Revert a recent ACPICA commit that introduced a suspend-to-RAM
regression on one system due to incorrect information in its ACPI
tables that had not been taken into consideration at all before (and
everything worked), but the commit in question started to use it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABCAAGBQJXZJTwAAoJEILEb/54YlRxXGUQALQCxZeFRjYrCeP5uwN0Kcxs
21JpnflvhEdi5VDjTdcyFHXNwEyb21IyDvmh4nMuuvARHJbmmfemVquVQiS0vF7M
+SX64qPW7YndnlqkLevBSozZMgF65epRTetyh+wE6WHfEayobA+vFE7nILvtz6b7
H2cNjeDMP8oG94DpRgevD9IJCZJolaSNSJzJXOCWsPYOmvTDgH+ow9R5eHed/2/K
Ms3yDgQV7G67H6Bu/42mVQtg+dXOs1B4I3VI5/yu3vpuNS86qdNdqfIFpAkZDIIm
Twf05slrsUU+ZVTTNLbcJZMuqBvnUEl5P7LHwjO/r5kdHgRpdjNXxJ051bZfh34C
f3wBK8Hl6qFONIArMKQd75sRfEHmZsig1iPmJKcFjdEfRxuKJeFqHfYIky2ONNLA
53uZhIaHvTDf8lO4X1jR61veF4VJJGMp0rM5a688iSPT4PprhN2/b6ayIXLLyLtI
KJ/joiv/kI9wua5rPZFg9kEX4n/E0zylIaZGtmsUGDIa5y5BJnVsylRIRsEjEeoJ
QwB00uTP28+bREopgnSWL3fQvwEDrhNn7t6ZKEcvv4VdKsdlRjnWF29nMmap9hmw
PcvAUts/8dH7xLjmb9CVW+2X0O6mYI5eWiVNKjjN5wtx5fSGj7V5z7s7WKULt1YU
DNk5/QvVjYHavZ8/Gwli
=OaOr
-----END PGP SIGNATURE-----
Merge tag 'acpi-4.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI fix from Rafael Wysocki:
"Revert a recent ACPICA commit that introduced a suspend-to-RAM
regression on one system due to incorrect information in its ACPI
tables that had not been taken into consideration at all before (and
everything worked), but the commit in question started to use it"
* tag 'acpi-4.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
Revert "ACPICA: ACPI 2.0, Hardware: Add access_width/bit_offset support for acpi_hw_write()"
- Fix a recent regression in the intel_pstate driver that may
lead to degraded performance on some systems due to missing
turbo state entry in the table returned by the ACPI _PSS
object (Srinivas Pandruvada).
- Fix a recent regression in the OPP (operating performance points)
framework that may lead to degraded performance on some systems
where the OPP table is created too early (Viresh Kumar).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABCAAGBQJXZJSaAAoJEILEb/54YlRxsSIP/3La4sQznXd2U5S4E/kjy7eh
7bidzRH1R0RlkCnE6WmRMSVwAG5dF3n3vQMYFIQxT1Mq1Fbbfmb+fPgWVJ+2xbjJ
+2yobuq385bwE4Y1RJViLcYsEEA1t/92r6gE3eI6x2jYg0FUJ4YHYAg22aYUGyDE
p5PmazJX1v4wuEarwe1qKloNLRW++mqyERdobH21JLTaRECuwC669ydZt6OMDNk6
lx0thNyOtNumr6w4Z3RSgIo3+pHjSYLIjL9yxRTWgQAmAFr7WdWyfP/nh48p8fEj
sP8yuaRcIBOzxC8IXP2jlLENmkLZI+dttFz7CQ8xEwdhzMSZ1Z9dJb82dSO5gTc8
F8xY48xk+W5jH+qLc4ZayS4sCxWgAphFTpAq6o9N16zbRo5BPOmyYujOIlMl6lvz
4n95r+1OkvX0k4b07rkBJcrKb8mDKhmnv2K0UDyNElz6Ihx2YgMlv2YGWOYhT88K
8X49o2HaftRJDK2rtOhvCivQUU/cj3ldTu7Ys0hTBe+OxIeGA2+OJz1gr60gYMcz
jN75c2llTQfJeMa4X2ysFEHUma5QNv8IqV2IsqsmGtcmZx3ARkKfH1yfqWQlzLU0
HY1cht5S1vc1e4AsezwfejwFaNdo02U/yXa2SHYYlw0tL+0J039XGTKQswh3RRT2
y3lQnQOl2ogeKHsTxELr
=BG8V
-----END PGP SIGNATURE-----
Merge tag 'pm-4.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull power management fixes from Rafael Wysocki:
"Fixes for two recent regressions that may lead to degraded performance
(operating performance points framework, intel_pstate).
Specifics:
- Fix a recent regression in the intel_pstate driver that may lead to
degraded performance on some systems due to missing turbo state
entry in the table returned by the ACPI _PSS object (Srinivas
Pandruvada).
- Fix a recent regression in the OPP (operating performance points)
framework that may lead to degraded performance on some systems
where the OPP table is created too early (Viresh Kumar)"
* tag 'pm-4.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
PM / OPP: Add 'UNKNOWN' status for shared_opp in struct opp_table
cpufreq: intel_pstate: Adjust _PSS[0] freqeuency if needed
Pull HID subsystem fixes from Jiri Kosina:
- kernel panic fix in hid-elo from Oliver Neukum
- Surface Pro 3 device quirk from Benjamin Tissoires
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
HID: multitouch: Add MT_QUIRK_NOT_SEEN_MEANS_UP to Surface Pro 3
HID: elo: kill not flush the work
- Plug the ongoing spin_unlock_wait/spin_is_locked mess
- KGDB protocol fix to sync w/ GDB
- Fix MIDR-based PMU probing for old 32-bit SMP systems (OMAP4/Realview)
- Minor tweaks to the fault handling path
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABCgAGBQJXY97DAAoJELescNyEwWM08fYH/3QSj8P11PPIoyu1qEs+9kj1
r7lQGLMZoI/VS7OGPmgwpbQRHk227h0Rz4UnQ4/fTharVs5Pv9iPxnFKjCRCVVGK
VuI815tWC+0mKlJ4ztn8cJk7+GgWiZttAn5qWafuXQUTfqm+ywZOxfiU0+aC9Ytn
k5m3G46cyAvrBcNwLFcrwavzdyVjy/O3nEQVWmzT7uXmPknr52BmWjk3VuCMPdYd
tEjoRK3Nt2xMV3E4A6oIINBz1KmmqGVW3Nzx2prD0d0oGwyT+3FDlHbm+b/fn7aK
ti18FPUDiNSE67enYQ1+3wEyn1Ge/0Z/lLnKJxWXv4+qk3zwsCkp4h/SkOqv3fM=
=0YtF
-----END PGP SIGNATURE-----
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 fixes from Will Deacon:
"The main things are getting kgdb up and running with upstream GDB
after a protocol change was reverted and fixing our spin_unlock_wait
and spin_is_locked implementations after doing some similar work with
PeterZ on the qspinlock code last week. Whilst we haven't seen any
failures in practice, it's still worth getting this fixed.
Summary:
- Plug the ongoing spin_unlock_wait/spin_is_locked mess
- KGDB protocol fix to sync w/ GDB
- Fix MIDR-based PMU probing for old 32-bit SMP systems
(OMAP4/Realview)
- Minor tweaks to the fault handling path"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: kgdb: Match pstate size with gdbserver protocol
arm64: spinlock: Ensure forward-progress in spin_unlock_wait
arm64: spinlock: fix spin_unlock_wait for LSE atomics
arm64: spinlock: order spin_{is_locked,unlock_wait} against local locks
arm: pmu: Fix non-devicetree probing
arm64: mm: mark fault_info table const
arm64: fix dump_instr when PAN and UAO are in use
Three patches queued up:
* Fix for ARM-SMMU to add a missing iommu-ops callback which is
required by common iommu code
* Fix for the rockchip iommu where the wrong MMUs got the
commands
* A regression fix for the Intel VT-d driver. The regression
only showed up on X58 chipsets with more than one iommu. These
chipsets seem to require that QI is enabled on all IOMMUs
before it can be used.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABAgAGBQJXZArGAAoJECvwRC2XARrj1zwP+wTP9+bvEFvztoIOsFY9uB+3
iiVC083t/4y4qmlwbUuHfI7Oh6RNQTbYhCWDvD5XzW7wDONYrkYwrwvDy3suV8jE
vjnnufK4suEpE96dlI7O+ivudqVBLnvzVIqhJwTwsNUgIBO8ZKGgJDNSiRn00eSh
4+ooS3EHExW6xxeUYwS5t4WKHS463eABOs6EJiF7WnuX1hhNHdLS/kik7qtEZ2uU
yTHHKTklDHR3uToj6bCnaQnTVQVlN7Yde1ba8WqbzzSnFz+ir1RMElXkp7aCASnY
/V1bEPRnZtIaT8JRBAK2FDjnsrDFtTmuF+uU1FZxT1upoxOie3pT4d9hCJmpbhxu
z4UAXJ/DSI2V8cqR6GW4tEfXOJ7ZX8QSqakuAdlIlo+3EJ9xWwvhNh+EHdSQn2W7
vp8abxN8DuAD2nUjGjNOur1s53w16SH0w06pF5a+LBOkbGuBHsPYcNS6weu4kWWb
NdoT52omHiDe4zDAn5HZYvpfriRUD87SMPt5ipYv/5Lh9mYDO1qPjNAB6OX4Hir5
QhZwkVBzxbzdeoXpjSwa9xtLOW0VoCtknDEbfD7Eyd6/TAuzcHPaYK1PJlmpBNlq
0Eiz9LLeO2WRY0Z5WohWrpaRm/rjo0RbFKQPsgqw3RNTp4i93yvCcpb8bVMnjBIw
VScIBfb0XDQ/niIeclrN
=CrjN
-----END PGP SIGNATURE-----
Merge tag 'iommu-fixes-v4.7-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu
Pull IOMMU fixes from Joerg Roedel:
"Three patches queued up:
- Fix for ARM-SMMU to add a missing iommu-ops callback which is
required by common iommu code
- Fix for the rockchip iommu where the wrong MMUs got the commands
- A regression fix for the Intel VT-d driver. The regression only
showed up on X58 chipsets with more than one iommu. These chipsets
seem to require that QI is enabled on all IOMMUs before it can be
used"
* tag 'iommu-fixes-v4.7-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
iommu/vt-d: Enable QI on all IOMMUs before setting root entry
iommu/rockchip: Fix zap cache during device attach
iommu/arm-smmu: Wire up map_sg for arm-smmu-v3
This seems to be required on some X58 chipsets on systems
with more than one IOMMU. QI does not work until it is
enabled on all IOMMUs in the system.
Reported-by: Dheeraj CVR <cvr.dheeraj@gmail.com>
Tested-by: Dheeraj CVR <cvr.dheeraj@gmail.com>
Fixes: 5f0a7f7614 ('iommu/vt-d: Make root entry visible for hardware right after allocation')
Cc: stable@vger.kernel.org
Signed-off-by: Joerg Roedel <jroedel@suse.de>
These changes fix a bit of fallout from the introduction of the atomic
API.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJXYtJfAAoJEN0jrNd/PrOhi8AQAI4vVCMV49mwF/hZO3pv7eTY
QuDajyW+lj4fhgnzcbZn6X5N6PcRJ1qv8MiGymzX2KARUG/Q08auijdBwnM9rxRB
p33Yje9VcYn0zbPxBypNlQKhUv0twADdCjmrZ4tBoB7+evIkPbSRICYXr/2DIIsX
GUe8OLHJE5KdVFVy0V7Sfm9RpDq6pWQlxPrHmTAyiGberKud1IFYRt4jrenebqg0
0kldCQGsPBCIsoz7O37oFHy3AtAhnseIlOAo4drLqRf66583f6Z80hTWr2PrXWWD
Mf+8BdvVWRNKx+7R8vXYgeGUEnQzcFK0F4IOs8Vf9BIfz70gh7WM0cYSLpnsg1wi
/0fohWqjZ4zF8ZcTNko3fdeSW2Ff5Takz5LP2W8fM+veeP/sWVYk51uDuxuKbfsT
4k7bVQ62PaeeYeFcDcOoGuhZfqj2590zz5tl1P93/Ths5iu81PDICi2X7G+bxYj3
ZpT9jhxSYS6L7iiY9Ll29qomySArYTR5EeR+2P02WtalNv05ELcjlDKAgiFt/iHT
z5FJG7KIQKcD3RSv86w+gNH42rQpOcicPW7VANaAkS1t89PA1LX5TtMtSiNf1llY
OiK0aNS739+KHq4lUmdlE5w+Sy2t4HcFrl99uDSNxpwtmTiBFgQm3UlZmeMtpHL6
lu7XrhlP2mhcOOEXnVoM
=usLT
-----END PGP SIGNATURE-----
Merge tag 'pwm/for-4.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm
Pull pwm fixes from Thierry Reding:
"These changes fix a bit of fallout from the introduction of the atomic
API"
* tag 'pwm/for-4.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm:
pwm: atmel-hlcdc: Fix default PWM polarity
pwm: sysfs: Get return value from pwm_apply_state()
pwm: Improve args checking in pwm_apply_state()
- One new kvm_stat for s390
- Correctly disable VT-d posted interrupts with the rest of posted interrupts
- "make randconfig" fix for x86 AMD
- Off-by-one in irq route check (the "good" kind that errors out a bit too
early!)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAABAgAGBQJXYrXKAAoJEL/70l94x66D1MUH/i9kPqfDq+XveHyiY4ovI2Vl
lD1P0dJoXPRjrJJ/LRulr3TiGDVsW6QZ8SnA5QNQvxDdlc7CzS8ZgqaiLPUh8TKJ
OofVUaFgm77MDvGJuJOOJ159ghO+7KwPsq1P05xpO2HRxAD+q1/u1yjfOz7fIEqC
iMne68rfv0OeiMlBOo8G2e1Xmtk1GKNBhmRItUgOF/jVtP2RSvV5o+2rcQ5LS3g6
KV/fpWtRumd3R+TdRvacjADgvWrSokDfph+Ha9qp7sBjkVGLLZ/hdHzTzIimXKF6
x4muv1HYzKSGaCJB2yMLYuy/KJ8zbsk7co0bjn1SmzrSweJxMkDGwLp1Ffau6iM=
=N4kr
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull KVM fixes from Paolo Bonzini:
- miscellaneous fixes for MIPS and s390
- one new kvm_stat for s390
- correctly disable VT-d posted interrupts with the rest of posted
interrupts
- "make randconfig" fix for x86 AMD
- off-by-one in irq route check (the "good" kind that errors out a bit
too early!)
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
kvm: vmx: check apicv is active before using VT-d posted interrupt
kvm: Fix irq route entries exceeding KVM_MAX_IRQ_ROUTES
kvm: svm: Do not support AVIC if not CONFIG_X86_LOCAL_APIC
kvm: svm: Fix implicit declaration for __default_cpu_present_to_apicid()
MIPS: KVM: Fix CACHE triggered exception emulation
MIPS: KVM: Don't unwind PC when emulating CACHE
MIPS: KVM: Include bit 31 in segment matches
MIPS: KVM: Fix modular KVM under QEMU
KVM: s390: Add stats for PEI events
KVM: s390: ignore IBC if zero
to the big nfs4_lock_state removal around 3.17 (but that were also
probably hard to reproduce before client changes in 3.20 allowed the
client to perform parallel opens).
Also fix a 4.1 backchannel crash due to rpc multipath changes in 4.6.
Trond acked the client-side rpc fixes going through my tree.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJXYsiKAAoJECebzXlCjuG+PK8P/jGBS+h7Zf4GWOOsWN5cbEs/
8VTn83KXFp/feFhGikUIcAZQJRynDK+tD9Vh2FznC2zKDTLFPS0mAvL3tZyQhUO2
nEWaCUOFR+sB3aTPlMGwxbGc7NHNQg1hKqKgqcLEEqtozxhFQye3WW0MZNfFCiUZ
qpq2tK1OGGhJVIp7wWSa8+B2nGFMuasPaGM2OVJrebip49yTG/tT3rwKxKMoB8kS
i8BwNejoP1KRD6LqvpgdV1ESzkdyokDxKXCrdY/j2lMdp2YRe+cWmX239ojjvm8G
n9Ow8DYCefuiKiF6iCLZfxpX8dcmVJvT6g+k+9V63A4YCyuGhy/CneA3MO4QyLhq
yfe2zviJ2kZVz+1Ih3v9kD7ZkyK1hjrxXx/VPrI5CBIXE5eVXin2ZDvTCSoV491h
g1zscPc9Thgk6gKXsvkaVOXxLHBoUzXeSRbNqVXXZfjl+s4TXLNJ0lcaBYkzh74/
SypiFeNHjsjNpJYz5GptlbMUpaEoeyH0Y+OiH8d5Jf8hCcQ+CLjKgKSuCH5zrypt
Lx3U5QWHTT3IXH4QS/njcTSfSDu7BUip4RTLzw6C/ZJf7hd6SS4Xv72J6ZmeDSmg
146MpAYty8HB04KQWpYx0DGI7UEPlubfRHSF9XzsSitbRtNGr6xvIug8fkKBlXDB
aHtr+/gI7UvrmnXnlGdD
=aNkl
-----END PGP SIGNATURE-----
Merge tag 'nfsd-4.7-1' of git://linux-nfs.org/~bfields/linux
Pull nfsd bugfixes from Bruce Fields:
"Oleg Drokin found and fixed races in the nfsd4 state code that go back
to the big nfs4_lock_state removal around 3.17 (but that were also
probably hard to reproduce before client changes in 3.20 allowed the
client to perform parallel opens).
Also fix a 4.1 backchannel crash due to rpc multipath changes in 4.6.
Trond acked the client-side rpc fixes going through my tree"
* tag 'nfsd-4.7-1' of git://linux-nfs.org/~bfields/linux:
nfsd: Make init_open_stateid() a bit more whole
nfsd: Extend the mutex holding region around in nfsd4_process_open2()
nfsd: Always lock state exclusively.
rpc: share one xps between all backchannels
nfsd4/rpc: move backchannel create logic into rpc code
SUNRPC: fix xprt leak on xps allocation failure
nfsd: Fix NFSD_MDS_PR_KEY on 32-bit by adding ULL postfix
Pull overlayfs fixes from Miklos Szeredi:
"This contains two regression fixes: one for the xattr API update and
one for using the mounter's creds in file creation in overlayfs.
There's also a fix for a bug in handling hard linked AF_UNIX sockets
that's been there from day one. This fix is overlayfs only despite
the fact that it touches code outside the overlay filesystem: d_real()
is an identity function for all except overlay dentries"
* 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
ovl: fix uid/gid when creating over whiteout
ovl: xattr filter fix
af_unix: fix hard linked sockets on overlay
vfs: add d_real_inode() helper
If __key_link_begin() failed then "edit" would be uninitialized. I've
added a check to fix that.
This allows a random user to crash the kernel, though it's quite
difficult to achieve. There are three ways it can be done as the user
would have to cause an error to occur in __key_link():
(1) Cause the kernel to run out of memory. In practice, this is difficult
to achieve without ENOMEM cropping up elsewhere and aborting the
attempt.
(2) Revoke the destination keyring between the keyring ID being looked up
and it being tested for revocation. In practice, this is difficult to
time correctly because the KEYCTL_REJECT function can only be used
from the request-key upcall process. Further, users can only make use
of what's in /sbin/request-key.conf, though this does including a
rejection debugging test - which means that the destination keyring
has to be the caller's session keyring in practice.
(3) Have just enough key quota available to create a key, a new session
keyring for the upcall and a link in the session keyring, but not then
sufficient quota to create a link in the nominated destination keyring
so that it fails with EDQUOT.
The bug can be triggered using option (3) above using something like the
following:
echo 80 >/proc/sys/kernel/keys/root_maxbytes
keyctl request2 user debug:fred negate @t
The above sets the quota to something much lower (80) to make the bug
easier to trigger, but this is dependent on the system. Note also that
the name of the keyring created contains a random number that may be
between 1 and 10 characters in size, so may throw the test off by
changing the amount of quota used.
Assuming the failure occurs, something like the following will be seen:
kfree_debugcheck: out of range ptr 6b6b6b6b6b6b6b68h
------------[ cut here ]------------
kernel BUG at ../mm/slab.c:2821!
...
RIP: 0010:[<ffffffff811600f9>] kfree_debugcheck+0x20/0x25
RSP: 0018:ffff8804014a7de8 EFLAGS: 00010092
RAX: 0000000000000034 RBX: 6b6b6b6b6b6b6b68 RCX: 0000000000000000
RDX: 0000000000040001 RSI: 00000000000000f6 RDI: 0000000000000300
RBP: ffff8804014a7df0 R08: 0000000000000001 R09: 0000000000000000
R10: ffff8804014a7e68 R11: 0000000000000054 R12: 0000000000000202
R13: ffffffff81318a66 R14: 0000000000000000 R15: 0000000000000001
...
Call Trace:
kfree+0xde/0x1bc
assoc_array_cancel_edit+0x1f/0x36
__key_link_end+0x55/0x63
key_reject_and_link+0x124/0x155
keyctl_reject_key+0xb6/0xe0
keyctl_negate_key+0x10/0x12
SyS_keyctl+0x9f/0xe7
do_syscall_64+0x63/0x13a
entry_SYSCALL64_slow_path+0x25/0x25
Fixes: f70e2e0619 ('KEYS: Do preallocation for __key_link()')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Current versions of gdb do not interoperate cleanly with kgdb on arm64
systems because gdb and kgdb do not use the same register description.
This patch modifies kgdb to work with recent releases of gdb (>= 7.8.1).
Compatibility with gdb (after the patch is applied) is as follows:
gdb-7.6 and earlier Ok
gdb-7.7 series Works if user provides custom target description
gdb-7.8(.0) Works if user provides custom target description
gdb-7.8.1 and later Ok
When commit 44679a4f14 ("arm64: KGDB: Add step debugging support") was
introduced it was paired with a gdb patch that made an incompatible
change to the gdbserver protocol. This patch was eventually merged into
the gdb sources:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=a4d9ba85ec5597a6a556afe26b712e878374b9dd
The change to the protocol was mostly made to simplify big-endian support
inside the kernel gdb stub. Unfortunately the gdb project released
gdb-7.7.x and gdb-7.8.0 before the protocol incompatibility was identified
and reversed:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=bdc144174bcb11e808b4e73089b850cf9620a7ee
This leaves us in a position where kgdb still uses the no-longer-used
protocol; gdb-7.8.1, which restored the original behaviour, was
released on 2014-10-29.
I don't believe it is possible to detect/correct the protocol
incompatiblity which means the kernel must take a view about which
version of the gdb remote protocol is "correct". This patch takes the
view that the original/current version of the protocol is correct
and that version found in gdb-7.7.x and gdb-7.8.0 is anomalous.
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
dev_pm_opp_get_sharing_cpus() returns 0 even in the case when the OPP
core doesn't know whether or not the table is shared. It works on the
majority of platforms, where the OPP table is never created before
invoking the function and then -ENODEV is returned by it.
But in the case of one platform (Jetson TK1) at least, the situation
is a bit different. The OPP table has been created (somehow) before
dev_pm_opp_get_sharing_cpus() is called and it returns 0. Its caller
treats that as 'the CPUs don't share OPPs' and that leads to degraded
performance.
Fix this by converting 'shared_opp' in struct opp_table to an enum
and making dev_pm_opp_get_sharing_cpus() return -EINVAL in case when
the value of that field is "access unknown", so that the caller can
handle it accordingly (cpufreq-dt considers that as 'all CPUs share
the table', for example).
Fixes: 6f707daa38 "PM / OPP: Add dev_pm_opp_get_sharing_cpus()"
Reported-and-tested-by: Alexandre Courbot <acourbot@nvidia.com>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
[ rjw : Subject & changelog ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
VT-d posted interrupt is relying on the CPU side's posted interrupt.
Need to check whether VCPU's APICv is active before enabing VT-d
posted interrupt.
Fixes: d62caabb41
Cc: stable@vger.kernel.org
Signed-off-by: Yang Zhang <yang.zhang.wz@gmail.com>
Signed-off-by: Shengge Ding <shengge.dsg@alibaba-inc.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
These days, we experienced one guest crash with 8 cores and 3 disks,
with qemu error logs as bellow:
qemu-system-x86_64: /build/qemu-2.0.0/kvm-all.c:984:
kvm_irqchip_commit_routes: Assertion `ret == 0' failed.
And then we found one patch(bdf026317d) in qemu tree, which said
could fix this bug.
Execute the following script will reproduce the BUG quickly:
irq_affinity.sh
========================================================================
vda_irq_num=25
vdb_irq_num=27
while [ 1 ]
do
for irq in {1,2,4,8,10,20,40,80}
do
echo $irq > /proc/irq/$vda_irq_num/smp_affinity
echo $irq > /proc/irq/$vdb_irq_num/smp_affinity
dd if=/dev/vda of=/dev/zero bs=4K count=100 iflag=direct
dd if=/dev/vdb of=/dev/zero bs=4K count=100 iflag=direct
done
done
========================================================================
The following qemu log is added in the qemu code and is displayed when
this bug reproduced:
kvm_irqchip_commit_routes: max gsi: 1008, nr_allocated_irq_routes: 1024,
irq_routes->nr: 1024, gsi_count: 1024.
That's to say when irq_routes->nr == 1024, there are 1024 routing entries,
but in the kernel code when routes->nr >= 1024, will just return -EINVAL;
The nr is the number of the routing entries which is in of
[1 ~ KVM_MAX_IRQ_ROUTES], not the index in [0 ~ KVM_MAX_IRQ_ROUTES - 1].
This patch fix the BUG above.
Cc: stable@vger.kernel.org
Signed-off-by: Xiubo Li <lixiubo@cmss.chinamobile.com>
Signed-off-by: Wei Tang <tangwei@cmss.chinamobile.com>
Signed-off-by: Zhang Zhuoyu <zhangzhuoyu@cmss.chinamobile.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Pull drm fixes from Dave Airlie:
"The main drm fixes pull for rc4: one regression fix in the connector
refcounting, and an MST fix.
There rest is nouveau, amdkfd, i915, etnaviv, and radeon/amdgpu fixes,
mostly regression or black screen fixes"
* tag 'drm-fixes-for-v4.7-rc4' of git://people.freedesktop.org/~airlied/linux: (23 commits)
drm/etnaviv: initialize iommu domain page size
drm/nouveau/iccsense: fix memory leak
drm/nouveau/Revert "drm/nouveau/device/pci: set as non-CPU-coherent on ARM64"
drm/amd/powerplay: select samu dpm 0 as boot level on polaris.
drm/amd/powerplay: update powerplay table parsing
drm/dp/mst: Always clear proposed vcpi table for port.
drm/crtc: only store the necessary data for set_config rollback
drm/crtc: fix connector reference counting mismatch in drm_crtc_helper_set_config
drm/i915/ilk: Don't disable SSC source if it's in use
Revert "drm/amdgpu: add pipeline sync while vmid switch in same ctx"
drm/amdgpu/gfx7: fix broken condition check
drm/radeon: fix asic initialization for virtualized environments
amdgpu: fix asic initialization for virtualized environments (v2)
drm/radeon: don't use fractional dividers on RS[78]80 if SS is enabled
drm/radeon: do not hard reset GPU while freezing on r600/r700 family
drm/i915: Extract physical display dimensions from VBT
drm/i915: Check VBT for port presence in addition to the strap on VLV/CHV
drm/i915: Only ignore eDP ports that are connected
drm/i915: Silence "unexpected child device config size" for VBT on 845g
drm/i915: Fix NULL pointer deference when out of PLLs in IVB
...
Minor kconfig dependency cleanup, trivial mic mute hotkey for ideapad, and a
needed improvement in adaptive keyboard detection for thinkpad.
platform/x86:
- Drop duplicate dependencies on X86
thinkpad_acpi:
- Add support for HKEY version 0x200
ideapad_laptop:
- Add an event for mic mute hotkey
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJXYhSbAAoJEKbMaAwKp364PPUIAJlE0nJqKdR8YbzVDvBrfhKb
onyvO3zRq+6TNKtAWQpJ70dBzto8IYbocu8zqEjRgH1o22xbKgs1p/qgKjZ5MTWr
z4qao91+yRPb8KIeQUL49R7DvngJeGqBTGkUK5j7jC2zF1/bQCfsN+UKdstWCLOR
rWt82M/Mz2Qm1PoawUkEa7ER8uuVvkh6rswLinOBPQKBDlqX3HnWACN+oRUZgKr5
34Wk31eZ9EMKufN9G4EP1IsS5pL8mbgIY6Tm6E4AuGRfgVooHST8wlPunSw8Ello
ud/0GsoP2UiGuUXb3CO8VYCA0zqw+kd1bP6Ff5LBzuCC05GqmvoByKF31cNzPo4=
=zqxG
-----END PGP SIGNATURE-----
Merge tag 'platform-drivers-x86-v4.7-2' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86
Pull x86 platform driver fixes from Darren Hart:
"Minor kconfig dependency cleanup, trivial mic mute hotkey for ideapad,
and a needed improvement in adaptive keyboard detection for thinkpad:
platform/x86:
- Drop duplicate dependencies on X86
thinkpad_acpi:
- Add support for HKEY version 0x200
ideapad_laptop:
- Add an event for mic mute hotkey"
* tag 'platform-drivers-x86-v4.7-2' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86:
platform/x86: Drop duplicate dependencies on X86
thinkpad_acpi: Add support for HKEY version 0x200
ideapad_laptop: Add an event for mic mute hotkey
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABAgAGBQJXYbt+AAoJEEtJtSqsAOnWjM8P/iWGc7Mq60uWKFA17K9i73ZD
5xFcrTxnV/zXOfYaNGwF72KQp6qbGl7fqt4IA9bEATA+v0y7SJg0+tSpSFeYz/uB
gViEBtHCiX3uNn9HkWtP2zRddElJmyTsX+o8QWBgXEzIy03sWCgWjMeXEuFWQCep
QOKHhNgZPw/Rfz9EJMc+8+vNOeK2ic4KkJ0GTKoDLUV6uPES5E6vE/N6mX4X92Js
ROht6cSTygT7Pu635BX6Vji8gFCln5yNiHxhJhqwRokgjCaphznZNV9SfSQ7sLMB
QBD4p88OGWuuwudsjF7aQ5P25wvAshM+h/TtYY8SAyf9GEVPG8hDWAEgm7ovwgOx
gVIRqjCYN8MgCzo5ywYwaa1h5KKH4fb/BmBFYgWOaIoKqxYr8hpaU1pBcATbknm7
+lcpBaJvxVG5Uryecztu1pnMzgY+BvLiVCFedgv8RMrZS/YMZ01901J3wqqCt+gf
mGrJDJGhWDyTH5/MtyVjoYha3RopYcLEKXTISynGZeUg2pkI2my4RBboAqEeOx1q
6jtFH3MdfQPXDOfyIpi4uRrExbBWvGg416+sPZkyBXMw+3VRVc+jzfwlhe1LuiDJ
xJRsC46cLTtZJiv9PKKb51fE7mQ5MeTthKjKqCFljaM8T8HWRnyv0FZAJZYy/XvP
/Wj1XA0f77Ni+6giiKle
=yLxu
-----END PGP SIGNATURE-----
Merge tag 'upstream-4.7-rc4' of git://git.infradead.org/linux-ubifs
Pull UBI fixes from Richard Weinberger:
"This contains fixes for a regression introduced in rc1"
* tag 'upstream-4.7-rc4' of git://git.infradead.org/linux-ubifs:
ubi: Don't bypass ->getattr()
Revert "mtd: switch open_mtd_by_chdev() to use of vfs_stat()"
Revert "mtd: switch ubi_open_volume_path() to vfs_stat()"
This bug could cause lists to be corrupted.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEABECAAYFAldgbp0ACgkQIXnXXONXERf9nQCdFmWMz74aMImO5hp5sjAqVmcB
7R8An1ubZlv/np1y3+WDE1Nf6qktLWEq
=PxOE
-----END PGP SIGNATURE-----
Merge tag 'for-linus-4.7-2' of git://git.code.sf.net/p/openipmi/linux-ipmi
Pull ipmi bugfix from Corey Minyard:
"Fix a fairly significant ipmi list bug
This bug could cause lists to be corrupted"
* tag 'for-linus-4.7-2' of git://git.code.sf.net/p/openipmi/linux-ipmi:
ipmi: Remove smi_msg from waiting_rcv_msgs list before handle_one_recv_msg()
Move the state selection logic inside from the caller,
always making it return correct stp to use.
Signed-off-by: J . Bruce Fields <bfields@fieldses.org>
Signed-off-by: Oleg Drokin <green@linuxhacker.ru>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
To avoid racing entry into nfs4_get_vfs_file().
Make init_open_stateid() return with locked stateid to be unlocked
by the caller.
Signed-off-by: Oleg Drokin <green@linuxhacker.ru>
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
It used to be the case that state had an rwlock that was locked for write
by downgrades, but for read for upgrades (opens). Well, the problem is
if there are two competing opens for the same state, they step on
each other toes potentially leading to leaking file descriptors
from the state structure, since access mode is a bitmap only set once.
Signed-off-by: Oleg Drokin <green@linuxhacker.ru>
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
This merely has some documentation and a new test, seems safe to merge.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJXVUuiAAoJECgfDbjSjVRpm6AH/2LWANmP6paHOxXH/9BNKO3y
4N0HeLo14JATPfiAYpfUm1TikusMn/qEZHLXQaykIC/8Hj5M7RbU1RKrSu0wrZb+
+9NXRQtasj9SHeAvG6jLCaKNOR3ezdNOVM4RI3MkyGBx875PTWGQoYloDFRqYPlD
TBkRKxctc4IAyck+nuZGYYHcQQ5SCA+6d0/FDAp2vNXO1+faNR0+p2MGOqQSzCkw
KWv1b4nV7y+tjaylpckQADBDZZlwanDvVGLxlMPXNwmhe7XyhLIQ+cO7bgCiFPfz
VpFiZJ5Imq2oxc7KboDuyyQjoft5DzJ6N7gVkpO+1fqrNazHZopUdhAyC1Qveog=
=DANA
-----END PGP SIGNATURE-----
Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost
Pull virtio docs and tests from Michael Tsirkin:
"This merely has some documentation and a new test, seems safe to
merge"
* tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
tools/virtio: add noring tool
tools/virtio/ringtest: fix run-on-all.sh to work without /dev/cpu
tools/virtio/ringtest: add usage example to README
MAINTAINERS: Add file patterns for virtio device tree bindings
For the third time in three years, I'm changing my e-mail at Samsung.
That's bad, as it may stop communications with me for a while. So, this
time, I'll also add the mchehab@kernel.org e-mail, as it remains stable
since ever.
Cc: stable@vger.kernel.org
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
radeon and amdgpu fixes for 4.7. Highlights:
- fixes for GPU VM passthrough
- fixes for powerplay on Polaris GPUs
- pll fixes for rs780/880
* 'drm-fixes-4.7' of git://people.freedesktop.org/~agd5f/linux:
drm/amd/powerplay: select samu dpm 0 as boot level on polaris.
drm/amd/powerplay: update powerplay table parsing
Revert "drm/amdgpu: add pipeline sync while vmid switch in same ctx"
drm/amdgpu/gfx7: fix broken condition check
drm/radeon: fix asic initialization for virtualized environments
amdgpu: fix asic initialization for virtualized environments (v2)
drm/radeon: don't use fractional dividers on RS[78]80 if SS is enabled
drm/radeon: do not hard reset GPU while freezing on r600/r700 family
The commit 8221c13700 ("svm: Manage vcpu load/unload when enable AVIC")
introduces a build error due to implicit function declaration
when #ifdef CONFIG_X86_32 and #ifndef CONFIG_X86_LOCAL_APIC
(as reported by Kbuild test robot i386-randconfig-x0-06121009).
So, this patch introduces kvm_cpu_get_apicid() wrapper
around __default_cpu_present_to_apicid() with additional
handling if CONFIG_X86_LOCAL_APIC is not defined.
Reported-by: kbuild test robot <fengguang.wu@intel.com>
Fixes: commit 8221c13700 ("svm: Manage vcpu load/unload when enable AVIC")
Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
just a single fix for a regression introduced by IOMMU API changes in
v4.7.
* 'drm-etnaviv-fixes' of git://git.pengutronix.de/git/lst/linux:
drm/etnaviv: initialize iommu domain page size
The spec allows backchannels for multiple clients to share the same tcp
connection. When that happens, we need to use the same xprt for all of
them. Similarly, we need the same xps.
This fixes list corruption introduced by the multipath code.
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Acked-by: Trond Myklebust <trondmy@primarydata.com>
Also simplify the logic a bit.
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Acked-by: Trond Myklebust <trondmy@primarydata.com>
Callers of rpc_create_xprt expect it to put the xprt on success and
failure.
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Acked-by: Trond Myklebust <trondmy@primarydata.com>
Fix a regression when creating a file over a whiteout. The new
file/directory needs to use the current fsuid/fsgid, not the ones from the
mounter's credentials.
The refcounting is a bit tricky: prepare_creds() sets an original refcount,
override_creds() gets one more, which revert_cred() drops. So
1) we need to expicitly put the mounter's credentials when overriding
with the updated one
2) we need to put the original ref to the updated creds (and this can
safely be done before revert_creds(), since we'll still have the ref
from override_creds()).
Reported-by: Stephen Smalley <sds@tycho.nsa.gov>
Fixes: 3fe6e52f06 ("ovl: override creds with the ones from the superblock mounter")
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Rather than wait until we observe the lock being free (which might never
happen), we can also return from spin_unlock_wait if we observe that the
lock is now held by somebody else, which implies that it was unlocked
but we just missed seeing it in that state.
Furthermore, in such a scenario there is no longer a need to write back
the value that we loaded, since we know that there has been a lock
hand-off, which is sufficient to publish any stores prior to the
unlock_wait because the ARm architecture ensures that a Store-Release
instruction is multi-copy atomic when observed by a Load-Acquire
instruction.
The litmus test is something like:
AArch64
{
0:X1=x; 0:X3=y;
1:X1=y;
2:X1=y; 2:X3=x;
}
P0 | P1 | P2 ;
MOV W0,#1 | MOV W0,#1 | LDAR W0,[X1] ;
STR W0,[X1] | STLR W0,[X1] | LDR W2,[X3] ;
DMB SY | | ;
LDR W2,[X3] | | ;
exists
(0:X2=0 /\ 2:X0=1 /\ 2:X2=0)
where P0 is doing spin_unlock_wait, P1 is doing spin_unlock and P2 is
doing spin_lock.
Signed-off-by: Will Deacon <will.deacon@arm.com>
rk_iommu_command() takes a struct rk_iommu and iterates over the slave
MMUs, so this is doubly wrong in that we're passing in the wrong pointer
and talking to MMUs that we shouldn't be.
Fixes: cd6438c5f8 ("iommu/rockchip: Reconstruct to support multi slaves")
Cc: stable@vger.kernel.org
Signed-off-by: John Keeping <john@metanate.com>
Tested-by: Heiko Stuebner <heiko@sntech.de>
Reviewed-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Since d16e0faab9 (iommu: Allow selecting page sizes per domain) the
iommu core demands the page size to be set per domain, otherwise any
mapping attempts will be dropped. Make sure to set a valid page size
for the etnaviv iommu.
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Commit d86b8da04d ("arm64: spinlock: serialise spin_unlock_wait against
concurrent lockers") fixed spin_unlock_wait for LL/SC-based atomics under
the premise that the LSE atomics (in particular, the LDADDA instruction)
are indivisible.
Unfortunately, these instructions are only indivisible when used with the
-AL (full ordering) suffix and, consequently, the same issue can
theoretically be observed with LSE atomics, where a later (in program
order) load can be speculated before the write portion of the atomic
operation.
This patch fixes the issue by performing a CAS of the lock once we've
established that it's unlocked, in much the same way as the LL/SC code.
Fixes: d86b8da04d ("arm64: spinlock: serialise spin_unlock_wait against concurrent lockers")
Signed-off-by: Will Deacon <will.deacon@arm.com>
spin_is_locked has grown two very different use-cases:
(1) [The sane case] API functions may require a certain lock to be held
by the caller and can therefore use spin_is_locked as part of an
assert statement in order to verify that the lock is indeed held.
For example, usage of assert_spin_locked.
(2) [The insane case] There are two locks, where a CPU takes one of the
locks and then checks whether or not the other one is held before
accessing some shared state. For example, the "optimized locking" in
ipc/sem.c.
In the latter case, the sequence looks like:
spin_lock(&sem->lock);
if (!spin_is_locked(&sma->sem_perm.lock))
/* Access shared state */
and requires that the spin_is_locked check is ordered after taking the
sem->lock. Unfortunately, since our spinlocks are implemented using a
LDAXR/STXR sequence, the read of &sma->sem_perm.lock can be speculated
before the STXR and consequently return a stale value.
Whilst this hasn't been seen to cause issues in practice, PowerPC fixed
the same issue in 51d7d5205d ("powerpc: Add smp_mb() to
arch_spin_is_locked()") and, although we did something similar for
spin_unlock_wait in d86b8da04d ("arm64: spinlock: serialise
spin_unlock_wait against concurrent lockers") that doesn't actually take
care of ordering against local acquisition of a different lock.
This patch adds an smp_mb() to the start of our arch_spin_is_locked and
arch_spin_unlock_wait routines to ensure that the lock value is always
loaded after any other locks have been taken by the current CPU.
Reported-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
There is a problem in the non-devicetree PMU probing where some
probe functions may get the number of supported events through
smp_call_function_any() using the arm_pmu supported_cpus mask.
But at the time the probe function is called, the supported_cpus
mask is empty so the call fails. This patch makes sure the mask
is set before calling the init function rather than after.
Signed-off-by: Mark Salter <msalter@redhat.com>
Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
* 'linux-4.7' of git://github.com/skeggsb/linux:
drm/nouveau/iccsense: fix memory leak
drm/nouveau/Revert "drm/nouveau/device/pci: set as non-CPU-coherent on ARM64"
to handle pptable format change on Polaris boards
Signed-off-by: Rex Zhu <Rex.Zhu@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Not clearing mst manager's proposed vcpis table for destroyed connectors when the manager is stopped leaves it pointing to unrefernced memory, this causes pagefault when the manager is restarted when plugging back a branch.
Fixes: 91a25e4631 ("drm/dp/mst: deallocate payload on port destruction")
Signed-off-by: Andrey Grodzovsky <Andrey.Grodzovsky@amd.com>
Reviewed-by: Lyude <cpaul@redhat.com>
Cc: stable@vger.kernel.org
Cc: Mykola Lysenko <Mykola.Lysenko@amd.com>
Cc: Alex Deucher <alexander.deucher@amd.com>
drm_crtc_helper_set_config only potentially touches connector->encoder
and encoder->crtc, so we only have to store those for all connectors
and encoders, respectively.
Suggested-by: Daniel Vetter <daniel@ffwll.ch>
Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Since commit 0955c1250e ("drm/crtc: take references to connectors used
in a modeset. (v2)"), the reference counts of all connectors in the
drm_mode_set given to drm_crtc_helper_set_config are incremented, and then
the reference counts of all connectors are decremented on success, but in a
temporary copy of the connector structure. This leads to the following
error after the first modeset on imx-drm:
Unable to handle kernel NULL pointer dereference at virtual address 00000004
pgd = ad8c4000
[00000004] *pgd=3d9c5831, *pte=00000000, *ppte=00000000
Internal error: Oops: 817 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 1 PID: 190 Comm: kmsfb-manage Not tainted 4.7.0-rc1+ #657
Hardware name: Freescale i.MX6 Quad/DualLit: [<80506098>] lr : [<80252e94>] psr: 200c0013
sp : adca7ca8 ip : adca7b90 fp : adca7cd4
r10: 00000000 r9 : 00000100 r8 : 00000200
r7 : af3c9800 r6 : aded7848 r5 : aded7800 r4 : 00000000
r3 : af3ca058 r2 : 00000200 r1 : af3ca058 r0 : 00000000
Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
Control: 10c5387d Table: 3d8c404a DAC: 00000051
Process kmsfb-manage (pid: 190, stack limit = 0xadca6210)
Stack: (0xadca7ca8 to 0xadca8000)
7ca0: 805190e0 aded7800 aded7820 80501a88 8155a290 af3c9c6c
7cc0: adca7ddc 0000000f adca7cec adca7cd8 80519104 80506044 805190e0 aded7800
7ce0: adca7d04 adca7cf0 80501ac0 805190ec aded7820 aded7814 adca7d24 adca7d08
7d00: 804fdb80 80501a94 aded7800 af3ca010 aded7afc af3c9c60 adca7d94 adca7d28
7d20: 804e3518 804fdb20 00000000 af3c9b1c adca7d50 81506f44 00000000 8093c500
7d40: af3c9c6c ae4f2ca8 ae4f2c18 00000000 00000000 ae637f00 00000000 aded7800
7d60: 00000001 af3c9800 af23c300 ae77fcc0 ae4f2c18 00000001 af3c9800 8155a290
7d80: af1af700 adca6000 adca7db4 adca7d98 804fea6c 804e2de4 adca7e50 adb3d940
7da0: 00000001 af3c9800 adca7e24 adca7db8 8050440c 804fea0c ae77fcc0 00000003
7dc0: adca7e24 adb3d940 af1af700 ae77fcc0 ae77fccc ae4f2c18 8083d44c ae77fcc0
7de0: ae4002 80d03040 adca7e64 adca7e40 adca7e50 80503f08
7e40: 7ebd5630 adca7e50 00000068 c06864a2 7ebd5be8 00000000 00000001 00000018
7e60: 00000026 00000000 00000000 00000000 00000001 000115bc 05010500 05a0059f
7e80: 03200000 03360321 00000337 0000003c 00000000 00000040 30383231 30303878
7ea0: 00000000 00000000 00000000 00000000 00000000 00000000 80173058 80172e30
7ec0: 80d77d32 00004000 adf7d900 00000003 00000000 7ebd5630 af342bb0 adfe3b80
7ee0: 80272f50 00000003 adca6000 00000000 adca7f7c adca7f00 802725ec 804f52cc
7f00: 802809cc 80178450 00000000 00000000 80280880 80145904 adb3d8c0 adf7d990
7f20: ffffffff 00000003 00004000 01614c10 c06864a2 00000003 adca6000 00000000
7f40: adca7f6c adca7f50 80280b04 8028088c 000115bc adfe3b81 7ebd5630 adfe3b80
7f60: c06864a2 00000003 adca6000 00000000 adca7fa4 adca7f80 80272f50 80272548
7f80: 000115bc 00017050 00000001 01614c10 00000036 801089e4 00000000 adca7fa8
7fa0: 80108840 80272f18 00017050 00000001 00000003 c06864a2 7ebd5630 000115bc
7fc0: 00017050 00000001 01614c10 00000036 00000003 00000000 00000026 00000018
7fe0: 00016f38 7ebd562c 0000b5e9 76ef31e6 400c0030 00000003 ff5f37db bfe7dd4d
Backtrace:
[<80506038>] (drm_connector_cleanup) from [<80519104>] (dw_hdmi_connector_destroy+0x24/0x28)
r10:0000000f r9:adca7ddc r8:af3c9c6c r7:8155a290 r6:80501a88 r5:aded7820
r4:aded7800 r3:805190e0
[<805190e0>] (dw_hdmi_connector_destroy) from [<80501ac0>] (drm_connector_free+0x38/0x3c)
r4:aded7800 nreference) from [<804e3518>] (drm_crtc_helper_set_config+0x740/0xbf4)
r6:af3c9c60 r5:aded7afc r4:af3ca010 r3:aded7800
[<804e2dd8>] (drm_crtc_helper_set_config) from [<804fea6c>] (drm_mode_set_config_internal+0x6c/0xf4)
r10:adca6000 r9:af1af700 r8:8155a290 r7:af3c9800 r6:00000001 r5:ae4f2c18
r4:ae77fcc0
[<804fea00>] (drm_mode_set_config_internal) from [<8050440c>] (drm_mode_setcrtc+0x504/0x57c)
r7:af3c9800 r6:00000001 r5:adb3d940 r4:adca7e50
[<80503f08>] (drm_mode_setcrtc) from [<804f5404>] (drm_ioctl+0x144/0x4dc)
r10:ada2e000 r9:000000a2 r8:af3c9800 r7:8155a290 r6:809320b4 r5:00000051
r4:adca7e50
[<804f52c0>] (drm_ioctl) from [<802725ec>] (do_vfs_ioctl+0xb0/0x9d0)
r10:00000000 r9:adca6000 r8:00000003 r7:80272f50 r6:adfe3b80 r5:af342bb0
r4:7ebd5630
[<8027253c>] (do_vfs_ioctl) from [<80272f50>] (SyS_ioctl+0x44/0x6c)
r10:00000000 r9:adca6000 r8:00000003 r7:c06864a2 r6:adfe3b80 r5:7ebd5630
r4:adfe3b81
[<80272f0c>] (SyS_ioctl) from [<80108840>] (ret_fast_syscall+0x0/0x1c)
r8:801089e4 r7:00000036 r6:01614c10 r5:00000001 r4:00017050 r3:000115bc
Code: 0a00000c e5932004 e1a01003 e1a0a004 (e5842004)
---[ end trace 9a7257572ccacb16 ]---
Only the reference count of connectors that weren't previously bound to
an encoder should be incremented after a call to drm_crtc_helper_set_config.
And only the reference count of connectors that were previously bound to
an encoder and are unbound afterwards should ever be decremented.
The reference counts of the temporary copies in the save_connectors
should not be touched at all.
This patch fixes the above error by only incrementing the reference count
of those connectors in the set that are initially not bound to any encoder,
and also by restoring the reference count of only those connectors in the
set in the failure case.
"Note that this can only be hit when fbdev emulation is disabled, since
then the refcount drops from 1 to 0 and we call the connector destroy
functions on the backup copy, which eventually results in tears. With
fbdev emulation the refcount only goes down from 2 to 1 ever. And since we
unconditionally increment the refcount on the real object, the refcount of
that will slowly increase. The backup connector's refcount doesn't matter,
since we kfree() that either way in the end of
drm_crtc_helper_set_config()."
Fixes: 0955c1250e ("drm/crtc: take references to connectors used in a modeset. (v2)")
Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Dave Airlie <airlied@redhat.com>
