Commit Graph

494507 Commits

Author SHA1 Message Date
Linus Torvalds
66dcff86ba 3.19 changes for KVM:
- spring cleaning: removed support for IA64, and for hardware-assisted
 virtualization on the PPC970
 - ARM, PPC, s390 all had only small fixes
 
 For x86:
 - small performance improvements (though only on weird guests)
 - usual round of hardware-compliancy fixes from Nadav
 - APICv fixes
 - XSAVES support for hosts and guests.  XSAVES hosts were broken because
 the (non-KVM) XSAVES patches inadvertently changed the KVM userspace
 ABI whenever XSAVES was enabled; hence, this part is going to stable.
 Guest support is just a matter of exposing the feature and CPUID leaves
 support.
 
 Right now KVM is broken for PPC BookE in your tree (doesn't compile).
 I'll reply to the pull request with a patch, please apply it either
 before the pull request or in the merge commit, in order to preserve
 bisectability somewhat.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJUkpg+AAoJEL/70l94x66DUmoH/jzXYkptSW9NGgm79KqxGJlD
 lzLnLBkitVvx++Mz5YBhdJEhKKLUlCtifFT1zPJQ/pthQhIRSaaAwZyNGgUs5w5x
 yMGKHiPQFyZRbmQtZhCInW0BftJoYHHciO3nUfHCZnp34My9MP2D55W7/z+fYFfQ
 DuqBSE9ThyZJtZ4zh8NRA9fCOeuqwVYRyoBs820Wbsh4cpIBoIK63Dg7k+CLE+ZV
 MZa/mRL6bAfsn9W5bnOUAgHJ3SPznnWbO3/g0aV+roL/5pffblprJx9lKNR08xUM
 6hDFLop2gDehDJesDkY/o8Ckp1hEouvfsVpSShry4vcgtn0hgh2O5/6Orbmj6vE=
 =Zwq1
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull KVM update from Paolo Bonzini:
 "3.19 changes for KVM:

   - spring cleaning: removed support for IA64, and for hardware-
     assisted virtualization on the PPC970

   - ARM, PPC, s390 all had only small fixes

  For x86:
   - small performance improvements (though only on weird guests)
   - usual round of hardware-compliancy fixes from Nadav
   - APICv fixes
   - XSAVES support for hosts and guests.  XSAVES hosts were broken
     because the (non-KVM) XSAVES patches inadvertently changed the KVM
     userspace ABI whenever XSAVES was enabled; hence, this part is
     going to stable.  Guest support is just a matter of exposing the
     feature and CPUID leaves support"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (179 commits)
  KVM: move APIC types to arch/x86/
  KVM: PPC: Book3S: Enable in-kernel XICS emulation by default
  KVM: PPC: Book3S HV: Improve H_CONFER implementation
  KVM: PPC: Book3S HV: Fix endianness of instruction obtained from HEIR register
  KVM: PPC: Book3S HV: Remove code for PPC970 processors
  KVM: PPC: Book3S HV: Tracepoints for KVM HV guest interactions
  KVM: PPC: Book3S HV: Simplify locking around stolen time calculations
  arch: powerpc: kvm: book3s_paired_singles.c: Remove unused function
  arch: powerpc: kvm: book3s_pr.c: Remove unused function
  arch: powerpc: kvm: book3s.c: Remove some unused functions
  arch: powerpc: kvm: book3s_32_mmu.c: Remove unused function
  KVM: PPC: Book3S HV: Check wait conditions before sleeping in kvmppc_vcore_blocked
  KVM: PPC: Book3S HV: ptes are big endian
  KVM: PPC: Book3S HV: Fix inaccuracies in ICP emulation for H_IPI
  KVM: PPC: Book3S HV: Fix KSM memory corruption
  KVM: PPC: Book3S HV: Fix an issue where guest is paused on receiving HMI
  KVM: PPC: Book3S HV: Fix computation of tlbie operand
  KVM: PPC: Book3S HV: Add missing HPTE unlock
  KVM: PPC: BookE: Improve irq inject tracepoint
  arm/arm64: KVM: Require in-kernel vgic for the arch timers
  ...
2014-12-18 16:05:28 -08:00
Alexander Graf
91ed9e8a32 KVM: PPC: E500: Compile fix in this_cpu_write
Commit 69111bac42 ("powerpc: Replace __get_cpu_var uses") introduced
compile breakage to the e500 target by introducing invalid automatically
created C syntax.

Fix up the breakage and make the code compile again.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-12-18 16:02:26 -08:00
David S. Miller
86c8fc4bbe This relatively large collection of fixes is all over - from things
that were broken a long time ago (the management key issue) but not
 noticed yet, to small issues that were only introduced into 3.19
 (like the multicast issue). At least one issue is old but can crash
 the kernel based on invalid userspace requests (the nl80211 matches
 array one.)
 -----BEGIN PGP SIGNATURE-----
 
 iQIbBAABCAAGBQJUkt82AAoJEDBSmw7B7bqrk5YP+NN821jzWqTPZy7mS1NgwRrN
 4VjPw1J6ba5LRCfS8cYOcG5zPq4i88DdiRzsFe7TW1g3ayy5tXNp0FzcgJ4lBV5T
 cWpXybtCYwnJxlaRBNmS9H7ZOCSjVJH8B1U75t5jmY8ondZ7mRUpN6Od2b6rKfq6
 8HDZ+I7fr+tPeb/1tj9iq0XaJAPvZOpoJzA5Hgjvs6UOURAxIxRrU4l9LZ/bd6Uf
 jz0Kg0u59d9YNDn9MPX2KmMOyjbJ2t5MYHsAfxOB9usnaq8Toq1ZEszApiIXuyz/
 GsgLBYL9gVpIUU95Us7lDv+sqT7cFflNvE9JtgcB5dkSxjZrRNLnJM09NggkOI9a
 A1BGReZODj2UPEKdXgWMC4Jr63xLZW5vr7mX9c8egQu2U/eqLACcz0ewMxMxaoEO
 bXEjegDv6FaGuGU1ul8D03cvgznLjoMUtnkcu5UIFLIt7uf0Ohrn8bFovrpo0DX2
 wQt8VkOIrRBHXkvTDIZCyTbfZn9LI9M50q8YEZWX84wrA7gDkFQ6ByNrxdFET4zA
 Hjpjkwi9CbpaJ66Xp0WFbWJ6AMAfVJHYBTHnRU36nfbNb82qD6O+1nZVH7xGjbHB
 7zk+nrXKjhdnCBhhIZBku+Fkug6+wBdZNkTFSch6Q1ZO+aLb4Z02j+yb1fylAzjf
 ar3E7Ssx+jtGfJ9RQAk=
 =iSDP
 -----END PGP SIGNATURE-----

Merge tag 'mac80211-for-davem-2014-12-18' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211

Johannes Berg says:

====================
pull-request: mac80211 2014-12-18

Also from me a first pull request - we have a number of really old
issues that happened to crop up now with new work (or just more testing)
in the right areas as well as some small bugs newly introduced in 3.19.

Let me know if there are any problems.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-18 15:33:49 -05:00
David S. Miller
7dce675b28 Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth
Johan Hedberg says:

====================
pull request: bluetooth 2014-12-17

Here's the first direct (i.e. skipping the wireless tree) bluetooth pull
request for you, intended for 3.19. It's just one patch: a fix from
Marcel for for remote service discovery filtering which also fixes a
'used uninitialized' compiler warning.

Please let me know if there are any issues pulling. Thanks.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-18 15:32:27 -05:00
Eric W. Biederman
c297abfdf1 mnt: Fix a memory stomp in umount
While reviewing the code of umount_tree I realized that when we append
to a preexisting unmounted list we do not change pprev of the former
first item in the list.

Which means later in namespace_unlock hlist_del_init(&mnt->mnt_hash) on
the former first item of the list will stomp unmounted.first leaving
it set to some random mount point which we are likely to free soon.

This isn't likely to hit, but if it does I don't know how anyone could
track it down.

[ This happened because we don't have all the same operations for
  hlist's as we do for normal doubly-linked lists. In particular,
  list_splice() is easy on our standard doubly-linked lists, while
  hlist_splice() doesn't exist and needs both start/end entries of the
  hlist.  And commit 38129a13e6 incorrectly open-coded that missing
  hlist_splice().

  We should think about making these kinds of "mindless" conversions
  easier to get right by adding the missing hlist helpers   - Linus ]

Fixes: 38129a13e6 switch mnt_hash to hlist
Cc: stable@vger.kernel.org
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-12-18 11:22:02 -08:00
Kyle McMartin
3875f15207 uapi/linux/target_core_user.h: fix headers_install.sh badness
scripts/headers_install.sh will transform __packed to
__attribute__((packed)), so the #ifndef is not necessary.
(and, in fact, it's problematic, because we'll end up with the header
 containing:
#ifndef __attribute__((packed))
#define __attribu...
and so forth.)

Cc: stable@vger.kernel.org # 3.18
Signed-off-by: Kyle McMartin <kyle@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2014-12-18 11:07:27 -08:00
Sriharsha Basavapatna
ac9a3d84e1 be2net: Fix incorrect setting of tunnel offload flag in netdev features
An earlier commit to resolve an issue with encapsulation offloads missed
setting a bit in the outer netdev features flag. This results in loss of TSO
feature on a VxLAN interface.

Fixes: 630f4b70 ("Export tunnel offloads only when a VxLAN tunnel is created")

Signed-off-by: Sriharsha Basavapatna <sriharsha.basavapatna@emulex.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-18 12:51:29 -05:00
Jiri Benc
bf27c3537c bnx2x: fix typos in "configure"
Noticed when debugging ptp.

Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-18 12:50:36 -05:00
David Vrabel
26c0e10258 xen-netback: support frontends without feature-rx-notify again
Commit bc96f648df (xen-netback: make
feature-rx-notify mandatory) incorrectly assumed that there were no
frontends in use that did not support this feature.  But the frontend
driver in MiniOS does not and since this is used by (qemu) stubdoms,
these stopped working.

Netback sort of works as-is in this mode except:

- If there are no Rx requests and the internal Rx queue fills, only
  the drain timeout will wake the thread.  The default drain timeout
  of 10 s would give unacceptable pauses.

- If an Rx stall was detected and the internal Rx queue is drained,
  then the Rx thread would never wake.

Handle these two cases (when feature-rx-notify is disabled) by:

- Reducing the drain timeout to 30 ms.

- Disabling Rx stall detection.

Reported-by: John <jw@nuclearfallout.net>
Tested-by: John <jw@nuclearfallout.net>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-18 12:49:49 -05:00
Andreas Larsson
66d0f7ec9f sparc32: destroy_context() and switch_mm() needs to disable interrupts.
Load balancing can be triggered in the critical sections protected by
srmmu_context_spinlock in destroy_context() and switch_mm() and can hang
the cpu waiting for the rq lock of another cpu that in turn has called
switch_mm hangning on srmmu_context_spinlock leading to deadlock.

So, disable interrupt while taking srmmu_context_spinlock in
destroy_context() and switch_mm() so we don't deadlock.

See also commit 77b838fa1e ("[SPARC64]: destroy_context() needs to disable
interrupts.")

Signed-off-by: Andreas Larsson <andreas@gaisler.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-18 12:47:54 -05:00
Rafael J. Wysocki
2ec1c17cad Merge branches 'pm-opp', 'pm-cpufreq' and 'pm-tools'
* pm-opp:
  PM / OPP: do error handling at the bottom of dev_pm_opp_add_dynamic()
  PM / OPP: handle allocation of device_opp in a separate routine
  PM / OPP: reuse find_device_opp() instead of duplicating code
  PM / OPP: Staticize __dev_pm_opp_remove()
  PM / OPP: replace kfree with kfree_rcu while freeing 'struct device_opp'

* pm-cpufreq:
  MAINTAINERS: add entry for intel_pstate
  intel_pstate: Add a few comments
  intel_pstate: add kernel parameter to force loading

* pm-tools:
  Revert "tools: cpupower: fix return checks for sysfs_get_idlestate_count()"
2014-12-18 18:44:53 +01:00
Rafael J. Wysocki
035f10ee4e Merge branch 'pm-runtime'
* pm-runtime:
  power / PM: Eliminate CONFIG_PM_RUNTIME
  NFC / PM: Replace CONFIG_PM_RUNTIME with CONFIG_PM
  SCSI / PM: Replace CONFIG_PM_RUNTIME with CONFIG_PM
  tracing / PM: Replace CONFIG_PM_RUNTIME with CONFIG_PM
  x86 / PM: Replace CONFIG_PM_RUNTIME in io_apic.c
  PM: Remove the SET_PM_RUNTIME_PM_OPS() macro
  mmc: atmel-mci: use SET_RUNTIME_PM_OPS() macro
  PM / Kconfig: Replace PM_RUNTIME with PM in dependencies
  ARM / PM: Replace CONFIG_PM_RUNTIME with CONFIG_PM
  sound / PM: Replace CONFIG_PM_RUNTIME with CONFIG_PM
  phy / PM: Replace CONFIG_PM_RUNTIME with CONFIG_PM
  video / PM: Replace CONFIG_PM_RUNTIME with CONFIG_PM
  tty / PM: Replace CONFIG_PM_RUNTIME with CONFIG_PM
  spi: Replace CONFIG_PM_RUNTIME with CONFIG_PM
2014-12-18 18:44:05 +01:00
Rafael J. Wysocki
0a06664286 Merge branches 'acpi-fan', 'acpi-video' and 'acpi-ec'
* acpi-fan:
  ACPI / Fan: Use bus id as the name for non PNP0C0B (Fan) devices

* acpi-video:
  ACPI / video: update the skip case for acpi_video_device_in_dod()

* acpi-ec:
  ACPI / EC: Fix unexpected ec_remove_handlers() invocations
2014-12-18 18:43:16 +01:00
Rafael J. Wysocki
be10f60d29 Merge branches 'acpi-scan', 'acpi-utils' and 'acpi-pm'
* acpi-scan:
  ACPI / scan: Change the level of _DEP-related messages to KERN_DEBUG

* acpi-utils:
  ACPI / utils: Drop error messages from acpi_evaluate_reference()

* acpi-pm:
  ACPI / PM: Do not disable wakeup GPEs that have not been enabled
2014-12-18 18:42:56 +01:00
John W. Linville
0e324cf640 MAINTAINERS: changes for wireless
http://marc.info/?l=linux-wireless&m=141883202530292&w=2

This makes it official... :-)

Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-18 12:41:12 -05:00
Hariprasad Shenai
5aa80e5144 cxgb4: Fix decoding QSA module for ethtool get settings
QSA module was getting decoded as QSFP module in ethtool get settings, this
patch fixes it.

Signed-off-by: Hariprasad Shenai <hariprasad@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-18 12:39:16 -05:00
Jesse Gross
12069401d8 geneve: Fix races between socket add and release.
Currently, searching for a socket to add a reference to is not
synchronized with deletion of sockets. This can result in use
after free if there is another operation that is removing a
socket at the same time. Solving this requires both holding the
appropriate lock and checking the refcount to ensure that it
has not already hit zero.

Inspired by a related (but not exactly the same) issue in the
VXLAN driver.

Fixes: 0b5e8b8e ("net: Add Geneve tunneling protocol driver")
CC: Andy Zhou <azhou@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-18 12:38:13 -05:00
Jesse Gross
7ed767f731 geneve: Remove socket and offload handlers at destruction.
Sockets aren't currently removed from the the global list when
they are destroyed. In addition, offload handlers need to be cleaned
up as well.

Fixes: 0b5e8b8e ("net: Add Geneve tunneling protocol driver")
CC: Andy Zhou <azhou@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-18 12:38:13 -05:00
Thomas Graf
a18e6a186f netlink: Don't reorder loads/stores before marking mmap netlink frame as available
Each mmap Netlink frame contains a status field which indicates
whether the frame is unused, reserved, contains data or needs to
be skipped. Both loads and stores may not be reordeded and must
complete before the status field is changed and another CPU might
pick up the frame for use. Use an smp_mb() to cover needs of both
types of callers to netlink_set_status(), callers which have been
reading data frame from the frame, and callers which have been
filling or releasing and thus writing to the frame.

- Example code path requiring a smp_rmb():
  memcpy(skb->data, (void *)hdr + NL_MMAP_HDRLEN, hdr->nm_len);
  netlink_set_status(hdr, NL_MMAP_STATUS_UNUSED);

- Example code path requiring a smp_wmb():
  hdr->nm_uid	= from_kuid(sk_user_ns(sk), NETLINK_CB(skb).creds.uid);
  hdr->nm_gid	= from_kgid(sk_user_ns(sk), NETLINK_CB(skb).creds.gid);
  netlink_frame_flush_dcache(hdr);
  netlink_set_status(hdr, NL_MMAP_STATUS_VALID);

Fixes: f9c228 ("netlink: implement memory mapped recvmsg()")
Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-18 12:35:55 -05:00
David Miller
4682a03586 netlink: Always copy on mmap TX.
Checking the file f_count and the nlk->mapped count is not completely
sufficient to prevent the mmap'd area contents from changing from
under us during netlink mmap sendmsg() operations.

Be careful to sample the header's length field only once, because this
could change from under us as well.

Fixes: 5fd96123ee ("netlink: implement memory mapped sendmsg()")
Signed-off-by: David S. Miller <davem@davemloft.net>
Acked-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
2014-12-18 12:35:23 -05:00
Jiri Jaburek
d70a1b9893 ALSA: usb-audio: extend KEF X300A FU 10 tweak to Arcam rPAC
The Arcam rPAC seems to have the same problem - whenever anything
(alsamixer, udevd, 3.9+ kernel from 60af3d037e, ..) attempts to
access mixer / control interface of the card, the firmware "locks up"
the entire device, resulting in
  SNDRV_PCM_IOCTL_HW_PARAMS failed (-5): Input/output error
from alsa-lib.

Other operating systems can somehow read the mixer (there seems to be
playback volume/mute), but any manipulation is ignored by the device
(which has hardware volume controls).

Cc: <stable@vger.kernel.org>
Signed-off-by: Jiri Jaburek <jjaburek@redhat.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-12-18 17:49:50 +01:00
Kailang Yang
506b62c33a ALSA: hda/realtek - New codec support for ALC298
Add new support for ALC298 codec.

Signed-off-by: Kailang Yang <kailang@realtek.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-12-18 17:48:51 +01:00
Fabio Estevam
ba90f261cd watchdog: imx2_wdt: Fix the argument of watchdog_active()
Fix the following build warning by passing the expected argument type to
watchdog_active():

drivers/watchdog/imx2_wdt.c: In function 'imx2_wdt_suspend':
drivers/watchdog/imx2_wdt.c:340:2: warning: passing argument 1 of 'watchdog_active' from incompatible pointer type [enabled by default]
In file included from drivers/watchdog/imx2_wdt.c:38:0:
include/linux/watchdog.h:104:20: note: expected 'struct watchdog_device *' but argument is of type 'struct watchdog_device **'

Reported-by: Olof's autobuilder <build@lixom.net>
Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
2014-12-18 16:01:20 +01:00
Xiubo Li
aefbaf3a3f watchdog: imx2_wdt: Add power management support.
Add power management operations(suspend and resume) as part of
dev_pm_ops for IMX2 watchdog driver.

Signed-off-by: Xiubo Li <Li.Xiubo@freescale.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
2014-12-18 16:01:14 +01:00
James Bottomley
e617457691 Merge remote-tracking branch 'scsi-queue/drivers-for-3.19' into for-linus 2014-12-18 05:56:29 -08:00
Andy Lutomirski
3fb2f4237b x86/tls: Don't validate lm in set_thread_area() after all
It turns out that there's a lurking ABI issue.  GCC, when
compiling this in a 32-bit program:

struct user_desc desc = {
	.entry_number    = idx,
	.base_addr       = base,
	.limit           = 0xfffff,
	.seg_32bit       = 1,
	.contents        = 0, /* Data, grow-up */
	.read_exec_only  = 0,
	.limit_in_pages  = 1,
	.seg_not_present = 0,
	.useable         = 0,
};

will leave .lm uninitialized.  This means that anything in the
kernel that reads user_desc.lm for 32-bit tasks is unreliable.

Revert the .lm check in set_thread_area().  The value never did
anything in the first place.

Fixes: 0e58af4e1d ("x86/tls: Disallow unusual TLS segments")
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org # Only if 0e58af4e1d is backported
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: http://lkml.kernel.org/r/d7875b60e28c512f6a6fc0baf5714d58e7eaadbb.1418856405.git.luto@amacapital.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2014-12-18 12:12:26 +01:00
Greg Kurz
d70a54e2d0 powerpc/powernv: Ignore smt-enabled on Power8 and later
Starting with POWER8, the subcore logic relies on all threads of a core
being booted so that they can participate in split mode switches. So on
those machines we ignore the smt_enabled_at_boot setting (smt-enabled on
the kernel command line).

Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
[mpe: Update comment and change log to be more precise]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2014-12-18 19:59:21 +11:00
Christian Borntraeger
5de72a2247 s390/kvm: REPLACE barrier fixup with READ_ONCE
ACCESS_ONCE does not work reliably on non-scalar types. For
example gcc 4.6 and 4.7 might remove the volatile tag for such
accesses during the SRA (scalar replacement of aggregates) step
(https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58145)

Commit 1365039d0c ("KVM: s390: Fix ipte locking") replace
ACCESS_ONCE with barriers. Lets use READ_ONCE instead.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
2014-12-18 09:54:41 +01:00
Christian Borntraeger
488beef144 arm/spinlock: Replace ACCESS_ONCE with READ_ONCE
ACCESS_ONCE does not work reliably on non-scalar types. For
example gcc 4.6 and 4.7 might remove the volatile tag for such
accesses during the SRA (scalar replacement of aggregates) step
(https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58145)

Change the spinlock code to replace ACCESS_ONCE with READ_ONCE.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
2014-12-18 09:54:40 +01:00
Christian Borntraeger
af2e7aaed1 arm64/spinlock: Replace ACCESS_ONCE READ_ONCE
ACCESS_ONCE does not work reliably on non-scalar types. For
example gcc 4.6 and 4.7 might remove the volatile tag for such
accesses during the SRA (scalar replacement of aggregates) step
(https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58145)

Change the spinlock code to replace ACCESS_ONCE with READ_ONCE.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
2014-12-18 09:54:40 +01:00
Christian Borntraeger
4218091cb4 mips/gup: Replace ACCESS_ONCE with READ_ONCE
ACCESS_ONCE does not work reliably on non-scalar types. For
example gcc 4.6 and 4.7 might remove the volatile tag for such
accesses during the SRA (scalar replacement of aggregates) step
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58145)

Change the gup code to replace ACCESS_ONCE with READ_ONCE.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
2014-12-18 09:54:39 +01:00
Christian Borntraeger
14cf3d977b x86/gup: Replace ACCESS_ONCE with READ_ONCE
ACCESS_ONCE does not work reliably on non-scalar types. For
example gcc 4.6 and 4.7 might remove the volatile tag for such
accesses during the SRA (scalar replacement of aggregates) step
(https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58145)

Change the gup code to replace ACCESS_ONCE with READ_ONCE.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
2014-12-18 09:54:38 +01:00
Christian Borntraeger
4f9d1382e6 x86/spinlock: Replace ACCESS_ONCE with READ_ONCE
ACCESS_ONCE does not work reliably on non-scalar types. For
example gcc 4.6 and 4.7 might remove the volatile tag for such
accesses during the SRA (scalar replacement of aggregates) step
(https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58145)

Change the spinlock code to replace ACCESS_ONCE with READ_ONCE.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
2014-12-18 09:54:38 +01:00
Christian Borntraeger
e37c698270 mm: replace ACCESS_ONCE with READ_ONCE or barriers
ACCESS_ONCE does not work reliably on non-scalar types. For
example gcc 4.6 and 4.7 might remove the volatile tag for such
accesses during the SRA (scalar replacement of aggregates) step
(https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58145)

Let's change the code to access the page table elements with
READ_ONCE that does implicit scalar accesses for the gup code.

mm_find_pmd is tricky, because m68k and sparc(32bit) define pmd_t
as array of longs. This code requires just that the pmd_present
and pmd_trans_huge check are done on the same value, so a barrier
is sufficent.

A similar case is in handle_pte_fault. On ppc44x the word size is
32 bit, but a pte is 64 bit. A barrier is ok as well.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: linux-mm@kvack.org
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
2014-12-18 09:54:37 +01:00
Christian Borntraeger
230fa253df kernel: Provide READ_ONCE and ASSIGN_ONCE
ACCESS_ONCE does not work reliably on non-scalar types. For
example gcc 4.6 and 4.7 might remove the volatile tag for such
accesses during the SRA (scalar replacement of aggregates) step
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58145)

Let's provide READ_ONCE/ASSIGN_ONCE that will do all accesses via
scalar types as suggested by Linus Torvalds. Accesses larger than
the machines word size cannot be guaranteed to be atomic. These
macros will use memcpy and emit a build warning.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2014-12-18 09:54:36 +01:00
Paolo Bonzini
2c4aa55a6a Patch queue for ppc - 2014-12-18
Highights this time around:
 
   - Removal of HV support for 970. It became a maintenance burden and received
     practically no testing. POWER8 with HV is available now, so just grab one
     of those boxes if PR isn't enough for you.
   - Some bug fixes and performance improvements
   - Tracepoints for book3s_hv
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 
 iQIcBAABAgAGBQJUkiNhAAoJECszeR4D/txg/fIQAIZTZxSB/b6S3ON24+8yMgkc
 9NB1kVtkPKxgjkFfKA8HCEWL175/Y0Ax+H7Jc+cUvcynX1fyhcjZ3n+kKPd8RDY8
 mgtc41kX0pFZwmaaB58PhYbL4x+6fNuZYxWtrO+BMJwrxNeYhmJU0/u9KJht9b0F
 G0iL8eGPiFW+rBHADgjD/Uf8u1uamiEjUy5pq63BOYXxJKq0jFafsZ+iI8B19xSp
 B7wyxHY2V18aYwdkPGVvx45/0GSAZ8Pt237tcSswoZyVv6/lugvxJSx6a4zGTDyu
 GR4LfMMUtY+sk1XBwzlTgpY7U/CKgOhDs9WFOb5/jSPYKR2ewcvaXxYGl8o/5FIn
 Lwff7pSB359xk7srvmrX925a5PM5gz1of3C/WwVSohCuOYHserDlwSLPzqi2mcz3
 0BSEZFfs2xEnGL7Luzr9BxQHnppbbQtniNpRi2ePnsLbQ7VTlYhaQDpaUMn8OBy1
 6K4MbEkbKKOZJW0+srVZx81bOjq/9+oJb950hFhCywAfekE+9izLzmJRUWoISpsQ
 X/q9jW/mDX1saNciS9/vh/GecWbYauahF4NAAmo8qylb/KCDIRN4gMwE3VqUZ7l6
 wDHhWrhh+bhYbQfc69gnAbKOWAQHM9iIGFVquCjytkTETBASGtE6fm8PDuwS+GaD
 9TV7n4uTMCAkr3bkyZE/
 =YNF8
 -----END PGP SIGNATURE-----

Merge tag 'signed-kvm-ppc-next' of git://github.com/agraf/linux-2.6 into HEAD

Patch queue for ppc - 2014-12-18

Highights this time around:

  - Removal of HV support for 970. It became a maintenance burden and received
    practically no testing. POWER8 with HV is available now, so just grab one
    of those boxes if PR isn't enough for you.
  - Some bug fixes and performance improvements
  - Tracepoints for book3s_hv
2014-12-18 09:39:55 +01:00
Paolo Bonzini
cb5281a572 KVM: move APIC types to arch/x86/
They are not used anymore by IA64, move them away.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-18 09:39:51 +01:00
Michael S. Tsirkin
505e428374 powerpc/uaccess: Allow get_user() with bitwise types
At the moment, if p and x are both of the same bitwise type
(eg. __le32), get_user(x, p) produces a sparse warning.

This is because *p is loaded into a long then cast back to typeof(*p).

When typeof(*p) is a bitwise type (which is uncommon), such a cast needs
__force, otherwise sparse produces a warning.

For non-bitwise types __force should have no effect, and should not hide
any legitimate errors.

Note that we are casting to typeof(*p) not typeof(x). Even with the
cast, if x and *p are of different types we should get the warning, so I
think we are not loosing the ability to detect any actual errors.

virtio would like to use bitwise types with get_user() so fix these
spurious warnings by adding __force.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
[mpe: Fill in changelog with more details]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2014-12-18 19:11:09 +11:00
Eliot Blennerhassett
fd112f1cf6 ALSA: asihpi: update to HPI version 4.14
This corresponds with updated asihpi firmware in alsa-firmware repo

Signed-off-by: Eliot Blennerhassett <eliot@blennerhassett.gen.nz>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-12-18 08:48:47 +01:00
Eliot Blennerhassett
17d4de4ca3 ALSA: asihpi: increase tuner pad cache size
Increase size allocated for PAD (programme associated data) control.
This is used by newer tuner products.

Signed-off-by: Eliot Blennerhassett <eliot@blennerhassett.gen.nz>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-12-18 08:48:24 +01:00
Eliot Blennerhassett
4398643124 ALSA: asihpi: relax firmware version check
Some products firmware is no longer being updated
e.g. dsp5000, dsp8700  but it should continue to work
with updated HPI versions.
Avoid regression by allowing this firmware to be loaded as
long as major version is the same.
Warn about mismatching versions, as matching versions are
preferred.

Signed-off-by: Eliot Blennerhassett <eliot@blennerhassett.gen.nz>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-12-18 08:40:06 +01:00
Chris J Arges
c99b9e853d ALSA: usb-audio: Fix Scarlett 6i6 initialization typo
The num_controls field was incorrectly set to 0 causing 6i6 to not be
initialized. Set this to 9.

Reported-and-tested-by: Mark Roberts <sunifiram@gmail.com>
Signed-off-by: Chris J Arges <chris.j.arges@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-12-18 08:39:17 +01:00
Ingo Molnar
6aaba7c901 perf/core improvements and fixes:
User visible:
 
 - The mmap address range for the ring buffer now is calculated using the
   contents of /proc/sys/kernel/perf_event_mlock_kb.
 
   This fixes an -EPERM case where 'trace' was trying to use more than what
   is configured on perf_event_mlock_kb. (Arnaldo Carvalho de Melo)
 
 Infrastructure:
 
 - Move bitops definitions so that they match the header file hierarchy
   in the kernel sources where that code came from. (Arnaldo Carvalho de Melo)
 
 - Adopt round{down,up}_pow_of_two from the kernel and use it instead of
   equivalent code, so that we reuse more kernel code and make tools/ look
   more like kernel source code, to encourage further contributions from
   kernel hackers (Arnaldo Carvalho de Melo)
 
 - Fix use after free in filename__read_build_id (Mitchell Krome)
 
 Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJUkZsbAAoJEBpxZoYYoA71kRMIALWRoHarn5glw7/hQkLvYLzc
 rGnOp1MN07Fn/O7CagNDzIotYIzz0n/kGz4YaxFGS6ssmZqgQ8CraQM/XnyCpkyu
 PWB1HSTAONEyqAnO8/mm/KvQw4daMn82mYGx25X4E9XXtUvH4+al6xU7Om93omxT
 Mt/4Zgzrf5RL5fUvIs7CT+sk5CF67T5SDI7VuH55pbDeJkgGiHWbSwF+Jr5yafPd
 vRkHU5xYy+z8oSqb8NTo+ofDh0vJ1pifhvNncKtOBD3446D00XwUUwILy7HPLXFR
 MHT0+DiCPGRUnFnhT2gJl7oJMntp4DMAJvfJ3KC09e7yZ5BuU2R4mfNPg0INsfg=
 =6IJe
 -----END PGP SIGNATURE-----

Merge tag 'perf-core-for-mingo-2' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent

Pull perf/core improvements and fixes from Arnaldo Carvalho de Melo:

User visible changes:

- The mmap address range for the ring buffer now is calculated using the
  contents of /proc/sys/kernel/perf_event_mlock_kb.

  This fixes an -EPERM case where 'trace' was trying to use more than what
  is configured on perf_event_mlock_kb. (Arnaldo Carvalho de Melo)

Infrastructure changes:

- Move bitops definitions so that they match the header file hierarchy
  in the kernel sources where that code came from. (Arnaldo Carvalho de Melo)

- Adopt round{down,up}_pow_of_two from the kernel and use it instead of
  equivalent code, so that we reuse more kernel code and make tools/ look
  more like kernel source code, to encourage further contributions from
  kernel hackers (Arnaldo Carvalho de Melo)

- Fix use after free in filename__read_build_id (Mitchell Krome)

Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2014-12-18 07:23:55 +01:00
Linus Torvalds
44e8967d59 Ceph: remove left-over reject file
Neither Sage nor I noticed that Zheng Yan had mistakenly committed
fs/ceph/super.h.rej as part of commit 31c542a199 ("ceph: add inline
data to pagecache").

Remove it.

Requested-by: Yan, Zheng <ukernel@gmail.com>
Cc: Sage Weil <sweil@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-12-17 18:47:01 -08:00
Kees Cook
b0a65b0ccc param: do not set store func without write perm
When a module_param is defined without DAC write permissions, it can
still be changed at runtime and updated. Drivers using a 0444 permission
may be surprised that these values can still be changed.

For drivers that want to allow updates, any S_IW* flag will set the
"store" function as before. Drivers without S_IW* flags will have the
"store" function unset, unforcing a read-only value. Drivers that wish
neither "store" nor "get" can continue to use "0" for perms to stay out
of sysfs entirely.

Old behavior:
  # cd /sys/module/snd/parameters
  # ls -l
  total 0
  -r--r--r-- 1 root root 4096 Dec 11 13:55 cards_limit
  -r--r--r-- 1 root root 4096 Dec 11 13:55 major
  -r--r--r-- 1 root root 4096 Dec 11 13:55 slots
  # cat major
  116
  # echo -1 > major
  -bash: major: Permission denied
  # chmod u+w major
  # echo -1 > major
  # cat major
  -1

New behavior:
  ...
  # chmod u+w major
  # echo -1 > major
  -bash: echo: write error: Input/output error

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2014-12-18 12:38:51 +10:30
Linus Torvalds
57666509b7 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client
Pull ceph updates from Sage Weil:
 "The big item here is support for inline data for CephFS and for
  message signatures from Zheng.  There are also several bug fixes,
  including interrupted flock request handling, 0-length xattrs, mksnap,
  cached readdir results, and a message version compat field.  Finally
  there are several cleanups from Ilya, Dan, and Markus.

  Note that there is another series coming soon that fixes some bugs in
  the RBD 'lingering' requests, but it isn't quite ready yet"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client: (27 commits)
  ceph: fix setting empty extended attribute
  ceph: fix mksnap crash
  ceph: do_sync is never initialized
  libceph: fixup includes in pagelist.h
  ceph: support inline data feature
  ceph: flush inline version
  ceph: convert inline data to normal data before data write
  ceph: sync read inline data
  ceph: fetch inline data when getting Fcr cap refs
  ceph: use getattr request to fetch inline data
  ceph: add inline data to pagecache
  ceph: parse inline data in MClientReply and MClientCaps
  libceph: specify position of extent operation
  libceph: add CREATE osd operation support
  libceph: add SETXATTR/CMPXATTR osd operations support
  rbd: don't treat CEPH_OSD_OP_DELETE as extent op
  ceph: remove unused stringification macros
  libceph: require cephx message signature by default
  ceph: introduce global empty snap context
  ceph: message versioning fixes
  ...
2014-12-17 16:03:12 -08:00
Anton Blanchard
476ce5ef09 KVM: PPC: Book3S: Enable in-kernel XICS emulation by default
The in-kernel XICS emulation is faster than doing it all in QEMU
and it has got a lot of testing, so enable it by default.

Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-12-17 22:23:22 +01:00
Linus Torvalds
87c31b39ab Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull user namespace related fixes from Eric Biederman:
 "As these are bug fixes almost all of thes changes are marked for
  backporting to stable.

  The first change (implicitly adding MNT_NODEV on remount) addresses a
  regression that was created when security issues with unprivileged
  remount were closed.  I go on to update the remount test to make it
  easy to detect if this issue reoccurs.

  Then there are a handful of mount and umount related fixes.

  Then half of the changes deal with the a recently discovered design
  bug in the permission checks of gid_map.  Unix since the beginning has
  allowed setting group permissions on files to less than the user and
  other permissions (aka ---rwx---rwx).  As the unix permission checks
  stop as soon as a group matches, and setgroups allows setting groups
  that can not later be dropped, results in a situtation where it is
  possible to legitimately use a group to assign fewer privileges to a
  process.  Which means dropping a group can increase a processes
  privileges.

  The fix I have adopted is that gid_map is now no longer writable
  without privilege unless the new file /proc/self/setgroups has been
  set to permanently disable setgroups.

  The bulk of user namespace using applications even the applications
  using applications using user namespaces without privilege remain
  unaffected by this change.  Unfortunately this ix breaks a couple user
  space applications, that were relying on the problematic behavior (one
  of which was tools/selftests/mount/unprivileged-remount-test.c).

  To hopefully prevent needing a regression fix on top of my security
  fix I rounded folks who work with the container implementations mostly
  like to be affected and encouraged them to test the changes.

    > So far nothing broke on my libvirt-lxc test bed. :-)
    > Tested with openSUSE 13.2 and libvirt 1.2.9.
    > Tested-by: Richard Weinberger <richard@nod.at>

    > Tested on Fedora20 with libvirt 1.2.11, works fine.
    > Tested-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>

    > Ok, thanks - yes, unprivileged lxc is working fine with your kernels.
    > Just to be sure I was testing the right thing I also tested using
    > my unprivileged nsexec testcases, and they failed on setgroup/setgid
    > as now expected, and succeeded there without your patches.
    > Tested-by: Serge Hallyn <serge.hallyn@ubuntu.com>

    > I tested this with Sandstorm.  It breaks as is and it works if I add
    > the setgroups thing.
    > Tested-by: Andy Lutomirski <luto@amacapital.net> # breaks things as designed :("

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
  userns: Unbreak the unprivileged remount tests
  userns; Correct the comment in map_write
  userns: Allow setting gid_maps without privilege when setgroups is disabled
  userns: Add a knob to disable setgroups on a per user namespace basis
  userns: Rename id_map_mutex to userns_state_mutex
  userns: Only allow the creator of the userns unprivileged mappings
  userns: Check euid no fsuid when establishing an unprivileged uid mapping
  userns: Don't allow unprivileged creation of gid mappings
  userns: Don't allow setgroups until a gid mapping has been setablished
  userns: Document what the invariant required for safe unprivileged mappings.
  groups: Consolidate the setgroups permission checks
  mnt: Clear mnt_expire during pivot_root
  mnt: Carefully set CL_UNPRIVILEGED in clone_mnt
  mnt: Move the clear of MNT_LOCKED from copy_tree to it's callers.
  umount: Do not allow unmounting rootfs.
  umount: Disallow unprivileged mount force
  mnt: Update unprivileged remount test
  mnt: Implicitly add MNT_NODEV on remount when it was implicitly added by mount
2014-12-17 12:31:40 -08:00
Marcel Holtmann
ea8ae2516a Bluetooth: Fix bug with filter in service discovery optimization
The optimization for filtering out extended inquiry results, advertising
reports or scan response data based on provided UUID list has a logic
bug. In case no match is found in the advertising data, the scan
response is ignored and not checked against the filter. This will lead
to events being filtered wrongly.

Change the code to actually only drop the events when the scan response
data is not present. If it is present, it needs to be checked against
the provided filter.

The patch is a bit more complex than it needs to be. That is because
it also fixes this compiler warning that some gcc versions produce.

  CC      net/bluetooth/mgmt.o
net/bluetooth/mgmt.c: In function ‘mgmt_device_found’:
net/bluetooth/mgmt.c:7028:7: warning: ‘match’ may be used uninitialized in this function [-Wmaybe-uninitialized]
  bool match;
       ^

It seems that gcc can not clearly figure out the context of the match
variable. So just change the branches for the extended inquiry response
and advertising data around so that it is clear.

Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2014-12-17 22:03:49 +02:00
Linus Torvalds
f045bbb9fa mmu_gather: fix over-eager tlb_flush_mmu_free() calling
Dave Hansen reports that commit fb7332a9fe ("mmu_gather: move minimal
range calculations into generic code") caused a performance problem:

  "tlb_finish_mmu() goes up about 9x in the profiles (~0.4%->3.6%) and
   tlb_flush_mmu_free() takes about 3.1% of CPU time with the patch
   applied, but does not show up at all on the commit before"

and the reason is that Will moved the test for whether we need to flush
from tlb_flush_mmu() into tlb_flush_mmu_tlbonly().  But that meant that
tlb_flush_mmu_free() basically lost that check.

Move it back into tlb_flush_mmu() where it belongs, so that it covers
both tlb_flush_mmu_tlbonly() _and_ tlb_flush_mmu_free().

Reported-and-tested-by: Dave Hansen <dave@sr71.net>
Acked-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-12-17 11:59:04 -08:00