Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v3.18.29 2016-03-17T18:09:52Z 2016-03-17T18:09:52Z Sasha Levin sasha.levin@oracle.com 2016-03-17T18:09:52Z urn:sha1:d439e869d612dd7a338ac75a4afc3646a5e67370 Signed-off-by: Sasha Levin <sasha.levin@oracle.com> 2016-03-15T16:15:16Z Lorenzo Pieralisi lorenzo.pieralisi@arm.com 2015-11-17T11:50:51Z urn:sha1:ae6b37f1a19776e90384bedf5792a3b3eae71094 [ Upstream commit de818bd4522c40ea02a81b387d2fa86f989c9623 ] The function graph tracer adds instrumentation that is required to trace both entry and exit of a function. In particular the function graph tracer updates the "return address" of a function in order to insert a trace callback on function exit. Kernel power management functions like cpu_suspend() are called upon power down entry with functions called "finishers" that are in turn called to trigger the power down sequence but they may not return to the kernel through the normal return path. When the core resumes from low-power it returns to the cpu_suspend() function through the cpu_resume path, which leaves the trace stack frame set-up by the function tracer in an incosistent state upon return to the kernel when tracing is enabled. This patch fixes the issue by pausing/resuming the function graph tracer on the thread executing cpu_suspend() (ie the function call that subsequently triggers the "suspend finishers"), so that the function graph tracer state is kept consistent across functions that enter power down states and never return by effectively disabling graph tracer while they are executing. Fixes: 819e50e25d0c ("arm64: Add ftrace support") Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com> Reported-by: Catalin Marinas <catalin.marinas@arm.com> Reported-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Suggested-by: Steven Rostedt <rostedt@goodmis.org> Acked-by: Steven Rostedt <rostedt@goodmis.org> Cc: Will Deacon <will.deacon@arm.com> Cc: <stable@vger.kernel.org> # 3.16+ Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: Sasha Levin <sasha.levin@oracle.com> 2016-03-14T20:55:13Z Hannes Frederic Sowa hannes@stressinduktion.org 2015-10-08T16:19:53Z urn:sha1:b56579ef7dc954a42a7023922ba862e3b6396d89 [ Upstream commit 9ef2e965e55481a52d6d91ce61977a27836268d3 ] This is a clone of commit 2ab957492d13b ("ip_forward: Drop frames with attached skb->sk") for ipv6. This commit has exactly the same reasons as the above mentioned commit, namely to prevent panics during netfilter reload or a misconfigured stack. Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sasha.levin@oracle.com> 2016-03-14T14:07:28Z Sasha Levin sasha.levin@oracle.com 2016-03-14T14:07:28Z urn:sha1:c8140051f74fa6e32f84cecf60b2999526acd201 There was an error in the backport, which is now fixed. Reported-by: Francesco Ruggeri <fruggeri@aristanetworks.com> Signed-off-by: Sasha Levin <sasha.levin@oracle.com> 2016-03-13T17:53:42Z Marcelo Tosatti mtosatti@redhat.com 2016-03-11T08:53:11Z urn:sha1:e5aa9bc4adeca95a3858e14ac5d1698efefa737d [ Upstream commit 7cae2bedcbd4680b155999655e49c27b9cf020fa ] As reported at https://bugs.launchpad.net/qemu/+bug/1494350, it is possible to have vcpu->arch.st.last_steal initialized from a thread other than vcpu thread, say the iothread, via KVM_SET_MSRS. Which can cause an overflow later (when subtracting from vcpu threads sched_info.run_delay). To avoid that, move steal time accumulation to vcpu entry time, before copying steal time data to guest. Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Reviewed-by: David Matlack <dmatlack@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Sasha Levin <sasha.levin@oracle.com> 2016-03-13T17:53:42Z Kamal Mostafa kamal@canonical.com 2016-01-06T23:37:08Z urn:sha1:b769d469e5355fcfb8af9f1a3dce9ec026c59626 commit f6ba98c5dc78708cb7fd29950c4a50c4c7e88f95 upstream. Signed-off-by: Kamal Mostafa <kamal@canonical.com> Acked-by: Pavel Machek <pavel@ucw.cz> Cc: Jiri Olsa <jolsa@kernel.org> Cc: Jonathan Cameron <jic23@kernel.org> Cc: Pali Rohar <pali.rohar@gmail.com> Cc: Roberta Dobrescu <roberta.dobrescu@gmail.com> Link: http://lkml.kernel.org/r/1447280736-2161-2-git-send-email-kamal@canonical.com Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> [ kamal: backport to 3.18-stable: build all tools for this version ] Signed-off-by: Kamal Mostafa <kamal@canonical.com> Signed-off-by: Sasha Levin <sasha.levin@oracle.com> 2016-03-13T17:53:42Z Ioan-Adrian Ratiu adi@adirat.com 2016-01-29T20:10:36Z urn:sha1:4f4f0fc7ed917093d3868b8f19b1d4286d696b38 commit e470127e9606b1fa151c4184243e61296d1e0c0f upstream. The critical section protected by usbhid->lock in hid_ctrl() is too big and because of this it causes a recursive deadlock. "Too big" means the case statement and the call to hid_input_report() do not need to be protected by the spinlock (no URB operations are done inside them). The deadlock happens because in certain rare cases drivers try to grab the lock while handling the ctrl irq which grabs the lock before them as described above. For example newer wacom tablets like 056a:033c try to reschedule proximity reads from wacom_intuos_schedule_prox_event() calling hid_hw_request() -> usbhid_request() -> usbhid_submit_report() which tries to grab the usbhid lock already held by hid_ctrl(). There are two ways to get out of this deadlock: 1. Make the drivers work "around" the ctrl critical region, in the wacom case for ex. by delaying the scheduling of the proximity read request itself to a workqueue. 2. Shrink the critical region so the usbhid lock protects only the instructions which modify usbhid state, calling hid_input_report() with the spinlock unlocked, allowing the device driver to grab the lock first, finish and then grab the lock afterwards in hid_ctrl(). This patch implements the 2nd solution. Signed-off-by: Ioan-Adrian Ratiu <adi@adirat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Jason Gerecke <jason.gerecke@wacom.com> Signed-off-by: Sasha Levin <sasha.levin@oracle.com> 2016-03-13T17:53:42Z Arik Nemtsov arik@wizery.com 2016-02-07T20:51:08Z urn:sha1:83d62544a5cde4db8bbd0d79559b4fb339373b22 [commit fe45773b5baa154468416aac1304f6325939f775 upstream] Toggle the LMPM_CHICK register when writing chunks into the FW's extended SRAM. This tells the FW to put the chunk into a different memory space. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Sasha Levin <sasha.levin@oracle.com> 2016-03-13T17:53:41Z Richard Weinberger richard@nod.at 2016-02-21T09:53:03Z urn:sha1:e50ea3c00d51da1b7cc860b312cc06b89ec51836 [ Upstream commit e4f6daac20332448529b11f09388f1d55ef2084c ] ubi_start_leb_change() allocates too few bytes. ubi_more_leb_change_data() will write up to req->upd_bytes + ubi->min_io_size bytes. Cc: stable@vger.kernel.org Signed-off-by: Richard Weinberger <richard@nod.at> Reviewed-by: Boris Brezillon <boris.brezillon@free-electrons.com> Signed-off-by: Sasha Levin <sasha.levin@oracle.com> 2016-03-13T17:53:41Z Maciej W. Rozycki macro@imgtec.com 2016-03-04T01:42:49Z urn:sha1:b8882250c376aaa4413b535692d5c6ba20a84800 [ Upstream commit e723e3f7f9591b79e8c56b3d7c5a204a9c571b55 ] Avoid sending a partially initialised `siginfo_t' structure along SIGFPE signals issued from `do_ov' and `do_trap_or_bp', leading to information leaking from the kernel stack. Signed-off-by: Maciej W. Rozycki <macro@imgtec.com> Cc: stable@vger.kernel.org Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: Sasha Levin <sasha.levin@oracle.com>