1. 23 1月, 2018 10 次提交
  2. 22 1月, 2018 1 次提交
  3. 20 1月, 2018 18 次提交
    • L
      Merge tag 'trace-v4.15-rc4-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace · ec835f81
      Linus Torvalds 提交于
      Pull tracing fixes from Steven Rostedt:
       "Two more small fixes
      
         - The conversion of enums into their actual numbers to display in the
           event format file had an off-by-one bug, that could cause an enum
           not to be converted, and break user space parsing tools.
      
         - A fix to a previous fix to bring back the context recursion checks.
           The interrupt case checks for NMI, IRQ and softirq, but the softirq
           returned the same number regardless if it was set or not, although
           the logic would force it to be set if it were hit"
      
      * tag 'trace-v4.15-rc4-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        tracing: Fix converting enum's from the map in trace_event_eval_update()
        ring-buffer: Fix duplicate results in mapping context to bits in recursive lock
      ec835f81
    • L
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input · 672bb0fa
      Linus Torvalds 提交于
      Pull input fixes from Dmitry Torokhov:
      
       - a fix for use-after-free in Synaptics RMI4 driver
      
       - correction to multitouch contact tracking on certain ALPS touchpads
         (which got broken when we tried to fix the 2-finger scrolling)
      
       - touchpad on Lenovo T640p is switched over to SMbus/RMI
      
       - a few device node refcount fixes
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
        Input: synaptics-rmi4 - prevent UAF reported by KASAN
        Input: ALPS - fix multi-touch decoding on SS4 plus touchpads
        Input: synaptics - Lenovo Thinkpad T460p devices should use RMI
        Input: of_touchscreen - add MODULE_LICENSE
        Input: 88pm860x-ts - fix child-node lookup
        Input: twl6040-vibra - fix child-node lookup
        Input: twl4030-vibra - fix sibling-node lookup
      672bb0fa
    • L
      Merge branch 'i2c/for-current-fixed' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · 9bdbaeba
      Linus Torvalds 提交于
      Pull i2c fixes from Wolfram Sang:
       "Two bugfixes for the I2C core: Lixing Wang fixed a refcounting problem
        with DT nodes. Jeremy Compostella fixed a buffer overflow possibility
        when using a 'don't use' ioctl interface directly"
      
      * 'i2c/for-current-fixed' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
        i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
        i2c: core: decrease reference count of device node in i2c_unregister_device
      9bdbaeba
    • L
      Merge branch 'for-4.15-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata · 9f77a11a
      Linus Torvalds 提交于
      Pull libata fixlet from Tejun Heo:
       "This just adds one more entry for liteon optical drives to the device
        blacklist for large IOs.
      
        The change is very low risk"
      
      * 'for-4.15-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata:
        libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
      9f77a11a
    • L
      Merge branch 'for-4.15-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup · 8b335c7d
      Linus Torvalds 提交于
      Pull cgroup fix from Tejun Heo:
       "cgroup.threads should be delegatable (ie. a container should be able
        to write to it from inside) but was missing the flag.
      
        The change is very low risk"
      
      * 'for-4.15-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
        cgroup: make cgroup.threads delegatable
      8b335c7d
    • L
      Merge branch 'for-4.15-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq · a2c9c1c0
      Linus Torvalds 提交于
      Pull workqueue fixlet from Tejun Heo:
       "One patch to add touch_nmi_watchdog() while dumping workqueue debug
        messages to avoid triggering the lockup detector spuriously.
      
        The change is very low risk"
      
      * 'for-4.15-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq:
        workqueue: avoid hard lockups in show_workqueue_state()
      a2c9c1c0
    • L
      Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc · 6ec8765f
      Linus Torvalds 提交于
      Pull ARM SoC fixes from Arnd Bergmann:
       "We have various small DT fixes, and one important regression fix:
      
        The recent device tree bugfixes that were intended to address issues
        that 'dtc' started warning about in 4.15 fixed various USB PHY device
        nodes, but it turns out that we had code that depended on those nodes
        being incorrect and the probe failing with a particular error code.
        With the workaround we can also deal with correct device nodes.
      
        The DT fixes include:
      
         - Allwinner A10 and A20 had the display pipeline set up incorrectly
           (introduced in v4.15)
      
         - The Altera PMU lacked an interrupt-parent (never worked)
      
         - Pin muxing on the Openblocks A7 (never worked)
      
         - Clocks might get set up wrong on Armada 7K/8K (4.15 regression)
      
        We now have additional device tree patches to address all the
        remaining warnings introduced in 4.15, but decided to queue them for
        4.16 instead, to avoid risking another regression like the USB PHY
        thing mentioned above.
      
      * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
        phy: work around 'phys' references to usb-nop-xceiv devices
        ARM: sunxi_defconfig: Enable CMA
        arm64: dts: socfpga: add missing interrupt-parent
        ARM: dts: sun[47]i: Fix display backend 1 output to TCON0 remote endpoint
        ARM64: dts: marvell: armada-cp110: Fix clock resources for various node
        ARM: dts: da850-lcdk: Remove leading 0x and 0s from unit address
        ARM: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7
      6ec8765f
    • L
      Merge tag 'powerpc-4.15-8' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · 4917d5df
      Linus Torvalds 提交于
      Pull powerpc fixes from Michael Ellerman:
       "More than we'd like after rc8, but nothing very alarming either, just
        tying up loose ends before the release:
      
        Since we changed powernv to use cpufreq_get() from show_cpuinfo(), we
        see warnings with PREEMPT enabled. But the preempt_disable() in
        show_cpuinfo() doesn't actually prevent CPU hotplug as it suggests, so
        remove it.
      
        Two updates to the recently merged RFI flush code. Wire up the generic
        sysfs file to report the status, and add a debugfs file to allow
        enabling/disabling it at runtime.
      
        Two updates to xmon, one to add the RFI flush related fields to the
        paca dump, and another to not use hashed pointers in the paca dump.
      
        And one minor fix to add a missing include of linux/types.h in
        asm/hvcall.h, not seen to break the build in upstream, but correct
        anyway.
      
        Thanks to: Benjamin Herrenschmidt, Michal Suchanek, Nicholas Piggin"
      
      * tag 'powerpc-4.15-8' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/pseries: include linux/types.h in asm/hvcall.h
        powerpc/64s: Allow control of RFI flush via debugfs
        powerpc/64s: Wire up cpu_show_meltdown()
        powerpc: Don't preempt_disable() in show_cpuinfo()
        powerpc/xmon: Don't print hashed pointers in paca dump
        powerpc/xmon: Add RFI flush related fields to paca dump
      4917d5df
    • L
      Merge tag 'drm-fixes-for-v4.15-rc9' of git://people.freedesktop.org/~airlied/linux · 9abc9378
      Linus Torvalds 提交于
      Pull drm fixes from Dave Airlie:
       "Nouveau, i915, vmwgfx and sun4i regression fixes.
      
        The i915 change fixes a display corruption problem introduced in 4.15,
        the nouveau changes are for regressions in 4.15, one of the vmwgfx
        fixes goes back a little further, the other is a 4.15 regression fix,
        the 3 sun4i changes fix blank HDMI output on those devices"
      
      * tag 'drm-fixes-for-v4.15-rc9' of git://people.freedesktop.org/~airlied/linux:
        drm/nouveau/mmu/mcp77: fix regressions in stolen memory handling
        drm/nouveau/bar/gk20a: Avoid bar teardown during init
        drm/nouveau/drm/nouveau: Pass the proper arguments to nvif_object_map_handle()
        drm/vmwgfx: fix memory corruption with legacy/sou connectors
        drm/vmwgfx: Fix a boot time warning
        drm/i915: Fix deadlock in i830_disable_pipe()
        drm/i915: Redo plane sanitation during readout
        drm/i915: Add .get_hw_state() method for planes
        drm/sun4i: hdmi: Add missing rate halving check in sun4i_tmds_determine_rate
        drm/sun4i: hdmi: Fix incorrect assignment in sun4i_tmds_determine_rate
        drm/sun4i: hdmi: Check for unset best_parent in sun4i_tmds_determine_rate
      9abc9378
    • L
      Merge branch 'akpm' (patches from Andrew) · d342740e
      Linus Torvalds 提交于
      Merge misc fixes from Andrew Morton:
       "6 fixes"
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>:
        sparse doesn't support struct randomization
        proc: fix coredump vs read /proc/*/stat race
        scripts/gdb/linux/tasks.py: fix get_thread_info
        scripts/decodecode: fix decoding for AArch64 (arm64) instructions
        mm/page_owner.c: remove drain_all_pages from init_early_allocated_pages
        mm/memory.c: release locked page in do_swap_page()
      d342740e
    • M
      ia64: Rewrite atomic_add and atomic_sub · 4b664e73
      Matthew Wilcox 提交于
      Force __builtin_constant_p to evaluate whether the argument to atomic_add
      & atomic_sub is constant in the front-end before optimisations which
      can lead GCC to output a call to __bad_increment_for_ia64_fetch_and_add().
      
      See GCC bugzilla 83653.
      Signed-off-by: NJakub Jelinek <jakub@redhat.com>
      Signed-off-by: NMatthew Wilcox <mawilcox@microsoft.com>
      Signed-off-by: NTony Luck <tony.luck@intel.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      4b664e73
    • M
      sparse doesn't support struct randomization · a3d6c976
      Matthew Wilcox 提交于
      Without this patch, I drown in a sea of unknown attribute warnings
      
      Link: http://lkml.kernel.org/r/20180117024539.27354-1-willy@infradead.orgSigned-off-by: NMatthew Wilcox <mawilcox@microsoft.com>
      Acked-by: NKees Cook <keescook@chromium.org>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      a3d6c976
    • A
      proc: fix coredump vs read /proc/*/stat race · 8bb2ee19
      Alexey Dobriyan 提交于
      do_task_stat() accesses IP and SP of a task without bumping reference
      count of a stack (which became an entity with independent lifetime at
      some point).
      
      Steps to reproduce:
      
          #include <stdio.h>
          #include <sys/types.h>
          #include <sys/stat.h>
          #include <fcntl.h>
          #include <sys/time.h>
          #include <sys/resource.h>
          #include <unistd.h>
          #include <sys/wait.h>
      
          int main(void)
          {
          	setrlimit(RLIMIT_CORE, &(struct rlimit){});
      
          	while (1) {
          		char buf[64];
          		char buf2[4096];
          		pid_t pid;
          		int fd;
      
          		pid = fork();
          		if (pid == 0) {
          			*(volatile int *)0 = 0;
          		}
      
          		snprintf(buf, sizeof(buf), "/proc/%u/stat", pid);
          		fd = open(buf, O_RDONLY);
          		read(fd, buf2, sizeof(buf2));
          		close(fd);
      
          		waitpid(pid, NULL, 0);
          	}
          	return 0;
          }
      
          BUG: unable to handle kernel paging request at 0000000000003fd8
          IP: do_task_stat+0x8b4/0xaf0
          PGD 800000003d73e067 P4D 800000003d73e067 PUD 3d558067 PMD 0
          Oops: 0000 [#1] PREEMPT SMP PTI
          CPU: 0 PID: 1417 Comm: a.out Not tainted 4.15.0-rc8-dirty #2
          Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1.fc27 04/01/2014
          RIP: 0010:do_task_stat+0x8b4/0xaf0
          Call Trace:
           proc_single_show+0x43/0x70
           seq_read+0xe6/0x3b0
           __vfs_read+0x1e/0x120
           vfs_read+0x84/0x110
           SyS_read+0x3d/0xa0
           entry_SYSCALL_64_fastpath+0x13/0x6c
          RIP: 0033:0x7f4d7928cba0
          RSP: 002b:00007ffddb245158 EFLAGS: 00000246
          Code: 03 b7 a0 01 00 00 4c 8b 4c 24 70 4c 8b 44 24 78 4c 89 74 24 18 e9 91 f9 ff ff f6 45 4d 02 0f 84 fd f7 ff ff 48 8b 45 40 48 89 ef <48> 8b 80 d8 3f 00 00 48 89 44 24 20 e8 9b 97 eb ff 48 89 44 24
          RIP: do_task_stat+0x8b4/0xaf0 RSP: ffffc90000607cc8
          CR2: 0000000000003fd8
      
      John Ogness said: for my tests I added an else case to verify that the
      race is hit and correctly mitigated.
      
      Link: http://lkml.kernel.org/r/20180116175054.GA11513@avx2Signed-off-by: NAlexey Dobriyan <adobriyan@gmail.com>
      Reported-by: N"Kohli, Gaurav" <gkohli@codeaurora.org>
      Tested-by: NJohn Ogness <john.ogness@linutronix.de>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      8bb2ee19
    • X
      scripts/gdb/linux/tasks.py: fix get_thread_info · 883d50f5
      Xi Kangjie 提交于
      Since kernel 4.9, the thread_info has been moved into task_struct, no
      longer locates at the bottom of kernel stack.
      
      See commits c65eacbe ("sched/core: Allow putting thread_info into
      task_struct") and 15f4eae7 ("x86: Move thread_info into
      task_struct").
      
      Before fix:
        (gdb) set $current = $lx_current()
        (gdb) p $lx_thread_info($current)
        $1 = {flags = 1470918301}
        (gdb) p $current.thread_info
        $2 = {flags = 2147483648}
      
      After fix:
        (gdb) p $lx_thread_info($current)
        $1 = {flags = 2147483648}
        (gdb) p $current.thread_info
        $2 = {flags = 2147483648}
      
      Link: http://lkml.kernel.org/r/20180118210159.17223-1-imxikangjie@gmail.com
      Fixes: 15f4eae7 ("x86: Move thread_info into task_struct")
      Signed-off-by: NXi Kangjie <imxikangjie@gmail.com>
      Acked-by: NJan Kiszka <jan.kiszka@siemens.com>
      Acked-by: NKieran Bingham <kbingham@kernel.org>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      883d50f5
    • W
      scripts/decodecode: fix decoding for AArch64 (arm64) instructions · be9fa663
      Will Deacon 提交于
      There are a couple of problems with the decodecode script and arm64:
      
      1. AArch64 objdump refuses to disassemble .4byte directives as instructions,
         insisting that they are data values and displaying them as:
      
      	a94153f3	.word	0xa94153f3		<-- trapping instruction
      
         This is resolved by using the .inst directive instead.
      
      2. Disassembly of branch instructions attempts to provide the target as
         an offset from a symbol, e.g.:
      
         0:	34000082	cbz	w2, 10 <.text+0x10>
      
        however this falls foul of the grep -v, which matches lines containing
        ".text" and ends up removing all branch instructions from the dump.
      
      This patch resolves both issues by using the .inst directive for 4-byte
      quantities on arm64 and stripping the resulting binaries (as is done on
      arm already) to remove the mapping symbols.
      
      Link: http://lkml.kernel.org/r/1506596147-23630-1-git-send-email-will.deacon@arm.comSigned-off-by: NWill Deacon <will.deacon@arm.com>
      Reviewed-by: NDave Martin <Dave.Martin@arm.com>
      Cc: Michal Marek <mmarek@suse.cz>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      be9fa663
    • O
      mm/page_owner.c: remove drain_all_pages from init_early_allocated_pages · 6bec6ad7
      Oscar Salvador 提交于
      When setting page_owner = on, the following warning can be seen in the
      boot log:
      
        WARNING: CPU: 0 PID: 0 at mm/page_alloc.c:2537 drain_all_pages+0x171/0x1a0
        Modules linked in:
        CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.15.0-rc7-next-20180109-1-default+ #7
        Hardware name: Dell Inc. Latitude E7470/0T6HHJ, BIOS 1.11.3 11/09/2016
        RIP: 0010:drain_all_pages+0x171/0x1a0
        Call Trace:
          init_page_owner+0x4e/0x260
          start_kernel+0x3e6/0x4a6
          ? set_init_arg+0x55/0x55
          secondary_startup_64+0xa5/0xb0
        Code: c5 ed ff 89 df 48 c7 c6 20 3b 71 82 e8 f9 4b 52 00 3b 05 d7 0b f8 00 89 c3 72 d5 5b 5d 41 5
      
      This warning is shown because we are calling drain_all_pages() in
      init_early_allocated_pages(), but mm_percpu_wq is not up yet, it is being
      set up later on in kernel_init_freeable() -> init_mm_internals().
      
      Link: http://lkml.kernel.org/r/20180109153921.GA13070@techadventures.netSigned-off-by: NOscar Salvador <osalvador@techadventures.net>
      Acked-by: NJoonsoo Kim <iamjoonsoo.kim@lge.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: Michal Hocko <mhocko@suse.com>
      Cc: Ayush Mittal <ayush.m@samsung.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      6bec6ad7
    • M
      mm/memory.c: release locked page in do_swap_page() · f8020772
      Minchan Kim 提交于
      James reported a bug in swap paging-in from his testing.  It is that
      do_swap_page doesn't release locked page so system hang-up happens due
      to a deadlock on PG_locked.
      
      It was introduced by 0bcac06f ("mm, swap: skip swapcache for swapin
      of synchronous device") because I missed swap cache hit places to update
      swapcache variable to work well with other logics against swapcache in
      do_swap_page.
      
      This patch fixes it.
      
      Debugged by James Bottomley.
      
      Link: http://lkml.kernel.org/r/<1514407817.4169.4.camel@HansenPartnership.com>
      Link: http://lkml.kernel.org/r/20180102235606.GA19438@bboxSigned-off-by: NMinchan Kim <minchan@kernel.org>
      Reported-by: NJames Bottomley <James.Bottomley@hansenpartnership.com>
      Acked-by: NHugh Dickins <hughd@google.com>
      Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
      Cc: Huang Ying <ying.huang@intel.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      f8020772
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 726ba84b
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
      
       1) Fix BPF divides by zero, from Eric Dumazet and Alexei Starovoitov.
      
       2) Reject stores into bpf context via st and xadd, from Daniel
          Borkmann.
      
       3) Fix a memory leak in TUN, from Cong Wang.
      
       4) Disable RX aggregation on a specific troublesome configuration of
          r8152 in a Dell TB16b dock.
      
       5) Fix sw_ctx leak in tls, from Sabrina Dubroca.
      
       6) Fix program replacement in cls_bpf, from Daniel Borkmann.
      
       7) Fix uninitialized station_info structures in cfg80211, from Johannes
          Berg.
      
       8) Fix miscalculation of transport header offset field in flow
          dissector, from Eric Dumazet.
      
       9) Fix LPM tree leak on failure in mlxsw driver, from Ido Schimmel.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (29 commits)
        ibmvnic: Fix IPv6 packet descriptors
        ibmvnic: Fix IP offload control buffer
        ipv6: don't let tb6_root node share routes with other node
        ip6_gre: init dev->mtu and dev->hard_header_len correctly
        mlxsw: spectrum_router: Free LPM tree upon failure
        flow_dissector: properly cap thoff field
        fm10k: mark PM functions as __maybe_unused
        cfg80211: fix station info handling bugs
        netlink: reset extack earlier in netlink_rcv_skb
        can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
        can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
        bpf: mark dst unknown on inconsistent {s, u}bounds adjustments
        bpf: fix cls_bpf on filter replace
        Net: ethernet: ti: netcp: Fix inbound ping crash if MTU size is greater than 1500
        tls: reset crypto_info when do_tls_setsockopt_tx fails
        tls: return -EBUSY if crypto_info is already set
        tls: fix sw_ctx leak
        net/tls: Only attach to sockets in ESTABLISHED state
        net: fs_enet: do not call phy_stop() in interrupts
        r8152: disable RX aggregation on Dell TB16 dock
        ...
      726ba84b
  4. 19 1月, 2018 11 次提交
    • A
      phy: work around 'phys' references to usb-nop-xceiv devices · b7563e27
      Arnd Bergmann 提交于
      Stefan Wahren reports a problem with a warning fix that was merged
      for v4.15: we had lots of device nodes with a 'phys' property pointing
      to a device node that is not compliant with the binding documented in
      Documentation/devicetree/bindings/phy/phy-bindings.txt
      
      This generally works because USB HCD drivers that support both the generic
      phy subsystem and the older usb-phy subsystem ignore most errors from
      phy_get() and related calls and then use the usb-phy driver instead.
      
      However, it turns out that making the usb-nop-xceiv device compatible with
      the generic-phy binding changes the phy_get() return code from -EINVAL to
      -EPROBE_DEFER, and the dwc2 usb controller driver for bcm2835 now returns
      -EPROBE_DEFER from its probe function rather than ignoring the failure,
      breaking all USB support on raspberry-pi when CONFIG_GENERIC_PHY is
      enabled. The same code is used in the dwc3 driver and the usb_add_hcd()
      function, so a reasonable assumption would be that many other platforms
      are affected as well.
      
      I have reviewed all the related patches and concluded that "usb-nop-xceiv"
      is the only USB phy that is affected by the change, and since it is by far
      the most commonly referenced phy, all the other USB phy drivers appear
      to be used in ways that are are either safe in DT (they don't use the
      'phys' property), or in the driver (they already ignore -EPROBE_DEFER
      from generic-phy when usb-phy is available).
      
      To work around the problem, this adds a special case to _of_phy_get()
      so we ignore any PHY node that is compatible with "usb-nop-xceiv",
      as we know that this can never load no matter how much we defer. In the
      future, we might implement a generic-phy driver for "usb-nop-xceiv"
      and then remove this workaround.
      
      Since we generally want older kernels to also want to work with the
      fixed devicetree files, it would be good to backport the patch into
      stable kernels as well (3.13+ are possibly affected), even though they
      don't contain any of the patches that may have caused regressions.
      
      Fixes: 014d6da6 ARM: dts: bcm283x: Fix DTC warnings about missing phy-cells
      Fixes: c5bbf358 arm: dts: nspire: Add missing #phy-cells to usb-nop-xceiv
      Fixes: 44e5dced arm: dts: marvell: Add missing #phy-cells to usb-nop-xceiv
      Fixes: f568f6f5 ARM: dts: omap: Add missing #phy-cells to usb-nop-xceiv
      Fixes: d745d5f2 ARM: dts: imx51-zii-rdu1: Add missing #phy-cells to usb-nop-xceiv
      Fixes: 915fbe59 ARM: dts: imx: Add missing #phy-cells to usb-nop-xceiv
      Link: https://marc.info/?l=linux-usb&m=151518314314753&w=2
      Link: https://patchwork.kernel.org/patch/10158145/
      Cc: stable@vger.kernel.org
      Cc: Felipe Balbi <balbi@kernel.org>
      Cc: Eric Anholt <eric@anholt.net>
      Tested-by: NStefan Wahren <stefan.wahren@i2se.com>
      Acked-by: NRob Herring <robh@kernel.org>
      Tested-by: NHans Verkuil <hans.verkuil@cisco.com>
      Acked-by: NKishon Vijay Abraham I <kishon@ti.com>
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      b7563e27
    • M
      ARM: sunxi_defconfig: Enable CMA · c13e7f31
      Maxime Ripard 提交于
      The DRM driver most notably, but also out of tree drivers (for now) like
      the VPU or GPU drivers, are quite big consumers of large, contiguous memory
      buffers. However, the sunxi_defconfig doesn't enable CMA in order to
      mitigate that, which makes them almost unusable.
      
      Enable it to make sure it somewhat works.
      
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NMaxime Ripard <maxime.ripard@free-electrons.com>
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      c13e7f31
    • D
      Merge tag 'drm-intel-fixes-2018-01-18' of... · 04cef3ea
      Dave Airlie 提交于
      Merge tag 'drm-intel-fixes-2018-01-18' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes
      
      Display corruption regression bugfix with both a prep patch and a
      follow-up fix
      
      * tag 'drm-intel-fixes-2018-01-18' of git://anongit.freedesktop.org/drm/drm-intel:
        drm/i915: Fix deadlock in i830_disable_pipe()
        drm/i915: Redo plane sanitation during readout
        drm/i915: Add .get_hw_state() method for planes
      04cef3ea
    • T
      ibmvnic: Fix IPv6 packet descriptors · a0dca10f
      Thomas Falcon 提交于
      Packet descriptor generation for IPv6 is broken.
      Properly set L3 and L4 protocol flags for IPv6 descriptors.
      Signed-off-by: NThomas Falcon <tlfalcon@linux.vnet.ibm.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a0dca10f
    • T
      ibmvnic: Fix IP offload control buffer · f6897943
      Thomas Falcon 提交于
      Set some missing fields in the IP control offload buffer. This buffer is
      used to enable checksum and TCP segmentation offload in the VNIC server.
      The buffer length field and the checksum offloading bits were not set
      properly, so fix that here.
      Signed-off-by: NThomas Falcon <tlfalcon@linux.vnet.ibm.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f6897943
    • D
      Merge tag 'linux-can-fixes-for-4.15-20180118' of... · 69c4a65e
      David S. Miller 提交于
      Merge tag 'linux-can-fixes-for-4.15-20180118' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can
      
      Marc Kleine-Budde says:
      
      ====================
      pull-request: can 2018-01-18
      
      ====================
      this is a pull reqeust of two patches for net/master:
      
      The syzkaller project triggered two WARN_ONCE() in the af_can code from
      userspace and we decided to replace it by a pr_warn_once().
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      69c4a65e
    • W
      ipv6: don't let tb6_root node share routes with other node · 591ff9ea
      Wei Wang 提交于
      After commit 4512c43e, if we add a route to the subtree of tb6_root
      which does not have any route attached to it yet, the current code will
      let tb6_root and the node in the subtree share the same route.
      This could cause problem cause tb6_root has RTN_INFO flag marked and the
      tree repair and clean up code will not work properly.
      This commit makes sure tb6_root->leaf points back to null_entry instead
      of sharing route with other node.
      
      It fixes the following syzkaller reported issue:
      BUG: KASAN: use-after-free in ipv6_prefix_equal include/net/ipv6.h:540 [inline]
      BUG: KASAN: use-after-free in fib6_add_1+0x165f/0x1790 net/ipv6/ip6_fib.c:618
      Read of size 8 at addr ffff8801bc043498 by task syz-executor5/19819
      
      CPU: 1 PID: 19819 Comm: syz-executor5 Not tainted 4.15.0-rc7+ #186
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      Call Trace:
       __dump_stack lib/dump_stack.c:17 [inline]
       dump_stack+0x194/0x257 lib/dump_stack.c:53
       print_address_description+0x73/0x250 mm/kasan/report.c:252
       kasan_report_error mm/kasan/report.c:351 [inline]
       kasan_report+0x25b/0x340 mm/kasan/report.c:409
       __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:430
       ipv6_prefix_equal include/net/ipv6.h:540 [inline]
       fib6_add_1+0x165f/0x1790 net/ipv6/ip6_fib.c:618
       fib6_add+0x5fa/0x1540 net/ipv6/ip6_fib.c:1214
       __ip6_ins_rt+0x6c/0x90 net/ipv6/route.c:1003
       ip6_route_add+0x141/0x190 net/ipv6/route.c:2790
       ipv6_route_ioctl+0x4db/0x6b0 net/ipv6/route.c:3299
       inet6_ioctl+0xef/0x1e0 net/ipv6/af_inet6.c:520
       sock_do_ioctl+0x65/0xb0 net/socket.c:958
       sock_ioctl+0x2c2/0x440 net/socket.c:1055
       vfs_ioctl fs/ioctl.c:46 [inline]
       do_vfs_ioctl+0x1b1/0x1520 fs/ioctl.c:686
       SYSC_ioctl fs/ioctl.c:701 [inline]
       SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
       entry_SYSCALL_64_fastpath+0x23/0x9a
      RIP: 0033:0x452ac9
      RSP: 002b:00007fd42b321c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010
      RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452ac9
      RDX: 0000000020fd7000 RSI: 000000000000890b RDI: 0000000000000013
      RBP: 000000000000049e R08: 0000000000000000 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f4f70
      R13: 00000000ffffffff R14: 00007fd42b3226d4 R15: 0000000000000000
      
      Fixes: 4512c43e ("ipv6: remove null_entry before adding default route")
      Signed-off-by: NWei Wang <weiwan@google.com>
      Acked-by: NEric Dumazet <edumazet@google.com>
      Acked-by: NMartin KaFai Lau <kafai@fb.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      591ff9ea
    • D
      Merge branch 'linux-4.15' of git://github.com/skeggsb/linux into drm-fixes · ee62249d
      Dave Airlie 提交于
      Thought I'd try my luck getting one more in:
      - Two fixes for Tegra (one is to common code, but our userspace doesn't hit it).
      - One for NV5x-class MCPs
      
      * 'linux-4.15' of git://github.com/skeggsb/linux:
        drm/nouveau/mmu/mcp77: fix regressions in stolen memory handling
        drm/nouveau/bar/gk20a: Avoid bar teardown during init
        drm/nouveau/drm/nouveau: Pass the proper arguments to nvif_object_map_handle()
      ee62249d
    • A
      ip6_gre: init dev->mtu and dev->hard_header_len correctly · 128bb975
      Alexey Kodanev 提交于
      Commit b05229f4 ("gre6: Cleanup GREv6 transmit path,
      call common GRE functions") moved dev->mtu initialization
      from ip6gre_tunnel_setup() to ip6gre_tunnel_init(), as a
      result, the previously set values, before ndo_init(), are
      reset in the following cases:
      
      * rtnl_create_link() can update dev->mtu from IFLA_MTU
        parameter.
      
      * ip6gre_tnl_link_config() is invoked before ndo_init() in
        netlink and ioctl setup, so ndo_init() can reset MTU
        adjustments with the lower device MTU as well, dev->mtu
        and dev->hard_header_len.
      
        Not applicable for ip6gretap because it has one more call
        to ip6gre_tnl_link_config(tunnel, 1) in ip6gre_tap_init().
      
      Fix the first case by updating dev->mtu with 'tb[IFLA_MTU]'
      parameter if a user sets it manually on a device creation,
      and fix the second one by moving ip6gre_tnl_link_config()
      call after register_netdevice().
      
      Fixes: b05229f4 ("gre6: Cleanup GREv6 transmit path, call common GRE functions")
      Fixes: db2ec95d ("ip6_gre: Fix MTU setting")
      Signed-off-by: NAlexey Kodanev <alexey.kodanev@oracle.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      128bb975
    • I
      mlxsw: spectrum_router: Free LPM tree upon failure · ed604c5d
      Ido Schimmel 提交于
      When a new LPM tree is created, we try to replace the trees in the
      existing virtual routers with it. If we fail, the tree needs to be
      freed.
      
      Currently, this does not happen in the unlikely case where we fail to
      bind the tree to the first virtual router, since its reference count
      never transitions from 1 to 0.
      
      Fix that by taking a reference before binding the tree.
      
      Fixes: fc922bb0 ("mlxsw: spectrum_router: Use one LPM tree for all virtual routers")
      Signed-off-by: NIdo Schimmel <idosch@mellanox.com>
      Signed-off-by: NJiri Pirko <jiri@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ed604c5d
    • B
      drm/nouveau/mmu/mcp77: fix regressions in stolen memory handling · 2ffa64eb
      Ben Skeggs 提交于
      - Fixes addition of stolen memory base address to PTEs.
      - Removes support for compression.
      Signed-off-by: NBen Skeggs <bskeggs@redhat.com>
      Tested-by: NPierre Moreau <pierre.morrow@free.fr>
      2ffa64eb