commit 4cc3d6bf0b9a6df46702b73c0b99c300b4373897
Author: Jiri Slaby <jslaby@suse.cz>
Date: Mon Jan 25 12:43:57 2016 +0100
Linux 3.12.53
commit 354b254af5c1350de9586af75fe5a821b35bfb33
Author: Ben Hutchings <ben@decadent.org.uk>
Date: Sun Nov 1 16:22:53 2015 +0000
ppp, slip: Validate VJ compression slot parameters completely
commit 4ab42d78e37a294ac7bc56901d563c642e03c4ae upstream.
Currently slhc_init() treats out-of-range values of rslots and tslots
as equivalent to 0, except that if tslots is too large it will
dereference a null pointer (CVE-2015-7799).
Add a range-check at the top of the function and make it return an
ERR_PTR() on error instead of NULL. Change the callers accordingly.
Compile-tested only.
Reported-by: éƒæ°¸åˆš <guoyonggang@360.cn>
References: http://article.gmane.org/gmane.comp.security.oss.general/17908
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit a4c5c2262fc842e0323043a23a84be706760d628
Author: Ben Hutchings <ben@decadent.org.uk>
Date: Sun Nov 1 16:21:24 2015 +0000
isdn_ppp: Add checks for allocation failure in isdn_ppp_open()
commit 0baa57d8dc32db78369d8b5176ef56c5e2e18ab3 upstream.
Compile-tested only.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit 0d279e487bfe3fb454611eb287e50463656a5072
Author: Vineet Gupta <vgupta@synopsys.com>
Date: Sat Nov 14 12:58:53 2015 +0530
ARC: Fix silly typo in MAINTAINERS file
commit 30b9dbee895ff0d5cbf155bd1ef3f0f5992bca6f upstream.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit 2e465cd8cc0141cc897e4accfe71335bc1995858
Author: Vineet Gupta <vgupta@synopsys.com>
Date: Mon Oct 26 10:52:57 2015 +0530
MAINTAINERS: Add public mailing list for ARC
commit 9acdc911b55569145034b01075adf658891afbd2 upstream.
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit dee2c7a904e66fc6a16d6af91da98d1fd52bcdee
Author: Takashi Iwai <tiwai@suse.de>
Date: Wed Nov 4 22:39:16 2015 +0100
ALSA: hda - Apply pin fixup for HP ProBook 6550b
commit c932b98c1e47312822d911c1bb76e81ef50e389c upstream.
HP ProBook 6550b needs the same pin fixup applied to other HP B-series
laptops with docks for making its headphone and dock headphone jacks
working properly. We just need to add the codec SSID to the list.
Bugzilla: https://bugzilla.kernel.org/attachment.cgi?id=191971
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit 24986281035c2470caf8d637919b0b3b5e0adcb8
Author: Alexandra Yates <alexandra.yates@linux.intel.com>
Date: Wed Nov 4 15:56:09 2015 -0800
ALSA: hda - Add Intel Lewisburg device IDs Audio
commit 5cf92c8b3dc5da59e05dc81bdc069cedf6f38313 upstream.
Adding Intel codename Lewisburg platform device IDs for audio.
[rearranged the position by tiwai]
Signed-off-by: Alexandra Yates <alexandra.yates@linux.intel.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit e45713934b8ed19373443d74eb4ac4c0642b3e68
Author: Jan Stancek <jstancek@redhat.com>
Date: Tue Dec 8 13:57:51 2015 -0500
ipmi: move timer init to before irq is setup
commit 27f972d3e00b50639deb4cc1392afaeb08d3cecc upstream.
We encountered a panic on boot in ipmi_si on a dell per320 due to an
uninitialized timer as follows.
static int smi_start_processing(void *send_info,
ipmi_smi_t intf)
{
/* Try to claim any interrupts. */
if (new_smi->irq_setup)
new_smi->irq_setup(new_smi);
--> IRQ arrives here and irq handler tries to modify uninitialized timer
which triggers BUG_ON(!timer->function) in __mod_timer().
Call Trace:
<IRQ>
[<ffffffffa0532617>] start_new_msg+0x47/0x80 [ipmi_si]
[<ffffffffa053269e>] start_check_enables+0x4e/0x60 [ipmi_si]
[<ffffffffa0532bd8>] smi_event_handler+0x1e8/0x640 [ipmi_si]
[<ffffffff810f5584>] ? __rcu_process_callbacks+0x54/0x350
[<ffffffffa053327c>] si_irq_handler+0x3c/0x60 [ipmi_si]
[<ffffffff810efaf0>] handle_IRQ_event+0x60/0x170
[<ffffffff810f245e>] handle_edge_irq+0xde/0x180
[<ffffffff8100fc59>] handle_irq+0x49/0xa0
[<ffffffff8154643c>] do_IRQ+0x6c/0xf0
[<ffffffff8100ba53>] ret_from_intr+0x0/0x11
/* Set up the timer that drives the interface. */
setup_timer(&new_smi->si_timer, smi_timeout, (long)new_smi);
The following patch fixes the problem.
To: Openipmi-developer@lists.sourceforge.net
To: Corey Minyard <minyard@acm.org>
CC: linux-kernel@vger.kernel.org
Signed-off-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: Tony Camuso <tcamuso@redhat.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit a9166cbdee829d53723cf9324da0951ff9dd6802
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Mon Jan 4 10:17:09 2016 -0800
x86/boot: Double BOOT_HEAP_SIZE to 64KB
commit 8c31902cffc4d716450be549c66a67a8a3dd479c upstream.
When decompressing kernel image during x86 bootup, malloc memory
for ELF program headers may run out of heap space, which leads
to system halt. This patch doubles BOOT_HEAP_SIZE to 64KB.
Tested with 32-bit kernel which failed to boot without this patch.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
Acked-by: H. Peter Anvin <hpa@zytor.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit 5dbeb6d5d20d4a037b68a1c75c13bdc88c1566e2
Author: Mario Kleiner <mario.kleiner.de@gmail.com>
Date: Fri Dec 18 20:24:06 2015 +0100
x86/reboot/quirks: Add iMac10,1 to pci_reboot_dmi_table[]
commit 2f0c0b2d96b1205efb14347009748d786c2d9ba5 upstream.
Without the reboot=pci method, the iMac 10,1 simply
hangs after printing "Restarting system" at the point
when it should reboot. This fixes it.
Signed-off-by: Mario Kleiner <mario.kleiner.de@gmail.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Jones <davej@codemonkey.org.uk>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/1450466646-26663-1-git-send-email-mario.kleiner.de@gmail.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit 32b1c9d19dbe74b98e572745bbd2452d6a1b6b09
Author: Paul Mackerras <paulus@ozlabs.org>
Date: Thu Nov 12 16:43:02 2015 +1100
KVM: PPC: Book3S HV: Prohibit setting illegal transaction state in MSR
commit c20875a3e638e4a03e099b343ec798edd1af5cc6 upstream.
Currently it is possible for userspace (e.g. QEMU) to set a value
for the MSR for a guest VCPU which has both of the TS bits set,
which is an illegal combination. The result of this is that when
we execute a hrfid (hypervisor return from interrupt doubleword)
instruction to enter the guest, the CPU will take a TM Bad Thing
type of program interrupt (vector 0x700).
Now, if PR KVM is configured in the kernel along with HV KVM, we
actually handle this without crashing the host or giving hypervisor
privilege to the guest; instead what happens is that we deliver a
program interrupt to the guest, with SRR0 reflecting the address
of the hrfid instruction and SRR1 containing the MSR value at that
point. If PR KVM is not configured in the kernel, then we try to
run the host's program interrupt handler with the MMU set to the
guest context, which almost certainly causes a host crash.
This closes the hole by making kvmppc_set_msr_hv() check for the
illegal combination and force the TS field to a safe value (00,
meaning non-transactional).
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit 81e78751c716bad9c91161571c970f3d499d4124
Author: Ouyang Zhaowei (Charles) <ouyangzhaowei@huawei.com>
Date: Wed May 6 09:47:04 2015 +0800
x86/xen: don't reset vcpu_info on a cancelled suspend
commit 6a1f513776b78c994045287073e55bae44ed9f8c upstream.
On a cancelled suspend the vcpu_info location does not change (it's
still in the per-cpu area registered by xen_vcpu_setup()). So do not
call xen_hvm_init_shared_info() which would make the kernel think its
back in the shared info. With the wrong vcpu_info, events cannot be
received and the domain will hang after a cancelled suspend.
Signed-off-by: Charles Ouyang <ouyangzhaowei@huawei.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit b25820cd9b83637998a7a790f0b4ac5e34b5cbdc
Author: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Date: Tue Nov 10 15:10:33 2015 -0500
xen/gntdev: Grant maps should not be subject to NUMA balancing
commit 9c17d96500f78d7ecdb71ca6942830158bc75a2b upstream.
Doing so will cause the grant to be unmapped and then, during
fault handling, the fault to be mistakenly treated as NUMA hint
fault.
In addition, even if those maps could partcipate in NUMA
balancing, it wouldn't provide any benefit since we are unable
to determine physical page's node (even if/when VNUMA is
implemented).
Marking grant maps' VMAs as VM_IO will exclude them from being
part of NUMA balancing.
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit ee5c3e7fa7af0cad695f5adc6c1ace432935520a
Author: Dmitry V. Levin <ldv@altlinux.org>
Date: Tue Dec 1 00:54:36 2015 +0300
x86/signal: Fix restart_syscall number for x32 tasks
commit 22eab1108781eff09961ae7001704f7bd8fb1dce upstream.
When restarting a syscall with regs->ax == -ERESTART_RESTARTBLOCK,
regs->ax is assigned to a restart_syscall number. For x32 tasks, this
syscall number must have __X32_SYSCALL_BIT set, otherwise it will be
an x86_64 syscall number instead of a valid x32 syscall number. This
issue has been there since the introduction of x32.
Reported-by: strace/tests/restart_syscall.test
Reported-and-tested-by: Elvira Khabirova <lineprinter0@gmail.com>
Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
Cc: Elvira Khabirova <lineprinter0@gmail.com>
Link: http://lkml.kernel.org/r/20151130215436.GA25996@altlinux.org
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit c3bfbecb1bb575278ce4812746a29c04875a2926
Author: Eric Dumazet <edumazet@google.com>
Date: Wed Dec 30 08:51:12 2015 -0500
udp: properly support MSG_PEEK with truncated buffers
commit 197c949e7798fbf28cfadc69d9ca0c2abbf93191 upstream.
Backport of this upstream commit into stable kernels :
89c22d8c3b27 ("net: Fix skb csum races when peeking")
exposed a bug in udp stack vs MSG_PEEK support, when user provides
a buffer smaller than skb payload.
In this case,
skb_copy_and_csum_datagram_iovec(skb, sizeof(struct udphdr),
msg->msg_iov);
returns -EFAULT.
This bug does not happen in upstream kernels since Al Viro did a great
job to replace this into :
skb_copy_and_csum_datagram_msg(skb, sizeof(struct udphdr), msg);
This variant is safe vs short buffers.
For the time being, instead reverting Herbert Xu patch and add back
skb->ip_summed invalid changes, simply store the result of
udp_lib_checksum_complete() so that we avoid computing the checksum a
second time, and avoid the problematic
skb_copy_and_csum_datagram_iovec() call.
This patch can be applied on recent kernels as it avoids a double
checksumming, then backported to stable kernels as a bug fix.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit 6849cd97b0511913e17ef8bb53bd5558c4b51fc8
Author: Yevgeny Pats <yevgeny@perception-point.io>
Date: Tue Jan 19 22:09:04 2016 +0000
KEYS: Fix keyring ref leak in join_session_keyring()
commit 23567fd052a9abb6d67fe8e7a9ccdd9800a540f2 upstream.
This fixes CVE-2016-0728.
If a thread is asked to join as a session keyring the keyring that's already
set as its session, we leak a keyring reference.
This can be tested with the following program:
#include <stddef.h>
#include <stdio.h>
#include <sys/types.h>
#include <keyutils.h>
int main(int argc, const char *argv[])
{
int i = 0;
key_serial_t serial;
serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING,
"leaked-keyring");
if (serial < 0) {
perror("keyctl");
return -1;
}
if (keyctl(KEYCTL_SETPERM, serial,
KEY_POS_ALL | KEY_USR_ALL) < 0) {
perror("keyctl");
return -1;
}
for (i = 0; i < 100; i++) {
serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING,
"leaked-keyring");
if (serial < 0) {
perror("keyctl");
return -1;
}
}
return 0;
}
If, after the program has run, there something like the following line in
/proc/keys:
3f3d898f I--Q--- 100 perm 3f3f0000 0 0 keyring leaked-keyring: empty
with a usage count of 100 * the number of times the program has been run,
then the kernel is malfunctioning. If leaked-keyring has zero usages or
has been garbage collected, then the problem is fixed.
Reported-by: Yevgeny Pats <yevgeny@perception-point.io>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Don Zickus <dzickus@redhat.com>
Acked-by: Prarit Bhargava <prarit@redhat.com>
Acked-by: Jarod Wilson <jarod@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit 2d783600fdeafa5d7e5079c7aa79212116f60e51
Author: David Howells <dhowells@redhat.com>
Date: Fri Dec 18 01:34:26 2015 +0000
KEYS: Fix race between read and revoke
commit b4a1b4f5047e4f54e194681125c74c0aa64d637d upstream.
This fixes CVE-2015-7550.
There's a race between keyctl_read() and keyctl_revoke(). If the revoke
happens between keyctl_read() checking the validity of a key and the key's
semaphore being taken, then the key type read method will see a revoked key.
This causes a problem for the user-defined key type because it assumes in
its read method that there will always be a payload in a non-revoked key
and doesn't check for a NULL pointer.
Fix this by making keyctl_read() check the validity of a key after taking
semaphore instead of before.
I think the bug was introduced with the original keyrings code.
This was discovered by a multithreaded test program generated by syzkaller
(http://github.com/google/syzkaller). Here's a cleaned up version:
#include <sys/types.h>
#include <keyutils.h>
#include <pthread.h>
void *thr0(void *arg)
{
key_serial_t key = (unsigned long)arg;
keyctl_revoke(key);
return 0;
}
void *thr1(void *arg)
{
key_serial_t key = (unsigned long)arg;
char buffer[16];
keyctl_read(key, buffer, 16);
return 0;
}
int main()
{
key_serial_t key = add_key("user", "%", "foo", 3, KEY_SPEC_USER_KEYRING);
pthread_t th[5];
pthread_create(&th[0], 0, thr0, (void *)(unsigned long)key);
pthread_create(&th[1], 0, thr1, (void *)(unsigned long)key);
pthread_create(&th[2], 0, thr0, (void *)(unsigned long)key);
pthread_create(&th[3], 0, thr1, (void *)(unsigned long)key);
pthread_join(th[0], 0);
pthread_join(th[1], 0);
pthread_join(th[2], 0);
pthread_join(th[3], 0);
return 0;
}
Build as:
cc -o keyctl-race keyctl-race.c -lkeyutils -lpthread
Run as:
while keyctl-race; do :; done
as it may need several iterations to crash the kernel. The crash can be
summarised as:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
IP: [<ffffffff81279b08>] user_read+0x56/0xa3
...
Call Trace:
[<ffffffff81276aa9>] keyctl_read_key+0xb6/0xd7
[<ffffffff81277815>] SyS_keyctl+0x83/0xe0
[<ffffffff815dbb97>] entry_SYSCALL_64_fastpath+0x12/0x6f
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit 43d444274cefce387585b71c61695f54e7c21c96
Author: Adrien Vergé <adrienverge@gmail.com>
Date: Tue Nov 24 16:02:04 2015 +0100
USB: quirks: Fix another ELAN touchscreen
commit df36c5bede207f734e4750beb2b14fb892050280 upstream.
Like other buggy models that had their fixes [1], the touchscreen with
id 04f3:21b8 from ELAN Microelectronics needs the device-qualifier
quirk. Otherwise, it fails to respond, blocks the boot for a random
amount of time and pollutes dmesg with:
[ 2887.373196] usb 1-5: new full-speed USB device number 41 using xhci_hcd
[ 2889.502000] usb 1-5: unable to read config index 0 descriptor/start: -71
[ 2889.502005] usb 1-5: can't read configurations, error -71
[ 2889.654571] usb 1-5: new full-speed USB device number 42 using xhci_hcd
[ 2891.783438] usb 1-5: unable to read config index 0 descriptor/start: -71
[ 2891.783443] usb 1-5: can't read configurations, error -71
[1]: See commits c68929f, 876af5d, d749947, a32c99e and dc703ec.
Tested-by: Adrien Vergé <adrienverge@gmail.com>
Signed-off-by: Adrien Vergé <adrienverge@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Oliver Neukum <ONeukum@suse.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit 6b1a4c8425acde6b3725e9ca5dc7af544c656fda
Author: Karl Heiss <kheiss@gmail.com>
Date: Thu Sep 24 12:15:07 2015 -0400
sctp: Prevent soft lockup when sctp_accept() is called during a timeout event
commit 635682a14427d241bab7bbdeebb48a7d7b91638e upstream.
A case can occur when sctp_accept() is called by the user during
a heartbeat timeout event after the 4-way handshake. Since
sctp_assoc_migrate() changes both assoc->base.sk and assoc->ep, the
bh_sock_lock in sctp_generate_heartbeat_event() will be taken with
the listening socket but released with the new association socket.
The result is a deadlock on any future attempts to take the listening
socket lock.
Note that this race can occur with other SCTP timeouts that take
the bh_lock_sock() in the event sctp_accept() is called.
BUG: soft lockup - CPU#9 stuck for 67s! [swapper:0]
...
RIP: 0010:[<ffffffff8152d48e>] [<ffffffff8152d48e>] _spin_lock+0x1e/0x30
RSP: 0018:ffff880028323b20 EFLAGS: 00000206
RAX: 0000000000000002 RBX: ffff880028323b20 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff880028323be0 RDI: ffff8804632c4b48
RBP: ffffffff8100bb93 R08: 0000000000000000 R09: 0000000000000000
R10: ffff880610662280 R11: 0000000000000100 R12: ffff880028323aa0
R13: ffff8804383c3880 R14: ffff880028323a90 R15: ffffffff81534225
FS: 0000000000000000(0000) GS:ffff880028320000(0000) knlGS:0000000000000000
CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 00000000006df528 CR3: 0000000001a85000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process swapper (pid: 0, threadinfo ffff880616b70000, task ffff880616b6cab0)
Stack:
ffff880028323c40 ffffffffa01c2582 ffff880614cfb020 0000000000000000
<d> 0100000000000000 00000014383a6c44 ffff8804383c3880 ffff880614e93c00
<d> ffff880614e93c00 0000000000000000 ffff8804632c4b00 ffff8804383c38b8
Call Trace:
<IRQ>
[<ffffffffa01c2582>] ? sctp_rcv+0x492/0xa10 [sctp]
[<ffffffff8148c559>] ? nf_iterate+0x69/0xb0
[<ffffffff814974a0>] ? ip_local_deliver_finish+0x0/0x2d0
[<ffffffff8148c716>] ? nf_hook_slow+0x76/0x120
[<ffffffff814974a0>] ? ip_local_deliver_finish+0x0/0x2d0
[<ffffffff8149757d>] ? ip_local_deliver_finish+0xdd/0x2d0
[<ffffffff81497808>] ? ip_local_deliver+0x98/0xa0
[<ffffffff81496ccd>] ? ip_rcv_finish+0x12d/0x440
[<ffffffff81497255>] ? ip_rcv+0x275/0x350
[<ffffffff8145cfeb>] ? __netif_receive_skb+0x4ab/0x750
...
With lockdep debugging:
=====================================
[ BUG: bad unlock balance detected! ]
-------------------------------------
CslRx/12087 is trying to release lock (slock-AF_INET) at:
[<ffffffffa01bcae0>] sctp_generate_timeout_event+0x40/0xe0 [sctp]
but there are no more locks to release!
other info that might help us debug this:
2 locks held by CslRx/12087:
#0: (&asoc->timers[i]){+.-...}, at: [<ffffffff8108ce1f>] run_timer_softirq+0x16f/0x3e0
#1: (slock-AF_INET){+.-...}, at: [<ffffffffa01bcac3>] sctp_generate_timeout_event+0x23/0xe0 [sctp]
Ensure the socket taken is also the same one that is released by
saving a copy of the socket before entering the timeout event
critical section.
Signed-off-by: Karl Heiss <kheiss@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit 6415eac837c3d1baa9f80d87bbad1e2fef0eab5a
Author: Finn Thain <fthain@telegraphics.com.au>
Date: Mon Jan 13 00:56:38 2014 +1100
m68k/mac: Make SCC reset work more reliably
commit 56931d73697c99ecf7aba6ae86c94d3a2d15d596 upstream.
For SCC initialization we cannot assume that the control register is in
the correct state to accept a register pointer. So first read from the
control register in order to "sync" up.
Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Oliver Neukum <ONeukum@suse.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit fbe21cee2531ce936d26561f3a507823935514ab
Author: Geert Uytterhoeven <geert@linux-m68k.org>
Date: Tue Dec 10 11:35:47 2013 +0100
m68k/mm: Check for mm != NULL in do_page_fault() debug code
commit 4e25c0e92f8eaf69bc51d1d523bcb7268e7dd162 upstream.
When DEBUG is enabled, do_page_fault() may dereference a NULL pointer,
causing recursive bus errors.
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Oliver Neukum <ONeukum@suse.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit 598881da2122c95d2558927f0c3f09c0d283e895
Author: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Date: Thu Nov 14 14:31:18 2013 -0800
m32r: fix potential NULL-pointer dereference
commit fecf3743b824ce4eb275ed4a1d6aee9494f6a966 upstream.
Add missing check for memory allocation fail.
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Hirokazu Takata <takata@linux-m32r.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Oliver Neukum <ONeukum@suse.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit ae36e1e259f167bb60a22e0fd3e76749e28c0614
Author: Scott Jiang <scott.jiang.linux@gmail.com>
Date: Mon Sep 16 00:53:09 2013 -0400
pm: use GFP_ATOMIC when pm core call this function
commit aefefe92116b776203f95f3249ae61b94f73f170 upstream.
We shouldn't sleep in atomic sections.
Signed-off-by: Scott Jiang <scott.jiang.linux@gmail.com>
Cc: Oliver Neukum <ONeukum@suse.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit 39c9944afb08c26ff36ae1967497d44fcf5a87ed
Author: Salva Peiró <speirofr@gmail.com>
Date: Wed Oct 14 17:48:02 2015 +0200
staging/dgnc: fix info leak in ioctl
commit 4b6184336ebb5c8dc1eae7f7ab46ee608a748b05 upstream.
The dgnc_mgmt_ioctl() code fails to initialize the 16 _reserved bytes of
struct digi_dinfo after the ->dinfo_nboards member. Add an explicit
memset(0) before filling the structure to avoid the info leak.
Signed-off-by: Salva Peiró <speirofr@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Yuki Machida <machida.yuki@jp.fujitsu.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit 1bf7e534ba65babb46a3d7f3cd9b3bdf41c27a4a
Author: Rusty Russell <rusty@rustcorp.com.au>
Date: Mon Feb 3 11:15:13 2014 +1030
module: remove MODULE_GENERIC_TABLE
commit cff26a51da5d206d3baf871e75778da44710219d upstream.
MODULE_DEVICE_TABLE() calles MODULE_GENERIC_TABLE(); make it do the
work directly. This also removes a wart introduced in the last patch,
where the alias is defined to be an unknown struct type "struct
type##__##name##_device_id" instead of "struct type##_device_id" (it's
an extern so GCC doesn't care, but it's wrong).
The other user of MODULE_GENERIC_TABLE (ISAPNP_CARD_TABLE) is unused,
so delete it.
Bryan: gcc v3.3.2 cares
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Cc: Bryan Kadzban <bryan@kadzban.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit dd696629cf19191ac3e2a65643698e5b8916c68b
Author: Saurav Kashyap <saurav.kashyap@qlogic.com>
Date: Wed Jun 10 11:05:17 2015 -0400
qla2xxx: Fix hardware lock/unlock issue causing kernel panic.
commit ba9f6f64a0ff6b7ecaed72144c179061f8eca378 upstream.
This patch fixes a kernel panic for qla2xxx Target core
Module driver introduced by a fix in the qla2xxx initiator code.
Commit ef86cb2 ("qla2xxx: Mark port lost when we receive an RSCN for it.")
introduced the regression for qla2xxx Target driver.
Stack trace will have following signature
--- <NMI exception stack> ---
[ffff88081faa3cc8] _raw_spin_lock_irqsave at ffffffff815b1f03
[ffff88081faa3cd0] qlt_fc_port_deleted at ffffffffa096ccd0 [qla2xxx]
[ffff88081faa3d20] qla2x00_schedule_rport_del at ffffffffa0913831[qla2xxx]
[ffff88081faa3d50] qla2x00_mark_device_lost at ffffffffa09159c5[qla2xxx]
[ffff88081faa3db0] qla2x00_async_event at ffffffffa0938d59 [qla2xxx]
[ffff88081faa3e30] qla24xx_msix_default at ffffffffa093a326 [qla2xxx]
[ffff88081faa3e90] handle_irq_event_percpu at ffffffff810a7b8d
[ffff88081faa3ee0] handle_irq_event at ffffffff810a7d32
[ffff88081faa3f10] handle_edge_irq at ffffffff810ab6b9
[ffff88081faa3f30] handle_irq at ffffffff8100619c
[ffff88081faa3f70] do_IRQ at ffffffff815b4b1c
--- <IRQ stack> ---
Signed-off-by: Saurav Kashyap <saurav.kashyap@qlogic.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com>
Reviewed-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Cc: Michal Marek <mmarek@suse.cz>
Fixes: ef86cb205 ("qla2xxx: Mark port lost when we receive an RSCN for it.")
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit a7c0ba06670f99c252d5bb74258dddbf50fef837
Author: Vladis Dronov <vdronov@redhat.com>
Date: Tue Dec 1 13:09:17 2015 -0800
Input: aiptek - fix crash on detecting device without endpoints
commit 8e20cf2bce122ce9262d6034ee5d5b76fbb92f96 upstream.
The aiptek driver crashes in aiptek_probe() when a specially crafted USB
device without endpoints is detected. This fix adds a check that the device
has proper configuration expected by the driver. Also an error return value
is changed to more matching one in one of the error paths.
Reported-by: Ralf Spenneberg <ralf@spenneberg.net>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit 052bd81382379ccaf002ae7a0c3d4ff6f058428b
Author: Hannes Reinecke <hare@suse.de>
Date: Thu Nov 26 08:46:57 2015 +0100
block: Always check queue limits for cloned requests
commit bf4e6b4e757488dee1b6a581f49c7ac34cd217f8 upstream.
When a cloned request is retried on other queues it always needs
to be checked against the queue limits of that queue.
Otherwise the calculations for nr_phys_segments might be wrong,
leading to a crash in scsi_init_sgtable().
To clarify this the patch renames blk_rq_check_limits()
to blk_cloned_rq_check_limits() and removes the symbol
export, as the new function should only be used for
cloned requests and never exported.
Cc: Mike Snitzer <snitzer@redhat.com>
Cc: Ewan Milne <emilne@redhat.com>
Cc: Jeff Moyer <jmoyer@redhat.com>
Signed-off-by: Hannes Reinecke <hare@suse.de>
Fixes: e2a60da74 ("block: Clean up special command handling logic")
Acked-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit 5a8fe8431e479268502daaa4265ee1a7644f1c7d
Author: James Smart <james.smart@emulex.com>
Date: Tue Apr 7 15:07:20 2015 -0400
lpfc: Fix null ndlp dereference in target_reset_handler
commit 63e480fd2f598e9ad37f89e79c36834e7dd60ba0 upstream.
Signed-off-by: Dick Kennedy <dick.kennedy@emulex.com>
Signed-off-by: James Smart <james.smart@emulex.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
Acked-by: Johannes Thumshirn <jthumshirn@suse.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit e6a19aae9192e71b33cd94da2508ed9ae29f2fe2
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date: Fri Sep 12 07:37:42 2014 +0100
drm/i915: Fix SRC_COPY width on 830/845g
commit 611a7a4fd8b5fb6b25ab1f8bdcde61800a7feacf upstream.
One small change I forgot to make in
commit c4d69da167fa967749aeb70bc0e94a457e5d00c1
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date: Mon Sep 8 14:25:41 2014 +0100
drm/i915: Evict CS TLBs between batches
was to update the copy width for the compact BLT copy instruction.
Reported-by: Thomas Richter <thor@math.tu-berlin.de>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Thomas Richter <thor@math.tu-berlin.de>
Cc: Jani Nikula <jani.nikula@intel.com>
Tested-by: Thomas Richter <thor@math.tu-berlin.de>
Acked-by: Daniel Vetter <daniel@ffwll.ch>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit 171ba055c5d8d36e9bd8fb6d442b09cd688e24fe
Author: Corey Minyard <cminyard@mvista.com>
Date: Wed Jul 16 14:07:13 2014 -0500
ring-buffer: Always run per-cpu ring buffer resize with schedule_work_on()
commit 021c5b34452d52e51664f09b98cd50c5495e74b6 upstream.
The code for resizing the trace ring buffers has to run the per-cpu
resize on the CPU itself. The code was using preempt_off() and
running the code for the current CPU directly, otherwise calling
schedule_work_on().
At least on RT this could result in the following:
|BUG: sleeping function called from invalid context at kernel/rtmutex.c:673
|in_atomic(): 1, irqs_disabled(): 0, pid: 607, name: bash
|3 locks held by bash/607:
|CPU: 0 PID: 607 Comm: bash Not tainted 3.12.15-rt25+ #124
|(rt_spin_lock+0x28/0x68)
|(free_hot_cold_page+0x84/0x3b8)
|(free_buffer_page+0x14/0x20)
|(rb_update_pages+0x280/0x338)
|(ring_buffer_resize+0x32c/0x3dc)
|(free_snapshot+0x18/0x38)
|(tracing_set_tracer+0x27c/0x2ac)
probably via
|cd /sys/kernel/debug/tracing/
|echo 1 > events/enable ; sleep 2
|echo 1024 > buffer_size_kb
If we just always use schedule_work_on(), there's no need for the
preempt_off(). So do that.
Link: http://lkml.kernel.org/p/1405537633-31518-1-git-send-email-cminyard@mvista.com
Reported-by: Stanislav Meduna <stano@meduna.org>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit 1e5e5552388516c400586fc95f745a9d1ad60545
Author: Ditang Chen <chendt.fnst@cn.fujitsu.com>
Date: Fri Mar 7 13:27:57 2014 +0800
SUNRPC: Fix oops when trace sunrpc_task events in nfs client
commit 2ca310fc4160ed0420da65534a21ae77b24326a8 upstream.
When tracking sunrpc_task events in nfs client, the clnt pointer may be NULL.
[ 139.269266] BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
[ 139.269915] IP: [<ffffffffa026f216>] ftrace_raw_event_rpc_task_running+0x86/0xf0 [sunrpc]
[ 139.269915] PGD 1d293067 PUD 1d294067 PMD 0
[ 139.269915] Oops: 0000 [#1] SMP
[ 139.269915] Modules linked in: nfsv4 dns_resolver nfs lockd sunrpc fscache sg ppdev e1000
serio_raw pcspkr parport_pc parport i2c_piix4 i2c_core microcode xfs libcrc32c sd_mod sr_mod
cdrom ata_generic crc_t10dif crct10dif_common pata_acpi ahci libahci ata_piix libata dm_mirror
dm_region_hash dm_log dm_mod
[ 139.269915] CPU: 0 PID: 59 Comm: kworker/0:2 Not tainted 3.10.0-84.el7.x86_64 #1
[ 139.269915] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[ 139.269915] Workqueue: rpciod rpc_async_schedule [sunrpc]
[ 139.269915] task: ffff88001b598000 ti: ffff88001b632000 task.ti: ffff88001b632000
[ 139.269915] RIP: 0010:[<ffffffffa026f216>] [<ffffffffa026f216>] ftrace_raw_event_rpc_task_running+0x86/0xf0 [sunrpc]
[ 139.269915] RSP: 0018:ffff88001b633d70 EFLAGS: 00010206
[ 139.269915] RAX: ffff88001dfc5338 RBX: ffff88001cc37a00 RCX: ffff88001dfc5334
[ 139.269915] RDX: ffff88001dfc5338 RSI: 0000000000000000 RDI: ffff88001dfc533c
[ 139.269915] RBP: ffff88001b633db0 R08: 000000000000002c R09: 000000000000000a
[ 139.269915] R10: 0000000000062180 R11: 00000020759fb9dc R12: ffffffffa0292c20
[ 139.269915] R13: ffff88001dfc5334 R14: 0000000000000000 R15: 0000000000000000
[ 139.269915] FS: 0000000000000000(0000) GS:ffff88001fc00000(0000) knlGS:0000000000000000
[ 139.269915] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 139.269915] CR2: 0000000000000004 CR3: 000000001d290000 CR4: 00000000000006f0
[ 139.269915] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 139.269915] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 139.269915] Stack:
[ 139.269915] 000000001b633d98 0000000000000246 ffff88001df1dc00 ffff88001cc37a00
[ 139.269915] ffff88001bc35e60 0000000000000000 ffff88001ffa0a48 ffff88001bc35ee0
[ 139.269915] ffff88001b633e08 ffffffffa02704b5 0000000000010000 ffff88001cc37a70
[ 139.269915] Call Trace:
[ 139.269915] [<ffffffffa02704b5>] __rpc_execute+0x1d5/0x400 [sunrpc]
[ 139.269915] [<ffffffffa0270706>] rpc_async_schedule+0x26/0x30 [sunrpc]
[ 139.269915] [<ffffffff8107867b>] process_one_work+0x17b/0x460
[ 139.269915] [<ffffffff8107942b>] worker_thread+0x11b/0x400
[ 139.269915] [<ffffffff81079310>] ? rescuer_thread+0x3e0/0x3e0
[ 139.269915] [<ffffffff8107fc80>] kthread+0xc0/0xd0
[ 139.269915] [<ffffffff8107fbc0>] ? kthread_create_on_node+0x110/0x110
[ 139.269915] [<ffffffff815d122c>] ret_from_fork+0x7c/0xb0
[ 139.269915] [<ffffffff8107fbc0>] ? kthread_create_on_node+0x110/0x110
[ 139.269915] Code: 4c 8b 45 c8 48 8d 7d d0 89 4d c4 41 89 c9 b9 28 00 00 00 e8 9d b4 e9
e0 48 85 c0 49 89 c5 74 a2 48 89 c7 e8 9d 3f e9 e0 48 89 c2 <41> 8b 46 04 48 8b 7d d0 4c
89 e9 4c 89 e6 89 42 0c 0f b7 83 d4
[ 139.269915] RIP [<ffffffffa026f216>] ftrace_raw_event_rpc_task_running+0x86/0xf0 [sunrpc]
[ 139.269915] RSP <ffff88001b633d70>
[ 139.269915] CR2: 0000000000000004
[ 140.946406] ---[ end trace ba486328b98d7622 ]---
Signed-off-by: Ditang Chen <chendt.fnst@cn.fujitsu.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit 5519638906c93668aad764644f83172a2442df22
Author: Herbert Xu <herbert@gondor.apana.org.au>
Date: Tue Apr 28 11:43:15 2015 +0800
route: Use ipv4_mtu instead of raw rt_pmtu
commit cb6ccf09d6b94bec4def1ac5cf4678d12b216474 upstream.
The commit 3cdaa5be9e81a914e633a6be7b7d2ef75b528562 ("ipv4: Don't
increase PMTU with Datagram Too Big message") broke PMTU in cases
where the rt_pmtu value has expired but is smaller than the new
PMTU value.
This obsolete rt_pmtu then prevents the new PMTU value from being
installed.
Fixes: 3cdaa5be9e81 ("ipv4: Don't increase PMTU with Datagram Too Big message")
Reported-by: Gerd v. Egidy <gerd.von.egidy@intra2net.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit 563922c43933710e70ac9c28ff1c5d724ddecf07
Author: Li Wei <lw@cn.fujitsu.com>
Date: Thu Jan 29 16:09:03 2015 +0800
ipv4: Don't increase PMTU with Datagram Too Big message.
commit 3cdaa5be9e81a914e633a6be7b7d2ef75b528562 upstream.
RFC 1191 said, "a host MUST not increase its estimate of the Path
MTU in response to the contents of a Datagram Too Big message."
Signed-off-by: Li Wei <lw@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit 8e38535241128cb6b91bac6a115062d325d3c4b4
Author: Bjorn Helgaas <bhelgaas@google.com>
Date: Mon Sep 23 15:25:26 2013 -0600
PCI: Drop "setting latency timer" messages
commit a006482b67a96c16dfefc558e36863c51e1829bf upstream.
This message isn't useful any more, so drop it.
Reference: https://bugzilla.kernel.org/show_bug.cgi?id=60636
Reported-by: Oleksil Shevchuk <alxchk@gmail.com>
Reference: http://lkml.kernel.org/r/CALCETrWkr53ZjqdN3t7rTTfr=+ZKZXJoYsuBcwPf0kN_33GfAw@mail.gmail.com
Reported-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit b7835830beaccae462cedde91d1a4807d2ad8b02
Author: Eric Ren <zren@suse.com>
Date: Wed Oct 14 23:28:26 2015 +0800
dlm: make posix locks interruptible
commit a6b1533e9a57d76cd3d9b7649d29ac604b1874b8 upstream.
Replace wait_event_killable with wait_event_interruptible
so that a program waiting for a posix lock can be
interrupted by a signal. With the killable version,
a program was not interruptible by a signal if it
had a signal handler set for it, overriding the default
action of terminating the process.
Signed-off-by: Eric Ren <zren@suse.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit 81280c35b66fbaeb6cca74e4a2618eb2428a0f78
Author: Takashi Iwai <tiwai@suse.de>
Date: Wed Dec 9 15:17:43 2015 +0100
ALSA: hda - Fix noise problems on Thinkpad T440s
commit 9a811230481243f384b8036c6a558bfdbd961f78 upstream.
Lenovo Thinkpad T440s suffers from constant background noises, and it
seems to be a generic hardware issue on this model:
https://forums.lenovo.com/t5/ThinkPad-T400-T500-and-newer-T/T440s-speaker-noise/td-p/1339883
As the noise comes from the analog loopback path, disabling the path
is the easy workaround.
Also, the machine gives significant cracking noises at PM suspend. A
workaround found by trial-and-error is to disable the shutup callback
currently used for ALC269-variant.
This patch addresses these noise issues by introducing a new fixup
chain. Although the same workaround might be applicable to other
Thinkpad models, it's applied only to T440s (17aa:220c) in this patch,
so far, just to be safe (you chicken!). As a compromise, a new model
option string "tp440" is provided now, though, so that owners of other
Thinkpad models can test it more easily.
Bugzilla: https://bugzilla.opensuse.org/show_bug.cgi?id=958504
Reported-and-tested-by: Tim Hardeck <thardeck@suse.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit a4b1c6fd9108c2c35c9f391e9939f8f445d48ee7
Author: Kamal Mostafa <kamal@canonical.com>
Date: Wed Jan 6 15:37:04 2016 -0800
tools: Add a "make all" rule
commit f6ba98c5dc78708cb7fd29950c4a50c4c7e88f95 upstream.
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Acked-by: Pavel Machek <pavel@ucw.cz>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Jonathan Cameron <jic23@kernel.org>
Cc: Pali Rohar <pali.rohar@gmail.com>
Cc: Roberta Dobrescu <roberta.dobrescu@gmail.com>
Link: http://lkml.kernel.org/r/1447280736-2161-2-git-send-email-kamal@canonical.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
[ kamal: backport to 3.12-stable: build all tools for this version ]
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
commit d15adb13198353245e982527750b7f04cca1042b
Author: Ingo Molnar <mingo@kernel.org>
Date: Tue Mar 3 07:34:33 2015 +0100
efi: Disable interrupts around EFI calls, not in the epilog/prolog calls
commit 23a0d4e8fa6d3a1d7fb819f79bcc0a3739c30ba9 upstream.
Tapasweni Pathak reported that we do a kmalloc() in efi_call_phys_prolog()
on x86-64 while having interrupts disabled, which is a big no-no, as
kmalloc() can sleep.
Solve this by removing the irq disabling from the prolog/epilog calls
around EFI calls: it's unnecessary, as in this stage we are single
threaded in the boot thread, and we don't ever execute this from
interrupt contexts.
Reported-by: Tapasweni Pathak <tapaswenipathak@gmail.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
[ luis: backported to 3.10: adjusted context ]
Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>