[tip.git#x86/debug] Re: x86/dumpstack: Combine some printk()s

[Sedat Dilek]

Hi,

I was looking through tip Git tree...

Why didn't you use...

+ IS_ENABLED(CONFIG_DEBUG_PAGEALLOC) ? " DEBUG_PAGEALLOC" : "",

...instead of...

+ debug_pagealloc_enabled() ? " DEBUG_PAGEALLOC" : "",

...for consistency reasons?

Regards,
- Sedat -

[1] 
http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?h=x86/debug=8fad7ec51e1b9e262e0bdd34e800ac1ea5e84dec

P.S.: From [1] "x86/dumpstack: Combine some printk()s"

--- a/arch/x86/kernel/dumpstack.c
+++ b/arch/x86/kernel/dumpstack.c
@@ -260,19 +260,12 @@ int __die(const char *str, struct pt_regs *regs, long err)
unsigned long sp;
#endif
printk(KERN_DEFAULT
- "%s: %04lx [#%d] ", str, err & 0x, ++die_counter);
-#ifdef CONFIG_PREEMPT
- printk("PREEMPT ");
-#endif
-#ifdef CONFIG_SMP
- printk("SMP ");
-#endif
- if (debug_pagealloc_enabled())
- printk("DEBUG_PAGEALLOC ");
-#ifdef CONFIG_KASAN
- printk("KASAN");
-#endif
- printk("\n");
+ "%s: %04lx [#%d]%s%s%s%s\n", str, err & 0x, ++die_counter,
+ IS_ENABLED(CONFIG_PREEMPT) ? " PREEMPT" : "",
+ IS_ENABLED(CONFIG_SMP) ? " SMP" : "",
+ debug_pagealloc_enabled() ? " DEBUG_PAGEALLOC" : "",
+ IS_ENABLED(CONFIG_KASAN) ? " KASAN" : "");
+
if (notify_die(DIE_OOPS, str, regs, err,
current->thread.trap_nr, SIGSEGV) == NOTIFY_STOP)
return 1;

[tip.git#x86/debug] Re: x86/dumpstack: Combine some printk()s

[Sedat Dilek]

Hi,

I was looking through tip Git tree...

Why didn't you use...

+ IS_ENABLED(CONFIG_DEBUG_PAGEALLOC) ? " DEBUG_PAGEALLOC" : "",

...instead of...

+ debug_pagealloc_enabled() ? " DEBUG_PAGEALLOC" : "",

...for consistency reasons?

Regards,
- Sedat -

[1] 
http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?h=x86/debug=8fad7ec51e1b9e262e0bdd34e800ac1ea5e84dec

P.S.: From [1] "x86/dumpstack: Combine some printk()s"

--- a/arch/x86/kernel/dumpstack.c
+++ b/arch/x86/kernel/dumpstack.c
@@ -260,19 +260,12 @@ int __die(const char *str, struct pt_regs *regs, long err)
unsigned long sp;
#endif
printk(KERN_DEFAULT
- "%s: %04lx [#%d] ", str, err & 0x, ++die_counter);
-#ifdef CONFIG_PREEMPT
- printk("PREEMPT ");
-#endif
-#ifdef CONFIG_SMP
- printk("SMP ");
-#endif
- if (debug_pagealloc_enabled())
- printk("DEBUG_PAGEALLOC ");
-#ifdef CONFIG_KASAN
- printk("KASAN");
-#endif
- printk("\n");
+ "%s: %04lx [#%d]%s%s%s%s\n", str, err & 0x, ++die_counter,
+ IS_ENABLED(CONFIG_PREEMPT) ? " PREEMPT" : "",
+ IS_ENABLED(CONFIG_SMP) ? " SMP" : "",
+ debug_pagealloc_enabled() ? " DEBUG_PAGEALLOC" : "",
+ IS_ENABLED(CONFIG_KASAN) ? " KASAN" : "");
+
if (notify_die(DIE_OOPS, str, regs, err,
current->thread.trap_nr, SIGSEGV) == NOTIFY_STOP)
return 1;

Re: Getting rid of inside_vm in intel8x0

[Takashi Iwai]

On Sat, 02 Apr 2016 00:28:31 +0200,
Luis R. Rodriguez wrote:
> 
> On Fri, Apr 01, 2016 at 07:34:10AM +0200, Takashi Iwai wrote:
> > On Fri, 01 Apr 2016 00:26:18 +0200,
> > Luis R. Rodriguez wrote:
> > > 
> > > On Wed, Mar 30, 2016 at 08:07:04AM +0200, Takashi Iwai wrote:
> > > > On Tue, 29 Mar 2016 23:37:32 +0200,
> > > > Andy Lutomirski wrote:
> > > > > 
> > > > > Would it be possible to revert:
> > > > > 
> > > > > commit 228cf79376f13b98f2e1ac10586311312757675c
> > > > > Author: Konstantin Ozerkov 
> > > > > Date:   Wed Oct 26 19:11:01 2011 +0400
> > > > > 
> > > > > ALSA: intel8x0: Improve performance in virtual environment
> > > > > 
> > > > > Presumably one or more of the following is true:
> > > > > 
> > > > > a) The inside_vm == true case is just an optimization and should apply
> > > > > unconditionally.
> > > > > 
> > > > > b) The inside_vm == true case is incorrect and should be fixed or 
> > > > > disabled.
> > > > > 
> > > > > c) The inside_vm == true case is a special case that makes sense then
> > > > > IO is very very slow but doesn't make sense when IO is fast.  If so,
> > > > > why not literally measure the time that the IO takes and switch over
> > > > > to the "inside VM" path when IO is slow?
> > > 
> > > BTW can we simulate this on bare metal by throttling an IO bus, or
> > > perhaps mucking with the scheduler ?
> > > 
> > > I ask as I wonder if similar type of optimization may be useful
> > > to first simulate with other types of buses for other IO devices
> > > we might use in virtualization environments. If so, I'd be curious
> > > to know if similar type of optimizations might be possible for
> > > other sounds cards, or other IO devices.
> > 
> > There aren't so many sound devices requiring such a workaround.
> 
> Why not, what makes this special?

The hardware buggyness.

> > > > More important condition is rather that the register updates of CIV
> > > > and PICB are atomic.
> > > 
> > > To help with this can you perhaps elaborate a bit more on what the code
> > > does? As I read it snd_intel8x0_pcm_pointer() gets a pointer to some
> > > sort of audio frame we are in and uses two values to see if we are
> > > going to be evaluating the right frame, we use an optimization of
> > > some sort to skip one check for virtual environments. We seem to need
> > > this given that on a virtual environment it is assumed that the sound
> > > card is emulated, and as such an IO read there is rather expensive.
> > > 
> > > Can you confirm and/or elaborate a bit more what this does ?
> > > 
> > > To try to help understand what is going on can you describe what CIV
> > > and PICB are exactly ?
> > 
> > CIV and PICB registers are a pair and we calculate the linear position
> > in a ring buffer from both two.
> 
> What type of ring buffer is this ?

A normal PCM ring buffer via PCI DMA transfer.

> > However, they are divorced sometimes
> > under stress, and the position calculated from such values may go
> > backward wrongly.  For avoiding it, there is the second read of the
> > PICB register and compare with the previous value, and loop until it
> > matches.  This check is skipped on VM.
> 
> I see. Is this a software emulation *bug*, or an IO issue due to
> virtualization? I tried to read what the pointer() (that's what its called)
> callback does but since there is no documentation for any of the callbacks I
> have no clue what so ever.
> 
> If the former, could a we somehow detect an emulated device other than through
> this type of check ? Or could we *add* a capability of some sort to detect it
> on the driver ? This would not address the removal, but it could mean finding 
> a
> way to address emulation issues.
> 
> If its an IO issue -- exactly what is the causing the delays in IO ?

Luis, there is no problem about emulation itself.  It's rather an
optimization to lighten the host side load, as I/O access on a VM is
much heavier.

> > > > This is satisfied mostly only on VM, and can't
> > > > be measured easily unlike the IO read speed.
> > > 
> > > Interesting, note the original patch claimed it was for KVM and
> > > Parallels hypervisor only, but since the code uses:
> > > 
> > > +#if defined(__i386__) || defined(__x86_64__)
> > > +   inside_vm = inside_vm || 
> > > boot_cpu_has(X86_FEATURE_HYPERVISOR);
> > > +#endif
> > > 
> > > This makes it apply also to Xen as well, this makes this hack more
> > > broad, but does is it only applicable when an emulated device is
> > > used ? What about if a hypervisor is used and PCI passthrough is
> > > used ?
> > 
> > A good question.  Xen was added there at the time from positive
> > results by quick tests, but it might show an issue if it's running on
> > a very old chip with PCI passthrough.  But I'm not sure whether PCI
> > passthrough would work on such old chipsets at all.
> 
> If it did have an issue then that would have to be special cased, that
> is the module parameter would not need to be enabled 

Re: Getting rid of inside_vm in intel8x0

[Takashi Iwai]

On Sat, 02 Apr 2016 00:28:31 +0200,
Luis R. Rodriguez wrote:
> 
> On Fri, Apr 01, 2016 at 07:34:10AM +0200, Takashi Iwai wrote:
> > On Fri, 01 Apr 2016 00:26:18 +0200,
> > Luis R. Rodriguez wrote:
> > > 
> > > On Wed, Mar 30, 2016 at 08:07:04AM +0200, Takashi Iwai wrote:
> > > > On Tue, 29 Mar 2016 23:37:32 +0200,
> > > > Andy Lutomirski wrote:
> > > > > 
> > > > > Would it be possible to revert:
> > > > > 
> > > > > commit 228cf79376f13b98f2e1ac10586311312757675c
> > > > > Author: Konstantin Ozerkov 
> > > > > Date:   Wed Oct 26 19:11:01 2011 +0400
> > > > > 
> > > > > ALSA: intel8x0: Improve performance in virtual environment
> > > > > 
> > > > > Presumably one or more of the following is true:
> > > > > 
> > > > > a) The inside_vm == true case is just an optimization and should apply
> > > > > unconditionally.
> > > > > 
> > > > > b) The inside_vm == true case is incorrect and should be fixed or 
> > > > > disabled.
> > > > > 
> > > > > c) The inside_vm == true case is a special case that makes sense then
> > > > > IO is very very slow but doesn't make sense when IO is fast.  If so,
> > > > > why not literally measure the time that the IO takes and switch over
> > > > > to the "inside VM" path when IO is slow?
> > > 
> > > BTW can we simulate this on bare metal by throttling an IO bus, or
> > > perhaps mucking with the scheduler ?
> > > 
> > > I ask as I wonder if similar type of optimization may be useful
> > > to first simulate with other types of buses for other IO devices
> > > we might use in virtualization environments. If so, I'd be curious
> > > to know if similar type of optimizations might be possible for
> > > other sounds cards, or other IO devices.
> > 
> > There aren't so many sound devices requiring such a workaround.
> 
> Why not, what makes this special?

The hardware buggyness.

> > > > More important condition is rather that the register updates of CIV
> > > > and PICB are atomic.
> > > 
> > > To help with this can you perhaps elaborate a bit more on what the code
> > > does? As I read it snd_intel8x0_pcm_pointer() gets a pointer to some
> > > sort of audio frame we are in and uses two values to see if we are
> > > going to be evaluating the right frame, we use an optimization of
> > > some sort to skip one check for virtual environments. We seem to need
> > > this given that on a virtual environment it is assumed that the sound
> > > card is emulated, and as such an IO read there is rather expensive.
> > > 
> > > Can you confirm and/or elaborate a bit more what this does ?
> > > 
> > > To try to help understand what is going on can you describe what CIV
> > > and PICB are exactly ?
> > 
> > CIV and PICB registers are a pair and we calculate the linear position
> > in a ring buffer from both two.
> 
> What type of ring buffer is this ?

A normal PCM ring buffer via PCI DMA transfer.

> > However, they are divorced sometimes
> > under stress, and the position calculated from such values may go
> > backward wrongly.  For avoiding it, there is the second read of the
> > PICB register and compare with the previous value, and loop until it
> > matches.  This check is skipped on VM.
> 
> I see. Is this a software emulation *bug*, or an IO issue due to
> virtualization? I tried to read what the pointer() (that's what its called)
> callback does but since there is no documentation for any of the callbacks I
> have no clue what so ever.
> 
> If the former, could a we somehow detect an emulated device other than through
> this type of check ? Or could we *add* a capability of some sort to detect it
> on the driver ? This would not address the removal, but it could mean finding 
> a
> way to address emulation issues.
> 
> If its an IO issue -- exactly what is the causing the delays in IO ?

Luis, there is no problem about emulation itself.  It's rather an
optimization to lighten the host side load, as I/O access on a VM is
much heavier.

> > > > This is satisfied mostly only on VM, and can't
> > > > be measured easily unlike the IO read speed.
> > > 
> > > Interesting, note the original patch claimed it was for KVM and
> > > Parallels hypervisor only, but since the code uses:
> > > 
> > > +#if defined(__i386__) || defined(__x86_64__)
> > > +   inside_vm = inside_vm || 
> > > boot_cpu_has(X86_FEATURE_HYPERVISOR);
> > > +#endif
> > > 
> > > This makes it apply also to Xen as well, this makes this hack more
> > > broad, but does is it only applicable when an emulated device is
> > > used ? What about if a hypervisor is used and PCI passthrough is
> > > used ?
> > 
> > A good question.  Xen was added there at the time from positive
> > results by quick tests, but it might show an issue if it's running on
> > a very old chip with PCI passthrough.  But I'm not sure whether PCI
> > passthrough would work on such old chipsets at all.
> 
> If it did have an issue then that would have to be special cased, that
> is the module parameter would not need to be enabled for such type of
> 

Re: [PATCH] x86: Calculate MHz using APERF/MPERF for cpuinfo and scaling_cur_freq

[Len Brown]

Thanks for the comments.

Re: is this a useful semantic?

Yes, average MHz over an interval is significantly more useful than
a snapshot of the recent instantaneous frequency.
It is possible to convert the former into the later,
but it is not possible to reliably and efficiently convert the later
into the former.

Indeed, we stopped using MSR_PERF_STATUS for this very reason --
a snapshot of instantaneous frequency can be very misleading.

Further, the mechanism in this patch will still work even when Linux
has no concept of frequency control,
including firmware control and CONFIG_CPU_FREQ=n

Of course, when there is 1 reader, this mechanism works the best --
as they get to select whatever interval they like.
For multi-user, the interval would shorten -- possibly
degrading to the 100ms limit set here.  My reasoning on the
100ms limit is that anything more frequent is abuse,
and the users should be using user-space tools like turbostat in that case.

Re: 64-bit math.

Stephane is correct, APERF and  MPERF will not overflow in the uptime
of the machine.
They are both 64-bit registers, and they tick at TSC rate or slower.
(Indeed, they tick at 0 when idle)

Boris is right, this works as long as somebody doesn't scribble on these MSRs.
Linux used to do that in 2.6.23, but we learned our lesson and we leave them
free running since then.  I'm not going to worry about a yahoo
scribbling on MSRs
behind the kernel's back.  More than this will break if that happens.

Peter is right, in the expression "numerator = cpu_khz * aperf_delta",
the capacity of the 64-bit numerator is reduced as cpu_khz
and aperf_delta grow.

For example, if this patch runs on a busy system having a 4GHz CPU,
then APERF ticks at 2^32 Hz.
cpu_khz = 2^22
so max aperf_delta without overflow is 2^64/2^22 = 2^42 cycles

2^42 cycles / 2^32 cycles/sec = 2^10 sec = 1024 seconds = 17 minutes.

Though we could improve this range by 1024x by simply operating on
cpu_mhz instead of cpu_khz, yielding 12 days.

Or we could simply detect potential overflow:

2^64 < cpu_khz * delta_aperf
so
if (2^64/cpu_khz < delta_aperf) then overflow

and since delta_aperf and delta_mperf are much larger than cpu_khz
in this case, we can calculate this way:

khz = cpu_khz (delta_aperf)/(delta_mperf)
khz = cpu_khz (delta_aperf/cpu_khz)/(delta_mperf/cpu_khz)
khz = delta_aperf / (delta_mperf/cpu_khz)

no calculation here can overflow 64-bits in the uptime of the machine.

I'll send an updated patch.

thanks,
-Len

Re: [PATCH] x86: Calculate MHz using APERF/MPERF for cpuinfo and scaling_cur_freq

[Len Brown]

Thanks for the comments.

Re: is this a useful semantic?

Yes, average MHz over an interval is significantly more useful than
a snapshot of the recent instantaneous frequency.
It is possible to convert the former into the later,
but it is not possible to reliably and efficiently convert the later
into the former.

Indeed, we stopped using MSR_PERF_STATUS for this very reason --
a snapshot of instantaneous frequency can be very misleading.

Further, the mechanism in this patch will still work even when Linux
has no concept of frequency control,
including firmware control and CONFIG_CPU_FREQ=n

Of course, when there is 1 reader, this mechanism works the best --
as they get to select whatever interval they like.
For multi-user, the interval would shorten -- possibly
degrading to the 100ms limit set here.  My reasoning on the
100ms limit is that anything more frequent is abuse,
and the users should be using user-space tools like turbostat in that case.

Re: 64-bit math.

Stephane is correct, APERF and  MPERF will not overflow in the uptime
of the machine.
They are both 64-bit registers, and they tick at TSC rate or slower.
(Indeed, they tick at 0 when idle)

Boris is right, this works as long as somebody doesn't scribble on these MSRs.
Linux used to do that in 2.6.23, but we learned our lesson and we leave them
free running since then.  I'm not going to worry about a yahoo
scribbling on MSRs
behind the kernel's back.  More than this will break if that happens.

Peter is right, in the expression "numerator = cpu_khz * aperf_delta",
the capacity of the 64-bit numerator is reduced as cpu_khz
and aperf_delta grow.

For example, if this patch runs on a busy system having a 4GHz CPU,
then APERF ticks at 2^32 Hz.
cpu_khz = 2^22
so max aperf_delta without overflow is 2^64/2^22 = 2^42 cycles

2^42 cycles / 2^32 cycles/sec = 2^10 sec = 1024 seconds = 17 minutes.

Though we could improve this range by 1024x by simply operating on
cpu_mhz instead of cpu_khz, yielding 12 days.

Or we could simply detect potential overflow:

2^64 < cpu_khz * delta_aperf
so
if (2^64/cpu_khz < delta_aperf) then overflow

and since delta_aperf and delta_mperf are much larger than cpu_khz
in this case, we can calculate this way:

khz = cpu_khz (delta_aperf)/(delta_mperf)
khz = cpu_khz (delta_aperf/cpu_khz)/(delta_mperf/cpu_khz)
khz = delta_aperf / (delta_mperf/cpu_khz)

no calculation here can overflow 64-bits in the uptime of the machine.

I'll send an updated patch.

thanks,
-Len

Re: [PATCH v2] mtd: nand: denali: allow to override max_banks from DT property

[Masahiro Yamada]

2016-03-29 11:33 GMT+09:00 Masahiro Yamada :
> Commit 271707b1d817 ("mtd: nand: denali: max_banks calculation
> changed in revision 5.1") supported the new encoding of the "n_banks"
> bits of the "features" register, but there is an unfortunate case
> not covered by that commit.
>
> Panasonic (its System LSI Business Division is now Socionext) bought
> a couple of versions of this IP.  The IP released for Panasonic
> around Feb. 2012 is revision 5 and uses the old encoding for n_banks
> (2 << n_banks).  While the one released around Nov. 2012 is also
> revision 5, but it uses the new encoding (1 << n_banks).
>
> The revision register cannot distinguish these two incompatible
> hardware.  I guess this IP series is not well-organized.  I could not
> find any solution but giving max_banks from DT property.
>
> This commit works around the problem by allowing DT to set the
> max_banks forcibly.  Of course, this DT property can be optional if
> the auto detection based on the hardware registers works well.
>
> Signed-off-by: Masahiro Yamada 
> Acked-by: Rob Herring 


Looks like we should take our time for discussion
to find out which is better, a new compatible string or a new DT property.

The discussion is happening in v1 thread.
http://patchwork.ozlabs.org/patch/601562/

Please hold back applying this patch.



-- 
Best Regards
Masahiro Yamada

Re: [PATCH v2] mtd: nand: denali: allow to override max_banks from DT property

[Masahiro Yamada]

2016-03-29 11:33 GMT+09:00 Masahiro Yamada :
> Commit 271707b1d817 ("mtd: nand: denali: max_banks calculation
> changed in revision 5.1") supported the new encoding of the "n_banks"
> bits of the "features" register, but there is an unfortunate case
> not covered by that commit.
>
> Panasonic (its System LSI Business Division is now Socionext) bought
> a couple of versions of this IP.  The IP released for Panasonic
> around Feb. 2012 is revision 5 and uses the old encoding for n_banks
> (2 << n_banks).  While the one released around Nov. 2012 is also
> revision 5, but it uses the new encoding (1 << n_banks).
>
> The revision register cannot distinguish these two incompatible
> hardware.  I guess this IP series is not well-organized.  I could not
> find any solution but giving max_banks from DT property.
>
> This commit works around the problem by allowing DT to set the
> max_banks forcibly.  Of course, this DT property can be optional if
> the auto detection based on the hardware registers works well.
>
> Signed-off-by: Masahiro Yamada 
> Acked-by: Rob Herring 


Looks like we should take our time for discussion
to find out which is better, a new compatible string or a new DT property.

The discussion is happening in v1 thread.
http://patchwork.ozlabs.org/patch/601562/

Please hold back applying this patch.



-- 
Best Regards
Masahiro Yamada

Re: [PATCH] mtd: nand: denali: allow to override max_banks from DT property

[Masahiro Yamada]

Hi Boris,


2016-03-29 16:53 GMT+09:00 Boris Brezillon :
> Hi,
>
> I'm answering to this one, but I already saw your v2.
>
> On Sat, 26 Mar 2016 13:27:50 +0900
> Masahiro Yamada  wrote:
>
>> 2016-03-25 23:45 GMT+09:00 Boris Brezillon 
>> :
>> > On Thu, 24 Mar 2016 21:24:37 +0900
>> > Masahiro Yamada  wrote:
>> >
>> >> Commit 271707b1d817 ("mtd: nand: denali: max_banks calculation
>> >> changed in revision 5.1") supported the new encoding of the "n_banks"
>> >> bits of the "features" register, but there is an unfortunate case
>> >> that is not covered by that commit.
>> >>
>> >> Panasonic (its System LSI division is now Socionext) bought several
>> >> versions of this IP.  The IP released for Panasonic around Feb. 2012
>> >> is revision 5 and uses the old encoding for n_banks (2 << n_banks).
>> >> While the one released around Nov. 2012 is also revision 5, but it
>> >> uses the new encoding (1 << n_banks).
>> >>
>> >> The revision register cannot distinguish these two incompatible
>> >> hardware.  I guess this IP series is not well-organized.  I could not
>> >> find any alternative but giving max_banks from DT property.
>> >
>> > Hm, shouldn't that be addressed with a new compatible instead of adding
>> > a extra property?
>
> You didn't answer to this suggestion. I see several advantages in this
> approach:
>
> 1/ You'll only break the DT once (to add your new compatible) even if
> you got your logic wrong. All you'll have to do in this case is patch
> your driver to change the compatible <-> capabilities association
>
> 2/ This may not be the only difference between the 2 revisions, and
> in this case, putting the compatible <-> capabilities association
> directly in your driver will allow you to easily tweak capabilities
> per-revision
>
>> >
>> >>
>> >> This commit works around the problem by allowing DT to set the
>> >> max_banks forcibly.  Of course, this DT property can be optional if
>> >> the auto detection based on the hardware registers works well.
>> >>
>> >> Signed-off-by: Masahiro Yamada 
>> >> ---
>> >>
>> >>  Documentation/devicetree/bindings/mtd/denali-nand.txt | 4 
>> >>  drivers/mtd/nand/denali.c | 3 ++-
>> >>  drivers/mtd/nand/denali_dt.c  | 3 +++
>> >>  3 files changed, 9 insertions(+), 1 deletion(-)
>> >>
>> >> diff --git a/Documentation/devicetree/bindings/mtd/denali-nand.txt 
>> >> b/Documentation/devicetree/bindings/mtd/denali-nand.txt
>> >> index 785b825..78c250d 100644
>> >> --- a/Documentation/devicetree/bindings/mtd/denali-nand.txt
>> >> +++ b/Documentation/devicetree/bindings/mtd/denali-nand.txt
>> >> @@ -7,6 +7,10 @@ Required properties:
>> >>- interrupts : The interrupt number.
>> >>- dma-mask : DMA bit mask
>> >>
>> >> +Optional properties:
>> >> +  - max-banks : Maximum number of banks supported by hardware.  If not
>> >> +specified, it is determined based on the "features" register of 
>> >> hardware.
>> >> +
>> >
>> > You might want to prefix that with "denali,".
>> >
>> >>  The device tree may optionally contain sub-nodes describing partitions 
>> >> of the
>> >>  address space. See partition.txt for more detail.
>>
>>
>> In which case, do we have to add a vendor prefix to DT properties?
>>
>> I do not know a clear rule about this.
>
> Usually you add a vendor prefix when the property only applies to a
> specific controller/IP. In the NAND specific case, most NAND
> controllers have a fixed number of banks which can be deduced from the
> IP revision/version. I'd like to keep it like that and avoid seeing
> other drivers use this max-banks property to deduce the number of
> available banks, hence my suggestion to, at least, prefix your property
> with "denali,". But I'd still prefer to see the max-banks value be
> associated to a new compatible.
>
> Thanks,
>
> Boris

I want to use this driver for ARM-based UniPhier SoCs.
Their DT files are located as follows:

arch/arm/boot/dts/uniphier-*
arch/arm64/boot/dts/socionext/uniphier-*


If we decided to add new DT compatible strings rather than DT property,
which string would you suggest?
Should it include "denali" or just SoC name "uniphier-*"?
How about the vendor prefix?  "denali," or "socionext," ?


like this?  I am not sure...


nand: nand@6800 {
compatible = "socionext,uniphier-pro5-nand", "denali,denali-nand-dt";
reg-names = "nand_data", "denali_reg";
reg = <0x6800 0x20>, <0x6810 0x1000>;
interrupts = <0 65 4>;
pinctrl-names = "default";
pinctrl-0 = <_nand>;
clocks = <>;
};


At least, I need two DT compatible strings,
for old/new "n_banks" encoding.

The following part is also a problem for me because
platform-specific ECC bit is hard-coded in the driver.

The comment claims that Intel MRST supports 8bit and 15bit for 

Re: [PATCH] mtd: nand: denali: allow to override max_banks from DT property

[Masahiro Yamada]

Hi Boris,


2016-03-29 16:53 GMT+09:00 Boris Brezillon :
> Hi,
>
> I'm answering to this one, but I already saw your v2.
>
> On Sat, 26 Mar 2016 13:27:50 +0900
> Masahiro Yamada  wrote:
>
>> 2016-03-25 23:45 GMT+09:00 Boris Brezillon 
>> :
>> > On Thu, 24 Mar 2016 21:24:37 +0900
>> > Masahiro Yamada  wrote:
>> >
>> >> Commit 271707b1d817 ("mtd: nand: denali: max_banks calculation
>> >> changed in revision 5.1") supported the new encoding of the "n_banks"
>> >> bits of the "features" register, but there is an unfortunate case
>> >> that is not covered by that commit.
>> >>
>> >> Panasonic (its System LSI division is now Socionext) bought several
>> >> versions of this IP.  The IP released for Panasonic around Feb. 2012
>> >> is revision 5 and uses the old encoding for n_banks (2 << n_banks).
>> >> While the one released around Nov. 2012 is also revision 5, but it
>> >> uses the new encoding (1 << n_banks).
>> >>
>> >> The revision register cannot distinguish these two incompatible
>> >> hardware.  I guess this IP series is not well-organized.  I could not
>> >> find any alternative but giving max_banks from DT property.
>> >
>> > Hm, shouldn't that be addressed with a new compatible instead of adding
>> > a extra property?
>
> You didn't answer to this suggestion. I see several advantages in this
> approach:
>
> 1/ You'll only break the DT once (to add your new compatible) even if
> you got your logic wrong. All you'll have to do in this case is patch
> your driver to change the compatible <-> capabilities association
>
> 2/ This may not be the only difference between the 2 revisions, and
> in this case, putting the compatible <-> capabilities association
> directly in your driver will allow you to easily tweak capabilities
> per-revision
>
>> >
>> >>
>> >> This commit works around the problem by allowing DT to set the
>> >> max_banks forcibly.  Of course, this DT property can be optional if
>> >> the auto detection based on the hardware registers works well.
>> >>
>> >> Signed-off-by: Masahiro Yamada 
>> >> ---
>> >>
>> >>  Documentation/devicetree/bindings/mtd/denali-nand.txt | 4 
>> >>  drivers/mtd/nand/denali.c | 3 ++-
>> >>  drivers/mtd/nand/denali_dt.c  | 3 +++
>> >>  3 files changed, 9 insertions(+), 1 deletion(-)
>> >>
>> >> diff --git a/Documentation/devicetree/bindings/mtd/denali-nand.txt 
>> >> b/Documentation/devicetree/bindings/mtd/denali-nand.txt
>> >> index 785b825..78c250d 100644
>> >> --- a/Documentation/devicetree/bindings/mtd/denali-nand.txt
>> >> +++ b/Documentation/devicetree/bindings/mtd/denali-nand.txt
>> >> @@ -7,6 +7,10 @@ Required properties:
>> >>- interrupts : The interrupt number.
>> >>- dma-mask : DMA bit mask
>> >>
>> >> +Optional properties:
>> >> +  - max-banks : Maximum number of banks supported by hardware.  If not
>> >> +specified, it is determined based on the "features" register of 
>> >> hardware.
>> >> +
>> >
>> > You might want to prefix that with "denali,".
>> >
>> >>  The device tree may optionally contain sub-nodes describing partitions 
>> >> of the
>> >>  address space. See partition.txt for more detail.
>>
>>
>> In which case, do we have to add a vendor prefix to DT properties?
>>
>> I do not know a clear rule about this.
>
> Usually you add a vendor prefix when the property only applies to a
> specific controller/IP. In the NAND specific case, most NAND
> controllers have a fixed number of banks which can be deduced from the
> IP revision/version. I'd like to keep it like that and avoid seeing
> other drivers use this max-banks property to deduce the number of
> available banks, hence my suggestion to, at least, prefix your property
> with "denali,". But I'd still prefer to see the max-banks value be
> associated to a new compatible.
>
> Thanks,
>
> Boris

I want to use this driver for ARM-based UniPhier SoCs.
Their DT files are located as follows:

arch/arm/boot/dts/uniphier-*
arch/arm64/boot/dts/socionext/uniphier-*


If we decided to add new DT compatible strings rather than DT property,
which string would you suggest?
Should it include "denali" or just SoC name "uniphier-*"?
How about the vendor prefix?  "denali," or "socionext," ?


like this?  I am not sure...


nand: nand@6800 {
compatible = "socionext,uniphier-pro5-nand", "denali,denali-nand-dt";
reg-names = "nand_data", "denali_reg";
reg = <0x6800 0x20>, <0x6810 0x1000>;
interrupts = <0 65 4>;
pinctrl-names = "default";
pinctrl-0 = <_nand>;
clocks = <>;
};


At least, I need two DT compatible strings,
for old/new "n_banks" encoding.

The following part is also a problem for me because
platform-specific ECC bit is hard-coded in the driver.

The comment claims that Intel MRST supports 8bit and 15bit for ecc.strenth,
while the Denali IP on UniPhier SoCs supports 8bit, 16bit, and 24bit ECC.

I need to do something with it to proceed, but the code is crappy.


/*
 

[patch] ext4 crypto: fix some error handling

[Dan Carpenter]

We should be testing for -ENOMEM but the minus sign is missing.

Fixes: c9af28fdd449 ('ext4 crypto: don't let data integrity writebacks fail 
with ENOMEM')
Signed-off-by: Dan Carpenter 

diff --git a/fs/ext4/page-io.c b/fs/ext4/page-io.c
index 51b3492..b39d9c7 100644
--- a/fs/ext4/page-io.c
+++ b/fs/ext4/page-io.c
@@ -477,7 +477,7 @@ int ext4_bio_write_page(struct ext4_io_submit *io,
data_page = ext4_encrypt(inode, page, gfp_flags);
if (IS_ERR(data_page)) {
ret = PTR_ERR(data_page);
-   if (ret == ENOMEM && wbc->sync_mode == WB_SYNC_ALL) {
+   if (ret == -ENOMEM && wbc->sync_mode == WB_SYNC_ALL) {
if (io->io_bio) {
ext4_io_submit(io);
congestion_wait(BLK_RW_ASYNC, HZ/50);

[patch] ext4 crypto: fix some error handling

[Dan Carpenter]

We should be testing for -ENOMEM but the minus sign is missing.

Fixes: c9af28fdd449 ('ext4 crypto: don't let data integrity writebacks fail 
with ENOMEM')
Signed-off-by: Dan Carpenter 

diff --git a/fs/ext4/page-io.c b/fs/ext4/page-io.c
index 51b3492..b39d9c7 100644
--- a/fs/ext4/page-io.c
+++ b/fs/ext4/page-io.c
@@ -477,7 +477,7 @@ int ext4_bio_write_page(struct ext4_io_submit *io,
data_page = ext4_encrypt(inode, page, gfp_flags);
if (IS_ERR(data_page)) {
ret = PTR_ERR(data_page);
-   if (ret == ENOMEM && wbc->sync_mode == WB_SYNC_ALL) {
+   if (ret == -ENOMEM && wbc->sync_mode == WB_SYNC_ALL) {
if (io->io_bio) {
ext4_io_submit(io);
congestion_wait(BLK_RW_ASYNC, HZ/50);

Re: [PATCH 03/11] locking, rwsem: introduce basis for down_write_killable

[Davidlohr Bueso]

On Fri, 01 Apr 2016, Michal Hocko wrote:


From: Michal Hocko 

Introduce a generic implementation necessary for down_write_killable.
This is a trivial extension of the already existing down_write call
which can be interrupted by SIGKILL.  This patch doesn't provide
down_write_killable yet because arches have to provide the necessary
pieces before.

rwsem_down_write_failed which is a generic slow path for the
write lock is extended to allow a task state and renamed to
__rwsem_down_write_failed_state. The return value is either a valid
semaphore pointer or ERR_PTR(-EINTR).

rwsem_down_write_failed_killable is exported as a new way to wait for
the lock and be killable.

For rwsem-spinlock implementation the current __down_write it updated
in a similar way as __rwsem_down_write_failed_state except it doesn't
need new exports just visible __down_write_killable.

Architectures which are not using the generic rwsem implementation are
supposed to provide their __down_write_killable implementation and
use rwsem_down_write_failed_killable for the slow path.


So in a nutshell, this is supposed to be the (writer) rwsem counterpart of
mutex_lock_killable() and down_killable(), right?

[...]


--- a/kernel/locking/rwsem-xadd.c
+++ b/kernel/locking/rwsem-xadd.c
@@ -433,12 +433,13 @@ static inline bool rwsem_has_spinner(struct rw_semaphore 
*sem)
/*
 * Wait until we successfully acquire the write lock
 */
-__visible
-struct rw_semaphore __sched *rwsem_down_write_failed(struct rw_semaphore *sem)
+static inline struct rw_semaphore *
+__rwsem_down_write_failed_state(struct rw_semaphore *sem, int state)


fwiw I'm not a fan of the _state naming. While I understand why you chose it, I 
feel
it does not really describe the purpose of the call itself. The state logic 
alone is
really quite small and therefore should not govern the function name. Why not 
just apply
kiss and label things _common, ie like mutexes do? This would also standardize 
names a
bit.


{
long count;
bool waiting = true; /* any queued threads before us */
struct rwsem_waiter waiter;
+   struct rw_semaphore *ret = sem;

/* undo write bias from down_write operation, stop active locking */
count = rwsem_atomic_update(-RWSEM_ACTIVE_WRITE_BIAS, sem);
@@ -478,7 +479,7 @@ struct rw_semaphore __sched *rwsem_down_write_failed(struct 
rw_semaphore *sem)
count = rwsem_atomic_update(RWSEM_WAITING_BIAS, sem);

/* wait until we successfully acquire the lock */
-   set_current_state(TASK_UNINTERRUPTIBLE);
+   set_current_state(state);
while (true) {
if (rwsem_try_write_lock(count, sem))
break;
@@ -486,21 +487,39 @@ struct rw_semaphore __sched 
*rwsem_down_write_failed(struct rw_semaphore *sem)

/* Block until there are no active lockers. */
do {
+   if (signal_pending_state(state, current)) {


  ^^ unlikely()?


+   raw_spin_lock_irq(>wait_lock);


If the lock is highly contended + a bad workload for spin-on-owner, this could 
take a while :)
Of course, this is a side effect of the wait until no active lockers 
optimization which avoids
the wait_lock in the first place, so fortunately it somewhat mitigates the 
situation.


+   ret = ERR_PTR(-EINTR);
+   goto out;
+   }
schedule();
-   set_current_state(TASK_UNINTERRUPTIBLE);
+   set_current_state(state);
} while ((count = sem->count) & RWSEM_ACTIVE_MASK);

raw_spin_lock_irq(>wait_lock);
}
+out:
__set_current_state(TASK_RUNNING);
-


You certainly don't want this iff exiting due to TASK_KILLABLE situation.


list_del();
raw_spin_unlock_irq(>wait_lock);

-   return sem;
+   return ret;
+}


Thanks,
Davidlohr

Re: [PATCH 03/11] locking, rwsem: introduce basis for down_write_killable

[Davidlohr Bueso]

On Fri, 01 Apr 2016, Michal Hocko wrote:


From: Michal Hocko 

Introduce a generic implementation necessary for down_write_killable.
This is a trivial extension of the already existing down_write call
which can be interrupted by SIGKILL.  This patch doesn't provide
down_write_killable yet because arches have to provide the necessary
pieces before.

rwsem_down_write_failed which is a generic slow path for the
write lock is extended to allow a task state and renamed to
__rwsem_down_write_failed_state. The return value is either a valid
semaphore pointer or ERR_PTR(-EINTR).

rwsem_down_write_failed_killable is exported as a new way to wait for
the lock and be killable.

For rwsem-spinlock implementation the current __down_write it updated
in a similar way as __rwsem_down_write_failed_state except it doesn't
need new exports just visible __down_write_killable.

Architectures which are not using the generic rwsem implementation are
supposed to provide their __down_write_killable implementation and
use rwsem_down_write_failed_killable for the slow path.


So in a nutshell, this is supposed to be the (writer) rwsem counterpart of
mutex_lock_killable() and down_killable(), right?

[...]


--- a/kernel/locking/rwsem-xadd.c
+++ b/kernel/locking/rwsem-xadd.c
@@ -433,12 +433,13 @@ static inline bool rwsem_has_spinner(struct rw_semaphore 
*sem)
/*
 * Wait until we successfully acquire the write lock
 */
-__visible
-struct rw_semaphore __sched *rwsem_down_write_failed(struct rw_semaphore *sem)
+static inline struct rw_semaphore *
+__rwsem_down_write_failed_state(struct rw_semaphore *sem, int state)


fwiw I'm not a fan of the _state naming. While I understand why you chose it, I 
feel
it does not really describe the purpose of the call itself. The state logic 
alone is
really quite small and therefore should not govern the function name. Why not 
just apply
kiss and label things _common, ie like mutexes do? This would also standardize 
names a
bit.


{
long count;
bool waiting = true; /* any queued threads before us */
struct rwsem_waiter waiter;
+   struct rw_semaphore *ret = sem;

/* undo write bias from down_write operation, stop active locking */
count = rwsem_atomic_update(-RWSEM_ACTIVE_WRITE_BIAS, sem);
@@ -478,7 +479,7 @@ struct rw_semaphore __sched *rwsem_down_write_failed(struct 
rw_semaphore *sem)
count = rwsem_atomic_update(RWSEM_WAITING_BIAS, sem);

/* wait until we successfully acquire the lock */
-   set_current_state(TASK_UNINTERRUPTIBLE);
+   set_current_state(state);
while (true) {
if (rwsem_try_write_lock(count, sem))
break;
@@ -486,21 +487,39 @@ struct rw_semaphore __sched 
*rwsem_down_write_failed(struct rw_semaphore *sem)

/* Block until there are no active lockers. */
do {
+   if (signal_pending_state(state, current)) {


  ^^ unlikely()?


+   raw_spin_lock_irq(>wait_lock);


If the lock is highly contended + a bad workload for spin-on-owner, this could 
take a while :)
Of course, this is a side effect of the wait until no active lockers 
optimization which avoids
the wait_lock in the first place, so fortunately it somewhat mitigates the 
situation.


+   ret = ERR_PTR(-EINTR);
+   goto out;
+   }
schedule();
-   set_current_state(TASK_UNINTERRUPTIBLE);
+   set_current_state(state);
} while ((count = sem->count) & RWSEM_ACTIVE_MASK);

raw_spin_lock_irq(>wait_lock);
}
+out:
__set_current_state(TASK_RUNNING);
-


You certainly don't want this iff exiting due to TASK_KILLABLE situation.


list_del();
raw_spin_unlock_irq(>wait_lock);

-   return sem;
+   return ret;
+}


Thanks,
Davidlohr

Re: [PATCH v5 2/5] GCC plugin infrastructure

[Masahiro Yamada]

Hi Emese,

Sorry for my late reply.


> Thanks for the patch. I tested it and there is a problem when I run a 
> parallel make.
> The plugins are compiled later than needed (e.g., scripts/mod/empty.o). There 
> is a lot of important
> code under scripts/mod which may need the plugins.

Ah, I missed that.


> If the plugins were compiled when the "scripts_basic"
> target runs it would be good but unfortunately the config symbol 
> CONFIG_GCC_PLUGINS doesn't seem to be defined yet.
> Could you please help me solve this problem?


How about this?

It should apply on commit 0b005b886bde6c4b9134d01f830d88d464911a65
of your tree.



diff --git a/Makefile b/Makefile
index 1c7a379..d3518e0 100644
--- a/Makefile
+++ b/Makefile
@@ -550,7 +550,7 @@ ifeq ($(KBUILD_EXTMOD),)
 # in parallel
 PHONY += scripts
 scripts: scripts_basic include/config/auto.conf include/config/tristate.conf \
-asm-generic
+asm-generic gcc-plugins
$(Q)$(MAKE) $(build)=$(@)

 # Objects we will link into vmlinux / subdirs we need to visit
@@ -625,6 +625,13 @@ endif
 # Tell gcc to never replace conditional load with a non-conditional one
 KBUILD_CFLAGS  += $(call cc-option,--param=allow-store-data-races=0)

+PHONY += gcc-plugins
+gcc-plugins: scripts_basic
+ifdef CONFIG_GCC_PLUGINS
+   $(Q)$(MAKE) $(build)=scripts/gcc-plugins
+endif
+   @:
+
 include scripts/Makefile.gcc-plugins

 ifdef CONFIG_READABLE_ASM
@@ -1008,7 +1015,7 @@ archprepare: archheaders archscripts prepare1
scripts_basic

 prepare0: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS)
 prepare0: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS)
-prepare0: archprepare FORCE
+prepare0: archprepare gcc-plugins FORCE
$(Q)$(MAKE) $(build)=.

 # All the preparing..
diff --git a/scripts/Makefile b/scripts/Makefile
index 0ba652c..1d80897 100644
--- a/scripts/Makefile
+++ b/scripts/Makefile
@@ -45,7 +45,6 @@ subdir-y += mod
 subdir-$(CONFIG_SECURITY_SELINUX) += selinux
 subdir-$(CONFIG_DTC) += dtc
 subdir-$(CONFIG_GDB_SCRIPTS) += gdb
-subdir-$(CONFIG_GCC_PLUGINS) += gcc-plugins

 # Let clean descend into subdirs
-subdir-+= basic kconfig package
+subdir-+= basic kconfig package gcc-plugins





-- 
Best Regards
Masahiro Yamada

Re: [PATCH v5 2/5] GCC plugin infrastructure

[Masahiro Yamada]

Hi Emese,

Sorry for my late reply.


> Thanks for the patch. I tested it and there is a problem when I run a 
> parallel make.
> The plugins are compiled later than needed (e.g., scripts/mod/empty.o). There 
> is a lot of important
> code under scripts/mod which may need the plugins.

Ah, I missed that.


> If the plugins were compiled when the "scripts_basic"
> target runs it would be good but unfortunately the config symbol 
> CONFIG_GCC_PLUGINS doesn't seem to be defined yet.
> Could you please help me solve this problem?


How about this?

It should apply on commit 0b005b886bde6c4b9134d01f830d88d464911a65
of your tree.



diff --git a/Makefile b/Makefile
index 1c7a379..d3518e0 100644
--- a/Makefile
+++ b/Makefile
@@ -550,7 +550,7 @@ ifeq ($(KBUILD_EXTMOD),)
 # in parallel
 PHONY += scripts
 scripts: scripts_basic include/config/auto.conf include/config/tristate.conf \
-asm-generic
+asm-generic gcc-plugins
$(Q)$(MAKE) $(build)=$(@)

 # Objects we will link into vmlinux / subdirs we need to visit
@@ -625,6 +625,13 @@ endif
 # Tell gcc to never replace conditional load with a non-conditional one
 KBUILD_CFLAGS  += $(call cc-option,--param=allow-store-data-races=0)

+PHONY += gcc-plugins
+gcc-plugins: scripts_basic
+ifdef CONFIG_GCC_PLUGINS
+   $(Q)$(MAKE) $(build)=scripts/gcc-plugins
+endif
+   @:
+
 include scripts/Makefile.gcc-plugins

 ifdef CONFIG_READABLE_ASM
@@ -1008,7 +1015,7 @@ archprepare: archheaders archscripts prepare1
scripts_basic

 prepare0: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS)
 prepare0: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS)
-prepare0: archprepare FORCE
+prepare0: archprepare gcc-plugins FORCE
$(Q)$(MAKE) $(build)=.

 # All the preparing..
diff --git a/scripts/Makefile b/scripts/Makefile
index 0ba652c..1d80897 100644
--- a/scripts/Makefile
+++ b/scripts/Makefile
@@ -45,7 +45,6 @@ subdir-y += mod
 subdir-$(CONFIG_SECURITY_SELINUX) += selinux
 subdir-$(CONFIG_DTC) += dtc
 subdir-$(CONFIG_GDB_SCRIPTS) += gdb
-subdir-$(CONFIG_GCC_PLUGINS) += gcc-plugins

 # Let clean descend into subdirs
-subdir-+= basic kconfig package
+subdir-+= basic kconfig package gcc-plugins





-- 
Best Regards
Masahiro Yamada

Re: [PATCH] sbs-battery: fix power status when battery is dry

[Sebastian Reichel]

Hi,

On Thu, Mar 31, 2016 at 10:42:31AM +0800, YH Huang wrote:
> On Wed, 2016-03-30 at 17:09 +0200, Sebastian Reichel wrote:
> > Hi,
> > 
> > On Wed, Mar 30, 2016 at 04:58:30PM +0800, YH Huang wrote:
> > > If I revise the description in this way(using your clear explanation):
> > > 
> > > The battery capacity changing course is like this:
> > > 
> > > full: BATTERY_FULLY_CHARGED => POWER_SUPPLY_STATUS_FULL
> > > 
> > > high->low: BATTERY_DISCHARGING => POWER_SUPPLY_STATUS_DISCHARGING
> > > ~0%: DISCHARGING & FULLY_DISCHARGED => POWER_SUPPLY_STATUS_NOT_CHARGING
> > > 
> > > 0%~20%: FULLY_DISCHARGED => POWER_SUPPLY_STATUS_CHARGING
> > > 20%~: No flag => POWER_SUPPLY_STATUS_CHARGING
> > > 
> > > For now, it is not exactly right to show the status as
> > > POWER_SUPPLY_STATUS_NOT_CHARGING when the battery is dry
> > > (FULLY_DISCHARGED) and AC is plugged in.
> > > Although the battery is in a low level, system works fine with the AC
> > > charging.
> > > It is better to say that the battery is charging.
> > > 
> > > 
> > > How about this?
> > > By the way, should I also revise the title?
> > 
> > POWER_SUPPLY_STATUS_NOT_CHARGING is used for AC connected, but
> > battery not charging (e.g. because battery temperature is out
> > of acceptable range). If you are discharging use
> > POWER_SUPPLY_STATUS_DISCHARGING.
> > 
> > You should just ignore the FULLY_DISCHARGED bit in the status
> > property. If you don't want to loose the information about fully
> > discharged battery add POWER_SUPPLY_PROP_CAPACITY_LEVEL, which maps:
> > 
> > BATTERY_FULLY_CHARGED => POWER_SUPPLY_CAPACITY_LEVEL_FULL
> > FULLY_DISCHARGED => POWER_SUPPLY_CAPACITY_LEVEL_CRITICAL
> > otherwise => POWER_SUPPLY_CAPACITY_LEVEL_NORMAL
> 
> Oops.
> It looks like I misunderstand POWER_SUPPLY_STATUS_NOT_CHARGING.
> As Daniel said before, we could just ignore FULLY_DISCHARGED.
> 
> So change like the
> 
> sbs-battery: fix power status when battery charging near
> dry
> 
> POWER_SUPPLY_STATUS_NOT_CHARGING is used for AC connected, but
> battery not charging (e.g. because battery temperature is out
> of acceptable range).
> 
> When battery is charging near dry and BATTERY_FULL_DISCHARGED is set,
> it is wrong to set as POWER_SUPPLY_STATUS_NOT_CHARGING.
> Just use BATTERY_DISCHARGING to decide the power supply status is
> discharging or charging.
> 
> if (ret & BATTERY_FULL_CHARGED)
> val->intval = POWER_SUPPLY_STATUS_FULL;
> -   else if (ret & BATTERY_FULL_DISCHARGED)
> -   val->intval = POWER_SUPPLY_STATUS_NOT_CHARGING;
> else if (ret & BATTERY_DISCHARGING)
> val->intval = POWER_SUPPLY_STATUS_DISCHARGING;
> 

Yes, that looks fine. Can you send this correctly formated for git?

-- Sebastian


signature.asc
Description: PGP signature

Re: [PATCH] sbs-battery: fix power status when battery is dry

[Sebastian Reichel]

Hi,

On Thu, Mar 31, 2016 at 10:42:31AM +0800, YH Huang wrote:
> On Wed, 2016-03-30 at 17:09 +0200, Sebastian Reichel wrote:
> > Hi,
> > 
> > On Wed, Mar 30, 2016 at 04:58:30PM +0800, YH Huang wrote:
> > > If I revise the description in this way(using your clear explanation):
> > > 
> > > The battery capacity changing course is like this:
> > > 
> > > full: BATTERY_FULLY_CHARGED => POWER_SUPPLY_STATUS_FULL
> > > 
> > > high->low: BATTERY_DISCHARGING => POWER_SUPPLY_STATUS_DISCHARGING
> > > ~0%: DISCHARGING & FULLY_DISCHARGED => POWER_SUPPLY_STATUS_NOT_CHARGING
> > > 
> > > 0%~20%: FULLY_DISCHARGED => POWER_SUPPLY_STATUS_CHARGING
> > > 20%~: No flag => POWER_SUPPLY_STATUS_CHARGING
> > > 
> > > For now, it is not exactly right to show the status as
> > > POWER_SUPPLY_STATUS_NOT_CHARGING when the battery is dry
> > > (FULLY_DISCHARGED) and AC is plugged in.
> > > Although the battery is in a low level, system works fine with the AC
> > > charging.
> > > It is better to say that the battery is charging.
> > > 
> > > 
> > > How about this?
> > > By the way, should I also revise the title?
> > 
> > POWER_SUPPLY_STATUS_NOT_CHARGING is used for AC connected, but
> > battery not charging (e.g. because battery temperature is out
> > of acceptable range). If you are discharging use
> > POWER_SUPPLY_STATUS_DISCHARGING.
> > 
> > You should just ignore the FULLY_DISCHARGED bit in the status
> > property. If you don't want to loose the information about fully
> > discharged battery add POWER_SUPPLY_PROP_CAPACITY_LEVEL, which maps:
> > 
> > BATTERY_FULLY_CHARGED => POWER_SUPPLY_CAPACITY_LEVEL_FULL
> > FULLY_DISCHARGED => POWER_SUPPLY_CAPACITY_LEVEL_CRITICAL
> > otherwise => POWER_SUPPLY_CAPACITY_LEVEL_NORMAL
> 
> Oops.
> It looks like I misunderstand POWER_SUPPLY_STATUS_NOT_CHARGING.
> As Daniel said before, we could just ignore FULLY_DISCHARGED.
> 
> So change like the
> 
> sbs-battery: fix power status when battery charging near
> dry
> 
> POWER_SUPPLY_STATUS_NOT_CHARGING is used for AC connected, but
> battery not charging (e.g. because battery temperature is out
> of acceptable range).
> 
> When battery is charging near dry and BATTERY_FULL_DISCHARGED is set,
> it is wrong to set as POWER_SUPPLY_STATUS_NOT_CHARGING.
> Just use BATTERY_DISCHARGING to decide the power supply status is
> discharging or charging.
> 
> if (ret & BATTERY_FULL_CHARGED)
> val->intval = POWER_SUPPLY_STATUS_FULL;
> -   else if (ret & BATTERY_FULL_DISCHARGED)
> -   val->intval = POWER_SUPPLY_STATUS_NOT_CHARGING;
> else if (ret & BATTERY_DISCHARGING)
> val->intval = POWER_SUPPLY_STATUS_DISCHARGING;
> 

Yes, that looks fine. Can you send this correctly formated for git?

-- Sebastian


signature.asc
Description: PGP signature

Re: [PATCH] tpm: remove redundant code from self-test functions

[Jason Gunthorpe]

On Thu, Mar 31, 2016 at 09:37:56AM +0300, Jarkko Sakkinen wrote:
> On Wed, Mar 30, 2016 at 11:46:23PM -0600, Jason Gunthorpe wrote:
> > On Wed, Mar 30, 2016 at 04:20:45PM +0300, Jarkko Sakkinen wrote:
> >   
> > > - rc = be32_to_cpu(cmd.header.out.return_code);
> > >   if (rc == TPM_ERR_DISABLED || rc == TPM_ERR_DEACTIVATED) {
> > 
> > This line is the entire reason it is open coded, I see it being
> > removed, but I don't see how the functionality is maintained?
> 
> When tpm_trance_cmd() returns a positive number it is the TPM error code
> that it returns. tpm_pcr_read() does pass through whatever
> tpm_trace_cmd() returns so the above condition should still work as
> expected.

Okay, everything looks fine to me

Jason

Re: [PATCH] tpm: remove redundant code from self-test functions

[Jason Gunthorpe]

On Thu, Mar 31, 2016 at 09:37:56AM +0300, Jarkko Sakkinen wrote:
> On Wed, Mar 30, 2016 at 11:46:23PM -0600, Jason Gunthorpe wrote:
> > On Wed, Mar 30, 2016 at 04:20:45PM +0300, Jarkko Sakkinen wrote:
> >   
> > > - rc = be32_to_cpu(cmd.header.out.return_code);
> > >   if (rc == TPM_ERR_DISABLED || rc == TPM_ERR_DEACTIVATED) {
> > 
> > This line is the entire reason it is open coded, I see it being
> > removed, but I don't see how the functionality is maintained?
> 
> When tpm_trance_cmd() returns a positive number it is the TPM error code
> that it returns. tpm_pcr_read() does pass through whatever
> tpm_trace_cmd() returns so the above condition should still work as
> expected.

Okay, everything looks fine to me

Jason

Re: [PATCH RT 4/6] rt/locking: Reenable migration accross schedule

[Mike Galbraith]

On Fri, 2016-04-01 at 23:11 +0200, Sebastian Andrzej Siewior wrote:
> * Mike Galbraith | 2016-03-31 08:31:43 [+0200]:
> 
> > 3. nuke irksome grab_lock: make everybody always try to get the hell
> > outta Dodge or hotplug can bloody well wait.
> > 
> > I haven't yet flogged my 64 core box doing that, but my local boxen
> > seem to be saying we don't really really need the grab_lock business.
> > 
> > Are my boxen fibbing, is that very attractive looking door #3 a trap?
> 
> By the time I improved hotplug I played with this. I had a few ideas but
> it didn't fly in the end. Today however I ended up with this:

Yeah, but that fails the duct tape test too.  Mine is below, and is the
extra sticky variety ;-)  With busted 0299 patch reverted and those two
applied, my DL980 took a beating for ~36 hours before I aborted it.. ie
hotplug road seemingly has no more -rt specific potholes.

If that lock dies, we can unpin when entering lock slow path and pin
again post acquisition with no ABBA worries as well, and not only does
existing hotplug work heaping truckloads better, -rt can perhaps help
spot trouble as the rewrite proceeds.

Current state is more broken than ever.. if that's possible.

-Mike

hotplug/rt: Do not let pin_current_cpu() block RCU grace periods

Notifiers may depend upon grace periods continuing to advance
as blk_mq_queue_reinit_notify() below.

crash> bt 8803aee76400
PID: 1113   TASK: 8803aee76400  CPU: 0   COMMAND: "stress-cpu-hotp"
 #0 [880396fe7ad8] __schedule at 816b7142
 #1 [880396fe7b28] schedule at 816b797b
 #2 [880396fe7b48] blk_mq_freeze_queue_wait at 8135c5ac
 #3 [880396fe7b80] blk_mq_queue_reinit_notify at 8135f819
 #4 [880396fe7b98] notifier_call_chain at 8109b8ed
 #5 [880396fe7bd8] __raw_notifier_call_chain at 8109b91e
 #6 [880396fe7be8] __cpu_notify at 81072825
 #7 [880396fe7bf8] cpu_notify_nofail at 81072b15
 #8 [880396fe7c08] notify_dead at 81072d06
 #9 [880396fe7c38] cpuhp_invoke_callback at 81073718
#10 [880396fe7c78] cpuhp_down_callbacks at 81073a70
#11 [880396fe7cb8] _cpu_down at 816afc71
#12 [880396fe7d38] do_cpu_down at 8107435c
#13 [880396fe7d60] cpu_down at 81074390
#14 [880396fe7d70] cpu_subsys_offline at 814cd854
#15 [880396fe7d80] device_offline at 814c7cda
#16 [880396fe7da8] online_store at 814c7dd0
#17 [880396fe7dd0] dev_attr_store at 814c4fc8
#18 [880396fe7de0] sysfs_kf_write at 812cfbe4
#19 [880396fe7e08] kernfs_fop_write at 812cf172
#20 [880396fe7e50] __vfs_write at 81241428
#21 [880396fe7ed0] vfs_write at 81242535
#22 [880396fe7f10] sys_write at 812438f9
#23 [880396fe7f50] entry_SYSCALL_64_fastpath at 816bb4bc
RIP: 7fafd918acd0  RSP: 7ffd2ca956e8  RFLAGS: 0246
RAX: ffda  RBX: 0226a770  RCX: 7fafd918acd0
RDX: 0002  RSI: 7fafd9cb9000  RDI: 0001
RBP: 7ffd2ca95700   R8: 000a   R9: 7fafd9cb3700
R10:   R11: 0246  R12: 0007
R13: 0001  R14: 0009  R15: 000a
ORIG_RAX: 0001  CS: 0033  SS: 002b

blk_mq_queue_reinit_notify:
/*
 * We need to freeze and reinit all existing queues.  Freezing
 * involves synchronous wait for an RCU grace period and doing it
 * one by one may take a long time.  Start freezing all queues in
 * one swoop and then wait for the completions so that freezing can
 * take place in parallel.
 */
list_for_each_entry(q, _q_list, all_q_node)
blk_mq_freeze_queue_start(q);
list_for_each_entry(q, _q_list, all_q_node) {
blk_mq_freeze_queue_wait(q);

crash> bt 880176cc9900
PID: 17 TASK: 880176cc9900  CPU: 0   COMMAND: "rcu_sched"
 #0 [880176cd7ab8] __schedule at 816b7142
 #1 [880176cd7b08] schedule at 816b797b
 #2 [880176cd7b28] rt_spin_lock_slowlock at 816b974d
 #3 [880176cd7bc8] rt_spin_lock_fastlock at 811b0f3c
 #4 [880176cd7be8] rt_spin_lock__no_mg at 816bac1b
 #5 [880176cd7c08] pin_current_cpu at 8107406a
 #6 [880176cd7c50] migrate_disable at 810a0e9e
 #7 [880176cd7c70] rt_spin_lock at 816bad69
 #8 [880176cd7c90] lock_timer_base at 810fc5e8
 #9 [880176cd7cc8] try_to_del_timer_sync at 810fe290
#10 [880176cd7cf0] del_timer_sync at 810fe381
#11 [880176cd7d58] schedule_timeout at 816b9e4b
#12 [880176cd7df0] rcu_gp_kthread at 810f52b4
#13 [880176cd7e70] kthread at 8109a02f
#14 [880176cd7f50] ret_from_fork at 816bb6f2

Game Over.

Signed-off-by: Mike Galbraith 

Re: [PATCH RT 4/6] rt/locking: Reenable migration accross schedule

[Mike Galbraith]

On Fri, 2016-04-01 at 23:11 +0200, Sebastian Andrzej Siewior wrote:
> * Mike Galbraith | 2016-03-31 08:31:43 [+0200]:
> 
> > 3. nuke irksome grab_lock: make everybody always try to get the hell
> > outta Dodge or hotplug can bloody well wait.
> > 
> > I haven't yet flogged my 64 core box doing that, but my local boxen
> > seem to be saying we don't really really need the grab_lock business.
> > 
> > Are my boxen fibbing, is that very attractive looking door #3 a trap?
> 
> By the time I improved hotplug I played with this. I had a few ideas but
> it didn't fly in the end. Today however I ended up with this:

Yeah, but that fails the duct tape test too.  Mine is below, and is the
extra sticky variety ;-)  With busted 0299 patch reverted and those two
applied, my DL980 took a beating for ~36 hours before I aborted it.. ie
hotplug road seemingly has no more -rt specific potholes.

If that lock dies, we can unpin when entering lock slow path and pin
again post acquisition with no ABBA worries as well, and not only does
existing hotplug work heaping truckloads better, -rt can perhaps help
spot trouble as the rewrite proceeds.

Current state is more broken than ever.. if that's possible.

-Mike

hotplug/rt: Do not let pin_current_cpu() block RCU grace periods

Notifiers may depend upon grace periods continuing to advance
as blk_mq_queue_reinit_notify() below.

crash> bt 8803aee76400
PID: 1113   TASK: 8803aee76400  CPU: 0   COMMAND: "stress-cpu-hotp"
 #0 [880396fe7ad8] __schedule at 816b7142
 #1 [880396fe7b28] schedule at 816b797b
 #2 [880396fe7b48] blk_mq_freeze_queue_wait at 8135c5ac
 #3 [880396fe7b80] blk_mq_queue_reinit_notify at 8135f819
 #4 [880396fe7b98] notifier_call_chain at 8109b8ed
 #5 [880396fe7bd8] __raw_notifier_call_chain at 8109b91e
 #6 [880396fe7be8] __cpu_notify at 81072825
 #7 [880396fe7bf8] cpu_notify_nofail at 81072b15
 #8 [880396fe7c08] notify_dead at 81072d06
 #9 [880396fe7c38] cpuhp_invoke_callback at 81073718
#10 [880396fe7c78] cpuhp_down_callbacks at 81073a70
#11 [880396fe7cb8] _cpu_down at 816afc71
#12 [880396fe7d38] do_cpu_down at 8107435c
#13 [880396fe7d60] cpu_down at 81074390
#14 [880396fe7d70] cpu_subsys_offline at 814cd854
#15 [880396fe7d80] device_offline at 814c7cda
#16 [880396fe7da8] online_store at 814c7dd0
#17 [880396fe7dd0] dev_attr_store at 814c4fc8
#18 [880396fe7de0] sysfs_kf_write at 812cfbe4
#19 [880396fe7e08] kernfs_fop_write at 812cf172
#20 [880396fe7e50] __vfs_write at 81241428
#21 [880396fe7ed0] vfs_write at 81242535
#22 [880396fe7f10] sys_write at 812438f9
#23 [880396fe7f50] entry_SYSCALL_64_fastpath at 816bb4bc
RIP: 7fafd918acd0  RSP: 7ffd2ca956e8  RFLAGS: 0246
RAX: ffda  RBX: 0226a770  RCX: 7fafd918acd0
RDX: 0002  RSI: 7fafd9cb9000  RDI: 0001
RBP: 7ffd2ca95700   R8: 000a   R9: 7fafd9cb3700
R10:   R11: 0246  R12: 0007
R13: 0001  R14: 0009  R15: 000a
ORIG_RAX: 0001  CS: 0033  SS: 002b

blk_mq_queue_reinit_notify:
/*
 * We need to freeze and reinit all existing queues.  Freezing
 * involves synchronous wait for an RCU grace period and doing it
 * one by one may take a long time.  Start freezing all queues in
 * one swoop and then wait for the completions so that freezing can
 * take place in parallel.
 */
list_for_each_entry(q, _q_list, all_q_node)
blk_mq_freeze_queue_start(q);
list_for_each_entry(q, _q_list, all_q_node) {
blk_mq_freeze_queue_wait(q);

crash> bt 880176cc9900
PID: 17 TASK: 880176cc9900  CPU: 0   COMMAND: "rcu_sched"
 #0 [880176cd7ab8] __schedule at 816b7142
 #1 [880176cd7b08] schedule at 816b797b
 #2 [880176cd7b28] rt_spin_lock_slowlock at 816b974d
 #3 [880176cd7bc8] rt_spin_lock_fastlock at 811b0f3c
 #4 [880176cd7be8] rt_spin_lock__no_mg at 816bac1b
 #5 [880176cd7c08] pin_current_cpu at 8107406a
 #6 [880176cd7c50] migrate_disable at 810a0e9e
 #7 [880176cd7c70] rt_spin_lock at 816bad69
 #8 [880176cd7c90] lock_timer_base at 810fc5e8
 #9 [880176cd7cc8] try_to_del_timer_sync at 810fe290
#10 [880176cd7cf0] del_timer_sync at 810fe381
#11 [880176cd7d58] schedule_timeout at 816b9e4b
#12 [880176cd7df0] rcu_gp_kthread at 810f52b4
#13 [880176cd7e70] kthread at 8109a02f
#14 [880176cd7f50] ret_from_fork at 816bb6f2

Game Over.

Signed-off-by: Mike Galbraith 
---
 

[PATCH 1/3] ext4: Pass in DIO_SKIP_DIO_COUNT flag if inode_dio_begin() called

[Waiman Long]

When performing direct I/O, the current ext4 code does
not pass in the DIO_SKIP_DIO_COUNT flag to dax_do_io() or
__blockdev_direct_IO() when inode_dio_begin() has, in fact, been
called. This causes dax_do_io()/__blockdev_direct_IO() to invoke
inode_dio_begin()/inode_dio_end() internally.  This doubling of
inode_dio_begin()/inode_dio_end() calls are wasteful.

This patch removes the extra internal inode_dio_begin()/inode_dio_end()
calls when those calls are being issued by the caller directly. For
really fast storage systems like NVDIMM, the removal of the extra
inode_dio_begin()/inode_dio_end() can give a meaningful boost to
I/O performance.

On a 4-socket Haswell-EX system (72 cores) running 4.6-rc1 kernel,
fio with 38 threads doing parallel I/O on two shared files on an
NVDIMM with DAX gave the following aggregrate bandwidth with and
without the patch:

  Test  W/O patch   With patch  % change
    -   --  
  Read-only  8688MB/s   10173MB/s+17.1%
  Read-write 2687MB/s2830MB/s +5.3%

Signed-off-by: Waiman Long 
---
 fs/ext4/indirect.c |   10 --
 fs/ext4/inode.c|   12 +---
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/fs/ext4/indirect.c b/fs/ext4/indirect.c
index 3027fa6..4304be6 100644
--- a/fs/ext4/indirect.c
+++ b/fs/ext4/indirect.c
@@ -706,14 +706,20 @@ retry:
inode_dio_end(inode);
goto locked;
}
+   /*
+* Need to pass in DIO_SKIP_DIO_COUNT to prevent
+* duplicated inode_dio_begin/inode_dio_end sequence.
+*/
if (IS_DAX(inode))
ret = dax_do_io(iocb, inode, iter, offset,
-   ext4_dio_get_block, NULL, 0);
+   ext4_dio_get_block, NULL,
+   DIO_SKIP_DIO_COUNT);
else
ret = __blockdev_direct_IO(iocb, inode,
   inode->i_sb->s_bdev, iter,
   offset, ext4_dio_get_block,
-  NULL, NULL, 0);
+  NULL, NULL,
+  DIO_SKIP_DIO_COUNT);
inode_dio_end(inode);
} else {
 locked:
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index dab84a2..779aa33 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -3358,9 +3358,15 @@ static ssize_t ext4_ext_direct_IO(struct kiocb *iocb, 
struct iov_iter *iter,
 * Make all waiters for direct IO properly wait also for extent
 * conversion. This also disallows race between truncate() and
 * overwrite DIO as i_dio_count needs to be incremented under i_mutex.
+*
+* Both dax_do_io() and __blockdev_direct_IO() will unnecessarily
+* call inode_dio_begin()/inode_dio_end() again if the
+* DIO_SKIP_DIO_COUNT flag is not set.
 */
-   if (iov_iter_rw(iter) == WRITE)
+   if (iov_iter_rw(iter) == WRITE) {
+   dio_flags = DIO_SKIP_DIO_COUNT;
inode_dio_begin(inode);
+   }
 
/* If we do a overwrite dio, i_mutex locking can be released */
overwrite = *((int *)iocb->private);
@@ -3393,10 +3399,10 @@ static ssize_t ext4_ext_direct_IO(struct kiocb *iocb, 
struct iov_iter *iter,
get_block_func = ext4_dio_get_block_overwrite;
else if (is_sync_kiocb(iocb)) {
get_block_func = ext4_dio_get_block_unwritten_sync;
-   dio_flags = DIO_LOCKING;
+   dio_flags |= DIO_LOCKING;
} else {
get_block_func = ext4_dio_get_block_unwritten_async;
-   dio_flags = DIO_LOCKING;
+   dio_flags |= DIO_LOCKING;
}
 #ifdef CONFIG_EXT4_FS_ENCRYPTION
BUG_ON(ext4_encrypted_inode(inode) && S_ISREG(inode->i_mode));
-- 
1.7.1

[PATCH 1/3] ext4: Pass in DIO_SKIP_DIO_COUNT flag if inode_dio_begin() called

[Waiman Long]

When performing direct I/O, the current ext4 code does
not pass in the DIO_SKIP_DIO_COUNT flag to dax_do_io() or
__blockdev_direct_IO() when inode_dio_begin() has, in fact, been
called. This causes dax_do_io()/__blockdev_direct_IO() to invoke
inode_dio_begin()/inode_dio_end() internally.  This doubling of
inode_dio_begin()/inode_dio_end() calls are wasteful.

This patch removes the extra internal inode_dio_begin()/inode_dio_end()
calls when those calls are being issued by the caller directly. For
really fast storage systems like NVDIMM, the removal of the extra
inode_dio_begin()/inode_dio_end() can give a meaningful boost to
I/O performance.

On a 4-socket Haswell-EX system (72 cores) running 4.6-rc1 kernel,
fio with 38 threads doing parallel I/O on two shared files on an
NVDIMM with DAX gave the following aggregrate bandwidth with and
without the patch:

  Test  W/O patch   With patch  % change
    -   --  
  Read-only  8688MB/s   10173MB/s+17.1%
  Read-write 2687MB/s2830MB/s +5.3%

Signed-off-by: Waiman Long 
---
 fs/ext4/indirect.c |   10 --
 fs/ext4/inode.c|   12 +---
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/fs/ext4/indirect.c b/fs/ext4/indirect.c
index 3027fa6..4304be6 100644
--- a/fs/ext4/indirect.c
+++ b/fs/ext4/indirect.c
@@ -706,14 +706,20 @@ retry:
inode_dio_end(inode);
goto locked;
}
+   /*
+* Need to pass in DIO_SKIP_DIO_COUNT to prevent
+* duplicated inode_dio_begin/inode_dio_end sequence.
+*/
if (IS_DAX(inode))
ret = dax_do_io(iocb, inode, iter, offset,
-   ext4_dio_get_block, NULL, 0);
+   ext4_dio_get_block, NULL,
+   DIO_SKIP_DIO_COUNT);
else
ret = __blockdev_direct_IO(iocb, inode,
   inode->i_sb->s_bdev, iter,
   offset, ext4_dio_get_block,
-  NULL, NULL, 0);
+  NULL, NULL,
+  DIO_SKIP_DIO_COUNT);
inode_dio_end(inode);
} else {
 locked:
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index dab84a2..779aa33 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -3358,9 +3358,15 @@ static ssize_t ext4_ext_direct_IO(struct kiocb *iocb, 
struct iov_iter *iter,
 * Make all waiters for direct IO properly wait also for extent
 * conversion. This also disallows race between truncate() and
 * overwrite DIO as i_dio_count needs to be incremented under i_mutex.
+*
+* Both dax_do_io() and __blockdev_direct_IO() will unnecessarily
+* call inode_dio_begin()/inode_dio_end() again if the
+* DIO_SKIP_DIO_COUNT flag is not set.
 */
-   if (iov_iter_rw(iter) == WRITE)
+   if (iov_iter_rw(iter) == WRITE) {
+   dio_flags = DIO_SKIP_DIO_COUNT;
inode_dio_begin(inode);
+   }
 
/* If we do a overwrite dio, i_mutex locking can be released */
overwrite = *((int *)iocb->private);
@@ -3393,10 +3399,10 @@ static ssize_t ext4_ext_direct_IO(struct kiocb *iocb, 
struct iov_iter *iter,
get_block_func = ext4_dio_get_block_overwrite;
else if (is_sync_kiocb(iocb)) {
get_block_func = ext4_dio_get_block_unwritten_sync;
-   dio_flags = DIO_LOCKING;
+   dio_flags |= DIO_LOCKING;
} else {
get_block_func = ext4_dio_get_block_unwritten_async;
-   dio_flags = DIO_LOCKING;
+   dio_flags |= DIO_LOCKING;
}
 #ifdef CONFIG_EXT4_FS_ENCRYPTION
BUG_ON(ext4_encrypted_inode(inode) && S_ISREG(inode->i_mode));
-- 
1.7.1

[PATCH 0/3] ext4: Improve parallel I/O performance on NVDIMM

[Waiman Long]

This patchset aims to improve parallel I/O performance of the ext4
filesystem on fast storage devices like NVDIMM.

Patch 1 eliminates duplicated inode_dio_begin()/inode_dio_end() calls.

Patch 2 provides a set of simple percpu statistics count helper functions.

Patch 3 converts some ext4 statistics counts into percpu counts using
the helper functions.

Waiman Long (3):
  ext4: Pass in DIO_SKIP_DIO_COUNT flag if inode_dio_begin() called
  percpu_stats: Simple per-cpu statistics count helper functions
  ext4: Make cache hits/misses per-cpu counts

 fs/ext4/extents_status.c |   20 +---
 fs/ext4/extents_status.h |   11 -
 fs/ext4/indirect.c   |   10 +++-
 fs/ext4/inode.c  |   12 -
 include/linux/percpu_stats.h |  103 ++
 5 files changed, 141 insertions(+), 15 deletions(-)
 create mode 100644 include/linux/percpu_stats.h

[PATCH 0/3] ext4: Improve parallel I/O performance on NVDIMM

[Waiman Long]

This patchset aims to improve parallel I/O performance of the ext4
filesystem on fast storage devices like NVDIMM.

Patch 1 eliminates duplicated inode_dio_begin()/inode_dio_end() calls.

Patch 2 provides a set of simple percpu statistics count helper functions.

Patch 3 converts some ext4 statistics counts into percpu counts using
the helper functions.

Waiman Long (3):
  ext4: Pass in DIO_SKIP_DIO_COUNT flag if inode_dio_begin() called
  percpu_stats: Simple per-cpu statistics count helper functions
  ext4: Make cache hits/misses per-cpu counts

 fs/ext4/extents_status.c |   20 +---
 fs/ext4/extents_status.h |   11 -
 fs/ext4/indirect.c   |   10 +++-
 fs/ext4/inode.c  |   12 -
 include/linux/percpu_stats.h |  103 ++
 5 files changed, 141 insertions(+), 15 deletions(-)
 create mode 100644 include/linux/percpu_stats.h

[PATCH 2/3] percpu_stats: Simple per-cpu statistics count helper functions

[Waiman Long]

This patch introduces a set of simple per-cpu statictics count helper
functions that can be used by other kernel subsystems for keeping
track of the number of events that happens. It is per-cpu based to
reduce overhead and improve accuracy of the counter. Using per-cpu
counter is usually overkill for such purpose.

The following APIs are provided:

 - int percpu_stats_init(struct percpu_stats *pcs, int num)
   Initialize the per-cpu statictics counts structure which should have
   the given number of statistics counts. Return -ENOMEM on error.

 - void percpu_stats_destroy(struct percpu_stats *pcs)
   Free the percpu memory allocated.

 - void percpu_stats_inc(struct percpu_stats *pcs, int stat)
   void percpu_stats_dec(struct percpu_stats *pcs, int stat)
   Increment and decrement the given per-cpu statistics count.

 - unsigned long percpu_stats_sum(struct percpu_stats *pcs, int stat)
   Return the current aggregated sum of the given statistics count.

 - void percpu_stats_reset(struct percpu_stats *pcs)
   Clear all the statistics counts defined in the given percpu_stats
   structure.

Signed-off-by: Waiman Long 
---
 include/linux/percpu_stats.h |  103 ++
 1 files changed, 103 insertions(+), 0 deletions(-)
 create mode 100644 include/linux/percpu_stats.h

diff --git a/include/linux/percpu_stats.h b/include/linux/percpu_stats.h
new file mode 100644
index 000..a4f715e
--- /dev/null
+++ b/include/linux/percpu_stats.h
@@ -0,0 +1,103 @@
+#ifndef _LINUX_PERCPU_STATS_H
+#define _LINUX_PERCPU_STATS_H
+/*
+ * Simple per-cpu statistics counts that have less overhead than the
+ * per-cpu counters.
+ */
+#include 
+#include 
+
+struct percpu_stats {
+   unsigned long __percpu *stats;
+   int nstats; /* Number of statistics counts in stats array */
+};
+
+/*
+ * Reset the all statistics counts to 0 in the percpu_stats structure
+ */
+static inline void percpu_stats_reset(struct percpu_stats *pcs)
+{
+   int cpu;
+
+   for_each_possible_cpu(cpu) {
+   unsigned long *pstats =  per_cpu_ptr(pcs->stats, cpu);
+   int stat;
+
+   for (stat = 0; stat < pcs->nstats; stat++, pstats++)
+   *pstats = 0;
+   }
+
+   /*
+* If a statistics count is in the middle of being updated, it
+* is possible that the above clearing may not work. So we need
+* to double check again to make sure that the counters are really
+* cleared. Still there is a still a very small chance that the
+* second clearing does not work.
+*/
+   for_each_possible_cpu(cpu) {
+   unsigned long *pstats =  per_cpu_ptr(pcs->stats, cpu);
+   int stat;
+
+   for (stat = 0; stat < pcs->nstats; stat++, pstats++)
+   if (*pstats)
+   *pstats = 0;
+   }
+}
+
+static inline int percpu_stats_init(struct percpu_stats *pcs, int num)
+{
+   pcs->nstats = num;
+   pcs->stats  = __alloc_percpu(sizeof(unsigned long) * num,
+__alignof__(unsigned long));
+   if (!pcs->stats)
+   return -ENOMEM;
+
+   percpu_stats_reset(pcs);
+   return 0;
+}
+
+static inline void percpu_stats_destroy(struct percpu_stats *pcs)
+{
+   free_percpu(pcs->stats);
+   pcs->stats  = NULL;
+   pcs->nstats = 0;
+}
+
+static inline void
+__percpu_stats_add(struct percpu_stats *pcs, int stat, int cnt)
+{
+   unsigned long *pstat;
+
+   if ((unsigned int)stat >= pcs->nstats)
+   return;
+   preempt_disable();
+   pstat = this_cpu_ptr(>stats[stat]);
+   *pstat += cnt;
+   preempt_enable();
+}
+
+static inline void percpu_stats_inc(struct percpu_stats *pcs, int stat)
+{
+   __percpu_stats_add(pcs, stat, 1);
+}
+
+static inline void percpu_stats_dec(struct percpu_stats *pcs, int stat)
+{
+   __percpu_stats_add(pcs, stat, -1);
+}
+
+static inline unsigned long
+percpu_stats_sum(struct percpu_stats *pcs, int stat)
+{
+   int cpu;
+   unsigned long sum = 0;
+
+   if ((unsigned int)stat >= pcs->nstats)
+   return sum;
+
+   for_each_possible_cpu(cpu)
+   sum += per_cpu(pcs->stats[stat], cpu);
+   return sum;
+}
+
+#endif /* _LINUX_PERCPU_STATS_H */
-- 
1.7.1

[PATCH 3/3] ext4: Make cache hits/misses per-cpu counts

[Waiman Long]

This patch changes the es_stats_cache_hits and es_stats_cache_misses
statistics counts to per-cpu variables to reduce cacheline contention
issues whem multiple threads are trying to update those counts
simultaneously. It uses the new per-cpu stats APIs provided by the
percpu_stats.h header file.

With a 38-threads fio I/O test with 2 shared files (on DAX-mount
NVDIMM) running on a 4-socket Haswell-EX server with 4.6-rc1 kernel,
the aggregated bandwidths before and after the patch were:

  Test  W/O patch   With patch  % change
    -   --  
  Read-only 10173MB/s   16141MB/s+58.7%
  Read-write 2830MB/s4315MB/s+52.5%

Signed-off-by: Waiman Long 
---
 fs/ext4/extents_status.c |   20 
 fs/ext4/extents_status.h |   11 +--
 2 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/fs/ext4/extents_status.c b/fs/ext4/extents_status.c
index e38b987..01f8436 100644
--- a/fs/ext4/extents_status.c
+++ b/fs/ext4/extents_status.c
@@ -825,9 +825,9 @@ out:
es->es_pblk = es1->es_pblk;
if (!ext4_es_is_referenced(es1))
ext4_es_set_referenced(es1);
-   stats->es_stats_cache_hits++;
+   percpu_stats_inc(>es_stats, es_stats_cache_hits);
} else {
-   stats->es_stats_cache_misses++;
+   percpu_stats_inc(>es_stats, es_stats_cache_misses);
}
 
read_unlock(_I(inode)->i_es_lock);
@@ -1114,8 +1114,8 @@ int ext4_seq_es_shrinker_info_show(struct seq_file *seq, 
void *v)
   percpu_counter_sum_positive(_stats->es_stats_all_cnt),
   percpu_counter_sum_positive(_stats->es_stats_shk_cnt));
seq_printf(seq, "  %lu/%lu cache hits/misses\n",
-  es_stats->es_stats_cache_hits,
-  es_stats->es_stats_cache_misses);
+  percpu_stats_sum(_stats->es_stats, es_stats_cache_hits),
+  percpu_stats_sum(_stats->es_stats, 
es_stats_cache_misses));
if (inode_cnt)
seq_printf(seq, "  %d inodes on list\n", inode_cnt);
 
@@ -1142,8 +1142,6 @@ int ext4_es_register_shrinker(struct ext4_sb_info *sbi)
sbi->s_es_nr_inode = 0;
spin_lock_init(>s_es_lock);
sbi->s_es_stats.es_stats_shrunk = 0;
-   sbi->s_es_stats.es_stats_cache_hits = 0;
-   sbi->s_es_stats.es_stats_cache_misses = 0;
sbi->s_es_stats.es_stats_scan_time = 0;
sbi->s_es_stats.es_stats_max_scan_time = 0;
err = percpu_counter_init(>s_es_stats.es_stats_all_cnt, 0, 
GFP_KERNEL);
@@ -1153,15 +1151,20 @@ int ext4_es_register_shrinker(struct ext4_sb_info *sbi)
if (err)
goto err1;
 
+   err = percpu_stats_init(>s_es_stats.es_stats, es_stats_cnt);
+   if (err)
+   goto err2;
+
sbi->s_es_shrinker.scan_objects = ext4_es_scan;
sbi->s_es_shrinker.count_objects = ext4_es_count;
sbi->s_es_shrinker.seeks = DEFAULT_SEEKS;
err = register_shrinker(>s_es_shrinker);
if (err)
-   goto err2;
+   goto err3;
 
return 0;
-
+err3:
+   percpu_stats_destroy(>s_es_stats.es_stats);
 err2:
percpu_counter_destroy(>s_es_stats.es_stats_shk_cnt);
 err1:
@@ -1173,6 +1176,7 @@ void ext4_es_unregister_shrinker(struct ext4_sb_info *sbi)
 {
percpu_counter_destroy(>s_es_stats.es_stats_all_cnt);
percpu_counter_destroy(>s_es_stats.es_stats_shk_cnt);
+   percpu_stats_destroy(>s_es_stats.es_stats);
unregister_shrinker(>s_es_shrinker);
 }
 
diff --git a/fs/ext4/extents_status.h b/fs/ext4/extents_status.h
index f7aa24f..c163189 100644
--- a/fs/ext4/extents_status.h
+++ b/fs/ext4/extents_status.h
@@ -11,6 +11,8 @@
 #ifndef _EXT4_EXTENTS_STATUS_H
 #define _EXT4_EXTENTS_STATUS_H
 
+#include 
+
 /*
  * Turn on ES_DEBUG__ to get lots of info about extent status operations.
  */
@@ -67,10 +69,15 @@ struct ext4_es_tree {
struct extent_status *cache_es; /* recently accessed extent */
 };
 
+enum ext4_es_stat_type {
+   es_stats_cache_hits,
+   es_stats_cache_misses,
+   es_stats_cnt,
+};
+
 struct ext4_es_stats {
unsigned long es_stats_shrunk;
-   unsigned long es_stats_cache_hits;
-   unsigned long es_stats_cache_misses;
+   struct percpu_stats es_stats;
u64 es_stats_scan_time;
u64 es_stats_max_scan_time;
struct percpu_counter es_stats_all_cnt;
-- 
1.7.1

[PATCH 2/3] percpu_stats: Simple per-cpu statistics count helper functions

[Waiman Long]

This patch introduces a set of simple per-cpu statictics count helper
functions that can be used by other kernel subsystems for keeping
track of the number of events that happens. It is per-cpu based to
reduce overhead and improve accuracy of the counter. Using per-cpu
counter is usually overkill for such purpose.

The following APIs are provided:

 - int percpu_stats_init(struct percpu_stats *pcs, int num)
   Initialize the per-cpu statictics counts structure which should have
   the given number of statistics counts. Return -ENOMEM on error.

 - void percpu_stats_destroy(struct percpu_stats *pcs)
   Free the percpu memory allocated.

 - void percpu_stats_inc(struct percpu_stats *pcs, int stat)
   void percpu_stats_dec(struct percpu_stats *pcs, int stat)
   Increment and decrement the given per-cpu statistics count.

 - unsigned long percpu_stats_sum(struct percpu_stats *pcs, int stat)
   Return the current aggregated sum of the given statistics count.

 - void percpu_stats_reset(struct percpu_stats *pcs)
   Clear all the statistics counts defined in the given percpu_stats
   structure.

Signed-off-by: Waiman Long 
---
 include/linux/percpu_stats.h |  103 ++
 1 files changed, 103 insertions(+), 0 deletions(-)
 create mode 100644 include/linux/percpu_stats.h

diff --git a/include/linux/percpu_stats.h b/include/linux/percpu_stats.h
new file mode 100644
index 000..a4f715e
--- /dev/null
+++ b/include/linux/percpu_stats.h
@@ -0,0 +1,103 @@
+#ifndef _LINUX_PERCPU_STATS_H
+#define _LINUX_PERCPU_STATS_H
+/*
+ * Simple per-cpu statistics counts that have less overhead than the
+ * per-cpu counters.
+ */
+#include 
+#include 
+
+struct percpu_stats {
+   unsigned long __percpu *stats;
+   int nstats; /* Number of statistics counts in stats array */
+};
+
+/*
+ * Reset the all statistics counts to 0 in the percpu_stats structure
+ */
+static inline void percpu_stats_reset(struct percpu_stats *pcs)
+{
+   int cpu;
+
+   for_each_possible_cpu(cpu) {
+   unsigned long *pstats =  per_cpu_ptr(pcs->stats, cpu);
+   int stat;
+
+   for (stat = 0; stat < pcs->nstats; stat++, pstats++)
+   *pstats = 0;
+   }
+
+   /*
+* If a statistics count is in the middle of being updated, it
+* is possible that the above clearing may not work. So we need
+* to double check again to make sure that the counters are really
+* cleared. Still there is a still a very small chance that the
+* second clearing does not work.
+*/
+   for_each_possible_cpu(cpu) {
+   unsigned long *pstats =  per_cpu_ptr(pcs->stats, cpu);
+   int stat;
+
+   for (stat = 0; stat < pcs->nstats; stat++, pstats++)
+   if (*pstats)
+   *pstats = 0;
+   }
+}
+
+static inline int percpu_stats_init(struct percpu_stats *pcs, int num)
+{
+   pcs->nstats = num;
+   pcs->stats  = __alloc_percpu(sizeof(unsigned long) * num,
+__alignof__(unsigned long));
+   if (!pcs->stats)
+   return -ENOMEM;
+
+   percpu_stats_reset(pcs);
+   return 0;
+}
+
+static inline void percpu_stats_destroy(struct percpu_stats *pcs)
+{
+   free_percpu(pcs->stats);
+   pcs->stats  = NULL;
+   pcs->nstats = 0;
+}
+
+static inline void
+__percpu_stats_add(struct percpu_stats *pcs, int stat, int cnt)
+{
+   unsigned long *pstat;
+
+   if ((unsigned int)stat >= pcs->nstats)
+   return;
+   preempt_disable();
+   pstat = this_cpu_ptr(>stats[stat]);
+   *pstat += cnt;
+   preempt_enable();
+}
+
+static inline void percpu_stats_inc(struct percpu_stats *pcs, int stat)
+{
+   __percpu_stats_add(pcs, stat, 1);
+}
+
+static inline void percpu_stats_dec(struct percpu_stats *pcs, int stat)
+{
+   __percpu_stats_add(pcs, stat, -1);
+}
+
+static inline unsigned long
+percpu_stats_sum(struct percpu_stats *pcs, int stat)
+{
+   int cpu;
+   unsigned long sum = 0;
+
+   if ((unsigned int)stat >= pcs->nstats)
+   return sum;
+
+   for_each_possible_cpu(cpu)
+   sum += per_cpu(pcs->stats[stat], cpu);
+   return sum;
+}
+
+#endif /* _LINUX_PERCPU_STATS_H */
-- 
1.7.1

[PATCH 3/3] ext4: Make cache hits/misses per-cpu counts

[Waiman Long]

This patch changes the es_stats_cache_hits and es_stats_cache_misses
statistics counts to per-cpu variables to reduce cacheline contention
issues whem multiple threads are trying to update those counts
simultaneously. It uses the new per-cpu stats APIs provided by the
percpu_stats.h header file.

With a 38-threads fio I/O test with 2 shared files (on DAX-mount
NVDIMM) running on a 4-socket Haswell-EX server with 4.6-rc1 kernel,
the aggregated bandwidths before and after the patch were:

  Test  W/O patch   With patch  % change
    -   --  
  Read-only 10173MB/s   16141MB/s+58.7%
  Read-write 2830MB/s4315MB/s+52.5%

Signed-off-by: Waiman Long 
---
 fs/ext4/extents_status.c |   20 
 fs/ext4/extents_status.h |   11 +--
 2 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/fs/ext4/extents_status.c b/fs/ext4/extents_status.c
index e38b987..01f8436 100644
--- a/fs/ext4/extents_status.c
+++ b/fs/ext4/extents_status.c
@@ -825,9 +825,9 @@ out:
es->es_pblk = es1->es_pblk;
if (!ext4_es_is_referenced(es1))
ext4_es_set_referenced(es1);
-   stats->es_stats_cache_hits++;
+   percpu_stats_inc(>es_stats, es_stats_cache_hits);
} else {
-   stats->es_stats_cache_misses++;
+   percpu_stats_inc(>es_stats, es_stats_cache_misses);
}
 
read_unlock(_I(inode)->i_es_lock);
@@ -1114,8 +1114,8 @@ int ext4_seq_es_shrinker_info_show(struct seq_file *seq, 
void *v)
   percpu_counter_sum_positive(_stats->es_stats_all_cnt),
   percpu_counter_sum_positive(_stats->es_stats_shk_cnt));
seq_printf(seq, "  %lu/%lu cache hits/misses\n",
-  es_stats->es_stats_cache_hits,
-  es_stats->es_stats_cache_misses);
+  percpu_stats_sum(_stats->es_stats, es_stats_cache_hits),
+  percpu_stats_sum(_stats->es_stats, 
es_stats_cache_misses));
if (inode_cnt)
seq_printf(seq, "  %d inodes on list\n", inode_cnt);
 
@@ -1142,8 +1142,6 @@ int ext4_es_register_shrinker(struct ext4_sb_info *sbi)
sbi->s_es_nr_inode = 0;
spin_lock_init(>s_es_lock);
sbi->s_es_stats.es_stats_shrunk = 0;
-   sbi->s_es_stats.es_stats_cache_hits = 0;
-   sbi->s_es_stats.es_stats_cache_misses = 0;
sbi->s_es_stats.es_stats_scan_time = 0;
sbi->s_es_stats.es_stats_max_scan_time = 0;
err = percpu_counter_init(>s_es_stats.es_stats_all_cnt, 0, 
GFP_KERNEL);
@@ -1153,15 +1151,20 @@ int ext4_es_register_shrinker(struct ext4_sb_info *sbi)
if (err)
goto err1;
 
+   err = percpu_stats_init(>s_es_stats.es_stats, es_stats_cnt);
+   if (err)
+   goto err2;
+
sbi->s_es_shrinker.scan_objects = ext4_es_scan;
sbi->s_es_shrinker.count_objects = ext4_es_count;
sbi->s_es_shrinker.seeks = DEFAULT_SEEKS;
err = register_shrinker(>s_es_shrinker);
if (err)
-   goto err2;
+   goto err3;
 
return 0;
-
+err3:
+   percpu_stats_destroy(>s_es_stats.es_stats);
 err2:
percpu_counter_destroy(>s_es_stats.es_stats_shk_cnt);
 err1:
@@ -1173,6 +1176,7 @@ void ext4_es_unregister_shrinker(struct ext4_sb_info *sbi)
 {
percpu_counter_destroy(>s_es_stats.es_stats_all_cnt);
percpu_counter_destroy(>s_es_stats.es_stats_shk_cnt);
+   percpu_stats_destroy(>s_es_stats.es_stats);
unregister_shrinker(>s_es_shrinker);
 }
 
diff --git a/fs/ext4/extents_status.h b/fs/ext4/extents_status.h
index f7aa24f..c163189 100644
--- a/fs/ext4/extents_status.h
+++ b/fs/ext4/extents_status.h
@@ -11,6 +11,8 @@
 #ifndef _EXT4_EXTENTS_STATUS_H
 #define _EXT4_EXTENTS_STATUS_H
 
+#include 
+
 /*
  * Turn on ES_DEBUG__ to get lots of info about extent status operations.
  */
@@ -67,10 +69,15 @@ struct ext4_es_tree {
struct extent_status *cache_es; /* recently accessed extent */
 };
 
+enum ext4_es_stat_type {
+   es_stats_cache_hits,
+   es_stats_cache_misses,
+   es_stats_cnt,
+};
+
 struct ext4_es_stats {
unsigned long es_stats_shrunk;
-   unsigned long es_stats_cache_hits;
-   unsigned long es_stats_cache_misses;
+   struct percpu_stats es_stats;
u64 es_stats_scan_time;
u64 es_stats_max_scan_time;
struct percpu_counter es_stats_all_cnt;
-- 
1.7.1

Re: [PATCH v2 net-next] net/core: generic support for disabling netdev features down stack

[Michał Mirosław]

Hi,

Sorry for digging up an old patch, but... ;-)

dev_disable_lro() is a leftover from ancient times. If you read commit
27660515a,
there is a hint where it should go. Please, read on if you'd like to
fix this properly.

2015-11-03 3:55 GMT+01:00 Jarod Wilson :
> There are some netdev features, which when disabled on an upper device,
> such as a bonding master or a bridge, must be disabled and cannot be
> re-enabled on underlying devices.
[...]
> --- a/net/core/dev.c
> +++ b/net/core/dev.c
> @@ -6288,6 +6288,44 @@ static void rollback_registered(struct net_device *dev)
> list_del();
>  }
>
> +static netdev_features_t netdev_sync_upper_features(struct net_device *lower,
> +   struct net_device *upper, netdev_features_t features)
> +{
> +   netdev_features_t upper_disables = NETIF_F_UPPER_DISABLES;
> +   netdev_features_t feature;
> +
> +   for_each_netdev_feature(_disables, feature) {
> +   if (!(upper->wanted_features & feature)
> +   && (features & feature)) {
> +   netdev_dbg(lower, "Dropping feature %pNF, upper dev 
> %s has it off.\n",
> +  , upper->name);
> +   features &= ~feature;
> +   }
> +   }

You could do this once:

disable_features = ~upper->features & features & NETIF_F_UPPER_DISABLES;
if (features & disable_features)
  netdev_dbg(...)
features &= ~disable_features;

> +
> +   return features;
> +}
[...]
> @@ -6370,6 +6410,10 @@ int __netdev_update_features(struct net_device *dev)
> /* driver might be less strict about feature dependencies */
> features = netdev_fix_features(dev, features);
>
> +   /* some features can't be enabled if they're off an an upper device */
> +   netdev_for_each_upper_dev_rcu(dev, upper, iter)
> +   features = netdev_sync_upper_features(dev, upper, features);
> +
> if (dev->features == features)
> return 0;
>

This should go into netdev_fix_features(), as it is a one single place,
where are feature dependencies are verified.

[...]
> @@ -6386,6 +6430,12 @@ int __netdev_update_features(struct net_device *dev)
> return -1;
> }
>
> +   /* some features must be disabled on lower devices when disabled
> +* on an upper device (think: bonding master or bridge)
> +*/
> +   netdev_for_each_lower_dev(dev, lower, iter)
> +   netdev_sync_lower_features(dev, lower, features);
> +
[...]

This should be equal in resulting flags to:

   netdev_for_each_lower_dev(dev, lower...)
 netdev_update_features(lower);

because netdev_fix_features(lower) will see already changed dev->features.

Best Regards,
Michał Mirosław

Re: [PATCH v2 net-next] net/core: generic support for disabling netdev features down stack

[Michał Mirosław]

Hi,

Sorry for digging up an old patch, but... ;-)

dev_disable_lro() is a leftover from ancient times. If you read commit
27660515a,
there is a hint where it should go. Please, read on if you'd like to
fix this properly.

2015-11-03 3:55 GMT+01:00 Jarod Wilson :
> There are some netdev features, which when disabled on an upper device,
> such as a bonding master or a bridge, must be disabled and cannot be
> re-enabled on underlying devices.
[...]
> --- a/net/core/dev.c
> +++ b/net/core/dev.c
> @@ -6288,6 +6288,44 @@ static void rollback_registered(struct net_device *dev)
> list_del();
>  }
>
> +static netdev_features_t netdev_sync_upper_features(struct net_device *lower,
> +   struct net_device *upper, netdev_features_t features)
> +{
> +   netdev_features_t upper_disables = NETIF_F_UPPER_DISABLES;
> +   netdev_features_t feature;
> +
> +   for_each_netdev_feature(_disables, feature) {
> +   if (!(upper->wanted_features & feature)
> +   && (features & feature)) {
> +   netdev_dbg(lower, "Dropping feature %pNF, upper dev 
> %s has it off.\n",
> +  , upper->name);
> +   features &= ~feature;
> +   }
> +   }

You could do this once:

disable_features = ~upper->features & features & NETIF_F_UPPER_DISABLES;
if (features & disable_features)
  netdev_dbg(...)
features &= ~disable_features;

> +
> +   return features;
> +}
[...]
> @@ -6370,6 +6410,10 @@ int __netdev_update_features(struct net_device *dev)
> /* driver might be less strict about feature dependencies */
> features = netdev_fix_features(dev, features);
>
> +   /* some features can't be enabled if they're off an an upper device */
> +   netdev_for_each_upper_dev_rcu(dev, upper, iter)
> +   features = netdev_sync_upper_features(dev, upper, features);
> +
> if (dev->features == features)
> return 0;
>

This should go into netdev_fix_features(), as it is a one single place,
where are feature dependencies are verified.

[...]
> @@ -6386,6 +6430,12 @@ int __netdev_update_features(struct net_device *dev)
> return -1;
> }
>
> +   /* some features must be disabled on lower devices when disabled
> +* on an upper device (think: bonding master or bridge)
> +*/
> +   netdev_for_each_lower_dev(dev, lower, iter)
> +   netdev_sync_lower_features(dev, lower, features);
> +
[...]

This should be equal in resulting flags to:

   netdev_for_each_lower_dev(dev, lower...)
 netdev_update_features(lower);

because netdev_fix_features(lower) will see already changed dev->features.

Best Regards,
Michał Mirosław

Re: [RESEND PATCH V4 2/3] IB/hns: Add HiSilicon RoCE driver support

[Leon Romanovsky]

On Fri, Apr 01, 2016 at 05:21:31PM +0800, Lijun Ou wrote:
> The driver for HiSilicon RoCE is a platform driver.
> The driver will support multiple versions of hardware. Currently only "v1"
> for hip06 SoC is supported.
> The driver includes two parts: common driver and hardware-specific
> operations. hns_roce_v1_hw.c and hns_roce_v1_hw.h are files for
> hardware-specific operations only for v1 engine, and other files(.c and .h)
> for common algorithm and common hardware operations.
> 
> Signed-off-by: Lijun Ou 
> Signed-off-by: Wei Hu(Xavier) 
> Signed-off-by: Znlong 
> ---
>  MAINTAINERS|8 +
>  drivers/infiniband/Kconfig |1 +
>  drivers/infiniband/hw/Makefile |1 +
>  drivers/infiniband/hw/hisilicon/hns/Kconfig|   10 +
>  drivers/infiniband/hw/hisilicon/hns/Makefile   |9 +
>  drivers/infiniband/hw/hisilicon/hns/hns_roce_ah.c  |  110 +

We are not adding name of company (hisilicon) for infiniband HW drivers
drivers/infiniband/hw/hisilicon/hns/hns_roce_ah.c
--->
drivers/infiniband/hw/hns/hns_roce_ah.c


>  .../infiniband/hw/hisilicon/hns/hns_roce_alloc.c   |  239 ++
 ^^
Please fix you paths.

>  drivers/infiniband/hw/hisilicon/hns/hns_roce_cmd.c |  338 +++
>  drivers/infiniband/hw/hisilicon/hns/hns_roce_cmd.h |   80 +
>  .../infiniband/hw/hisilicon/hns/hns_roce_common.h  |  308 +++
>  drivers/infiniband/hw/hisilicon/hns/hns_roce_cq.c  |  436 +++
>  .../infiniband/hw/hisilicon/hns/hns_roce_device.h  |  794 ++
>  drivers/infiniband/hw/hisilicon/hns/hns_roce_eq.c  |  758 ++
>  drivers/infiniband/hw/hisilicon/hns/hns_roce_eq.h  |  132 +
>  drivers/infiniband/hw/hisilicon/hns/hns_roce_icm.c |  578 
>  drivers/infiniband/hw/hisilicon/hns/hns_roce_icm.h |  112 +
>  .../infiniband/hw/hisilicon/hns/hns_roce_main.c| 1097 
>  drivers/infiniband/hw/hisilicon/hns/hns_roce_mr.c  |  605 +
>  drivers/infiniband/hw/hisilicon/hns/hns_roce_pd.c  |  124 +
>  drivers/infiniband/hw/hisilicon/hns/hns_roce_qp.c  |  841 ++
>  .../infiniband/hw/hisilicon/hns/hns_roce_user.h|   31 +
>  .../infiniband/hw/hisilicon/hns/hns_roce_v1_hw.c   | 2832 
> 
>  .../infiniband/hw/hisilicon/hns/hns_roce_v1_hw.h   |  985 +++
  ^^
Do you support v1 of RoCE or v1 of your HW?

>  23 files changed, 10429 insertions(+)

Please appreciate the effort needed to review such large patch and
invest time and effort to divide this to number of small easy review patches.

Re: [RESEND PATCH V4 2/3] IB/hns: Add HiSilicon RoCE driver support

[Leon Romanovsky]

On Fri, Apr 01, 2016 at 05:21:31PM +0800, Lijun Ou wrote:
> The driver for HiSilicon RoCE is a platform driver.
> The driver will support multiple versions of hardware. Currently only "v1"
> for hip06 SoC is supported.
> The driver includes two parts: common driver and hardware-specific
> operations. hns_roce_v1_hw.c and hns_roce_v1_hw.h are files for
> hardware-specific operations only for v1 engine, and other files(.c and .h)
> for common algorithm and common hardware operations.
> 
> Signed-off-by: Lijun Ou 
> Signed-off-by: Wei Hu(Xavier) 
> Signed-off-by: Znlong 
> ---
>  MAINTAINERS|8 +
>  drivers/infiniband/Kconfig |1 +
>  drivers/infiniband/hw/Makefile |1 +
>  drivers/infiniband/hw/hisilicon/hns/Kconfig|   10 +
>  drivers/infiniband/hw/hisilicon/hns/Makefile   |9 +
>  drivers/infiniband/hw/hisilicon/hns/hns_roce_ah.c  |  110 +

We are not adding name of company (hisilicon) for infiniband HW drivers
drivers/infiniband/hw/hisilicon/hns/hns_roce_ah.c
--->
drivers/infiniband/hw/hns/hns_roce_ah.c


>  .../infiniband/hw/hisilicon/hns/hns_roce_alloc.c   |  239 ++
 ^^
Please fix you paths.

>  drivers/infiniband/hw/hisilicon/hns/hns_roce_cmd.c |  338 +++
>  drivers/infiniband/hw/hisilicon/hns/hns_roce_cmd.h |   80 +
>  .../infiniband/hw/hisilicon/hns/hns_roce_common.h  |  308 +++
>  drivers/infiniband/hw/hisilicon/hns/hns_roce_cq.c  |  436 +++
>  .../infiniband/hw/hisilicon/hns/hns_roce_device.h  |  794 ++
>  drivers/infiniband/hw/hisilicon/hns/hns_roce_eq.c  |  758 ++
>  drivers/infiniband/hw/hisilicon/hns/hns_roce_eq.h  |  132 +
>  drivers/infiniband/hw/hisilicon/hns/hns_roce_icm.c |  578 
>  drivers/infiniband/hw/hisilicon/hns/hns_roce_icm.h |  112 +
>  .../infiniband/hw/hisilicon/hns/hns_roce_main.c| 1097 
>  drivers/infiniband/hw/hisilicon/hns/hns_roce_mr.c  |  605 +
>  drivers/infiniband/hw/hisilicon/hns/hns_roce_pd.c  |  124 +
>  drivers/infiniband/hw/hisilicon/hns/hns_roce_qp.c  |  841 ++
>  .../infiniband/hw/hisilicon/hns/hns_roce_user.h|   31 +
>  .../infiniband/hw/hisilicon/hns/hns_roce_v1_hw.c   | 2832 
> 
>  .../infiniband/hw/hisilicon/hns/hns_roce_v1_hw.h   |  985 +++
  ^^
Do you support v1 of RoCE or v1 of your HW?

>  23 files changed, 10429 insertions(+)

Please appreciate the effort needed to review such large patch and
invest time and effort to divide this to number of small easy review patches.

Re: 4.4: INFO: rcu_sched self-detected stall on CPU

[Steven Haigh]

On 30/03/2016 1:14 AM, Boris Ostrovsky wrote:
> On 03/29/2016 04:56 AM, Steven Haigh wrote:
>>
>> Interestingly enough, this just happened again - but on a different
>> virtual machine. I'm starting to wonder if this may have something to do
>> with the uptime of the machine - as the system that this seems to happen
>> to is always different.
>>
>> Destroying it and monitoring it again has so far come up blank.
>>
>> I've thrown the latest lot of kernel messages here:
>>  http://paste.fedoraproject.org/346802/59241532
> 
> Would be good to see full console log. The one that you posted starts
> with an error so I wonder what was before that.

Ok, so I had a virtual machine do this again today. Both vcpus went to
100% usage and essentially hung. I attached to the screen console that
was connected via 'xl console' and copied the entire buffer to paste below:

yum-cron[30740]: segfault at 1781ab8 ip 7f2a7fcd282f sp
7ffe8655fe90 error 5 in libpython2.7.so.1.0[7f2a7fbf5000+178000]
swap_free: Bad swap file entry 2a2b7d5bb69515d8
BUG: Bad page map in process yum-cron  pte:56fab76d2a2bb06a pmd:0309e067
addr:0178 vm_flags:00100073 anon_vma:88007b974c08
mapping:  (null) index:1780
file:  (null) fault:  (null) mmap:  (null)
readpage:  (null)
CPU: 0 PID: 30740 Comm: yum-cron Tainted: GB
4.4.6-4.el7xen.x86_64 #1
  88004176bac0 81323d17 0178
 3000 88004176bb08 8117e574 81193d6e
 1780 88000309ec00 0178 56fab76d2a2bb06a
Call Trace:
 [] dump_stack+0x63/0x8c
 [] print_bad_pte+0x1e4/0x290
 [] ? swap_info_get+0x7e/0xe0
 [] unmap_single_vma+0x4ff/0x840
 [] unmap_vmas+0x47/0x90
 [] exit_mmap+0x98/0x150
 [] mmput+0x47/0x100
 [] do_exit+0x24e/0xad0
 [] do_group_exit+0x3f/0xa0
 [] get_signal+0x1c3/0x5e0
 [] do_signal+0x28/0x630
 [] ? printk+0x4d/0x4f
 [] ? vprintk_default+0x1f/0x30
 [] ? bad_area_access_error+0x43/0x4a
 [] ? __do_page_fault+0x22c/0x3f0
 [] exit_to_usermode_loop+0x4c/0x95
 [] prepare_exit_to_usermode+0x18/0x20
 [] retint_user+0x8/0x13
BUG: Bad page state in process yum-cron  pfn:0f3bf
page:ea3cefc0 count:0 mapcount:7 mapping:88000f3bf008
index:0x88000f3bf000
flags: 0x100094(referenced|dirty|slab)
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
bad because of flags:
flags: 0x80(slab)
Modules linked in: rpcsec_gss_krb5 nfsv4 nfs fscache
x86_pkg_temp_thermal coretemp crct10dif_pclmul aesni_intel aes_x86_64
lrw gf128mul glue_helper ablk_helper cryptd pcspkr nfsd auth_rpcgss
nfs_acl lockd grace sunrpc ip_tables xen_netfront crc32c_intel
xen_gntalloc xen_evtchn ipv6 autofs4
CPU: 0 PID: 30740 Comm: yum-cron Tainted: GB
4.4.6-4.el7xen.x86_64 #1
  88004176b958 81323d17 ea3cefc0
 817ab348 88004176b980 811c1ab5 ea3cefc0
 0001  88004176b9d0 81159584
Call Trace:
 [] dump_stack+0x63/0x8c
 [] bad_page.part.69+0xdf/0xfc
 [] free_pages_prepare+0x294/0x2a0
 [] free_hot_cold_page+0x31/0x160
 [] free_hot_cold_page_list+0x49/0xb0
 [] release_pages+0xc5/0x260
 [] free_pages_and_swap_cache+0x7d/0x90
 [] tlb_flush_mmu_free+0x36/0x60
 [] unmap_single_vma+0x664/0x840
 [] unmap_vmas+0x47/0x90
 [] exit_mmap+0x98/0x150
 [] mmput+0x47/0x100
 [] do_exit+0x24e/0xad0
 [] do_group_exit+0x3f/0xa0
 [] get_signal+0x1c3/0x5e0
 [] do_signal+0x28/0x630
 [] ? printk+0x4d/0x4f
 [] ? vprintk_default+0x1f/0x30
 [] ? bad_area_access_error+0x43/0x4a
 [] ? __do_page_fault+0x22c/0x3f0
 [] exit_to_usermode_loop+0x4c/0x95
 [] prepare_exit_to_usermode+0x18/0x20
 [] retint_user+0x8/0x13
BUG: Bad rss-counter state mm:88007b99e4c0 idx:0 val:-1
BUG: Bad rss-counter state mm:88007b99e4c0 idx:1 val:2
BUG: Bad rss-counter state mm:88007b99e4c0 idx:2 val:-1
yum-cron[4197]: segfault at 32947fcb ip 7ff0fa1bf8bd sp
7ffdb1c54990 error 4 in libpython2.7.so.1.0[7ff0fa13a000+178000]
BUG: unable to handle kernel paging request at 88010f3beffe
IP: [] free_block+0x119/0x190
PGD 188b063 PUD 0
Oops: 0002 [#1] SMP
Modules linked in: rpcsec_gss_krb5 nfsv4 nfs fscache
x86_pkg_temp_thermal coretemp crct10dif_pclmul aesni_intel aes_x86_64
lrw gf128mul glue_helper ablk_helper cryptd pcspkr nfsd auth_rpcgss
nfs_acl lockd grace sunrpc ip_tables xen_netfront crc32c_intel
xen_gntalloc xen_evtchn ipv6 autofs4
CPU: 1 PID: 8519 Comm: kworker/1:2 Tainted: GB
4.4.6-4.el7xen.x86_64 #1
Workqueue: events cache_reap
task: 8800346bf1c0 ti: 88005170 task.ti: 88005170
RIP: 0010:[]  [] free_block+0x119/0x190
RSP: 0018:880051703d40  EFLAGS: 00010082
RAX: ea3cefc0 RBX: ea00 RCX: 88000f3bf000
RDX: fffe RSI: 88007fd19c40 RDI: 88007d012100
RBP: 880051703d68 R08: 880051703d88 R09: 0006
R10: 88007d01a940 R11: 8000 R12: 77ff8000
R13: 88007fd19c58 R14: 

Re: 4.4: INFO: rcu_sched self-detected stall on CPU

[Steven Haigh]

On 30/03/2016 1:14 AM, Boris Ostrovsky wrote:
> On 03/29/2016 04:56 AM, Steven Haigh wrote:
>>
>> Interestingly enough, this just happened again - but on a different
>> virtual machine. I'm starting to wonder if this may have something to do
>> with the uptime of the machine - as the system that this seems to happen
>> to is always different.
>>
>> Destroying it and monitoring it again has so far come up blank.
>>
>> I've thrown the latest lot of kernel messages here:
>>  http://paste.fedoraproject.org/346802/59241532
> 
> Would be good to see full console log. The one that you posted starts
> with an error so I wonder what was before that.

Ok, so I had a virtual machine do this again today. Both vcpus went to
100% usage and essentially hung. I attached to the screen console that
was connected via 'xl console' and copied the entire buffer to paste below:

yum-cron[30740]: segfault at 1781ab8 ip 7f2a7fcd282f sp
7ffe8655fe90 error 5 in libpython2.7.so.1.0[7f2a7fbf5000+178000]
swap_free: Bad swap file entry 2a2b7d5bb69515d8
BUG: Bad page map in process yum-cron  pte:56fab76d2a2bb06a pmd:0309e067
addr:0178 vm_flags:00100073 anon_vma:88007b974c08
mapping:  (null) index:1780
file:  (null) fault:  (null) mmap:  (null)
readpage:  (null)
CPU: 0 PID: 30740 Comm: yum-cron Tainted: GB
4.4.6-4.el7xen.x86_64 #1
  88004176bac0 81323d17 0178
 3000 88004176bb08 8117e574 81193d6e
 1780 88000309ec00 0178 56fab76d2a2bb06a
Call Trace:
 [] dump_stack+0x63/0x8c
 [] print_bad_pte+0x1e4/0x290
 [] ? swap_info_get+0x7e/0xe0
 [] unmap_single_vma+0x4ff/0x840
 [] unmap_vmas+0x47/0x90
 [] exit_mmap+0x98/0x150
 [] mmput+0x47/0x100
 [] do_exit+0x24e/0xad0
 [] do_group_exit+0x3f/0xa0
 [] get_signal+0x1c3/0x5e0
 [] do_signal+0x28/0x630
 [] ? printk+0x4d/0x4f
 [] ? vprintk_default+0x1f/0x30
 [] ? bad_area_access_error+0x43/0x4a
 [] ? __do_page_fault+0x22c/0x3f0
 [] exit_to_usermode_loop+0x4c/0x95
 [] prepare_exit_to_usermode+0x18/0x20
 [] retint_user+0x8/0x13
BUG: Bad page state in process yum-cron  pfn:0f3bf
page:ea3cefc0 count:0 mapcount:7 mapping:88000f3bf008
index:0x88000f3bf000
flags: 0x100094(referenced|dirty|slab)
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
bad because of flags:
flags: 0x80(slab)
Modules linked in: rpcsec_gss_krb5 nfsv4 nfs fscache
x86_pkg_temp_thermal coretemp crct10dif_pclmul aesni_intel aes_x86_64
lrw gf128mul glue_helper ablk_helper cryptd pcspkr nfsd auth_rpcgss
nfs_acl lockd grace sunrpc ip_tables xen_netfront crc32c_intel
xen_gntalloc xen_evtchn ipv6 autofs4
CPU: 0 PID: 30740 Comm: yum-cron Tainted: GB
4.4.6-4.el7xen.x86_64 #1
  88004176b958 81323d17 ea3cefc0
 817ab348 88004176b980 811c1ab5 ea3cefc0
 0001  88004176b9d0 81159584
Call Trace:
 [] dump_stack+0x63/0x8c
 [] bad_page.part.69+0xdf/0xfc
 [] free_pages_prepare+0x294/0x2a0
 [] free_hot_cold_page+0x31/0x160
 [] free_hot_cold_page_list+0x49/0xb0
 [] release_pages+0xc5/0x260
 [] free_pages_and_swap_cache+0x7d/0x90
 [] tlb_flush_mmu_free+0x36/0x60
 [] unmap_single_vma+0x664/0x840
 [] unmap_vmas+0x47/0x90
 [] exit_mmap+0x98/0x150
 [] mmput+0x47/0x100
 [] do_exit+0x24e/0xad0
 [] do_group_exit+0x3f/0xa0
 [] get_signal+0x1c3/0x5e0
 [] do_signal+0x28/0x630
 [] ? printk+0x4d/0x4f
 [] ? vprintk_default+0x1f/0x30
 [] ? bad_area_access_error+0x43/0x4a
 [] ? __do_page_fault+0x22c/0x3f0
 [] exit_to_usermode_loop+0x4c/0x95
 [] prepare_exit_to_usermode+0x18/0x20
 [] retint_user+0x8/0x13
BUG: Bad rss-counter state mm:88007b99e4c0 idx:0 val:-1
BUG: Bad rss-counter state mm:88007b99e4c0 idx:1 val:2
BUG: Bad rss-counter state mm:88007b99e4c0 idx:2 val:-1
yum-cron[4197]: segfault at 32947fcb ip 7ff0fa1bf8bd sp
7ffdb1c54990 error 4 in libpython2.7.so.1.0[7ff0fa13a000+178000]
BUG: unable to handle kernel paging request at 88010f3beffe
IP: [] free_block+0x119/0x190
PGD 188b063 PUD 0
Oops: 0002 [#1] SMP
Modules linked in: rpcsec_gss_krb5 nfsv4 nfs fscache
x86_pkg_temp_thermal coretemp crct10dif_pclmul aesni_intel aes_x86_64
lrw gf128mul glue_helper ablk_helper cryptd pcspkr nfsd auth_rpcgss
nfs_acl lockd grace sunrpc ip_tables xen_netfront crc32c_intel
xen_gntalloc xen_evtchn ipv6 autofs4
CPU: 1 PID: 8519 Comm: kworker/1:2 Tainted: GB
4.4.6-4.el7xen.x86_64 #1
Workqueue: events cache_reap
task: 8800346bf1c0 ti: 88005170 task.ti: 88005170
RIP: 0010:[]  [] free_block+0x119/0x190
RSP: 0018:880051703d40  EFLAGS: 00010082
RAX: ea3cefc0 RBX: ea00 RCX: 88000f3bf000
RDX: fffe RSI: 88007fd19c40 RDI: 88007d012100
RBP: 880051703d68 R08: 880051703d88 R09: 0006
R10: 88007d01a940 R11: 8000 R12: 77ff8000
R13: 88007fd19c58 R14: 

Re: Question on rhashtable in worst-case scenario.

[Herbert Xu]

On Fri, Apr 01, 2016 at 11:34:10PM +0200, Johannes Berg wrote:
>
> I was thinking about that one - it's not obvious to me from the code
> how this "explicitly checking for dups" would be done or let's say how
> rhashtable differentiates. But since it seems to work for Ben until
> hitting a certain number of identical keys, surely that's just me not
> understanding the code rather than anything else :)

It's really simple, rhashtable_insert_fast does not check for dups
while rhashtable_lookup_insert_* do.

Cheers,
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: Question on rhashtable in worst-case scenario.

[Herbert Xu]

On Fri, Apr 01, 2016 at 11:34:10PM +0200, Johannes Berg wrote:
>
> I was thinking about that one - it's not obvious to me from the code
> how this "explicitly checking for dups" would be done or let's say how
> rhashtable differentiates. But since it seems to work for Ben until
> hitting a certain number of identical keys, surely that's just me not
> understanding the code rather than anything else :)

It's really simple, rhashtable_insert_fast does not check for dups
while rhashtable_lookup_insert_* do.

Cheers,
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[PATCH 3.19.y-ckt 006/170] crypto: algif_hash - Remove custom release parent function

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Herbert Xu 

commit f1d84af1835846a5a2b827382c5848faf2bb0e75 upstream.

This patch removes the custom release parent function as the
generic af_alg_release_parent now works for nokey sockets too.

Signed-off-by: Herbert Xu 
Signed-off-by: Kamal Mostafa 
---
 crypto/algif_hash.c | 43 +++
 1 file changed, 3 insertions(+), 40 deletions(-)

diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index fa4096d..e76385d 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -397,7 +397,7 @@ static int hash_setkey(void *private, const u8 *key, 
unsigned int keylen)
return err;
 }
 
-static void hash_sock_destruct_common(struct sock *sk)
+static void hash_sock_destruct(struct sock *sk)
 {
struct alg_sock *ask = alg_sk(sk);
struct hash_ctx *ctx = ask->private;
@@ -405,33 +405,10 @@ static void hash_sock_destruct_common(struct sock *sk)
sock_kzfree_s(sk, ctx->result,
  crypto_ahash_digestsize(crypto_ahash_reqtfm(>req)));
sock_kfree_s(sk, ctx, ctx->len);
-}
-
-static void hash_sock_destruct(struct sock *sk)
-{
-   hash_sock_destruct_common(sk);
-   af_alg_release_parent(sk);
-}
-
-static void hash_release_parent_nokey(struct sock *sk)
-{
-   struct alg_sock *ask = alg_sk(sk);
-
-   if (!ask->refcnt) {
-   sock_put(ask->parent);
-   return;
-   }
-
af_alg_release_parent(sk);
 }
 
-static void hash_sock_destruct_nokey(struct sock *sk)
-{
-   hash_sock_destruct_common(sk);
-   hash_release_parent_nokey(sk);
-}
-
-static int hash_accept_parent_common(void *private, struct sock *sk)
+static int hash_accept_parent_nokey(void *private, struct sock *sk)
 {
struct hash_ctx *ctx;
struct alg_sock *ask = alg_sk(sk);
@@ -474,21 +451,7 @@ static int hash_accept_parent(void *private, struct sock 
*sk)
if (!tfm->has_key && crypto_ahash_has_setkey(tfm->hash))
return -ENOKEY;
 
-   return hash_accept_parent_common(private, sk);
-}
-
-static int hash_accept_parent_nokey(void *private, struct sock *sk)
-{
-   int err;
-
-   err = hash_accept_parent_common(private, sk);
-   if (err)
-   goto out;
-
-   sk->sk_destruct = hash_sock_destruct_nokey;
-
-out:
-   return err;
+   return hash_accept_parent_nokey(private, sk);
 }
 
 static const struct af_alg_type algif_type_hash = {
-- 
2.7.4

[PATCH 3.19.y-ckt 006/170] crypto: algif_hash - Remove custom release parent function

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Herbert Xu 

commit f1d84af1835846a5a2b827382c5848faf2bb0e75 upstream.

This patch removes the custom release parent function as the
generic af_alg_release_parent now works for nokey sockets too.

Signed-off-by: Herbert Xu 
Signed-off-by: Kamal Mostafa 
---
 crypto/algif_hash.c | 43 +++
 1 file changed, 3 insertions(+), 40 deletions(-)

diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index fa4096d..e76385d 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -397,7 +397,7 @@ static int hash_setkey(void *private, const u8 *key, 
unsigned int keylen)
return err;
 }
 
-static void hash_sock_destruct_common(struct sock *sk)
+static void hash_sock_destruct(struct sock *sk)
 {
struct alg_sock *ask = alg_sk(sk);
struct hash_ctx *ctx = ask->private;
@@ -405,33 +405,10 @@ static void hash_sock_destruct_common(struct sock *sk)
sock_kzfree_s(sk, ctx->result,
  crypto_ahash_digestsize(crypto_ahash_reqtfm(>req)));
sock_kfree_s(sk, ctx, ctx->len);
-}
-
-static void hash_sock_destruct(struct sock *sk)
-{
-   hash_sock_destruct_common(sk);
-   af_alg_release_parent(sk);
-}
-
-static void hash_release_parent_nokey(struct sock *sk)
-{
-   struct alg_sock *ask = alg_sk(sk);
-
-   if (!ask->refcnt) {
-   sock_put(ask->parent);
-   return;
-   }
-
af_alg_release_parent(sk);
 }
 
-static void hash_sock_destruct_nokey(struct sock *sk)
-{
-   hash_sock_destruct_common(sk);
-   hash_release_parent_nokey(sk);
-}
-
-static int hash_accept_parent_common(void *private, struct sock *sk)
+static int hash_accept_parent_nokey(void *private, struct sock *sk)
 {
struct hash_ctx *ctx;
struct alg_sock *ask = alg_sk(sk);
@@ -474,21 +451,7 @@ static int hash_accept_parent(void *private, struct sock 
*sk)
if (!tfm->has_key && crypto_ahash_has_setkey(tfm->hash))
return -ENOKEY;
 
-   return hash_accept_parent_common(private, sk);
-}
-
-static int hash_accept_parent_nokey(void *private, struct sock *sk)
-{
-   int err;
-
-   err = hash_accept_parent_common(private, sk);
-   if (err)
-   goto out;
-
-   sk->sk_destruct = hash_sock_destruct_nokey;
-
-out:
-   return err;
+   return hash_accept_parent_nokey(private, sk);
 }
 
 static const struct af_alg_type algif_type_hash = {
-- 
2.7.4

[PATCH 3.19.y-ckt 002/170] crypto: algif_skcipher - Add nokey compatibility path

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Herbert Xu 

commit a0fa2d037129a9849918a92d91b79ed6c7bd2818 upstream.

This patch adds a compatibility path to support old applications
that do acept(2) before setkey.

Signed-off-by: Herbert Xu 
[bwh: Backported to 3.2: add struct kiocb * parameter to {recv,send}msg ops]
Signed-off-by: Ben Hutchings 
Signed-off-by: Luis Henriques 

Signed-off-by: Kamal Mostafa 
---
 crypto/algif_skcipher.c | 149 ++--
 1 file changed, 144 insertions(+), 5 deletions(-)

diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index e8eedce..e98f2b8 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -546,6 +546,99 @@ static struct proto_ops algif_skcipher_ops = {
.poll   =   skcipher_poll,
 };
 
+static int skcipher_check_key(struct socket *sock)
+{
+   int err;
+   struct sock *psk;
+   struct alg_sock *pask;
+   struct skcipher_tfm *tfm;
+   struct sock *sk = sock->sk;
+   struct alg_sock *ask = alg_sk(sk);
+
+   if (ask->refcnt)
+   return 0;
+
+   psk = ask->parent;
+   pask = alg_sk(ask->parent);
+   tfm = pask->private;
+
+   err = -ENOKEY;
+   lock_sock(psk);
+   if (!tfm->has_key)
+   goto unlock;
+
+   if (!pask->refcnt++)
+   sock_hold(psk);
+
+   ask->refcnt = 1;
+   sock_put(psk);
+
+   err = 0;
+
+unlock:
+   release_sock(psk);
+
+   return err;
+}
+
+static int skcipher_sendmsg_nokey(struct kiocb *unused, struct socket *sock,
+ struct msghdr *msg, size_t size)
+{
+   int err;
+
+   err = skcipher_check_key(sock);
+   if (err)
+   return err;
+
+   return skcipher_sendmsg(unused, sock, msg, size);
+}
+
+static ssize_t skcipher_sendpage_nokey(struct socket *sock, struct page *page,
+  int offset, size_t size, int flags)
+{
+   int err;
+
+   err = skcipher_check_key(sock);
+   if (err)
+   return err;
+
+   return skcipher_sendpage(sock, page, offset, size, flags);
+}
+
+static int skcipher_recvmsg_nokey(struct kiocb *unused, struct socket *sock,
+ struct msghdr *msg, size_t ignored, int flags)
+{
+   int err;
+
+   err = skcipher_check_key(sock);
+   if (err)
+   return err;
+
+   return skcipher_recvmsg(unused, sock, msg, ignored, flags);
+}
+
+static struct proto_ops algif_skcipher_ops_nokey = {
+   .family =   PF_ALG,
+
+   .connect=   sock_no_connect,
+   .socketpair =   sock_no_socketpair,
+   .getname=   sock_no_getname,
+   .ioctl  =   sock_no_ioctl,
+   .listen =   sock_no_listen,
+   .shutdown   =   sock_no_shutdown,
+   .getsockopt =   sock_no_getsockopt,
+   .mmap   =   sock_no_mmap,
+   .bind   =   sock_no_bind,
+   .accept =   sock_no_accept,
+   .setsockopt =   sock_no_setsockopt,
+
+   .release=   af_alg_release,
+   .sendmsg=   skcipher_sendmsg_nokey,
+   .sendpage   =   skcipher_sendpage_nokey,
+   .recvmsg=   skcipher_recvmsg_nokey,
+   .poll   =   skcipher_poll,
+};
+
 static void *skcipher_bind(const char *name, u32 type, u32 mask)
 {
struct skcipher_tfm *tfm;
@@ -585,7 +678,7 @@ static int skcipher_setkey(void *private, const u8 *key, 
unsigned int keylen)
return err;
 }
 
-static void skcipher_sock_destruct(struct sock *sk)
+static void skcipher_sock_destruct_common(struct sock *sk)
 {
struct alg_sock *ask = alg_sk(sk);
struct skcipher_ctx *ctx = ask->private;
@@ -594,10 +687,33 @@ static void skcipher_sock_destruct(struct sock *sk)
skcipher_free_sgl(sk);
sock_kzfree_s(sk, ctx->iv, crypto_ablkcipher_ivsize(tfm));
sock_kfree_s(sk, ctx, ctx->len);
+}
+
+static void skcipher_sock_destruct(struct sock *sk)
+{
+   skcipher_sock_destruct_common(sk);
af_alg_release_parent(sk);
 }
 
-static int skcipher_accept_parent(void *private, struct sock *sk)
+static void skcipher_release_parent_nokey(struct sock *sk)
+{
+   struct alg_sock *ask = alg_sk(sk);
+
+   if (!ask->refcnt) {
+   sock_put(ask->parent);
+   return;
+   }
+
+   af_alg_release_parent(sk);
+}
+
+static void skcipher_sock_destruct_nokey(struct sock *sk)
+{
+   skcipher_sock_destruct_common(sk);
+   skcipher_release_parent_nokey(sk);
+}
+
+static int skcipher_accept_parent_common(void *private, struct sock *sk)
 

[PATCH 3.19.y-ckt 004/170] crypto: skcipher - Add crypto_skcipher_has_setkey

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Herbert Xu 

commit a1383cd86a062fc798899ab20f0ec2116cce39cb upstream.

This patch adds a way for skcipher users to determine whether a key
is required by a transform.

Signed-off-by: Herbert Xu 
[bwh: Backported to 3.2: add to ablkcipher API instead]
Signed-off-by: Ben Hutchings 
Signed-off-by: Luis Henriques 
[kamal: plus bwh http://article.gmane.org/gmane.linux.kernel.stable/169083]
Signed-off-by: Kamal Mostafa 
---
 crypto/ablkcipher.c| 2 ++
 crypto/blkcipher.c | 1 +
 include/linux/crypto.h | 8 
 3 files changed, 11 insertions(+)

diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c
index f02fdbe..970b48e 100644
--- a/crypto/ablkcipher.c
+++ b/crypto/ablkcipher.c
@@ -375,6 +375,7 @@ static int crypto_init_ablkcipher_ops(struct crypto_tfm 
*tfm, u32 type,
}
crt->base = __crypto_ablkcipher_cast(tfm);
crt->ivsize = alg->ivsize;
+   crt->has_setkey = alg->max_keysize;
 
return 0;
 }
@@ -456,6 +457,7 @@ static int crypto_init_givcipher_ops(struct crypto_tfm 
*tfm, u32 type,
crt->givdecrypt = alg->givdecrypt ?: no_givdecrypt;
crt->base = __crypto_ablkcipher_cast(tfm);
crt->ivsize = alg->ivsize;
+   crt->has_setkey = alg->max_keysize;
 
return 0;
 }
diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
index 7180cb2..3c551d4 100644
--- a/crypto/blkcipher.c
+++ b/crypto/blkcipher.c
@@ -471,6 +471,7 @@ static int crypto_init_blkcipher_ops_async(struct 
crypto_tfm *tfm)
}
crt->base = __crypto_ablkcipher_cast(tfm);
crt->ivsize = alg->ivsize;
+   crt->has_setkey = alg->max_keysize;
 
return 0;
 }
diff --git a/include/linux/crypto.h b/include/linux/crypto.h
index 9c8776d..4948de9 100644
--- a/include/linux/crypto.h
+++ b/include/linux/crypto.h
@@ -594,6 +594,7 @@ struct ablkcipher_tfm {
 
unsigned int ivsize;
unsigned int reqsize;
+   bool has_setkey;
 };
 
 struct aead_tfm {
@@ -997,6 +998,13 @@ static inline int crypto_ablkcipher_setkey(struct 
crypto_ablkcipher *tfm,
return crt->setkey(crt->base, key, keylen);
 }
 
+static inline bool crypto_ablkcipher_has_setkey(struct crypto_ablkcipher *tfm)
+{
+   struct ablkcipher_tfm *crt = crypto_ablkcipher_crt(tfm);
+
+   return crt->has_setkey;
+}
+
 /**
  * crypto_ablkcipher_reqtfm() - obtain cipher handle from request
  * @req: ablkcipher_request out of which the cipher handle is to be obtained
-- 
2.7.4

[PATCH 3.19.y-ckt 002/170] crypto: algif_skcipher - Add nokey compatibility path

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Herbert Xu 

commit a0fa2d037129a9849918a92d91b79ed6c7bd2818 upstream.

This patch adds a compatibility path to support old applications
that do acept(2) before setkey.

Signed-off-by: Herbert Xu 
[bwh: Backported to 3.2: add struct kiocb * parameter to {recv,send}msg ops]
Signed-off-by: Ben Hutchings 
Signed-off-by: Luis Henriques 

Signed-off-by: Kamal Mostafa 
---
 crypto/algif_skcipher.c | 149 ++--
 1 file changed, 144 insertions(+), 5 deletions(-)

diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index e8eedce..e98f2b8 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -546,6 +546,99 @@ static struct proto_ops algif_skcipher_ops = {
.poll   =   skcipher_poll,
 };
 
+static int skcipher_check_key(struct socket *sock)
+{
+   int err;
+   struct sock *psk;
+   struct alg_sock *pask;
+   struct skcipher_tfm *tfm;
+   struct sock *sk = sock->sk;
+   struct alg_sock *ask = alg_sk(sk);
+
+   if (ask->refcnt)
+   return 0;
+
+   psk = ask->parent;
+   pask = alg_sk(ask->parent);
+   tfm = pask->private;
+
+   err = -ENOKEY;
+   lock_sock(psk);
+   if (!tfm->has_key)
+   goto unlock;
+
+   if (!pask->refcnt++)
+   sock_hold(psk);
+
+   ask->refcnt = 1;
+   sock_put(psk);
+
+   err = 0;
+
+unlock:
+   release_sock(psk);
+
+   return err;
+}
+
+static int skcipher_sendmsg_nokey(struct kiocb *unused, struct socket *sock,
+ struct msghdr *msg, size_t size)
+{
+   int err;
+
+   err = skcipher_check_key(sock);
+   if (err)
+   return err;
+
+   return skcipher_sendmsg(unused, sock, msg, size);
+}
+
+static ssize_t skcipher_sendpage_nokey(struct socket *sock, struct page *page,
+  int offset, size_t size, int flags)
+{
+   int err;
+
+   err = skcipher_check_key(sock);
+   if (err)
+   return err;
+
+   return skcipher_sendpage(sock, page, offset, size, flags);
+}
+
+static int skcipher_recvmsg_nokey(struct kiocb *unused, struct socket *sock,
+ struct msghdr *msg, size_t ignored, int flags)
+{
+   int err;
+
+   err = skcipher_check_key(sock);
+   if (err)
+   return err;
+
+   return skcipher_recvmsg(unused, sock, msg, ignored, flags);
+}
+
+static struct proto_ops algif_skcipher_ops_nokey = {
+   .family =   PF_ALG,
+
+   .connect=   sock_no_connect,
+   .socketpair =   sock_no_socketpair,
+   .getname=   sock_no_getname,
+   .ioctl  =   sock_no_ioctl,
+   .listen =   sock_no_listen,
+   .shutdown   =   sock_no_shutdown,
+   .getsockopt =   sock_no_getsockopt,
+   .mmap   =   sock_no_mmap,
+   .bind   =   sock_no_bind,
+   .accept =   sock_no_accept,
+   .setsockopt =   sock_no_setsockopt,
+
+   .release=   af_alg_release,
+   .sendmsg=   skcipher_sendmsg_nokey,
+   .sendpage   =   skcipher_sendpage_nokey,
+   .recvmsg=   skcipher_recvmsg_nokey,
+   .poll   =   skcipher_poll,
+};
+
 static void *skcipher_bind(const char *name, u32 type, u32 mask)
 {
struct skcipher_tfm *tfm;
@@ -585,7 +678,7 @@ static int skcipher_setkey(void *private, const u8 *key, 
unsigned int keylen)
return err;
 }
 
-static void skcipher_sock_destruct(struct sock *sk)
+static void skcipher_sock_destruct_common(struct sock *sk)
 {
struct alg_sock *ask = alg_sk(sk);
struct skcipher_ctx *ctx = ask->private;
@@ -594,10 +687,33 @@ static void skcipher_sock_destruct(struct sock *sk)
skcipher_free_sgl(sk);
sock_kzfree_s(sk, ctx->iv, crypto_ablkcipher_ivsize(tfm));
sock_kfree_s(sk, ctx, ctx->len);
+}
+
+static void skcipher_sock_destruct(struct sock *sk)
+{
+   skcipher_sock_destruct_common(sk);
af_alg_release_parent(sk);
 }
 
-static int skcipher_accept_parent(void *private, struct sock *sk)
+static void skcipher_release_parent_nokey(struct sock *sk)
+{
+   struct alg_sock *ask = alg_sk(sk);
+
+   if (!ask->refcnt) {
+   sock_put(ask->parent);
+   return;
+   }
+
+   af_alg_release_parent(sk);
+}
+
+static void skcipher_sock_destruct_nokey(struct sock *sk)
+{
+   skcipher_sock_destruct_common(sk);
+   skcipher_release_parent_nokey(sk);
+}
+
+static int skcipher_accept_parent_common(void *private, struct sock *sk)
 {
struct skcipher_ctx *ctx;
struct alg_sock *ask = alg_sk(sk);
@@ -605,9 +721,6 @@ static int 

[PATCH 3.19.y-ckt 004/170] crypto: skcipher - Add crypto_skcipher_has_setkey

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Herbert Xu 

commit a1383cd86a062fc798899ab20f0ec2116cce39cb upstream.

This patch adds a way for skcipher users to determine whether a key
is required by a transform.

Signed-off-by: Herbert Xu 
[bwh: Backported to 3.2: add to ablkcipher API instead]
Signed-off-by: Ben Hutchings 
Signed-off-by: Luis Henriques 
[kamal: plus bwh http://article.gmane.org/gmane.linux.kernel.stable/169083]
Signed-off-by: Kamal Mostafa 
---
 crypto/ablkcipher.c| 2 ++
 crypto/blkcipher.c | 1 +
 include/linux/crypto.h | 8 
 3 files changed, 11 insertions(+)

diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c
index f02fdbe..970b48e 100644
--- a/crypto/ablkcipher.c
+++ b/crypto/ablkcipher.c
@@ -375,6 +375,7 @@ static int crypto_init_ablkcipher_ops(struct crypto_tfm 
*tfm, u32 type,
}
crt->base = __crypto_ablkcipher_cast(tfm);
crt->ivsize = alg->ivsize;
+   crt->has_setkey = alg->max_keysize;
 
return 0;
 }
@@ -456,6 +457,7 @@ static int crypto_init_givcipher_ops(struct crypto_tfm 
*tfm, u32 type,
crt->givdecrypt = alg->givdecrypt ?: no_givdecrypt;
crt->base = __crypto_ablkcipher_cast(tfm);
crt->ivsize = alg->ivsize;
+   crt->has_setkey = alg->max_keysize;
 
return 0;
 }
diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
index 7180cb2..3c551d4 100644
--- a/crypto/blkcipher.c
+++ b/crypto/blkcipher.c
@@ -471,6 +471,7 @@ static int crypto_init_blkcipher_ops_async(struct 
crypto_tfm *tfm)
}
crt->base = __crypto_ablkcipher_cast(tfm);
crt->ivsize = alg->ivsize;
+   crt->has_setkey = alg->max_keysize;
 
return 0;
 }
diff --git a/include/linux/crypto.h b/include/linux/crypto.h
index 9c8776d..4948de9 100644
--- a/include/linux/crypto.h
+++ b/include/linux/crypto.h
@@ -594,6 +594,7 @@ struct ablkcipher_tfm {
 
unsigned int ivsize;
unsigned int reqsize;
+   bool has_setkey;
 };
 
 struct aead_tfm {
@@ -997,6 +998,13 @@ static inline int crypto_ablkcipher_setkey(struct 
crypto_ablkcipher *tfm,
return crt->setkey(crt->base, key, keylen);
 }
 
+static inline bool crypto_ablkcipher_has_setkey(struct crypto_ablkcipher *tfm)
+{
+   struct ablkcipher_tfm *crt = crypto_ablkcipher_crt(tfm);
+
+   return crt->has_setkey;
+}
+
 /**
  * crypto_ablkcipher_reqtfm() - obtain cipher handle from request
  * @req: ablkcipher_request out of which the cipher handle is to be obtained
-- 
2.7.4

[PATCH 3.19.y-ckt 008/170] crypto: algif_hash - Fix race condition in hash_check_key

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Herbert Xu 

commit ad46d7e33219218605ea619e32553daf4f346b9f upstream.

We need to lock the child socket in hash_check_key as otherwise
two simultaneous calls can cause the parent socket to be freed.

Signed-off-by: Herbert Xu 
Signed-off-by: Luis Henriques 
Signed-off-by: Kamal Mostafa 
---
 crypto/algif_hash.c | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index e76385d..1952e4f 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -255,22 +255,23 @@ static struct proto_ops algif_hash_ops = {
 
 static int hash_check_key(struct socket *sock)
 {
-   int err;
+   int err = 0;
struct sock *psk;
struct alg_sock *pask;
struct algif_hash_tfm *tfm;
struct sock *sk = sock->sk;
struct alg_sock *ask = alg_sk(sk);
 
+   lock_sock(sk);
if (ask->refcnt)
-   return 0;
+   goto unlock_child;
 
psk = ask->parent;
pask = alg_sk(ask->parent);
tfm = pask->private;
 
err = -ENOKEY;
-   lock_sock(psk);
+   lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
if (!tfm->has_key)
goto unlock;
 
@@ -284,6 +285,8 @@ static int hash_check_key(struct socket *sock)
 
 unlock:
release_sock(psk);
+unlock_child:
+   release_sock(sk);
 
return err;
 }
-- 
2.7.4

[PATCH 3.19.y-ckt 008/170] crypto: algif_hash - Fix race condition in hash_check_key

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Herbert Xu 

commit ad46d7e33219218605ea619e32553daf4f346b9f upstream.

We need to lock the child socket in hash_check_key as otherwise
two simultaneous calls can cause the parent socket to be freed.

Signed-off-by: Herbert Xu 
Signed-off-by: Luis Henriques 
Signed-off-by: Kamal Mostafa 
---
 crypto/algif_hash.c | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index e76385d..1952e4f 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -255,22 +255,23 @@ static struct proto_ops algif_hash_ops = {
 
 static int hash_check_key(struct socket *sock)
 {
-   int err;
+   int err = 0;
struct sock *psk;
struct alg_sock *pask;
struct algif_hash_tfm *tfm;
struct sock *sk = sock->sk;
struct alg_sock *ask = alg_sk(sk);
 
+   lock_sock(sk);
if (ask->refcnt)
-   return 0;
+   goto unlock_child;
 
psk = ask->parent;
pask = alg_sk(ask->parent);
tfm = pask->private;
 
err = -ENOKEY;
-   lock_sock(psk);
+   lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
if (!tfm->has_key)
goto unlock;
 
@@ -284,6 +285,8 @@ static int hash_check_key(struct socket *sock)
 
 unlock:
release_sock(psk);
+unlock_child:
+   release_sock(sk);
 
return err;
 }
-- 
2.7.4

[PATCH 3.19.y-ckt 005/170] crypto: algif_skcipher - Add key check exception for cipher_null

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Herbert Xu 

commit 6e8d8ecf438792ecf7a3207488fb4eebc4edb040 upstream.

This patch adds an exception to the key check so that cipher_null
users may continue to use algif_skcipher without setting a key.

Signed-off-by: Herbert Xu 
[bwh: Backported to 3.2: use crypto_ablkcipher_has_setkey()]
Signed-off-by: Ben Hutchings 
Signed-off-by: Luis Henriques 

Signed-off-by: Kamal Mostafa 
---
 crypto/algif_skcipher.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index e98f2b8..75c2d72 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -757,7 +757,7 @@ static int skcipher_accept_parent(void *private, struct 
sock *sk)
 {
struct skcipher_tfm *tfm = private;
 
-   if (!tfm->has_key)
+   if (!tfm->has_key && crypto_ablkcipher_has_setkey(tfm->skcipher))
return -ENOKEY;
 
return skcipher_accept_parent_common(private, sk);
-- 
2.7.4

[PATCH 3.19.y-ckt 003/170] crypto: algif_hash - Require setkey before accept(2)

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Herbert Xu 

commit 6de62f15b581f920ade22d758f4c338311c2f0d4 upstream.

Hash implementations that require a key may crash if you use
them without setting a key.  This patch adds the necessary checks
so that if you do attempt to use them without a key that we return
-ENOKEY instead of proceeding.

This patch also adds a compatibility path to support old applications
that do acept(2) before setkey.

Signed-off-by: Herbert Xu 
[bwh: Backported to 3.2:
 - Add struct kiocb * parameter to {recv,send}msg ops
 - Adjust context]
Signed-off-by: Ben Hutchings 
Signed-off-by: Luis Henriques 

Signed-off-by: Kamal Mostafa 
---
 crypto/algif_hash.c | 201 +---
 1 file changed, 193 insertions(+), 8 deletions(-)

diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index 43a595e..fa4096d 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -34,6 +34,11 @@ struct hash_ctx {
struct ahash_request req;
 };
 
+struct algif_hash_tfm {
+   struct crypto_ahash *hash;
+   bool has_key;
+};
+
 static int hash_sendmsg(struct kiocb *unused, struct socket *sock,
struct msghdr *msg, size_t ignored)
 {
@@ -248,22 +253,151 @@ static struct proto_ops algif_hash_ops = {
.accept =   hash_accept,
 };
 
+static int hash_check_key(struct socket *sock)
+{
+   int err;
+   struct sock *psk;
+   struct alg_sock *pask;
+   struct algif_hash_tfm *tfm;
+   struct sock *sk = sock->sk;
+   struct alg_sock *ask = alg_sk(sk);
+
+   if (ask->refcnt)
+   return 0;
+
+   psk = ask->parent;
+   pask = alg_sk(ask->parent);
+   tfm = pask->private;
+
+   err = -ENOKEY;
+   lock_sock(psk);
+   if (!tfm->has_key)
+   goto unlock;
+
+   if (!pask->refcnt++)
+   sock_hold(psk);
+
+   ask->refcnt = 1;
+   sock_put(psk);
+
+   err = 0;
+
+unlock:
+   release_sock(psk);
+
+   return err;
+}
+
+static int hash_sendmsg_nokey(struct kiocb *unused, struct socket *sock,
+ struct msghdr *msg, size_t size)
+{
+   int err;
+
+   err = hash_check_key(sock);
+   if (err)
+   return err;
+
+   return hash_sendmsg(unused, sock, msg, size);
+}
+
+static ssize_t hash_sendpage_nokey(struct socket *sock, struct page *page,
+  int offset, size_t size, int flags)
+{
+   int err;
+
+   err = hash_check_key(sock);
+   if (err)
+   return err;
+
+   return hash_sendpage(sock, page, offset, size, flags);
+}
+
+static int hash_recvmsg_nokey(struct kiocb *unused, struct socket *sock,
+ struct msghdr *msg, size_t ignored, int flags)
+{
+   int err;
+
+   err = hash_check_key(sock);
+   if (err)
+   return err;
+
+   return hash_recvmsg(unused, sock, msg, ignored, flags);
+}
+
+static int hash_accept_nokey(struct socket *sock, struct socket *newsock,
+int flags)
+{
+   int err;
+
+   err = hash_check_key(sock);
+   if (err)
+   return err;
+
+   return hash_accept(sock, newsock, flags);
+}
+
+static struct proto_ops algif_hash_ops_nokey = {
+   .family =   PF_ALG,
+
+   .connect=   sock_no_connect,
+   .socketpair =   sock_no_socketpair,
+   .getname=   sock_no_getname,
+   .ioctl  =   sock_no_ioctl,
+   .listen =   sock_no_listen,
+   .shutdown   =   sock_no_shutdown,
+   .getsockopt =   sock_no_getsockopt,
+   .mmap   =   sock_no_mmap,
+   .bind   =   sock_no_bind,
+   .setsockopt =   sock_no_setsockopt,
+   .poll   =   sock_no_poll,
+
+   .release=   af_alg_release,
+   .sendmsg=   hash_sendmsg_nokey,
+   .sendpage   =   hash_sendpage_nokey,
+   .recvmsg=   hash_recvmsg_nokey,
+   .accept =   hash_accept_nokey,
+};
+
 static void *hash_bind(const char *name, u32 type, u32 mask)
 {
-   return crypto_alloc_ahash(name, type, mask);
+   struct algif_hash_tfm *tfm;
+   struct crypto_ahash *hash;
+
+   tfm = kzalloc(sizeof(*tfm), GFP_KERNEL);
+   if (!tfm)
+   return ERR_PTR(-ENOMEM);
+
+   hash = crypto_alloc_ahash(name, type, mask);
+   if (IS_ERR(hash)) {
+   kfree(tfm);
+   return ERR_CAST(hash);
+   }
+
+   tfm->hash = hash;
+
+   return tfm;
 }
 
 static void hash_release(void *private)
 {
-   crypto_free_ahash(private);
+ 

[PATCH 3.19.y-ckt 005/170] crypto: algif_skcipher - Add key check exception for cipher_null

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Herbert Xu 

commit 6e8d8ecf438792ecf7a3207488fb4eebc4edb040 upstream.

This patch adds an exception to the key check so that cipher_null
users may continue to use algif_skcipher without setting a key.

Signed-off-by: Herbert Xu 
[bwh: Backported to 3.2: use crypto_ablkcipher_has_setkey()]
Signed-off-by: Ben Hutchings 
Signed-off-by: Luis Henriques 

Signed-off-by: Kamal Mostafa 
---
 crypto/algif_skcipher.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index e98f2b8..75c2d72 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -757,7 +757,7 @@ static int skcipher_accept_parent(void *private, struct 
sock *sk)
 {
struct skcipher_tfm *tfm = private;
 
-   if (!tfm->has_key)
+   if (!tfm->has_key && crypto_ablkcipher_has_setkey(tfm->skcipher))
return -ENOKEY;
 
return skcipher_accept_parent_common(private, sk);
-- 
2.7.4

[PATCH 3.19.y-ckt 003/170] crypto: algif_hash - Require setkey before accept(2)

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Herbert Xu 

commit 6de62f15b581f920ade22d758f4c338311c2f0d4 upstream.

Hash implementations that require a key may crash if you use
them without setting a key.  This patch adds the necessary checks
so that if you do attempt to use them without a key that we return
-ENOKEY instead of proceeding.

This patch also adds a compatibility path to support old applications
that do acept(2) before setkey.

Signed-off-by: Herbert Xu 
[bwh: Backported to 3.2:
 - Add struct kiocb * parameter to {recv,send}msg ops
 - Adjust context]
Signed-off-by: Ben Hutchings 
Signed-off-by: Luis Henriques 

Signed-off-by: Kamal Mostafa 
---
 crypto/algif_hash.c | 201 +---
 1 file changed, 193 insertions(+), 8 deletions(-)

diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index 43a595e..fa4096d 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -34,6 +34,11 @@ struct hash_ctx {
struct ahash_request req;
 };
 
+struct algif_hash_tfm {
+   struct crypto_ahash *hash;
+   bool has_key;
+};
+
 static int hash_sendmsg(struct kiocb *unused, struct socket *sock,
struct msghdr *msg, size_t ignored)
 {
@@ -248,22 +253,151 @@ static struct proto_ops algif_hash_ops = {
.accept =   hash_accept,
 };
 
+static int hash_check_key(struct socket *sock)
+{
+   int err;
+   struct sock *psk;
+   struct alg_sock *pask;
+   struct algif_hash_tfm *tfm;
+   struct sock *sk = sock->sk;
+   struct alg_sock *ask = alg_sk(sk);
+
+   if (ask->refcnt)
+   return 0;
+
+   psk = ask->parent;
+   pask = alg_sk(ask->parent);
+   tfm = pask->private;
+
+   err = -ENOKEY;
+   lock_sock(psk);
+   if (!tfm->has_key)
+   goto unlock;
+
+   if (!pask->refcnt++)
+   sock_hold(psk);
+
+   ask->refcnt = 1;
+   sock_put(psk);
+
+   err = 0;
+
+unlock:
+   release_sock(psk);
+
+   return err;
+}
+
+static int hash_sendmsg_nokey(struct kiocb *unused, struct socket *sock,
+ struct msghdr *msg, size_t size)
+{
+   int err;
+
+   err = hash_check_key(sock);
+   if (err)
+   return err;
+
+   return hash_sendmsg(unused, sock, msg, size);
+}
+
+static ssize_t hash_sendpage_nokey(struct socket *sock, struct page *page,
+  int offset, size_t size, int flags)
+{
+   int err;
+
+   err = hash_check_key(sock);
+   if (err)
+   return err;
+
+   return hash_sendpage(sock, page, offset, size, flags);
+}
+
+static int hash_recvmsg_nokey(struct kiocb *unused, struct socket *sock,
+ struct msghdr *msg, size_t ignored, int flags)
+{
+   int err;
+
+   err = hash_check_key(sock);
+   if (err)
+   return err;
+
+   return hash_recvmsg(unused, sock, msg, ignored, flags);
+}
+
+static int hash_accept_nokey(struct socket *sock, struct socket *newsock,
+int flags)
+{
+   int err;
+
+   err = hash_check_key(sock);
+   if (err)
+   return err;
+
+   return hash_accept(sock, newsock, flags);
+}
+
+static struct proto_ops algif_hash_ops_nokey = {
+   .family =   PF_ALG,
+
+   .connect=   sock_no_connect,
+   .socketpair =   sock_no_socketpair,
+   .getname=   sock_no_getname,
+   .ioctl  =   sock_no_ioctl,
+   .listen =   sock_no_listen,
+   .shutdown   =   sock_no_shutdown,
+   .getsockopt =   sock_no_getsockopt,
+   .mmap   =   sock_no_mmap,
+   .bind   =   sock_no_bind,
+   .setsockopt =   sock_no_setsockopt,
+   .poll   =   sock_no_poll,
+
+   .release=   af_alg_release,
+   .sendmsg=   hash_sendmsg_nokey,
+   .sendpage   =   hash_sendpage_nokey,
+   .recvmsg=   hash_recvmsg_nokey,
+   .accept =   hash_accept_nokey,
+};
+
 static void *hash_bind(const char *name, u32 type, u32 mask)
 {
-   return crypto_alloc_ahash(name, type, mask);
+   struct algif_hash_tfm *tfm;
+   struct crypto_ahash *hash;
+
+   tfm = kzalloc(sizeof(*tfm), GFP_KERNEL);
+   if (!tfm)
+   return ERR_PTR(-ENOMEM);
+
+   hash = crypto_alloc_ahash(name, type, mask);
+   if (IS_ERR(hash)) {
+   kfree(tfm);
+   return ERR_CAST(hash);
+   }
+
+   tfm->hash = hash;
+
+   return tfm;
 }
 
 static void hash_release(void *private)
 {
-   crypto_free_ahash(private);
+   struct algif_hash_tfm *tfm = private;
+
+   crypto_free_ahash(tfm->hash);
+   kfree(tfm);
 }
 
 static int 

[PATCH 3.19.y-ckt 012/170] USB: iowarrior: fix oops with malicious USB descriptors

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Josh Boyer 

commit 4ec0ef3a82125efc36173062a50624550a900ae0 upstream.

The iowarrior driver expects at least one valid endpoint.  If given
malicious descriptors that specify 0 for the number of endpoints,
it will crash in the probe function.  Ensure there is at least
one endpoint on the interface before using it.

The full report of this issue can be found here:
http://seclists.org/bugtraq/2016/Mar/87

Reported-by: Ralf Spenneberg 
Signed-off-by: Josh Boyer 
Signed-off-by: Greg Kroah-Hartman 
Signed-off-by: Kamal Mostafa 
---
 drivers/usb/misc/iowarrior.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/drivers/usb/misc/iowarrior.c b/drivers/usb/misc/iowarrior.c
index c6bfd13..1950e87 100644
--- a/drivers/usb/misc/iowarrior.c
+++ b/drivers/usb/misc/iowarrior.c
@@ -787,6 +787,12 @@ static int iowarrior_probe(struct usb_interface *interface,
iface_desc = interface->cur_altsetting;
dev->product_id = le16_to_cpu(udev->descriptor.idProduct);
 
+   if (iface_desc->desc.bNumEndpoints < 1) {
+   dev_err(>dev, "Invalid number of endpoints\n");
+   retval = -EINVAL;
+   goto error;
+   }
+
/* set up the endpoint information */
for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
endpoint = _desc->endpoint[i].desc;
-- 
2.7.4

[PATCH 3.19.y-ckt 012/170] USB: iowarrior: fix oops with malicious USB descriptors

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Josh Boyer 

commit 4ec0ef3a82125efc36173062a50624550a900ae0 upstream.

The iowarrior driver expects at least one valid endpoint.  If given
malicious descriptors that specify 0 for the number of endpoints,
it will crash in the probe function.  Ensure there is at least
one endpoint on the interface before using it.

The full report of this issue can be found here:
http://seclists.org/bugtraq/2016/Mar/87

Reported-by: Ralf Spenneberg 
Signed-off-by: Josh Boyer 
Signed-off-by: Greg Kroah-Hartman 
Signed-off-by: Kamal Mostafa 
---
 drivers/usb/misc/iowarrior.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/drivers/usb/misc/iowarrior.c b/drivers/usb/misc/iowarrior.c
index c6bfd13..1950e87 100644
--- a/drivers/usb/misc/iowarrior.c
+++ b/drivers/usb/misc/iowarrior.c
@@ -787,6 +787,12 @@ static int iowarrior_probe(struct usb_interface *interface,
iface_desc = interface->cur_altsetting;
dev->product_id = le16_to_cpu(udev->descriptor.idProduct);
 
+   if (iface_desc->desc.bNumEndpoints < 1) {
+   dev_err(>dev, "Invalid number of endpoints\n");
+   retval = -EINVAL;
+   goto error;
+   }
+
/* set up the endpoint information */
for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
endpoint = _desc->endpoint[i].desc;
-- 
2.7.4

[PATCH 3.19.y-ckt 013/170] ALSA: usb-audio: Fix NULL dereference in create_fixed_stream_quirk()

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Takashi Iwai 

commit 0f886ca12765d20124bd06291c82951fd49a33be upstream.

create_fixed_stream_quirk() may cause a NULL-pointer dereference by
accessing the non-existing endpoint when a USB device with a malformed
USB descriptor is used.

This patch avoids it simply by adding a sanity check of bNumEndpoints
before the accesses.

Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=971125
Signed-off-by: Takashi Iwai 
Signed-off-by: Kamal Mostafa 
---
 sound/usb/quirks.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
index fb9c394..20ed435 100644
--- a/sound/usb/quirks.c
+++ b/sound/usb/quirks.c
@@ -177,6 +177,12 @@ static int create_fixed_stream_quirk(struct snd_usb_audio 
*chip,
}
alts = >altsetting[fp->altset_idx];
altsd = get_iface_desc(alts);
+   if (altsd->bNumEndpoints < 1) {
+   kfree(fp);
+   kfree(rate_table);
+   return -EINVAL;
+   }
+
fp->protocol = altsd->bInterfaceProtocol;
 
if (fp->datainterval == 0)
-- 
2.7.4

[PATCH 3.19.y-ckt 009/170] crypto: algif_skcipher - Fix race condition in skcipher_check_key

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Herbert Xu 

commit 1822793a523e5d5730b19cc21160ff1717421bc8 upstream.

We need to lock the child socket in skcipher_check_key as otherwise
two simultaneous calls can cause the parent socket to be freed.

Signed-off-by: Herbert Xu 
Signed-off-by: Kamal Mostafa 
---
 crypto/algif_skcipher.c | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index 68caee1..974bfd2 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -548,22 +548,23 @@ static struct proto_ops algif_skcipher_ops = {
 
 static int skcipher_check_key(struct socket *sock)
 {
-   int err;
+   int err = 0;
struct sock *psk;
struct alg_sock *pask;
struct skcipher_tfm *tfm;
struct sock *sk = sock->sk;
struct alg_sock *ask = alg_sk(sk);
 
+   lock_sock(sk);
if (ask->refcnt)
-   return 0;
+   goto unlock_child;
 
psk = ask->parent;
pask = alg_sk(ask->parent);
tfm = pask->private;
 
err = -ENOKEY;
-   lock_sock(psk);
+   lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
if (!tfm->has_key)
goto unlock;
 
@@ -577,6 +578,8 @@ static int skcipher_check_key(struct socket *sock)
 
 unlock:
release_sock(psk);
+unlock_child:
+   release_sock(sk);
 
return err;
 }
-- 
2.7.4

[PATCH 3.19.y-ckt 013/170] ALSA: usb-audio: Fix NULL dereference in create_fixed_stream_quirk()

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Takashi Iwai 

commit 0f886ca12765d20124bd06291c82951fd49a33be upstream.

create_fixed_stream_quirk() may cause a NULL-pointer dereference by
accessing the non-existing endpoint when a USB device with a malformed
USB descriptor is used.

This patch avoids it simply by adding a sanity check of bNumEndpoints
before the accesses.

Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=971125
Signed-off-by: Takashi Iwai 
Signed-off-by: Kamal Mostafa 
---
 sound/usb/quirks.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
index fb9c394..20ed435 100644
--- a/sound/usb/quirks.c
+++ b/sound/usb/quirks.c
@@ -177,6 +177,12 @@ static int create_fixed_stream_quirk(struct snd_usb_audio 
*chip,
}
alts = >altsetting[fp->altset_idx];
altsd = get_iface_desc(alts);
+   if (altsd->bNumEndpoints < 1) {
+   kfree(fp);
+   kfree(rate_table);
+   return -EINVAL;
+   }
+
fp->protocol = altsd->bInterfaceProtocol;
 
if (fp->datainterval == 0)
-- 
2.7.4

[PATCH 3.19.y-ckt 009/170] crypto: algif_skcipher - Fix race condition in skcipher_check_key

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Herbert Xu 

commit 1822793a523e5d5730b19cc21160ff1717421bc8 upstream.

We need to lock the child socket in skcipher_check_key as otherwise
two simultaneous calls can cause the parent socket to be freed.

Signed-off-by: Herbert Xu 
Signed-off-by: Kamal Mostafa 
---
 crypto/algif_skcipher.c | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index 68caee1..974bfd2 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -548,22 +548,23 @@ static struct proto_ops algif_skcipher_ops = {
 
 static int skcipher_check_key(struct socket *sock)
 {
-   int err;
+   int err = 0;
struct sock *psk;
struct alg_sock *pask;
struct skcipher_tfm *tfm;
struct sock *sk = sock->sk;
struct alg_sock *ask = alg_sk(sk);
 
+   lock_sock(sk);
if (ask->refcnt)
-   return 0;
+   goto unlock_child;
 
psk = ask->parent;
pask = alg_sk(ask->parent);
tfm = pask->private;
 
err = -ENOKEY;
-   lock_sock(psk);
+   lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
if (!tfm->has_key)
goto unlock;
 
@@ -577,6 +578,8 @@ static int skcipher_check_key(struct socket *sock)
 
 unlock:
release_sock(psk);
+unlock_child:
+   release_sock(sk);
 
return err;
 }
-- 
2.7.4

[PATCH 3.19.y-ckt 017/170] USB: cdc-acm: more sanity checking

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Oliver Neukum 

commit 8835ba4a39cf53f705417b3b3a94eb067673f2c9 upstream.

An attack has become available which pretends to be a quirky
device circumventing normal sanity checks and crashes the kernel
by an insufficient number of interfaces. This patch adds a check
to the code path for quirky devices.

Signed-off-by: Oliver Neukum 
Signed-off-by: Greg Kroah-Hartman 
Signed-off-by: Kamal Mostafa 
---
 drivers/usb/class/cdc-acm.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
index 672005d..9fa7296 100644
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -1109,6 +1109,9 @@ static int acm_probe(struct usb_interface *intf,
if (quirks == NO_UNION_NORMAL) {
data_interface = usb_ifnum_to_if(usb_dev, 1);
control_interface = usb_ifnum_to_if(usb_dev, 0);
+   /* we would crash */
+   if (!data_interface || !control_interface)
+   return -ENODEV;
goto skip_normal_probe;
}
 
-- 
2.7.4

[PATCH 3.19.y-ckt 014/170] ALSA: usb-audio: Add sanity checks for endpoint accesses

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Takashi Iwai 

commit 447d6275f0c21f6cc97a88b3a0c601436a4cdf2a upstream.

Add some sanity check codes before actually accessing the endpoint via
get_endpoint() in order to avoid the invalid access through a
malformed USB descriptor.  Mostly just checking bNumEndpoints, but in
one place (snd_microii_spdif_default_get()), the validity of iface and
altsetting index is checked as well.

Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=971125
Signed-off-by: Takashi Iwai 
Signed-off-by: Kamal Mostafa 
---
 sound/usb/clock.c| 2 ++
 sound/usb/endpoint.c | 3 +++
 sound/usb/mixer_quirks.c | 4 
 sound/usb/pcm.c  | 2 ++
 4 files changed, 11 insertions(+)

diff --git a/sound/usb/clock.c b/sound/usb/clock.c
index 03fed66..56216a2 100644
--- a/sound/usb/clock.c
+++ b/sound/usb/clock.c
@@ -285,6 +285,8 @@ static int set_sample_rate_v1(struct snd_usb_audio *chip, 
int iface,
unsigned char data[3];
int err, crate;
 
+   if (get_iface_desc(alts)->bNumEndpoints < 1)
+   return -EINVAL;
ep = get_endpoint(alts, 0)->bEndpointAddress;
 
/* if endpoint doesn't have sampling rate control, bail out */
diff --git a/sound/usb/endpoint.c b/sound/usb/endpoint.c
index 03b0744..e7f470a 100644
--- a/sound/usb/endpoint.c
+++ b/sound/usb/endpoint.c
@@ -413,6 +413,9 @@ exit_clear:
  *
  * New endpoints will be added to chip->ep_list and must be freed by
  * calling snd_usb_endpoint_free().
+ *
+ * For SND_USB_ENDPOINT_TYPE_SYNC, the caller needs to guarantee that
+ * bNumEndpoints > 1 beforehand.
  */
 struct snd_usb_endpoint *snd_usb_add_endpoint(struct snd_usb_audio *chip,
  struct usb_host_interface *alts,
diff --git a/sound/usb/mixer_quirks.c b/sound/usb/mixer_quirks.c
index db9547d..f8ffcda4 100644
--- a/sound/usb/mixer_quirks.c
+++ b/sound/usb/mixer_quirks.c
@@ -1532,7 +1532,11 @@ static int snd_microii_spdif_default_get(struct 
snd_kcontrol *kcontrol,
 
/* use known values for that card: interface#1 altsetting#1 */
iface = usb_ifnum_to_if(chip->dev, 1);
+   if (!iface || iface->num_altsetting < 2)
+   return -EINVAL;
alts = >altsetting[1];
+   if (get_iface_desc(alts)->bNumEndpoints < 1)
+   return -EINVAL;
ep = get_endpoint(alts, 0)->bEndpointAddress;
 
err = snd_usb_ctl_msg(chip->dev,
diff --git a/sound/usb/pcm.c b/sound/usb/pcm.c
index 0d8aba5..a7e97ba 100644
--- a/sound/usb/pcm.c
+++ b/sound/usb/pcm.c
@@ -159,6 +159,8 @@ static int init_pitch_v1(struct snd_usb_audio *chip, int 
iface,
unsigned char data[1];
int err;
 
+   if (get_iface_desc(alts)->bNumEndpoints < 1)
+   return -EINVAL;
ep = get_endpoint(alts, 0)->bEndpointAddress;
 
data[0] = 1;
-- 
2.7.4

[PATCH 3.19.y-ckt 015/170] include/linux/poison.h: fix LIST_POISON{1,2} offset

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Vasily Kulikov 

commit 8a5e5e02fc83aaf67053ab53b359af08c6c49aaf upstream.

Poison pointer values should be small enough to find a room in
non-mmap'able/hardly-mmap'able space.  E.g.  on x86 "poison pointer space"
is located starting from 0x0.  Given unprivileged users cannot mmap
anything below mmap_min_addr, it should be safe to use poison pointers
lower than mmap_min_addr.

The current poison pointer values of LIST_POISON{1,2} might be too big for
mmap_min_addr values equal or less than 1 MB (common case, e.g.  Ubuntu
uses only 0x1).  There is little point to use such a big value given
the "poison pointer space" below 1 MB is not yet exhausted.  Changing it
to a smaller value solves the problem for small mmap_min_addr setups.

The values are suggested by Solar Designer:
http://www.openwall.com/lists/oss-security/2015/05/02/6

Signed-off-by: Vasily Kulikov 
Cc: Solar Designer 
Cc: Thomas Gleixner 
Cc: "Kirill A. Shutemov" 
Signed-off-by: Andrew Morton 
Signed-off-by: Linus Torvalds 
Signed-off-by: Kamal Mostafa 
---
 include/linux/poison.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/linux/poison.h b/include/linux/poison.h
index 2110a81..253c9b4 100644
--- a/include/linux/poison.h
+++ b/include/linux/poison.h
@@ -19,8 +19,8 @@
  * under normal circumstances, used to verify that nobody uses
  * non-initialized list entries.
  */
-#define LIST_POISON1  ((void *) 0x00100100 + POISON_POINTER_DELTA)
-#define LIST_POISON2  ((void *) 0x00200200 + POISON_POINTER_DELTA)
+#define LIST_POISON1  ((void *) 0x100 + POISON_POINTER_DELTA)
+#define LIST_POISON2  ((void *) 0x200 + POISON_POINTER_DELTA)
 
 /** include/linux/timer.h **/
 /*
-- 
2.7.4

[PATCH 3.19.y-ckt 017/170] USB: cdc-acm: more sanity checking

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Oliver Neukum 

commit 8835ba4a39cf53f705417b3b3a94eb067673f2c9 upstream.

An attack has become available which pretends to be a quirky
device circumventing normal sanity checks and crashes the kernel
by an insufficient number of interfaces. This patch adds a check
to the code path for quirky devices.

Signed-off-by: Oliver Neukum 
Signed-off-by: Greg Kroah-Hartman 
Signed-off-by: Kamal Mostafa 
---
 drivers/usb/class/cdc-acm.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
index 672005d..9fa7296 100644
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -1109,6 +1109,9 @@ static int acm_probe(struct usb_interface *intf,
if (quirks == NO_UNION_NORMAL) {
data_interface = usb_ifnum_to_if(usb_dev, 1);
control_interface = usb_ifnum_to_if(usb_dev, 0);
+   /* we would crash */
+   if (!data_interface || !control_interface)
+   return -ENODEV;
goto skip_normal_probe;
}
 
-- 
2.7.4

[PATCH 3.19.y-ckt 014/170] ALSA: usb-audio: Add sanity checks for endpoint accesses

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Takashi Iwai 

commit 447d6275f0c21f6cc97a88b3a0c601436a4cdf2a upstream.

Add some sanity check codes before actually accessing the endpoint via
get_endpoint() in order to avoid the invalid access through a
malformed USB descriptor.  Mostly just checking bNumEndpoints, but in
one place (snd_microii_spdif_default_get()), the validity of iface and
altsetting index is checked as well.

Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=971125
Signed-off-by: Takashi Iwai 
Signed-off-by: Kamal Mostafa 
---
 sound/usb/clock.c| 2 ++
 sound/usb/endpoint.c | 3 +++
 sound/usb/mixer_quirks.c | 4 
 sound/usb/pcm.c  | 2 ++
 4 files changed, 11 insertions(+)

diff --git a/sound/usb/clock.c b/sound/usb/clock.c
index 03fed66..56216a2 100644
--- a/sound/usb/clock.c
+++ b/sound/usb/clock.c
@@ -285,6 +285,8 @@ static int set_sample_rate_v1(struct snd_usb_audio *chip, 
int iface,
unsigned char data[3];
int err, crate;
 
+   if (get_iface_desc(alts)->bNumEndpoints < 1)
+   return -EINVAL;
ep = get_endpoint(alts, 0)->bEndpointAddress;
 
/* if endpoint doesn't have sampling rate control, bail out */
diff --git a/sound/usb/endpoint.c b/sound/usb/endpoint.c
index 03b0744..e7f470a 100644
--- a/sound/usb/endpoint.c
+++ b/sound/usb/endpoint.c
@@ -413,6 +413,9 @@ exit_clear:
  *
  * New endpoints will be added to chip->ep_list and must be freed by
  * calling snd_usb_endpoint_free().
+ *
+ * For SND_USB_ENDPOINT_TYPE_SYNC, the caller needs to guarantee that
+ * bNumEndpoints > 1 beforehand.
  */
 struct snd_usb_endpoint *snd_usb_add_endpoint(struct snd_usb_audio *chip,
  struct usb_host_interface *alts,
diff --git a/sound/usb/mixer_quirks.c b/sound/usb/mixer_quirks.c
index db9547d..f8ffcda4 100644
--- a/sound/usb/mixer_quirks.c
+++ b/sound/usb/mixer_quirks.c
@@ -1532,7 +1532,11 @@ static int snd_microii_spdif_default_get(struct 
snd_kcontrol *kcontrol,
 
/* use known values for that card: interface#1 altsetting#1 */
iface = usb_ifnum_to_if(chip->dev, 1);
+   if (!iface || iface->num_altsetting < 2)
+   return -EINVAL;
alts = >altsetting[1];
+   if (get_iface_desc(alts)->bNumEndpoints < 1)
+   return -EINVAL;
ep = get_endpoint(alts, 0)->bEndpointAddress;
 
err = snd_usb_ctl_msg(chip->dev,
diff --git a/sound/usb/pcm.c b/sound/usb/pcm.c
index 0d8aba5..a7e97ba 100644
--- a/sound/usb/pcm.c
+++ b/sound/usb/pcm.c
@@ -159,6 +159,8 @@ static int init_pitch_v1(struct snd_usb_audio *chip, int 
iface,
unsigned char data[1];
int err;
 
+   if (get_iface_desc(alts)->bNumEndpoints < 1)
+   return -EINVAL;
ep = get_endpoint(alts, 0)->bEndpointAddress;
 
data[0] = 1;
-- 
2.7.4

[PATCH 3.19.y-ckt 015/170] include/linux/poison.h: fix LIST_POISON{1,2} offset

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Vasily Kulikov 

commit 8a5e5e02fc83aaf67053ab53b359af08c6c49aaf upstream.

Poison pointer values should be small enough to find a room in
non-mmap'able/hardly-mmap'able space.  E.g.  on x86 "poison pointer space"
is located starting from 0x0.  Given unprivileged users cannot mmap
anything below mmap_min_addr, it should be safe to use poison pointers
lower than mmap_min_addr.

The current poison pointer values of LIST_POISON{1,2} might be too big for
mmap_min_addr values equal or less than 1 MB (common case, e.g.  Ubuntu
uses only 0x1).  There is little point to use such a big value given
the "poison pointer space" below 1 MB is not yet exhausted.  Changing it
to a smaller value solves the problem for small mmap_min_addr setups.

The values are suggested by Solar Designer:
http://www.openwall.com/lists/oss-security/2015/05/02/6

Signed-off-by: Vasily Kulikov 
Cc: Solar Designer 
Cc: Thomas Gleixner 
Cc: "Kirill A. Shutemov" 
Signed-off-by: Andrew Morton 
Signed-off-by: Linus Torvalds 
Signed-off-by: Kamal Mostafa 
---
 include/linux/poison.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/linux/poison.h b/include/linux/poison.h
index 2110a81..253c9b4 100644
--- a/include/linux/poison.h
+++ b/include/linux/poison.h
@@ -19,8 +19,8 @@
  * under normal circumstances, used to verify that nobody uses
  * non-initialized list entries.
  */
-#define LIST_POISON1  ((void *) 0x00100100 + POISON_POINTER_DELTA)
-#define LIST_POISON2  ((void *) 0x00200200 + POISON_POINTER_DELTA)
+#define LIST_POISON1  ((void *) 0x100 + POISON_POINTER_DELTA)
+#define LIST_POISON2  ((void *) 0x200 + POISON_POINTER_DELTA)
 
 /** include/linux/timer.h **/
 /*
-- 
2.7.4

Re: [PATCH v5 2/2] clk: add artpec-6 clock controller

[Stephen Boyd]

On 03/31, Lars Persson wrote:
> diff --git a/drivers/clk/axis/Makefile b/drivers/clk/axis/Makefile
> new file mode 100644
> index 000..628c9d3
> --- /dev/null
> +++ b/drivers/clk/axis/Makefile
> @@ -0,0 +1 @@
> +obj-$(CONFIG_MACH_ARTPEC6)   += clk-artpec6.o
> diff --git a/drivers/clk/axis/clk-artpec6.c b/drivers/clk/axis/clk-artpec6.c
> new file mode 100644
> index 000..cf716f1
> --- /dev/null
> +++ b/drivers/clk/axis/clk-artpec6.c
> @@ -0,0 +1,230 @@
> +/*
> + * ARTPEC-6 clock initialization
> + *
> + * Copyright 2015-2016 Axis Comunications AB.
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License version 2 as
> + * published by the Free Software Foundation.
> + */
> +
> +#include 

Is this include used?

> +#include 
> +#include 

Is this include used?

> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +
> +#define NUM_I2S_CLOCKS 2
> +
> +struct artpec6_clkctrl_drvdata {
> + struct clk *clk_table[ARTPEC6_CLK_NUMCLOCKS];
> + void __iomem *syscon_base;
> + struct clk_onecell_data clk_data;
> + spinlock_t i2scfg_lock;
> +};
> +
> +
> +static struct artpec6_clkctrl_drvdata *clkdata;
> +
> +static const char *i2s_clk_names[NUM_I2S_CLOCKS] = {

const char * const?

> + "i2s0",
> + "i2s1",
> +};
> +
> +static const int i2s_clk_indexes[NUM_I2S_CLOCKS] = {
> + ARTPEC6_CLK_I2S0_CLK,
> + ARTPEC6_CLK_I2S1_CLK,
> +};
> +
> +static void of_artpec6_clkctrl_setup(struct device_node *np)
> +{
> + int i;
> + const char *sys_refclk_name;
> + u32 pll_mode, pll_m, pll_n;
> +
> + pr_info("of_artpec6_clkctrl_setup\n");

Debug noise?

> +
> + /* Mandatory parent clock. */
> + i = of_property_match_string(np, "clock-names", "sys_refclk");
> + if (i < 0)
> + return;
> +
> + sys_refclk_name = of_clk_get_parent_name(np, i);
> +
> + clkdata = kzalloc(sizeof(*clkdata), GFP_KERNEL);
> + if (!clkdata)
> + return;
> +
> + for (i = 0; i < ARTPEC6_CLK_NUMCLOCKS; ++i)
> + clkdata->clk_table[i] = ERR_PTR(-EPROBE_DEFER);
> +
> + clkdata->syscon_base = of_iomap(np, 0);

What if that fails?

> +
> + /* Read PLL1 factors configured by boot strap pins. */
> + pll_mode = (readl(clkdata->syscon_base) >> 6) & 3;
> + switch (pll_mode) {
> + case 0: /* DDR3-2133 mode */
> + pll_m = 4;
> + pll_n = 85;
> + break;
> + case 1: /* DDR3-1866 mode */
> + pll_m = 6;
> + pll_n = 112;
> + break;
> + case 2: /* DDR3-1600 mode */
> + pll_m = 4;
> + pll_n = 64;
> + break;
> + case 3: /* DDR3-1333 mode */
> + pll_m = 8;
> + pll_n = 106;
> + break;
> + }
> +
> + clkdata->clk_table[ARTPEC6_CLK_CPU] =
> + clk_register_fixed_factor(NULL, "cpu", sys_refclk_name, 0, pll_n,
> +   pll_m);
> + clkdata->clk_table[ARTPEC6_CLK_CPU_PERIPH] =
> + clk_register_fixed_factor(NULL, "cpu_periph", "cpu", 0, 1, 2);
> +
> + /* EPROBE_DEFER on the apb_clock is not handled in amba devices. */

Shouldn't we fix that then?

> + clkdata->clk_table[ARTPEC6_CLK_UART_PCLK] =
> + clk_register_fixed_factor(NULL, "uart_pclk", "cpu", 0, 1, 8);
> + clkdata->clk_table[ARTPEC6_CLK_UART_REFCLK] =
> + clk_register_fixed_rate(NULL, "uart_ref", sys_refclk_name, 0,
> + 5000);
> +
> + clkdata->clk_table[ARTPEC6_CLK_SPI_PCLK] =
> + clk_register_fixed_factor(NULL, "spi_pclk", "cpu", 0, 1, 8);
> + clkdata->clk_table[ARTPEC6_CLK_SPI_SSPCLK] =
> + clk_register_fixed_rate(NULL, "spi_sspclk", sys_refclk_name, 0,
> + 5000);
> +
> + clkdata->clk_table[ARTPEC6_CLK_DBG_PCLK] =
> + clk_register_fixed_factor(NULL, "dbg_pclk", "cpu", 0, 1, 8);
> +
> + clkdata->clk_data.clks = clkdata->clk_table;
> + clkdata->clk_data.clk_num = ARTPEC6_CLK_NUMCLOCKS;
> +
> + of_clk_add_provider(np, of_clk_src_onecell_get, >clk_data);
> +}
> +

Nitpick: Drop newline here.

> +CLK_OF_DECLARE(artpec6_clkctrl, "axis,artpec6-clkctrl",
> +of_artpec6_clkctrl_setup);
> +
> +static int artpec6_clkctrl_probe(struct platform_device *pdev)
> +{
> + int propidx;
> + struct device_node *np = pdev->dev.of_node;
> + const char *sys_refclk_name;
> + const char *i2s_refclk_name = NULL;
> + const char *frac_clk_name[2] = { NULL, NULL };
> + const char *i2s_mux_parents[2] = { NULL, NULL };

Do we need to initialize this to NULL?

> + u32 muxreg;
> + u32 i;

int i please.

> +
> + /* Mandatory parent clock. */
> + propidx = of_property_match_string(np, "clock-names", "sys_refclk");
> + if (propidx < 0)
> + return -EINVAL;
> +
> + sys_refclk_name 

[PATCH 3.19.y-ckt 018/170] cpu: Defer smpboot kthread unparking until CPU known to scheduler

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: "Paul E. McKenney" 

commit 00df35f991914db6b8bde8cf09808e19a9cffc3d upstream.

Currently, smpboot_unpark_threads() is invoked before the incoming CPU
has been added to the scheduler's runqueue structures.  This might
potentially cause the unparked kthread to run on the wrong CPU, since the
correct CPU isn't fully set up yet.

That causes a sporadic, hard to debug boot crash triggering on some
systems, reported by Borislav Petkov, and bisected down to:

  2a442c9c6453 ("x86: Use common outgoing-CPU-notification code")

This patch places smpboot_unpark_threads() in a CPU hotplug
notifier with priority set so that these kthreads are unparked just after
the CPU has been added to the runqueues.

Reported-and-tested-by: Borislav Petkov 
Signed-off-by: Paul E. McKenney 
Cc: Andrew Morton 
Cc: Linus Torvalds 
Cc: Peter Zijlstra 
Cc: Thomas Gleixner 
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar 
Cc: Owen Hofmann 
Signed-off-by: Luis Henriques 
Signed-off-by: Kamal Mostafa 
---
 include/linux/cpu.h |  2 ++
 init/main.c |  1 +
 kernel/cpu.c| 34 +++---
 3 files changed, 34 insertions(+), 3 deletions(-)

diff --git a/include/linux/cpu.h b/include/linux/cpu.h
index 4260e85..f1b8f4a 100644
--- a/include/linux/cpu.h
+++ b/include/linux/cpu.h
@@ -73,6 +73,7 @@ enum {
/* migration should happen before other stuff but after perf */
CPU_PRI_PERF= 20,
CPU_PRI_MIGRATION   = 10,
+   CPU_PRI_SMPBOOT = 9,
/* bring up workqueues before normal notifiers and down after */
CPU_PRI_WORKQUEUE_UP= 5,
CPU_PRI_WORKQUEUE_DOWN  = -5,
@@ -161,6 +162,7 @@ static inline void __unregister_cpu_notifier(struct 
notifier_block *nb)
 }
 #endif
 
+void smpboot_thread_init(void);
 int cpu_up(unsigned int cpu);
 void notify_cpu_starting(unsigned int cpu);
 extern void cpu_maps_update_begin(void);
diff --git a/init/main.c b/init/main.c
index 4872fb5..94138aa 100644
--- a/init/main.c
+++ b/init/main.c
@@ -397,6 +397,7 @@ static noinline void __init_refok rest_init(void)
int pid;
 
rcu_scheduler_starting();
+   smpboot_thread_init();
/*
 * We need to spawn init first so that it obtains pid 1, however
 * the init task will end up wanting to create kthreads, which, if
diff --git a/kernel/cpu.c b/kernel/cpu.c
index 1972b16..ebfb188 100644
--- a/kernel/cpu.c
+++ b/kernel/cpu.c
@@ -446,6 +446,37 @@ out:
 EXPORT_SYMBOL(cpu_down);
 #endif /*CONFIG_HOTPLUG_CPU*/
 
+/*
+ * Unpark per-CPU smpboot kthreads at CPU-online time.
+ */
+static int smpboot_thread_call(struct notifier_block *nfb,
+  unsigned long action, void *hcpu)
+{
+   int cpu = (long)hcpu;
+
+   switch (action & ~CPU_TASKS_FROZEN) {
+
+   case CPU_ONLINE:
+   smpboot_unpark_threads(cpu);
+   break;
+
+   default:
+   break;
+   }
+
+   return NOTIFY_OK;
+}
+
+static struct notifier_block smpboot_thread_notifier = {
+   .notifier_call = smpboot_thread_call,
+   .priority = CPU_PRI_SMPBOOT,
+};
+
+void __cpuinit smpboot_thread_init(void)
+{
+   register_cpu_notifier(_thread_notifier);
+}
+
 /* Requires cpu_add_remove_lock to be held */
 static int _cpu_up(unsigned int cpu, int tasks_frozen)
 {
@@ -485,9 +516,6 @@ static int _cpu_up(unsigned int cpu, int tasks_frozen)
goto out_notify;
BUG_ON(!cpu_online(cpu));
 
-   /* Wake the per cpu threads */
-   smpboot_unpark_threads(cpu);
-
/* Now call notifier in preparation. */
cpu_notify(CPU_ONLINE | mod, hcpu);
 
-- 
2.7.4

[PATCH 3.19.y-ckt 007/170] crypto: algif_skcipher - Remove custom release parent function

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Herbert Xu 

commit d7b65aee1e7b4c87922b0232eaba56a8a143a4a0 upstream.

This patch removes the custom release parent function as the
generic af_alg_release_parent now works for nokey sockets too.

Signed-off-by: Herbert Xu 
Signed-off-by: Kamal Mostafa 
---
 crypto/algif_skcipher.c | 43 +++
 1 file changed, 3 insertions(+), 40 deletions(-)

diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index 75c2d72..68caee1 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -678,7 +678,7 @@ static int skcipher_setkey(void *private, const u8 *key, 
unsigned int keylen)
return err;
 }
 
-static void skcipher_sock_destruct_common(struct sock *sk)
+static void skcipher_sock_destruct(struct sock *sk)
 {
struct alg_sock *ask = alg_sk(sk);
struct skcipher_ctx *ctx = ask->private;
@@ -687,33 +687,10 @@ static void skcipher_sock_destruct_common(struct sock *sk)
skcipher_free_sgl(sk);
sock_kzfree_s(sk, ctx->iv, crypto_ablkcipher_ivsize(tfm));
sock_kfree_s(sk, ctx, ctx->len);
-}
-
-static void skcipher_sock_destruct(struct sock *sk)
-{
-   skcipher_sock_destruct_common(sk);
-   af_alg_release_parent(sk);
-}
-
-static void skcipher_release_parent_nokey(struct sock *sk)
-{
-   struct alg_sock *ask = alg_sk(sk);
-
-   if (!ask->refcnt) {
-   sock_put(ask->parent);
-   return;
-   }
-
af_alg_release_parent(sk);
 }
 
-static void skcipher_sock_destruct_nokey(struct sock *sk)
-{
-   skcipher_sock_destruct_common(sk);
-   skcipher_release_parent_nokey(sk);
-}
-
-static int skcipher_accept_parent_common(void *private, struct sock *sk)
+static int skcipher_accept_parent_nokey(void *private, struct sock *sk)
 {
struct skcipher_ctx *ctx;
struct alg_sock *ask = alg_sk(sk);
@@ -760,21 +737,7 @@ static int skcipher_accept_parent(void *private, struct 
sock *sk)
if (!tfm->has_key && crypto_ablkcipher_has_setkey(tfm->skcipher))
return -ENOKEY;
 
-   return skcipher_accept_parent_common(private, sk);
-}
-
-static int skcipher_accept_parent_nokey(void *private, struct sock *sk)
-{
-   int err;
-
-   err = skcipher_accept_parent_common(private, sk);
-   if (err)
-   goto out;
-
-   sk->sk_destruct = skcipher_sock_destruct_nokey;
-
-out:
-   return err;
+   return skcipher_accept_parent_nokey(private, sk);
 }
 
 static const struct af_alg_type algif_type_skcipher = {
-- 
2.7.4

[PATCH 3.19.y-ckt 018/170] cpu: Defer smpboot kthread unparking until CPU known to scheduler

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: "Paul E. McKenney" 

commit 00df35f991914db6b8bde8cf09808e19a9cffc3d upstream.

Currently, smpboot_unpark_threads() is invoked before the incoming CPU
has been added to the scheduler's runqueue structures.  This might
potentially cause the unparked kthread to run on the wrong CPU, since the
correct CPU isn't fully set up yet.

That causes a sporadic, hard to debug boot crash triggering on some
systems, reported by Borislav Petkov, and bisected down to:

  2a442c9c6453 ("x86: Use common outgoing-CPU-notification code")

This patch places smpboot_unpark_threads() in a CPU hotplug
notifier with priority set so that these kthreads are unparked just after
the CPU has been added to the runqueues.

Reported-and-tested-by: Borislav Petkov 
Signed-off-by: Paul E. McKenney 
Cc: Andrew Morton 
Cc: Linus Torvalds 
Cc: Peter Zijlstra 
Cc: Thomas Gleixner 
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar 
Cc: Owen Hofmann 
Signed-off-by: Luis Henriques 
Signed-off-by: Kamal Mostafa 
---
 include/linux/cpu.h |  2 ++
 init/main.c |  1 +
 kernel/cpu.c| 34 +++---
 3 files changed, 34 insertions(+), 3 deletions(-)

diff --git a/include/linux/cpu.h b/include/linux/cpu.h
index 4260e85..f1b8f4a 100644
--- a/include/linux/cpu.h
+++ b/include/linux/cpu.h
@@ -73,6 +73,7 @@ enum {
/* migration should happen before other stuff but after perf */
CPU_PRI_PERF= 20,
CPU_PRI_MIGRATION   = 10,
+   CPU_PRI_SMPBOOT = 9,
/* bring up workqueues before normal notifiers and down after */
CPU_PRI_WORKQUEUE_UP= 5,
CPU_PRI_WORKQUEUE_DOWN  = -5,
@@ -161,6 +162,7 @@ static inline void __unregister_cpu_notifier(struct 
notifier_block *nb)
 }
 #endif
 
+void smpboot_thread_init(void);
 int cpu_up(unsigned int cpu);
 void notify_cpu_starting(unsigned int cpu);
 extern void cpu_maps_update_begin(void);
diff --git a/init/main.c b/init/main.c
index 4872fb5..94138aa 100644
--- a/init/main.c
+++ b/init/main.c
@@ -397,6 +397,7 @@ static noinline void __init_refok rest_init(void)
int pid;
 
rcu_scheduler_starting();
+   smpboot_thread_init();
/*
 * We need to spawn init first so that it obtains pid 1, however
 * the init task will end up wanting to create kthreads, which, if
diff --git a/kernel/cpu.c b/kernel/cpu.c
index 1972b16..ebfb188 100644
--- a/kernel/cpu.c
+++ b/kernel/cpu.c
@@ -446,6 +446,37 @@ out:
 EXPORT_SYMBOL(cpu_down);
 #endif /*CONFIG_HOTPLUG_CPU*/
 
+/*
+ * Unpark per-CPU smpboot kthreads at CPU-online time.
+ */
+static int smpboot_thread_call(struct notifier_block *nfb,
+  unsigned long action, void *hcpu)
+{
+   int cpu = (long)hcpu;
+
+   switch (action & ~CPU_TASKS_FROZEN) {
+
+   case CPU_ONLINE:
+   smpboot_unpark_threads(cpu);
+   break;
+
+   default:
+   break;
+   }
+
+   return NOTIFY_OK;
+}
+
+static struct notifier_block smpboot_thread_notifier = {
+   .notifier_call = smpboot_thread_call,
+   .priority = CPU_PRI_SMPBOOT,
+};
+
+void __cpuinit smpboot_thread_init(void)
+{
+   register_cpu_notifier(_thread_notifier);
+}
+
 /* Requires cpu_add_remove_lock to be held */
 static int _cpu_up(unsigned int cpu, int tasks_frozen)
 {
@@ -485,9 +516,6 @@ static int _cpu_up(unsigned int cpu, int tasks_frozen)
goto out_notify;
BUG_ON(!cpu_online(cpu));
 
-   /* Wake the per cpu threads */
-   smpboot_unpark_threads(cpu);
-
/* Now call notifier in preparation. */
cpu_notify(CPU_ONLINE | mod, hcpu);
 
-- 
2.7.4

[PATCH 3.19.y-ckt 007/170] crypto: algif_skcipher - Remove custom release parent function

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Herbert Xu 

commit d7b65aee1e7b4c87922b0232eaba56a8a143a4a0 upstream.

This patch removes the custom release parent function as the
generic af_alg_release_parent now works for nokey sockets too.

Signed-off-by: Herbert Xu 
Signed-off-by: Kamal Mostafa 
---
 crypto/algif_skcipher.c | 43 +++
 1 file changed, 3 insertions(+), 40 deletions(-)

diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index 75c2d72..68caee1 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -678,7 +678,7 @@ static int skcipher_setkey(void *private, const u8 *key, 
unsigned int keylen)
return err;
 }
 
-static void skcipher_sock_destruct_common(struct sock *sk)
+static void skcipher_sock_destruct(struct sock *sk)
 {
struct alg_sock *ask = alg_sk(sk);
struct skcipher_ctx *ctx = ask->private;
@@ -687,33 +687,10 @@ static void skcipher_sock_destruct_common(struct sock *sk)
skcipher_free_sgl(sk);
sock_kzfree_s(sk, ctx->iv, crypto_ablkcipher_ivsize(tfm));
sock_kfree_s(sk, ctx, ctx->len);
-}
-
-static void skcipher_sock_destruct(struct sock *sk)
-{
-   skcipher_sock_destruct_common(sk);
-   af_alg_release_parent(sk);
-}
-
-static void skcipher_release_parent_nokey(struct sock *sk)
-{
-   struct alg_sock *ask = alg_sk(sk);
-
-   if (!ask->refcnt) {
-   sock_put(ask->parent);
-   return;
-   }
-
af_alg_release_parent(sk);
 }
 
-static void skcipher_sock_destruct_nokey(struct sock *sk)
-{
-   skcipher_sock_destruct_common(sk);
-   skcipher_release_parent_nokey(sk);
-}
-
-static int skcipher_accept_parent_common(void *private, struct sock *sk)
+static int skcipher_accept_parent_nokey(void *private, struct sock *sk)
 {
struct skcipher_ctx *ctx;
struct alg_sock *ask = alg_sk(sk);
@@ -760,21 +737,7 @@ static int skcipher_accept_parent(void *private, struct 
sock *sk)
if (!tfm->has_key && crypto_ablkcipher_has_setkey(tfm->skcipher))
return -ENOKEY;
 
-   return skcipher_accept_parent_common(private, sk);
-}
-
-static int skcipher_accept_parent_nokey(void *private, struct sock *sk)
-{
-   int err;
-
-   err = skcipher_accept_parent_common(private, sk);
-   if (err)
-   goto out;
-
-   sk->sk_destruct = skcipher_sock_destruct_nokey;
-
-out:
-   return err;
+   return skcipher_accept_parent_nokey(private, sk);
 }
 
 static const struct af_alg_type algif_type_skcipher = {
-- 
2.7.4

Re: [PATCH v5 2/2] clk: add artpec-6 clock controller

[Stephen Boyd]

On 03/31, Lars Persson wrote:
> diff --git a/drivers/clk/axis/Makefile b/drivers/clk/axis/Makefile
> new file mode 100644
> index 000..628c9d3
> --- /dev/null
> +++ b/drivers/clk/axis/Makefile
> @@ -0,0 +1 @@
> +obj-$(CONFIG_MACH_ARTPEC6)   += clk-artpec6.o
> diff --git a/drivers/clk/axis/clk-artpec6.c b/drivers/clk/axis/clk-artpec6.c
> new file mode 100644
> index 000..cf716f1
> --- /dev/null
> +++ b/drivers/clk/axis/clk-artpec6.c
> @@ -0,0 +1,230 @@
> +/*
> + * ARTPEC-6 clock initialization
> + *
> + * Copyright 2015-2016 Axis Comunications AB.
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License version 2 as
> + * published by the Free Software Foundation.
> + */
> +
> +#include 

Is this include used?

> +#include 
> +#include 

Is this include used?

> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +
> +#define NUM_I2S_CLOCKS 2
> +
> +struct artpec6_clkctrl_drvdata {
> + struct clk *clk_table[ARTPEC6_CLK_NUMCLOCKS];
> + void __iomem *syscon_base;
> + struct clk_onecell_data clk_data;
> + spinlock_t i2scfg_lock;
> +};
> +
> +
> +static struct artpec6_clkctrl_drvdata *clkdata;
> +
> +static const char *i2s_clk_names[NUM_I2S_CLOCKS] = {

const char * const?

> + "i2s0",
> + "i2s1",
> +};
> +
> +static const int i2s_clk_indexes[NUM_I2S_CLOCKS] = {
> + ARTPEC6_CLK_I2S0_CLK,
> + ARTPEC6_CLK_I2S1_CLK,
> +};
> +
> +static void of_artpec6_clkctrl_setup(struct device_node *np)
> +{
> + int i;
> + const char *sys_refclk_name;
> + u32 pll_mode, pll_m, pll_n;
> +
> + pr_info("of_artpec6_clkctrl_setup\n");

Debug noise?

> +
> + /* Mandatory parent clock. */
> + i = of_property_match_string(np, "clock-names", "sys_refclk");
> + if (i < 0)
> + return;
> +
> + sys_refclk_name = of_clk_get_parent_name(np, i);
> +
> + clkdata = kzalloc(sizeof(*clkdata), GFP_KERNEL);
> + if (!clkdata)
> + return;
> +
> + for (i = 0; i < ARTPEC6_CLK_NUMCLOCKS; ++i)
> + clkdata->clk_table[i] = ERR_PTR(-EPROBE_DEFER);
> +
> + clkdata->syscon_base = of_iomap(np, 0);

What if that fails?

> +
> + /* Read PLL1 factors configured by boot strap pins. */
> + pll_mode = (readl(clkdata->syscon_base) >> 6) & 3;
> + switch (pll_mode) {
> + case 0: /* DDR3-2133 mode */
> + pll_m = 4;
> + pll_n = 85;
> + break;
> + case 1: /* DDR3-1866 mode */
> + pll_m = 6;
> + pll_n = 112;
> + break;
> + case 2: /* DDR3-1600 mode */
> + pll_m = 4;
> + pll_n = 64;
> + break;
> + case 3: /* DDR3-1333 mode */
> + pll_m = 8;
> + pll_n = 106;
> + break;
> + }
> +
> + clkdata->clk_table[ARTPEC6_CLK_CPU] =
> + clk_register_fixed_factor(NULL, "cpu", sys_refclk_name, 0, pll_n,
> +   pll_m);
> + clkdata->clk_table[ARTPEC6_CLK_CPU_PERIPH] =
> + clk_register_fixed_factor(NULL, "cpu_periph", "cpu", 0, 1, 2);
> +
> + /* EPROBE_DEFER on the apb_clock is not handled in amba devices. */

Shouldn't we fix that then?

> + clkdata->clk_table[ARTPEC6_CLK_UART_PCLK] =
> + clk_register_fixed_factor(NULL, "uart_pclk", "cpu", 0, 1, 8);
> + clkdata->clk_table[ARTPEC6_CLK_UART_REFCLK] =
> + clk_register_fixed_rate(NULL, "uart_ref", sys_refclk_name, 0,
> + 5000);
> +
> + clkdata->clk_table[ARTPEC6_CLK_SPI_PCLK] =
> + clk_register_fixed_factor(NULL, "spi_pclk", "cpu", 0, 1, 8);
> + clkdata->clk_table[ARTPEC6_CLK_SPI_SSPCLK] =
> + clk_register_fixed_rate(NULL, "spi_sspclk", sys_refclk_name, 0,
> + 5000);
> +
> + clkdata->clk_table[ARTPEC6_CLK_DBG_PCLK] =
> + clk_register_fixed_factor(NULL, "dbg_pclk", "cpu", 0, 1, 8);
> +
> + clkdata->clk_data.clks = clkdata->clk_table;
> + clkdata->clk_data.clk_num = ARTPEC6_CLK_NUMCLOCKS;
> +
> + of_clk_add_provider(np, of_clk_src_onecell_get, >clk_data);
> +}
> +

Nitpick: Drop newline here.

> +CLK_OF_DECLARE(artpec6_clkctrl, "axis,artpec6-clkctrl",
> +of_artpec6_clkctrl_setup);
> +
> +static int artpec6_clkctrl_probe(struct platform_device *pdev)
> +{
> + int propidx;
> + struct device_node *np = pdev->dev.of_node;
> + const char *sys_refclk_name;
> + const char *i2s_refclk_name = NULL;
> + const char *frac_clk_name[2] = { NULL, NULL };
> + const char *i2s_mux_parents[2] = { NULL, NULL };

Do we need to initialize this to NULL?

> + u32 muxreg;
> + u32 i;

int i please.

> +
> + /* Mandatory parent clock. */
> + propidx = of_property_match_string(np, "clock-names", "sys_refclk");
> + if (propidx < 0)
> + return -EINVAL;
> +
> + sys_refclk_name 

[PATCH 3.19.y-ckt 022/170] crypto: ccp - Add hash state import and export support

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Tom Lendacky 

commit 952bce9792e6bf36fda09c2e5718abb5d9327369 upstream.

Commit 8996eafdcbad ("crypto: ahash - ensure statesize is non-zero")
added a check to prevent ahash algorithms from successfully registering
if the import and export functions were not implemented. This prevents
an oops in the hash_accept function of algif_hash. This commit causes
the ccp-crypto module SHA support and AES CMAC support from successfully
registering and causing the ccp-crypto module load to fail because the
ahash import and export functions are not implemented.

Update the CCP Crypto API support to provide import and export support
for ahash algorithms.

Signed-off-by: Tom Lendacky 
Signed-off-by: Herbert Xu 
Signed-off-by: Kamal Mostafa 
---
 drivers/crypto/ccp/ccp-crypto-aes-cmac.c | 23 +++
 drivers/crypto/ccp/ccp-crypto-sha.c  | 23 +++
 2 files changed, 46 insertions(+)

diff --git a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c 
b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
index 8e162ad..504d6da 100644
--- a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
+++ b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
@@ -201,6 +201,26 @@ static int ccp_aes_cmac_digest(struct ahash_request *req)
return ccp_aes_cmac_finup(req);
 }
 
+static int ccp_aes_cmac_export(struct ahash_request *req, void *out)
+{
+   struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
+   struct ccp_aes_cmac_req_ctx *state = out;
+
+   *state = *rctx;
+
+   return 0;
+}
+
+static int ccp_aes_cmac_import(struct ahash_request *req, const void *in)
+{
+   struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
+   const struct ccp_aes_cmac_req_ctx *state = in;
+
+   *rctx = *state;
+
+   return 0;
+}
+
 static int ccp_aes_cmac_setkey(struct crypto_ahash *tfm, const u8 *key,
   unsigned int key_len)
 {
@@ -332,10 +352,13 @@ int ccp_register_aes_cmac_algs(struct list_head *head)
alg->final = ccp_aes_cmac_final;
alg->finup = ccp_aes_cmac_finup;
alg->digest = ccp_aes_cmac_digest;
+   alg->export = ccp_aes_cmac_export;
+   alg->import = ccp_aes_cmac_import;
alg->setkey = ccp_aes_cmac_setkey;
 
halg = >halg;
halg->digestsize = AES_BLOCK_SIZE;
+   halg->statesize = sizeof(struct ccp_aes_cmac_req_ctx);
 
base = >base;
snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "cmac(aes)");
diff --git a/drivers/crypto/ccp/ccp-crypto-sha.c 
b/drivers/crypto/ccp/ccp-crypto-sha.c
index 9653157..33e52f0 100644
--- a/drivers/crypto/ccp/ccp-crypto-sha.c
+++ b/drivers/crypto/ccp/ccp-crypto-sha.c
@@ -193,6 +193,26 @@ static int ccp_sha_digest(struct ahash_request *req)
return ccp_sha_finup(req);
 }
 
+static int ccp_sha_export(struct ahash_request *req, void *out)
+{
+   struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
+   struct ccp_sha_req_ctx *state = out;
+
+   *state = *rctx;
+
+   return 0;
+}
+
+static int ccp_sha_import(struct ahash_request *req, const void *in)
+{
+   struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
+   const struct ccp_sha_req_ctx *state = in;
+
+   *rctx = *state;
+
+   return 0;
+}
+
 static int ccp_sha_setkey(struct crypto_ahash *tfm, const u8 *key,
  unsigned int key_len)
 {
@@ -388,9 +408,12 @@ static int ccp_register_sha_alg(struct list_head *head,
alg->final = ccp_sha_final;
alg->finup = ccp_sha_finup;
alg->digest = ccp_sha_digest;
+   alg->export = ccp_sha_export;
+   alg->import = ccp_sha_import;
 
halg = >halg;
halg->digestsize = def->digest_size;
+   halg->statesize = sizeof(struct ccp_sha_req_ctx);
 
base = >base;
snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "%s", def->name);
-- 
2.7.4

[PATCH 3.19.y-ckt 022/170] crypto: ccp - Add hash state import and export support

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Tom Lendacky 

commit 952bce9792e6bf36fda09c2e5718abb5d9327369 upstream.

Commit 8996eafdcbad ("crypto: ahash - ensure statesize is non-zero")
added a check to prevent ahash algorithms from successfully registering
if the import and export functions were not implemented. This prevents
an oops in the hash_accept function of algif_hash. This commit causes
the ccp-crypto module SHA support and AES CMAC support from successfully
registering and causing the ccp-crypto module load to fail because the
ahash import and export functions are not implemented.

Update the CCP Crypto API support to provide import and export support
for ahash algorithms.

Signed-off-by: Tom Lendacky 
Signed-off-by: Herbert Xu 
Signed-off-by: Kamal Mostafa 
---
 drivers/crypto/ccp/ccp-crypto-aes-cmac.c | 23 +++
 drivers/crypto/ccp/ccp-crypto-sha.c  | 23 +++
 2 files changed, 46 insertions(+)

diff --git a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c 
b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
index 8e162ad..504d6da 100644
--- a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
+++ b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
@@ -201,6 +201,26 @@ static int ccp_aes_cmac_digest(struct ahash_request *req)
return ccp_aes_cmac_finup(req);
 }
 
+static int ccp_aes_cmac_export(struct ahash_request *req, void *out)
+{
+   struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
+   struct ccp_aes_cmac_req_ctx *state = out;
+
+   *state = *rctx;
+
+   return 0;
+}
+
+static int ccp_aes_cmac_import(struct ahash_request *req, const void *in)
+{
+   struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
+   const struct ccp_aes_cmac_req_ctx *state = in;
+
+   *rctx = *state;
+
+   return 0;
+}
+
 static int ccp_aes_cmac_setkey(struct crypto_ahash *tfm, const u8 *key,
   unsigned int key_len)
 {
@@ -332,10 +352,13 @@ int ccp_register_aes_cmac_algs(struct list_head *head)
alg->final = ccp_aes_cmac_final;
alg->finup = ccp_aes_cmac_finup;
alg->digest = ccp_aes_cmac_digest;
+   alg->export = ccp_aes_cmac_export;
+   alg->import = ccp_aes_cmac_import;
alg->setkey = ccp_aes_cmac_setkey;
 
halg = >halg;
halg->digestsize = AES_BLOCK_SIZE;
+   halg->statesize = sizeof(struct ccp_aes_cmac_req_ctx);
 
base = >base;
snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "cmac(aes)");
diff --git a/drivers/crypto/ccp/ccp-crypto-sha.c 
b/drivers/crypto/ccp/ccp-crypto-sha.c
index 9653157..33e52f0 100644
--- a/drivers/crypto/ccp/ccp-crypto-sha.c
+++ b/drivers/crypto/ccp/ccp-crypto-sha.c
@@ -193,6 +193,26 @@ static int ccp_sha_digest(struct ahash_request *req)
return ccp_sha_finup(req);
 }
 
+static int ccp_sha_export(struct ahash_request *req, void *out)
+{
+   struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
+   struct ccp_sha_req_ctx *state = out;
+
+   *state = *rctx;
+
+   return 0;
+}
+
+static int ccp_sha_import(struct ahash_request *req, const void *in)
+{
+   struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
+   const struct ccp_sha_req_ctx *state = in;
+
+   *rctx = *state;
+
+   return 0;
+}
+
 static int ccp_sha_setkey(struct crypto_ahash *tfm, const u8 *key,
  unsigned int key_len)
 {
@@ -388,9 +408,12 @@ static int ccp_register_sha_alg(struct list_head *head,
alg->final = ccp_sha_final;
alg->finup = ccp_sha_finup;
alg->digest = ccp_sha_digest;
+   alg->export = ccp_sha_export;
+   alg->import = ccp_sha_import;
 
halg = >halg;
halg->digestsize = def->digest_size;
+   halg->statesize = sizeof(struct ccp_sha_req_ctx);
 
base = >base;
snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "%s", def->name);
-- 
2.7.4

[PATCH 3.19.y-ckt 021/170] EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr()

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Dan Carpenter 

commit 6f3508f61c814ee852c199988a62bd954c50dfc1 upstream.

dct_sel_base_off is declared as a u64 but we're only using the lower 32
bits because of a shift wrapping bug. This can possibly truncate the
upper 16 bits of DctSelBaseOffset[47:26], causing us to misdecode the CS
row.

Fixes: c8e518d5673d ('amd64_edac: Sanitize f10_get_base_addr_offset')
Signed-off-by: Dan Carpenter 
Cc: Aravind Gopalakrishnan 
Cc: linux-edac 
Link: http://lkml.kernel.org/r/20160120095451.GB19898@mwanda
Signed-off-by: Borislav Petkov 
Signed-off-by: Kamal Mostafa 
---
 drivers/edac/amd64_edac.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c
index 5907c17..a3e482e 100644
--- a/drivers/edac/amd64_edac.c
+++ b/drivers/edac/amd64_edac.c
@@ -1434,7 +1434,7 @@ static u64 f1x_get_norm_dct_addr(struct amd64_pvt *pvt, 
u8 range,
u64 chan_off;
u64 dram_base   = get_dram_base(pvt, range);
u64 hole_off= f10_dhar_offset(pvt);
-   u64 dct_sel_base_off= (pvt->dct_sel_hi & 0xFC00) << 16;
+   u64 dct_sel_base_off= (u64)(pvt->dct_sel_hi & 0xFC00) << 16;
 
if (hi_rng) {
/*
-- 
2.7.4

[PATCH 3.19.y-ckt 025/170] [media] pwc: Add USB id for Philips Spc880nc webcam

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Hans de Goede 

commit 7445e45d19a09e5269dc85f17f9635be29d2f76c upstream.

SPC 880NC PC camera discussions:
http://www.pclinuxos.com/forum/index.php/topic,135688.0.html

Reported-by: Kikim 
Signed-off-by: Hans de Goede 
Signed-off-by: Mauro Carvalho Chehab 
Signed-off-by: Kamal Mostafa 
---
 drivers/media/usb/pwc/pwc-if.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/drivers/media/usb/pwc/pwc-if.c b/drivers/media/usb/pwc/pwc-if.c
index 15b754d..f330926 100644
--- a/drivers/media/usb/pwc/pwc-if.c
+++ b/drivers/media/usb/pwc/pwc-if.c
@@ -91,6 +91,7 @@ static const struct usb_device_id pwc_device_table [] = {
{ USB_DEVICE(0x0471, 0x0312) },
{ USB_DEVICE(0x0471, 0x0313) }, /* the 'new' 720K */
{ USB_DEVICE(0x0471, 0x0329) }, /* Philips SPC 900NC PC Camera */
+   { USB_DEVICE(0x0471, 0x032C) }, /* Philips SPC 880NC PC Camera */
{ USB_DEVICE(0x069A, 0x0001) }, /* Askey */
{ USB_DEVICE(0x046D, 0x08B0) }, /* Logitech QuickCam Pro 3000 */
{ USB_DEVICE(0x046D, 0x08B1) }, /* Logitech QuickCam Notebook Pro */
@@ -799,6 +800,11 @@ static int usb_pwc_probe(struct usb_interface *intf, const 
struct usb_device_id
name = "Philips SPC 900NC webcam";
type_id = 740;
break;
+   case 0x032C:
+   PWC_INFO("Philips SPC 880NC USB webcam detected.\n");
+   name = "Philips SPC 880NC webcam";
+   type_id = 740;
+   break;
default:
return -ENODEV;
break;
-- 
2.7.4

[PATCH 3.19.y-ckt 024/170] [media] media: v4l2-compat-ioctl32: fix missing length copy in put_v4l2_buffer32

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Tiffany Lin 

commit 7df5ab8774aa383c6d2bff00688d004585d96dfd upstream.

In v4l2-compliance utility, test QUERYBUF required correct length
value to go through each planar to check planar's length in
multi-planar buffer type

Signed-off-by: Tiffany Lin 
Reviewed-by: Laurent Pinchart 
Signed-off-by: Hans Verkuil 
Signed-off-by: Mauro Carvalho Chehab 
Signed-off-by: Kamal Mostafa 
---
 drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 21 -
 1 file changed, 8 insertions(+), 13 deletions(-)

diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c 
b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
index 788b31c..73138a3 100644
--- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
+++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
@@ -394,7 +394,8 @@ static int get_v4l2_buffer32(struct v4l2_buffer *kp, struct 
v4l2_buffer32 __user
get_user(kp->index, >index) ||
get_user(kp->type, >type) ||
get_user(kp->flags, >flags) ||
-   get_user(kp->memory, >memory))
+   get_user(kp->memory, >memory) ||
+   get_user(kp->length, >length))
return -EFAULT;
 
if (V4L2_TYPE_IS_OUTPUT(kp->type))
@@ -406,9 +407,6 @@ static int get_v4l2_buffer32(struct v4l2_buffer *kp, struct 
v4l2_buffer32 __user
return -EFAULT;
 
if (V4L2_TYPE_IS_MULTIPLANAR(kp->type)) {
-   if (get_user(kp->length, >length))
-   return -EFAULT;
-
num_planes = kp->length;
if (num_planes == 0) {
kp->m.planes = NULL;
@@ -441,16 +439,14 @@ static int get_v4l2_buffer32(struct v4l2_buffer *kp, 
struct v4l2_buffer32 __user
} else {
switch (kp->memory) {
case V4L2_MEMORY_MMAP:
-   if (get_user(kp->length, >length) ||
-   get_user(kp->m.offset, >m.offset))
+   if (get_user(kp->m.offset, >m.offset))
return -EFAULT;
break;
case V4L2_MEMORY_USERPTR:
{
compat_long_t tmp;
 
-   if (get_user(kp->length, >length) ||
-   get_user(tmp, >m.userptr))
+   if (get_user(tmp, >m.userptr))
return -EFAULT;
 
kp->m.userptr = (unsigned long)compat_ptr(tmp);
@@ -492,7 +488,8 @@ static int put_v4l2_buffer32(struct v4l2_buffer *kp, struct 
v4l2_buffer32 __user
copy_to_user(>timecode, >timecode, sizeof(struct 
v4l2_timecode)) ||
put_user(kp->sequence, >sequence) ||
put_user(kp->reserved2, >reserved2) ||
-   put_user(kp->reserved, >reserved))
+   put_user(kp->reserved, >reserved) ||
+   put_user(kp->length, >length))
return -EFAULT;
 
if (V4L2_TYPE_IS_MULTIPLANAR(kp->type)) {
@@ -515,13 +512,11 @@ static int put_v4l2_buffer32(struct v4l2_buffer *kp, 
struct v4l2_buffer32 __user
} else {
switch (kp->memory) {
case V4L2_MEMORY_MMAP:
-   if (put_user(kp->length, >length) ||
-   put_user(kp->m.offset, >m.offset))
+   if (put_user(kp->m.offset, >m.offset))
return -EFAULT;
break;
case V4L2_MEMORY_USERPTR:
-   if (put_user(kp->length, >length) ||
-   put_user(kp->m.userptr, >m.userptr))
+   if (put_user(kp->m.userptr, >m.userptr))
return -EFAULT;
break;
case V4L2_MEMORY_OVERLAY:
-- 
2.7.4

[PATCH 3.19.y-ckt 023/170] tty: Fix GPF in flush_to_ldisc(), part 2

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Peter Hurley 

commit f33798deecbd59a2955f40ac0ae2bc7dff54c069 upstream.

commit 9ce119f318ba ("tty: Fix GPF in flush_to_ldisc()") fixed a
GPF caused by a line discipline which does not define a receive_buf()
method.

However, the vt driver (and speakup driver also) pushes selection
data directly to the line discipline receive_buf() method via
tty_ldisc_receive_buf(). Fix the same problem in tty_ldisc_receive_buf().

Signed-off-by: Peter Hurley 
Signed-off-by: Greg Kroah-Hartman 
Signed-off-by: Kamal Mostafa 
---
 include/linux/tty.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/linux/tty.h b/include/linux/tty.h
index 8716524..05cfdfe 100644
--- a/include/linux/tty.h
+++ b/include/linux/tty.h
@@ -568,7 +568,7 @@ static inline int tty_ldisc_receive_buf(struct tty_ldisc 
*ld, unsigned char *p,
count = ld->ops->receive_buf2(ld->tty, p, f, count);
else {
count = min_t(int, count, ld->tty->receive_room);
-   if (count)
+   if (count && ld->ops->receive_buf)
ld->ops->receive_buf(ld->tty, p, f, count);
}
return count;
-- 
2.7.4

[PATCH 3.19.y-ckt 021/170] EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr()

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Dan Carpenter 

commit 6f3508f61c814ee852c199988a62bd954c50dfc1 upstream.

dct_sel_base_off is declared as a u64 but we're only using the lower 32
bits because of a shift wrapping bug. This can possibly truncate the
upper 16 bits of DctSelBaseOffset[47:26], causing us to misdecode the CS
row.

Fixes: c8e518d5673d ('amd64_edac: Sanitize f10_get_base_addr_offset')
Signed-off-by: Dan Carpenter 
Cc: Aravind Gopalakrishnan 
Cc: linux-edac 
Link: http://lkml.kernel.org/r/20160120095451.GB19898@mwanda
Signed-off-by: Borislav Petkov 
Signed-off-by: Kamal Mostafa 
---
 drivers/edac/amd64_edac.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c
index 5907c17..a3e482e 100644
--- a/drivers/edac/amd64_edac.c
+++ b/drivers/edac/amd64_edac.c
@@ -1434,7 +1434,7 @@ static u64 f1x_get_norm_dct_addr(struct amd64_pvt *pvt, 
u8 range,
u64 chan_off;
u64 dram_base   = get_dram_base(pvt, range);
u64 hole_off= f10_dhar_offset(pvt);
-   u64 dct_sel_base_off= (pvt->dct_sel_hi & 0xFC00) << 16;
+   u64 dct_sel_base_off= (u64)(pvt->dct_sel_hi & 0xFC00) << 16;
 
if (hi_rng) {
/*
-- 
2.7.4

[PATCH 3.19.y-ckt 025/170] [media] pwc: Add USB id for Philips Spc880nc webcam

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Hans de Goede 

commit 7445e45d19a09e5269dc85f17f9635be29d2f76c upstream.

SPC 880NC PC camera discussions:
http://www.pclinuxos.com/forum/index.php/topic,135688.0.html

Reported-by: Kikim 
Signed-off-by: Hans de Goede 
Signed-off-by: Mauro Carvalho Chehab 
Signed-off-by: Kamal Mostafa 
---
 drivers/media/usb/pwc/pwc-if.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/drivers/media/usb/pwc/pwc-if.c b/drivers/media/usb/pwc/pwc-if.c
index 15b754d..f330926 100644
--- a/drivers/media/usb/pwc/pwc-if.c
+++ b/drivers/media/usb/pwc/pwc-if.c
@@ -91,6 +91,7 @@ static const struct usb_device_id pwc_device_table [] = {
{ USB_DEVICE(0x0471, 0x0312) },
{ USB_DEVICE(0x0471, 0x0313) }, /* the 'new' 720K */
{ USB_DEVICE(0x0471, 0x0329) }, /* Philips SPC 900NC PC Camera */
+   { USB_DEVICE(0x0471, 0x032C) }, /* Philips SPC 880NC PC Camera */
{ USB_DEVICE(0x069A, 0x0001) }, /* Askey */
{ USB_DEVICE(0x046D, 0x08B0) }, /* Logitech QuickCam Pro 3000 */
{ USB_DEVICE(0x046D, 0x08B1) }, /* Logitech QuickCam Notebook Pro */
@@ -799,6 +800,11 @@ static int usb_pwc_probe(struct usb_interface *intf, const 
struct usb_device_id
name = "Philips SPC 900NC webcam";
type_id = 740;
break;
+   case 0x032C:
+   PWC_INFO("Philips SPC 880NC USB webcam detected.\n");
+   name = "Philips SPC 880NC webcam";
+   type_id = 740;
+   break;
default:
return -ENODEV;
break;
-- 
2.7.4

[PATCH 3.19.y-ckt 024/170] [media] media: v4l2-compat-ioctl32: fix missing length copy in put_v4l2_buffer32

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Tiffany Lin 

commit 7df5ab8774aa383c6d2bff00688d004585d96dfd upstream.

In v4l2-compliance utility, test QUERYBUF required correct length
value to go through each planar to check planar's length in
multi-planar buffer type

Signed-off-by: Tiffany Lin 
Reviewed-by: Laurent Pinchart 
Signed-off-by: Hans Verkuil 
Signed-off-by: Mauro Carvalho Chehab 
Signed-off-by: Kamal Mostafa 
---
 drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 21 -
 1 file changed, 8 insertions(+), 13 deletions(-)

diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c 
b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
index 788b31c..73138a3 100644
--- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
+++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
@@ -394,7 +394,8 @@ static int get_v4l2_buffer32(struct v4l2_buffer *kp, struct 
v4l2_buffer32 __user
get_user(kp->index, >index) ||
get_user(kp->type, >type) ||
get_user(kp->flags, >flags) ||
-   get_user(kp->memory, >memory))
+   get_user(kp->memory, >memory) ||
+   get_user(kp->length, >length))
return -EFAULT;
 
if (V4L2_TYPE_IS_OUTPUT(kp->type))
@@ -406,9 +407,6 @@ static int get_v4l2_buffer32(struct v4l2_buffer *kp, struct 
v4l2_buffer32 __user
return -EFAULT;
 
if (V4L2_TYPE_IS_MULTIPLANAR(kp->type)) {
-   if (get_user(kp->length, >length))
-   return -EFAULT;
-
num_planes = kp->length;
if (num_planes == 0) {
kp->m.planes = NULL;
@@ -441,16 +439,14 @@ static int get_v4l2_buffer32(struct v4l2_buffer *kp, 
struct v4l2_buffer32 __user
} else {
switch (kp->memory) {
case V4L2_MEMORY_MMAP:
-   if (get_user(kp->length, >length) ||
-   get_user(kp->m.offset, >m.offset))
+   if (get_user(kp->m.offset, >m.offset))
return -EFAULT;
break;
case V4L2_MEMORY_USERPTR:
{
compat_long_t tmp;
 
-   if (get_user(kp->length, >length) ||
-   get_user(tmp, >m.userptr))
+   if (get_user(tmp, >m.userptr))
return -EFAULT;
 
kp->m.userptr = (unsigned long)compat_ptr(tmp);
@@ -492,7 +488,8 @@ static int put_v4l2_buffer32(struct v4l2_buffer *kp, struct 
v4l2_buffer32 __user
copy_to_user(>timecode, >timecode, sizeof(struct 
v4l2_timecode)) ||
put_user(kp->sequence, >sequence) ||
put_user(kp->reserved2, >reserved2) ||
-   put_user(kp->reserved, >reserved))
+   put_user(kp->reserved, >reserved) ||
+   put_user(kp->length, >length))
return -EFAULT;
 
if (V4L2_TYPE_IS_MULTIPLANAR(kp->type)) {
@@ -515,13 +512,11 @@ static int put_v4l2_buffer32(struct v4l2_buffer *kp, 
struct v4l2_buffer32 __user
} else {
switch (kp->memory) {
case V4L2_MEMORY_MMAP:
-   if (put_user(kp->length, >length) ||
-   put_user(kp->m.offset, >m.offset))
+   if (put_user(kp->m.offset, >m.offset))
return -EFAULT;
break;
case V4L2_MEMORY_USERPTR:
-   if (put_user(kp->length, >length) ||
-   put_user(kp->m.userptr, >m.userptr))
+   if (put_user(kp->m.userptr, >m.userptr))
return -EFAULT;
break;
case V4L2_MEMORY_OVERLAY:
-- 
2.7.4

[PATCH 3.19.y-ckt 023/170] tty: Fix GPF in flush_to_ldisc(), part 2

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Peter Hurley 

commit f33798deecbd59a2955f40ac0ae2bc7dff54c069 upstream.

commit 9ce119f318ba ("tty: Fix GPF in flush_to_ldisc()") fixed a
GPF caused by a line discipline which does not define a receive_buf()
method.

However, the vt driver (and speakup driver also) pushes selection
data directly to the line discipline receive_buf() method via
tty_ldisc_receive_buf(). Fix the same problem in tty_ldisc_receive_buf().

Signed-off-by: Peter Hurley 
Signed-off-by: Greg Kroah-Hartman 
Signed-off-by: Kamal Mostafa 
---
 include/linux/tty.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/linux/tty.h b/include/linux/tty.h
index 8716524..05cfdfe 100644
--- a/include/linux/tty.h
+++ b/include/linux/tty.h
@@ -568,7 +568,7 @@ static inline int tty_ldisc_receive_buf(struct tty_ldisc 
*ld, unsigned char *p,
count = ld->ops->receive_buf2(ld->tty, p, f, count);
else {
count = min_t(int, count, ld->tty->receive_room);
-   if (count)
+   if (count && ld->ops->receive_buf)
ld->ops->receive_buf(ld->tty, p, f, count);
}
return count;
-- 
2.7.4

[PATCH 3.19.y-ckt 026/170] crypto: ccp - Limit the amount of information exported

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Tom Lendacky 

commit d1662165ae612ec8b5f94a6b07e65ea58b6dce34 upstream.

Since the exported information can be exposed to user-space, instead of
exporting the entire request context only export the minimum information
needed.

Signed-off-by: Tom Lendacky 
Signed-off-by: Herbert Xu 
Signed-off-by: Kamal Mostafa 
---
 drivers/crypto/ccp/ccp-crypto-aes-cmac.c | 16 +++-
 drivers/crypto/ccp/ccp-crypto-sha.c  | 20 +++-
 drivers/crypto/ccp/ccp-crypto.h  | 22 ++
 3 files changed, 48 insertions(+), 10 deletions(-)

diff --git a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c 
b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
index 504d6da..9d12fd4 100644
--- a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
+++ b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
@@ -204,9 +204,12 @@ static int ccp_aes_cmac_digest(struct ahash_request *req)
 static int ccp_aes_cmac_export(struct ahash_request *req, void *out)
 {
struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
-   struct ccp_aes_cmac_req_ctx *state = out;
+   struct ccp_aes_cmac_exp_ctx *state = out;
 
-   *state = *rctx;
+   state->null_msg = rctx->null_msg;
+   memcpy(state->iv, rctx->iv, sizeof(state->iv));
+   state->buf_count = rctx->buf_count;
+   memcpy(state->buf, rctx->buf, sizeof(state->buf));
 
return 0;
 }
@@ -214,9 +217,12 @@ static int ccp_aes_cmac_export(struct ahash_request *req, 
void *out)
 static int ccp_aes_cmac_import(struct ahash_request *req, const void *in)
 {
struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
-   const struct ccp_aes_cmac_req_ctx *state = in;
+   const struct ccp_aes_cmac_exp_ctx *state = in;
 
-   *rctx = *state;
+   rctx->null_msg = state->null_msg;
+   memcpy(rctx->iv, state->iv, sizeof(rctx->iv));
+   rctx->buf_count = state->buf_count;
+   memcpy(rctx->buf, state->buf, sizeof(rctx->buf));
 
return 0;
 }
@@ -358,7 +364,7 @@ int ccp_register_aes_cmac_algs(struct list_head *head)
 
halg = >halg;
halg->digestsize = AES_BLOCK_SIZE;
-   halg->statesize = sizeof(struct ccp_aes_cmac_req_ctx);
+   halg->statesize = sizeof(struct ccp_aes_cmac_exp_ctx);
 
base = >base;
snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "cmac(aes)");
diff --git a/drivers/crypto/ccp/ccp-crypto-sha.c 
b/drivers/crypto/ccp/ccp-crypto-sha.c
index 33e52f0..b934db9 100644
--- a/drivers/crypto/ccp/ccp-crypto-sha.c
+++ b/drivers/crypto/ccp/ccp-crypto-sha.c
@@ -196,9 +196,14 @@ static int ccp_sha_digest(struct ahash_request *req)
 static int ccp_sha_export(struct ahash_request *req, void *out)
 {
struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
-   struct ccp_sha_req_ctx *state = out;
+   struct ccp_sha_exp_ctx *state = out;
 
-   *state = *rctx;
+   state->type = rctx->type;
+   state->msg_bits = rctx->msg_bits;
+   state->first = rctx->first;
+   memcpy(state->ctx, rctx->ctx, sizeof(state->ctx));
+   state->buf_count = rctx->buf_count;
+   memcpy(state->buf, rctx->buf, sizeof(state->buf));
 
return 0;
 }
@@ -206,9 +211,14 @@ static int ccp_sha_export(struct ahash_request *req, void 
*out)
 static int ccp_sha_import(struct ahash_request *req, const void *in)
 {
struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
-   const struct ccp_sha_req_ctx *state = in;
+   const struct ccp_sha_exp_ctx *state = in;
 
-   *rctx = *state;
+   rctx->type = state->type;
+   rctx->msg_bits = state->msg_bits;
+   rctx->first = state->first;
+   memcpy(rctx->ctx, state->ctx, sizeof(rctx->ctx));
+   rctx->buf_count = state->buf_count;
+   memcpy(rctx->buf, state->buf, sizeof(rctx->buf));
 
return 0;
 }
@@ -413,7 +423,7 @@ static int ccp_register_sha_alg(struct list_head *head,
 
halg = >halg;
halg->digestsize = def->digest_size;
-   halg->statesize = sizeof(struct ccp_sha_req_ctx);
+   halg->statesize = sizeof(struct ccp_sha_exp_ctx);
 
base = >base;
snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "%s", def->name);
diff --git a/drivers/crypto/ccp/ccp-crypto.h b/drivers/crypto/ccp/ccp-crypto.h
index 9aa4ae1..7a0bb029 100644
--- a/drivers/crypto/ccp/ccp-crypto.h
+++ b/drivers/crypto/ccp/ccp-crypto.h
@@ -132,6 +132,15 @@ struct ccp_aes_cmac_req_ctx {
struct ccp_cmd cmd;
 };
 
+struct ccp_aes_cmac_exp_ctx {
+   unsigned int null_msg;
+
+   u8 iv[AES_BLOCK_SIZE];
+
+   unsigned int buf_count;
+   u8 buf[AES_BLOCK_SIZE];
+};
+
 /* SHA related defines */
 #define MAX_SHA_CONTEXT_SIZE   SHA256_DIGEST_SIZE
 #define MAX_SHA_BLOCK_SIZE SHA256_BLOCK_SIZE
@@ -174,6 +183,19 @@ 

[PATCH 3.19.y-ckt 026/170] crypto: ccp - Limit the amount of information exported

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Tom Lendacky 

commit d1662165ae612ec8b5f94a6b07e65ea58b6dce34 upstream.

Since the exported information can be exposed to user-space, instead of
exporting the entire request context only export the minimum information
needed.

Signed-off-by: Tom Lendacky 
Signed-off-by: Herbert Xu 
Signed-off-by: Kamal Mostafa 
---
 drivers/crypto/ccp/ccp-crypto-aes-cmac.c | 16 +++-
 drivers/crypto/ccp/ccp-crypto-sha.c  | 20 +++-
 drivers/crypto/ccp/ccp-crypto.h  | 22 ++
 3 files changed, 48 insertions(+), 10 deletions(-)

diff --git a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c 
b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
index 504d6da..9d12fd4 100644
--- a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
+++ b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
@@ -204,9 +204,12 @@ static int ccp_aes_cmac_digest(struct ahash_request *req)
 static int ccp_aes_cmac_export(struct ahash_request *req, void *out)
 {
struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
-   struct ccp_aes_cmac_req_ctx *state = out;
+   struct ccp_aes_cmac_exp_ctx *state = out;
 
-   *state = *rctx;
+   state->null_msg = rctx->null_msg;
+   memcpy(state->iv, rctx->iv, sizeof(state->iv));
+   state->buf_count = rctx->buf_count;
+   memcpy(state->buf, rctx->buf, sizeof(state->buf));
 
return 0;
 }
@@ -214,9 +217,12 @@ static int ccp_aes_cmac_export(struct ahash_request *req, 
void *out)
 static int ccp_aes_cmac_import(struct ahash_request *req, const void *in)
 {
struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
-   const struct ccp_aes_cmac_req_ctx *state = in;
+   const struct ccp_aes_cmac_exp_ctx *state = in;
 
-   *rctx = *state;
+   rctx->null_msg = state->null_msg;
+   memcpy(rctx->iv, state->iv, sizeof(rctx->iv));
+   rctx->buf_count = state->buf_count;
+   memcpy(rctx->buf, state->buf, sizeof(rctx->buf));
 
return 0;
 }
@@ -358,7 +364,7 @@ int ccp_register_aes_cmac_algs(struct list_head *head)
 
halg = >halg;
halg->digestsize = AES_BLOCK_SIZE;
-   halg->statesize = sizeof(struct ccp_aes_cmac_req_ctx);
+   halg->statesize = sizeof(struct ccp_aes_cmac_exp_ctx);
 
base = >base;
snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "cmac(aes)");
diff --git a/drivers/crypto/ccp/ccp-crypto-sha.c 
b/drivers/crypto/ccp/ccp-crypto-sha.c
index 33e52f0..b934db9 100644
--- a/drivers/crypto/ccp/ccp-crypto-sha.c
+++ b/drivers/crypto/ccp/ccp-crypto-sha.c
@@ -196,9 +196,14 @@ static int ccp_sha_digest(struct ahash_request *req)
 static int ccp_sha_export(struct ahash_request *req, void *out)
 {
struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
-   struct ccp_sha_req_ctx *state = out;
+   struct ccp_sha_exp_ctx *state = out;
 
-   *state = *rctx;
+   state->type = rctx->type;
+   state->msg_bits = rctx->msg_bits;
+   state->first = rctx->first;
+   memcpy(state->ctx, rctx->ctx, sizeof(state->ctx));
+   state->buf_count = rctx->buf_count;
+   memcpy(state->buf, rctx->buf, sizeof(state->buf));
 
return 0;
 }
@@ -206,9 +211,14 @@ static int ccp_sha_export(struct ahash_request *req, void 
*out)
 static int ccp_sha_import(struct ahash_request *req, const void *in)
 {
struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
-   const struct ccp_sha_req_ctx *state = in;
+   const struct ccp_sha_exp_ctx *state = in;
 
-   *rctx = *state;
+   rctx->type = state->type;
+   rctx->msg_bits = state->msg_bits;
+   rctx->first = state->first;
+   memcpy(rctx->ctx, state->ctx, sizeof(rctx->ctx));
+   rctx->buf_count = state->buf_count;
+   memcpy(rctx->buf, state->buf, sizeof(rctx->buf));
 
return 0;
 }
@@ -413,7 +423,7 @@ static int ccp_register_sha_alg(struct list_head *head,
 
halg = >halg;
halg->digestsize = def->digest_size;
-   halg->statesize = sizeof(struct ccp_sha_req_ctx);
+   halg->statesize = sizeof(struct ccp_sha_exp_ctx);
 
base = >base;
snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "%s", def->name);
diff --git a/drivers/crypto/ccp/ccp-crypto.h b/drivers/crypto/ccp/ccp-crypto.h
index 9aa4ae1..7a0bb029 100644
--- a/drivers/crypto/ccp/ccp-crypto.h
+++ b/drivers/crypto/ccp/ccp-crypto.h
@@ -132,6 +132,15 @@ struct ccp_aes_cmac_req_ctx {
struct ccp_cmd cmd;
 };
 
+struct ccp_aes_cmac_exp_ctx {
+   unsigned int null_msg;
+
+   u8 iv[AES_BLOCK_SIZE];
+
+   unsigned int buf_count;
+   u8 buf[AES_BLOCK_SIZE];
+};
+
 /* SHA related defines */
 #define MAX_SHA_CONTEXT_SIZE   SHA256_DIGEST_SIZE
 #define MAX_SHA_BLOCK_SIZE SHA256_BLOCK_SIZE
@@ -174,6 +183,19 @@ struct ccp_sha_req_ctx {
struct ccp_cmd cmd;
 };
 
+struct ccp_sha_exp_ctx {
+   enum 

[PATCH 3.19.y-ckt 019/170] cpu: Provide smpboot_thread_init() on !CONFIG_SMP kernels as well

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Ingo Molnar 

commit 590ee7dbd569a012df705a5204fc5f1066f52b8c upstream.

Now that we are using smpboot_thread_init() in init/main.c as well,
provide it for !CONFIG_SMP as well.

This addresses a !CONFIG_SMP build failure.

Cc: Paul E. McKenney 
Cc: Borislav Petkov 
Cc: Andrew Morton 
Cc: Linus Torvalds 
Cc: Peter Zijlstra 
Cc: Thomas Gleixner 
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar 
Signed-off-by: Kamal Mostafa 
---
 include/linux/cpu.h | 4 
 1 file changed, 4 insertions(+)

diff --git a/include/linux/cpu.h b/include/linux/cpu.h
index f1b8f4a..5bc8280 100644
--- a/include/linux/cpu.h
+++ b/include/linux/cpu.h
@@ -210,6 +210,10 @@ static inline void cpu_notifier_register_done(void)
 {
 }
 
+static inline void smpboot_thread_init(void)
+{
+}
+
 #endif /* CONFIG_SMP */
 extern struct bus_type cpu_subsys;
 
-- 
2.7.4

[PATCH 3.19.y-ckt 030/170] staging: comedi: ni_tiocmd: change mistaken use of start_src for start_arg

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: "Spencer E. Olson" 

commit 1fd24a4702d2af0ea4d5845126cf57d4d1796216 upstream.

This fixes a bug in function ni_tio_input_inttrig().  The trigger number
should be compared to cmd->start_arg, not cmd->start_src.

Fixes: 6a760394d7eb ("staging: comedi: ni_tiocmd: clarify the cmd->start_arg 
validation and use")
Signed-off-by: Spencer E. Olson 
Reviewed-by: Ian Abbott 
Signed-off-by: Greg Kroah-Hartman 
Signed-off-by: Kamal Mostafa 
---
 drivers/staging/comedi/drivers/ni_tiocmd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/comedi/drivers/ni_tiocmd.c 
b/drivers/staging/comedi/drivers/ni_tiocmd.c
index 6037bec..a0a43bf 100644
--- a/drivers/staging/comedi/drivers/ni_tiocmd.c
+++ b/drivers/staging/comedi/drivers/ni_tiocmd.c
@@ -94,7 +94,7 @@ static int ni_tio_input_inttrig(struct comedi_device *dev,
unsigned long flags;
int ret = 0;
 
-   if (trig_num != cmd->start_src)
+   if (trig_num != cmd->start_arg)
return -EINVAL;
 
spin_lock_irqsave(>lock, flags);
-- 
2.7.4

[PATCH 3.19.y-ckt 030/170] staging: comedi: ni_tiocmd: change mistaken use of start_src for start_arg

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: "Spencer E. Olson" 

commit 1fd24a4702d2af0ea4d5845126cf57d4d1796216 upstream.

This fixes a bug in function ni_tio_input_inttrig().  The trigger number
should be compared to cmd->start_arg, not cmd->start_src.

Fixes: 6a760394d7eb ("staging: comedi: ni_tiocmd: clarify the cmd->start_arg 
validation and use")
Signed-off-by: Spencer E. Olson 
Reviewed-by: Ian Abbott 
Signed-off-by: Greg Kroah-Hartman 
Signed-off-by: Kamal Mostafa 
---
 drivers/staging/comedi/drivers/ni_tiocmd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/comedi/drivers/ni_tiocmd.c 
b/drivers/staging/comedi/drivers/ni_tiocmd.c
index 6037bec..a0a43bf 100644
--- a/drivers/staging/comedi/drivers/ni_tiocmd.c
+++ b/drivers/staging/comedi/drivers/ni_tiocmd.c
@@ -94,7 +94,7 @@ static int ni_tio_input_inttrig(struct comedi_device *dev,
unsigned long flags;
int ret = 0;
 
-   if (trig_num != cmd->start_src)
+   if (trig_num != cmd->start_arg)
return -EINVAL;
 
spin_lock_irqsave(>lock, flags);
-- 
2.7.4

[PATCH 3.19.y-ckt 019/170] cpu: Provide smpboot_thread_init() on !CONFIG_SMP kernels as well

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Ingo Molnar 

commit 590ee7dbd569a012df705a5204fc5f1066f52b8c upstream.

Now that we are using smpboot_thread_init() in init/main.c as well,
provide it for !CONFIG_SMP as well.

This addresses a !CONFIG_SMP build failure.

Cc: Paul E. McKenney 
Cc: Borislav Petkov 
Cc: Andrew Morton 
Cc: Linus Torvalds 
Cc: Peter Zijlstra 
Cc: Thomas Gleixner 
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar 
Signed-off-by: Kamal Mostafa 
---
 include/linux/cpu.h | 4 
 1 file changed, 4 insertions(+)

diff --git a/include/linux/cpu.h b/include/linux/cpu.h
index f1b8f4a..5bc8280 100644
--- a/include/linux/cpu.h
+++ b/include/linux/cpu.h
@@ -210,6 +210,10 @@ static inline void cpu_notifier_register_done(void)
 {
 }
 
+static inline void smpboot_thread_init(void)
+{
+}
+
 #endif /* CONFIG_SMP */
 extern struct bus_type cpu_subsys;
 
-- 
2.7.4

[PATCH 3.19.y-ckt 032/170] ARM: dts: armada-375: use armada-370-sata for SATA

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Lior Amsalem 

commit b3a7f31eb7375633cd6a742f19488fc5a4208b36 upstream.

The Armada 375 has the same SATA IP as Armada 370 and Armada XP, which
requires the PHY speed to be set in the LP_PHY_CTL register for SATA
hotplug to work.

Therefore, this commit updates the compatible string used to describe
the SATA IP in Armada 375 from marvell,orion-sata to
marvell,armada-370-sata.

Fixes: 4de59085091f753d08c8429d756b46756ab94665 ("ARM: mvebu: add Device Tree 
description of the Armada 375 SoC")
Signed-off-by: Lior Amsalem 
Signed-off-by: Thomas Petazzoni 
Reviewed-by: Andrew Lunn 
Signed-off-by: Gregory CLEMENT 
Signed-off-by: Kamal Mostafa 
---
 arch/arm/boot/dts/armada-375.dtsi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm/boot/dts/armada-375.dtsi 
b/arch/arm/boot/dts/armada-375.dtsi
index 50096d3..45d7534 100644
--- a/arch/arm/boot/dts/armada-375.dtsi
+++ b/arch/arm/boot/dts/armada-375.dtsi
@@ -469,7 +469,7 @@
};
 
sata@a {
-   compatible = "marvell,orion-sata";
+   compatible = "marvell,armada-370-sata";
reg = <0xa 0x5000>;
interrupts = ;
clocks = < 14>, < 20>;
-- 
2.7.4

[PATCH 3.19.y-ckt 027/170] crypto: ccp - Don't assume export/import areas are aligned

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Tom Lendacky 

commit b31dde2a5cb1bf764282abf934266b7193c2bc7c upstream.

Use a local variable for the exported and imported state so that
alignment is not an issue. On export, set a local variable from the
request context and then memcpy the contents of the local variable to
the export memory area. On import, memcpy the import memory area into
a local variable and then use the local variable to set the request
context.

Signed-off-by: Tom Lendacky 
Signed-off-by: Herbert Xu 
Signed-off-by: Kamal Mostafa 
---
 drivers/crypto/ccp/ccp-crypto-aes-cmac.c | 26 ++-
 drivers/crypto/ccp/ccp-crypto-sha.c  | 36 +++-
 2 files changed, 37 insertions(+), 25 deletions(-)

diff --git a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c 
b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
index 9d12fd4..bc19c1e 100644
--- a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
+++ b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
@@ -204,12 +204,15 @@ static int ccp_aes_cmac_digest(struct ahash_request *req)
 static int ccp_aes_cmac_export(struct ahash_request *req, void *out)
 {
struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
-   struct ccp_aes_cmac_exp_ctx *state = out;
+   struct ccp_aes_cmac_exp_ctx state;
 
-   state->null_msg = rctx->null_msg;
-   memcpy(state->iv, rctx->iv, sizeof(state->iv));
-   state->buf_count = rctx->buf_count;
-   memcpy(state->buf, rctx->buf, sizeof(state->buf));
+   state.null_msg = rctx->null_msg;
+   memcpy(state.iv, rctx->iv, sizeof(state.iv));
+   state.buf_count = rctx->buf_count;
+   memcpy(state.buf, rctx->buf, sizeof(state.buf));
+
+   /* 'out' may not be aligned so memcpy from local variable */
+   memcpy(out, , sizeof(state));
 
return 0;
 }
@@ -217,12 +220,15 @@ static int ccp_aes_cmac_export(struct ahash_request *req, 
void *out)
 static int ccp_aes_cmac_import(struct ahash_request *req, const void *in)
 {
struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
-   const struct ccp_aes_cmac_exp_ctx *state = in;
+   struct ccp_aes_cmac_exp_ctx state;
+
+   /* 'in' may not be aligned so memcpy to local variable */
+   memcpy(, in, sizeof(state));
 
-   rctx->null_msg = state->null_msg;
-   memcpy(rctx->iv, state->iv, sizeof(rctx->iv));
-   rctx->buf_count = state->buf_count;
-   memcpy(rctx->buf, state->buf, sizeof(rctx->buf));
+   rctx->null_msg = state.null_msg;
+   memcpy(rctx->iv, state.iv, sizeof(rctx->iv));
+   rctx->buf_count = state.buf_count;
+   memcpy(rctx->buf, state.buf, sizeof(rctx->buf));
 
return 0;
 }
diff --git a/drivers/crypto/ccp/ccp-crypto-sha.c 
b/drivers/crypto/ccp/ccp-crypto-sha.c
index b934db9..db6ebd9 100644
--- a/drivers/crypto/ccp/ccp-crypto-sha.c
+++ b/drivers/crypto/ccp/ccp-crypto-sha.c
@@ -196,14 +196,17 @@ static int ccp_sha_digest(struct ahash_request *req)
 static int ccp_sha_export(struct ahash_request *req, void *out)
 {
struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
-   struct ccp_sha_exp_ctx *state = out;
+   struct ccp_sha_exp_ctx state;
 
-   state->type = rctx->type;
-   state->msg_bits = rctx->msg_bits;
-   state->first = rctx->first;
-   memcpy(state->ctx, rctx->ctx, sizeof(state->ctx));
-   state->buf_count = rctx->buf_count;
-   memcpy(state->buf, rctx->buf, sizeof(state->buf));
+   state.type = rctx->type;
+   state.msg_bits = rctx->msg_bits;
+   state.first = rctx->first;
+   memcpy(state.ctx, rctx->ctx, sizeof(state.ctx));
+   state.buf_count = rctx->buf_count;
+   memcpy(state.buf, rctx->buf, sizeof(state.buf));
+
+   /* 'out' may not be aligned so memcpy from local variable */
+   memcpy(out, , sizeof(state));
 
return 0;
 }
@@ -211,14 +214,17 @@ static int ccp_sha_export(struct ahash_request *req, void 
*out)
 static int ccp_sha_import(struct ahash_request *req, const void *in)
 {
struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
-   const struct ccp_sha_exp_ctx *state = in;
-
-   rctx->type = state->type;
-   rctx->msg_bits = state->msg_bits;
-   rctx->first = state->first;
-   memcpy(rctx->ctx, state->ctx, sizeof(rctx->ctx));
-   rctx->buf_count = state->buf_count;
-   memcpy(rctx->buf, state->buf, sizeof(rctx->buf));
+   struct ccp_sha_exp_ctx state;
+
+   /* 'in' may not be aligned so memcpy to local variable */
+   memcpy(, in, sizeof(state));
+
+   rctx->type = state.type;
+   rctx->msg_bits = state.msg_bits;
+   rctx->first = state.first;
+   memcpy(rctx->ctx, state.ctx, sizeof(rctx->ctx));
+   rctx->buf_count = state.buf_count;
+   memcpy(rctx->buf, 

[PATCH 3.19.y-ckt 034/170] HID: fix hid_ignore_special_drivers module parameter

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Benjamin Tissoires 

commit 4392bf88cabdad5afe5b152d7b9c318e upstream.

hid_ignore_special_drivers works fine until hid_scan_report autodetects and
reassign devices (for hid-multitouch, hid-microsoft and hid-rmi).

Simplify the handling of the parameter: if it is there, use hid-generic, no
matter what, and if not, scan the device or rely on the hid_have_special_driver
table.

This was detected while trying to disable hid-multitouch on a Surface Pro cover
which prevented to use the keyboard.

Signed-off-by: Benjamin Tissoires 
Signed-off-by: Jiri Kosina 
Signed-off-by: Kamal Mostafa 
---
 drivers/hid/hid-core.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
index d7d965f..53f3ad2 100644
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -2540,9 +2540,10 @@ int hid_add_device(struct hid_device *hdev)
/*
 * Scan generic devices for group information
 */
-   if (hid_ignore_special_drivers ||
-   (!hdev->group &&
-!hid_match_id(hdev, hid_have_special_driver))) {
+   if (hid_ignore_special_drivers) {
+   hdev->group = HID_GROUP_GENERIC;
+   } else if (!hdev->group &&
+  !hid_match_id(hdev, hid_have_special_driver)) {
ret = hid_scan_report(hdev);
if (ret)
hid_warn(hdev, "bad device descriptor (%d)\n", ret);
-- 
2.7.4

[PATCH 3.19.y-ckt 029/170] net: irda: Fix use-after-free in irtty_open()

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Peter Hurley 

commit 401879c57f01cbf2da204ad2e8db910525c6dbea upstream.

The N_IRDA line discipline may access the previous line discipline's closed
and already-fre private data on open [1].

The tty->disc_data field _never_ refers to valid data on entry to the
line discipline's open() method. Rather, the ldisc is expected to
initialize that field for its own use for the lifetime of the instance
(ie. from open() to close() only).

[1]
==
BUG: KASAN: use-after-free in irtty_open+0x422/0x550 at addr 
8800331dd068
Read of size 4 by task a.out/13960

=
BUG kmalloc-512 (Tainted: GB  ): kasan: bad access detected

-
...
Call Trace:
 [] __asan_report_load4_noabort+0x3e/0x40 
mm/kasan/report.c:279
 [] irtty_open+0x422/0x550 
drivers/net/irda/irtty-sir.c:436
 [] tty_ldisc_open.isra.2+0x60/0xa0 
drivers/tty/tty_ldisc.c:447
 [] tty_set_ldisc+0x1a0/0x940 drivers/tty/tty_ldisc.c:567
 [< inline >] tiocsetd drivers/tty/tty_io.c:2650
 [] tty_ioctl+0xace/0x1fd0 drivers/tty/tty_io.c:2883
 [< inline >] vfs_ioctl fs/ioctl.c:43
 [] do_vfs_ioctl+0x57c/0xe60 fs/ioctl.c:607
 [< inline >] SYSC_ioctl fs/ioctl.c:622
 [] SyS_ioctl+0x74/0x80 fs/ioctl.c:613
 [] entry_SYSCALL_64_fastpath+0x16/0x7a

Reported-and-tested-by: Dmitry Vyukov 
Signed-off-by: Peter Hurley 
Signed-off-by: Greg Kroah-Hartman 
Signed-off-by: Kamal Mostafa 
---
 drivers/net/irda/irtty-sir.c | 10 --
 1 file changed, 10 deletions(-)

diff --git a/drivers/net/irda/irtty-sir.c b/drivers/net/irda/irtty-sir.c
index 696852e..7a3f990 100644
--- a/drivers/net/irda/irtty-sir.c
+++ b/drivers/net/irda/irtty-sir.c
@@ -430,16 +430,6 @@ static int irtty_open(struct tty_struct *tty)
 
/* Module stuff handled via irda_ldisc.owner - Jean II */
 
-   /* First make sure we're not already connected. */
-   if (tty->disc_data != NULL) {
-   priv = tty->disc_data;
-   if (priv && priv->magic == IRTTY_MAGIC) {
-   ret = -EEXIST;
-   goto out;
-   }
-   tty->disc_data = NULL;  /* ### */
-   }
-
/* stop the underlying  driver */
irtty_stop_receiver(tty, TRUE);
if (tty->ops->stop)
-- 
2.7.4

[PATCH 3.19.y-ckt 028/170] 8250: use callbacks to access UART_DLL/UART_DLM

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Sebastian Frias 

commit 0b41ce991052022c030fd868e03877700220b090 upstream.

Some UART HW has a single register combining UART_DLL/UART_DLM
(this was probably forgotten in the change that introduced the
callbacks, commit b32b19b8ffc05cbd3bf91c65e205f6a912ca15d9)

Fixes: b32b19b8ffc0 ("[SERIAL] 8250: set divisor register correctly ...")

Signed-off-by: Sebastian Frias 
Reviewed-by: Peter Hurley 
Signed-off-by: Greg Kroah-Hartman 
[ kamal: backport to 4.2-stable: applies to 8250_core.c ]
Signed-off-by: Kamal Mostafa 
---
 drivers/tty/serial/8250/8250_core.c | 18 ++
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/drivers/tty/serial/8250/8250_core.c 
b/drivers/tty/serial/8250/8250_core.c
index bacc588..2f2a9bb 100644
--- a/drivers/tty/serial/8250/8250_core.c
+++ b/drivers/tty/serial/8250/8250_core.c
@@ -751,22 +751,16 @@ static int size_fifo(struct uart_8250_port *up)
  */
 static unsigned int autoconfig_read_divisor_id(struct uart_8250_port *p)
 {
-   unsigned char old_dll, old_dlm, old_lcr;
-   unsigned int id;
+   unsigned char old_lcr;
+   unsigned int id, old_dl;
 
old_lcr = serial_in(p, UART_LCR);
serial_out(p, UART_LCR, UART_LCR_CONF_MODE_A);
+   old_dl = serial_dl_read(p);
+   serial_dl_write(p, 0);
+   id = serial_dl_read(p);
+   serial_dl_write(p, old_dl);
 
-   old_dll = serial_in(p, UART_DLL);
-   old_dlm = serial_in(p, UART_DLM);
-
-   serial_out(p, UART_DLL, 0);
-   serial_out(p, UART_DLM, 0);
-
-   id = serial_in(p, UART_DLL) | serial_in(p, UART_DLM) << 8;
-
-   serial_out(p, UART_DLL, old_dll);
-   serial_out(p, UART_DLM, old_dlm);
serial_out(p, UART_LCR, old_lcr);
 
return id;
-- 
2.7.4

[PATCH 3.19.y-ckt 027/170] crypto: ccp - Don't assume export/import areas are aligned

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Tom Lendacky 

commit b31dde2a5cb1bf764282abf934266b7193c2bc7c upstream.

Use a local variable for the exported and imported state so that
alignment is not an issue. On export, set a local variable from the
request context and then memcpy the contents of the local variable to
the export memory area. On import, memcpy the import memory area into
a local variable and then use the local variable to set the request
context.

Signed-off-by: Tom Lendacky 
Signed-off-by: Herbert Xu 
Signed-off-by: Kamal Mostafa 
---
 drivers/crypto/ccp/ccp-crypto-aes-cmac.c | 26 ++-
 drivers/crypto/ccp/ccp-crypto-sha.c  | 36 +++-
 2 files changed, 37 insertions(+), 25 deletions(-)

diff --git a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c 
b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
index 9d12fd4..bc19c1e 100644
--- a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
+++ b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
@@ -204,12 +204,15 @@ static int ccp_aes_cmac_digest(struct ahash_request *req)
 static int ccp_aes_cmac_export(struct ahash_request *req, void *out)
 {
struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
-   struct ccp_aes_cmac_exp_ctx *state = out;
+   struct ccp_aes_cmac_exp_ctx state;
 
-   state->null_msg = rctx->null_msg;
-   memcpy(state->iv, rctx->iv, sizeof(state->iv));
-   state->buf_count = rctx->buf_count;
-   memcpy(state->buf, rctx->buf, sizeof(state->buf));
+   state.null_msg = rctx->null_msg;
+   memcpy(state.iv, rctx->iv, sizeof(state.iv));
+   state.buf_count = rctx->buf_count;
+   memcpy(state.buf, rctx->buf, sizeof(state.buf));
+
+   /* 'out' may not be aligned so memcpy from local variable */
+   memcpy(out, , sizeof(state));
 
return 0;
 }
@@ -217,12 +220,15 @@ static int ccp_aes_cmac_export(struct ahash_request *req, 
void *out)
 static int ccp_aes_cmac_import(struct ahash_request *req, const void *in)
 {
struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
-   const struct ccp_aes_cmac_exp_ctx *state = in;
+   struct ccp_aes_cmac_exp_ctx state;
+
+   /* 'in' may not be aligned so memcpy to local variable */
+   memcpy(, in, sizeof(state));
 
-   rctx->null_msg = state->null_msg;
-   memcpy(rctx->iv, state->iv, sizeof(rctx->iv));
-   rctx->buf_count = state->buf_count;
-   memcpy(rctx->buf, state->buf, sizeof(rctx->buf));
+   rctx->null_msg = state.null_msg;
+   memcpy(rctx->iv, state.iv, sizeof(rctx->iv));
+   rctx->buf_count = state.buf_count;
+   memcpy(rctx->buf, state.buf, sizeof(rctx->buf));
 
return 0;
 }
diff --git a/drivers/crypto/ccp/ccp-crypto-sha.c 
b/drivers/crypto/ccp/ccp-crypto-sha.c
index b934db9..db6ebd9 100644
--- a/drivers/crypto/ccp/ccp-crypto-sha.c
+++ b/drivers/crypto/ccp/ccp-crypto-sha.c
@@ -196,14 +196,17 @@ static int ccp_sha_digest(struct ahash_request *req)
 static int ccp_sha_export(struct ahash_request *req, void *out)
 {
struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
-   struct ccp_sha_exp_ctx *state = out;
+   struct ccp_sha_exp_ctx state;
 
-   state->type = rctx->type;
-   state->msg_bits = rctx->msg_bits;
-   state->first = rctx->first;
-   memcpy(state->ctx, rctx->ctx, sizeof(state->ctx));
-   state->buf_count = rctx->buf_count;
-   memcpy(state->buf, rctx->buf, sizeof(state->buf));
+   state.type = rctx->type;
+   state.msg_bits = rctx->msg_bits;
+   state.first = rctx->first;
+   memcpy(state.ctx, rctx->ctx, sizeof(state.ctx));
+   state.buf_count = rctx->buf_count;
+   memcpy(state.buf, rctx->buf, sizeof(state.buf));
+
+   /* 'out' may not be aligned so memcpy from local variable */
+   memcpy(out, , sizeof(state));
 
return 0;
 }
@@ -211,14 +214,17 @@ static int ccp_sha_export(struct ahash_request *req, void 
*out)
 static int ccp_sha_import(struct ahash_request *req, const void *in)
 {
struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
-   const struct ccp_sha_exp_ctx *state = in;
-
-   rctx->type = state->type;
-   rctx->msg_bits = state->msg_bits;
-   rctx->first = state->first;
-   memcpy(rctx->ctx, state->ctx, sizeof(rctx->ctx));
-   rctx->buf_count = state->buf_count;
-   memcpy(rctx->buf, state->buf, sizeof(rctx->buf));
+   struct ccp_sha_exp_ctx state;
+
+   /* 'in' may not be aligned so memcpy to local variable */
+   memcpy(, in, sizeof(state));
+
+   rctx->type = state.type;
+   rctx->msg_bits = state.msg_bits;
+   rctx->first = state.first;
+   memcpy(rctx->ctx, state.ctx, sizeof(rctx->ctx));
+   rctx->buf_count = state.buf_count;
+   memcpy(rctx->buf, state.buf, sizeof(rctx->buf));
 
return 0;
 }
-- 
2.7.4

[PATCH 3.19.y-ckt 034/170] HID: fix hid_ignore_special_drivers module parameter

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Benjamin Tissoires 

commit 4392bf88cabdad5afe5b152d7b9c318e upstream.

hid_ignore_special_drivers works fine until hid_scan_report autodetects and
reassign devices (for hid-multitouch, hid-microsoft and hid-rmi).

Simplify the handling of the parameter: if it is there, use hid-generic, no
matter what, and if not, scan the device or rely on the hid_have_special_driver
table.

This was detected while trying to disable hid-multitouch on a Surface Pro cover
which prevented to use the keyboard.

Signed-off-by: Benjamin Tissoires 
Signed-off-by: Jiri Kosina 
Signed-off-by: Kamal Mostafa 
---
 drivers/hid/hid-core.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
index d7d965f..53f3ad2 100644
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -2540,9 +2540,10 @@ int hid_add_device(struct hid_device *hdev)
/*
 * Scan generic devices for group information
 */
-   if (hid_ignore_special_drivers ||
-   (!hdev->group &&
-!hid_match_id(hdev, hid_have_special_driver))) {
+   if (hid_ignore_special_drivers) {
+   hdev->group = HID_GROUP_GENERIC;
+   } else if (!hdev->group &&
+  !hid_match_id(hdev, hid_have_special_driver)) {
ret = hid_scan_report(hdev);
if (ret)
hid_warn(hdev, "bad device descriptor (%d)\n", ret);
-- 
2.7.4

[PATCH 3.19.y-ckt 029/170] net: irda: Fix use-after-free in irtty_open()

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Peter Hurley 

commit 401879c57f01cbf2da204ad2e8db910525c6dbea upstream.

The N_IRDA line discipline may access the previous line discipline's closed
and already-fre private data on open [1].

The tty->disc_data field _never_ refers to valid data on entry to the
line discipline's open() method. Rather, the ldisc is expected to
initialize that field for its own use for the lifetime of the instance
(ie. from open() to close() only).

[1]
==
BUG: KASAN: use-after-free in irtty_open+0x422/0x550 at addr 
8800331dd068
Read of size 4 by task a.out/13960

=
BUG kmalloc-512 (Tainted: GB  ): kasan: bad access detected

-
...
Call Trace:
 [] __asan_report_load4_noabort+0x3e/0x40 
mm/kasan/report.c:279
 [] irtty_open+0x422/0x550 
drivers/net/irda/irtty-sir.c:436
 [] tty_ldisc_open.isra.2+0x60/0xa0 
drivers/tty/tty_ldisc.c:447
 [] tty_set_ldisc+0x1a0/0x940 drivers/tty/tty_ldisc.c:567
 [< inline >] tiocsetd drivers/tty/tty_io.c:2650
 [] tty_ioctl+0xace/0x1fd0 drivers/tty/tty_io.c:2883
 [< inline >] vfs_ioctl fs/ioctl.c:43
 [] do_vfs_ioctl+0x57c/0xe60 fs/ioctl.c:607
 [< inline >] SYSC_ioctl fs/ioctl.c:622
 [] SyS_ioctl+0x74/0x80 fs/ioctl.c:613
 [] entry_SYSCALL_64_fastpath+0x16/0x7a

Reported-and-tested-by: Dmitry Vyukov 
Signed-off-by: Peter Hurley 
Signed-off-by: Greg Kroah-Hartman 
Signed-off-by: Kamal Mostafa 
---
 drivers/net/irda/irtty-sir.c | 10 --
 1 file changed, 10 deletions(-)

diff --git a/drivers/net/irda/irtty-sir.c b/drivers/net/irda/irtty-sir.c
index 696852e..7a3f990 100644
--- a/drivers/net/irda/irtty-sir.c
+++ b/drivers/net/irda/irtty-sir.c
@@ -430,16 +430,6 @@ static int irtty_open(struct tty_struct *tty)
 
/* Module stuff handled via irda_ldisc.owner - Jean II */
 
-   /* First make sure we're not already connected. */
-   if (tty->disc_data != NULL) {
-   priv = tty->disc_data;
-   if (priv && priv->magic == IRTTY_MAGIC) {
-   ret = -EEXIST;
-   goto out;
-   }
-   tty->disc_data = NULL;  /* ### */
-   }
-
/* stop the underlying  driver */
irtty_stop_receiver(tty, TRUE);
if (tty->ops->stop)
-- 
2.7.4

[PATCH 3.19.y-ckt 028/170] 8250: use callbacks to access UART_DLL/UART_DLM

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Sebastian Frias 

commit 0b41ce991052022c030fd868e03877700220b090 upstream.

Some UART HW has a single register combining UART_DLL/UART_DLM
(this was probably forgotten in the change that introduced the
callbacks, commit b32b19b8ffc05cbd3bf91c65e205f6a912ca15d9)

Fixes: b32b19b8ffc0 ("[SERIAL] 8250: set divisor register correctly ...")

Signed-off-by: Sebastian Frias 
Reviewed-by: Peter Hurley 
Signed-off-by: Greg Kroah-Hartman 
[ kamal: backport to 4.2-stable: applies to 8250_core.c ]
Signed-off-by: Kamal Mostafa 
---
 drivers/tty/serial/8250/8250_core.c | 18 ++
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/drivers/tty/serial/8250/8250_core.c 
b/drivers/tty/serial/8250/8250_core.c
index bacc588..2f2a9bb 100644
--- a/drivers/tty/serial/8250/8250_core.c
+++ b/drivers/tty/serial/8250/8250_core.c
@@ -751,22 +751,16 @@ static int size_fifo(struct uart_8250_port *up)
  */
 static unsigned int autoconfig_read_divisor_id(struct uart_8250_port *p)
 {
-   unsigned char old_dll, old_dlm, old_lcr;
-   unsigned int id;
+   unsigned char old_lcr;
+   unsigned int id, old_dl;
 
old_lcr = serial_in(p, UART_LCR);
serial_out(p, UART_LCR, UART_LCR_CONF_MODE_A);
+   old_dl = serial_dl_read(p);
+   serial_dl_write(p, 0);
+   id = serial_dl_read(p);
+   serial_dl_write(p, old_dl);
 
-   old_dll = serial_in(p, UART_DLL);
-   old_dlm = serial_in(p, UART_DLM);
-
-   serial_out(p, UART_DLL, 0);
-   serial_out(p, UART_DLM, 0);
-
-   id = serial_in(p, UART_DLL) | serial_in(p, UART_DLM) << 8;
-
-   serial_out(p, UART_DLL, old_dll);
-   serial_out(p, UART_DLM, old_dlm);
serial_out(p, UART_LCR, old_lcr);
 
return id;
-- 
2.7.4

[PATCH 3.19.y-ckt 032/170] ARM: dts: armada-375: use armada-370-sata for SATA

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Lior Amsalem 

commit b3a7f31eb7375633cd6a742f19488fc5a4208b36 upstream.

The Armada 375 has the same SATA IP as Armada 370 and Armada XP, which
requires the PHY speed to be set in the LP_PHY_CTL register for SATA
hotplug to work.

Therefore, this commit updates the compatible string used to describe
the SATA IP in Armada 375 from marvell,orion-sata to
marvell,armada-370-sata.

Fixes: 4de59085091f753d08c8429d756b46756ab94665 ("ARM: mvebu: add Device Tree 
description of the Armada 375 SoC")
Signed-off-by: Lior Amsalem 
Signed-off-by: Thomas Petazzoni 
Reviewed-by: Andrew Lunn 
Signed-off-by: Gregory CLEMENT 
Signed-off-by: Kamal Mostafa 
---
 arch/arm/boot/dts/armada-375.dtsi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm/boot/dts/armada-375.dtsi 
b/arch/arm/boot/dts/armada-375.dtsi
index 50096d3..45d7534 100644
--- a/arch/arm/boot/dts/armada-375.dtsi
+++ b/arch/arm/boot/dts/armada-375.dtsi
@@ -469,7 +469,7 @@
};
 
sata@a {
-   compatible = "marvell,orion-sata";
+   compatible = "marvell,armada-370-sata";
reg = <0xa 0x5000>;
interrupts = ;
clocks = < 14>, < 20>;
-- 
2.7.4

[PATCH 3.19.y-ckt 033/170] usb: retry reset if a device times out

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Oliver Neukum 

commit 264904ccc33c604d4b3141bbd33808152dfac45b upstream.

Some devices I got show an inability to operate right after
power on if they are already connected. They are beyond recovery
if the descriptors are requested multiple times. So in case of
a timeout we rather bail early and reset again. But it must be
done only on the first loop lest we get into a reset/time out
spiral that can be overcome with a retry.

This patch is a rework of a patch that fell through the cracks.
http://www.spinics.net/lists/linux-usb/msg103263.html

Signed-off-by: Oliver Neukum 
Signed-off-by: Greg Kroah-Hartman 
Signed-off-by: Kamal Mostafa 
---
 drivers/usb/core/hub.c | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index 5630198..61d8b51 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -4389,7 +4389,13 @@ hub_port_init (struct usb_hub *hub, struct usb_device 
*udev, int port1,
r = -EPROTO;
break;
}
-   if (r == 0)
+   /*
+* Some devices time out if they are powered on
+* when already connected. They need a second
+* reset. But only on the first attempt,
+* lest we get into a time out/reset loop
+*/
+   if (r == 0  || (r == -ETIMEDOUT && j == 0))
break;
}
udev->descriptor.bMaxPacketSize0 =
-- 
2.7.4

[PATCH 3.19.y-ckt 031/170] tools/hv: Use include/uapi with __EXPORTED_HEADERS__

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Kamal Mostafa 

commit 50fe6dd10069e7c062e27f29606f6e91ea979399 upstream.

Use the local uapi headers to keep in sync with "recently" added #define's
(e.g. VSS_OP_REGISTER1).

Fixes: 3eb2094c59e8 ("Adding makefile for tools/hv")
Signed-off-by: Kamal Mostafa 
Signed-off-by: K. Y. Srinivasan 
Signed-off-by: Greg Kroah-Hartman 
Signed-off-by: Kamal Mostafa 
---
 tools/hv/Makefile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tools/hv/Makefile b/tools/hv/Makefile
index bd22f78..dbd6248 100644
--- a/tools/hv/Makefile
+++ b/tools/hv/Makefile
@@ -5,6 +5,8 @@ PTHREAD_LIBS = -lpthread
 WARNINGS = -Wall -Wextra
 CFLAGS = $(WARNINGS) -g $(PTHREAD_LIBS)
 
+CFLAGS += -D__EXPORTED_HEADERS__ -I../../include/uapi -I../../include
+
 all: hv_kvp_daemon hv_vss_daemon
 %: %.c
$(CC) $(CFLAGS) -o $@ $^
-- 
2.7.4

[PATCH 3.19.y-ckt 033/170] usb: retry reset if a device times out

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Oliver Neukum 

commit 264904ccc33c604d4b3141bbd33808152dfac45b upstream.

Some devices I got show an inability to operate right after
power on if they are already connected. They are beyond recovery
if the descriptors are requested multiple times. So in case of
a timeout we rather bail early and reset again. But it must be
done only on the first loop lest we get into a reset/time out
spiral that can be overcome with a retry.

This patch is a rework of a patch that fell through the cracks.
http://www.spinics.net/lists/linux-usb/msg103263.html

Signed-off-by: Oliver Neukum 
Signed-off-by: Greg Kroah-Hartman 
Signed-off-by: Kamal Mostafa 
---
 drivers/usb/core/hub.c | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index 5630198..61d8b51 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -4389,7 +4389,13 @@ hub_port_init (struct usb_hub *hub, struct usb_device 
*udev, int port1,
r = -EPROTO;
break;
}
-   if (r == 0)
+   /*
+* Some devices time out if they are powered on
+* when already connected. They need a second
+* reset. But only on the first attempt,
+* lest we get into a time out/reset loop
+*/
+   if (r == 0  || (r == -ETIMEDOUT && j == 0))
break;
}
udev->descriptor.bMaxPacketSize0 =
-- 
2.7.4

[PATCH 3.19.y-ckt 031/170] tools/hv: Use include/uapi with __EXPORTED_HEADERS__

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Kamal Mostafa 

commit 50fe6dd10069e7c062e27f29606f6e91ea979399 upstream.

Use the local uapi headers to keep in sync with "recently" added #define's
(e.g. VSS_OP_REGISTER1).

Fixes: 3eb2094c59e8 ("Adding makefile for tools/hv")
Signed-off-by: Kamal Mostafa 
Signed-off-by: K. Y. Srinivasan 
Signed-off-by: Greg Kroah-Hartman 
Signed-off-by: Kamal Mostafa 
---
 tools/hv/Makefile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tools/hv/Makefile b/tools/hv/Makefile
index bd22f78..dbd6248 100644
--- a/tools/hv/Makefile
+++ b/tools/hv/Makefile
@@ -5,6 +5,8 @@ PTHREAD_LIBS = -lpthread
 WARNINGS = -Wall -Wextra
 CFLAGS = $(WARNINGS) -g $(PTHREAD_LIBS)
 
+CFLAGS += -D__EXPORTED_HEADERS__ -I../../include/uapi -I../../include
+
 all: hv_kvp_daemon hv_vss_daemon
 %: %.c
$(CC) $(CFLAGS) -o $@ $^
-- 
2.7.4

[PATCH 3.19.y-ckt 038/170] perf tools: Dont stop PMU parsing on alias parse error

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Andi Kleen 

commit 940db6dcd3f4659303fdf6befe7416adc4d24118 upstream.

When an error happens during alias parsing currently the complete
parsing of all attributes of the PMU is stopped. This is breaks old perf
on a newer kernel that may have not-yet-know alias attributes (such as
.scale or .per-pkg).

Continue when some attribute is unparseable.

This is IMHO a stable candidate and should be backported to older
versions to avoid problems with newer kernels.

v2: Print warnings when something goes wrong.
v3: Change warning to debug output

Signed-off-by: Andi Kleen 
Cc: Jiri Olsa 
Link: 
http://lkml.kernel.org/r/1455749095-18358-1-git-send-email-a...@firstfloor.org
Signed-off-by: Arnaldo Carvalho de Melo 
Signed-off-by: Kamal Mostafa 
---
 tools/perf/util/pmu.c | 15 ---
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/tools/perf/util/pmu.c b/tools/perf/util/pmu.c
index 5c9c494..95a22ee 100644
--- a/tools/perf/util/pmu.c
+++ b/tools/perf/util/pmu.c
@@ -263,13 +263,12 @@ static int pmu_aliases_parse(char *dir, struct list_head 
*head)
 {
struct dirent *evt_ent;
DIR *event_dir;
-   int ret = 0;
 
event_dir = opendir(dir);
if (!event_dir)
return -EINVAL;
 
-   while (!ret && (evt_ent = readdir(event_dir))) {
+   while ((evt_ent = readdir(event_dir))) {
char path[PATH_MAX];
char *name = evt_ent->d_name;
FILE *file;
@@ -285,17 +284,19 @@ static int pmu_aliases_parse(char *dir, struct list_head 
*head)
 
snprintf(path, PATH_MAX, "%s/%s", dir, name);
 
-   ret = -EINVAL;
file = fopen(path, "r");
-   if (!file)
-   break;
+   if (!file) {
+   pr_debug("Cannot open %s\n", path);
+   continue;
+   }
 
-   ret = perf_pmu__new_alias(head, dir, name, file);
+   if (perf_pmu__new_alias(head, dir, name, file) < 0)
+   pr_debug("Cannot set up %s\n", name);
fclose(file);
}
 
closedir(event_dir);
-   return ret;
+   return 0;
 }
 
 /*
-- 
2.7.4

[PATCH 3.19.y-ckt 037/170] [media] saa7134: Fix bytesperline not being set correctly for planar formats

[Kamal Mostafa]

3.19.8-ckt18 -stable review patch.  If anyone has any objections, please let me 
know.

---8<

From: Hans de Goede 

commit 3e71da19f9dc22e39a755d6ae9678661abb66adc upstream.

bytesperline should be the bytesperline for the first plane for planar
formats, not that of all planes combined.

This fixes a crash in xawtv caused by the wrong bpl.

BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1305389
Reported-and-tested-by: Stas Sergeev 

Signed-off-by: Hans de Goede 
Signed-off-by: Hans Verkuil 
Signed-off-by: Mauro Carvalho Chehab 
Signed-off-by: Kamal Mostafa 
---
 drivers/media/pci/saa7134/saa7134-video.c | 18 --
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/drivers/media/pci/saa7134/saa7134-video.c 
b/drivers/media/pci/saa7134/saa7134-video.c
index 701b52f..1f68591 100644
--- a/drivers/media/pci/saa7134/saa7134-video.c
+++ b/drivers/media/pci/saa7134/saa7134-video.c
@@ -1216,10 +1216,13 @@ static int saa7134_g_fmt_vid_cap(struct file *file, 
void *priv,
f->fmt.pix.height   = dev->height;
f->fmt.pix.field= dev->field;
f->fmt.pix.pixelformat  = dev->fmt->fourcc;
-   f->fmt.pix.bytesperline =
-   (f->fmt.pix.width * dev->fmt->depth) >> 3;
+   if (dev->fmt->planar)
+   f->fmt.pix.bytesperline = f->fmt.pix.width;
+   else
+   f->fmt.pix.bytesperline =
+   (f->fmt.pix.width * dev->fmt->depth) / 8;
f->fmt.pix.sizeimage =
-   f->fmt.pix.height * f->fmt.pix.bytesperline;
+   (f->fmt.pix.height * f->fmt.pix.width * dev->fmt->depth) / 8;
f->fmt.pix.colorspace   = V4L2_COLORSPACE_SMPTE170M;
return 0;
 }
@@ -1295,10 +1298,13 @@ static int saa7134_try_fmt_vid_cap(struct file *file, 
void *priv,
if (f->fmt.pix.height > maxh)
f->fmt.pix.height = maxh;
f->fmt.pix.width &= ~0x03;
-   f->fmt.pix.bytesperline =
-   (f->fmt.pix.width * fmt->depth) >> 3;
+   if (fmt->planar)
+   f->fmt.pix.bytesperline = f->fmt.pix.width;
+   else
+   f->fmt.pix.bytesperline =
+   (f->fmt.pix.width * fmt->depth) / 8;
f->fmt.pix.sizeimage =
-   f->fmt.pix.height * f->fmt.pix.bytesperline;
+   (f->fmt.pix.height * f->fmt.pix.width * fmt->depth) / 8;
f->fmt.pix.colorspace   = V4L2_COLORSPACE_SMPTE170M;
 
return 0;
-- 
2.7.4