--- /dev/null
+From 20ab67a563f5299c09a234164c372aba5a59add8 Mon Sep 17 00:00:00 2001
+From: Michal Hocko <mhocko@suse.com>
+Date: Fri, 2 Dec 2016 17:26:45 -0800
+Subject: mm: workingset: fix NULL ptr in count_shadow_nodes
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Michal Hocko <mhocko@suse.com>
+
+commit 20ab67a563f5299c09a234164c372aba5a59add8 upstream.
+
+Commit 0a6b76dd23fa ("mm: workingset: make shadow node shrinker memcg
+aware") has made the workingset shadow nodes shrinker memcg aware. The
+implementation is not correct though because memcg_kmem_enabled() might
+become true while we are doing a global reclaim when the sc->memcg might
+be NULL which is exactly what Marek has seen:
+
+ BUG: unable to handle kernel NULL pointer dereference at 0000000000000400
+ IP: [<ffffffff8122d520>] mem_cgroup_node_nr_lru_pages+0x20/0x40
+ PGD 0
+ Oops: 0000 [#1] SMP
+ CPU: 0 PID: 60 Comm: kswapd0 Tainted: G O 4.8.10-12.pvops.qubes.x86_64 #1
+ task: ffff880011863b00 task.stack: ffff880011868000
+ RIP: mem_cgroup_node_nr_lru_pages+0x20/0x40
+ RSP: e02b:ffff88001186bc70 EFLAGS: 00010293
+ RAX: 0000000000000000 RBX: ffff88001186bd20 RCX: 0000000000000002
+ RDX: 000000000000000c RSI: 0000000000000000 RDI: 0000000000000000
+ RBP: ffff88001186bc70 R08: 28f5c28f5c28f5c3 R09: 0000000000000000
+ R10: 0000000000006c34 R11: 0000000000000333 R12: 00000000000001f6
+ R13: ffffffff81c6f6a0 R14: 0000000000000000 R15: 0000000000000000
+ FS: 0000000000000000(0000) GS:ffff880013c00000(0000) knlGS:ffff880013d00000
+ CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033
+ CR2: 0000000000000400 CR3: 00000000122f2000 CR4: 0000000000042660
+ Call Trace:
+ count_shadow_nodes+0x9a/0xa0
+ shrink_slab.part.42+0x119/0x3e0
+ shrink_node+0x22c/0x320
+ kswapd+0x32c/0x700
+ kthread+0xd8/0xf0
+ ret_from_fork+0x1f/0x40
+ Code: 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 3b 35 dd eb b1 00 55 48 89 e5 73 2c 89 d2 31 c9 31 c0 4c 63 ce 48 0f a3 ca 73 13 <4a> 8b b4 cf 00 04 00 00 41 89 c8 4a 03 84 c6 80 00 00 00 83 c1
+ RIP mem_cgroup_node_nr_lru_pages+0x20/0x40
+ RSP <ffff88001186bc70>
+ CR2: 0000000000000400
+ ---[ end trace 100494b9edbdfc4d ]---
+
+This patch fixes the issue by checking sc->memcg rather than
+memcg_kmem_enabled() which is sufficient because shrink_slab makes sure
+that only memcg aware shrinkers will get non-NULL memcgs and only if
+memcg_kmem_enabled is true.
+
+Fixes: 0a6b76dd23fa ("mm: workingset: make shadow node shrinker memcg aware")
+Link: http://lkml.kernel.org/r/20161201132156.21450-1-mhocko@kernel.org
+Signed-off-by: Michal Hocko <mhocko@suse.com>
+Reported-by: Marek Marczykowski-Górecki <marmarek@mimuw.edu.pl>
+Tested-by: Marek Marczykowski-Górecki <marmarek@mimuw.edu.pl>
+Acked-by: Vladimir Davydov <vdavydov.dev@gmail.com>
+Acked-by: Johannes Weiner <hannes@cmpxchg.org>
+Acked-by: Balbir Singh <bsingharora@gmail.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/workingset.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/mm/workingset.c
++++ b/mm/workingset.c
+@@ -348,7 +348,7 @@ static unsigned long count_shadow_nodes(
+ shadow_nodes = list_lru_shrink_count(&workingset_shadow_nodes, sc);
+ local_irq_enable();
+
+- if (memcg_kmem_enabled()) {
++ if (sc->memcg) {
+ pages = mem_cgroup_node_nr_lru_pages(sc->memcg, sc->nid,
+ LRU_ALL_FILE);
+ } else {
--- /dev/null
+From fcd2042e8d36cf644bd2d69c26378d17158b17df Mon Sep 17 00:00:00 2001
+From: Brian Norris <briannorris@chromium.org>
+Date: Tue, 8 Nov 2016 18:28:24 -0800
+Subject: mwifiex: printk() overflow with 32-byte SSIDs
+
+From: Brian Norris <briannorris@chromium.org>
+
+commit fcd2042e8d36cf644bd2d69c26378d17158b17df upstream.
+
+SSIDs aren't guaranteed to be 0-terminated. Let's cap the max length
+when we print them out.
+
+This can be easily noticed by connecting to a network with a 32-octet
+SSID:
+
+[ 3903.502925] mwifiex_pcie 0000:01:00.0: info: trying to associate to
+'0123456789abcdef0123456789abcdef <uninitialized mem>' bssid
+xx:xx:xx:xx:xx:xx
+
+Fixes: 5e6e3a92b9a4 ("wireless: mwifiex: initial commit for Marvell mwifiex driver")
+Signed-off-by: Brian Norris <briannorris@chromium.org>
+Acked-by: Amitkumar Karwar <akarwar@marvell.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/marvell/mwifiex/cfg80211.c | 13 +++++++------
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+
+--- a/drivers/net/wireless/marvell/mwifiex/cfg80211.c
++++ b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
+@@ -2203,8 +2203,9 @@ done:
+ is_scanning_required = 1;
+ } else {
+ mwifiex_dbg(priv->adapter, MSG,
+- "info: trying to associate to '%s' bssid %pM\n",
+- (char *)req_ssid.ssid, bss->bssid);
++ "info: trying to associate to '%.*s' bssid %pM\n",
++ req_ssid.ssid_len, (char *)req_ssid.ssid,
++ bss->bssid);
+ memcpy(&priv->cfg_bssid, bss->bssid, ETH_ALEN);
+ break;
+ }
+@@ -2264,8 +2265,8 @@ mwifiex_cfg80211_connect(struct wiphy *w
+ }
+
+ mwifiex_dbg(adapter, INFO,
+- "info: Trying to associate to %s and bssid %pM\n",
+- (char *)sme->ssid, sme->bssid);
++ "info: Trying to associate to %.*s and bssid %pM\n",
++ (int)sme->ssid_len, (char *)sme->ssid, sme->bssid);
+
+ if (!mwifiex_stop_bg_scan(priv))
+ cfg80211_sched_scan_stopped_rtnl(priv->wdev.wiphy);
+@@ -2398,8 +2399,8 @@ mwifiex_cfg80211_join_ibss(struct wiphy
+ }
+
+ mwifiex_dbg(priv->adapter, MSG,
+- "info: trying to join to %s and bssid %pM\n",
+- (char *)params->ssid, params->bssid);
++ "info: trying to join to %.*s and bssid %pM\n",
++ params->ssid_len, (char *)params->ssid, params->bssid);
+
+ mwifiex_set_ibss_params(priv, params);
+
--- /dev/null
+From e42010d8207f9d15a605ceb8e321bcd9648071b0 Mon Sep 17 00:00:00 2001
+From: Johannes Thumshirn <jthumshirn@suse.de>
+Date: Wed, 23 Nov 2016 10:56:28 -0600
+Subject: PCI: Set Read Completion Boundary to 128 iff Root Port supports it (_HPX)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Johannes Thumshirn <jthumshirn@suse.de>
+
+commit e42010d8207f9d15a605ceb8e321bcd9648071b0 upstream.
+
+Per PCIe spec r3.0, sec 2.3.1.1, the Read Completion Boundary (RCB)
+determines the naturally aligned address boundaries on which a Read Request
+may be serviced with multiple Completions:
+
+ - For a Root Complex, RCB is 64 bytes or 128 bytes
+ This value is reported in the Link Control Register
+
+ Note: Bridges and Endpoints may implement a corresponding command bit
+ which may be set by system software to indicate the RCB value for the
+ Root Complex, allowing the Bridge/Endpoint to optimize its behavior
+ when the Root Complex’s RCB is 128 bytes.
+
+ - For all other system elements, RCB is 128 bytes
+
+Per sec 7.8.7, if a Root Port only supports a 64-byte RCB, the RCB of all
+downstream devices must be clear, indicating an RCB of 64 bytes. If the
+Root Port supports a 128-byte RCB, we may optionally set the RCB of
+downstream devices so they know they can generate larger Completions.
+
+Some BIOSes supply an _HPX that tells us to set RCB, even though the Root
+Port doesn't have RCB set, which may lead to Malformed TLP errors if the
+Endpoint generates completions larger than the Root Port can handle.
+
+The IBM x3850 X6 with BIOS version -[A8E120CUS-1.30]- 08/22/2016 supplies
+such an _HPX and a Mellanox MT27500 ConnectX-3 device fails to initialize:
+
+ mlx4_core 0000:41:00.0: command 0xfff timed out (go bit not cleared)
+ mlx4_core 0000:41:00.0: device is going to be reset
+ mlx4_core 0000:41:00.0: Failed to obtain HW semaphore, aborting
+ mlx4_core 0000:41:00.0: Fail to reset HCA
+ ------------[ cut here ]------------
+ kernel BUG at drivers/net/ethernet/mellanox/mlx4/catas.c:193!
+
+After 6cd33649fa83 ("PCI: Add pci_configure_device() during enumeration")
+and 7a1562d4f2d0 ("PCI: Apply _HPX Link Control settings to all devices
+with a link"), we apply _HPX settings to *all* devices, not just those
+hot-added after boot.
+
+Before 7a1562d4f2d0, we didn't touch the Mellanox RCB, and the device
+worked. After 7a1562d4f2d0, we set its RCB to 128, and it failed.
+
+Set the RCB to 128 iff the Root Port supports a 128-byte RCB. Otherwise,
+set RCB to 64 bytes. This effectively ignores what _HPX tells us about
+RCB.
+
+Note that this change only affects _HPX handling. If we have no _HPX, this
+does nothing with RCB.
+
+[bhelgaas: changelog, clear RCB if not set for Root Port]
+Fixes: 6cd33649fa83 ("PCI: Add pci_configure_device() during enumeration")
+Fixes: 7a1562d4f2d0 ("PCI: Apply _HPX Link Control settings to all devices with a link")
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=187781
+Tested-by: Frank Danapfel <fdanapfe@redhat.com>
+Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Acked-by: Myron Stowe <myron.stowe@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pci/probe.c | 28 +++++++++++++++++++++++++++-
+ 1 file changed, 27 insertions(+), 1 deletion(-)
+
+--- a/drivers/pci/probe.c
++++ b/drivers/pci/probe.c
+@@ -1439,6 +1439,21 @@ static void program_hpp_type1(struct pci
+ dev_warn(&dev->dev, "PCI-X settings not supported\n");
+ }
+
++static bool pcie_root_rcb_set(struct pci_dev *dev)
++{
++ struct pci_dev *rp = pcie_find_root_port(dev);
++ u16 lnkctl;
++
++ if (!rp)
++ return false;
++
++ pcie_capability_read_word(rp, PCI_EXP_LNKCTL, &lnkctl);
++ if (lnkctl & PCI_EXP_LNKCTL_RCB)
++ return true;
++
++ return false;
++}
++
+ static void program_hpp_type2(struct pci_dev *dev, struct hpp_type2 *hpp)
+ {
+ int pos;
+@@ -1468,9 +1483,20 @@ static void program_hpp_type2(struct pci
+ ~hpp->pci_exp_devctl_and, hpp->pci_exp_devctl_or);
+
+ /* Initialize Link Control Register */
+- if (pcie_cap_has_lnkctl(dev))
++ if (pcie_cap_has_lnkctl(dev)) {
++
++ /*
++ * If the Root Port supports Read Completion Boundary of
++ * 128, set RCB to 128. Otherwise, clear it.
++ */
++ hpp->pci_exp_lnkctl_and |= PCI_EXP_LNKCTL_RCB;
++ hpp->pci_exp_lnkctl_or &= ~PCI_EXP_LNKCTL_RCB;
++ if (pcie_root_rcb_set(dev))
++ hpp->pci_exp_lnkctl_or |= PCI_EXP_LNKCTL_RCB;
++
+ pcie_capability_clear_and_set_word(dev, PCI_EXP_LNKCTL,
+ ~hpp->pci_exp_lnkctl_and, hpp->pci_exp_lnkctl_or);
++ }
+
+ /* Find Advanced Error Reporting Enhanced Capability */
+ pos = pci_find_ext_capability(dev, PCI_EXT_CAP_ID_ERR);
input-change-key_data-from-0x275-to-0x277.patch
input-psmouse-disable-automatic-probing-of-byd-touchpads.patch
rcu-fix-soft-lockup-for-rcu_nocb_kthread.patch
+mm-workingset-fix-null-ptr-in-count_shadow_nodes.patch
+pci-set-read-completion-boundary-to-128-iff-root-port-supports-it-_hpx.patch
+mwifiex-printk-overflow-with-32-byte-ssids.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
