

[PATCH 4.4 55/74] ALSA: timer: Fix broken compat timer user status ioctl

Greg KH-4
In reply to this post by Greg KH-4
4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Takashi Iwai <[hidden email]>

commit 3a72494ac2a3bd229db941d51e7efe2f6ccd947b upstream.

The timer user status compat ioctl returned the bogus struct used for
64bit architectures instead of the 32bit one.  This patch addresses
it to return the proper struct.

Signed-off-by: Takashi Iwai <[hidden email]>
Signed-off-by: Greg Kroah-Hartman <[hidden email]>

---
 sound/core/timer_compat.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

--- a/sound/core/timer_compat.c
+++ b/sound/core/timer_compat.c
@@ -70,13 +70,14 @@ static int snd_timer_user_status_compat(
  struct snd_timer_status32 __user *_status)
 {
  struct snd_timer_user *tu;
- struct snd_timer_status status;
+ struct snd_timer_status32 status;
 
  tu = file->private_data;
  if (snd_BUG_ON(!tu->timeri))
  return -ENXIO;
  memset(&status, 0, sizeof(status));
- status.tstamp = tu->tstamp;
+ status.tstamp.tv_sec = tu->tstamp.tv_sec;
+ status.tstamp.tv_nsec = tu->tstamp.tv_nsec;
  status.resolution = snd_timer_resolution(tu->timeri);
  status.lost = tu->timeri->lost;
  status.overrun = tu->overrun;


12345