commit 9e0499d7d30c6a91eb381e604c31519af88737d7 Author: Greg Kroah-Hartman Date: Sat Jul 15 11:58:03 2017 +0200 Linux 4.4.77 commit 52b9815d37fca7d87fc1ff44b4916b4804c8383d Author: Maciej S. Szmigiero Date: Sat Jul 2 20:27:46 2016 -0300 saa7134: fix warm Medion 7134 EEPROM read commit 5a91206ff0d0548939f3e85a65fb76b400fb0e89 upstream. When saa7134 module driving a Medion 7134 card is reloaded reads of this card EEPROM (required for automatic detection of tuner model) will be corrupted due to I2C gate in DVB-T demod being left closed. This sometimes also happens on first saa7134 module load after a warm reboot. Fix this by opening this I2C gate before doing EEPROM read during i2c initialization. Signed-off-by: Maciej S. Szmigiero Signed-off-by: Mauro Carvalho Chehab Cc: Oliver Hartkopp Signed-off-by: Greg Kroah-Hartman commit 646b65808b0da1fb2f72daf4dabdd9bc8e398f49 Author: Mikulas Patocka Date: Tue Jul 4 19:04:23 2017 -0400 x86/mm/pat: Don't report PAT on CPUs that don't support it commit 99c13b8c8896d7bcb92753bf0c63a8de4326e78d upstream. The pat_enabled() logic is broken on CPUs which do not support PAT and where the initialization code fails to call pat_init(). Due to that the enabled flag stays true and pat_enabled() returns true wrongfully. As a consequence the mappings, e.g. for Xorg, are set up with the wrong caching mode and the required MTRR setups are omitted. To cure this the following changes are required: 1) Make pat_enabled() return true only if PAT initialization was invoked and successful. 2) Invoke init_cache_modes() unconditionally in setup_arch() and remove the extra callsites in pat_disable() and the pat disabled code path in pat_init(). Also rename __pat_enabled to pat_disabled to reflect the real purpose of this variable. Fixes: 9cd25aac1f44 ("x86/mm/pat: Emulate PAT when it is disabled") Signed-off-by: Mikulas Patocka Signed-off-by: Thomas Gleixner Cc: Bernhard Held Cc: Denys Vlasenko Cc: Peter Zijlstra Cc: Brian Gerst Cc: "Luis R. Rodriguez" Cc: Borislav Petkov Cc: Andy Lutomirski Cc: Josh Poimboeuf Cc: Andrew Morton Cc: Linus Torvalds Link: http://lkml.kernel.org/r/alpine.LRH.2.02.1707041749300.3456@file01.intranet.prod.int.rdu2.redhat.com Signed-off-by: Greg Kroah-Hartman commit ad5a88c54cd299f3bb2bf53810dd5bb5805369c3 Author: Chao Yu Date: Fri Jun 23 01:08:22 2017 -0400 ext4: check return value of kstrtoull correctly in reserved_clusters_store commit 1ea1516fbbab2b30bf98c534ecaacba579a35208 upstream. kstrtoull returns 0 on success, however, in reserved_clusters_store we will return -EINVAL if kstrtoull returns 0, it makes us fail to update reserved_clusters value through sysfs. Fixes: 76d33bca5581b1dd5c3157fa168db849a784ada4 Signed-off-by: Chao Yu Signed-off-by: Miao Xie Signed-off-by: Theodore Ts'o Signed-off-by: Greg Kroah-Hartman commit cb2bc13d0b556427cb99524aea274b8ddc941130 Author: Ian Abbott Date: Fri Jun 16 19:35:34 2017 +0100 staging: comedi: fix clean-up of comedi_class in comedi_init() commit a9332e9ad09c2644c99058fcf6ae2f355e93ce74 upstream. There is a clean-up bug in the core comedi module initialization functions, `comedi_init()`. If the `comedi_num_legacy_minors` module parameter is non-zero (and valid), it creates that many "legacy" devices and registers them in SysFS. A failure causes the function to clean up and return an error. Unfortunately, it fails to destroy the "comedi" class that was created earlier. Fix it by adding a call to `class_destroy(comedi_class)` at the appropriate place in the clean-up sequence. Signed-off-by: Ian Abbott Signed-off-by: Greg Kroah-Hartman commit 370d06c6b075f3617e957fa697065107df3962b5 Author: Malcolm Priestley Date: Sat Apr 29 13:03:44 2017 +0100 staging: vt6556: vnt_start Fix missing call to vnt_key_init_table. commit dc32190f2cd41c7dba25363ea7d618d4f5172b4e upstream. The key table is not intialized correctly without this call. Signed-off-by: Malcolm Priestley Signed-off-by: Greg Kroah-Hartman commit 627f3abeeac1354a4b15eaf0f22b8ffb901029cb Author: Neal Cardwell Date: Mon Jan 25 14:01:53 2016 -0800 tcp: fix tcp_mark_head_lost to check skb len before fragmenting commit d88270eef4b56bd7973841dd1fed387ccfa83709 upstream. This commit fixes a corner case in tcp_mark_head_lost() which was causing the WARN_ON(len > skb->len) in tcp_fragment() to fire. tcp_mark_head_lost() was assuming that if a packet has tcp_skb_pcount(skb) of N, then it's safe to fragment off a prefix of M*mss bytes, for any M < N. But with the tricky way TCP pcounts are maintained, this is not always true. For example, suppose the sender sends 4 1-byte packets and have the last 3 packet sacked. It will merge the last 3 packets in the write queue into an skb with pcount = 3 and len = 3 bytes. If another recovery happens after a sack reneging event, tcp_mark_head_lost() may attempt to split the skb assuming it has more than 2*MSS bytes. This sounds very counterintuitive, but as the commit description for the related commit c0638c247f55 ("tcp: don't fragment SACKed skbs in tcp_mark_head_lost()") notes, this is because tcp_shifted_skb() coalesces adjacent regions of SACKed skbs, and when doing this it preserves the sum of their packet counts in order to reflect the real-world dynamics on the wire. The c0638c247f55 commit tried to avoid problems by not fragmenting SACKed skbs, since SACKed skbs are where the non-proportionality between pcount and skb->len/mss is known to be possible. However, that commit did not handle the case where during a reneging event one of these weird SACKed skbs becomes an un-SACKed skb, which tcp_mark_head_lost() can then try to fragment. The fix is to simply mark the entire skb lost when this happens. This makes the recovery slightly more aggressive in such corner cases before we detect reordering. But once we detect reordering this code path is by-passed because FACK is disabled. Signed-off-by: Neal Cardwell Signed-off-by: Yuchung Cheng Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller Cc: Vinson Lee Signed-off-by: Greg Kroah-Hartman commit ff62c63109d9a10fa9cb34bcf933fc2ce89dfdaa Author: Jason Yan Date: Fri Mar 10 11:27:23 2017 +0800 md: fix super_offset endianness in super_1_rdev_size_change commit 3fb632e40d7667d8bedfabc28850ac06d5493f54 upstream. The sb->super_offset should be big-endian, but the rdev->sb_start is in host byte order, so fix this by adding cpu_to_le64. Signed-off-by: Jason Yan Signed-off-by: Shaohua Li Signed-off-by: Greg Kroah-Hartman commit e20894aad9e875e4aec2c73e7badcd440f02cde4 Author: Jason Yan Date: Fri Mar 10 11:49:12 2017 +0800 md: fix incorrect use of lexx_to_cpu in does_sb_need_changing commit 1345921393ba23b60d3fcf15933e699232ad25ae upstream. The sb->layout is of type __le32, so we shoud use le32_to_cpu. Signed-off-by: Jason Yan Signed-off-by: Shaohua Li Signed-off-by: Greg Kroah-Hartman commit 2b4f81fb56cf7044278fc0e6c46351ac3da94148 Author: Arnaldo Carvalho de Melo Date: Fri Apr 8 11:53:02 2016 -0300 perf tools: Use readdir() instead of deprecated readdir_r() again commit 22a9f41b555673e7499b97acf3ffb07bf0af31ad upstream. The readdir() function is thread safe as long as just one thread uses a DIR, which is the case when parsing tracepoint event definitions, to avoid breaking the build with glibc-2.23.90 (upcoming 2.24), use it instead of readdir_r(). See: http://man7.org/linux/man-pages/man3/readdir.3.html "However, in modern implementations (including the glibc implementation), concurrent calls to readdir() that specify different directory streams are thread-safe. In cases where multiple threads must read from the same directory stream, using readdir() with external synchronization is still preferable to the use of the deprecated readdir_r(3) function." Noticed while building on a Fedora Rawhide docker container. Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-wddn49r6bz6wq4ee3dxbl7lo@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Greg Kroah-Hartman commit c04b8bbd64be97047d277c871f82d79f03375718 Author: Markus Trippelsdorf Date: Mon Dec 14 16:43:35 2015 +0100 perf tests: Remove wrong semicolon in while loop in CQM test commit cf89813a5b514bff9b3b5e7eaf2090f22fba62e0 upstream. The while loop was spinning. Fix by removing a semicolon. The issue was pointed out by gcc-6's -Wmisleading-indentation. Signed-off-by: Markus Trippelsdorf Reviewed-by: Matt Fleming Acked-by: Ingo Molnar Cc: Ben Hutchings Cc: Peter Zijlstra Fixes: 035827e9f2bd ("perf tests: Add Intel CQM test") Link: http://lkml.kernel.org/r/20151214154335.GA1409@x4 Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Greg Kroah-Hartman commit 1991cbd2c4862abb34d2ae86cd768fb5a3ed47f7 Author: Arnaldo Carvalho de Melo Date: Wed Mar 30 16:51:17 2016 -0300 perf trace: Do not process PERF_RECORD_LOST twice commit 3ed5ca2efff70e9f589087c2013789572901112d upstream. We catch this record to provide a visual indication that events are getting lost, then call the default method to allow extra logging shared with the other tools to take place. This extra logging was done twice because we were continuing to the "default" clause where machine__process_event() will end up calling machine__process_lost_event() again, fix it. Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-wus2zlhw3qo24ye84ewu4aqw@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Greg Kroah-Hartman commit 5a25a08ad5e68792f32da5c934fe5f50a6791a20 Author: Arnaldo Carvalho de Melo Date: Fri Apr 8 12:04:29 2016 -0300 perf dwarf: Guard !x86_64 definitions under #ifdef else clause commit 62aa0e177d278462145a29c30d3c8501ae57e200 upstream. To fix the build on Fedora Rawhide (gcc 6.0.0 20160311 (Red Hat 6.0.0-0.17): CC /tmp/build/perf/arch/x86/util/dwarf-regs.o arch/x86/util/dwarf-regs.c:66:36: error: 'x86_32_regoffset_table' defined but not used [-Werror=unused-const-variable=] static const struct pt_regs_offset x86_32_regoffset_table[] = { ^~~~~~~~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-fghuksc1u8ln82bof4lwcj0o@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Greg Kroah-Hartman commit 300d4fea8de01d33001c08268b890923f2d2e68b Author: Markus Trippelsdorf Date: Mon Dec 14 16:44:40 2015 +0100 perf pmu: Fix misleadingly indented assignment (whitespace) commit d85ce830eef6c10d1e9617172dea4681f02b8424 upstream. One line in perf_pmu__parse_unit() is indented wrongly, leading to a warning (=> error) from gcc 6: util/pmu.c:156:3: error: statement is indented as if it were guarded by... [-Werror=misleading-indentation] sret = read(fd, alias->unit, UNIT_MAX_LEN); ^~~~ util/pmu.c:153:2: note: ...this 'if' clause, but it is not if (fd == -1) ^~ Signed-off-by: Markus Trippelsdorf Acked-by: Ingo Molnar Cc: Ben Hutchings Cc: Matt Fleming Cc: Peter Zijlstra Fixes: 410136f5dd96 ("tools/perf/stat: Add event unit and scale support") Link: http://lkml.kernel.org/r/20151214154440.GC1409@x4 Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Greg Kroah-Hartman commit 0ba2f070bf4556b732633591c3a38f0248a8c3ec Author: Markus Trippelsdorf Date: Mon Dec 14 16:44:03 2015 +0100 perf annotate browser: Fix behaviour of Shift-Tab with nothing focussed commit d4913cbd05bab685e49c8174896e563b2487d054 upstream. The issue was pointed out by gcc-6's -Wmisleading-indentation. Signed-off-by: Markus Trippelsdorf Acked-by: Ingo Molnar Cc: Ben Hutchings Cc: Matt Fleming Cc: Peter Zijlstra Fixes: c97cf42219b7 ("perf top: Live TUI Annotation") Link: http://lkml.kernel.org/r/20151214154403.GB1409@x4 Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Greg Kroah-Hartman commit 0717b5dfab93ea418a9ab9ea49177a65b957d7cf Author: Eric Engestrom Date: Mon Apr 25 10:47:54 2016 +0100 perf tools: Remove duplicate const qualifier commit 3b556bced46aa6b1873da7faa18eff235e896adc upstream. Signed-off-by: Eric Engestrom Cc: Adrian Hunter Cc: David Ahern Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1461577678-29517-1-git-send-email-eric.engestrom@imgtec.com Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Greg Kroah-Hartman commit c7b8d98bff822922ae0fa579c7fbdf07903bcad1 Author: Arnaldo Carvalho de Melo Date: Fri Apr 8 11:25:59 2016 -0300 perf script: Use readdir() instead of deprecated readdir_r() commit a5e8e825bd1704c488bf6a46936aaf3b9f203d6a upstream. The readdir() function is thread safe as long as just one thread uses a DIR, which is the case in 'perf script', so, to avoid breaking the build with glibc-2.23.90 (upcoming 2.24), use it instead of readdir_r(). See: http://man7.org/linux/man-pages/man3/readdir.3.html "However, in modern implementations (including the glibc implementation), concurrent calls to readdir() that specify different directory streams are thread-safe. In cases where multiple threads must read from the same directory stream, using readdir() with external synchronization is still preferable to the use of the deprecated readdir_r(3) function." Noticed while building on a Fedora Rawhide docker container. Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-mt3xz7n2hl49ni2vx7kuq74g@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Greg Kroah-Hartman commit 56e75cee2af34900e60656a5b727640bbb5135f1 Author: Arnaldo Carvalho de Melo Date: Fri Apr 8 11:31:24 2016 -0300 perf thread_map: Use readdir() instead of deprecated readdir_r() commit 3354cf71104de49326d19d2f9bdb1f66eea52ef4 upstream. The readdir() function is thread safe as long as just one thread uses a DIR, which is the case in thread_map, so, to avoid breaking the build with glibc-2.23.90 (upcoming 2.24), use it instead of readdir_r(). See: http://man7.org/linux/man-pages/man3/readdir.3.html "However, in modern implementations (including the glibc implementation), concurrent calls to readdir() that specify different directory streams are thread-safe. In cases where multiple threads must read from the same directory stream, using readdir() with external synchronization is still preferable to the use of the deprecated readdir_r(3) function." Noticed while building on a Fedora Rawhide docker container. Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-del8h2a0f40z75j4r42l96l0@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Greg Kroah-Hartman commit 055ce585a864a999f6c22c2af75c424122c2ee1a Author: Arnaldo Carvalho de Melo Date: Fri Apr 8 11:32:15 2016 -0300 perf tools: Use readdir() instead of deprecated readdir_r() commit 7093b4c963cc4e344e490c774924a180602a7092 upstream. The readdir() function is thread safe as long as just one thread uses a DIR, which is the case when synthesizing events for pre-existing threads by traversing /proc, so, to avoid breaking the build with glibc-2.23.90 (upcoming 2.24), use it instead of readdir_r(). See: http://man7.org/linux/man-pages/man3/readdir.3.html "However, in modern implementations (including the glibc implementation), concurrent calls to readdir() that specify different directory streams are thread-safe. In cases where multiple threads must read from the same directory stream, using readdir() with external synchronization is still preferable to the use of the deprecated readdir_r(3) function." Noticed while building on a Fedora Rawhide docker container. CC /tmp/build/perf/util/event.o util/event.c: In function '__event__synthesize_thread': util/event.c:466:2: error: 'readdir_r' is deprecated [-Werror=deprecated-declarations] while (!readdir_r(tasks, &dirent, &next) && next) { ^~~~~ In file included from /usr/include/features.h:368:0, from /usr/include/stdint.h:25, from /usr/lib/gcc/x86_64-redhat-linux/6.0.0/include/stdint.h:9, from /git/linux/tools/include/linux/types.h:6, from util/event.c:1: /usr/include/dirent.h:189:12: note: declared here Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-i1vj7nyjp2p750rirxgrfd3c@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Greg Kroah-Hartman commit 144eb3e8e4d938a3c0f341a7b10b035b3d63595c Author: Arnaldo Carvalho de Melo Date: Thu Feb 9 14:39:42 2017 -0300 perf bench numa: Avoid possible truncation when using snprintf() commit 3aff8ba0a4c9c9191bb788171a1c54778e1246a2 upstream. Addressing this warning from gcc 7: CC /tmp/build/perf/bench/numa.o bench/numa.c: In function '__bench_numa': bench/numa.c:1582:42: error: '%d' directive output may be truncated writing between 1 and 10 bytes into a region of size between 8 and 17 [-Werror=format-truncation=] snprintf(tname, 32, "process%d:thread%d", p, t); ^~ bench/numa.c:1582:25: note: directive argument in the range [0, 2147483647] snprintf(tname, 32, "process%d:thread%d", p, t); ^~~~~~~~~~~~~~~~~~~~ In file included from /usr/include/stdio.h:939:0, from bench/../util/util.h:47, from bench/../builtin.h:4, from bench/numa.c:11: /usr/include/bits/stdio2.h:64:10: note: '__builtin___snprintf_chk' output between 17 and 35 bytes into a destination of size 32 return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ __bos (__s), __fmt, __va_arg_pack ()); ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Petr Holasek Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-twa37vsfqcie5gwpqwnjuuz9@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Greg Kroah-Hartman commit fb3c230b7ec28fc540e210e16e0b40bcff441b16 Author: Arnaldo Carvalho de Melo Date: Thu Feb 9 14:48:46 2017 -0300 perf tests: Avoid possible truncation with dirent->d_name + snprintf commit 2e2bbc039fad9eabad6c4c1a473c8b2554cdd2d4 upstream. Addressing a few cases spotted by a new warning in gcc 7: tests/parse-events.c: In function 'test_pmu_events': tests/parse-events.c:1790:39: error: '%s' directive output may be truncated writing up to 255 bytes into a region of size 90 [-Werror=format-truncation=] snprintf(name, MAX_NAME, "cpu/event=%s/u", ent->d_name); ^~ In file included from /usr/include/stdio.h:939:0, from /git/linux/tools/perf/util/map.h:9, from /git/linux/tools/perf/util/symbol.h:7, from /git/linux/tools/perf/util/evsel.h:10, from tests/parse-events.c:3: /usr/include/bits/stdio2.h:64:10: note: '__builtin___snprintf_chk' output between 13 and 268 bytes into a destination of size 100 return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ __bos (__s), __fmt, __va_arg_pack ()); ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ tests/parse-events.c:1798:29: error: '%s' directive output may be truncated writing up to 255 bytes into a region of size 100 [-Werror=format-truncation=] snprintf(name, MAX_NAME, "%s:u,cpu/event=%s/u", ent->d_name, ent->d_name); Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Fixes: 945aea220bb8 ("perf tests: Move test objects into 'tests' directory") Link: http://lkml.kernel.org/n/tip-ty4q2p8zp1dp3mskvubxskm5@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Greg Kroah-Hartman commit 071ca0bcf337e4c058bc9844a4aa6fe1b67b612b Author: Wang YanQing Date: Sun Feb 12 10:46:55 2017 +0800 perf scripting perl: Fix compile error with some perl5 versions commit d7dd112ea5cacf91ae72c0714c3b911eb6016fea upstream. Fix below compile error: CC util/scripting-engines/trace-event-perl.o In file included from /usr/lib/perl5/5.22.2/i686-linux/CORE/perl.h:5673:0, from util/scripting-engines/trace-event-perl.c:31: /usr/lib/perl5/5.22.2/i686-linux/CORE/inline.h: In function 'S__is_utf8_char_slow': /usr/lib/perl5/5.22.2/i686-linux/CORE/inline.h:270:5: error: nested extern declaration of 'Perl___notused' [-Werror=nested-externs] dTHX; /* The function called below requires thread context */ ^ cc1: all warnings being treated as errors After digging perl5 repository, I find out that we will meet this compile error with perl from v5.21.1 to v5.25.4 Signed-off-by: Wang YanQing Acked-by: Jiri Olsa Link: http://lkml.kernel.org/r/20170212024655.GA15997@udknight Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Greg Kroah-Hartman commit c9cf7ce0bbc4e9184ac656c5fe3be99ae16655df Author: Arnaldo Carvalho de Melo Date: Wed Feb 8 17:01:46 2017 -0300 perf thread_map: Correctly size buffer used with dirent->dt_name commit bdf23a9a190d7ecea092fd5c4aabb7d4bd0a9980 upstream. The size of dirent->dt_name is NAME_MAX + 1, but the size for the 'path' buffer is hard coded at 256, which may truncate it because we also prepend "/proc/", so that all that into account and thank gcc 7 for this warning: /git/linux/tools/perf/util/thread_map.c: In function 'thread_map__new_by_uid': /git/linux/tools/perf/util/thread_map.c:119:39: error: '%s' directive output may be truncated writing up to 255 bytes into a region of size 250 [-Werror=format-truncation=] snprintf(path, sizeof(path), "/proc/%s", dirent->d_name); ^~ In file included from /usr/include/stdio.h:939:0, from /git/linux/tools/perf/util/thread_map.c:5: /usr/include/bits/stdio2.h:64:10: note: '__builtin___snprintf_chk' output between 7 and 262 bytes into a destination of size 256 return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ __bos (__s), __fmt, __va_arg_pack ()); ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-csy0r8zrvz5efccgd4k12c82@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Greg Kroah-Hartman commit e5a9078a8e0e50681210b08ecfd67b53ca0262f7 Author: Arnaldo Carvalho de Melo Date: Thu Feb 9 15:22:22 2017 -0300 perf intel-pt: Use __fallthrough commit 7ea6856d6f5629d742edc23b8b76e6263371ef45 upstream. To address new warnings emmited by gcc 7, e.g.:: CC /tmp/build/perf/util/intel-pt-decoder/intel-pt-pkt-decoder.o CC /tmp/build/perf/tests/parse-events.o util/intel-pt-decoder/intel-pt-pkt-decoder.c: In function 'intel_pt_pkt_desc': util/intel-pt-decoder/intel-pt-pkt-decoder.c:499:6: error: this statement may fall through [-Werror=implicit-fallthrough=] if (!(packet->count)) ^ util/intel-pt-decoder/intel-pt-pkt-decoder.c:501:2: note: here case INTEL_PT_CYC: ^~~~ CC /tmp/build/perf/util/intel-pt-decoder/intel-pt-decoder.o cc1: all warnings being treated as errors Acked-by: Andi Kleen Cc: Adrian Hunter Cc: Alexander Shishkin Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-mf0hw789pu9x855us5l32c83@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Greg Kroah-Hartman commit 0586f5cd419596674ec015174c8b1055008e4243 Author: Arnaldo Carvalho de Melo Date: Wed Feb 8 17:01:46 2017 -0300 perf top: Use __fallthrough commit 7b0214b702ad8e124e039a317beeebb3f020d125 upstream. The implicit fall through case label here is intended, so let us inform that to gcc >= 7: CC /tmp/build/perf/builtin-top.o builtin-top.c: In function 'display_thread': builtin-top.c:644:7: error: this statement may fall through [-Werror=implicit-fallthrough=] if (errno == EINTR) ^ builtin-top.c:647:3: note: here default: ^~~~~~~ Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-lmcfnnyx9ic0m6j0aud98p4e@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Greg Kroah-Hartman commit 1ca0a40980050023aca49c96764bb30de36111db Author: Arnaldo Carvalho de Melo Date: Wed Feb 8 17:01:46 2017 -0300 tools strfilter: Use __fallthrough commit d64b721d27aef3fbeb16ecda9dd22ee34818ff70 upstream. The implicit fall through case label here is intended, so let us inform that to gcc >= 7: util/strfilter.c: In function 'strfilter_node__sprint': util/strfilter.c:270:6: error: this statement may fall through [-Werror=implicit-fallthrough=] if (len < 0) ^ util/strfilter.c:272:2: note: here case '!': ^~~~ cc1: all warnings being treated as errors Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-z2dpywg7u8fim000hjfbpyfm@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Greg Kroah-Hartman commit 57a4c2504b77b7223934a78e67a7de18fb2c1fc6 Author: Arnaldo Carvalho de Melo Date: Wed Feb 8 17:01:46 2017 -0300 tools string: Use __fallthrough in perf_atoll() commit 94bdd5edb34e472980d1e18b4600d6fb92bd6b0a upstream. The implicit fall through case label here is intended, so let us inform that to gcc >= 7: CC /tmp/build/perf/util/string.o util/string.c: In function 'perf_atoll': util/string.c:22:7: error: this statement may fall through [-Werror=implicit-fallthrough=] if (*p) ^ util/string.c:24:3: note: here case '\0': ^~~~ Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-0ophb30v9apkk6o95el0rqlq@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Greg Kroah-Hartman commit e1b7b00a1bd575d37919780a2694622019c028f2 Author: Arnaldo Carvalho de Melo Date: Wed Feb 8 17:01:46 2017 -0300 tools include: Add a __fallthrough statement commit b5bf1733d6a391c4e90ea8f8468d83023be74a2a upstream. For cases where implicit fall through case labels are intended, to let us inform that to gcc >= 7: CC /tmp/build/perf/util/string.o util/string.c: In function 'perf_atoll': util/string.c:22:7: error: this statement may fall through [-Werror=implicit-fallthrough=] if (*p) ^ util/string.c:24:3: note: here case '\0': ^~~~ So we introduce: #define __fallthrough __attribute__ ((fallthrough)) And use it in such cases. Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Cc: William Cohen Link: http://lkml.kernel.org/n/tip-qnpig0xfop4hwv6k4mv1wts5@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Greg Kroah-Hartman commit 034e10b4f8348c2c267e491d1e2872023c35f310 Author: Cong Wang Date: Sun Jul 9 13:19:55 2017 -0700 mqueue: fix a use-after-free in sys_mq_notify() commit f991af3daabaecff34684fd51fac80319d1baad1 upstream. The retry logic for netlink_attachskb() inside sys_mq_notify() is nasty and vulnerable: 1) The sock refcnt is already released when retry is needed 2) The fd is controllable by user-space because we already release the file refcnt so we when retry but the fd has been just closed by user-space during this small window, we end up calling netlink_detachskb() on the error path which releases the sock again, later when the user-space closes this socket a use-after-free could be triggered. Setting 'sock' to NULL here should be sufficient to fix it. Reported-by: GeneBlue Signed-off-by: Cong Wang Cc: Andrew Morton Cc: Manfred Spraul Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 5fd2bba08c17c30d74b26a8b9f6ce67026b254b4 Author: Boris Pismenny Date: Tue Jun 27 15:09:13 2017 +0300 RDMA/uverbs: Check port number supplied by user verbs cmds commit 5ecce4c9b17bed4dc9cb58bfb10447307569b77b upstream. The ib_uverbs_create_ah() ind ib_uverbs_modify_qp() calls receive the port number from user input as part of its attributes and assumes it is valid. Down on the stack, that parameter is used to access kernel data structures. If the value is invalid, the kernel accesses memory it should not. To prevent this, verify the port number before using it. BUG: KASAN: use-after-free in ib_uverbs_create_ah+0x6d5/0x7b0 Read of size 4 at addr ffff880018d67ab8 by task syz-executor/313 BUG: KASAN: slab-out-of-bounds in modify_qp.isra.4+0x19d0/0x1ef0 Read of size 4 at addr ffff88006c40ec58 by task syz-executor/819 Fixes: 67cdb40ca444 ("[IB] uverbs: Implement more commands") Cc: Yevgeny Kliteynik Cc: Tziporet Koren Cc: Alex Polak Signed-off-by: Boris Pismenny Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford Signed-off-by: Greg Kroah-Hartman commit 92e90c20dc38fe01e817b537c59182ea1ec03b16 Author: Dan Carpenter Date: Thu Feb 9 17:17:52 2017 +0000 KEYS: Fix an error code in request_master_key() commit 57cb17e764ba0aaa169d07796acce54ccfbc6cae upstream. This function has two callers and neither are able to handle a NULL return. Really, -EINVAL is the correct thing return here anyway. This fixes some static checker warnings like: security/keys/encrypted-keys/encrypted.c:709 encrypted_key_decrypt() error: uninitialized symbol 'master_key'. Fixes: 7e70cb497850 ("keys: add new key-type encrypted") Signed-off-by: Dan Carpenter Acked-by: Mimi Zohar Signed-off-by: James Morris Signed-off-by: Greg Kroah-Hartman commit 483b1c69655d61a4c15648cf96011cfb20aa2000 Author: Bartosz Markowski Date: Thu Dec 15 11:23:22 2016 +0200 ath10k: override CE5 config for QCA9377 commit b08b5b53a1ed2bd7a883f8fd29232c8f03604671 upstream. Similarly to QCA6174, QCA9377 requires the CE5 configuration to be available for other feature. Use the ath10k_pci_override_ce_config() for it as well. This is required for TF2.0 firmware. Previous FW revisions were working fine without this patch. Fixes: a70587b3389a ("ath10k: configure copy engine 5 for HTT messages") Signed-off-by: Bartosz Markowski Signed-off-by: Kalle Valo Signed-off-by: Greg Kroah-Hartman commit e47e717666408553b5b057a515b33ba6c4a3d2ca Author: Paolo Abeni Date: Thu Jun 29 15:55:58 2017 +0200 x86/uaccess: Optimize copy_user_enhanced_fast_string() for short strings commit 236222d39347e0e486010f10c1493e83dbbdfba8 upstream. According to the Intel datasheet, the REP MOVSB instruction exposes a pretty heavy setup cost (50 ticks), which hurts short string copy operations. This change tries to avoid this cost by calling the explicit loop available in the unrolled code for strings shorter than 64 bytes. The 64 bytes cutoff value is arbitrary from the code logic point of view - it has been selected based on measurements, as the largest value that still ensures a measurable gain. Micro benchmarks of the __copy_from_user() function with lengths in the [0-63] range show this performance gain (shorter the string, larger the gain): - in the [55%-4%] range on Intel Xeon(R) CPU E5-2690 v4 - in the [72%-9%] range on Intel Core i7-4810MQ Other tested CPUs - namely Intel Atom S1260 and AMD Opteron 8216 - show no difference, because they do not expose the ERMS feature bit. Signed-off-by: Paolo Abeni Acked-by: Linus Torvalds Cc: Alan Cox Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Hannes Frederic Sowa Cc: Josh Poimboeuf Cc: Kees Cook Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/4533a1d101fd460f80e21329a34928fad521c1d4.1498744345.git.pabeni@redhat.com [ Clarified the changelog. ] Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman Signed-off-by: Mel Gorman commit 0214a8ca61e2e26c488ec6c0a5f4de91063681a2 Author: Markus Trippelsdorf Date: Thu Dec 15 13:45:13 2016 +0100 x86/tools: Fix gcc-7 warning in relocs.c commit 7ebb916782949621ff6819acf373a06902df7679 upstream. gcc-7 warns: In file included from arch/x86/tools/relocs_64.c:17:0: arch/x86/tools/relocs.c: In function ‘process_64’: arch/x86/tools/relocs.c:953:2: warning: argument 1 null where non-null expected [-Wnonnull] qsort(r->offset, r->count, sizeof(r->offset[0]), cmp_relocs); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from arch/x86/tools/relocs.h:6:0, from arch/x86/tools/relocs_64.c:1: /usr/include/stdlib.h:741:13: note: in a call to function ‘qsort’ declared here extern void qsort This happens because relocs16 is not used for ELF_BITS == 64, so there is no point in trying to sort it. Make the sort_relocs(&relocs16) call 32bit only. Signed-off-by: Markus Trippelsdorf Link: http://lkml.kernel.org/r/20161215124513.GA289@x4 Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman commit e952c291df099fe71d3d1737c68063734907f418 Author: Andreas Gruenbacher Date: Fri Jul 7 13:22:05 2017 -0500 gfs2: Fix glock rhashtable rcu bug commit 961ae1d83d055a4b9ebbfb4cc8ca62ec1a7a3b74 upstream. Before commit 88ffbf3e03 "GFS2: Use resizable hash table for glocks", glocks were freed via call_rcu to allow reading the glock hashtable locklessly using rcu. This was then changed to free glocks immediately, which made reading the glock hashtable unsafe. Bring back the original code for freeing glocks via call_rcu. Signed-off-by: Andreas Gruenbacher Signed-off-by: Bob Peterson Signed-off-by: Greg Kroah-Hartman commit ac12d6abed6cf495908c896b1c4357a906cc7303 Author: Bjørn Mork Date: Tue Jun 13 19:11:42 2017 +0200 USB: serial: qcserial: new Sierra Wireless EM7305 device ID commit 996fab55d864ed604158f71724ff52db1c2454a3 upstream. A new Sierra Wireless EM7305 device ID used in a Toshiba laptop. Reported-by: Petr Kloc Signed-off-by: Bjørn Mork Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman commit 1a04853de06986936ca6853dbfbe9152e928a0a0 Author: Johan Hovold Date: Mon Jun 12 16:30:16 2017 +0200 USB: serial: option: add two Longcheer device ids commit 8fb060da715ad10fe956d7c0077b2fb0c12bb9d7 upstream. Add two Longcheer device-id entries which specifically enables a Telewell TW-3G HSPA+ branded modem (0x9801). Reported-by: Teemu Likonen Reported-by: Bjørn Mork Reported-by: Lars Melin Tested-by: Teemu Likonen Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman commit 174ddbcc69e239481ba43799a2e6118dbbbf2016 Author: Geert Uytterhoeven Date: Thu Mar 9 19:20:48 2017 +0100 pinctrl: sh-pfc: Update info pointer after SoC-specific init commit 3091ae775fae17084013021d01513bc1ad274e6a upstream. Update the sh_pfc_soc_info pointer after calling the SoC-specific initialization function, as it may have been updated to e.g. handle different SoC revisions. This makes sure the correct subdriver name is printed later. Fixes: 0c151062f32c9db8 ("sh-pfc: Add support for SoC-specific initialization") Signed-off-by: Geert Uytterhoeven Signed-off-by: Greg Kroah-Hartman commit 45424528a184f8d3b698268db4bb58eaa52cbd6f Author: Uwe Kleine-König Date: Thu May 18 11:23:55 2017 +0200 pinctrl: mxs: atomically switch mux and drive strength config commit da6c2addf66d7ff7d0b090d6267d4292f951e4e6 upstream. To set the mux mode of a pin two bits must be set. Up to now this is implemented using the following idiom: writel(mask, reg + CLR); writel(value, reg + SET); . This however results in the mux mode being 0 between the two writes. On my machine there is an IC's reset pin connected to LCD_D20. The bootloader configures this pin as GPIO output-high (i.e. not holding the IC in reset). When Linux reconfigures the pin to GPIO the short time LCD_D20 is muxed as LCD_D20 instead of GPIO_1_20 is enough to confuse the connected IC. The same problem is present for the pin's drive strength setting which is reset to low drive strength before using the right value. So instead of relying on the hardware to modify the register setting using two writes implement the bit toggling using read-modify-write. Fixes: 17723111e64f ("pinctrl: add pinctrl-mxs support") Signed-off-by: Uwe Kleine-König Acked-by: Shawn Guo Signed-off-by: Linus Walleij Signed-off-by: Greg Kroah-Hartman commit 79565741fce0e70e5b208125adf331f26839ad37 Author: Chen-Yu Tsai Date: Mon May 22 14:25:49 2017 +0800 pinctrl: sunxi: Fix SPDIF function name for A83T commit 7903d4f5e1dec53963cba9b1bc472a76a3532e07 upstream. We use well known standard names for functions that have name, such as I2C, SPI, SPDIF, etc.. Fix the function name of SPDIF, which was named OWA (One Wire Audio) based on Allwinner datasheets. Fixes: 4730f33f0d82 ("pinctrl: sunxi: add allwinner A83T PIO controller support") Signed-off-by: Chen-Yu Tsai Acked-by: Maxime Ripard Signed-off-by: Linus Walleij Signed-off-by: Greg Kroah-Hartman commit 3c4720871bdd48645d831cdc5619a7282cfaa0de Author: Martin Blumenstingl Date: Sat Apr 1 15:59:21 2017 +0200 pinctrl: meson: meson8b: fix the NAND DQS pins commit 97ba26b8a9343008504d4e3a87d212bc07b05212 upstream. The nand_groups table uses different names for the NAND DQS pins than the GROUP() definition in meson8b_cbus_groups (nand_dqs_0 vs nand_dqs0). This prevents using the NAND DQS pins in the devicetree. Fix this by ensuring that the GROUP() definition and the meson8b_cbus_groups use the same name for these pins. Fixes: 0fefcb6876d0 ("pinctrl: Add support for Meson8b") Signed-off-by: Martin Blumenstingl Acked-by: Kevin Hilman Signed-off-by: Linus Walleij Signed-off-by: Greg Kroah-Hartman commit 5d030f597f4728776b98337bd639fe4638386b78 Author: Sergei Shtylyov Date: Thu Mar 30 23:20:48 2017 +0300 pinctrl: sh-pfc: r8a7791: Fix SCIF2 pinmux data commit 58439280f84e6b39fd7d61f25ab30489c1aaf0a9 upstream. PINMUX_IPSR_MSEL() macro invocation for the TX2 signal has apparently wrong 1st argument -- most probably a result of cut&paste programming... Fixes: 508845196238 ("pinctrl: sh-pfc: r8a7791 PFC support") Signed-off-by: Sergei Shtylyov Signed-off-by: Geert Uytterhoeven Signed-off-by: Greg Kroah-Hartman commit a2148222e3751fe2e02c71533dced8f030e94295 Author: Liping Zhang Date: Fri Apr 7 23:51:07 2017 +0800 sysctl: report EINVAL if value is larger than UINT_MAX for proc_douintvec commit 425fffd886bae3d127a08fa6a17f2e31e24ed7ff upstream. Currently, inputting the following command will succeed but actually the value will be truncated: # echo 0x12ffffffff > /proc/sys/net/ipv4/tcp_notsent_lowat This is not friendly to the user, so instead, we should report error when the value is larger than UINT_MAX. Fixes: e7d316a02f68 ("sysctl: handle error writing UINT_MAX to u32 fields") Signed-off-by: Liping Zhang Cc: Subash Abhinov Kasiviswanathan Cc: Andrew Morton Cc: Eric W. Biederman Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit e8505e6432c2eb7296d9c7724146d1ba1966a040 Author: Liping Zhang Date: Fri Apr 7 23:51:06 2017 +0800 sysctl: don't print negative flag for proc_douintvec commit 5380e5644afbba9e3d229c36771134976f05c91e upstream. I saw some very confusing sysctl output on my system: # cat /proc/sys/net/core/xfrm_aevent_rseqth -2 # cat /proc/sys/net/core/xfrm_aevent_etime -10 # cat /proc/sys/net/ipv4/tcp_notsent_lowat -4294967295 Because we forget to set the *negp flag in proc_douintvec, so it will become a garbage value. Since the value related to proc_douintvec is always an unsigned integer, so we can set *negp to false explictily to fix this issue. Fixes: e7d316a02f68 ("sysctl: handle error writing UINT_MAX to u32 fields") Signed-off-by: Liping Zhang Cc: Subash Abhinov Kasiviswanathan Cc: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 2e42225b85ee59e3fea83895256386c1544adfa6 Author: Thomas Gleixner Date: Sat Feb 25 10:27:37 2017 +0000 mac80211_hwsim: Replace bogus hrtimer clockid commit 8fbcfeb8a9cc803464d6c166e7991913711c612c upstream. mac80211_hwsim initializes a hrtimer with clockid CLOCK_MONOTONIC_RAW. That's not supported. Use CLOCK_MONOTONIC instead. Signed-off-by: Thomas Gleixner Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman commit 93f526ffe8ae1e870d511aa574e7b4670255124b Author: Benjamin Herrenschmidt Date: Tue Jun 13 16:01:13 2017 +1000 usb: Fix typo in the definition of Endpoint[out]Request commit 7cf916bd639bd26db7214f2205bccdb4b9306256 upstream. The current definition is wrong. This breaks my upcoming Aspeed virtual hub driver. Signed-off-by: Benjamin Herrenschmidt Acked-by: Alan Stern Signed-off-by: Greg Kroah-Hartman commit c6bf62a36175fceeb4b83caf8791cd1085aeb9cc Author: Michael Grzeschik Date: Mon May 22 13:02:44 2017 +0200 usb: usbip: set buffer pointers to NULL after free commit b3b51417d0af63fb9a06662dc292200aed9ea53f upstream. The usbip stack dynamically allocates the transfer_buffer and setup_packet of each urb that got generated by the tcp to usb stub code. As these pointers are always used only once we will set them to NULL after use. This is done likewise to the free_urb code in vudc_dev.c. This patch fixes double kfree situations where the usbip remote side added the URB_FREE_BUFFER. Signed-off-by: Michael Grzeschik Acked-by: Shuah Khan Signed-off-by: Greg Kroah-Hartman commit ab96add78bfe764a4994545993ac1c32978f8dc0 Author: Devin Heitmueller Date: Tue Jun 27 13:08:51 2017 -0400 Add USB quirk for HVR-950q to avoid intermittent device resets commit 6836796de4019944f4ba4c99a360e8250fd2e735 upstream. The USB core and sysfs will attempt to enumerate certain parameters which are unsupported by the au0828 - causing inconsistent behavior and sometimes causing the chip to reset. Avoid making these calls. This problem manifested as intermittent cases where the au8522 would be reset on analog video startup, in particular when starting up ALSA audio streaming in parallel - the sysfs entries created by snd-usb-audio on streaming startup would result in unsupported control messages being sent during tuning which would put the chip into an unknown state. Signed-off-by: Devin Heitmueller Signed-off-by: Greg Kroah-Hartman commit 45c73d0c7a96890e6a4e45576d4c544e15bed6e6 Author: Jeremie Rapin Date: Wed Jun 28 18:23:25 2017 +0200 USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick commit fd90f73a9925f248d696bde1cfc836d9fda5570d upstream. Added the USB serial device ID for the CEL ZigBee EM3588 radio stick. Signed-off-by: Jeremie Rapin Acked-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman commit c8130087ff4d3e21c9971708cec71ba42075d77d Author: Felipe Balbi Date: Wed May 17 15:57:45 2017 +0300 usb: dwc3: replace %p with %pK commit 04fb365c453e14ff9e8a28f1c46050d920a27a4a upstream. %p will leak kernel pointers, so let's not expose the information on dmesg and instead use %pK. %pK will only show the actual addresses if explicitly enabled under /proc/sys/kernel/kptr_restrict. Acked-by: Greg Kroah-Hartman Signed-off-by: Felipe Balbi Signed-off-by: Greg Kroah-Hartman commit a080ec466c3412dcf58cff69d6c05d1e670adc0c Author: Gerd Hoffmann Date: Thu Apr 6 17:59:40 2017 +0200 drm/virtio: don't leak bo on drm_gem_object_init failure commit 385aee965b4e4c36551c362a334378d2985b722a upstream. Reported-by: 李强 Signed-off-by: Gerd Hoffmann Link: http://patchwork.freedesktop.org/patch/msgid/20170406155941.458-1-kraxel@redhat.com Signed-off-by: Greg Kroah-Hartman commit fe0bb2ac167b21843d74465e196e9f9ea5852d07 Author: Sabrina Dubroca Date: Thu Jun 22 11:24:42 2017 +0200 tracing/kprobes: Allow to create probe with a module name starting with a digit commit 9e52b32567126fe146f198971364f68d3bc5233f upstream. Always try to parse an address, since kstrtoul() will safely fail when given a symbol as input. If that fails (which will be the case for a symbol), try to parse a symbol instead. This allows creating a probe such as: p:probe/vlan_gro_receive 8021q:vlan_gro_receive+0 Which is necessary for this command to work: perf probe -m 8021q -a vlan_gro_receive Link: http://lkml.kernel.org/r/fd72d666f45b114e2c5b9cf7e27b91de1ec966f1.1498122881.git.sd@queasysnail.net Fixes: 413d37d1e ("tracing: Add kprobe-based event tracer") Acked-by: Masami Hiramatsu Signed-off-by: Sabrina Dubroca Signed-off-by: Steven Rostedt (VMware) Signed-off-by: Greg Kroah-Hartman commit 78f20db86418dcda1e60f9ebe4be5086d00d2006 Author: Vlastimil Babka Date: Tue Jul 4 10:45:43 2017 +0200 mm: fix classzone_idx underflow in shrink_zones() [Not upstream as that would take 34+ patches] We've got reported a BUG in do_try_to_free_pages(): BUG: unable to handle kernel paging request at ffff8ffffff28990 IP: [] do_try_to_free_pages+0x140/0x490 PGD 0 Oops: 0000 [#1] SMP megaraid_sas sg scsi_mod efivarfs autofs4 Supported: No, Unsupported modules are loaded Workqueue: kacpi_hotplug acpi_hotplug_work_fn task: ffff88ffd0d4c540 ti: ffff88ffd0e48000 task.ti: ffff88ffd0e48000 RIP: 0010:[] [] do_try_to_free_pages+0x140/0x490 RSP: 0018:ffff88ffd0e4ba60 EFLAGS: 00010206 RAX: 000006fffffff900 RBX: 00000000ffffffff RCX: ffff88fffff29000 RDX: 000000ffffffff00 RSI: 0000000000000003 RDI: 00000000024200c8 RBP: 0000000001320122 R08: 0000000000000000 R09: ffff88ffd0e4bbac R10: 0000000000000000 R11: 0000000000000000 R12: ffff88ffd0e4bae0 R13: 0000000000000e00 R14: ffff88fffff2a500 R15: ffff88fffff2b300 FS: 0000000000000000(0000) GS:ffff88ffe6440000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff8ffffff28990 CR3: 0000000001c0a000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: 00000002db570a80 024200c80000001e ffff88fffff2b300 0000000000000000 ffff88fffffd5700 ffff88ffd0d4c540 ffff88ffd0d4c540 ffffffff0000000c 0000000000000000 0000000000000040 00000000024200c8 ffff88ffd0e4bae0 Call Trace: [] try_to_free_pages+0xba/0x170 [] __alloc_pages_nodemask+0x53f/0xb20 [] alloc_pages_current+0x7f/0x100 [] migrate_pages+0x202/0x710 [] __offline_pages.constprop.23+0x4ba/0x790 [] memory_subsys_offline+0x43/0x70 [] device_offline+0x7d/0xa0 [] acpi_bus_offline+0xa5/0xef [] acpi_device_hotplug+0x21b/0x41f [] acpi_hotplug_work_fn+0x1a/0x23 [] process_one_work+0x14e/0x410 [] worker_thread+0x116/0x490 [] kthread+0xbd/0xe0 [] ret_from_fork+0x3f/0x70 This translates to the loop in shrink_zone(): classzone_idx = requested_highidx; while (!populated_zone(zone->zone_pgdat->node_zones + classzone_idx)) classzone_idx--; where no zone is populated, so classzone_idx becomes -1 (in RBX). Added debugging output reveals that we enter the function with sc->gfp_mask == GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE requested_highidx = gfp_zone(sc->gfp_mask) == 2 (ZONE_NORMAL) Inside the for loop, however: gfp_zone(sc->gfp_mask) == 3 (ZONE_MOVABLE) This means we have gone through this branch: if (buffer_heads_over_limit) sc->gfp_mask |= __GFP_HIGHMEM; This changes the gfp_zone() result, but requested_highidx remains unchanged. On nodes where the only populated zone is movable, the inner while loop will check only lower zones, which are not populated, and underflow classzone_idx. To sum up, the bug occurs in configurations with ZONE_MOVABLE (such as when booted with the movable_node parameter) and only in situations when buffer_heads_over_limit is true, and there's an allocation with __GFP_MOVABLE and without __GFP_HIGHMEM performing direct reclaim. This patch makes sure that classzone_idx starts with the correct zone. Mainline has been affected in versions 4.6 and 4.7, but the culprit commit has been also included in stable trees. In mainline, this has been fixed accidentally as part of 34-patch series (plus follow-up fixes) "Move LRU page reclaim from zones to nodes", which makes the mainline commit unsuitable for stable backport, unfortunately. Fixes: 7bf52fb891b6 ("mm: vmscan: reclaim highmem zone if buffer_heads is over limit") Obsoleted-by: b2e18757f2c9 ("mm, vmscan: begin reclaiming pages on a per-node basis") Debugged-by: Michal Hocko Signed-off-by: Vlastimil Babka Cc: Minchan Kim Cc: Johannes Weiner Acked-by: Mel Gorman Acked-by: Michal Hocko Signed-off-by: Greg Kroah-Hartman commit 1f97e170cfc54da377ff4e375a0f7226d06534c0 Author: Rafał Miłecki Date: Tue Apr 12 13:30:45 2016 +0200 bgmac: reset & enable Ethernet core before using it commit b4dfd8e92956b396d3438212bc9a0be6267b8b34 upstream. This fixes Ethernet on D-Link DIR-885L with BCM47094 SoC. Felix reported similar fix was needed for his BCM4709 device (Buffalo WXR-1900DHP?). I tested this for regressions on BCM4706, BCM4708A0 and BCM47081A0. Cc: Felix Fietkau Signed-off-by: Rafał Miłecki Signed-off-by: David S. Miller Signed-off-by: Amit Pundir Signed-off-by: Greg Kroah-Hartman commit c01ace719ebe6353f0c96e56f6c75c22ad3f67b0 Author: Adrian Salido Date: Tue Apr 25 16:55:26 2017 -0700 driver core: platform: fix race condition with driver_override commit 6265539776a0810b7ce6398c27866ddb9c6bd154 upstream. The driver_override implementation is susceptible to race condition when different threads are reading vs storing a different driver override. Add locking to avoid race condition. Fixes: 3d713e0e382e ("driver core: platform: add device binding path 'driver_override'") Cc: stable@vger.kernel.org Signed-off-by: Adrian Salido Signed-off-by: Greg Kroah-Hartman commit 4043d5bca587eab2dfcca5e2da7e770d16b127c8 Author: Christoph Hellwig Date: Thu Apr 27 09:42:25 2017 +0200 fs: completely ignore unknown open flags commit 629e014bb8349fcf7c1e4df19a842652ece1c945 upstream. Currently we just stash anything we got into file->f_flags, and the report it in fcntl(F_GETFD). This patch just clears out all unknown flags so that we don't pass them to the fs or report them. Signed-off-by: Christoph Hellwig Signed-off-by: Al Viro Signed-off-by: Greg Kroah-Hartman commit ccb973e681d8f9fedb398b87a115b48ed96a6214 Author: Christoph Hellwig Date: Thu Apr 27 09:42:24 2017 +0200 fs: add a VALID_OPEN_FLAGS commit 80f18379a7c350c011d30332658aa15fe49a8fa5 upstream. Add a central define for all valid open flags, and use it in the uniqueness check. Signed-off-by: Christoph Hellwig Signed-off-by: Al Viro Signed-off-by: Greg Kroah-Hartman