| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
commit 086ba77a6db00ed858ff07451bedee197df868c9 upstream.
ARM has some private syscalls (for example, set_tls(2)) which lie
outside the range of NR_syscalls. If any of these are called while
syscall tracing is being performed, out-of-bounds array access will
occur in the ftrace and perf sys_{enter,exit} handlers.
# trace-cmd record -e raw_syscalls:* true && trace-cmd report
...
true-653 [000] 384.675777: sys_enter: NR 192 (0, 1000, 3, 4000022, ffffffff, 0)
true-653 [000] 384.675812: sys_exit: NR 192 = 1995915264
true-653 [000] 384.675971: sys_enter: NR 983045 (76f74480, 76f74000, 76f74b28, 76f74480, 76f76f74, 1)
true-653 [000] 384.675988: sys_exit: NR 983045 = 0
...
# trace-cmd record -e syscalls:* true
[ 17.289329] Unable to handle kernel paging request at virtual address aaaaaace
[ 17.289590] pgd = 9e71c000
[ 17.289696] [aaaaaace] *pgd=00000000
[ 17.289985] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[ 17.290169] Modules linked in:
[ 17.290391] CPU: 0 PID: 704 Comm: true Not tainted 3.18.0-rc2+ #21
[ 17.290585] task: 9f4dab00 ti: 9e710000 task.ti: 9e710000
[ 17.290747] PC is at ftrace_syscall_enter+0x48/0x1f8
[ 17.290866] LR is at syscall_trace_enter+0x124/0x184
Fix this by ignoring out-of-NR_syscalls-bounds syscall numbers.
Commit cd0980fc8add "tracing: Check invalid syscall nr while tracing syscalls"
added the check for less than zero, but it should have also checked
for greater than NR_syscalls.
Link: http://lkml.kernel.org/p/1414620418-29472-1-git-send-email-rabin@rab.in
Fixes: cd0980fc8add "tracing: Check invalid syscall nr while tracing syscalls"
Signed-off-by: Rabin Vincent <rabin@rab.in>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
[lizf: Backported to 3.4: adjust context]
Signed-off-by: Zefan Li <lizefan@huawei.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
commit 60916a9382e88fbf5e54fd36a3e658efd7ab7bed upstream.
syscall_get_nr can return -1 in the case that the task is not executing
a system call.
This patch fixes perf_syscall_{enter,exit} to check that the syscall
number is valid before using it as an index into a bitmap.
Link: http://lkml.kernel.org/r/1345137254-7377-1-git-send-email-will.deacon@arm.com
Cc: Jason Baron <jbaron@redhat.com>
Cc: Wade Farnsworth <wade_farnsworth@mentor.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Zefan Li <lizefan@huawei.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
commit 54a217887a7b658e2650c3feff22756ab80c7339 upstream.
The current implementation of lookup_pi_state has ambigous handling of
the TID value 0 in the user space futex. We can get into the kernel
even if the TID value is 0, because either there is a stale waiters bit
or the owner died bit is set or we are called from the requeue_pi path
or from user space just for fun.
The current code avoids an explicit sanity check for pid = 0 in case
that kernel internal state (waiters) are found for the user space
address. This can lead to state leakage and worse under some
circumstances.
Handle the cases explicit:
Waiter | pi_state | pi->owner | uTID | uODIED | ?
[1] NULL | --- | --- | 0 | 0/1 | Valid
[2] NULL | --- | --- | >0 | 0/1 | Valid
[3] Found | NULL | -- | Any | 0/1 | Invalid
[4] Found | Found | NULL | 0 | 1 | Valid
[5] Found | Found | NULL | >0 | 1 | Invalid
[6] Found | Found | task | 0 | 1 | Valid
[7] Found | Found | NULL | Any | 0 | Invalid
[8] Found | Found | task | ==taskTID | 0/1 | Valid
[9] Found | Found | task | 0 | 0 | Invalid
[10] Found | Found | task | !=taskTID | 0/1 | Invalid
[1] Indicates that the kernel can acquire the futex atomically. We
came came here due to a stale FUTEX_WAITERS/FUTEX_OWNER_DIED bit.
[2] Valid, if TID does not belong to a kernel thread. If no matching
thread is found then it indicates that the owner TID has died.
[3] Invalid. The waiter is queued on a non PI futex
[4] Valid state after exit_robust_list(), which sets the user space
value to FUTEX_WAITERS | FUTEX_OWNER_DIED.
[5] The user space value got manipulated between exit_robust_list()
and exit_pi_state_list()
[6] Valid state after exit_pi_state_list() which sets the new owner in
the pi_state but cannot access the user space value.
[7] pi_state->owner can only be NULL when the OWNER_DIED bit is set.
[8] Owner and user space value match
[9] There is no transient state which sets the user space TID to 0
except exit_robust_list(), but this is indicated by the
FUTEX_OWNER_DIED bit. See [4]
[10] There is no transient state which leaves owner and user space
TID out of sync.
Change-Id: I503a3213a89ec5a7664baee14ca151b3713a61df
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Kees Cook <keescook@chromium.org>
Cc: Will Drewry <wad@chromium.org>
Cc: Darren Hart <dvhart@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
commit 13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e upstream.
If the owner died bit is set at futex_unlock_pi, we currently do not
cleanup the user space futex. So the owner TID of the current owner
(the unlocker) persists. That's observable inconsistant state,
especially when the ownership of the pi state got transferred.
Clean it up unconditionally.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Kees Cook <keescook@chromium.org>
Cc: Will Drewry <wad@chromium.org>
Cc: Darren Hart <dvhart@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
commit b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270 upstream.
We need to protect the atomic acquisition in the kernel against rogue
user space which sets the user space futex to 0, so the kernel side
acquisition succeeds while there is existing state in the kernel
associated to the real owner.
Verify whether the futex has waiters associated with kernel state. If
it has, return -EINVAL. The state is corrupted already, so no point in
cleaning it up. Subsequent calls will fail as well. Not our problem.
[ tglx: Use futex_top_waiter() and explain why we do not need to try
restoring the already corrupted user space state. ]
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Will Drewry <wad@chromium.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 88a7e37d265 (sched: provide per cpu-cgroup option to
notify on migrations) added a notifier call when a task is moved
to a different CPU. Unfortunately the two call sites in the RT
sched class where this occurs happens with a runqueue lock held.
This can result in a deadlock if the notifier call attempts to do
something like wake up a task.
Fortunately the benefit of 88a7e37d265 comes mainly from notifying
on migration of non-RT tasks, so we can simply ignore the movements
of RT tasks.
CRs-Fixed: 491370
Change-Id: I8849d826bf1eeaf85a6f6ad872acb475247c5926
Signed-off-by: Steve Muckle <smuckle@codeaurora.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On systems where CPUs may run asynchronously, task migrations
between CPUs running at grossly different speeds can cause
problems.
This change provides a mechanism to notify a subsystem
in the kernel if a task in a particular cgroup migrates to a
different CPU. Other subsystems (such as cpufreq) may then
register for this notifier to take appropriate action when
such a task is migrated.
The cgroup attribute to set for this behavior is
"notify_on_migrate" .
Change-Id: Ie1868249e53ef901b89c837fdc33b0ad0c0a4590
Signed-off-by: Steve Muckle <smuckle@codeaurora.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
in futex_requeue(..., requeue_pi=1)
If uaddr == uaddr2, then we have broken the rule of only requeueing from
a non-pi futex to a pi futex with this call. If we attempt this, then
dangling pointers may be left for rt_waiter resulting in an exploitable
condition.
This change brings futex_requeue() in line with futex_wait_requeue_pi()
which performs the same check as per commit 6f7b0a2a5c0f ("futex: Forbid
uaddr == uaddr2 in futex_wait_requeue_pi()")
[ tglx: Compare the resulting keys as well, as uaddrs might be
different depending on the mapping ]
Fixes CVE-2014-3153.
Change-Id: I621e8f99eef6de58a73ac9f8ebbdac62312c4c96
Reported-by: Pinkie Pie
Signed-off-by: Will Drewry <wad@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Darren Hart <dvhart@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Andy Seah <dntc46@motorola.com>
Reviewed-on: http://gerrit.mot.com/645025
Submit-Approved: Jira Key <jirakey@motorola.com>
Tested-by: Jira Key <jirakey@motorola.com>
SLTApproved: Slta Waiver <sltawvr@motorola.com>
Reviewed-by: Joel Voss <jvoss@motorola.com>
Reviewed-by: Maulik Desai <amd093@motorola.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When cores enter a coupled cpuidle mode, the maximum time that a system can
sleep for is the minimum of sleep times across the cores. In certain low
power modes, the timer might not be functional and the power management code
relies on an external hardware to bring it out of sleep.
Change-Id: I54be261710380d02a45f3b9ec075f0dcfb632315
Reviewed-on: http://gerrit.pcs.mot.com/604432
Submit-Approved: Jira Key <jirakey@motorola.com>
Tested-by: Jira Key <jirakey@motorola.com>
Reviewed-by: Christopher Fries <c.fries@motorola.com>
SLTApproved: Christopher Fries <c.fries@motorola.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit dd58afef43357f265e803c317bbaa91f8c440663.
The same patch was applied twice. Revert one of them.
Change-Id: I6c2c56105d6b758058ecec15314356a931543409
Signed-off-by: Yuanyuan Zhong <zyy@motorola.com>
Reviewed-on: http://gerrit.pcs.mot.com/577494
Tested-by: Jira Key <jirakey@motorola.com>
Reviewed-by: Jeffrey Carlyle <jeff.carlyle@motorola.com>
Submit-Approved: Jira Key <jirakey@motorola.com>
SLTApproved: Christopher Fries <c.fries@motorola.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This driver allows clients to register code to be called upon wakeup
so that clients can perform specific checks and vote to drop the system
back into suspend without fully resuming if the wake reason was a special
quick wakeup event.
Change-Id: I178c88749f3bceae2fe95b01d07747e885d11072
Signed-off-by: James Wylder <jwylder1@motorola.com>
Signed-off-by: Jared Suttles <jsuttles@motorola.com>
Signed-off-by: Joe Swantek <w98568@motorola.com>
Reviewed-on: http://gerrit.pcs.mot.com/584477
Tested-by: Jira Key <jirakey@motorola.com>
Reviewed-by: Joseph Swantek <jswantek@motorola.com>
Reviewed-by: Patrick Auchter <auchter@motorola.com>
Reviewed-by: Lian-Wei Wang <lian-wei.wang@motorola.com>
Reviewed-by: Stephen Rossbach <rossbach@motorola.com>
SLTApproved: Stephen Rossbach <rossbach@motorola.com>
Submit-Approved: Jira Key <jirakey@motorola.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Panic signature: printk: PC=suspend_timeout+0x20/0x28
(_raw_spin_unlock_irqrestore+0x10/0x38) from [] (down_trylock+0x24/0x2c)
(down_trylock+0x24/0x2c) from [] (console_trylock+0xc/0x50)
(console_trylock+0xc/0x50) from [] (console_unlock+0x1ec/0x214)
(console_unlock+0x1ec/0x214) from [] (vt_move_to_console+0x24/0xbc)
(vt_move_to_console+0x24/0xbc) from [] (pm_restore_console+0x1c/0x2c)
(pm_restore_console+0x1c/0x2c) from [] (pm_suspend+0xd4/0x250)
(pm_suspend+0xd4/0x250) from [] (try_to_suspend+0x64/0xa8)
(try_to_suspend+0x64/0xa8) from [] (process_one_work+0x200/0x400)
(process_one_work+0x200/0x400) from [] (worker_thread+0x184/0x2a4)
(worker_thread+0x184/0x2a4) from [] (kthread+0x80/0x90)
(kthread+0x80/0x90) from [] (kernel_thread_exit+0x0/0x8)
During the system console resume, pm_restore_console() is taking more
than 60s, from the backtrace, it happened after the down_trylock(),
there is a possility on SMP, printk is running on anyone of the active
cpu, once the variable retry is set to 1, it will never get a chance to
clear it to 0, this may cause the pm_restore_console() take more than
60s.
The 60s limitation is specific to motorola, it is an indication of
the suspend/resume performance.
(cherry picked from commit 90057e144dd2fdfabb5cbbd631a487463c381ae8)
Change-Id: Ic4028bf07e29d8d2c954a727115e1661212f83a4
Signed-off-by: Guo-Jian Chen <a21757@motorola.com>
Reviewed-on: http://gerrit.pcs.mot.com/568468
Tested-by: Jira Key <jirakey@motorola.com>
Reviewed-by: Check Patch <CHEKPACH@motorola.com>
Reviewed-by: Klocwork kwcheck <klocwork-kwcheck@sourceforge.mot.com>
Reviewed-by: Connie Zhao <czhao1@motorola.com>
SLTApproved: Connie Zhao <czhao1@motorola.com>
Reviewed-by: Lian-Wei Wang <lian-wei.wang@motorola.com>
Reviewed-by: Jeffrey Carlyle <jeff.carlyle@motorola.com>
Submit-Approved: Jira Key <jirakey@motorola.com>
Reviewed-on: http://gerrit.pcs.mot.com/571082
SLTApproved: Slta Waiver <sltawvr@motorola.com>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Incorporates following patches:
d204734 Revert "(CR) : Issues seen with 5GHz WLAN connectivity"
e7ad327 Revert "USB: gadget: diag: cleanup connect event processing"
84189f8 Revert "drivers: staging: rename synaptics_i2c_rmi4 to avoid confusion"
5560ae7 Revert "config: msm8960: Enable touch firmware update"
b1eb5f8 Revert "power: pm8921-bms: fix SOC jumps while entering suspend/resume"
0ac034f Revert "power: pm8921-bms: Cancel/schedule work across suspend/resume"
7238de7 Revert "power: pm8921-bms: Fine tune SOC reporting during suspend/resume"
d7c470e Revert "usb: gadget: u_data_hsic: Fix NULL pointer dereference"
0039bac Revert "USB: msm_otg: Allow low power mode with proprietary charger connected"
f6e92dc Revert "EHCI: HSIC: Abort system suspend if controller is outside LPM"
7065ee7 Revert "net/ipv6/addrconf: IPv6 tethering enhancement"
7684832 Revert "power: pm8921-bms: Update the FCC learning algorithm"
666ce86 Revert "msm-camera: Fix for the Ov8825 HFR 60&120 FPS issue."
fd268ed Revert "power: pm8921-bms: Fix variable naming"
a2c7644 Revert "power: pm8921-bms: Notify userspace after a new FCC is generated"
cdf4bf0 Revert "net: rmnet_usb: silence URB submission errors during disconnect"
ded5b01 Revert "power: pm8921-bms: Fix SOC fluctuations at 100%"
d75c03f Revert "netfilter: xt_qtaguid: extend iface stat to report protocols"
6e74312 Revert "HSIC: Add support for product id 9075"
2175bf1 Revert "usb: ks_bridge: Add efs sync support for PID 0x9075"
514eb41 Revert "EHCI: HSIC: Disable CPU Idle states before resuming the port"
02deb1d Revert "msm: camera: Enable AVTimer related APIs"
75ebf81 Revert "USB: EHCI: Ensure 10 msec delay between bus states"
d0de853 Revert "power: pm8921-charger: Add delay after turning on D0 (TCXO) clock"
96d8afa Revert "(CR): msm_fb: display: Dump MDP regs when MDP hang"
20d8cea Revert "(CR): video: msm_fb: add a dropbox event for mdp hangs"
acad7fa Revert "(CR): msm_fb: display: msm_fb: more logging for MDP hangs"
bf713f1 Revert "(CR): msm_fb: display: fix race with vsync_comp completion"
d589bda Revert "(CR): msm_fb: display: Rework MDP Hang logic"
159fca7 Revert "(CR): msm_fb: display: dmap timeout recovery mechanism"
9129932 Revert "(CR): msm_fb: display: fix interruptible wait error handling"
ac3d862 Revert "(CR): msm_fb: display: retry show_event wait when panel is off"
956124f Revert "(CR): msm_fb: display: log interrupt information in mdp hang"
bb4efe1 Revert "(CR): msm_fb: display: modify mdp hang dump logging"
85ccfb2 ASoC: wcd9304: Fix DMIC current leakage after disable
6d8c186 CR : 519047 Display: Observed low fps while playing MxLauncher3D
5fb2f98 power: pm8921-charger: Add delay after turning on D0 (TCXO) clock
cf839c7 msm: spm: modify power collapse seq for kraitv3
9236595 msm: msm_bus: Add NULL pointer check
a66bbf7 msm: 8064-pmic: Update the maximum current supported by LEDs
58ce9d5 perf: Treat attr.config as u64 in perf_swevent_init()
bed9ef7 USB: EHCI: Ensure 10 msec delay between bus states
8d05cb5 wcnss: Do not log CCPU registers
07eba1d msm: board-8960: Modify SMPS7 min, max voltage limits for 8960ab
345ce87 power: pm8921-bms: fix calibration and UVLO issues
19f0683 power: pm8921-charger: vote D0 when running kickstart
59c6b97 diag: Command registration not happening properly
998ea54 u_hsuart: Fix a bug in opening the SMUX port
027285a radio: iris: Handle force close gracefully
7f0b828 ASoC: msm: Support to configure the code for media button
d0a741b msm: camera: Enable AVTimer related APIs
daed6f0 msm: camera: prevent invalid access through mmap
b7033aa msm: kgsl: Do not try to resume the device from INIT state
071c96f msm_fb: display: Add compulsory wait after DTV's TG is disabled.
4c8ca55 usb: u_bam: Fix spinlock leak followed by lockup from workqueue
347b2cd msm: kgsl: Wake up gpu on kgsl_ioctl_timestamp_event only if necessary
ee83516 msm: Update kernel config entry for avtimer
187ada8 msm: Add platform driver entry for avtimer
bbd4529 avtimer: kernel driver to expose avtimer to userspace
78260f7 netfilter: qtaguid: rate limit some of the printks
8ea50d5 EHCI: HSIC: Disable CPU Idle states before resuming the port
0368d0b msm: camera: Guard the release of resources using mutex
e29edef usb: ks_bridge: Add efs sync support for PID 0x9075
dd1e5ff HSIC: Add support for product id 9075
5c76fdb cfg80211: fix VHT TDLS peer AID verification
a86c721 ASoC: wcd9304: Fix incorrect detection of headphone
a47cdb5 msm: kgsl: Add a check to free the kgsl_timeline object.
9686de2 msm: board-8960: Add chip id support for WRSG 1.1
ae815ef msm: kgsl: Use no GPU fault tolerance flag passed by UMD driver
af3ebed sync: Limit logging to particular fence on timeout and error
76d13c2 tty: n_smux: fix deadlock between RX and TX workers
3867b3c msm: kgsl: Make use of performance counter for A2xx.
ae75190 msm_serial_hs: Increase rx buffer size to 1024bytes
ee00f8b netfilter: xt_qtaguid: extend iface stat to report protocols
ce1fda2 tty: n_smux: add separate close notifications
d28dd57 diag: Rate limit few error messages
1ef157a msm: camera: Notify application in case of bad state.
1b6fc28 power: pm8921-bms: Fix SOC fluctuations at 100%
1e7d820 msm_fb: Avoid MDP mixer reset from ISR context
c2e2b5a msm-camera: Removing MSM_GMN_IOCTL_TEST_DUMP_REGION ioctl
76d7ea7 msm: camera: Fix for kernel panic
79ced67 msm: display: Do not commit in unset for external.
a7105cd ASoC: wcd9310: Fix DMIC current leakage after disable
0c28939 msm: vidc: Add LTR feature for H264 encoder
6c649d3 msm: rotator: Wait for the pending commits in finish IOCTL
ca0927a msm: camera: ABCC feature porting in kernel space
6e55dac msm: camera: Check for open camera instances before release
c70d4ce msm: kgsl: Fix the extra draw packet on resume for A305
1b430e4 sync: fix timeout = 0 wait behavior
a68e174 sync: don't log wait timeouts when timeout = 0
e87e3df msm: kgsl: Add a section to list memory entries in snapshot
c224d71 radio: iris: Fix 64th character in RDS RT field is missing
bd0c9be tty: n_smux: After receiving OPEN_ACK flush tx_queue
9ff0735 msm:camera: Fix overflow issue in ioctl_hw_cmds function
5204e67 msm_fb: Make sure MDP clock is ON during register access
23f09f2 msm: wfd: Pass proper ion buffer handle to video driver
c2ce916 net: rmnet_usb: silence URB submission errors during disconnect
7c55ccb defconfig: msm8960: Enable SELinux and its dependencies
c2398b5 msm: vidc: Amend error check conditions on ION APIs
a7be5c0 msm: kgsl: Map sync lock variables to every pagetable
6f366e8 mmc: core: remove the polling for BKOPS completion
5b2dd3e msm: vidc: Get the current performance level
cb4c216 Bluetooth: hidp: Remove sysfs entry if hid connection is disconnected
b6a01e1 Bluetooth : hidp: Get the valid hci_conn while unlink
893727c6 msm: msm_bus: Correct the return value from register-client
c83038c input: synaptics_i2c_rmi4: Register for FB events
afac36b msm: camera: Send VFE_REG_UPDATE_CMD while enabling liveshot.
9daec57 mfd: wcd9xxx: Let system suspend and lock it later
ccf1890 msm_fb: Fail fb2 open during suspend if ref_cnt is zero
848bbe0 radio-iris: Fix in the AF_LIST event handling
a95a15b msm: board-8930-pmic: Disable pmic noise gate.
f59cdf9 msm_serial_hs: Rx discard flush timeout
3e7be7b diag: Fix race condition in diagchar driver
a8de006 Bluetooth: Add support for building HID Elecom Driver
b8156d7 msm: bam_dmux: trigger modem subsystem restart in case of timeout
c459c66 wcnss: Add API to expose the IRIS XO mode set
93bcfa5 msm: rotator: Extend fast YUV invalid checker for 2-pass
f3e35e4 usb: gadget: composite: Fix a bug in delayed status handling
92781bb diag: Add debug prints in error cases
35893a6 msm: ipc: Serialize SMD XPRT CLOSE and OPEN events
630f4ad power: pm8921-bms: Notify userspace after a new FCC is generated
833b2be power: pm8921-bms: Fix variable naming
0c9dba4 msm: camera: Enable frame based AXI WM for RDI0
e29f5c6 ASoC: msm: qdsp6v2: Fix bug in device V2 command
113544f msm: msm_bus: Explicitly clear client requests before removal
5c8dcc4 msm: kgsl: show timestamp in sync dump
1fadc99 base: sync: increase size of sync_timeline name
48790c2 msm: kgsl: generate descriptive names for kgsl-timeline
992d27b msm: Fix race condition in domain lookup
7fafc1b USB: gadget: Cleanup boot-up message with default usb composition
83457bd board: 8064: add 192MHz clock support for SDC1 slot
22ce884 msm-camera: Fix for the Ov8825 HFR 60&120 FPS issue.
bbb6e55 msm: camera: Add mechanism to stop overflow recovery and handle IOMMU pagefault
754e17b msm: pm: add failed stats
d458577 msm: rpm: add debug msg for rpm outstanding req
b1988e8 wcnss: Prevent access to WCNSS driver after a failure
273b9a9 wcnss: Add support to download calibrated data
9c1f98a msm:camera: Increase the v4l2 event queue length
c651e0f board: 8930: Configure LDO17 as always_on only for 8930 SGLTE EVT1
75e71c7 msm: mdm2: Decrease leakage before QSC power-up
65916c8 ASoC: wcd9304: recalibrate microphone ground voltage
389c0f5 ASoC: wcd9304: Wait enough time during mbhc calibration
fc93d4a mfd: pm8xxx-pwm: Set the correct bank if PWM is enabled without lut_config
980de41 msm: kgsl: Always resume the GPU regardless of its state
0e2947e ARM: 7693/1: mm: clean-up in order to reduce to call kmap_high_get()
ce597bc rmnet_smux: Increase Rmnet device instance count
78b1126 tty: smux_ctl: Add new SMUX port Support
5c434a0 media: dvb: Fix error handling of SDMX API failures
54cfe9d msm: vidc: Handle mgen2maxi interrupt in video driver
5b5868e leds: pm8xxx: Enable PWM LPG banks based on max current
91fbdd0 msm_serial_hs: Use RFR GPIO to communicate remote uart
fd1fd17 ASoC: msm: Add PCM loopback volume control
c863dd8 ALSA: PCM: volume API implementation
18bc871 arm: board-8930: Add synaptics firmware name in platform data
f05cbb5 input: synaptics_i2c_rmi4: Properly enter low power mode
a7454d2 input: synaptics_fw_update: Add force update entry
f3b0c51 input: synaptics_fw_update: Add firmware ID reading
7b61bab input: synaptics_i2c_rmi4: allocate memory for interrupt status
6ee227f input: synaptics_i2c_rmi4: Add low power mode
2f8214d msm: dcvs: fail gracefully if TZ does not support dcvs
69bbdbf msm_fb: hdmi: Check for stale HDCP variables
a24ed9e msm: kgsl: Submit a draw command on resume
548e7c5 msm: kgsl: Skip perf counters and Sync lock for A2xx.
0bbe50e msm: kgsl: Add a missing mutex unlock
3a330aa msm: camera: Add null checks for stats module
142e1eb ASoC: msm: Fix wrong wait_event_timeout timeout checks
66a4ac2 ci13xxx_udc: Acquire spinlock before calling ep_nuke()
5871b48 USB: ci13xxx_udc: Fix kernel panic during composition switch
3adeafb ASoC: WCD9304: Add the compander support to wcd9304
2e6cc09 msm: mdm: change where ssr_count is decremented
b3eb72f Fix disconnect not sent from host when pairing is cancelled
d6d8da3 msm: vidc: Allow client to set turbo mode
ae8f385 msm: vidc: Remove unncessary unmap function calls
df174e7 media: dvb: Protect against removing all PIDs from an active filter
1434462 USB: ci13xxx_udc: Retire pending requests while flushing an endpoint
ec9ec58 media: dvb: Add initialization of PES error indicators
f4ef79d msm: 8064: Add connector resistance
0aaaa41 gpu: ion: Do fallback when allocating large sizes
7e2f949 u_ether: Handle memory allocation failure case on tx path
47fec00 media: dvb: Fix race condition in DVR thread
de68559 tty: n_smux: Make test functions static
110aae1 tty: n_smux: Add wakeup test case
a1e81ae tty: n_smux: fix test pattern validation
59e891e tty: n_smux: Add throughput metrics to unit tests
a432456 tty: n_smux: Rename SSR unit tests
37e6b24 wcnss: Pre-alloc memory for WLAN driver
1440eef defconfig: wcnss: Enable wcnss pre-alloc memory
ee7e797 power: pm8921-bms: Update the FCC learning algorithm
4186974 led: leds-pm8xxx: Add support to control compensation resistor
81705a5 arm: board-8930-pmic: Pass WLED compensation resistor value
006efd4 media: dvb: Fix parsing of SDMX results
3f3419d msm: audio: qdsp6v2: Fix for kernel crash during stability
75d5033 msm: pm: send notification only for SPC and PC
1ff4ff3 diag: Fix diag crash due to memory corruption
ffe8879 timer: Don't reinitialize the cpu base lock during CPU_UP_PREPARE
af90ba8 msm: ipc: Load default subsystem under appropriate scenario
bbd079a msm: ipc: Do not load any subsystem by default
99eb709 Revert "Revert "ARM: 7169/1: topdown mmap support""
f1c041a msm: camera: Null check added at iommu_attach_device
561ac0d msm: camera: Handle ioctls issued on vfe subdevice properly
a07a7fb msm: gemini: Fix the size argument of hw_region_dump function.
5b4dfbb msm:camera: Fix signedness issue in hw_exec_cmds
4301d67 msm: camera: Return from DQBUF ioctl in case of error.
ffc3a40 msm: camera: Added the NULL pointer check
452043a msm: camera: Optimize the live snapshot state machine
2c3cff7 msm: camera: Update op_pixel_clk for ov9724 sensor.
f11f71bf msm: camera: Add state check for sensor power up & down
7de66a2 msm: camera: Enable use of AVTimer, Rotation and Crop for VT
5cde2cd msm: kgsl: Do not hold memory spinlock when calling find region function
cc9a88c msm: kgsl: Only initialize process structure once
9b22d51 msm: kgsl: Only reference the rb_node after taking spinlock
8b2414d net/ipv6/addrconf: IPv6 tethering enhancement
86c6e24 defconfig: Enable bridging and ebtables
81dd4bf msm_fb: display: Fix interleaved 422 input format register settings
32027e9 msm: rotator: Pass ION flags correctly for 2-pass buffer allocation
0ff5651 msm: rotator: Add pseudo-planar 422 H1V2 dst format for MDP4
680d328 msm_fb: display: Add pseudo-planar 422 H1V2 support in the MDP4
f7826df msm: msm_fb: Add range checks for fb cmap.
b576598 msm_fb: Increase base fence timeout
3d8898d msm: rotator: Enable support for 2-pass fast YUV mode
b870666 msm: rotator: Add proper checks for enabling Fast YUV
e610415 msm: display: Proper handling of prepare and unprepare clocks
1017601 msm_fb: hdmi: Return proper clock get error code
35b16ba msm_fb: display: change TE simulation and read pointer interrupt timing
2d35a1a msm_fb: hdmi: Proper intialization of mhl resolutions
f402aeb msm: kgsl: Prevent race conditions when freeing memory
9789584 msm: kgsl: Use the correct length when looking for address collision
fbe403f msm: kgsl: fix kgsl_mem_entry refcounting
f411056 msm: kgsl: add guard page support for imported memory
0e63589 msm: kgsl: prevent race between mmap() and free on timestamp
f646db8 msm: kgsl: better handling of virtual address fragmentation
2a619f5 msm: kgsl: Use CPU path to program pagetable when active count is 0
2b65fe1 msm: kgsl: Don't hold process list global mutex in process private create
7b0dce3 msm: kgsl: Do not return an error on NULL gpu address
026544e msm: kgsl: Fix early exit condition in ringbuffer drain
9d14950 msm: kgsl: If adreno start fails then restore state of device
fed446d msm: kgsl: Fix searching of memory object
473406d msm: kgsl: Skip cff dump for certain functions when its disabled
1cdb073 msm: kgsl: Add global timestamp information to snapshot
195b3ba msm: kgsl: Loop till correct index on type0 packets
49f6ce1 msm: kgsl: Track memory address from 2 additional registers
9c5f834 msm: kgsl: In snapshot track a larger object size if address is same
09aa3d0 msm: kgsl: Save the last active context in snapshot
2dc227b msm: kgsl: snapshot: Only push the last IB1 and IB2 in the static space
64646c7 msm: kgsl: snapshot: Don't keep parsing indirect buffers on failure
e45cf6b msm: kgsl: Enable HLSQ registers in snapshot when available
8126ecd msm: kgsl: Don't go to slumber if active_count is non zero
dd9dc53 msm: kgsl: Avoid an array overrun in the perfcounter API
4dac914 msm: kgsl: Only allow two counters for VBIF performance counters
9303f84 msm: kgsl: Add support for VBIF and VBIF_PWR performance counters
6e9e314 msm: kgsl: map the guard page readonly on the iommu
1a6bb0c msm: kgsl: remove kgsl_mem_entry.flags
a4bbf57 msm: kgsl: clean up iommu/gpummu protflag handling
8762f06 msm: kgsl: Remove an uneeded register write for A3XX GPUs
cef028e msm: kgsl: Print the nearest active GPU buffers to a faulting address
5703496 msm: kgsl: Add a new API to allow sharing of GPU performance counters
e75de27 msm: kgsl: Handle a possible ringbuffer allocspace error
6dc160c msm: kgsl: Convert the Adreno GPU cycle counters to run free
567f1a0 msm: kgsl: Fix compilation errors when CFF is turned on
480653b msm: kgsl: Update settings for the A330v2 GPU in 8972v2
7a76ae2 msm: kgsl: Move A3XX VBIF settings decision to a table
7b202c9 msm: kgsl: Add 8974 default GPR0 & clk gating values
35ed68f msm: kgsl: Send the right IB size to adreno_find_ctxtmem
02aa37e msm: kgsl: Export some kgsl-core functions to EXPORT_SYMBOLS
0207ef1 msm: kgsl: Sync memory with CFF from places where it was missing
522dcff msm: kgsl: improve active_cnt and ACTIVE state management
75341ae2 msm: kgsl: use kgsl_mmu_device_setstate() if the GPU is already idle
1013dda msm: kgsl: Add device init function
88b5889 msm: kgsl: Remove extra call to sync_fence_put()
6e70c15 msm: kgsl: Always fire an interupt if requested
f2f3b5f msm: kgsl: Print additional registers on IOMMU pagefault
c6d7685 msm: kgsl: Add a barrier after writing to V2PUR register
046036a msm: kgsl: Lock ringbuffer translation in TLB
d9e2cc1 msm: kgsl: Update required timestamps during command submission
7d9f9b3 msm: kgsl: Add memfree_history debug feature
59c53db msm: kgsl: Allow tasks to signal pending events
9cf77b6 msm: kgsl: Move timestamps inside the context structure
67db48d msm: kgsl: Fix context reference counting
72bb70b msm: kgsl: Add a type field to the adreno draw context flags
3ff2eac msm: kgsl: Use ERR_PTR to return errors from kgsl_create_context()
7cff137 msm: kgsl: Remove an uneeded log message that pre-dates tracing
013cf42 msm: kgsl: Track GPU device resets
f7b81e8 msm: kgsl: Add a ftrace event for register writes
2d1d662 msm: kgsl: Verify the user doesn't accidentally submit a zero length IB
78d8d36 msm: kgsl: Return correct timestamp for consumed timestamp reads
9ce8397 msm: kgsl: Add CP_WAIT_FOR_IDLE packet before updating timestamp
728bd15 msm: kgsl: Add identifier for internal command submissions
cb1721c msm: kgsl: Log retired timestamps on device wake
89e76bf msm: kgsl: Do not dump the istore on A3XX cores
d260c88 msm: kgsl: Lower bounds check the number of power levels
a5ec12f msm: kgsl: don't fault in cached allocations
fec05c2 msm: kgsl: allow consistent CPU and GPU mappings
e9efb0b msm: kgsl: Support user-specified caching hints
a46f427 msm: kgsl: add IOCTL_KGSL_GPUMEM_ALLOC_ID
2aba0f3 msm: kgsl: disable use of iommu TTBR1
cc0c709 msm: kgsl: prevent multiple or partial mmaps of a buffer
d1f8c90 msm: kgsl: clean up use of memdesc->hostptr
aac2375 msm: kgsl: use readonly mappings on the iommu
602497c msm: kgsl: Remove extra interrupts when setting MMU state
78ef843 msm: kgsl: Remove ts_notifier_list
a4c6605 defconfig: Enable Bluetooth HID for Bluedroid
0a3b90f msm_fb: Correct R and G offsets for correct mapping
3cd5f34 video: msm: Initialize HistLUT with last saved LUT
baa95ee video: msm: Maintain histogram LUT state through suspend resume
c83c593 msm: mdp: Wait unconditionally in internal vsync waits
80507b5 msm: mdp: Use a waitqueue for vsync notifications
46ffd58 cfg80211: Allow TDLS peer AID to be configured for VHT
783c68b msm: vidc: add support for the bitstream_restrict flag
766b820 usb: chipidea: udc: fix memory access of shared memory on armv5 machines
3341ed0 msm: vidc: set EOS on output buffer pending transaction
f5cc1ae vidc: Fix EOS handling if video h/w has a frame in transaction
463da2d msm: vidc: Reset stop_called state when START is called
67833c7 msm: vidc: Don't free shared memory on channel close
5037cd1 cfg80211/nl80211: add API for MAC address ACLs
72ea7c5 treat these errors as warnings.
5de793a power-pm8xxx-ccadc-fix-compilation-warning
f120d15 remove compilation error by changing int to uint32_t Signed-off-by: Supreet Mysore Suresh <supreet@codeaurora.org>
83d07ad hwmon: epm_adc: fix compilation warning
bd09116 msm: camera: Handle locks properly
501441b msm: vidc: Optimize IOMMU map size for H264 decoder
1787385 diag: Upgrade Diag code on this branch
aa513e7 mmc: msm_sdcc: Enable clock scaling capability
d328e5f msm: vidc: Remove unwanted error message
45f3f06 media: dvb: Fix support for maximum TSPP buffer size
6f53984 gpu: msm: Allow retries for 0 order allocation
5abd66d msm: msm_bus: Add NULL pointer checks.
636f80e ASoC: msm: qdsp6: Add error check for memory commands
ae0e2ec msm: kgsl: Don't consider active count if not in active state
1f504cb msm-camera:Fix integer overflow when processing msm gesture ioctl.
78ce4ac msm: gemini: Reset the core incase of overflow error
b75b0ce msm: gemini: Fix the error irq handling sequence
74a9d5e msm: camera: Change CSI release sequence
72248cc msm: audio: qdsp6v2: Fix command sequence issue in Non-tunnel player
71587ee msm: vidc: Set extradata flag properly
bb9ceed Revert "Revert "msm: cache_erp: Handle recoverable L1 errors""
faed5e5 input: atmel_mxt_ts: Fix screen unlock issue after resume
6252fbd3 mmc: msm_sdcc: fix a type mismatch in msmsdccc_config_dma()
fe31963 EHCI: HSIC: Abort system suspend if controller is outside LPM
853d198 USB: msm_otg: Allow low power mode with proprietary charger connected
a3249e5 ci13xxx_udc: Draw 100mA of current in unconfigured state
0903cd4 msm_fb: hdmi: change HDMI_PHY_REG1 based on source.
5f90221 ASoC: msm: qdsp6: Fix for EVRC-B/WB vocoder rate
d83fddd ASoc: msm: Fix for pcm_read getting struck in alsa core.
2a647c9 spi_qsd: Add runtime PM support to SPI QSD driver
3d69259 ASoC: wcd9310: Fix to reduce the delay while recording
a6c55a2 jbd2: fix assertion failure in jbd2_journal_flush()
1c7a78d6 msm: wcnss: Dump PMIC regulator contol registers
a9da2f1 msm: camera: fix antibanding issue on ov8825
5c95c15 msm: camera: Update focus register settings for ov8825
9a5e00e usb: gadget: u_data_hsic: Fix NULL pointer dereference
a9c16aa msm: camera: Move halt logic in case of overflow to ISR.
bf47775 msm: camera: Add recovery routine for live snapshot.
0485bc0 msm: camera: Recovery through camif stop and overall reset.
dcee9ad msm: camera: fix bus vectors during client registeration.
77c0ba2 msm: camera: Check if client is NULL before calling ion_free
d035129 msm_serial_hs: Fixing issue during UART shutdown
9ccf9d3 msm: camera: register settings for OV8825 sensor
46881f1 msm: pm-8x60: Use relative time for events
259cb8f power: pm8xxx-ccadc: Cancel/schedule the calibration work in suspend/resume
f5cac71 msm: mdp: Revert MDP Port split changes
ed3be3d msm: camera: Enable CAMIF SOF in case of non dual camera usecase.
f1ab164 msm: kgsl: Add NULL check for next_event hook
0b6b912 msm_fb: display: Add minimum src/dst image size validation for MDP
503780b msm_fb: hdmi: change HDMI_PHY_REG1 based on foundry.
9ef2e92 ASoC: msm: Fix the register address of TX4 registers
238fd6e msm: vidc: Do not reset VCD_FRAME_FLAG_DATACORRUPT flag for VC1
9fcb8ef msm_serial_hs: Improve UART Shutdown path
b03f32a msm_serial_hs: Disable UART RxStale before Force RxStale in set_termios
f0a4934 msm: vidc: Fix compilation errors
bdb7bf6 msm_serial_hs: Fix synchronization between ADM and UART Cores
d1e94d4 msm: camera: Disable software override for axi wm priority.
7331bd9 board-8930: Request the correct ab/ib values for camera.
bd35d5c msm: camera: Enable pixel line buffer for ispif.
2673fe8 power: pm8921-bms: Fine tune SOC reporting during suspend/resume
aa43f85 power: pm8921-bms: Cancel/schedule work across suspend/resume
e3e5a89 power: pm8921-bms: fix SOC jumps while entering suspend/resume
a7458c1 msm: 8960: Track all reservations for memory map
139a529 msm: kgsl: Don't access context memory after it's freed
a31aa79 msm: camera: Add NULL pointer check for regulator
254e62b ASoC:msm: Enabling TTY for VoLTE call
76fb3e4 msm: audio: qdsp6v2: Add size safety check to ACDB driver
6411fc8 defconfig: Enable IPSec related configuration
f44df5b msm: kgsl: Insert kgsl idle for iommu-v1 when pagetables are changed.
3135205 msm_fb: display: fix iommu page fault when iommu buffer freed
e947485 msm: vidc: Update sub_anchor_mv buffer size
d8ed9cf signal: always clear sa_restorer on execve
2a182e2 msm: camera: Fix mctl release crash issue.
f1dd3d9 msm: camera: Correct hfr register settings for OV8825
aebbfca msm_fb: display: add an extra write of 0 to clear dsi-ack-err bit
ad1fd86 msm: socinfo: Add new hw_platform for QRD
76223ce radio-iris: Configure repeat count for PS string
f7a2ef4 input: touchscreen: Change the file system permission of synaptic driver
516db78 msm: board-8930: Add correct regulators for isa1200 chip
3a8d49e ASoC: msm8930: properly protect external mclk control function
cc65077 ASoC: msm: Support independent left-right channel volume control
d96e92e msm: mdm: Disable panic on external mdm boot timeout
528f75c tty: n_smux: Add SMUX documentation
9dbaf9d mmc: msm_sdcc: Add support for dynamic bus clock vote
8424552 msm:rq_stats: Register for Cpufreq policy notification
2645dda cpufreq: Resolve CPUFREQ_NOTIFY issue
6fbf32c msm: bam_dmux: Enable IPC logging for bam_dmux
c6187fa msm: camera: Fix camera crash when ctrl_q is empty
a8ec1bb msm: camera: Fix camera crash in msm_open_config
6ddc967 mm: cma: fix accounting of CMA pages placed in high memory
ec005c0 mm: cma: remove watermark hacks
2d3e62c gpu: ion: Use correct type for variables
fb34bd6 msm: watchdog: Add reboot/shutdown notifications to watchdog
2272b88 msm: ipc: Access pointers after a successful check
0e83d3b msm: ipc_router: Fix potential leaks and null dereferences
0cb398e msm: display: Proper handling of NULL pointer access for MDDI sysfs node.
9663042 msm: bam_dmux: Fix potential memory leaks
416c251 ion: Update ION_SECURE and ION_FORCE_CONTIGUOUS flags
8cb97b8 msm8930 sglte: Add support for GSBI11 for serial console
c6cdc29 msm8930 sglte: Add support for GSBI10 for serial console
b7824c6 hrtimer: Don't reinitialize a cpu_base's lock on CPU_UP
893778c msm: Camera: Add new Actuator type and register init in config
27aae42 power: pm8921-charger: usb ovp trim for pm8921
39f7e1b board: 8930: Configure LDO L17 as always_on for 8930 SGLTE
8ad40ba msm: spm: set vdd directly for current cpu
cbe4752 msm: vidc: Correct log tagging for kernel messages
da62642 msm: mdm: Ignore modem crashes during image upgrade.
b8e2e5b msm: vidc: Free buffer pool entry and then delete address table
8571cb2 config: msm8960: Enable touch firmware update
68e9d3c input: synaptics_i2c_rmi4: Add appropriate reset delays
2b1f154 input: synaptics_fw_update: Remove hardcoded firmware image name
50bff49 input: synaptics_i2c_rmi4: add flipx and flipy to sysfs
a37dbea input: synaptics: Correct bugs in fw update
ddc9ae1 drivers: staging: rename synaptics_i2c_rmi4 to avoid confusion
5228ef7 msm_fb: Set backlight to zero during adb shell stop scenario
7009427 mmc: core: Fix NULL pointer dereference
36faa4e msm_serial_hs: Fix UART Rx dmov command stall issues
6eebb1c msm_serial_hs: Fix Tx path issues during uart shutdown
d230b81 Staging: android: binder: Fix memory leak on thread/process exit
91f3b60 msm: vidc: Memset and flush codec context buffers
c8b9ca0 mmc: core: Add support for notifying host driver while scaling clocks
71702f9 mmc: core: Log MMC clock frequency transitions
a624691 mmc: core: run clock scaling only in valid card state
5f0ed3a mmc: core: claim mmc host while enabling clock scaling from userspace
70a5c03 mmc: core: Add sysfs entries for dynamic control of clock scaling
884fa52 mmc: core: Add load based clock scaling support
cbec91b mmc: core: Allow changing bus frequency for SD/eMMC cards in runtime
e7840d2 msm: vidc: Fix metadata buffer size issue
7f4df7a mmc: block: Update error handling if block data is not available
70af215 spi_qsd: Auto-select nearest lower available clock rate
642596c msm_fb: display: keep a minimum mdp ib bandwidth request
c74a774 power: pm8921-charger: fix the order of forcing 19.2Mhz and exit LPM
9f75f8d board: 8930: Disable battery less hardware flag for 8930 EVT
9703906 Bluetooth: GAP: Fast ACL disconnection only for Auth fail
9de653e mmc: block: reduce the block timeout to 30 secs
b08423f msm: camera: Invalidate the vpe_ctrl frame info field during close.
dd66594 msm: camera: Fix for flip issue in ov9724 sensor
3af6c51 USB: gadget: diag: cleanup connect event processing
f0df280 diag: Defer usb connect/disconnect processing
d0f3d43 USB: android: Fix kernel panic during ACM enable
3e8044fc msm_fb: Remove the extra freelist in display_commit
766ba30 ASoC: msm: Handle data loss at device switch for FM
55f54c5 ASoC: msm: flush if prior and current backends rate not matching
54807c8 ASoC: msm: Add MultiMedia6 dai link
bf8bbad ASoC: msm: Add msm-pcm-loopback device
2082450 ASoC: msm: Add support to have FM playback through ASM loopback mode
8f57c0f msm: SSR: Fix problems with concurrent SSRs
5838f03 msm_fb: display: free previous iommu buffer only at overlay_unset
e87c2c1 msm: camera: Add HFR support for ov8825 sensor
5dd53d2 Revert "usb: gadget: rndis: Fix re-binding f_rndis"
3119601 msm: camera: Release mutex lock in case of failure
eda9dd0 msm: camera: Fix event queue drain issue
4d741d0 msm: camera: Handle incorrect parameter properly
aed6b08 media: dvb: Fix SDMX process size when crossing limit in TSIF
f55a660 ASoC: audio: Fix BE not disconnected even codec teardown
083d202 msm_serial_hs: Donot register UART device as PM runtime active
321b1f7 net: rmnet_usb: Fix probe error path
7ec25d8 msm: kgsl: Don't do intensive memory recovery when allocating big pages
9b98565 msm: display: Limit dynamic fps feature only to MIPI video panels.
4ea4a8d msm_fb: display: Do a pre-fill to writeback buffers.
06c5403 usb: serial: csvt: Fix TIOCMSET ioctl implementation
ee60ceb msm: acpuclock-8960ab: Increase L2 frequency
6b3a2d7 radio: iris: Added IOCTLS to get/set AF Jump, Search Thresholds
85e433b msm: cpufreq: increase priority of thread that increases frequencies
2eeba0c ASoC: msm: Add metadata mode changes to LPA driver
110f7b5 ALSA: include: Add new ioctl for metadata mode
c6bf7ca0 msm: display: Adjust video timing generator parameters for 8930 EVT device.
e3406bc msm: hotplug: wait for hotplug completion event from secondary core
4bf6c0c msm: pm: Add support to query cpu status
36eaa99c msm_fb: Remove the extra MDP clock enable in writeback_commit
f2fa710 tspp: Add synchronization between API call and tasklet
8313a90 tty: smux_ctl: close SMUX port during SSR
7e571c3 ARM: Fix negative idle stats for offline cpu
d0e59d8 wifi: Enable appropriate clock for qrd8930
72b2864 msm: camera: Fix for camera crash
18fe8b3 msm_fb: Fail fb2 open if called during suspend
8073aca diag: Check for build time masks being greater than ssid range
e747b7e power: pm8921-charger: BTC override fixes
7e3433d msm: 8064: remove flag to prevent soft reset of qsc on first power up
a3540e3 msm_fb: display: disable mdp blt mode
3097ac5 msm: mdm2: Add delay between subsequent PS_HOLD for 8064 fusion3
93835de msm: Add support for ION Flushing without virtual address
075e865 msm: vidc: Remove kernel mapping on input/output buffers
cdde1a8 msm: msm_fb: remove mmio access through mmap
b9a83ba Revert "msm_fb: display: don't enable blt mode"
9c03f42 Revert "msm_fb: display: free pipe if blt is detected for the pipe"
fefc65c arm: Kconfig: Disable CONFIG_OABI_COMPAT feature on SMP targets
4e20429 msm: subsystem_restart: Don't use phase 3 SSR on the SGLTE2
fd97f61 msm_fb: hdmi: change sysfs node permissions
a22989b msm: msm_bus: Change MDP port interleaved setting
abe0b06 msm: ipc: Add check to avoid integer & buffer overflow
edd3e17 spi_qsd: Correction in DMA mode check.
bb9ae1e thermal: pm8xxx-tm: Turn off the temperature alarm during shutdown
b0bfc6a thermal: pm8xxx-tm: Configure temperature alarm for always-on operation
9524443 ASoC: wcd9304: Enhance OCP reporting logic
3cbb405 mms_fb: display: init pipe default configure as solidfill
6e834cd USB: ci13xxx_udc: Don't free dTD immediately after active bit is cleared
b8e7f14 msm: camera: Update register settings for ov9724 sensor
2eab21d msm: Fix reservation logic for ADSP heap
93b9f9a msm: rotator: non-blocking rotate
a50db54 msm: rotator: sync point support
7b937407 gpu: ion: enable the kmalloc heap
59e7954 msm: kgsl: Prevent fault tolerance memory free twice
782734f msm: kgsl: Add barriers to GPU fault tolerance memory reads
6479d07 msm: kgsl: Allocate space in ringbuffer for EOF commands
24e3dfa msm: kgsl: Fault tolernace for context with pagefault
e4e852e msm_fb: display: issue completion when disabling vsync irq
3ce4af6 msm: display: Reduce excessive logging in case of WFD.
41d5dfb msm: camera: Change AEC register settings for ov8825 for low fps
1a923ca msm:board-8064: Correct ab/ib values of 1080p turbo vectors
ea2ed4a media: dvb: Add proper protection when calling SW filter packet
309ef0e USB: Dump usb info during memory access violation
8432918 mmc: msm_sdcc: Fix SPS-BAM flags while in producer mode
f022827 ASoC: msm: Add support for external EC reference point
8c888f5 dvb: mpq: Secure demux log level
9d80501 media: dvb: Discard sections TS packets with transport error indicator
1ec31c7 msm_fb: display: allow backlight update after first update
961dff6 msm: thermal: Use signed int for temperature
5515eab ASoC: wcd9304: Include all registers to debugfs dump.
fa15f93 msm: display: change mdp default ib_factor to 150
ef77667 msm_fb: display: add scaling factor for mdp ab
e3eaae6 msm_fb: display: balance bus bandwidth on mdp axi port0 and port1
fb77773 msm_fb: display: add mdp master port1 bandwidth request
cd9bccb msm: display: plane alpha support
a04d834 board-8064: Correct UART GPIO IRQ to use as wakeup IRQ
b557f03 msm: msm_bus: Fix the 64-bit division during interleaving
7ad834e mmc: core: Don't cancel detect work during MMC suspend
ca4e1a7b msm: kgsl: Add CP_WAIT_FOR_IDLE packet before updating timestamp
7973a4c msm: board-8064: Update KS8851 regulator names
15962c2 mm: Retry original migrate type if CMA failed
49a2d8b msm: display: fix iommu page faults for devices with lcdc panel.
9a412847a msm_fb: Set backlight during resume after first display commit
b138b54 media: dvb: Add notification of overflow event for decoder filter
a0f03fc msm: camera: composite stats support for bayer hist
84ff7c8 rmnet_smux: device state check condition removed
8f9c193 ipv4: fix the rcu race between free_fib_info and ip_route_output_slow
61c16db ASoC: msm: FENS Support for VOIP calls
745147e msm: kgsl: initialize kgsl_sync_timeline_ops properly
956c37e msm_fb: display: fix the suspend/resume hang caused by wait4vsync stuck
c11461c msm_fb: display: add one more pipe_commit delay before free ion buffer
a9ef083 msm: vidc: Remove delayed unmap flag in ion_map_iommu()
21aef94 msm: display: Fix composition issues when framework rebooted in suspend.
c069d32 msm: Avoid NULL derefernce and array overflow
f58cee9 media: dvb: Fix calculation of next ready packet in dvb-ringbuffer
bd26775 msm: camera: fix the out of order of frames issue
b404645 mmc: core: Fix some driver hangs when dealing with broken devices
54c5323 msm: camera: remove frame delay at start_stream in msm_sensor
1b57d56 msm: mdm: set the flag to send the mdm shutdown sysmon message
87bfc7a USB: f_rndis: Check if cdev is NULL before accessing
aca3fd2 msm_fb: display: fix the hang issue caused by solidfill pipe
8c4ed5f defconfig: msm8960: Panic on recoverable icache errors
4607995 usb: gadget: u_data_hsic: Use GFP_KERNEL where ever possible
da9e996 msm8930: Use appropriate VDD_CP for msm8930 platform
7e40e67 msm_fb: hdmi: Use common header for resolution modes
4776946 msm_fb: hdmi: Resolution modes on HDMI
6f31269 msm: timer: Don't check state of clock while setting next timer event
2093a71 input: sensor: remove open/close function from lis3dh driver
3ee2d71 ASoC: wcd9xxx: Fix MBHC irq handler deadlock scenario.
35d5a2d radio: iris: Add synchronize mechanism to handle multiple command requests
fdb06af asoc: msm: Add flexible period count to pcm record driver
a5777ce rpm_log: update the rpm log base address and log length
1dbe8eb msm: kgsl: a2xx: Check the right interrupt status bits
100e4b3 msm: kgsl: Properly record the size of the sglist in the memdesc
4f4f27b mm-camera: Changes to remove unused code for security issue reported
111e054 radio-tavarua: Handle I2C read/write errors during sleep mode.
82dac16 Fix pairing not successful when remote reports missing pin
3ad4d97 msm:kgsl: Remove NORETRY flag in memory allocations
e5f33a8 mfd: pm8xxx-misc: Add API to read PMIC registers
Conflicts:
arch/arm/configs/msm8960_defconfig
arch/arm/mach-msm/bam_dmux.c
arch/arm/mach-msm/board-8930.c
arch/arm/mach-msm/board-8960-camera.c
arch/arm/mach-msm/board-8960.c
arch/arm/mach-msm/cache_erp.c
arch/arm/mach-msm/hotplug.c
arch/arm/mach-msm/pm-8x60.c
arch/arm/mach-msm/spm_devices.c
arch/arm/mach-msm/subsystem_restart.c
arch/arm/mm/dma-mapping.c
drivers/char/diag/diagchar_core.c
drivers/gpu/msm/adreno.c
drivers/gpu/msm/adreno.h
drivers/gpu/msm/adreno_drawctxt.h
drivers/gpu/msm/adreno_ringbuffer.c
drivers/gpu/msm/kgsl.c
drivers/gpu/msm/kgsl_events.c
drivers/gpu/msm/kgsl_iommu.c
drivers/gpu/msm/kgsl_sharedmem.c
drivers/gpu/msm/kgsl_sync.c
drivers/hwmon/epm_adc.c
drivers/media/video/msm/gemini/msm_gemini_hw.c
drivers/media/video/msm/msm.c
drivers/media/video/msm/msm.h
drivers/media/video/msm/msm_mctl.c
drivers/media/video/msm/server/msm_cam_server.c
drivers/media/video/msm/vfe/msm_vfe32.c
drivers/mmc/core/core.c
drivers/mmc/core/core.h
drivers/mmc/core/mmc.c
drivers/mmc/host/msm_sdcc.c
drivers/net/wireless/wcnss/wcnss_wlan.c
drivers/power/pm8921-bms.c
drivers/power/pm8921-charger.c
drivers/spi/spi_qsd.c
drivers/thermal/pm8xxx-tm.c
drivers/tty/serial/msm_serial_hs.c
drivers/usb/gadget/ci13xxx_udc.c
drivers/video/msm/mdp.c
drivers/video/msm/mdp4.h
drivers/video/msm/mdp4_overlay.c
drivers/video/msm/mdp4_overlay_dsi_cmd.c
drivers/video/msm/mdp4_overlay_dsi_video.c
drivers/video/msm/mipi_dsi.c
drivers/video/msm/mipi_dsi_host.c
drivers/video/msm/msm_fb.c
include/linux/nl80211.h
include/media/msm_camera.h
kernel/signal.c
scripts/gcc-wrapper.py
sound/soc/msm/msm-pcm-routing.c
sound/soc/msm/msm-pcm-routing.h
sound/soc/msm/msm8960.c
Change-Id: I4e305ce79424b16cc37ada450f30e0d81658e9f9
Signed-off-by: Jeffrey Carlyle <jeff.carlyle@motorola.com>
|
| | |
| |
| |
| |
| |
| | |
This reverts commit 8b2414d4e80786254c84d7ae7826750b38e4b150.
Signed-off-by: Jeffrey Carlyle <jeff.carlyle@motorola.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Trinity discovered that we fail to check all 64 bits of
attr.config passed by user space, resulting to out-of-bounds
access of the perf_swevent_enabled array in
sw_perf_event_destroy().
Introduced in commit b0a873ebb ("perf: Register PMU
implementations").
Signed-off-by: Tommi Rantala <tt.rantala@gmail.com>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: davej@redhat.com
Cc: Paul Mackerras <paulus@samba.org>
Cc: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Patch-mainline: linux-kernel @ 04/13/13, 19:49
Signed-off-by: Deepak Katragadda <dkatraga@codeaurora.com>
|
| | |\ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Added new procfs flag to toggle the automatic addition of prefix
routes on a per device basis. The new flag is accept_ra_prefix_route.
Defaults to 1 as to not break existing behavior.
Change-Id: If25493890c7531c27f5b2c4855afebbbbf5d072a
CRs-Fixed: 504095
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
An inactive timer's base can refer to a offline cpu's base.
In the current code, cpu_base's lock is blindly reinitialized
each time a CPU is brought up. If a CPU is brought online
during the period that another thread is trying to modify an
inactive timer on that CPU with holding its timer base lock,
then the lock will be reinitialized under its feet. This leads
to following SPIN_BUG().
<0> BUG: spinlock already unlocked on CPU#3, kworker/u:3/1466
<0> lock: 0xe3ebe000, .magic: dead4ead, .owner: kworker/u:3/1466,
.owner_cpu: 1
<4> [<c0013dc4>] (unwind_backtrace+0x0/0x11c) from [<c026e794>]
(do_raw_spin_unlock+0x40/0xcc)
<4> [<c026e794>] (do_raw_spin_unlock+0x40/0xcc) from [<c076c160>]
(_raw_spin_unlock+0x8/0x30)
<4> [<c076c160>] (_raw_spin_unlock+0x8/0x30) from [<c009b858>]
(mod_timer+0x294/0x310)
<4> [<c009b858>] (mod_timer+0x294/0x310) from [<c00a5e04>]
(queue_delayed_work_on+0x104/0x120)
<4> [<c00a5e04>] (queue_delayed_work_on+0x104/0x120) from [<c04eae00>]
(sdhci_msm_bus_voting+0x88/0x9c)
<4> [<c04eae00>] (sdhci_msm_bus_voting+0x88/0x9c) from [<c04d8780>]
(sdhci_disable+0x40/0x48)
<4> [<c04d8780>] (sdhci_disable+0x40/0x48) from [<c04bf300>]
(mmc_release_host+0x4c/0xb0)
<4> [<c04bf300>] (mmc_release_host+0x4c/0xb0) from [<c04c7aac>]
(mmc_sd_detect+0x90/0xfc)
<4> [<c04c7aac>] (mmc_sd_detect+0x90/0xfc) from [<c04c2504>]
(mmc_rescan+0x7c/0x2c4)
<4> [<c04c2504>] (mmc_rescan+0x7c/0x2c4) from [<c00a6a7c>]
(process_one_work+0x27c/0x484)
<4> [<c00a6a7c>] (process_one_work+0x27c/0x484) from [<c00a6e94>]
(worker_thread+0x210/0x3b0)
<4> [<c00a6e94>] (worker_thread+0x210/0x3b0) from [<c00aad9c>]
(kthread+0x80/0x8c)
<4> [<c00aad9c>] (kthread+0x80/0x8c) from [<c000ea80>]
(kernel_thread_exit+0x0/0x8)
As an example, this particular crash occurred when CPU #3 is executing
mod_timer() on an inactive timer whose base is refered to offlined CPU #2.
The code locked the timer_base corresponding to CPU #2. Before it could
proceed, CPU #2 came online and reinitialized the spinlock corresponding
to its base. Thus now CPU #3 held a lock which was reinitialized. When
CPU #3 finally ended up unlocking the old cpu_base corresponding to CPU #2,
we hit the above SPIN_BUG().
CPU #0 CPU #3 CPU #2
------ ------- -------
..... ...... <Offline>
mod_timer()
lock_timer_base
spin_lock_irqsave(&base->lock)
cpu_up(2) ..... ......
init_timers_cpu()
..... spin_unlock_irqrestore(&base->lock) ......
<spin_bug>
Allocation of per_cpu timer vector bases is done only once under
"tvec_base_done[]" check. In the current code, spinlock_initialization
of base->lock isn't under this check. When a CPU is up each time the base
lock is reinitialized. Move base spinlock initialization under the check.
CRs-Fixed: 471127
Change-Id: I73b48440fffb227a60af9180e318c851048530dd
Signed-off-by: Tirupathi Reddy <tirupath@codeaurora.org>
Signed-off-by: Sridhar Gujje <sgujje@codeaurora.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When the new signal handlers are set up, the location of sa_restorer is
not cleared, leaking a parent process's address space location to
children. This allows for a potential bypass of the parent's ASLR by
examining the sa_restorer value returned when calling sigaction().
Based on what should be considered "secret" about addresses, it only
matters across the exec not the fork (since the VMAs haven't changed
until the exec). But since exec sets SIG_DFL and keeps sa_restorer,
this is where it should be fixed.
Given the few uses of sa_restorer, a "set" function was not written
since this would be the only use. Instead, we use
__ARCH_HAS_SA_RESTORER, as already done in other places.
Example of the leak before applying this patch:
$ cat /proc/$$/maps
...
7fb9f3083000-7fb9f3238000 r-xp 00000000 fd:01 404469 .../libc-2.15.so
...
$ ./leak
...
7f278bc74000-7f278be29000 r-xp 00000000 fd:01 404469 .../libc-2.15.so
...
1 0 (nil) 0x7fb9f30b94a0
2 4000000 (nil) 0x7f278bcaa4a0
3 4000000 (nil) 0x7f278bcaa4a0
4 0 (nil) 0x7fb9f30b94a0
...
[akpm@linux-foundation.org: use SA_RESTORER for backportability]
Signed-off-by: Kees Cook <keescook@chromium.org>
Reported-by: Emese Revfy <re.emese@gmail.com>
Cc: Emese Revfy <re.emese@gmail.com>
Cc: PaX Team <pageexec@freemail.hu>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Serge Hallyn <serge.hallyn@canonical.com>
Cc: Julien Tinnes <jln@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Change-Id: I7ae396ee90c2339c86f7b773d15f5571f8fd54c5
Signed-off-by: Akhila Musunuri <makhila@codeaurora.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The current code makes the assumption that a cpu_base lock cannot
be held if a CPU is offline, which is tragically wrong.
If a hrtimer is not queued, then it will not be migrated by
migrate_hrtimers() when a CPU is offlined. Therefore, the
hrtimer's cpu_base may still point to a CPU which has
subsequently gone offline if the timer wasn't enqueued at the
time the CPU went down.
Normally this wouldn't be a problem, but a cpu_base's lock is
blindly reinitialized each time a CPU is brought up. If a CPU is
brought online during the period that another thread is
performing a hrtimer operation on a stale hrtimer, then the lock
will be reinitialized under its feet, and a SPIN_BUG() like the
following will be observed:
[ 448.212369] BUG: spinlock already unlocked on CPU#3,
swapper/3/0
[ 448.217368] lock: 0xc47b1a40, .magic: dead4ead, .owner:
swapper/3/0, .owner_cpu: -1
[ 448.217398] [<c0014398>] (unwind_backtrace+0x0/0x120) from
[<c0269ab0>] (do_raw_spin_unlock+0x44/0xdc)
[ 448.217419] [<c0269ab0>] (do_raw_spin_unlock+0x44/0xdc) from
[<c071bbb0>] (_raw_spin_unlock_irqrestore+0xc/0x38)
[ 448.217438] [<c071bbb0>]
(_raw_spin_unlock_irqrestore+0xc/0x38) from [<c00aa498>]
(hrtimer_try_to_cancel+0xf8/0x10c)
[ 448.217455] [<c00aa498>] (hrtimer_try_to_cancel+0xf8/0x10c)
from [<c00aa4bc>] (hrtimer_cancel+0x10/0x20)
[ 448.217475] [<c00aa4bc>] (hrtimer_cancel+0x10/0x20) from
[<c00e6934>] (rcu_idle_exit_common+0x5c/0xe0)
[ 448.217494] [<c00e6934>] (rcu_idle_exit_common+0x5c/0xe0) from
[<c00e6ae8>] (rcu_idle_exit+0x9c/0xb4)
[ 448.217514] [<c00e6ae8>] (rcu_idle_exit+0x9c/0xb4) from
[<c000f2dc>] (cpu_idle+0x98/0xf0)
[ 448.217529] [<c000f2dc>] (cpu_idle+0x98/0xf0) from
[<000081ac>] (0x81ac)
CRs-Fixed: 460670
Change-Id: I588f6a864054abe6d4c249aad815c6d2f5a54077
Signed-off-by: Michael Bohan <mbohan@codeaurora.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add synaptics driver support and firmware update support
for synaptics touch panel, this patch also adds support
for virtual keys. Corrects issues in "first commit" of
open source code.
Change-Id: I78dcc2f540ca78e192b4570e414a8802e8982945
Signed-off-by: Amy Maloche <amaloche@codeaurora.org>
Signed-off-by: Shantanu Jain <shjain@codeaurora.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Add fwu_go_nogo function in synaptics_fw_update.c
- Add BTN_TOUCH support in synaptics_i2c_rmi4.c
- Add List check in synaptics_i2c_rmi4.c
Change-Id: I8cb776d5b3d20bdee5036cfe0dbcb9bbaa8bf6bd
[amaloche@codeaurora.org: Subject modified from "v1.1"
- Removed reg_access & fw_updater files due to improper license
- Modified commit text to reflect file changes]
Signed-off-by: Amy Maloche <amaloche@codeaurora.org>
Signed-off-by: Shantanu Jain <shjain@codeaurora.org>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Signed-off-by: Alexandra Chin <alexandra.chin@tw.synaptics.com>
Change-Id: I892bc03122b096b43fc7f6b757b1161470597ddb
[amaloche@codeaurora.org: Initial commit of synaptics driver]
Signed-off-by: Amy Maloche <amaloche@codeaurora.org>
Signed-off-by: Shantanu Jain <shjain@codeaurora.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 48f0f14ffb6ff4852922994d11fbda418d40100e which was
commit 749c8814f08f12baa4a9c2812a7c6ede7d69507d upstream.
It seems to be misapplied, and not needed for 3.4-stable
Reported-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Cc: Charles Wang <muming.wq@taobao.com>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 6d96e9394365dfddf5d418d8178ce2a503448c29)
Change-Id: Ib313482e9acf24d95ccb1df811c6bcfecaf6f191
Reviewed-on: http://gerrit.pcs.mot.com/556263
Submit-Approved: Jira Key <jirakey@motorola.com>
Tested-by: Jira Key <jirakey@motorola.com>
Reviewed-by: Klocwork kwcheck <klocwork-kwcheck@sourceforge.mot.com>
Reviewed-by: Christopher Fries <c.fries@motorola.com>
SLT-Approved: Christopher Fries <c.fries@motorola.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
migrate_tasks() uses _pick_next_task_rt() to get tasks from the
real-time runqueues to be migrated. When rt_rq is throttled
_pick_next_task_rt() won't return anything, in which case
migrate_tasks() can't move all threads over and gets stuck in an
infinite loop.
Instead unthrottle rt runqueues before migrating tasks.
Additionally: move unthrottle_offline_cfs_rqs() to rq_offline_fair()
Signed-off-by: Peter Boonstoppel <pboonstoppel@nvidia.com>
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Paul Turner <pjt@google.com>
Link: http://lkml.kernel.org/r/5FBF8E85CA34454794F0F7ECBA79798F379D3648B7@HQMAIL04.nvidia.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Change-Id: I32a0f57492576e4993667ecaec3a91fe164fe0a5
Reviewed-on: http://gerrit.pcs.mot.com/553608
Submit-Approved: Jira Key <jirakey@motorola.com>
Tested-by: Jira Key <jirakey@motorola.com>
Reviewed-by: Check Patch <CHEKPACH@motorola.com>
Reviewed-by: Klocwork kwcheck <klocwork-kwcheck@sourceforge.mot.com>
Reviewed-by: Lian-Wei Wang <lian-wei.wang@motorola.com>
Reviewed-by: David Ding <dding@motorola.com>
SLT-Approved: Christopher Fries <c.fries@motorola.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
smp_call_function_single()
I'm testing swapout workload in a two-socket Xeon machine. The workload
has 10 threads, each thread sequentially accesses separate memory
region. TLB flush overhead is very big in the workload. For each page,
page reclaim need move it from active lru list and then unmap it. Both
need a TLB flush. And this is a multthread workload, TLB flush happens
in 10 CPUs. In X86, TLB flush uses generic smp_call)function. So this
workload stress smp_call_function_many heavily.
Without patch, perf shows:
+ 24.49% [k] generic_smp_call_function_interrupt
- 21.72% [k] _raw_spin_lock
- _raw_spin_lock
+ 79.80% __page_check_address
+ 6.42% generic_smp_call_function_interrupt
+ 3.31% get_swap_page
+ 2.37% free_pcppages_bulk
+ 1.75% handle_pte_fault
+ 1.54% put_super
+ 1.41% grab_super_passive
+ 1.36% __swap_duplicate
+ 0.68% blk_flush_plug_list
+ 0.62% swap_info_get
+ 6.55% [k] flush_tlb_func
+ 6.46% [k] smp_call_function_many
+ 5.09% [k] call_function_interrupt
+ 4.75% [k] default_send_IPI_mask_sequence_phys
+ 2.18% [k] find_next_bit
swapout throughput is around 1300M/s.
With the patch, perf shows:
- 27.23% [k] _raw_spin_lock
- _raw_spin_lock
+ 80.53% __page_check_address
+ 8.39% generic_smp_call_function_single_interrupt
+ 2.44% get_swap_page
+ 1.76% free_pcppages_bulk
+ 1.40% handle_pte_fault
+ 1.15% __swap_duplicate
+ 1.05% put_super
+ 0.98% grab_super_passive
+ 0.86% blk_flush_plug_list
+ 0.57% swap_info_get
+ 8.25% [k] default_send_IPI_mask_sequence_phys
+ 7.55% [k] call_function_interrupt
+ 7.47% [k] smp_call_function_many
+ 7.25% [k] flush_tlb_func
+ 3.81% [k] _raw_spin_lock_irqsave
+ 3.78% [k] generic_smp_call_function_single_interrupt
swapout throughput is around 1400M/s. So there is around a 7%
improvement, and total cpu utilization doesn't change.
Without the patch, cfd_data is shared by all CPUs.
generic_smp_call_function_interrupt does read/write cfd_data several times
which will create a lot of cache ping-pong. With the patch, the data
becomes per-cpu. The ping-pong is avoided. And from the perf data, this
doesn't make call_single_queue lock contend.
Next step is to remove generic_smp_call_function_interrupt() from arch
code.
Change-Id: Id7da708ad9182a6111b4989df622661b14975118
Signed-off-by: Shaohua Li <shli@fusionio.com>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Reviewed-on: http://gerrit.pcs.mot.com/537988
Submit-Approved: Jira Key <jirakey@motorola.com>
Tested-by: Jira Key <jirakey@motorola.com>
SLT-Approved: Slta Waiver <sltawvr@motorola.com>
Reviewed-by: Check Patch <CHEKPACH@motorola.com>
Reviewed-by: Klocwork kwcheck <klocwork-kwcheck@sourceforge.mot.com>
Reviewed-by: Guo-Jian Chen <a21757@motorola.com>
Reviewed-by: Jeffrey Carlyle <jeff.carlyle@motorola.com>
Reviewed-by: Igor Kovalenko <cik009@motorola.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There is no user of those APIs anymore, just remove it.
Signed-off-by: Yong Zhang <yong.zhang0@gmail.com>
Cc: ralf@linux-mips.org
Cc: sshtylyov@mvista.com
Cc: david.daney@cavium.com
Cc: nikunj@linux.vnet.ibm.com
Cc: paulmck@linux.vnet.ibm.com
Cc: axboe@kernel.dk
Cc: Andrew Morton <akpm@linux-foundation.org>
Link: http://lkml.kernel.org/r/1338275765-3217-11-git-send-email-yong.zhang0@gmail.com
Acked-by: Srivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com>
Acked-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Change-Id: I66367a00ea0f0be74817e238116762ba8f89d84c
Reviewed-on: http://gerrit.pcs.mot.com/537987
Submit-Approved: Jira Key <jirakey@motorola.com>
Tested-by: Jira Key <jirakey@motorola.com>
SLT-Approved: Slta Waiver <sltawvr@motorola.com>
Reviewed-by: Check Patch <CHEKPACH@motorola.com>
Reviewed-by: Klocwork kwcheck <klocwork-kwcheck@sourceforge.mot.com>
Reviewed-by: Guo-Jian Chen <a21757@motorola.com>
Reviewed-by: Jeffrey Carlyle <jeff.carlyle@motorola.com>
Reviewed-by: Igor Kovalenko <cik009@motorola.com>
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
into HEAD
Conflicts:
kernel/signal.c
Change-Id: I3c41400c0d46e62d1f3a472cf7d765c26ade820c
|
| | |\ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Conflicts:
mm/compaction.c
Change-Id: Ied87bb5cc869827b9f4f1bc2af7e5a532251a279
|
| | | | |
| | | |
| | | |
| | | | |
This reverts commit 27cd8f51344dcf4799c7a092c1797402b833126a.
|
| | | |\ \
| | | | |
| | | | |
| | | | | |
This is the 3.4.42 stable release
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
commit 8176cced706b5e5d15887584150764894e94e02f upstream.
Trinity discovered that we fail to check all 64 bits of
attr.config passed by user space, resulting to out-of-bounds
access of the perf_swevent_enabled array in
sw_perf_event_destroy().
Introduced in commit b0a873ebb ("perf: Register PMU
implementations").
Signed-off-by: Tommi Rantala <tt.rantala@gmail.com>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: davej@redhat.com
Cc: Paul Mackerras <paulus@samba.org>
Cc: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
Link: http://lkml.kernel.org/r/1365882554-30259-1-git-send-email-tt.rantala@gmail.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
commit 383efcd00053ec40023010ce5034bd702e7ab373 upstream.
try_to_wake_up_local() should only be invoked to wake up another
task in the same runqueue and BUG_ON()s are used to enforce the
rule. Missing try_to_wake_up_local() can stall workqueue
execution but such stalls are likely to be finite either by
another work item being queued or the one blocked getting
unblocked. There's no reason to trigger BUG while holding rq
lock crashing the whole system.
Convert BUG_ON()s in try_to_wake_up_local() to WARN_ON_ONCE()s.
Signed-off-by: Tejun Heo <tj@kernel.org>
Acked-by: Steven Rostedt <rostedt@goodmis.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lkml.kernel.org/r/20130318192234.GD3042@htj.dyndns.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
commit b9e146d8eb3b9ecae5086d373b50fa0c1f3e7f0f upstream.
This fixes a kernel memory contents leak via the tkill and tgkill syscalls
for compat processes.
This is visible in the siginfo_t->_sifields._rt.si_sigval.sival_ptr field
when handling signals delivered from tkill.
The place of the infoleak:
int copy_siginfo_to_user32(compat_siginfo_t __user *to, siginfo_t *from)
{
...
put_user_ex(ptr_to_compat(from->si_ptr), &to->si_ptr);
...
}
Signed-off-by: Emese Revfy <re.emese@gmail.com>
Reviewed-by: PaX Team <pageexec@freemail.hu>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
commit 84cc8fd2fe65866e49d70b38b3fdf7219dd92fe0 upstream.
The current code makes the assumption that a cpu_base lock won't be
held if the CPU corresponding to that cpu_base is offline, which isn't
always true.
If a hrtimer is not queued, then it will not be migrated by
migrate_hrtimers() when a CPU is offlined. Therefore, the hrtimer's
cpu_base may still point to a CPU which has subsequently gone offline
if the timer wasn't enqueued at the time the CPU went down.
Normally this wouldn't be a problem, but a cpu_base's lock is blindly
reinitialized each time a CPU is brought up. If a CPU is brought
online during the period that another thread is performing a hrtimer
operation on a stale hrtimer, then the lock will be reinitialized
under its feet, and a SPIN_BUG() like the following will be observed:
<0>[ 28.082085] BUG: spinlock already unlocked on CPU#0, swapper/0/0
<0>[ 28.087078] lock: 0xc4780b40, value 0x0 .magic: dead4ead, .owner: <none>/-1, .owner_cpu: -1
<4>[ 42.451150] [<c0014398>] (unwind_backtrace+0x0/0x120) from [<c0269220>] (do_raw_spin_unlock+0x44/0xdc)
<4>[ 42.460430] [<c0269220>] (do_raw_spin_unlock+0x44/0xdc) from [<c071b5bc>] (_raw_spin_unlock+0x8/0x30)
<4>[ 42.469632] [<c071b5bc>] (_raw_spin_unlock+0x8/0x30) from [<c00a9ce0>] (__hrtimer_start_range_ns+0x1e4/0x4f8)
<4>[ 42.479521] [<c00a9ce0>] (__hrtimer_start_range_ns+0x1e4/0x4f8) from [<c00aa014>] (hrtimer_start+0x20/0x28)
<4>[ 42.489247] [<c00aa014>] (hrtimer_start+0x20/0x28) from [<c00e6190>] (rcu_idle_enter_common+0x1ac/0x320)
<4>[ 42.498709] [<c00e6190>] (rcu_idle_enter_common+0x1ac/0x320) from [<c00e6440>] (rcu_idle_enter+0xa0/0xb8)
<4>[ 42.508259] [<c00e6440>] (rcu_idle_enter+0xa0/0xb8) from [<c000f268>] (cpu_idle+0x24/0xf0)
<4>[ 42.516503] [<c000f268>] (cpu_idle+0x24/0xf0) from [<c06ed3c0>] (rest_init+0x88/0xa0)
<4>[ 42.524319] [<c06ed3c0>] (rest_init+0x88/0xa0) from [<c0c00978>] (start_kernel+0x3d0/0x434)
As an example, this particular crash occurred when hrtimer_start() was
executed on CPU #0. The code locked the hrtimer's current cpu_base
corresponding to CPU #1. CPU #0 then tried to switch the hrtimer's
cpu_base to an optimal CPU which was online. In this case, it selected
the cpu_base corresponding to CPU #3.
Before it could proceed, CPU #1 came online and reinitialized the
spinlock corresponding to its cpu_base. Thus now CPU #0 held a lock
which was reinitialized. When CPU #0 finally ended up unlocking the
old cpu_base corresponding to CPU #1 so that it could switch to CPU
#3, we hit this SPIN_BUG() above while in switch_hrtimer_base().
CPU #0 CPU #1
---- ----
... <offline>
hrtimer_start()
lock_hrtimer_base(base #1)
... init_hrtimers_cpu()
switch_hrtimer_base() ...
... raw_spin_lock_init(&cpu_base->lock)
raw_spin_unlock(&cpu_base->lock) ...
<spin_bug>
Solve this by statically initializing the lock.
Signed-off-by: Michael Bohan <mbohan@codeaurora.org>
Link: http://lkml.kernel.org/r/1363745965-23475-1-git-send-email-mbohan@codeaurora.org
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
commit a1cbcaa9ea87b87a96b9fc465951dcf36e459ca2 upstream.
The sched_clock_remote() implementation has the following inatomicity
problem on 32bit systems when accessing the remote scd->clock, which
is a 64bit value.
CPU0 CPU1
sched_clock_local() sched_clock_remote(CPU0)
...
remote_clock = scd[CPU0]->clock
read_low32bit(scd[CPU0]->clock)
cmpxchg64(scd->clock,...)
read_high32bit(scd[CPU0]->clock)
While the update of scd->clock is using an atomic64 mechanism, the
readout on the remote cpu is not, which can cause completely bogus
readouts.
It is a quite rare problem, because it requires the update to hit the
narrow race window between the low/high readout and the update must go
across the 32bit boundary.
The resulting misbehaviour is, that CPU1 will see the sched_clock on
CPU1 ~4 seconds ahead of it's own and update CPU1s sched_clock value
to this bogus timestamp. This stays that way due to the clamping
implementation for about 4 seconds until the synchronization with
CLOCK_MONOTONIC undoes the problem.
The issue is hard to observe, because it might only result in a less
accurate SCHED_OTHER timeslicing behaviour. To create observable
damage on realtime scheduling classes, it is necessary that the bogus
update of CPU1 sched_clock happens in the context of an realtime
thread, which then gets charged 4 seconds of RT runtime, which results
in the RT throttler mechanism to trigger and prevent scheduling of RT
tasks for a little less than 4 seconds. So this is quite unlikely as
well.
The issue was quite hard to decode as the reproduction time is between
2 days and 3 weeks and intrusive tracing makes it less likely, but the
following trace recorded with trace_clock=global, which uses
sched_clock_local(), gave the final hint:
<idle>-0 0d..30 400269.477150: hrtimer_cancel: hrtimer=0xf7061e80
<idle>-0 0d..30 400269.477151: hrtimer_start: hrtimer=0xf7061e80 ...
irq/20-S-587 1d..32 400273.772118: sched_wakeup: comm= ... target_cpu=0
<idle>-0 0dN.30 400273.772118: hrtimer_cancel: hrtimer=0xf7061e80
What happens is that CPU0 goes idle and invokes
sched_clock_idle_sleep_event() which invokes sched_clock_local() and
CPU1 runs a remote wakeup for CPU0 at the same time, which invokes
sched_remote_clock(). The time jump gets propagated to CPU0 via
sched_remote_clock() and stays stale on both cores for ~4 seconds.
There are only two other possibilities, which could cause a stale
sched clock:
1) ktime_get() which reads out CLOCK_MONOTONIC returns a sporadic
wrong value.
2) sched_clock() which reads the TSC returns a sporadic wrong value.
#1 can be excluded because sched_clock would continue to increase for
one jiffy and then go stale.
#2 can be excluded because it would not make the clock jump
forward. It would just result in a stale sched_clock for one jiffy.
After quite some brain twisting and finding the same pattern on other
traces, sched_clock_remote() remained the only place which could cause
such a problem and as explained above it's indeed racy on 32bit
systems.
So while on 64bit systems the readout is atomic, we need to verify the
remote readout on 32bit machines. We need to protect the local->clock
readout in sched_clock_remote() on 32bit as well because an NMI could
hit between the low and the high readout, call sched_clock_local() and
modify local->clock.
Thanks to Siegfried Wulsch for bearing with my debug requests and
going through the tedious tasks of running a bunch of reproducer
systems to generate the debug information which let me decode the
issue.
Reported-by: Siegfried Wulsch <Siegfried.Wulsch@rovema.de>
Acked-by: Peter Zijlstra <peterz@infradead.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Link: http://lkml.kernel.org/r/alpine.LFD.2.02.1304051544160.21884@ionos
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
commit 6f389a8f1dd22a24f3d9afc2812b30d639e94625 upstream.
As commit 40dc166c (PM / Core: Introduce struct syscore_ops for core
subsystems PM) say, syscore_ops operations should be carried with one
CPU on-line and interrupts disabled. However, after commit f96972f2d
(kernel/sys.c: call disable_nonboot_cpus() in kernel_restart()),
syscore_shutdown() is called before disable_nonboot_cpus(), so break
the rules. We have a MIPS machine with a 8259A PIC, and there is an
external timer (HPET) linked at 8259A. Since 8259A has been shutdown
too early (by syscore_shutdown()), disable_nonboot_cpus() runs without
timer interrupt, so it hangs and reboot fails. This patch call
syscore_shutdown() a little later (after disable_nonboot_cpus()) to
avoid reboot failure, this is the same way as poweroff does.
For consistency, add disable_nonboot_cpus() to kernel_halt().
Signed-off-by: Huacai Chen <chenhc@lemote.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
commit 83e03b3fe4daffdebbb42151d5410d730ae50bd1 upstream.
On the failure path, stat->start and stat->pages will refer same page.
So it'll attempt to free the same page again and get kernel panic.
Link: http://lkml.kernel.org/r/1364820385-32027-1-git-send-email-namhyung@kernel.org
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Namhyung Kim <namhyung.kim@lge.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
commit 190320c3b6640d4104650f55ff69611e050ea06b upstream.
panic_lock is meant to ensure that panic processing takes place only on
one cpu; if any of the other cpus encounter a panic, they will spin
waiting to be shut down.
However, this causes a regression in this scenario:
1. Cpu 0 encounters a panic and acquires the panic_lock
and proceeds with the panic processing.
2. There is an interrupt on cpu 0 that also encounters
an error condition and invokes panic.
3. This second invocation fails to acquire the panic_lock
and enters the infinite while loop in panic_smp_self_stop.
Thus all panic processing is stopped, and the cpu is stuck for eternity
in the while(1) inside panic_smp_self_stop.
To address this, disable local interrupts with local_irq_disable before
acquiring the panic_lock. This will prevent interrupt handlers from
executing during the panic processing, thus avoiding this particular
problem.
Signed-off-by: Vikram Mulukutla <markivx@codeaurora.org>
Reviewed-by: Stephen Boyd <sboyd@codeaurora.org>
Cc: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
commit 5000c418840b309251c5887f0b56503aae30f84c upstream.
If we reenable ftrace via syctl, we currently set ftrace_trace_function
based on the previous simplistic algorithm. This is inconsistent with
what update_ftrace_function does. So better call that helper instead.
Link: http://lkml.kernel.org/r/5151D26F.1070702@siemens.com
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | |\| |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This is the 3.4.39 stable release
Conflicts:
arch/arm/Kconfig
arch/arm/kernel/traps.c
arch/arm/mm/mmu.c
arch/arm/mm/tlb-v7.S
arch/arm/vfp/entry.S
arch/arm/vfp/vfpmodule.c
block/partition-generic.c
drivers/base/power/main.c
drivers/bluetooth/ath3k.c
drivers/bluetooth/btusb.c
drivers/gpu/drm/radeon/radeon_mode.h
drivers/mmc/card/block.c
drivers/mmc/host/sdhci.c
drivers/net/tun.c
drivers/usb/core/hub.c
drivers/usb/core/message.c
drivers/usb/host/xhci.h
fs/ubifs/dir.c
include/linux/sched.h
kernel/cgroup.c
kernel/power/suspend.c
kernel/sched/core.c
net/bluetooth/hci_conn.c
net/bluetooth/hci_event.c
net/bluetooth/l2cap_core.c
net/bluetooth/mgmt.c
net/bluetooth/rfcomm/sock.c
net/bluetooth/smp.c
Change-Id: I169eac4005b369c166f82bc437995cf3038b7a64
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
commit 613f04a0f51e6e68ac6fe571ab79da3c0a5eb4da upstream.
The latency tracers require the buffers to be in overwrite mode,
otherwise they get screwed up. Force the buffers to stay in overwrite
mode when latency tracers are enabled.
Added a flag_changed() method to the tracer structure to allow
the tracers to see what flags are being changed, and also be able
to prevent the change from happing.
[Backported for 3.4-stable. Re-added current_trace NULL checks; removed
allocated_snapshot field; adapted to tracing_trace_options_write without
trace_set_options.]
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Lingzhu Xiang <lxiang@redhat.com>
Reviewed-by: CAI Qian <caiqian@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
commit 69d34da2984c95b33ea21518227e1f9470f11d95 upstream.
Seems that the tracer flags have never been protected from
synchronous writes. Luckily, admins don't usually modify the
tracing flags via two different tasks. But if scripts were to
be used to modify them, then they could get corrupted.
Move the trace_types_lock that protects against tracers changing
to also protect the flags being set.
[Backported for 3.4, 3.0-stable. Moved return to after unlock.]
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Lingzhu Xiang <lxiang@redhat.com>
Reviewed-by: CAI Qian <caiqian@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
commit 522cff142d7d2f9230839c9e1f21a4d8bcc22a4a upstream.
__ARCH_HAS_SA_RESTORER is the preferred conditional for use in 3.9 and
later kernels, per Kees.
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Emese Revfy <re.emese@gmail.com>
Cc: Emese Revfy <re.emese@gmail.com>
Cc: PaX Team <pageexec@freemail.hu>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Serge Hallyn <serge.hallyn@canonical.com>
Cc: Julien Tinnes <jln@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
commit e5ab012c3271990e8457055c25cafddc1ae8aa6b upstream.
As it stands, irq_exit() may or may not be called with
irqs disabled, depending on __ARCH_IRQ_EXIT_IRQS_DISABLED
that the arch can define.
It makes tick_nohz_irq_exit() unsafe. For example two
interrupts can race in tick_nohz_stop_sched_tick(): the inner
most one computes the expiring time on top of the timer list,
then it's interrupted right before reprogramming the
clock. The new interrupt enqueues a new timer list timer,
it reprogram the clock to take it into account and it exits.
The CPUs resumes the inner most interrupt and performs the clock
reprogramming without considering the new timer list timer.
This regression has been introduced by:
280f06774afedf849f0b34248ed6aff57d0f6908
("nohz: Separate out irq exit and idle loop dyntick logic")
Let's fix it right now with the appropriate protections.
A saner long term solution will be to remove
__ARCH_IRQ_EXIT_IRQS_DISABLED and mandate that irq_exit() is called
with interrupts disabled.
Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Linus Torvalds <torvalds@linuxfoundation.org>
Link: http://lkml.kernel.org/r/1361373336-11337-1-git-send-email-fweisbec@gmail.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Lingzhu Xiang <lxiang@redhat.com>
Reviewed-by: CAI Qian <caiqian@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
commit a7dc19b8652c862d5b7c4d2339bd3c428bd29c4a upstream.
Currently tick_check_broadcast_device doesn't reject clock_event_devices
with CLOCK_EVT_FEAT_DUMMY, and may select them in preference to real
hardware if they have a higher rating value. In this situation, the
dummy timer is responsible for broadcasting to itself, and the core
clockevents code may attempt to call non-existent callbacks for
programming the dummy, eventually leading to a panic.
This patch makes tick_check_broadcast_device always reject dummy timers,
preventing this problem.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: linux-arm-kernel@lists.infradead.org
Cc: Jon Medhurst (Tixy) <tixy@linaro.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
commit 740466bc89ad8bd5afcc8de220f715f62b21e365 upstream.
Because function tracing is very invasive, and can even trace
calls to rcu_read_lock(), RCU access in function tracing is done
with preempt_disable_notrace(). This requires a synchronize_sched()
for updates and not a synchronize_rcu().
Function probes (traceon, traceoff, etc) must be freed after
a synchronize_sched() after its entry has been removed from the
hash. But call_rcu() is used. Fix this by using call_rcu_sched().
Also fix the usage to use hlist_del_rcu() instead of hlist_del().
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Cc: Paul McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
commit 2721e72dd10f71a3ba90f59781becf02638aa0d9 upstream.
Although the swap is wrapped with a spin_lock, the assignment
of the temp buffer used to swap is not within that lock.
It needs to be moved into that lock, otherwise two swaps
happening on two different CPUs, can end up using the wrong
temp buffer to assign in the swap.
Luckily, all current callers of the swap function appear to have
their own locks. But in case something is added that allows two
different callers to call the swap, then there's a chance that
this race can trigger and corrupt the buffers.
New code is coming soon that will allow for this race to trigger.
I've Cc'd stable, so this bug will not show up if someone backports
one of the changes that can trigger this bug.
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
commit 2ca39528c01a933f6689cd6505ce65bd6d68a530 upstream.
When the new signal handlers are set up, the location of sa_restorer is
not cleared, leaking a parent process's address space location to
children. This allows for a potential bypass of the parent's ASLR by
examining the sa_restorer value returned when calling sigaction().
Based on what should be considered "secret" about addresses, it only
matters across the exec not the fork (since the VMAs haven't changed
until the exec). But since exec sets SIG_DFL and keeps sa_restorer,
this is where it should be fixed.
Given the few uses of sa_restorer, a "set" function was not written
since this would be the only use. Instead, we use
__ARCH_HAS_SA_RESTORER, as already done in other places.
Example of the leak before applying this patch:
$ cat /proc/$$/maps
...
7fb9f3083000-7fb9f3238000 r-xp 00000000 fd:01 404469 .../libc-2.15.so
...
$ ./leak
...
7f278bc74000-7f278be29000 r-xp 00000000 fd:01 404469 .../libc-2.15.so
...
1 0 (nil) 0x7fb9f30b94a0
2 4000000 (nil) 0x7f278bcaa4a0
3 4000000 (nil) 0x7f278bcaa4a0
4 0 (nil) 0x7fb9f30b94a0
...
[akpm@linux-foundation.org: use SA_RESTORER for backportability]
Signed-off-by: Kees Cook <keescook@chromium.org>
Reported-by: Emese Revfy <re.emese@gmail.com>
Cc: Emese Revfy <re.emese@gmail.com>
Cc: PaX Team <pageexec@freemail.hu>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Serge Hallyn <serge.hallyn@canonical.com>
Cc: Julien Tinnes <jln@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
commit db05021d49a994ee40a9735d9c3cb0060c9babb8 upstream.
The prompt to enable DYNAMIC_FTRACE (the ability to nop and
enable function tracing at run time) had a confusing statement:
"enable/disable ftrace tracepoints dynamically"
This was written before tracepoints were added to the kernel,
but now that tracepoints have been added, this is very confusing
and has confused people enough to give wrong information during
presentations.
Not only that, I looked at the help text, and it still references
that dreaded daemon that use to wake up once a second to update
the nop locations and brick NICs, that hasn't been around for over
five years.
Time to bring the text up to the current decade.
Reported-by: Ezequiel Garcia <elezegarcia@gmail.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
