Update smbencrypt.c #159
Open
Update smbencrypt.c #159
+1
−1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Think it looks better with an explanation mark
|
No it doesn't. |
|
Why would the explanation mark be necessary? |
|
Just some other random wanting the "I contributed to the Linux Kernel." guy I suppose. |
|
It's an error code (%d), the exclamation mark just doesn't make sense. |
|
You know...I'm starting to think Linus uses GitHub just to judge people's intelligence based on their PRs. On a more serious note, Linus doesn't accept pull requests on GitHub, so please, don't create them... |
|
Good ! 很好的建议。 |
|
Why did it never end with any punctuation though? Is it not a sentence? |
2333..... |
|
What? |
|
I think you said it right and very funny. |
|
Oh, I don't do Chinese :P |
martinezjavier
pushed a commit
to martinezjavier/linux
that referenced
this pull request
May 25, 2015
Commit 284f39a ("mm: memcg: push !mm handling out to page cache charge function") explicitly checks for page cache charges without any mm context (from kernel thread context[1]). This seemed to be the only possible case where memory could be charged without mm context so commit 03583f1 ("memcg: remove unnecessary !mm check from try_get_mem_cgroup_from_mm()") removed the mm check from get_mem_cgroup_from_mm(). This however caused another NULL ptr dereference during early boot when loopback kernel thread splices to tmpfs as reported by Stephan Kulow: BUG: unable to handle kernel NULL pointer dereference at 0000000000000360 IP: get_mem_cgroup_from_mm.isra.42+0x2b/0x60 Oops: 0000 [#1] SMP Modules linked in: btrfs dm_multipath dm_mod scsi_dh multipath raid10 raid456 async_raid6_recov async_memcpy async_pq raid6_pq async_xor xor async_tx raid1 raid0 md_mod parport_pc parport nls_utf8 isofs usb_storage iscsi_ibft iscsi_boot_sysfs arc4 ecb fan thermal nfs lockd fscache nls_iso8859_1 nls_cp437 sg st hid_generic usbhid af_packet sunrpc sr_mod cdrom ata_generic uhci_hcd virtio_net virtio_blk ehci_hcd usbcore ata_piix floppy processor button usb_common virtio_pci virtio_ring virtio edd squashfs loop ppa] CPU: 0 PID: 97 Comm: loop1 Not tainted 3.15.0-rc5-5-default #1 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 Call Trace: __mem_cgroup_try_charge_swapin+0x40/0xe0 mem_cgroup_charge_file+0x8b/0xd0 shmem_getpage_gfp+0x66b/0x7b0 shmem_file_splice_read+0x18f/0x430 splice_direct_to_actor+0xa2/0x1c0 do_lo_receive+0x5a/0x60 [loop] loop_thread+0x298/0x720 [loop] kthread+0xc6/0xe0 ret_from_fork+0x7c/0xb0 Also Branimir Maksimovic reported the following oops which is tiggered for the swapcache charge path from the accounting code for kernel threads: CPU: 1 PID: 160 Comm: kworker/u8:5 Tainted: P OE 3.15.0-rc5-core2-custom torvalds#159 Hardware name: System manufacturer System Product Name/MAXIMUSV GENE, BIOS 1903 08/19/2013 task: ffff880404e349b0 ti: ffff88040486a000 task.ti: ffff88040486a000 RIP: get_mem_cgroup_from_mm.isra.42+0x2b/0x60 Call Trace: __mem_cgroup_try_charge_swapin+0x45/0xf0 mem_cgroup_charge_file+0x9c/0xe0 shmem_getpage_gfp+0x62c/0x770 shmem_write_begin+0x38/0x40 generic_perform_write+0xc5/0x1c0 __generic_file_aio_write+0x1d1/0x3f0 generic_file_aio_write+0x4f/0xc0 do_sync_write+0x5a/0x90 do_acct_process+0x4b1/0x550 acct_process+0x6d/0xa0 do_exit+0x827/0xa70 kthread+0xc3/0xf0 This patch fixes the issue by reintroducing mm check into get_mem_cgroup_from_mm. We could do the same trick in __mem_cgroup_try_charge_swapin as we do for the regular page cache path but it is not worth troubles. The check is not that expensive and it is better to have get_mem_cgroup_from_mm more robust. [1] - http://marc.info/?l=linux-mm&m=139463617808941&w=2 Fixes: 03583f1 ("memcg: remove unnecessary !mm check from try_get_mem_cgroup_from_mm()") Reported-and-tested-by: Stephan Kulow <[email protected]> Reported-by: Branimir Maksimovic <[email protected]> Signed-off-by: Michal Hocko <[email protected]> Acked-by: Johannes Weiner <[email protected]> Cc: Hugh Dickins <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
0day-ci
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Jun 20, 2016
etm4_trace_id is not guaranteed to be executed on the CPU whose ETM is being accessed. This leads to exception similar to below one if the CPU whose ETM is being accessed is in deeper idle states. So it must be executed on the CPU whose ETM is being accessed. Unhandled fault: synchronous external abort (0x96000210) at 0xffff000008db4040 Internal error: : 96000210 [#1] PREEMPT SMP Modules linked in: CPU: 5 PID: 5979 Comm: etm.sh Not tainted 4.7.0-rc3 torvalds#159 Hardware name: ARM Juno development board (r2) (DT) task: ffff80096dd34b00 ti: ffff80096dfe4000 task.ti: ffff80096dfe4000 PC is at etm4_trace_id+0x5c/0x90 LR is at etm4_trace_id+0x3c/0x90 Call trace: etm4_trace_id+0x5c/0x90 coresight_id_match+0x78/0xa8 bus_for_each_dev+0x60/0xa0 coresight_enable+0xc0/0x1b8 enable_source_store+0x3c/0x70 dev_attr_store+0x18/0x28 sysfs_kf_write+0x48/0x58 kernfs_fop_write+0x14c/0x1e0 __vfs_write+0x1c/0x100 vfs_write+0xa0/0x1b8 SyS_write+0x44/0xa0 el0_svc_naked+0x24/0x28 However, TRCTRACEIDR is not guaranteed to hold the previous programmed trace id if it enters deeper idle states. Further, the trace id that is computed in etm4_init_trace_id is programmed into TRCTRACEIDR only in etm4_enable_hw which happens much later in the sequence after coresight_id_match is executed from enable_source_store. This patch simplifies etm4_trace_id by returning the stashed trace id value similar to etm4_cpu_id. Cc: Mathieu Poirier <[email protected]> Signed-off-by: Sudeep Holla <[email protected]>
0day-ci
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Jun 22, 2016
etm4_trace_id is not guaranteed to be executed on the CPU whose ETM is being accessed. This leads to exception similar to below one if the CPU whose ETM is being accessed is in deeper idle states. So it must be executed on the CPU whose ETM is being accessed. Unhandled fault: synchronous external abort (0x96000210) at 0xffff000008db4040 Internal error: : 96000210 [#1] PREEMPT SMP Modules linked in: CPU: 5 PID: 5979 Comm: etm.sh Not tainted 4.7.0-rc3 torvalds#159 Hardware name: ARM Juno development board (r2) (DT) task: ffff80096dd34b00 ti: ffff80096dfe4000 task.ti: ffff80096dfe4000 PC is at etm4_trace_id+0x5c/0x90 LR is at etm4_trace_id+0x3c/0x90 Call trace: etm4_trace_id+0x5c/0x90 coresight_id_match+0x78/0xa8 bus_for_each_dev+0x60/0xa0 coresight_enable+0xc0/0x1b8 enable_source_store+0x3c/0x70 dev_attr_store+0x18/0x28 sysfs_kf_write+0x48/0x58 kernfs_fop_write+0x14c/0x1e0 __vfs_write+0x1c/0x100 vfs_write+0xa0/0x1b8 SyS_write+0x44/0xa0 el0_svc_naked+0x24/0x28 However, TRCTRACEIDR is not guaranteed to hold the previous programmed trace id if it enters deeper idle states. Further, the trace id that is computed in etm4_init_trace_id is programmed into TRCTRACEIDR only in etm4_enable_hw which happens much later in the sequence after coresight_id_match is executed from enable_source_store. This patch simplifies etm4_trace_id by returning the stashed trace id value similar to etm4_cpu_id. Cc: Mathieu Poirier <[email protected]> Signed-off-by: Sudeep Holla <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]>
0day-ci
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Jul 6, 2016
etm4_trace_id is not guaranteed to be executed on the CPU whose ETM is being accessed. This leads to exception similar to below one if the CPU whose ETM is being accessed is in deeper idle states. So it must be executed on the CPU whose ETM is being accessed. Unhandled fault: synchronous external abort (0x96000210) at 0xffff000008db4040 Internal error: : 96000210 [#1] PREEMPT SMP Modules linked in: CPU: 5 PID: 5979 Comm: etm.sh Not tainted 4.7.0-rc3 torvalds#159 Hardware name: ARM Juno development board (r2) (DT) task: ffff80096dd34b00 ti: ffff80096dfe4000 task.ti: ffff80096dfe4000 PC is at etm4_trace_id+0x5c/0x90 LR is at etm4_trace_id+0x3c/0x90 Call trace: etm4_trace_id+0x5c/0x90 coresight_id_match+0x78/0xa8 bus_for_each_dev+0x60/0xa0 coresight_enable+0xc0/0x1b8 enable_source_store+0x3c/0x70 dev_attr_store+0x18/0x28 sysfs_kf_write+0x48/0x58 kernfs_fop_write+0x14c/0x1e0 __vfs_write+0x1c/0x100 vfs_write+0xa0/0x1b8 SyS_write+0x44/0xa0 el0_svc_naked+0x24/0x28 However, TRCTRACEIDR is not guaranteed to hold the previous programmed trace id if it enters deeper idle states. Further, the trace id that is computed in etm4_init_trace_id is programmed into TRCTRACEIDR only in etm4_enable_hw which happens much later in the sequence after coresight_id_match is executed from enable_source_store. This patch simplifies etm4_trace_id by returning the stashed trace id value similar to etm4_cpu_id. Cc: Mathieu Poirier <[email protected]> Signed-off-by: Sudeep Holla <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]>
0day-ci
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Aug 23, 2016
etm4_trace_id is not guaranteed to be executed on the CPU whose ETM is being accessed. This leads to exception similar to below one if the CPU whose ETM is being accessed is in deeper idle states. So it must be executed on the CPU whose ETM is being accessed. Unhandled fault: synchronous external abort (0x96000210) at 0xffff000008db4040 Internal error: : 96000210 [#1] PREEMPT SMP Modules linked in: CPU: 5 PID: 5979 Comm: etm.sh Not tainted 4.7.0-rc3 torvalds#159 Hardware name: ARM Juno development board (r2) (DT) task: ffff80096dd34b00 ti: ffff80096dfe4000 task.ti: ffff80096dfe4000 PC is at etm4_trace_id+0x5c/0x90 LR is at etm4_trace_id+0x3c/0x90 Call trace: etm4_trace_id+0x5c/0x90 coresight_id_match+0x78/0xa8 bus_for_each_dev+0x60/0xa0 coresight_enable+0xc0/0x1b8 enable_source_store+0x3c/0x70 dev_attr_store+0x18/0x28 sysfs_kf_write+0x48/0x58 kernfs_fop_write+0x14c/0x1e0 __vfs_write+0x1c/0x100 vfs_write+0xa0/0x1b8 SyS_write+0x44/0xa0 el0_svc_naked+0x24/0x28 However, TRCTRACEIDR is not guaranteed to hold the previous programmed trace id if it enters deeper idle states. Further, the trace id that is computed in etm4_init_trace_id is programmed into TRCTRACEIDR only in etm4_enable_hw which happens much later in the sequence after coresight_id_match is executed from enable_source_store. This patch simplifies etm4_trace_id by returning the stashed trace id value similar to etm4_cpu_id. Cc: Mathieu Poirier <[email protected]> Signed-off-by: Sudeep Holla <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]>
0day-ci
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Aug 24, 2016
GIT ca80d82c230807c588d14e3f26dee035f3ca1658 commit 6f0b826da4a33e83501d6c1dc977afa0f5f7166f Author: Markus Elfring <[email protected]> Date: Sat Aug 20 07:50:09 2016 +0200 mlx5/core: Use memdup_user() rather than duplicating its implementation * Reuse existing functionality from memdup_user() instead of keeping duplicate source code. This issue was detected by using the Coccinelle software. * Return directly if this copy operation failed. Signed-off-by: Markus Elfring <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit b9a24bb76bf611a5268ceffe04219e6ad264559b Author: WANG Cong <[email protected]> Date: Fri Aug 19 12:36:54 2016 -0700 net_sched: properly handle failure case of tcf_exts_init() After commit 22dc13c837c3 ("net_sched: convert tcf_exts from list to pointer array") we do dynamic allocation in tcf_exts_init(), therefore we need to handle the ENOMEM case properly. Cc: Jamal Hadi Salim <[email protected]> Signed-off-by: Cong Wang <[email protected]> Acked-by: Jamal Hadi Salim <[email protected]> Acked-by: Jamal Hadi Salim <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit cae750bae4e488c138eb436175201a60943eb3dc Author: Paul Burton <[email protected]> Date: Fri Aug 19 18:11:19 2016 +0100 irqchip/mips-gic: Use for_each_set_bit to iterate over IRQs The MIPS GIC driver has previously iterated over bits set in a bitmap representing pending IRQs by calling find_first_bit, clearing that bit then calling find_first_bit again until all bits are clear. If multiple interrupts are pending then this is wasteful, as find_first_bit will have to loop over the whole bitmap from the start. Use the for_each_set_bit macro which performs exactly what we need here instead. It will use find_next_bit and thus only scan over the relevant part of the bitmap, and it makes the intent of the code more clear. Signed-off-by: Paul Burton <[email protected]> Link: https://lkml.kernel.org/r/[email protected] Signed-off-by: Jason Cooper <[email protected]> commit a10035a9b787a65e2cc9e7d59df6c698ba778c17 Author: Mike Christie <[email protected]> Date: Thu Aug 18 18:38:45 2016 +0200 rbd: add force close option This adds a force close option, so we can force the unmapping of a rbd device that is open. If a path/device is blacklisted, apps like multipathd can map a new device and then unmap the old one. The unmapping cleanup would then be handled by the generic hotunplug code paths in multipahd like is done for iSCSI, FC/FCOE, SAS, etc. Signed-off-by: Mike Christie <[email protected]> Signed-off-by: Ilya Dryomov <[email protected]> commit 21118df66c198d6ebb23e6827e2e92ab1e148e78 Author: Wei Yongjun <[email protected]> Date: Sat Aug 20 15:26:28 2016 +0000 irqchip/jcore-aic: Fix non static symbol warning Fixes the following sparse warning: drivers/irqchip/irq-jcore-aic.c:47:12: warning: symbol 'aic_irq_of_init' was not declared. Should it be static? Signed-off-by: Wei Yongjun <[email protected]> Link: https://lkml.kernel.org/r/[email protected] Signed-off-by: Jason Cooper <[email protected]> commit 04208a24b9d2f46f07f4400a4829d5372d0a3661 Author: Thomas Petazzoni <[email protected]> Date: Fri Aug 5 16:55:20 2016 +0200 arm64: marvell: enable the Marvell PIC driver This commit makes sure the driver for the Marvell PIC interrupt controller (used on Marvell Armada 7K/8K) is enabled. Signed-off-by: Thomas Petazzoni <[email protected]> Link: https://lkml.kernel.org/r/1470408921-447-4-git-send-email-thomas.petazzoni@free-electrons.com Signed-off-by: Jason Cooper <[email protected]> commit a109893bd3e71912b376a731b27de8c45fded9b3 Author: Thomas Petazzoni <[email protected]> Date: Fri Aug 5 16:55:19 2016 +0200 irqchip/mvebu-pic: New driver for Marvell Armada 7K/8K PIC The Marvell Armada 7K/8K integrates a secondary interrupt controller very originally named "PIC". It is connected to the main GIC via a PPI. Amongst other things, this PIC is used for the ARM PMU. This commit adds a simple irqchip driver for this interrupt controller. Since this interrupt controller is not needed early at boot time, we make the driver a proper platform driver rather than use the IRQCHIP_DECLARE() mechanism. Signed-off-by: Yehuda Yitschak <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> Link: https://lkml.kernel.org/r/1470408921-447-3-git-send-email-thomas.petazzoni@free-electrons.com Signed-off-by: Jason Cooper <[email protected]> commit f69f2593c77e981922234369ec157117e7068776 Author: Mike Christie <[email protected]> Date: Thu Aug 18 18:38:45 2016 +0200 rbd: add 'config_info' sysfs rbd device attribute Export the info used to setup the rbd image, so it can be used to remap the image. Signed-off-by: Mike Christie <[email protected]> [[email protected]: do_rbd_add() EH] Signed-off-by: Ilya Dryomov <[email protected]> commit dd86aa3766a11e5d8dfd43940f63b784fc733695 Author: Mike Christie <[email protected]> Date: Thu Aug 18 18:38:44 2016 +0200 rbd: add 'snap_id' sysfs rbd device attribute Export snap id in sysfs, so tools like multipathd can use it in a uuid. Signed-off-by: Mike Christie <[email protected]> Signed-off-by: Ilya Dryomov <[email protected]> commit 07f22ac266cb1591aac4679d3462706de0ff7a5d Author: Mike Christie <[email protected]> Date: Thu Aug 18 18:38:43 2016 +0200 rbd: add 'cluster_fsid' sysfs rbd device attribute Export the cluster fsid, so tools like udev and multipath-tools can use it for part of the uuid. Signed-off-by: Mike Christie <[email protected]> Signed-off-by: Ilya Dryomov <[email protected]> commit 83a117c50940d5367710a0f00d0d8be693d937f5 Author: Ilya Dryomov <[email protected]> Date: Thu Aug 18 18:38:43 2016 +0200 rbd: add 'client_addr' sysfs rbd device attribute Export client addr/nonce, so userspace can check if a image is being blacklisted. Signed-off-by: Mike Christie <[email protected]> [[email protected]: ceph_client_addr(), endianess fix] Signed-off-by: Ilya Dryomov <[email protected]> commit ca7bfe2c8d9f3aee469a3a36110a95ebb511ee20 Author: Mauro Carvalho Chehab <[email protected]> Date: Mon Aug 22 11:04:49 2016 -0300 docs-rst: add package adjustbox We need adjustbox to allow adjusting the size of tables that are bigger than the line width. There are quite a few of them at the media books. Signed-off-by: Mauro Carvalho Chehab <[email protected]> Signed-off-by: Jonathan Corbet <[email protected]> commit ba1377fba7047a86c31981363cbd9e65b1ca2763 Author: Mauro Carvalho Chehab <[email protected]> Date: Sun Aug 21 15:23:04 2016 -0300 docs-rst: Fix an warning when in interactive mode When XeLaTeX is in interactive mode, it complains that py@noticelength already exists. Rename it and declare it only once to avoid such messages. Signed-off-by: Mauro Carvalho Chehab <[email protected]> Signed-off-by: Jonathan Corbet <[email protected]> commit 41cff161fe99d1c6a773becc2250a1dc3ac035ff Author: Mauro Carvalho Chehab <[email protected]> Date: Sun Aug 21 15:23:03 2016 -0300 docs-rst: Use better colors for note/warning/attention boxes Instead of painting the box with gray, let's use a colored box. IMHO, that makes easier to warn users about some issue pointed by the Sphinx. It also matches to what we do already with the HTML output. Signed-off-by: Mauro Carvalho Chehab <[email protected]> Signed-off-by: Jonathan Corbet <[email protected]> commit bf1bead585e5a8c21d4ac7a8d7fc860b80c4290a Author: Ilya Dryomov <[email protected]> Date: Thu Aug 18 18:38:41 2016 +0200 rbd: print capacity in decimal and features in hex With exclusive-lock added and more to come, print features into dmesg. Change capacity to decimal while at it. Signed-off-by: Ilya Dryomov <[email protected]> commit aa0336393dc095f2a2eaf543ebbf1dfc0bda40cf Author: Ilya Dryomov <[email protected]> Date: Fri Aug 12 16:40:02 2016 +0200 rbd: support for exclusive-lock feature Add basic support for RBD_FEATURE_EXCLUSIVE_LOCK feature. Maintenance operations (resize, snapshot create, etc) are offloaded to librbd via returning -EOPNOTSUPP - librbd should request the lock and execute the operation. Signed-off-by: Ilya Dryomov <[email protected]> commit d7ad7f3c6bc4da00a822bf65f8c677173e7192a2 Author: Ilya Dryomov <[email protected]> Date: Fri Aug 12 16:11:41 2016 +0200 rbd: retry watch re-registration periodically Revamp watch code to support retrying watch re-registration: - add rbd_dev->watch_state for more robust errcb handling - store watch cookie separately to avoid dereferencing watch_handle which is set to NULL on unwatch - move re-register code into a delayed work and retry re-registration every second, unless the client is blacklisted Signed-off-by: Ilya Dryomov <[email protected]> commit 885bfa587709736b9081ef2cf2a08c007b798ea5 Author: Ilya Dryomov <[email protected]> Date: Fri Aug 12 15:45:52 2016 +0200 rbd: introduce a per-device ordered workqueue This is going to be used for reregistering watch requests and exclusive-lock tasks: acquire/request lock, notify-acquired, release lock, notify-released. Some refactoring in the map/unmap paths was necessary to give this workqueue a meaningful name: "rbdX-tasks". Signed-off-by: Ilya Dryomov <[email protected]> commit a926f18ef50a526726d1f9e9249bb455246389e0 Author: Ilya Dryomov <[email protected]> Date: Fri Aug 12 14:59:58 2016 +0200 libceph: rename ceph_client_id() -> ceph_client_gid() Signed-off-by: Ilya Dryomov <[email protected]> commit 243b6381a3ddafef0f598c825da094fb2aca9c1b Author: Douglas Fuller <[email protected]> Date: Wed Jul 22 20:59:52 2015 -0400 libceph: support for blacklisting clients Reuse ceph_mon_generic_request infrastructure for sending monitor commands. In particular, add support for 'blacklist add' to prevent other, non-responsive clients from making further updates. Signed-off-by: Douglas Fuller <[email protected]> [[email protected]: refactor, misc fixes throughout] Signed-off-by: Ilya Dryomov <[email protected]> commit c33c690cc42e7e11a694ad2b7721ed37c883c1a3 Author: Douglas Fuller <[email protected]> Date: Mon Jun 29 16:55:42 2015 -0700 libceph: support for lock.lock_info Add an interface for the Ceph OSD lock.lock_info method and associated data structures. Based heavily on code by Mike Christie <[email protected]>. Signed-off-by: Douglas Fuller <[email protected]> [[email protected]: refactor, misc fixes throughout] Signed-off-by: Ilya Dryomov <[email protected]> commit b3872a9b832154b6051ecfcd81ff315ee1447c36 Author: Douglas Fuller <[email protected]> Date: Thu Jun 18 13:06:10 2015 -0700 libceph: support for advisory locking on RADOS objects This patch adds support for rados lock, unlock and break lock. Based heavily on code by Mike Christie <[email protected]>. Signed-off-by: Douglas Fuller <[email protected]> Signed-off-by: Ilya Dryomov <[email protected]> commit 66b78cbaa9d7f7d6c1e4dee8495db436bcd9cc51 Author: Douglas Fuller <[email protected]> Date: Wed Jun 17 14:49:45 2015 -0400 libceph: add ceph_osdc_call() single-page helper Add a convenience function to osd_client to send Ceph OSD 'class' ops. The interface assumes that the request and reply data each consist of single pages. Signed-off-by: Douglas Fuller <[email protected]> Signed-off-by: Ilya Dryomov <[email protected]> commit ba5eddca49df02a746026725c94965d2e0300cbf Author: Douglas Fuller <[email protected]> Date: Fri Jul 17 13:18:07 2015 -0700 libceph: support for CEPH_OSD_OP_LIST_WATCHERS Add support for this Ceph OSD op, needed to support the RBD exclusive lock feature. Signed-off-by: Douglas Fuller <[email protected]> [[email protected]: refactor, misc fixes throughout] Signed-off-by: Ilya Dryomov <[email protected]> commit a653fc0abf0f9641c611d9e993c865e75e5de997 Author: Ilya Dryomov <[email protected]> Date: Thu Jun 2 16:45:08 2016 +0200 libceph: rename ceph_entity_name_encode() -> ceph_auth_entity_name_encode() Clear up EntityName vs entity_name_t confusion. Signed-off-by: Ilya Dryomov <[email protected]> commit aa4e37a3d13679dccf7945dd864375b698cf0df9 Author: Mauro Carvalho Chehab <[email protected]> Date: Fri Aug 19 09:49:38 2016 -0300 docs-rst: conf.py: adjust the size of .. note:: tag While the current implementation works well when using as a paragraph, it doesn't work properly if inside a table. As we have quite a few such cases, fix the logic to take the column size into account. PS.: I took the logic there from the latest version of Sphinx.sty Signed-off-by: Mauro Carvalho Chehab <[email protected]> Signed-off-by: Jonathan Corbet <[email protected]> commit d565127d120e9b95ba98549c31eab9cec1cbbbc7 Author: Mauro Carvalho Chehab <[email protected]> Date: Thu Aug 18 11:53:39 2016 -0300 docs-rst: add support for LaTeX output Sphinx supports LaTeX output. Sometimes, it is interesting to call it directly, instead of also generating a PDF. As it comes for free, add a target for it. Signed-off-by: Mauro Carvalho Chehab <[email protected]> Signed-off-by: Jonathan Corbet <[email protected]> commit 9cd3476c91708b4b814f17671597a2708ec195ed Author: Markus Heiser <[email protected]> Date: Mon Aug 15 16:08:28 2016 +0200 doc-rst: migrate ioctl CEC_DQEVENT to c-domain This is only one example, demonstrating the benefits of the patch series. The CEC_DQEVENT ioctl is migrated to the sphinx c-domain and referred by ":name: CEC_DQEVENT". With this change the indirection using ":ref:`CEC_DQEVENT` is no longer needed, we can refer the ioctl directly with ":c:func:`CEC_DQEVENT`". As addition in the index, there is a entry "CEC_DQEVENT (C function)". Signed-off-by: Markus Heiser <[email protected]> Signed-off-by: Jonathan Corbet <[email protected]> commit aa10a7826646c56eb4553df8fe81b3d23655c91a Author: Markus Heiser <[email protected]> Date: Mon Aug 15 16:08:27 2016 +0200 doc-rst: Revert "kernel-doc: fix handling of address_space tags" This reverts commit a88b1672d4ddf9895eb53e6980926d5e960dea8e. From the origin comit log:: The RST cpp:function handler is very pedantic: it doesn't allow any macros like __user on it Since the kernel-doc parser does NOT make use of the cpp:domain, there is no need to change the kernel-doc parser eleminating the address_space tags. Signed-off-by: Markus Heiser <[email protected]> Signed-off-by: Jonathan Corbet <[email protected]> commit 556aa6d5d9616ccfc0099c40dc239157f50ee776 Author: Markus Heiser <[email protected]> Date: Mon Aug 15 16:08:26 2016 +0200 doc-rst: moved *duplicate* warnings to nitpicky mode Moved the *duplicate C object description* warnings for function declarations in the nitpicky mode. In nitpick mode, you can suppress those warnings (e.g. ioctl) with:: nitpicky = True nitpick_ignore = [ ("c:func", "ioctl"), ] See Sphinx documentation for the config values for ``nitpick`` and ``nitpick_ignore`` [1]. With this change all the ".. cpp:function:: int ioctl(..)" descriptions (found in the media book) can be migrated to ".. c:function:: int ioctl(..)", without getting any warnings. E.g.:: .. cpp:function:: int ioctl( int fd, int request, struct cec_event *argp ) .. c:function:: int ioctl( int fd, int request, struct cec_event *argp ) The main effect, is that we get those *CPP-types* back into Sphinx's C- namespace and we need no longer to distinguish between c/cpp references, when we refer a function like the ioctl. [1] http://www.sphinx-doc.org/en/stable/config.html?highlight=nitpick#confval-nitpicky Signed-off-by: Markus Heiser <[email protected]> Signed-off-by: Jonathan Corbet <[email protected]> commit 2c645cd7c4a0d4b35da1e43ec3a5b55a64038157 Author: Markus Heiser <[email protected]> Date: Mon Aug 15 16:08:25 2016 +0200 doc-rst:c-domain: ref-name of a function declaration Add option 'name' to the "c:function:" directive. With option 'name' the ref-name of a function can be modified. E.g.:: .. c:function:: int ioctl( int fd, int request ) :name: VIDIOC_LOG_STATUS The func-name (e.g. ioctl) remains in the output but the ref-name changed from ``ioctl`` to ``VIDIOC_LOG_STATUS``. The index entry for this function is also changed to ``VIDIOC_LOG_STATUS`` and the function can now referenced by:: :c:func:`VIDIOC_LOG_STATUS` Signed-off-by: Markus Heiser <[email protected]> Signed-off-by: Jonathan Corbet <[email protected]> commit e8f5c617f26626ef4915ffa176f4ae02c9e08531 Author: Markus Heiser <[email protected]> Date: Mon Aug 22 15:16:21 2016 -0600 doc-rst: add boilerplate to customize c-domain Add a sphinx-extension to customize the sphinx c-domain. No functional changes right yet, just the boilerplate code. Signed-off-by: Markus Heiser <[email protected]> [ jc: coding-style tweak ] Signed-off-by: Jonathan Corbet <[email protected]> commit 99ff4d3af80caa91eef5a4b709def6b8b362ce8c Author: Dmitry Torokhov <[email protected]> Date: Fri Aug 19 10:03:59 2016 -0700 Input: jornada720_kbd - switch to using dev_dbg Switch to using dev_dbg instead of naked printk so that output is uniform with the other driver messages in the kernel. Signed-off-by: Dmitry Torokhov <[email protected]> commit 0f631d87d9a5e3f5f22908b102c8eaad944f390e Author: Russell King <[email protected]> Date: Fri Aug 19 09:41:47 2016 -0700 Input: jornada720_kbd - get rid of mach/irqs.h include Switch the jornada720 keyboard driver to obtain its interrupt from the platform device, rather than via a hard-coded interrupt number obtained from the mach/irqs.h header. Signed-off-by: Russell King <[email protected]> Signed-off-by: Dmitry Torokhov <[email protected]> commit a8a7bdc598ec0c355491bc1cac75f8f6b8a1740d Author: Russell King <[email protected]> Date: Fri Aug 19 09:40:58 2016 -0700 Input: jornada720_kbd - switch to devm_* APIs Switch the jornada720_kbd driver to use the devm_* APIs. This is in preparation to removing the mach/irqs.h include from this driver. Signed-off-by: Russell King <[email protected]> Signed-off-by: Dmitry Torokhov <[email protected]> commit 3f5c5920e627b602db4e13b9010f76ed1d078c54 Author: Krzysztof Kozlowski <[email protected]> Date: Fri Aug 19 10:15:46 2016 -0700 Input: max77693-haptic - change Krzysztof Kozlowski's email to kernel.org Change my email address to kernel.org instead of Samsung one for the purpose of any future contact. The copyrights remain untouched and are attributed to Samsung. Signed-off-by: Krzysztof Kozlowski <[email protected]> Signed-off-by: Dmitry Torokhov <[email protected]> commit e9bf4529d3db9e6291ebfe41be08e6bb76bdf49d Author: LABBE Corentin <[email protected]> Date: Fri Aug 19 10:18:32 2016 -0700 Input: pixcir_i2c_ts - remove a useless blank line This patch fix the following checkpatch report: Blank lines aren't necessary after an open brace Signed-off-by: LABBE Corentin <[email protected]> Signed-off-by: Dmitry Torokhov <[email protected]> commit 5ac82f081ac08c5ca551aa6cfc5d81ff26efdf4e Author: LABBE Corentin <[email protected]> Date: Fri Aug 19 10:17:18 2016 -0700 Input: pixcir_i2c_ts - remove text about writing to Free Software Foundation Checkpatch complains about the text suggesting writing to Free Software Foundation for GPLv2 license copy. This patch remove that text. Signed-off-by: LABBE Corentin <[email protected]> Signed-off-by: Dmitry Torokhov <[email protected]> commit 8ffef3cc696e9eff67ec79be349407895bffdfc1 Author: LABBE Corentin <[email protected]> Date: Fri Aug 19 10:16:51 2016 -0700 Input: pixcir_i2c_ts - simplify code with of_device_get_match_data The usage of of_device_get_match_data reduce the code size a bit. Furthermore, it is better to use a standard function for getting the match data. Signed-off-by: LABBE Corentin <[email protected]> Signed-off-by: Dmitry Torokhov <[email protected]> commit d18716542d137beafef2859bdf90d4e0c9a25523 Author: Hans de Goede <[email protected]> Date: Thu Aug 4 08:21:19 2016 -0700 Input: remove duplicate ft6236 driver The new(ish) ft6236 simply re-implements the M09 protocol of the (much) older edt-ft5x06.c driver. This commit removes this duplicate driver and adds the i2c ids and dt compatible string to the edt-ft5x06.c driver to keep compatibility. This commit also adds the standard touchscreen properties as optional properties to the edt,ft5x06 binding, these were documented in the focaltech,ft6236 bindingi, but were missing from the edt,ft5x06 doc. Signed-off-by: Hans de Goede <[email protected]> Acked-by: Rob Herring <[email protected]> Signed-off-by: Dmitry Torokhov <[email protected]> commit e3a888a4bff0bef0b256d55c58bc32c99fb44ece Author: Petr Cvek <[email protected]> Date: Fri Aug 19 10:14:29 2016 -0700 Input: ads7846 - remove redundant regulator_disable call ADS7846 regulator is disabled twice in a row in ads7846_remove(). Valid one is in ads7846_disable(). Removing the ads7846 module causes warning about unbalanced disables. ... WARNING: CPU: 0 PID: 29269 at drivers/regulator/core.c:2251 _regulator_disable+0xf8/0x130 unbalanced disables for vads7846 CPU: 0 PID: 29269 Comm: rmmod Tainted: G D W 4.7.0+ #3 Hardware name: HTC Magician ... show_stack+0x10/0x14 __warn+0xd8/0x100 warn_slowpath_fmt+0x38/0x48 _regulator_disable+0xf8/0x130 regulator_disable+0x34/0x60 ads7846_remove+0x58/0xd4 [ads7846] spi_drv_remove+0x1c/0x34 __device_release_driver+0x84/0x114 driver_detach+0x8c/0x90 bus_remove_driver+0x5c/0xc8 SyS_delete_module+0x1a0/0x238 ret_fast_syscall+0x0/0x38 Signed-off-by: Petr Cvek <[email protected]> Signed-off-by: Dmitry Torokhov <[email protected]> commit 3e29d6bb6433ebfa4e187b1164b80baf720d58c3 Author: Andrew Duggan <[email protected]> Date: Mon Aug 22 11:28:11 2016 -0700 Input: synaptics-rmi4 - fix register descriptor subpacket map construction The map_offset variable is specific to the register and needs to be reset in the loop. Otherwise, subsequent register's subpacket maps will have their bits set at the wrong index. Signed-off-by: Andrew Duggan <[email protected]> Tested-by: Nitin Chaudhary <[email protected]> Reviewed-by: Benjamin Tissoires <[email protected]> Cc: [email protected] Signed-off-by: Dmitry Torokhov <[email protected]> commit fae16989be77b09bab86c79233e4b511ea769cea Author: Masahiro Yamada <[email protected]> Date: Mon Aug 22 13:25:56 2016 -0700 Input: tegra-kbc - fix inverted reset logic Commit fe6b0dfaba68 ("Input: tegra-kbc - use reset framework") accidentally converted _deassert to _assert, so there is no code to wake up this hardware. Fixes: fe6b0dfaba68 ("Input: tegra-kbc - use reset framework") Signed-off-by: Masahiro Yamada <[email protected]> Acked-by: Thierry Reding <[email protected]> Acked-by: Laxman Dewangan <[email protected]> Cc: [email protected] Signed-off-by: Dmitry Torokhov <[email protected]> commit 5cab4d84780573afbf5077ae9c3f919b4f305f20 Author: Hans de Goede <[email protected]> Date: Mon Aug 22 13:49:59 2016 -0700 Input: silead - use devm_gpiod_get The silead code is using devm_foo for everything (and does not free any resources). Except that it is using gpiod_get instead of devm_gpiod_get (but is not freeing the gpio_desc), change this to use devm_gpiod_get so that the gpio will be properly released. Signed-off-by: Hans de Goede <[email protected]> Signed-off-by: Dmitry Torokhov <[email protected]> commit 7ac5d7b1a1254ceb4be19ba93ef7a6ee4e7ac382 Author: Mikko Rapeli <[email protected]> Date: Mon Aug 22 20:32:22 2016 +0200 HSI: hsi_char.h: use __u32 from linux/types.h Fixes userspace compiler errors like: linux/hsi/hsi_char.h:51:2: error: unknown type name ‘uint32_t’ Signed-off-by: Mikko Rapeli <[email protected]> Signed-off-by: Sebastian Reichel <[email protected]> commit 67c52cac0c2427af61590c1dbb993457574be00f Author: Mathieu Poirier <[email protected]> Date: Tue Jul 5 14:22:15 2016 -0600 coresight: etm4x: adding configurable start/stop filtering With this patch we add start/stop filtering as specified on the perf cmd line. When the IP matches the start address trace generation gets triggered. The stop condition is achieved when the IP matches the stop address. Signed-off-by: Mathieu Poirier <[email protected]> commit 236a79f45fde4997eaadeb11742222fa11ab8c69 Author: Mathieu Poirier <[email protected]> Date: Mon Jul 4 11:42:08 2016 -0600 coresight: etm4x: adding configurable address range filtering This patch adds the capability to specify address ranges from the perf cmd line using the --filter option. If the IP falls within the range(s) program flow traces are generated. Signed-off-by: Mathieu Poirier <[email protected]> commit 6dc9ed33e57d13ea01e429c09b25a8a4fbd440fb Author: Mathieu Poirier <[email protected]> Date: Wed Jun 29 13:08:47 2016 -0600 coresight: etm4x: configuring include/exclude function The include/exclude function of a tracer is applicable to address range and start/stop filters. To avoid duplication and reuse code moving the include/exclude configuration to a function of its own. Signed-off-by: Mathieu Poirier <[email protected]> commit 9c183490e9443995fb089c96f1574191f59b681e Author: Mathieu Poirier <[email protected]> Date: Wed Jun 29 11:01:58 2016 -0600 coresight: etm4x: adding range filter configuration function Introducing a new function to do address range configuration generic enough to work for any address range and any comparator. Signed-off-by: Mathieu Poirier <[email protected]> commit 523a338d065deed8578a6660a08e79ae0709bd7f Author: Mathieu Poirier <[email protected]> Date: Tue Jun 28 15:33:21 2016 -0600 coresight: etm4x: cleaning up default filter configuration The default filter configuration was hard to read and included some redundancy. This patch attempts to stream line configuration and improve readability. No change of functionality is included. Signed-off-by: Mathieu Poirier <[email protected]> commit bf36f73716e587da061017ed94fdbb4d50746068 Author: Mathieu Poirier <[email protected]> Date: Tue Jun 28 11:26:33 2016 -0600 coresight: etm4x: split default and filter configuration Splitting the steps involved in the configuration of a tracer. The first part is generic and can be reused for both sysFS and Perf methods. The second part pertains to the configuration of filters themselves where the source of the information used to configure the filters will vary depending on the access methods. Signed-off-by: Mathieu Poirier <[email protected]> commit 333d82a4ec6438da5abeaf15007942269d2c4b4a Author: Mathieu Poirier <[email protected]> Date: Tue Jun 28 14:13:32 2016 -0600 coresight: etm-perf: configuring filters from perf core This patch implements the required API needed to access and retrieve range and start/stop filters from the perf core. Signed-off-by: Mathieu Poirier <[email protected]> commit 100b0715792ea234a1e49d512f85d01f2f450ac4 Author: Mathieu Poirier <[email protected]> Date: Thu Jun 30 13:04:46 2016 -0600 coresight: remove duplicated enumeration Both ETMv3 and ETMv4 drivers are declaring an 'enum etm_addr_type', creating reduncancy. This patch removes the enumeration from the driver files and adds it to a common header. Signed-off-by: Mathieu Poirier <[email protected]> commit 5a4982d170de64c554bba1c745ed5b50475bb4e4 Author: Mathieu Poirier <[email protected]> Date: Fri Jun 24 15:36:08 2016 -0600 coresight: etm-perf: pass struct perf_event to source::enable/disable() With this commit [1] address range filter information is now found in the struct hw_perf_event::addr_filters. As such pass the event itself to the coresight_source::enable/disable() functions so that both event attribute and filter can be accessible for configuration. [1] 'commit 375637bc5249 ("perf/core: Introduce address range filtering")' Signed-off-by: Mathieu Poirier <[email protected]> commit a403cf91f1ea18de671fba7f56edc6cdf5e93d52 Author: Fengguang Wu <[email protected]> Date: Tue Jul 12 07:45:57 2016 -0700 rcu: Disable RCU_PERF_TEST and RCU_TORTURE_TEST for usermode Linux Usermode Linux currently does not implement arch_irqs_disabled_flags(), which results in a build failure in TASKS_RCU. Commit 570dd3c74241 ("rcu: Disable TASKS_RCU for usermode Linux") attempted to fix this by making TASKS_RCU depend on !UML, which does work in production builds. However, test builds that enable either RCU_PERF_TEST or RCU_TORTURE_TEST will select TASKS_RCU, defeating the dependency on !UML. This commit therefore makes both RCU_PERF_TEST and RCU_TORTURE_TEST also depend on !UML. The usermode Linux maintainers expect to merge arch_irqs_disabled_flags() into 4.8, at which point this commit may be reverted. Signed-off-by: Fengguang Wu <[email protected]> Signed-off-by: Paul E. McKenney <[email protected]> commit e0d70f18b5d8ace575815c1cc617d8a1512244ea Author: Paul E. McKenney <[email protected]> Date: Tue Jun 28 19:52:01 2016 -0700 rcu: First stage expedited documentation Signed-off-by: Paul E. McKenney <[email protected]> commit becbca8482697b6e9fa850023698df3259babf1b Author: Paul E. McKenney <[email protected]> Date: Fri Apr 29 14:57:41 2016 -0700 torture: Affinity waiter tasks away from hotpluggable CPU Signed-off-by: Paul E. McKenney <[email protected]> commit b7683340e469dc2e0e37a10d57c9c533213e6864 Author: Paul E. McKenney <[email protected]> Date: Fri Apr 29 14:33:30 2016 -0700 torture: Make waketorture kill test if no hotpluggable CPUs This commit shuts down the kernel if a shutdown time was specified and if there were no hotpluggable CPUs. Signed-off-by: Paul E. McKenney <[email protected]> commit e07b0edd917a714bc8b74e494ec9f5ff665bae01 Author: Paul E. McKenney <[email protected]> Date: Fri Apr 22 06:10:34 2016 -0700 torture: Make waketorture always hotplug the same CPU This commit causes waketorture to always hotplug the same CPU, namely, the highest-numbered CPU that can be hotplugged. This will be used by later commits to force race conditions with higher probability. Signed-off-by: Paul E. McKenney <[email protected]> commit 497bd987bed2ea3373292ce54b53a3a55b231633 Author: Paul E. McKenney <[email protected]> Date: Thu Mar 24 16:01:57 2016 -0700 waketorture: Add hrtimer support Signed-off-by: Paul E. McKenney <[email protected]> commit 8692b0bbb9ad6c7da5b8aa498569bdbd89901950 Author: Paul E. McKenney <[email protected]> Date: Thu Mar 24 12:19:52 2016 -0700 waketorture: Add utilization measurement Signed-off-by: Paul E. McKenney <[email protected]> commit 77259c23ae05d90d3bbc43d2cc6236ace279ce72 Author: Paul E. McKenney <[email protected]> Date: Wed Mar 23 10:43:23 2016 -0700 waketorture: Don't kick unless grace period or request The current code can result in spurious kicks when there are no grace periods in progress and no grace-period-related requests. This is sort of OK for a diagnostic aid, but the resulting ftrace-dump messages in dmesg are annoying. This commit therefore avoids spurious kicks in the common case. Signed-off-by: Paul E. McKenney <[email protected]> commit c20aae2f71b80a3a2528800d9dfd43c67b961d4a Author: Paul E. McKenney <[email protected]> Date: Tue Mar 22 15:59:51 2016 -0700 waketorture: Update scripting to accommodate waketorture This commit adds the scripting changes to add support for the shiny new waketorture kernel module. Signed-off-by: Paul E. McKenney <[email protected]> commit 25b5bb1583ab6f553e32d3cf9e37aeb5bc3be525 Author: Paul E. McKenney <[email protected]> Date: Tue Mar 22 15:17:07 2016 -0700 waketorture: Add a wakeup-torture module This commit adds a wakeup-torture module to assist tracking down an elusive lost-wakeup problem. Signed-off-by: Paul E. McKenney <[email protected]> commit ff84772684d11e0a040cac23485adc7831287fdd Author: Sudeep Holla <[email protected]> Date: Thu Aug 4 17:22:26 2016 +0100 coresight: fix handling of ETM trace register access via sysfs The ETM registers are classified into 2 categories: trace and management. The core power domain contains most of the trace unit logic including all(except TRCOSLAR and TRCOSLSR) the trace registers. The debug power domain contains the external debugger interface including all management registers. This patch adds coresight unit specific function coresight_simple_func which can be used for ETM trace registers by providing a ETM specific read function which does smp cross call to ensure the trace core is powered up before the register is accessed. Cc: Mathieu Poirier <[email protected]> Signed-off-by: Sudeep Holla <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit 78e9ac29184d1e94ca014fb12afb7f3149d6c4af Author: Sudeep Holla <[email protected]> Date: Wed Aug 3 17:12:31 2016 +0100 coresight: etm4x: request to retain power to the trace unit when active The Coresight ETMv4 architecture provides a way to request to keep the power to the trace unit. This might help to collect the traces without the need to disable the CPU power management(entering/exiting deeper idle states). Trace PowerDown Control Register provides powerup request bit which when set requests the system to retain power to the trace unit and emulate the powerdown request. Typically, a trace unit drives a signal to the power controller to request that the trace unit core power domain is powered up. However, if the trace unit and the CPU are in the same power domain then the implementation might combine the trace unit power up status with a signal from the CPU. This patch requests to retain power to the trace unit when active and to remove when inactive. Note this change will only request but the behaviour depends on the implementation. However, it matches the exact behaviour expected when the external debugger is connected with respect to CPU power states. Cc: Mathieu Poirier <[email protected]> Signed-off-by: Sudeep Holla <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit 9bf184979ecbb9b520b22df70e54aeedf89f341e Author: Markus Elfring <[email protected]> Date: Sat Jul 23 20:04:09 2016 +0200 coresight: tmc: Delete an unnecessary check before the function call "kfree" The kfree() function tests whether its argument is NULL and then returns immediately. Thus the test around the call is not needed. This issue was detected by using the Coccinelle software. Signed-off-by: Markus Elfring <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit badefb02b9f4cc725f0a460d63cc39ab9006b418 Author: Wei Yongjun <[email protected]> Date: Tue Jul 19 11:27:21 2016 +0000 coresight: etm4x: remove duplicated include from coresight-etm4x.c Remove duplicated include. Signed-off-by: Wei Yongjun <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit 66686a0384db093a707c864bf211e2ea246f8267 Author: Suzuki K Poulose <[email protected]> Date: Wed Jul 13 17:40:25 2016 +0100 coresight: Use local coresight_desc instances Each coresight device prepares a description for coresight_register() in struct coresight_desc. Once we register the device, the description is useless and can be freed. The coresight_desc is small enough (48bytes on 64bit)i to be allocated on the stack. Hence use an automatic variable to avoid a needless dynamic allocation and wasting the memory(which will only be free'd when the device is destroyed). Cc: Mathieu Poirier <[email protected]> Cc: Pratik Patel <[email protected]> Signed-off-by: Suzuki K Poulose <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit b5218e8113f0456ac864c431d500fb164f1a27d9 Author: Peter Chen <[email protected]> Date: Tue Jul 5 10:11:04 2016 +0800 hwtracing: coresight: of_coresight: add missing of_node_put after calling of_parse_phandle of_node_put needs to be called when the device node which is got from of_parse_phandle has finished using. Cc: [email protected] Cc: Mathieu Poirier <[email protected]> Signed-off-by: Peter Chen <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit 470048b468a679f124a82887400ac5b756233a19 Author: Olivier Schonken <[email protected]> Date: Tue Jul 5 10:05:49 2016 +0200 coresight-etm3x: Add ARM ETM 3.5 Cortex-A5 peripheral ID Signed-off-by: Olivier Schonken <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit 6b95d87c63466a75a1e60e776ef8966ef018485f Author: Mathieu Poirier <[email protected]> Date: Thu Jun 16 13:04:12 2016 -0600 coresight: add PM runtime calls to coresight_simple_func() It is mandatory to enable a coresight block's power domain before trying to access management registers. Otherwise the transaction simply stalls, leading to a system hang. Signed-off-by: Mathieu Poirier <[email protected]> Reviewed-by: Sudeep Holla <[email protected]> commit fc612c88c768a5451233e9aad50ad07f2a11d44d Author: Mathieu Poirier <[email protected]> Date: Sun Jun 19 11:19:43 2016 -0600 coresight: delay initialisation when children are missing Depending on when CoreSight device are discovered it is possible that some IP block may be referencing devices that have not been added to the bus yet. The end result is missing nodes in the CoreSight topology even when the devices are present and properly initialised. This patch solves the problem by asking the driver core to try initialising the device at a later time when the children of a CoreSight node are missing. Signed-off-by: Mathieu Poirier <[email protected]> commit a7e592ee55691d7433299cea988fd371a71bbf57 Author: Suzuki K Poulose <[email protected]> Date: Tue Jun 21 17:10:54 2016 +0100 coresight: Add better messages for coresight_timeout When we encounter a timeout waiting for a status change via coresight_timeout, the caller always print the offset which was tried. This is pretty much useless as it doesn't specify the bit position we wait for. Also, one needs to lookup the TRM to figure out, what was wrong. This patch changes all such error messages to print something more meaningful. Cc: Mathieu Poirier <[email protected]> Signed-off-by: Suzuki K Poulose <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit d8cd9e64d2fd11d03ac02e5408266464ad8bdf23 Author: Suzuki K Poulose <[email protected]> Date: Tue Jun 21 17:10:53 2016 +0100 coresight: Cleanup TMC status check Use the defined symbol rather than hardcoding the value to check whether the TMC buffer is full. Cc: Mathieu Poirier <[email protected]> Signed-off-by: Suzuki K Poulose <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit f76c97d43e059485517c66bd2dfb3cedf9c32fa4 Author: Suzuki K Poulose <[email protected]> Date: Tue Jun 21 17:10:52 2016 +0100 coresight: etmv4: Fix ETMv4x peripheral ID table This patch cleans up the peripheral id table for different ETMv4 implementations. As per Cortex-A53 TRM, the ETM has following id values: Peripheral ID0 0x5D 0xFE0 Peripheral ID1 0xB9 0xFE4 Peripheral ID2 0x4B 0xFE8 Peripheral ID3 0x00 0xFEC where, PID2: has the following format: [7:4] Revision [3] JEDEC 0b1 res1. Indicates a JEP106 identity code is used [2:0] DES_1 0b011 ARM Limited. This is bits[6:4] of JEP106 ID code The existing table entry checks only the bits [1:0], which is not sufficient enough. Fix it to match bits [3:0], just like the other entries do. While at it, correct the comment for A57 and the A53 entry. Cc: Mathieu Poirier <[email protected]> Signed-off-by: Suzuki K Poulose <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit 05d3b4b44aa41e0d03320d9fb098486a3a300e1c Author: Suzuki K Poulose <[email protected]> Date: Tue Jun 21 17:10:51 2016 +0100 coresight: tmc: Limit the trace to available data At present the ETF or ETR gives out the entire device buffer, even if there is less or even no trace data available. This patch limits the trace data given out to the actual trace data collected. Cc: [email protected] Signed-off-by: Suzuki K Poulose <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit 02b5b7d1e764d72931f48b4c5159a14182bd1cb8 Author: Suzuki K Poulose <[email protected]> Date: Tue Jun 21 17:10:50 2016 +0100 coresight: Fix csdev connections initialisation This is a cleanup patch. coresight_device->conns holds an array to point to the devices connected to the OUT ports of a component. Sinks, e.g ETR, do not have an OUT port (nr_outport = 0), as it streams the trace to memory via AXI. At coresight_register() we do : conns = kcalloc(csdev->nr_outport, sizeof(*conns), GFP_KERNEL); if (!conns) { ret = -ENOMEM; goto err_kzalloc_conns; } For ETR, since the total size requested for kcalloc is zero, the return value is, ZERO_SIZE_PTR ( != NULL). Hence, csdev->conns = ZERO_SIZE_PTR which cannot be verified later to contain a valid pointer. The code which accesses the csdev->conns is bounded by the csdev->nr_outport check, hence we don't try to dereference the ZERO_SIZE_PTR. This patch cleans up the csdev->conns initialisation to make sure we initialise it properly(i.e, either NULL or valid conns array). Cc: Mathieu Poirier <[email protected]> Signed-off-by: Suzuki K Poulose <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit 8ef9abe100a16badee4c1513fa5d09f78ebb3e78 Author: Suzuki K Poulose <[email protected]> Date: Tue Jun 21 17:10:49 2016 +0100 coresight: Consolidate error handling path for tmc_probe This patch cleans up the error handling path for tmc_probe as a side effect of the removal of the spurious dma_free_coherent(). Cc: Mathieu Poirier <[email protected]> Signed-off-by: Suzuki K Poulose <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit 29b7b2d2752c78c6070041c1856700d17af3f4d3 Author: Suzuki K Poulose <[email protected]> Date: Tue Jun 21 17:10:48 2016 +0100 coresight: Remove erroneous dma_free_coherent in tmc_probe commit de5461970b3e9e194 ("coresight: tmc: allocating memory when needed") removed the static allocation of buffer for the trace data in ETR mode in tmc_probe. However it failed to remove the "devm_free_coherent" in tmc_probe when the probe fails due to other reasons. This patch gets rid of the incorrect dma_free_coherent() call. Fixes: commit de5461970b3e9e194 ("coresight: tmc: allocating memory when needed") Cc: Mathieu Poirier <[email protected]> Signed-off-by: Suzuki K Poulose <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit d44ec31c1965264b243606ea98d517eb3c03b363 Author: Sudeep Holla <[email protected]> Date: Mon Jun 20 15:25:41 2016 +0100 coresight: always use stashed trace id value in etm4_trace_id etm4_trace_id is not guaranteed to be executed on the CPU whose ETM is being accessed. This leads to exception similar to below one if the CPU whose ETM is being accessed is in deeper idle states. So it must be executed on the CPU whose ETM is being accessed. Unhandled fault: synchronous external abort (0x96000210) at 0xffff000008db4040 Internal error: : 96000210 [#1] PREEMPT SMP Modules linked in: CPU: 5 PID: 5979 Comm: etm.sh Not tainted 4.7.0-rc3 #159 Hardware name: ARM Juno development board (r2) (DT) task: ffff80096dd34b00 ti: ffff80096dfe4000 task.ti: ffff80096dfe4000 PC is at etm4_trace_id+0x5c/0x90 LR is at etm4_trace_id+0x3c/0x90 Call trace: etm4_trace_id+0x5c/0x90 coresight_id_match+0x78/0xa8 bus_for_each_dev+0x60/0xa0 coresight_enable+0xc0/0x1b8 enable_source_store+0x3c/0x70 dev_attr_store+0x18/0x28 sysfs_kf_write+0x48/0x58 kernfs_fop_write+0x14c/0x1e0 __vfs_write+0x1c/0x100 vfs_write+0xa0/0x1b8 SyS_write+0x44/0xa0 el0_svc_naked+0x24/0x28 However, TRCTRACEIDR is not guaranteed to hold the previous programmed trace id if it enters deeper idle states. Further, the trace id that is computed in etm4_init_trace_id is programmed into TRCTRACEIDR only in etm4_enable_hw which happens much later in the sequence after coresight_id_match is executed from enable_source_store. This patch simplifies etm4_trace_id by returning the stashed trace id value similar to etm4_cpu_id. Cc: Mathieu Poirier <[email protected]> Signed-off-by: Sudeep Holla <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit aee3a6dd6566e119fa4ac5dabf382542cff5005b Author: Chunyan Zhang <[email protected]> Date: Tue Jun 21 10:24:36 2016 +0800 coresight-stm: support mmapping channel regions with mmio_addr CoreSight STM device allows direct mapping of the channel regions to userspace for zero-copy writing. To support this ability, the STM framework has provided a hook 'mmio_addr', this patch just implemented this hook for CoreSight STM. This patch also added an item into 'channel_space' to save the physical base address of channel region which mmap operation needs to know. Signed-off-by: Chunyan Zhang <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit 46cbc9300504b0c9ee8d11085517625b56cee0be Author: Sudeep Holla <[email protected]> Date: Thu Jun 16 11:13:09 2016 +0100 coresight: access conn->child_name only if it's initialised If the addition of the coresight devices get deferred, then there's a window before child_name is populated by of_get_coresight_platform_data from the respective component driver's probe and the attempted to access the same from coresight_orphan_match resulting in kernel NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 0x0 Internal error: Oops: 96000004 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 1038 Comm: kworker/0:1 Not tainted 4.7.0-rc3 #124 Hardware name: ARM Juno development board (r2) (DT) Workqueue: events amba_deferred_retry_func PC is at strcmp+0x1c/0x160 LR is at coresight_orphan_match+0x7c/0xd0 Call trace: strcmp+0x1c/0x160 bus_for_each_dev+0x60/0xa0 coresight_register+0x264/0x2e0 tmc_probe+0x130/0x310 amba_probe+0xd4/0x1c8 driver_probe_device+0x22c/0x418 __device_attach_driver+0xbc/0x158 bus_for_each_drv+0x58/0x98 __device_attach+0xc4/0x160 device_initial_probe+0x10/0x18 bus_probe_device+0x94/0xa0 device_add+0x344/0x580 amba_device_try_add+0x194/0x238 amba_deferred_retry_func+0x48/0xd0 process_one_work+0x118/0x378 worker_thread+0x48/0x498 kthread+0xd0/0xe8 ret_from_fork+0x10/0x40 This patch adds a check for non-NULL conn->child_name before accessing the same. Cc: Mathieu Poirier <[email protected]> Signed-off-by: Sudeep Holla <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit 489bb3d252d41392ce52590e49f0ae8782fb016e Author: SeongJae Park <[email protected]> Date: Sun Aug 21 16:54:40 2016 +0900 torture: TOROUT_STRING(): Insert a space between flag and message The TOROUT_STRING() macro does not insert a space between the flag and the message. In contrast, other similar torture-test dmesg messages consistently supply a single space character. This difference makes the output hard to read and to mechanically parse. This commit therefore adds a space character between flag and message in TOROUT_STRING() output. Signed-off-by: SeongJae Park <[email protected]> Signed-off-by: Paul E. McKenney <[email protected]> commit a56fefa2605cf8e125ef09451487f30336128028 Author: SeongJae Park <[email protected]> Date: Sun Aug 21 16:54:39 2016 +0900 rcuperf: Consistently insert space between flag and message A few rcuperf dmesg output messages have no space between the flag and the start of the message. In contrast, every other messages consistently supplies a single space. This difference makes rcuperf dmesg output hard to read and to mechanically parse. This commit therefore fixes this problem by modifying a pr_alert() call and PERFOUT_STRING() macro function to provide that single space. Signed-off-by: SeongJae Park <[email protected]> Signed-off-by: Paul E. McKenney <[email protected]> commit 472213a675e21185416101a77102253f93713fa9 Author: SeongJae Park <[email protected]> Date: Sat Aug 13 15:54:35 2016 +0900 rcutorture: Print out barrier error as document says Tests for rcu_barrier() were introduced by commit fae4b54f28f0 ("rcu: Introduce rcutorture testing for rcu_barrier()"). This commit updated the documentation to say that the "rtbe" field in rcutorture's dmesg output indicates test failure. However, the code was not updated, only the documentation. This commit therefore updates the code to match the updated documentation. Signed-off-by: SeongJae Park <[email protected]> Signed-off-by: Paul E. McKenney <[email protected]> commit 4ffa66992476c94d8b4d33b2c792d336a400ada2 Author: Paul E. McKenney <[email protected]> Date: Thu Jun 30 11:56:38 2016 -0700 torture: Add task state to writer-task stall printk()s This commit adds a dump of the scheduler state for stalled rcutorture writer tasks. This addition provides yet more debug for the intermittent "failures to proceed", where grace periods move ahead but the rcutorture writer tasks fail to do so. Signed-off-by: Paul E. McKenney <[email protected]> commit 31257c3c8b7307f106d67345755d937cb5fb8bd4 Author: Paul E. McKenney <[email protected]> Date: Sat Jun 18 07:45:43 2016 -0700 torture: Convert torture_shutdown() to hrtimer Upcoming changes to the timer wheel introduce significant inaccuracy and possibly also an ultimate limit on timeout duration. This is a problem for the current implementation of torture_shutdown() because (1) shutdown times are user-specified, and can therefore be quite long, and (2) the torture scripting will kill a test instance that runs for more than a few minutes longer than scheduled. This commit therefore converts the torture_shutdown() timed waits to an hrtimer, thus avoiding too-short torture test runs as well as death by scripting. Signed-off-by: Paul E. McKenney <[email protected]> Acked-by: Arnd Bergmann <[email protected]> commit f6ac28c367ce61011e346af57ee20f0f23f5d729 Author: Valentin Rothberg <[email protected]> Date: Sat Aug 20 12:16:10 2016 +0200 lib/Kconfig.debug: Fix typo in select statement Commit 484f29c7430b3 ("bug: Provide toggle for BUG on data corruption") added a Kconfig select statement on CONFIG_DEBUG_LIST, but the CONFIG_ prefix is only used in Make and C(PP) syntax. Remove the CONFIG_ prefix to correctly select the Kconfig option DEBUG_LIST. Signed-off-by: Valentin Rothberg <[email protected]> Signed-off-by: Paul E. McKenney <[email protected]> Acked-by: Kees Cook <[email protected]> commit acc5ebe5c29d007951e3c1d611569b97c71ffd8d Author: Kees Cook <[email protected]> Date: Wed Aug 17 14:42:12 2016 -0700 lkdtm: Add tests for struct list corruption When building under CONFIG_DEBUG_LIST, list addition and removal will be sanity-checked. This validates that the check is working as expected by setting up classic corruption attacks against list manipulations, available with the new lkdtm tests CORRUPT_LIST_ADD and CORRUPT_LIST_DEL. Signed-off-by: Kees Cook <[email protected]> Acked-by: Steven Rostedt <[email protected]> Signed-off-by: Paul E. McKenney <[email protected]> Acked-by: Rik van Riel <[email protected]> commit 40cd725cfc7fec2635a79814398d4d93d5558ac2 Author: Kees Cook <[email protected]> Date: Wed Aug 17 14:42:11 2016 -0700 bug: Provide toggle for BUG on data corruption The kernel checks for cases of data structure corruption under some CONFIGs (e.g. CONFIG_DEBUG_LIST). When corruption is detected, some systems may want to BUG() immediately instead of letting the system run with known corruption. Usually these kinds of manipulation primitives can be used by security flaws to gain arbitrary memory write control. This provides a new config CONFIG_BUG_ON_DATA_CORRUPTION and a corresponding macro CHECK_DATA_CORRUPTION for handling these situations. Notably, even if not BUGing, the kernel should not continue processing the corrupted structure. This is inspired by similar hardening by Syed Rameez Mustafa in MSM kernels, and in PaX and Grsecurity, which is likely in response to earlier removal of the BUG calls in commit 924d9addb9b1 ("list debugging: use WARN() instead of BUG()"). Signed-off-by: Kees Cook <[email protected]> Acked-by: Steven Rostedt <[email protected]> Signed-off-by: Paul E. McKenney <[email protected]> Acked-by: Rik van Riel <[email protected]> commit 36c956ec858eb4e0bf1730e152f20122c2e8f93d Author: Kees Cook <[email protected]> Date: Wed Aug 17 14:42:10 2016 -0700 list: Split list_del() debug checking into separate function Similar to the list_add() debug consolidation, this commit consolidates the debug checking performed during CONFIG_DEBUG_LIST into a new __list_del_entry_valid() function, and stops list updates when corruption is found. Refactored from same hardening in PaX and Grsecurity. Signed-off-by: Kees Cook <[email protected]> Acked-by: Steven Rostedt <[email protected]> Signed-off-by: Paul E. McKenney <[email protected]> Acked-by: Rik van Riel <[email protected]> commit e5bb62b63ae07e930719b02105103ff1dc3e12d0 Author: Kees Cook <[email protected]> Date: Wed Aug 17 14:42:09 2016 -0700 rculist: Consolidate DEBUG_LIST for list_add_rcu() This commit consolidates the debug checking for list_add_rcu() into the new single __list_add_valid() debug function. Notably, this commit fixes the sanity check that was added in commit 17a801f4bfeb ("list_debug: WARN for adding something already in the list"), which wasn't checking RCU-protected lists. Signed-off-by: Kees Cook <[email protected]> Acked-by: Steven Rostedt <[email protected]> Signed-off-by: Paul E. McKenney <[email protected]> Acked-by: Rik van Riel <[email protected]> commit c69780bdd841801501cef7efbcce95e1ae6826f9 Author: Kees Cook <[email protected]> Date: Wed Aug 17 14:42:08 2016 -0700 list: Split list_add() debug checking into separate function Right now, __list_add() code is repeated either in list.h or in list_debug.c, but the only differences between the two versions are the debug checks. This commit therefore extracts these debug checks into a separate __list_add_valid() function and consolidates __list_add(). Additionally this new __list_add_valid() function will stop list manipulations if a corruption is detected, instead of allowing for further corruption that may lead to even worse conditions. This is slight refactoring of the same hardening done in PaX and Grsecurity. Signed-off-by: Kees Cook <[email protected]> Acked-by: Steven Rostedt <[email protected]> Signed-off-by: Paul E. McKenney <[email protected]> Acked-by: Rik van Riel <[email protected]> commit 0ffd374b2207a1a0cba9f2dbcc799198482391d5 Author: Sebastian Andrzej Siewior <[email protected]> Date: Thu Aug 18 14:57:22 2016 +0200 rcutorture: Convert to hotplug state machine Install the callbacks via the state machine and let the core invoke the callbacks on the already online CPUs. Cc: Josh Triplett <[email protected]> Cc: "Paul E. McKenney" <[email protected]> Cc: Steven Rostedt <[email protected]> Cc: Mathieu Desnoyers <[email protected]> Cc: Lai Jiangshan <[email protected]> Signed-off-by: Sebastian Andrzej Siewior <[email protected]> Signed-off-by: Paul E. McKenney <[email protected]> commit 0c6d4576c45736f829dc3390ac95181b2ed21bc7 Author: Sebastian Andrzej Siewior <[email protected]> Date: Wed Aug 17 14:21:04 2016 +0200 cpu/hotplug: Get rid of CPU_STARTING reference CPU_STARTING is scheduled for removal. There is no use of it in drivers and core code uses it only for compatibility with old-style CPU-hotplug notifiers. This patch removes therefore removes CPU_STARTING from an RCU-related comment. Signed-off-by: Sebastian Andrzej Siewior <[email protected]> Signed-off-by: Paul E. McKenney <[email protected]> commit 6999aeabbb703a81a204cb6f9f8f151759a99ac4 Author: Wei Yongjun <[email protected]> Date: Sat Aug 20 15:25:32 2016 +0000 spi: spi-fsl-dspi: Drop extra spi_master_put in device remove function The call sequence spi_alloc_master/spi_register_master/spi_unregister_master is complete; it reduces the device reference count to zero, which and results in device memory being freed. The subsequent call to spi_master_put is unnecessary and results in an access to free memory. Drop it. Fixes: 9298bc727385 ("spi: spi-fsl-dspi: Remove spi-bitbang") Signed-off-by: Wei Yongjun <[email protected]> Signed-off-by: Mark Brown <[email protected]> commit 7ec99de36f402618ae44147ac7fa9a07e4757a5f Author: Paul E. McKenney <[email protected]> Date: Thu Jun 30 13:58:26 2016 -0700 rcu: Provide exact CPU-online tracking for RCU Up to now, RCU has assumed that the CPU-online process makes it from CPU_UP_PREPARE to set_cpu_online() within one jiffy. Given the recent rise of virtualized environments, this assumption is very clearly obsolete. Failing to meet this deadline can result in RCU paying attention to an incoming CPU for one jiffy, then ignoring it until the grace period following the one in which that CPU sets itself online. This situation might prove to be fatally disappointing to any RCU read-side critical sections that had the misfortune to execute during the time in which RCU was ignoring the slow-to-come-online CPU. This commit therefore updates RCU's internal CPU state-tracking information at notify_cpu_starting() time, thus providing RCU with an exact transition of the CPU's state from offline to online. Note that this means that incoming CPUs must not use RCU read-side critical section (other than those of SRCU) until notify_cpu_starting() time. Note also that the CPU_STARTING notifiers -are- allowed to use RCU read-side critical sections. (Of course, CPU-hotplug notifiers are rapidly becoming obsolete, so you need to act fast!) If a given architecture or CPU family needs to use RCU read-side critical sections earlier, the call to rcu_cpu_starting() from notify_cpu_starting() will need to be architecture-specific, with architectures that need early use being required to hand-place the call to rcu_cpu_starting() at some point preceding the call to notify_cpu_starting(). Signed-off-by: Paul E. McKenney <[email protected]> commit 3563a438f124cb0b8cfd350c86de2f26c63d8837 Author: Paul E. McKenney <[email protected]> Date: Thu Jul 28 09:39:11 2016 -0700 rcu: Avoid redundant quiescent-state chasing Currently, __note_gp_changes() checks to see if the CPU has slept through multiple grace periods. If it has, it resynchronizes that CPU's view of the grace-period state, which includes whether or not the current grace period needs a quiescent state from this CPU. The fact of this need (or lack thereof) needs to be in two places, rdp->cpu_no_qs.b.norm and rdp->core_needs_qs. The former tells RCU's context-switch code to go get a quiescent state and the latter says that it needs to be reported. The current code unconditionally sets the former to true, but correctly sets the latter. This does not result in failures, but it does unnecessarily increase the amount of work done on average at context-switch time. This commit therefore correctly sets both fields. Signed-off-by: Paul E. McKenney <[email protected]> commit e77b7041258e11ba198951553d3acf1e371a9053 Author: Paul Gortmaker <[email protected]> Date: Fri Jul 15 12:19:41 2016 -0400 rcu: Don't use modular infrastructure in non-modular code The Kconfig currently controlling compilation of tree.c is: init/Kconfig:config TREE_RCU init/Kconfig: bool ...and update.c and sync.c are "obj-y" meanin…
0day-ci
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Sep 1, 2016
etm4_trace_id is not guaranteed to be executed on the CPU whose ETM is being accessed. This leads to exception similar to below one if the CPU whose ETM is being accessed is in deeper idle states. So it must be executed on the CPU whose ETM is being accessed. Unhandled fault: synchronous external abort (0x96000210) at 0xffff000008db4040 Internal error: : 96000210 [#1] PREEMPT SMP Modules linked in: CPU: 5 PID: 5979 Comm: etm.sh Not tainted 4.7.0-rc3 torvalds#159 Hardware name: ARM Juno development board (r2) (DT) task: ffff80096dd34b00 ti: ffff80096dfe4000 task.ti: ffff80096dfe4000 PC is at etm4_trace_id+0x5c/0x90 LR is at etm4_trace_id+0x3c/0x90 Call trace: etm4_trace_id+0x5c/0x90 coresight_id_match+0x78/0xa8 bus_for_each_dev+0x60/0xa0 coresight_enable+0xc0/0x1b8 enable_source_store+0x3c/0x70 dev_attr_store+0x18/0x28 sysfs_kf_write+0x48/0x58 kernfs_fop_write+0x14c/0x1e0 __vfs_write+0x1c/0x100 vfs_write+0xa0/0x1b8 SyS_write+0x44/0xa0 el0_svc_naked+0x24/0x28 However, TRCTRACEIDR is not guaranteed to hold the previous programmed trace id if it enters deeper idle states. Further, the trace id that is computed in etm4_init_trace_id is programmed into TRCTRACEIDR only in etm4_enable_hw which happens much later in the sequence after coresight_id_match is executed from enable_source_store. This patch simplifies etm4_trace_id by returning the stashed trace id value similar to etm4_cpu_id. Cc: Mathieu Poirier <[email protected]> Signed-off-by: Sudeep Holla <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
0day-ci
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Sep 7, 2016
etm4_trace_id is not guaranteed to be executed on the CPU whose ETM is being accessed. This leads to exception similar to below one if the CPU whose ETM is being accessed is in deeper idle states. So it must be executed on the CPU whose ETM is being accessed. Unhandled fault: synchronous external abort (0x96000210) at 0xffff000008db4040 Internal error: : 96000210 [#1] PREEMPT SMP Modules linked in: CPU: 5 PID: 5979 Comm: etm.sh Not tainted 4.7.0-rc3 torvalds#159 Hardware name: ARM Juno development board (r2) (DT) task: ffff80096dd34b00 ti: ffff80096dfe4000 task.ti: ffff80096dfe4000 PC is at etm4_trace_id+0x5c/0x90 LR is at etm4_trace_id+0x3c/0x90 Call trace: etm4_trace_id+0x5c/0x90 coresight_id_match+0x78/0xa8 bus_for_each_dev+0x60/0xa0 coresight_enable+0xc0/0x1b8 enable_source_store+0x3c/0x70 dev_attr_store+0x18/0x28 sysfs_kf_write+0x48/0x58 kernfs_fop_write+0x14c/0x1e0 __vfs_write+0x1c/0x100 vfs_write+0xa0/0x1b8 SyS_write+0x44/0xa0 el0_svc_naked+0x24/0x28 However, TRCTRACEIDR is not guaranteed to hold the previous programmed trace id if it enters deeper idle states. Further, the trace id that is computed in etm4_init_trace_id is programmed into TRCTRACEIDR only in etm4_enable_hw which happens much later in the sequence after coresight_id_match is executed from enable_source_store. This patch simplifies etm4_trace_id by returning the stashed trace id value similar to etm4_cpu_id. Cc: Mathieu Poirier <[email protected]> Signed-off-by: Sudeep Holla <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]>
fengguang
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Oct 4, 2016
etm4_trace_id is not guaranteed to be executed on the CPU whose ETM is being accessed. This leads to exception similar to below one if the CPU whose ETM is being accessed is in deeper idle states. So it must be executed on the CPU whose ETM is being accessed. Unhandled fault: synchronous external abort (0x96000210) at 0xffff000008db4040 Internal error: : 96000210 [#1] PREEMPT SMP Modules linked in: CPU: 5 PID: 5979 Comm: etm.sh Not tainted 4.7.0-rc3 torvalds#159 Hardware name: ARM Juno development board (r2) (DT) task: ffff80096dd34b00 ti: ffff80096dfe4000 task.ti: ffff80096dfe4000 PC is at etm4_trace_id+0x5c/0x90 LR is at etm4_trace_id+0x3c/0x90 Call trace: etm4_trace_id+0x5c/0x90 coresight_id_match+0x78/0xa8 bus_for_each_dev+0x60/0xa0 coresight_enable+0xc0/0x1b8 enable_source_store+0x3c/0x70 dev_attr_store+0x18/0x28 sysfs_kf_write+0x48/0x58 kernfs_fop_write+0x14c/0x1e0 __vfs_write+0x1c/0x100 vfs_write+0xa0/0x1b8 SyS_write+0x44/0xa0 el0_svc_naked+0x24/0x28 However, TRCTRACEIDR is not guaranteed to hold the previous programmed trace id if it enters deeper idle states. Further, the trace id that is computed in etm4_init_trace_id is programmed into TRCTRACEIDR only in etm4_enable_hw which happens much later in the sequence after coresight_id_match is executed from enable_source_store. This patch simplifies etm4_trace_id by returning the stashed trace id value similar to etm4_cpu_id. Cc: Mathieu Poirier <[email protected]> Signed-off-by: Sudeep Holla <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]>
fengguang
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Oct 5, 2016
GIT 91aea5e0544dafdc6f0b4bab44b4902c2a56febf commit 265d426d7470d53e900379960eef5b4482125089 Author: Benjamin Tissoires <[email protected]> Date: Fri Sep 30 16:42:19 2016 -0700 Input: elan_i2c - fix return tests of i2c_smbus_read_block_data() i2c_smbus_read_block_data() returns negative errno else the number of data bytes in the slave's response. Checking for error not null means the function always fails if the device answers properly. So given that we read 3 bytes and access those, better check that we actually read those 3 bytes. Signed-off-by: Benjamin Tissoires <[email protected]> Signed-off-by: Dmitry Torokhov <[email protected]> commit 979987ded3a5ae1fb60ef751bdf185c502d70590 Author: Arnd Bergmann <[email protected]> Date: Fri Sep 30 15:36:54 2016 -0700 Input: ektf2127 - mark PM functions as __maybe_unused The newly added ektf2127 driver uses the SIMPLE_DEV_PM_OPS macro to conditionally refer to the resume/suspend functions, which causes a warning when CONFIG_PM_SLEEP is disabled: drivers/input/touchscreen/ektf2127.c:168:12: error: 'ektf2127_resume' defined but not used [-Werror=unused-function] drivers/input/touchscreen/ektf2127.c:156:12: error: 'ektf2127_suspend' defined but not used [-Werror=unused-function] We could either put these functions inside of an #ifdef or add __maybe_unused annotations. This uses the second approach, which is generally more foolproof. Fixes: 9ca5bf5029b6 ("Input: add support for Elan eKTF2127 touchscreen controller") Signed-off-by: Arnd Bergmann <[email protected]> Signed-off-by: Dmitry Torokhov <[email protected]> commit 348b9b1192144e13b779f8f9be301d492bebaff2 Author: Chris Wilson <[email protected]> Date: Mon Oct 3 13:45:16 2016 +0100 drm/i915: Use correct index for backtracking HUNG semaphores When decoding the semaphores inside hangcheck, we need to use the hw-id and not the local array index. Fixes: de1add360522 ("drm/i915: Decouple execbuf uAPI ...") Testcase: igt/gem_exec_whisper/hang # gen6-7 Signed-off-by: Chris Wilson <[email protected]> Cc: Mika Kuoppala <[email protected]> Cc: Tvrtko Ursulin <[email protected]> Cc: Daniel Vetter <[email protected]> Cc: [email protected] Reviewed-by: Joonas Lahtinen <[email protected]> Link: http://patchwork.freedesktop.org/patch/msgid/[email protected] commit 5f12b80a0b42da253691ca03828033014bb786eb Author: Chris Wilson <[email protected]> Date: Mon Oct 3 13:45:15 2016 +0100 drm/i915: Unalias obj->phys_handle and obj->userptr We use obj->phys_handle to choose the pread/pwrite path, but as obj->phys_handle is a union with obj->userptr, we then mistakenly use the phys_handle path for userptr objects within pread/pwrite. Testcase: igt/gem_userptr_blits/forbidden-operations Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=97519 Signed-off-by: Chris Wilson <[email protected]> Cc: [email protected] Reviewed-by: Joonas Lahtinen <[email protected]> Link: http://patchwork.freedesktop.org/patch/msgid/[email protected] commit dda960335e020835f7f1c12760e7f0b525b451e2 Author: Chris Wilson <[email protected]> Date: Mon Oct 3 13:45:14 2016 +0100 drm/i915: Just clear the mmiodebug before a register access When we enable the per-register access mmiodebug, it is to detect which access is illegal. Reporting on earlier untraced access outside of the mmiodebug does not help debugging (as the suspicion is immediately put upon the current register which is not at fault)! References: https://bugs.freedesktop.org/show_bug.cgi?id=97985 Signed-off-by: Chris Wilson <[email protected]> Cc: Mika Kuoppala <[email protected]> Reviewed-by: Mika Kuoppala <[email protected]> Cc: [email protected] Link: http://patchwork.freedesktop.org/patch/msgid/[email protected] commit bb086a89a406b5d877ee616f1490fcc81f8e1b2b Author: Shaohua Li <[email protected]> Date: Fri Sep 30 09:45:40 2016 -0700 md: set rotational bit if all disks in an array are non-rotational, set the array non-rotational. This only works for array with all disks populated at startup. Support for disk hotadd/hotremove could be added later if necessary. Acked-by: Tejun Heo <[email protected]> Signed-off-by: Shaohua Li <[email protected]> commit f5b88de284932def6850e976c18d25940c1b2c3d Author: Brian Norris <[email protected]> Date: Mon Oct 3 09:49:35 2016 -0700 mtd: nand: fix trivial spelling error Introduced by commit fde85cfd2d07 ("mtd: nand: Fix nand_command_lp() for 8bits opcodes") and I didn't have the heart to have Boris rewrite his pull request just for that. Anyway, there's some value in having stable commit hashes. Signed-off-by: Brian Norris <[email protected]> commit 45808987495ff50a772d1cc66401f5f304948bd9 Author: Chunyan Zhang <[email protected]> Date: Fri Sep 9 18:18:09 2016 +0800 coresight: stm: return error code instead of zero in .packet() In STM framework driver, the trace data writing loop would keep running until it received a negative return value or the whole trace packet has been written to STM device. So if the .packet() of STM device always returns zero since the device is not enabled or the parameter isn't supported, STM framework driver will stall into a dead loop. Returning -EACCES (Permission denied) in .packet() if the device is disabled makes more sense, and this is the same for returning -EINVAL if the channel passed into is not supported. Signed-off-by: Chunyan Zhang <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit f8fb90de9d4fb2deb504ba6df22c28cb5dc08480 Author: Baoyou Xie <[email protected]> Date: Tue Sep 6 16:03:50 2016 +0800 coresight: tmc: mark symbols static where possible We get a few warnings when building kernel with W=1: drivers/hwtracing/coresight/coresight-tmc-etr.c:23:6: warning: no previous prototype for 'tmc_etr_enable_hw' [-Wmissing-prototypes] drivers/hwtracing/coresight/coresight-tmc-etf.c:25:6: warning: no previous prototype for 'tmc_etb_enable_hw' [-Wmissing-prototypes] drivers/hwtracing/coresight/coresight-tmc.c:250:9: warning: no previous prototype for ‘trigger_cntr_show’ [-Wmissing-prototypes] ... In fact, these functions are only used in the file in which they are declared and don't need a declaration, but can be made static. so this patch marks these functions with 'static'. Signed-off-by: Baoyou Xie <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit ce6e23ba05532a2bb5d572a7e3ac8cc07202c3e5 Author: Mathieu Poirier <[email protected]> Date: Wed Aug 24 14:07:56 2016 -0600 coresight: perf: deal with error condition properly Function coresight_build_path() should return -ENOMEM when kzalloc fails to allocated the requested memory. That way callers can deal with the error condition in a similar way. Signed-off-by: Mathieu Poirier <[email protected]> commit 76637d2d0d2e78b428b052c1852a4c73fdea5c2d Author: Mathieu Poirier <[email protected]> Date: Tue Jul 5 14:22:15 2016 -0600 coresight: etm4x: adding configurable start/stop filtering With this patch we add start/stop filtering as specified on the perf cmd line. When the IP matches the start address trace generation gets triggered. The stop condition is achieved when the IP matches the stop address. Signed-off-by: Mathieu Poirier <[email protected]> commit 2bbb2af3480f2277c0f8ada20eb8b54c733bb0a0 Author: Mathieu Poirier <[email protected]> Date: Mon Jul 4 11:42:08 2016 -0600 coresight: etm4x: adding configurable address range filtering This patch adds the capability to specify address ranges from the perf cmd line using the --filter option. If the IP falls within the range(s) program flow traces are generated. Signed-off-by: Mathieu Poirier <[email protected]> commit 57cdb630ec2477f3b02312e6b9917bad66d7139b Author: Mathieu Poirier <[email protected]> Date: Wed Jun 29 13:08:47 2016 -0600 coresight: etm4x: configuring include/exclude function The include/exclude function of a tracer is applicable to address range and start/stop filters. To avoid duplication and reuse code moving the include/exclude configuration to a function of its own. Signed-off-by: Mathieu Poirier <[email protected]> commit f4639a00374e30179f94935d8f173fa316617d60 Author: Mathieu Poirier <[email protected]> Date: Wed Jun 29 11:01:58 2016 -0600 coresight: etm4x: adding range filter configuration function Introducing a new function to do address range configuration generic enough to work for any address range and any comparator. Signed-off-by: Mathieu Poirier <[email protected]> commit c0efed1b44e5bfb9127be3ecba4b3b12bca34ce6 Author: Mathieu Poirier <[email protected]> Date: Tue Jun 28 15:33:21 2016 -0600 coresight: etm4x: cleaning up default filter configuration The default filter configuration was hard to read and included some redundancy. This patch attempts to stream line configuration and improve readability. No change of functionality is included. Signed-off-by: Mathieu Poirier <[email protected]> commit 43e8f63182a234efeedcfea50ffbb8cb97e1e278 Author: Mathieu Poirier <[email protected]> Date: Tue Jun 28 11:26:33 2016 -0600 coresight: etm4x: split default and filter configuration Splitting the steps involved in the configuration of a tracer. The first part is generic and can be reused for both sysFS and Perf methods. The second part pertains to the configuration of filters themselves where the source of the information used to configure the filters will vary depending on the access methods. Signed-off-by: Mathieu Poirier <[email protected]> commit f4360705982d755eded63faa0b6aebb65af492dc Author: Mathieu Poirier <[email protected]> Date: Tue Jun 28 14:13:32 2016 -0600 coresight: etm-perf: configuring filters from perf core This patch implements the required API needed to access and retrieve range and start/stop filters from the perf core. Signed-off-by: Mathieu Poirier <[email protected]> commit 6a6b5d0f5e9d3e66fcc9cae7f5eed97fcc93c18b Author: Mathieu Poirier <[email protected]> Date: Thu Jun 30 13:04:46 2016 -0600 coresight: remove duplicated enumeration Both ETMv3 and ETMv4 drivers are declaring an 'enum etm_addr_type', creating reduncancy. This patch removes the enumeration from the driver files and adds it to a common header. Signed-off-by: Mathieu Poirier <[email protected]> commit 3325f97d774751508f5fec48effd6608f28c9f64 Author: Mathieu Poirier <[email protected]> Date: Fri Jun 24 15:36:08 2016 -0600 coresight: etm-perf: pass struct perf_event to source::enable/disable() With this commit [1] address range filter information is now found in the struct hw_perf_event::addr_filters. As such pass the event itself to the coresight_source::enable/disable() functions so that both event attribute and filter can be accessible for configuration. [1] 'commit 375637bc5249 ("perf/core: Introduce address range filtering")' Signed-off-by: Mathieu Poirier <[email protected]> commit 7cc481aac207625659878475bca11b3eeff3e39a Author: Sudeep Holla <[email protected]> Date: Thu Aug 4 17:22:26 2016 +0100 coresight: fix handling of ETM trace register access via sysfs The ETM registers are classified into 2 categories: trace and management. The core power domain contains most of the trace unit logic including all(except TRCOSLAR and TRCOSLSR) the trace registers. The debug power domain contains the external debugger interface including all management registers. This patch adds coresight unit specific function coresight_simple_func which can be used for ETM trace registers by providing a ETM specific read function which does smp cross call to ensure the trace core is powered up before the register is accessed. Cc: Mathieu Poirier <[email protected]> Signed-off-by: Sudeep Holla <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit a9164547054cbbec110ff15a4a2dd4d87173ca70 Author: Sudeep Holla <[email protected]> Date: Wed Aug 3 17:12:31 2016 +0100 coresight: etm4x: request to retain power to the trace unit when active The Coresight ETMv4 architecture provides a way to request to keep the power to the trace unit. This might help to collect the traces without the need to disable the CPU power management(entering/exiting deeper idle states). Trace PowerDown Control Register provides powerup request bit which when set requests the system to retain power to the trace unit and emulate the powerdown request. Typically, a trace unit drives a signal to the power controller to request that the trace unit core power domain is powered up. However, if the trace unit and the CPU are in the same power domain then the implementation might combine the trace unit power up status with a signal from the CPU. This patch requests to retain power to the trace unit when active and to remove when inactive. Note this change will only request but the behaviour depends on the implementation. However, it matches the exact behaviour expected when the external debugger is connected with respect to CPU power states. Cc: Mathieu Poirier <[email protected]> Signed-off-by: Sudeep Holla <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit 5f73805256603b24adbbc9b22ac04a1834e346ca Author: Markus Elfring <[email protected]> Date: Sat Jul 23 20:04:09 2016 +0200 coresight: tmc: Delete an unnecessary check before the function call "kfree" The kfree() function tests whether its argument is NULL and then returns immediately. Thus the test around the call is not needed. This issue was detected by using the Coccinelle software. Signed-off-by: Markus Elfring <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit eb549fcd1761d6f7279f032d2e0f8df36f0de36a Author: Wei Yongjun <[email protected]> Date: Tue Jul 19 11:27:21 2016 +0000 coresight: etm4x: remove duplicated include from coresight-etm4x.c Remove duplicated include. Signed-off-by: Wei Yongjun <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit de38be189881d3d61b4bd19a8157a972f4a5a161 Author: Suzuki K Poulose <[email protected]> Date: Wed Jul 13 17:40:25 2016 +0100 coresight: Use local coresight_desc instances Each coresight device prepares a description for coresight_register() in struct coresight_desc. Once we register the device, the description is useless and can be freed. The coresight_desc is small enough (48bytes on 64bit)i to be allocated on the stack. Hence use an automatic variable to avoid a needless dynamic allocation and wasting the memory(which will only be free'd when the device is destroyed). Cc: Mathieu Poirier <[email protected]> Cc: Pratik Patel <[email protected]> Signed-off-by: Suzuki K Poulose <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit 884b736b114446bf4505470fa21d7899c89b7355 Author: Peter Chen <[email protected]> Date: Tue Jul 5 10:11:04 2016 +0800 hwtracing: coresight: of_coresight: add missing of_node_put after calling of_parse_phandle of_node_put needs to be called when the device node which is got from of_parse_phandle has finished using. Cc: [email protected] Cc: Mathieu Poirier <[email protected]> Signed-off-by: Peter Chen <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit 718e1d9d2ece1932596a8f1cc1e8dd08d8963ace Author: Olivier Schonken <[email protected]> Date: Tue Jul 5 10:05:49 2016 +0200 coresight-etm3x: Add ARM ETM 3.5 Cortex-A5 peripheral ID Signed-off-by: Olivier Schonken <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit f2d67408493021dd7081b76336a64ee339c556d5 Author: Mathieu Poirier <[email protected]> Date: Thu Jun 16 13:04:12 2016 -0600 coresight: add PM runtime calls to coresight_simple_func() It is mandatory to enable a coresight block's power domain before trying to access management registers. Otherwise the transaction simply stalls, leading to a system hang. Signed-off-by: Mathieu Poirier <[email protected]> Reviewed-by: Sudeep Holla <[email protected]> commit 90f50e031a28a5b3551701a69d78bb75d07c5ecb Author: Mathieu Poirier <[email protected]> Date: Sun Jun 19 11:19:43 2016 -0600 coresight: delay initialisation when children are missing Depending on when CoreSight device are discovered it is possible that some IP block may be referencing devices that have not been added to the bus yet. The end result is missing nodes in the CoreSight topology even when the devices are present and properly initialised. This patch solves the problem by asking the driver core to try initialising the device at a later time when the children of a CoreSight node are missing. Signed-off-by: Mathieu Poirier <[email protected]> commit dfb8cd5ab64754d56154e4654044ab86479ad02e Author: Suzuki K Poulose <[email protected]> Date: Tue Jun 21 17:10:54 2016 +0100 coresight: Add better messages for coresight_timeout When we encounter a timeout waiting for a status change via coresight_timeout, the caller always print the offset which was tried. This is pretty much useless as it doesn't specify the bit position we wait for. Also, one needs to lookup the TRM to figure out, what was wrong. This patch changes all such error messages to print something more meaningful. Cc: Mathieu Poirier <[email protected]> Signed-off-by: Suzuki K Poulose <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit 90977c5d9158ac4d583a311229617c3ad43707fe Author: Suzuki K Poulose <[email protected]> Date: Tue Jun 21 17:10:53 2016 +0100 coresight: Cleanup TMC status check Use the defined symbol rather than hardcoding the value to check whether the TMC buffer is full. Cc: Mathieu Poirier <[email protected]> Signed-off-by: Suzuki K Poulose <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit c7ec0b1c3b51595d0c268b85a9dd8895945462e7 Author: Suzuki K Poulose <[email protected]> Date: Tue Jun 21 17:10:52 2016 +0100 coresight: etmv4: Fix ETMv4x peripheral ID table This patch cleans up the peripheral id table for different ETMv4 implementations. As per Cortex-A53 TRM, the ETM has following id values: Peripheral ID0 0x5D 0xFE0 Peripheral ID1 0xB9 0xFE4 Peripheral ID2 0x4B 0xFE8 Peripheral ID3 0x00 0xFEC where, PID2: has the following format: [7:4] Revision [3] JEDEC 0b1 res1. Indicates a JEP106 identity code is used [2:0] DES_1 0b011 ARM Limited. This is bits[6:4] of JEP106 ID code The existing table entry checks only the bits [1:0], which is not sufficient enough. Fix it to match bits [3:0], just like the other entries do. While at it, correct the comment for A57 and the A53 entry. Cc: Mathieu Poirier <[email protected]> Signed-off-by: Suzuki K Poulose <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit 58a47a8de41a0ee3bbf06c42669f1b9066cd6e4f Author: Suzuki K Poulose <[email protected]> Date: Tue Jun 21 17:10:51 2016 +0100 coresight: tmc: Limit the trace to available data At present the ETF or ETR gives out the entire device buffer, even if there is less or even no trace data available. This patch limits the trace data given out to the actual trace data collected. Cc: [email protected] Signed-off-by: Suzuki K Poulose <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit 462f767c2834e2802d7589f88891f29cf38d3cbf Author: Suzuki K Poulose <[email protected]> Date: Tue Jun 21 17:10:50 2016 +0100 coresight: Fix csdev connections initialisation This is a cleanup patch. coresight_device->conns holds an array to point to the devices connected to the OUT ports of a component. Sinks, e.g ETR, do not have an OUT port (nr_outport = 0), as it streams the trace to memory via AXI. At coresight_register() we do : conns = kcalloc(csdev->nr_outport, sizeof(*conns), GFP_KERNEL); if (!conns) { ret = -ENOMEM; goto err_kzalloc_conns; } For ETR, since the total size requested for kcalloc is zero, the return value is, ZERO_SIZE_PTR ( != NULL). Hence, csdev->conns = ZERO_SIZE_PTR which cannot be verified later to contain a valid pointer. The code which accesses the csdev->conns is bounded by the csdev->nr_outport check, hence we don't try to dereference the ZERO_SIZE_PTR. This patch cleans up the csdev->conns initialisation to make sure we initialise it properly(i.e, either NULL or valid conns array). Cc: Mathieu Poirier <[email protected]> Signed-off-by: Suzuki K Poulose <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit 018fd130e0b9720d83cdbc205f51de5e34c8ae7f Author: Suzuki K Poulose <[email protected]> Date: Tue Jun 21 17:10:49 2016 +0100 coresight: Consolidate error handling path for tmc_probe This patch cleans up the error handling path for tmc_probe as a side effect of the removal of the spurious dma_free_coherent(). Cc: Mathieu Poirier <[email protected]> Signed-off-by: Suzuki K Poulose <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit 8db55674062e6e54f89e009cc623e5a2752a2f4f Author: Suzuki K Poulose <[email protected]> Date: Tue Jun 21 17:10:48 2016 +0100 coresight: Remove erroneous dma_free_coherent in tmc_probe commit de5461970b3e9e194 ("coresight: tmc: allocating memory when needed") removed the static allocation of buffer for the trace data in ETR mode in tmc_probe. However it failed to remove the "devm_free_coherent" in tmc_probe when the probe fails due to other reasons. This patch gets rid of the incorrect dma_free_coherent() call. Fixes: commit de5461970b3e9e194 ("coresight: tmc: allocating memory when needed") Cc: Mathieu Poirier <[email protected]> Signed-off-by: Suzuki K Poulose <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit 5e60f02512fcb1be1627ba904d2ddf88a45b78ec Author: Sudeep Holla <[email protected]> Date: Mon Jun 20 15:25:41 2016 +0100 coresight: always use stashed trace id value in etm4_trace_id etm4_trace_id is not guaranteed to be executed on the CPU whose ETM is being accessed. This leads to exception similar to below one if the CPU whose ETM is being accessed is in deeper idle states. So it must be executed on the CPU whose ETM is being accessed. Unhandled fault: synchronous external abort (0x96000210) at 0xffff000008db4040 Internal error: : 96000210 [#1] PREEMPT SMP Modules linked in: CPU: 5 PID: 5979 Comm: etm.sh Not tainted 4.7.0-rc3 #159 Hardware name: ARM Juno development board (r2) (DT) task: ffff80096dd34b00 ti: ffff80096dfe4000 task.ti: ffff80096dfe4000 PC is at etm4_trace_id+0x5c/0x90 LR is at etm4_trace_id+0x3c/0x90 Call trace: etm4_trace_id+0x5c/0x90 coresight_id_match+0x78/0xa8 bus_for_each_dev+0x60/0xa0 coresight_enable+0xc0/0x1b8 enable_source_store+0x3c/0x70 dev_attr_store+0x18/0x28 sysfs_kf_write+0x48/0x58 kernfs_fop_write+0x14c/0x1e0 __vfs_write+0x1c/0x100 vfs_write+0xa0/0x1b8 SyS_write+0x44/0xa0 el0_svc_naked+0x24/0x28 However, TRCTRACEIDR is not guaranteed to hold the previous programmed trace id if it enters deeper idle states. Further, the trace id that is computed in etm4_init_trace_id is programmed into TRCTRACEIDR only in etm4_enable_hw which happens much later in the sequence after coresight_id_match is executed from enable_source_store. This patch simplifies etm4_trace_id by returning the stashed trace id value similar to etm4_cpu_id. Cc: Mathieu Poirier <[email protected]> Signed-off-by: Sudeep Holla <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit a419ec2cf36a13a6414a63f7c606f202f656fdc0 Author: Chunyan Zhang <[email protected]> Date: Tue Jun 21 10:24:36 2016 +0800 coresight-stm: support mmapping channel regions with mmio_addr CoreSight STM device allows direct mapping of the channel regions to userspace for zero-copy writing. To support this ability, the STM framework has provided a hook 'mmio_addr', this patch just implemented this hook for CoreSight STM. This patch also added an item into 'channel_space' to save the physical base address of channel region which mmap operation needs to know. Signed-off-by: Chunyan Zhang <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit 635a375873c4e158cd30e829884a48fbe36076f3 Author: Sudeep Holla <[email protected]> Date: Thu Jun 16 11:13:09 2016 +0100 coresight: access conn->child_name only if it's initialised If the addition of the coresight devices get deferred, then there's a window before child_name is populated by of_get_coresight_platform_data from the respective component driver's probe and the attempted to access the same from coresight_orphan_match resulting in kernel NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 0x0 Internal error: Oops: 96000004 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 1038 Comm: kworker/0:1 Not tainted 4.7.0-rc3 #124 Hardware name: ARM Juno development board (r2) (DT) Workqueue: events amba_deferred_retry_func PC is at strcmp+0x1c/0x160 LR is at coresight_orphan_match+0x7c/0xd0 Call trace: strcmp+0x1c/0x160 bus_for_each_dev+0x60/0xa0 coresight_register+0x264/0x2e0 tmc_probe+0x130/0x310 amba_probe+0xd4/0x1c8 driver_probe_device+0x22c/0x418 __device_attach_driver+0xbc/0x158 bus_for_each_drv+0x58/0x98 __device_attach+0xc4/0x160 device_initial_probe+0x10/0x18 bus_probe_device+0x94/0xa0 device_add+0x344/0x580 amba_device_try_add+0x194/0x238 amba_deferred_retry_func+0x48/0xd0 process_one_work+0x118/0x378 worker_thread+0x48/0x498 kthread+0xd0/0xe8 ret_from_fork+0x10/0x40 This patch adds a check for non-NULL conn->child_name before accessing the same. Cc: Mathieu Poirier <[email protected]> Signed-off-by: Sudeep Holla <[email protected]> Signed-off-by: Mathieu Poirier <[email protected]> commit 61347fa6087884305ea4a3a04501839fdb68dc76 Author: Parav Pandit <[email protected]> Date: Tue Sep 13 19:40:50 2016 +0530 IB/rdmavt: Trivial function comment corrected. Corrected function name in comment from qib_ to rvt_. Signed-off-by: Parav Pandit <[email protected]> Signed-off-by: Doug Ledford <[email protected]> commit 94c630ee73a4a1db18561511dfefc2e41d2e6d1e Author: Shuah Khan <[email protected]> Date: Mon Sep 26 11:50:24 2016 -0600 Doc: update 00-INDEX files to reflect the runnable code move Update 00-INDEX files with the current file list to reflect the runnable code move. Acked-by: Michal Marek <[email protected]> Acked-by: Jonathan Corbet <[email protected]> Signed-off-by: Shuah Khan <[email protected]> commit c6d2995da5409e3d0ef30c53287d3c17e450e96e Author: Shuah Khan <[email protected]> Date: Fri Sep 23 15:14:56 2016 -0600 samples: move blackfin gptimers-example from Documentation Move blackfin gptimers-example to samples and remove it from Documentation Makefile. Update samples Kconfig and Makefile to build gptimers-example. blackfin is the last CONFIG_BUILD_DOCSRC target in Documentation/Makefile, hence this patch also includes changes to remove CONFIG_BUILD_DOCSRC from Makefile and lib/Kconfig.debug. Acked-by: Michal Marek <[email protected]> Acked-by: Jonathan Corbet <[email protected]> Signed-off-by: Shuah Khan <[email protected]> commit 464691bd52b46a565153ec2a3b8b9984dacd4a00 Author: Ilya Dryomov <[email protected]> Date: Fri Sep 23 09:57:57 2016 +0200 libceph: ceph_build_auth() doesn't need ceph_auth_build_hello() A static bug finder (EBA) on Linux 4.7: Double lock in net/ceph/auth.c second lock at 108: mutex_lock(& ac->mutex); [ceph_auth_build_hello] after calling from 263: ret = ceph_auth_build_hello(ac, msg_buf, msg_len); if ! ac->protocol -> true at 262 first lock at 261: mutex_lock(& ac->mutex); [ceph_build_auth] ceph_auth_build_hello() is never called, because the protocol is always initialized, whether we are checking existing tickets (in delayed_work()) or getting new ones after invalidation (in invalidate_authorizer()). Reported-by: Iago Abal <[email protected]> Signed-off-by: Ilya Dryomov <[email protected]> commit fdc723e77bcf17ec2646fdef031e7f135968a9b7 Author: Ilya Dryomov <[email protected]> Date: Fri Sep 23 09:57:56 2016 +0200 libceph: use CEPH_AUTH_UNKNOWN in ceph_auth_build_hello() Signed-off-by: Ilya Dryomov <[email protected]> commit 92c1037ce8e3a70b616c8b91c990caf16a0096d1 Author: Andreas Gerstmayr <[email protected]> Date: Thu Sep 15 21:23:01 2016 +0200 ceph: fix description for rsize and rasize mount options Signed-off-by: Andreas Gerstmayr <[email protected]> Signed-off-by: Ilya Dryomov <[email protected]> commit 88a25a5fa09dff62b5fc1e82fb9c0c6b23971887 Author: Markus Elfring <[email protected]> Date: Sun Sep 11 12:21:25 2016 +0200 rbd: use kmalloc_array() in rbd_header_from_disk() * A multiplication for the size determination of a memory allocation indicated that an array data structure should be processed. Thus use the corresponding function "kmalloc_array". This issue was detected by using the Coccinelle software. * Delete the local variable "size" which became unnecessary with this refactoring. Signed-off-by: Markus Elfring <[email protected]> Signed-off-by: Ilya Dryomov <[email protected]> commit 8cdcc07dde27d29bc25b3588238d4b1cc9a56fe9 Author: Wei Yongjun <[email protected]> Date: Sat Aug 13 09:10:28 2016 +0000 ceph: use list_move instead of list_del/list_add Using list_move() instead of list_del() + list_add(). Signed-off-by: Wei Yongjun <[email protected]> Signed-off-by: Ilya Dryomov <[email protected]> commit fcff415c9421b417ef91d48f546f3c4566ddc358 Author: Yan, Zheng <[email protected]> Date: Wed Sep 14 16:39:51 2016 +0800 ceph: handle CEPH_SESSION_REJECT message Signed-off-by: Yan, Zheng <[email protected]> commit ce2728aaa82bbebae7d20345324af3f0f49eeb20 Author: Yan, Zheng <[email protected]> Date: Wed Sep 14 14:53:05 2016 +0800 ceph: avoid accessing / when mounting a subpath Accessing / causes failuire if the client has caps that restrict path Signed-off-by: Yan, Zheng <[email protected]> commit db4a63aab43b2040292b2023512864702b5f9799 Author: Yan, Zheng <[email protected]> Date: Tue Sep 13 10:15:36 2016 +0800 ceph: fix mandatory flock check Signed-off-by: Yan, Zheng <[email protected]> commit e55f1a1871b148802b42ee3807edcb6528ffc27d Author: NeilBrown <[email protected]> Date: Wed Aug 31 12:59:29 2016 +1000 ceph: remove warning when ceph_releasepage() is called on dirty page If O_DIRECT writes are racing with buffered writes, then the call to invalidate_inode_pages2_range() can call ceph_releasepage() on dirty pages. Most filesystems hold inode_lock() across O_DIRECT writes so they do not suffer this race, but cephfs deliberately drops the lock, and opens a window for the race. This race can be triggered with the generic/036 test from the xfstests test suite. It doesn't happen every time, but it does happen often. As the possibilty is expected, remove the warning, and instead include the PageDirty() status in the debug message. Signed-off-by: NeilBrown <[email protected]> Reviewed-by: Jeff Layton <[email protected]> Reviewed-by: Yan, Zheng <[email protected]> commit 5d7eb1a3225309b294275385ece36fee256d5c46 Author: NeilBrown <[email protected]> Date: Thu Sep 1 22:26:23 2016 +0800 ceph: ignore error from invalidate_inode_pages2_range() in direct write This call can fail if there are dirty pages. The preceding call to filemap_write_and_wait_range() will normally remove dirty pages, but as inode_lock() is not held over calls to ceph_direct_read_write(), it could race with non-direct writes and pages could be dirtied immediately after filemap_write_and_wait_range() returns If there are dirty pages, they will be removed by the subsequent call to truncate_inode_pages_range(), so having them here is not a problem. If the 'ret' value is left holding an error, then in the async IO case (aio_req is not NULL) the loop that would normally call ceph_osdc_start_request() will see the error in 'ret' and abort all requests. This doesn't seem like correct behaviour. So use separate 'ret2' instead of overloading 'ret'. Signed-off-by: NeilBrown <[email protected]> Reviewed-by: Jeff Layton <[email protected]> Reviewed-by: Yan, Zheng <[email protected]> commit 1afe478569ba7414dde8a874dda9c1ea621c0c63 Author: Yan, Zheng <[email protected]> Date: Wed Aug 24 11:33:46 2016 +0800 ceph: fix error handling of start_read() If start_page() fails to add a page to page cache or fails to send OSD request. It should cal put_page() (instead of free_page()) for relevant pages. Besides, start_page() need to cancel fscache readpage if it fails to send OSD request. Signed-off-by: Yan, Zheng <[email protected]> Reported-by: Zhi Zhang <[email protected]> commit 0dcc685e7dd7190dcaa5435e9c14150f1d405b7b Author: Ilya Dryomov <[email protected]> Date: Mon Sep 26 15:43:52 2016 +0200 rbd: add rbd_obj_request_error() helper Pull setting an error and marking a request done code into a new helper. obj_request_img_data_test() check isn't strictly needed right now, but makes it applicable to !img_data requests and a bit safer. Signed-off-by: Ilya Dryomov <[email protected]> commit 04dc923c9e4c43df7d2d94f290189785d3172326 Author: Ilya Dryomov <[email protected]> Date: Thu Sep 15 18:05:16 2016 +0200 rbd: img_data requests don't own their page array Move the check into rbd_obj_request_destroy() to avoid use-after-free on errors in rbd_img_request_fill(..., OBJ_REQUEST_PAGES, ...), where pages, owned by the caller, gets freed in rbd_img_request_fill(). Signed-off-by: Ilya Dryomov <[email protected]> Reviewed-by: Alex Elder <[email protected]> Reviewed-by: David Disseldorp <[email protected]> commit 7c84883adf6dc614fc9e01304aa1813a55c43ad2 Author: Ilya Dryomov <[email protected]> Date: Thu Sep 15 17:56:39 2016 +0200 rbd: don't call rbd_osd_req_format_read() for !img_data requests Accessing obj_request->img_request union field is only valid for object requests associated with an image (i.e. if obj_request_img_data_test() returns true). rbd_osd_req_format_read() used to do more, but now it just sets osd_req->snap_id. Standalone and stat object requests always go to the HEAD revision and are fine with CEPH_NOSNAP set by libceph, so get around the invalid union field use by simply not calling rbd_osd_req_format_read() in those places. Reported-by: David Disseldorp <[email protected]> Signed-off-by: Ilya Dryomov <[email protected]> Reviewed-by: Alex Elder <[email protected]> Reviewed-by: David Disseldorp <[email protected]> commit 710214e391476f331abed1b774b5f025d054ab7f Author: Ilya Dryomov <[email protected]> Date: Thu Sep 15 17:53:32 2016 +0200 rbd: rework rbd_img_obj_exists_submit() error paths - don't put obj_request before rbd_obj_request_get() if rbd_obj_request_create() fails - don't leak pages if rbd_obj_request_create() fails - don't leak stat_request if rbd_osd_req_create() fails Reported-by: David Disseldorp <[email protected]> Signed-off-by: Ilya Dryomov <[email protected]> Reviewed-by: Alex Elder <[email protected]> Reviewed-by: David Disseldorp <[email protected]> commit fa355112c2763d513f1356119684dc8a6150d08a Author: Ilya Dryomov <[email protected]> Date: Fri Sep 16 15:20:42 2016 +0200 rbd: don't crash or leak on errors in rbd_img_obj_parent_read_full_callback() - fix parent_length == img_request->xferred assert to not fire on copyup read failures - don't leak pages if copyup read fails or we can't allocate a new osd request Signed-off-by: Ilya Dryomov <[email protected]> Reviewed-by: Alex Elder <[email protected]> Reviewed-by: David Disseldorp <[email protected]> commit 4a17dadcae55ca1f5c1ed826d42185e22653c256 Author: Ilya Dryomov <[email protected]> Date: Tue Sep 13 21:08:10 2016 +0200 rbd: move bumping img_request refcount into rbd_obj_request_submit() Commit 0f2d5be792b0 ("rbd: use reference counts for image requests") added rbd_img_request_get(), which rbd_img_request_fill() calls for each obj_request added to img_request. It was an urgent band-aid for the uglyness that is rbd_img_obj_callback() and none of the error paths were updated. Given that this img_request reference is meant to represent an obj_request that hasn't passed through rbd_img_obj_callback() yet, proper cleanup in appropriate destructors is a challenge. However, noting that if we don't get a chance to call rbd_obj_request_complete(), there is not going to be a call to rbd_img_obj_callback(), we can move rbd_img_request_get() into rbd_obj_request_submit() and fixup the two places that call rbd_obj_request_complete() directly and not through rbd_obj_request_submit() to temporarily bump img_request, so that rbd_img_obj_callback() can put as usual. This takes care of img_request leaks on errors on the submit side. Signed-off-by: Ilya Dryomov <[email protected]> Reviewed-by: Alex Elder <[email protected]> commit c2e82414884718ad6ec33a7528606cb07cf55cb4 Author: Ilya Dryomov <[email protected]> Date: Tue Sep 13 20:18:01 2016 +0200 rbd: mark the original request as done if stat request fails If stat request fails with something other than -ENOENT (which just means that we need to copyup), the original object request is never marked as done and therefore never completed. Fix this by moving the mark done + complete snippet from rbd_img_obj_parent_read_full() into rbd_img_obj_exists_callback(). The former remains covered, as the latter is its only caller (through rbd_img_obj_request_submit()). Signed-off-by: Ilya Dryomov <[email protected]> Reviewed-by: Alex Elder <[email protected]> Reviewed-by: David Disseldorp <[email protected]> commit 058aa9919147da9f088a96982a19ea0864139dc8 Author: Ilya Dryomov <[email protected]> Date: Mon Sep 12 14:44:45 2016 +0200 rbd: clean up asserts in rbd_img_obj_request_submit() helpers Assert once in rbd_img_obj_request_submit(). Signed-off-by: Ilya Dryomov <[email protected]> Reviewed-by: Alex Elder <[email protected]> Reviewed-by: David Disseldorp <[email protected]> commit 980917fc6ec94cb614fd79e6a124689e700f9d97 Author: Ilya Dryomov <[email protected]> Date: Mon Sep 12 18:59:42 2016 +0200 rbd: change rbd_obj_request_submit() signature - osdc parameter is useless - starting with commit 5aea3dcd5021 ("libceph: a major OSD client update"), ceph_osdc_start_request() always returns success Signed-off-by: Ilya Dryomov <[email protected]> Reviewed-by: Alex Elder <[email protected]> Reviewed-by: David Disseldorp <[email protected]> commit 80de19122866d0a65f741e7ff2d5d20842d22d6b Author: Ilya Dryomov <[email protected]> Date: Tue Sep 20 14:23:17 2016 +0200 rbd: lock_on_read map option Add a per-device option to acquire exclusive lock on reads (in addition to writes and discards). The use case is iSCSI, where it will be used to prevent execution of stale writes after the implicit failover. Signed-off-by: Ilya Dryomov <[email protected]> Tested-by: Mike Christie <[email protected]> commit bd85f4b37ddf2da22ccf5b29d264b2459b6722df Author: Xie XiuQi <[email protected]> Date: Tue Sep 27 15:07:12 2016 +0800 ipmi: fix crash on reading version from proc after unregisted bmc I meet a crash, which could be reproduce: 1) while true; do cat /proc/ipmi/0/version; done 2) modprobe -rv ipmi_si ipmi_msghandler ipmi_devintf [82761.021137] IPMI BT: req2rsp=5 secs retries=2 [82761.034524] ipmi device interface [82761.222218] ipmi_si ipmi_si.0: Found new BMC (man_id: 0x0007db, prod_id: 0x0001, dev_id: 0x01) [82761.222230] ipmi_si ipmi_si.0: IPMI bt interface initialized [82903.922740] BUG: unable to handle kernel NULL pointer dereference at 00000000000002d4 [82903.930952] IP: [<ffffffffa030d9e8>] smi_version_proc_show+0x18/0x40 [ipmi_msghandler] [82903.939220] PGD 86693a067 PUD 865304067 PMD 0 [82903.943893] Thread overran stack, or stack corrupted [82903.949034] Oops: 0000 [#1] SMP [82903.983091] Modules linked in: ipmi_si(-) ipmi_msghandler binfmt_misc ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ... [82904.057285] pps_core scsi_transport_sas dm_mod vfio_iommu_type1 vfio xt_sctp nf_conntrack_proto_sctp nf_nat_proto_sctp nf_nat nf_conntrack sctp libcrc32c [last unloaded: ipmi_devintf] [82904.073169] CPU: 37 PID: 28089 Comm: cat Tainted: GF O ---- ------- 3.10.0-327.28.3.el7.x86_64 #1 [82904.083373] Hardware name: Huawei RH2288H V3/BC11HGSA0, BIOS 3.22 05/16/2016 [82904.090592] task: ffff880101cc2e00 ti: ffff880369c54000 task.ti: ffff880369c54000 [82904.098414] RIP: 0010:[<ffffffffa030d9e8>] [<ffffffffa030d9e8>] smi_version_proc_show+0x18/0x40 [ipmi_msghandler] [82904.109124] RSP: 0018:ffff880369c57e70 EFLAGS: 00010203 [82904.114608] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000024688470 [82904.121912] RDX: fffffffffffffff4 RSI: ffffffffa0313404 RDI: ffff8808670ce200 [82904.129218] RBP: ffff880369c57e70 R08: 0000000000019720 R09: ffffffff81204a27 [82904.136521] R10: ffff88046f803300 R11: 0000000000000246 R12: ffff880662399700 [82904.143828] R13: 0000000000000001 R14: ffff880369c57f48 R15: ffff8808670ce200 [82904.151128] FS: 00007fb70c9ca740(0000) GS:ffff88086e340000(0000) knlGS:0000000000000000 [82904.159557] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [82904.165473] CR2: 00000000000002d4 CR3: 0000000864c0c000 CR4: 00000000003407e0 [82904.172778] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [82904.180084] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [82904.187385] Stack: [82904.189573] ffff880369c57ee0 ffffffff81204f1a 00000000122a2427 0000000001426000 [82904.197392] ffff8808670ce238 0000000000010000 0000000000000000 0000000000000fff [82904.205198] 00000000122a2427 ffff880862079600 0000000001426000 ffff880369c57f48 [82904.212962] Call Trace: [82904.219667] [<ffffffff81204f1a>] seq_read+0xfa/0x3a0 [82904.224893] [<ffffffff8124ce2d>] proc_reg_read+0x3d/0x80 [82904.230468] [<ffffffff811e102c>] vfs_read+0x9c/0x170 [82904.235689] [<ffffffff811e1b7f>] SyS_read+0x7f/0xe0 [82904.240816] [<ffffffff81649209>] system_call_fastpath+0x16/0x1b [82904.246991] Code: 30 a0 e8 0c 6f ef e0 5b 5d c3 66 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 8b 47 78 55 48 c7 c6 04 34 31 a0 48 89 e5 48 8b 40 50 <0f> b6 90 d4 02 00 00 31 c0 89 d1 83 e2 0f c0 e9 04 0f b6 c9 e8 [82904.267710] RIP [<ffffffffa030d9e8>] smi_version_proc_show+0x18/0x40 [ipmi_msghandler] [82904.276079] RSP <ffff880369c57e70> [82904.279734] CR2: 00000000000002d4 [82904.283731] ---[ end trace a69e4328b49dd7c4 ]--- [82904.328118] Kernel panic - not syncing: Fatal exception Reading versin from /proc need bmc device struct available. So in this patch we move add/remove_proc_entries between ipmi_bmc_register and ipmi_bmc_unregister. Cc: Kefeng Wang <[email protected]> Signed-off-by: Xie XiuQi <[email protected]> Signed-off-by: Corey Minyard <[email protected]> commit 262f75a6288346db44038c63b7a95ee68f8b7bea Author: Daniel Vetter <[email protected]> Date: Mon Oct 3 10:28:27 2016 +0200 drm: Undo damage to page_flip_ioctl I screwed up rebasing of my patch in commit 43968d7b806d7a7e021261294c583a216fddf0e5 Author: Daniel Vetter <[email protected]> Date: Wed Sep 21 10:59:24 2016 +0200 drm: Extract drm_plane.[hc] which meant on error paths drm_crtc_vblank_put could be called without a get, leading to an underrun of the refcount. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=98020 Reported-and-tested-by: Andy Furniss <[email protected]> Cc: Sean Paul <[email protected]> Cc: Michel Dänzer <[email protected]> Signed-off-by: Daniel Vetter <[email protected]> Link: http://patchwork.freedesktop.org/patch/msgid/[email protected] commit 63401ccdb2ca08ae76909f6588a3f3348bc3555d Author: Miklos Szeredi <[email protected]> Date: Mon Oct 3 11:06:05 2016 +0200 fuse: limit xattr returned size Don't let userspace filesystem give bogus values for the size of xattr and xattr list. Signed-off-by: Miklos Szeredi <[email protected]> commit fc113d54e9d7ef3296cdf2eff49c8ca0a3e5a482 Author: Brian Boylston <[email protected]> Date: Mon Sep 26 13:57:14 2016 -0500 watchdog: hpwdt: add support for iLO5 iLO5 will offer the same watchdog timer as previous generations, but the PCI subsystem vendor ID will be PCI_VENDOR_ID_HP_3PAR (0x1590) instead of PCI_VENDOR_ID_HP (0x103c). Add 0x1590 to the whitelist and be more specific when ignoring the 103c,1979 device. Signed-off-by: Brian Boylston <[email protected]> Reviewed-by: Guenter Roeck <[email protected]> Signed-off-by: Guenter Roeck <[email protected]> Signed-off-by: Wim Van Sebroeck <[email protected]> commit f814bfd765218908b23e21ca7f0b6f403fb88972 Author: Alexey Khoroshilov <[email protected]> Date: Sat Oct 1 00:56:37 2016 +0300 net: mvmdio: do not clk_disable_unprepare() NULL clock There is no need to clk_disable_unprepare(dev->clk) before it was initialized. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Alexey Khoroshilov <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 85de4a2101acb85c3b1dde465e84596ccca99f2c Author: Jiri Benc <[email protected]> Date: Fri Sep 30 19:08:07 2016 +0200 openvswitch: use mpls_hdr skb_mpls_header is equivalent to mpls_hdr now. Use the existing helper instead. Signed-off-by: Jiri Benc <[email protected]> Acked-by: Pravin B Shelar <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 9095e10edd28e1e4a10ba5ca61fb54d9f74f8968 Author: Jiri Benc <[email protected]> Date: Fri Sep 30 19:08:06 2016 +0200 mpls: move mpls_hdr to a common location This will be also used by openvswitch. Signed-off-by: Jiri Benc <[email protected]> Acked-by: David Ahern <[email protected]> Acked-by: Pravin B Shelar <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit f7d49bce8e741e1e6aa14ce4db1b6cea7e4be4e8 Author: Jiri Benc <[email protected]> Date: Fri Sep 30 19:08:05 2016 +0200 openvswitch: mpls: set network header correctly on key extract After the 48d2ab609b6b ("net: mpls: Fixups for GSO"), MPLS handling in openvswitch was changed to have network header pointing to the start of the MPLS headers and inner_network_header pointing after the MPLS headers. However, key_extract was missed by the mentioned commit, causing incorrect headers to be set when a MPLS packet just enters the bridge or after it is recirculated. Fixes: 48d2ab609b6b ("net: mpls: Fixups for GSO") Signed-off-by: Jiri Benc <[email protected]> Acked-by: Pravin B Shelar <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit ab580705693d5af79663efa504a72248700766fc Author: Arnd Bergmann <[email protected]> Date: Fri Sep 30 18:17:10 2016 +0200 mlxsw: spectrum_router: avoid potential uninitialized data usage If fi->fib_nhs is zero, the router interface pointer is uninitialized, as shown by this warning: drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c: In function 'mlxsw_sp_router_fib_event': drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c:1674:21: error: 'r' may be used uninitialized in this function [-Werror=maybe-uninitialized] drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c:1643:23: note: 'r' was declared here This changes the loop so we handle the case the same way as finding no router interface pointer attached to one of the nexthops to ensure we always trap here instead of using uninitialized data. Fixes: b45f64d16d45 ("mlxsw: spectrum_router: Use FIB notifications instead of switchdev calls") Signed-off-by: Arnd Bergmann <[email protected]> Acked-by: Ido Schimmel <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit d0debb76df18f05ecc65579d37203703ffdec44d Author: Arnd Bergmann <[email protected]> Date: Fri Sep 30 18:17:09 2016 +0200 net/mlx5e: shut up maybe-uninitialized warning Build-testing this driver with -Wmaybe-uninitialized gives a new false-positive warning that I can't really explain: drivers/net/ethernet/mellanox/mlx5/core/en_tc.c: In function 'mlx5e_configure_flower': drivers/net/ethernet/mellanox/mlx5/core/en_tc.c:509:3: error: 'old_attr' may be used uninitialized in this function [-Werror=maybe-uninitialized] It's obvious from the code that 'old_attr' is initialized whenever 'old' is non-NULL here. The warning appears with all versions I tested from gcc-4.7 through gcc-6.1, and I could not come up with a way to rewrite the function in a more readable way that avoids the warning, so I'm adding another initialization to shut it up. Fixes: 8b32580df1cb ("net/mlx5e: Add TC vlan action for SRIOV offloads") Signed-off-by: Arnd Bergmann <[email protected]> Acked-by: Or Gerlitz <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 0c238e65d7dc62c5cae138cec720fec7baa07a24 Author: Tomeu Vizoso <[email protected]> Date: Fri Sep 23 16:06:40 2016 +0200 drm/rockchip: analogix_dp: Refuse to enable PSR if panel doesn't support it There's no point in enabling PSR when the panel doesn't support it. This also avoids a problem when PSR gets enabled when a CRTC is being disabled, because sometimes in that situation the DSP_HOLD_VALID_INTR interrupt on which we wait will never arrive. This was observed on RK3288 with a panel without PSR (veyron-jaq Chromebook). It's very easy to reproduce by running the kms_rmfb test in IGT a few times. Cc: Yakir Yang <[email protected]> Reviewed-by: Sean Paul <[email protected]> Signed-off-by: Tomeu Vizoso <[email protected]> Signed-off-by: Archit Taneja <[email protected]> Link: http://patchwork.freedesktop.org/patch/msgid/[email protected] commit a4cb6284e28b90761145f3ffa454a515ac4644ba Author: Tomeu Vizoso <[email protected]> Date: Fri Sep 23 16:06:39 2016 +0200 drm/bridge: analogix_dp: Add analogix_dp_psr_supported So users know whether PSR should be enabled or not. Cc: Yakir Yang <[email protected]> Reviewed-by: Sean Paul <[email protected]> Signed-off-by: Tomeu Vizoso <[email protected]> Signed-off-by: Archit Taneja <[email protected]> Link: http://patchwork.freedesktop.org/patch/msgid/[email protected] commit fbb6aacb078285f88e4a4a20399c6af8d61e0000 Author: Bjorn Andersson <[email protected]> Date: Sun Oct 2 17:46:39 2016 -0700 remoteproc: Refactor rproc module locking Lock the implementation as we hand out references to client drivers rather than when they try to boot the remote processor. This allows auto-booting remote processors to be shut down by unloading their module, in addition to first unbinding them. Signed-off-by: Bjorn Andersson <[email protected]> commit 433c0e04bc06da6d049c691a9ef238d61edb841c Author: Bjorn Andersson <[email protected]> Date: Sun Oct 2 17:46:38 2016 -0700 remoteproc: Split driver and consumer dereferencing In order to be able to lock a rproc driver implementations only when used by a client, we must differ between the dereference operation of a client and the implementation itself. This patch brings no functional change. Signed-off-by: Bjorn Andersson <[email protected]> commit 229b85a6a54d7eef81ba307d60a589cc232f06d1 Author: Bjorn Andersson <[email protected]> Date: Sun Oct 2 17:41:29 2016 -0700 remoteproc: Correct resource handling upon boot failure The freeing of resources will attempt to clear values previously set in the cached resource table, so make sure to free the table after we have cleaned up the resources. Fixes: 988d204cdaf6 ("remoteproc: Move handling of cached table to boot/shutdown") Signed-off-by: Bjorn Andersson <[email protected]> commit bcaf9dcf55fdac747f04a79e976c4543da3a4ab2 Author: Olof Johansson <[email protected]> Date: Sun Oct 2 22:42:13 2016 -0700 ARM: SoC: Document merges Signed-off-by: Olof Johansson <[email protected]> commit 7c70c4f8b2bf5ed777120f3d70efe35e64930c10 Author: Arnd Bergmann <[email protected]> Date: Fri Sep 30 18:15:33 2016 +0200 cxgb4: unexport cxgb4_dcb_enabled A recent cleanup marked cxgb4_dcb_enabled as 'static', which is correct, but this ignored how the symbol is also exported. In addition, the export can be compiled out when modules are disabled, causing a harmless compiler warning in configurations for which it is not used at all: drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c:282:12: error: 'cxgb4_dcb_enabled' defined but not used [-Werror=unused-function] This removes the export and moves the function into the correct #ifdef so we only build it when there are users. Fixes: 50935857f878 ("cxgb4: mark symbols static where possible") Signed-off-by: Arnd Bergmann <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit fa34cd94fb01fcb8d79d91e009451b37692e94e5 Author: Arnd Bergmann <[email protected]> Date: Fri Sep 30 18:13:49 2016 +0200 net: rtnl: avoid uninitialized data in IFLA_VF_VLAN_LIST handling With the newly added support for IFLA_VF_VLAN_LIST netlink messages, we get a warning about potential uninitialized variable use in the parsing of the user input when enabling the -Wmaybe-uninitialized warning: net/core/rtnetlink.c: In function 'do_setvfinfo': net/core/rtnetlink.c:1756:9: error: 'ivvl$' may be used uninitialized in this function [-Werror=maybe-uninitialized] I have not been able to prove whether it is possible to arrive in this code with an empty IFLA_VF_VLAN_LIST block, but if we do, then ndo_set_vf_vlan gets called with uninitialized arguments. This adds an explicit check for an empty list, making it obvious to the reader and the compiler that this cannot happen. Fixes: 79aab093a0b5 ("net: Update API for VF vlan protocol 802.1ad support") Signed-off-by: Arnd Bergmann <[email protected]> Reviewed-by: Moshe Shemesh <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 63d75463c91a5b5be7c0aca11ceb45ea5a0ae81d Author: Paolo Abeni <[email protected]> Date: Fri Sep 30 16:56:45 2016 +0200 net: pktgen: fix pkt_size The commit 879c7220e828 ("net: pktgen: Observe needed_headroom of the device") increased the 'pkt_overhead' field value by LL_RESERVED_SPACE. As a side effect the generated packet size, computed as: /* Eth + IPh + UDPh + mpls */ datalen = pkt_dev->cur_pkt_size - 14 - 20 - 8 - pkt_dev->pkt_overhead; is decreased by the same value. The above changed slightly the behavior of existing pktgen users, and made the procfs interface somewhat inconsistent. Fix it by restoring the previous pkt_overhead value and using LL_RESERVED_SPACE as extralen in skb allocation. Also, change pktgen_alloc_skb() to only partially reserve the headroom to allow the caller to prefetch from ll header start. v1 -> v2: - fixed some typos in the comments Fixes: 879c7220e828 ("net: pktgen: Observe needed_headroom of the device") Suggested-by: Ben Greear <[email protected]> Signed-off-by: Paolo Abeni <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit b82d44d78480faff7456e9e0999acb9d38666057 Author: Gavin Schenk <[email protected]> Date: Fri Sep 30 11:46:10 2016 +0200 net: fec: set mac address unconditionally If the mac address origin is not dt, you can only safely assign a mac address after "link up" of the device. If the link is off the clocks are disabled and because of issues assigning registers when clocks are off the new mac address cannot be written in .ndo_set_mac_address() on some soc's. This fix sets the mac address unconditionally in fec_restart(...) and ensures consistency between fec registers and the network layer. Signed-off-by: Gavin Schenk <[email protected]> Acked-by: Fugang Duan <[email protected]> Acked-by: Uwe Kleine-König <[email protected]> Fixes: 9638d19e4816 ("net: fec: add netif status check before set mac address") Signed-off-by: David S. Miller <[email protected]> commit d6db68b2deaa0158d25b236edffcf6dd2117208f Author: Linus Walleij <[email protected]> Date: Sun Oct 2 23:53:59 2016 +0200 bus: qcom-ebi2: depend on HAS_IOMEM After being asked to not depend on ARCH_QCOM* or similar, unsurprisingly compilation fails on UM as it has no I/O memory: drivers/built-in.o: In function `qcom_ebi2_probe': >> drivers/bus/qcom-ebi2.c:333: undefined reference to `devm_ioremap_resource' Fix this by letting the Kconfig atleast depend on HAS_IOMEM. Reported-by: kbuild test robot <[email protected]> Cc: Arnd Bergmann <[email protected]> Cc: Andy Gross <[email protected]> Cc: [email protected] Signed-off-by: Linus Walleij <[email protected]> Signed-off-by: Olof Johansson <[email protected]> commit 3a82e78c131a8199d38cf653b523c8fa2909df65 Author: Baoyou Xie <[email protected]> Date: Fri Sep 30 15:48:50 2016 +0800 net: ethernet: mediatek: mark symbols static where possible We get 2 warnings when building kernel with W=1: drivers/net/ethernet/mediatek/mtk_eth_soc.c:2041:5: warning: no previous prototype for 'mtk_get_link_ksettings' [-Wmissing-prototypes] drivers/net/ethernet/mediatek/mtk_eth_soc.c:2052:5: warning: no previous prototype for 'mtk_set_link_ksettings' [-Wmissing-prototypes] In fact, these functions are only used in the file in which they are declared and don't need a declaration, but can be made static. So this patch marks these functions with 'static'. Signed-off-by: Baoyou Xie <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 8efebd6e5e93283a72d7a014d6dd8130e6601352 Author: Baoyou Xie <[email protected]> Date: Fri Sep 30 15:34:25 2016 +0800 cxgb4: mark cxgb_setup_tc() static We get 1 warning when building kernel with W=1: drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c:2715:5: warning: no previous prototype for 'cxgb_setup_tc' [-Wmissing-prototypes] In fact, this function is only used in the file in which it is declared and don't need a declaration, but can be made static. so this patch marks this function with 'static'. Signed-off-by: Baoyou Xie <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 8185041f5fa6f02acf75229a590e16aac028fc5e Author: Vladimir Zapolskiy <[email protected]> Date: Fri Jul 8 01:46:41 2016 +0300 ARM: dts: lpc32xx: add device node for IRAM on-chip memory The change adds a new device node with description of generic SRAM on-chip memory found on NXP LPC32xx SoC series and connected to AHB matrix slave port 3. Note that NXP LPC3220 SoC has 128KiB of SRAM memory, the other LPC3230, LPC3240 and LPC3250 SoCs all have 256KiB SRAM space, in the shared DTSI file this change specifies 128KiB SRAM size. Also it's worth to mention that the SRAM area contains of 64KiB banks, 2 banks on LPC3220 and 4 banks on the other SoCs from the series, and all SRAM banks but the first one have independent power controls, the description of this feature will be added with the introduction of power domains for the SoC series. Signed-off-by: Vladimir Zapolskiy <[email protected]> Cc: Sylvain Lemieux <[email protected]> Signed-off-by: Olof Johansson <[email protected]> commit cb9e684e89e69894cb6697a3fa1274a284d1d3bb Author: Maciej Żenczykowski <[email protected]> Date: Thu Sep 29 00:33:43 2016 -0700 ipv6 addrconf: remove addrconf_sysctl_hop_limit() This is an effective no-op in terms of user observable behaviour. By preventing the overwrite of non-null extra1/extra2 fields in addrconf_sysctl() we can enable the use of proc_dointvec_minmax(). This allows us to eliminate the constant min/max (1..255) trampoline function that is addrconf_sysctl_hop_limit(). This is nice because it simplifies the code, and allows future sysctls with constant min/max limits to also not require trampolines. We still can't eliminate the trampoline for mtu because it isn't actually a constant (it depends on other tunables of the device) and thus requires at-write-time logic to enforce range. Signed-off-by: Maciej Żenczykowski <[email protected]> Acked-by: Erik Kline <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit d4ef9f72128d414ad83b27b49312faa971d77382 Author: Stefan Agner <[email protected]> Date: Wed Sep 28 15:05:28 2016 -0700 netfilter: bridge: clarify bridge/netfilter message Whe…
laijs
pushed a commit
to laijs/linux
that referenced
this pull request
Feb 13, 2017
lkl: initialize the time of day from host
fengguang
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Jul 11, 2018
WARNING: 'numner' may be misspelled - perhaps 'number'? torvalds#159: FILE: mm/sparse.c:591: + /* The numner of present sections stored in nr_present_sections WARNING: Block comments use a trailing */ on a separate line torvalds#167: FILE: mm/sparse.c:599: + * correctly. */ WARNING: line over 80 characters torvalds#219: FILE: mm/sparse-vmemmap.c:299: + map_map[nr_consumed_maps] = sparse_mem_map_populate(pnum, nodeid, NULL); total: 0 errors, 3 warnings, 149 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. ./patches/mm-sparse-optimize-memmap-allocation-during-sparse_init.patch has style problems, please review. NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. Please run checkpatch prior to sending patches Cc: Baoquan He <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Stephen Rothwell <[email protected]>
fengguang
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Jul 16, 2018
WARNING: 'numner' may be misspelled - perhaps 'number'? torvalds#159: FILE: mm/sparse.c:591: + /* The numner of present sections stored in nr_present_sections WARNING: Block comments use a trailing */ on a separate line torvalds#167: FILE: mm/sparse.c:599: + * correctly. */ WARNING: line over 80 characters torvalds#219: FILE: mm/sparse-vmemmap.c:299: + map_map[nr_consumed_maps] = sparse_mem_map_populate(pnum, nodeid, NULL); total: 0 errors, 3 warnings, 149 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. ./patches/mm-sparse-optimize-memmap-allocation-during-sparse_init.patch has style problems, please review. NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. Please run checkpatch prior to sending patches Cc: Baoquan He <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Stephen Rothwell <[email protected]>
fengguang
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Jul 24, 2018
WARNING: 'numner' may be misspelled - perhaps 'number'? torvalds#159: FILE: mm/sparse.c:591: + /* The numner of present sections stored in nr_present_sections WARNING: Block comments use a trailing */ on a separate line torvalds#167: FILE: mm/sparse.c:599: + * correctly. */ WARNING: line over 80 characters torvalds#219: FILE: mm/sparse-vmemmap.c:299: + map_map[nr_consumed_maps] = sparse_mem_map_populate(pnum, nodeid, NULL); total: 0 errors, 3 warnings, 149 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. ./patches/mm-sparse-optimize-memmap-allocation-during-sparse_init.patch has style problems, please review. NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. Please run checkpatch prior to sending patches Cc: Baoquan He <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Stephen Rothwell <[email protected]>
fengguang
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Jul 28, 2018
WARNING: 'numner' may be misspelled - perhaps 'number'? torvalds#159: FILE: mm/sparse.c:591: + /* The numner of present sections stored in nr_present_sections WARNING: Block comments use a trailing */ on a separate line torvalds#167: FILE: mm/sparse.c:599: + * correctly. */ WARNING: line over 80 characters torvalds#219: FILE: mm/sparse-vmemmap.c:299: + map_map[nr_consumed_maps] = sparse_mem_map_populate(pnum, nodeid, NULL); total: 0 errors, 3 warnings, 149 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. ./patches/mm-sparse-optimize-memmap-allocation-during-sparse_init.patch has style problems, please review. NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. Please run checkpatch prior to sending patches Cc: Baoquan He <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Stephen Rothwell <[email protected]>
fengguang
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Aug 2, 2018
WARNING: 'numner' may be misspelled - perhaps 'number'? torvalds#159: FILE: mm/sparse.c:591: + /* The numner of present sections stored in nr_present_sections WARNING: Block comments use a trailing */ on a separate line torvalds#167: FILE: mm/sparse.c:599: + * correctly. */ WARNING: line over 80 characters torvalds#219: FILE: mm/sparse-vmemmap.c:299: + map_map[nr_consumed_maps] = sparse_mem_map_populate(pnum, nodeid, NULL); total: 0 errors, 3 warnings, 149 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. ./patches/mm-sparse-optimize-memmap-allocation-during-sparse_init.patch has style problems, please review. NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. Please run checkpatch prior to sending patches Cc: Baoquan He <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Stephen Rothwell <[email protected]>
krzk
pushed a commit
to krzk/linux
that referenced
this pull request
Aug 10, 2018
WARNING: 'numner' may be misspelled - perhaps 'number'? torvalds#159: FILE: mm/sparse.c:591: + /* The numner of present sections stored in nr_present_sections WARNING: Block comments use a trailing */ on a separate line torvalds#167: FILE: mm/sparse.c:599: + * correctly. */ WARNING: line over 80 characters torvalds#219: FILE: mm/sparse-vmemmap.c:299: + map_map[nr_consumed_maps] = sparse_mem_map_populate(pnum, nodeid, NULL); total: 0 errors, 3 warnings, 149 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. ./patches/mm-sparse-optimize-memmap-allocation-during-sparse_init.patch has style problems, please review. NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. Please run checkpatch prior to sending patches Cc: Baoquan He <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Stephen Rothwell <[email protected]>
mrchapp
pushed a commit
to mrchapp/linux
that referenced
this pull request
Aug 6, 2020
commit 8999dc8 upstream. We should check null before do x25_neigh_put in x25_disconnect, otherwise may cause null-ptr-deref like this: #include <sys/socket.h> #include <linux/x25.h> int main() { int sck_x25; sck_x25 = socket(AF_X25, SOCK_SEQPACKET, 0); close(sck_x25); return 0; } BUG: kernel NULL pointer dereference, address: 00000000000000d8 CPU: 0 PID: 4817 Comm: t2 Not tainted 5.7.0-rc3+ torvalds#159 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3- RIP: 0010:x25_disconnect+0x91/0xe0 Call Trace: x25_release+0x18a/0x1b0 __sock_release+0x3d/0xc0 sock_close+0x13/0x20 __fput+0x107/0x270 ____fput+0x9/0x10 task_work_run+0x6d/0xb0 exit_to_usermode_loop+0x102/0x110 do_syscall_64+0x23c/0x260 entry_SYSCALL_64_after_hwframe+0x49/0xb3 Reported-by: [email protected] Fixes: 4becb7e ("net/x25: Fix x25_neigh refcnt leak when x25 disconnect") Signed-off-by: YueHaibing <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
mrchapp
pushed a commit
to mrchapp/linux
that referenced
this pull request
Aug 6, 2020
commit 8999dc8 upstream. We should check null before do x25_neigh_put in x25_disconnect, otherwise may cause null-ptr-deref like this: #include <sys/socket.h> #include <linux/x25.h> int main() { int sck_x25; sck_x25 = socket(AF_X25, SOCK_SEQPACKET, 0); close(sck_x25); return 0; } BUG: kernel NULL pointer dereference, address: 00000000000000d8 CPU: 0 PID: 4817 Comm: t2 Not tainted 5.7.0-rc3+ torvalds#159 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3- RIP: 0010:x25_disconnect+0x91/0xe0 Call Trace: x25_release+0x18a/0x1b0 __sock_release+0x3d/0xc0 sock_close+0x13/0x20 __fput+0x107/0x270 ____fput+0x9/0x10 task_work_run+0x6d/0xb0 exit_to_usermode_loop+0x102/0x110 do_syscall_64+0x23c/0x260 entry_SYSCALL_64_after_hwframe+0x49/0xb3 Reported-by: [email protected] Fixes: 4becb7e ("net/x25: Fix x25_neigh refcnt leak when x25 disconnect") Signed-off-by: YueHaibing <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
mrchapp
pushed a commit
to mrchapp/linux
that referenced
this pull request
Aug 7, 2020
commit 8999dc8 upstream. We should check null before do x25_neigh_put in x25_disconnect, otherwise may cause null-ptr-deref like this: #include <sys/socket.h> #include <linux/x25.h> int main() { int sck_x25; sck_x25 = socket(AF_X25, SOCK_SEQPACKET, 0); close(sck_x25); return 0; } BUG: kernel NULL pointer dereference, address: 00000000000000d8 CPU: 0 PID: 4817 Comm: t2 Not tainted 5.7.0-rc3+ torvalds#159 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3- RIP: 0010:x25_disconnect+0x91/0xe0 Call Trace: x25_release+0x18a/0x1b0 __sock_release+0x3d/0xc0 sock_close+0x13/0x20 __fput+0x107/0x270 ____fput+0x9/0x10 task_work_run+0x6d/0xb0 exit_to_usermode_loop+0x102/0x110 do_syscall_64+0x23c/0x260 entry_SYSCALL_64_after_hwframe+0x49/0xb3 Reported-by: [email protected] Fixes: 4becb7e ("net/x25: Fix x25_neigh refcnt leak when x25 disconnect") Signed-off-by: YueHaibing <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
mrchapp
pushed a commit
to mrchapp/linux
that referenced
this pull request
Aug 7, 2020
commit 8999dc8 upstream. We should check null before do x25_neigh_put in x25_disconnect, otherwise may cause null-ptr-deref like this: #include <sys/socket.h> #include <linux/x25.h> int main() { int sck_x25; sck_x25 = socket(AF_X25, SOCK_SEQPACKET, 0); close(sck_x25); return 0; } BUG: kernel NULL pointer dereference, address: 00000000000000d8 CPU: 0 PID: 4817 Comm: t2 Not tainted 5.7.0-rc3+ torvalds#159 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3- RIP: 0010:x25_disconnect+0x91/0xe0 Call Trace: x25_release+0x18a/0x1b0 __sock_release+0x3d/0xc0 sock_close+0x13/0x20 __fput+0x107/0x270 ____fput+0x9/0x10 task_work_run+0x6d/0xb0 exit_to_usermode_loop+0x102/0x110 do_syscall_64+0x23c/0x260 entry_SYSCALL_64_after_hwframe+0x49/0xb3 Reported-by: [email protected] Fixes: 4becb7e ("net/x25: Fix x25_neigh refcnt leak when x25 disconnect") Signed-off-by: YueHaibing <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
mrchapp
pushed a commit
to mrchapp/linux
that referenced
this pull request
Aug 11, 2020
commit 8999dc8 upstream. We should check null before do x25_neigh_put in x25_disconnect, otherwise may cause null-ptr-deref like this: #include <sys/socket.h> #include <linux/x25.h> int main() { int sck_x25; sck_x25 = socket(AF_X25, SOCK_SEQPACKET, 0); close(sck_x25); return 0; } BUG: kernel NULL pointer dereference, address: 00000000000000d8 CPU: 0 PID: 4817 Comm: t2 Not tainted 5.7.0-rc3+ torvalds#159 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3- RIP: 0010:x25_disconnect+0x91/0xe0 Call Trace: x25_release+0x18a/0x1b0 __sock_release+0x3d/0xc0 sock_close+0x13/0x20 __fput+0x107/0x270 ____fput+0x9/0x10 task_work_run+0x6d/0xb0 exit_to_usermode_loop+0x102/0x110 do_syscall_64+0x23c/0x260 entry_SYSCALL_64_after_hwframe+0x49/0xb3 Reported-by: [email protected] Fixes: 4becb7e ("net/x25: Fix x25_neigh refcnt leak when x25 disconnect") Signed-off-by: YueHaibing <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
mrchapp
pushed a commit
to mrchapp/linux
that referenced
this pull request
Aug 11, 2020
commit 8999dc8 upstream. We should check null before do x25_neigh_put in x25_disconnect, otherwise may cause null-ptr-deref like this: #include <sys/socket.h> #include <linux/x25.h> int main() { int sck_x25; sck_x25 = socket(AF_X25, SOCK_SEQPACKET, 0); close(sck_x25); return 0; } BUG: kernel NULL pointer dereference, address: 00000000000000d8 CPU: 0 PID: 4817 Comm: t2 Not tainted 5.7.0-rc3+ torvalds#159 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3- RIP: 0010:x25_disconnect+0x91/0xe0 Call Trace: x25_release+0x18a/0x1b0 __sock_release+0x3d/0xc0 sock_close+0x13/0x20 __fput+0x107/0x270 ____fput+0x9/0x10 task_work_run+0x6d/0xb0 exit_to_usermode_loop+0x102/0x110 do_syscall_64+0x23c/0x260 entry_SYSCALL_64_after_hwframe+0x49/0xb3 Reported-by: [email protected] Fixes: 4becb7e ("net/x25: Fix x25_neigh refcnt leak when x25 disconnect") Signed-off-by: YueHaibing <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
mrchapp
pushed a commit
to mrchapp/linux
that referenced
this pull request
Aug 18, 2020
commit 8999dc8 upstream. We should check null before do x25_neigh_put in x25_disconnect, otherwise may cause null-ptr-deref like this: #include <sys/socket.h> #include <linux/x25.h> int main() { int sck_x25; sck_x25 = socket(AF_X25, SOCK_SEQPACKET, 0); close(sck_x25); return 0; } BUG: kernel NULL pointer dereference, address: 00000000000000d8 CPU: 0 PID: 4817 Comm: t2 Not tainted 5.7.0-rc3+ torvalds#159 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3- RIP: 0010:x25_disconnect+0x91/0xe0 Call Trace: x25_release+0x18a/0x1b0 __sock_release+0x3d/0xc0 sock_close+0x13/0x20 __fput+0x107/0x270 ____fput+0x9/0x10 task_work_run+0x6d/0xb0 exit_to_usermode_loop+0x102/0x110 do_syscall_64+0x23c/0x260 entry_SYSCALL_64_after_hwframe+0x49/0xb3 Reported-by: [email protected] Fixes: 4becb7e ("net/x25: Fix x25_neigh refcnt leak when x25 disconnect") Signed-off-by: YueHaibing <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
mrchapp
pushed a commit
to mrchapp/linux
that referenced
this pull request
Aug 18, 2020
commit 8999dc8 upstream. We should check null before do x25_neigh_put in x25_disconnect, otherwise may cause null-ptr-deref like this: #include <sys/socket.h> #include <linux/x25.h> int main() { int sck_x25; sck_x25 = socket(AF_X25, SOCK_SEQPACKET, 0); close(sck_x25); return 0; } BUG: kernel NULL pointer dereference, address: 00000000000000d8 CPU: 0 PID: 4817 Comm: t2 Not tainted 5.7.0-rc3+ torvalds#159 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3- RIP: 0010:x25_disconnect+0x91/0xe0 Call Trace: x25_release+0x18a/0x1b0 __sock_release+0x3d/0xc0 sock_close+0x13/0x20 __fput+0x107/0x270 ____fput+0x9/0x10 task_work_run+0x6d/0xb0 exit_to_usermode_loop+0x102/0x110 do_syscall_64+0x23c/0x260 entry_SYSCALL_64_after_hwframe+0x49/0xb3 Reported-by: [email protected] Fixes: 4becb7e ("net/x25: Fix x25_neigh refcnt leak when x25 disconnect") Signed-off-by: YueHaibing <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
mrchapp
pushed a commit
to mrchapp/linux
that referenced
this pull request
Aug 20, 2020
commit 8999dc8 upstream. We should check null before do x25_neigh_put in x25_disconnect, otherwise may cause null-ptr-deref like this: #include <sys/socket.h> #include <linux/x25.h> int main() { int sck_x25; sck_x25 = socket(AF_X25, SOCK_SEQPACKET, 0); close(sck_x25); return 0; } BUG: kernel NULL pointer dereference, address: 00000000000000d8 CPU: 0 PID: 4817 Comm: t2 Not tainted 5.7.0-rc3+ torvalds#159 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3- RIP: 0010:x25_disconnect+0x91/0xe0 Call Trace: x25_release+0x18a/0x1b0 __sock_release+0x3d/0xc0 sock_close+0x13/0x20 __fput+0x107/0x270 ____fput+0x9/0x10 task_work_run+0x6d/0xb0 exit_to_usermode_loop+0x102/0x110 do_syscall_64+0x23c/0x260 entry_SYSCALL_64_after_hwframe+0x49/0xb3 Reported-by: [email protected] Fixes: 4becb7e ("net/x25: Fix x25_neigh refcnt leak when x25 disconnect") Signed-off-by: YueHaibing <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
mrchapp
pushed a commit
to mrchapp/linux
that referenced
this pull request
Aug 20, 2020
commit 8999dc8 upstream. We should check null before do x25_neigh_put in x25_disconnect, otherwise may cause null-ptr-deref like this: #include <sys/socket.h> #include <linux/x25.h> int main() { int sck_x25; sck_x25 = socket(AF_X25, SOCK_SEQPACKET, 0); close(sck_x25); return 0; } BUG: kernel NULL pointer dereference, address: 00000000000000d8 CPU: 0 PID: 4817 Comm: t2 Not tainted 5.7.0-rc3+ torvalds#159 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3- RIP: 0010:x25_disconnect+0x91/0xe0 Call Trace: x25_release+0x18a/0x1b0 __sock_release+0x3d/0xc0 sock_close+0x13/0x20 __fput+0x107/0x270 ____fput+0x9/0x10 task_work_run+0x6d/0xb0 exit_to_usermode_loop+0x102/0x110 do_syscall_64+0x23c/0x260 entry_SYSCALL_64_after_hwframe+0x49/0xb3 Reported-by: [email protected] Fixes: 4becb7e ("net/x25: Fix x25_neigh refcnt leak when x25 disconnect") Signed-off-by: YueHaibing <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Noltari
pushed a commit
to Noltari/linux
that referenced
this pull request
Aug 21, 2020
commit 8999dc8 upstream. We should check null before do x25_neigh_put in x25_disconnect, otherwise may cause null-ptr-deref like this: #include <sys/socket.h> #include <linux/x25.h> int main() { int sck_x25; sck_x25 = socket(AF_X25, SOCK_SEQPACKET, 0); close(sck_x25); return 0; } BUG: kernel NULL pointer dereference, address: 00000000000000d8 CPU: 0 PID: 4817 Comm: t2 Not tainted 5.7.0-rc3+ torvalds#159 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3- RIP: 0010:x25_disconnect+0x91/0xe0 Call Trace: x25_release+0x18a/0x1b0 __sock_release+0x3d/0xc0 sock_close+0x13/0x20 __fput+0x107/0x270 ____fput+0x9/0x10 task_work_run+0x6d/0xb0 exit_to_usermode_loop+0x102/0x110 do_syscall_64+0x23c/0x260 entry_SYSCALL_64_after_hwframe+0x49/0xb3 Reported-by: [email protected] Fixes: 4becb7e ("net/x25: Fix x25_neigh refcnt leak when x25 disconnect") Signed-off-by: YueHaibing <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
Noltari
pushed a commit
to Noltari/linux
that referenced
this pull request
Aug 21, 2020
commit 8999dc8 upstream. We should check null before do x25_neigh_put in x25_disconnect, otherwise may cause null-ptr-deref like this: #include <sys/socket.h> #include <linux/x25.h> int main() { int sck_x25; sck_x25 = socket(AF_X25, SOCK_SEQPACKET, 0); close(sck_x25); return 0; } BUG: kernel NULL pointer dereference, address: 00000000000000d8 CPU: 0 PID: 4817 Comm: t2 Not tainted 5.7.0-rc3+ torvalds#159 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3- RIP: 0010:x25_disconnect+0x91/0xe0 Call Trace: x25_release+0x18a/0x1b0 __sock_release+0x3d/0xc0 sock_close+0x13/0x20 __fput+0x107/0x270 ____fput+0x9/0x10 task_work_run+0x6d/0xb0 exit_to_usermode_loop+0x102/0x110 do_syscall_64+0x23c/0x260 entry_SYSCALL_64_after_hwframe+0x49/0xb3 Reported-by: [email protected] Fixes: 4becb7e ("net/x25: Fix x25_neigh refcnt leak when x25 disconnect") Signed-off-by: YueHaibing <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
mrchapp
pushed a commit
to mrchapp/linux
that referenced
this pull request
Aug 21, 2020
commit 8999dc8 upstream. We should check null before do x25_neigh_put in x25_disconnect, otherwise may cause null-ptr-deref like this: #include <sys/socket.h> #include <linux/x25.h> int main() { int sck_x25; sck_x25 = socket(AF_X25, SOCK_SEQPACKET, 0); close(sck_x25); return 0; } BUG: kernel NULL pointer dereference, address: 00000000000000d8 CPU: 0 PID: 4817 Comm: t2 Not tainted 5.7.0-rc3+ torvalds#159 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3- RIP: 0010:x25_disconnect+0x91/0xe0 Call Trace: x25_release+0x18a/0x1b0 __sock_release+0x3d/0xc0 sock_close+0x13/0x20 __fput+0x107/0x270 ____fput+0x9/0x10 task_work_run+0x6d/0xb0 exit_to_usermode_loop+0x102/0x110 do_syscall_64+0x23c/0x260 entry_SYSCALL_64_after_hwframe+0x49/0xb3 Reported-by: [email protected] Fixes: 4becb7e ("net/x25: Fix x25_neigh refcnt leak when x25 disconnect") Signed-off-by: YueHaibing <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
mrchapp
pushed a commit
to mrchapp/linux
that referenced
this pull request
Aug 21, 2020
commit 8999dc8 upstream. We should check null before do x25_neigh_put in x25_disconnect, otherwise may cause null-ptr-deref like this: #include <sys/socket.h> #include <linux/x25.h> int main() { int sck_x25; sck_x25 = socket(AF_X25, SOCK_SEQPACKET, 0); close(sck_x25); return 0; } BUG: kernel NULL pointer dereference, address: 00000000000000d8 CPU: 0 PID: 4817 Comm: t2 Not tainted 5.7.0-rc3+ torvalds#159 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3- RIP: 0010:x25_disconnect+0x91/0xe0 Call Trace: x25_release+0x18a/0x1b0 __sock_release+0x3d/0xc0 sock_close+0x13/0x20 __fput+0x107/0x270 ____fput+0x9/0x10 task_work_run+0x6d/0xb0 exit_to_usermode_loop+0x102/0x110 do_syscall_64+0x23c/0x260 entry_SYSCALL_64_after_hwframe+0x49/0xb3 Reported-by: [email protected] Fixes: 4becb7e ("net/x25: Fix x25_neigh refcnt leak when x25 disconnect") Signed-off-by: YueHaibing <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
lag-linaro
pushed a commit
to lag-linaro/linux
that referenced
this pull request
Aug 27, 2020
commit 8999dc8 upstream. We should check null before do x25_neigh_put in x25_disconnect, otherwise may cause null-ptr-deref like this: #include <sys/socket.h> #include <linux/x25.h> int main() { int sck_x25; sck_x25 = socket(AF_X25, SOCK_SEQPACKET, 0); close(sck_x25); return 0; } BUG: kernel NULL pointer dereference, address: 00000000000000d8 CPU: 0 PID: 4817 Comm: t2 Not tainted 5.7.0-rc3+ torvalds#159 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3- RIP: 0010:x25_disconnect+0x91/0xe0 Call Trace: x25_release+0x18a/0x1b0 __sock_release+0x3d/0xc0 sock_close+0x13/0x20 __fput+0x107/0x270 ____fput+0x9/0x10 task_work_run+0x6d/0xb0 exit_to_usermode_loop+0x102/0x110 do_syscall_64+0x23c/0x260 entry_SYSCALL_64_after_hwframe+0x49/0xb3 Reported-by: [email protected] Fixes: 4becb7e ("net/x25: Fix x25_neigh refcnt leak when x25 disconnect") Signed-off-by: YueHaibing <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Lee Jones <[email protected]> Change-Id: I69a86806584a8094af89ba76e30e732bd4200011
alistair23
pushed a commit
to alistair23/linux
that referenced
this pull request
Jan 31, 2021
Update 5.4-2.2.x-imx to v5.4.73 from stable
chombourger
pushed a commit
to chombourger/linux
that referenced
this pull request
Feb 16, 2021
…from PLSDK-2497 to processor-sdk-linux-4.19.y * commit 'd7a1049951aaf67074ddace44a693500569efacb': net: hsr-prp: Add support for PTP over VLAN net: ethernet: prueth: Add functionality to run PTP over VLAN
ojeda
pushed a commit
to ojeda/linux
that referenced
this pull request
Apr 2, 2021
Move creation of `struct file_operations` to a const function.
mj22226
pushed a commit
to mj22226/linux
that referenced
this pull request
Jul 30, 2023
…orvalds#159) u2phy0_host linestate irq state has been cleared before, no need to clear it again. Signed-off-by: Feng Zhang <[email protected]>
intel-lab-lkp
pushed a commit
to intel-lab-lkp/linux
that referenced
this pull request
Aug 14, 2024
Lockdep thinks our seqcount_t usage is unsafe because the update path can be both from irq and worker context: [ ] ================================ [ ] WARNING: inconsistent lock state [ ] 6.10.3-v8-16k-numa torvalds#159 Tainted: G WC [ ] -------------------------------- [ ] inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage. [ ] swapper/0/0 [HC1[1]:SC0[0]:HE0:SE1] takes: [ ] ffff80003d7c08d0 (&v3d_priv->stats[i].lock){?.+.}-{0:0}, at: v3d_irq+0xc8/0x660 [v3d] [ ] {HARDIRQ-ON-W} state was registered at: [ ] lock_acquire+0x1f8/0x328 [ ] v3d_job_start_stats.isra.0+0xd8/0x218 [v3d] [ ] v3d_bin_job_run+0x23c/0x388 [v3d] [ ] drm_sched_run_job_work+0x520/0x6d0 [gpu_sched] [ ] process_one_work+0x62c/0xb48 [ ] worker_thread+0x468/0x5b0 [ ] kthread+0x1c4/0x1e0 [ ] ret_from_fork+0x10/0x20 [ ] irq event stamp: 337094 [ ] hardirqs last enabled at (337093): [<ffffc0008144ce7c>] default_idle_call+0x11c/0x140 [ ] hardirqs last disabled at (337094): [<ffffc0008144a354>] el1_interrupt+0x24/0x58 [ ] softirqs last enabled at (337082): [<ffffc00080061d90>] handle_softirqs+0x4e0/0x538 [ ] softirqs last disabled at (337073): [<ffffc00080010364>] __do_softirq+0x1c/0x28 [ ] other info that might help us debug this: [ ] Possible unsafe locking scenario: [ ] CPU0 [ ] ---- [ ] lock(&v3d_priv->stats[i].lock); [ ] <Interrupt> [ ] lock(&v3d_priv->stats[i].lock); [ ] *** DEADLOCK *** [ ] no locks held by swapper/0/0. [ ] stack backtrace: [ ] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G WC 6.10.3-v8-16k-numa torvalds#159 [ ] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT) [ ] Call trace: [ ] dump_backtrace+0x170/0x1b8 [ ] show_stack+0x20/0x38 [ ] dump_stack_lvl+0xb4/0xd0 [ ] dump_stack+0x18/0x28 [ ] print_usage_bug+0x3cc/0x3f0 [ ] mark_lock+0x4d0/0x968 [ ] __lock_acquire+0x784/0x18c8 [ ] lock_acquire+0x1f8/0x328 [ ] v3d_job_update_stats+0xec/0x2e0 [v3d] [ ] v3d_irq+0xc8/0x660 [v3d] [ ] __handle_irq_event_percpu+0x1f8/0x488 [ ] handle_irq_event+0x88/0x128 [ ] handle_fasteoi_irq+0x298/0x408 [ ] generic_handle_domain_irq+0x50/0x78 But it is a false positive because all the queue-stats pairs have their own lock and jobs are also one at a time. Nevertheless we can appease lockdep by disabling local interrupts to make it see lock usage is consistent. Signed-off-by: Tvrtko Ursulin <[email protected]> Fixes: 6abe93b ("drm/v3d: Fix race-condition between sysfs/fdinfo and interrupt handler") Cc: Maíra Canal <[email protected]>
staging-kernelci-org
pushed a commit
to kernelci/linux
that referenced
this pull request
Aug 23, 2024
Floating point instructions in userspace can crash some arm kernels
built with clang/LLD 17.0.6:
BUG: unsupported FP instruction in kernel mode
FPEXC == 0xc0000780
Internal error: Oops - undefined instruction: 0 [#1] ARM
CPU: 0 PID: 196 Comm: vfp-reproducer Not tainted 6.10.0 #1
Hardware name: BCM2835
PC is at vfp_support_entry+0xc8/0x2cc
LR is at do_undefinstr+0xa8/0x250
pc : [<c0101d50>] lr : [<c010a80c>] psr: a0000013
sp : dc8d1f68 ip : 60000013 fp : bedea19c
r10: ec532b17 r9 : 00000010 r8 : 0044766c
r7 : c0000780 r6 : ec532b17 r5 : c1c13800 r4 : dc8d1fb0
r3 : c10072c4 r2 : c0101c88 r1 : ec532b17 r0 : 0044766c
Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
Control: 00c5387d Table: 0251c008 DAC: 00000051
Register r0 information: non-paged memory
Register r1 information: vmalloc memory
Register r2 information: non-slab/vmalloc memory
Register r3 information: non-slab/vmalloc memory
Register r4 information: 2-page vmalloc region
Register r5 information: slab kmalloc-cg-2k
Register r6 information: vmalloc memory
Register r7 information: non-slab/vmalloc memory
Register r8 information: non-paged memory
Register r9 information: zero-size pointer
Register r10 information: vmalloc memory
Register r11 information: non-paged memory
Register r12 information: non-paged memory
Process vfp-reproducer (pid: 196, stack limit = 0x61aaaf8b)
Stack: (0xdc8d1f68 to 0xdc8d2000)
1f60: 0000081f b6f69300 0000000f c10073f4 c10072c4 dc8d1fb0
1f80: ec532b17 0c532b17 0044766c b6f9ccd8 00000000 c010a80c 00447670 60000010
1fa0: ffffffff c1c13800 00c5387d c0100f10 b6f68af8 00448fc0 00000000 bedea188
1fc0: bedea314 00000001 00448ebc b6f9d000 00447608 b6f9ccd8 00000000 bedea19c
1fe0: bede9198 bedea188 b6e1061c 0044766c 60000010 ffffffff 00000000 00000000
Call trace:
[<c0101d50>] (vfp_support_entry) from [<c010a80c>] (do_undefinstr+0xa8/0x250)
[<c010a80c>] (do_undefinstr) from [<c0100f10>] (__und_usr+0x70/0x80)
Exception stack(0xdc8d1fb0 to 0xdc8d1ff8)
1fa0: b6f68af8 00448fc0 00000000 bedea188
1fc0: bedea314 00000001 00448ebc b6f9d000 00447608 b6f9ccd8 00000000 bedea19c
1fe0: bede9198 bedea188 b6e1061c 0044766c 60000010 ffffffff
Code: 0a000061 e3877202 e594003c e3a09010 (eef16a10)
---[ end trace 0000000000000000 ]---
Kernel panic - not syncing: Fatal exception in interrupt
---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
This is a minimal userspace reproducer on a Raspberry Pi Zero W:
#include <stdio.h>
#include <math.h>
int main(void)
{
double v = 1.0;
printf("%fn", NAN + *(volatile double *)&v);
return 0;
}
Another way to consistently trigger the oops is:
calvin@raspberry-pi-zero-w ~$ python -c "import json"
The bug reproduces only when the kernel is built with DYNAMIC_DEBUG=n,
because the pr_debug() calls act as barriers even when not activated.
This is the output from the same kernel source built with the same
compiler and DYNAMIC_DEBUG=y, where the userspace reproducer works as
expected:
VFP: bounce: trigger ec532b17 fpexc c0000780
VFP: emulate: INST=0xee377b06 SCR=0x00000000
VFP: bounce: trigger eef1fa10 fpexc c0000780
VFP: emulate: INST=0xeeb40b40 SCR=0x00000000
VFP: raising exceptions 30000000
calvin@raspberry-pi-zero-w ~$ ./vfp-reproducer
nan
Crudely grepping for vmsr/vmrs instructions in the otherwise nearly
idential text for vfp_support_entry() makes the problem obvious:
vmlinux.llvm.good [0xc0101cb8] <+48>: vmrs r7, fpexc
vmlinux.llvm.good [0xc0101cd8] <+80>: vmsr fpexc, r0
vmlinux.llvm.good [0xc0101d20] <+152>: vmsr fpexc, r7
vmlinux.llvm.good [0xc0101d38] <+176>: vmrs r4, fpexc
vmlinux.llvm.good [0xc0101d6c] <+228>: vmrs r0, fpscr
vmlinux.llvm.good [0xc0101dc4] <+316>: vmsr fpexc, r0
vmlinux.llvm.good [0xc0101dc8] <+320>: vmrs r0, fpsid
vmlinux.llvm.good [0xc0101dcc] <+324>: vmrs r6, fpscr
vmlinux.llvm.good [0xc0101e10] <+392>: vmrs r10, fpinst
vmlinux.llvm.good [0xc0101eb8] <+560>: vmrs r10, fpinst2
vmlinux.llvm.bad [0xc0101cb8] <+48>: vmrs r7, fpexc
vmlinux.llvm.bad [0xc0101cd8] <+80>: vmsr fpexc, r0
vmlinux.llvm.bad [0xc0101d20] <+152>: vmsr fpexc, r7
vmlinux.llvm.bad [0xc0101d30] <+168>: vmrs r0, fpscr
vmlinux.llvm.bad [0xc0101d50] <+200>: vmrs r6, fpscr <== BOOM!
vmlinux.llvm.bad [0xc0101d6c] <+228>: vmsr fpexc, r0
vmlinux.llvm.bad [0xc0101d70] <+232>: vmrs r0, fpsid
vmlinux.llvm.bad [0xc0101da4] <+284>: vmrs r10, fpinst
vmlinux.llvm.bad [0xc0101df8] <+368>: vmrs r4, fpexc
vmlinux.llvm.bad [0xc0101e5c] <+468>: vmrs r10, fpinst2
I think LLVM's reordering is valid as the code is currently written: the
compiler doesn't know the instructions have side effects in hardware.
Fix by using "asm volatile" in fmxr() and fmrx(), so they cannot be
reordered with respect to each other. The original compiler now produces
working kernels on my hardware with DYNAMIC_DEBUG=n.
This is the relevant piece of the diff of the vfp_support_entry() text,
from the original oopsing kernel to a working kernel with this patch:
vmrs r0, fpscr
tst r0, #4096
bne 0xc0101d48
tst r0, #458752
beq 0xc0101ecc
orr r7, r7, #536870912
ldr r0, [r4, #0x3c]
mov r9, torvalds#16
-vmrs r6, fpscr
orr r9, r9, #251658240
add r0, r0, #4
str r0, [r4, #0x3c]
mvn r0, torvalds#159
sub r0, r0, #-1207959552
and r0, r7, r0
vmsr fpexc, r0
vmrs r0, fpsid
+vmrs r6, fpscr
and r0, r0, #983040
cmp r0, #65536
bne 0xc0101d88
Fixes: 4708fb0 ("ARM: vfp: Reimplement VFP exception entry in C code")
Signed-off-by: Calvin Owens <[email protected]>
Signed-off-by: Russell King (Oracle) <[email protected]>
intel-lab-lkp
pushed a commit
to intel-lab-lkp/linux
that referenced
this pull request
Sep 20, 2024
Lockdep thinks our seqcount_t usage is unsafe because the update path can be both from irq and worker context: [ ] ================================ [ ] WARNING: inconsistent lock state [ ] 6.10.3-v8-16k-numa torvalds#159 Tainted: G WC [ ] -------------------------------- [ ] inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage. [ ] swapper/0/0 [HC1[1]:SC0[0]:HE0:SE1] takes: [ ] ffff80003d7c08d0 (&v3d_priv->stats[i].lock){?.+.}-{0:0}, at: v3d_irq+0xc8/0x660 [v3d] [ ] {HARDIRQ-ON-W} state was registered at: [ ] lock_acquire+0x1f8/0x328 [ ] v3d_job_start_stats.isra.0+0xd8/0x218 [v3d] [ ] v3d_bin_job_run+0x23c/0x388 [v3d] [ ] drm_sched_run_job_work+0x520/0x6d0 [gpu_sched] [ ] process_one_work+0x62c/0xb48 [ ] worker_thread+0x468/0x5b0 [ ] kthread+0x1c4/0x1e0 [ ] ret_from_fork+0x10/0x20 [ ] irq event stamp: 337094 [ ] hardirqs last enabled at (337093): [<ffffc0008144ce7c>] default_idle_call+0x11c/0x140 [ ] hardirqs last disabled at (337094): [<ffffc0008144a354>] el1_interrupt+0x24/0x58 [ ] softirqs last enabled at (337082): [<ffffc00080061d90>] handle_softirqs+0x4e0/0x538 [ ] softirqs last disabled at (337073): [<ffffc00080010364>] __do_softirq+0x1c/0x28 [ ] other info that might help us debug this: [ ] Possible unsafe locking scenario: [ ] CPU0 [ ] ---- [ ] lock(&v3d_priv->stats[i].lock); [ ] <Interrupt> [ ] lock(&v3d_priv->stats[i].lock); [ ] *** DEADLOCK *** [ ] no locks held by swapper/0/0. [ ] stack backtrace: [ ] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G WC 6.10.3-v8-16k-numa torvalds#159 [ ] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT) [ ] Call trace: [ ] dump_backtrace+0x170/0x1b8 [ ] show_stack+0x20/0x38 [ ] dump_stack_lvl+0xb4/0xd0 [ ] dump_stack+0x18/0x28 [ ] print_usage_bug+0x3cc/0x3f0 [ ] mark_lock+0x4d0/0x968 [ ] __lock_acquire+0x784/0x18c8 [ ] lock_acquire+0x1f8/0x328 [ ] v3d_job_update_stats+0xec/0x2e0 [v3d] [ ] v3d_irq+0xc8/0x660 [v3d] [ ] __handle_irq_event_percpu+0x1f8/0x488 [ ] handle_irq_event+0x88/0x128 [ ] handle_fasteoi_irq+0x298/0x408 [ ] generic_handle_domain_irq+0x50/0x78 But it is a false positive because all the queue-stats pairs have their own lock and jobs are also one at a time. Nevertheless we can appease lockdep by disabling local interrupts to make it see lock usage is consistent. Cc: Maíra Canal <[email protected]> Fixes: 6abe93b ("drm/v3d: Fix race-condition between sysfs/fdinfo and interrupt handler") Signed-off-by: Tvrtko Ursulin <[email protected]> Signed-off-by: Maíra Canal <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
mj22226
pushed a commit
to mj22226/linux
that referenced
this pull request
Oct 2, 2024
[ Upstream commit 89a906d ] Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP instruction in kernel mode FPEXC == 0xc0000780 Internal error: Oops - undefined instruction: 0 [#1] ARM CPU: 0 PID: 196 Comm: vfp-reproducer Not tainted 6.10.0 #1 Hardware name: BCM2835 PC is at vfp_support_entry+0xc8/0x2cc LR is at do_undefinstr+0xa8/0x250 pc : [<c0101d50>] lr : [<c010a80c>] psr: a0000013 sp : dc8d1f68 ip : 60000013 fp : bedea19c r10: ec532b17 r9 : 00000010 r8 : 0044766c r7 : c0000780 r6 : ec532b17 r5 : c1c13800 r4 : dc8d1fb0 r3 : c10072c4 r2 : c0101c88 r1 : ec532b17 r0 : 0044766c Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 00c5387d Table: 0251c008 DAC: 00000051 Register r0 information: non-paged memory Register r1 information: vmalloc memory Register r2 information: non-slab/vmalloc memory Register r3 information: non-slab/vmalloc memory Register r4 information: 2-page vmalloc region Register r5 information: slab kmalloc-cg-2k Register r6 information: vmalloc memory Register r7 information: non-slab/vmalloc memory Register r8 information: non-paged memory Register r9 information: zero-size pointer Register r10 information: vmalloc memory Register r11 information: non-paged memory Register r12 information: non-paged memory Process vfp-reproducer (pid: 196, stack limit = 0x61aaaf8b) Stack: (0xdc8d1f68 to 0xdc8d2000) 1f60: 0000081f b6f69300 0000000f c10073f4 c10072c4 dc8d1fb0 1f80: ec532b17 0c532b17 0044766c b6f9ccd8 00000000 c010a80c 00447670 60000010 1fa0: ffffffff c1c13800 00c5387d c0100f10 b6f68af8 00448fc0 00000000 bedea188 1fc0: bedea314 00000001 00448ebc b6f9d000 00447608 b6f9ccd8 00000000 bedea19c 1fe0: bede9198 bedea188 b6e1061c 0044766c 60000010 ffffffff 00000000 00000000 Call trace: [<c0101d50>] (vfp_support_entry) from [<c010a80c>] (do_undefinstr+0xa8/0x250) [<c010a80c>] (do_undefinstr) from [<c0100f10>] (__und_usr+0x70/0x80) Exception stack(0xdc8d1fb0 to 0xdc8d1ff8) 1fa0: b6f68af8 00448fc0 00000000 bedea188 1fc0: bedea314 00000001 00448ebc b6f9d000 00447608 b6f9ccd8 00000000 bedea19c 1fe0: bede9198 bedea188 b6e1061c 0044766c 60000010 ffffffff Code: 0a000061 e3877202 e594003c e3a09010 (eef16a10) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Fatal exception in interrupt ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- This is a minimal userspace reproducer on a Raspberry Pi Zero W: #include <stdio.h> #include <math.h> int main(void) { double v = 1.0; printf("%fn", NAN + *(volatile double *)&v); return 0; } Another way to consistently trigger the oops is: calvin@raspberry-pi-zero-w ~$ python -c "import json" The bug reproduces only when the kernel is built with DYNAMIC_DEBUG=n, because the pr_debug() calls act as barriers even when not activated. This is the output from the same kernel source built with the same compiler and DYNAMIC_DEBUG=y, where the userspace reproducer works as expected: VFP: bounce: trigger ec532b17 fpexc c0000780 VFP: emulate: INST=0xee377b06 SCR=0x00000000 VFP: bounce: trigger eef1fa10 fpexc c0000780 VFP: emulate: INST=0xeeb40b40 SCR=0x00000000 VFP: raising exceptions 30000000 calvin@raspberry-pi-zero-w ~$ ./vfp-reproducer nan Crudely grepping for vmsr/vmrs instructions in the otherwise nearly idential text for vfp_support_entry() makes the problem obvious: vmlinux.llvm.good [0xc0101cb8] <+48>: vmrs r7, fpexc vmlinux.llvm.good [0xc0101cd8] <+80>: vmsr fpexc, r0 vmlinux.llvm.good [0xc0101d20] <+152>: vmsr fpexc, r7 vmlinux.llvm.good [0xc0101d38] <+176>: vmrs r4, fpexc vmlinux.llvm.good [0xc0101d6c] <+228>: vmrs r0, fpscr vmlinux.llvm.good [0xc0101dc4] <+316>: vmsr fpexc, r0 vmlinux.llvm.good [0xc0101dc8] <+320>: vmrs r0, fpsid vmlinux.llvm.good [0xc0101dcc] <+324>: vmrs r6, fpscr vmlinux.llvm.good [0xc0101e10] <+392>: vmrs r10, fpinst vmlinux.llvm.good [0xc0101eb8] <+560>: vmrs r10, fpinst2 vmlinux.llvm.bad [0xc0101cb8] <+48>: vmrs r7, fpexc vmlinux.llvm.bad [0xc0101cd8] <+80>: vmsr fpexc, r0 vmlinux.llvm.bad [0xc0101d20] <+152>: vmsr fpexc, r7 vmlinux.llvm.bad [0xc0101d30] <+168>: vmrs r0, fpscr vmlinux.llvm.bad [0xc0101d50] <+200>: vmrs r6, fpscr <== BOOM! vmlinux.llvm.bad [0xc0101d6c] <+228>: vmsr fpexc, r0 vmlinux.llvm.bad [0xc0101d70] <+232>: vmrs r0, fpsid vmlinux.llvm.bad [0xc0101da4] <+284>: vmrs r10, fpinst vmlinux.llvm.bad [0xc0101df8] <+368>: vmrs r4, fpexc vmlinux.llvm.bad [0xc0101e5c] <+468>: vmrs r10, fpinst2 I think LLVM's reordering is valid as the code is currently written: the compiler doesn't know the instructions have side effects in hardware. Fix by using "asm volatile" in fmxr() and fmrx(), so they cannot be reordered with respect to each other. The original compiler now produces working kernels on my hardware with DYNAMIC_DEBUG=n. This is the relevant piece of the diff of the vfp_support_entry() text, from the original oopsing kernel to a working kernel with this patch: vmrs r0, fpscr tst r0, #4096 bne 0xc0101d48 tst r0, #458752 beq 0xc0101ecc orr r7, r7, #536870912 ldr r0, [r4, #0x3c] mov r9, torvalds#16 -vmrs r6, fpscr orr r9, r9, #251658240 add r0, r0, #4 str r0, [r4, #0x3c] mvn r0, torvalds#159 sub r0, r0, #-1207959552 and r0, r7, r0 vmsr fpexc, r0 vmrs r0, fpsid +vmrs r6, fpscr and r0, r0, #983040 cmp r0, #65536 bne 0xc0101d88 Fixes: 4708fb0 ("ARM: vfp: Reimplement VFP exception entry in C code") Signed-off-by: Calvin Owens <[email protected]> Signed-off-by: Russell King (Oracle) <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
mj22226
pushed a commit
to mj22226/linux
that referenced
this pull request
Oct 2, 2024
[ Upstream commit 89a906d ] Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP instruction in kernel mode FPEXC == 0xc0000780 Internal error: Oops - undefined instruction: 0 [#1] ARM CPU: 0 PID: 196 Comm: vfp-reproducer Not tainted 6.10.0 #1 Hardware name: BCM2835 PC is at vfp_support_entry+0xc8/0x2cc LR is at do_undefinstr+0xa8/0x250 pc : [<c0101d50>] lr : [<c010a80c>] psr: a0000013 sp : dc8d1f68 ip : 60000013 fp : bedea19c r10: ec532b17 r9 : 00000010 r8 : 0044766c r7 : c0000780 r6 : ec532b17 r5 : c1c13800 r4 : dc8d1fb0 r3 : c10072c4 r2 : c0101c88 r1 : ec532b17 r0 : 0044766c Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 00c5387d Table: 0251c008 DAC: 00000051 Register r0 information: non-paged memory Register r1 information: vmalloc memory Register r2 information: non-slab/vmalloc memory Register r3 information: non-slab/vmalloc memory Register r4 information: 2-page vmalloc region Register r5 information: slab kmalloc-cg-2k Register r6 information: vmalloc memory Register r7 information: non-slab/vmalloc memory Register r8 information: non-paged memory Register r9 information: zero-size pointer Register r10 information: vmalloc memory Register r11 information: non-paged memory Register r12 information: non-paged memory Process vfp-reproducer (pid: 196, stack limit = 0x61aaaf8b) Stack: (0xdc8d1f68 to 0xdc8d2000) 1f60: 0000081f b6f69300 0000000f c10073f4 c10072c4 dc8d1fb0 1f80: ec532b17 0c532b17 0044766c b6f9ccd8 00000000 c010a80c 00447670 60000010 1fa0: ffffffff c1c13800 00c5387d c0100f10 b6f68af8 00448fc0 00000000 bedea188 1fc0: bedea314 00000001 00448ebc b6f9d000 00447608 b6f9ccd8 00000000 bedea19c 1fe0: bede9198 bedea188 b6e1061c 0044766c 60000010 ffffffff 00000000 00000000 Call trace: [<c0101d50>] (vfp_support_entry) from [<c010a80c>] (do_undefinstr+0xa8/0x250) [<c010a80c>] (do_undefinstr) from [<c0100f10>] (__und_usr+0x70/0x80) Exception stack(0xdc8d1fb0 to 0xdc8d1ff8) 1fa0: b6f68af8 00448fc0 00000000 bedea188 1fc0: bedea314 00000001 00448ebc b6f9d000 00447608 b6f9ccd8 00000000 bedea19c 1fe0: bede9198 bedea188 b6e1061c 0044766c 60000010 ffffffff Code: 0a000061 e3877202 e594003c e3a09010 (eef16a10) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Fatal exception in interrupt ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- This is a minimal userspace reproducer on a Raspberry Pi Zero W: #include <stdio.h> #include <math.h> int main(void) { double v = 1.0; printf("%fn", NAN + *(volatile double *)&v); return 0; } Another way to consistently trigger the oops is: calvin@raspberry-pi-zero-w ~$ python -c "import json" The bug reproduces only when the kernel is built with DYNAMIC_DEBUG=n, because the pr_debug() calls act as barriers even when not activated. This is the output from the same kernel source built with the same compiler and DYNAMIC_DEBUG=y, where the userspace reproducer works as expected: VFP: bounce: trigger ec532b17 fpexc c0000780 VFP: emulate: INST=0xee377b06 SCR=0x00000000 VFP: bounce: trigger eef1fa10 fpexc c0000780 VFP: emulate: INST=0xeeb40b40 SCR=0x00000000 VFP: raising exceptions 30000000 calvin@raspberry-pi-zero-w ~$ ./vfp-reproducer nan Crudely grepping for vmsr/vmrs instructions in the otherwise nearly idential text for vfp_support_entry() makes the problem obvious: vmlinux.llvm.good [0xc0101cb8] <+48>: vmrs r7, fpexc vmlinux.llvm.good [0xc0101cd8] <+80>: vmsr fpexc, r0 vmlinux.llvm.good [0xc0101d20] <+152>: vmsr fpexc, r7 vmlinux.llvm.good [0xc0101d38] <+176>: vmrs r4, fpexc vmlinux.llvm.good [0xc0101d6c] <+228>: vmrs r0, fpscr vmlinux.llvm.good [0xc0101dc4] <+316>: vmsr fpexc, r0 vmlinux.llvm.good [0xc0101dc8] <+320>: vmrs r0, fpsid vmlinux.llvm.good [0xc0101dcc] <+324>: vmrs r6, fpscr vmlinux.llvm.good [0xc0101e10] <+392>: vmrs r10, fpinst vmlinux.llvm.good [0xc0101eb8] <+560>: vmrs r10, fpinst2 vmlinux.llvm.bad [0xc0101cb8] <+48>: vmrs r7, fpexc vmlinux.llvm.bad [0xc0101cd8] <+80>: vmsr fpexc, r0 vmlinux.llvm.bad [0xc0101d20] <+152>: vmsr fpexc, r7 vmlinux.llvm.bad [0xc0101d30] <+168>: vmrs r0, fpscr vmlinux.llvm.bad [0xc0101d50] <+200>: vmrs r6, fpscr <== BOOM! vmlinux.llvm.bad [0xc0101d6c] <+228>: vmsr fpexc, r0 vmlinux.llvm.bad [0xc0101d70] <+232>: vmrs r0, fpsid vmlinux.llvm.bad [0xc0101da4] <+284>: vmrs r10, fpinst vmlinux.llvm.bad [0xc0101df8] <+368>: vmrs r4, fpexc vmlinux.llvm.bad [0xc0101e5c] <+468>: vmrs r10, fpinst2 I think LLVM's reordering is valid as the code is currently written: the compiler doesn't know the instructions have side effects in hardware. Fix by using "asm volatile" in fmxr() and fmrx(), so they cannot be reordered with respect to each other. The original compiler now produces working kernels on my hardware with DYNAMIC_DEBUG=n. This is the relevant piece of the diff of the vfp_support_entry() text, from the original oopsing kernel to a working kernel with this patch: vmrs r0, fpscr tst r0, #4096 bne 0xc0101d48 tst r0, #458752 beq 0xc0101ecc orr r7, r7, #536870912 ldr r0, [r4, #0x3c] mov r9, torvalds#16 -vmrs r6, fpscr orr r9, r9, #251658240 add r0, r0, #4 str r0, [r4, #0x3c] mvn r0, torvalds#159 sub r0, r0, #-1207959552 and r0, r7, r0 vmsr fpexc, r0 vmrs r0, fpsid +vmrs r6, fpscr and r0, r0, #983040 cmp r0, #65536 bne 0xc0101d88 Fixes: 4708fb0 ("ARM: vfp: Reimplement VFP exception entry in C code") Signed-off-by: Calvin Owens <[email protected]> Signed-off-by: Russell King (Oracle) <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
mj22226
pushed a commit
to mj22226/linux
that referenced
this pull request
Oct 3, 2024
[ Upstream commit 89a906d ] Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP instruction in kernel mode FPEXC == 0xc0000780 Internal error: Oops - undefined instruction: 0 [#1] ARM CPU: 0 PID: 196 Comm: vfp-reproducer Not tainted 6.10.0 #1 Hardware name: BCM2835 PC is at vfp_support_entry+0xc8/0x2cc LR is at do_undefinstr+0xa8/0x250 pc : [<c0101d50>] lr : [<c010a80c>] psr: a0000013 sp : dc8d1f68 ip : 60000013 fp : bedea19c r10: ec532b17 r9 : 00000010 r8 : 0044766c r7 : c0000780 r6 : ec532b17 r5 : c1c13800 r4 : dc8d1fb0 r3 : c10072c4 r2 : c0101c88 r1 : ec532b17 r0 : 0044766c Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 00c5387d Table: 0251c008 DAC: 00000051 Register r0 information: non-paged memory Register r1 information: vmalloc memory Register r2 information: non-slab/vmalloc memory Register r3 information: non-slab/vmalloc memory Register r4 information: 2-page vmalloc region Register r5 information: slab kmalloc-cg-2k Register r6 information: vmalloc memory Register r7 information: non-slab/vmalloc memory Register r8 information: non-paged memory Register r9 information: zero-size pointer Register r10 information: vmalloc memory Register r11 information: non-paged memory Register r12 information: non-paged memory Process vfp-reproducer (pid: 196, stack limit = 0x61aaaf8b) Stack: (0xdc8d1f68 to 0xdc8d2000) 1f60: 0000081f b6f69300 0000000f c10073f4 c10072c4 dc8d1fb0 1f80: ec532b17 0c532b17 0044766c b6f9ccd8 00000000 c010a80c 00447670 60000010 1fa0: ffffffff c1c13800 00c5387d c0100f10 b6f68af8 00448fc0 00000000 bedea188 1fc0: bedea314 00000001 00448ebc b6f9d000 00447608 b6f9ccd8 00000000 bedea19c 1fe0: bede9198 bedea188 b6e1061c 0044766c 60000010 ffffffff 00000000 00000000 Call trace: [<c0101d50>] (vfp_support_entry) from [<c010a80c>] (do_undefinstr+0xa8/0x250) [<c010a80c>] (do_undefinstr) from [<c0100f10>] (__und_usr+0x70/0x80) Exception stack(0xdc8d1fb0 to 0xdc8d1ff8) 1fa0: b6f68af8 00448fc0 00000000 bedea188 1fc0: bedea314 00000001 00448ebc b6f9d000 00447608 b6f9ccd8 00000000 bedea19c 1fe0: bede9198 bedea188 b6e1061c 0044766c 60000010 ffffffff Code: 0a000061 e3877202 e594003c e3a09010 (eef16a10) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Fatal exception in interrupt ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- This is a minimal userspace reproducer on a Raspberry Pi Zero W: #include <stdio.h> #include <math.h> int main(void) { double v = 1.0; printf("%fn", NAN + *(volatile double *)&v); return 0; } Another way to consistently trigger the oops is: calvin@raspberry-pi-zero-w ~$ python -c "import json" The bug reproduces only when the kernel is built with DYNAMIC_DEBUG=n, because the pr_debug() calls act as barriers even when not activated. This is the output from the same kernel source built with the same compiler and DYNAMIC_DEBUG=y, where the userspace reproducer works as expected: VFP: bounce: trigger ec532b17 fpexc c0000780 VFP: emulate: INST=0xee377b06 SCR=0x00000000 VFP: bounce: trigger eef1fa10 fpexc c0000780 VFP: emulate: INST=0xeeb40b40 SCR=0x00000000 VFP: raising exceptions 30000000 calvin@raspberry-pi-zero-w ~$ ./vfp-reproducer nan Crudely grepping for vmsr/vmrs instructions in the otherwise nearly idential text for vfp_support_entry() makes the problem obvious: vmlinux.llvm.good [0xc0101cb8] <+48>: vmrs r7, fpexc vmlinux.llvm.good [0xc0101cd8] <+80>: vmsr fpexc, r0 vmlinux.llvm.good [0xc0101d20] <+152>: vmsr fpexc, r7 vmlinux.llvm.good [0xc0101d38] <+176>: vmrs r4, fpexc vmlinux.llvm.good [0xc0101d6c] <+228>: vmrs r0, fpscr vmlinux.llvm.good [0xc0101dc4] <+316>: vmsr fpexc, r0 vmlinux.llvm.good [0xc0101dc8] <+320>: vmrs r0, fpsid vmlinux.llvm.good [0xc0101dcc] <+324>: vmrs r6, fpscr vmlinux.llvm.good [0xc0101e10] <+392>: vmrs r10, fpinst vmlinux.llvm.good [0xc0101eb8] <+560>: vmrs r10, fpinst2 vmlinux.llvm.bad [0xc0101cb8] <+48>: vmrs r7, fpexc vmlinux.llvm.bad [0xc0101cd8] <+80>: vmsr fpexc, r0 vmlinux.llvm.bad [0xc0101d20] <+152>: vmsr fpexc, r7 vmlinux.llvm.bad [0xc0101d30] <+168>: vmrs r0, fpscr vmlinux.llvm.bad [0xc0101d50] <+200>: vmrs r6, fpscr <== BOOM! vmlinux.llvm.bad [0xc0101d6c] <+228>: vmsr fpexc, r0 vmlinux.llvm.bad [0xc0101d70] <+232>: vmrs r0, fpsid vmlinux.llvm.bad [0xc0101da4] <+284>: vmrs r10, fpinst vmlinux.llvm.bad [0xc0101df8] <+368>: vmrs r4, fpexc vmlinux.llvm.bad [0xc0101e5c] <+468>: vmrs r10, fpinst2 I think LLVM's reordering is valid as the code is currently written: the compiler doesn't know the instructions have side effects in hardware. Fix by using "asm volatile" in fmxr() and fmrx(), so they cannot be reordered with respect to each other. The original compiler now produces working kernels on my hardware with DYNAMIC_DEBUG=n. This is the relevant piece of the diff of the vfp_support_entry() text, from the original oopsing kernel to a working kernel with this patch: vmrs r0, fpscr tst r0, #4096 bne 0xc0101d48 tst r0, #458752 beq 0xc0101ecc orr r7, r7, #536870912 ldr r0, [r4, #0x3c] mov r9, torvalds#16 -vmrs r6, fpscr orr r9, r9, #251658240 add r0, r0, #4 str r0, [r4, #0x3c] mvn r0, torvalds#159 sub r0, r0, #-1207959552 and r0, r7, r0 vmsr fpexc, r0 vmrs r0, fpsid +vmrs r6, fpscr and r0, r0, #983040 cmp r0, #65536 bne 0xc0101d88 Fixes: 4708fb0 ("ARM: vfp: Reimplement VFP exception entry in C code") Signed-off-by: Calvin Owens <[email protected]> Signed-off-by: Russell King (Oracle) <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
intel-lab-lkp
pushed a commit
to intel-lab-lkp/linux
that referenced
this pull request
Oct 3, 2024
Commit fd69ef0 ("drm/radeon: use GEM references instead of TTMs") causes a black screen at boot instead of showing the GDM login screen (the system is still alive). dmesg shows the following oops (abbreviated) when this happens: [ 29.315203] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 29.315209] #PF: supervisor read access in kernel mode [ 29.315213] #PF: error_code(0x0000) - not-present page [ 29.315215] PGD 0 P4D 0 [ 29.315220] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI [ 29.315225] CPU: 0 UID: 42 PID: 2253 Comm: Xwayland Tainted: G 6.12.0-rc1+ torvalds#159 [ 29.315232] Hardware name: Micro-Star International Co., Ltd. MS-7C95/B550M PRO-VDH WIFI (MS-7C95), BIOS 2.L0 07/18/2024 [ 29.315234] RIP: 0010:drm_gem_object_free+0xc/0x20 [ 29.315272] Call Trace: [ 29.315274] <TASK> [ 29.315305] ? asm_exc_page_fault+0x22/0x30 [ 29.315315] ? drm_gem_object_free+0xc/0x20 [ 29.315320] radeon_bo_unref+0x50/0x60 [radeon] [ 29.315337] radeon_vm_fini+0x1ca/0x350 [radeon] [ 29.315356] radeon_driver_postclose_kms+0x16d/0x180 [radeon] [ 29.315370] drm_file_free+0x229/0x280 [ 29.315377] drm_release+0x5f/0xe0 [ 29.315381] __fput+0xfc/0x2c0 Revert the change to restore things back to working order. Fixes: fd69ef0 ("drm/radeon: use GEM references instead of TTMs") Signed-off-by: Hans de Goede <[email protected]>
KexyBiscuit
pushed a commit
to AOSC-Tracking/linux
that referenced
this pull request
Oct 4, 2024
[ Upstream commit 89a906d ] Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP instruction in kernel mode FPEXC == 0xc0000780 Internal error: Oops - undefined instruction: 0 [#1] ARM CPU: 0 PID: 196 Comm: vfp-reproducer Not tainted 6.10.0 #1 Hardware name: BCM2835 PC is at vfp_support_entry+0xc8/0x2cc LR is at do_undefinstr+0xa8/0x250 pc : [<c0101d50>] lr : [<c010a80c>] psr: a0000013 sp : dc8d1f68 ip : 60000013 fp : bedea19c r10: ec532b17 r9 : 00000010 r8 : 0044766c r7 : c0000780 r6 : ec532b17 r5 : c1c13800 r4 : dc8d1fb0 r3 : c10072c4 r2 : c0101c88 r1 : ec532b17 r0 : 0044766c Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 00c5387d Table: 0251c008 DAC: 00000051 Register r0 information: non-paged memory Register r1 information: vmalloc memory Register r2 information: non-slab/vmalloc memory Register r3 information: non-slab/vmalloc memory Register r4 information: 2-page vmalloc region Register r5 information: slab kmalloc-cg-2k Register r6 information: vmalloc memory Register r7 information: non-slab/vmalloc memory Register r8 information: non-paged memory Register r9 information: zero-size pointer Register r10 information: vmalloc memory Register r11 information: non-paged memory Register r12 information: non-paged memory Process vfp-reproducer (pid: 196, stack limit = 0x61aaaf8b) Stack: (0xdc8d1f68 to 0xdc8d2000) 1f60: 0000081f b6f69300 0000000f c10073f4 c10072c4 dc8d1fb0 1f80: ec532b17 0c532b17 0044766c b6f9ccd8 00000000 c010a80c 00447670 60000010 1fa0: ffffffff c1c13800 00c5387d c0100f10 b6f68af8 00448fc0 00000000 bedea188 1fc0: bedea314 00000001 00448ebc b6f9d000 00447608 b6f9ccd8 00000000 bedea19c 1fe0: bede9198 bedea188 b6e1061c 0044766c 60000010 ffffffff 00000000 00000000 Call trace: [<c0101d50>] (vfp_support_entry) from [<c010a80c>] (do_undefinstr+0xa8/0x250) [<c010a80c>] (do_undefinstr) from [<c0100f10>] (__und_usr+0x70/0x80) Exception stack(0xdc8d1fb0 to 0xdc8d1ff8) 1fa0: b6f68af8 00448fc0 00000000 bedea188 1fc0: bedea314 00000001 00448ebc b6f9d000 00447608 b6f9ccd8 00000000 bedea19c 1fe0: bede9198 bedea188 b6e1061c 0044766c 60000010 ffffffff Code: 0a000061 e3877202 e594003c e3a09010 (eef16a10) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Fatal exception in interrupt ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- This is a minimal userspace reproducer on a Raspberry Pi Zero W: #include <stdio.h> #include <math.h> int main(void) { double v = 1.0; printf("%fn", NAN + *(volatile double *)&v); return 0; } Another way to consistently trigger the oops is: calvin@raspberry-pi-zero-w ~$ python -c "import json" The bug reproduces only when the kernel is built with DYNAMIC_DEBUG=n, because the pr_debug() calls act as barriers even when not activated. This is the output from the same kernel source built with the same compiler and DYNAMIC_DEBUG=y, where the userspace reproducer works as expected: VFP: bounce: trigger ec532b17 fpexc c0000780 VFP: emulate: INST=0xee377b06 SCR=0x00000000 VFP: bounce: trigger eef1fa10 fpexc c0000780 VFP: emulate: INST=0xeeb40b40 SCR=0x00000000 VFP: raising exceptions 30000000 calvin@raspberry-pi-zero-w ~$ ./vfp-reproducer nan Crudely grepping for vmsr/vmrs instructions in the otherwise nearly idential text for vfp_support_entry() makes the problem obvious: vmlinux.llvm.good [0xc0101cb8] <+48>: vmrs r7, fpexc vmlinux.llvm.good [0xc0101cd8] <+80>: vmsr fpexc, r0 vmlinux.llvm.good [0xc0101d20] <+152>: vmsr fpexc, r7 vmlinux.llvm.good [0xc0101d38] <+176>: vmrs r4, fpexc vmlinux.llvm.good [0xc0101d6c] <+228>: vmrs r0, fpscr vmlinux.llvm.good [0xc0101dc4] <+316>: vmsr fpexc, r0 vmlinux.llvm.good [0xc0101dc8] <+320>: vmrs r0, fpsid vmlinux.llvm.good [0xc0101dcc] <+324>: vmrs r6, fpscr vmlinux.llvm.good [0xc0101e10] <+392>: vmrs r10, fpinst vmlinux.llvm.good [0xc0101eb8] <+560>: vmrs r10, fpinst2 vmlinux.llvm.bad [0xc0101cb8] <+48>: vmrs r7, fpexc vmlinux.llvm.bad [0xc0101cd8] <+80>: vmsr fpexc, r0 vmlinux.llvm.bad [0xc0101d20] <+152>: vmsr fpexc, r7 vmlinux.llvm.bad [0xc0101d30] <+168>: vmrs r0, fpscr vmlinux.llvm.bad [0xc0101d50] <+200>: vmrs r6, fpscr <== BOOM! vmlinux.llvm.bad [0xc0101d6c] <+228>: vmsr fpexc, r0 vmlinux.llvm.bad [0xc0101d70] <+232>: vmrs r0, fpsid vmlinux.llvm.bad [0xc0101da4] <+284>: vmrs r10, fpinst vmlinux.llvm.bad [0xc0101df8] <+368>: vmrs r4, fpexc vmlinux.llvm.bad [0xc0101e5c] <+468>: vmrs r10, fpinst2 I think LLVM's reordering is valid as the code is currently written: the compiler doesn't know the instructions have side effects in hardware. Fix by using "asm volatile" in fmxr() and fmrx(), so they cannot be reordered with respect to each other. The original compiler now produces working kernels on my hardware with DYNAMIC_DEBUG=n. This is the relevant piece of the diff of the vfp_support_entry() text, from the original oopsing kernel to a working kernel with this patch: vmrs r0, fpscr tst r0, #4096 bne 0xc0101d48 tst r0, #458752 beq 0xc0101ecc orr r7, r7, #536870912 ldr r0, [r4, #0x3c] mov r9, torvalds#16 -vmrs r6, fpscr orr r9, r9, #251658240 add r0, r0, #4 str r0, [r4, #0x3c] mvn r0, torvalds#159 sub r0, r0, #-1207959552 and r0, r7, r0 vmsr fpexc, r0 vmrs r0, fpsid +vmrs r6, fpscr and r0, r0, #983040 cmp r0, #65536 bne 0xc0101d88 Fixes: 4708fb0 ("ARM: vfp: Reimplement VFP exception entry in C code") Signed-off-by: Calvin Owens <[email protected]> Signed-off-by: Russell King (Oracle) <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
ptr1337
pushed a commit
to CachyOS/linux
that referenced
this pull request
Oct 4, 2024
[ Upstream commit 89a906d ] Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP instruction in kernel mode FPEXC == 0xc0000780 Internal error: Oops - undefined instruction: 0 [#1] ARM CPU: 0 PID: 196 Comm: vfp-reproducer Not tainted 6.10.0 #1 Hardware name: BCM2835 PC is at vfp_support_entry+0xc8/0x2cc LR is at do_undefinstr+0xa8/0x250 pc : [<c0101d50>] lr : [<c010a80c>] psr: a0000013 sp : dc8d1f68 ip : 60000013 fp : bedea19c r10: ec532b17 r9 : 00000010 r8 : 0044766c r7 : c0000780 r6 : ec532b17 r5 : c1c13800 r4 : dc8d1fb0 r3 : c10072c4 r2 : c0101c88 r1 : ec532b17 r0 : 0044766c Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 00c5387d Table: 0251c008 DAC: 00000051 Register r0 information: non-paged memory Register r1 information: vmalloc memory Register r2 information: non-slab/vmalloc memory Register r3 information: non-slab/vmalloc memory Register r4 information: 2-page vmalloc region Register r5 information: slab kmalloc-cg-2k Register r6 information: vmalloc memory Register r7 information: non-slab/vmalloc memory Register r8 information: non-paged memory Register r9 information: zero-size pointer Register r10 information: vmalloc memory Register r11 information: non-paged memory Register r12 information: non-paged memory Process vfp-reproducer (pid: 196, stack limit = 0x61aaaf8b) Stack: (0xdc8d1f68 to 0xdc8d2000) 1f60: 0000081f b6f69300 0000000f c10073f4 c10072c4 dc8d1fb0 1f80: ec532b17 0c532b17 0044766c b6f9ccd8 00000000 c010a80c 00447670 60000010 1fa0: ffffffff c1c13800 00c5387d c0100f10 b6f68af8 00448fc0 00000000 bedea188 1fc0: bedea314 00000001 00448ebc b6f9d000 00447608 b6f9ccd8 00000000 bedea19c 1fe0: bede9198 bedea188 b6e1061c 0044766c 60000010 ffffffff 00000000 00000000 Call trace: [<c0101d50>] (vfp_support_entry) from [<c010a80c>] (do_undefinstr+0xa8/0x250) [<c010a80c>] (do_undefinstr) from [<c0100f10>] (__und_usr+0x70/0x80) Exception stack(0xdc8d1fb0 to 0xdc8d1ff8) 1fa0: b6f68af8 00448fc0 00000000 bedea188 1fc0: bedea314 00000001 00448ebc b6f9d000 00447608 b6f9ccd8 00000000 bedea19c 1fe0: bede9198 bedea188 b6e1061c 0044766c 60000010 ffffffff Code: 0a000061 e3877202 e594003c e3a09010 (eef16a10) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Fatal exception in interrupt ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- This is a minimal userspace reproducer on a Raspberry Pi Zero W: #include <stdio.h> #include <math.h> int main(void) { double v = 1.0; printf("%fn", NAN + *(volatile double *)&v); return 0; } Another way to consistently trigger the oops is: calvin@raspberry-pi-zero-w ~$ python -c "import json" The bug reproduces only when the kernel is built with DYNAMIC_DEBUG=n, because the pr_debug() calls act as barriers even when not activated. This is the output from the same kernel source built with the same compiler and DYNAMIC_DEBUG=y, where the userspace reproducer works as expected: VFP: bounce: trigger ec532b17 fpexc c0000780 VFP: emulate: INST=0xee377b06 SCR=0x00000000 VFP: bounce: trigger eef1fa10 fpexc c0000780 VFP: emulate: INST=0xeeb40b40 SCR=0x00000000 VFP: raising exceptions 30000000 calvin@raspberry-pi-zero-w ~$ ./vfp-reproducer nan Crudely grepping for vmsr/vmrs instructions in the otherwise nearly idential text for vfp_support_entry() makes the problem obvious: vmlinux.llvm.good [0xc0101cb8] <+48>: vmrs r7, fpexc vmlinux.llvm.good [0xc0101cd8] <+80>: vmsr fpexc, r0 vmlinux.llvm.good [0xc0101d20] <+152>: vmsr fpexc, r7 vmlinux.llvm.good [0xc0101d38] <+176>: vmrs r4, fpexc vmlinux.llvm.good [0xc0101d6c] <+228>: vmrs r0, fpscr vmlinux.llvm.good [0xc0101dc4] <+316>: vmsr fpexc, r0 vmlinux.llvm.good [0xc0101dc8] <+320>: vmrs r0, fpsid vmlinux.llvm.good [0xc0101dcc] <+324>: vmrs r6, fpscr vmlinux.llvm.good [0xc0101e10] <+392>: vmrs r10, fpinst vmlinux.llvm.good [0xc0101eb8] <+560>: vmrs r10, fpinst2 vmlinux.llvm.bad [0xc0101cb8] <+48>: vmrs r7, fpexc vmlinux.llvm.bad [0xc0101cd8] <+80>: vmsr fpexc, r0 vmlinux.llvm.bad [0xc0101d20] <+152>: vmsr fpexc, r7 vmlinux.llvm.bad [0xc0101d30] <+168>: vmrs r0, fpscr vmlinux.llvm.bad [0xc0101d50] <+200>: vmrs r6, fpscr <== BOOM! vmlinux.llvm.bad [0xc0101d6c] <+228>: vmsr fpexc, r0 vmlinux.llvm.bad [0xc0101d70] <+232>: vmrs r0, fpsid vmlinux.llvm.bad [0xc0101da4] <+284>: vmrs r10, fpinst vmlinux.llvm.bad [0xc0101df8] <+368>: vmrs r4, fpexc vmlinux.llvm.bad [0xc0101e5c] <+468>: vmrs r10, fpinst2 I think LLVM's reordering is valid as the code is currently written: the compiler doesn't know the instructions have side effects in hardware. Fix by using "asm volatile" in fmxr() and fmrx(), so they cannot be reordered with respect to each other. The original compiler now produces working kernels on my hardware with DYNAMIC_DEBUG=n. This is the relevant piece of the diff of the vfp_support_entry() text, from the original oopsing kernel to a working kernel with this patch: vmrs r0, fpscr tst r0, #4096 bne 0xc0101d48 tst r0, #458752 beq 0xc0101ecc orr r7, r7, #536870912 ldr r0, [r4, #0x3c] mov r9, torvalds#16 -vmrs r6, fpscr orr r9, r9, #251658240 add r0, r0, #4 str r0, [r4, #0x3c] mvn r0, torvalds#159 sub r0, r0, #-1207959552 and r0, r7, r0 vmsr fpexc, r0 vmrs r0, fpsid +vmrs r6, fpscr and r0, r0, #983040 cmp r0, #65536 bne 0xc0101d88 Fixes: 4708fb0 ("ARM: vfp: Reimplement VFP exception entry in C code") Signed-off-by: Calvin Owens <[email protected]> Signed-off-by: Russell King (Oracle) <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
1054009064
pushed a commit
to 1054009064/linux
that referenced
this pull request
Oct 4, 2024
[ Upstream commit 89a906d ] Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP instruction in kernel mode FPEXC == 0xc0000780 Internal error: Oops - undefined instruction: 0 [#1] ARM CPU: 0 PID: 196 Comm: vfp-reproducer Not tainted 6.10.0 #1 Hardware name: BCM2835 PC is at vfp_support_entry+0xc8/0x2cc LR is at do_undefinstr+0xa8/0x250 pc : [<c0101d50>] lr : [<c010a80c>] psr: a0000013 sp : dc8d1f68 ip : 60000013 fp : bedea19c r10: ec532b17 r9 : 00000010 r8 : 0044766c r7 : c0000780 r6 : ec532b17 r5 : c1c13800 r4 : dc8d1fb0 r3 : c10072c4 r2 : c0101c88 r1 : ec532b17 r0 : 0044766c Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 00c5387d Table: 0251c008 DAC: 00000051 Register r0 information: non-paged memory Register r1 information: vmalloc memory Register r2 information: non-slab/vmalloc memory Register r3 information: non-slab/vmalloc memory Register r4 information: 2-page vmalloc region Register r5 information: slab kmalloc-cg-2k Register r6 information: vmalloc memory Register r7 information: non-slab/vmalloc memory Register r8 information: non-paged memory Register r9 information: zero-size pointer Register r10 information: vmalloc memory Register r11 information: non-paged memory Register r12 information: non-paged memory Process vfp-reproducer (pid: 196, stack limit = 0x61aaaf8b) Stack: (0xdc8d1f68 to 0xdc8d2000) 1f60: 0000081f b6f69300 0000000f c10073f4 c10072c4 dc8d1fb0 1f80: ec532b17 0c532b17 0044766c b6f9ccd8 00000000 c010a80c 00447670 60000010 1fa0: ffffffff c1c13800 00c5387d c0100f10 b6f68af8 00448fc0 00000000 bedea188 1fc0: bedea314 00000001 00448ebc b6f9d000 00447608 b6f9ccd8 00000000 bedea19c 1fe0: bede9198 bedea188 b6e1061c 0044766c 60000010 ffffffff 00000000 00000000 Call trace: [<c0101d50>] (vfp_support_entry) from [<c010a80c>] (do_undefinstr+0xa8/0x250) [<c010a80c>] (do_undefinstr) from [<c0100f10>] (__und_usr+0x70/0x80) Exception stack(0xdc8d1fb0 to 0xdc8d1ff8) 1fa0: b6f68af8 00448fc0 00000000 bedea188 1fc0: bedea314 00000001 00448ebc b6f9d000 00447608 b6f9ccd8 00000000 bedea19c 1fe0: bede9198 bedea188 b6e1061c 0044766c 60000010 ffffffff Code: 0a000061 e3877202 e594003c e3a09010 (eef16a10) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Fatal exception in interrupt ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- This is a minimal userspace reproducer on a Raspberry Pi Zero W: #include <stdio.h> #include <math.h> int main(void) { double v = 1.0; printf("%fn", NAN + *(volatile double *)&v); return 0; } Another way to consistently trigger the oops is: calvin@raspberry-pi-zero-w ~$ python -c "import json" The bug reproduces only when the kernel is built with DYNAMIC_DEBUG=n, because the pr_debug() calls act as barriers even when not activated. This is the output from the same kernel source built with the same compiler and DYNAMIC_DEBUG=y, where the userspace reproducer works as expected: VFP: bounce: trigger ec532b17 fpexc c0000780 VFP: emulate: INST=0xee377b06 SCR=0x00000000 VFP: bounce: trigger eef1fa10 fpexc c0000780 VFP: emulate: INST=0xeeb40b40 SCR=0x00000000 VFP: raising exceptions 30000000 calvin@raspberry-pi-zero-w ~$ ./vfp-reproducer nan Crudely grepping for vmsr/vmrs instructions in the otherwise nearly idential text for vfp_support_entry() makes the problem obvious: vmlinux.llvm.good [0xc0101cb8] <+48>: vmrs r7, fpexc vmlinux.llvm.good [0xc0101cd8] <+80>: vmsr fpexc, r0 vmlinux.llvm.good [0xc0101d20] <+152>: vmsr fpexc, r7 vmlinux.llvm.good [0xc0101d38] <+176>: vmrs r4, fpexc vmlinux.llvm.good [0xc0101d6c] <+228>: vmrs r0, fpscr vmlinux.llvm.good [0xc0101dc4] <+316>: vmsr fpexc, r0 vmlinux.llvm.good [0xc0101dc8] <+320>: vmrs r0, fpsid vmlinux.llvm.good [0xc0101dcc] <+324>: vmrs r6, fpscr vmlinux.llvm.good [0xc0101e10] <+392>: vmrs r10, fpinst vmlinux.llvm.good [0xc0101eb8] <+560>: vmrs r10, fpinst2 vmlinux.llvm.bad [0xc0101cb8] <+48>: vmrs r7, fpexc vmlinux.llvm.bad [0xc0101cd8] <+80>: vmsr fpexc, r0 vmlinux.llvm.bad [0xc0101d20] <+152>: vmsr fpexc, r7 vmlinux.llvm.bad [0xc0101d30] <+168>: vmrs r0, fpscr vmlinux.llvm.bad [0xc0101d50] <+200>: vmrs r6, fpscr <== BOOM! vmlinux.llvm.bad [0xc0101d6c] <+228>: vmsr fpexc, r0 vmlinux.llvm.bad [0xc0101d70] <+232>: vmrs r0, fpsid vmlinux.llvm.bad [0xc0101da4] <+284>: vmrs r10, fpinst vmlinux.llvm.bad [0xc0101df8] <+368>: vmrs r4, fpexc vmlinux.llvm.bad [0xc0101e5c] <+468>: vmrs r10, fpinst2 I think LLVM's reordering is valid as the code is currently written: the compiler doesn't know the instructions have side effects in hardware. Fix by using "asm volatile" in fmxr() and fmrx(), so they cannot be reordered with respect to each other. The original compiler now produces working kernels on my hardware with DYNAMIC_DEBUG=n. This is the relevant piece of the diff of the vfp_support_entry() text, from the original oopsing kernel to a working kernel with this patch: vmrs r0, fpscr tst r0, #4096 bne 0xc0101d48 tst r0, #458752 beq 0xc0101ecc orr r7, r7, #536870912 ldr r0, [r4, #0x3c] mov r9, torvalds#16 -vmrs r6, fpscr orr r9, r9, #251658240 add r0, r0, #4 str r0, [r4, #0x3c] mvn r0, torvalds#159 sub r0, r0, #-1207959552 and r0, r7, r0 vmsr fpexc, r0 vmrs r0, fpsid +vmrs r6, fpscr and r0, r0, #983040 cmp r0, #65536 bne 0xc0101d88 Fixes: 4708fb0 ("ARM: vfp: Reimplement VFP exception entry in C code") Signed-off-by: Calvin Owens <[email protected]> Signed-off-by: Russell King (Oracle) <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
1054009064
pushed a commit
to 1054009064/linux
that referenced
this pull request
Oct 4, 2024
[ Upstream commit 89a906d ] Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP instruction in kernel mode FPEXC == 0xc0000780 Internal error: Oops - undefined instruction: 0 [#1] ARM CPU: 0 PID: 196 Comm: vfp-reproducer Not tainted 6.10.0 #1 Hardware name: BCM2835 PC is at vfp_support_entry+0xc8/0x2cc LR is at do_undefinstr+0xa8/0x250 pc : [<c0101d50>] lr : [<c010a80c>] psr: a0000013 sp : dc8d1f68 ip : 60000013 fp : bedea19c r10: ec532b17 r9 : 00000010 r8 : 0044766c r7 : c0000780 r6 : ec532b17 r5 : c1c13800 r4 : dc8d1fb0 r3 : c10072c4 r2 : c0101c88 r1 : ec532b17 r0 : 0044766c Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 00c5387d Table: 0251c008 DAC: 00000051 Register r0 information: non-paged memory Register r1 information: vmalloc memory Register r2 information: non-slab/vmalloc memory Register r3 information: non-slab/vmalloc memory Register r4 information: 2-page vmalloc region Register r5 information: slab kmalloc-cg-2k Register r6 information: vmalloc memory Register r7 information: non-slab/vmalloc memory Register r8 information: non-paged memory Register r9 information: zero-size pointer Register r10 information: vmalloc memory Register r11 information: non-paged memory Register r12 information: non-paged memory Process vfp-reproducer (pid: 196, stack limit = 0x61aaaf8b) Stack: (0xdc8d1f68 to 0xdc8d2000) 1f60: 0000081f b6f69300 0000000f c10073f4 c10072c4 dc8d1fb0 1f80: ec532b17 0c532b17 0044766c b6f9ccd8 00000000 c010a80c 00447670 60000010 1fa0: ffffffff c1c13800 00c5387d c0100f10 b6f68af8 00448fc0 00000000 bedea188 1fc0: bedea314 00000001 00448ebc b6f9d000 00447608 b6f9ccd8 00000000 bedea19c 1fe0: bede9198 bedea188 b6e1061c 0044766c 60000010 ffffffff 00000000 00000000 Call trace: [<c0101d50>] (vfp_support_entry) from [<c010a80c>] (do_undefinstr+0xa8/0x250) [<c010a80c>] (do_undefinstr) from [<c0100f10>] (__und_usr+0x70/0x80) Exception stack(0xdc8d1fb0 to 0xdc8d1ff8) 1fa0: b6f68af8 00448fc0 00000000 bedea188 1fc0: bedea314 00000001 00448ebc b6f9d000 00447608 b6f9ccd8 00000000 bedea19c 1fe0: bede9198 bedea188 b6e1061c 0044766c 60000010 ffffffff Code: 0a000061 e3877202 e594003c e3a09010 (eef16a10) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Fatal exception in interrupt ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- This is a minimal userspace reproducer on a Raspberry Pi Zero W: #include <stdio.h> #include <math.h> int main(void) { double v = 1.0; printf("%fn", NAN + *(volatile double *)&v); return 0; } Another way to consistently trigger the oops is: calvin@raspberry-pi-zero-w ~$ python -c "import json" The bug reproduces only when the kernel is built with DYNAMIC_DEBUG=n, because the pr_debug() calls act as barriers even when not activated. This is the output from the same kernel source built with the same compiler and DYNAMIC_DEBUG=y, where the userspace reproducer works as expected: VFP: bounce: trigger ec532b17 fpexc c0000780 VFP: emulate: INST=0xee377b06 SCR=0x00000000 VFP: bounce: trigger eef1fa10 fpexc c0000780 VFP: emulate: INST=0xeeb40b40 SCR=0x00000000 VFP: raising exceptions 30000000 calvin@raspberry-pi-zero-w ~$ ./vfp-reproducer nan Crudely grepping for vmsr/vmrs instructions in the otherwise nearly idential text for vfp_support_entry() makes the problem obvious: vmlinux.llvm.good [0xc0101cb8] <+48>: vmrs r7, fpexc vmlinux.llvm.good [0xc0101cd8] <+80>: vmsr fpexc, r0 vmlinux.llvm.good [0xc0101d20] <+152>: vmsr fpexc, r7 vmlinux.llvm.good [0xc0101d38] <+176>: vmrs r4, fpexc vmlinux.llvm.good [0xc0101d6c] <+228>: vmrs r0, fpscr vmlinux.llvm.good [0xc0101dc4] <+316>: vmsr fpexc, r0 vmlinux.llvm.good [0xc0101dc8] <+320>: vmrs r0, fpsid vmlinux.llvm.good [0xc0101dcc] <+324>: vmrs r6, fpscr vmlinux.llvm.good [0xc0101e10] <+392>: vmrs r10, fpinst vmlinux.llvm.good [0xc0101eb8] <+560>: vmrs r10, fpinst2 vmlinux.llvm.bad [0xc0101cb8] <+48>: vmrs r7, fpexc vmlinux.llvm.bad [0xc0101cd8] <+80>: vmsr fpexc, r0 vmlinux.llvm.bad [0xc0101d20] <+152>: vmsr fpexc, r7 vmlinux.llvm.bad [0xc0101d30] <+168>: vmrs r0, fpscr vmlinux.llvm.bad [0xc0101d50] <+200>: vmrs r6, fpscr <== BOOM! vmlinux.llvm.bad [0xc0101d6c] <+228>: vmsr fpexc, r0 vmlinux.llvm.bad [0xc0101d70] <+232>: vmrs r0, fpsid vmlinux.llvm.bad [0xc0101da4] <+284>: vmrs r10, fpinst vmlinux.llvm.bad [0xc0101df8] <+368>: vmrs r4, fpexc vmlinux.llvm.bad [0xc0101e5c] <+468>: vmrs r10, fpinst2 I think LLVM's reordering is valid as the code is currently written: the compiler doesn't know the instructions have side effects in hardware. Fix by using "asm volatile" in fmxr() and fmrx(), so they cannot be reordered with respect to each other. The original compiler now produces working kernels on my hardware with DYNAMIC_DEBUG=n. This is the relevant piece of the diff of the vfp_support_entry() text, from the original oopsing kernel to a working kernel with this patch: vmrs r0, fpscr tst r0, #4096 bne 0xc0101d48 tst r0, #458752 beq 0xc0101ecc orr r7, r7, #536870912 ldr r0, [r4, #0x3c] mov r9, torvalds#16 -vmrs r6, fpscr orr r9, r9, #251658240 add r0, r0, #4 str r0, [r4, #0x3c] mvn r0, torvalds#159 sub r0, r0, #-1207959552 and r0, r7, r0 vmsr fpexc, r0 vmrs r0, fpsid +vmrs r6, fpscr and r0, r0, #983040 cmp r0, #65536 bne 0xc0101d88 Fixes: 4708fb0 ("ARM: vfp: Reimplement VFP exception entry in C code") Signed-off-by: Calvin Owens <[email protected]> Signed-off-by: Russell King (Oracle) <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Think it looks better with an explanation mark