[PATCH 1/2] drivercore: Add helper macro for misc device boilerplate

2016-08-21 Thread PrasannaKumar Muralidharan 
For modules that call misc_register and misc_deregister in its module
init and exit methods without any additional code ends up being
boilerplate. This patch adds helper macro module_misc_device(), that
replaces module_init()/ module_exit() with template functions.

This patch also converts drivers to use new macro.

Signed-off-by: PrasannaKumar Muralidharan 
---
 arch/arm/common/bL_switcher_dummy_if.c | 14 +-
 arch/blackfin/mach-bf561/coreb.c   | 13 +
 drivers/hid/uhid.c | 13 +
 drivers/input/misc/uinput.c| 15 ++-
 drivers/s390/char/sclp_ctl.c   | 19 +--
 drivers/vhost/test.c   | 13 +
 include/linux/miscdevice.h |  7 +++
 7 files changed, 14 insertions(+), 80 deletions(-)

diff --git a/arch/arm/common/bL_switcher_dummy_if.c 
b/arch/arm/common/bL_switcher_dummy_if.c
index 3f47f12..6053f64 100644
--- a/arch/arm/common/bL_switcher_dummy_if.c
+++ b/arch/arm/common/bL_switcher_dummy_if.c
@@ -56,16 +56,4 @@ static struct miscdevice bL_switcher_device = {
"b.L_switcher",
&bL_switcher_fops
 };
-
-static int __init bL_switcher_dummy_if_init(void)
-{
-   return misc_register(&bL_switcher_device);
-}
-
-static void __exit bL_switcher_dummy_if_exit(void)
-{
-   misc_deregister(&bL_switcher_device);
-}
-
-module_init(bL_switcher_dummy_if_init);
-module_exit(bL_switcher_dummy_if_exit);
+module_misc_device(bL_switcher_device);
diff --git a/arch/blackfin/mach-bf561/coreb.c b/arch/blackfin/mach-bf561/coreb.c
index 78ecb50..8a2543c 100644
--- a/arch/blackfin/mach-bf561/coreb.c
+++ b/arch/blackfin/mach-bf561/coreb.c
@@ -59,18 +59,7 @@ static struct miscdevice coreb_dev = {
.name  = "coreb",
.fops  = &coreb_fops,
 };
-
-static int __init bf561_coreb_init(void)
-{
-   return misc_register(&coreb_dev);
-}
-module_init(bf561_coreb_init);
-
-static void __exit bf561_coreb_exit(void)
-{
-   misc_deregister(&coreb_dev);
-}
-module_exit(bf561_coreb_exit);
+module_misc_device(coreb_dev);
 
 MODULE_AUTHOR("Bas Vermeulen ");
 MODULE_DESCRIPTION("BF561 Core B Support");
diff --git a/drivers/hid/uhid.c b/drivers/hid/uhid.c
index 99ec3ff..7f8ff39 100644
--- a/drivers/hid/uhid.c
+++ b/drivers/hid/uhid.c
@@ -779,19 +779,8 @@ static struct miscdevice uhid_misc = {
.minor  = UHID_MINOR,
.name   = UHID_NAME,
 };
+module_misc_device(uhid_misc);
 
-static int __init uhid_init(void)
-{
-   return misc_register(&uhid_misc);
-}
-
-static void __exit uhid_exit(void)
-{
-   misc_deregister(&uhid_misc);
-}
-
-module_init(uhid_init);
-module_exit(uhid_exit);
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("David Herrmann ");
 MODULE_DESCRIPTION("User-space I/O driver support for HID subsystem");
diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c
index 65ebbd1..92595b9 100644
--- a/drivers/input/misc/uinput.c
+++ b/drivers/input/misc/uinput.c
@@ -1013,23 +1013,12 @@ static struct miscdevice uinput_misc = {
.minor  = UINPUT_MINOR,
.name   = UINPUT_NAME,
 };
+module_misc_device(uinput_misc);
+
 MODULE_ALIAS_MISCDEV(UINPUT_MINOR);
 MODULE_ALIAS("devname:" UINPUT_NAME);
 
-static int __init uinput_init(void)
-{
-   return misc_register(&uinput_misc);
-}
-
-static void __exit uinput_exit(void)
-{
-   misc_deregister(&uinput_misc);
-}
-
 MODULE_AUTHOR("Aristeu Sergio Rozanski Filho");
 MODULE_DESCRIPTION("User level driver support for input subsystem");
 MODULE_LICENSE("GPL");
 MODULE_VERSION("0.3");
-
-module_init(uinput_init);
-module_exit(uinput_exit);
diff --git a/drivers/s390/char/sclp_ctl.c b/drivers/s390/char/sclp_ctl.c
index ea607a4..554eaa1 100644
--- a/drivers/s390/char/sclp_ctl.c
+++ b/drivers/s390/char/sclp_ctl.c
@@ -126,21 +126,4 @@ static struct miscdevice sclp_ctl_device = {
.name = "sclp",
.fops = &sclp_ctl_fops,
 };
-
-/*
- * Register sclp_ctl misc device
- */
-static int __init sclp_ctl_init(void)
-{
-   return misc_register(&sclp_ctl_device);
-}
-module_init(sclp_ctl_init);
-
-/*
- * Deregister sclp_ctl misc device
- */
-static void __exit sclp_ctl_exit(void)
-{
-   misc_deregister(&sclp_ctl_device);
-}
-module_exit(sclp_ctl_exit);
+module_misc_device(sclp_ctl_device);
diff --git a/drivers/vhost/test.c b/drivers/vhost/test.c
index 97fb2f8..3cc98c0 100644
--- a/drivers/vhost/test.c
+++ b/drivers/vhost/test.c
@@ -322,18 +322,7 @@ static struct miscdevice vhost_test_misc = {
"vhost-test",
&vhost_test_fops,
 };
-
-static int vhost_test_init(void)
-{
-   return misc_register(&vhost_test_misc);
-}
-module_init(vhost_test_init);
-
-static void vhost_test_exit(void)
-{
-   misc_deregister(&vhost_test_misc);
-}
-module_exit(vhost_test_exit);
+module_misc_device(vhost_test_misc);
 
 MODULE_VERSION("0.0.1");
 MODULE_LICENSE("GPL v2");
diff --git a/include/linux/miscdevice.h b/include/linux/miscdevice.h
index 5430374..

[PATCH 0/7] aacraid: Fine-tuning for a few functions

2016-08-21 Thread SF Markus Elfring 
From: Markus Elfring 
Date: Sun, 21 Aug 2016 09:03:21 +0200

Several update suggestions were taken into account
from static source code analysis.

Markus Elfring (7):
  Use memdup_user() rather than duplicating its implementation
  One function call less in aac_send_raw_srb() after error detection
  Delete unnecessary initialisations in aac_send_raw_srb()
  Delete unnecessary braces
  Add spaces after control flow keywords
  Improve determination of a few sizes
  Apply another recommendation from "checkpatch.pl"

 drivers/scsi/aacraid/commctrl.c | 140 +++-
 1 file changed, 67 insertions(+), 73 deletions(-)

-- 
2.9.3

Re: [linux-sunxi] [PATCH 0/9] mfd: axp20x: Add support for AXP809 PMIC

2016-08-21 Thread Priit Laes 
On Sun, 2016-08-21 at 10:11 +0800, Chen-Yu Tsai wrote:
> Hi everyone,
> 
> This series adds support for X-Powers' AXP806 PMIC. This is the
> secondary
> PMIC accompanying Allwinner's A80 SoC. For now, only the regulators
> are
> supported. While the AXP806 supports standalone operation, no
> hardware
> exists, so this will not be supported.

Title says AXP809, but in text and in subsequent patches there's also
806/809 confusion.

> 
> Patch 1 adds AXP806 to the axp20x bindings.
> 
> Patch 2 adds AXP806 support to the axp20x mfd driver.
> 
> Patch 3 fixes regulator output adjustment during regulator
> registration
> so it doesn't fail if the higher or lower bounds of its voltage
> constraints
> don't match up with the regulator's voltage granularity.
> 
> Patch 4 adds AXP806 support to the axp20x regulator driver.
> 
> Patch 5 adds the unused SW switch output of the AXP809 PMIC on the
> A80
> Optimus board. This was accidentally left out of the AXP809 series.
> 
> Patch 6 adds the unused SW switch output of the AXP809 PMIC on the
> Cubieboard 4. This was accidentally left out of the AXP809 series.
> 
> Patch 7 enables AXP809 support on the A80 Optimus board.
> 
> Patch 8 enables AXP809 support on the Cubieboard 4.
> 
> Patch 9 disables EHCI1 on the A80 Optimus board.
> 
> 
> Regards
> ChenYu
> 
> Chen-Yu Tsai (9):
>   mfd: axp20x: Add bindings for AXP806 PMIC
>   mfd: axp20x: Add support for AXP806 PMIC
>   regulator: core: Try full range when adjusting regulators to
> constraints
>   regulator: axp20x: support AXP806 variant
>   ARM: dts: sun9i: a80-optimus: Declare AXP809 SW regulator as unused
>   ARM: dts: sun9i: cubieboard4: Declare AXP809 SW regulator as unused
>   ARM: dts: sun9i: a80-optimus: Add AXP806 PMIC device node and
> regulators
>   ARM: dts: sun9i: cubieboard4: Add AXP806 PMIC device node and
> regulators
>   ARM: dts: sun9i: a80-optimus: Disable EHCI1
> 
>  Documentation/devicetree/bindings/mfd/axp20x.txt |  28 +-
>  arch/arm/boot/dts/sun9i-a80-cubieboard4.dts  | 116
> +
>  arch/arm/boot/dts/sun9i-a80-optimus.dts  | 123
> ++-
>  drivers/mfd/axp20x-rsb.c |   1 +
>  drivers/mfd/axp20x.c |  72 +
>  drivers/regulator/axp20x-regulator.c | 117
> +++--
>  drivers/regulator/core.c |   8 +-
>  include/linux/mfd/axp20x.h   |  60 +++
>  8 files changed, 508 insertions(+), 17 deletions(-)
> 
> -- 
> 2.9.3
>

[PATCH 1/7] aacraid: Use memdup_user() rather than duplicating its implementation

2016-08-21 Thread SF Markus Elfring 
From: Markus Elfring 
Date: Sat, 20 Aug 2016 20:05:24 +0200

Reuse existing functionality from memdup_user() instead of keeping
duplicate source code.

This issue was detected by using the Coccinelle software.

Signed-off-by: Markus Elfring 
---
 drivers/scsi/aacraid/commctrl.c | 12 +++-
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c
index 5648b71..1af3084 100644
--- a/drivers/scsi/aacraid/commctrl.c
+++ b/drivers/scsi/aacraid/commctrl.c
@@ -526,15 +526,9 @@ static int aac_send_raw_srb(struct aac_dev* dev, void 
__user * arg)
goto cleanup;
}
 
-   user_srbcmd = kmalloc(fibsize, GFP_KERNEL);
-   if (!user_srbcmd) {
-   dprintk((KERN_DEBUG"aacraid: Could not make a copy of the 
srb\n"));
-   rcode = -ENOMEM;
-   goto cleanup;
-   }
-   if(copy_from_user(user_srbcmd, user_srb,fibsize)){
-   dprintk((KERN_DEBUG"aacraid: Could not copy srb from user\n"));
-   rcode = -EFAULT;
+   user_srbcmd = memdup_user(user_srb, fibsize);
+   if (IS_ERR(user_srbcmd)) {
+   rcode = PTR_ERR(user_srbcmd);
goto cleanup;
}
 
-- 
2.9.3

[PATCH 2/7] aacraid: One function call less in aac_send_raw_srb() after error detection

2016-08-21 Thread SF Markus Elfring 
>From e8187662ee30aab709a260c72fb86c51673f8e0d Mon Sep 17 00:00:00 2001
From: Markus Elfring 
Date: Sat, 20 Aug 2016 20:40:47 +0200
Subject: [PATCH 2/7] aacraid: One function call less in aac_send_raw_srb()
 after error detection

The kfree() function was called in a few cases by the
aac_send_raw_srb() function during error handling
even if the variable "user_srbcmd" contained eventually
an inappropriate pointer value.

Signed-off-by: Markus Elfring 
---
 drivers/scsi/aacraid/commctrl.c | 49 -
 1 file changed, 24 insertions(+), 25 deletions(-)

diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c
index 1af3084..6dcdf91 100644
--- a/drivers/scsi/aacraid/commctrl.c
+++ b/drivers/scsi/aacraid/commctrl.c
@@ -517,19 +517,19 @@ static int aac_send_raw_srb(struct aac_dev* dev, void 
__user * arg)
if(copy_from_user(&fibsize, &user_srb->count,sizeof(u32))){
dprintk((KERN_DEBUG"aacraid: Could not copy data size from 
user\n"));
rcode = -EFAULT;
-   goto cleanup;
+   goto free_sg_list;
}
 
if ((fibsize < (sizeof(struct user_aac_srb) - sizeof(struct 
user_sgentry))) ||
(fibsize > (dev->max_fib_size - sizeof(struct aac_fibhdr {
rcode = -EINVAL;
-   goto cleanup;
+   goto free_sg_list;
}
 
user_srbcmd = memdup_user(user_srb, fibsize);
if (IS_ERR(user_srbcmd)) {
rcode = PTR_ERR(user_srbcmd);
-   goto cleanup;
+   goto free_sg_list;
}
 
user_reply = arg+fibsize;
@@ -564,7 +564,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void 
__user * arg)
dprintk((KERN_DEBUG"aacraid: too many sg entries %d\n",
  le32_to_cpu(srbcmd->sg.count)));
rcode = -EINVAL;
-   goto cleanup;
+   goto free_user_srbcmd;
}
actual_fibsize = sizeof(struct aac_srb) - sizeof(struct sgentry) +
((user_srbcmd->sg.count & 0xff) * sizeof(struct sgentry));
@@ -580,12 +580,12 @@ static int aac_send_raw_srb(struct aac_dev* dev, void 
__user * arg)
  sizeof(struct aac_srb), sizeof(struct sgentry),
  sizeof(struct sgentry64), fibsize));
rcode = -EINVAL;
-   goto cleanup;
+   goto free_user_srbcmd;
}
if ((data_dir == DMA_NONE) && user_srbcmd->sg.count) {
dprintk((KERN_DEBUG"aacraid: SG with no direction specified in 
Raw SRB command\n"));
rcode = -EINVAL;
-   goto cleanup;
+   goto free_user_srbcmd;
}
byte_count = 0;
if (dev->adapter_info.options & AAC_OPT_SGMAP_HOST64) {
@@ -606,7 +606,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void 
__user * arg)
  (dev->scsi_host_ptr->max_sectors << 9) :
  65536)) {
rcode = -EINVAL;
-   goto cleanup;
+   goto free_user_srbcmd;
}
/* Does this really need to be GFP_DMA? */
p = 
kmalloc(upsg->sg[i].count,GFP_KERNEL|__GFP_DMA);
@@ -614,7 +614,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void 
__user * arg)
dprintk((KERN_DEBUG"aacraid: Could not 
allocate SG buffer - size = %d buffer number %d of %d\n",
  upsg->sg[i].count,i,upsg->count));
rcode = -ENOMEM;
-   goto cleanup;
+   goto free_user_srbcmd;
}
addr = (u64)upsg->sg[i].addr[0];
addr += ((u64)upsg->sg[i].addr[1]) << 32;
@@ -626,7 +626,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void 
__user * arg)

if(copy_from_user(p,sg_user[i],upsg->sg[i].count)){
dprintk((KERN_DEBUG"aacraid: 
Could not copy sg data from user\n"));
rcode = -EFAULT;
-   goto cleanup;
+   goto free_user_srbcmd;
}
}
addr = pci_map_single(dev->pdev, p, 
upsg->sg[i].count, data_dir);
@@ -644,7 +644,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void 
__user * arg)
if (!usg) {
dprintk((KERN_DEBUG"aacraid: Allocation error 
in Raw SRB command\n"));
rcode = -ENOMEM;

[PATCH 3/7] aacraid: Delete unnecessary initialisations in aac_send_raw_srb()

2016-08-21 Thread SF Markus Elfring 
From: Markus Elfring 
Date: Sat, 20 Aug 2016 21:25:20 +0200

Six local variables will be set to an appropriate value a bit later.
Thus omit the explicit initialisation at the beginning.

Signed-off-by: Markus Elfring 
---
 drivers/scsi/aacraid/commctrl.c | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c
index 6dcdf91..49a664f 100644
--- a/drivers/scsi/aacraid/commctrl.c
+++ b/drivers/scsi/aacraid/commctrl.c
@@ -476,20 +476,20 @@ static int aac_send_raw_srb(struct aac_dev* dev, void 
__user * arg)
 {
struct fib* srbfib;
int status;
-   struct aac_srb *srbcmd = NULL;
-   struct user_aac_srb *user_srbcmd = NULL;
+   struct aac_srb *srbcmd;
+   struct user_aac_srb *user_srbcmd;
struct user_aac_srb __user *user_srb = arg;
struct aac_srb_reply __user *user_reply;
struct aac_srb_reply* reply;
-   u32 fibsize = 0;
-   u32 flags = 0;
+   u32 fibsize;
+   u32 flags;
s32 rcode = 0;
u32 data_dir;
void __user *sg_user[32];
void *sg_list[32];
u32 sg_indx = 0;
-   u32 byte_count = 0;
-   u32 actual_fibsize64, actual_fibsize = 0;
+   u32 byte_count;
+   u32 actual_fibsize64, actual_fibsize;
int i;
 
 
-- 
2.9.3

[PATCH 4/7] aacraid: Delete unnecessary braces

2016-08-21 Thread SF Markus Elfring 
From: Markus Elfring 
Date: Sun, 21 Aug 2016 07:07:08 +0200

Do not use curly brackets at some source code places
where a single statement should be sufficient.

Signed-off-by: Markus Elfring 
---
 drivers/scsi/aacraid/commctrl.c | 18 ++
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c
index 49a664f..9f4ddb0 100644
--- a/drivers/scsi/aacraid/commctrl.c
+++ b/drivers/scsi/aacraid/commctrl.c
@@ -66,13 +66,11 @@ static int ioctl_send_fib(struct aac_dev * dev, void __user 
*arg)
unsigned int size, osize;
int retval;
 
-   if (dev->in_reset) {
+   if (dev->in_reset)
return -EBUSY;
-   }
fibptr = aac_fib_alloc(dev);
-   if(fibptr == NULL) {
+   if (!fibptr)
return -ENOMEM;
-   }
 
kfib = fibptr->hw_fib_va;
/*
@@ -138,9 +136,8 @@ static int ioctl_send_fib(struct aac_dev * dev, void __user 
*arg)
retval = aac_fib_send(le16_to_cpu(kfib->header.Command), fibptr,
le16_to_cpu(kfib->header.Size) , FsaNormal,
1, 1, NULL, NULL);
-   if (retval) {
+   if (retval)
goto cleanup;
-   }
if (aac_fib_complete(fibptr) != 0) {
retval = -EINVAL;
goto cleanup;
@@ -228,12 +225,10 @@ static int open_getadapter_fib(struct aac_dev * dev, void 
__user *arg)
}
list_add_tail(&fibctx->next, &dev->fib_list);
spin_unlock_irqrestore(&dev->fib_lock, flags);
-   if (copy_to_user(arg, &fibctx->unique,
-   sizeof(fibctx->unique))) {
+   if (copy_to_user(arg, &fibctx->unique, sizeof(fibctx->unique)))
status = -EFAULT;
-   } else {
+   else
status = 0;
-   }
}
return status;
 }
@@ -820,9 +815,8 @@ static int aac_send_raw_srb(struct aac_dev* dev, void 
__user * arg)
 free_user_srbcmd:
kfree(user_srbcmd);
 free_sg_list:
-   for(i=0; i <= sg_indx; i++){
+   for (i = 0; i <= sg_indx; i++)
kfree(sg_list[i]);
-   }
if (rcode != -ERESTARTSYS) {
aac_fib_complete(srbfib);
aac_fib_free(srbfib);
-- 
2.9.3

[PATCH 5/7] aacraid: Add spaces after control flow keywords

2016-08-21 Thread SF Markus Elfring 
From: Markus Elfring 
Date: Sun, 21 Aug 2016 07:10:43 +0200

Keywords which belong to the category "control flow" in the C programming
language should be followed by a space character according to
the Linux coding style convention.

Signed-off-by: Markus Elfring 
---
 drivers/scsi/aacraid/commctrl.c | 41 -
 1 file changed, 24 insertions(+), 17 deletions(-)

diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c
index 9f4ddb0..cda03f0 100644
--- a/drivers/scsi/aacraid/commctrl.c
+++ b/drivers/scsi/aacraid/commctrl.c
@@ -251,7 +251,7 @@ static int next_getadapter_fib(struct aac_dev * dev, void 
__user *arg)
struct list_head * entry;
unsigned long flags;
 
-   if(copy_from_user((void *)&f, arg, sizeof(struct fib_ioctl)))
+   if (copy_from_user((void *)&f, arg, sizeof(struct fib_ioctl)))
return -EFAULT;
/*
 *  Verify that the HANDLE passed in was a valid AdapterFibContext
@@ -280,7 +280,7 @@ static int next_getadapter_fib(struct aac_dev * dev, void 
__user *arg)
return -EINVAL;
}
 
-   if((fibctx->type != FSAFS_NTC_GET_ADAPTER_FIB_CONTEXT) ||
+   if ((fibctx->type != FSAFS_NTC_GET_ADAPTER_FIB_CONTEXT) ||
 (fibctx->size != sizeof(struct aac_fib_context))) {
spin_unlock_irqrestore(&dev->fib_lock, flags);
dprintk ((KERN_INFO "Fib Context corrupt?\n"));
@@ -327,7 +327,7 @@ return_fib:
ssleep(1);
}
if (f.wait) {
-   if(down_interruptible(&fibctx->wait_sem) < 0) {
+   if (down_interruptible(&fibctx->wait_sem) < 0) {
status = -ERESTARTSYS;
} else {
/* Lock again and retry */
@@ -404,7 +404,7 @@ static int close_getadapter_fib(struct aac_dev * dev, void 
__user *arg)
entry = dev->fib_list.next;
fibctx = NULL;
 
-   while(entry != &dev->fib_list) {
+   while (entry != &dev->fib_list) {
fibctx = list_entry(entry, struct aac_fib_context, next);
/*
 *  Extract the fibctx from the input parameters
@@ -418,7 +418,7 @@ static int close_getadapter_fib(struct aac_dev * dev, void 
__user *arg)
if (!fibctx)
return 0; /* Already gone */
 
-   if((fibctx->type != FSAFS_NTC_GET_ADAPTER_FIB_CONTEXT) ||
+   if ((fibctx->type != FSAFS_NTC_GET_ADAPTER_FIB_CONTEXT) ||
 (fibctx->size != sizeof(struct aac_fib_context)))
return -EINVAL;
spin_lock_irqsave(&dev->fib_lock, flags);
@@ -509,7 +509,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void 
__user * arg)
srbcmd = (struct aac_srb*) fib_data(srbfib);
 
memset(sg_list, 0, sizeof(sg_list)); /* cleanup may take issue */
-   if(copy_from_user(&fibsize, &user_srb->count,sizeof(u32))){
+   if (copy_from_user(&fibsize, &user_srb->count, sizeof(u32))) {
dprintk((KERN_DEBUG"aacraid: Could not copy data size from 
user\n"));
rcode = -EFAULT;
goto free_sg_list;
@@ -605,7 +605,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void 
__user * arg)
}
/* Does this really need to be GFP_DMA? */
p = 
kmalloc(upsg->sg[i].count,GFP_KERNEL|__GFP_DMA);
-   if(!p) {
+   if (!p) {
dprintk((KERN_DEBUG"aacraid: Could not 
allocate SG buffer - size = %d buffer number %d of %d\n",
  upsg->sg[i].count,i,upsg->count));
rcode = -ENOMEM;
@@ -618,7 +618,9 @@ static int aac_send_raw_srb(struct aac_dev* dev, void 
__user * arg)
sg_indx = i;
 
if (flags & SRB_DataOut) {
-   
if(copy_from_user(p,sg_user[i],upsg->sg[i].count)){
+   if (copy_from_user(p,
+  sg_user[i],
+  upsg->sg[i].count)) {
dprintk((KERN_DEBUG"aacraid: 
Could not copy sg data from user\n"));
rcode = -EFAULT;
goto free_user_srbcmd;
@@ -657,7 +659,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void 
__user * arg)
}
/* Does this really need to be GFP_DMA? */
p = 
kmalloc(usg->sg[i].count,GFP_KERNEL|__GFP_DMA);
-   if(!p) {
+   if (!p) {

[PATCH 6/7] aacraid: Improve determination of a few sizes

2016-08-21 Thread SF Markus Elfring 
From: Markus Elfring 
Date: Sun, 21 Aug 2016 08:04:48 +0200

Replace the specification of data structures by references for variables
as the parameter for the operator "sizeof" to make the corresponding size
determination a bit safer according to the Linux coding style convention.

Signed-off-by: Markus Elfring 
---
 drivers/scsi/aacraid/commctrl.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c
index cda03f0..d2029db 100644
--- a/drivers/scsi/aacraid/commctrl.c
+++ b/drivers/scsi/aacraid/commctrl.c
@@ -177,7 +177,7 @@ static int open_getadapter_fib(struct aac_dev * dev, void 
__user *arg)
struct aac_fib_context * fibctx;
int status;
 
-   fibctx = kmalloc(sizeof(struct aac_fib_context), GFP_KERNEL);
+   fibctx = kmalloc(sizeof(*fibctx), GFP_KERNEL);
if (fibctx == NULL) {
status = -ENOMEM;
} else {
@@ -186,7 +186,7 @@ static int open_getadapter_fib(struct aac_dev * dev, void 
__user *arg)
struct aac_fib_context * context;
 
fibctx->type = FSAFS_NTC_GET_ADAPTER_FIB_CONTEXT;
-   fibctx->size = sizeof(struct aac_fib_context);
+   fibctx->size = sizeof(*fibctx);
/*
 *  Yes yes, I know this could be an index, but we have a
 * better guarantee of uniqueness for the locked loop below.
@@ -251,7 +251,7 @@ static int next_getadapter_fib(struct aac_dev * dev, void 
__user *arg)
struct list_head * entry;
unsigned long flags;
 
-   if (copy_from_user((void *)&f, arg, sizeof(struct fib_ioctl)))
+   if (copy_from_user(&f, arg, sizeof(f)))
return -EFAULT;
/*
 *  Verify that the HANDLE passed in was a valid AdapterFibContext
@@ -509,7 +509,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void 
__user * arg)
srbcmd = (struct aac_srb*) fib_data(srbfib);
 
memset(sg_list, 0, sizeof(sg_list)); /* cleanup may take issue */
-   if (copy_from_user(&fibsize, &user_srb->count, sizeof(u32))) {
+   if (copy_from_user(&fibsize, &user_srb->count, sizeof(fibsize))) {
dprintk((KERN_DEBUG"aacraid: Could not copy data size from 
user\n"));
rcode = -EFAULT;
goto free_sg_list;
-- 
2.9.3

[PATCH] ARM: EXYNOS: Clear OF_POPULATED flag from PMU node in IRQ init callback

2016-08-21 Thread Javier Martinez Canillas 
The Exynos PMU node is an interrupt, clock and PMU (Power Management Unit)
controller, and these functionalities are supported by different drivers
that matches the same compatible strings.

Since commit 15cc2ed6dcf9 ("of/irq: Mark initialised interrupt controllers
as populated") the OF core flags interrupt controllers registered with the
IRQCHIP_DECLARE() macro as OF_POPULATED, so platform devices with the same
compatible string as the interrupt controller will not be registered.

This prevents the PMU platform device to be registered so the Exynos PMU
driver is never probed. This breaks (among other things) Suspend-to-RAM.

Fix this by clearing the OF_POPULATED flag in the PMU IRQ init callback,
to allow the Exynos PMU platform driver to be probed. The patch is based
on Philipp Zabel's "ARM: imx6: mark GPC node as not populated after irq
init to probe pm domain driver".

Fixes: 15cc2ed6dcf9 ("of/irq: Mark initialised interrupt controllers as 
populated")
Signed-off-by: Javier Martinez Canillas 

---

This was tested on an Exynos5800 Peach Pi Chromebook with v4.8-rc2 +
Philipp's patch: https://patchwork.kernel.org/patch/9271361/

 arch/arm/mach-exynos/suspend.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/arch/arm/mach-exynos/suspend.c b/arch/arm/mach-exynos/suspend.c
index 3750575c73c5..06332f626565 100644
--- a/arch/arm/mach-exynos/suspend.c
+++ b/arch/arm/mach-exynos/suspend.c
@@ -255,6 +255,12 @@ static int __init exynos_pmu_irq_init(struct device_node 
*node,
return -ENOMEM;
}
 
+   /*
+* Clear the OF_POPULATED flag set in of_irq_init so that
+* later the Exynos PMU platform device won't be skipped.
+*/
+   of_node_clear_flag(node, OF_POPULATED);
+
return 0;
 }
 
-- 
2.5.5

[PATCH 7/7] aacraid: Apply another recommendation from "checkpatch.pl"

2016-08-21 Thread SF Markus Elfring 
From: Markus Elfring 
Date: Sun, 21 Aug 2016 08:23:25 +0200

The script "checkpatch.pl" can point out that assignments should usually
not be performed within condition checks.
Thus move the assignment for the variable "srbfib" to a separate statement.

Signed-off-by: Markus Elfring 
---
 drivers/scsi/aacraid/commctrl.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c
index d2029db..7e6c76d 100644
--- a/drivers/scsi/aacraid/commctrl.c
+++ b/drivers/scsi/aacraid/commctrl.c
@@ -499,9 +499,9 @@ static int aac_send_raw_srb(struct aac_dev* dev, void 
__user * arg)
/*
 *  Allocate and initialize a Fib then setup a SRB command
 */
-   if (!(srbfib = aac_fib_alloc(dev))) {
+   srbfib = aac_fib_alloc(dev);
+   if (!srbfib)
return -ENOMEM;
-   }
aac_fib_init(srbfib);
/* raw_srb FIB is not FastResponseCapable */
srbfib->hw_fib_va->header.XferState &= 
~cpu_to_le32(FastResponseCapable);
-- 
2.9.3

Re: [PATCH 6/7] arm64: dts: exynos: Add dts file for Exynos5433-based TM2 board

2016-08-21 Thread Chanwoo Choi 
2016-08-20 2:05 GMT+09:00 Sylwester Nawrocki :
> On 08/16/2016 08:35 AM, Chanwoo Choi wrote:
>> &spi_1 {
>> + cs-gpios = <&gpd6 3 GPIO_ACTIVE_HIGH>;
>> + status = "okay";
>> +
>> + wm5110: wm5110-codec@0 {
>> + compatible = "wlf,wm5110";
>> + reg = <0x0>;
>> + spi-max-frequency = <2000>;
>> + interrupt-parent = <&gpa0>;
>> + interrupts = <4 0 0>;
>> + clocks = <&xxti>, <&s2mps13_osc 2>;
>
> The first clock needs to be CLKOUT, i.e.
>
> clocks = <&pmu_system_controller 0>, <&s2mps13_osc 2>;
>

OK.

-- 
Best Regards,
Chanwoo Choi

Re: [RFC PATCH 0/3] UART slave device bus

2016-08-21 Thread H. Nikolaus Schaller 

> Am 20.08.2016 um 15:34 schrieb One Thousand Gnomes 
> :
>> What it is not about are UART/RS232 converters connected through USB or 
>> virtual
>> serial ports created for WWAN modems (e.g. /dev/ttyACM, /dev/ttyHSO). Or BT 
>> devices
>> connected through USB (even if they also run HCI protocol).
> 
> It actually has to be about both because you will find the exact same
> device wired via USB SSIC/HSIC to a USB UART or via a classic UART. Not is
> it just about embedded boards. 

Not necessarily.

We often have two interface options for exactly the sam sensor chips. They can 
be connected
either through SPI or I2C. Which means that there is a core driver for the chip 
and two different
transport glue components (see e.g. iio/accel/bmc150).

This does not require I2C to be able to handle SPI or vice versa or provide a 
common API.

And most Bluetooth devices I know have either UART or a direct USB interface. 
So in the
USB case there is no need to connect it through some USB-UART bridge and treat 
it as
an UART at all.

BR,
Nikolaus

Re: [RFC PATCH 0/3] UART slave device bus

2016-08-21 Thread H. Nikolaus Schaller 

> Am 20.08.2016 um 15:22 schrieb One Thousand Gnomes 
> :
> 
> On Fri, 19 Aug 2016 19:42:37 +0200
> "H. Nikolaus Schaller"  wrote:
> 
>>> Am 19.08.2016 um 13:06 schrieb One Thousand Gnomes 
>>> :
>>> 
 If possible, please do a callback for every character that arrives.
 And not only if the rx buffer becomes full, to give the slave driver
 a chance to trigger actions almost immediately after every character.
 This probably runs in interrupt context and can happen often.  
>>> 
>>> We don't realistically have the clock cycles to do that on a low end
>>> embedded processor handling high speed I/O.  
>> 
>> well, if we have a low end embedded processor and high-speed I/O, then
>> buffering the data before processing doesn't help either since processing
>> still will eat up clock cycles.
> 
> Of course it helps. You are out of the IRQ handler within the 9 serial
> clocks, so you can take another interrupt and grab the next byte. You
> will also get benefits from processing the bytes further in blocks,

if there are benefits from processing blocks. That depends on the specific
protocol.

My proposal can still check and then place byte by byte in a buffer and almost
immediately return from interrupt. Until a block is completed and then trigger
processing outside of the interrupt context.

> and if you get too far behind you'll make the flow control limit.
> 
> You've also usually got multiple cores these days - although not on the
> very low end quite often.

Indeed. But low-end rarely has really high-speed requirements and then should
also run Linux. If it goes to performance limits, probably some assembler code
will be used.

And UART is inherently slow compared to SPI or USB or Ethernet.

> 
>> The question is if this is needed at all. If we have a bluetooth stack with 
>> HCI the
>> fastest UART interface I am aware of is running at 3 Mbit/s. 10 bits incl. 
>> framing
>> means 300kByte/s equiv. 3µs per byte to process. Should be enough to decide
>> if the byte should go to a buffer or not, check checksums, or discard and 
>> move
>> the protocol engine to a different state. This is what I assume would be 
>> done in
>> a callback. No processing needing some ms per frame.
> 
> That depends on the processor - remember people run Linux on low end CPUs
> including those embedded in an FPGA not just high end PC and ARM class
> devices.
> 
> The more important question is - purely for the receive side of things -
> is a callback which guarantees to be called "soon" after the bytes arrive
> sufficient.
> 
> If it is then almost no work is needed on the receive side to allow pure
> kernel code to manage recevied data directly because the current
> buffering support throughout the receive side is completely capable of
> providing those services without a tty structure, and to anything which
> can have a tty attached.

Let me ask a question about your centralized and pre-cooked buffering approach.

As far as I see, even then the kernel API must notify the driver at the right 
moment
that a new block has arrived. Right?

But how does the kernel API know how long such a block is?

Usually there is a start byte/character, sometimes a length indicator, then 
payload data,
some checksum and finally a stop byte/character. For NMEA it is $, no length, * 
and \r\n.
For other serial protocols it might be AT, no length, and \r. Or something 
different.
HCI seems to use 2 byte op-code or 1 byte event code and 1 byte parameter 
length.

So this means each protocol has a different block format.

How can centralized solution manage such differently formatted blocks?

IMHO it can't without help from the device specific slave device driver. Which 
must
therefore be able to see every byte to decide into which category it goes. 
Which brings
us back to the every-byte-interrupt-context callback.

This is different from well formatted protocols like SPI or I2C or Ethernet etc.
where the controller decodes the frame boundaries and DMA can store the
payload data and an interrupt occurs for every received block.

So I would even conclude that you usually can't even use DMA based UART receive
processing for arbitrary and not well-defined protocols. Or have to assume that 
the
protocol is 100% request-response based and a timeout can tell that no more data
will be received - until a new request has been sent.

> 
> Doesn't solve transmit or configuration but it's one step that needs no
> additional real work and re-invention.
> 
> Alan

BR,
Nikolaus

[PATCH 3/3] torture: TOROUT_STRING(): Insert a space between flag and message

2016-08-21 Thread SeongJae Park 
TOROUT_STRING() macro function does not insert a space between flag and
message while other similar couterparts do.  The output will be
inconsistent and weird especially when it is read by dmesg with color
option enabled.  This commit adds an space between flag and message in
TOROUT_STRING() output.

Signed-off-by: SeongJae Park 
---
 include/linux/torture.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/linux/torture.h b/include/linux/torture.h
index 6685a73..a45702e 100644
--- a/include/linux/torture.h
+++ b/include/linux/torture.h
@@ -43,7 +43,7 @@
 
 #define TORTURE_FLAG "-torture:"
 #define TOROUT_STRING(s) \
-   pr_alert("%s" TORTURE_FLAG s "\n", torture_type)
+   pr_alert("%s" TORTURE_FLAG " %s\n", torture_type, s)
 #define VERBOSE_TOROUT_STRING(s) \
do { if (verbose) pr_alert("%s" TORTURE_FLAG " %s\n", torture_type, s); 
} while (0)
 #define VERBOSE_TOROUT_ERRSTRING(s) \
-- 
1.9.1

[PATCH 2/3] rcuperf: Insert space between flag and message consistently

2016-08-21 Thread SeongJae Park 
Few output messages of rcuperf has no space between flag and start of
message while every other messages keeps a space consistently.  It makes
output messages to be inconsistent and weird especially when it be read
by dmesg with color option enabled.  This commit fixes the problem by
modifying a pr_alert() call and PERFOUT_STRING() macro function.

Signed-off-by: SeongJae Park 
---
 kernel/rcu/rcuperf.c | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/kernel/rcu/rcuperf.c b/kernel/rcu/rcuperf.c
index 6025342..03ba447 100644
--- a/kernel/rcu/rcuperf.c
+++ b/kernel/rcu/rcuperf.c
@@ -52,7 +52,7 @@ MODULE_AUTHOR("Paul E. McKenney 
");
 
 #define PERF_FLAG "-perf:"
 #define PERFOUT_STRING(s) \
-   pr_alert("%s" PERF_FLAG s "\n", perf_type)
+   pr_alert("%s" PERF_FLAG " %s\n", perf_type, s)
 #define VERBOSE_PERFOUT_STRING(s) \
do { if (verbose) pr_alert("%s" PERF_FLAG " %s\n", perf_type, s); } 
while (0)
 #define VERBOSE_PERFOUT_ERRSTRING(s) \
@@ -389,9 +389,8 @@ rcu_perf_writer(void *arg)
sp.sched_priority = 0;
sched_setscheduler_nocheck(current,
   SCHED_NORMAL, &sp);
-   pr_alert("%s" PERF_FLAG
-"rcu_perf_writer %ld has %d measurements\n",
-perf_type, me, MIN_MEAS);
+   pr_alert("%s%s rcu_perf_writer %ld has %d 
measurements\n",
+perf_type, PERF_FLAG, me, MIN_MEAS);
if (atomic_inc_return(&n_rcu_perf_writer_finished) >=
nrealwriters) {
schedule_timeout_interruptible(10);
-- 
1.9.1

[PATCH 1/3] rcuperf: Remove unnecessary rcu_perf_writer_state variable

2016-08-21 Thread SeongJae Park 
rcu_perf_writer_state is being written only while nobody reads it.  This
commit removes the unnecessary variable and macro constants for it.

Signed-off-by: SeongJae Park 
---
 kernel/rcu/rcuperf.c | 16 ++--
 1 file changed, 2 insertions(+), 14 deletions(-)

diff --git a/kernel/rcu/rcuperf.c b/kernel/rcu/rcuperf.c
index d38ab08..6025342 100644
--- a/kernel/rcu/rcuperf.c
+++ b/kernel/rcu/rcuperf.c
@@ -86,13 +86,6 @@ static u64 t_rcu_perf_writer_finished;
 static unsigned long b_rcu_perf_writer_started;
 static unsigned long b_rcu_perf_writer_finished;
 
-static int rcu_perf_writer_state;
-#define RTWS_INIT  0
-#define RTWS_EXP_SYNC  1
-#define RTWS_SYNC  2
-#define RTWS_IDLE  2
-#define RTWS_STOPPING  3
-
 #define MAX_MEAS 1
 #define MIN_MEAS 100
 
@@ -381,14 +374,10 @@ rcu_perf_writer(void *arg)
do {
wdp = &wdpp[i];
*wdp = ktime_get_mono_fast_ns();
-   if (gp_exp) {
-   rcu_perf_writer_state = RTWS_EXP_SYNC;
+   if (gp_exp)
cur_ops->exp_sync();
-   } else {
-   rcu_perf_writer_state = RTWS_SYNC;
+   else
cur_ops->sync();
-   }
-   rcu_perf_writer_state = RTWS_IDLE;
t = ktime_get_mono_fast_ns();
*wdp = t - *wdp;
i_max = i;
@@ -429,7 +418,6 @@ rcu_perf_writer(void *arg)
i++;
rcu_perf_wait_shutdown();
} while (!torture_must_stop());
-   rcu_perf_writer_state = RTWS_STOPPING;
writer_n_durations[me] = i_max;
torture_kthread_stopping("rcu_perf_writer");
return 0;
-- 
1.9.1

[PATCH 0/4 v5] usb: dwc2: fix the usb host for host port at RK32

2016-08-21 Thread Randy Li 
Hello All:
 This version would move reset into phy. I wanted to implement a hard
code version but I meet some problem with ioremap reset controller,
in order to keep my word, I offer this version this time.

Changelog:
v5
  A few modification at style, add the missing doc in the last 
  commit.
v4
  1. Adding the reset callback in struct phy_ops.
  2. Moving the reset into phy rockchip usb.
  3. Trying to call a reset when dwc2 wakeup in rk3288.
v3
 Rebased from previous commit.

Randy Li (4):
  phy: Add reset callback
  phy: rockchip-usb: use rockchip_usb_phy_reset to reset phy during
wakeup
  usb: dwc2: assert phy reset when waking up in rk3288 platform
  ARM: dts: rockchip: Point rk3288 dwc2 usb at the full PHY reset

 arch/arm/boot/dts/rk3288.dtsi  |  5 +
 drivers/phy/phy-rockchip-usb.c | 20 
 drivers/usb/dwc2/core_intr.c   |  9 +
 include/linux/phy/phy.h|  2 ++
 4 files changed, 36 insertions(+)

-- 
2.7.4

[PATCH 1/4] phy: Add reset callback

2016-08-21 Thread Randy Li 
The only use for this is for solving a hardware design problem in
usb of Rockchip RK3288.

Signed-off-by: Randy Li 
---
 include/linux/phy/phy.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/include/linux/phy/phy.h b/include/linux/phy/phy.h
index f08b672..4d34607 100644
--- a/include/linux/phy/phy.h
+++ b/include/linux/phy/phy.h
@@ -36,6 +36,7 @@ enum phy_mode {
  * @power_on: powering on the phy
  * @power_off: powering off the phy
  * @set_mode: set the mode of the phy
+ * @reset: reseting the phy
  * @owner: the module owner containing the ops
  */
 struct phy_ops {
@@ -44,6 +45,7 @@ struct phy_ops {
int (*power_on)(struct phy *phy);
int (*power_off)(struct phy *phy);
int (*set_mode)(struct phy *phy, enum phy_mode mode);
+   int (*reset)(struct phy *phy);
struct module *owner;
 };
 
-- 
2.7.4

[PATCH 2/4] phy: rockchip-usb: use rockchip_usb_phy_reset to reset phy during wakeup

2016-08-21 Thread Randy Li 
It is a hardware bug in RK3288, the only way to solve it is to
reset the phy.

Signed-off-by: Randy Li 
---
 .../devicetree/bindings/phy/rockchip-usb-phy.txt |  3 +++
 drivers/phy/phy-rockchip-usb.c   | 20 
 2 files changed, 23 insertions(+)

diff --git a/Documentation/devicetree/bindings/phy/rockchip-usb-phy.txt 
b/Documentation/devicetree/bindings/phy/rockchip-usb-phy.txt
index cc6be96..57dc388 100644
--- a/Documentation/devicetree/bindings/phy/rockchip-usb-phy.txt
+++ b/Documentation/devicetree/bindings/phy/rockchip-usb-phy.txt
@@ -27,6 +27,9 @@ Optional Properties:
 - clocks : phandle + clock specifier for the phy clocks
 - clock-names: string, clock name, must be "phyclk"
 - #clock-cells: for users of the phy-pll, should be 0
+- reset-names: Only allow the following entries:
+ - phy-reset
+- resets: Must contain an entry for each entry in reset-names.
 
 Example:
 
diff --git a/drivers/phy/phy-rockchip-usb.c b/drivers/phy/phy-rockchip-usb.c
index 2a7381f..734987f 100644
--- a/drivers/phy/phy-rockchip-usb.c
+++ b/drivers/phy/phy-rockchip-usb.c
@@ -29,6 +29,7 @@
 #include 
 #include 
 #include 
+#include 
 
 static int enable_usb_uart;
 
@@ -64,6 +65,7 @@ struct rockchip_usb_phy {
struct clk_hw   clk480m_hw;
struct phy  *phy;
booluart_enabled;
+   struct reset_control *reset;
 };
 
 static int rockchip_usb_phy_power(struct rockchip_usb_phy *phy,
@@ -144,9 +146,23 @@ static int rockchip_usb_phy_power_on(struct phy *_phy)
return clk_prepare_enable(phy->clk480m);
 }
 
+static int rockchip_usb_phy_reset(struct phy *_phy)
+{
+   struct rockchip_usb_phy *phy = phy_get_drvdata(_phy);
+
+   if (phy->reset) {
+   reset_control_assert(phy->reset);
+   udelay(10);
+   reset_control_deassert(phy->reset);
+   }
+
+   return 0;
+}
+
 static const struct phy_ops ops = {
.power_on   = rockchip_usb_phy_power_on,
.power_off  = rockchip_usb_phy_power_off,
+   .reset  = rockchip_usb_phy_reset,
.owner  = THIS_MODULE,
 };
 
@@ -185,6 +201,10 @@ static int rockchip_usb_phy_init(struct 
rockchip_usb_phy_base *base,
return -EINVAL;
}
 
+   rk_phy->reset = of_reset_control_get(child, "phy-reset");
+   if (IS_ERR(rk_phy->reset))
+   rk_phy->reset = NULL;
+
rk_phy->reg_offset = reg_offset;
 
rk_phy->clk = of_clk_get_by_name(child, "phyclk");
-- 
2.7.4

[PATCH 3/4] usb: dwc2: assert phy reset when waking up in rk3288 platform

2016-08-21 Thread Randy Li 
On the rk3288 USB host-only port (the one that's not the OTG-enabled
port) the PHY can get into a bad state when a wakeup is asserted (not
just a wakeup from full system suspend but also a wakeup from
autosuspend).

We can get the PHY out of its bad state by asserting its "port reset",
but unfortunately that seems to assert a reset onto the USB bus so it
could confuse things if we don't actually deenumerate / reenumerate the
device.

We can also get the PHY out of its bad state by fully resetting it using
the reset from the CRU (clock reset unit) in chip, which does a more full
reset.  The CRU-based reset appears to actually cause devices on the bus
to be removed and reinserted, which fixes the problem (albeit in a hacky
way).

It's unfortunate that we need to do a full re-enumeration of devices at
wakeup time, but this is better than alternative of letting the bus get
wedged.

The original patches came from Doug Anderson .

Signed-off-by: Randy Li 
---
 drivers/usb/dwc2/core_intr.c | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/drivers/usb/dwc2/core_intr.c b/drivers/usb/dwc2/core_intr.c
index d85c5c9..f57c48a 100644
--- a/drivers/usb/dwc2/core_intr.c
+++ b/drivers/usb/dwc2/core_intr.c
@@ -345,6 +345,7 @@ static void dwc2_handle_session_req_intr(struct dwc2_hsotg 
*hsotg)
 static void dwc2_handle_wakeup_detected_intr(struct dwc2_hsotg *hsotg)
 {
int ret;
+   struct device_node *np = hsotg->dev->of_node;
 
/* Clear interrupt */
dwc2_writel(GINTSTS_WKUPINT, hsotg->regs + GINTSTS);
@@ -379,6 +380,16 @@ static void dwc2_handle_wakeup_detected_intr(struct 
dwc2_hsotg *hsotg)
/* Restart the Phy Clock */
pcgcctl &= ~PCGCTL_STOPPCLK;
dwc2_writel(pcgcctl, hsotg->regs + PCGCTL);
+
+   /* 
+* It is a quirk in Rockchip RK3288, causing by
+* a hardware bug. This will propagate out and
+* eventually we'll re-enumerate the device. 
+* Not great but the best we can do 
+*/
+   if (of_device_is_compatible(np, "rockchip,rk3288-usb"))
+   hsotg->phy->ops->reset(hsotg->phy);
+
mod_timer(&hsotg->wkp_timer,
  jiffies + msecs_to_jiffies(71));
} else {
-- 
2.7.4

[PATCH 4/4] ARM: dts: rockchip: Point rk3288 dwc2 usb at the full PHY reset

2016-08-21 Thread Randy Li 
The "host1" port (AKA the dwc2 port that isn't the OTG port) on rk3288
has a hardware errata that causes everything to get confused when we get
a remote wakeup.  We'll use the reset that's in the CRU to reset the
port when it's in a bad state.

Note that we add the reset to both dwc2 controllers even though only one
has the errata in case we find some other use for this reset that's
unrelated to the current hardware errata.  Only the host port gets the
quirk property, though.

This patch came from Doug Anderson  originally.

Signed-off-by: Randy Li 
---
 arch/arm/boot/dts/rk3288.dtsi | 5 +
 1 file changed, 5 insertions(+)

diff --git a/arch/arm/boot/dts/rk3288.dtsi b/arch/arm/boot/dts/rk3288.dtsi
index 48ca4e4..646f49d 100644
--- a/arch/arm/boot/dts/rk3288.dtsi
+++ b/arch/arm/boot/dts/rk3288.dtsi
@@ -855,6 +855,8 @@
clocks = <&cru SCLK_OTGPHY0>;
clock-names = "phyclk";
#clock-cells = <0>;
+   resets = <&cru SRST_USBOTG_PHY>;
+   reset-names = "phy-reset";
};
 
usbphy1: usb-phy@334 {
@@ -871,6 +873,9 @@
clocks = <&cru SCLK_OTGPHY2>;
clock-names = "phyclk";
#clock-cells = <0>;
+   resets = <&cru SRST_USBHOST1_PHY>;
+   reset-names = "phy-reset";
+
};
};
};
-- 
2.7.4

[PATCH] perf tools: Fix error handling of lzma decompression

2016-08-21 Thread Shawn Lin 
lzma_decompress_to_file never actually close the file
pointer, let's fix it.

Signed-off-by: Shawn Lin 
---

 tools/perf/util/lzma.c | 19 ---
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/tools/perf/util/lzma.c b/tools/perf/util/lzma.c
index 95a1acb..a95d473 100644
--- a/tools/perf/util/lzma.c
+++ b/tools/perf/util/lzma.c
@@ -29,6 +29,7 @@ int lzma_decompress_to_file(const char *input, int output_fd)
lzma_action action = LZMA_RUN;
lzma_stream strm   = LZMA_STREAM_INIT;
lzma_ret ret;
+   int err = 0;
 
u8 buf_in[BUFSIZE];
u8 buf_out[BUFSIZE];
@@ -45,7 +46,8 @@ int lzma_decompress_to_file(const char *input, int output_fd)
if (ret != LZMA_OK) {
pr_err("lzma: lzma_stream_decoder failed %s (%d)\n",
lzma_strerror(ret), ret);
-   return -1;
+   err = -1;
+   goto err_fclose;
}
 
strm.next_in   = NULL;
@@ -60,7 +62,8 @@ int lzma_decompress_to_file(const char *input, int output_fd)
 
if (ferror(infile)) {
pr_err("lzma: read error: %s\n", 
strerror(errno));
-   return -1;
+   err = -1;
+   goto err_fclose;
}
 
if (feof(infile))
@@ -74,7 +77,8 @@ int lzma_decompress_to_file(const char *input, int output_fd)
 
if (writen(output_fd, buf_out, write_size) != 
write_size) {
pr_err("lzma: write error: %s\n", 
strerror(errno));
-   return -1;
+   err = -1;
+   goto err_fclose;
}
 
strm.next_out  = buf_out;
@@ -83,13 +87,14 @@ int lzma_decompress_to_file(const char *input, int 
output_fd)
 
if (ret != LZMA_OK) {
if (ret == LZMA_STREAM_END)
-   return 0;
+   goto err_fclose;
 
pr_err("lzma: failed %s\n", lzma_strerror(ret));
-   return -1;
+   err = -1;
+   goto err_fclose;
}
}
-
+err_fclose:
fclose(infile);
-   return 0;
+   return err;
 }
-- 
2.3.7

hi linux

2016-08-21 Thread Abhishek Rai 
hi linux

http://fengjzn.com/clock.php?pair=eeqp1a69bz7bc8



Abhishek Rai

[PATCH] megaraid_sas: Fix the search of first memory bar

2016-08-21 Thread Christophe JAILLET 
The 2nd parameter of 'find_first_bit' is the number of bits to search.
In this case, we are passing 'sizeof(unsigned long)' which is likely to
be 4.

It is likely that the number of bits in a long was expected here, so use
BITS_PER_LONG instead.

Signed-off-by: Christophe JAILLET 
---
Other options are possible:
  - 'bar_list' being a 'unsigned long', use __ffs to reduce code verbosity
  - PCI_NUM_RESOURCES, which is the maximum number of bits that can be set
by 'pci_select_bars()'
---
 drivers/scsi/megaraid/megaraid_sas_base.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c 
b/drivers/scsi/megaraid/megaraid_sas_base.c
index c1ed25adb17e..7d3de811d33c 100644
--- a/drivers/scsi/megaraid/megaraid_sas_base.c
+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
@@ -5036,7 +5036,7 @@ static int megasas_init_fw(struct megasas_instance 
*instance)
 
/* Find first memory bar */
bar_list = pci_select_bars(instance->pdev, IORESOURCE_MEM);
-   instance->bar = find_first_bit(&bar_list, sizeof(unsigned long));
+   instance->bar = find_first_bit(&bar_list, BITS_PER_LONG);
if (pci_request_selected_regions(instance->pdev, 1pdev->dev, "IO memory region 
busy!\n");
-- 
2.7.4


---
L'absence de virus dans ce courrier électronique a été vérifiée par le logiciel 
antivirus Avast.
https://www.avast.com/antivirus

[PATCH] megaraid_sas: Use memdup_user() rather than duplicating its implementation

2016-08-21 Thread SF Markus Elfring 
From: Markus Elfring 
Date: Sun, 21 Aug 2016 10:39:04 +0200

Reuse existing functionality from memdup_user() instead of keeping
duplicate source code.

This issue was detected by using the Coccinelle software.

Signed-off-by: Markus Elfring 
---
 drivers/scsi/megaraid/megaraid_sas_base.c | 11 +++
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c 
b/drivers/scsi/megaraid/megaraid_sas_base.c
index c1ed25a..9a2fe4e 100644
--- a/drivers/scsi/megaraid/megaraid_sas_base.c
+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
@@ -6711,14 +6711,9 @@ static int megasas_mgmt_ioctl_fw(struct file *file, 
unsigned long arg)
unsigned long flags;
u32 wait_time = MEGASAS_RESET_WAIT_TIME;
 
-   ioc = kmalloc(sizeof(*ioc), GFP_KERNEL);
-   if (!ioc)
-   return -ENOMEM;
-
-   if (copy_from_user(ioc, user_ioc, sizeof(*ioc))) {
-   error = -EFAULT;
-   goto out_kfree_ioc;
-   }
+   ioc = memdup_user(user_ioc, sizeof(*ioc));
+   if (IS_ERR(ioc))
+   return PTR_ERR(ioc);
 
instance = megasas_lookup_instance(ioc->host_no);
if (!instance) {
-- 
2.9.3

[PATCH] drm/tegra: Fix window[0] base address corruption

2016-08-21 Thread Dmitry Osipenko 
Window uses shared stride for UV planes and tegra_dc_window struct
defines array of 2 strides per window. That's not taken in account
during setting up of the window addresses and strides, resulting in
out-of-bounds write of the 3-rd (non-existent) V plane stride that
overwrites Y plane base address.

Signed-off-by: Dmitry Osipenko 
---
 drivers/gpu/drm/tegra/dc.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/tegra/dc.c b/drivers/gpu/drm/tegra/dc.c
index 39940f5..a98dd3e 100644
--- a/drivers/gpu/drm/tegra/dc.c
+++ b/drivers/gpu/drm/tegra/dc.c
@@ -590,7 +590,9 @@ static void tegra_plane_atomic_update(struct drm_plane 
*plane,
struct tegra_bo *bo = tegra_fb_get_plane(fb, i);
 
window.base[i] = bo->paddr + fb->offsets[i];
-   window.stride[i] = fb->pitches[i];
+
+   if (i < 2)
+   window.stride[i] = fb->pitches[i];
}
 
tegra_dc_setup_window(dc, p->index, &window);
-- 
2.9.3

Re: [PATCH 1/2] Revert "include/uapi/drm/amdgpu_drm.h: use __u32 and __u64 from "

2016-08-21 Thread Christian König 

Am 20.08.2016 um 19:58 schrieb Mikko Rapeli:

Cc'ing lkml too.

On Fri, Aug 19, 2016 at 11:54:21PM +0100, Emil Velikov wrote:

Story time:
I was dreaming of a day were we can stop installing these headers,
thus making deprecation a bit easier process.
Yet after failing to convince Dave and Daniel on a number of occasions
I've accepted that those headers _are_ here to stay. And yes they
_are_ the UAPI, even though no applications are meant to use them but
the libdrm 'version'.
Thus any changes to the libdrm ones should be a mirror of the ones
here and libdrm should _not_ differ.

Another day dream:

Wouldn't it be nice if the uapi headers from Linux kernel would pass
a simple quality check of compiling in userspace where they are meant to be
used?


libdrm has a whole bunch of unit tests exercising the kernel UAPI 
headers for both API and ABI compatibility.


So to be honest I see your good intentions here, but no those checks are 
completely useless for us.


Christian.


  Stand alone. Without magic tricks and additional libraries and their
headers. Without glibc or any other libc implementation specific additions.
The uapi headers define many parts of the Linux kernel API and ABI, and thus
compiling them also without the 'official' GNU/Linux userspace libraries
like glibc or libdrm does have some uses. For example API and ABI
compatibility checks and API/ABI/system call fuzzers.

Many headers required stdint.h types but Linux kernel headers do not
define them in userspace, and then Linus has said that uapi headers
should use the linux/types.h with double underscores. Thus my patches
for fixing trivial compile errors turned into changing several stdint.h
definitions to linux/types.h.

Yes, there have been some regressions in this work but to err is human.
What is the actual problem and how can we (yes, including me) try to
solve it?

-Mikko

Re: [PATCH v3] block: make sure big bio is splitted into at most 256 bvecs

2016-08-21 Thread Ming Lei 
On Fri, Aug 19, 2016 at 8:41 AM, Eric Wheeler  wrote:
>> On Mon, Aug 15, 2016 at 11:23:28AM -0700, Christoph Hellwig wrote:
>> > On Mon, Aug 15, 2016 at 11:11:22PM +0800, Ming Lei wrote:
>> > > After arbitrary bio size is supported, the incoming bio may
>> > > be very big. We have to split the bio into small bios so that
>> > > each holds at most BIO_MAX_PAGES bvecs for safety reason, such
>> > > as bio_clone().
>> >
>> > I still think working around a rough driver submitting too large
>> > I/O is a bad thing until we've done a full audit of all consuming
>> > bios through ->make_request, and we've enabled it for the common
>> > path as well.
>>
>> bcache originally had workaround code to split too-large bios when it
>> first went upstream - that was dropped only after the patches to make
>> generic_make_request() handle arbitrary size bios went in. So to do what
>> you're suggesting would mean reverting that bcache patch and bringing
>> that code back, which from my perspective would be a step in the wrong
>> direction. I just want to get this over and done with.
>>
>> >
>> > >   bool do_split = true;
>> > >   struct bio *new = NULL;
>> > >   const unsigned max_sectors = get_max_io_size(q, bio);
>> > > + unsigned bvecs = 0;
>> > > +
>> > > + *no_merge = true;
>> > >
>> > >   bio_for_each_segment(bv, bio, iter) {
>> > >   /*
>> > > +  * With arbitrary bio size, the incoming bio may be very
>> > > +  * big. We have to split the bio into small bios so that
>> > > +  * each holds at most BIO_MAX_PAGES bvecs because
>> > > +  * bio_clone() can fail to allocate big bvecs.
>> > > +  *
>> > > +  * It should have been better to apply the limit per
>> > > +  * request queue in which bio_clone() is involved,
>> > > +  * instead of globally. The biggest blocker is
>> > > +  * bio_clone() in bio bounce.
>> > > +  *
>> > > +  * If bio is splitted by this reason, we should allow
>> > > +  * to continue bios merging.
>> > > +  *
>> > > +  * TODO: deal with bio bounce's bio_clone() gracefully
>> > > +  * and convert the global limit into per-queue limit.
>> > > +  */
>> > > + if (bvecs++ >= BIO_MAX_PAGES) {
>> > > + *no_merge = false;
>> > > + goto split;
>> > > + }
>> >
>> > That being said this simple if check here is simple enough that it's
>> > probably fine.  But I see no need to uglify the whole code path
>> > with that no_merge flag.  Please drop if for now, and if we start
>> > caring for this path in common code we should just move the
>> > REQ_NOMERGE setting into the actual blk_bio_*_split helpers.
>>
>> Agreed about the no_merge thing.
>
> By removing `no_merge` this patch should cherry-peck into stable v4.3+
> without merge issues by avoiding bi_rw refactor interference, too.
>
> Ming, can you send out a V4 without `no_merge` ?

This patch is definitely correct, and I don't see dealing with 'no_merge'
should be removed.

In this case, the bio is still possible to merge with others because
it doesn't violate any limit of the queue because it just can't be held in
256 bvecs, that means it is correct to clear no_merge for this situation.

Also I don't think it is complicated or ugly to deal with the flag.

Jens, could you merge this fix?

Thanks,
Ming

>
> --
> Eric Wheeler
>
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-block" in
> the body of a message to majord...@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] staging/lustre/llite: Use memdup_user() rather than duplicating its implementation

2016-08-21 Thread SF Markus Elfring 
From: Markus Elfring 
Date: Sun, 21 Aug 2016 11:30:57 +0200

Reuse existing functionality from memdup_user() instead of keeping
duplicate source code.

This issue was detected by using the Coccinelle software.

Signed-off-by: Markus Elfring 
---
 drivers/staging/lustre/lustre/llite/dir.c | 12 +++-
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/drivers/staging/lustre/lustre/llite/dir.c 
b/drivers/staging/lustre/lustre/llite/dir.c
index 031c9e4..8b70e42 100644
--- a/drivers/staging/lustre/lustre/llite/dir.c
+++ b/drivers/staging/lustre/lustre/llite/dir.c
@@ -1676,14 +1676,9 @@ out_poll:
case LL_IOC_QUOTACTL: {
struct if_quotactl *qctl;
 
-   qctl = kzalloc(sizeof(*qctl), GFP_NOFS);
-   if (!qctl)
-   return -ENOMEM;
-
-   if (copy_from_user(qctl, (void __user *)arg, sizeof(*qctl))) {
-   rc = -EFAULT;
-   goto out_quotactl;
-   }
+   qctl = memdup_user((void __user *)arg, sizeof(*qctl));
+   if (IS_ERR(qctl))
+   return PTR_ERR(qctl);
 
rc = quotactl_ioctl(sbi, qctl);
 
@@ -1691,7 +1686,6 @@ out_poll:
sizeof(*qctl)))
rc = -EFAULT;
 
-out_quotactl:
kfree(qctl);
return rc;
}
-- 
2.9.3

Re: [PATCH 6/7] random: make /dev/urandom scalable for silly userspace programs

2016-08-21 Thread Jan Varho 
On Mon, Jun 13, 2016 at 6:48 PM, Theodore Ts'o  wrote:
> +static inline void maybe_reseed_primary_crng(void)
> +{
> +   if (crng_init > 2 &&
> +   time_after(jiffies, primary_crng.init_time + 
> CRNG_RESEED_INTERVAL))
> +   crng_reseed(&primary_crng, &input_pool);
> +}

Hi,

Is the above function (which is now in 4.8-rc2) supposed to do
something? It seems to have no callers and the maximum value of
crng_init is 2.
--
Jan Varho

Re: DAX can not work on virtual nvdimm device

2016-08-21 Thread Boaz Harrosh 
On 08/19/2016 09:30 PM, Ross Zwisler wrote:
> On Fri, Aug 19, 2016 at 07:59:29AM -0700, Dan Williams wrote:
>> On Fri, Aug 19, 2016 at 4:19 AM, Xiao Guangrong
>>  wrote:
>>>
>>> Hi Dan,
>>>
>>> Recently, Redhat reported that nvml test suite failed on QEMU/KVM,
>>> more detailed info please refer to:
>>>https://bugzilla.redhat.com/show_bug.cgi?id=1365721
>>>
>>> The reason for this bug is that the memory region created by mmap()
>>> on the dax-based file was gone so that the region can not be found
>>> in /proc/self/smaps during the runtime.
>>>
>>> This is a simple way to trigger this issue:
>>>mount -o dax /dev/pmem0 /mnt/pmem/
>>>vim /mnt/pmem/xxx
>>> then 'vim' is crashed due to segment fault.
>>>
>>> This bug can be reproduced on your tree, the top commit is
>>> 10d7902fa0e82b (dax: unmap/truncate on device shutdown), the kernel
>>> configure file is attached.
>>>
>>> Your thought or comment is highly appreciated.
>>
>> I'm going to be offline until Tuesday, but I will investigate when I'm
>> back.  In the meantime if Ross or Vishal had an opportunity to take a
>> look I wouldn't say "no" :).
> 
> I haven't been able to reproduce this vim segfault.  I'm using QEMU v2.6.0,
> and the kernel commit you mentioned, and your kernel config.
> 
> Here's my QEMU command line:
> 
> sudo ~/qemu/bin/qemu-system-x86_64 /var/lib/libvirt/images/alara.qcow2 \
> -machine pc,nvdimm -m 8G,maxmem=100G,slots=100  -object \
> memory-backend-file,id=mem1,share,mem-path=/dev/pmem0,size=8G -device \
> nvdimm,memdev=mem1,id=nv1 -smp 6 -machine pc,accel=kvm 
> 
> With this I'm able to mkfs the guest's /dev/pmem0, mount it with -o dax, and
> write a file with vim.
> 
> Can you reproduce your results with a pmem device created via a memmap kernel
> command line parameter in the guest?  You'll need to update your kernel
> config to enable CONFIG_X86_PMEM_LEGACY and CONFIG_X86_PMEM_LEGACY_DEVICE.

Last time I had crashes like this was when the memmap= or the KVM command line
memory size and settings did not match the KVM defined memory settings. Nothing
fails but the pmemX device is configured over a none existent memory. All writes
just succeed but all reads return ZEROs.

Please check that the sizes of your pmem matches the memory size of the VM as
defined in virsh edit

Boaz

Re: [PATCH] staging/lustre/llite: Use memdup_user() rather than duplicating its implementation

2016-08-21 Thread Christophe JAILLET 

Le 21/08/2016 à 11:45, SF Markus Elfring a écrit :

From: Markus Elfring 
Date: Sun, 21 Aug 2016 11:30:57 +0200

Reuse existing functionality from memdup_user() instead of keeping
duplicate source code.

This issue was detected by using the Coccinelle software.

Signed-off-by: Markus Elfring 
---
  drivers/staging/lustre/lustre/llite/dir.c | 12 +++-
  1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/drivers/staging/lustre/lustre/llite/dir.c 
b/drivers/staging/lustre/lustre/llite/dir.c
index 031c9e4..8b70e42 100644
--- a/drivers/staging/lustre/lustre/llite/dir.c
+++ b/drivers/staging/lustre/lustre/llite/dir.c
@@ -1676,14 +1676,9 @@ out_poll:
case LL_IOC_QUOTACTL: {
struct if_quotactl *qctl;
  
-		qctl = kzalloc(sizeof(*qctl), GFP_NOFS);
Same as previously reported in another patch, GFP_NOFS has not the same 
meaning than GPF_KERNEL.

So your proposed clean-up is not 100% equivalent.

Are your sure that GPF_KERNEL instead of GFP_NOFS is right in this code?

Maybe, the coccinelle check should be tweak to only spot "kzalloc(..., 
GFP_KERNEL)" allocation?



-   if (!qctl)
-   return -ENOMEM;
-
-   if (copy_from_user(qctl, (void __user *)arg, sizeof(*qctl))) {
-   rc = -EFAULT;
-   goto out_quotactl;
-   }
+   qctl = memdup_user((void __user *)arg, sizeof(*qctl));
+   if (IS_ERR(qctl))
+   return PTR_ERR(qctl);
  
  		rc = quotactl_ioctl(sbi, qctl);
  
@@ -1691,7 +1686,6 @@ out_poll:

sizeof(*qctl)))
rc = -EFAULT;
  
-out_quotactl:

kfree(qctl);
return rc;
}




---
L'absence de virus dans ce courrier électronique a été vérifiée par le logiciel 
antivirus Avast.
https://www.avast.com/antivirus

Re: [PATCH] staging/lustre/llite: Use memdup_user() rather than duplicating its implementation

2016-08-21 Thread Julia Lawall 


On Sun, 21 Aug 2016, Christophe JAILLET wrote:

> Le 21/08/2016 à 11:45, SF Markus Elfring a écrit :
> > From: Markus Elfring 
> > Date: Sun, 21 Aug 2016 11:30:57 +0200
> >
> > Reuse existing functionality from memdup_user() instead of keeping
> > duplicate source code.
> >
> > This issue was detected by using the Coccinelle software.
> >
> > Signed-off-by: Markus Elfring 
> > ---
> >   drivers/staging/lustre/lustre/llite/dir.c | 12 +++-
> >   1 file changed, 3 insertions(+), 9 deletions(-)
> >
> > diff --git a/drivers/staging/lustre/lustre/llite/dir.c
> > b/drivers/staging/lustre/lustre/llite/dir.c
> > index 031c9e4..8b70e42 100644
> > --- a/drivers/staging/lustre/lustre/llite/dir.c
> > +++ b/drivers/staging/lustre/lustre/llite/dir.c
> > @@ -1676,14 +1676,9 @@ out_poll:
> > case LL_IOC_QUOTACTL: {
> > struct if_quotactl *qctl;
> >   - qctl = kzalloc(sizeof(*qctl), GFP_NOFS);
> Same as previously reported in another patch, GFP_NOFS has not the same
> meaning than GPF_KERNEL.
> So your proposed clean-up is not 100% equivalent.
>
> Are your sure that GPF_KERNEL instead of GFP_NOFS is right in this code?
>
> Maybe, the coccinelle check should be tweak to only spot "kzalloc(...,
> GFP_KERNEL)" allocation?

To my dim recollection, GFP_NOFS is not actually allowed in a place where
copy_from_user is being used.  copy_from_user can block due to page
faults, and GFP_NOFS is used when a certain kind of blocking is not
allowed.  So if the code really needs GFP_NOFS, then something else is
wrong.

The semantic patch intentionally does not specify GFP_KERNEL for this
reason, ie so that these issues will come up and be discussed.  On the
ther hand I agree about the GFP_DMA case, since that doesn't relate to
blocking, as far as I know.  The semantic patch should be updated to not
make/propose the change in that case.

julia

>
> > -   if (!qctl)
> > -   return -ENOMEM;
> > -
> > -   if (copy_from_user(qctl, (void __user *)arg, sizeof(*qctl))) {
> > -   rc = -EFAULT;
> > -   goto out_quotactl;
> > -   }
> > +   qctl = memdup_user((void __user *)arg, sizeof(*qctl));
> > +   if (IS_ERR(qctl))
> > +   return PTR_ERR(qctl);
> > rc = quotactl_ioctl(sbi, qctl);
> >   @@ -1691,7 +1686,6 @@ out_poll:
> > sizeof(*qctl)))
> > rc = -EFAULT;
> >   -out_quotactl:
> > kfree(qctl);
> > return rc;
> > }
>
>
>
> ---
> L'absence de virus dans ce courrier électronique a été vérifiée par le
> logiciel antivirus Avast.
> https://www.avast.com/antivirus
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
> the body of a message to majord...@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

Re: [PATCH 4/8] pipe: fix limit checking in pipe_set_size()

2016-08-21 Thread Vegard Nossum 

On 08/20/2016 01:17 AM, Michael Kerrisk (man-pages) wrote:

On 08/20/2016 08:56 AM, Michael Kerrisk (man-pages) wrote:

On 08/19/2016 08:30 PM, Vegard Nossum wrote:

Is there any reason why we couldn't do the (size > pipe_max_size) check
before calling account_pipe_buffers()?


No reason that I can see. Just a little more work to be done in the
code, I think.


And, just so I make sure we're understanding each other... I assume you
mean changing the code here to something like:

[...]

if (nr_pages > pipe->buffers &&
size > pipe_max_size && !capable(CAP_SYS_RESOURCE))
return -EPERM;

user_bufs = account_pipe_buffers(pipe->user, pipe->buffers, nr_pages);

if (nr_pages > pipe->buffers &&
too_many_pipe_buffers_hard(user_bufs ||
too_many_pipe_buffers_soft(user_bufs)) &&
!capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN)) {
ret = -EPERM;
goto out_revert_acct;
}

Right?


Yup, that's what I had in mind. (The parantheses are messed up though.)


Vegard

Re: UBSAN: Undefined behaviour in linux-4.7.2/drivers/usb/core/devio.c:1713:25

2016-08-21 Thread Jiri Slaby 
Cc: proper lists.

ep->desc.bInterval seems to be 0 here.

On 08/21/2016, 12:42 PM, Vittorio Zecca wrote:
> I am not sure this is the right place so please bear with me...
> From Vittorio Zecca
> 
> After compiling kernel 4.7.2 with ubsan I got the following messages
> at boot time:
> 
> (devio.c:1713 is "as->urb->interval = 1 << min(15, ep->desc.bInterval - 1);")
> 
> [  +0.354486] 
> 
> [  +0.08] UBSAN: Undefined behaviour in
> /home/vitti/1tb/vitti/rpmbuild/SOURCES/linux-4.7.2/drivers/usb/core/devio.c:1713:25
> [  +0.04] shift exponent -1 is negative
> [  +0.05] CPU: 1 PID: 616 Comm: mtp-probe Not tainted 4.7.2sanitized #1
> [  +0.04] Hardware name: To Be Filled By O.E.M. To Be Filled By
> O.E.M./H81M-DGS R2.0, BIOS P1.30 07/02/2014
> [  +0.03]  845f1d00 6774dd2e 880382e5f758
> 818cad70
> [  +0.05]  41b58ab3 829ffc3e 818cacbe
> 880382e5f780
> [  +0.05]  880382e5f730  880382e5f800
> 845f1d00
> [  +0.04] Call Trace:
> [  +0.09]  [] dump_stack+0xb2/0x103
> [  +0.06]  [] ? _atomic_dec_and_lock+0x190/0x190
> [  +0.05]  [] ubsan_epilogue+0xd/0x4e
> [  +0.05]  []
> __ubsan_handle_shift_out_of_bounds+0x1f4/0x24c
> [  +0.05]  [] ?
> __ubsan_handle_load_invalid_value+0x153/0x153
> [  +0.07]  [] ? proc_do_submiturb+0xdde/0x21a6
> [  +0.05]  [] ? memset+0x31/0x38
> [  +0.05]  [] ? usb_alloc_urb+0xd5/0x13a
> [  +0.04]  [] ? kasan_unpoison_shadow+0x35/0x43
> [  +0.04]  [] ? kasan_unpoison_shadow+0x35/0x43
> [  +0.04]  [] ? kasan_kmalloc+0x5e/0x64
> [  +0.05]  [] ? __kmalloc+0x143/0x40f
> [  +0.05]  [] ? lockref_put_or_lock+0x8f/0x227
> [  +0.06]  [] proc_do_submiturb+0x1cf8/0x21a6
> [  +0.04]  [] ? proc_do_submiturb+0x1cf8/0x21a6
> [  +0.06]  [] ? __alloc_pages_nodemask+0x26a/0x1ebe
> [  +0.04]  [] ? cdev_put.part.0+0x46/0x46
> [  +0.05]  [] ? lockref_mark_dead+0x61/0x61
> [  +0.05]  [] ? usbdev_release+0x223/0x223
> [  +0.05]  [] ? warn_alloc_failed+0x266/0x266
> [  +0.04]  [] ? mntput+0x3b/0x5e
> [  +0.05]  [] ? terminate_walk+0xfe/0x2cb
> [  +0.05]  [] ? vfs_open+0xb7/0x14f
> [  +0.05]  [] usbdev_do_ioctl+0x1451/0x25c7
> [  +0.04]  [] ? proc_do_submiturb+0x21a6/0x21a6
> [  +0.05]  [] ? atime_needs_update+0x28f/0x36c
> [  +0.05]  [] ? new_inode+0x30/0x30
> [  +0.05]  [] ? _raw_spin_unlock_bh+0xbf/0xbf
> [  +0.06]  [] ? enqueue_hrtimer+0x91/0x1c0
> [  +0.05]  [] ? lock_hrtimer_base+0x6b/0xc9
> [  +0.05]  [] ? hrtimer_start_range_ns+0x4ab/0xba9
> [  +0.04]  [] ? hrtimer_init+0xe8/0xe8
> [  +0.05]  [] ? __hrtimer_init+0xe5/0x13f
> [  +0.05]  [] usbdev_ioctl+0xe/0x12
> [  +0.04]  [] do_vfs_ioctl+0x170/0xc6f
> [  +0.05]  [] ? do_timerfd_settime+0x483/0x7d8
> [  +0.04]  [] ? ioctl_preallocate+0x1e3/0x1e3
> [  +0.04]  [] ? timerfd_release+0x91/0x91
> [  +0.05]  [] ? SyS_timerfd_settime+0xbd/0x143
> [  +0.05]  [] ? __fget+0xde/0x1ee
> [  +0.05]  [] ? __fget_light+0xdd/0x14f
> [  +0.04]  [] SyS_ioctl+0x79/0x92
> [  +0.05]  [] entry_SYSCALL_64_fastpath+0x1a/0xa4
> [  +0.03] 
> 
> [  +0.424947] usbcore: registered new interface driver option
> [  +0.000503] usbserial: USB Serial support registered for GSM modem (1-port)
> [  +0.000363] option 3-8:1.0: GSM modem (1-port) converter detected
> [  +0.003096] usb 3-8: GSM modem (1-port) converter now attached to ttyUSB0
> [  +0.000239] option 3-8:1.2: GSM modem (1-port) converter detected
> [  +0.003003] usb 3-8: GSM modem (1-port) converter now attached to ttyUSB1
> [  +0.000198] option 3-8:1.3: GSM modem (1-port) converter detected
> [  +0.002997] usb 3-8: GSM modem (1-port) converter now attached to ttyUSB2
> [  +0.855356] iTCO_vendor_support: vendor-support=0
> [  +0.334571] iTCO_wdt: Intel TCO WatchDog Timer Driver v1.11
> [  +0.000380] iTCO_wdt: Found a Lynx Point TCO device (Version=2,
> TCOBASE=0x1860)
> [  +0.003131] iTCO_wdt: initialized. heartbeat=30 sec (nowayout=0)
> [  +0.433888] usbcore: registered new interface driver cdc_ncm
> [  +0.056852] ppdev: user-space parallel port driver
> [  +0.681019] usbcore: registered new interface driver cdc_wdm
> [  +0.746911] huawei_cdc_ncm 3-8:1.1: MAC-Address: 58:2c:80:13:92:63
> [  +0.09] huawei_cdc_ncm 3-8:1.1: setting rx_max = 16384
> [  +0.000443] huawei_cdc_ncm 3-8:1.1: setting tx_max = 16384
> [  +0.000391] huawei_cdc_ncm 3-8:1.1: NDP will be placed at end of
> frame for this device.
> [  +0.002619] huawei_cdc_ncm 3-8:1.1: cdc-wdm0: USB WDM device
> [  +0.009247] huawei_cdc_ncm 3-8:1.1 wwan0: register 'huawei_cdc_ncm'
> at usb-:00:14.0-8, Huawei CDC NCM device, 58:2c:80:13:92:63
> [  +0.000693] usbcore: registered new interface driver huawei_cdc_ncm
> [  +0.081877] hua

Re: [PATCH] staging/lustre/llite: Use memdup_user() rather than duplicating its implementation

2016-08-21 Thread Vaishali Thakkar 


On Sunday 21 August 2016 04:01 PM, Julia Lawall wrote:
> 
> 
> On Sun, 21 Aug 2016, Christophe JAILLET wrote:
> 
>> Le 21/08/2016 à 11:45, SF Markus Elfring a écrit :
>>> From: Markus Elfring 
>>> Date: Sun, 21 Aug 2016 11:30:57 +0200
>>>
>>> Reuse existing functionality from memdup_user() instead of keeping
>>> duplicate source code.
>>>
>>> This issue was detected by using the Coccinelle software.
>>>
>>> Signed-off-by: Markus Elfring 
>>> ---
>>>   drivers/staging/lustre/lustre/llite/dir.c | 12 +++-
>>>   1 file changed, 3 insertions(+), 9 deletions(-)
>>>
>>> diff --git a/drivers/staging/lustre/lustre/llite/dir.c
>>> b/drivers/staging/lustre/lustre/llite/dir.c
>>> index 031c9e4..8b70e42 100644
>>> --- a/drivers/staging/lustre/lustre/llite/dir.c
>>> +++ b/drivers/staging/lustre/lustre/llite/dir.c
>>> @@ -1676,14 +1676,9 @@ out_poll:
>>> case LL_IOC_QUOTACTL: {
>>> struct if_quotactl *qctl;
>>>   - qctl = kzalloc(sizeof(*qctl), GFP_NOFS);
>> Same as previously reported in another patch, GFP_NOFS has not the same
>> meaning than GPF_KERNEL.
>> So your proposed clean-up is not 100% equivalent.
>>
>> Are your sure that GPF_KERNEL instead of GFP_NOFS is right in this code?
>>
>> Maybe, the coccinelle check should be tweak to only spot "kzalloc(...,
>> GFP_KERNEL)" allocation?
> 
> To my dim recollection, GFP_NOFS is not actually allowed in a place where
> copy_from_user is being used.  copy_from_user can block due to page
> faults, and GFP_NOFS is used when a certain kind of blocking is not
> allowed.  So if the code really needs GFP_NOFS, then something else is
> wrong.
> 
> The semantic patch intentionally does not specify GFP_KERNEL for this
> reason, ie so that these issues will come up and be discussed.  On the
> ther hand I agree about the GFP_DMA case, since that doesn't relate to
> blocking, as far as I know.  The semantic patch should be updated to not
> make/propose the change in that case.

I think semantic patch should be updated for all possible flags except
GFP_NOFS and GFP_ATOMIC. Because only using these 2 flags with
copy_from_user can cause blocking.

> julia
> 
>>
>>> -   if (!qctl)
>>> -   return -ENOMEM;
>>> -
>>> -   if (copy_from_user(qctl, (void __user *)arg, sizeof(*qctl))) {
>>> -   rc = -EFAULT;
>>> -   goto out_quotactl;
>>> -   }
>>> +   qctl = memdup_user((void __user *)arg, sizeof(*qctl));
>>> +   if (IS_ERR(qctl))
>>> +   return PTR_ERR(qctl);
>>> rc = quotactl_ioctl(sbi, qctl);
>>>   @@ -1691,7 +1686,6 @@ out_poll:
>>> sizeof(*qctl)))
>>> rc = -EFAULT;
>>>   -out_quotactl:
>>> kfree(qctl);
>>> return rc;
>>> }
>>
>>
>>
>> ---
>> L'absence de virus dans ce courrier électronique a été vérifiée par le
>> logiciel antivirus Avast.
>> https://www.avast.com/antivirus
>>
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
>> the body of a message to majord...@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>
> 

-- 
Vaishali

Re: [PATCH] staging/lustre/llite: Use memdup_user() rather than duplicating its implementation

2016-08-21 Thread Julia Lawall 


On Sun, 21 Aug 2016, Vaishali Thakkar wrote:

>
>
> On Sunday 21 August 2016 04:01 PM, Julia Lawall wrote:
> >
> >
> > On Sun, 21 Aug 2016, Christophe JAILLET wrote:
> >
> >> Le 21/08/2016 à 11:45, SF Markus Elfring a écrit :
> >>> From: Markus Elfring 
> >>> Date: Sun, 21 Aug 2016 11:30:57 +0200
> >>>
> >>> Reuse existing functionality from memdup_user() instead of keeping
> >>> duplicate source code.
> >>>
> >>> This issue was detected by using the Coccinelle software.
> >>>
> >>> Signed-off-by: Markus Elfring 
> >>> ---
> >>>   drivers/staging/lustre/lustre/llite/dir.c | 12 +++-
> >>>   1 file changed, 3 insertions(+), 9 deletions(-)
> >>>
> >>> diff --git a/drivers/staging/lustre/lustre/llite/dir.c
> >>> b/drivers/staging/lustre/lustre/llite/dir.c
> >>> index 031c9e4..8b70e42 100644
> >>> --- a/drivers/staging/lustre/lustre/llite/dir.c
> >>> +++ b/drivers/staging/lustre/lustre/llite/dir.c
> >>> @@ -1676,14 +1676,9 @@ out_poll:
> >>>   case LL_IOC_QUOTACTL: {
> >>>   struct if_quotactl *qctl;
> >>>   -   qctl = kzalloc(sizeof(*qctl), GFP_NOFS);
> >> Same as previously reported in another patch, GFP_NOFS has not the same
> >> meaning than GPF_KERNEL.
> >> So your proposed clean-up is not 100% equivalent.
> >>
> >> Are your sure that GPF_KERNEL instead of GFP_NOFS is right in this code?
> >>
> >> Maybe, the coccinelle check should be tweak to only spot "kzalloc(...,
> >> GFP_KERNEL)" allocation?
> >
> > To my dim recollection, GFP_NOFS is not actually allowed in a place where
> > copy_from_user is being used.  copy_from_user can block due to page
> > faults, and GFP_NOFS is used when a certain kind of blocking is not
> > allowed.  So if the code really needs GFP_NOFS, then something else is
> > wrong.
> >
> > The semantic patch intentionally does not specify GFP_KERNEL for this
> > reason, ie so that these issues will come up and be discussed.  On the
> > ther hand I agree about the GFP_DMA case, since that doesn't relate to
> > blocking, as far as I know.  The semantic patch should be updated to not
> > make/propose the change in that case.
>
> I think semantic patch should be updated for all possible flags except
> GFP_NOFS and GFP_ATOMIC. Because only using these 2 flags with
> copy_from_user can cause blocking.

They don't cause blocking, but rather prevent it.

But people could use variables as well.  Since other things are rare, it
seems like it could be better to only block reports on what is known to
be safe, and not to block reports on unknown things.  A warning could be
given in some cases.

julia

>
> > julia
> >
> >>
> >>> - if (!qctl)
> >>> - return -ENOMEM;
> >>> -
> >>> - if (copy_from_user(qctl, (void __user *)arg, sizeof(*qctl))) {
> >>> - rc = -EFAULT;
> >>> - goto out_quotactl;
> >>> - }
> >>> + qctl = memdup_user((void __user *)arg, sizeof(*qctl));
> >>> + if (IS_ERR(qctl))
> >>> + return PTR_ERR(qctl);
> >>>   rc = quotactl_ioctl(sbi, qctl);
> >>>   @@ -1691,7 +1686,6 @@ out_poll:
> >>>   sizeof(*qctl)))
> >>>   rc = -EFAULT;
> >>>   -out_quotactl:
> >>>   kfree(qctl);
> >>>   return rc;
> >>>   }
> >>
> >>
> >>
> >> ---
> >> L'absence de virus dans ce courrier électronique a été vérifiée par le
> >> logiciel antivirus Avast.
> >> https://www.avast.com/antivirus
> >>
> >>
> >> --
> >> To unsubscribe from this list: send the line "unsubscribe kernel-janitors" 
> >> in
> >> the body of a message to majord...@vger.kernel.org
> >> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> >>
> >
>
> --
> Vaishali
>

Re: [PATCH 4/4] ARM: dts: rockchip: Point rk3288 dwc2 usb at the full PHY reset

2016-08-21 Thread Sergei Shtylyov 

Hello.

On 8/21/2016 10:56 AM, Randy Li wrote:


The "host1" port (AKA the dwc2 port that isn't the OTG port) on rk3288
has a hardware errata that causes everything to get confused when we get
a remote wakeup.  We'll use the reset that's in the CRU to reset the
port when it's in a bad state.

Note that we add the reset to both dwc2 controllers even though only one
has the errata in case we find some other use for this reset that's
unrelated to the current hardware errata.  Only the host port gets the
quirk property, though.

This patch came from Doug Anderson  originally.


   Was it signed off by him? Don't you need to keep his authorship via th 
"From:" tag?



Signed-off-by: Randy Li 
---
 arch/arm/boot/dts/rk3288.dtsi | 5 +
 1 file changed, 5 insertions(+)

diff --git a/arch/arm/boot/dts/rk3288.dtsi b/arch/arm/boot/dts/rk3288.dtsi
index 48ca4e4..646f49d 100644
--- a/arch/arm/boot/dts/rk3288.dtsi
+++ b/arch/arm/boot/dts/rk3288.dtsi

[...]

@@ -871,6 +873,9 @@
clocks = <&cru SCLK_OTGPHY2>;
clock-names = "phyclk";
#clock-cells = <0>;
+   resets = <&cru SRST_USBHOST1_PHY>;
+   reset-names = "phy-reset";
+


   Don't need empty line here.


};
};
};


MBR , Sergei

Re: [PATCH v2] iio: fix sched WARNING "do not call blocking ops when !TASK_RUNNING"

2016-08-21 Thread Jonathan Cameron 
On 16/08/16 16:27, Lars-Peter Clausen wrote:
> On 08/15/2016 05:54 PM, Jonathan Cameron wrote:
>> On 09/08/16 01:19, Brian Norris wrote:
>>> When using CONFIG_DEBUG_ATOMIC_SLEEP, the scheduler nicely points out
>>> that we're calling sleeping primitives within the wait_event loop, which
>>> means we might clobber the task state:
>>>
>>> [   10.831289] do not call blocking ops when !TASK_RUNNING; state=1 set at 
>>> []
>>> [   10.845531] [ cut here ]
>>> [   10.850161] WARNING: at kernel/sched/core.c:7630
>>> ...
>>> [   12.164333] ---[ end trace 45409966a9a76438 ]---
>>> [   12.168942] Call trace:
>>> [   12.171391] [] __might_sleep+0x64/0x90
>>> [   12.176699] [] mutex_lock_nested+0x50/0x3fc
>>> [   12.182440] [] iio_kfifo_buf_data_available+0x28/0x4c
>>> [   12.189043] [] iio_buffer_ready+0x60/0xe0
>>> [   12.194608] [] 
>>> iio_buffer_read_first_n_outer+0x108/0x1a8
>>> [   12.201474] [] __vfs_read+0x58/0x114
>>> [   12.206606] [] vfs_read+0x94/0x118
>>> [   12.211564] [] SyS_read+0x64/0xb4
>>> [   12.216436] [] el0_svc_naked+0x24/0x28
>>>
>>> To avoid this, we should (a la https://lwn.net/Articles/628628/) use the
>>> wait_woken() function, which avoids the nested sleeping while still
>>> handling races between waiting / wake-events.
>>>
>>> Signed-off-by: Brian Norris 
>> Looks good to me, but given Lars' involvement in the discussion I'd
>> like his review before applying this.
> 
> Looks good. Thanks Brian for fixing this.
> 
> Reviewed-by: Lars-Peter Clausen 
I've applied to this to the fixes-togreg branch of iio.git

For now I haven't marked it for stable, purely because I'm not sure
when the first 'problem' usage was introduced.  I'm happy to explicitly
send a request for stable inclusion if anyone wants to track down
which stable trees this is applicable to.

I've very low on time today (holiday catch up) so won't get to
dig into it myself for a at least a few weeks.

Jonathan
> --
> To unsubscribe from this list: send the line "unsubscribe linux-iio" in
> the body of a message to majord...@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

Re: Context switch latency in tickless isolated CPU

2016-08-21 Thread GeHao Kang 
On Fri, Aug 19, 2016 at 8:34 PM, Peter Zijlstra  wrote:

> Why are you wanting to use nohz_full if you do syscalls?

We hope to reduce the overhead of the tick while the real time
applications run,
and these applications might do some syscalls to operate the I/O devices like
EtherCAT.

Re: [PATCH 6/7] random: make /dev/urandom scalable for silly userspace programs

2016-08-21 Thread Theodore Ts'o 
On Sun, Aug 21, 2016 at 12:53:15PM +0300, Jan Varho wrote:
> On Mon, Jun 13, 2016 at 6:48 PM, Theodore Ts'o  wrote:
> > +static inline void maybe_reseed_primary_crng(void)
> > +{
> > +   if (crng_init > 2 &&
> > +   time_after(jiffies, primary_crng.init_time + 
> > CRNG_RESEED_INTERVAL))
> > +   crng_reseed(&primary_crng, &input_pool);
> > +}
> 
> Is the above function (which is now in 4.8-rc2) supposed to do
> something? It seems to have no callers and the maximum value of
> crng_init is 2.

It's dead code.  Its function got moved into _extra_crng(), and you're
right, these days crng_init never gets above 2.  Thanks for pointing
that out.  I'll take it out as a cleanup patch.

 - Ted

Re: [PATCH 3.14 17/29] sysv, ipc: fix security-layer leaking

2016-08-21 Thread Willy Tarreau 
Hi guys,

On Sun, Aug 14, 2016 at 10:07:45PM +0200, Greg Kroah-Hartman wrote:
> 3.14-stable review patch.  If anyone has any objections, please let me know.
> 
> --
> 
> From: Fabian Frederick 
> 
> commit 9b24fef9f0410fb5364245d6cc2bd044cc064007 upstream.
> 
> Commit 53dad6d3a8e5 ("ipc: fix race with LSMs") updated ipc_rcu_putref()
> to receive rcu freeing function but used generic ipc_rcu_free() instead
> of msg_rcu_free() which does security cleaning.
> 
> Running LTP msgsnd06 with kmemleak gives the following:
> 
>   cat /sys/kernel/debug/kmemleak
> 
>   unreferenced object 0x88003c0a11f8 (size 8):
> comm "msgsnd06", pid 1645, jiffies 4294672526 (age 6.549s)
> hex dump (first 8 bytes):
>   1b 00 00 00 01 00 00 00  
> backtrace:
>   kmemleak_alloc+0x23/0x40
>   kmem_cache_alloc_trace+0xe1/0x180
>   selinux_msg_queue_alloc_security+0x3f/0xd0
>   security_msg_queue_alloc+0x2e/0x40
>   newque+0x4e/0x150
>   ipcget+0x159/0x1b0
>   SyS_msgget+0x39/0x40
>   entry_SYSCALL_64_fastpath+0x13/0x8f
> 
> Manfred Spraul suggested to fix sem.c as well and Davidlohr Bueso to
> only use ipc_rcu_free in case of security allocation failure in newary()
> 
> Fixes: 53dad6d3a8e ("ipc: fix race with LSMs")
> Link: 
> http://lkml.kernel.org/r/1470083552-22966-1-git-send-email-f...@skynet.be
> Signed-off-by: Fabian Frederick 
> Cc: Davidlohr Bueso 
> Cc: Manfred Spraul 
> Signed-off-by: Andrew Morton 
> Signed-off-by: Linus Torvalds 
> Signed-off-by: Greg Kroah-Hartman 

The patch above was tagged for stable v3.12+, however it references a fix
that was backported in 3.10.16 as commit e84ca333, so I'm unsure whether
3.10 is affected or not. It *seems* to me that I should replace remaining
instances of ipc_rcu_free with sem_rcu_free in sem.c, and with msg_rcu_free
in msg.c, but I'd prefer a confirmation. For now I'm postponing this fix,
any hint would be much appreciated.

Thanks,
Willy

9p2000.L stat/unlink race (WARNING: fs/inode.c:280 drop_nlink)

2016-08-21 Thread Vegard Nossum 

Hi,

I've been seeing this:

[ cut here ]
WARNING: CPU: 0 PID: 2377 at fs/inode.c:280 drop_nlink+0xc2/0x120
Kernel panic - not syncing: panic_on_warn set ...

CPU: 0 PID: 2377 Comm: syz-executor Not tainted 4.8.0-rc2+ #145
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org 04/01/2014

  880116437b50 81f9f201 83e72d60
 880116437c28 83ef6100 847070c0 880116437c18
 8150538a 41b58ab3 844dc5dd 815051a7
Call Trace:
 [] dump_stack+0x83/0xb2
 [] panic+0x1e3/0x3a1
 [] ? set_ti_thread_flag+0x1e/0x1e
 [] ? rt_mutex_top_waiter.part.10+0x6/0x6
 [] ? p9_idpool_put+0x36/0x40
 [] ? drop_nlink+0xc2/0x120
 [] __warn+0x1bf/0x1e0
 [] warn_slowpath_null+0x2c/0x40
 [] drop_nlink+0xc2/0x120
 [] v9fs_remove+0x256/0x2d0
 [] v9fs_vfs_unlink+0x1f/0x30
 [] vfs_unlink+0x2b0/0x490
 [] do_unlinkat+0x530/0x660
 [] ? vfs_unlink+0x490/0x490
 [] ? syscall_trace_enter+0x3cf/0xdb0
 [] ? __context_tracking_exit.part.4+0x9a/0x1e0
 [] ? exit_to_usermode_loop+0x190/0x190
 [] ? check_preemption_disabled+0x37/0x1e0
 [] ? __this_cpu_preempt_check+0x1c/0x20
 [] ? SyS_unlinkat+0x80/0x80
 [] SyS_unlink+0x1a/0x20
 [] do_syscall_64+0x1c4/0x4e0
 [] entry_SYSCALL64_slow_path+0x25/0x25

It seems to happen when fstat() calls into v9fs_vfs_getattr_dotl() and
that does a v9fs_stat2inode_dotl() which changes inode->i_nlink from 1
to 0 (without any locking). The unlink() which was already in progress
then sees 0 when it does drop_nlink().

My mount flags are:

  trans=virtio,version=9p2000.L

If I add "cache=loose" then there is no warning (as expected, since
v9fs_vfs_getattr_dotl() bails out early in that case and doesn't change
the in-memory inode).


Vegard

Re: [PATCH 6/6] Add dockerfile

2016-08-21 Thread Dmitry Monakhov 
Theodore Ts'o  writes:

> On Sat, Aug 20, 2016 at 02:31:26PM +0300, Dmitry Monakhov wrote:
>> > I'm not sure I see the advantage of doing this in a container, I
>> > guess.  I just do in my standard laptop environment today.
>> I can not because I laptop from famous thinkpad t430 series with
>> flaky SSD which starts to return EIO after intensive load.
>> https://forums.lenovo.com/t5/ThinkPad-T400-T500-and-newer-T/T430s-Intel-SSD-520-180GB-issue/td-p/888083
>
> Hmm, I never buy a Lenovo SSD; they're overpriced.  So I always get my
> Thinkpads with a 500mb HDD, and then replace it with a Samsumg 840/850
> EVO/PRO SSD.
>
>> Also. What about RH/SUSE/Fedora or even Gentoo people? They are exit :)
>> And if we give them just chance to try debian w/o complexities
>> maybe they will become debian adepts.
>
> You only need Debain to build the image.  If you are just using the
> pre-built root_fs.img, you can just download it and go.
>
> Speaking of which, that's one thing which I don't understand about
> your Dockerfile.  In the build step you just download the prebuilt
> root_fs.img from kernel.org.  There are comments in your Dockerfile which say:
>
> # Fetch and build xfstests-bld
> # In order to build root_image from scratch privileged operation are required,
> # so it is impossible during build stage.
> # One can make it like this:
> # docker run -i -t --privileged --rm dmonakhov/xfstests-bld "cd 
> kvm-xfstests/test-appliance && ./gen-image"
> # During build stage we simply fetch image precreated by tytso@
>
> ... but while this will create a new root_fs.img file, as soon as
> you're you're done the container will exit, and then the root_fs.img
> file will be blown away, right?
Yes. This is my typo. Generated image should be saved somewhere
before container stopped. So command should be
docker run -i -t --privileged -v ~/my-data:/shared --rm dmonakhov/xfstests-bld \
"cd kvm-xfstests/test-appliance \
&& ./gen-image \
&& cp root_fs.img /shared/"
Probably it should be moved to dedicated script, see later.
>
> The other thing I'll note here is that the Dockerfile is serving two
> use cases.  One is to user Docker to do automated build testing.  The
> other is for people who want to run multiple instances of kvm-xfstests
> using the container services.
>
> For the second, we don't really want to include all of the build
> artifacts and build and source trees in Docker image that the users
> will have to pull down over the network.  And using kvm-xfstests
> --update-xfstests means a lot of extra wasted I/O, since we're
> packaging up the tar file, then copying it into file, and then
> unpacking it inside the guest VM, etc.
>
> So for the second case, you'd really want to create a Docker image
> which had the minimum packages needed to actually *run* the tests,
> with the pre-installed root_fs image.
Yes. That is reasonable idea. Actually I already have it in my queue.
Probably it it reasonable to create dedicated directory ./docker
and place all docker related crap there:
# build scripts
docker/Dockerfile.build-env
docker/Dockerfile.run-env
# And some run scripts
# Build all environment from scratch
docker/docker-build.sh
# Move config, kernel, root_fs.img inside container and run 
{gce,kvm}-xfstests.sh
docker/docker-kvm-xfstests.sh 
docker/docker-gce-xfstests.sh
> For the first case, all you need to do is to have the Dockerfile
> create the xfstests.tar.gz file.  I suppose this could be used as a
> poor man's build engine if you don't want to run the build on your
> local machine.  What I do is my top-level config.custom has:
>
> BUILD_ENV="schroot -c jessie64 --"
> SUDO_ENV="schroot -c jessie64 -u root --"
>
> That's my pristine build chroot, and so when I run ./do-all, what gets
> executed is:
>
> schroot -c jessie64 -- make clean
> schroot -c jessie64 -- make
> schroot -c jessie64 -- make tarball
> cd kvm-xfstests/test-appliance
> schroot -c jessie64 -u root -- ./gen-image
>
> I'm pretty sure this is going to be faster than waiting for Docker to
> build the image, and then for me to download the image and extract the
> xfststs.tar.gz file.  (But then again, I have a fully working laptop
> with functional SSD's not sourced by Lenovo :-).
Definitely. But in your case we still need jessie64's chroot.
It should be prepared somehow. My point is that if we give an automated build
script this may help people to start with xfstests with less pain.
In my experience time spend on investigation of installation process
always longer than time to download precreated VM/container :)
Let's call this approach "Lazy developers are welcome"
>   - Ted


signature.asc
Description: PGP signature

Re: [tip:perf/core] perf/core: Check return value of the perf_event_read() IPI

2016-08-21 Thread Vegard Nossum 
On 18 August 2016 at 12:52, tip-bot for David Carrillo-Cisneros
 wrote:
> Commit-ID:  71e7bc2bab77e64882c031c2af943c3256c1adb0
> Gitweb: http://git.kernel.org/tip/71e7bc2bab77e64882c031c2af943c3256c1adb0
> Author: David Carrillo-Cisneros 
> AuthorDate: Wed, 17 Aug 2016 13:55:04 -0700
> Committer:  Ingo Molnar 
> CommitDate: Thu, 18 Aug 2016 10:35:52 +0200
>
> perf/core: Check return value of the perf_event_read() IPI
>
> The call to smp_call_function_single in perf_event_read() may fail if
> an invalid or not online CPU index is passed. Warn user if such bug is
> present and return error.
>
> Signed-off-by: David Carrillo-Cisneros 
> Signed-off-by: Peter Zijlstra (Intel) 
> Cc: Alexander Shishkin 
> Cc: Arnaldo Carvalho de Melo 
> Cc: Jiri Olsa 
> Cc: Kan Liang 
> Cc: Linus Torvalds 
> Cc: Paul Turner 
> Cc: Peter Zijlstra 
> Cc: Stephane Eranian 
> Cc: Thomas Gleixner 
> Cc: Vegard Nossum 
> Cc: Vince Weaver 
> Link: 
> http://lkml.kernel.org/r/1471467307-61171-2-git-send-email-davi...@google.com
> Signed-off-by: Ingo Molnar 
> ---
>  kernel/events/core.c | 7 ---
>  1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/kernel/events/core.c b/kernel/events/core.c
> index a5fc5c8..5650f53 100644
> --- a/kernel/events/core.c
> +++ b/kernel/events/core.c
> @@ -3549,9 +3549,10 @@ static int perf_event_read(struct perf_event *event, 
> bool group)
> .group = group,
> .ret = 0,
> };
> -   smp_call_function_single(event->oncpu,
> -__perf_event_read, &data, 1);
> -   ret = data.ret;
> +   ret = smp_call_function_single(event->oncpu, 
> __perf_event_read, &data, 1);
> +   /* The event must have been read from an online CPU: */
> +   WARN_ON_ONCE(ret);
> +   ret = ret ? : data.ret;
> } else if (event->state == PERF_EVENT_STATE_INACTIVE) {
> struct perf_event_context *ctx = event->ctx;
> unsigned long flags;

Hi,

I'm running into this new warning now:

[ cut here ]
WARNING: CPU: 0 PID: 23442 at kernel/events/core.c:3554
perf_event_read+0x472/0x590
Kernel panic - not syncing: panic_on_warn set ...

CPU: 0 PID: 23442 Comm: syz-executor Not tainted 4.8.0-rc2+ #145
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org 04/01/2014
 88010d1bf808 81f9f201 83e72d60
88010d1bf8e0 83ecbd00 847070c0 88010d1bf8d0
8150538a 41b58ab3 844dc5dd 815051a7
Call Trace:
[] dump_stack+0x83/0xb2
[] panic+0x1e3/0x3a1
[] ? set_ti_thread_flag+0x1e/0x1e
[] ? rt_mutex_top_waiter.part.10+0x6/0x6
[] ? generic_exec_single+0xf0/0x2d0
[] ? perf_event_read+0x472/0x590
[] __warn+0x1bf/0x1e0
[] warn_slowpath_null+0x2c/0x40
[] perf_event_read+0x472/0x590
[] ? perf_event_set_addr_filter+0xad0/0xad0
[] ? perf_event_ctx_lock_nested+0xdd/0x1e0
[] perf_event_read_value+0x84/0x520
[] ? perf_event_ctx_lock_nested+0x19c/0x1e0
[] ? perf_event_ctx_lock_nested+0x3b/0x1e0
[] perf_read+0x443/0x8d0
[] ? perf_event_read_value+0x520/0x520
[] ? common_file_perm+0x2e2/0x380
[] do_loop_readv_writev+0x152/0x200
[] ? security_file_permission+0x86/0x1e0
[] ? perf_event_read_value+0x520/0x520
[] ? perf_event_read_value+0x520/0x520
[] do_readv_writev+0x614/0x700
[] ? rw_verify_area+0x2b0/0x2b0
[] ? put_ctx+0x22/0x100
[] ? __fget+0x1c1/0x270
[] ? __fget+0x47/0x270
[] vfs_readv+0x8b/0xc0
[] do_readv+0xde/0x230
[] ? vfs_readv+0xc0/0xc0
[] ? exit_to_usermode_loop+0x190/0x190
[] ? check_preemption_disabled+0x37/0x1e0
[] SyS_readv+0x27/0x30
[] ? do_pwritev+0x1a0/0x1a0
[] do_syscall_64+0x1c4/0x4e0
[] entry_SYSCALL64_slow_path+0x25/0x25

I don't think WARN() is the right interface for signalling errors to
userspace programs?


Vegard

Re: [PATCH] staging/lustre/llite: Use memdup_user() rather than duplicating its implementation

2016-08-21 Thread Vaishali Thakkar 


On Sunday 21 August 2016 04:31 PM, Julia Lawall wrote:
> 
> 
> On Sun, 21 Aug 2016, Vaishali Thakkar wrote:
> 
>>
>>
>> On Sunday 21 August 2016 04:01 PM, Julia Lawall wrote:
>>>
>>>
>>> On Sun, 21 Aug 2016, Christophe JAILLET wrote:
>>>
 Le 21/08/2016 à 11:45, SF Markus Elfring a écrit :
> From: Markus Elfring 
> Date: Sun, 21 Aug 2016 11:30:57 +0200
>
> Reuse existing functionality from memdup_user() instead of keeping
> duplicate source code.
>
> This issue was detected by using the Coccinelle software.
>
> Signed-off-by: Markus Elfring 
> ---
>   drivers/staging/lustre/lustre/llite/dir.c | 12 +++-
>   1 file changed, 3 insertions(+), 9 deletions(-)
>
> diff --git a/drivers/staging/lustre/lustre/llite/dir.c
> b/drivers/staging/lustre/lustre/llite/dir.c
> index 031c9e4..8b70e42 100644
> --- a/drivers/staging/lustre/lustre/llite/dir.c
> +++ b/drivers/staging/lustre/lustre/llite/dir.c
> @@ -1676,14 +1676,9 @@ out_poll:
>   case LL_IOC_QUOTACTL: {
>   struct if_quotactl *qctl;
>   -   qctl = kzalloc(sizeof(*qctl), GFP_NOFS);
 Same as previously reported in another patch, GFP_NOFS has not the same
 meaning than GPF_KERNEL.
 So your proposed clean-up is not 100% equivalent.

 Are your sure that GPF_KERNEL instead of GFP_NOFS is right in this code?

 Maybe, the coccinelle check should be tweak to only spot "kzalloc(...,
 GFP_KERNEL)" allocation?
>>>
>>> To my dim recollection, GFP_NOFS is not actually allowed in a place where
>>> copy_from_user is being used.  copy_from_user can block due to page
>>> faults, and GFP_NOFS is used when a certain kind of blocking is not
>>> allowed.  So if the code really needs GFP_NOFS, then something else is
>>> wrong.
>>>
>>> The semantic patch intentionally does not specify GFP_KERNEL for this
>>> reason, ie so that these issues will come up and be discussed.  On the
>>> ther hand I agree about the GFP_DMA case, since that doesn't relate to
>>> blocking, as far as I know.  The semantic patch should be updated to not
>>> make/propose the change in that case.
>>
>> I think semantic patch should be updated for all possible flags except
>> GFP_NOFS and GFP_ATOMIC. Because only using these 2 flags with
>> copy_from_user can cause blocking.
> 
> They don't cause blocking, but rather prevent it.

Yes, sorry. I meant blocking functions which may sleep in between.

> But people could use variables as well.  Since other things are rare, it
> seems like it could be better to only block reports on what is known to
> be safe, and not to block reports on unknown things.  A warning could be
> given in some cases.

Sounds reasonable. Warning will work I guess.

> julia
> 
>>
>>> julia
>>>

> - if (!qctl)
> - return -ENOMEM;
> -
> - if (copy_from_user(qctl, (void __user *)arg, sizeof(*qctl))) {
> - rc = -EFAULT;
> - goto out_quotactl;
> - }
> + qctl = memdup_user((void __user *)arg, sizeof(*qctl));
> + if (IS_ERR(qctl))
> + return PTR_ERR(qctl);
>   rc = quotactl_ioctl(sbi, qctl);
>   @@ -1691,7 +1686,6 @@ out_poll:
>   sizeof(*qctl)))
>   rc = -EFAULT;
>   -out_quotactl:
>   kfree(qctl);
>   return rc;
>   }



 ---
 L'absence de virus dans ce courrier électronique a été vérifiée par le
 logiciel antivirus Avast.
 https://www.avast.com/antivirus


 --
 To unsubscribe from this list: send the line "unsubscribe kernel-janitors" 
 in
 the body of a message to majord...@vger.kernel.org
 More majordomo info at  http://vger.kernel.org/majordomo-info.html

>>>
>>
>> --
>> Vaishali
>>
> 

-- 
Vaishali

Re: Memory (skb) leak in kernel 4.8-rc2

2016-08-21 Thread Frederic Dalleau 

Hi Marcel, Johan,


I am unable to unload module bluetooth to verify that the second
leak is not a false positive; however, the one in btusb is a real
memory leak.


There was a bugzilla last week with that backtrace: 
https://bugzilla.kernel.org/show_bug.cgi?id=120691


At the time, I was thinking that the leak could originate from one of 
the req_complete_skb callback, but which one?


And today that the issue has popped again, I found that 
hci_req_sync_complete references the skb in hdev->req_skb. It is called 
(via hci_req_run_skb) from either __hci_cmd_sync_ev which will pass the 
skb to the caller, or __hci_req_sync which leaks.


I have a patch on the grill.

Best Regards,
Frédéric

Re: [PATCH 4/4] ARM: dts: rockchip: Point rk3288 dwc2 usb at the full PHY reset

2016-08-21 Thread ayaka 



On 08/21/2016 07:06 PM, Sergei Shtylyov wrote:

Hello.

On 8/21/2016 10:56 AM, Randy Li wrote:


The "host1" port (AKA the dwc2 port that isn't the OTG port) on rk3288
has a hardware errata that causes everything to get confused when we get
a remote wakeup.  We'll use the reset that's in the CRU to reset the
port when it's in a bad state.

Note that we add the reset to both dwc2 controllers even though only one
has the errata in case we find some other use for this reset that's
unrelated to the current hardware errata.  Only the host port gets the
quirk property, though.

This patch came from Doug Anderson  originally.


   Was it signed off by him? Don't you need to keep his authorship via 
th "From:" tag?
I would rather the idea comes from him, but the implementation is 
different. I don't which tag would be
better? If the "From:" would be the best choice. I would resend the last 
two patches.

Signed-off-by: Randy Li 
---
 arch/arm/boot/dts/rk3288.dtsi | 5 +
 1 file changed, 5 insertions(+)

diff --git a/arch/arm/boot/dts/rk3288.dtsi 
b/arch/arm/boot/dts/rk3288.dtsi

index 48ca4e4..646f49d 100644
--- a/arch/arm/boot/dts/rk3288.dtsi
+++ b/arch/arm/boot/dts/rk3288.dtsi

[...]

@@ -871,6 +873,9 @@
 clocks = <&cru SCLK_OTGPHY2>;
 clock-names = "phyclk";
 #clock-cells = <0>;
+resets = <&cru SRST_USBHOST1_PHY>;
+reset-names = "phy-reset";
+


   Don't need empty line here.

I would be removed



 };
 };
 };


MBR , Sergei

Re: [PATCH v2] iio: fix sched WARNING "do not call blocking ops when !TASK_RUNNING"

2016-08-21 Thread Lars-Peter Clausen 
On 08/21/2016 01:21 PM, Jonathan Cameron wrote:
[...]
> I've applied to this to the fixes-togreg branch of iio.git
> 
> For now I haven't marked it for stable, purely because I'm not sure
> when the first 'problem' usage was introduced.  I'm happy to explicitly
> send a request for stable inclusion if anyone wants to track down
> which stable trees this is applicable to.
> 
> I've very low on time today (holiday catch up) so won't get to
> dig into it myself for a at least a few weeks.

The issue has been around for a bit longer, but the wait_woken()
infrastructure has only available since v3.19.

[Regression?] Commit cb4f71c429 deliberately changes order of network interfaces

2016-08-21 Thread Ralph Sennhauser 
Dear List, Thomas, Gregory

Commit cb4f71c4298853db0c6751b1209e4535956f136c changes the order of
the network interfaces for armada-38x. As a special exception to the
"order by register address" rule says the comment in the dtsi. The
commit messages even calls it a violation.

I can't remember having owned a device were the internal and external
numbering actually matched, so the important bit for me is whatever the
order is it should remain constant.

Distributions like OpenWrt have to fix their code when moving from 4.4
currently to past 4.6 [1]. Worse the so called "wrong ordering" is
actually documented [2]. There are likely more victims out there. In
case it goes unnoticed by the distribution the users lan becomes wan
and vice versa.

It's unfortunate that this commit is already in stable 4.6 and 4.7.

What is your take on this? Should the commit be reverted?

Regards
Ralph

[1]
https://github.com/openwrt/openwrt/blob/master/target/linux/mvebu/base-files/etc/board.d/02_network
[2] https://wiki.openwrt.org/toh/linksys/wrt1x00ac_series#switch_layout

Re: [PATCH v2] thermal: imx: depend on imx SoC arch

2016-08-21 Thread Zhang Rui 
On 六, 2016-08-20 at 08:43 +0800, Shawn Guo wrote:
> On Wed, May 25, 2016 at 9:45 PM, Peter Robinson  > wrote:
> > 
> > Not much use unless the SoC is selected so depend on the ARCH_MXC
> > and COMPILE_TEST like all the other thermal drivers.
> > 
> > v2: drop extraneous OF
> > 
> > Signed-off-by: Peter Robinson 
> Acked-by: Shawn Guo 

patch applied.

thanks,
rui

[PATCH] HID: roccat: Remove use of the "exist" field

2016-08-21 Thread Silvan Jegen 
The "exist" field is only checked when "roccat_open" has already been
called or when we have made sure that the corresponding roccat_device is
not NULL. Since the value of the "open" field has been increased by the
"roccat_open" call, instead of checking "exist" we can just check if
"open" is equal to zero to the same effect and remove the "exist" field
as well as the code that touches it.


Signed-off-by: Silvan Jegen 

---
I have tested this patch with the only Roccat hardware I own, a Roccat
Kone Pure. Testing the patch with several pieces of Roccat hardware
connected at the same time would be desirable.

 
 drivers/hid/hid-roccat.c | 20 +++-
 1 file changed, 7 insertions(+), 13 deletions(-)

diff --git a/drivers/hid/hid-roccat.c b/drivers/hid/hid-roccat.c
index 76d06cf..7552a1e 100644
--- a/drivers/hid/hid-roccat.c
+++ b/drivers/hid/hid-roccat.c
@@ -43,7 +43,6 @@ struct roccat_device {
unsigned int minor;
int report_size;
int open;
-   int exist;
wait_queue_head_t wait;
struct device *dev;
struct hid_device *hid;
@@ -99,7 +98,7 @@ static ssize_t roccat_read(struct file *file, char __user 
*buffer,
retval = -ERESTARTSYS;
break;
}
-   if (!device->exist) {
+   if (device->open == 0) {
retval = -EIO;
break;
}
@@ -143,7 +142,7 @@ static unsigned int roccat_poll(struct file *file, 
poll_table *wait)
poll_wait(file, &reader->device->wait, wait);
if (reader->cbuf_start != reader->device->cbuf_end)
return POLLIN | POLLRDNORM;
-   if (!reader->device->exist)
+   if (reader->device->open == 0)
return POLLERR | POLLHUP;
return 0;
 }
@@ -224,13 +223,11 @@ static int roccat_release(struct inode *inode, struct 
file *file)
kfree(reader);
 
if (!--device->open) {
-   /* removing last reader */
-   if (device->exist) {
-   hid_hw_power(device->hid, PM_HINT_NORMAL);
-   hid_hw_close(device->hid);
-   } else {
-   kfree(device);
-   }
+   /* we have removed the last reader */
+   kfree(device);
+   } else {
+   hid_hw_power(device->hid, PM_HINT_NORMAL);
+   hid_hw_close(device->hid);
}
 
mutex_unlock(&devices_lock);
@@ -340,7 +337,6 @@ int roccat_connect(struct class *klass, struct hid_device 
*hid, int report_size)
mutex_init(&device->cbuf_lock);
device->minor = minor;
device->hid = hid;
-   device->exist = 1;
device->cbuf_end = 0;
device->report_size = report_size;
 
@@ -359,8 +355,6 @@ void roccat_disconnect(int minor)
device = devices[minor];
mutex_unlock(&devices_lock);
 
-   device->exist = 0; /* TODO exist maybe not needed */
-
device_destroy(device->dev->class, MKDEV(roccat_major, minor));
 
mutex_lock(&devices_lock);
-- 
2.9.3

[PATCH 0/7] USB-iowarrior: Fine-tuning for some function implementations

2016-08-21 Thread SF Markus Elfring 
From: Markus Elfring 
Date: Sun, 21 Aug 2016 15:41:23 +0200

Several update suggestions were taken into account
from static source code analysis.

Markus Elfring (7):
  Use memdup_user() rather than duplicating its implementation
  Delete unnecessary initialisations for the variable "dev"
  Delete an unnecessary initialisation in iowarrior_release()
  Delete unnecessary initialisations in iowarrior_open()
  Delete unnecessary initialisations in iowarrior_write()
  Delete unnecessary braces
  Apply another recommendation from "checkpatch.pl"

 drivers/usb/misc/iowarrior.c | 53 ++--
 1 file changed, 22 insertions(+), 31 deletions(-)

-- 
2.9.3

[PATCH 1/7] USB-iowarrior: Use memdup_user() rather than duplicating its implementation

2016-08-21 Thread SF Markus Elfring 
From: Markus Elfring 
Date: Sun, 21 Aug 2016 12:48:27 +0200

Reuse existing functionality from memdup_user() instead of keeping
duplicate source code.

This issue was detected by using the Coccinelle software.

Signed-off-by: Markus Elfring 
---
 drivers/usb/misc/iowarrior.c | 11 +++
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/drivers/usb/misc/iowarrior.c b/drivers/usb/misc/iowarrior.c
index 7defa34..8ae01b0 100644
--- a/drivers/usb/misc/iowarrior.c
+++ b/drivers/usb/misc/iowarrior.c
@@ -368,14 +368,9 @@ static ssize_t iowarrior_write(struct file *file,
case USB_DEVICE_ID_CODEMERCS_IOWPV2:
case USB_DEVICE_ID_CODEMERCS_IOW40:
/* IOW24 and IOW40 use a synchronous call */
-   buf = kmalloc(count, GFP_KERNEL);
-   if (!buf) {
-   retval = -ENOMEM;
-   goto exit;
-   }
-   if (copy_from_user(buf, user_buffer, count)) {
-   retval = -EFAULT;
-   kfree(buf);
+   buf = memdup_user(user_buffer, count);
+   if (IS_ERR(buf)) {
+   retval = PTR_ERR(buf);
goto exit;
}
retval = usb_set_report(dev->interface, 2, 0, buf, count);
-- 
2.9.3

[PATCH 2/7] USB-iowarrior: Delete unnecessary initialisations for the variable "dev"

2016-08-21 Thread SF Markus Elfring 
From: Markus Elfring 
Date: Sun, 21 Aug 2016 13:26:09 +0200

The local variable "dev" was initialised despite of the detail
that it was immediately reassigned by the following statement.
Thus remove such unnecessary specifications.

Signed-off-by: Markus Elfring 
---
 drivers/usb/misc/iowarrior.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/usb/misc/iowarrior.c b/drivers/usb/misc/iowarrior.c
index 8ae01b0..6048f97 100644
--- a/drivers/usb/misc/iowarrior.c
+++ b/drivers/usb/misc/iowarrior.c
@@ -468,7 +468,7 @@ exit:
 static long iowarrior_ioctl(struct file *file, unsigned int cmd,
unsigned long arg)
 {
-   struct iowarrior *dev = NULL;
+   struct iowarrior *dev;
__u8 *buffer;
__u8 __user *user_buffer;
int retval;
@@ -751,7 +751,7 @@ static int iowarrior_probe(struct usb_interface *interface,
   const struct usb_device_id *id)
 {
struct usb_device *udev = interface_to_usbdev(interface);
-   struct iowarrior *dev = NULL;
+   struct iowarrior *dev;
struct usb_host_interface *iface_desc;
struct usb_endpoint_descriptor *endpoint;
int i;
-- 
2.9.3

[PATCH 3/7] USB-iowarrior: Delete an unnecessary initialisation in iowarrior_release()

2016-08-21 Thread SF Markus Elfring 
From: Markus Elfring 
Date: Sun, 21 Aug 2016 13:45:09 +0200

The local variable "retval" will be set to an appropriate value
a bit later. Thus omit the explicit initialisation at the beginning.

Signed-off-by: Markus Elfring 
---
 drivers/usb/misc/iowarrior.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/usb/misc/iowarrior.c b/drivers/usb/misc/iowarrior.c
index 6048f97..449bf64 100644
--- a/drivers/usb/misc/iowarrior.c
+++ b/drivers/usb/misc/iowarrior.c
@@ -644,7 +644,7 @@ out:
 static int iowarrior_release(struct inode *inode, struct file *file)
 {
struct iowarrior *dev;
-   int retval = 0;
+   int retval;
 
dev = file->private_data;
if (dev == NULL) {
-- 
2.9.3

[PATCH 4/7] USB-iowarrior: Delete unnecessary initialisations in iowarrior_open()

2016-08-21 Thread SF Markus Elfring 
From: Markus Elfring 
Date: Sun, 21 Aug 2016 15:15:03 +0200

Two local variables will be set to an appropriate value a bit later.
Thus omit the explicit initialisation at the beginning.

Signed-off-by: Markus Elfring 
---
 drivers/usb/misc/iowarrior.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/usb/misc/iowarrior.c b/drivers/usb/misc/iowarrior.c
index 449bf64..e3564d8 100644
--- a/drivers/usb/misc/iowarrior.c
+++ b/drivers/usb/misc/iowarrior.c
@@ -587,10 +587,10 @@ error_out:
  */
 static int iowarrior_open(struct inode *inode, struct file *file)
 {
-   struct iowarrior *dev = NULL;
+   struct iowarrior *dev;
struct usb_interface *interface;
int subminor;
-   int retval = 0;
+   int retval;
 
mutex_lock(&iowarrior_mutex);
subminor = iminor(inode);
-- 
2.9.3

[PATCH 5/7] USB-iowarrior: Delete unnecessary initialisations in iowarrior_write()

2016-08-21 Thread SF Markus Elfring 
From: Markus Elfring 
Date: Sun, 21 Aug 2016 15:17:22 +0200

Two local variables will be set to an appropriate value a bit later.
Thus omit the explicit initialisation at the beginning.

Signed-off-by: Markus Elfring 
---
 drivers/usb/misc/iowarrior.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/usb/misc/iowarrior.c b/drivers/usb/misc/iowarrior.c
index e3564d8..ffbbb74 100644
--- a/drivers/usb/misc/iowarrior.c
+++ b/drivers/usb/misc/iowarrior.c
@@ -338,8 +338,8 @@ static ssize_t iowarrior_write(struct file *file,
   size_t count, loff_t *ppos)
 {
struct iowarrior *dev;
-   int retval = 0;
-   char *buf = NULL;   /* for IOW24 and IOW56 we need a buffer */
+   int retval;
+   char *buf;  /* for IOW24 and IOW56 we need a buffer */
struct urb *int_out_urb = NULL;
 
dev = file->private_data;
-- 
2.9.3

[PATCH 6/7] USB-iowarrior: Delete unnecessary braces

2016-08-21 Thread SF Markus Elfring 
From: Markus Elfring 
Date: Sun, 21 Aug 2016 15:25:30 +0200

Do not use curly brackets at a few source code places
where a single statement should be sufficient.

Signed-off-by: Markus Elfring 
---
 drivers/usb/misc/iowarrior.c | 22 --
 1 file changed, 8 insertions(+), 14 deletions(-)

diff --git a/drivers/usb/misc/iowarrior.c b/drivers/usb/misc/iowarrior.c
index ffbbb74..132c8cf 100644
--- a/drivers/usb/misc/iowarrior.c
+++ b/drivers/usb/misc/iowarrior.c
@@ -227,10 +227,10 @@ static void iowarrior_write_callback(struct urb *urb)
/* sync/async unlink faults aren't errors */
if (status &&
!(status == -ENOENT ||
- status == -ECONNRESET || status == -ESHUTDOWN)) {
+ status == -ECONNRESET || status == -ESHUTDOWN))
dev_dbg(&dev->interface->dev,
"nonzero write bulk status received: %d\n", status);
-   }
+
/* free up our allocated buffer */
usb_free_coherent(urb->dev, urb->transfer_buffer_length,
  urb->transfer_buffer, urb->transfer_dma);
@@ -304,25 +304,21 @@ static ssize_t iowarrior_read(struct file *file, char 
__user *buffer,
  read_index
  (dev)) !=
  -1));
-   if (r) {
+   if (r)
//we were interrupted by a signal
return -ERESTART;
-   }
-   if (!dev->present) {
+   if (!dev->present)
//The device was unplugged
return -ENODEV;
-   }
-   if (read_idx == -1) {
+   if (read_idx == -1)
// Can this happen ???
return 0;
-   }
}
}
 
offset = read_idx * (dev->report_size + 1);
-   if (copy_to_user(buffer, dev->read_queue + offset, count)) {
+   if (copy_to_user(buffer, dev->read_queue + offset, count))
return -EFAULT;
-   }
} while (atomic_read(&dev->overflow_flag));
 
read_idx = ++read_idx == MAX_INTERRUPT_BUFFER ? 0 : read_idx;
@@ -475,9 +471,8 @@ static long iowarrior_ioctl(struct file *file, unsigned int 
cmd,
int io_res; /* checks for bytes read/written and 
copy_to/from_user results */
 
dev = file->private_data;
-   if (dev == NULL) {
+   if (!dev)
return -ENODEV;
-   }
 
buffer = kzalloc(dev->report_size, GFP_KERNEL);
if (!buffer)
@@ -647,9 +642,8 @@ static int iowarrior_release(struct inode *inode, struct 
file *file)
int retval;
 
dev = file->private_data;
-   if (dev == NULL) {
+   if (!dev)
return -ENODEV;
-   }
 
dev_dbg(&dev->interface->dev, "minor %d\n", dev->minor);
 
-- 
2.9.3

[PATCH 7/7] USB-iowarrior: Apply another recommendation from "checkpatch.pl"

2016-08-21 Thread SF Markus Elfring 
From: Markus Elfring 
Date: Sun, 21 Aug 2016 15:30:11 +0200

The script "checkpatch.pl" can point out that assignments should usually
not be performed within condition checks.
Thus move the assignments for two local variables to separate statements.

Signed-off-by: Markus Elfring 
---
 drivers/usb/misc/iowarrior.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/usb/misc/iowarrior.c b/drivers/usb/misc/iowarrior.c
index 132c8cf..78b5d65 100644
--- a/drivers/usb/misc/iowarrior.c
+++ b/drivers/usb/misc/iowarrior.c
@@ -292,7 +292,8 @@ static ssize_t iowarrior_read(struct file *file, char 
__user *buffer,
/* repeat until no buffer overrun in callback handler occur */
do {
atomic_set(&dev->overflow_flag, 0);
-   if ((read_idx = read_index(dev)) == -1) {
+   read_idx = read_index(dev);
+   if (read_idx == -1) {
/* queue empty */
if (file->f_flags & O_NONBLOCK)
return -EAGAIN;
@@ -616,7 +617,8 @@ static int iowarrior_open(struct inode *inode, struct file 
*file)
}
 
/* setup interrupt handler for receiving values */
-   if ((retval = usb_submit_urb(dev->int_in_urb, GFP_KERNEL)) < 0) {
+   retval = usb_submit_urb(dev->int_in_urb, GFP_KERNEL);
+   if (retval < 0) {
dev_err(&interface->dev, "Error %d while submitting URB\n", 
retval);
retval = -EFAULT;
goto out;
-- 
2.9.3

[PATCH] perf tools: fix typo: "ehough" -> "enough"

2016-08-21 Thread Colin King 
From: Colin Ian King 

trivial typo fix in pr_debug message

Signed-off-by: Colin Ian King 
---
 tools/perf/tests/backward-ring-buffer.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/perf/tests/backward-ring-buffer.c 
b/tools/perf/tests/backward-ring-buffer.c
index 615780c..e6d1816 100644
--- a/tools/perf/tests/backward-ring-buffer.c
+++ b/tools/perf/tests/backward-ring-buffer.c
@@ -97,7 +97,7 @@ int test__backward_ring_buffer(int subtest __maybe_unused)
 
evlist = perf_evlist__new();
if (!evlist) {
-   pr_debug("No ehough memory to create evlist\n");
+   pr_debug("No enough memory to create evlist\n");
return TEST_FAIL;
}
 
-- 
2.9.3

[PATCH] perf test bpf: fix typo: "ehough" -> "enough"

2016-08-21 Thread Colin King 
From: Colin Ian King 

trivial typo fix in pr_debug message

Signed-off-by: Colin Ian King 
---
 tools/perf/tests/bpf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/perf/tests/bpf.c b/tools/perf/tests/bpf.c
index fc54064..2673e86 100644
--- a/tools/perf/tests/bpf.c
+++ b/tools/perf/tests/bpf.c
@@ -125,7 +125,7 @@ static int do_test(struct bpf_object *obj, int 
(*func)(void),
/* Instead of perf_evlist__new_default, don't add default events */
evlist = perf_evlist__new();
if (!evlist) {
-   pr_debug("No ehough memory to create evlist\n");
+   pr_debug("No enough memory to create evlist\n");
return TEST_FAIL;
}
 
-- 
2.9.3

[Thermal] Need confirmation for the pending thermal soc patches

2016-08-21 Thread Zhang Rui 
Hi,

As Eduardo is quite busy recently, I will take all the thermal soc
driver changes this time.
Currently, I have cherry picked all the patches that Eduardo has
already applied in thermal-soc tree and reviewed all the pending
patches in patchwork. Now, there are four patches queued for next -rc (
https://git.kernel.org/cgit/linux/kernel/git/rzhang/linux.git/log/?h=fo
r-rc), and 23 thermal soc patches queued for next merge window (https:/
/git.kernel.org/cgit/linux/kernel/git/rzhang/linux.git/log/?h=release).

If you think some soc fixes that are urgent and should be in 4.8
instead of 4.9, please let me know.
If there are some patches that are neither in thermal -next tree(https:
//git.kernel.org/cgit/linux/kernel/git/rzhang/linux.git/log/?h=next),
nor have my response, please let me know, in case I missed some. :)

thanks,
rui

[PATCH] perf bpf: fix typo: "ehough" -> "enough"

2016-08-21 Thread Colin King 
From: Colin Ian King 

trivial typo fix in pr_debug message

Signed-off-by: Colin Ian King 
---
 tools/perf/util/bpf-loader.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/perf/util/bpf-loader.c b/tools/perf/util/bpf-loader.c
index 1f12e4e..2b2c9b8 100644
--- a/tools/perf/util/bpf-loader.c
+++ b/tools/perf/util/bpf-loader.c
@@ -531,7 +531,7 @@ static int map_prologue(struct perf_probe_event *pev, int 
*mapping,
 
ptevs = malloc(array_sz);
if (!ptevs) {
-   pr_debug("No ehough memory: alloc ptevs failed\n");
+   pr_debug("No enough memory: alloc ptevs failed\n");
return -ENOMEM;
}
 
-- 
2.9.3

[PATCH] net: tehuti: fix typo: "eneble" -> "enable"

2016-08-21 Thread Colin King 
From: Colin Ian King 

trivial typo fix in pr_err message

Signed-off-by: Colin Ian King 
---
 drivers/net/ethernet/tehuti/tehuti.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/tehuti/tehuti.c 
b/drivers/net/ethernet/tehuti/tehuti.c
index 7452b5f..7108c68 100644
--- a/drivers/net/ethernet/tehuti/tehuti.c
+++ b/drivers/net/ethernet/tehuti/tehuti.c
@@ -1987,7 +1987,7 @@ bdx_probe(struct pci_dev *pdev, const struct 
pci_device_id *ent)
if ((readl(nic->regs + FPGA_VER) & 0xFFF) >= 378) {
err = pci_enable_msi(pdev);
if (err)
-   pr_err("Can't eneble msi. error is %d\n", err);
+   pr_err("Can't enable msi. error is %d\n", err);
else
nic->irq_type = IRQ_MSI;
} else
-- 
2.9.3

Re: [PATCH 6/6] Add dockerfile

2016-08-21 Thread Theodore Ts'o 
On Sun, Aug 21, 2016 at 03:02:38PM +0300, Dmitry Monakhov wrote:
> Definitely. But in your case we still need jessie64's chroot.
> It should be prepared somehow. My point is that if we give an automated build
> script this may help people to start with xfstests with less pain.
> In my experience time spend on investigation of installation process
> always longer than time to download precreated VM/container :)
> Let's call this approach "Lazy developers are welcome"

Well, for the really lazy developers, all they need to do now is:

git clone git://git.kernel.org/pub/scm/fs/ext2/xfstests-bld.git
cd xfstests-bld/kvm-xfstests
make install

:-)

This will download the root_fs.img from www.kernel.org, and install
kvm-xfstests into their home directory.

(Or they can substite the last command with: "sudo make
prefix=/usr/local install")

This should work for both Fedora and Debian systems.  There will be
some packages you will need to install (e.g., kvm) but I suspect many
people will have all of the prequisites installed already.

Cheers,

  - Ted

Re: Context switch latency in tickless isolated CPU

2016-08-21 Thread Paul E. McKenney 
On Sun, Aug 21, 2016 at 07:26:04PM +0800, GeHao Kang wrote:
> On Fri, Aug 19, 2016 at 8:34 PM, Peter Zijlstra  wrote:
> 
> > Why are you wanting to use nohz_full if you do syscalls?
> 
> We hope to reduce the overhead of the tick while the real time
> applications run,
> and these applications might do some syscalls to operate the I/O devices like
> EtherCAT.

If latency is all you care about, one approach is to map the device
registers into userspace and do the I/O without assistance from the
kernel.

Alternatively, use in-memory mailbox/queuing techniques to hand the
I/O off to some other thread.

Thanx, Paul

Re: [PATCH] iio: chemical: atlas-ph-sensor: fix typo in val assignment

2016-08-21 Thread Jonathan Cameron 
On 27/07/16 10:28, Matt Ranostay wrote:
> On Mon, Jul 25, 2016 at 3:06 PM, Colin King  wrote:
>> From: Colin Ian King 
>>
>> Fix an incorrect assignment due to a typo on a variable name. The
>> variable val2 should be assigned 10 and not val.
> 
> Yikes! Good catch..
> 
> Reviewed-By: Matt Ranostay 
> 
>>
>> Signed-off-by: Colin Ian King 
Thanks Colin.

Applied to the fixes-togreg branch of iio.git. Should head upstream
in a day or two.

Jonathan
>> ---
>>  drivers/iio/chemical/atlas-ph-sensor.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/iio/chemical/atlas-ph-sensor.c 
>> b/drivers/iio/chemical/atlas-ph-sensor.c
>> index ae038a5..407f141 100644
>> --- a/drivers/iio/chemical/atlas-ph-sensor.c
>> +++ b/drivers/iio/chemical/atlas-ph-sensor.c
>> @@ -434,7 +434,7 @@ static int atlas_read_raw(struct iio_dev *indio_dev,
>> break;
>> case IIO_ELECTRICALCONDUCTIVITY:
>> *val = 1; /* 0.1 */
>> -   *val = 10;
>> +   *val2 = 10;
>> break;
>> case IIO_CONCENTRATION:
>> *val = 0; /* 0.1 */
>> --
>> 2.8.1
>>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-iio" in
> the body of a message to majord...@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

Re: [PATCH v2 1/2] staging: iio: vcnl4000: Add IR current adjust support

2016-08-21 Thread Jonathan Cameron 
On 25/07/16 11:57, Pratik Prajapati wrote:
> Signed-off-by: Pratik Prajapati 
Sorry it took me so long to get to this. Wading back through my
emails post holiday still.

Small issue in the documentation.

Jonathan
> ---
> Changes v1 -> v2:
>   - documented current_led files in ABI 
>   - masked value while writing to led register
>   - added blank line before last return
>   - removed redundant return
> 
>  Documentation/ABI/testing/sysfs-bus-iio | 13 ++
>  drivers/iio/light/vcnl4000.c| 77 
> ++---
>  2 files changed, 84 insertions(+), 6 deletions(-)
> 
> diff --git a/Documentation/ABI/testing/sysfs-bus-iio 
> b/Documentation/ABI/testing/sysfs-bus-iio
> index fee35c0..7129be6 100644
> --- a/Documentation/ABI/testing/sysfs-bus-iio
> +++ b/Documentation/ABI/testing/sysfs-bus-iio
> @@ -1579,3 +1579,16 @@ Contact:   linux-...@vger.kernel.org
>  Description:
>   Raw (unscaled no offset etc.) electric conductivity reading that
>   can be processed to siemens per meter.
> +
> +What:/sys/bus/iio/devices/iio:deviceX/in_current_led_raw
> +KernelVersion:   4.8
> +Contact: linux-...@vger.kernel.org
> +Description:
> + This controls the current to an IR LED.
It's controlling an output is it not? Rather than monitoring the current
through the LED.

Should be out_current_led_raw

Actually I think the issue is only in the docs as it looks right in the
code.
> +
> +What:/sys/bus/iio/devices/iio:deviceX/in_current_led_scale
> +KernelVersion:   4.8
> +Contact: linux-...@vger.kernel.org
> +Description:
> + Specifies the conversion factor from the standard unit
> + to device specific unit.
out_ again.
> diff --git a/drivers/iio/light/vcnl4000.c b/drivers/iio/light/vcnl4000.c
> index 360b6e9..dcf7a6f 100644
> --- a/drivers/iio/light/vcnl4000.c
> +++ b/drivers/iio/light/vcnl4000.c
> @@ -3,6 +3,7 @@
>   * light and proximity sensor
>   *
>   * Copyright 2012 Peter Meerwald 
> + * Copyright (C) 2016 Pratik Prajapati 
>   *
>   * This file is subject to the terms and conditions of version 2 of
>   * the GNU General Public License.  See the file COPYING in the main
> @@ -11,7 +12,6 @@
>   * IIO driver for VCNL4000 (7-bit I2C slave address 0x13)
>   *
>   * TODO:
> - *   allow to adjust IR current
>   *   proximity threshold and event handling
>   *   periodic ALS/proximity measurement (VCNL4010/20)
>   *   interrupts (VCNL4010/20)
> @@ -46,6 +46,10 @@
>  #define VCNL4000_AL_OD   BIT(4) /* start on-demand ALS 
> measurement */
>  #define VCNL4000_PS_OD   BIT(3) /* start on-demand proximity 
> measurement */
>  
> +/* Bit mask for LED_CURRENT register */
> +#define VCNL4000_LED_CURRENT_MASK0x3F
> +#define VCNL4000_LED_CURRENT_MAX 20
> +
>  struct vcnl4000_data {
>   struct i2c_client *client;
>   struct mutex lock;
> @@ -111,9 +115,43 @@ static const struct iio_chan_spec vcnl4000_channels[] = {
>   }, {
>   .type = IIO_PROXIMITY,
>   .info_mask_separate = BIT(IIO_CHAN_INFO_RAW),
> - }
> + }, {
> + .type = IIO_CURRENT,
> + .info_mask_separate = BIT(IIO_CHAN_INFO_RAW) |
> + BIT(IIO_CHAN_INFO_SCALE),
> + .extend_name = "led",
> + .output = 1,
> + .scan_index = -1,
> + },
>  };
>  
> +static int vcnl4000_write_led_current_raw(struct vcnl4000_data *data, int 
> val)
> +{
> + int ret;
> +
> + if (val < 0 || val > VCNL4000_LED_CURRENT_MAX)
> + return -ERANGE;
> + mutex_lock(&data->lock);
> + ret = i2c_smbus_write_byte_data(data->client, VCNL4000_LED_CURRENT,
> + VCNL4000_LED_CURRENT_MASK & val);
> + mutex_unlock(&data->lock);
> +
> + return ret;
> +}
> +
> +static int vcnl4000_read_led_current_raw(struct vcnl4000_data *data)
> +{
> + int ret;
> +
> + mutex_lock(&data->lock);
> + ret = i2c_smbus_read_byte_data(data->client, VCNL4000_LED_CURRENT);
> + mutex_unlock(&data->lock);
> + if (ret < 0)
> + return ret;
> +
> + return ret &= VCNL4000_LED_CURRENT_MASK;
> +}
> +
>  static int vcnl4000_read_raw(struct iio_dev *indio_dev,
>   struct iio_chan_spec const *chan,
>   int *val, int *val2, long mask)
> @@ -138,23 +176,50 @@ static int vcnl4000_read_raw(struct iio_dev *indio_dev,
>   if (ret < 0)
>   return ret;
>   return IIO_VAL_INT;
> + case IIO_CURRENT:
> + ret = vcnl4000_read_led_current_raw(data);
> + if (ret < 0)
> + return ret;
> + *val = ret;
> + return IIO_VAL_INT;
>   default:
>   return -EINVAL;
>   }
> +
>   case IIO_CHAN_INFO_SCALE:
> -

[PATCH -next] drm/i915: Fix non static symbol warning

2016-08-21 Thread Wei Yongjun 
From: Wei Yongjun 

Fixes the following sparse warning:

drivers/gpu/drm/i915/intel_hotplug.c:480:6: warning:
 symbol 'i915_hpd_poll_init_work' was not declared. Should it be static?

Also move the '{' to new line.

Signed-off-by: Wei Yongjun 
---
 drivers/gpu/drm/i915/intel_hotplug.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/i915/intel_hotplug.c 
b/drivers/gpu/drm/i915/intel_hotplug.c
index 5dc2c20..334d47b 100644
--- a/drivers/gpu/drm/i915/intel_hotplug.c
+++ b/drivers/gpu/drm/i915/intel_hotplug.c
@@ -477,7 +477,8 @@ void intel_hpd_init(struct drm_i915_private *dev_priv)
spin_unlock_irq(&dev_priv->irq_lock);
 }
 
-void i915_hpd_poll_init_work(struct work_struct *work) {
+static void i915_hpd_poll_init_work(struct work_struct *work)
+{
struct drm_i915_private *dev_priv =
container_of(work, struct drm_i915_private,
 hotplug.poll_init_work);

Re: [PATCH v2 2/2] staging: iio: vcnl4000: Replace i2c api's with regmap

2016-08-21 Thread Jonathan Cameron 
On 25/07/16 11:57, Pratik Prajapati wrote:
> Signed-off-by: Pratik Prajapati 
Why?  I.e. Why replace it with regmap. I kind of assumed this was
to add spi support on a dual bus chip, but it doesn't look like
vcnl4000 has an spi version...

I wouldn't have minded if the driver had originally been written
to use regmap, but it seems a fair bit of churn if there are no
advantages.

Caching?

Anyhow, description should include the answer to 'Why?'

Jonathan
> ---
> Changes v1 -> v2
>   - added error msgs for led current's read and write functions
> 
>  drivers/iio/light/vcnl4000.c | 99 
> ++--
>  1 file changed, 86 insertions(+), 13 deletions(-)
> 
> diff --git a/drivers/iio/light/vcnl4000.c b/drivers/iio/light/vcnl4000.c
> index dcf7a6f..9a79022 100644
> --- a/drivers/iio/light/vcnl4000.c
> +++ b/drivers/iio/light/vcnl4000.c
> @@ -21,6 +21,7 @@
>  #include 
>  #include 
>  #include 
> +#include 
>  
>  #include 
>  #include 
> @@ -53,6 +54,7 @@
>  struct vcnl4000_data {
>   struct i2c_client *client;
>   struct mutex lock;
> + struct regmap *regmap;
>  };
>  
>  static const struct i2c_device_id vcnl4000_id[] = {
> @@ -67,20 +69,20 @@ static int vcnl4000_measure(struct vcnl4000_data *data, 
> u8 req_mask,
>   int tries = 20;
>   __be16 buf;
>   int ret;
> + unsigned int regval;
>  
>   mutex_lock(&data->lock);
>  
> - ret = i2c_smbus_write_byte_data(data->client, VCNL4000_COMMAND,
> - req_mask);
> + ret = regmap_write(data->regmap, VCNL4000_COMMAND, req_mask);
>   if (ret < 0)
>   goto fail;
>  
>   /* wait for data to become ready */
>   while (tries--) {
> - ret = i2c_smbus_read_byte_data(data->client, VCNL4000_COMMAND);
> + ret = regmap_read(data->regmap, VCNL4000_COMMAND, ®val);
>   if (ret < 0)
>   goto fail;
> - if (ret & rdy_mask)
> + if (regval & rdy_mask)
>   break;
>   msleep(20); /* measurement takes up to 100 ms */
>   }
> @@ -92,8 +94,8 @@ static int vcnl4000_measure(struct vcnl4000_data *data, u8 
> req_mask,
>   goto fail;
>   }
>  
> - ret = i2c_smbus_read_i2c_block_data(data->client,
> - data_reg, sizeof(buf), (u8 *) &buf);
> + ret = regmap_bulk_read(data->regmap, data_reg, (u8 *) &buf,
> + sizeof(buf));
>   if (ret < 0)
>   goto fail;
>  
> @@ -127,29 +129,38 @@ static const struct iio_chan_spec vcnl4000_channels[] = 
> {
>  
>  static int vcnl4000_write_led_current_raw(struct vcnl4000_data *data, int 
> val)
>  {
> + struct device *dev = regmap_get_device(data->regmap);
>   int ret;
>  
>   if (val < 0 || val > VCNL4000_LED_CURRENT_MAX)
>   return -ERANGE;
> +
>   mutex_lock(&data->lock);
> - ret = i2c_smbus_write_byte_data(data->client, VCNL4000_LED_CURRENT,
> - VCNL4000_LED_CURRENT_MASK & val);
> + ret = regmap_write_bits(data->regmap, VCNL4000_LED_CURRENT,
> + VCNL4000_LED_CURRENT_MASK, val);
>   mutex_unlock(&data->lock);
> + if (ret < 0)
> + dev_err(dev, "Failed to write to LED current register: %d",
> + ret);
>  
>   return ret;
>  }
>  
>  static int vcnl4000_read_led_current_raw(struct vcnl4000_data *data)
>  {
> + struct device *dev = regmap_get_device(data->regmap);
> + unsigned int regval;
>   int ret;
>  
>   mutex_lock(&data->lock);
> - ret = i2c_smbus_read_byte_data(data->client, VCNL4000_LED_CURRENT);
> + ret = regmap_read(data->regmap, VCNL4000_LED_CURRENT, ®val);
>   mutex_unlock(&data->lock);
> - if (ret < 0)
> + if (ret < 0) {
> + dev_err(dev, "Failed to read LED current register: %d", ret);
>   return ret;
> + }
>  
> - return ret &= VCNL4000_LED_CURRENT_MASK;
> + return regval &= VCNL4000_LED_CURRENT_MASK;
>  }
>  
>  static int vcnl4000_read_raw(struct iio_dev *indio_dev,
> @@ -223,27 +234,89 @@ static const struct iio_info vcnl4000_info = {
>   .driver_module = THIS_MODULE,
>  };
>  
> +static bool vcnl4000_readable_reg(struct device *dev, unsigned int reg)
> +{
> + switch (reg) {
> + case VCNL4000_COMMAND:
> + case VCNL4000_PROD_REV:
> + case VCNL4000_LED_CURRENT:
> + case VCNL4000_AL_PARAM:
> + case VCNL4000_AL_RESULT_HI:
> + case VCNL4000_AL_RESULT_LO:
> + case VCNL4000_PS_RESULT_HI:
> + case VCNL4000_PS_RESULT_LO:
> + case VCNL4000_PS_MEAS_FREQ:
> + case VCNL4000_PS_MOD_ADJ:
> + return true;
> + default:
> + return false;
> + }
> +}
> +
> +static bool vcnl4000_writeable_reg(struct device *dev, unsigned int reg)
> +{
> + switch (reg) {
> + case VCNL4000_COMMAND:
> + case VCNL4000_LED_CURRENT:
> + case VCNL4000_AL_PARAM:
> + case VCNL4000_PS_MEAS_FREQ:
> +

[PATCH 1/3] f2fs: check return value of write_checkpoint during fstrim

2016-08-21 Thread Chao Yu 
From: Chao Yu 

During fstrim, if one of multiple write_checkpoint failed, break off and
return error number to caller.

Signed-off-by: Chao Yu 
---
 fs/f2fs/segment.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
index a394012..020767c 100644
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -1303,6 +1303,8 @@ int f2fs_trim_fs(struct f2fs_sb_info *sbi, struct 
fstrim_range *range)
mutex_lock(&sbi->gc_mutex);
err = write_checkpoint(sbi, &cpc);
mutex_unlock(&sbi->gc_mutex);
+   if (err)
+   break;
}
 out:
range->len = F2FS_BLK_TO_BYTES(cpc.trimmed);
-- 
2.7.2

[PATCH 3/3] f2fs: remove redundant judgement condition in available_free_memory

2016-08-21 Thread Chao Yu 
From: Chao Yu 

In available_free_memory, there are two same judgement conditions which
is used for checking NAT excess, remove one of them.

Signed-off-by: Chao Yu 
---
 fs/f2fs/node.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/fs/f2fs/node.c b/fs/f2fs/node.c
index f75d197..8a28800 100644
--- a/fs/f2fs/node.c
+++ b/fs/f2fs/node.c
@@ -54,8 +54,6 @@ bool available_free_memory(struct f2fs_sb_info *sbi, int type)
res = mem_size < ((avail_ram * nm_i->ram_thresh / 100) >> 2);
if (excess_cached_nats(sbi))
res = false;
-   if (nm_i->nat_cnt > DEF_NAT_CACHE_THRESHOLD)
-   res = false;
} else if (type == DIRTY_DENTS) {
if (sbi->sb->s_bdi->wb.dirty_exceeded)
return false;
-- 
2.7.2

Re: [PATCH v2] iio: fix sched WARNING "do not call blocking ops when !TASK_RUNNING"

2016-08-21 Thread Jonathan Cameron 
On 21/08/16 13:26, Lars-Peter Clausen wrote:
> On 08/21/2016 01:21 PM, Jonathan Cameron wrote:
> [...]
>> I've applied to this to the fixes-togreg branch of iio.git
>>
>> For now I haven't marked it for stable, purely because I'm not sure
>> when the first 'problem' usage was introduced.  I'm happy to explicitly
>> send a request for stable inclusion if anyone wants to track down
>> which stable trees this is applicable to.
>>
>> I've very low on time today (holiday catch up) so won't get to
>> dig into it myself for a at least a few weeks.
> 
> The issue has been around for a bit longer, but the wait_woken()
> infrastructure has only available since v3.19.
> 
I've marked for stable and added a note about that.
Will do for now!

Jonathan

[PATCH 2/3] f2fs: schedule in between two continous batch discards

2016-08-21 Thread Chao Yu 
From: Chao Yu 

In batch discard approach of fstrim will grab/release gc_mutex lock
repeatly, it makes contention of the lock becoming more intensive.

So after one batch discards were issued in checkpoint and the lock
was released, it's better to do schedule() to increase opportunity
of grabbing gc_mutex lock for other competitors.

Signed-off-by: Chao Yu 
---
 fs/f2fs/segment.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
index 020767c..d0f74eb 100644
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -1305,6 +1305,8 @@ int f2fs_trim_fs(struct f2fs_sb_info *sbi, struct 
fstrim_range *range)
mutex_unlock(&sbi->gc_mutex);
if (err)
break;
+
+   schedule();
}
 out:
range->len = F2FS_BLK_TO_BYTES(cpc.trimmed);
-- 
2.7.2

[PATCH 3.10 010/180] netfilter: x_tables: assert minimum target size

2016-08-21 Thread Willy Tarreau 
From: Florian Westphal 

commit a08e4e190b866579896c09af59b3bdca821da2cd upstream.

The target size includes the size of the xt_entry_target struct.

Signed-off-by: Florian Westphal 
Signed-off-by: Pablo Neira Ayuso 
Signed-off-by: Willy Tarreau 
---
 net/netfilter/x_tables.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index 55b1e0c..cc34bb3 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -587,6 +587,9 @@ int xt_check_entry_offsets(const void *base,
return -EINVAL;
 
t = (void *)(e + target_offset);
+   if (t->u.target_size < sizeof(*t))
+   return -EINVAL;
+
if (target_offset + t->u.target_size > next_offset)
return -EINVAL;
 
-- 
2.8.0.rc2.1.gbe9624a

[PATCH 3.10 016/180] netfilter: arp_tables: simplify translate_compat_table args

2016-08-21 Thread Willy Tarreau 
From: Florian Westphal 

commit 832756f6fe8e4e82a63361119b7e2384e02f upstream.

Signed-off-by: Florian Westphal 
Signed-off-by: Pablo Neira Ayuso 
Signed-off-by: Willy Tarreau 
---
 net/ipv4/netfilter/arp_tables.c | 82 ++---
 1 file changed, 36 insertions(+), 46 deletions(-)

diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index bb329cb..2ad0bc6 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -1199,6 +1199,18 @@ static int do_add_counters(struct net *net, const void 
__user *user,
 }
 
 #ifdef CONFIG_COMPAT
+struct compat_arpt_replace {
+   charname[XT_TABLE_MAXNAMELEN];
+   u32 valid_hooks;
+   u32 num_entries;
+   u32 size;
+   u32 hook_entry[NF_ARP_NUMHOOKS];
+   u32 underflow[NF_ARP_NUMHOOKS];
+   u32 num_counters;
+   compat_uptr_t   counters;
+   struct compat_arpt_entryentries[0];
+};
+
 static inline void compat_release_entry(struct compat_arpt_entry *e)
 {
struct xt_entry_target *t;
@@ -1214,8 +1226,7 @@ check_compat_entry_size_and_hooks(struct 
compat_arpt_entry *e,
  const unsigned char *base,
  const unsigned char *limit,
  const unsigned int *hook_entries,
- const unsigned int *underflows,
- const char *name)
+ const unsigned int *underflows)
 {
struct xt_entry_target *t;
struct xt_target *target;
@@ -1286,7 +1297,7 @@ out:
 
 static int
 compat_copy_entry_from_user(struct compat_arpt_entry *e, void **dstptr,
-   unsigned int *size, const char *name,
+   unsigned int *size,
struct xt_table_info *newinfo, unsigned char *base)
 {
struct xt_entry_target *t;
@@ -1319,14 +1330,9 @@ compat_copy_entry_from_user(struct compat_arpt_entry *e, 
void **dstptr,
return ret;
 }
 
-static int translate_compat_table(const char *name,
- unsigned int valid_hooks,
- struct xt_table_info **pinfo,
+static int translate_compat_table(struct xt_table_info **pinfo,
  void **pentry0,
- unsigned int total_size,
- unsigned int number,
- unsigned int *hook_entries,
- unsigned int *underflows)
+ const struct compat_arpt_replace *compatr)
 {
unsigned int i, j;
struct xt_table_info *newinfo, *info;
@@ -1338,8 +1344,8 @@ static int translate_compat_table(const char *name,
 
info = *pinfo;
entry0 = *pentry0;
-   size = total_size;
-   info->number = number;
+   size = compatr->size;
+   info->number = compatr->num_entries;
 
/* Init all hooks to impossible value. */
for (i = 0; i < NF_ARP_NUMHOOKS; i++) {
@@ -1350,40 +1356,39 @@ static int translate_compat_table(const char *name,
duprintf("translate_compat_table: size %u\n", info->size);
j = 0;
xt_compat_lock(NFPROTO_ARP);
-   xt_compat_init_offsets(NFPROTO_ARP, number);
+   xt_compat_init_offsets(NFPROTO_ARP, compatr->num_entries);
/* Walk through entries, checking offsets. */
-   xt_entry_foreach(iter0, entry0, total_size) {
+   xt_entry_foreach(iter0, entry0, compatr->size) {
ret = check_compat_entry_size_and_hooks(iter0, info, &size,
entry0,
-   entry0 + total_size,
-   hook_entries,
-   underflows,
-   name);
+   entry0 + compatr->size,
+   compatr->hook_entry,
+   compatr->underflow);
if (ret != 0)
goto out_unlock;
++j;
}
 
ret = -EINVAL;
-   if (j != number) {
+   if (j != compatr->num_entries) {
duprintf("translate_compat_table: %u not %u entries\n",
-j, number);
+j, compatr->num_entries);
goto out_unlock;
}
 
/* Check hooks all assigned */
for (i = 0; i < NF_ARP_NUMHOOKS; i++) {
/* Only hooks which are valid */
-

[PATCH 3.10 013/180] netfilter: x_tables: check for bogus target offset

2016-08-21 Thread Willy Tarreau 
From: Florian Westphal 

commit ce683e5f9d045e5d67d1312a42b359cb2ab2a13c upstream.

We're currently asserting that targetoff + targetsize <= nextoff.

Extend it to also check that targetoff is >= sizeof(xt_entry).
Since this is generic code, add an argument pointing to the start of the
match/target, we can then derive the base structure size from the delta.

We also need the e->elems pointer in a followup change to validate matches.

Signed-off-by: Florian Westphal 
Signed-off-by: Pablo Neira Ayuso 
Signed-off-by: Willy Tarreau 
---
 include/linux/netfilter/x_tables.h |  4 ++--
 net/ipv4/netfilter/arp_tables.c|  5 +++--
 net/ipv4/netfilter/ip_tables.c |  5 +++--
 net/ipv6/netfilter/ip6_tables.c|  5 +++--
 net/netfilter/x_tables.c   | 17 +++--
 5 files changed, 26 insertions(+), 10 deletions(-)

diff --git a/include/linux/netfilter/x_tables.h 
b/include/linux/netfilter/x_tables.h
index 8dfd3dd..8bb7706 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -239,7 +239,7 @@ extern void xt_unregister_match(struct xt_match *target);
 extern int xt_register_matches(struct xt_match *match, unsigned int n);
 extern void xt_unregister_matches(struct xt_match *match, unsigned int n);
 
-int xt_check_entry_offsets(const void *base,
+int xt_check_entry_offsets(const void *base, const char *elems,
unsigned int target_offset,
unsigned int next_offset);
 
@@ -437,7 +437,7 @@ extern void xt_compat_target_from_user(struct 
xt_entry_target *t,
   void **dstptr, unsigned int *size);
 extern int xt_compat_target_to_user(const struct xt_entry_target *t,
void __user **dstptr, unsigned int *size);
-int xt_compat_check_entry_offsets(const void *base,
+int xt_compat_check_entry_offsets(const void *base, const char *elems,
   unsigned int target_offset,
   unsigned int next_offset);
 
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 73b3ab9..bb329cb 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -577,7 +577,8 @@ static inline int check_entry_size_and_hooks(struct 
arpt_entry *e,
if (!arp_checkentry(&e->arp))
return -EINVAL;
 
-   err = xt_check_entry_offsets(e, e->target_offset, e->next_offset);
+   err = xt_check_entry_offsets(e, e->elems, e->target_offset,
+e->next_offset);
if (err)
return err;
 
@@ -1239,7 +1240,7 @@ check_compat_entry_size_and_hooks(struct 
compat_arpt_entry *e,
if (!arp_checkentry(&e->arp))
return -EINVAL;
 
-   ret = xt_compat_check_entry_offsets(e, e->target_offset,
+   ret = xt_compat_check_entry_offsets(e, e->elems, e->target_offset,
e->next_offset);
if (ret)
return ret;
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 946e91a..29f3092 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -737,7 +737,8 @@ check_entry_size_and_hooks(struct ipt_entry *e,
if (!ip_checkentry(&e->ip))
return -EINVAL;
 
-   err = xt_check_entry_offsets(e, e->target_offset, e->next_offset);
+   err = xt_check_entry_offsets(e, e->elems, e->target_offset,
+e->next_offset);
if (err)
return err;
 
@@ -1504,7 +1505,7 @@ check_compat_entry_size_and_hooks(struct compat_ipt_entry 
*e,
if (!ip_checkentry(&e->ip))
return -EINVAL;
 
-   ret = xt_compat_check_entry_offsets(e,
+   ret = xt_compat_check_entry_offsets(e, e->elems,
e->target_offset, e->next_offset);
if (ret)
return ret;
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 5f98e7d..df9947d 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -748,7 +748,8 @@ check_entry_size_and_hooks(struct ip6t_entry *e,
if (!ip6_checkentry(&e->ipv6))
return -EINVAL;
 
-   err = xt_check_entry_offsets(e, e->target_offset, e->next_offset);
+   err = xt_check_entry_offsets(e, e->elems, e->target_offset,
+e->next_offset);
if (err)
return err;
 
@@ -1516,7 +1517,7 @@ check_compat_entry_size_and_hooks(struct 
compat_ip6t_entry *e,
if (!ip6_checkentry(&e->ipv6))
return -EINVAL;
 
-   ret = xt_compat_check_entry_offsets(e,
+   ret = xt_compat_check_entry_offsets(e, e->elems,
e->target_offset, e->next_offset);
if (ret)
return ret;
diff --git a/net/netfilter/x_tables.c b/net/netfil

[PATCH 3.10 091/180] xfs: fix inode validity check in xfs_iflush_cluster

2016-08-21 Thread Willy Tarreau 
From: Dave Chinner 

commit 51b07f30a71c27405259a0248206ed4e22adbee2 upstream.

Some careless idiot(*) wrote crap code in commit 1a3e8f3 ("xfs:
convert inode cache lookups to use RCU locking") back in late 2010,
and so xfs_iflush_cluster checks the wrong inode for whether it is
still valid under RCU protection. Fix it to lock and check the
correct inode.

(*) Careless-idiot: Dave Chinner 

cc:  # 3.10.x-
Discovered-by: Brain Foster 
Signed-off-by: Dave Chinner 
Reviewed-by: Christoph Hellwig 
Signed-off-by: Dave Chinner 
Signed-off-by: Willy Tarreau 
---
 fs/xfs/xfs_inode.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c
index 1f9c806..52faf49 100644
--- a/fs/xfs/xfs_inode.c
+++ b/fs/xfs/xfs_inode.c
@@ -2604,13 +2604,13 @@ xfs_iflush_cluster(
 * We need to check under the i_flags_lock for a valid inode
 * here. Skip it if it is not valid or the wrong inode.
 */
-   spin_lock(&ip->i_flags_lock);
-   if (!ip->i_ino ||
+   spin_lock(&iq->i_flags_lock);
+   if (!iq->i_ino ||
(XFS_INO_TO_AGINO(mp, iq->i_ino) & mask) != first_index) {
-   spin_unlock(&ip->i_flags_lock);
+   spin_unlock(&iq->i_flags_lock);
continue;
}
-   spin_unlock(&ip->i_flags_lock);
+   spin_unlock(&iq->i_flags_lock);
 
/*
 * Do an un-protected check to see if the inode is dirty and
-- 
2.8.0.rc2.1.gbe9624a

[PATCH 3.10 133/180] ALSA: timer: Fix leak in events via snd_timer_user_ccallback

2016-08-21 Thread Willy Tarreau 
From: Kangjie Lu 

commit 9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6 upstream.

The stack object “r1” has a total size of 32 bytes. Its field
“event” and “val” both contain 4 bytes padding. These 8 bytes
padding bytes are sent to user without being initialized.

Signed-off-by: Kangjie Lu 
Signed-off-by: Takashi Iwai 
Signed-off-by: Willy Tarreau 
---
 sound/core/timer.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sound/core/timer.c b/sound/core/timer.c
index 54ff806..7ba0709 100644
--- a/sound/core/timer.c
+++ b/sound/core/timer.c
@@ -1208,6 +1208,7 @@ static void snd_timer_user_ccallback(struct 
snd_timer_instance *timeri,
tu->tstamp = *tstamp;
if ((tu->filter & (1 << event)) == 0 || !tu->tread)
return;
+   memset(&r1, 0, sizeof(r1));
r1.event = event;
r1.tstamp = *tstamp;
r1.val = resolution;
-- 
2.8.0.rc2.1.gbe9624a

[PATCH 3.10 053/180] MIPS: KVM: Propagate kseg0/mapped tlb fault errors

2016-08-21 Thread Willy Tarreau 
From: James Hogan 

commit 9b731bcfdec4c159ad2e4312e25d69221709b96a upstream.

Propagate errors from kvm_mips_handle_kseg0_tlb_fault() and
kvm_mips_handle_mapped_seg_tlb_fault(), usually triggering an internal
error since they normally indicate the guest accessed bad physical
memory or the commpage in an unexpected way.

Fixes: 858dd5d45733 ("KVM/MIPS32: MMU/TLB operations for the Guest.")
Fixes: e685c689f3a8 ("KVM/MIPS32: Privileged instruction/target branch 
emulation.")
Signed-off-by: James Hogan 
Cc: Paolo Bonzini 
Cc: "Radim Krčmář" 
Cc: Ralf Baechle 
Cc: linux-m...@linux-mips.org
Cc: k...@vger.kernel.org
Signed-off-by: Radim Krčmář 
[james.ho...@imgtec.com: Backport to v3.10.y - v3.15.y]
Signed-off-by: James Hogan 
Signed-off-by: Willy Tarreau 
---
 arch/mips/kvm/kvm_mips_emul.c | 33 -
 arch/mips/kvm/kvm_tlb.c   | 14 ++
 2 files changed, 34 insertions(+), 13 deletions(-)

diff --git a/arch/mips/kvm/kvm_mips_emul.c b/arch/mips/kvm/kvm_mips_emul.c
index 3308581..9f76438 100644
--- a/arch/mips/kvm/kvm_mips_emul.c
+++ b/arch/mips/kvm/kvm_mips_emul.c
@@ -972,8 +972,13 @@ kvm_mips_emulate_cache(uint32_t inst, uint32_t *opc, 
uint32_t cause,
preempt_disable();
if (KVM_GUEST_KSEGX(va) == KVM_GUEST_KSEG0) {
 
-   if (kvm_mips_host_tlb_lookup(vcpu, va) < 0) {
-   kvm_mips_handle_kseg0_tlb_fault(va, vcpu);
+   if (kvm_mips_host_tlb_lookup(vcpu, va) < 0 &&
+   kvm_mips_handle_kseg0_tlb_fault(va, vcpu)) {
+   kvm_err("%s: handling mapped kseg0 tlb fault for %lx, 
vcpu: %p, ASID: %#lx\n",
+   __func__, va, vcpu, read_c0_entryhi());
+   er = EMULATE_FAIL;
+   preempt_enable();
+   goto done;
}
} else if ((KVM_GUEST_KSEGX(va) < KVM_GUEST_KSEG0) ||
   KVM_GUEST_KSEGX(va) == KVM_GUEST_KSEG23) {
@@ -1006,11 +1011,16 @@ kvm_mips_emulate_cache(uint32_t inst, uint32_t *opc, 
uint32_t cause,
run, vcpu);
preempt_enable();
goto dont_update_pc;
-   } else {
-   /* We fault an entry from the guest tlb to the 
shadow host TLB */
-   kvm_mips_handle_mapped_seg_tlb_fault(vcpu, tlb,
-NULL,
-NULL);
+   }
+   /* We fault an entry from the guest tlb to the shadow 
host TLB */
+   if (kvm_mips_handle_mapped_seg_tlb_fault(vcpu, tlb,
+NULL, NULL)) {
+   kvm_err("%s: handling mapped seg tlb fault for 
%lx, index: %u, vcpu: %p, ASID: %#lx\n",
+   __func__, va, index, vcpu,
+   read_c0_entryhi());
+   er = EMULATE_FAIL;
+   preempt_enable();
+   goto done;
}
}
} else {
@@ -1821,8 +1831,13 @@ kvm_mips_handle_tlbmiss(unsigned long cause, uint32_t 
*opc,
 tlb->tlb_hi, tlb->tlb_lo0, tlb->tlb_lo1);
 #endif
/* OK we have a Guest TLB entry, now inject it into the 
shadow host TLB */
-   kvm_mips_handle_mapped_seg_tlb_fault(vcpu, tlb, NULL,
-NULL);
+   if (kvm_mips_handle_mapped_seg_tlb_fault(vcpu, tlb,
+NULL, NULL)) {
+   kvm_err("%s: handling mapped seg tlb fault for 
%lx, index: %u, vcpu: %p, ASID: %#lx\n",
+   __func__, va, index, vcpu,
+   read_c0_entryhi());
+   er = EMULATE_FAIL;
+   }
}
}
 
diff --git a/arch/mips/kvm/kvm_tlb.c b/arch/mips/kvm/kvm_tlb.c
index 5a3c373..4bee439 100644
--- a/arch/mips/kvm/kvm_tlb.c
+++ b/arch/mips/kvm/kvm_tlb.c
@@ -926,10 +926,16 @@ uint32_t kvm_get_inst(uint32_t *opc, struct kvm_vcpu 
*vcpu)
local_irq_restore(flags);
return KVM_INVALID_INST;
}
-   kvm_mips_handle_mapped_seg_tlb_fault(vcpu,
-&vcpu->arch.
-guest_tlb[index],
-NULL, NULL);
+   if (kvm_mips_handle_mapped_seg_t

[PATCH 3.10 137/180] Fix reconnect to not defer smb3 session reconnect long after socket reconnect

2016-08-21 Thread Willy Tarreau 
From: Steve French 

commit 4fcd1813e6404dd4420c7d12fb483f9320f0bf93 upstream.

Azure server blocks clients that open a socket and don't do anything on it.
In our reconnect scenarios, we can reconnect the tcp session and
detect the socket is available but we defer the negprot and SMB3 session
setup and tree connect reconnection until the next i/o is requested, but
this looks suspicous to some servers who expect SMB3 negprog and session
setup soon after a socket is created.

In the echo thread, reconnect SMB3 sessions and tree connections
that are disconnected.  A later patch will replay persistent (and
resilient) handle opens.

Signed-off-by: Steve French 
Acked-by: Pavel Shilovsky 
Signed-off-by: Greg Kroah-Hartman 
Signed-off-by: Willy Tarreau 
---
 fs/cifs/connect.c |  4 +++-
 fs/cifs/smb2pdu.c | 27 +++
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index d05a300..7c33afd 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -408,7 +408,9 @@ cifs_echo_request(struct work_struct *work)
 * server->ops->need_neg() == true. Also, no need to ping if
 * we got a response recently.
 */
-   if (!server->ops->need_neg || server->ops->need_neg(server) ||
+
+   if (server->tcpStatus == CifsNeedReconnect ||
+   server->tcpStatus == CifsExiting || server->tcpStatus == CifsNew ||
(server->ops->can_echo && !server->ops->can_echo(server)) ||
time_before(jiffies, server->lstrp + SMB_ECHO_INTERVAL - HZ))
goto requeue_echo;
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index eb0de4c..9dd8c96 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -1250,6 +1250,33 @@ SMB2_echo(struct TCP_Server_Info *server)
 
cifs_dbg(FYI, "In echo request\n");
 
+   if (server->tcpStatus == CifsNeedNegotiate) {
+   struct list_head *tmp, *tmp2;
+   struct cifs_ses *ses;
+   struct cifs_tcon *tcon;
+
+   cifs_dbg(FYI, "Need negotiate, reconnecting tcons\n");
+   spin_lock(&cifs_tcp_ses_lock);
+   list_for_each(tmp, &server->smb_ses_list) {
+   ses = list_entry(tmp, struct cifs_ses, smb_ses_list);
+   list_for_each(tmp2, &ses->tcon_list) {
+   tcon = list_entry(tmp2, struct cifs_tcon,
+ tcon_list);
+   /* add check for persistent handle reconnect */
+   if (tcon && tcon->need_reconnect) {
+   spin_unlock(&cifs_tcp_ses_lock);
+   rc = smb2_reconnect(SMB2_ECHO, tcon);
+   spin_lock(&cifs_tcp_ses_lock);
+   }
+   }
+   }
+   spin_unlock(&cifs_tcp_ses_lock);
+   }
+
+   /* if no session, renegotiate failed above */
+   if (server->tcpStatus == CifsNeedNegotiate)
+   return -EIO;
+
rc = small_smb2_init(SMB2_ECHO, NULL, (void **)&req);
if (rc)
return rc;
-- 
2.8.0.rc2.1.gbe9624a

[PATCH 3.10 035/180] usb: musb: Ensure rx reinit occurs for shared_fifo endpoints

2016-08-21 Thread Willy Tarreau 
From: Andrew Goodbody 

commit f3eec0cf784e0d6c47822ca6b66df3d5812af7e6 upstream.

shared_fifo endpoints would only get a previous tx state cleared
out, the rx state was only cleared for non shared_fifo endpoints
Change this so that the rx state is cleared for all endpoints.
This addresses an issue that resulted in rx packets being dropped
silently.

Signed-off-by: Andrew Goodbody 
Cc: sta...@vger.kernel.org
Signed-off-by: Bin Liu 
Signed-off-by: Greg Kroah-Hartman 
Signed-off-by: Willy Tarreau 
---
 drivers/usb/musb/musb_host.c | 13 ++---
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/drivers/usb/musb/musb_host.c b/drivers/usb/musb/musb_host.c
index cdadbe6..c6cc520 100644
--- a/drivers/usb/musb/musb_host.c
+++ b/drivers/usb/musb/musb_host.c
@@ -581,14 +581,13 @@ musb_rx_reinit(struct musb *musb, struct musb_qh *qh, 
struct musb_hw_ep *ep)
musb_writew(ep->regs, MUSB_TXCSR, 0);
 
/* scrub all previous state, clearing toggle */
-   } else {
-   csr = musb_readw(ep->regs, MUSB_RXCSR);
-   if (csr & MUSB_RXCSR_RXPKTRDY)
-   WARNING("rx%d, packet/%d ready?\n", ep->epnum,
-   musb_readw(ep->regs, MUSB_RXCOUNT));
-
-   musb_h_flush_rxfifo(ep, MUSB_RXCSR_CLRDATATOG);
}
+   csr = musb_readw(ep->regs, MUSB_RXCSR);
+   if (csr & MUSB_RXCSR_RXPKTRDY)
+   WARNING("rx%d, packet/%d ready?\n", ep->epnum,
+   musb_readw(ep->regs, MUSB_RXCOUNT));
+
+   musb_h_flush_rxfifo(ep, MUSB_RXCSR_CLRDATATOG);
 
/* target addr and (for multipoint) hub addr/port */
if (musb->is_multipoint) {
-- 
2.8.0.rc2.1.gbe9624a

[PATCH 3.10 171/180] dm flakey: error READ bios during the down_interval

2016-08-21 Thread Willy Tarreau 
From: Mike Snitzer 

commit 99f3c90d0d85708e7401a81ce3314e50bf7f2819 upstream.

When the corrupt_bio_byte feature was introduced it caused READ bios to
no longer be errored with -EIO during the down_interval.  This had to do
with the complexity of needing to submit READs if the corrupt_bio_byte
feature was used.

Fix it so READ bios are properly errored with -EIO; doing so early in
flakey_map() as long as there isn't a match for the corrupt_bio_byte
feature.

Fixes: a3998799fb4df ("dm flakey: add corrupt_bio_byte feature")
Reported-by: Akira Hayakawa 
Signed-off-by: Mike Snitzer 
Cc: sta...@vger.kernel.org
Signed-off-by: Willy Tarreau 
---
 drivers/md/dm-flakey.c | 23 +++
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/drivers/md/dm-flakey.c b/drivers/md/dm-flakey.c
index 7fcf21c..a9a47cd 100644
--- a/drivers/md/dm-flakey.c
+++ b/drivers/md/dm-flakey.c
@@ -286,10 +286,16 @@ static int flakey_map(struct dm_target *ti, struct bio 
*bio)
pb->bio_submitted = true;
 
/*
-* Map reads as normal.
+* Map reads as normal only if corrupt_bio_byte set.
 */
-   if (bio_data_dir(bio) == READ)
-   goto map_bio;
+   if (bio_data_dir(bio) == READ) {
+   /* If flags were specified, only corrupt those that 
match. */
+   if (fc->corrupt_bio_byte && (fc->corrupt_bio_rw == 
READ) &&
+   all_corrupt_bio_flags_match(bio, fc))
+   goto map_bio;
+   else
+   return -EIO;
+   }
 
/*
 * Drop writes?
@@ -327,12 +333,13 @@ static int flakey_end_io(struct dm_target *ti, struct bio 
*bio, int error)
 
/*
 * Corrupt successful READs while in down state.
-* If flags were specified, only corrupt those that match.
 */
-   if (fc->corrupt_bio_byte && !error && pb->bio_submitted &&
-   (bio_data_dir(bio) == READ) && (fc->corrupt_bio_rw == READ) &&
-   all_corrupt_bio_flags_match(bio, fc))
-   corrupt_bio_data(bio, fc);
+   if (!error && pb->bio_submitted && (bio_data_dir(bio) == READ)) {
+   if (fc->corrupt_bio_byte)
+   corrupt_bio_data(bio, fc);
+   else
+   return -EIO;
+   }
 
return error;
 }
-- 
2.8.0.rc2.1.gbe9624a

[PATCH 3.10 146/180] qeth: delete napi struct when removing a qeth device

2016-08-21 Thread Willy Tarreau 
From: Ursula Braun 

commit 7831b4ff0d926e0deeaabef9db8800ed069a2757 upstream.

A qeth_card contains a napi_struct linked to the net_device during
device probing. This struct must be deleted when removing the qeth
device, otherwise Panic on oops can occur when qeth devices are
repeatedly removed and added.

Fixes: a1c3ed4c9ca ("qeth: NAPI support for l2 and l3 discipline")
Cc: sta...@vger.kernel.org # v2.6.37+
Signed-off-by: Ursula Braun 
Tested-by: Alexander Klein 
Signed-off-by: David S. Miller 
Signed-off-by: Willy Tarreau 
---
 drivers/s390/net/qeth_l2_main.c | 1 +
 drivers/s390/net/qeth_l3_main.c | 1 +
 2 files changed, 2 insertions(+)

diff --git a/drivers/s390/net/qeth_l2_main.c b/drivers/s390/net/qeth_l2_main.c
index ec8ccda..0090de4 100644
--- a/drivers/s390/net/qeth_l2_main.c
+++ b/drivers/s390/net/qeth_l2_main.c
@@ -898,6 +898,7 @@ static void qeth_l2_remove_device(struct ccwgroup_device 
*cgdev)
qeth_l2_set_offline(cgdev);
 
if (card->dev) {
+   netif_napi_del(&card->napi);
unregister_netdev(card->dev);
card->dev = NULL;
}
diff --git a/drivers/s390/net/qeth_l3_main.c b/drivers/s390/net/qeth_l3_main.c
index c1b0b27..7366bef 100644
--- a/drivers/s390/net/qeth_l3_main.c
+++ b/drivers/s390/net/qeth_l3_main.c
@@ -,6 +,7 @@ static void qeth_l3_remove_device(struct ccwgroup_device 
*cgdev)
qeth_l3_set_offline(cgdev);
 
if (card->dev) {
+   netif_napi_del(&card->napi);
unregister_netdev(card->dev);
card->dev = NULL;
}
-- 
2.8.0.rc2.1.gbe9624a

[PATCH 3.10 135/180] scsi: fix race between simultaneous decrements of ->host_failed

2016-08-21 Thread Willy Tarreau 
From: Wei Fang 

commit 72d8c36ec364c82bf1bf0c64dfa1041cfaf139f7 upstream.

sas_ata_strategy_handler() adds the works of the ata error handler to
system_unbound_wq. This workqueue asynchronously runs work items, so the
ata error handler will be performed concurrently on different CPUs. In
this case, ->host_failed will be decreased simultaneously in
scsi_eh_finish_cmd() on different CPUs, and become abnormal.

It will lead to permanently inequality between ->host_failed and
->host_busy, and scsi error handler thread won't start running. IO
errors after that won't be handled.

Since all scmds must have been handled in the strategy handler, just
remove the decrement in scsi_eh_finish_cmd() and zero ->host_busy after
the strategy handler to fix this race.

Fixes: 50824d6c5657 ("[SCSI] libsas: async ata-eh")
Cc: sta...@vger.kernel.org
Signed-off-by: Wei Fang 
Reviewed-by: James Bottomley 
Signed-off-by: Martin K. Petersen 
Signed-off-by: Willy Tarreau 
---
 Documentation/scsi/scsi_eh.txt | 8 ++--
 drivers/ata/libata-eh.c| 2 +-
 drivers/scsi/scsi_error.c  | 4 +++-
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/Documentation/scsi/scsi_eh.txt b/Documentation/scsi/scsi_eh.txt
index 6ff16b6..c08b62d 100644
--- a/Documentation/scsi/scsi_eh.txt
+++ b/Documentation/scsi/scsi_eh.txt
@@ -255,19 +255,23 @@ scmd->allowed.
 
  3. scmd recovered
 ACTION: scsi_eh_finish_cmd() is invoked to EH-finish scmd
-   - shost->host_failed--
- clear scmd->eh_eflags
- scsi_setup_cmd_retry()
- move from local eh_work_q to local eh_done_q
 LOCKING: none
+CONCURRENCY: at most one thread per separate eh_work_q to
+keep queue manipulation lockless
 
  4. EH completes
 ACTION: scsi_eh_flush_done_q() retries scmds or notifies upper
-   layer of failure.
+   layer of failure. May be called concurrently but must have
+   a no more than one thread per separate eh_work_q to
+   manipulate the queue locklessly
- scmd is removed from eh_done_q and scmd->eh_entry is cleared
- if retry is necessary, scmd is requeued using
   scsi_queue_insert()
- otherwise, scsi_finish_command() is invoked for scmd
+   - zero shost->host_failed
 LOCKING: queue or finish function performs appropriate locking
 
 
diff --git a/drivers/ata/libata-eh.c b/drivers/ata/libata-eh.c
index 063036d..126eb86 100644
--- a/drivers/ata/libata-eh.c
+++ b/drivers/ata/libata-eh.c
@@ -604,7 +604,7 @@ void ata_scsi_error(struct Scsi_Host *host)
ata_scsi_port_error_handler(host, ap);
 
/* finish or retry handled scmd's and clean up */
-   WARN_ON(host->host_failed || !list_empty(&eh_work_q));
+   WARN_ON(!list_empty(&eh_work_q));
 
DPRINTK("EXIT\n");
 }
diff --git a/drivers/scsi/scsi_error.c b/drivers/scsi/scsi_error.c
index 9acbc88..5ba69ea 100644
--- a/drivers/scsi/scsi_error.c
+++ b/drivers/scsi/scsi_error.c
@@ -898,7 +898,6 @@ static int scsi_request_sense(struct scsi_cmnd *scmd)
  */
 void scsi_eh_finish_cmd(struct scsi_cmnd *scmd, struct list_head *done_q)
 {
-   scmd->device->host->host_failed--;
scmd->eh_eflags = 0;
list_move_tail(&scmd->eh_entry, done_q);
 }
@@ -1892,6 +1891,9 @@ int scsi_error_handler(void *data)
else
scsi_unjam_host(shost);
 
+   /* All scmds have been handled */
+   shost->host_failed = 0;
+
/*
 * Note - if the above fails completely, the action is to take
 * individual devices offline and flush the queue of any
-- 
2.8.0.rc2.1.gbe9624a

[PATCH 3.10 149/180] can: fix oops caused by wrong rtnl dellink usage

2016-08-21 Thread Willy Tarreau 
From: Oliver Hartkopp 

commit 25e1ed6e64f52a692ba3191c4fde650aab3ecc07 upstream.

For 'real' hardware CAN devices the netlink interface is used to set CAN
specific communication parameters. Real CAN hardware can not be created nor
removed with the ip tool ...

This patch adds a private dellink function for the CAN device driver interface
that does just nothing.

It's a follow up to commit 993e6f2fd ("can: fix oops caused by wrong rtnl
newlink usage") but for dellink.

Reported-by: ajneu 
Signed-off-by: Oliver Hartkopp 
Signed-off-by: Marc Kleine-Budde 
Signed-off-by: Greg Kroah-Hartman 
Signed-off-by: Willy Tarreau 
---
 drivers/net/can/dev.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev.c
index f66aeb7..464e5f6 100644
--- a/drivers/net/can/dev.c
+++ b/drivers/net/can/dev.c
@@ -772,6 +772,11 @@ static int can_newlink(struct net *src_net, struct 
net_device *dev,
return -EOPNOTSUPP;
 }
 
+static void can_dellink(struct net_device *dev, struct list_head *head)
+{
+   return;
+}
+
 static struct rtnl_link_ops can_link_ops __read_mostly = {
.kind   = "can",
.maxtype= IFLA_CAN_MAX,
@@ -779,6 +784,7 @@ static struct rtnl_link_ops can_link_ops __read_mostly = {
.setup  = can_setup,
.newlink= can_newlink,
.changelink = can_changelink,
+   .dellink= can_dellink,
.get_size   = can_get_size,
.fill_info  = can_fill_info,
.get_xstats_size = can_get_xstats_size,
-- 
2.8.0.rc2.1.gbe9624a

[PATCH 3.10 079/180] drm/radeon: Poll for both connect/disconnect on analog connectors

2016-08-21 Thread Willy Tarreau 
From: Lyude 

commit 14ff8d48f2235295dfb3117693008e367b49cdb5 upstream.

DRM_CONNECTOR_POLL_CONNECT only enables polling for connections, not
disconnections. Because of this, we end up losing hotplug polling for
analog connectors once they get connected.

Easy way to reproduce:
 - Grab a machine with a radeon GPU and a VGA port
 - Plug a monitor into the VGA port, wait for it to update the connector
   from disconnected to connected
 - Disconnect the monitor on VGA, a hotplug event is never sent for the
   removal of the connector.

Originally, only using DRM_CONNECTOR_POLL_CONNECT might have been a good
idea since doing VGA polling can sometimes result in having to mess with
the DAC voltages to figure out whether or not there's actually something
there since VGA doesn't have HPD. Doing this would have the potential of
showing visible artifacts on the screen every time we ran a poll while a
VGA display was connected. Luckily, radeon_vga_detect() only resorts to
this sort of polling if the poll is forced, and DRM's polling helper
doesn't force it's polls.

Additionally, this removes some assignments to connector->polled that
weren't actually doing anything.

Cc: sta...@vger.kernel.org
Signed-off-by: Lyude 
Signed-off-by: Alex Deucher 
Signed-off-by: Willy Tarreau 
---
 drivers/gpu/drm/radeon/radeon_connectors.c | 15 +--
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/drivers/gpu/drm/radeon/radeon_connectors.c 
b/drivers/gpu/drm/radeon/radeon_connectors.c
index 1fbd38b..ea62810 100644
--- a/drivers/gpu/drm/radeon/radeon_connectors.c
+++ b/drivers/gpu/drm/radeon/radeon_connectors.c
@@ -1691,7 +1691,6 @@ radeon_add_atom_connector(struct drm_device *dev,
  1);
/* no HPD on analog connectors */
radeon_connector->hpd.hpd = RADEON_HPD_NONE;
-   connector->polled = DRM_CONNECTOR_POLL_CONNECT;
connector->interlace_allowed = true;
connector->doublescan_allowed = true;
break;
@@ -1889,8 +1888,10 @@ radeon_add_atom_connector(struct drm_device *dev,
}
 
if (radeon_connector->hpd.hpd == RADEON_HPD_NONE) {
-   if (i2c_bus->valid)
-   connector->polled = DRM_CONNECTOR_POLL_CONNECT;
+   if (i2c_bus->valid) {
+   connector->polled = DRM_CONNECTOR_POLL_CONNECT |
+   DRM_CONNECTOR_POLL_DISCONNECT;
+   }
} else
connector->polled = DRM_CONNECTOR_POLL_HPD;
 
@@ -1962,7 +1963,6 @@ radeon_add_legacy_connector(struct drm_device *dev,
  1);
/* no HPD on analog connectors */
radeon_connector->hpd.hpd = RADEON_HPD_NONE;
-   connector->polled = DRM_CONNECTOR_POLL_CONNECT;
connector->interlace_allowed = true;
connector->doublescan_allowed = true;
break;
@@ -2047,10 +2047,13 @@ radeon_add_legacy_connector(struct drm_device *dev,
}
 
if (radeon_connector->hpd.hpd == RADEON_HPD_NONE) {
-   if (i2c_bus->valid)
-   connector->polled = DRM_CONNECTOR_POLL_CONNECT;
+   if (i2c_bus->valid) {
+   connector->polled = DRM_CONNECTOR_POLL_CONNECT |
+   DRM_CONNECTOR_POLL_DISCONNECT;
+   }
} else
connector->polled = DRM_CONNECTOR_POLL_HPD;
+
connector->display_info.subpixel_order = subpixel_order;
drm_sysfs_connector_add(connector);
 }
-- 
2.8.0.rc2.1.gbe9624a

[PATCH 3.10 131/180] ALSA: ctl: Stop notification after disconnection

2016-08-21 Thread Willy Tarreau 
From: Takashi Iwai 

commit f388cdcdd160687c6650833f286b9c89c50960ff upstream.

snd_ctl_remove() has a notification for the removal event.  It's
superfluous when done during the device got disconnected.  Although
the notification itself is mostly harmless, it may potentially be
harmful, and should be suppressed.  Actually some components PCM may
free ctl elements during the disconnect or free callbacks, thus it's
no theoretical issue.

This patch adds the check of card->shutdown flag for avoiding
unnecessary notifications after (or during) the disconnect.

Signed-off-by: Takashi Iwai 
Signed-off-by: Greg Kroah-Hartman 
Signed-off-by: Willy Tarreau 
---
 sound/core/control.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sound/core/control.c b/sound/core/control.c
index 3fcead6..251bc57 100644
--- a/sound/core/control.c
+++ b/sound/core/control.c
@@ -150,6 +150,8 @@ void snd_ctl_notify(struct snd_card *card, unsigned int 
mask,

if (snd_BUG_ON(!card || !id))
return;
+   if (card->shutdown)
+   return;
read_lock(&card->ctl_files_rwlock);
 #if defined(CONFIG_SND_MIXER_OSS) || defined(CONFIG_SND_MIXER_OSS_MODULE)
card->mixer_oss_change_count++;
-- 
2.8.0.rc2.1.gbe9624a

[PATCH 3.10 047/180] tcp: make challenge acks less predictable

2016-08-21 Thread Willy Tarreau 
From: "Charles (Chas) Williams" 

commit 75ff39ccc1bd5d3c455b6822ab09e533c551f758 upstream.

From: Eric Dumazet 

Yue Cao claims that current host rate limiting of challenge ACKS
(RFC 5961) could leak enough information to allow a patient attacker
to hijack TCP sessions. He will soon provide details in an academic
paper.

This patch increases the default limit from 100 to 1000, and adds
some randomization so that the attacker can no longer hijack
sessions without spending a considerable amount of probes.

Based on initial analysis and patch from Linus.

Note that we also have per socket rate limiting, so it is tempting
to remove the host limit in the future.

v2: randomize the count of challenge acks per second, not the period.

Fixes: 282f23c6ee34 ("tcp: implement RFC 5961 3.2")
Reported-by: Yue Cao 
Signed-off-by: Eric Dumazet 
Suggested-by: Linus Torvalds 
Cc: Yuchung Cheng 
Cc: Neal Cardwell 
Acked-by: Neal Cardwell 
Acked-by: Yuchung Cheng 
Signed-off-by: David S. Miller 
[ ciwillia: backport to 3.10-stable ]
Signed-off-by: Chas Williams 
Signed-off-by: Willy Tarreau 
---
 net/ipv4/tcp_input.c | 14 +++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index f89087c..f3b15bb 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -68,6 +68,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -87,7 +88,7 @@ int sysctl_tcp_adv_win_scale __read_mostly = 1;
 EXPORT_SYMBOL(sysctl_tcp_adv_win_scale);
 
 /* rfc5961 challenge ack rate limiting */
-int sysctl_tcp_challenge_ack_limit = 100;
+int sysctl_tcp_challenge_ack_limit = 1000;
 
 int sysctl_tcp_stdurg __read_mostly;
 int sysctl_tcp_rfc1337 __read_mostly;
@@ -3288,12 +3289,19 @@ static void tcp_send_challenge_ack(struct sock *sk)
static u32 challenge_timestamp;
static unsigned int challenge_count;
u32 now = jiffies / HZ;
+   u32 count;
 
if (now != challenge_timestamp) {
+   u32 half = (sysctl_tcp_challenge_ack_limit + 1) >> 1;
+
challenge_timestamp = now;
-   challenge_count = 0;
+   ACCESS_ONCE(challenge_count) = half +
+ reciprocal_divide(prandom_u32(),
+   sysctl_tcp_challenge_ack_limit);
}
-   if (++challenge_count <= sysctl_tcp_challenge_ack_limit) {
+   count = ACCESS_ONCE(challenge_count);
+   if (count > 0) {
+   ACCESS_ONCE(challenge_count) = count - 1;
NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPCHALLENGEACK);
tcp_send_ack(sk);
}
-- 
2.8.0.rc2.1.gbe9624a

[PATCH 3.10 056/180] MIPS: ath79: make bootconsole wait for both THRE and TEMT

2016-08-21 Thread Willy Tarreau 
From: Matthias Schiffer 

commit f5b556c94c8490d42fea79d7b4ae0ecbc291e69d upstream.

This makes the ath79 bootconsole behave the same way as the generic 8250
bootconsole.

Also waiting for TEMT (transmit buffer is empty) instead of just THRE
(transmit buffer is not full) ensures that all characters have been
transmitted before the real serial driver starts reconfiguring the serial
controller (which would sometimes result in garbage being transmitted.)
This change does not cause a visible performance loss.

In addition, this seems to fix a hang observed in certain configurations on
many AR7xxx/AR9xxx SoCs during autoconfig of the real serial driver.

A more complete follow-up patch will disable 8250 autoconfig for ath79
altogether (the serial controller is detected as a 16550A, which is not
fully compatible with the ath79 serial, and the autoconfig may lead to
undefined behavior on ath79.)

Cc: 
Signed-off-by: Matthias Schiffer 
Signed-off-by: Greg Kroah-Hartman 
Signed-off-by: Willy Tarreau 
---
 arch/mips/ath79/early_printk.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/arch/mips/ath79/early_printk.c b/arch/mips/ath79/early_printk.c
index b955faf..d1adc59 100644
--- a/arch/mips/ath79/early_printk.c
+++ b/arch/mips/ath79/early_printk.c
@@ -31,13 +31,15 @@ static inline void prom_putchar_wait(void __iomem *reg, u32 
mask, u32 val)
} while (1);
 }
 
+#define BOTH_EMPTY (UART_LSR_TEMT | UART_LSR_THRE)
+
 static void prom_putchar_ar71xx(unsigned char ch)
 {
void __iomem *base = (void __iomem *)(KSEG1ADDR(AR71XX_UART_BASE));
 
-   prom_putchar_wait(base + UART_LSR * 4, UART_LSR_THRE, UART_LSR_THRE);
+   prom_putchar_wait(base + UART_LSR * 4, BOTH_EMPTY, BOTH_EMPTY);
__raw_writel(ch, base + UART_TX * 4);
-   prom_putchar_wait(base + UART_LSR * 4, UART_LSR_THRE, UART_LSR_THRE);
+   prom_putchar_wait(base + UART_LSR * 4, BOTH_EMPTY, BOTH_EMPTY);
 }
 
 static void prom_putchar_ar933x(unsigned char ch)
-- 
2.8.0.rc2.1.gbe9624a

[PATCH 3.10 143/180] Revert "ecryptfs: forbid opening files without mmap handler"

2016-08-21 Thread Willy Tarreau 
From: Jeff Mahoney 

commit 78c4e172412de5d0456dc00d2b34050aa0b683b5 upstream.

This reverts commit 2f36db71009304b3f0b95afacd8eba1f9f046b87.

It fixed a local root exploit but also introduced a dependency on
the lower file system implementing an mmap operation just to open a file,
which is a bit of a heavy hammer.  The right fix is to have mmap depend
on the existence of the mmap handler instead.

Signed-off-by: Jeff Mahoney 
Signed-off-by: Tyler Hicks 
Signed-off-by: Greg Kroah-Hartman 
Signed-off-by: Willy Tarreau 
---
 fs/ecryptfs/kthread.c | 13 ++---
 1 file changed, 2 insertions(+), 11 deletions(-)

diff --git a/fs/ecryptfs/kthread.c b/fs/ecryptfs/kthread.c
index 9b661a4..f1ea610 100644
--- a/fs/ecryptfs/kthread.c
+++ b/fs/ecryptfs/kthread.c
@@ -25,7 +25,6 @@
 #include 
 #include 
 #include 
-#include 
 #include "ecryptfs_kernel.h"
 
 struct ecryptfs_open_req {
@@ -148,7 +147,7 @@ int ecryptfs_privileged_open(struct file **lower_file,
flags |= IS_RDONLY(lower_dentry->d_inode) ? O_RDONLY : O_RDWR;
(*lower_file) = dentry_open(&req.path, flags, cred);
if (!IS_ERR(*lower_file))
-   goto have_file;
+   goto out;
if ((flags & O_ACCMODE) == O_RDONLY) {
rc = PTR_ERR((*lower_file));
goto out;
@@ -166,16 +165,8 @@ int ecryptfs_privileged_open(struct file **lower_file,
mutex_unlock(&ecryptfs_kthread_ctl.mux);
wake_up(&ecryptfs_kthread_ctl.wait);
wait_for_completion(&req.done);
-   if (IS_ERR(*lower_file)) {
+   if (IS_ERR(*lower_file))
rc = PTR_ERR(*lower_file);
-   goto out;
-   }
-have_file:
-   if ((*lower_file)->f_op->mmap == NULL) {
-   fput(*lower_file);
-   *lower_file = NULL;
-   rc = -EMEDIUMTYPE;
-   }
 out:
return rc;
 }
-- 
2.8.0.rc2.1.gbe9624a

[PATCH 3.10 017/180] netfilter: ip_tables: simplify translate_compat_table args

2016-08-21 Thread Willy Tarreau 
From: Florian Westphal 

commit 7d3f843eed2954c9feab481f55175a1afcc9 upstream.

Signed-off-by: Florian Westphal 
Signed-off-by: Pablo Neira Ayuso 
Signed-off-by: Willy Tarreau 
---
 net/ipv4/netfilter/ip_tables.c | 61 +-
 1 file changed, 25 insertions(+), 36 deletions(-)

diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 29f3092..ddfc3ac 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -1439,7 +1439,6 @@ compat_copy_entry_to_user(struct ipt_entry *e, void 
__user **dstptr,
 
 static int
 compat_find_calc_match(struct xt_entry_match *m,
-  const char *name,
   const struct ipt_ip *ip,
   unsigned int hookmask,
   int *size)
@@ -1477,8 +1476,7 @@ check_compat_entry_size_and_hooks(struct compat_ipt_entry 
*e,
  const unsigned char *base,
  const unsigned char *limit,
  const unsigned int *hook_entries,
- const unsigned int *underflows,
- const char *name)
+ const unsigned int *underflows)
 {
struct xt_entry_match *ematch;
struct xt_entry_target *t;
@@ -1514,8 +1512,8 @@ check_compat_entry_size_and_hooks(struct compat_ipt_entry 
*e,
entry_offset = (void *)e - (void *)base;
j = 0;
xt_ematch_foreach(ematch, e) {
-   ret = compat_find_calc_match(ematch, name,
-&e->ip, e->comefrom, &off);
+   ret = compat_find_calc_match(ematch, &e->ip, e->comefrom,
+&off);
if (ret != 0)
goto release_matches;
++j;
@@ -1564,7 +1562,7 @@ release_matches:
 
 static int
 compat_copy_entry_from_user(struct compat_ipt_entry *e, void **dstptr,
-   unsigned int *size, const char *name,
+   unsigned int *size,
struct xt_table_info *newinfo, unsigned char *base)
 {
struct xt_entry_target *t;
@@ -1640,14 +1638,9 @@ compat_check_entry(struct ipt_entry *e, struct net *net, 
const char *name)
 
 static int
 translate_compat_table(struct net *net,
-  const char *name,
-  unsigned int valid_hooks,
   struct xt_table_info **pinfo,
   void **pentry0,
-  unsigned int total_size,
-  unsigned int number,
-  unsigned int *hook_entries,
-  unsigned int *underflows)
+  const struct compat_ipt_replace *compatr)
 {
unsigned int i, j;
struct xt_table_info *newinfo, *info;
@@ -1659,8 +1652,8 @@ translate_compat_table(struct net *net,
 
info = *pinfo;
entry0 = *pentry0;
-   size = total_size;
-   info->number = number;
+   size = compatr->size;
+   info->number = compatr->num_entries;
 
/* Init all hooks to impossible value. */
for (i = 0; i < NF_INET_NUMHOOKS; i++) {
@@ -1671,40 +1664,39 @@ translate_compat_table(struct net *net,
duprintf("translate_compat_table: size %u\n", info->size);
j = 0;
xt_compat_lock(AF_INET);
-   xt_compat_init_offsets(AF_INET, number);
+   xt_compat_init_offsets(AF_INET, compatr->num_entries);
/* Walk through entries, checking offsets. */
-   xt_entry_foreach(iter0, entry0, total_size) {
+   xt_entry_foreach(iter0, entry0, compatr->size) {
ret = check_compat_entry_size_and_hooks(iter0, info, &size,
entry0,
-   entry0 + total_size,
-   hook_entries,
-   underflows,
-   name);
+   entry0 + compatr->size,
+   compatr->hook_entry,
+   compatr->underflow);
if (ret != 0)
goto out_unlock;
++j;
}
 
ret = -EINVAL;
-   if (j != number) {
+   if (j != compatr->num_entries) {
duprintf("translate_compat_table: %u not %u entries\n",
-j, number);
+j, compatr->num_entries);
goto out_unlock;
}
 
/* Check hooks all assigned */
for (i = 0; i < NF_INET_NUMHOOKS; i++) {
/* Only hooks which are valid */
-   if (!(valid_hooks & (1 << i)))
+   if (!(compatr-

[PATCH 3.10 125/180] iio: accel: kxsd9: fix the usage of spi_w8r8()

2016-08-21 Thread Willy Tarreau 
From: Linus Walleij 

commit 0c1f91b98552da49d9d8eed32b3132a58d2f4598 upstream.

These two spi_w8r8() calls return a value with is used by the code
following the error check. The dubious use was caused by a cleanup
patch.

Fixes: d34dbee8ac8e ("staging:iio:accel:kxsd9 cleanup and conversion to 
iio_chan_spec.")
Signed-off-by: Linus Walleij 
Cc: 
Signed-off-by: Jonathan Cameron 
Signed-off-by: Willy Tarreau 
---
 drivers/iio/accel/kxsd9.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/iio/accel/kxsd9.c b/drivers/iio/accel/kxsd9.c
index 7c9a1d9..a22c427 100644
--- a/drivers/iio/accel/kxsd9.c
+++ b/drivers/iio/accel/kxsd9.c
@@ -81,7 +81,7 @@ static int kxsd9_write_scale(struct iio_dev *indio_dev, int 
micro)
 
mutex_lock(&st->buf_lock);
ret = spi_w8r8(st->us, KXSD9_READ(KXSD9_REG_CTRL_C));
-   if (ret)
+   if (ret < 0)
goto error_ret;
st->tx[0] = KXSD9_WRITE(KXSD9_REG_CTRL_C);
st->tx[1] = (ret & ~KXSD9_FS_MASK) | i;
@@ -163,7 +163,7 @@ static int kxsd9_read_raw(struct iio_dev *indio_dev,
break;
case IIO_CHAN_INFO_SCALE:
ret = spi_w8r8(st->us, KXSD9_READ(KXSD9_REG_CTRL_C));
-   if (ret)
+   if (ret < 0)
goto error_ret;
*val2 = kxsd9_micro_scales[ret & KXSD9_FS_MASK];
ret = IIO_VAL_INT_PLUS_MICRO;
-- 
2.8.0.rc2.1.gbe9624a

[PATCH 3.10 081/180] ext4: fix hang when processing corrupted orphaned inode list

2016-08-21 Thread Willy Tarreau 
From: Theodore Ts'o 

commit c9eb13a9105e2e418f72e46a2b6da3f49e696902 upstream.

If the orphaned inode list contains inode #5, ext4_iget() returns a
bad inode (since the bootloader inode should never be referenced
directly).  Because of the bad inode, we end up processing the inode
repeatedly and this hangs the machine.

This can be reproduced via:

   mke2fs -t ext4 /tmp/foo.img 100
   debugfs -w -R "ssv last_orphan 5" /tmp/foo.img
   mount -o loop /tmp/foo.img /mnt

(But don't do this if you are using an unpatched kernel if you care
about the system staying functional.  :-)

This bug was found by the port of American Fuzzy Lop into the kernel
to find file system problems[1].  (Since it *only* happens if inode #5
shows up on the orphan list --- 3, 7, 8, etc. won't do it, it's not
surprising that AFL needed two hours before it found it.)

[1] 
http://events.linuxfoundation.org/sites/events/files/slides/AFL%20filesystem%20fuzzing%2C%20Vault%202016_0.pdf

Cc: sta...@vger.kernel.org
Reported by: Vegard Nossum 
Signed-off-by: Theodore Ts'o 
Signed-off-by: Willy Tarreau 
---
 fs/ext4/ialloc.c | 10 ++
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c
index 4d4718c..00cbc64 100644
--- a/fs/ext4/ialloc.c
+++ b/fs/ext4/ialloc.c
@@ -1027,11 +1027,13 @@ struct inode *ext4_orphan_get(struct super_block *sb, 
unsigned long ino)
goto iget_failed;
 
/*
-* If the orphans has i_nlinks > 0 then it should be able to be
-* truncated, otherwise it won't be removed from the orphan list
-* during processing and an infinite loop will result.
+* If the orphans has i_nlinks > 0 then it should be able to
+* be truncated, otherwise it won't be removed from the orphan
+* list during processing and an infinite loop will result.
+* Similarly, it must not be a bad inode.
 */
-   if (inode->i_nlink && !ext4_can_truncate(inode))
+   if ((inode->i_nlink && !ext4_can_truncate(inode)) ||
+   is_bad_inode(inode))
goto bad_orphan;
 
if (NEXT_ORPHAN(inode) > max_ino)
-- 
2.8.0.rc2.1.gbe9624a

[PATCH 3.10 103/180] crypto: scatterwalk - Fix test in scatterwalk_done

2016-08-21 Thread Willy Tarreau 
From: Herbert Xu 

commit 5f070e81bee35f1b7bd1477bb223a873ff657803 upstream.

When there is more data to be processed, the current test in
scatterwalk_done may prevent us from calling pagedone even when
we should.

In particular, if we're on an SG entry spanning multiple pages
where the last page is not a full page, we will incorrectly skip
calling pagedone on the second last page.

This patch fixes this by adding a separate test for whether we've
reached the end of a page.

Cc: sta...@vger.kernel.org
Signed-off-by: Herbert Xu 
Signed-off-by: Willy Tarreau 
---
 crypto/scatterwalk.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/scatterwalk.c b/crypto/scatterwalk.c
index 7281b8a..79cbbbf 100644
--- a/crypto/scatterwalk.c
+++ b/crypto/scatterwalk.c
@@ -68,7 +68,8 @@ static void scatterwalk_pagedone(struct scatter_walk *walk, 
int out,
 
 void scatterwalk_done(struct scatter_walk *walk, int out, int more)
 {
-   if (!(scatterwalk_pagelen(walk) & (PAGE_SIZE - 1)) || !more)
+   if (!more || walk->offset >= walk->sg->offset + walk->sg->length ||
+   !(walk->offset & (PAGE_SIZE - 1)))
scatterwalk_pagedone(walk, out, more);
 }
 EXPORT_SYMBOL_GPL(scatterwalk_done);
-- 
2.8.0.rc2.1.gbe9624a

[PATCH 3.10 002/180] x86, asmlinkage, apm: Make APM data structure used from assembler visible

2016-08-21 Thread Willy Tarreau 
From: Andi Kleen 

commit 54c2f3fdb941204cad136024c7b854b7ad112ab6 upstream.

Signed-off-by: Andi Kleen 
Link: 
http://lkml.kernel.org/r/1375740170-7446-12-git-send-email-a...@firstfloor.org
Signed-off-by: H. Peter Anvin 
Signed-off-by: Willy Tarreau 
---
 arch/x86/kernel/apm_32.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kernel/apm_32.c b/arch/x86/kernel/apm_32.c
index 53a4e27..3ab0343 100644
--- a/arch/x86/kernel/apm_32.c
+++ b/arch/x86/kernel/apm_32.c
@@ -392,7 +392,7 @@ static struct cpuidle_device apm_cpuidle_device;
 /*
  * Local variables
  */
-static struct {
+__visible struct {
unsigned long   offset;
unsigned short  segment;
 } apm_bios_entry;
-- 
2.8.0.rc2.1.gbe9624a

[PATCH 3.10 178/180] isdn: hfcpci_softirq: get func return to suppress compiler warning

2016-08-21 Thread Willy Tarreau 
From: Antonio Alecrim Jr 

commit d6d6d1bc44362112e10a48d434e5b3c716152003 upstream.

Signed-off-by: Antonio Alecrim Jr 
Signed-off-by: David S. Miller 
Signed-off-by: Willy Tarreau 
---
 drivers/isdn/hardware/mISDN/hfcpci.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/isdn/hardware/mISDN/hfcpci.c 
b/drivers/isdn/hardware/mISDN/hfcpci.c
index a7e4939..eab9167 100644
--- a/drivers/isdn/hardware/mISDN/hfcpci.c
+++ b/drivers/isdn/hardware/mISDN/hfcpci.c
@@ -2295,8 +2295,8 @@ _hfcpci_softirq(struct device *dev, void *arg)
 static void
 hfcpci_softirq(void *arg)
 {
-   (void) driver_for_each_device(&hfc_driver.driver, NULL, arg,
- _hfcpci_softirq);
+   WARN_ON_ONCE(driver_for_each_device(&hfc_driver.driver, NULL, arg,
+ _hfcpci_softirq) != 0);
 
/* if next event would be in the past ... */
if ((s32)(hfc_jiffies + tics - jiffies) <= 0)
-- 
2.8.0.rc2.1.gbe9624a

[PATCH 3.10 080/180] drm/radeon: fix firmware info version checks

2016-08-21 Thread Willy Tarreau 
From: Alex Deucher 

commit 3edc38a0facef45ee22af8afdce3737f421f36ab upstream.

Some of the checks didn't handle frev 2 tables properly.

Signed-off-by: Alex Deucher 
Cc: sta...@vger.kernel.org
Signed-off-by: Willy Tarreau 
---
 drivers/gpu/drm/radeon/radeon_atombios.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/radeon/radeon_atombios.c 
b/drivers/gpu/drm/radeon/radeon_atombios.c
index f3cce23..f4b9b1c 100644
--- a/drivers/gpu/drm/radeon/radeon_atombios.c
+++ b/drivers/gpu/drm/radeon/radeon_atombios.c
@@ -1144,7 +1144,7 @@ bool radeon_atom_get_clock_info(struct drm_device *dev)
le16_to_cpu(firmware_info->info.usReferenceClock);
p1pll->reference_div = 0;
 
-   if (crev < 2)
+   if ((frev < 2) && (crev < 2))
p1pll->pll_out_min =

le16_to_cpu(firmware_info->info.usMinPixelClockPLL_Output);
else
@@ -1153,7 +1153,7 @@ bool radeon_atom_get_clock_info(struct drm_device *dev)
p1pll->pll_out_max =
le32_to_cpu(firmware_info->info.ulMaxPixelClockPLL_Output);
 
-   if (crev >= 4) {
+   if (((frev < 2) && (crev >= 4)) || (frev >= 2)) {
p1pll->lcd_pll_out_min =

le16_to_cpu(firmware_info->info_14.usLcdMinPixelClockPLL_Output) * 100;
if (p1pll->lcd_pll_out_min == 0)
-- 
2.8.0.rc2.1.gbe9624a

  1   2   3   4   5   >